AWS Part 1 (1-100) Flashcards
What is AWS?
Amazon Web Services
Platform providing on-demand resources for
Hosting web services
Storage
Networking
Databases
Other resources over the internet
Pay as you go pricing
What are the components of AWS?
Give me at least 6 of the components.
EC2 – Elastic Compute Cloud
S3 – Simple Storage Service
Route53 – DNS service
EBS – Elastic Block Store
CloudWatch
Key-Pairs
(Note: These are a few of the components of AWS)
What are Key-Pairs?
What are they, and what are they made of?
Secure login info for instances/virtual machines
To connect to instances we use Key-Pairs that have a public-key and private-key
What is S3?
What is it, and what is it about?
Simple Storage Service
Service that provides interface to store any amount of data, anytime, anywhere
Pay what you use
Pay as you go
What are the pricing models for EC2 instances?
5 main models O.R.S.S.D
On-Demand
Reserved
Spot
Scheduled
Dedicated
What are the types of volumes for EC2 instances?
2 types of volumes…
2 types of volumes:
EBS – Elastic Block Stores
Instance Store Volumes
What are EBS volumes?
What are they, and what are they about?
Elastic Block Stores
Persistent volumes that you can attach to instances
** Your data will be preserved when you stop your instance
** Unlike Instance Store Volumes, where data is deleted after stopping instance
What are the types of volumes in EBS?
5 main types of volumes, involving SSD & HDD.
G.P.M.C.T.
General Purpose
Provisioned IOPS
Magnetic
Cold HDD
Throughput optimized
What are the different types of instances?
5 main types of instances, and think hardware performance.
General purpose
Computer Optimized
Storage Optimized
Memory Optimized
Accelerated Computing
What is an auto-scaling and what are the components?
What is it, and what are the 2 main types of components?
Allows you to auto scale-up and scale-down number of instances
Depending on the CPU or Memory usage
2 types of components in Auto-scaling
- Auto-scaling groups
- Launch Configuration
What are reserved instances?
The instance that you can reserve a fixed capacity of EC2 instances
Note: In reserved instances you will have to get into a contract of 1 year or 3 years
What is an AMI?
What is it, and what is it about? Contains S. L. B.
Amazon Machine Image
Template that contains
- software configurations
- launch permission
- block device mapping
Specifies the volume to attach to the instance when launched
What is an EIP?
What is it, and what is it about?
Elastic IP Address
Designed for dynamic cloud computing
Keep same IP when stopping and starting instances
What is CloudWatch?
Monitoring tool used to monitor various AWS resources
Examples are health check, network, application, etc
What are the types of monitoring in CloudWatch
There are 2 types in CloudWatch:
- Basic Monitoring, that’s free
- Detailed monitoring, that’s chargeable
What are the cloudwatch metrics that are available for EC2 instances?
D.D.C.N.N.N.N.C.C.
- Diskreads
- Diskwrites
- CPU utilization
- NetworkPacketsIn
- NetworkPacketsOut
- NetworkIn
- NetworkOut
- CPUCreditUsage
- CPUCreditBalance
What is the minimum and maximum size of individual objects you can store in S3?
The minimum is 0 bytes
The maximum is 5TB
What are the different storage classes (levels) in S3?
- Standard (Frequently Accessed)
- Standard Infrequently Accessed
- One-Zone Infrequently Accessed
- Glacier
- RRS - Reduced Redundancy Storage
What is the default storage class in S3
That would be Standard (Frequently Accessed)
What is Glacier?
Back up or Archival tool used to back up data in S3
How can you secure the access to your S3 bucket?
2 ways available here…
2 ways available:
- ACL - Access Control Lists
- Bucket policies
How can you encrypt data in S3?
- Server Side Encryption - S3 (AES 256 encryption)
- Server Side Encryption - KMS (Key Management Service)
- Server Side Encryption - C (Client Side)
What are the parameters for S3 pricing?
5 things mentioned here
S.S.N.D.T
- Storage used
- Storage management
- Number of request you make
- Data transfer
- Transfer acceleration
What is the pre-requisite to work with Cross region replication in S3?
2 main things mentioned here
Enable versioning on both source bucket and destination
Source and Destination bucket should be in different region
What are Roles?
- Used to provide permissions to entities you trust within your AWS account
- Roles are users in another account
- Roles are similar to users but do not need to create any username and password to work with the resources
What are policies and what are the types of policies?
Policies are permissions you attach to users/groups that are created for specific access
2 types of policies:
- Managed policies (Standalone, created and administered by AWS)
- Inline policies (Embedded script by user into an IAM entity (User, Group, or Role)
What is Cloudfront?
AWS web service that provides businesses and app developers easy and efficient way to distribute content
- with low latency and high data transfer speeds
Cloudfront is content delivery network of AWS
What are edge locations?
Place where contents will be cached
User tries to access some content, the content will be searched in edge location
If it’s not available then content will be made available from original location
- Then copy will be stored in edge location
What is the max individual archive that you can store in Glacier?
Max individual archive is up to 40TB
What is VPC?
Config for I.S.I.N.S.
Virtual Private Cloud
Network logically isolated from other networks
Allows you to easily customize network configuration for:
- IP address range
- Subnets
- Internet gateways
- NAT gateways
- Security groups
What is VPC peering connection?
Allows you to connect 1 VPC with another VPC
Behave as if in same network this way
What are NAT gateways?
Network Address Translation
NAT gateways enable instances in a private subnet to connect to internet but prevent internet from initiating connection with those instances
How can you control the security to your VPC?
2 ways mentioned here…
Can use Security groups and NACL’s
NACL = Network Access Control List
What are the different types of storage gateway?
3 types F.V.T.
3 types:
- File gateway
- Volume gateway
- Tape gateway
What is a Snowball?
Data transport solution using source appliances to transfer large amounts of data into and out of AWS
- Reduces network costs, long transfer times
- Provides better security
What are the database types in RDS?
A.O.M.P.M.S.
- Aurora
- Oracle
- MYSQL server
- Postgresql
- MariaDB
- SQL server
What is Redshift?
Data warehouse product in the cloud
- Fast and powerful
- Fully managed
- Petabyte scale
What is SNS?
Simple Notification Service
Web service that makes it easy to get notification from the cloud
Can set up SNS to receive email notification or message notification
What are the types of routing policies in Route53?
S.L.F.G.W.MA
- Simple routing
- Latency routing
- Failover routing
- Geolocation routing
- Weighted routing
- Multivalue answer
What is the max size of messages in SQS?
Max size of messages in SQS is 256kb
What are the types of queues in SQS?
2 types
- Standard queue
- FIFO (First In First Out)
What is multi-AZ RDS?
Multi Availability Zone for replica of production database in another AZ
Used for disaster recovery and exact copy of database with auto failover
What are the types of backups in RDS database?
2 types
2 types of backups:
- Automated
- Manual (Snapshots)
What is the difference between security groups and network access
control list?
Security Groups & Network access control list
(see screenshot)
What are the types of Load Balancers in EC2?
3 types
A.N.C LB
3 types:
- Application load balancer
- Network load balancer
- Classic load balancer
What is an ELB?
E.C.I.
Elastic Load Balancing
Auto distributes incoming app or network traffic across multiple targets like:
- EC2
- Containers
- IP addresses
Containers provide a standard way to package your application’s code, configurations, and dependencies into a single object. Containers share an operating system installed on the server and run as resource-isolated processes, ensuring quick, reliable, and consistent deployments, regardless of environment.
What are the 2 types of access that you can provide when you are creating users?
- Programmatic
- Console
What are the benefits of auto-scaling?
3 things mentioned here to be better (F.A.C.)
- Better fault tolerance
- Better Availability
- Better cost management
What are security Groups?
Acts as firewall that contains traffic for one or more instances
One or more SG’s can be associated to instances
Can add rules to each SG that allow traffic to and from instances
New rules are auto and immediately applied to all instances in the group
What are shared AMI’s?
AMI created by other developer and available for another developer to use
What is the difference between the classic load balancer and application load balancer?
P.L.
Dynamic Port Mapping
Multiple port listeners is used in Application Load Balancer
One port listener is achieved via Classic Load Balancer
Classic Load Balancer expired Aug, 15th, 2022.
By default, how many IP addresses does AWS reserve in a subnet?
5
What is meant by subnet?
Large selection of IP addresses divided into chunks are known as subnets
How can you convert a public subnet to private subnet?
Remove IGW and add NAT gateway
Associate subnet in Private route table
Is it possible to reduce an EBS volume?
No, we can increase it but not reduce a volume
What is the use of elastic IP, are they charged by AWS?
These are IPV4 addresses, which are used to connect the instance from internet
They are charged if the instances are not attached to it
One of my S3 buckets are deleted, but I Need to restore it. Is there any way possible?
Yes, if versioning has been enabled. Very easily, if so.
When I try to launch an EC2 instance I am getting Service limit exceeded. How can I fix this issue?
By default, AWS offers service limit of 20 running instances per region
To fix the issue, we need to contact AWS support to increase the limit based on the requirement
I need to modify the EBS volumes in Linux and Windows. Is it possible?
Yes.
From console, use modify volumes in section, and give the size you need
Linux = Mount it to achieve the modification
Windows = Go to Disk Management
Is it possible to stop an RDS instance. If so, how can I do that?
Yes, it is possible.
For instances which are not in production and non multi AZ’s
What is meant by parameter groups in RDS? What is the use of it?
AWS offers a wide set of parameters in RDS as parameter groups, which are modified as per requirement
What is the use of Tags and how are they useful?
Used for identification and grouping AWS resources
I am viewing an AWS console, but unable to launch the instance. I am receiving an IAM error. How can I rectify it?
No access, and need permissions to use it
I don’t want my AWS account ID to be exposed to users. How can I avoid it?
By creating an Alias in IAM settings, creates different sign-in URL
By default, how many Elastic IP addresses does AWS offer?
5 elastic IP’s per region
You are an enabled sticky session with ELB. What does it do with your instance?
Binds the user session with a specific instance
Which type of load balancer makes routing decisions at either the Transport layer or the Application layer, and supports either EC2 or VPC?
Classic Load Balancer
Which is virtual network interface that you can attach to an instance in VPC?
ENI - Elastic Network Interface
You have launched a Linux instance in AWS EC2. While configuring security group, you have selected SSH, HTTP, HTTPS protocol. Why do we need to select SSH?
To verify there is a rule that allows traffic from EC2 instance to your computer
You have chosen a Windows instance with Classic and you want to make some change to the Security Group. How will these changes be effective?
Changes are automatically applied to Windows instances
Load Balancer and DNS service comes under which type of cloud service?
Hint= 4 letters and a mode
IAAS-Storage
IAAS = Infrastructure as a Service
You have an EC2 instance that has an unencrypted volume. You want to create another Encrypted volume from this unencrypted volume. What are the steps to achieve this?
Create a snapshot of the unencrypted volume, applying encryption parameters
Copy the Snapshot and create a volume from the copied Snapshot
Where does the user specify the maximum number of instances with the auto-scaling commands?
The Auto-scaling Launch Configuration
Which are the types of AMI provided by AWS?
2 main types discussed here
Instance Store and EBS
EBS = Elastic Block Storage
After configuring ELB, you need to ensure that the user requests are always attached to a Single instance. What setting can you use?
Sticky Session
When do I prefer Provisioned IOPS over the standard RDS storage?
If you have to do batch-oriented in workloads
I am running my DB instance with Multi-AZ deployments. Can I use the DB instance for read/write operation along with primary DB instance?
Primary DB instance does not work!
Which AWS service will you use to collect and process e-commerce data for the near by real-time analysis?
Amazon DynamoDB
A company is deploying the new two-tier web app in AWS. The company has limit on staff and requires high availablility. The application requires complex queries and table joins. Which config provides the solution for company’s requirements?
A web app provided on DynamoDB is the solution
Which statement has use cases that are suitable for Amazon DynamoDB?
The storing of metadata for S3 objects
The running of relational joins and complex updates
Your app has to retrieve data from your user’s mobile every 5 minutes, and then data is stored in the DynamoDB. Later every day at the particular time the data is extracted into the S3 on a per user basis. Your app is later on used to visualize the data to user.
You are asked to optimize the architecture of the backend system to lower the cost. What would you recommend doing?
Introduce Amazon Elasticache to cache the reads from Amazon DynamoDB table, and to reduce the provisioned read throughput
You are running a website on EC2 instances that are deployed across multiple AZ’s with a Multi-AZ RDS MySQL Extra Large DB instance, etc.
The site performs a high number of small reads and writes per second and relies on the Eventual Consistency model. After comprehensive tests you find that there is read contention on RDS MySQL.
Which are the best approaches to meet these requirements?
3 things to do…
- ElastiCache enabled per AZ
- Increase the RDS MySQL instance size
- Implement provisioned IOPS
A Startup is running a pilot deployment of 100 sensors to measure the street noise and air quality in urban areas for 3 months.
It was noted that every month around 4GB of sensor data is generated. Company uses a load balanced auto-scaled layer of EC2 instance and an RDS database with 500GB standard storage.
The pilot was successful, and now they want to deploy 100k sensors to support the backend. You need the data stored for at least 2 years to be analyzed. Which setup of the following would be preferred?
Replace the RDS instance with a 6 node Redshift cluster with 96TB of storage
Let us suppose you have an app where you have to render images and also some general computing. Which service will best fit your need?
Use an Application Load Balancer
How will you change the instance type for the instances that are running your applications tier, and using auto-scaling? Where is the area to change this?
Change Auto-scaling Launch Configuration areas
You have content management system running on the EC2 instance and is approaching 100% CPU usage. Which option will reduce load on the EC2 instance?
Create a load balancer and register the EC2 instance for it
What does the Connection of draining do?
Re-routes traffic from the instances which are to be updated (or) failed a health-check
When the instance is unhealthy, then it needs to be terminated and replaced with a new one. Which of the services does that?
Fault Tolerance
What is the lifecycle of hooks used for in auto-scaling?
They are used to put additional wait time to the scale in or scale out events
User has to setup an auto-scaling group. Due to some issue the group has failed to launch a single instance for more than 24 hours.
What will happen to the auto-scaling in the condition?
Auto-scaling will SUSPEND the scaling process
You have an EC2 Security Group with several running EC2 instances. You changed the Security Group rules to allow inbound traffic on a new port and protocol. Then you launched several new instances of the same Security Group.
When will the new rules be applied?
Immediately to all instances in the Security Group
To create a mirror image of your environment in another region for disaster recoveries, which of the following AWS resources do NOT need to be recreated in second region?
Route53 Record Sets
Customer wants to capture all client connections to get info from his Load Balancers at an interval of 5 min only. Which select option should he choose for his application?
Hint: it’s in the cloud, so…
Enable AWS CloudTrail for the load balancers
Which of the services would you NOT use to deploy an app?
Lambda app is not used to deploy
How do you apply Elastic Beanstalk to updates?
By using a duplicate ready with updates prepared before swapping
You created a key in the Oregon region to encrypt data in North Virginia region due to security purposes. You added 2 users to the key and the external AWS account
You wanted to encrypt an object in S3, but when trying, the key that is just created is not listed.
What could be reason and solution?
The key should be working in the same region
Company needs to monitor a read /write IOPS for AWS MySQL RDS instances, then send real-time alerts to the operations team.
Which AWS service can be used to accomplish this?
Amazon CloudWatch
What is CloudWatch?
AWS CloudWatch is a suite of monitoring tools built into one AWS service. In this post, we’ll explore each major component of CloudWatch and explain why one would consume the Metrics, Alarms, Logs, and Events available within this useful service. Before we explore the many faces of CloudWatch, let’s find out more about CloudTrail.
What is AWS CloudTrail?
AWS CloudTrail is a log of every single API call that has taken place inside your Amazon environment. Each call is considered an event and is written in batches to an S3 bucket. These Cloudtrail events show us details of the request, the response, the identity of the user making the request, and whether the API calls came from the AWS Console, CLI, some third-party application or other AWS Service.
Organization that is currently using consolidated billing has been recently acquired by another company that already has number of AWS account.
How could an Admin ensure that all AWS accounts is billed to the single account?
From both existing company and acquired company
AWS Organization - All invites acquired by the company’s AWS account joins new existing company
User has created application, which will be hosted on the EC2. The app makes calls to DynamoDB to fetch certain data. The app is using the DynamoDB SDK to connect with EC2 instance.
Which is best practice for security in this scenario?
Should attach IAM Role with the DynamoDB access to EC2 instance
You have app running EC2 instance, which will allow users to download files from private S3 bucket using pre-assigned URL. Before generating URL, the app should verify existence of file in S3.
How does the app use the AWS creds to access S3 bucket securely?
Create an IAM role for EC2 that allows list access to objects in S3 buckets.
Launch instance with this Role, and retrieve Role’s credentials from EC2 instance metadata
