AWS Part 3 (201-250) Flashcards
What happens when EC2 instance is halted or ended?
- Shutdown is performed typical way
- EBS volumes can stay joined and begin again
- Occurence hours are NOT charged when ceased state
deleteontermination is set to false
What are the mainstream DevOps devices?
6 devices mentioned - J. G. N. S. D. PCA.
- Jenkins ~ Continuous Integration tool
- Git ~ Version Control System tool
- Nagios ~ Continuous Monitoring tool
- Selenium ~ Continuous Testing tool
- Docker ~ Containerization tool
- Puppet, Chef, Ansible ~ Deployment & Configuration Admin tools
What are IAM Roles and Policies? What is difference between IAM Roles, and Policies?
Roles: for AWS Services, assign permissions of some AWS service to another service
- Example - Give S3 permission to EC2 to access buckets
Policies: for users and groups, assign perimmissions to users and groups
- Example - Give permission to user to access S3 buckets
What are the default services we get when we create AWS VPC?
3 main services offered… R. N. S.
- Route Table
- Network ACL (NACL)
- Security Group
What is difference between Public Subnet and Private Subnet?
Public: will have IGW attached to route table, private will NOT have IGW attached
Causing no internet for private subnet…
How do you access EC2 with Private IP in a Private Subnet?
Using VPN, if configured to that VPC
Can access using other EC2 with public access
We have custom VPC configured and MySQL DB server which is on Private Subnet. Need to update MySQL DB server, what are the options to do so?
Using NAT Gateway in the VPC
. or Launch NAT instance EC2 config
. or Attach NAT Gateway in Public Subnet and attach it to the Route Table
What is the difference between Security Groups and NACLs?
4 main things - Attached to ? Stateful or Stateless? Block IP? Rules?
Security Groups:
- Attached to EC2 instance
- Stateful for incoming/outgoing rules
- Blocking IP address can’t be done
- Allow rules only, by default rules are denied
NACL:
- Attached to Subnet
- Stateless - Incoming rules only
- IP address can be blocked
- Allow and Deny can be used
What are differences between Route53 and ELB?
Route53 handles DNS servers with web interface
Elastic Load Balancing auto scales depending on the demand
Which engines can be used in AWS RDS?
5 main engines mentioned here
- MariaDB
- MySQL DB
- MS SQL DB
- Postgre DB
- Oracle DB
What are Status Checks in EC2?
Can you list 9 types of check?
Look for issues with instances for the following:
1. Network
2. Power
3. Software
4. Hardware
5. Instance
6. Memory
7. Files
8. Kernels
9. Failed checks
To establish peering between 2 VPC’s, what conditions must be met?
Discuss about CIDR and locations
- CIDR block should NOT overlap between VPC settings for peering.
- Peering connection is allowed within a region, across region, across different accounts
Troubleshoot with EC2 instances
2 examples and 2 potential solutions
- If instance state is (0/2) then there may be hardware issue
- If instance state is (1/2) then there may be issue with OS
Workaround - Restart, or if no resolutio then check logs
How can EC2 instances be resized?
Can scale UP or DOWN based on requirement
What is EBS?
Block-level storage volume which can be used after mounting EC2 instances
Difference between EBS, EFS, and S3?
EBS: Can be accessed ONLY after is mounted with instance
EFS: Can be shared with multiple instances
S3: Can be access without mounting with instances
Max number of buckets that can be created in AWS?
You can creat up to 100 buckets per AWS account
Max number of EC2 instances that can be created in VPC?
You can create up to 20 reserved instances and request Spot as per demand
How can EBS be accessed?
After mounting to EC2 instance, it can be accessed
What is process to mount EBS to EC2 instance?
Coding ahead:
- Df-k
- mkfs.ext4/dev/xvdf
- Fdisk -|
- Mkdir /my5gbdata
- Mount /dev/xvdf /my5gbdata
How to add volume permanently with instance?
Each restart unmounts volume from image, so to keep:
Cd /etc/fstab
/dev/xvdf /data ext4 defaults 0
0 < edit the file system name accordingly
What is difference between Service Role and SAML Federated Role?
Service Role: Meant for usage of AWS services based on policies attached to it
- Ex. In case of automation we can create a service role and attach to it
Federated Role: Meant for User access and getting access to AWS as per designed role
- Ex. We can have fed role created for office emp and then that group will be created in the AD and user added to it
How many policies can be attached to a role?
10 is soft limit, 20 is max limit
What are different ways to access AWS?
3 different ways:
- Console
- CLI
- AWS SDK
How is a root user different than an IAM user?
Root user is master of all in the AWS accounts, IAM users can be limited or act as Admin via policies
What do you mean by principal of least privilege in terms of IAM?
To provide the same or equivalent permission to user/role
What is the meaning of non-explicit deny for IAM user?
When IAM user is created and it is not having any policy attached to it
What is the precedence level between explicit allow and explicit deny?
Explicit Deny will always override Explicit Allow
What is the benefit of creating group in IAM?
- Makes user management process much simpler
- Adding policy to group(s) instead of each user
What is the difference between the Admin Access and Power User access in terms of pre-build policy?
Admin access has full permissions to all things, while Power Users have Admin access but no user/group management.
What is the purpose of Identity Provider?
Helps in building trust between AWS and corporate AD environment, while creating Federated roles.
What are the benefits of STS?
What is STS?
Helps in securing AWS environment
- Do not need to embed or distribute creds
- Do not need to rotate or revoke tokens
What is the benefit of creating the AWS Organization?
Helps in
- managing IAM policies
- creating AWS accounts programmatically
- managing the paymeny and billing methods
What is max file length in S3?
UTF-8 1024 bytes
Which activity cannot be done using autoscaling?
Maintain fixed running of EC2
How will you secure data at rest in EBS?
EBS data is ALWAYS secure
What is max size of S3 bucket?
5TB
Can objects in S3 be delivered through Amazon CloudFront?
Yes
Which service is used to distribute content to end users using global network EDGE LOCATION?
VPC
Virtual Private Cloud
What is “Ephemaral”?
Temporary
What are SHARDS in kinesis services?
Shards are used to store data in Kenesis
Where can you find Ephemeral storage?
In the Instance Store service
I have some private servers on my premises and distributed some of my workload to public cloud.
What is this architecture called?
VPC
Virtual Private Cloud
Route 53 can be used to route users to infrastructure outside of AWS.
True or False?
False!
Is Simple Workflow Service one of the valid SNS Subscribers?
No
Which cloud model do devs and orgs all around the workd leverage extensively?
IAAS
Infrastructure as a Service
Can CloudFront serve content from a non AWS origin server?
No
Is EFS a centralised storage service in AWS?
Yes
Which AWS service will you use to collect and process ecommerce data for real-time analysis?
Both Dynamo DB & Redshift
High demand of IOPS performance is expected around 15000.
Whic EBS volume type would you recommend?
Provisioned IOPS
