AWS Pricing, Limits & other misc

Question 1

S3 Standard Pricing model

Answer 1

GB / month fee for data stored.
$ per GB for data transfer (outbound)
price per 1000 requests.

Used for frequently accessed data.

Question 2

S3 Upload Object size limit

Answer 2

5 GB per object in a single operation (AWS SDKs, REST API, or AWS CLI).
160 GB per object using the Amazon S3 Console.

Files greater than 5 GB must be uploaded using multi-part uploads.
Max size limit in S3 is 5 TB files per object.

Question 3

S3 Multi-Part Upload min data size

Answer 3

100 MB file
5 MB min part size

Question 4

S3 Multi-Part Upload max parts

Answer 4

10K max parts

Question 5

S3 Multi-Part Upload part limits

Answer 5

min 5 MB
max 5 GB
the last part can be smaller than 5 MB

Max size limit in S3 is 5 TB files per object.

Question 6

KMS Security standard

Answer 6

FIPS 140-2 (L2)
Federal Information Processing Standard
Some features of KMS are compliant with Level 3, but overall it achieved 140-2 Level 2

Question 7

CMK

Answer 7

Customer Master Key
• Is logical
○ ID
○ Date
○ Policy
○ Desc & state

Question 8

CMK data encryption limit

Answer 8

4 KB

Question 9

DEK

Answer 9

Data Encryption Key

Question 10

KMS rotation interval for AWS managed CMKs

Answer 10

every 3 years.
enabled by default and cannot be disabled.

Question 11

KMS rotation interval for CMK

Answer 11

every 1 year after the enable date.
Disabled CMKs are not rotated.
When the CMK is re-enabled, if the key material is more than 365 days old, AWS KMS rotates it immediately.

Question 12

S3 number of allowed buckets per account

Answer 12

100 buckets soft limit.
can be increased up to 1000 (hard limit) by submitting a service limit increase.

Question 13

KMS scheduled key deletion waiting period

Answer 13

between 7 and 30 days.

Question 14

SSE-S3

Answer 14

Server-Side Encryption with Amazon S3-Managed Keys

Question 15

SSE-KMS

Answer 15

Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS)

Question 16

SSE-C

Answer 16

Server-Side Encryption with Customer-Provided Keys (SSE-C)
The customer manages the encryption keys.
Amazon S3 manages the encryption, as it writes to disks, and decryption, when you access your objects.

Inputs are data and key.
Output are encrypted object and one-way hash of the key.

Question 17

SSE-S3 x-amz-server-side-encryption header

Answer 17

AWS256

Question 18

SSE-KMS x-amz-server-side-encryption header

Answer 18

aws:kms

Question 19

S3 200 Put

Answer 19

data was stored durably.

Question 20

S3 Standard-IA Pricing model

Answer 20

Retrieval fee for every GB of data retrieved.

GB / month fee for data stored - (less than standard).
$ per GB for data transfer (outbound) - (same as standard)
price per 1000 requests (more than standard).

Question 21

S3 Standard-IA/One Zone-IA Minimum capacity charge

Answer 21

128 KB per object

Question 22

S3 Standard-IA use cases

Answer 22

Used for long-lived infrequently accessed data.
Don’t use for small files, frequently accessed, frequently changed or temp data (due to 30 days charge).
Don’t use for data which isn’t inportant or which can be easily replaced (use S3 One Zone-IA)

Question 23

S3 Standard-IA/One Zone-IA minimum duration charge

Answer 23

30 days

Question 24

S3 Standard-IA use cases

Answer 24

Used for long-lived infrequently accessed data where resilience is not required. NON-CRITICAL or data which is REPLACEABLE.
Objects have same durability but, cannot be accessed if the AZ fails.

Don’t use for critical data.
Don’t use for small files, frequently accessed, frequently changed or temp data (due to 30 days charge).

Question 25

S3 One Zone-IA Pricing model

Answer 25

Retrieval fee for every GB of data retrieved.

GB / month fee for data stored - (less than Standard-IA).
$ per GB for data transfer (outbound) - (same as standard)
price per 1000 requests (more than standard).

Question 26

S3 Glacier Pricing model

Answer 26

Pay for retrieval process:
- Expedited (1-5 minutes) - $10.00 per 1K retrievals
- Standard (3-5 hours) - $0.05 per 1K
- Bulk (5-12 hours) - $0.025 per 1K
Retrieval fee for every GB of data retrieved.
GB / month fee for data stored - (80% less storage costs than Standard).

$ per GB for data transfer (outbound) - (same as standard)
price per 1000 requests.

Question 27

S3 Glacier first byte latency

Answer 27

Minutes or hours

• Expedited (1-5 minutes)
• Standard (3-5 hours)
• Bulk (5-12 hours)

Question 28

S3 Glacier minimum duration charge

Answer 28

90 days minimum duration

Question 29

S3 Glacier minimum capacity charge

Answer 29

40 KB per object

Question 30

S3 Glacier Deep Archive pricing model

Answer 30

GB / month fee for data stored - (80% less storage costs than Glacier).
Retrieval fee for every GB of data retrieved.

$ per GB for data transfer (outbound).
price per 1000 requests (more than Glacier).

Question 31

S3 Glacier Deep Archive first byte latency

Answer 31

Hours or days

• Standard (12 hours)
• Bulk (48 hours)

Question 32

S3 Glacier Deep Archive use cases

Answer 32

Used for archival data which rarely if ever needs to be accessed. Data that needs to be retained due to legal or regulatory requirements.
Hours-days retrieval.
Not suited for system backups.

Question 33

S3 Glacier use cases

Answer 33

Used for archival data where frequent or realtime acces isn’t needed with Minutes-hours retrieval.

Question 34

S3 Glacier Deep Archive minimum duration charge

Answer 34

180 day minimum duration

Question 35

S3 Glacier Deep Archive minimum capacity charge

Answer 35

40 KB per object

Question 36

S3 Intelligent-Tiering pricing model

Answer 36

Management fee per 1K objects.
No retrieval fees.
Min duration of 30 days.

Question 37

S3 Intelligent-Tiering use cases

Answer 37

Long lived data (due to 30 days minimum duration).
Usage of objects is changing or unknown. Low admin overhead.
Other prices are comparable to static tiers (Glacier etc).

Question 38

S3 Glacier Deep Archive minimum duration charge

Answer 38

30 days minimum duration

Question 39

S3 Intelligent-Tiering migration thresholds

Answer 39

after 30 days - move to Infrequent Access
after 90 days - Archive
after 180 days - Deep Archive

Question 40

S3 Lifecycle Configuration min duration before transition from S3 Standard is possible

Answer 40

30 days

Objects must be in S3 Standard for 30 days before they can be transitioned automatically.

Question 41

S3 Lifecycle Configuration min duration before transition to S3 Glacier type in a single rule

Answer 41

30 days

A single rule cannot transition to Standard-IA, Intelligent-tiering or One Zone-IA and THEN to either Glacier type within 30 days.
Have to wait 30 days before the second transition.
This only applies for multi-stage transition performed with a single rule.

Question 42

S3 Replication default storage class on destination bucket

Answer 42

use the same class as the source for objects. 
Glacier or Glacier Deep Archive will not be replicated.

Question 43

S3 Replication ownership account default

Answer 43

default is the source account.

Question 44

S3 Replication Time Control (RTC) window

Answer 44

replicates 99.99% of objects within 15 minutes

Question 45

S3 Replication encryption methods

Answer 45

Unencrypted
SSE-S3
SSE-KMS

SSE-C is not supported.

Question 46

S3 Ojbect Size limit

Answer 46

5 TB

Question 47

S3 Select supported data formats

Answer 47

CSV, JSON, Parquet.
BZIP2 compression for CSV and JSON.

Question 48

CIDR

Answer 48

Classless inter-domain routing

Question 49

All IPv6 addresses shorthand

Answer 49

::/0

same as
0000:0000:0000:0000:0000:0000:0000:0000/0
equivalient to 0.0.0.0/0 IPv4

Question 50

VPC default ip CIDR

Answer 50

172.31.0.0/16

Question 51

VPC min and max IPs

Answer 51

min: /28 (16 IPs)
max: /16 (65456 IPs)

Question 52

VPC and subnets quotas

Answer 52

VPCs per Region 5 (adjustable)
Subnets per VPC 200 (adjustable)
IPv4 CIDR blocks per VPC 5 (adjustable)
IPv6 CIDR blocks per VPC 1 (fixed)

Question 53

How to enable DNS hostnames

Answer 53

enableDnsHostnames setting on VPC.

Question 54

How to enable DNS resolution

Answer 54

enableDnsSupport setting on VPC.

Question 55

Reserved IP Addresses in a subnet

Answer 55

5 IPs

Network x.x.x.0 - Network address
Network+1 x.x.x.1 - VPC Router
Network+2 x.x.x.2 - DNS (via Route53)
Network+3 x.x.x.3 - Reserved for future use
Broadcast x.x.x.255

Question 56

Where is the public IP address of an EC2 instance maintained?

Answer 56

in the internet gateway of the VPC.
the IGW links the private IP of the instance to the allocated public IP.
inside the instance OS only the private IP is available.

Question 57

Min number of routes in a route table

Answer 57

all route tables have at least 1 route.
the local route.
if the vpc is IPv6 enabled it will have another route matching the IPv6 CIDR.

Question 58

NACL

Answer 58

Network Access Control List

Question 59

Network ACL Implicit rule

Answer 59

Rule * DENY all traffic.
Last one to process. Is matched when no other rule is matched.
Cannot be removed or edited.

Question 60

Network ACL limit per subnet

Answer 60

1

When associating a custom NACL, the default one is unassociated.
When unassociating the custom NACL, the default one is activated again.

Question 61

NAT

Answer 61

Network Address Translation

Adjust IP packets by changing their source or destination IPs.

Question 62

NAT Gateway resilience level

Answer 62

AZ resilient service.

A NAT gateway is provisioned in a specific AZ.
To achieve region resilience, a NAT Gateway must be provisioned in each AZ.

Question 63

Internet Gateway resilience level

Answer 63

Region resilient.

Question 64

NAT Gateway pricing model

Answer 64

Hourly charge (partial hours are billed as full hours). 
Data processing charge per GB.

Question 65

NAT Instance configuration

Answer 65

Disable Source/Destionation Checks.

Question 66

Instance type decode

Answer 66

R5dn.8xlarge

R - family
5 - generation (should use latest)
db - additional capabilities (n - network optimized, a - amd cpu, e - extra capacity)
8xlarge - the size (determines the size of the ram and hte cpu)

Question 67

EBS resilience level

Answer 67

AZ resilient service.

Question 68

EBS pricing model

Answer 68

GB / month
IOPS/s

Question 69

GP2 min and max volume size

Answer 69

min 1 GB
max 16 TB

Question 70

EBS Volume types

Answer 70

Standard (magnetic)
GP2
GP3
IO1/2/BlockExpress (provisioned IOPS)

Question 71

Provisioned IOPS min and max volume size

Answer 71

min 4 GB max 16 TB for io 1/2
min 4 GB max 64 TB for BlockExpress

Question 72

Provisioned IOPS use cases

Answer 72

Consistent/high performance with low latency and jitter.
I/O intensive workloads such as NoSQL & relational databases.
Low volume size paired with high performance is only achievable with Provisioned IOPS as IOPS can be adjusted independently of volume size.

Question 73

EBS Standard (HDD) use cases

Answer 73

st1 - throughtput optimized - use for big data, data warehouses, log processing. Frequent access. Sequential.
sc1 - cold HDD - less frequently accessed workloads. Colder data requiring fewer scans per day.

Question 74

GP2/3 max IOPS

Answer 74

16,000 per volume
16KB I/O

Question 75

GP2/3 use cases

Answer 75

Low-latency interactive apps
Development and test environments

Question 76

Provisioned IOPS max IOPS

Answer 76

io1 / io2 - 64,000
io2 Block Express - 256,000

Question 77

RAID0 + EBS max IOPS

Answer 77

260,000 (limited by the instance)
Available for io1/io2/io2-Block Express/GP2/GP3

Question 78

FSR

Answer 78

Fast Snapshot Restore

Question 79

EBS Snapshots pricing model

Answer 79

GB/month

Question 80

EBS Encryption pricing model

Answer 80

does not cost anything.
accounts can be set to encrypt by default.

Question 81

EBS Encryption algorithm

Answer 81

AES-256 algorithm.
The encrypted DEK is stored on the disk with the encrypted data.
The same data key is shared by snapshots of the volume and any subsequent volumes created from those snapshots.

Question 82

EC2 ON-DEMAND pricing

Answer 82

Hourly rate billed in seconds (60s minimum) or hourly based on OS.
No long-term commitments or upfront payments.

Question 83

EC2 SPOT instance pricing

Answer 83

up to 90% cost reduction.
uses spot price based on spare capacity. a maximum price can be specified.
Instance terminates if spot price goes above ours.

Question 84

EC2 RESERVED instances pricing

Answer 84

up to 75% off.
1 or 3 years commitment
- all upfront
- partial upfront
- no upfront.
Reserverved in a region or AZ with capacity reservation.

Question 85

EC2 RESERVED instances - use cases

Answer 85

Known steady state usage.
Lowest cost for apps which can’t handle disruption.
When reserved capacity is needed for a business critical application.

Question 86

EC2 ON-DEMAND - use-cases

Answer 86

New or undertain application requirements.
Short-term, spiky or undpredictable workloads which can’t tolerate any distruption.

Question 87

EC2 SPOT instance - use-cases

Answer 87

Use for applications that have flexible start and end times, apps which can tolerate failure and continue later.

Question 88

Instance metadata url

Answer 88

http://169.254.169.254/latest/meta-data

Question 89

Install docker command

Answer 89

sudo amazon-linux-extras install docker

Question 90

User data security

Answer 90

not secure.
opaque to ec2 (just a block of data).

Question 91

EC2 instance cloud init logs location

Answer 91

/var/log/cloud-init-output.log

Question 92

Cluster placement groups - networking speed performance

Answer 92

10 Gbps single stream

Question 93

Cluster placement groups - use cases

Answer 93

Performance
Faster transfer speeds (10Gbps)
Low latency

Question 94

Spread placement groups - limit per AZ

Answer 94

7 instances per AZ (hard limit)

Question 95

Spread placement groups - use case

Answer 95

small number of critical instances that need to be kept separated from each other.

Question 96

Partition placement groups - use cases

Answer 96

more than 7 EC2 instances and it needs exposure to physical location for performance and availability reasons.
HDFS Hbase Cassandra - can use placement info to make intelligent data replication decisions.

Question 97

R53 Simple routing - use case

Answer 97

Use when we want to route requests towards one service such as a web server.

Question 98

Route 53 - health checkers threshold for healthy

Answer 98

18%+

Question 99

R53 Failover routing - use case

Answer 99

Configure an active passive failover. Route traffic to a resource when it is healthy, or to a different resource when the first one is unhealthy.
Manage an “out of band” failure / maintenance page for a service (e.g. EC2 / S3).

Question 100

Fast Snapshot Restore - limits

Answer 100

50 per region.
1 snapshot configured to restore on 4 AZs consumes 4 out of 50 slots.
They cost extra.

Question 101

R53 Multi value routing - use cases

Answer 101

When we want route 53 to respond with multiple records (up to 8 records chosen randomly).
Improves availability, but is not a replacement for load balancing.

Question 102

R53 Weighted routing - use cases

Answer 102

Simple load balancing or testing new software versions (A/B/N testing).

Question 103

R53 Latency-Based routing - use cases

Answer 103

use when optimising for performance and user experience for global applications.

Question 104

R53 Geolocation - use cases

Answer 104

used for regional restrictions, language specific content or load balancing across regional endpoints.

Question 105

R53 Geolocation - how it works

Answer 105

Records are tagged with location:
1 US state
2 country
3 continent
4 default (optional)
R53 returns the most specific record or “NO ANSWER”
geo location doesn’t return “closest” records, only relevant (location) records.
It’s not about proximity.

Question 106

R53 Geoproximity - use cases

Answer 106

Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another.
if we have more resources/bigger instance size in a particular region we can route more requests by assigning a higher bias to that region / resource.

Question 107

OLTP

Answer 107

OnLine Transaction Processing

Question 108

ACID

Answer 108

• *Atomic** - ALL or NO components of a transaction SUCCEEDS or FAILS.
• *Consistent** - Transactions move the database from one valid state to another (nothing in-between is allowed)
• *Isolated** - transactions don’t interfere with each other.
• *Durable** - once a transaction is committed it will persist even in the case of a system failure (stored on non-volatile memory).

Downside - limits scaling

Question 109

BASE

Answer 109

• *Basically available** - READ and WRITE operations are available ‘as much as possible’, but without any consistency guarantees.
• *Soft State** - The database itseld doesn’t enforce consistency.
• *Eventually consistent** - If we wait long enough, reads from the system will be consistent.

Question 110

CAP Theorem

Answer 110

Consistency, Availablility, Partition Tolerant (resilience) - choose 2

Question 111

BASE use cases

Answer 111

Highly scalable databases with high performance.

Question 112

ACID and BASE AWS solutions

Answer 112

ACID - RDS
BASE - DynamoDB (or other noSQL)

BASE + ACID or noSQL + ACID = DynamoDB transactions

Question 113

RDS Database engines

Answer 113

MySQL, MariaDB, PostgreSQL, Oracle, MS SQL Server

Question 114

RDS MultiAZ failover

Answer 114

60-120 seconds.

Highly available, but not fault tolerant.