Chapter 2 Compute and Networking Flashcards
List instance families
- general purpose (balance)
- compute optimized (high cpu specs)
- memory optimized (RAM, in memory DBs, etc)
- storage optimized (large DBs with high I/O throughput)
- accelerated computing (GPUs, FPGA)
Can you change specs on an EC2 instance?
Yes, but you must stop the instance and reconfigure
Can you increase the size of an EBS volume?
Yes, but you can’t decrease the size.
What happens to EBS snapshots?
They are auto replicated across AZs
What does AWS do for you automatically in terms of EBS?
It auto replicates the volume in the same AZ as your EC2 instance
Are AMIs manages regionally or globally?
regionally
Who is default user for Linux EC2 instances? For Windows?
Linux: ec2-user
Windows: Administrator
For attached EBS volume, what happens when EC2 instance is terminated?
The EBS volume is deleted if it the root volume.
Other EBS volumes will persist. This can be changed by modifying the default behavior: ‘DeleteOnTermination’.
What is the EC2 IMDS?
Instance Meta Data Service. Service running locally on EC2 instance (169.254.169.254) which exposes meta data about the instance (ipv4, hostname, security-groups, etc.)
What is an instance profile?
Container for an IAM role. It is assigned to one or more instances (but individual instances can only pertain to one instance profile)
When instance profile is configured, EC2 service periodically refreshes instance’s role based credentials (via STS). The credentials are retrieved from the instance via the IMDS.
What is a Cloudwatch based alternative to recover a failing instance?
CloudWatch Alarm can apply the recover instance action when instance is impaired
How to supplement built in instance metrics?
Install CloudWatch agent on instance
AWS Transit Gateway
Centrally manage connectivity b/t many VPCs and on prem environment(s)
Hub and spoke model.
Virtual Private Gateway
Allows direct connection b/t VPC and corporate network via VPN or AWS Direct Connect
Precursor to AWS Transit Gateway?
Does instance lose its private ipV4 address when it stops?
no
Does instance lose its public ipV4 address when it stops?
yes
What service allows more control over managing IP address-instance association?
Elastic IP
What is ‘dual-stack’ mode?
A setting in VPC which allows both ipV4 and ipV6. resources can communicate with v4, v6, or both
method by which network traffic exiting a subnet is routed
via a Route Table. Subnets associate by default with the ‘main routetable’
constituent parts of a route are…
destination (ip address) and target (local, domain)
what is mechanism by which an instance can communicate with another instance in a VPC
via a local route
enumerate difference b/t security groups and NACLs
- SG is for EC2 instances whereas NACL for VPC
- SG stateful, NACL not (traffic flow not setup without inbound/outbound rules)
- SG can only allow broad categories of traffic, NACLs can allow/deny specific types of traffic
default Amazon NACL behavior
allow all inbound and outbound traffic
main difference b/t public and private VPC?
public VPC is connected to an internet gateway
What is NAT in context of AWS?
Allow instances in private subnet to make outbound connections without exposing those instances to inbound connections. Achieved via NAT gateway. All instances share same public IP address.
how to monitor VPC traffic?
via VPC Flow Logs which can be streamed to CloudWatch logs or stored as log files in S3
how to automatically run script on instance at launch?
user data which come in 2 flavors:
- shell script
- cloud-init directives
Public vs Private subnet
Public: route table entry forwards to internet gateway
Private: route table entry to NAT gateway or NAT instance
What happens to an attached EBS volume when the EC2 instance is stopped?
The data in the volume is persisted.
What are lifecycle events that can occur for an instance in a ‘running’ state?
Start, stop, reboot
