Chapter 6 - Elastic Compute Cloud (EC2)

Question 1

What is EC2 what are it’s basic parameters?

Answer 1

EC2 is like a VM (Virtual Machine) hosted in AWS instead of your own data center.

Select the capacity you need right now.

Grow and shrink when you need.

Pay for what you use.

Wait minutes, not months.

Question 2

What are the basic EC2 pricing options?

Answer 2

On-Demand
Pay by the hour or the second, depending on the type of instance you run.

Reserved
Reserved capacity for 1 or 3 years. Up to 72% discount on the hourly charge.

Spot
Purchase unused capacity at a discount of up to 90%. Prices fluctuate with supply and demand.

Dedicated
A physical EC2 server dedicated for your use. The most expensive option.

Question 3

What is the AWS Command Line?

Answer 3

The AWS Command Line is the CLI (command line interface) for Amazon Linux.

Question 4

What distributions of Linux is Amazon Linux based upon?

Answer 4

Amazon Linux 1 & 2 = Combination of Red Hat & Fedora

Amazon Linux 2022 = Fedora with SELinux
AL2022 will have SELinux enabled and enforced by default.

Question 5

What are some fundamental Amazon Linux commands?

Answer 5

aws configure
Configure the CLI to interact with AWS

ls = list
Example: aws s3 ls

cd = change directory
Example: cd Downloads

chmod 400 filename = change the file’s permissions
Example: chmod 400 MyNVKP.pem

mb = make bucket
Example: aws s3 mb s3://bucketname

Question 6

What is the basic formatting of Amazon Linux commands?

Answer 6

Format:
aws servicename command

Example:
aws s3 ls
This command would list all the buckets in S3 in an account.

Question 7

AWS Command Line / Linux Best Practices & Compatibility

Answer 7

The Principle of Least Privilege
Always give your users the minimum amount of access required to do their job.

Use Groups
Create IAM groups and assign your users to groups.

Secret Access Key
You will only see this once! If you lose it, you can delete the access key and secret key and regenerate them. You will need to run the aws configure again.

Don’t Share Key Pairs
Each developer should have their own access key ID and secret access key. Just like passwords, they should not be shared.

Supports Linux, Windows, MacOS
You can install the CLI on your Mac, Linux or Windows PC. You can also use it on EC2 instances.

Question 8

What is an IAM Role?

Answer 8

A role is an identity you can create in IAM (Identity and Access Management) that has specific permissions.

A role is similar to a user, as it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.

However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

Question 9

Are Roles Temporary?

Answer 9

Yes. A role does not have the standard long-term credentials the same way passwords or access keys do. Instead, when you assume a role, it provides you with temporary security credentials for your role session.

Question 10

What Else Can Roles Do?

Answer 10

Roles can be assumed by people, AWS architecture, or other system-level accounts.

Roles can allow cross-account access. This allows one AWS account the ability to interact with resources in other AWS accounts.

Question 11

What is the Linux Communication Protocol & Network Port?

Answer 11

SSH = Secure Shell

Port 22

Question 12

What is the Windows Communication Protocol & Network Port?

Answer 12

RDP = Remote Desktop Protocol

Port 3389

Question 13

What is the Unencrypted Web Browsing Protocol & Network Port?

Answer 13

HTTP = Hypertext Transfer Protocol

Port 80

Question 14

What is the Encrypted Web Browsing Protocol & Network Port?

Answer 14

HTTPS = Secure Hypertext Transfer Protocol

Port 443

Question 15

What is a Security Group in AWS?

Answer 15

Security groups are virtual firewalls for your EC2 instance.

Question 16

What are the fundamental characteristics of Security Groups?

Answer 16

In real world scenarios you would only open SSH and HTTPS in order to maintain security.

Changes to security groups take effect immediately.

You can have any number of EC2 instances within a security group.

You can have multiple security groups attached to EC2 instances.

All inbound traffic is blocked by default

All outbound traffic is allowed.

Question 17

What is the fundamental purpose for Bootstrap Scripts?

Answer 17

A bootstrap script is a script that runs when the instance first runs. It passes user data to the EC2 instance and can be used to install applications (like web servers and databases), as well as do updates and more.

Question 18

What Is EC2 Metadata?

Answer 18

EC2 metadata is simply data about your EC2 instance.

This can include information such as private IP address, public IP address, hostname, security groups, etc.

Question 19

What is User Data?

Answer 19

User data is simply bootstrap scripts.

You can use bootstrap scripts (user data) to access metadata.

Question 20

What is ENI?

Answer 20

Elastic Network Interface

For basic day-to-day networking with speeds up to 10 Gbps.

Example: Perhaps you need a separate management network from your production network or a separate logging network, and you need to do this at a low cost. In this scenario, use multiple EINs for each network.

Question 21

What is EN?

Answer 21

Enhanced Networking

For when you need speeds between 10 Gbps and 100 Gbps.

Anywhere you need reliable, high throughput.

Question 22

What is EFA?

Answer 22

Elastic Fabric Adapter

For when you need to accelerate High Performance Computing (HPC) and machine learning applications, or if you need to do an OS-bypass.

If you see a scenario question mentioning HPC or ML asking what network adapter to choose, chose EFA.

Question 23

ENA vs VF?

Answer 23

In ANY scenario based question, choose ENA (Elastic Network Adapter) over VF interface (Intel 82599 Virtual Function (VF) Interface).

Question 24

What are Placement Groups?

Answer 24

A Placement Group is a methodology that allows you to influence the placement of a group of interdependent instances to meet the needs of your workload while minimizing correlated failures by placing instances in such a way that all of your instances are spread out across underlying hardware.

Question 25

What are the 3 Types of Placement Groups and their basic use cases?

Answer 25

Cluster Placement Groups
Low network latency, high network throughput

Partition Placement Groups
Multiple EC2 instances; HDFS, HBase, and Cassandra

Spread Placement Groups
Individual critical EC2 instances

Question 26

What are the fundamental characteristics of Cluster Placement Groups?

Answer 26

Grouping of instances within a single placement Availability Zone.

Recommended for applications that need low network latency, high network throughput, or both.

Only certain instance types can be launched into a cluster placement group.

Question 27

What are the fundamental characteristics of Partition Placement Groups?

Answer 27

Each partition placement group has it’s own set of racks.

Each rack has its own network and power source.

No two partitions within a placement group share the same racks, allowing you to isolate the impact of hardware failure within your application.

Used for multiple instances and you want them to be on their own dedicated network and power sources.

Question 28

What are the fundamental characteristics of Spread Placement Groups?

Answer 28

A spread placement group is a group of instances that are each placed on distinct underlying hardware.

Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other.

Used for individual instances such as a primary database and a backup database.

Question 29

Which Placement Group types can and cannot span multiple Availability Zones?

Answer 29

Cluster = No

Partition and Spread = Yes

Question 30

What types of instances CAN be launched into a Placement Group?

Answer 30

Compute optimized

GPU optimized

Memory optimized

Storage optimized

Question 31

How is merging and moving of Placement Groups handled?

Answer 31

You can’t merge placement groups.

You can move an existing instance into a placement group. Before you move the instance, the instance must be in a stopped state. You can move or remove an instance using the AWS CLI or an AWS SDK, but you can’t do it via the console yet.

Question 32

When do you choose Dedicated Hosts when dealing with licensing?

Answer 32

Choose Dedicated Hosts to answer any question that talks about special licensing requirements.

Question 33

What are EC2 Spot Instances?

Answer 33

Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS Cloud.

Question 34

What is the financial advantage of using EC2 Spot Instances?

Answer 34

Spot Instances are available at up to a 90% discount compared to On-Demand prices.

Question 35

When should you use Spot Instances?

Answer 35

Useful for any type of computing where you don’t need persistent storage.

Stateless, fault-tolerant, or flexible applications

Applications such as big data, containerized workloads, CI/CD, high-performance computing (HPC), and other test and development workloads.

Question 36

How can you block Spot Instances from terminating?

Answer 36

You can block Spot Instances from terminating by using Spot Block.

Question 37

What is a Spot Fleet?

Answer 37

A Spot Fleet is a collection of Spot Instances and (optionally) On-Demand instances.