Deck 1 Flashcards
S3 object size
From 1 byte to 5 TB
S3 bucket URL format
https://S3-.amazonaws.com/
S3 response when upload successful
HTTP 200 response
S3 Data consistency model
Read after write for PUTS
Eventual consistency for overwrite PUTS and DELETES
S3 objects consist in…
Key Value (sequence of bytes) Version ID Metadata Subresources (ACL, Torrent)
Things to take in account when naming S3 objects
First 16 characters determine node where S3 stores the file
Add randomness to the file name
S3 availability and durability
Availability 99,99%
Durability 99,999999999% (11 nines)
S3 storage tiers
S3 (default, 99,99% availability 99,999999999% durability)
Infrequent Access (cheaper storage fee, retrieval fee 99,9% availability 99,999999999% durability )
Reduced Redundancy Storage ( 99,99% availability 99,99% durability)
Glazier (Archival, really cheap, 3-5 hours to restore)
Is it possible to remove S3 versioning?
No, only disable
How much space is occupied when S3 versioning is enabled?
The sum of all versions
How to restore a deleted file with versioning enabled in S3?
Delete the delete marker
Is it possible to use lifecycle management in conjunction with versioning?
Yes
How many days should you wait before deleting an object from Glacier?
Glacier is designed to store objects for at least 90 days. Costs incur for 90 danys
What is an edge location in CloudFront?
Location where content will be cached
What is an origin in CloudFront?
Origin of all files that the CDN will distribute. Can be: -S3 bucket -EC2 instance -ELB -Route 53
What is a distribution in CloudFront?
Name given to the CDN.
Consists in a collection of edge locations
Types of distributions in CloudFront
- Web distribution
- RTMP (media streaming)
Is it possible to write to an edge location?
Yes
What determines the amount of time an object is cached in CloudFront?
TTL
Is it possible to clear cached objects in CloudFront?
Yes, but you will be charged
Is it possible to restrict access to contents in CloudFront?
Yes, you can use signed URLs or signed cookies
How to set up access to an S3 bucket?
ACL
Bucket Policies
Where can you store access logs for an S3 bucket?
Another bucket
Another AWS account
Ways of encrypting data in S3
- In transit:
- -SSL/TLS
- At rest:
- -Server side encryption:
- –SSE-S3 (S3 managed keys)
- –SSE-KMS (AWS Key Management Service managed keys)
- –SSE-C (Customer provided keys)
–Client side encryption
Types of Storage Gateway
- Files Gateway (NFS)
- Volumes Gateway(iSCSI)
- -Stored volumes
- -Cached volumes
- Tape Gateway (VTL)
What you can do with Snowball?
Export data from S3
Import data to S3
What is S3 transfer acceleration?
Accelerates uploads to S3 using edge locations.
User uploads to edge location and data is uploaded to S3 through AWS backbone.
What do you need to enable S3 cross region replication?
Enable versioning
S3 lifecycle management actions permitted
- Transition from standard to IA (128kb and 30 days after creation)
- Archive to glacier (30 days after transfer to IA)
- Permanently delete
Snowball types
Snowball
Snowball edge
Snowmobile
What is Import / Export?
Allows you to send disks with data to AWS.
Deprecated (currently Snowball)
What is S3 multipart upload?
Allows you to accelerate uploads by uploading multiple parts
Are you charged for the whole hour when a spot instance is terminated?
If the Spot instance is terminated by Amazon EC2, you will not be charged for a partial hour of usage.
However, if you terminate the instance yourself, you will be charged for any hour in which the instance ran.
EC2 instance families
DRMCGIFTPX
EC2 instance types
on demand, spot, reserved, dedicated hosts
EBS types
General purpose Provisioned IOPS Throughput optimized (no boot) Cold (no boot) Magnetic standard
Is it possible to connect an EBS volume to multiple EC2 instances?
No, you should use EFS instead
Is it possible to encrypt an EBS root volume from an AWS AMI?
You can’t encrypt a root volume from a created AMI. Instead, you should use a 3rd party tool or create your own AMI and encrypt it during creation
Traffic allowed by default in SG
Inbound: None
Outbound: All
How many EC2 instances per SG?
Any number
Is it possible to attach an EBS volume to an instance I. A different AZ?
No
What to do in case you need more IOPS than an EBS volume can provide?
Create more than one volume an create a RAID 0 or 10.
Amazon discourages RAID 5.
How to take a consistent snapshot from a RAID?
Application consistent snapshot.
- Freeze filesystem
- Unmount array
- Stop EC2 instance
How to take a snapshot from an EBS root volume?
Stop the EC2 instance first
Is it possible to share an encrypted snapshot?
No
How to encrypt the snapshot of an encrypted volume?
It is encrypted automatically
How to encrypt a volume restored from an encrypted volume?
It is done automatically
Is it possible to stop an instance store backed instance?
No
What will happen with root volumes on termination?
By default, all will be deleted, but you can chose to keep EBS backed root volumes during creation
How to resolve the IP address of an ELB?
It is not possible, AWS gives you a DNS name
CloudWatch host level metrics enabled by default
- CPU
- Network
- Disk (read/write, not space consumption)
- Status checks
CloudWatch monitoring types and default interval
Default monitoring, enabled by default. No cost and 5 minute interval.
Detailed monitoring, not enabled by default. Has cost and 1 minute interval.
Is it possible to us a role in a different region?
Yes, roles are universal
Instance meta-data URL
http://169.254.169.254/latest/meta-data/
Define warm up and cool down periods
Warm up period: period for the instance to start participating to the metrics
Cooldown period: amount of time between autoscaling events
What is a placement group?
A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.
Is it possible to expand a placement group to more than one AZ?
No
Is it possible to use the same name in more than one placement group?
No, name must be unique in your AWS account
Is it possible to launch any instance type in a placement group?
No, only in compute, GPU, memory or storage optimised instances
Is it possible to merge placement groups?
No
Is it possible to add an existing instance to a placement group?
No, but you can create an AMI from the instance and launch a new instance from the AMI into the placement group
Is it possible to delete an EBS snapshot used as root volume for a registered AMI?
No, you should deregister the AMI first
Is it possible to launch an AMI in a different region from where it is stored?
No, AMIs are regional. You can copy an AMI to other region using console, command line or EC2 API
How to obtain the IP address of an ELB?
ELBs don’t have predefined IPv4 addresses. You resolve to them using a DNS name
Differences between alias and CNAME
- Alias allow to resolve a zone apex
- AWS does not charge for alias resolution
Route53 routing policies
- Simple
- Weighted
- Latency
- Failover
- Geolocation
Route53 domain name number soft limit
50
What do you need in order to create a read replica in RDS?
Enable automatic backups
Maximum number of read replicas in RDS
5
Is it possible to have a read replica from a read replica?
Yes, but latency problems can appear
Is it possible to enable MultiAZ in a read replica?
No
Differences scaling RDS and DynamoDB
- RDS: hard to scale. Bigger instance or read replicas
- DynamoDB: Scales on the fly
DynamoDB consistency models
Eventual consistency ( best read performance, default) Strong consistency
Dynamoy billing blocks
Blocks of:
Read:50 (cheap)
Write:10 (expensive)
When is suitable to use ElastiCache?
Database with frequent reads and few changes
What are the charges for the data transferred from RDS masters to replicas?
None
If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines what is the maximum size RDS volume you can have by default?
6Tb
Maximum provisioned IOPS capacity on an Oracle and MySQL RDS instance (using provisioned IOPS)
30,000 IOPS
How many copies of your data do you have with Aurora?
6, 2 copies in 3 AZ
How many copies can Aurora handle loosing?
3 copies without affecting reads
2 copies without affecting writes
Types of Aurora replicas
Aurora replicas ( up to 15) MySQL replicas ( up to 5)
Redshift node configuration
- Single node ( 160Gb)
- Multinode:
- -Leader node: manages client connections, receives queries
- -Compute node:stores data, performs queries and computations (up to 128 compute nodes)
Is it possible to expand a subnet to more than one AZ?
No
How many IGW per VPC?
1
Is it possible to perform transitive peering in VPC?
No, VPC peering is done through star configuration
VPC allowed CIDR block ranges?
Between /16 and /28
What is created by default when you create a VPC?
Route table
Network ACL
Security Group
To which route table is associated a subnet when it is created?
Default
What you should disable in a NAT instance?
Source/destination check
What to do is NAT instance is the bottleneck ?
Increase instance size
How to deploy a NAT instance in HA?
- Two instances in different AZs
- Script to automate failover between them
How many NACL per subnet?
1, when you associate a new NACL, old is removed
If not associated, it is associated with default NACL
Traffic allowed by default in NACL
Default: all
Custom: any
How many subnet per NACL?
Multiple
How many VPC per region by default?
5
How many subnet to provide HA?
Minimum of 2
Difference NAT and bastion instances?
NAT to provide internet traffic to instances in private subnet
Bastion to manage instances in private subnet
Does an instance in a public subnet have internet access by default?
No, you have to assign a public address or an EIP to the instance
What AWS region(s) can I connect to via a DirectConnect connection?
Each AWS Direct Connect location enables connectivity to the geographically nearest AWS region. You can access all AWS services available in that region.
Direct Connect locations in the US can also access the public endpoints of the other AWS regions using a public virtual interface.
How many types of block devices does Amazon EC2 support?
- Instance store
- EBS
What does Amazon EBS stand for?
Elastic Block Store
What is SWF?
Simple WorkFlow Service.
Service to coordinate tasks
Main differences between SQS and SWF
- SQS has a retention period of 14 days, SWF up to 1 year for workflow executions
- SQS message oriented API, SWF task oriented API
- SWF ensures task is processed one time
SWF actors
- Starters
- Deciders
- Workers
Maximum size of an SQS message
256kb of text in any format
SQS order
Does not provide FIFO
SQS visibility timeout
12 hours
How many times a message will be delivered to SQS?
At least 1.
You should prepare your application so processing message more than one time does not generate errors or inconsistencies
How is SQS billed?
- 64kb chunks (each chunk is charged as a request. Example: 1 API call with 256kb payload is charged = 4 requests)
- first 1 million SQS requests are free
- $0,50 per million thereafter
How many messages per request in SQS?
10
Maximum payload of 256kb
SNS deliver methods
- Push notification to mobile devices
- SMS
- SQS
- HTTP endpoint
- Lambda
Main difference between SQS and SNS
SQS is pull
SNS is push
What does a “domain” refer to in Amazon SWF?
A collection of related workflows
With which protocols does RDS support SOAP?
Only HTTPS
What is bulk copy for SQL Server?
The SQL Server bulk copy feature is an efficient means of copying data from a source database to your DB instance. Bulk copy writes the data that you specify to a data file, such as an ASCII file. You can then run bulk copy again to write the contents of the file to the destination DB instance.
In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB
Instance with SQL Server Express edition?
10 Gb
Attaching methods for ENIs
You can attach an elastic network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).
If you scale your provisioned storage capacity within the month…
…your bill will be pro-rated.
Backup retention period duration?
You can set the backup retention period to between 1 and 35 days.
What configuration should be used to ensure the highest network performance (packets per second), lowest latency, and lowest jitter?
Enhanced Networking enables you to get significantly higher packet per second (PPS) performance, lower network jitter and lower latencies. This feature uses a new network virtualization stack that provides higher I/O performance and lower CPU utilization compared to traditional implementations. In order to take advantage of Enhanced Networking, you should launch an HVM AMI in VPC, and install the appropriate driver.
The Trusted Advisor service provides insight regarding which four categories of an AWS account?
Security
Fault tolerance
Cost optimizing
Performance
Which login types does AWS STS web identity federation support?
AWS STS web identity federation supports Login with Amazon, Facebook, Google, and any OpenID Connect (OICD)-compatible identity provider.
Instance types only available as Amazon EBS-backed
T2
C4
Main difference between CloudWatch and CloudTrail
CloudWatch: monitoring
CloudTrail: logging
Is it possible to move reserved instances from one region to another?
No
AWS services related with big data
- Kinesis: consume big data in real time (ex: social media)
- EMR:big data processing
- Redshift: BI
What is a resource group?
Which resource groups you can group resources that share one or more tags
VPC peering limitations
No multi region
No transitive
No CIDR overlapping
Is it possible to authenticate in the AWS console using your AD credentials?
Yes, using SAML authentication
Methodologies for encrypting data on S3?
SSE-KMS
SSE-S3
SSE-C
4 pillars well architected framework
Security
Reliability
Performance efficiency
Cost optimisation
What is needed before you can enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket?
-Enable versioning on the bucket.
-Create an AWS IAM policy to allow Amazon S3
to replicate objects on your behalf.
what you can and cannot change from an instance reservation?
You can change the instance type only within the same instance type family, or
you can change the Availability Zone. You cannot change the operating system nor the
instance type family.
What can you do with dhcp option sets?
You can specify the domain name for instances within
an Amazon VPC and identify the IP addresses of custom DNS servers, NTP servers, and
NetBIOS servers
What is a VPC endpoint?
Enables you to create a private connection between your Amazon VPC and another AWS service without requiring access over the Internet or through a NAT
instance, a VPN connection, or AWS Direct Connect. Endpoints support services within
the region only.
The default time for an Amazon SQS visibility timeout is…
… 30 seconds
The maximum time for an Amazon SQS visibility timeout is …
…12 hours
What is proxy protocol?
You can identify the originating IP address of a client connecting to your servers using TCP load balancing. Client connection information, such as IP address and port, is typically lost when requests are proxied through a load balancer.
What is Amazon CloudSearch?
Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.
Can the instances of s SG talk to each other?
Default SG - Yes
Other SGS - No
What is erased when you delete an IAM user?
When you use the AWS Management Console to delete an IAM user, IAM automatically deletes the following information for you:
The user
Any group memberships—that is, the user is removed from any IAM groups that the user was a member of
Any password associated with the user
Any access keys belonging to the user
All inline policies embedded in the user (policies that are applied to a user via group permissions are not affected)
Any associated MFA device
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?
Note that you can’t delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.
Pare meters retained when you promote a read replica
The new DB instance that is created when you promote a Read Replica retains the backup retention period, backup window period, and parameter group of the former Read Replica source.
Public IP address remains associated when instance is stopped?
For instances launched in EC2-Classic, we release the private IPv4 address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IPv4 address.
For instances launched in a VPC, a private IPv4 address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.
If you add a tag that has the same key as an existing tag on that resource…
…If you add a tag that has the same key as an existing tag on that resource, the new value overwrites the old value.
Are Reserved Instances available for Multi-AZ Deployments?
Yes
When should I choose Provisioned IOPS over Standard RDS storage?
If you use production online transaction processing (OLTP) workloads.
What is an instance profile?
An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.
How many active access keys we IAM user?
IAM permits users to have no more than two active access keys at one time.
How to improve performance of API Gateway?
Use caching
How to scale API Gateway?
It scales automatically
How to prevent attacks in API Gateway?
Use throttling
How to solve API Gateway error: “origin policy cannot be read at the remote resource”
Enable CORS
Differences between Kinesis streams and Kinesis firehose?
Streams: -uses shards -data is sent to consumers first Firehose: -analizes dará automatically using lambda
Can I encrypt connections between my application and my DB Instance using SSL?
Yes, this option is currently supported for the MySQL, MariaDB, SQL Server, PostgreSQL, and Oracle engines.
Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?
No
If your DB instance runs out of storage space or file system resources, its status will change to_____ and your
DB Instance will no longer be available.
Storage-full
Which Amazon storage do you think is the best for my database-style applications that frequently encounter
many random reads and writes across the dataset?
EBS
How to expose a snapshot only to selected accounts?
SelectPrivate, enter the IDs of those AWS accounts, and clickSave.
Define Query requests
Query requests are HTTP or HTTPS requests that use the HTTP verb GET or POST and a Query parameter named Action.
Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?
Yes
Does Amazon SQS keep track of all tasks and events in an application?
No, with SQS, you must implement your own application-level tracking, especially if your application uses multiple queues.
When editing permissions (policies and ACLs), to whom does the concept of the “Owner” refer?
The “Owner” refers to the identity and email address used to create the account AWS account.
Once a VPC is set to Dedicated hosting, is it possible to change the VPC or the instances to Default hosting?
No, yvou must re-create the VPC.
Is it possible to read Route53 internal resources from external sources?
Route53 has a security feature that prevents internal DNS from being read by external sources. The work around is to create a EC2 hosted DNS instance that does zone transfers from the internal DNS, and allows itself to be queried by external servers.
Permissions to host a website on S3
- Modify object ACL (no bucket ACL)
- Create bucket policy
It is possible to have a read replica in a different region in RDS?
Yes, for MySQL, MariaDB and Postgres instances
To access public resources in a remote region…
…you must set up a public virtual interface and establish a border gateway protocol (BGP) session.
ASG default termination policy
AZ with more instances
Oldest LC
Instance nearer to next billing hour
Is it compulsory to have AWS credentials in order to use WorkSpaces?
No, if AWS WorkSpaces is integrated with an AD
Is WorkSpaces persistent?
Yes
On WorkSpaces, all data on D:/ is backed up every…
12 hours
