EC2

Question 1

An EC2 Instance in stopped state will still be charged for ??

Answer 1

1. Storage
2. Network(free, except for EiP)

Question 2

An EC2 Instance in
Running state is charged for??

Answer 2

• memory
• storage
• Network
• CPU

Question 3

Install Stress utility

Answer 3

$sudo yum install stress -y

To run
$ stress -c 1 -t 3600

Options
-t [timeout]
-c [CPUs]

Question 4

CHMOD 400

Answer 4

For restricting access to our .pem file to master user Only. Before $ chmod 400 xyz.pem file is available to all users in the local Host

Question 5

Block Storage Structure

Answer 5

Block storage has no in-built structure,it’s just a Collection of Uniquely Addressable blocks. Its up to the OS to create a file system

Question 6

EC2 Family

Answer 6

• Compute Optimized
• Memory Optimized
• Storage Optimized
• General Purpose
• Accelerated Computing

Question 7

EC2 Instane Type

Question 8

EBS

Answer 8

Whenever a block storage is attached to an EC2, ec2 creates a FileSystem on it, such as ext3, ext4,NTFS or XFS

Question 9

EBS Life Expectancy

Answer 9

EBS volumes are detached and Persistent. They are resilient to an AZ. LifeCycle is not Linked to any Instance.

Can be Backed up into S3 as a Snapshot. Now Making EBS a regional storage.

Question 10

GP2 Use Case

Answer 10

• Boot volumes,
• low-latency interactive apps,
• dev & test

Question 11

GP3 Use Case

Answer 11

Way fastre (3000 IOPS-16,000)IOPS
- Virtual desktops,
- medium sized single instance databases such as MSSQL Server and Oracle DB,
- low-latency interactive apps,
- dev & test,
- boot volumes

Question 12

io1,io2

Answer 12

• With io1/2/BlockExpress OPS can be adjusted Independently of size..
• io1 5010PS/GB (MAX)
• io2 50010PS/GB (MAX)
• BlockExpress 100010PS/GB (MAX)
• 4 GB-16 TB i01/2
• 4 GB-64 TB BlockExpress

Question 13

EC2 Lifecycle

Answer 13

STOP
- Host is changed,
- Public ipv4 address will change to that of a new host.
- Instance Store is lost

Instance RESTART
- Host and Instance store persist

Question 14

EBS Encryption on storage vs on memory

Answer 14

When an EBS is encrypted, the data stored on the EBS is the cyphertext version, only the MAIN memory sees the Plain-Text

Question 15

DEK and Snapshots Lifecycle

Answer 15

When KMS encryption is enabled on an EBS, a new DEK is issued, and that DEK is linked to the lifespan of the Volume and all its descendants (subsequent snapshots and its copies). Encryption cannot be removed.

Question 16

Encryption transfer over new volumes

Answer 16

Every new volume uses a new unique encryption key

Question 17

Ec2 instance dns

Answer 17

EC2 instance dns (eg ec2-10-16-121-83.compute1.amazon.com) resolves to the ip address on the ENI of the ec2 instance. So does the Public ipv4 address.

Question 18

Ec2 encryption level

Answer 18

Ec2 encryption happens at the host level. This is usually between the Host and the EBS. The ec2 so is just granted the decryption keys (DEK) in other to see the plaintext.

Question 19

ENI and private ipv4 behavior during shutdown or termination.

Answer 19

The private ip address of an instance is actually attached to the ENI of the instance. Once the instance is shutdown or Terminated, that ENI is moved to a new host(out of our scope). Launching a new instance would mean collecting a new ENI which is linked to a subnet and a particular Vgc, hence, a new private ipv4

Question 20

Licensing

Answer 20

Licensing is usually done on a MAC Address. And the MAC address is usually embedded on the ENI. Therefore, for secondary ENIs(which can always be moved between instances), the License can be moved from one instance to the other.

Question 21

Security group resident

Answer 21

Security group is usually a setting attached to an ENI and not the instance, more than one instance can reference a single security group.

Question 22

Public/Private IPv4 NATting

Answer 22

Public IPv4 is controlled and manipulated by the Internet gateway. It is resolved by the gateway, the instance/ENI are not aware of the public IPv4.

Question 23

Direct IPv4 targeted applications.

Answer 23

For ip specific interactions, multiple security groups might need to be created for each of the IP Addresses to be targeted.

Question 24

Ec2 DNS hostname resolution

Answer 24

Within the vpc, the instance dns Hostname resolves to the private ip, outside the vpc, the IPv4 dns resolves to a public IPv4

Question 25

EIP

Answer 25

In order to maintain a registered dns Name on an ec2 through change of underlying hosts, use the EIP. EIP can be re-associated with any IPv4 address.

Question 26

AMI modification

Answer 26

Ami cannot be edited. You would have to Launch an instance, update the settings you want to update, and then, create a. Ew ami

Question 27

AMI ownership

Answer 27

AMI can be **Private, Public, or Shared by explicitly granting access to another AWS identity**

Question 28

AMI Pricing

Answer 28

Ami is billed to the storage cost of the AMI IT HOLDS

Question 29

AMI on running Instance

Answer 29

Always stop instance before creating AMI for best results

Question 30

move an ec2 instance from a private subnet to a public subnet

Answer 30

It's not possible to move an existing instance to another subnet, Availability Zone, or VPC. Instead, you can create a new Amazon Machine Image (AMI) from the source instance to manually migrate the instance. Next, use the new AMI to launch a new instance in the desired subnet, Availability Zone, or VPC.

Question 31

When you stop an instance

Answer 31

When you stop an instance, the instance shuts down. When you start an instance, the instance is typically migrated to a new underlying host computer and assigned a new public IPv4 address. Private ipv4 is intact

Question 32

What changes when you stop an EC2 instance?

Answer 32

When an instance stops, When you stop a running Amazon EC2 instance, several changes occur. Here are the possible changes: 1. Instance State: The instance state changes from "running" to "stopped." 2. Public IP: If your instance has a public IP address associated with it, the public IP address is released when the instance is stopped. When you start the instance again, it may get a different public IP address. 3. Elastic IP: If you have associated an Elastic IP address with the instance, the Elastic IP remains associated with the instance even when it's stopped. 4. Internal/Private IP: The internal or private IP address of the instance remains the same when the instance is stopped. 5. CPU and Memory: The instance's CPU and memory usage drop to zero while it's stopped. 6. Data on Instance Store Volumes: If your instance has instance store volumes (ephemeral storage) attached to it, the data on those volumes is lost when the instance is stopped. Instance store volumes are not designed for long-term data storage. 7. Data on EBS Volumes: If your instance has Amazon Elastic Block Store (EBS) volumes attached to it, the data on those volumes is preserved when the instance is stopped. EBS volumes are designed for persistent data storage. 8. Billing: You are not billed for the instance's running time when it's stopped. However, you are still charged for the storage associated with the instance, such as EBS volumes or EFS file systems. 9. Instance Metadata: The instance metadata remains available even when the instance is stopped. 10. Lifecycle Hooks: If you have configured lifecycle hooks for the instance, they may be triggered when the instance is stopped or the state changes. 11. Auto Scaling: If the instance is part of an Auto Scaling group, the Auto Scaling group may launch a new instance to replace the stopped instance based on its configuration. It's important to note that stopping an instance is different from terminating it. When you stop an instance, you can start it again later, and it retains its configuration and associated resources. 2. It loses the data stored on the instance RAM. 3. It loses the assigned public IPv4 address 4. if an Elastic IP address is not associated with the instance. 5. It retains assigned private IPv4 addresses, Elastic IP addresses associated with the instance, any IPv6 addresses, and any attached Amazon EBS volumes and the data on those volumes.

Question 33

AMI Copy

Answer 33

AMI can be copied from one region to another, however, the new AMI is a brand New AMI. It carries a brand new AMI ID, permissions are not transferred. However, in **Sharing AMI** directly with a trusted account, receiving identity can be granted express permissions. **Note from AWS** *You use a shared AMI at your own risk. Amazon can't vouch for the integrity or security of AMIs shared by other Amazon EC2 users. Therefore, you should treat shared AMIs as you would any foreign code that you might consider deploying in your own data center, and perform the appropriate due diligence. We recommend that you get an AMI from a trusted source, such as a verified provider.*

Question 34

Ec2 instance Check

Answer 34

**Check 1/2: System Check** - Loss of System Power - Loss of network Connectivity - Host software issues - Host hardware issues **Check 2/2: Instance Check** - Corrupted file system - Incorrect Instance Networking - OS Kernel Issues

Question 35

Ec2 **Instance** check Troubleshooting

Answer 35

1. Stop/Terminate and Start instance Manually 2. Ec2 Auto Recovery(move instance to a new Host, all instance components(ipv4,softwares and settings, etc) preserved.

Question 36

Ec2 Recovery

Answer 36

Using Cloudwatch Alarm to trigger Automatic actions on an ec2( Reboot, Restart, Shutdown, Terminate, Stop). This is dependent on the availability of Host Capacity in that AZ

Question 37

Ec2 Recovery Cons

Answer 37

Caveat: not effective against Az failure Does not work on Instance stores Volume Not supported by all types on instance

Question 38

Instance Termination Protection

Answer 38

Require express permissions to Terminate instance API call. Role separation for *enable Termination* and *Disable Termination* is highly recommended in Production Workloads

Question 39

Ec2 Vertical Scaling

Answer 39

Definition: Resizing the Instance **Notes** - There must be downtime - Scale only during Outage window or agreed Schedule

Question 40

Ec2 Horizontal Scaling

Answer 40

Definition: Smaller redundant copies of Instances sharing the Load **Features: ** Requires **Off-Host Sessions** (a node dedicated to keeping and providing session data) Server is stateless No Scaling Limit(infinite) Less Expensive Allows for more granular scaling

Question 41

Instance metaData Authentication

Answer 41

Has no Authentication, it is not encrypted

Question 42

Ec2 Instance Metadata

Answer 42

EC2 Service that provides instance data to users and services as needed **Features:** * Accessible inside ALL instances *http://169.254.169.254 * Environment * Networking(Passing SSH keys bts of instance connect) * Authentication(eg, assume role temporary credentials). * User-Data * NOT AUTHENTICATED or ENCRYPTED

Question 43

Detaching primary ENI

Answer 43

Eth0 **Can Not** be detached

Question 44

Move ENI

Answer 44

Move ENI, secondary Private IP, Security group , and Elastic IP moves too

Question 45

Multiple routes to Ec2 instance

Answer 45

This is possible by attaching more ENIs to the ec2, each with its security group

Question 46

Instance Connect vs Cloudshell

Answer 46

EC2 Instance Connect is most useful for connecting to existing EC2 instances via SSH while CloudShell is most useful for running AWS CLI commands and general purpose scripting.

Question 47

Cloudwatch Agent Log group name

Answer 47

Logstream will be named after the instance ID

Question 48

Cluster Placement and EC2 Host

Answer 48

All Instances within a cluster group are most likely running on the same host. All Instances in a cluster placement are directly connected together in an upto **10GB/s bandwidth for single Stream data transfer rate against the normal 5GBps of normal bandwidth** Single Az, Subsequent instances follow suit with the AZ of the first instance

Question 49

EC2 Placement Groups

Answer 49

Cluster - Pack instances close together *Spread - Keep instances separated * Partition - groups of instances spread apart

Question 50

Cluster Placement Latency

Answer 50

Lowest possible inter-instance Latency Max packets per session(PPS) This speed is proportional to the Instance in use High performance Networking instances Enhanced Networking enabled

Question 51

Instance connect. */var/log*

Answer 51

EC2 Logs for diagnostics, most especial user data installations */var/log* in this directory are log files use ***~ sudo cat var/log/FileName*** **Key files** - /cloud-init-output - General bootstrap logs. - /cfn-init-cmd.log -Cloudformation deployment log - /cfn-init.log - Cloudformation deployment log