EC2 Flashcards
When first creating an EC2, what are the main 7 resources you configure on your EC2?
- OS
- CPU
- RAM
- Storage - EBS/EFS
- Network Card - speed/public IP
- Firewall Rules - Security Group
- Bootstrap script - EC2 User Data
What IAM user does the EC2 Bootstrap script run as?
root user
If you stop and then start an EC2 instance, the Bootstrap script will run again on startup.
True or False?
False - the bootstrap script will only run at the initial creation of the EC2 (very first startup)
Every time you start and stop an EC2 instance it will get a new private IPv4 address.
True or False?
False - it is the public IPv4 that will change when you restart an EC2 instance. The private IPv4 will NEVER change.
What are the 4 common EC2 instance types?
- General Purpose
- Compute Optimized
- Memory Optimized
- Storage Optimized
You are creating a web server that needs to have a balanced performance between compute, memory, storage, and networking.
What EC2 instance type should you choose?
General Purpose - this EC2 instance type is great for a diversity of workloads that require balanced performance.
You were tasked of picking the best EC2 instance type for you companies app. The EC2 needs to be able to handle very high performance processing workloads such as batch processing, and media transcoding.
What EC2 instance type should you choose?
Compute Optimized - this EC2 instance type is great for compute intensive tasks that require high performance processing
Your application requires an EC2 Instance that has fast performance for workloads that process large data sets in memory.
What EC2 instance type should you choose?
Memory Optimized - this EC2 instance type is great when you need to perform a lot of actions in memory.
Your application requires high, sequential read and write access to large data sets on local storage.
What EC2 instance type should you choose?
Storage Optimized - this EC2 instance type is great for storage intensive tasks that require high sequential read & write access to large data sets in local storage.
You are tasked with running a batch workload on an EC2 instance. The batch workload should take a short time to finish, however once the batch workload starts it should run uninterrupted. Cost is not an issue for the company.
What EC2 Purchasing Option would best fit these requirement?
On-Demand Instance - is great for short uninterrupted workloads. This purchasing option is pay/second.
What are the 8 EC2 Purchasing Options?
- On-Demand Instances
- Reserved Instances
- Convertible Reserved Instances
- Savings Plan
- Spot Instances
- Dedicated Instances
- Dedicated Hosts
- Capacity Reservation
How many years can you reserve an EC2 instance with the Reserved Instances Purchasing Option?
1 or 3 years (no in-between)
If you need to run a long term workload with an that requires flexibility when it comes to using EC2 instance types.
What EC2 Purchasing Option should you choose?
Convertible Reserved Instance - 1 or 3 years reserve period and you can convert your EC2 instances to different types if necessary.
When should you use the Savings Plan Purchasing Option for EC2?
When you can commit to an amount of usage (dollars/hr) of the EC2 upfront.
The EC2 Saving Plan must be purchased for either 1 or 3 years.
True or False?
True - The Savings Plan, and Reserved Instances are 1 or 3 years
After you pass the usage limit you set on the EC2 Savings Plan Purchasing Option, your EC2 will automatically stop itself to prevent accruing any further costs.
True or False?
False - it will continue to run and begin to charge you the On-Demand price (pay/second)
If you have to run a critical job on an EC2 Instance that cannot be stopped once it has started until finished.
What EC2 Purchasing Option should you NOT use?
Spot Instances - Spot instances go to the highest bidder. You can lose the instance you are using at any time.
If you need to run server bound software (needs to interact with the lower level server hardware), strict compliance requirements, or complicated software licensing.
What EC2 Purchasing Option should you choose?
Dedicated Hosts - you get your own physical server with EC2 instance capacity fully dedicated to your use.
What are the purchasing plans for EC2 Dedicated Hosts?
On-Demand, and 1 or 3 years. Dedicated Hosts is the most expensive purchasing option.
If you need to run instances with dedicated hardware, but don’t ned access to lower level server hardware.
What EC2 Purchasing Option should you choose?
Dedicated Instances - similar to Dedicated Hosts but you don’t won the entire server, just the hardware that your EC2 Instances run on.
When should you use EC2 Capacity Reservations as your Purchasing Option?
When you want to reserve a certain EC2 capacity in a specific AZ for any duration.
What is the charge rate for the EC2 Capacity Reservations?
On-Demand (pay/second)
What resource acts as a “Firewall” for you EC2 instance? Authorizing inbound and outbound traffic.
Security Groups
Security Groups contain Deny and Allow rules so you can fine-tune traffic to your EC2 Instance.
True or False?
False - Security Groups only contain Allow rules. If the request is not coming from an allowed destination then they will be denied by default.
A Security Group can be attached to multiple EC2 Instances.
True or False?
True - the Security Group does not belong to a specific resource. it can be used anywhere/.
An EC2 instance can only have 1 Security Group attached to it.
True or False?
False - an EC2 can have multiple Security Groups attached to it.
A Security Group Rule consists of what 2 main components?
The port to allow traffic from, and the authorized IP ranges or authorized security group.
Security Groups can have rules that allow traffic from other Security Groups.
True or False?
True - Security Group A can allow traffic from another Security Group B. This means EC2 instances with Security Group B attached can communicate to the EC2 instances with Security Group A attached.
If traffic to the EC2 Instance is blocked by the Security Group, the EC2 will see the request was rejected.
True or False?
False - the Security Group lives outside the EC2 Instance. The traffic will be blocked before it ever reaches the EC2
Security Groups are Global, and can be used in any region.
True or False?
False - Security Groups are locked down to region/VPC combination.
If your app is hosted on an EC2 and it appears to not be accessible (results in a timeout). What is most likely the issue?
It’s a Security Group issue
What are the default rules for a Security group?
- All inbound traffic is blocked
- All outbound trafic is allowed
What are the 6 classic Ports to know in networking?
- 22 - SSH (for linux)
- 21 - FTP
- 22 - SFTP
- 80 - HTTP
- 443 - HTTPS
- 3389 - RDP (for windows)
What is the only way you should ever attach AWS credentials to an EC2 Instance?
IAM Roles - any alternative is a security risk
What are the two storage solutions you can attach to your EC2 instances?
EBS and EFS
What is an EBS volume?
A network drive you can attach to your instances for storage.
EBS Volumes will persist data even after the EC2 instance is terminated.
True or False?
True - EBS is a network drive (best to think of it as a network usb stick plugged into an EC2 instance)
