EC2

Question 1

Instance Type

Answer 1

Allows varying combinations of CPU, memory, storage, networking

Question 2

Types of IP addresses on EC2

Answer 2

Public, Private, Elastic IP

Question 3

Private IP address

Answer 3

IP address retained when instance is stopped
Used in public and private subnets

Question 4

Public IP address

Answer 4

Dynamic address, Lost when the instance is stopped (not lost when instance is restarted)
Used in public subnet
No charge
Associated with private IP address on the instance
Cannot be moved between instances

Question 5

Elastic IP address

Answer 5

Static public IP address
You are charged if not used
Associated with a private IP address on the instance
Can be moved between instances and Elastic Network Adapters
Can be moved across AZs and remapped to a different ENI

Question 6

AMI

Answer 6

provides information required to launch an instance

Defines the OS, software, instance type, and storage for the instance

Includes:
A template for the root volume for the instance
Launch permissions
A block device mapping specifying the volumes to attach

AMIs are regional - can only launch an AMi from the region it is stored in

Can copy AMIs to other regions using console, CLI or API

Question 7

EC2 Metadata and URL

Answer 7

instance metadata is data about the EC2 instance like ami-id, istance-id, hostname, etc.

http://169.254.169.254/latest/metadata

Question 8

What are versions of Instance Metadata Service (IMDS) and what do they do?

Answer 8

IMDS v1 - older and less secure

IMDS v2 - newer, more secure and reqires a session token for authorization

Default launch settings for EC2 may disable IMDSv1 depending on settings

Question 9

EC2 User Data

Answer 9

Script that runs when instance starts for the first time

must be base64 encoded

Limited to 16kb in raw form (before base 64 encoded)

http://169.254.169.254/latest/user-data

Question 10

Elastic Placement Groups

Answer 10

Cluster, Spread, Partition

Question 11

Elastic Placement Groups Cluster

Answer 11

Packs instances close together inside an AZ. This strategy enables workloads to achieve the low-latency networks network performance necessary for tightly coupled node to node communication that is typical of HPC applications

uses enhanced networking, low network latency and high throughput for inter-instance traffic

Question 12

Elastic Placement Groups Partition

Answer 12

spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in a different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra and Kafka

partitions are located in separate AWS rack, up to 7 AZs

Question 13

Elastic Placement Groups Spread

Answer 13

strictly places a small group of instances across distinct underlying hardware to reduce correlated failures

each instance in different AWS rack

Question 14

AWS Network Interface types?

Answer 14

ENI - Elastic Network Interface
ENA - Elastic Network Adapter
EFA - Elastic Fabric Adapter

Question 15

ENI?

Can you have multiple ENI on one instance?

Can ENI be in different AZs?

Can you move an ENI to a different instance?

Answer 15

Elastic Network Interface

basic adapter type for when you don’t have any high performance requirements

can use with all instance types

if network interface attached to public subnet, the primary network interface has a private IP and optionally a public IP

Additional ENI can be attached from subnets within the same AZ

You can’t have nework interface span AZ

Yes, you can move an ENI to a different instance

Question 16

ENA

Answer 16

Elastic Network Adapter

Enhanced network performance adapter for high bandwidth and low inter-instance latency

Must choose supported instance type

Question 17

EFA

Answer 17

Elastic Fabric Adapter

Use with HPC or MPI (message passing interface) and ML use cases

Tightly coupled applications

Can use with all instance types

Question 18

How does AWS perform NAT for Public addresses

Answer 18

When the instance makes a request, the traffic goes out with source as private IP to the IGW.

The IGW performs Network Address Translation by replacing the private IP with the public IP

When the request is returned it has the destination as the Public IP and the IGW replaces the destination with the corresponding Private IP

Question 19

Private Subnet

Answer 19

By default all instances launched will not have a public IP

No route in route table pointing to IGW (igw-id)

Question 20

Public Subnet

Answer 20

By default all instances launched will have a public IP

Must have IGW attached to the VPC and NAT Gateway attached to public subnet

By default main Route table of VPC includes destination equal to subnet CIDR and target to Local (e.g. local to other subnets within the VPC) and all other traffic routed to the IGW

Question 21

How do you build a private EC2 instance(s) that can process outbound request but is unreachable from the internet?

Answer 21

Create VPC or use default
Create a public subnet and private subnet
Attach IGW to VPC
Deploy NGW into public subnet with an Elastic IP to communicate with the internet on behalf of instances in the private subnet
Create a route table different from the main RT
Configure RT with VPC cider as destination and Target as local
Configure RT for any other address to target NGW

private instance makes connects via NGW with private IP and NGW connects to IGW to make internet request

Question 22

NAT Instance

How do you use the instance vs NGW

What is preferred NAT instance or NGW

Answer 22

special AMI string that has “amzn-ami-vpc-nat” in the name; you must disable source and destination checks

In the custom route table instead of targetting the NGW for all other traffic outside the VPC CIDR, specify target as the NAT Instance

you should prefer NGW over NAT instance

Question 23

NAT GW vs NAT Instance

Answer 23

Instance
Instance managed by you
Scale up manually by changing the instance type and use enhanced networking
No HA, you can script to auto scale
HA possible using multiple NATs in multiple subnets
Need to assign security groups
Can use as bastion
Use EIP or public IP address
Can implement port forwarding through manual customization

NGW
Service managed by AWS
Fully elastic for scaling up to 45 Gbps
Provides automatic HA within an AZ and can be place in multiple AZs (different instance)
No need to assign security groups
Can’t access via SSH
Choose the EIP to associate at creation
Doesn’t support port fowarding

Question 24

What kind of EC2 instance can you stop?

What kind of EC2 instance can’t be stopped?

Answer 24

EBS instance backed

Instance store backed instance can’t be stopped

Question 25

What happens when an EC2 instance is that is stopped?

Answer 25

EBS volume remains which is chargeable, while instance changes stop
Data is lost in RAM
Instance is migrated to a different host if restarted
Private IPv4 or v6 addresses are retained; public addresses are released
Associated EIPs are retained

Question 26

What happens when you hibernate an EC2 instance and what types of instances can be hibernated?

Answer 26

Only applies to certain AMIs
Contents of RAM are saved to EBS
Must be enabled for hibernation

Question 27

What happens when you start an EC2 instance after hibernation?

Answer 27

The EBS root volume is restored to its previous state
The RAM contents re reloaded
The processes that were running previously on the instance are resumed

Question 28

What happens when you reboot an EC2 instances

Answer 28

Equivalent to an OS reboot (AWS recommends rebooting via EC2 not OS)
DNS name and all IPv2 or v6 addresses retained
Doesn’t affect billing

Question 29

What happens when you retire an EC2 instances? What other way is an instance reitred?

Answer 29

Instances may be retired if AWS detects irreparable failure of the underlying HW that hosts the instance

When an instance reaches its scheduled retirement date, it is stopped or terminated by AWS

Question 30

What is and what happens to terminated instances?

Answer 30

Terminating an instance is deleting it
Can’t be recovered once terminated
By default, the root EBS volumes are deleted

Question 31

How can you recover an EC2 instance?

Answer 31

CloudWatch can be used to monitor system status checks and recover the instance

Applies if the instance becomes impaired due to underlying HW or platform issues

Recovered instance is identical to original instance

Question 32

AWS Nitro

Answer 32

underlying platform for next generation EC2 instances

support for many virtualized or bare metal instance types

tries to eliminate performance penalty of virtualization by access bare metal

breaks functions into specialized HW with Nitro Hypervisor

specialized HW includes:
nitro cards for VPC
nitro cards for EBS
nitro cards for Instance Storage
nitro cards for controller
nitro security chip
nitro hypervisor
nitro enclaves

Question 33

Benefits of Nitro

Answer 33

Improves performance, security, and innovation:

performance close to bare meta for virtual instances
ENA and EFA use Nitro
more bare metal instance types
higher network performance
HPC optimizations
Dense storage instances

Question 34

Nitro Enclaves

Answer 34

isolated compute environments
runs on isolated hardened VMs
no persistent storage, interactive access or external networking
uses cryptographic attestation to ensure only authorized code is running
integrates with AWS KMS
protects and securely processes highly sensitive data (PII, PHI, Financial data and Intellectual property)

Question 35

EC2 Pricing Options

Answer 35

On-demand
Reserved
Spot
Dedicated Instances
Dedicated Hosts
Savings Plan

Question 36

Name and describe types of Reserved Instance ?

Answer 36

Standard RI - change AZ, instance size (Linux) and networking type - use ModifyReservedInstance API

Covertable RI - can change AZ, instance size (Linux) and networking type, change family, OS, tenancy and payment option - use ExchangeReservedInstances API

both terms are 1 or 3 years

Can pay all upfront, partial upfront or no upfront but discount of up to 75% will vary with lower upfront payments

Question 37

How is the discount applied for Reserved Instances?

Answer 37

When teh attributes of a used instance match the attributes of the RI the discount is applied

Question 38

EC2 On Demand Capacity Reservation

Answer 38

Reserve compute capacity for your EC2s in specific AZ
Any duration
Mitigates against risk of being unable to get on demand capacity
Doesn’t require any long term commitments and can be cancelled at any time

Question 39

When you create a reservation for EC2 On Demand what do you specify?

Answer 39

AZ
number of instances
instance attributes - type, tenancy, platform/OS

Question 40

What type of savings plans?

Answer 40

Compute Savings Plan
EC2 Savings Plan

Question 41

Compute Savings Plan

Answer 41

1 or 3 year commitment of usage of Fargate, Lambda, and EC2
Any region, family, size, tenancy and OS

Question 42

EC2 Savings Plan

Answer 42

1 or 3 year commitment of usage of EC2 within a selected region and instance family
Any size, tenancy and OS

Question 43

Spot Instances

Answer 43

One or more EC2 instances

up to 90% discount

can define separate OD/spot capacity targets, spot price, instance type and AZs

you get a 2 minute warning if AWS needs to reclaim capacity available via instance meta data and cloud watch events

Question 44

Spot Fleet

Answer 44

launces and maintains the number of Spot/on-demand instances to meet specified target capacity

Question 45

EC2 Fleet

Answer 45

launches and maintains specified number of spot / on-demand / RI in a single API call

Question 46

Spot Block

Answer 46

Need uninterrupted capacity for set duration of time

Pricing is 30-45% less than on demand