EC2 Flashcards
What are the four ways to pay for EC2?
On-Demand
Reserved
Spot
Dedicated
Conditions on payment for termination of a Spot EC2 instance
If the customer terminates the instance, they pay for the hour. If AWS terminate the instance, Amazon pays for the hour.
What’s is the scope of an AMI? (Global, regional…)
AMI’s are regional. An AMI can only be launched from the region in which is stored. However, AMI’s can be copied to other regions using the console, CLI or AWS EC2 API.
What is a more secure alternative to storing access keys on EC2 instances?
Roles are more secure and easier to manage
How many IAM roles can be associated with an EC2 instance?
You can only associate one IAM role with an EC2 instance.
When can a role be assigned to an EC2 instance?
The role can be assigned at creation time or assigned/replaced/unassigned in runtime (Actions -> Instance Settings -> Attach/Replace IAM role, Select role or “No Role”).
What is the URL to get instance metadata?
http://169.254.169.254/latest/meta-data/
What is the URL to get user data?
http://169.254.169.254/latest/user-data
Using the console, can I add a role to an EC2 instance after the instance has been launched?
Yes. Roles can be assigned/replaced/unassigned using the console after the instance has been launched (Actions -> Instance Settings -> Attach/Replace IAM role, Select role or “No Role”). Previously, roles could be assigned only when the EC2 instance was launched (that is when it was being provisioned).
Can I change permissions to a role, even if that role is already assigned to an existing EC2 instance?
Yes. These changes will take effect immediately.
Do EC2 instances need to be restarted to apply changes to Security Groups?
No, changes to Security Groups take effect immediately.
Is it possible to use the same Security Group in several EC2 instances?
Yes. You can have any number of EC2 instances within a Security Group.
Can an EC2 instance use multiple Security Groups?
Yes. You can have multiple Security Groups attached to EC2 instances.
Can you specify Deny rules using Security Groups?
No, Security Groups deny everything by default. You can only specify Allow rules.
What does it mean that Security Groups are STATEFUL?
If you create an inbound rule allowing traffic in, that traffic is automatically allowed out again.
What are the default traffic allowances for the default VPC Security Group?
The default VPC Security Group has an inbound all traffic rule from itself. So, all instances in this security group can communicate with them. It has also the usual all outbound traffic enabled.
How are instances monitored by ELB reported?
InService or OutOfService
How can I run a configuration script during launch?
You can specify User Data to run a configuration script during launch. When creating: Advanced Details -> User Data (during instance creation). In runtime: Actions -> Instance Settings -> View/Change User Data.
What types of Placement Groups exist?
- Cluster Placement Group: Low network latency, high network throughput
- Spread Placement Group: Individual critical EC2 instances
- Partition Placement Groups: Multiple EC2 instances; HDFS, HBase, and Cassandra.
If an Amazon EBS volume is an additional partition (not the root volume), can I detach it without stopping the instance?
Yes, although it may take some time.
Can the public IP address of an EC2 instance be managed in the instance?
No. The public IP address is not managed in the instance. It is instead ana lias applied as a NAT of the private IP address. It can not be managed via instance meta-data.
Which are the possible values for the “tenancy” attribute of an instance?
- default: your instance runs on shared hardware.
- dedicated: your instance runs on single-tenant hardware.
- host: your instance runs on a Dedicated Host, which is an isolated server with configurations that you can control.
What amount of access should be given to users?
Always give your users the minimum amount of access required to do their job
Can policies attached to roles be updated? When do the changes take effect?
You can update a policy attached to a role, and it will take immediate effect