EC2 Flashcards
What are the types of EC2 instances?
On-Demand - fixed fee, no commitment
Reserved - with contract
Spot - Bid
Dedicated hosts - physically dedicated system
How are you charged for a partial hour if the prices changes on a spot instance?
You will not be charged
How are you charged for a partial hour if you terminate a spot instance?
You will be charged
What are the instance types
F I G H T D R M C P X Z A U
You delete an EBS instance. What is the default protection behavior?
None, it is deleted unless termination protection was turned on
You delete an EC2 instance, Will addition EBS volumes other than root be retained?
Yes
Can default AMI root volumes be encrypted?
No.
How can you encrypt a root volume?
Use a 3rd party tool or it can be done when creating the AMI
Can EBS volumes be encrypted?
Yes, but not the root when using a default AMI
Security group fundamentals?
All inbound is blocked by default All outbound is allowed Changes take effect immediately Unlimited number of EC2 instances can use the same Sec Group Are stateful
What does stateful mean?
When a port is opened it is open for both inbound and outbound
How can you block IP addresses? Sec groups or NACL’s?
NACLS
What are the EBS Types?
GP (SSD) PIOPS (SSD) = DB-s TO (HDD) =Big data Cold (HDD) = File servers EBS Mag - Infrequently accessed
You take an EBS snapshot, where is it stored?
S3
T or F Snapshots are Full
False
How do you ensure an EBS snapshot is quiesced?
Stop the instance
Can you take an EBS snap while the instance is running?
Yes
Can you create AMI’s from volumes and snapshots?
Yes
You want to change the EBS volume size and and type. How can you do this?
You can do this on the fly
How do you move a EC2 volume to another AZ?
Take a snapshot, create an AMI then launch in the new AZ
How do you move a EC2 volume to another region?
Take a snapshot, create an AMI then move to the new region
Are snapshot of encrypted volumes encrypted?
Yes
Are encrypted volumes that are restored encrypted?
Yes
Can you share encrypted volumes?
No
Can you share snapshots?
Yes, if they are unencrypted
What are the characteristics of Instance Store
Cannot be stopped. If host is stopped or fails data is lost
You can reboot
When an instance is deleted, what will happen to an instance volume and EBS?
Both will be deleted, but you can protect the EBS volume
How do you encrypt the root volume>?
Create a snapshot
Create a copy of the snapshot
Create an AMI from the encrypted snapshot
Use that AMI to launch a new encrypted instance
What is the default cloudwatch monitoring interval?
5 min, but can be change to 1 min by turning on detailed monitoring
What is the difference between cloudwatch and cloudtrail?
Cloud watch is used to gauge performance, cloud trail is used for auditing
Features of cloud watch
Dashboards
Alarms
Events
Logs
What is a more secure way to manage an EC2 instance vs access keys?
Roles
Benefits of roles
easier to manage
can be assigned to an EC2 instance after its created
What can be used to automate a new instance build
Boot strap script
What is the URL to get instance information?
http: //169.254.169.254/latest/meta-data/
http: //169.254.169.254/latest/user-data/
What is the EFS format>
NFS V4
Pay for use
scalable to PB
Supports thousands of concurrent NFS connections
Data is stored across multiple AZs within a region
read after write consistency
Benefits of roles?
more secure
easy to manage
Can be assigned after instance creation
Can be used in any region
What is the best way to secure, centrally hundreds of EC2 instances rather than using access key and secret access key
Roles
Which of the following statements are true about containers on AWS? (Choose 5)
You can have AWS manage Kubernetes for you.
You can install and manage Kubernetes on AWS, yourself.
ECR can be used to store Docker images.
ECS allows you to control the scheduling and placement of your containers and tasks.
To be able to use ECS, you must use the ECS Agent.