EC2

Question 1

What is one of the main limitations of EC2 and its associated EBS volume?

Answer 1

It’s all AZ specific e.g. Network interface or EBS cannot cross/connect AZ’s they are isolated

AMI’s etc covered separately

Question 2

What is EC2 good for?

Answer 2

• Long-running compute
• Server style apps
• Burst or steady-state load
• Monolithic application stacks
• Migrated app workloads or DR

STRENGTH - blast radius within one AZ

Question 3

What type of workload would you use general purpose EC2 type for?

Answer 3

Default - Diverse workloads, equal resource ratio

Should use this type as starting point

Question 4

What type of workload would you use Compute Optimised EC2 type for?

Answer 4

Media processing, HPC, Scientific modelling, gaming, machine learning

Offer high performance CPUs

Question 5

What type of workload would you use Memory Optimised EC2 type for?

Answer 5

Processing large in -memory datasets, some database workloads

Question 6

What type of workload would you use Accelerated Computing EC2 type for?

Answer 6

Hardware GPU, Field programmable gate arrays (FPGA’s)

Question 7

What type of workload would you use Storage Optimised EC2 type for?

Answer 7

Sequential and random IO - scale-out transactional db’s, data warehousing, elasticsearch, analytics worklaods

Large amounts of fast local storage, many io ops per second

Question 8

How is storage throughput calculated? and how do you maximise

Answer 8

IO (block) Size x IOPS = Throughput

i.e. IO is like size of wheels on the car

E.g. 16k, 64k, 1Mb x 1, 2 seconds = xx MB/S

Maximising either will increase throughput although there are maximums depending on type of storage

Question 9

Is EBS resilient across multiple AZ’s?

Answer 9

Volume = ONE AZ, but HA/Resilient in that AZ

If entire AZ has issues then could go down

Can be SSD or HDD (varying performance iops)

Question 10

How is EBS billed?

Answer 10

Billed GB/M ( amount of time volume exists and size) IF you use for half month then less etc.

GB/M fee regardless of instance state

Question 11

What are the 4 EBS volume types?

Answer 11

• General purpose SSD (gp2)
• Provisioned IOPS SSD (io1)
• Throughput optimised HDD (st1)
• Cold HDD (sc1)

Question 12

What is the dominant performance attribute of each of the 4 EBS volume types?

Answer 12

• General purpose SSD (gp2) IOPS
• Provisioned IOPS SSD (io1) IOPS
• Throughput optimised HDD (st1) THROUGHPUT MiB/s
• Cold HDD (sc1) THROUGHPUT MiB/s

Question 13

In what situation would you choose Provisioned IOPs SSD (io1)?

Answer 13

IO1 should be used when:

• High IOPs
• Latency
• Ability to pick performance separate from size
• Small volume sizes with high IO requirements

Question 14

When can instance store volumes be attached to an EC2 instance?

Answer 14

Only at launch

Question 15

How long does the data persist for on an instance store volume?

Answer 15

Storage is temporary/ephemeral as a result non-persistent and lost on instance restart, resize or hardware failure

Trade off is that instance store volumes have the highest performance

Question 16

Why use EBS?

Answer 16

• Highly available and reliable storage
• Persist independently from EC2 instance
• Clusters - multi attach feature of io1
• Region resilience backup (can be automated vs instance store)
• If you only require up to 64,000 IOPS and 1000 MiB/s per VOLUME OR
• Up to 80,000 IOPS and 2,375 MB/S per INSTANCE

Question 17

Why use instance store?

Answer 17

• Great value (included in the price of the instance provisioned) if you don’t care about it being permanent
• Performance is superior as its directly connected more than 80,000 IOPS & 2,375, good for caching speeds etc. like db products
• Stateless services e.g. web services that do media processing, temp storage
• You want to guarantee no data is left over when the system is terminated or restarted etc

Question 18

How can you improve resilience of EBS volumes and make snapshots region resilient?

Answer 18

Store them on S3

Question 19

How can you migrate or copy EBS volumes to other AZ’s or regions?

Answer 19

Use of snapshots, can be attached to other EC2 instance

To aware of:

• Snaps restore lazily - fetched gradually therefore reads in the interim may happen from S3 which is slower performance
• Can force a read of data immediately (pulling all data from S3 to new volume hence good performance immediately (use FSR - fast snapshot restore, 50 per region limit and costs extra)

Question 20

If a snapshot of an encrypted EC2 is created which encryption key will be used to decrypt?

Answer 20

The same one used to encrypt will be used to decrypt via KMS. Brand new EBS volume will have new key.

Exam power ups:

• OS is not aware of the encryption - no performance loss
• Can’t change volume to not be encrypted
• AWS accounts can be setup to encrypt by default - default CMK

Question 21

How many regions can an AMI work in?

Answer 21

One Region, only works in one region

Can be copied between regions (includes snapshots)

Question 22

How can you edit an AMI?

Answer 22

AMI cannot be edited.. launch instance, update configuration and make a new AMI

Permissions are defaulted to your account

Question 23

What is the best practice way to grant AWS services permissions to other AWS services on your behalf?

Answer 23

IAM Role - can allow service to assume role e.g. EC2 instance roles can allow anything running in the instance to assume - must create an ‘instance profile’ on EC2.

Instance Roles - credentials inside the meta-data, iam/security-credentials/role-name, cred are auto rotated hence always valid, app need to be careful about caching

Should ALWAYS use roles as opposed to access keys