EC2 Flashcards
___ is a web service that provides resizeable compute capacity in the cloud. It reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computiing requirements change.
ec2
____ allows you to pay a fixed rate by the hour ( oor by the secnod) with no committment
on demand
provides you with a capacity reservationo, and offer a significant discount on the hourly charge for an instance. Contract Terms are 1 year or 3 yeaar terms.
reserved
enables you to bid whatever price you want for instance capacity, providing for even greater savings if your apps have flexible start and end times.
spot
physical ec2 servers dedicated for your use. they can help you reduce costs by allowing you to use your existing server-bound software licenses.
dedicated hosts
users that want the low cost and flexibility of ec2 without any up fronot payment or long term contract will use_____
on demand
apps with short term, spiky, or unpredictble workloads thata cannot be interrupted should use ___ ec2
on demand
apps being developed or tested on ec2 for the first time should use _____ instances
on demand
apps with steady state or predictable usage should use thiss type of instance:
reserved
apps that require reserved capacity should use this type of instance
reserved
users able to make upfront payments to reduce their total computing costs even further should use this type of instance
reserved
These instnaces offer up to 75% off on demand instances. The more you pay uip front nd the longer the contract, the greater the discount.
standrd reserved instances
These instances offer up to 54% off on demand capability to change the attributes of the RI as long as the exchaange results in the creation of Reserved Instances of equal or greater value
convertible reserved instances
these instances are availble to launch within the time windows you reserve. This option allows you to match your capcaity reservtion to a predictable recurring schedule that only requires a fraction of a day, a week, or a month.
scheduled reserved instances
apps that have flexible start and end times uses this type of instance
spot pricing
apps that are only feasible at very low compute pricess use this type of intsanace
spot pricing
uesrs with urgent computing needs for larage amounts of additional capacity
spot pricing
this type of intsance is uesful for regulatory requirementss thaat maay not support multi-tenant virtualization.
dedicated hosts
thiss type of intanace is great for licensing which does not support multi-tenacy or cloud deployments.
dedicated hosts
this type of instance can be purchased on demand
dedicated hosts
Termination protection is turned ___ by default.
off
on an ebs backed instance, the default action is for the root ebs volume to be ____ when teh instance i terminated.
deleted
EBS Root volumes of your default AMIs ___ be encrypted. You ___ also uses a third party tool (such as bit locker) to encrypt the root volume, or this can be done when creating AMIs in teh AWS console or using the API.
can
All ___ traffic is blocked by default
inbound
SG
All ____ traffic is allowed
outbound
Changes to security groups take effect _____
eventually
immediately
within 1 minute
immediately
you an have ____ number of ec2 instances within a security group
any
you can have ____ security groups attached to ec2 instances.
multiple
security groups are ____
stateful
if you create a(n) ___ rule allowing traffic___, that traffic is automatically allowed ___ again.
in, in ,out
You cannot block specific IP addresses using security group, instead use ___ ___ ___ ___
network access control lists
in SG you can specifically ___ rules, but not ___ rules
allow, deny
___ ___ ___ provides persistent block storage volumes for use with ec2 instanaces in aws cloud. each___ volume is automatically replicated within its AZ to protect you from component failure, offering HA and durability.
elastic block store
name the 5 types of ebs storage
general purpoes (SSD)
provisioned IOPS (SSD)
throughput optimised hard disk drive
cold hard disk drive
magnetic
this type of ebs volume balances price and performance for a wide variety of transactional workloads
general purpose ssd
this type of ebs volume is the highest performance SSD volume designed for mission criticaal apps
provisionoed iops ssd
this type of ebs volume is low cost hdd volume designed for frequently aaccessed, throughput intensive workloads
throughput optimized hdd
this type of ebs volume is designed for less frequently accessed workloads
cold hdd
thiss type of ebs volume is a previous generation hdd
magnetic
this ebs use case = most work loads
general purpose ssd
this ebs use case = databases
provisioned iops ssd
this ebs use case = big data and data warehouses
throughput optimized hdd
this ebs use case = file servers
cold hdd
this ebs use case = workloads where data is infrequently accessed
ebs maagnetic
ebs api name for generaal purpose ssd
gp2
ebs api name for provisioned iops ssd
io1
ebs api name for throughput optimized hdd
st1
ebs api name for cold hdd
sc1
ebs api name for ebs maagnetic
standard
general purpose ssd max iops / volume
16,000
provisionied iops ssd max iops / volume
64,000
throughput optimized ssd max iops / volume
500
cold hdd max iops / volume
250
ebs mgnetic max iops / volume
40-200
general purpose ssd volume size
1GiB - 16 TiB
provisioned iops ssd volume size
4GiB-16 TiB
throughput optimized hdd volume size
500GiB - 16TiB
Cold HDD volume size
500GiB- 16 TiB
EBS Magnetic volume size
1 GiB- 1 TiB
volumes exist on ___. THink of ___ as a virtual hard disk.
EBS
_____ exist on S3. Think of ___ as a photograph of the disk.
snapshots
___ are a point in time ocpies of volumes
snapshots
Snapshots are ____ - this means that only the blocks that have changed since your last snapshot are moved to S3.
incremental
if this is your first snapshot, it may take some time to create
T or F
T
To create a snapshot for EBS volumes that serve as root devices, you should ___ the isntances before taking the snapshot
stop
you cannot take a snap while the instance is running
T or F
F
You can!
You cannot create AMIs from snapshots
False
you can!
you cannot change EBS volume sizes on the fly, including changing the size and storage type.
False, you can!
volumes will never be in the same AZ as the EC2 instance
T or F
false, they will always be in same AZ
To move an ec2 volume from one region to another, take a snapshot of it, create an AMI from the snapshot and then copy the ami from one region to the other. then use the copied AMI to launch the new EC2 instance in the new region.
T or F
t
You can select AMIs based on : pick 5:
region
OS
architecture (32 bit or 4 bit)
launch permissions
storage for the root device (instance store (ephemeral storage) (ebs backed volumes))
color
region
OS
architecture (32 bit or 4 bit)
launch permissions
storage for the root device (instance store (ephemeral storage) (ebs backed volumes))
All AMIs are categorized as either backed by EBS or backed by __ ___
instance store
For EBS volumes: the root device for an instance launched from the AMIs is an EBS volume created from an EBS snapshot
T or F
True
FOr Instance store volumes: the root device for an instance launched from the ami is an instance store volume created from a template stored in s3.
t or f
t
instance store volumes are sometimes called ____ ____
ephemeral storage
___ ___volumes cannot be stopped. If the underling host fails, you WILL lose your data.
instance store
___backed instances can be stopped. YOu will NOT lose the data on this instance if it is stopped.
EBS
YOu can reboot both EBS and instance store volumes and not lose data.
T or F
T
by default, both ___ volumes will be deleted on termination. However, with EBS volumes, you can tell AWS to keep the ___ device
root
root
ENi =
elastic network interface
what is an elastic network interface
essentially a virtual network card
EN =
enhanced networking
___ ____ uses single root IO virtualization (SR-IOV) to provide high performance networking capabilities on supported instance types.
enhanced networking
___ ___ ___ a network device that you can attach to your EC2 instance to accelerate HIGH Performance COmputing and machine learning applications.
elastic fabric adapter
These are the specs of what?
a primary private IPv4 address from the IPV4 address range of your VPC
one or more secondary private IPv4 addresses from teh IPv4 address range of our VPC
One elastic ip address (ipv4) per private ipv4 address
one public ipv4 address
one or more ipv6 addresses
one or more security groups
a MAC address
a source/destination check falg
a description
ENI
scenarios for network interfaces:
create a management network
use network and security appliances in your VPC
create dual-homed instances with workloads/roles on distinct subnets
create a low budget, high-availbility solution.
T or F
T
___ ____ uses single root IO virtualization (SR-IOV) to provide high performance networking capabilities on supported instance typoes. SR-IOV is a method of device virtualization that provides higher IO performance and lower CPU utilization when compared to traditional virtualized network interfaces.
enhanced networking
___ ____ provides higher bandwidth, high packer per second(PPS) performance, and consistently lower inter-instance latencies. There is no additional charge for using ___ ___
enhanced networking
use __ ___ where you want good network performance
enhanced networking
___ ___ ___ supports network speeds of up to 100 GBPs for supported instance types.
elastic network adapter
INtel 82599 ___ ___ interface, which supports network speeds of up to 10GBps for supported insance types. THis is typically used on older instances.
virtual function (VF)
in scenario questions choose ena over VF if given the option
seriously. choose ENA
a __ ___ ___ is a network device that you can attach to your EC2 instance to accelerate HIGH performance computing (HPC) and machine learning
elastic fabric adapter
EFA provides ___ and more consistent latency and ___ throughput than the TCP transport traditionally used in cloud based HPC systems
lower, higher
_______ enabled HPC and machine learning apps to bypass the OS kernel and to communicate directly with the EFA device. It makes it a lot faster with a lot lower latency. Not supported with WIndows currently, only Linux
OS-bypass
Match each: ENI, Enahanced Network, Elastic Fabric Adaptor
for when you need to accelerate High performance computing and machine learning apps or if you need to do an OS by pass. if you see a scenario questiuon mentioning HPC or ML and asking what network adapter you want, choose this.
______
For basic networking. perhaps you need a separate management network to your production network or a separate logging network and you need to do this at a low cost. in this scnario use multiple ___ for each network.
______
For when you need speeds between 10GBps and 100GBps. anywhere you need reliable high throughput
Elastic Fabric Adapter
for when you need to accelerate High performance computing and machine learning apps or if you need to do an OS by pass. if you see a scenario questiuon mentioning HPC or ML and asking what network adapter you want, choose this.
ENI:
For basic networking. perhaps you need a separate management network to your production network or a separate logging network and you need to do this at a low cost. in this scnario use multiple ___ for each network.
Enhanced Network:
For when you need speeds between 10GBps and 100GBps. anywhere you need reliable high throughput
T or F
snapshots of encypted volumes are encrypted automatically
T
volumes restored from encrypted snapshots are NOT encrypted automatically
T or F
False they are encrypted automatically
you can share snapshots, but only if they are unencyrpted
t or f
t
these snapshots cna be shared with other AWS accounts or even made public
T or F
t
you cna now encrypt root device volumes uppon creation of the ec2 instance
T
old encryption method of unencrypted root volume:
create snapshot of root device volume
create a copy of snapshot and select the encrypt option
create an AMI from teh encrypted snapshot
use that AMI to launch new encrypted instances
Yes
___ ____ let you take advantage of unused EC2 cap[acity in the aws cloud. ____ ___ are avialble at up to a 90% discount compared to on-demand prices. YOu can use ___ ___ for various stateless, fault-tolerant, or flexible apps, such as big data, containerized workloads, CI/CD, web servers, high performance computing (HPC) and other test and dev workloads.
spot instances
The ___ spot price varies depending on region and capacity
hourly
if the spot price goes above your max, you have ___ minutes to choose whether to stop or terminate your instance.
2
To use spot instances, you must first decide on your max spot price. THe instance will be provisioned so long as the spot price is ___ your max spot price
below
Use a ___ ___ to stop your spot instances form being temrinated even if the spot price goes over your max spot price. You can set ___ ____ for between ___ ___ hours.
spot blocks
spot blocks
one to six
____ ___ are useful for the following tasks:
big data an analytics
containerized workloads
CI/CD and testing
web servers
image and media rendering
high performance computing
spot instances
___instances are not good for:
persistent workloads
critical jobs
databases
spot
a ___ ___ is a collection of spot instances and optionally on demand instances
spot fleet
the spot fleet attempts to launch the number of spot instances and on demand instances to meet the target capacity you specified in the spot fleet request. the request for spot instances is fulfilled if there is available capacity and the max price you specified in the request ___ the current spot price. The spot fleet also attempts to maintain its target capacity fleet if your spot instances are interrupted.
exceeds
T or F
spot fleets will trya nd match the target capacity with your price restraints
True
launch pools:
setup different launch ____. define things like EC2 instance type, operating system, and AZ
you can have ____ pools, and the fleet will choose the best way to implement depending on the strategy you define
spot fleets will ___ launching instances once you reach your price threshold or capacity desire
pools
multiple
stop
lowestprice; InstancePoolsToUseCount; diversified; capacityOptimized
match with descriptions:
the spot instances come from the pool with optimal capacity for the number of instances launching
___
the spot instances are distributed across the pools
___
the spot instances come from the pool with lowest price. default
___
the spot instances are distributed across the number of spot instance pools you specify. this parameter is valid only when used in combination with lowest price.
capacityOptimized - the spot instances come from the pool with optimal capacity for the number of instances launching
___
diversified - spot instances are distributed across the pools
___
lowestprice - spot instances come from the pool with lowest price. default
___
InstancePoolsToUseCount - spot instances are distributed across the number of spot instance pools you specify. this parameter is valid only when used in combination with lowest price.
spot instances can save up to ___% of the cost of on demand instances.
90
spot instances are useful for anytype of computing where you don’t need ___ storage
persistent
you can block spot instances from terminating by using ___ ____
spot block
a __ ___ is a collection of spot instances, and optionallyu on demand instances.
spot fleet
___ saves the contents from the instance memory (RAM) to your ENS root volume. We persist the isntance’s EBS root volume and anyattache EBS data volumes.
Hibernation
When you start your instance out of hibernation:
teh EBS root volume root volume is restored to its previous state
the ram contents are reloaded
the processes that were previously running the instance are resumed.
previously attached data volumes are reattached and the instance retains its instance ID
yes
ec2 hibernate is good for:
long running processes
services that take time to initialize
yes
to use hibernation the root volume must be encyrpted
t or f
t
ec2 hibernate facts:
preserves the in memory ram on persistent storage
much faster to boot up because you dont need to reload the OS
instance RAM must be less than 150GB
instance families include c3, c4, c5, m3, m4, m5, r3, r4, and r5
available for windows, aws linux 2, ubuntu
instances can’t be hibernated for more than 60 days
yes
- EFS supports the network file system verison 4 (NFSv4) protocol
- you only pay for the storage you use (no pre-provisioning required)
- can scale up to the PB
- can support thousands of concurrent NFS connections
- data is stored across multiple AZs within a region
- read after write consistency
yes
instance metadata is used to get information about an instance. what can you get?
IP address
what does this command do?
curl http://169.254.169.254/latest/meta-data
lists instance meta data
what does this command do?
curl http://169.254.169.254/latest/user-data
gets instance user data
This service is a managed windows server that runs SMB based file services
it is designed for windows and windows apps
it supports AD users, access control lists, groups and security policies, along with distributed file system (DFS) namespaces and replication.
Windows FSx
FSx for ___ is a fully managed file system that is optimized for compute intensive workloads, sich as high perofrmance computing, machine learning, media data processing workflows, and electronic design automation (EDA)
Lustre
with FSx, you can launch and run a ____ fiule system that can process massive data sets at up to hundreds of GB per second of throughput, millions of IOPS, and sub-millisecond latencies.
lustre
FSx for Lustre can store data directly on S3
t
a cluster ___ ____ is a grouping of instances within a single AZ. ___ ____ are recommended for apps that need low network latency, high network throughput, or both.
only certain isntances can be launched into a clustered __ ___
placement group
a ___ placement group is a gorup of instances that are each placed on distinct underlying hardware.
spread
____ placement groups are recommended for apps that have a small number of critical instances that shouldbe kept seprate from each other.
spread
when using ____ placement groups, ec2 divides each group into logical segments. this uses multiple instances and isolates from hardware failure.
partition
Match the placement group:
clustered, spread, partitioned
multiple ec2 instances HDFS, HBase, and Cassandra
Low Network Latency/ HIgh Network Throughput
Individual Critical EC2 intances
partitioned - multiple ec2 instances HDFS, HBase, and Cassandra
clustered - Low Network Latency/ HIgh Network Throughput
spread - Individual Critical EC2 intances
a ___ placement group cannot span multiple Azs
clustered
___ and ___ placement groups can span multiple AZs
spread and partitioned
The name you specify for a placement group must be ____ within your AWS account.
unique
only certain types of instances can be launched in a placement group
(compute optimized, GPU, memory optimized, storage optimized)
yes
aws recommends _____ instances within clustered placement groups
homogenous
you can merge placement groups
T or F
False, you cannot merge them
you can move an existing instance into a placement group. before you move the instance, the instance must be in the stopped state. you cna move or remove an instance using the cli or sdk, you can’t do it via the console yet.
t or f
true
___ ___ ___ is a network device you can attach to hyour ec2 instance to accelerate HPC and machine learning apps.
elastic fabric adapter
aws ____ enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on aws.
batch
aws batch supports multi node ____ jobs, which allows you to run a single job that spans multiple ec2 instances
parallel
____ is an open source cluster mgmt tool that makes it easy for you to deploy and manage HPC clusters on aws.
parallel cluster
____ ____ uses a simple text file to model and provision all the resources needed for your HPC apps in an automated and secure manner.
parallel cluster
waf =
web application firewall
___ lets you monitor the http and https requests that are forwarded to cloudfront, and app load balancer or API gateway.
it also lets you control access to your content.
WAF
waf lives in what layer of OSI?
7
WAF allows 3 types of behavior
- allow all requests except the ones you specify
- block all requests except the ones you specify
- count the requests that match the properties you specify
yes
WAF characteristics you can use to block traffic:
ip addy
country
values in headers
strings in requests
length of requests
presence of SQL code that is malicious
presence of a script that is likely to be malicious
yes
Network ACLs block malicious IPs
yes
What are the 2 underlying Hypervisors for EC2?
Xen and Nitro
You cana only run a max of ___ instances per AZ in a spread placement group
7
Which AWS CLI command should I use to create a snapshot of an EBS volume?
aws ec2 create-snapshot
