EC2 Fundamentals Flashcards
True or False:
Security groups only contain allow rules.
True
What are security groups?
They act as a “firewall” on EC2 instances.
What do security groups regulate?
Access to ports
Authorized IP ranges - IPv4 and IPv6
Control of inbound network
Control of outbound network
Can a security group be attached to multiple instances?
Yes
Are security groups locked to a region / VPC combination?
Yes
Do security groups live “inside” or “outside” the EC2 instance?
Outside. If traffic is blocked, EC2 won’t see it.
What is port for SSH to log into Linux instance?
22
What is port to for FTP?
21
What is port for SFTP?
22
What is port for HTTP and HTTPS websites?
80 for HTTP
443 for HTTPS
What is port for RDP (remote desktop protocol) to log into a Windows isntance?
3389
When you get timeout when connecting to EC2 instance, where is the issue?
Within security groups
When you first download a SSH file with permissions 0644, and get “permissions too open” error, how do you fix?
chmod 0400
What user do you use to login to EC2 via SSH?
ec2-user@
What is EC2 Instance Connect?
Allows you to connect to an EC2 instance within the web browser
What is the best way to provide AWS credentials to our EC2 instances?
IAM roles
What are the 4 types of EC2 instance purchasing options?
- On-demand instances
- Reserved instances
- Spot instances
- Dedicated hosts
Describe EC2 on demand, it’s pros/cons, and best use cases
Pay for what you use. Billing per second on Windows/Linux, otherwise per hour use.
Has the highest cost but no upfront costs or long term commitment
Recommended for:
Short -term and un-interrupted workloads, where you can’t predict how the application will behave
Describe EC2 reserved instances, pros / cons, and it’s best use cases
Reserved for 1-3 years. Bigger discounts for longer time commitments, or paying more upfront.
Upfront costs can be none, partial, or all. Must reserve a specific instance type.
Recommended for steady-state usage applications (think database)
What is a convertible reserved instance?
Allows you to change the EC2 instance type during your reserved period. Up to 54% discount.
What is a scheduled reserved instance?
Launched only within time window you reserve. Best for when you only need for fraction of day / month / year.
Still requires time commitment of 1-3 years.
Describe EC2 spot instance, pros/cons, and best use cases
Instance that you can “lose” when your max price is less than the current spot price.
MOST cost efficient option. Best for workloads resilient to failure, such as: batch jobs, data analysis, image processing, distributed workloads, workloads with flexible start/end time.
NOT for databases or citical jobs.
Describe EC2 dedicated hosts, pros/cons, and best use cases
Entire physical server fully dedicated for your use. 3 year time commitment.
Most expensive options.
Best for addressing compliance requirements or for using your existing server-bound software licenses. Good for companies with strong regulatory or compliance needs, or complicated licensing models.
dedicated instances vs. dedicated hosts
Hosts are much more involved than instances.
Instances run on hardware that’s dedicated to you, but don’t have access to the underlying hardware.
What is the grace period for stopping your EC2 spot instance?
2 minutes
Describe max spot price vs. spot block
Max spot price gets you the instance while your max price > current spot price
Spot block gets an instance during a specified timeframe (1-6 hours)
True or False
Cancelling a spot request terminates spot instances.
False. You must first cancel your spot request, and then your instances.
Describe a spot fleet
Spot fleet is a set of spot instances + an optional on-demand instance.
Tries to meet a target capacity with price constraints. Can define multiple launch pools, instance types, OS, AZ. The fleet will choose what will be the cheapest to get the job done.
Describe the 3 spot instance strategies:
- lowestPrice
- diversified
- capacityOptimized
- Chooses from the pool with the lowest price(cost optimization, short workload)
- Distributes across all pools (great for availability, long workloads)
- Pool with optimal capacity for the number of instances.
Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases?
Spot instances
What should you use to control traffic in and out of EC2 instances?
Security groups
How long can you reserve an EC2 Reserved Instance?
1 year OR 3 years
You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose?
Compute Optimized
These EC2 instances are great for compute-intensive workloads requiring high-performance processors (e.g., batch processing, media transcoding, high-performance computing, scientific modeling & machine learning, and dedicated gaming servers).
Which EC2 Purchasing Option should you use for an application you plan to run on a server continuously for 1 year?
Reserved Instances
Reserved Instances are good for long workloads. You can reserve EC2 instances for 1 or 3 years.
You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instances?
EC2 User Data is used to bootstrap your EC2 instances using a bash script. This script can contain commands such as installing software/packages, download files from the Internet, or anything you want.
Which EC2 Instance Type should you choose for a critical application that uses an in-memory database?
Memory Optimized
Memory Optimized EC2 instances are great for workloads requiring large data sets in memory.
You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 Instance Type should you choose to handle this high-frequency OLTP database?
Storage Optimized
Storage Optimized EC2 instances are great for workloads requiring high, sequential read/write access to large data sets on local storage.
True or False:
Security Groups can be attached to only one EC2 instance.
False. Security Groups can be attached to multiple EC2 instances within the same AWS Region/VPC.
You’re planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your applications to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 Purchasing Option is suitable for you?
Dedicated Hosts
Dedicated Hosts are good for companies with strong compliance needs or for software that have complicated licensing models. This is the most expensive EC2 Purchasing Option available.
You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 Purchasing Option allows you to get visibility into them?
Dedicated Hosts
