Fundamentals

Question 1

What is an Availability Zone?

Answer 1

• one or more discrete data centers with redundant power, networking, and connectivity
• They’re separate from each other, so that they’re isolated from disasters
• They’re connected with high bandwidth, ultra-low latency networking

Question 2

What is a Region?

Answer 2

• has many availability zones

- min is 2, max is 6, usually 3

Question 3

What is IAM?

Answer 3

Identity Access Management is global
Made up of 
- Users (start off with no access)
- Groups
- Policies (JSON scripts)
- Roles

Question 4

What is Federation?

Answer 4

A way to integrate IAM with your own repository of users (AD Groups) via SAML

Question 5

How many Roles can be applied to an application?

Answer 5

One

Question 6

What are Root Credentials?

Answer 6

• The original user created that has full rights to everything.
• should never be used except for initial setup

Question 7

What is EC2?

Answer 7

a rented virtual machines (EC2 – Elastic Compute Cloud)

Question 8

What systems and tools can use SSH?

Answer 8

• Mac: SSH, EC2 Instance Connect
• Linux: SSH, EC2 Instance Connect
• < Win 10: Putty, EC2 Instance Connect
• > = Win 10: SSH, Putty, EC2 Instance Connect

Question 9

What are Security Groups?

Answer 9

• They control how traffic is allowed into or out of our EC2 Machines like “a firewall”
• They can be attached to multiple instances but only one region/VPC combination
• They can access IPs, IP ranges or other security groups

Question 10

What are the most common ports used?

Answer 10

SSH = port 22
HTTP = port 80

Question 11

How do i resolve a permission issue when using SSH?

Answer 11

execute “chmod 0400” to add appropriate permission

Question 12

What kind of problem is it when an application is not accessible due to timeout?

Answer 12

It is a security group issue

Question 13

When will i get a “connection refused” error?

Answer 13

When it is an application error or application is not launced

Question 14

What are the default values for inbound and outbound traffic?

Answer 14

Inbound traffic is blocked

Outbound traffic is authorized

Question 15

What are the two kinds of IPs?

Answer 15

IPv4: [0-255].[0-255].[0-255].[0-255] is most common
IPv6: 3ffe:1900:4545:3:200:f8ff:fe21:67cf solves for IOIT

Question 16

What is an Elastic IP?

Answer 16

• A static IPv4 that you own as long as it is not deleted
• It can mask the failure of an instance or software by rapidly remapping the address to another instance in your account
• Only 5 per account (but can ask AWS to increase if needed)
• Not recommended, better to use random IP with Load Balancer that has a DNS name

Question 17

What is EC2 User Data?

Answer 17

A bootstrap script which runs as the root user
Can be used to…
- Install updates
- Install software
- Download common files from the internet
- and anything else you can think of

Question 18

What are the EC2 Launch Types?

Answer 18

• On Demand Instances (short timeframe, static, pay for what you use)
• Reserved Instances (long timeframe, flexible sizing, 54% discount)
• Scheduled Reserve Instances (recurring timeframe, static, pay for what you use)
• Spot Instances (short timeframe, static, bid price as long as it is >= spot price) most cost efficient
• Spot Fleet is a set of Spot Instances + (optional) On-Demand Instances
• Dedicated Instance is a dedicated physical server for you only, can be shared with others in same account, per instance billing and possible region fee
• Dedicated Host is a dedicated physical server where we have full control and visibility to underlying sockets/cores, 3 year reservation, pricing per host

Question 19

What are the main EC2 Instance Types?

Answer 19

R for Ram intensive
C for CPU intensive
M for Medium loads
I for I/O intensive
G for GPU intensive
T2/T3 for burstable loads (uses credits built up during non bursting, can become BAD if all credits used up)

Billing typically by the second (except for t2.micro which is free)

Question 20

What is an AMI?

Answer 20

• Amazon Machine Image are images of an EC2 instance which can be private or public
• they are region specific
• they live on S3
• only charged for actual space used on S3

Question 21

How do i share an AMI with another region?

Answer 21

Owner of the source AMI must grant read permissions to the s3 bucket or EBS snapshot

Question 22

What is a placement group?

Answer 22

Provides control over the EC2 Instance strategy…

• Cluster: clusters instances into a low-latency group in a single AZ, pro:great bandwidth, con:one fails all fail
• Spread: spreads instances across underlying hardware, pro:reduced failure risk con:max 7 instances per group per AZ
• Partition: spreads instances across many different racks within AZ. pro:7 partitions per AZ and 100s of EC2 instances per group (Hadoop, Cassandra, Kafka) con: partition failures effect all EC2s in that partition

Question 23

What is an ENI?

Answer 23

Elastic Network Interface in a VPC that represents a virtal network card

• contains one primary private IP and one or more secondary IPs
• can have one or more security groups
• attaches on the fly to EC2 instances for easy failover
• bound to a single AZ

Question 24

What are the EC2 states?

Answer 24

Stop - retains data for next start
Start - first start OS boots and User Data script run, second start only OS boots
Terminate - all data and volumes destroyed
Hibernate - RAM state (<150GB) is written to file in the root EBS volume which must be encrypted. Available in (C3-5, M3-5, & R3-5), 60 day limit

Question 25

What does vertical scalability mean?

Answer 25

Increasing the size of the instance (i.e t2.micro to t2.large)

Question 26

What does horizontal scalability mean?

Answer 26

Increasing the number of instances for your application (i.e. 1 t2.large to five t2.large)

Question 27

What is High Availability?

Answer 27

Running your application in at least 2 data centers (AZs) with a goal to survive a data center loss. Usually associated with horizontal scalability (ASG) and/or just Multi-AZ(ELB, ALB)

Question 28

What is Load Balancing?

Answer 28

A way to spread loads across multiple instances and expose a single point of access through a DNS. Also known as an Elastic Load Balancer (ELB).
It can also…
- do regular health checks of your instances
- provide SSL termination (HTTPS) for your websites
- enforce stickiness with cookies

Question 29

What are the ELB Types?

Answer 29

• Classic Load Balancer (CLB)
• Application Load Balancer (ALB)
• Network Load Balancer (NLB) new generation TCP, TLS (secure TCP), UDP
• can be private (internal) or public(external)

Question 30

What is an ALB Routing Table?

Answer 30

A table used for routing traffic to target groups based on

• path in URL (example.com/users & example.com/posts)
• hostname in URL (one.example.com & other.example.com)
• query string, headers (example.com/users?id=123&order=false)

Question 31

What are Target Groups?

Answer 31

• EC2 instances (can be managed by ASG)
• ECS tasks
• Lambda functions
• IP Addresses (must be private)

Question 32

What is a Classic Load Balancer?

Answer 32

• An old generation load balancer for HTTP, HTTPs and TCP traffic
• contains a fixed hostname
• supports only one SSL certificate

Question 33

What is an Application Load Balancer?

Answer 33

• a new generation load balancer for HTTP, HTTPS, and WebSocket traffic
• contains a fixed hostname
• uses target groups for identifying the target hostname
• client details can be found in the header using …
  X-Forwarded-For (IP Address)
  X-Forwarded-Port (Port)
  X-Forwarded-Proto (Proto)
• supports SNI for using multiple SSL certificates

Question 34

What is a Network Load Balancer?

Answer 34

• a new generation load balancer for TCP & UDP traffic
• has one static IP per AZ
• can use an Elastic IP
• used for extreme performance (~100ms vs 400ms for ALB)
• supports SNI for using multiple SSL certificates

Question 35

What is stickiness?

Answer 35

Ability to control what instance a client is routed to using a “cookie” and can be set to expire on a date we set. One way to ensure session data is not lost.

Question 36

What is cross zone balancing?

Answer 36

Traffic is distributed evenly across all registered instances in all AZs. Without this set traffic is only distributed across instances in the same AZ.

• Always on for ALB
• Disabled by default for CLB (no fee is enabled) & NLB (pay $ if enabled)

Question 37

What is an SSL Certificate?

Answer 37

Secure Socket Layer that allows traffic between your clients and your load balancer to be encrypted in-flight (i.e. Comodo, Symantec, GoDaddy, etc)

Question 38

What is a TLS Certificate?

Answer 38

Transport Layer Security which is a new version of SSL (used more than SSL now)

Question 39

What is ACM?

Answer 39

AWS Certificate Manager which is used to manage the creation or upload of SSL and TLS certificates

Question 40

What is an SNI?

Answer 40

Server Name Indication requires the client to indicate the hostname of the target server in the initial handshake which will allow the server to find the correct certificate or return the default one. Only works with ALB or NLB.

Question 41

What is connection draining?

Answer 41

When an ELB stops sending new request to an instance which is de-registering (being stopped) as this may take some time. Therefore the user does not get an error.

• Can be disabled by setting wait time to zero
• Can set wait time up to 3600 seconds (default 300)

Question 42

What is an ASG?

Answer 42

Auto Scaling Group that scales out (adds) or in (removes) EC2 instances to match a desired min and max instance count.

• uses launch configuration (old, must be recreated every time) or launch templates to configure the settings (new, can have multiple versions and can be inherited from other templates)
• security by IAM roles
• no cost to use, only pay for underlying resources launched
• a cool down period can be applied before launching or terminating additional instances

Question 43

What are Scaling Policies?

Answer 43

Policies that determine when to scale in/out.

• Target Tracking (i.e. CPU to stay around 40%)
• Simple Step (i.e. CPU > 70% add 2 units and <30% then remove 1 unit)
• Scheduled (i.e. at 5PM on Fridays increase min capacity to 10 units)

Question 44

How does the default termination policy work?

Answer 44

Find the AZ which has the most number of instances and delete the one with the oldest launch configuration.

Question 45

What is a Lifecycle hook?

Answer 45

This is the ability to perform extra steps before the instance goes into service or is terminated.

Question 46

What does stateless architecture mean?

Answer 46

It means the AWS service is fully managed.

Question 47

How can i instantiate an EC2 instance quickly?

Answer 47

• Use a Golden AMI
• Use a Bootstrap script in the User Data
• Use a hybrid approach by mixing AMI and User Data

Question 48

What is a typical 3 tier Web Architecture?

Answer 48

• Public Subnet using Route53 & ELB
• Private Subnet for EC2 instances
• Private Subnet for Data (RDS, ElastiCache)

Question 49

What does Serverless mean in AWS?

Answer 49

It is a new paradigm in which the developers do not have to manage servers anymore. They just deploy code. It can include databases, messaging, storage, etc.

Question 50

Which AWS Services can be considered Serverless?

Answer 50

• Lambda
• DynamoDB
• Cognito
• API Gateway
• S3
• SNS
• SQS
• Kinesis Firehose
• Aurora Serverless
• Step Functions
• Fargate

Question 51

Why use Lambda?

Answer 51

• No servers to manage
• Limited by time - best for short executions
• Is run on demand, so not continuously running
• Scaling is automatic
• Pay per request and compute time (First 1m requests are free and .20cents thereafter/m)
• Integrated with whole AWS suite of services and programing languages (Node.js, Python, Java, C3, Golang, Powershell, Ruby, etc)
• Easy to monitor through CloudWatch

Note: Docker cannot be used with Lambda

Question 52

What are the limitations of Lambda?

Answer 52

• Memory allocation is limited 128mb -3008MB in 64mb increments
• Max execution time is 15min
• Function container (/tmp) is 512mb
• Concurrent connections are set to 1000 (can be increased)
• Function deployment size 50mb (zipped), 250mb (unzipped)
• Environment variables 4kb

Question 53

What is Lambda@Edge?

Answer 53

Lambda@Edge lets you run Node.js and Python Lambda functions to customize content that CloudFront delivers, executing the functions in AWS locations closer to the viewer. You can use Lambda functions to change CloudFront requests and responses at the following points:

After CloudFront receives a request from a viewer (viewer request)

Before CloudFront forwards the request to the origin (origin request)

After CloudFront receives the response from the origin (origin response)

Before CloudFront forwards the response to the viewer (viewer response)