Fundamentals of AWS (Part 2) & RDS, Aurora, Elasticache Flashcards
Define Scalability
Scalability means that an application / system can handle greater loads by adapting.
What are the two kinds of Scalabilty?
- Vertical Scalability
* Horizontal Scalability (= elasticity)
Define Vertical Scalability?
Vertically scalability means increasing the size of the instance
What’s a case where scalability is very common?
databases
Name some services that can scale vertically
RDS, ElastiCache are services that can scale ver tically.
Define Horizontal Scaling
Horizontal Scalability means increasing the number of instances / systems for your application
What’s high availability and what purpose does it serve?
High availability means running your application / system in at least 2 data centers (== Availability Zones)
• The goal of high availability is to survive a data center loss
What can you use to horizontal scale: Increase number of instances?
Auto Scaling Group
• Load Balancer
What’s an application of High Availability?
Run instances for the same application across multi AZ
What are load balancers?
Load balancers are servers that forward internet traffic to multiple servers (EC2 Instances) downstream.
Why use a load balancer?
- Spread load across multiple downstream instances
- Expose a single point of access (DNS) to your application • Seamlessly handle failures of downstream instances
- Do regular health checks to your instances
- Provide SSL termination (HTTPS) for your websites
- Enforce stickiness with cookies
- High availability across zones
- Separate public traffic from private traffic
What’s an ELB?
EC2 Load Balancer - is a managed load balancer
What are the three types of Load Balancers?
Classic Load Balancer (v1 - old generation) - 2009
• Application Load Balancer (v2 - new generation) - 2016
• Network Load Balancer (v2 - new generation) - 2017
• Overall, it is recommended to use the newer / v2 generation load balancers as they provide more features
What are LB Health Checks?
- Health Checks are crucial for Load Balancers
- They enable the load balancer to know if instances it forwards traffic to are available to reply to requests
- The health check is done on a port and a route (/health is common)
- If the response is not 200 (OK), then the instance is unhealthy
What all do Application Load Balancers (ALB) allow you to do?
Application load balancers (Layer 7) allow to do:
• Load balancing to multiple HTTP applications across machines (target groups) • Load balancing to multiple applications on the same machine (ex: containers) • Load balancing based on route in URL
• Load balancing based on hostname in URL
What are ALB’s good for?
for micro services & container-based application (example: Docker & Amazon ECS)
Stickiness can be enabled at what level?
Stickiness can be enabled at the target group level
• Same request goes to the same instance
• Stickiness is directly generated by the ALB (not the application)
Network load balancers (Layer 4) allow to do:
Forward TCP traffic to your instances
• Handle millions of request per seconds
• Support for static IP or elastic IP
• Less latency ~100 ms (vs 400 ms for ALB)
ALB can route based on hostname / path?
True
• Support routing based on hostname (users.example.com & payments.example.com)
• Support routing based on path (example.com/users & example.com/payments)
ALB is a great fit with ___?
ECS (Docker)
Any Load Balancer (CLB, ALB, NLB) has a ____ host name?
Static
LB’s Scale instantaneously?
False
NLB directly see this___?
client IP
_xx errors are client induced errors? 4 or 5?
4
_xx errors are application induced errors. 4 or 5?
5 - Load Balancer Errors 503 means at capacity or no registered target
Check this if your LB can’t connect to your application.
Security Groups
Explain LB stickiness.
It is possible to implement stickiness so that the same client is always redirected to the same instance behind a load balancer
What kind of LB’s does stickiness work for?
This works for Classic Load Balancers & Application Load Balancers
The “cookie” used for stickiness doesn’t have an expiration date you control?
False - You control the expir date
How does ALB support dynamic host port mapping?
With ECS
For public facing NLB - must attach this to maintain static IP per AZ
Elastic IP
Private facing: will get random private IP based on free ones at time of creation? True of False
True
The Lb uses what kind of SSL/TLS certificate?
X.509
How do you manage AWS certificates?
ACM (AWS Certificate Manager)
What’s an Auto Scaling Group (ASG)?
The goal of an Auto Scaling Group (ASG) is to:
• Scale out (add EC2 instances) to match an increased load
• Scale in (remove EC2 instances) to match a decreased load
• Ensure we have a minimum and a maximum number of machines running • Automatically Register new instances to a load balancer
Use ____ as the scaling policy for ASG
CloudWatch Alarm
An ASG Launch Configurations includes?
- AMI + InstanceType
- EC2 User Data
- EBSVolumes
- Security Groups
- SSH Key Pair
____ attached to an ASG will get assigned to EC2 instances??
IAM roles
What do you pay for when using an ASG?
ASG’s are free. You pay for the underlying resources being launched
Having instances under an ASG means that if they get terminated for whatever reason, the ASG will restart them. T/ F?
True
ASG’s will not terminate an instance marked as unhealthy by a LB?
False - It was terminate if marked unhealthy
Define ASG Default Termination Policy (simplified version)
- Find the AZ which has the most number of instances
2. If there are multiple instances in the AZ to choose from, delete the one with the oldest launch configuration
What’s the ASG The cooldown period?
Thecooldownperiod helps to ensure that yourAutoScaling group doesn’t launch or terminate additional instances before the previous scaling activity takes effect.
What’s an EBS Volume?
• An EC2 machine loses its root volume (main drive) when it is manually terminated.
• Unexpected terminations might happen from time to time (AWS would email you)
• Sometimes, you need a way to store your instance data somewhere
• An EBS (Elastic Block Store) Volume is a network drive you can attach
to your instances while they run
• It allows your instances to persist data
is EBS locked to AZ?
- It’s locked to an Availability Zone (AZ)
* An EBS Volume in us-east-1a cannot be attached to us-east-1b • To move a volume across, you first need to snapshot it
EBS Volumes have provised capacity is what sizes?q
GB, and IOPS
EBS VOlumes comes in 4 types?
- GP2 (SSD): General purpose SSD volume that balances price and performance for a wide variety of workloads
- IO1 (SSD): Highest-performance SSD volume for mission-critical low-latency or high- throughput workloads
- ST1 (HDD): Low cost HDD volume designed for frequently accessed, throughput- intensive workloads
- SC1 (HDD): Lowest cost HDD volume designed for less frequently accessed workloads
Only these types of EBS volumes can be used as boot volumes
Only GP2 and IO1 can be used as boot volumes
EBS Volumes are characterized in ..?
EBS Volumes are characterized in Size | Throughput | IOPS (I/O Ops Per Sec)
EBS Volume Types Use cases GP2
- Recommended for most workloads • System boot volumes
- Virtual desktops
- Low-latency interactive apps
- Development and test environments
- 1 GiB - 16TiB
- Small gp2 volumes can burst IOPS to 3000
- Max IOPS is 16,000…
- 3 IOPS per GB, means at 5,334GB we are at the max IOPS
EBS Volume Types Use cases IO1
- Critical business applications that require sustained IOPS performance, or more than 16,000 IOPS per volume (gp2 limit)
- Large database workloads, such as:
- MongoDB, Cassandra, Microsoft SQL Server, MySQL, PostgreSQL, Oracle
- 4 GiB - 16TiB
- IOPS is provisioned (PIOPS) – MIN 100 - MAX 64,000 (Nitro instances) else
- The maximum ratio of provisioned IOPS to requested volume size (in GiB) is 50:1
EBS Volume Types Use cases ST1
- Streaming workloads requiring consistent, fast throughput at a low price. • Big data, Data warehouses, Log processing
- Apache Kafka
- Cannot be a boot volume
- 500 GiB - 16TiB
- Max IOPS is 500
- Max throughput of 500 MiB/s – can burst
EBS Volume Types Use cases SC1
- Throughput-oriented storage for large volumes of data that is infrequently accessed
- Scenarios where the lowest storage cost is important
- Cannot be a boot volume
- 500 GiB - 16TiB
- Max IOPS is 250
- Max throughput of 250 MiB/s – can burst
Can make Image (AMI) from Snapshot?
True
EBS volumes restored by snapshots need to be?
Pre warmed
EBS Snapshots can be automated using
Amazon Data Lifecycle Manager
EBS backups use IO and you shouldn’t run them while your application is handling a lot of traffic
True
Max EBS snapshots?
100k
Can’t copy EBS Snapshots across AZ or Region?
False
How to migrate EBS volume to different AZ?
- Snapshot the volume
- (optional) Copy the volume to a different region
- Create a volume from the snapshot in the AZ of your choice
How to encrypt an unencrypted EBS volume?
- Create an EBS snapshot of the volume
- Encrypt the EBS snapshot ( using copy )
- Create new ebs volume from the snapshot ( the volume will also be encrypted )
- Now you can attach the encrypted volume to the original instance
Instance Store is another type of network drive?
False - It’s physically attached
What are the pros and cons of Instance Store?
- Pros:
- Better I/O performance
- Good for buffer / cache / scratch data / temporary content • Data survives reboots
- Cons:
- On stop or termination, the instance store is lost
- You can’t resize the instance store
- Backups must be operated by the user
What if you want to increase IOPS to say 100 000 IOPS? What if you want to mirror your EBS volumes?
You would mount volumes in parallel in RAID settings!
Difference btw RAID 0 and RAID 1?
RAID 0 (increase performance) - RAID 1 (increased fault tolerance)
What’s Elastic File System (EFS)?
- Managed NFS (network file system) that can be mounted on many EC2 • EFS works with EC2 instances in multi-AZ
- Highly available, scalable, expensive (3x gp2), pay per use
Use Cases of EFS?
Use cases: content management, web serving, data sharing,Wordpress
Uses ____ to control access to EFS
Security Groups
Only compatible with Windows based AMI?
False - Only Linux
Root EBS Volumes of instances get terminated by default if the EC2 instance gets terminated. (you can disable that)
True
EFS can mount only 1 instance?
False - can mount 100’s
How Many RDS Read replicas for read scalability?
Up to 5
Read Replicas can be within AZ, Cross AZ, or Cross Region?
True
Replication for RDS is not ASYNC and is instantly available?
False - It Is ASYNC so reads are eventually consistent
Replicas can be promoted to their own DB?
True
Apps must update ____ to leverage read replicas?
connection string
RDS Multi AZ is what kind of replication? SYNC or ASYNC?
SYNC
What’s the point of RDS Multi AZ?
Not used for scaling
• Increase availability
• Failover in case of loss of AZ, loss of network, instance or storage failure
• No manual intervention in apps
RDS Backups are automatically enabled in RDS?
True
Give some features of Automated Backups.
- Daily full snapshot of the database
- Capture transaction logs in real time
- => ability to restore to any point in time
- 7 days retention (can be increased to 35 days)
RDS allows for encryption using?
AWS KMS - AES-256 encryption
In Flight data encryption using?
SSL certificates
How do you enforce SSL using PostGreSQL and MySQL?
PostgreSQL: rds.force_ssl=1 in the AWS RDS Console (Paratemer Groups)
MySQL: Within the DB:
GRANT USAGE ON . TO ‘mysqluser’@’%’ REQUIRE SSL;
How do you connect using SSL to RDS?
Provide the SSLTrust certificate (can be download from AWS) Provide SSL options when connecting to database
RDS DB’s are usually deployed in a public subnet.
FALSE - usually deployed in a private subnet
RDS Security works by leveraging ____?
Security Groups - it controls who can communicate with RDS
IAM Policies help do what for RDS?
Who can manage AWS RDS
A traditional username and password and IAM users can be used to login to the DB?
True
What two SQL languages are supported with Aurora?
Postgres and MySQL
Aurora storage automatically grows in what increments and up to what size?
10GB, up to 64TB
Aurora can have up to how many replicas what what’s the replica lag?
Up to 15 replicas and 10 ms replica lag
Failover is Aurora is not instantaneous?
False
How do you encrypt an unencrypted RDS?
unencrypted DB => snapshot => copy snapshot as encrypted => create DB from snapshot
RDS automatically enabled encryption at rest?
True - Is done only when you first create the DB instance
What’s your responsibility with RDS?
- Check the ports / IP / security group inbound rules in DB’s SG
- In-database user creation and permissions
- Creating a database with or without public access
- Ensure parameter groups or DB is configured to only allow SSL connections
What’s AWS responsibility for RDS?
- No SSH access
- No manual DB patching
- No manual OS patching
- No way to audit the underlying instance
Amazon RDS supports Transparent Data Encryption for DB encryption? What kind of instances allow this?
• Oracle or SQL Server DB instance only
Transparent Data Encryption (TDE) Can be used on top of KMS for RDS?
True - May affect performance
IAM Authentication words for what kind of RDS instances?
Works for MySQL, PostgreSQL
The lifespan of an IAM Auth token for RDS is how long?
15-minutes
Where are IAM Auth tokens generated?
AWS Credentials
SSL must be used when connecting to the RDS database?
True
Easy to use EC2 ____ to connect to the RDS database
Instance Roles
Aurora Serverless Only supports ___ ?
MySQL & Postgres
Aurora serverless DB cluster starts, shutsdown and scallers automaticall based on?
CPU / Connections
You can migerate from aurora cluster to serverless and viceversa?
True
Aurora Serverless usage is measured in ?
ACU (Aurora Capacity Units)
How are you billed using aurora serverless?
Billed in 5 minutes increment of ACU
What is ElastiCache?
ElastiCache is to get managed Redis or Memcached
How does ElastiCache help DB’s?
Helps reduce load off of databases for read intensive workloads
Helps make your application stateless
Cache must have an __ __ to make sure only the most current data is used in there.
Invalidation Strategy
Both Memcache and Redis survive reboots?
False - Only Redis
Redis supports what kind of security login?
Redis Auth (username / Password)
