Fundamentals of AWS (Part 2) & RDS, Aurora, Elasticache

Question 1

Define Scalability

Answer 1

Scalability means that an application / system can handle greater loads by adapting.

Question 2

What are the two kinds of Scalabilty?

Answer 2

• Vertical Scalability

* Horizontal Scalability (= elasticity)

Question 3

Define Vertical Scalability?

Answer 3

Vertically scalability means increasing the size of the instance

Question 4

What’s a case where scalability is very common?

Answer 4

databases

Question 5

Name some services that can scale vertically

Answer 5

RDS, ElastiCache are services that can scale ver tically.

Question 6

Define Horizontal Scaling

Answer 6

Horizontal Scalability means increasing the number of instances / systems for your application

Question 7

What’s high availability and what purpose does it serve?

Answer 7

High availability means running your application / system in at least 2 data centers (== Availability Zones)
• The goal of high availability is to survive a data center loss

Question 8

What can you use to horizontal scale: Increase number of instances?

Answer 8

Auto Scaling Group

• Load Balancer

Question 9

What’s an application of High Availability?

Answer 9

Run instances for the same application across multi AZ

Question 10

What are load balancers?

Answer 10

Load balancers are servers that forward internet traffic to multiple servers (EC2 Instances) downstream.

Question 11

Why use a load balancer?

Answer 11

• Spread load across multiple downstream instances
• Expose a single point of access (DNS) to your application • Seamlessly handle failures of downstream instances
• Do regular health checks to your instances
• Provide SSL termination (HTTPS) for your websites
• Enforce stickiness with cookies
• High availability across zones
• Separate public traffic from private traffic

Question 12

What’s an ELB?

Answer 12

EC2 Load Balancer - is a managed load balancer

Question 13

What are the three types of Load Balancers?

Answer 13

Classic Load Balancer (v1 - old generation) - 2009
• Application Load Balancer (v2 - new generation) - 2016
• Network Load Balancer (v2 - new generation) - 2017
• Overall, it is recommended to use the newer / v2 generation load balancers as they provide more features

Question 14

What are LB Health Checks?

Answer 14

• Health Checks are crucial for Load Balancers
• They enable the load balancer to know if instances it forwards traffic to are available to reply to requests
• The health check is done on a port and a route (/health is common)
• If the response is not 200 (OK), then the instance is unhealthy

Question 15

What all do Application Load Balancers (ALB) allow you to do?

Answer 15

Application load balancers (Layer 7) allow to do:
• Load balancing to multiple HTTP applications across machines (target groups) • Load balancing to multiple applications on the same machine (ex: containers) • Load balancing based on route in URL
• Load balancing based on hostname in URL

Question 16

What are ALB’s good for?

Answer 16

for micro services & container-based application (example: Docker & Amazon ECS)

Question 17

Stickiness can be enabled at what level?

Answer 17

Stickiness can be enabled at the target group level
• Same request goes to the same instance
• Stickiness is directly generated by the ALB (not the application)

Question 18

Network load balancers (Layer 4) allow to do:

Answer 18

Forward TCP traffic to your instances
• Handle millions of request per seconds
• Support for static IP or elastic IP
• Less latency ~100 ms (vs 400 ms for ALB)

Question 19

ALB can route based on hostname / path?

Answer 19

True
• Support routing based on hostname (users.example.com & payments.example.com)
• Support routing based on path (example.com/users & example.com/payments)

Question 20

ALB is a great fit with ___?

Answer 20

ECS (Docker)

Question 21

Any Load Balancer (CLB, ALB, NLB) has a ____ host name?

Answer 21

Static

Question 22

LB’s Scale instantaneously?

Answer 22

False

Question 23

NLB directly see this___?

Answer 23

client IP

Question 24

_xx errors are client induced errors? 4 or 5?

Answer 24

4

Question 25

_xx errors are application induced errors. 4 or 5?

Answer 25

5 - Load Balancer Errors 503 means at capacity or no registered target

Question 26

Check this if your LB can't connect to your application.

Answer 26

Security Groups

Question 27

Explain LB stickiness.

Answer 27

It is possible to implement stickiness so that the same client is always redirected to the same instance behind a load balancer

Question 28

What kind of LB's does stickiness work for?

Answer 28

This works for Classic Load Balancers & Application Load Balancers

Question 29

The “cookie” used for stickiness doesn't have an expiration date you control?

Answer 29

False - You control the expir date

Question 30

How does ALB support dynamic host port mapping?

Answer 30

With ECS

Question 31

For public facing NLB - must attach this to maintain static IP per AZ

Answer 31

Elastic IP

Question 32

Private facing: will get random private IP based on free ones at time of creation? True of False

Answer 32

True

Question 33

The Lb uses what kind of SSL/TLS certificate?

Answer 33

X.509

Question 34

How do you manage AWS certificates?

Answer 34

ACM (AWS Certificate Manager)

Question 35

What's an Auto Scaling Group (ASG)?

Answer 35

The goal of an Auto Scaling Group (ASG) is to: • Scale out (add EC2 instances) to match an increased load • Scale in (remove EC2 instances) to match a decreased load • Ensure we have a minimum and a maximum number of machines running • Automatically Register new instances to a load balancer

Question 36

Use ____ as the scaling policy for ASG

Answer 36

CloudWatch Alarm

Question 37

An ASG Launch Configurations includes?

Answer 37

* AMI + InstanceType * EC2 User Data * EBSVolumes * Security Groups * SSH Key Pair

Question 38

____ attached to an ASG will get assigned to EC2 instances??

Answer 38

IAM roles

Question 39

What do you pay for when using an ASG?

Answer 39

ASG's are free. You pay for the underlying resources being launched

Question 40

Having instances under an ASG means that if they get terminated for whatever reason, the ASG will restart them. T/ F?

Answer 40

True

Question 41

ASG's will not terminate an instance marked as unhealthy by a LB?

Answer 41

False - It was terminate if marked unhealthy

Question 42

Define ASG Default Termination Policy (simplified version)

Answer 42

1. Find the AZ which has the most number of instances | 2. If there are multiple instances in the AZ to choose from, delete the one with the oldest launch configuration

Question 43

What's the ASG The cooldown period?

Answer 43

Thecooldownperiod helps to ensure that yourAutoScaling group doesn't launch or terminate additional instances before the previous scaling activity takes effect.

Question 44

What's an EBS Volume?

Answer 44

• An EC2 machine loses its root volume (main drive) when it is manually terminated. • Unexpected terminations might happen from time to time (AWS would email you) • Sometimes, you need a way to store your instance data somewhere • An EBS (Elastic Block Store) Volume is a network drive you can attach to your instances while they run • It allows your instances to persist data

Question 45

is EBS locked to AZ?

Answer 45

* It’s locked to an Availability Zone (AZ) | * An EBS Volume in us-east-1a cannot be attached to us-east-1b • To move a volume across, you first need to snapshot it

Question 46

EBS Volumes have provised capacity is what sizes?q

Answer 46

GB, and IOPS

Question 47

EBS VOlumes comes in 4 types?

Answer 47

* GP2 (SSD): General purpose SSD volume that balances price and performance for a wide variety of workloads * IO1 (SSD): Highest-performance SSD volume for mission-critical low-latency or high- throughput workloads * ST1 (HDD): Low cost HDD volume designed for frequently accessed, throughput- intensive workloads * SC1 (HDD): Lowest cost HDD volume designed for less frequently accessed workloads

Question 48

Only these types of EBS volumes can be used as boot volumes

Answer 48

Only GP2 and IO1 can be used as boot volumes

Question 49

EBS Volumes are characterized in ..?

Answer 49

EBS Volumes are characterized in Size | Throughput | IOPS (I/O Ops Per Sec)

Question 50

EBS Volume Types Use cases GP2

Answer 50

* Recommended for most workloads • System boot volumes * Virtual desktops * Low-latency interactive apps * Development and test environments * 1 GiB - 16TiB * Small gp2 volumes can burst IOPS to 3000 * Max IOPS is 16,000... * 3 IOPS per GB, means at 5,334GB we are at the max IOPS

Question 51

EBS Volume Types Use cases IO1

Answer 51

* Critical business applications that require sustained IOPS performance, or more than 16,000 IOPS per volume (gp2 limit) * Large database workloads, such as: * MongoDB, Cassandra, Microsoft SQL Server, MySQL, PostgreSQL, Oracle * 4 GiB - 16TiB * IOPS is provisioned (PIOPS) – MIN 100 - MAX 64,000 (Nitro instances) else * The maximum ratio of provisioned IOPS to requested volume size (in GiB) is 50:1

Question 52

EBS Volume Types Use cases ST1

Answer 52

* Streaming workloads requiring consistent, fast throughput at a low price. • Big data, Data warehouses, Log processing * Apache Kafka * Cannot be a boot volume * 500 GiB - 16TiB * Max IOPS is 500 * Max throughput of 500 MiB/s – can burst

Question 53

EBS Volume Types Use cases SC1

Answer 53

* Throughput-oriented storage for large volumes of data that is infrequently accessed * Scenarios where the lowest storage cost is important * Cannot be a boot volume * 500 GiB - 16TiB * Max IOPS is 250 * Max throughput of 250 MiB/s – can burst

Question 54

Can make Image (AMI) from Snapshot?

Answer 54

True

Question 55

EBS volumes restored by snapshots need to be?

Answer 55

Pre warmed

Question 56

EBS Snapshots can be automated using

Answer 56

Amazon Data Lifecycle Manager

Question 57

EBS backups use IO and you shouldn’t run them while your application is handling a lot of traffic

Answer 57

True

Question 58

Max EBS snapshots?

Answer 58

100k

Question 59

Can't copy EBS Snapshots across AZ or Region?

Answer 59

False

Question 60

How to migrate EBS volume to different AZ?

Answer 60

* Snapshot the volume * (optional) Copy the volume to a different region * Create a volume from the snapshot in the AZ of your choice

Question 61

How to encrypt an unencrypted EBS volume?

Answer 61

* Create an EBS snapshot of the volume * Encrypt the EBS snapshot ( using copy ) * Create new ebs volume from the snapshot ( the volume will also be encrypted ) * Now you can attach the encrypted volume to the original instance

Question 62

Instance Store is another type of network drive?

Answer 62

False - It's physically attached

Question 63

What are the pros and cons of Instance Store?

Answer 63

* Pros: * Better I/O performance * Good for buffer / cache / scratch data / temporary content • Data survives reboots * Cons: * On stop or termination, the instance store is lost * You can’t resize the instance store * Backups must be operated by the user

Question 64

What if you want to increase IOPS to say 100 000 IOPS? What if you want to mirror your EBS volumes?

Answer 64

You would mount volumes in parallel in RAID settings!

Question 65

Difference btw RAID 0 and RAID 1?

Answer 65

RAID 0 (increase performance) - RAID 1 (increased fault tolerance)

Question 66

What's Elastic File System (EFS)?

Answer 66

* Managed NFS (network file system) that can be mounted on many EC2 • EFS works with EC2 instances in multi-AZ * Highly available, scalable, expensive (3x gp2), pay per use

Question 67

Use Cases of EFS?

Answer 67

Use cases: content management, web serving, data sharing,Wordpress

Question 68

Uses ____ to control access to EFS

Answer 68

Security Groups

Question 69

Only compatible with Windows based AMI?

Answer 69

False - Only Linux

Question 70

Root EBS Volumes of instances get terminated by default if the EC2 instance gets terminated. (you can disable that)

Answer 70

True

Question 71

EFS can mount only 1 instance?

Answer 71

False - can mount 100's

Question 72

How Many RDS Read replicas for read scalability?

Answer 72

Up to 5

Question 73

Read Replicas can be within AZ, Cross AZ, or Cross Region?

Answer 73

True

Question 74

Replication for RDS is not ASYNC and is instantly available?

Answer 74

False - It Is ASYNC so reads are eventually consistent

Question 75

Replicas can be promoted to their own DB?

Answer 75

True

Question 76

Apps must update ____ to leverage read replicas?

Answer 76

connection string

Question 77

RDS Multi AZ is what kind of replication? SYNC or ASYNC?

Answer 77

SYNC

Question 78

What's the point of RDS Multi AZ?

Answer 78

Not used for scaling • Increase availability • Failover in case of loss of AZ, loss of network, instance or storage failure • No manual intervention in apps

Question 79

RDS Backups are automatically enabled in RDS?

Answer 79

True

Question 80

Give some features of Automated Backups.

Answer 80

* Daily full snapshot of the database * Capture transaction logs in real time * => ability to restore to any point in time * 7 days retention (can be increased to 35 days)

Question 81

RDS allows for encryption using?

Answer 81

AWS KMS - AES-256 encryption

Question 82

In Flight data encryption using?

Answer 82

SSL certificates

Question 83

How do you enforce SSL using PostGreSQL and MySQL?

Answer 83

PostgreSQL: rds.force_ssl=1 in the AWS RDS Console (Paratemer Groups) MySQL: Within the DB: GRANT USAGE ON *.* TO 'mysqluser'@'%' REQUIRE SSL;

Question 84

How do you connect using SSL to RDS?

Answer 84

Provide the SSLTrust certificate (can be download from AWS) Provide SSL options when connecting to database

Question 85

RDS DB's are usually deployed in a public subnet.

Answer 85

FALSE - usually deployed in a private subnet

Question 86

RDS Security works by leveraging ____?

Answer 86

Security Groups - it controls who can communicate with RDS

Question 87

IAM Policies help do what for RDS?

Answer 87

Who can manage AWS RDS

Question 88

A traditional username and password and IAM users can be used to login to the DB?

Answer 88

True

Question 89

What two SQL languages are supported with Aurora?

Answer 89

Postgres and MySQL

Question 90

Aurora storage automatically grows in what increments and up to what size?

Answer 90

10GB, up to 64TB

Question 91

Aurora can have up to how many replicas what what's the replica lag?

Answer 91

Up to 15 replicas and 10 ms replica lag

Question 92

Failover is Aurora is not instantaneous?

Answer 92

False

Question 93

How do you encrypt an unencrypted RDS?

Answer 93

unencrypted DB => snapshot => copy snapshot as encrypted => create DB from snapshot

Question 94

RDS automatically enabled encryption at rest?

Answer 94

True - Is done only when you first create the DB instance

Question 95

What's your responsibility with RDS?

Answer 95

* Check the ports / IP / security group inbound rules in DB’s SG * In-database user creation and permissions * Creating a database with or without public access * Ensure parameter groups or DB is configured to only allow SSL connections

Question 96

What's AWS responsibility for RDS?

Answer 96

* No SSH access * No manual DB patching * No manual OS patching * No way to audit the underlying instance

Question 97

Amazon RDS supports Transparent Data Encryption for DB encryption? What kind of instances allow this?

Answer 97

• Oracle or SQL Server DB instance only

Question 98

Transparent Data Encryption (TDE) Can be used on top of KMS for RDS?

Answer 98

True - May affect performance

Question 99

IAM Authentication words for what kind of RDS instances?

Answer 99

Works for MySQL, PostgreSQL

Question 100

The lifespan of an IAM Auth token for RDS is how long?

Answer 100

15-minutes

Question 101

Where are IAM Auth tokens generated?

Answer 101

AWS Credentials

Question 102

SSL must be used when connecting to the RDS database?

Answer 102

True

Question 103

Easy to use EC2 ____ to connect to the RDS database

Answer 103

Instance Roles

Question 104

Aurora Serverless Only supports ___ ?

Answer 104

MySQL & Postgres

Question 105

Aurora serverless DB cluster starts, shutsdown and scallers automaticall based on?

Answer 105

CPU / Connections

Question 106

You can migerate from aurora cluster to serverless and viceversa?

Answer 106

True

Question 107

Aurora Serverless usage is measured in ?

Answer 107

ACU (Aurora Capacity Units)

Question 108

How are you billed using aurora serverless?

Answer 108

Billed in 5 minutes increment of ACU

Question 109

What is ElastiCache?

Answer 109

ElastiCache is to get managed Redis or Memcached

Question 110

How does ElastiCache help DB's?

Answer 110

Helps reduce load off of databases for read intensive workloads Helps make your application stateless

Question 111

Cache must have an __ __ to make sure only the most current data is used in there.

Answer 111

Invalidation Strategy

Question 112

Both Memcache and Redis survive reboots?

Answer 112

False - Only Redis

Question 113

Redis supports what kind of security login?

Answer 113

Redis Auth (username / Password)