Fundamentals of AWS (Part 2) & RDS, Aurora, Elasticache Flashcards

1
Q

Define Scalability

A

Scalability means that an application / system can handle greater loads by adapting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two kinds of Scalabilty?

A
  • Vertical Scalability

* Horizontal Scalability (= elasticity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Vertical Scalability?

A

Vertically scalability means increasing the size of the instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What’s a case where scalability is very common?

A

databases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name some services that can scale vertically

A

RDS, ElastiCache are services that can scale ver tically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Horizontal Scaling

A

Horizontal Scalability means increasing the number of instances / systems for your application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s high availability and what purpose does it serve?

A

High availability means running your application / system in at least 2 data centers (== Availability Zones)
• The goal of high availability is to survive a data center loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What can you use to horizontal scale: Increase number of instances?

A

Auto Scaling Group

• Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s an application of High Availability?

A

Run instances for the same application across multi AZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are load balancers?

A

Load balancers are servers that forward internet traffic to multiple servers (EC2 Instances) downstream.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why use a load balancer?

A
  • Spread load across multiple downstream instances
  • Expose a single point of access (DNS) to your application • Seamlessly handle failures of downstream instances
  • Do regular health checks to your instances
  • Provide SSL termination (HTTPS) for your websites
  • Enforce stickiness with cookies
  • High availability across zones
  • Separate public traffic from private traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s an ELB?

A

EC2 Load Balancer - is a managed load balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the three types of Load Balancers?

A

Classic Load Balancer (v1 - old generation) - 2009
• Application Load Balancer (v2 - new generation) - 2016
• Network Load Balancer (v2 - new generation) - 2017
• Overall, it is recommended to use the newer / v2 generation load balancers as they provide more features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are LB Health Checks?

A
  • Health Checks are crucial for Load Balancers
  • They enable the load balancer to know if instances it forwards traffic to are available to reply to requests
  • The health check is done on a port and a route (/health is common)
  • If the response is not 200 (OK), then the instance is unhealthy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What all do Application Load Balancers (ALB) allow you to do?

A

Application load balancers (Layer 7) allow to do:
• Load balancing to multiple HTTP applications across machines (target groups) • Load balancing to multiple applications on the same machine (ex: containers) • Load balancing based on route in URL
• Load balancing based on hostname in URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are ALB’s good for?

A

for micro services & container-based application (example: Docker & Amazon ECS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Stickiness can be enabled at what level?

A

Stickiness can be enabled at the target group level
• Same request goes to the same instance
• Stickiness is directly generated by the ALB (not the application)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Network load balancers (Layer 4) allow to do:

A

Forward TCP traffic to your instances
• Handle millions of request per seconds
• Support for static IP or elastic IP
• Less latency ~100 ms (vs 400 ms for ALB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

ALB can route based on hostname / path?

A

True
• Support routing based on hostname (users.example.com & payments.example.com)
• Support routing based on path (example.com/users & example.com/payments)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

ALB is a great fit with ___?

A

ECS (Docker)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Any Load Balancer (CLB, ALB, NLB) has a ____ host name?

A

Static

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

LB’s Scale instantaneously?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

NLB directly see this___?

A

client IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

_xx errors are client induced errors? 4 or 5?

A

4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
_xx errors are application induced errors. 4 or 5?
5 - Load Balancer Errors 503 means at capacity or no registered target
26
Check this if your LB can't connect to your application.
Security Groups
27
Explain LB stickiness.
It is possible to implement stickiness so that the same client is always redirected to the same instance behind a load balancer
28
What kind of LB's does stickiness work for?
This works for Classic Load Balancers & Application Load Balancers
29
The “cookie” used for stickiness doesn't have an expiration date you control?
False - You control the expir date
30
How does ALB support dynamic host port mapping?
With ECS
31
For public facing NLB - must attach this to maintain static IP per AZ
Elastic IP
32
Private facing: will get random private IP based on free ones at time of creation? True of False
True
33
The Lb uses what kind of SSL/TLS certificate?
X.509
34
How do you manage AWS certificates?
ACM (AWS Certificate Manager)
35
What's an Auto Scaling Group (ASG)?
The goal of an Auto Scaling Group (ASG) is to: • Scale out (add EC2 instances) to match an increased load • Scale in (remove EC2 instances) to match a decreased load • Ensure we have a minimum and a maximum number of machines running • Automatically Register new instances to a load balancer
36
Use ____ as the scaling policy for ASG
CloudWatch Alarm
37
An ASG Launch Configurations includes?
* AMI + InstanceType * EC2 User Data * EBSVolumes * Security Groups * SSH Key Pair
38
____ attached to an ASG will get assigned to EC2 instances??
IAM roles
39
What do you pay for when using an ASG?
ASG's are free. You pay for the underlying resources being launched
40
Having instances under an ASG means that if they get terminated for whatever reason, the ASG will restart them. T/ F?
True
41
ASG's will not terminate an instance marked as unhealthy by a LB?
False - It was terminate if marked unhealthy
42
Define ASG Default Termination Policy (simplified version)
1. Find the AZ which has the most number of instances | 2. If there are multiple instances in the AZ to choose from, delete the one with the oldest launch configuration
43
What's the ASG The cooldown period?
Thecooldownperiod helps to ensure that yourAutoScaling group doesn't launch or terminate additional instances before the previous scaling activity takes effect.
44
What's an EBS Volume?
• An EC2 machine loses its root volume (main drive) when it is manually terminated. • Unexpected terminations might happen from time to time (AWS would email you) • Sometimes, you need a way to store your instance data somewhere • An EBS (Elastic Block Store) Volume is a network drive you can attach to your instances while they run • It allows your instances to persist data
45
is EBS locked to AZ?
* It’s locked to an Availability Zone (AZ) | * An EBS Volume in us-east-1a cannot be attached to us-east-1b • To move a volume across, you first need to snapshot it
46
EBS Volumes have provised capacity is what sizes?q
GB, and IOPS
47
EBS VOlumes comes in 4 types?
* GP2 (SSD): General purpose SSD volume that balances price and performance for a wide variety of workloads * IO1 (SSD): Highest-performance SSD volume for mission-critical low-latency or high- throughput workloads * ST1 (HDD): Low cost HDD volume designed for frequently accessed, throughput- intensive workloads * SC1 (HDD): Lowest cost HDD volume designed for less frequently accessed workloads
48
Only these types of EBS volumes can be used as boot volumes
Only GP2 and IO1 can be used as boot volumes
49
EBS Volumes are characterized in ..?
EBS Volumes are characterized in Size | Throughput | IOPS (I/O Ops Per Sec)
50
EBS Volume Types Use cases GP2
* Recommended for most workloads • System boot volumes * Virtual desktops * Low-latency interactive apps * Development and test environments * 1 GiB - 16TiB * Small gp2 volumes can burst IOPS to 3000 * Max IOPS is 16,000... * 3 IOPS per GB, means at 5,334GB we are at the max IOPS
51
EBS Volume Types Use cases IO1
* Critical business applications that require sustained IOPS performance, or more than 16,000 IOPS per volume (gp2 limit) * Large database workloads, such as: * MongoDB, Cassandra, Microsoft SQL Server, MySQL, PostgreSQL, Oracle * 4 GiB - 16TiB * IOPS is provisioned (PIOPS) – MIN 100 - MAX 64,000 (Nitro instances) else * The maximum ratio of provisioned IOPS to requested volume size (in GiB) is 50:1
52
EBS Volume Types Use cases ST1
* Streaming workloads requiring consistent, fast throughput at a low price. • Big data, Data warehouses, Log processing * Apache Kafka * Cannot be a boot volume * 500 GiB - 16TiB * Max IOPS is 500 * Max throughput of 500 MiB/s – can burst
53
EBS Volume Types Use cases SC1
* Throughput-oriented storage for large volumes of data that is infrequently accessed * Scenarios where the lowest storage cost is important * Cannot be a boot volume * 500 GiB - 16TiB * Max IOPS is 250 * Max throughput of 250 MiB/s – can burst
54
Can make Image (AMI) from Snapshot?
True
55
EBS volumes restored by snapshots need to be?
Pre warmed
56
EBS Snapshots can be automated using
Amazon Data Lifecycle Manager
57
EBS backups use IO and you shouldn’t run them while your application is handling a lot of traffic
True
58
Max EBS snapshots?
100k
59
Can't copy EBS Snapshots across AZ or Region?
False
60
How to migrate EBS volume to different AZ?
* Snapshot the volume * (optional) Copy the volume to a different region * Create a volume from the snapshot in the AZ of your choice
61
How to encrypt an unencrypted EBS volume?
* Create an EBS snapshot of the volume * Encrypt the EBS snapshot ( using copy ) * Create new ebs volume from the snapshot ( the volume will also be encrypted ) * Now you can attach the encrypted volume to the original instance
62
Instance Store is another type of network drive?
False - It's physically attached
63
What are the pros and cons of Instance Store?
* Pros: * Better I/O performance * Good for buffer / cache / scratch data / temporary content • Data survives reboots * Cons: * On stop or termination, the instance store is lost * You can’t resize the instance store * Backups must be operated by the user
64
What if you want to increase IOPS to say 100 000 IOPS? What if you want to mirror your EBS volumes?
You would mount volumes in parallel in RAID settings!
65
Difference btw RAID 0 and RAID 1?
RAID 0 (increase performance) - RAID 1 (increased fault tolerance)
66
What's Elastic File System (EFS)?
* Managed NFS (network file system) that can be mounted on many EC2 • EFS works with EC2 instances in multi-AZ * Highly available, scalable, expensive (3x gp2), pay per use
67
Use Cases of EFS?
Use cases: content management, web serving, data sharing,Wordpress
68
Uses ____ to control access to EFS
Security Groups
69
Only compatible with Windows based AMI?
False - Only Linux
70
Root EBS Volumes of instances get terminated by default if the EC2 instance gets terminated. (you can disable that)
True
71
EFS can mount only 1 instance?
False - can mount 100's
72
How Many RDS Read replicas for read scalability?
Up to 5
73
Read Replicas can be within AZ, Cross AZ, or Cross Region?
True
74
Replication for RDS is not ASYNC and is instantly available?
False - It Is ASYNC so reads are eventually consistent
75
Replicas can be promoted to their own DB?
True
76
Apps must update ____ to leverage read replicas?
connection string
77
RDS Multi AZ is what kind of replication? SYNC or ASYNC?
SYNC
78
What's the point of RDS Multi AZ?
Not used for scaling • Increase availability • Failover in case of loss of AZ, loss of network, instance or storage failure • No manual intervention in apps
79
RDS Backups are automatically enabled in RDS?
True
80
Give some features of Automated Backups.
* Daily full snapshot of the database * Capture transaction logs in real time * => ability to restore to any point in time * 7 days retention (can be increased to 35 days)
81
RDS allows for encryption using?
AWS KMS - AES-256 encryption
82
In Flight data encryption using?
SSL certificates
83
How do you enforce SSL using PostGreSQL and MySQL?
PostgreSQL: rds.force_ssl=1 in the AWS RDS Console (Paratemer Groups) MySQL: Within the DB: GRANT USAGE ON *.* TO 'mysqluser'@'%' REQUIRE SSL;
84
How do you connect using SSL to RDS?
Provide the SSLTrust certificate (can be download from AWS) Provide SSL options when connecting to database
85
RDS DB's are usually deployed in a public subnet.
FALSE - usually deployed in a private subnet
86
RDS Security works by leveraging ____?
Security Groups - it controls who can communicate with RDS
87
IAM Policies help do what for RDS?
Who can manage AWS RDS
88
A traditional username and password and IAM users can be used to login to the DB?
True
89
What two SQL languages are supported with Aurora?
Postgres and MySQL
90
Aurora storage automatically grows in what increments and up to what size?
10GB, up to 64TB
91
Aurora can have up to how many replicas what what's the replica lag?
Up to 15 replicas and 10 ms replica lag
92
Failover is Aurora is not instantaneous?
False
93
How do you encrypt an unencrypted RDS?
unencrypted DB => snapshot => copy snapshot as encrypted => create DB from snapshot
94
RDS automatically enabled encryption at rest?
True - Is done only when you first create the DB instance
95
What's your responsibility with RDS?
* Check the ports / IP / security group inbound rules in DB’s SG * In-database user creation and permissions * Creating a database with or without public access * Ensure parameter groups or DB is configured to only allow SSL connections
96
What's AWS responsibility for RDS?
* No SSH access * No manual DB patching * No manual OS patching * No way to audit the underlying instance
97
Amazon RDS supports Transparent Data Encryption for DB encryption? What kind of instances allow this?
• Oracle or SQL Server DB instance only
98
Transparent Data Encryption (TDE) Can be used on top of KMS for RDS?
True - May affect performance
99
IAM Authentication words for what kind of RDS instances?
Works for MySQL, PostgreSQL
100
The lifespan of an IAM Auth token for RDS is how long?
15-minutes
101
Where are IAM Auth tokens generated?
AWS Credentials
102
SSL must be used when connecting to the RDS database?
True
103
Easy to use EC2 ____ to connect to the RDS database
Instance Roles
104
Aurora Serverless Only supports ___ ?
MySQL & Postgres
105
Aurora serverless DB cluster starts, shutsdown and scallers automaticall based on?
CPU / Connections
106
You can migerate from aurora cluster to serverless and viceversa?
True
107
Aurora Serverless usage is measured in ?
ACU (Aurora Capacity Units)
108
How are you billed using aurora serverless?
Billed in 5 minutes increment of ACU
109
What is ElastiCache?
ElastiCache is to get managed Redis or Memcached
110
How does ElastiCache help DB's?
Helps reduce load off of databases for read intensive workloads Helps make your application stateless
111
Cache must have an __ __ to make sure only the most current data is used in there.
Invalidation Strategy
112
Both Memcache and Redis survive reboots?
False - Only Redis
113
Redis supports what kind of security login?
Redis Auth (username / Password)