High Availability and Scalability: ELB & ASG

Question 1

What are the 4 goals of an Auto Scaling Group?

Answer 1

1. Add EC2 instances to match an increased load
2. Remove EC2 instances to match a decreased load
3. Ensure we have min and max number of machines running
4. Automatically register new instances to a load balancer

Question 2

True or False

It is possible to scale an ASG based on CloudWatch alarms

Answer 2

True

Question 3

ASG scaling policies are based on what?

Answer 3

Any metric you want. It can be CPU, Network, or even more custom metrics or based on a schedule (if you know your visitors’ patterns)

Question 4

What is the pricing for ASG?

Answer 4

ASG are free. You pay for underlying resources being launched.

Question 5

When will ASG terminate instances?

Answer 5

ASG will terminate instances marked as unhealthy by a load balancer and replace them with a new instance

Question 6

Name the 4 ASG Scaling Policies

Answer 6

Target Tracking Scaling
eg. I want average CPU to stay around 40%

Simple / Step Scaling
eg. When alarm triggered, add 2 units

Scheduled Actions
eg. increased min capacity to 10 on Fridays

Predictive Scaling
continuously forecast load and schedule scaling ahead

Question 7

Good metrics to scale ASG on?

Answer 7

• CPU Utilization
• request counts per target
• average network in / network out
• any custom metric in CloudWatch

Question 8

What is an ASG scaling cooldown?

Answer 8

After scaling activity happens, there is a cooldown period where ASG will not launch or terminate instances.

This time is to allow metrics to stabilize.

Question 9

How does ASG default termination policy work?

Answer 9

1. Find AZ with most number of instances
2. If multiple instances in AZ to choose from, delete the one with the oldest launch configuration
3. ASG tries to balance number of instances across AZ

Question 10

When can you add lifecycle hooks into ASG?

Answer 10

1. between pending and in service

2. between terminating and terminated

Question 11

Pros/Cons of Launch Template vs Launch Configuration in ASG

Answer 11

With Launch Templates (newer) you can:

• have multiple versions
• create parameter subsets
• provision using on-demand or spot instances (or mix)
• can utilize T2 unlimited burst feature
• must only be created once

Question 12

You scale an EC2 instance from r4.large to r4.4xlarge.

Is this vertical or horizontal scalability?

Answer 12

Vertical Scalability

Question 13

You run an application on an Auto Scaling Group that scales the number of EC2 instances.

Is this vertical or horizontal scalability?

Answer 13

Horizontal Scalability

Question 14

True or False

Elastic Load Balancers provide a static DNS name we can use in our application.

Answer 14

True.

Only Network Load Balancer provides both static DNS name and static IP. While, Application Load Balancer provides a static DNS name but it does NOT provide a static IP. The reason being that AWS wants your Elastic Load Balancer to be accessible using a static endpoint, even if the underlying infrastructure that AWS manages changes.

Question 15

You are running a website on 10 EC2 instances fronted by an Elastic Load Balancer. Your users are complaining about the fact that the website always asks them to re-authenticate when they are moving between website pages. You are puzzled because it’s working just fine on your machine and in the Dev environment with 1 EC2 instance. What could be the reason?

Answer 15

The ELB does not have Stick Sessions enabled.

ELB Sticky Session feature ensures traffic for the same client is always redirected to the same target (e.g., EC2 instance). This helps that the client does not lose his session data.

Question 16

You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances. It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer’s IP addresses. What should you do to get the IP address of clients connected to your website?

Answer 16

Modify your website’s backend to get the client IP address from the X-Forwarded-For header.

When using an Application Load Balancer to distribute traffic to your EC2 instances, the IP address you’ll receive requests from will be the ALB’s private IP addresses. To get the client’s IP address, ALB adds an additional header called “X-Forwarded-For” contains the client’s IP address.

Question 17

You hosted an application on a set of EC2 instances fronted by an Elastic Load Balancer. A week later, users begin complaining that sometimes the application just doesn’t work. You investigate the issue and found that some EC2 instances crash from time to time.

What should you do to protect users from connecting to the EC2 instances that are crashing?

Answer 17

Enable ELB Health Checks.

When you enable ELB Health Checks, your ELB won’t send traffic to unhealthy (crashed) EC2 instances.

Question 18

You are working as a Solutions Architect for a company and you are required to design an architecture for a high-performance, low-latency application that will receive millions of requests per second.

Which type of Elastic Load Balancer should you choose?

Answer 18

Network Load Balancer provides the highest performance and lowest latency if your application needs it.

Question 19

Application Load Balancers support the following protocols, EXCEPT:

a. HTTP
b. HTTPS
c. TCP
d. WebSocket

Answer 19

c. TCP

Application Load Balancers support HTTP, HTTPS and WebSocket

Question 20

Application Load Balancers can route traffic to different Target Groups based on the following, EXCEPT:

a. Client’s location (geography)
b. Hostname
c. Request URL Path
d. Source IP Address

Answer 20

a. Client’s location (geography)

ALBs can route traffic to different Target Groups based on URL Path, Hostname, HTTP Headers, and Query Strings.

Question 21

Registered targets in a Target Groups for an Application Load Balancer can be one of the following, EXCEPT:

a. EC2 Instances
b. Network Load Balancer
c. Private IP Addresses
d. Lambda Functions

Answer 21

b. Network Load Balancer

Question 22

For compliance purposes, you would like to expose a fixed static IP address to your end-users so that they can write firewall rules that will be stable and approved by regulators.

What type of Elastic Load Balancer would you choose?

a. Application Load balancer with an elastic IP attached to it
b. Network load balancer
c. Classic load balancer

Answer 22

b. Network load balancer

Network Load Balancer has one static IP address per AZ and you can attach an Elastic IP address to it. Application Load Balancers and Classic Load Balancers have a static DNS name.

Application load balancers can not have an elastic IP attached to them.

Question 23

You want to create a custom application-based cookie in your Application Load Balancer. Which of the following you can use as a cookie name?

a. AWSALBAPP
b. APPUSERC
c. AWSALBTG
d. AWSALB

Answer 23

b. APPUSERC

The following cookie names are reserved by the ELB (AWSALB, AWSALBAPP, AWSALBTG).

Question 24

You have a Network Load Balancer that distributes traffic across a set of EC2 instances in us-east-1. You have 2 EC2 instances in us-east-1b AZ and 5 EC2 instances in us-east-1e AZ. You have noticed that the CPU utilization is higher in the EC2 instances in us-east-1b AZ. After more investigation, you noticed that the traffic is equally distributed across the two AZs.

How would you solve this problem?

Answer 24

Enable cross-zone load balancing.

When Cross-Zone Load Balancing is enabled, ELB distributes traffic evenly across all registered EC2 instances in all AZs.

Question 25

Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener?

Answer 25

server name indication (SNI)

Question 26

You have an Application Load Balancer that is configured to redirect traffic to 3 Target Groups based on the following hostnames:

users. example.com,
api. external.example.com, and
checkout. example.com.

You would like to configure HTTPS for each of these hostnames. How do you configure the ALB to make this work?

Answer 26

Server Name Indication (SNI) allows you to expose multiple HTTPS applications each with its own SSL certificate on the same listener.

Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

Question 27

You have an application hosted on a set of EC2 instances managed by an Auto Scaling Group that you configured both desired and maximum capacity to 3. Also, you have created a CloudWatch Alarm that is configured to scale out your ASG when CPU Utilization reaches 60%.

Your application suddenly received huge traffic and is now running at 80% CPU Utilization. What will happen?

Answer 27

Nothing. The Auto Scaling Group can’t go over the maximum capacity (you configured) during scale-out events.

Question 28

You have an Auto Scaling Group fronted by an Application Load Balancer. You have configured the ASG to use ALB Health Checks, then one EC2 instance has just been reported unhealthy.

What will happen to the EC2 instance?

Answer 28

The ASG will terminate the EC2 instance.

You can configure the Auto Scaling Group to determine the EC2 instances’ health based on Application Load Balancer Health Checks instead of EC2 Status Checks (default). When an EC2 instance fails the ALB Health Checks, it is marked unhealthy and will be terminated while the ASG launches a new EC2 instance.

Question 29

Your boss asked you to scale your Auto Scaling Group based on the number of requests per minute your application makes to your database.

What should you do?

Answer 29

You need to create a CloudWatch Custom Metric, then create a CloudWatch Alarm. There’s no CloudWatch Metric for “requests per minute” for backend-to-database connections.

Question 30

A web application hosted on a fleet of EC2 instances managed by an Auto Scaling Group. You are exposing this application through an Application Load Balancer. Both the EC2 instances and the ALB are deployed on a VPC with the following CIDR 192.168.0.0/18.

How do you configure the EC2 instances’ security group to ensure only the ALB can access them on port 80?

Answer 30

Add an inbound rule with port 80, and ALB’s security group as the source.

This is the most secure way of ensuring only the ALB can access the EC2 instances. Referencing by security groups in rules is an extremely powerful rule.

Question 31

There is an Auto Scaling Configured running in eu-west-2 region, that is configured to spawn into two Availability Zones eu-west-2a and eu-west-2b. Currently, 3 EC2 instances are running in eu-west-2a and 4 EC2 instances are running in eu-west-2b. The ASG is about to scale in.

Which EC2 instance will get terminated?

Answer 31

The EC2 instance in eu-west-2b with the oldest launch template version.

Make sure you remember the Default Termination Policy for Auto Scaling Group. It tries to balance across AZs first, then terminates based on the age of the Launch Configuration.

Question 32

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000.

Which Scaling Policy should you use?

Answer 32

Target tracking policy

Question 33

Your application hosted on EC2 instances managed by an Auto Scaling Group suddenly receives a spike in traffic which triggers your ASG to scale out and a new EC2 instance has been launched. The traffic continuously increases but the ASG doesn’t launch any new EC2 instances immediately but after 5 minutes.

What is a possible cause for this behavior?

Answer 33

Cooldown Period

For each Auto Scaling Group, there’s a Cooldown Period after each scaling activity. In this period, the ASG doesn’t launch or terminate EC2 instances. This gives time to metrics to stabilize. The default value for the Cooldown Period is 300 seconds (5 minutes).