IAM

Question 1

What does IAM stand for?

Answer 1

Identity and Access Management

Question 2

Can Groups in IAM overlap on users

Answer 2

Yes

Question 3

IAM Policy

Answer 3

is a json file that state what a group or user is allowed to do

Question 4

Is User Console Region specific?

Answer 4

no, user is allowed in all regions

Question 5

What is a User Group

Answer 5

It is

Question 6

Will attaching IAM Policy at a group level add the permissions to all users?

Answer 6

YES

Question 7

What is an inline Policy?

Answer 7

A policy for a single users

Question 8

What does a policy JSON consists of?

Answer 8

At least Version, and Statement,

Question 9

What does a Statement of policy JSON consists of?

Answer 9

Sid - statement id some string
Effect: Allow / Deny
Action: “” - list of action that should be allowed.
e.g iam:Get*
Resource: the resource that the permision is refering to

Question 10

IAM Password policy

Answer 10

minimum length
special characters
changing IAM Users password
password expiration
prevent re-use

Question 11

Hardware OTP tokens

Answer 11

TOTP - time based
HOTP - counter based

Question 12

What are 3 ways to access AWS?

Answer 12

Management Console
CLI
SDK

Question 13

What is an IAM Role

Answer 13

Permissions for a AWS Service that needs to access some our resources. e.g. a EC2 Instance trying to access S3 Bucket

Question 14

What is IAM Last Acessed

Answer 14

list of all users and their credentials

Question 15

What does IAM Access Advisor?

Answer 15

Shows what permissions are used by user and allow to revoke the unused ones (least priviledge principle)

Question 16

What is shared responsibility model?

Answer 16

There are some elements that AWS is responsible for and some that us as a user are.

Question 17

What is a AWS Budget?

Answer 17

It is a threshold that will alarm us when we reach a particular spending goal. Even multiple times. (at. 85%, 100% or forecasted spent is 100%)

Question 18

What is AWS EC2?

Answer 18

Elastic Compute Cloud (IaaS)

Question 19

What does AWS EC2 consists of?

Answer 19

Renting virtual machines (EC2)
Storing data on virtual drives (EBS)
Distributing load across machines (ELB)
Scaling the services using an auto scaling group (ASG)

Question 20

What OS can be put on EC2?

Answer 20

Linux, Windows or Mac OS

Question 21

How to bootstrap EC2?

Answer 21

Using EC2 User data script.

Question 22

What does bootstraping mean?

Answer 22

Installing updates, software

Question 23

What are the EC2 Types?

Answer 23

e.g m5.2xlarge
m - class
5 - generation
2xlarge - size

-> compute optimized (start with C)
-> Memory optimized (R - RAM, X and Z)
-> Storage Optimized - for Databases (

Question 24

What are Security Groups?

Answer 24

Define what’s allowed in and out and where.
Can reference IP or other Security Group
a.k.a Firewall
divided into inbound and outbound

Question 25

What allows referencing security groups to other ones?

Answer 25

Allowing for a direct connection between EC2 instances that reference each others security groups

Question 26

What is a port for Remote Desktop Protocol a.k.a logging into windows instance

Answer 26

3389

Question 27

When we encouter a timeout while connecting to the instance what can be causing it?

Answer 27

missing security group config

Question 28

Is there a limit how many security groups can be attached to a EC2?

Answer 28

no

Question 29

How to add permissions to our EC2 Instance within the AWS World

Answer 29

A EC2 can be attached an IAM Role

Question 30

What are EC2 Purchasing Options

Answer 30

1. On-Demand - short term uninterrupted workloads
2. Reserved (1 & 3 Years) -
3. Savings Plans (1 & 3 Years) - commitment to a x $ of usage
4. Spot Instances - very short workload, cheap, can be stoped
5. Dedicated Hosts - entire physical server
6. Dedicated Instances - no one will share hardware with us
7. Capacity Reservations - reserve capacity in a specific AZ for any duration

Question 31

What is Reserved EC2 Purchasing option?

Answer 31

specific type, region, tenancy and OS (up to 72% discount compared to On-Demand)
Payment (upfront +++, partially upfront ++, no upfront +)
Period(1 year +, 3 years +++)
+ - discounts

Question 32

What is EC2 Savings Plans?

Answer 32

discount of up to 72% compared to On-demend

commit to certain level of usage (e.g 10$ an hour for 1 or 3 years)
everything beyound that will be billed at on-demand rate
locked to instance type and region but not size e.g (m5.xlarge, m5 2xlarge)

Question 33

What are EC2 Spot Instances?

Answer 33

discount of up to 90% (we set what is the max we want to pay)
but can be interrupted if the price goes up

Question 34

EC2 dedicated hosts

Answer 34

EC2 Instance fully dedicated to our use. Allows for compliance. Most expensive option.
2 Options:
on-demand pay per sec
reserved (1 / 3 years)

allows access to dedicated hardware

Question 35

EC2 Dedicated Instances

Answer 35

We may share hardware with other instances in the same account

Question 36

EC2 Capacity Reservations

Answer 36

You pay no matter if you use them or not. (on demand rate)
- no time commitment but also no billing discounts
- combine with regional reserved instances and savings plans to benefit from discounts
Short term uninterrupted workloads in a specific az

Question 37

What is AWS responsible for on EC2?

Answer 37

Global network security
Isolation of physical hosts
Replacing faulty hardware
compliance validation

Question 38

What is User responsible for on EC2?

Answer 38

Security Groups rules
system pathes and updates
Software installed
IAM Roles and user management
Data Security on the instance