IAM + EC2

Question 1

What are the types of elements in IAM?

Answer 1

Users
Groups
Roles
Policies

Question 2

What are IAM Roles?

Answer 2

Roles are a group of one or more policies that define the permissions of the role.

Roles are used for give aws servicess access to other services. Roles are attached directly to an AWS Resource.

Question 3

What is an IAM Policy and what does it consist of?

Answer 3

It’s a JSON document. With one ore more statements.

Version
ID
Statement

Statement structure:
sid: statement id
Effect: Allow/Deny.
Principal: Which account, user, or role the statement with the permissions will apply to.
Action: The list of actions that will be allowed or denied.
Resource: The service resource the policy will be applied to.
Condition: parameters to decide if the policy is applied or not.

Question 4

What can you do in IAM?

Answer 4

Set a password policy and expiration policy
Create users, groups, roles, policies.
Set up MFA
Generate Access Keys

Question 5

In which ways can you access aws?

Answer 5

Management Console: Through web interface
AWS CLI: Through command line
AWS SDKs: Through code

Question 6

How do users and groups behave in IAM?

Answer 6

A group cant be a member of another group.
A user inherits policies and permissions from every group he is in.

Question 7

What is least privilege principle?

Answer 7

You dont give a user or group more privileges than they need.

Question 8

What monitoring can you do with IAM?

Answer 8

You can make reports of all iam users and status of their credentials.

You can monitor individual users to see when did they last access each service. This is useful to set correct permissions to users. And remove permissions they dont use.

Question 9

What does EC2 Service consist of?

Answer 9

EC2 instances
EBS Volumes
Instance Store
ELB
ASG: auto scaling group

Question 10

What is an EC2 instance key pair?

Answer 10

It’s a pair of private and public keys you can use to give access to one or more EC2 instances. You assign one to an instance on creation.

Question 11

What is ephemereal in an EC2 instance?

Answer 11

It’s instance store storage, and IP addresses. These are lost on stoppage.

Question 12

What are the different EC2 instance types optimized for?

Answer 12

Memory optimized, storage optimized , compute optimized, general purpose, All with different sizes.

Question 13

How is the more balanced EC2 instance tpye called?

Answer 13

General Purpose

Question 14

What is a special feature of security groups in AWS?

Answer 14

You can enable inbound or outbound rules in security groups that are targeted to or from specific security groups, which will be attached to resources like other EC2 instances, load balancers, etc.

Question 15

What are reserved instances?

Answer 15

You pay for an instance for 1 or 3 years. It’s cheaper cause it’s long term. Up to 72% discount compared to on demand.

You can pay upfront which is cheaper.

Question 16

What are on demand instances?

Answer 16

You pay per second. Highest cost.

Question 17

What is savings plan?

Answer 17

Similar to reserved instances but more flexible. You commit to certain amount of usage and save costs long term. 1 or 3 years.

Question 18

What are Spot instances

Answer 18

Save up to 90% compared to on demand.

You can lose these instances in any point in time.

These instances have a spot price. You need to set a max price and if the spot price goes higher than your max you will lose the instances.

Question 19

What are EC2 dedicated hosts?

Answer 19

You rent a physical server with certain EC2 capacity.

Good for when your licenses are bound to a physical server.

dedicated host can be on demand or reserved.

This is the most expensive option

Question 20

What are EC2 dedicated instances?

Answer 20

Instances that run on physical server dedicated to you.

Question 21

Whats the difference between dedicated hosts and dedicated instances?

Answer 21

Both run instances in servers dedicated to you.

In dedicated instances, the physical server may change.

In dedicated hosts you have control of the underlying hardware. In dedicated instances you dont.

In dedicated instances you pay for the instances but in hosts you pay for the whole host.

Question 22

What is EC2 capacity reservation?

Answer 22

Reserve an amount of instance capacity for a set period. (You can choose any period ,short or long) You are charged as on demand whether you use the reserved capacity or not.

Question 23

What are spot fleets?

Answer 23

Spot fleets are a group of spot instances which can optionally include on demand instances.

This option automatically launches spot instances when the spot prices match your max.

Question 24

What are elastic ips?

Answer 24

It’s a public IP that is persistent through reboots of instances. You can have up to 5 per AWS account.

Elastic IP is usually a poor design choice. It’s preferrable to use an ELB or just DNS names

Question 25

What are placement groups?

Answer 25

You can create these to control the placement of your EC2 instances within a region. You have 3 options: Cluster, Spread, or Partition.

Question 26

What are the different kind of placement groups? How does each type work?

Answer 26

Cluster: Places instances in a low latency group within a single AZ.
Spread: Places instances in different AZs, and on different hardware. Is limited to 7 instances per AZ within 1 placement group.
Partition: Similar to spread, but can contain up to 100s of instances. This placement group consists of up to 7 partitons per AZ. The instances in one partition are in different hardware than the instances in the other partitions.

Question 27

What is an ENI?

Answer 27

Elastic network interface.

A single ENI as a mac address, at least a primary private ipv4 address.

And can contain an elastic public ip and a public ip per private ip.

Question 28

What are the instance requirements to be able to hibernate?

Answer 28

Root volume must be EBS.
EBS must be encrypted
Ram must be less tan 150GB
EBS volume must have a minimum space for the ram to be written to it.

Note: In hibernation ram is written to the ebs volume.

Question 29

What is an instance profile?

Answer 29

An instance profile is a container for an EC2 specific IAM Role. It allows the EC2 instance to run with the permissions defined in the role.

An instance profile with the same name is automatically created when you create an IAM Role for EC2.

Question 30

How can you attach a policy to a IAM user?

Answer 30

You can attach a policy directly to a user, or you can attach it to a group, and users of that group will have the policy attached indirectly.

Question 31

How do you access the AWS CLI?

Answer 31

You need a user with active access keys.