IAM, Route 53 & EC2

Question 1

IAM identities?

Answer 1

IAM user, groups and roles

Question 2

IAM working of policies ?

Answer 2

Policies attached to role or directly to user (inline policy). Role can be applied to a user or group of user or resource.

Question 3

Types of policies ?

Answer 3

Managed policies (orange box), customer managed (editable) or inline

Question 4

IAM policy components

Answer 4

Version, Statement (container for policy element), Sid (optional serial id), Effect (allow or deny), Principal (account, user or role), Action (list of actions), Resource, Condition (optional)

Question 5

AWS access keys

Answer 5

2 keys per user for programmatic access

Question 6

AWS Cognito?

Answer 6

Used for giving temporary access to AWS services when authenticates with external identity provider like Google, FB etc.

Question 7

AWS Cloud 9?

Answer 7

Cloud based web IDE

Question 8

Route 53 ?

Answer 8

Managed DNS by AWS. Gels very well with the AWS services.

Question 9

Managing subdomains ?

Answer 9

WE can have different subdomains like app.humanityolympiad.org point to Ec2, www.humanityolympiad.org pointing to cloudfront and so on

Question 10

Route 53 traffic flow ?

Answer 10

There are 7 routing policies within route 53. This is visual editor for working with them.

Question 11

Route 53 routing policies ?

Answer 11

Simple (multiple IPs random), weighted (separate for each IP with weight), latency (lowest latency), failover (primary, sec site with health check), geolocation (based on origin location), geoproximity (bias values, region), multi-value (simple with failover)

Question 12

AWS Route 53 Resolver ?

Answer 12

For in house data centre and AWS VPC

Question 13

EC2 instance types ?

Answer 13

General, Memory, Compute, Accelerated Optimised, Storage Optimised

Question 14

EC2 placement groups ?

Answer 14

Logical placement of instances for multi-tenant apps. Is free service.

Question 15

EC2 userdata ?

Answer 15

Script that can be run before launching for initial setup

Question 16

EC2 metadata ?

Answer 16

Instance details like AMI, IP etc curl /latest/meta-data

Question 17

Instance Profiles ?

Answer 17

Permissions and roles for the Ec2

Question 18

EC2 pricing models ?

Answer 18

On-demand (least commitment, pay what you use, experiments), Reserved instances (Long term value, upto 75% off, convertible option also, schedule for certain hours as well), Spot (biggest saving), Dedicated Host (no virtual isolation on but single tenants given)

Question 19

AWS AMI are region specific ?

Answer 19

Ye

Question 20

What do AMI hold ?

Answer 20

Root volume EBS, Launch permissions and block storage keeping track of what volumes to attach on start

Question 21

ASG ?

Answer 21

Auto scaling groups allows to increase or decrease capacity. Will keep min capacity always based on health check.

Question 22

ASG scaling policies ?

Answer 22

Target tracking (based on CPU, network, requests), Simple (legacy based on alarms), Scaling with steps (based on alarms and can escalate)

Question 23

Attaching Load balancer and Scaling group ?

Answer 23

Classic load balancers can be directly attached to ASG, Application and Network through target group

Question 24

ASG Launch Configuration ?

Answer 24

Used to setup the instance basics as to what AMI, type of instance etc will be used

Question 25

ELB ?

Answer 25

Distributes incoming request to multiple traffics like EC2, containers, IP, Lambda functions

Question 26

ELB rues of traffic ?

Answer 26

Listeners (looks for incoming traffic, for classic only this is present and directly attached to EC2), Rules (based on rules decide TG), TG (used to register EC2)

Question 27

When to use ALB vs NLB ?

Answer 27

ALB is for web apps, NLB provides better latency so like in video games

Question 28

ELB sticky session ?

Answer 28

Useful when we need to direct certain user to a particular TG only due to some local instance storage. Uses cookies for the same.

Question 29

XFF header ?

Answer 29

X-Forwarded-For header used to forward the user IP to the EC2 as else gets ELB ip

Question 30

ELB health checks ?

Answer 30

Redirects target to healthy but doesn’t kills the instance like Auto scaling group does

Question 31

Cross Zone LB ?

Answer 31

Load distributed among all the Availability zones equally

Question 32

ALB can direct based on headers, subdomain, query string ?

Answer 32

Yes called request routing

Question 33

EFS ?

Answer 33

Elastic file system. Multiple EC2 instances in same VPC can have this file system. Grows and shrinks based on requirement.

Question 34

EBS ?

Answer 34

Elastic Block Storage. Highly durable and available solution. Automatically replicated within AZs for protection.

Question 35

Types of EBS ?

Answer 35

General purpose, Provisioned IOPS, Throughput optimised HDD, Cold HDD, EBS Magnetic

Question 36

Moving EBS volumes to different AZ and Region?

Answer 36

For different AZ take snapshot, create AMI and launch in different AZ.
For different region take snapshot, create AMI, copy AMI and launch in different region

Question 37

EBS encrypt an unencrypted volume ?

Answer 37

Take a snapshot, encrypt snapshot, create AMI and launch EC2

Question 38

Can we share an encrypted snapshot ?

Answer 38

No

Question 39

Instance store volume ?

Answer 39

A temporary storage attached to the host machine. For ephemeral storage.

Question 40

Are snapshots incremental ?

Answer 40

Yes only the changes will be stored. Initial snapshot takes more time.