Module 4 - Compute & Lambda Flashcards

Question 1

Q

What is Amazon ECS?

Answer

A

Amazon Elastic Container Service (Amazon ECS)

Question 2

Q

What is EC2?

Answer

A

Elastic Compute Cloud, a service to create and run virtual machines.

Question 3

Q

What is Amazon EKS?

Answer

A

Elastic Kubernetes Service

Question 4

Q

What is AWS Lambda?

Answer

A

Serverless computing, no provisioning of EC2 instances.

Question 5

Q

What is AWS Fargate?

Answer

A

A serverless compute engine for containers that works with Amazon ECS and Amazon EKS.

Question 6

Q

Rank the following in order of most to least effort to manage: EC2, Lambda, EKS/ECS, Fargate.

Answer

A

EC2, ECS/EKS, Fargate, Lambda

Question 7

Q

What is an AMI? What is one restriction on it?

Answer

A

Amazon Machine Image, contains the information you need to deploy an instance. It’s a recipe for instances.

Built for a specific region. You can’t launch into another region, but you can COPY across to another region.

Question 8

Q

What is included in an AMI?

Answer

A

A template for the root volume for the instance (for example, an OS, an application server, and applications)
Launch permissions that control which AWS accounts can use the AMI to launch instances
Block device mapping that specifies the volumes to attach to the instance when it’s launched

Question 9

Q

Where can you get an AMI?

Answer

A

Prebuilt Amazon ones, AWS marketplace, build your own.

Question 10

Q

What tools can you use to customize your own AMI?

Answer

A

Chef, Puppet, cloud-init.

Question 11

Q

How do you create an AMI?

Answer

A

Launch an EC2 instance and customize it to meet your requirements.

Stop it (for data integrity)

Then, save that configuration as a custom AMI. Instances launched from this custom AMI will use all your customizations.

Question 12

Q

What do you need to consider when building your own AMI? (10 things)

Answer

A

Software packages and updates
Password policies
SSH keys
File system permissions and ownership
File system encryption
User and group configuration
Access control settings
Continuous monitoring tools
Firewall rules
Running services

Question 13

Q

What is Amazon EC2 Image Builder?

Answer

A

A service that allows you to automate the creation and management of server images.

Question 14

Q

How do you use EC2 Image Builder?

Answer

A

Start with a source image.
Customize the software/configurations
Secure it with AWS or other security templates
Test it with AWS or custom tests
Disctribute the “golden image” to the region.

Question 15

Q

What are the 3 ways that an EC2 instance can occupy a physical machine?

Answer

A

Shared tenancy: multiple AWS accounts on the same hardware
Dedicated Instance: Isolated from shared tenancy instances and from other AWS accounts
Dedicated Host: the whole server, everything are belong to us

Question 16

Q

Explain the parts of the instance type name:

c5n.xlarge

Answer

A

c = instance family
5 = instance generation
n = attribute
xlarge = instance size

Question 17

Q

Why do you need to choose an instance family?

Answer

A

You choose a family to suit the workload you are deploying. Saves time and cost.

Question 18

Q

What are the different instance families?

Answer

A

General purpose,
Memory-optimized (large data sets, dbs, caches)
Storage-optimized (large data sets, NoSQL)
Compute-optimized (high performance)
Accelerated compute (graphics, ML, autonomous cars)

Question 19

Q

Which instance generation should you choose?

Answer

A

The latest one will be the best performance with the lowest cost.

Question 20

Q

How do I know if I have chosen the right instance details?

Answer

A

Use AWS Instance Optimizer which:

Identifies whether your AWS resources are optimal and offers recommendations to improve cost and performance
Uses ML to analyze the current configuration of your resources and your usage data from CloudWatch to generate recommendations

Question 21

Q

What is EBS?

Answer

A

Elastic Block Store (Amazon EBS) is a scalable, high-performance block-storage service. EBS volumes are limited to 1 TB and can be attached to only a single EC2 instance. They are super low latency, so you can run a db with the instance. You can use them as boot volumes or data volumes.

Question 22

Q

What is the difference between S3 and EBS?

Answer

A

Both are storage systems.
S3 is accessed via the internet using APIs; uses an object storage system with keys.
EBS is accessed by the single instance attached to EBS, uses a traditional file system, works like a local disk drive (like your c: drive). More expensive.

Question 23

Q

What is the difference between rebooting and stopping & starting an EC2 instance?

Answer

A

Rebooting: like an OS reboot. Keep the public DNS name, private IP address, and any data on the INSTANCE store volumes. You are still charged.

Stop/start:
•You can only stop and start EC2 instances that are backed by Amazon EBS.
• No charge for a stopped instance, but the EBS is still attached and will cost money.
• Stopping sends the instance back to the beginning of the lifecycle, it will get a NEW host machine so you lose the instance store volumes (RAM).
• When an instance is stopped you can change its attributes.

Question 24

Q

How can you pass user data to your EC2 instance and why would you do that?

Answer

A

Pass user data to the instance in a shell script or cloud-init command. You can use the data to perform automated configuration tasks like getting software license keys.

Question 25

Q

What is instance metadata?

Answer

A

Information about the instance that you use to configure or manage it. You can only get metadata from that instance (i.e. not a public block). curl //http://169.254.169.254/latest/meta-data/

Question 26

Q

How do you securely access an EC2 instance?

Answer

A

First, you generate a key pair with a public and private key. The public key is stored on the EC2 instance. You keep the private key and use it instead of a password.

Question 27

Q

What is an EC2 tag and why would you use them?

Answer

A

Tags are a way to assign custom metadata to an instance. The tag is a key-value pair, and they are handy to use for searching and filtering. E.g. stop all instances with the tag “dev2”

Question 28

Q

What is a launch template and why would you use one?

Answer

A

It’s a way to keep all the launch parameters together to simplify creating an instance. Makes the process easy to reproduce, maintains standards, minimizes errors.

Question 29

Q

What is in a launch template?

Answer

A

BUTIII
• AMI ID
• Instance type 
• Network interfaces 
• Block device mapping 
• User data 
• Tags
etc.

Question 30

Q

What are the 4 EC2 pricing options?

Answer

A

On-demand instances (pay for use by the second (Linux/Windows) or hour (all other OSs)
Reserved Instances ( 1 OR 3 years; discount)
Savings Plans (1 OR 3 years): commit to compute capacity
Spot Instances

Question 31

Q

When would you use On-Demand pricing?

Answer

A

When you are just starting and don’t know your needs yet. When you have unpredictable workloads. Highest cost, but no commitments.

Question 32

Q

When would you use a Reserved Instance price?

Answer

A

When you have steady, predictable usage, and you can make a LONG-term commitment (1 OR 3 years). 54-72% discount. E.g. a database.

You can buy/sell reserved instances in the marketplace if you no longer need them.

Question 33

Q

When would you use a Savings Plan for an EC2 instance?

Answer

A

When you can make a long-term commitment but need more flexibility. You can change the size, OS, and tenancy. For more money, you can change instance family, region, and compute options.

When you can commit to a certain type of usage (e.g. $10/hour for 3 years). Anything you use beyond that is billed at on-demand pricing.

Locked to an instance family & region.

Question 34

Q

What are spot instances and how do they work?

Answer

A

These are instances that spin up when AWS has the extra capacity and the current price is less than your max price. You put in a request with your price and specifications, and AWS will spin it up when the conditions are met. They will give you a 2-minute warning before terminating.

Question 35

Q

When would you use a spot instance?

Answer

A

Anything in a container, AI, ML, Big Data, Web services…. Anything with short workloads, fault-tolerant, loosely coupled, or stateless.

Question 36

Q

What is the lifecycle of EBS?

Answer

A

Call CreateVolume (1 GiB to 16 TiB)
Call AttachVolume to affiliate with one EC2 instance.
Use it: Format from EC2 instance OS and mount formatted drive.
Create a snapshot and save to Amazon S3 (great if you need to carry to another AZ or region).
Call DetachVolume.
Call DeleteVolume

Question 37

Q

What are the different types of EBS volumes? There are 2 major types, each with 2 subtypes.

Answer

A

SSD(general purpose/provisioned) and HDD.

small/random I/O vs. large/sequential I/O
bootable volume vs. NOT bootable
for transactional workloads vs. large streaming workloads

Question 38

Q

What is an instance store?

Answer

A

Temporary block-level storage for your instance that lives on the disks on the physical host computer.

Question 39

Q

What are the pros and cons of instance store?

Answer

A

Pros:
• great for temporary storage of information that changes frequently, such as buffers, caches, scratch data
• good for data that is replicated across a fleet of instances
• Low-latency
• High IOPS and throughput

Cons:
• non-persistent (it is gone when the instance stops)
• no snapshots

Question 40

Q

What is HPC?

Answer

A

High-Performance Computing. E.g. Autonomous vehicles, fluid dynamics, risk management portfolios.

Question 41

Q

What is ENI?

Answer

A

Elastic Network Interface. A virtual network card. This is a point of interconnection between a computer and a private or public network. It handles the traffic to and from the instance. You can have more than one per instance.

You can move them to other instances on failover.

Has a primary private IPv4, and 1+ secondary IPv4s
1 public IP
MAC address
1+ security groups

Question 42

Q

What is the difference between ENIs, Elastic Network Adapters, and Elastic Fabric Adapters?

Answer

A

ENI:
• NOT for high-performance
• works for all instance types

Elastic Network Adapter:
•enhanced networking performance
• For higher bandwidth and lower inter-instance latency
• only for CERTAIN instance types

Elastic Fabric Adapter:
• For HPC 
• Message Passing Interface and ML use cases 
• Tightly coupled applications 
• With all instance types

Question 43

Q

What is a placement group?

Answer

A

You can choose where to put your instances depending on your needs, on the same servers or spread out.

Question 44

Q

What are the types of placement groups and when would you use each?

Answer

A

Partition – Spread instances in groups on different server racks. Each group has its own racks. Spreads evenly across the number of partitions you ask for (or you can choose a partition for an instance). Good for large distributed and replicated workloads, like Hadoop, Cassandra, and Kafka. Big Data. For maximum availability. A partition placement group can have partitions in multiple Availability Zones in the same Region, max of 7 partitions per AZ. Can have 100s of instances. you can see which instances are in which partitions and other applications can use this data to make replications decisions.

Spread - instances are each placed on distinct racks, with each rack having its own network and power source. One instance per partition. For applications with a small number of critical instances that should be kept separate from each other. Can span multiple Availability Zones in the same Region. For CRITICAL applications, reduces risk of failure. ** Limited to 7 instances per AZ per placement group.**

Cluster – Packs instances close together inside an Availability Zone. For low-latency network performance in HPC. 10Gbps. Also for when the majority of the network traffic is between the instances in the group. Big data that has to complete fast.

Question 45

Q

How do you launch instances in a cluster placement group?

Answer

A

Use a single launch request to launch the number of instances that you need. Choose the same instance type for all instances.

Question 46

Q

What is AWS Lambda?

Answer

A

An event-driven, serverless computing platform. It runs code in response to events and automatically manages the computing resources required by that code.

Question 47

Q

What languages does AWS Lambda support?

Answer

A

Node.js, Java, C#, Python, Go, Ruby, and PowerShell. Also custom runtime API, e.g. for Rust.

Lambda container image (must implement Lambda runtime API) using ECS or Fargate.

Question 48

Q

What are the core components of AWS Lambda?

Answer

A

Event source - Event sources publish events

Lambda function - the custom code that you write to process the events

Question 49

Q

What are the parts of a Lambda function?

Answer

A

1) Your code
2) associated dependencies
3) configuration - includes information such as:
• The handler that will receive the event
• The IAM role that Lambda can assume to run the Lambda function on your behalf
• The compute resource you want to be allocated
• The delivery timeout

Question 50

Q

How do you get charged for using Lambda?

Answer

A

NO charge for creating Lambda functions.
Charges for RUNNING a function and for data transfer between Lambda and other AWS services (as well as optional features)

Question 51

Q

How long can you run a Lambda function and how much memory can it use?

Answer

A

Lambda functions can have up to 10GB of memory and can run up to 15 minutes.

Question 52

Q

What is the difference between an instance store and EBS?

Answer

A

EBS is persistent, virtual disk, slower

Instance store is non-persistent. super high performance, physical storage.

Question 53

Q

What do security groups do?

What are the specifications?

Answer

A

They control how traffic is allowed in or out of an EC2 instance, like a firewall.

They only have ALLOW rules.
They control access to ports.
Rules can reference by IP (ranges) or by security group
Locked to a Region/VPC combination.

Best practice: one separate security group for SSH

One instance, many security groups
One security group, many instances.

Question 54

Q

When would you want a Convertible Reserved Instance?

Answer

A

Like a reserved instance, but you can change the attributes (OS, instance type, Region, tenancy).

Slightly less of a discount.

Question 55

Q

What are the purchasing options for a dedicated host?

Answer

A

On-demand
Reserved Instance.

Most expensive.

Question 56

Q

When would you choose a dedicated host?

Answer

A

When you have software with a license (per-socket, per-core, etc.)
When you have strong regulatory/compliance needs.

Question 57

Q

What is a capacity reservation? What are the features and costs? When would you need one?

Answer

A

You reserve a set amount of capacity for on-demand instances in an AZ. You’ll always have access whenever you need it, but you have to pay whether you use it or not. NO commitment to 1 or 3 years.

You can create/cancel anytime, but no discounts. (If you want discounts you must combine with Regional reserved instances or Savings Plan)

Good for short-term, uninterrupted workloads that have to be in a particular AZ

Question 58

Q

What is a Spot Block?

Answer

A

When you block a spot instance from being reclaimed for a specific time frame. Deprecated.

Question 59

Q

What is a Spot Fleet?

Answer

A

A set of Spot Instance + (optional) On-Demand Instances

It will try to meet your specifications.
You define potential launch pools (instance type, OS, AZ)
Fleet will stop launching when capacity or cost is met.

Question 60

Q

What are some strategies for allocating Spot Instances in a Spot Fleet?

Answer

A

Lowest price (for good price, short workload)
Diversified (for availability, longer workload)
capacity-optimized (choose the pool with optimal capacity)

Question 61

Q

In the case of a failure of an instance, what are the options for maintaining the same IP address when a new instance is spun up?

Answer

A

You can move the ENI to the new instance and the IP address will be retained. BUT this won’t work if the new instance is in a different AZ.

You can use an Elastic IP and remap it to the new instance in a different AZ (or to a new ENA).

Question 62

Q

What is a Bastion host?

Answer

A

A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. AKA jump host.

Question 63

Q

What does it mean to hibernate an instance? When is this possible? What instances can do this?

Answer

A

Only for On-Demand or reserved Linux instances.

RAM saved to EBS.
Must be enabled for Hibernation when launched.

When starting, RAM is reloaded, EBS root volume is restored, any processes are resumed, anything attached before is reattached. Instance ID is retained.

Question 64

Q

What happens when you terminate an instance?

Answer

A

It’s essentially deleting the instance. It cannot be recovered, root EBS volumes are also deleted.

Answer 65

A

The platform for the next generation of EC2 instances.

Includes virtualized instances (with Hypervisor)
and bare-metal instances (no hypervisor, may have better performance)

Answer 66

A

Nitro cards for VPC
Nitro cards for EBS
Nitro for instance storage
Nitro card controller
Nitro security chip
Nitro hypervisor
Nitro enclaves

Answer 67

A

Performance, security, innovation.

Improved performance (close to bare metal for virtualized instances)
- 64K EBS IOps (cf. 32K for non-nitro)
Elastic Network Adapter and Elastic Fabric Adapter are based on Nitro
More bare metal instance types
Higher network performance (up to 100Gbps)

• HPC optimizations

Answer 68

A

An EC2 feature that allows you to create isolated execution environments from EC2 instances.

Runs on isolated, hardened VMs.

No external storage, no interactive access, no external networking.

Uses cryptographic attestation to ensure only authorized code is running.

Integrates with KMS.

Great for highly sensitive data.

Answer 69

A

Scheduled Reserved Instance. (soon to be deprecated)

Answer 70

A

Compute: commitment to Fargate, Lambda, EC2.

EC2: EC2 only, within a certain Region and instance family.

Answer 71

A

AWS launches and maintains the specified number of Spot/On-Demand/Reserved instances in ONE API call.

Answer 72

A

Add the script to the user data of the instance.

Answer 73

A

Launch instances in a cluster in a single AZ, use EFA.

Answer 74

A

Use reserved instances for the minimum workload, supplement with spot instances for bursts.

Answer 75

A

Attach an Elastic IP to the instance.

Answer 76

A

Deploy NAT gateways into the AZs and update route tables. No need for more than one per AZ since they are implemented with redundancy in that zone.

Answer 77

A

Deploy a bastion host in a public subnet. Use the host to jump to the instances in private subnets.

Answer 78

A

It’s better practice to use a random IP and register a DNS name to it, OR
use a load balancer and not a public IP

Answer 79

A

Optimize vCPU. You can specify # of cores and # of threads per core (low for HPC) during instance launch.

Answer 80

A

1) Attach EBS to your EC2 (not instance store since you can’t attach those after launch, not good for critical)
2) S3 to store backups
3) Lifecycle policy to move to Glacier.

Answer 81

A

It’s slow because the EC2 instances cannot access the file documents at the same time.

Use EFS instead.

Answer 82

A

You need Nitro.

A Nitro-based EC2 instance with an EBS volume of 64000Gbps. Nothing else supports this level of throughput.

Answer 83

A

Unused standard reserved instances can be sold on the marketplace.

Convertible reserved instances let you exchange for another of a different instance family.

Answer 84

A

Provisioned IOPS SSD (io1)

HDD only have optimal performance when the I/O operations are large and sequential.

Answer 85

A

The EBS volume is also deleted. The delete attribute is enabled by default.

Additional EBS volumes are NOT deleted by default.

Answer 86

A

Move to “archive” tier (cheaper, longer to retrieve)

Recycle bin: you can recover deleted snapshots in case of accidental deletion (specify 1 day to 1 year retention)

Answer 87

A

gp2: IOPS and throughputs are linked
gp3: independently set IOPS and throughputs

for cheap storage
low latency

Good for:
• boot volumes,
• sm/med databases,
• dev/qa environments.

Answer 88

A

io1
io2 (more durable, more IOPS per GiB, same price)
io2 Block Express (up to 64TiB, sub-ms latency, 256K PIOPS!)

good for I/O intensive work, critical, high-performance, where consistent performance is key. If you need > 16000 IOPS. Maintains a consistent IOPS rate. $$$

Great for databases.

Storage 4GiB - 16 TiB
Max 32000 IOPS (64000 if you use Nitro)
Can increase IOPS independent of storage size

Answer 89

A

Can NOT be a root volume
125MiB - 16 TiB

st1: THROUGHPUT optimized
Good for ETL, data warehouses, log processing

sc1: COLD
Good for large, SEQUENTIAL cold-data workloads.
Cheap if you require INFREQUENT access to your data.

Answer 90

A

A feature of io1 and io2 SSD EBS volumes.

You can attach one volume to multiple instances in the same AZ.

When you need high application availability in clustered Linux applications. They have to be a certain kind and set up for concurrent write operations.

Answer 91

A

It’s automatic when you create a volume. You don’t have to do anything. Leverages keys from KMS (AES-256).

Data at rest
Between instance and volume
Snapshots
Volumes created from snapshots

Answer 92

A

Make a snapshot of the original unencrypted volume
Copy it (choose encrypted)
Make a new volume from the snapshot (encrypted)
Attach the new volume to the instance.

OR

create a volume from original, choose encrypted.

Answer 93

A

The focus is on IOPS, so we have to choose an EC2 Instance Store.

Block Express doesn’t have enough I/O.

Answer 94

A

A Provisioned IOPS SSD EBS volume provides up to 64,000 IOPS for each volume.

Answer 95

A

Use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation of EBS snapshots.

Answer 96

A

An EBS volume can only be attached to one EC2 instance at a time.
After you create a volume, you can attach it to any EC2 instance in the same Availability Zone
An EBS volume is off-instance storage that can persist independently from the life of an instance. You can specify not to terminate the EBS volume when you terminate the EC2 instance during instance creation.
EBS volumes support live configuration changes while in production which means that you can modify the volume type, volume size, and IOPS capacity without service interruptions.
Amazon EBS encryption uses 256-bit Advanced Encryption Standard algorithms (AES-256)
EBS Volumes offer 99.999% SLA.

Answer 97

A

Amazon Kinesis Data Streams (KDS) is a massively scalable and durable real-time data streaming service. KDS can continuously capture gigabytes of data per second from hundreds of thousands of sources.

You can use an AWS Lambda function to process records in Amazon KDS. By default, Lambda invokes your function as soon as records are available in the stream. Lambda can process up to 10 batches in each shard simultaneously. If you increase the number of concurrent batches per shard, Lambda still ensures in-order processing at the partition-key level.

Brainscape's Knowledge GenomeTM

Module 4 - Compute & Lambda Flashcards

Brainscape's Knowledge Genome^TM