Monday Flashcards
Compare ELB and ALB
ALB:
- Layer7 - Application Layer
- preferred for HTTP/HTTPS
ELB:
- Layer 4 (Network)
Both: you don’t see public IP - but therefore the DNS name. That’s because public IP might change
Name 3 advantages of Redshift!
MPP (massive parallel processing)
doesn’t need indexes
fully managed, petabyte-scale data warehouse service
S3 consistency for PUTs of new object
read after write - atomic updates (either complete old or complete new version - nothing mixed)
Name the 2 EC2 status checks!
System status check - checking underlying HyperVisor and network
Instance status check
What is Multi-AZ good for for RDS?
For disaster recovery (not performance!). Every change is mirrored to instance in other AZ synchronously!
Should you attach IAM roles to EC2’s or single users?
EC2’s - no aws configure required. AWS CLI is preinstalled on Amazon Linux AMI
Name 5 routing policies!
- Failover (active/Passive)
- Simple
- Weighted
- Latency
- Geolocation
Properties of Snapshots?
- exist on S3
- are incremental
- creation while instance is running (except root volumes)
- can be shared if unencrypted
S3 cross region application requirement?
bith buckets need versioning enabled
delete markers are also replicated
How do container instances connect to a cluster?
ECS Container Agent
What is a shard (Kinesis)?
A shard is a uniquely identified sequence of data records in a stream. A stream is composed of one or more shards, each of which provides a fixed unit of capacity.
Properties of EFS!
- can be mounted to multiple instances
- pay as you use
- block based storage
- multi-az
- scale up to petabytes
- capacity is elastic
- user-level and directory-level permissions
- read after write consistency
Is NotAction the same as Deny?
adds exception to list of actions
is not a Deny. User could still hive separate policy that grants him this action
What does a NAT Gateway do?
going from private subnets
to internet - that need a public source IP - NAT does offers public IP and routes traffic to this port
Which states does a Loadbalancer know?
InService and OutOfService
What is a PLacement Group?
logical grouping of instances within a single AZ - 10GB/s network. low latency. only certain instance typed
Benefits API GW!
- API caching
- throttle requests
- log to cloudwatch
- scales effortlessly
- CORS
- Staging…
Will EBS root be deleted on termination by default?
yes
DynamoDB consistency
- eventual consistent reads vs strongly consistent reads (default)
- consistency within a second - best read performance
What is instance storage /ephemeral?
no persistence
directly attached - not separated from EC2 like EBS
What do ECS Task Definitions include?
- which docker image
- how much CPU and memory in each container?
- networking mode
- ports mapping
- ENV
- IAM roles
…
Which workloads is NOSQL perfect for?
many reads, great scalability and performance, not many joins
What do ECS Services do?
run and maintain (like AutoScalingGroup) number of instances of task definition in ECS cluster
Can a VPC span multiple AZ’s?
yes
Default ACL vs. default custom ACL
by default custem ACL’s: everything denied inbound and outbound
but default ACL for VPC allows all outbound and inbound traffic
What is Service Catalog?
Build out which services are authorized
How to boost performance of RDS?
read replicas
What is Lightsail?
Out of the box cloud
Actors in SWF?
Starter
- initiates WF
Workers
- interact with SWF to get tasks, process received tasks and return results
Decider
- controls coordination of tasks (ordering, concurrency, scheduling)
EMR vs Kinesis
EMR:
- offline batch jobs
Kinesis:
- real time processing
Offline batch jobs can be horizontally scaled by using a distributed data processing engine like Apache Hadoop. On AWS, you can use the Amazon Elastic MapReduce (Amazon EMR) service to run Hadoop workloads on top of a fleet of EC2 instances without the operational complexity. For real-time processing of streaming data, Amazon Kinesis partitions data in multiple shards that can then be consumed by multiple Amazon EC2 or AWS Lambda resources to achieve scalability.
S3 encryption
Client side before upload Server side: S3 Managed Keys: SSE-S3 - each object individual key - key itself is encrypted with master key that is rotated - AES256
AWS Key Management Service: SSE-KMS
- separate permissions for use of envelope key (key that protects datas encryption key)
- audit trail
- option to create managed encryption key yourself
Customer Provided Keys: SSE-C
- you manage the encryption keys
- AWS manages the encryption/decryption
Redundany typed
Standby
functionality is recovered on a secondary resource via failover - often used for stateful components like dbs
Active
functionality is recovered on a secondary resource via failover. one fails: rest absorbs larger share of workload
Which caching engines does ElasticCache support?
Memcached: - memory object caching system - protocol compliant Redis: - in-memory key-value store - supports sorted sets and lists - Elasticache supports Master/Slave replication and Multi-AZ
Is termination protection turned off or on by default?
turned off
S3 Storage Tiers
S3 normal
IA (infrequent access)
RR (reduced redundancy)
Glacier
Properties of AMI?
- created based on snapshot or volumes
- not encrypted at rest
What is Storage Gateway?
Connect S3 to onPrem
A VM you install onPrem
What happens when I enter URL in browser?
Client contacts ISP’s DNS Resolver
- this asks Root name server for Top Level Domain
- returns reference to other NS for .com
Resolver asks NS .com
- returns ref to other NS example.com: Route53
Route 53 returns IP by checking HostedZone (container for individual records)
Name 4 default checks for Cloudwatch Metrics!
- CPU (CreditBalance, CreditUsage, Utilization)
- Disc (ReadBytes, ReadOps, WriteBytes, WriteOps)
- Network (In, Out, PacketsIn, PacketsOut)
- Status (Failed, Failed_Instance, Failed_System)
What is ELasticache?
webservice easy deploy, operate and scale in-memory cache in the cloud
WHat does a Policy statement consist of?
PARC - Effect (Allow|Deny) - Action - Resource - Condition Condition - multiple conditions are ANDed - multiple values in one(!) condition are ORed
S3 Lifecycle management
Transitions (Glacier, IA)
Expiration - permanently delete
can set tags/filters to apply rule on
What is EMR?
big data processing
Elastic Transcoder
Media transcoder with presets.
Pricing based on minutes transcoding and resolution
How is AWS Container Registry called?
ECR - can be combined with IAM and is usable with Docker CLI
Is replication of RDS read replicas sync or async?
async
SQS standard vs fifo!
Standard:
- almost unlimited number of tx/s
- guarantee that a message is delivered at least once
- message might be delivered out of order
Fifo:
- guarantee the order (FIFO)
- message delivered once and remains available until a consumer processes and deletes it
- no duplicates
- supports orderes message groups
- limited to 300 tx/s
What must a Subnet be associated with?
Route Table
Private IP address ranges?
internal address ranges:
- 0.0.0 - 10.255.255.255 (10/8 prefix)
- 16.0.0 - 172.31.255.255 (172.16/12 prefix)
- 168.0.0 - 192.168.255.255 (192.168/16 prefix)
What is Athena?
SQL queries on S3
Why should main route table not be connected to interet?
new subnet is associated by default with main route table
How to encrypt an RDS instance?
Create encrypted snapshot and start new instance from it
Kinesis vs SQS
Amazon Kinesis is differentiated from Amazon’s Simple Queue Service (SQS) in that Kinesis is used to enable real-time processing of streaming big data. SQS, on the other hand, is used as a message queue to store messages transmitted between distributed application components.
Kinesis provides routing of records using a given key, ordering of records, the ability for multiple clients to read messages from the same stream concurrently, replay of messages up to as long as seven days in the past, and the ability for a client to consume records at a later time. Kinesis Streams will not dynamically scale in response to increased demand, so you must provision enough streams ahead of time to meet the anticipated demand of both your data producers and data consumers.
SQS provides for messaging semantics so that your application can track the successful completion of work items in a queue, and you can schedule a delay in messages of up to 15 minutes. Unlike Kinesis Streams, SQS will scale automatically to meet application demand. SQS has lower limits to the number of messages that can be read or written at one time compared to Kinesis, so applications using Kinesis can work with messages in larger batches than when using SQS.
Can read replicas of RDS be in another region?
yes
TCP handshake?
- > SYN
- > SYN, ACK
- > ACK
Can a subnet span multiple AZ’s?
No
How is a S3 object identified uniquely?
bucket, key, version ID
Name one OLAP and one OLTP AWS resource!
OLTP: RDS
OLAP: Redshift
CF Edge Location, Origin, Distribution
Edge Location:
location where content will be cached - separate to AWS Region/AZ
Origin:
Origin of all files that CDN will distribute
Distribution:
name given the CDN which consists of a collection of Edge locations
- Web Distribution vs RTMP (used for media streaming)
S3 difference Bucket Policies and ACL!
Bucket Policies: entire bucket
ACL: individual objects
VPC peering config
peering is always in a star configuration: ie 1 central VPC peers with 4 others. NO TRANSITIVE PEERING!!
Sort Policies, Groups, Roles and Resources for IAM!
Policies are applied to Roles and Groups.
ROles are assigned to Resources
How many Internet GW per VPC?
only one
Compare SQS to SWF!
SQS:
- message oriented
- pull based (short and long polling)
- messages will be processed at least once
- visibility timeout
- types: standard vs fifo
SWF:
- task oriented
- tasks represent invocations of various processing steps
- coordinate work across distiributed components
- ensures task is only assigend once and is never duplicated!
What is AWS Artifact?
Compliance Documents
What is Data Pipeline?
AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR.
Which EC2 purchasing typed so you know?
- On-Demand instance
- Reserved Instance
- Scheduled Instance
- Spot Instance
- Dedicated Hosts
How many copies can Aurora loose without affect write or read capabilities?
2 write
3 read
S3 consistency for Puts and Deletes
eventual consistency
Explain the 2 IAM Policy Types!
TrustPolicy
- Who does the role trust? (effect, principal, action) default: root - whole account
AccessPolicy
- what can the role do?
SNS?
- push based
- publish subscribe
- Topics (group recipients) and messages
- endpoints (SMS, email, SQS, HTTP…)
Redshift columns vs record sets
It’s all about columns!
- row-based: ideal for transaction processing
- column based: ideal for analytics - many aggregations and advanced compression (single datatype in column)
What does SOA record contain?
servername that supploed data for the zone admin of the zone current version of data file ttl for resource records etc.
After creation of VPC what do we have per default?
- RouteTable
- NACL
- Security Group
Compare SG to ACL’s
ACL:
- stateless
- can block specific IP’s
SG:
- stateful (as soon as you add an inbound rule a corresponding outbound rule is created although it’s not visible)
- can’t specifically deny
- all inbound traffic blocked by default
- all outbound traffic allowed by default
Which configuration can RedShift run in?
single node (160 GB)
multi-node
- Leader node (manages client connections and receives queries)
- Compute node (store data and perform queries and computations)
What is Kinesis good for and which services does it consist of?
Streaming data Kinesis Streams - shard - producers sends data here - consumers turn data in sth. useful - data is stored e.g. in Dynamo, S3, RDS... Kinesis Firehose - producers send data here - no shards etc. - completely automated - streams data to S3, ES Cluster Kinesis Analytics - SQL queries on data in Firehose or Streams
How are IAM policies enforced?
if there is a deny: deny
if there is no deny and an allow: allow
if there is no deny nor allow: deny
ACL 2 properties?
- rules are evaluated in numerical order (ascending)
- separate inbound and outbound rules
