Network storage, HA, and Scaling

Question 1

Elastic File System

Answer 1

implementation of NFSv4

EFS Filesystem can be mounted on Linus

shared between many EC2 instances

Question 2

Where does EFS run from ?

Answer 2

runs in a vpc via mount targets

can be access from on-premises-VPN or Dx

Question 3

3 type of Load Balancers

Answer 3

classic Load Balancer (CLB)- v1 - introduces 2009

not really layer 7, lacking features, 1ssl per CLB

Application Load Balance (ALB) -v2 - HTTP/s / websocket

Network Load Balancer(NLB)-v2-TCP, TLS , & UDP

v2 = faster, cheaper, support target groups and rules

Question 4

How does ELB work ?

Answer 4

Configured to run in 2+ AZ’s, 1+ Nodes are placed into a subnet in each AZ and scale with load

Each ELb is configured with an (A) record DNS name and this resolved to the ELB Nodes

Question 5

How do ELB communicate with an EC2 instance ?

Answer 5

Load Balances (Nodes) are configured with listener which accept traffic on a port & protocol and communicate with targets on a port and protocol

Question 6

Internet-Facing ELB vs Internal ELBs

Answer 6

internet-facing Nodes have public IPs

Internal Only have private IPs

Question 7

What show your subnet size be if your going to deploy a ELB in it ?

Answer 7

8+ free IPs per subnet and a /27 or larger subnet to allow for scale

Question 8

Cross Zone LB

Answer 8

Allow load balancers to even distribute load across active AZS

Question 9

Does an EC2 instance need to be public to work with an ELB?

Answer 9

No , an internet-facing load balancer can communicate with public instances or private instances.

An internet-facing Load balancer has public IP addresses on it’s nodes

it can accept connections from the public internet and balance these across both public and private EC2 instances

Question 10

Application LB

Answer 10

Layer 7 load balancer .. listens on HTTP and / or HTTPS

No other Layer 7 protocols (SMTP, SSH, Gaming) and no TCP/UDP/TLS listeners

Layer 7 content type, cookies , custom header, user locations and app behaviors

Question 11

How are HTTP/HTTPS connections made and why would it be important ?

Answer 11

HTTP/ HTTPs(SSL/TLS) always terminated on the ALB no unbroken SSL

which could pose a security risk for security teams

ALBs must have ssl cert if HTTPS is uses because a new connection is initiated when connection to the application

Question 12

ALB Rules

Answer 12

rules direct connections which arrive at the listener

processed in priority order

default rule= catch all, processed last

Question 13

ALB rule conditions

Answer 13

anything layer 7

host-header, http-header, http-request method, path-pattern, query-string & souce-IP

Question 14

What are some actions that can be taken based on an ALB rule ?

Answer 14

forward, redirect, fixed-response, authenticate-OIDC & authenticate -cognito

Question 15

Network Load Balancer (NLB)

Answer 15

Layer 4 load balancer … TCP, TLS, UDP, TCP_UDP

No visibility or understanding of HTTP or HTTPS

SMTP, SSH Game servers, financial apps

really really, fast ( millions of rps, 25% of ALB latency)

Forward TCP to instance unbrokern encryption

Question 16

What do Health checks on NLB check ?

Answer 16

Health checks just check ICMP/TCP handshake not app aware

Question 17

If you need your LB to have a static IP what LB would you choose ?

Answer 17

NLB’s can have static IP’s - useful for whitelisting

Question 18

Some use cases for NLB

Answer 18

unbroken encryption

static IP for whitelisting

the fastest performance

protocol not HTTP or HTTPs

Private Link

Question 19

Launch Configuration and Templates

Answer 19

allow you to define the configuration of an EC2 instance in advance

Ami, instance Type, storage & key pair

networking and security Groups

userdata & IAM role

Question 20

Say you want to be able to alter your configurations after creating them which would you choose to use launch configurations or launch template ?

Answer 20

both are not editable- defined once LT has versions

Question 21

Which of the option for configuration for EC2 instance in advance is newer and what additional features does it offer ?

Answer 21

Launch template provide newer features

including T2/T3 unlimited, placement groups, capacity reservations , elastic graphics

Question 22

Auto Scaling groups

Answer 22

automatic scaling and self-healing for EC2

uses launch Templates or configurations

has minimum, desired, and maximum size

keep running instances at the desired capacity by provisioning or terminating instances

scaling policies automate base on metrics

Question 23

Types of scaling options for Auto Scaling groups

Answer 23

manual scaling -manually adjust the desired capacity

scheduled scaling - Time based adjustment

dynamic scaling- simple, stepped scaling and Target Tracking

Question 24

cooldown periods on an ASG

Answer 24

how long to wait at the end of a scaling option before doing another

Question 25

Launch and terminate set to suspend or resume what would be the actions taken by ASG

Answer 25

If launch is set to spend the ASG won't lunch any new EC2 instances if Terminate is set to suspend the ASG won't terminate any EC2 instances

Question 26

if AddToLoadBalancer is enabled what would be actions taken by ASG

Answer 26

add to LB on launch

Question 27

AlarmNotification

Answer 27

controls whether the ASG accepts notifications from cloud watch

Question 28

AzRebalance

Answer 28

controls whether ASG will balance instance evenly across all of Azs

Question 29

HealthChecks

Answer 29

instance health check on/off

Question 30

ReplaceUnhealthy

Answer 30

Terminate unhealthy and replace

Question 31

ScheduleActions

Answer 31

schedule on/off

Question 32

Standby

Answer 32

use this for instances ‘inservice vs standby’ suspend activities on ASG on a specific instance

Question 33

ASG cost

Answer 33

ASG are free only the resources created are billed

Question 34

If your instances are being rapidly terminated and created what option help stop this ?

Answer 34

use cool down period to avoid rapid scaling

Question 35

What does ASG define

Answer 35

When and where

Question 36

What do launch templates define ?

Answer 36

what

Question 37

Simple scaling

Answer 37

“CPU above 50% +1 ” “CPU below 50% +1 ”

Question 38

stepped scaling

Answer 38

allows you to scale in or out based on how far away you are from a metric

Question 39

Target Tracking

Answer 39

Desired Aggregate CPu = 40% ASG handle it

Question 40

Are you able to scale based on SQS ?

Answer 40

yes scaling based on SQS- ApproximateNumberOfMessages - visible

Question 41

ASG Lifecycle Hooks

Answer 41

custom Actions on instance during ASG actions during instance Lunch or instance terminate instances are paused until timeout during that pause you can perform some operation Notifications for lifecycle hooks can be sent to an SNS topic or event Bridge after timeout they are either contrine or abandoned

Question 42

ASG EC2 Health checks

Answer 42

EC2- stopping, stopped, Terminated, shutting down, impaired(not 2/2) = unhealthy

Question 43

Types of ASG Health checks

Answer 43

ELB, EC2(default), custom

Question 44

ASG ELB Health Check

Answer 44

Healthy = Running and passing ELB Health Check can be more ALB is application away because in operates on Layer 7 of the networking model

Question 45

ASG Health Checks Grace period

Answer 45

default 300s delay before starting checks allows system launch, bootstrapping, and application start

Question 46

SSL Bridging

Answer 46

Listener is configured for HTTPS, connection is terminated on the ELB & needs a certificate for the domain name ELB initiates a new SSL connection to backend instances. Instances need SSL certificate and the computer required for cryptographic operations How ALB can operates

Question 47

SSL Pass-through

Answer 47

Listener configured for TCP/ No encryption or decryption happens on the NLB.Connection is passed to the backend instance Each instance needs to have the appropriate SSL cert installed. With this architecture there is no certificate exposure to AWS… all self-managed and secure

Question 48

SSL offLoading

Answer 48

Listener is configured for HTTPs. Connections are terminated and then backed connections use HTTP. ELB to instance connection use HTTP - no certificate or cryptographic requirements

Question 49

Session Stickiness

Answer 49

Stickiness generates a cookie with locks the device to a single backend instance for a duration with no stickiness connections are distributed across all in-service backend instances. Unless applications handles user state this could cause user logoff shopping cart losses.

Question 50

Gateway Load balancer (GLB)

Answer 50

Help you run and scale 3rd party applications things like firewalls, intrusion detection and prevention systems

Question 51

How does Gateway Load balancer (GLB) work ?

Answer 51

inbound and outbound traffic (transparent inspection and protection)