Network storage, HA, and Scaling Flashcards

1
Q

Elastic File System

A

implementation of NFSv4

EFS Filesystem can be mounted on Linus

shared between many EC2 instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where does EFS run from ?

A

runs in a vpc via mount targets

can be access from on-premises-VPN or Dx

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 type of Load Balancers

A

classic Load Balancer (CLB)- v1 - introduces 2009

not really layer 7, lacking features, 1ssl per CLB

Application Load Balance (ALB) -v2 - HTTP/s / websocket

Network Load Balancer(NLB)-v2-TCP, TLS , & UDP

v2 = faster, cheaper, support target groups and rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does ELB work ?

A

Configured to run in 2+ AZ’s, 1+ Nodes are placed into a subnet in each AZ and scale with load

Each ELb is configured with an (A) record DNS name and this resolved to the ELB Nodes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do ELB communicate with an EC2 instance ?

A

Load Balances (Nodes) are configured with listener which accept traffic on a port & protocol and communicate with targets on a port and protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Internet-Facing ELB vs Internal ELBs

A

internet-facing Nodes have public IPs

Internal Only have private IPs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What show your subnet size be if your going to deploy a ELB in it ?

A

8+ free IPs per subnet and a /27 or larger subnet to allow for scale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cross Zone LB

A

Allow load balancers to even distribute load across active AZS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Does an EC2 instance need to be public to work with an ELB?

A

No , an internet-facing load balancer can communicate with public instances or private instances.

An internet-facing Load balancer has public IP addresses on it’s nodes

it can accept connections from the public internet and balance these across both public and private EC2 instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Application LB

A

Layer 7 load balancer .. listens on HTTP and / or HTTPS

No other Layer 7 protocols (SMTP, SSH, Gaming) and no TCP/UDP/TLS listeners

Layer 7 content type, cookies , custom header, user locations and app behaviors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How are HTTP/HTTPS connections made and why would it be important ?

A

HTTP/ HTTPs(SSL/TLS) always terminated on the ALB no unbroken SSL

which could pose a security risk for security teams

ALBs must have ssl cert if HTTPS is uses because a new connection is initiated when connection to the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ALB Rules

A

rules direct connections which arrive at the listener

processed in priority order

default rule= catch all, processed last

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ALB rule conditions

A

anything layer 7

host-header, http-header, http-request method, path-pattern, query-string & souce-IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some actions that can be taken based on an ALB rule ?

A

forward, redirect, fixed-response, authenticate-OIDC & authenticate -cognito

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Network Load Balancer (NLB)

A

Layer 4 load balancer … TCP, TLS, UDP, TCP_UDP

No visibility or understanding of HTTP or HTTPS

SMTP, SSH Game servers, financial apps

really really, fast ( millions of rps, 25% of ALB latency)

Forward TCP to instance unbrokern encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What do Health checks on NLB check ?

A

Health checks just check ICMP/TCP handshake not app aware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

If you need your LB to have a static IP what LB would you choose ?

A

NLB’s can have static IP’s - useful for whitelisting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Some use cases for NLB

A

unbroken encryption

static IP for whitelisting

the fastest performance

protocol not HTTP or HTTPs

Private Link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Launch Configuration and Templates

A

allow you to define the configuration of an EC2 instance in advance

Ami, instance Type, storage & key pair

networking and security Groups

userdata & IAM role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Say you want to be able to alter your configurations after creating them which would you choose to use launch configurations or launch template ?

A

both are not editable- defined once LT has versions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the option for configuration for EC2 instance in advance is newer and what additional features does it offer ?

A

Launch template provide newer features

including T2/T3 unlimited, placement groups, capacity reservations , elastic graphics

22
Q

Auto Scaling groups

A

automatic scaling and self-healing for EC2

uses launch Templates or configurations

has minimum, desired, and maximum size

keep running instances at the desired capacity by provisioning or terminating instances

scaling policies automate base on metrics

23
Q

Types of scaling options for Auto Scaling groups

A

manual scaling -manually adjust the desired capacity

scheduled scaling - Time based adjustment

dynamic scaling- simple, stepped scaling and Target Tracking

24
Q

cooldown periods on an ASG

A

how long to wait at the end of a scaling option before doing another

25
Launch and terminate set to suspend or resume what would be the actions taken by ASG
If launch is set to spend the ASG won't lunch any new EC2 instances if Terminate is set to suspend the ASG won't terminate any EC2 instances
26
if AddToLoadBalancer is enabled what would be actions taken by ASG
add to LB on launch
27
AlarmNotification
controls whether the ASG accepts notifications from cloud watch
28
AzRebalance
controls whether ASG will balance instance evenly across all of Azs
29
HealthChecks
instance health check on/off
30
ReplaceUnhealthy
Terminate unhealthy and replace
31
ScheduleActions
schedule on/off
32
Standby
use this for instances ‘inservice vs standby’ suspend activities on ASG on a specific instance
33
ASG cost
ASG are free only the resources created are billed
34
If your instances are being rapidly terminated and created what option help stop this ?
use cool down period to avoid rapid scaling
35
What does ASG define
When and where
36
What do launch templates define ?
what
37
Simple scaling
“CPU above 50% +1 ” “CPU below 50% +1 ”
38
stepped scaling
allows you to scale in or out based on how far away you are from a metric
39
Target Tracking
Desired Aggregate CPu = 40% ASG handle it
40
Are you able to scale based on SQS ?
yes scaling based on SQS- ApproximateNumberOfMessages - visible
41
ASG Lifecycle Hooks
custom Actions on instance during ASG actions during instance Lunch or instance terminate instances are paused until timeout during that pause you can perform some operation Notifications for lifecycle hooks can be sent to an SNS topic or event Bridge after timeout they are either contrine or abandoned
42
ASG EC2 Health checks
EC2- stopping, stopped, Terminated, shutting down, impaired(not 2/2) = unhealthy
43
Types of ASG Health checks
ELB, EC2(default), custom
44
ASG ELB Health Check
Healthy = Running and passing ELB Health Check can be more ALB is application away because in operates on Layer 7 of the networking model
45
ASG Health Checks Grace period
default 300s delay before starting checks allows system launch, bootstrapping, and application start
46
SSL Bridging
Listener is configured for HTTPS, connection is terminated on the ELB & needs a certificate for the domain name ELB initiates a new SSL connection to backend instances. Instances need SSL certificate and the computer required for cryptographic operations How ALB can operates
47
SSL Pass-through
Listener configured for TCP/ No encryption or decryption happens on the NLB.Connection is passed to the backend instance Each instance needs to have the appropriate SSL cert installed. With this architecture there is no certificate exposure to AWS… all self-managed and secure
48
SSL offLoading
Listener is configured for HTTPs. Connections are terminated and then backed connections use HTTP. ELB to instance connection use HTTP - no certificate or cryptographic requirements
49
Session Stickiness
Stickiness generates a cookie with locks the device to a single backend instance for a duration with no stickiness connections are distributed across all in-service backend instances. Unless applications handles user state this could cause user logoff shopping cart losses.
50
Gateway Load balancer (GLB)
Help you run and scale 3rd party applications things like firewalls, intrusion detection and prevention systems
51
How does Gateway Load balancer (GLB) work ?
inbound and outbound traffic (transparent inspection and protection)