Overall AWS Flashcards
Full review
What is the proper way to use IAM for users and security for daily activities.
The initial registering user is the root user. They have full unrestricted access and should not be used for day to day activities. Instead create a IAM group (security group) and add IAM users to that group. Those users are used for daily activities.
Difference between a Region and a Availability Zone
Region are set areas around the world that have access. Availability zones are connected areas that comprise a region.
Benefit of having many regions/AZs
Lower Latency (faster access)
Global Footprint/presence
Adhere to govenment regulations (run commands in different region)
High availability (good for crash situations)
AZs have redundant power, why?
If something goes down/a crash, can utilize extra power
Simple summary of the EC2 service?
Essentially just rentable virtual servers (instances) where you can run software, commands, etc.
What is EC2 AMI
Template for what operating system and software needed for the instance.
What is important about the EC2 instance type
Instance type decided hardware configuration. Think CPU, GPU, memory, etc.
What is an instance family
Specialized hardware configuration. Some instance families have higher GPU, or higher CPU, or are balanced depending on the use case.
Describe how Key Pairs work in security
Key pairs are composed of public and private keys. Public keys are stored on the EC2 instance while private keys are stored by the user (its typically just a file). Both are necessary to access the instance.
What are security groups
A virtual firewall to control incoming and outgoing traffic to/from AWS resources.
Default is deny
Only allow rules
Describe the monitoring tab (EC2)
Holds metrics related to the instance. Cloud Watch is the monitoring service that powers these metrics
Why are elastic IP addresses important.
Stopping an instance will remove the public IP address and generate a new one when starting again. Elastic IP addresses allows an instance to keep the same public IP address.
Are IP addresses free as long as they are attached to an instance?
NOT ANYMORE. They used to be free if attached.
Difference between IaaS and PaaS
IaaS (infrastructure as a Service): Using only infrastructure from cloud provider. Customer responsible for OS upgrades and patches, app code and runtime, availability, scalability, load balancing, etc. (Think EC2)
PaaS (Platform as a Service): More is handled by the Cloud provider. Customer only responsible for App code/configuration. (think Beanstalk)
Would Elastic Load Balancing better fit under PaaS or IaaS
PaaS. AWS makes sure patches are up to date and takes care of auto scaling. More specifically, it is a managed service.
What is the Elastic Load Balancer (ELB)
Distributes traffic across EC2 instances in one or more AZs in a SINGLE region (IE region specific)
What is a Classic ELB type
Supports Layer 4 (TCP/TLS) and Layer 7 (HTTP/HTTPS) protocols. NOT RECOMMENDED BY AWS
What is an Application ELB type
Supports HTTP/HTTPs protocols. Most popular ELB. Support advanced routing approaches (based on different parts of access request)
What is a Network ELB type
Supports TCP/TLS protocols. Specifically used for High performance needs.
What is a Gateway ELB type
Distributes traffic across multiple virtual Third party appliances based on demand.
In EC2, describe how to achieve higher availability.
Deploy to multiple AZs in multiple regions. Load balancer between those.
Describe vertical vs horizontal scaling (scalability). Which is preferred?
Vertical scaling mean increasing instance size (T2.nano –> T2.Large)
Horizontal scaling increases number of instances (requires auto scale group and load balancer tho)
Horizontal scaling is typically better since it is usually less expensive and increases availability.
Different EC2 Tenacities
Shared (default): single host with instances from multiple customers.
Dedicated instances: instances in host belong to same customer. Not visibility into hardware of host.
Dedicated Host: Same as dedicated instance but with hardware access. Good for regulatory needs/server bound software licenses (microsoft SQL server)
On demand pricing model for EC2
Request instances when you need it. Best for unpredictable traffic or batch programs that cannot be interrupted.
Spot pricing model for EC2
Cheapest. Quote maximum price that you may get. Can be terminated due to pricing trends with 2 min warning. Good for anything that can be stopped and resumed over short notice.
Reserved pricing model for EC2
Reserve ahead of time (1-3 years)
Submodels available for how much you want to pay upfront. (More = cheaper)
Good for constant workload that runs all the time.
Savings Plan pricing model for EC2
Commit spending X per hour on tech in 1-3 years. (no restrictions)
2 Subtypes:
Compute - Spend X dollars/hour on resources. Complete flexibility on hardware.
Instance - spend x dollars/hour for specific instance family in specific region. Can change operating systems.
Auto scaling components:
Launch config/template - EC2 instance size and AMI
Auto scaling group - min,max, desired size
Auto scaling policies - When and how to execute scaling (through rules)
Features of Beanstalk
It is a PaaS. AWS takes care of auto load balancing, auto scaling, platform updates, health monitoring. Only pay for AWS resources provisioned.
What does Serverless mean?
Cloud manages everything (Scaling, availability). You only worry about your own code.
Example: AWS Lambda
What is Amazon Lightrail
Used for Pre-configured dev stacks (software) like Node.js or to run websites on weird things like Magento. constantly low monthly price.
What is AWS Batch
Run batch computing workloads on AWS. Can use EC2 and Spot instances to make cheaper.
What is AWS Cloud9
Cloude based IDE that lets you write, run, and debug code with just a browser. Includes all essential tools for popular languages.
What is AWS CloudShell
Browser based shell that provides secure way to manage AWS resources (via command line)
What is AWS Amplify
Good/Quick for developers to build scalable and secure cloud-powerweb and mobile apps (IE web and mobile)
What is Amazon CodeCatalyst
Similar to AWS Amplify but also includes tools to help with planning and overall app lifecycle
What is AWS CodeArtifact
Centalized repository to store and manage reusable code artifacts and dependencies. Securely store, publish, and share software packages.
What is Amazon S3?
Simple Storage Service where you can upload objects (files) into buckets for storage. Utilized different storage classes for access frequency and pricing.
Describe the Key value approach to S3 storage
Key is a unique entity per bucket. Value is typically the object itself (kinda like a file name). Important in locating a stored object.
Can S3 host websites?
YES! but only if they are static
For S3 buckets, discuss their uniqueness.
S3 is a global service so bucket names are globally unique. (though I believe buckets are still tied to a region)
What elements of S3 have cost and what is free of cost?
Storage (per GB), Retrieval charge (if applicable), monthly tiering fee (only for IT storage), Data transfer fee are cost elements
Data transfer to S3, transfer between S3 and CloudFront, and transfer from S3 to same region services are free
Briefly Describe all storage classes in S3
Standard: Frequently accessed
Standard-IA: long-lived, infrequently accessed
One Zone-IA: Infrequently accessed non-critical (1AZ)
Intelligent Tiering: Changing/Unknown access patterns
Glacier: Archive data with slow retrieval
Glacier Deep Archive: Rarely accessed data
What S3 storage classes require encryption
Glacier and Glacier Deep Archive
What level can you set a storage class?
Classes can be set all the way to the individual object level
How much storage can you get with S3?
Unlimited! However, Object size is a max of 5GB. Can have as many objects as you want.
High level difference between block storage and file storage
Block storage is more like hard disk. Stored only on the local device. File storage is like file share where storage is on a network.
Describe AWS Elastic Block Storage
Durable, high availability storage that can be associated and disassociated with an EC2 instance. Flexible capacity based on how much you need. EBS is on a network storage? Supports snapshots for replication/archiving.
Describe AWS Instance Store
Storage method that is physically tied to EC2 instance. Ephemeral storage that is good for cache files. Included in EC2 cost.
Describe the 3 AWS options for FILE STORAGE (file share)
Amazon EFS: for EC@ linux based instances. autoscales.
Amazon FSx Windows: Integrates with Microsoft active directory to support Windows environments. Auto encryption.
Amazon FSx for Lustre: For high performance use cases. Auto encryption
What is Hybrid Storage?
Automatically think Storage Gateway AWS service. When you store some data on physical servers (on premise) as well as on the cloud.
Three Options to Storage Gateway?
File Gateway: Large file share. Files stored in S3 and Glacier. Expensive to manage.
Storage tape gateway: Used to keep archives in virtual tapes
Volume Gateway: Moves block storage to cloud.
Describe the two options of volume gateway
Cached volumes: Primarily stored in S3. Cached stores frequently accessed data.
Stored volumes: EBS snapshots saved
What storage gateway option would you use for the following scenarios:
1. Large file shares need to be moved to the cloud.
2. Tape backups need to be on the cloud.
3. High performance volume backups needed on cloud.
4. Non-high performance volume backups needed.
- File gateway
- Storage tape gateway
- Volume Gateway (stored volume)
- Volume Gateway (cached volume)
