part3 Flashcards
when using terraform to create RDS how should you save the DB username and password ?
To securely save the database (DB) username and password for an Amazon RDS instance, you should avoid hardcoding them in your application or configuration files.
we can integrate the application with
- AWS secrets manager
- Environment variables
- harshicorp vault
what kind of DB have you used or supported ?
- relational ie mysql for a LAMP stack application
- NoSql (json format) ie mongo DB, Dynamo DB
- key-value DB ie ETCD
your security team has insisted that certain packages have to be present on all the instances for a defense project, how will you come up with a solution to ensure these packages are present in all EC2 instances ?
- Create a custom Amazon Machine Image (AMI) with the required packages preinstalled.
Ensure all new EC2 instances are launched using this AMI using HashiCorp packer - Use tools like Ansible, Chef, or Puppet to define and enforce the required package state on all EC2 instances.
Create a playbook or recipe that installs the necessary packages.
why do we have 3 types of IAM policy types ?
- managed: managed by AWS
- customer managed: custom made IAM policies using terraform or other wise
- inline policy: policy is deleted if user or group it is attached to is deleted.
which build tool are you aware of and how have you used it in your previous role ?
i have worked in multiple projects and my developers tend to use java or node js in which case they use
- maven for java
- npm for nodejs
what is ingress and egress? what are these terms mostly associated with ?
ingress is incoming traffic egress is outgoing traffic. they are mostly associated with security groups, vpc and subnets.
what is the difference between docker image and docker layers ?
- A Docker image is a lightweight, standalone, and executable package that contains everything needed to run a piece of software
- A Docker layer is an individual change or modification to the base filesystem. Each command in a Dockerfile (like RUN, COPY, or ADD) creates a new layer in the Docker image.
what is a bastion host or gateway server and what role do they play ?
a bastion host is used to manage access to a private network from an external network. it can be called a gateway server or jump server.
auto scaling group for a project is having issues with getting new nodes, it is using complete spot instances what could be the issue ?
- Issue: Your AWS account may have hit its EC2 Spot Instance quota limit
- The ASG might be misconfigured. Examples include:
Specified instance types that aren’t available in your chosen region. - The ASG may be limited to a specific Availability Zone that lacks Spot capacity.
a pod is trying to access a volume but there is an error, what could be the error?
- The Persistent Volume Claim (PVC) is not bound to a Persistent Volume (PV).
- The volume is already mounted by another pod, and the access mode does not support multiple mounts (e.g., ReadWriteOnce).
- Check the volume’s NodeAffinity and ensure the pod is scheduled to a compatible node