Section 4: AWS Fundamentals: ELB + ASG + EBS Flashcards
What does ELB stand for?
Elastic Load Balancer (EC2 Load Balancer)
What are load balancers?
Servers that forward internet traffic to multiple servers (EC2 instances) downstream
How to access the application faced by a LB?
By using the DNS of the LB
What happens to the instances that crash / stop responding correctly?
They get terminated by the LB and the LB will then forward the traffic to other instances
How does the LB knows the health status of the instances?
By doing regular health checks to the instances
How does the LB help with security?
It provides SSL termination for your web apps and separate public traffic from private traffic
What is the benefit of using an ELB rather than a custom load balancer?
AWS guarantees that it will be working and handle updates and maintenance.
It is integretad with many AWS offerings
What are the three types of ELB?
Classic Load Balancer (CLB, deprecated)
Application Load Balancer (ALB)
Network Load Balancer (NLB)
How does an ELB perfom a health check on an instance?
It pings a port and a route (e.g. /health) and makes sure the response has a status of 200 (OK)
What protocol does the ALB serves?
HTTP, HTTPS, Websockets (Layer 7 - Application Layer)
What do ALB allow you to do?
Load balance to multiple HTTP applications across machines (target group)
Load balance to multiple applications on the same machine (containers)
On what parameters can an ALB load balance traffic on?
Route (e.g. /users)
Hostname (domain) (e.g example.com)
What are good use cases for ALB?
Micro services
Container based application (Docker & Amazon ECS)
What does ECS stand for?
Elastic Container Service
If we didnโt have ALBs, how could we get the same result with the CLB?
We would need to create one CLB per application (expensive and inefficient)
What is a target group
A target group is a group of EC2 instances which are targetted by a LB.
At what level can stickiness be enabled?
Target group level
What does stickiness at the target group level mean?
Same request goes to the same instance
What generates the stickiness?
TG, ALB, ASG or app
The ALB (not the application)
What IP does the application server sees?
The private IP of the LB
How can the application server see the IP of the user?
By looking at the โX-Forwarded-Forโ header of the request
How can the application server see the port and the proto when using an ALB?
By looking at the โX-Forwarded-Portโ and โX-Forwarded-Protoโ headers respectively
What does NLB stand for?
Network Load Balancer
What protocol does the NLB serves?
TCP, UDP, TLS (Layer 4 - Transport Layer)
What type of IP does NLB support?
Static IP or Elastic IP
What does the NLB do?
Forward TCP traffic to your instances
How many requests can an NLB handle per seconds?
Millions
What is the latency brought by a NLB
About 100 ms compared to 400 ms for ALBs
What are NLBs mostly used for?
Extreme performance (not be the default LB you choose)
What does the creation process of an NLB look like?
Pretty much the same as an ALB
What security feature do all ELB provide?
SSL certificates and SSL termination
Can LBs scale?
Yes but not instantly, contact AWS for โwarm-upโ if you expect a sudden peak
What IP does the NLB sees?
The client IP
What enduces 4xx errors?
The client
What enduces 5xx errors?
What about 503?
The application
503 errors mean at capacity or no registered target
What to do if the LB canโt connect to your application?
Check the security groups
How to make sure that a user can only access the application through an ELB?
By editing the security group attached to the application to only allow traffic on port 80 from the custom source sg-XXXXXX which is the sg attached to the LB.
What can cause the โ503 Service Temporarily Unavailableโ error?
The target group of an ELB contains no running EC2 instances
What does ASG stand for?
Auto Scaling Group
What is the purpose of the ASG?
Ensure we have a minimum and a maximum number of machines running
How does an ASG achieve its purpose? (3 things)
By scaling out to match an increased load
By scaling in to match a decreased load
Automatically registering new instances to an ELB
What does โscale outโ mean?
Add EC2 instances
What does โscale inโ mean?
Remove EC2 instances
What are the three variables that affect the number of running EC2 instances in an ASG?
Minimum size
Actual size (Desired Capacity)
Maximum size
What attributes does an ASG have?
Launch Configuration Min/Max/Initial Capacity Scaling Policies Load Balancer Information Network + Subnet Information
What does an ASG launch configuration contain? (6 things)
AMI Instance Type EC2 User Data EBS Volume Security Groups SSH Key Pair
What can trigger an ASG to change the number of running EC2 instances?
CloudWatch alarms that monitor a metric (Such as average CPU)
New Simple Auto Scaling Rules managed by EC2
What are the new auto scaling rules managed by EC2?
Target average CPU usage
Number of request on the ELB per instance
Average network in
Average network out
What is the benefit of using the new auto scaling rules managed by EC2?
They are simple easier to set up and can make more sense
How to use custom metric for auto scaling?
- Send custom metric from app on EC2 to CloudWatch (PutMetric API)
- Create CloudWatch alarm to react to low/high values
- Use the CloudWatch alarm as the scaling policy for ASG
What happens to IAM roles attached to ASGs?
They get assigned to the EC2 instances managed by the ASG
How much $ are ASG?
FREE! You only pay for the underlying resources
What does EBS stands for?
Elastic Block Store
What happens to an EC2 instance root volume when it is manually terminated?
It gets deleted
What is an EBS volume?
A network drive (not physical drive)
What can an EBS volume be attached to?
A single EC2 instance
How fast can an EBS be detached from an instance and attached to a new one?
Quickly
On what level is an EBS locked?
Availability Zone (AZ)
How to move a volume across another AZ?
By first making a snapshot of it
What is the billing model of EBS volumes?
Provisioned (You get billed for all the provisioned capacity (GBs and IOPs)
What does IOPs stands for?
Input/Output Operations Per Second
What are the 4 types of EBS?
GP2 (SSD) Great Value - General Purpose
IO1 (SSD) Highest Cost - Highest performance
ST1 (HDD) Low Cost - Designed for frequent access
SC1 (HDD) Lowest Cost - Designed for low frequency
Can you resize an EBS volume?
You can only increase the size and IOPs of an EBS volume
What do you need to do after increasing the size of an EBS volume?
Repartition the drive
How can you decrease the size of an EBS volume?
You first need to snaspshot the volume, then create a new smaller volume
How can you backup an EBS volume?
By making a snapshot of it
How much space does a snapshot take?
The space that the data occupied in the EBS volume (E.g. A snapshot of a 100GB EBS volume which contained 5 GB of data would weigth 5GB)
What are snapshots used for?
Resizing a volume down
Changing the volume type
Encrypt a volume
What is encrypted when using an encrypted EBS volume?
Data is encrypted at rest (on the volume)
Data is encrypted in flight (between the instances and the volume)
Data is encrypted in snapshots
Volumes created from snapshots are also encrypted
How are encryption and decryption of EBS volumes handled?
Transparently
How big is the impact of encryption on latency?
Minimal
What keys does EBS encryption leverage?
Keys from KMS (AES-256)
What does KMS (AES-256) stand for?
Key Management Service (Advanced Encryption Standard, blocks of 128 bits and key size of 256 bits)
What are Instance Store?
Physically attached storage to the machine
What is the main benefit of an Instance Store?
Better I/O performance
What happens to the data in an Instance Store when the machine is terminated?
It is lost
Can you resize the Instance Store?
No
Who has to manage backups when it comes to Instance Store?
The user
Can/should you backup EBS volumes while your application is handling a lot of traffic?
You should not, because EBS backups use IO
By default, what happens to root EBS volumes attached to EC2 instances when the instance is terminatted?
They also get terminated (Data is lost)
