Storage

Question 1

Can EBS Volume mount across AZ’s?

Answer 1

NO

EBS must be in same AZ as the EC2

Question 2

What happens to EBS ROOT and DATA volumes when you terminate the EC2 instance ?

Answer 2

ROOT will be deleted
DATA will not be deleted.

Question 3

Which EBS volumes can be used as BOOT vol when you create EC2?

Answer 3

gp2, gp3, io1, io2, and Magnetic (Standard).

Question 4

Can you attatch the EBS volume to more than one EC2?

Answer 4

Yes if using EBS MULTI-ATTATCH

Question 5

Best Storage for high IOPS

Question 6

Does ALB provide a static IP4?

Answer 6

No.

Only Network Load Balancer provides both static DNS name and static IP. While, Application Load Balancer provides a static DNS name but it does NOT provide a static IP. The reason being that AWS wants your Elastic Load Balancer to be accessible using a static endpoint, even if the underlying infrastructure that AWS manages changes.

Question 7

What size should you use multi part upload in s3?

Answer 7

> 100MB recomended

> 5GB MUST USE

Question 8

An S3 bucket gives write access to all users via bucket policy but you want one user to not have write access. how do you achieve that?

Answer 8

add an explicit DENY on PutObject in the users IAM Policy. This will take precedence over bucket policy

Question 9

You want the content of an S3 bucket to be fully available in different AWS Regions. That will help your team perform data analysis at the lowest latency and cost possible. What S3 feature should you use?

Answer 9

S3 Replication

Question 10

S3 Storage Classes

Answer 10

Glazier Instant Retrieval. For backups, but need instant retrieval. Min storage 90 days.

Glazier Flexible Retrieval. 3 retrieve modes. Expedited (1-5 min). Std (3-5hr). Bulk (5-12hr)

Glazier Deep Archive - Cheapest. 2 modes. Std (12 hrs). Bulk (48hrs).. Min store 180 days.

Inteligent Tiering. Small monthly monitor fee. Auto move data between tiers. No retrieve charges

Standard - General Purpose: 99.99% available. For frequent access data. Low latency.

Standard - Infrequent Access, For less frequent access.cheaper. Charge on retrieval. 99.9%

One Zone - Inffrequent Acccess - Cheapest. 99.95% available.

Question 11

What are the s3 Glazier Flexible Retrieval modes?

Answer 11

Expedited (1-5 min).
Std (3-5hr).
Bulk (5-12hr)

Question 12

What are the s3 Glazier Deep Archive Retrieval modes?

Answer 12

2 modes. Std (12 hrs). Bulk (48hrs).. Min store 180 days.

Question 13

Which S3 storage class would you use for data that’s accessed infrequently

Answer 13

Standard IA

Question 14

Which S3 storage class would you use for data that you don’t need fast access ?

Answer 14

Glacier or Glacier Deep Archive

Question 15

How do you get recomendations on when to transition objects to which storage class?

Answer 15

AWS S3 Analytics. Enabling this prodcues a daily CSV report but can take up to 24-48 hours to see results.

Recomended for Standard and Standard IA

Doesjt work for OneZone IA or Glazier

Question 16

What destinations can S3 push notifications to ?

Answer 16

Lambda/
SQS/
SNS/
EventBridge -> ALL events

Question 17

How many PUT and GETs per second can S3 do by default.

Answer 17

3500 PUT/DELETE
5500 READ/HEAD

PER SECOND PER BUCKET PREFIX.

Question 18

How to speed up S3 transfers cross REGION.

Answer 18

S3 Transfer Acceleration

Uses Edge Locations

Question 18

How to speed up S3 READS/Downloads

Answer 18

S3 Byte Range Fetches

Paralize GETS using specific byte ranges.
Can be used to peek at just a part of the file (Like head)

Question 19

How would you reduce network traffic for S3 Fetches?

Answer 19

if you only need a section of data, you can use AWS s3 SELECT which uses SQL statements to filter at Server Level and reduce network xfer.

Question 21

What prefix does user defined S3 Meta Data require?

Answer 21

x-amz-meta

Question 22

How would you do a search in S3?

Answer 22

S3 doesnt support searching. You would need to implement searching in a database such as Dynamo to store the keys and S3 reference.

Question 23

What storage classes does EFS support?

Answer 23

Standard

Infrequent Access
Cheaper but slower to restore

Question 24

Does EFS run over multi AZ.

Answer 24

EFS can also run across multi AZs (standard and best for Prod) or One ZOne which is good for dev/backups and 90% cheaper.

Question 25

Wbjcb is cheaper, EFS or EBS?

Answer 25

EBS although EFS can use EFS IA (Infrequent Access) for cost savings

Question 26

Default NACL Security

Answer 26

ALL inbiubr AND outbound traffic are permitted.

can apply DENY and ALLOW rules.

Question 27

Default custom SG Rules

Answer 27

Allow all traffic out but no traffic in.

Note. The default SG itself allows all inbound traffic.

Can only add ALLOW rules. its stateless so inbound traffic is allowed out.

Question 28

WHen would you use CORS?

Answer 28

CORS = Cross Origin Resource Sharing.

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

For the given use-case, you would create a <CORSRule> in <CORSConfiguration> for bucket B to allow access from the S3 website origin hosted on bucket A.</CORSConfiguration></CORSRule>

Question 29

Maximum provisioned IOPS for EBS volume

Answer 29

50:1

SO for 200GB, max IOPS is 200*50 - 10,000 IOPS

Question 30

General Purpose EBS SSD volumes
Max IOPS

Answer 30

GP SSD vols are optimised for transactional workloads and high throughput.

GP Vols include gp2 and gp3

Volume size 1-16TB
Max IOPS 16,000

GP2 Max Throughput 250-MB/sec
GP3 Max Throughput 1000 MB/sec

Question 31

Proviosned IOPS EBS SSD Volumes
Max IOPS

Answer 31

Faster and bigger than gp2/gp3

Provisionede has io1 and io2 Block Express.

io1 Vol size 4gb-16TB MAX iops is 64,000. Max Throughput 1000 MIB/S

io2 Vol size 4gb=64TB. Max iops is 256,000. Max Throughput 4000 MIB/S

Question 32

Format of a bucket URL for bucket called bob both before and after sep 30 2020.

Answer 32

bob.s3.amazonaws.com

old way for buckets created before
September 30, 2020.
was s3.amazonaws.com/bob

Question 33

For a user to list buckets, what Actions do they need?

Answer 33

“Action”: [“s3:ListAllMyBuckets”, “s3:GetBucketLocation”],

Note this wont allow them to drill down - just see top level. to see contents, they also need ListBucket action on the bucket.

Question 34

This S3 bucket uses server-side encryption with AWS KMS managed keys (SSE-KMS) as the default encryption. What Iam policy update is required ?

Answer 34

Add. kms:GenerateDataKey as Action

Question 35

S3 Replication

Answer 35

S3 lifecycle actions are not replicated with S3 replication

Metadata is replicated too.

Only new data will be replicated.

Same-Region Replication (SRR) and Cross-Region Replication (CRR) can be configured at the S3 bucket level, a shared prefix level, or an object level using S3 object tags - Amazon S3 Replication (CRR and SRR) is configured at the S3 bucket level, a shared prefix level, or an object level using S3 object tags. You add a replication configuration on your source bucket by specifying a destination bucket in the same or different AWS region for replication

Question 36

Can you delegate access across accounts within different partitions

Answer 36

NO. IAM roles and resource-based policies delegate access across accounts only within a single partition. For example, assume that you have an account in US West (N. California) in the standard aws partition. You also have an account in China (Beijing) in the aws-cn partition. You can’t use an Amazon S3 resource-based policy in your account in China (Beijing) to allow access for users in your standard AWS account.

Question 37

ways to control S3 access

Answer 37

Customers may use four mechanisms for controlling access to Amazon S3 resources:

Identity and Access Management (IAM) policies,
bucket policies,
Access Control Lists (ACLs), and Query String Authentication (signed URLS)

Question 38

What is QUery String Authentication

Answer 38

With Query String Authentication, customers can create a URL to an Amazon S3 object which is only valid for a limited time. Using query parameters to authenticate requests is useful when you want to express a request entirely in a URL. This method is also referred as presigning a URL.

Question 39

DynamoDB. How manby RCU for 16 eventually consistent reads per second of 12 KB in size each.

Answer 39

Remember EVENTUALLY consistant is 2 READS PER SECOND PER 4KB.

For Strongly Consistent, we would need 48 but for EVENTUALLY consistent, its 48/2=24.

Question 40

Is kinesis a database ?

Answer 40

No. Although kinesis data can be persisted, the data cannot be udpated or deleted ilke a DB.

Question 41

Can the Obect Acces logs be accessed by S3 bucket owner if they are NOT the owner of the object?

Answer 41

Not by deafult. The bucket owner also needs to be object owner to get the object access logs

Question 42

What are default EBS deleteOnTermination rules for roout and none route and can you change the status of an EC2s status if its already running with wrong status without stopping the EC2?

Answer 42

When an instance terminates, the value of the DeleteOnTermination attribute for each attached EBS volume determines whether to preserve or delete the volume. By default, the DeleteOnTermination attribute is set to True for the root volume and is set to False for all other volume types.

Set the DeleteOnTermination attribute to False using the command line - If the instance is already running, you can set DeleteOnTermination to False using the command line.

Question 43

Is S3 strongly or eventually consistent ?

Answer 43

STRONGLY.

Amazon S3 always returns the latest version of the object

Question 44

When to use EFS, EBS, S3

Answer 44

for high perfprmace single ec2 storage, use EBS. not encrypted by default but auto region level encryption can be turned on

EFS may be used whenever you need a shared file storage option for multiple EC2 instances with automatic, high-performance scaling.

S3 is good at storing long-term data due to its archiving system. Things like reports and records, which may go unused for years, can be stored on S3 at a lower cost than the other two storage services discussed.

As already stated, S3 is also useful for storing data on which complex queries may be run. This makes it useful for data related to customer purchases, behaviour or profiles, because that data can be easily queried and fed into analytics tools.

This capacity for interfacing with other tools also makes S3 great for back-up and restoration, as it can be paired with Amazon Glacier for even more secure backing up.

S3 also supports static websites, so if you need to host a static HTML page, S3 is a good choice.

Question 45

EBS Encyption

Answer 45

Newly created Amazon EBS volumes aren’t encrypted by default. However, you can turn on default encryption for new EBS volumes and snapshot copies that are created within a specified Region. To turn on encryption by default, use the Amazon Elastic Compute Cloud (Amazon EC2) console.

Question 46

IOPS provisioned ratio ?

Answer 46

The maximum ratio of provisioned IOPS to requested volume size (in GiB) is 50:1. So, for a 200 GiB volume size, max IOPS possible is 200*50 = 10000 IOPS.