TD Exam 3 - Long review Flashcards
What are the 2 modes for ECS
EC2 and Fargate
What is a container definition used in ECS
Tells where the image is, and which ports are exposed
What is a task defintion
Represents the app as a whole, can have multiple containers. Has everything except what is in container definition
Where is Task role defined for ECS
In Task definition
What is a service definition in ECS
Defines a service
What is a service in ECS
Defines how Tasks scale, how to distribute load, etc
What is in a Container definition in ECS
Image and ports
What is in a Task definition in ECS
Security (Task role), Container(s) and resources
What is a Task role in ECS
IAM Role which the task assumes
What is in a service in ECS
How many copies, HA, restarts
What is DMS
A managed Database Migration Service
What does DMS use
A replication instance
Can the destination of DMS be onprem?
Yes, either the destination or source needs to be in AWS
What do you define on a replication instance in DMS
Replication task
What are the different states of EC2 instance
Pending
Running
Rebooting
Shutting down
Terminated
Stopping
Stopped
To what state can an instance transtion from pending
Running
To what states can an instance transition from running
Rebooting
Shutting down
stopping
To what state can an instance transition to from Shutting down
Terminated
To what state can an instance transition from terminated
None; It is terminated
To what state can an instance transition from stopping
Stopped
To what states can an instance transition from stopped
Pending
Terminated
What is the pending state
The instance is preparing to enter a running state
When will you be billed when an instance is stopping
If it is preparing to hibernate
What are the 2 types of backup functionality in RDS
Automated Backups
Snapshots
Where are backups from RDS stored
AWS-Managed S3 buckets
Where are RDS backups taken from
Standby instance if you are in multi-AZ mode
Otherwise from primary, so might have performance issues
Are RDS snapshots automatic
No
What are RDS snapshots and backups taken of
An instance, so all the databases within it
Do RDS snapshots expire
No, you have to clean them up yourself, manual or external process to delete
What is a difference between RDS snapshots and backups
Backups are automated
Also backups have transaction logs written every 5 minutes
What is the possible range of values for RDS backups retention
0 to 35 days
Can you keep RDS backups after deleting a db
Yes, but they still expire
Can RDS snapshots and transaction logs be replicated to another region
Yes, but has to be explicitly configured; it is not the default
What happens when you restore an RDS snapshot
A new RDS instance is created; with a new address
Is restoring a backup in RDS fast
No, it restores the backup then replays the transactions from transaction log
What is AWS backup
A fully-managed data-protection service
What is an advantage of AWS backup
IT allows you to consolidate management in one place, across accounts and regions
What are some things supported by AWS Backup
Compute
Block storage
File storage
DBs
Object storage
What is a central component of AWS backup
Backup plans
What can you configure with lifecycles in AWS Backups
When a backup transitions into cold storage and when it expires
What is a vault in AWS Backup
Backup destination - assign KMS key for encryption
What is specified in an AWS Backup backup plan
Frequency
Window
Lifecycle
Vault
Region copy
What is vault lock in AWS backup
Write-once, read-many (lock); you get 72h to delete, then you can’t
Can still have lifecycle to make it expire
Can you do on-demand backup in AWS backup
Yes
Can you do Point-In-Time-Recovery for AWS backup
Yes, for supported product
What is S3 select
Ways to retrieve part of an object instead of the whole object
What is a disadvantage of filtering a large object on the client side
Still use the whole object size of data transfer
What does S3 select and Glacier Select do
Allows you to use SQL-like segments to select part of the object
What is an advantage of S3 select
S3 pre-filters an object, only sends the result
What are some file formats supported by S3 select
CSV, json, parquet, BZIP2 compression for csv and json
What do S3 access points do
Simplify managing access to S3 buckets and objects
What do S3 access points allow you to do
Rather than one bucket with one bucket policy, you create many access points with different policies
Each access point has its own endpoint address
an have different network access control
What is a way of making S3 bucket accessible via VPC
Access point with VPC origin
What types of records are supported with failover routing
primary and secondary
What is the use case for failover routing
Active-passive failover
What is a VPC router
HA, runs in all AZs the VPC is in, each vpc has a vpc router
What is the address of the VPC router
network + 1of the subnet
What does a VPC router do by default
Route traffic between subnets
What is the main route table of a vpc
The route table used by default by a subnet
What happens if many routes match traffic
Higher prefix takes priority
What are possible targets for a route table
Gateway or route table
Can you update local routes in route tables
No
What kind of resilience does an internet gateway have
Region resilient
Can you attach an internet gateway to more than one vpc
no
Can you attach a vpc to more than one internet gateway
no
What are the actions you need to take to make a subnet public
Create IGW
Attah IGW to VPC
Create custom route table
Associate route table
Make the default route the internet gateway
Configure subnet to allocate IPv4 addresses
What happens when you allocate a public IP in a subnet
A record is created in the IGW to associate the instance private ip to the public ip
Is an EC2 instance ever aware of it’s public IPv4 address
No
Is an EC2 instance ever aware of it’s public IPv6 address
Yes
What is a jumpbox
Bastion host
What is Parameter store
Storage for configuration and secrets
What are the 3 parameter types you can store in parameter store
String, StringList and SecureString
What are some features of parameter store
It supports hierarchies and versioning
What are the formats of data that can be store in parameter store
Plaintext and Ciphertext (integrates with KMS)
What are Parameter Store public parameters
Parameters made available by aws, per region (eg latest AMI per region)
Is parameter store public or private
Public
What can permissions be associated with in parameter store
Tree hierarchy or specific parameters
How does Parameter store handle encryption
KMS
What can parameter store changes generate
Events
What is Secrets Manager usable from
Console, CLI, API or SDK
Which supports secret automatic rotation, Secrets Manager or PArameter store
Secrets Manager
How does secret automatic location work in Secrets Manager
Using Lambda
What are some features of Secrets Manager vs Parameter store
Secrets Manager is designed for secrets
It also directly integrates with some AWS products (RDS)
What is EC2 on-demand
Multiple customers share hardware
How are you billed for EC2 on-demand
Per second that the instance is running
Do you have priority with on-demand
No, in case of big demand (major failure), people with reserved get priority
What is spot pricing
AWS sells unused capacity at big discount, up to 90% discount
AWS sets price, customers set max they are willing to pay
Should you use spot instances if your workload cannot tolerate interruptions
No
Are you still billed for your unused reservation
Yes
What are EC2 reservations defined by
Type of instance and AZ or region
What happens if you lock an instance reservation to an AZ
You reserve capacity, but you can only take advantage in that AZ
If you lock an EC2 reservation to a region, does it reserve capacity?
No
What are the term lengths for reservation
1 or 3 year
What is a dedicated host
You get a whole host
Hosts are designed for a famility of instances
Capacity management is required
What is dedicated instances
You don’t own or share the host, but you have dedicated hardware
You don’t manage the host
What are the limitations in terms of number of EC2 instances
- On-demand: vCPU-based limit per region
- Purchasing 20 reserved instances per region
- Dynamic Spot limit per region for Spot instance requests
What is AWS Nitro
The underlying platform for next generation of EC2 instances
Uses dedicated hardware for the hyervisors
What instance types for general purpose
t-type
m-type
Can you stop an Instance store-backed instance
No, you can only terminate it
How do you give a static IPv4 address to an instance
Elastic IP addresses
What OS are supported for instance hibernation
Amazon Linux
Ubuntu 18.04 LTS
What is a requirement for hibernation
Encrypted EBS-backed instance
What happens when an instance hibernates
Writes in-memory state to a file in root EBS
What do you pay for in an hibernating instance
EBS Volumes and Elastic IPs
What happens to attached EBS volume when an instance is terminated
Preserved by default
How can you prevent accidental instance termination
Enable termination protection
Is there such a thing as instance stop protection
Yes
What can you do to a stopped instance
Modify properties, size, or update kernel
What is included in an AMI
Template for root volume
Launch permissions
Block device mapping
What are EC2 placement groups
They determine how instances are placed on underlying hardware
What are the 3 options for placement groups
Cluster
Spread
Partition
What is cluster placement group
It clusters instances into a low-latency group in a single AZ
What is Spread placement group
Spreads instances across underlying hardware
Can span multiple AZs
What is the max number of instance per AZ per group for cluster group
7
What is partition placement group
Spread across logical partitions
Different partitions do not share hardware
What is a use case for cluster placement group
Performance, fast speeds, low latency
What is a use case for spread placement group
Small number of critical instances that need to be kept separated from each other
What is the maximum number of EC2 partitions per AZ
7
What is partition group great for
Topology-aware apps
What is Elastic inference accelerators
Enable to attach low-cost GPU powered acceleration to EC2, Sagemaker instances and other resources
Does ENI stay attached when stopping an instance
Yes
Does Elastic IP detach after stopping instance
No
Can underlying host change when stopping an restarting instance
Yes
What are the 3 components of AWS Glue
Central Metadate Repository
ETL Engine
Flexible Scheduler
What is the AWS Glue Data Catalog
Perisitent metadata store
What is the crawler used for in AWS GLue
Populate AWS Glue Data Catalog with tables
How does the crawler work in AWS Glue
Determine format, schema of raw data
Group data into tables or partitions
Write metadata to AWS Glue Data Catalog
What is needed to use DynamoDB accelerator
Install DAX SDK on instance
Does DAX change how apps interact with DynamoDB from the apps perspective
No
How is DAX accessed
Via an endpoint
It load balances
What is the architecture of DAX
Primary instance with replica in other AZs
Primary supports Write
Replicas support read
Does DAX support write-through
Yes, on primary node
Is DAX HA
Yes, if primary fails, we have a failover
What kinds of scaling does DAX do
Up AND Out
Is DAX a public service
No, it is deployed within a VPC
Do you have to set autoscaling for Dynamodb
Yes
What is capacity in DynamoDB
Speed
What is on-demand mode for DynamoDB
You only pay for the operations
What do you set when you use provisioned DynamoDB
RCU and WCU, they are KB per second of read or write
What does Autoscaling do with DynamoDB
Dynamically adjusts the provisioned throughput capacity
What is DynamoDB Global Tables
Multi-master cross-region replication
Who wins conflict resolution with DynamoDB Global Tables
Last writer
What is the speed of replicaiton for Global DynamoDB
GEnerally sub-second
What is AWS Transit Gateway
A Network Transit Hub to connect VPCs to onprem networks
What does Transit Gateway use
site-to-site vpns and DX
What attachments are supported for AWS Transit Gateway
VPC
Site-to-Site VPN
Direct Connect Gateway
How many VPN tunnels do you need from a Customer Gateway to a Transit Gateway to have HA
2
Where do you configure VPC attachments for a Transit Gateway
One to a subnet in each AZ where service is required
How can you connect to VPCs in another account or region with Transit Gateway
Peer to other transit gateway that belongs to another account or region
When you peer Transit Gateways, where does traffic transit by
AWS Global Network, not public internet
Does Transit Gateway support transitive routing
Yes
As long as appropriate routing is in place
How can you share Transit Gateways between AWS accounts
Using RAM
What does Transit Gateway do with regards to Multicast
It enables customers to have fine-grain control on who can consume and produce multicast traffic
Can maange multicast groups
What are the 3 modes of storage gateway
Volume
-Cache
-Stored
Tape
File
What is Storage Gateway Volume stored mode
It only uses AWS for backups
What does AWS Storage gateway file mode do
It presents a file-based interface to S3
How does Storage Gateway volume mode work
Uses volumes that have S3 snapshots
What is Amazon DocumentDB
Fully managed document database
COmpatible with MongoDB
If you can’t change the code and must use MongoDB, what should you use
DocumentDB
What is Amazon Neptune
Graph database
What is the Cluster endpoint in Aurora
AKA writer endpoint
Points to primary
What is Aurora Parallel Query
Enables Aurora to push down and distribute computational load of a single query across thousands of CPUs in Aurora storage layer
What are the 4 types of endpoints for Aurora
Cluster
Reader
Custom
Instance
What is a custom endpoint in Aurora
It reprensts a set of instances you choose, and does load-balancing
What is an instance endpoint in Aurora
Connects to a specific instance
What can wildcard certificates handle
Syb-domains
When should you use dedicaeed IP custom ssl
For browsers that do not support SNI
