AWS - EC2
What should you do in order to determine which instance type meets your needs from a storage perspective.
Install your workload on an EBS volume and run a storage benchmarking tool such as fio.
What type of root device storage device volume persists as long as the instance is running?
Instance Store
What are the two root device storage volume options available for instances?
Instance store or EBS backed.
What is the benefit of launching instances in common placement groups?
Instances launched in common placement groups can benefit from high bandwidth, up to 10Gbps) and low latency networking speeds.
How are CPU credits earned?
When a T2 instance uses fewer CPU resources than its base performance level allows, the unused CPU credits are stored in the credit balance for up to 24 hours , building CPU credits for bursting.
What happens to the instance attached Amazon EBS volumes when an instance is terminated?
When an instance is terminated, the attached Amazon EBS volumes are deleted unless the volumes "deleteOnTermination attribute is set to false?
When you purchase a reserved instance, what are they payment options and terms available to you?
Available payment options are: No Upfront, Partial payment or All upfront. Available terms are one year or three years
What is a CPU credit equal to?
A CPU credit is equal to one virtual CPU running at 100% utilisation for 30 minute.
What is a common misconception with availability zones?
A common misconception is that a single zone equals a single data center. In fact, each zone is backed by one or more physical data centres, with the largest AZ backed by 5 data centres,.
If you don't want your instances to use the default security group, what must you create?
A custom security group.
What is a dedicated host?
A dedicated host is a physical server with EC2 instance capacity fully dedicated to your use.
You have selected a "Partial Upfront" option for your reserved instance. How are you billed?
A portion of the cost must be payed upfront and the remaining hours in the terms are billed at a discounted hourly rate.
What is a private IP address and what is it used for?
A private IP address is an IP address that is not reachable over the internet. You can use private IP addresses for communication between instances in the same VPC network.
When you launch an instance in instance, what type of IP address does EC2 automatically allocate to the instance?
A private IP address.
A public IP address assigned to your instance is assigned from where and belongs to whom? What happens to the public IP address once your instance is stopped or terminated?
A public IP address assigned to your instance is assigned from Amazons pool of public IPv4 addresses and is not associate with your AWS account. Once you instance is terminated or stopped, the public IP address is released back into Amazons pool of public IP addresses.
What is a public IP address and what is it used to for?
A public IP address is reachable from the internet and is used for communication between your instances and the internet
When you launch an instance, we allocate what network level information is automatically allocated to your instance?
A public and private IP address and an internal and external DNS hostname.
What is a security group?
A security groups acts as a virtual firewall that controls the traffic for one or more instances.
What is actually happening under the covers when you launch an EC2 instance?
A virtual machine is reserved for the instance on a server managed by Amazon.
What security feature can AMI''s backed by EBS take advantage of?
AMI's backed by EBS volumes can take advantage of EBS encryption. Snapshots of both data and root volumes can be encrypted and attached to an AMI.
How are AWS regions connected to each other?
AWS regions are completely isolated from each other.
In each AZ, how are participating data centres connected to each other?
AZ's in a region are connected to each other over redundant low-latency private network links.
How are Availability zones in a region connected to each other?
AZ's in a region are connected to each other through low latency private fiber links.
What is an Elastic IP address?
An Elastic IP address is a public IP address that is allocated to your account.
What are the default rules for default security groups?
Allow all inbound traffic from instances associated with the default security group and allow all outbound traffic from the instance.
What are the default rules for a custom security group?
Allow no inbound traffic and allow all outbound traffic
What is Amazon EC2?
Amazon Ec2 is a web service that provides resizable compute capacity in the cloud.
What analogy would you use describe EC2, a Host and an Instance?
Amazon Ec2 is similar to the Hilton Hotel. Each suite in the hotel is a Server with each room within a suite being an instance.
What is an Elastic IP Address?
An Elastic IP address is a static IP address which is reachable from the internet and is associated to your AWS account.
By default, when are Amazon Linux AMI's configured to download and install security updates?
Amazon Linux AMIs are configured to download and install security updates at launch time.
What does an AMI include?
An AMI includes a template for the root volume for the instance (For example, an application server and other applications), Launch permissions and block device mapping that specifies the volumes to attach to the instance when its launched.
What is an Amazon Machine Image (AMI) and can you give an example of an AMI can contain?
An AMI is a template that contains a software configuration. An AMI can contain an OS, application server or application).
What is an AWS Region and what does it consist of?
An AWS Region is a geographical location with a collection of availability zones.
What is an Amazon Machine Image (AMI)
An Amazon Machine Image (AMI) is a template that provides the information required to launch an instance.
You would like to mask the failure of an instance or software by rapidly remapping an IP address to another instance in your account. What kind of IP address do you need associated to your AWS account to enable this?
An Elastic IP Address.
You require a persistent public IP address that can be associated to and from instances as you require. What should you use?
An Elastic IP address.
What are the main benefits of an Elastic IP address?
An Elastic Ip address is persistent and can be associated to and from instances as you require.
What is an IAM policy?
An IAM policy is a JSON document that consists of one or more statements.
What is an Availability zone?
An availability zone is a logical data centre in a Region.
What is an availability zone?
An availability zone is an isolated location inside a region.
In addition to a public IP address, what else is an instance given?
An external DNS hostname that is resolved to the public and private IP address of the instance.
What problem does IAM roles resolve?
Applications must sign their API requests with AWS credentials. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM Roles.
What are the two limitations of using dedicated hosts?
Auto Scaling and RDS instances are not supported.
If your instance is using an instance store volume, why do you lose data stored on an instance store volume if your instance fails, is stopped or terminated?q
Because data stored on an instance store volume is actually stored on the virtual machine hard drive on the host server.
By default, what do security groups allow?
By default, security groups, allow all outbound traffic.
What do CPU credits provide?
CPU credits provide the performance of a full CPU core for a minute when using T2 instances.
What applications are compute optimised instances ideal for?
Compute optimised instances are ideal applications that require high performance processors such as patch processing and media transcoding workloads.
What type of hardware resources does each instance type offer?
Compute, Memory and Storage (CMS)
What are the two major differences between instances backed by EBS and Instances backed by Instance Store?
Data persistence. Data stored on EBS volumes persist after instance termination. Data stores on Instance store, persist after instance termination. Upgrading. Kernel, RAM disk and other resources can be upgraded while EBS backed instances are running, while instance store backed instances are fixed for the life of an instance.
https://quizlet.com/218987264/edit#addRow
Default Security Groups.
What type of root device storage device volume persists even after the instance that it is attached to is stopped and or restarted?
EBS Backed Instance.
What are the two root device storage options that are available to AMI's?
EBS or Instance Store.
What can you launch from AMI's with encrypted root volumes and snapshots.
EC2 Instances with encrypted volumes.
Which key does EC2 store and which key do you store?
EC2 stores the public key only, and you store the private key.
What does EC2 use to map the public IP address of an instance to the private IP address of an instance?
EC2 uses NAT to map the public IP address of an instance to the private IP address of an instance.
What are the elements that make up an IAM policy?
Effect, Action. Resource and Condition
To prevent accidental instance termination, what must you do?
Ensure that the "disableApiTermination" attribute is set to true for the instance.
How are AWS regions connected to each other?
Every AWS Region is physically isolated from and independent of every other Region.
What can you launch from an AMI?
From an AMI, you can launch an instance, which is a copy of the AMI running as a virtual server int he cloud.
You have selected a "All Upfront" option for your reserved instance. How are you billed?
Full payment is made at the start of the term, with no hourly charges incurred.
Can you list the Instance Families that EC2 provides?
General Purpose, Compute Optimised, Memory Optimised, Storage Optimised and Accelerated Computing (GCMSA)
What is the difference between HVM AMI's and PV AMI's?
HVM AMI's are fully virtualised and can take advantage of underlying hardware extensions provided by the host. On the other hand, PV AMI's are not completely virtualised because the instance requires a special boot loader called PV-GRUB to start the boot cycle before the virtualised instance is loaded. Also, PV AMI's cannot take advantage of hardware extensions provided by the host.
For fast performance, what virtualisation types does AWS recommend using?
Hardware Virtual Machine (HVM)
What is the purpose of IAM roles?
IAM roles allow your applications to securely make API requests from your instances without requiring you to manage the security credentials that the applications use.
It has come to your attention that you have under-utilised instances with EBS and instance store volume root devices. What can you do?
If the root device for your instance is an EBS volume, you can change the size of the instance by simply changing its instance type. If the root device for your instance is an instance store volume, you must migrate your application to a new instance with the instance type that you need.
What is the purpose of default security groups?
If you don't specify a security group when you launch an instance, the instance is automatically associated with the default security group.
Can you explain what "Security groups are stateless" means?
If you send a request from you instance, the response traffic for that request is allowed to flow in regardless of inbound security rules set.
What happens if i use all of my CPU credits?
If your instance uses all of its CPU credit balance, performance remains at the baseline performance level.
You have latency sensitive application that you would like to run on EC2. Can you give an example of a latency sensitive application and what you can do to maximise the network bandwidth?
In order to maximise network bandwidth of streaming applications on EC2, such as videos on your website, you should launch instance types into placement groups.
Can you explain EC2 to a non-techie?
In the past, a server was like a very expensive hotel. It had only one big room and only one person could stay there. This hotel is like a single server hosting a single operating system. Half the time the occupant of the hotel is out on conferences. He is rarely in his hotel room. He only uses the room when he sleeps. The room is horribly under-utilised. This is similar to the server running a single OS that we mentioned earlier. It's only ever utilised 5 to 10% of the the time. Then on day, someone came up with the idea. Why dont we divide this large room in multiple rooms? Each could be a different sized room offering different qu alities of service depending on the occupant and privacy. This hotel is called Virtualization. It allows multiple people Mr SAP, Mr SQL and MR Exchange to all live in the same hotel separately. Amazon Ec2 takes this to a whole new level of efficiency. Amazon Ec2, allows multiple people to not only live in the same hotel, but allow multiple people to live in the same hotel room by further subdividing the the hotel room into multiple smaller rooms.
What are the 5 access methods that you can access EC2?
Management Console, CLI, HTTP API or SDK's.
What applications are memory optimised instances ideal for?
Memory optimised instances are designed to deliver fast performance for workloads that process large data sets in memory. Example, are SAP HANA and high performance relational databases such as MySQL.
By default, when you launch an instance in a VPC, EC2 assigns a public and private IP address and an internal and external DNS hostname. You would like to change this default behaviour, to ensure that instances launched into a VPC, by default, do not receive a public IP address. What should you do?
Modify the public IP address attribute of your subnet.
Can you stop an EC2 Instance-store backed instance?
No you cant. EC2 instance store backed instances are either running or terminated.
You would like to optimise your costs based on your needs. What are the instance purchasing options that EC2 provides?
On Demand Instance, Reserved Instances, Scheduled Instances, Spot Instances, Dedicated hosts and dedicated instances.
What are the virtualization types that Linux Amazon Machine Images use?
Paravirtual (PV) or hardware Virtual Machine (HVM).
What are the benefits of using Amazon Linux?
Popular AWS command line tools for AWS integration are included in Amazon Linux.
For each security group rule, what do you specify?
Protocol, Port Range, ICMP Type, Source and Destination.
What does EC2 use to encrypt and decrypt login information?
Public key cryptography
What does public key cryptography use to encrypt a piece of data such as a password and what does it use to decrypt the data?
Public key cryptography uses a public key to encrypt a piece of data, such as a password, then the recipient uses the private key to decrypt the data.
You can select AMI's based on 5 characteristics. What are they?
Region, OS, Architecture (32-bit vs 64-bit), Launch permissions and storage for the root device.
What does a reserved instance provide you with? What is the general misconception that people have about reserved instances?
Reserved instances provide you with a significant billing discount compared to On-Demand instance pricing. Reserved instances are not physical instances.
As your needs change, you might find that your instance is over or under utilised. What can you do?
Resize your instance.
What can root volumes and snapshots be encrypted with?
Root volumes and snapshots can be encrypted with either your default AWS KMS customer master key (CMK) or with a custom key that you specify.
You have workloads that do not run continuously such as batch jobs that run at the end of the week. You would like to receive a billing discount on the EC2 instances that you launch. Which instance purchasing option should you select and which should you not select? Also explain the rational behind the instance purchasing option that you wouldn't select.
Scheduled reserved instance enable you to purchase capacity reservations that recur on a daily, weekly or monthly basis, with a specified start time and duration for a one year term. That way you are paying for the time that the instances are scheduled, even when you do not use them. Even though reserved instances provide you with a discounted hourly rate, you will also be charged when the instance is not being used.
What are security groups associated with?
Security groups are associated with the primary network interface (eth0) of the instance.
You would like to apply the latest security updates to your instance. What are the security updates provided by?
Security updates are provided via the yum repositories.
You have a secure AMI that you would like to make available to other teams in your organisation. What should you do?
Share your AMI with specific AWS accounts without making the AMI public.
What do Spot Instances enable you to do?
Spot instances enable you to bid on unused EC2 instances, which can lower your EC2 costs significantly.
What applications are storage optimised instances suitable for?
Storage optimised instances are designed for workloads that require high sequential read and write access to very large data sets on local storage. Hadoop distributed computing implementations that crunch large numbers of numbers to catch tax cheats is an example.
What are T2 instances designed to provide?
T2 instances are designed to provide moderate baseline performance and the capability to burst to significantly higher performance as required by your workload.
What kind of workloads are T2 instances well suited for?
T2 instances are well suited for general purpose workloads that don't use the full CPU often but occasionally need to burst such as web servers, dev environments and small databases.
When you launch an instance, what determines the hardware of the host computer used for your instance?
The Instance Type.
What are the AWS Regions available in the Asia Pacific region?
Tokyo, Seoul, Singapore, Sydney and Mumbai.
Why would someone choose to build applications using the SDK over the HTTP API?
The SDK provides the capability to build applications using language specific-API's instead of submitting a request over HTTP or HTTPS.
What is the cloud-init package? What is cloud-init used for? Can you give an example?
The cloud-init package is an open source application built by Canonical. Cloud-init is used to bootstrap Linux images in cloud computing environments. It enables you to specify actions that should happen to your instance at boot time. You can use cloud-init to add a users public SSH key to the ../ssh/authorized_keys for easy login and administration.
Once you disassociate an Elastic IP address from a resource, what happens to the Elastic IP Address?
The disassociated IP address remains allocated to your account until your explicitly release it.
By whom and how are hourly prices for spot instances set?
The hourly price for Spot Instances is set by Amazon and fluctuates depending on the supply of and demand for spot instances.
Which key crypto system and bit rate does EC2 use for key pairs?
The keys that EC2 uses are 2048-bit SSH-2 RSA keys.
Anyone that possess this key can decrypt your login information. Which key is this?
The private key.
The rules of a security group control what kind of traffic?
The riles of a security group control the inbound traffic thats allowed to reach the instances that are associated with the security group and the outbound traffic that is allowed to leave them.
The root device for your instance contains the image used to boot the instance. Under the covers, can you describe where the root device resides?
The root device for your instance that is used to boot your instance resides on the reserved virtual machines hard drive.
Can you name the AWS regions available in Asia Pacific?
Tokyo, Seoul, Singapore, Sydney and Mumbai.
Do T2 instance CPIU credits expire?
Unused earned credits from a given 5 minute interval expire within 24 hours after they are earned.
Why would my organisation use EC2?
Using Amazon EC2, eliminates your need to invest in hardware upfront.
What are virtual computing environments known as in EC2? Can you give an analogy?
Virtual computing environments are known as instances in Ec2. Instances are similar to rooms within a hotel suite.
When should you use spot instances?
When you can be flexible about when your applications can run and are able to be interrupted.
When you launch an instance, what is the purpose of a root device volume.
When you launch an instance, the root device volume contains the image used to boot the instance.
When do you associate a security group with an instance?
When you launch an instance.
What use cases require the assignment of multiple private IP addresses to an instance?
When you would like to host multiple websites on a single server by using multiple SSL certificates on a single server and associating each certificate with a specific IP address. Or operate network appliances such as firewalls or load balancers.
What happens, when your T2 instance requires more CPU resources than its base performance level allows?
When your T2 instance requires more CPU resources than its base performance base allows, it uses credits from the CPU credit balance to burst up top 100% utilization.
When do your spot instances run?
When your bid exceeds the current market price.
You have selected a "No Upfront" option for your reserved instance. How are you billed?
You are billed a discounted hourly rate for every hour within the term that you selected.
When you select an EC2 instance of a particular type, what is actually happening under the covers?
You are selecting to reserve a virtual machine from a pool of virtual machines that have different CPU/Storage and Memory.
If you have several users that require access to a particular instance, what can you do to enable this?
You can add user accounts to your instance and create a key pari for each user and then add the public key from each key pari to the .ssh/authorised_keys file for each user of the instance.
You have created a customised private AMI and made the AMI available to other teams for use in your organisation. How can you make it easy to share your newly created AMI so users don't have to spend time finding your AMI in order to use it?
You can create a bookmark that allows a user to access your AMI and launch an instance in their own account immediately.
Can you give a real life example of how IAM Roles can help?
You can use IAM roles to grant permissions to applications running on your instances that needs to use a bucked in Amazon S3.
After you create and register an AMI, what else can you do with it?
You can use it to launch new instances.
What kind of rules can you NOT create with security groups? What kind can you create?
You cannot create rules that deny access. You can only create rules that are permissive.
You must launch your T2 instances using what type of root device store?
You must launch your T2 instances using EBS volumes as the root device.
You would like to determine the hardware of the host computer used for your instance. What must you select?
You must select the instance type.
What do you need to access EC2 using the command line tools or an API?
You need your access key ID and secret access key.
By default, what kind of security group does your AWS account come with?
Your AWS account automatically has a default security group per VPC.
What is an Elastic IP address allocated to?
Your AWS account.
Can you draw a sample IAM policy that restricts access to a specific region,? Ensure you include all of its elements and describe each element.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html
