Section 5: EC2 Fundamentals
What should be used if you want your EC2 instance to call other AWS services?
Instance Roles
True / False - EC2 Instance Connect relies on SSH?
True, you still need to allow port 22 in your security group in order to use Instance Connect
What are the properties that make up a security group rule?
Type, Protocol, Port Range, Source, Description
What are some EC2 sizing & configuration options needed in order to setup
CPU, RAM, Storage, Networking, Security
True / False - Convertible reserved Instances allow you to change the EC2 instance type (ex: change t2.micro to c5.xlarge)
True
True / False - Security group rules can reference by IP or by other security groups
True
True / False - You are billed per second, after the first minute for Linux, while all other Operating Systems are billed per hour
True
Describe each port (22, 21, 22, 80, 443, 3389)
22 = SSH (Secure Shell) - log into a Linux instance 21 = FTP (File Transfer Protocol) - upload files into a file share 22 - SFTP ( Secure File Transfer Protocol) - upload files using SSH 80 - HTTP - access unsecured website 443 - HTTPS - access secured website 3389 - RDP (Remote Desktop Protocol) - log into a Windows instance
These instance types are great for compute-intensize tasks that require high performance processors (Batch processing workloads, media transcoding, high performance computing - HPC, ML, game servers)
Compute optimized
You can use this configuration option to configure EC2 instances at first launch
EC2 User Data
What is AWS EC2?
Elastic Compute Cloud (IaaS) - rentable virtual machines
True / False - All inbound and outbound traffic is blocked by default.
False - All inbound traffic is block by default, while outbound is authorized by default.
True / False - Spot Instances are suitable for critical jobs or databases.
False - You can "lose" spot instances at any point of the time if your max price is less than the current spot price.
True / False - The EC2 User Data script is run every time your EC2 instance restarts?
False - its only run once at the instance first start
True / False - For EC2 Reserved Instances, you can specify anytime between 1-3 years as the reservation period?
False - reservation periods can ONLY be 1 year OR 3 years
True / False - Security Groups only contain deny rules while Network Access Control Lists (NACL) contain allow AND deny rules?
False, Security groups only contain allow rules
True / False - You can use the same security group in multiple regions / VPC combinations
False, security groups are locked down to a region / VPC, you will need to re-create a new security group.
True / False - You can only have one security group attached to one EC2 instance at a time?
False, you can attach a security group to multiple instances AND an instance can have multiple security groups.
These instance types are great for a diversity of workloads such as web servers or code repositories
General purpose
These instance type is used for high performance for workloads that process large data sets in memory (RDS/NoSQL DBs, cache stores, in-memory DB for BI, real-time processing of bid unstructured data)
Memory optimized
What are the 3 purchasing options for EC2 Reserved Instances?
No upfront, partial upfront, all upfront
Name the 4 Instance Purchasing Options
On-Demand, Reserved, Spot Instance, Dedicated Hosts
What instance purchasing option is best used for short-term and un-interrupted workloads, where you can't predict how the application will behave?
On-demand
Why would you want to use Dedicated Hosts?
Physical server to yourself - To address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses (BYOL)
If your application is not accessible (time out), what is likely the cause?
Security group issue
What network security acts as a firewall around EC2 instances and controls how traffic is allowed into or out of EC2 instances?
Security groups
What is EC2 Instance Connect?
Service that allows you to connect to your EC2 instance in a shell in the browser.
What EC2 purchasing option is the most cost efficient and provides a discount of up to 90% compared to On-demand?
Spot Instances
This instance type are great for storage-intensive tasks that require high, sequential read and write access to large data sets on local storage (OLTP systems, Relational/NoSQL DBs, Cache for in-memory DBs, data warehousing applications, file systems)
Storage optimized
If you get 'bad permissions' and denied access to SSH into your ec2 instance, what is the command to modify permissions of your pem key file?
chmod 400 <pemfile>.pem
Can you describe the naming convention for EC2 instances. What does m5.2xlarge mean?
m: instance class 5: generation xlarge: size within the instance class
Describe the command to ssh into an EC2 instance from the terminal?
ssh -i <path-to-pem-key> ec2-user@<public-ip-address>