Chapter 2 Compute and Networking Flashcards

1
Q

List instance families

A
  1. general purpose (balance)
  2. compute optimized (high cpu specs)
  3. memory optimized (RAM, in memory DBs, etc)
  4. storage optimized (large DBs with high I/O throughput)
  5. accelerated computing (GPUs, FPGA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Can you change specs on an EC2 instance?

A

Yes, but you must stop the instance and reconfigure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can you increase the size of an EBS volume?

A

Yes, but you can’t decrease the size.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What happens to EBS snapshots?

A

They are auto replicated across AZs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does AWS do for you automatically in terms of EBS?

A

It auto replicates the volume in the same AZ as your EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Are AMIs manages regionally or globally?

A

regionally

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who is default user for Linux EC2 instances? For Windows?

A

Linux: ec2-user
Windows: Administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

For attached EBS volume, what happens when EC2 instance is terminated?

A

The EBS volume is deleted if it the root volume.

Other EBS volumes will persist. This can be changed by modifying the default behavior: ‘DeleteOnTermination’.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the EC2 IMDS?

A

Instance Meta Data Service. Service running locally on EC2 instance (169.254.169.254) which exposes meta data about the instance (ipv4, hostname, security-groups, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an instance profile?

A

Container for an IAM role. It is assigned to one or more instances (but individual instances can only pertain to one instance profile)

When instance profile is configured, EC2 service periodically refreshes instance’s role based credentials (via STS). The credentials are retrieved from the instance via the IMDS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Cloudwatch based alternative to recover a failing instance?

A

CloudWatch Alarm can apply the recover instance action when instance is impaired

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How to supplement built in instance metrics?

A

Install CloudWatch agent on instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AWS Transit Gateway

A

Centrally manage connectivity b/t many VPCs and on prem environment(s)

Hub and spoke model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Virtual Private Gateway

A

Allows direct connection b/t VPC and corporate network via VPN or AWS Direct Connect

Precursor to AWS Transit Gateway?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Does instance lose its private ipV4 address when it stops?

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Does instance lose its public ipV4 address when it stops?

A

yes

17
Q

What service allows more control over managing IP address-instance association?

A

Elastic IP

18
Q

What is ‘dual-stack’ mode?

A

A setting in VPC which allows both ipV4 and ipV6. resources can communicate with v4, v6, or both

19
Q

method by which network traffic exiting a subnet is routed

A

via a Route Table. Subnets associate by default with the ‘main routetable’

20
Q

constituent parts of a route are…

A

destination (ip address) and target (local, domain)

21
Q

what is mechanism by which an instance can communicate with another instance in a VPC

A

via a local route

22
Q

enumerate difference b/t security groups and NACLs

A
  1. SG is for EC2 instances whereas NACL for VPC
  2. SG stateful, NACL not (traffic flow not setup without inbound/outbound rules)
  3. SG can only allow broad categories of traffic, NACLs can allow/deny specific types of traffic
23
Q

default Amazon NACL behavior

A

allow all inbound and outbound traffic

24
Q

main difference b/t public and private VPC?

A

public VPC is connected to an internet gateway

25
Q

What is NAT in context of AWS?

A

Allow instances in private subnet to make outbound connections without exposing those instances to inbound connections. Achieved via NAT gateway. All instances share same public IP address.

26
Q

how to monitor VPC traffic?

A

via VPC Flow Logs which can be streamed to CloudWatch logs or stored as log files in S3

27
Q

how to automatically run script on instance at launch?

A

user data which come in 2 flavors:

  1. shell script
  2. cloud-init directives
28
Q

Public vs Private subnet

A

Public: route table entry forwards to internet gateway

Private: route table entry to NAT gateway or NAT instance

29
Q

What happens to an attached EBS volume when the EC2 instance is stopped?

A

The data in the volume is persisted.

30
Q

What are lifecycle events that can occur for an instance in a ‘running’ state?

A

Start, stop, reboot