AWS Part 2 (101-200) Flashcards
You use the Amazon CloudWatch as primary monitoring system for web app. After a recent software deploy, your users are getting intermittent 500 internal server error when using web app.
You want to create the CloudWatch alarm and notify on-call engineer for when this occurs. How can you accomplish this using AWS services?
Create CloudWatch logs to define metrics of 500 internal error, and create alarm using SNS to notify on-call engineers of error
You are designing a multi-platform web app for AWS. The app will run on EC2 instances and will be accessed from PC’s, tablets, and smart phones. Supported platforms are Windows, MacOS, iOS, and Android. The Sticky Sessions and SSL cert are separate setups required for different platform types.
Which describes the most cost effective and performance efficient architecture setup? Two things.. A. S.
Assign EC2 instances running components of web app to multiple ELB’s. One ELB change for each platform type.
Set session to sticky.
ELB = Elastic Load Balancing
You’re migrating a legacy client-server app for AWS. The app responds to specific DNS visible domain (e.g. www.example.com) and server 2-tier architecture, with multiple applications for the servers and database. Remote clients use TCP to connect to the app of servers.The application servers need to know the IP address of clients to function properly and are currently getting that info from TCP socket. A Multi-AZ MySQL instance will be used for database. During the migration, you change app code but you have to file a change request.
How would you implement the architecture on AWS in order to maximize on scaling and availability?
2 Steps mainly… FCR IPP - E TL & PP 2AZ
- File a change request to implement Proxy Protocol support in the app.
- Use ELB with TCP Listener and a Proxy Protocol enabled to distribute the load on 2 app servers in different AZ’s
Bonus: What is the difference between 2 tier and 3-tier architecture?
A two-tier DB architecture either buries the application logic within the server database, on the client (inside the UI), or both of them. A three-tier DB architecture buries the process or application logic in the middle-tier. Thus, it acts as a separate entity from the Client/ User Interface and the data Interface.
Your app currently leverages AWS auto-scaling to grow and shrink as a load increases/decreases, and has been performing well. Your market team expects a steady ramp up in traffic to follow an upcoming campaign resulting in 20x growth in traffic over 4 weeks. Your forecast for approximate number of EC2 instances needed to meet peak demand is 175.
What should you do to avoid potential service disruptions during the ramp up in traffic?
Check service limits in the Trusted Advisor and adjust as necessary
Then the forecast count remains within the limits.
You have web app running on 6 EC2 instances, consuming 45% of resources on each instance. You are using the auto-scaling to make sure that 6 instances are running at all times. The number of request this app processes is consistent and does not experience spikes. The app is critical to the business and you want high availability at all times. You want the load to be distributed evenly between all instances. You also want to use the same AMI for all instances.
What architecture choice should you make? Couple things to mention here…
Deploy 3 EC2 instances to one AZ and 3 more in another AZ.
Use ELB - aka Amazon Elastic Load Balancer.
You are designing an app that has protected health info. Security and compliance requirements on the app mandate all protected health info use encryption at rest and in the transit mode. The app uses a 3-tier architecture, where data should flow through the load balancers and is stored on EBS volumes for processing. The results are stored in S3 using an AWS SDK.
What satisfies the security requirements?
Hint=T.S.O.
- TCP load balancers
- SSL termination on AWS to create EC2 instances
- OS-level disk encryption on EBS volumes
*- - The S3 with server-side encrytion and SSL termination on load balancers
- SSL listener on the Amazon to create EC2 instances
- EBS encryption on the EBS volumes containing PHI and S3 with a server-side encryption.
A Startup deploys it’s photo-sharing site in a VPC. An elastic load balancer distributes web traffic across 2 subnets. Then the load balancer set to stickiness is configured to use AWS-generated session cookie with TTL of 5 min. The web server to change auto-scaling group is configured as min-size=4, max-size=4. The Startup is preparing for a public launch by running the load-testing software installed on single EC2 instance - that’s running in us-west-2a. After 60 min of load-testing, the web server logs shows attached screenshot:
Which recommendations can be helpful to ensure load-testing HTTP requests are evenly distributed across 4 web servers?
Result is to reconfigure the load-testing software to re-resolve the DNS for each web request
To serve webtraffic for a popular product, the CFO and IT Director have purchased 10 m1.large heavy utilization Reserved Instances evenly spread across 2 AZ’s. Route53 is used to deliver traffic on ELB. After several months, product grows even more popular and need to add capacity. As a result, comapny purchases 2 c3.2xlarge medium utization instances. You register the 2 new c3 instances with ELB and quickly find that the ML of large instances at 100% capacity and the c3.2xlarge instances have significant capacity unused.
Which option is most cost effective and uses EC2 capacity most effectively?
Use a separate ELB for each instance type
Distribute load to ELB’s with Route53 weighted round-robin
AWS customer is deploying a web app that is composed of front-end running EC2 confidential data and stored on S3. The customer Security policy is that all accessing operations to this sensitive data must authenticate and authorize by centralized access management system, and operated by separate Security team. In addition, the web application team owns and admins the EC2 web-front instance and prohibited from ahving any ability to access data that circumvents this centralized access management system.
What are configuration that will support these requirements?
Have web app provisioned as trusted to users STS tokens, entitling download of approved data directly from S3.
Role???
Enterprise customer is starting their migration to the cloud. Their main reason is agility and want to make their internal Microsoft AD available to the many apps running on AWS. This is so internal users only have to remember one set of creds and as a central point users take control for the leavers and joiners.
How could they make their AD secure and highly available with minimal on-premise infrastructure changes, most cost and time efficient way?
By using a VPC, they could create extention to their data canter and make use of resilient hardware IPSEC tunnels. They could then have 2 domains considered to controller instances that are joined to existing domain and reside within the different subnets in different AZ’s.
What is Cloud Computing?
What is it, what things are accessed from it, and why is it beneficial?
Provides services to access the following over internet browser, client-side app on PC/laptop, or mobile without installing, updating and maintaining
* programs
* apps
* storage
* network
* servers
Why do we go for Cloud Computing?
6 main things mentioned here… (LINBED)
- Lower computing cost
- Improved Performance
- No IT Maintenance
- Business connectivity
- Easily Upgraded
- Device Independent
What are the deployment models used in Cloud Computing?
4 main models mentioned here…
Private Cloud
Public Cloud
Hybrid Cloud
Community Cloud
Explain Cloud Service Models
3 main types mentioned here… (*AAS types and about them)
SAAS - Software As A Service: Software distribution model in ehich apps are hosted by a vendor over the internet for the end user. Free of complex software and hardware management. (ex. Google Drive, DropBox)
PAAS - Platform As A Service - Provides platform and environment to allow devs to build apps. Free of building and maintaining an infrastructure. (ex. AWS Elastic Beanstalk, Windows Azure)
IAAS - Infrastructure As A Service - Provides virtualized computing resources over the internet, like CPU, Memory, Switches, Routers, Firewall, DNS, Load Balancer (ex. Azure, AWS)
What are the advantages of Cloud Computing?
6 main things mentioned here… (P.S.E.H.I.G.)
- Pay per use
- Scalability
- Elasticity
- High Availability
- Increased speed and agility
- Go global in minutes
What is AWS?
What is it and what does it offer?
AWS is a secure cloud services platform offering -
* compute
* power
* database
* storage
* content delivery
- to help business scale and grow
What is meant by Region, AZ and Edge Locations?
Regoin: Independent collection of AWS resources in a defined geography, and collection of Data Centers (AZ’s). AZ’s in a region are connected by high bandwidth.
AZ’s: Simply a data center. Designed as independent failure zone. High speed connectivity, low latency.
Edge Locations: Important part of AWS infrastructure. CDN endpoints for cloud front to deliver content to end users with low latency.
CDN = Content Delivery Network
How do you access an AWS platform?
3 main ways mentioned here…
- AWS Console
- AWS CLI
- AWS SDK
What is CLI & SDK?
What is EC2 and what are the benefits?
2 descriptors and 4 main benefits
Elastic Compute Cloud
Web service that provides resizable compute capacity in the cloud
Virtual servers also called instances on pay per use basis
Benefits: Easier and faster, alastic and scalable, high availability, cost-effective
What are the pricing models available in AWS EC2?
4 main models mentioned…
On-Demand
Reserved
Spot
Dedicated
What are the EC2 types available?
5 main EC2 instance types mentioned
General Purpose
Computer Optimized
Momeory Optimized
Storage Memeory
Accelerated Computing
What is AMI, and what are the types?
Amazon Machine Image -
Special virtual appliance used to create virtual machine with EC2. Defines initial software used in an instance when launched
Types:
* Publish by AWS
* AWS Marketplace
* Generated from exisiting instances
* Uploaded virtual server
What is some addressing info in EC2 instances?
At least 3 things
Public DNS name - Used to access the Public IP
Public IP - Assigned by AWS reserved, non changeable
Elastic IP - Unique and persistent until user releases it
What is a Security Group?
Allows you to control traffic in and out of instances through “virtual firewall”.
Control traffic based on port, protocol, and source/destination
When does your instance show a retired state?
Only available in Reserved Instances - after 1 or 3 years
Scenario: My EC2 instance IP address changed automatically while instance stop and started.
What is the reason for that in an explained solution?
Aws assigned Public IP changes dynamically when instance stopped and started.
Can use EIP (Elastic IP) to create a static type IP and keep it until released.
What is Elastic Beanstalk?
Fastest and simplest way to get an app up and running on AWS.
Developers simply upload code and service automatically handles all details such as:
* Resource provisioning
* Load balancing
* Auto-scaling
* Monitoring
What is Amazon Lightsail?
What is it and 5 things about it?
V.S.D.D.S.
Designed to be easiest way to launch and manage a virtual private server with AWS.
Lightsail plans include everything needed to jumpstart a project…
* Virtual machine
* SSD based storage
* Data transfer
* DNS management
* Static IP (EIP)
What is EBS?
Elastic Block Store
Provides persistent block level storage columes for EC2 instances.
EBS is auto replicated within it’s AZ to protect component failure
Varies in performance tpyes and prices
How do you compare EBS volumes?
compare 3 types mentioned here - type, size, and IOPS
- Magnetic volume - lowest performance type and cost
EBS volume size: 1GB to 1TB
Average IOPS: 100 IOPS
Max throughput: 40-90MB - General Purpose SSD - cost effective storage, billed based on space provisioned
EBS volume size: 1GB to 16TB
Maximum IOPS: up to 10,000 IOPS
Max throughput: 160MB - Provisioned IOPS SSD - for intense & highest performance, more costly
EBS volume size: 4GB to 16TB
Maximum IOPS: up to 20,000 IOPS
Max throughput: 320MB
What is cold HDD and Throughput-optimized HDD?
- Cold HDD: For less frequently accessed workloads, much less expensive
EBS volume size: 500GB to 16TB
Maximum IOPS: 200 IOPS
Max throughput: 250MB
- Throughput-optimized HDD: Low cost designed for frequent throughput-intensive workload access - (Ex. Big data warehouse)
EBS volume size: 500GB to 16TB
Maximum IOPS: 500 IOPS
Max throughput: 500MB
What are EBS-optimized instances?
Ensures EC2 instance is prepared to take advantage of I/O in the EBS volume.
Uses an optimized configuration stack and provides additional dedicated capacity for EBS
When selected, is an hourly charge for that instance
What is an EBS Snapshot
Couple answers to discuss here
- Can back up data on EBS volume, incrementally
- First snapshot may take time to create, being point in time copies of volumes
How can you connect EBS volume to multiple instances?
We can’t connect EBS volumes to multiple instances, but we CAN connect mutiple EBS volumes to single instance!
What are the virtualization types available in AWS?
2 things mentioned here
Hint = H. P.
Hardware assisted Virtualization: HVM instances
Full set of virtual HW, executing MBR of root block device, and is default virtualization
Para Virtualization: AMI image
Special boot loader called PV-GRUB, greater performance but cannot take advantage of other HW extensions (Networking, GPU, etc)
How do you differentiate Block Storage from File Storage?
Block Storage: Operates at lower, raw storage device level
- Manages data as a set of numbered, fixed size blocks
File Storage:Operates at higher, OS level
- Manages data as named Hierarchy of files and folders
What are the advantages & disadvantages of EFS?
4 advatantages / 3 disadvantages
What is EFS?
Advantages:
1. Fully managed service
2. File system grows & shrinks automaticallt to petabytes
3. Can support thousands of condurrent connections
4. Multi-AZ replication
Disadvantages:
1. Not available in all regions
2. Cross region capability not available
3. More complex to provision compared to S3 & EBS
Elastic File System
What are the things we need to remember while creating S3 buckets?
5 things to remember…
Hint: S. B. B. C. C.
- S3 bucket names
- Bucket names must be unique across all AWS
- Bucket names can contain up to 63 lowercase letter, number, hyphens
- Can create and use multiple buckets
- Can have up to 100 buckets per account
What are the storage classes available in S3?
4 classes mentioned here
- S3 Standard
- S3 Standard-IA (Infrequent Access)
- S3 RRS (Reduced Redundancy Storage)
- S3 Glacier
Explain Amazon S3 lifecycle rules?
Significantly reduce storage costs by auto transitioning data from one storage class to another - or delete it
ex.
- Store backup data initially in S3 Standard
- After 30, transtion to Standard-IA
- After 90 days, transition to Glacier
- After 3 years, delete
I’m not catching your meaning of AMI. What does it incorporate?
AWS formatted machine that gives data as…
- app server
- working framework
- applications
… required to play out the dispatch of the occasion
