Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

DevOps 101 Skills > AWS Q&A > Flashcards

AWS Q&A Flashcards

1
Q

How would you design a resilient system in AWS?

A

To create a design to fail system, you have to create a backup database. In AWS its very easy to replicate a database and create a backup database. In case of failure, we can immediately switch to the backup database. And the backup database would always be synced up to the master database.

So, for a “Design to fail” system there are certain characteristics that have to be in place.

  • Follow a Pessimistic Approach
  • Automated Recovery
  • Handle Design, Execution and Deploy Failures

Pessimistic Approach: You have to follow a pessimistic approach when are designing an architecture in the Cloud. You have to assume that things would fail.

Automatic Recovery: To handle such failure, you would have to create a system that would have Automatic Recovery from failure. So we would have to create an inbuilt Automatic Recovery mechanism in a “design to fail” system.

Handle Design, Execution and Deploy Failures: Also AWS should be designed to automatically recover from Design, Execution and Deploy state failures. When all these 3 stages of failures are handled, the system can handle any failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What Are The Tools In AWS that Can Be Used For Creating A System Based On a “Design To Fail” principle?

A
  • Elastic IPs
  • Availability Zones
  • Amazon RDS – RDS provides deployment
  • Machine Image
  • Amazon CloudWatch
  • AutoScaling
  • Amazon EBS
  • Automated BackUps
  • Elastic IPS

AWS provides many tools to create strong system based on a “design to fail” principle. Some of these are Elastic IPs. We can failover gracefully using EIPs in AWS. An Elastic IP is a static IP that is dynamically remappable. We can quickly remap and failover to another set of servers, so that application traffic is routed to that new set of servers. It’s also very useful when we want to upgrade from, or move to a new version of software.

• Availability Zones

Availability Zones For a design to fail system we can use multiple availability zones to introduce resiliency in an AWS system. An Availability Zone is like a logical datacenter. By deploying applications in multiple availability zones, we can ensure high availability, so even in the eventuality of failure in a zone, our system remains available in other zones.

• Amazon RDS – RDS provides deployment

Then we have an option of Amazon RDS and RDS provides deployment functionality to automatically replicate database updates across multiple Availability Zones. So with this we have always the backup database ready.

• Machine Image

Then we have Machine Image. This is called an Amazon Machine Image AMI, where we can maintain an AMI to restore and clone the environments easily in a different Availability Zone. As soon as system is down in one environment, we can start it up in the next environment. So we can use multiple database slaves across Availability Zones.

• Amazon CloudWatch

Amazon CloudWatch. This is a real time open-source monitoring tool in AWS that provides visibility on AWS Cloud. So with monitoring, you will know that when the system is going to fail and you can take the corrective action. So that way we can take the appropriate actions, in case of hardware failure or performance degradation by setting up alerts on CloudWatch.

• AutoScaling

Then we have AutoScaling. We can create an AutoScaling group to maintain a fixed number of servers. In case of failure or performance degradation, unhealthy Amazon Instances are replaced with new ones. So we can use AutoScaling. Whenever we need to scale the system up or down.

• Amazon EBS

Amazon EBS. We can set up Cron jobs to take incremental snapshots of the database and upload it automatically to Amazon S3. In this way data is persistent independent of the instances, so we can use EBS for that.

• Automated BackUps

And we can also set up the Automated Backups; We can set the retention period for how long a backup will be kept. And then we can perform the automation backups that introduce resiliency in the system, where even if there is a failure, the backup can bring the system back.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Basic Design Concepts Part 2 - Data Proximity Principle

Why is it recommended to keep dynamic data closer to the compute, and static data closer to the end user in Cloud computing?

A

Compute Data - Server - Static Data - User

I. Keep the right kind of data at the right place
II. Static images near end-user
III. Processing data near backend server

This is a basic question on the design of a system in cloud computing, which is widely used in AWS, where they ask Is that why dynamic data is closer to the compute, where computation takes place, and why static data is closer to the end user. So first, you need to understand the data proximity principle. We have a server and the user.

The user has to access the static data, and the server has to accept compute data. So, in general proximity principle if we keep the right kind of data at the right place, it can help build an excellent enterprise software system. The purpose of keeping dynamic data closer to compute resources is that it can reduce the latency while processing. So if the dynamic data is near to the computer, you don’t need to spend time in moving it near to the server. There is no need for servers to fetch data from remote locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between Region, Availability Zone and EndPoint in AWS?

A
  • AWS Region
  • Availability Zone
  • EndPoint

I. A Region Can have multiple Availability Zones
II. Low-Latency in Availability Zones of a region
III. An EndPoint is an Entry point.

Region: In AWS, every Region is an independent environment. It’s like an isolated datacenter.

Availability Zones: Within a region we can have multiple Availability Zones. This is the difference between Regions and Availability Zones. Every Availability Zone is an isolated area, but there are Low-Latency Links that connect one Availability Zone to another within a region. So with that, the data transfer between two Availability Zones of the same region is very fast.

EndPoint: An EndPoint is just an entry point for a web service. It is written in a URL form. It’s like HTTPS, dynamodb.us, to Amazon aws.com. So this is an endpoint for Amazon DynamoDB service. So most of the AWS services they offer an option to select a Region and find for incoming requests. So for services, you can use a regional endpoint. Many services like IAM do not support Regions, so their EndPoints do not have a Region. So, that’s how Region. Availability zone and EndPoint differentiate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the important features of Amazon, S3?

A
  • Unlimited Storage
  • Object Based Storage
  • 99.999999999% durability
  • Buckets
  • Unique Bucket Names
  • File Size

In Amazon S3 there are many features. S3 is mainly a storage service. It’s called a Simple Storage Service, hence S3. Some of it’s features are it provides unlimited storage for files, and you can store unlimited data as of now in S3. S3 is object-based storage so you store things like an object in S3. S3 claims that they deliver 99.99%, durability. So chances of losing data are very low.

In S3 you have to store the data in buckets, and the names of the buckets in S3, have to be unique, globally. You cannot have things like common bucket names across the Regions. You have to pick unique bucket names. The file size in the S3 can vary from zero bytes to five terabytes. So although you can store unlimited number of objects, but the size can vary up to five terabytes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the main limitations on buckets created in AWS S3?

A
  • 100 buckets per account
  • Transfer Ownership
  • Number of objects
  • Bucket inside another bucker
  • DNS Compliant names

So the limitations in Amazon S3 are you can support like up to 100 buckets by default. So a user, by default can create a maximum of a hundred buckets. If you want to increase this limit, you can submit a request to overcome this limit.
Another thing is that we cannot transfer ownership of bucket to another account. So the ownership remains with the person who created it. You can give access to others, but you cannot transfer the ownership.
There’s no limit to the number of objects that can be stored in a bucket, the objects are like files, and the number of files that can be stored in a bucket are limitless. There’s no limit for that.
Also, we cannot create a bucket inside another bucket you cannot have a transitive kind of relationship here, where you create a bucket inside another bucket. It’s not allowed in S3.
Another restriction by Amazon S3 is that all the bucket names have to be DNS compliant in all regions. You cannot have bucket names with spaces and like non-DNS compliant names. So you have to deal with all these limitations. If you follow these rules, you can get the maximum benefit out of Amazon S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between Amazon S3 and Amazon EC2?

A

These are 2 popular products from AWS.
• S3 is a Storage Service
• EC2 is a computing environment

Amazon S3: is a storage service in the Cloud. It is used to store large amount of data files, and these files can be Image Files, PDF. These are the static data, or these can be dynamic data that is created during the runtime, but we just store it and access it.

Amazon EC2: EC2 is a remote computing environment that runs in Cloud. This is an environment where our servers run, so we can install our software and operating system, in an EC2 instance, and we can use it to run our web servers, application servers, database servers. You can run these servers in EC2.

S3, on one hand is like a hard disk in cloud, and EC2 is like a processor in cloud. So we use both of them in combination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the different Tiers in Amazon S3 storage?

A 
There are 3 different Tiers in Amazon S3
•	Standard Tier
•	Standard-Infrequent Access
•	Reduced Redundancy Storage
Standard Tier: In this Tier S3 supports durable storage of files that become immediately available. As soon as you write, you are able to read them. This is generally used for frequently used files.

Standard-Infrequently Access: In this tier, the S3 provides durable storage that is immediately available but in this tier, files are infrequently accessed and infrequently used. This is a cheaper option and is cost effective.

Reduced Redundancy Storage: In this tier, S3 provides the option to customer to store data at lower levels of redundancy. Data is copied in multiple locations but not like Standard Tier, and the numbers of locations are limited, and this is the cheapest option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the difference between Volume and a Snapshot in AWS?

A

Volume: In AWS, a “Volume” is a durable block level storage device that can be attached to a single EC2 instance. Simply put, it is like a hard disk on which we can write, or read from, and a computing resource can be attached to it.

Snapshot: A “Snapshot” is created by copying the data of a volume to another location at a specific time. We can even replicate the same snapshot to multiple Availability Zones.

A snapshot is a single point in time view of a volume. What is stored in that volume at that point of time, can change later on. A snapshot doesn’t change. We can create a snapshot only when we have a volume. Also, from a Snapshot we can create a new volume.

In AWS, we have to pay for storage that is used by a volume, as well as the one used by snapshots. So, if you create a volume you have to pay for the storage of the volume. And if you take a snapshot out of that volume, then you have to pay for that snapshot, storage as well. These are the main differences between volume and snapshot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the difference between Instance Store, and EBS?

A

• Persistence
• Encryption
Instance Store: The main differences are that Instance Store data is not persisted for long-term use. If the Instance terminates or fails, we can lose that Instance Store data.

EBS: Any data stored in EBS is persisted for a longer duration. Even if an instance fails, we can use the data stored in EBS to connect it to another EC2 Instance. Also, encryption EBS provides a full volume encryption of data that is stored in it.

Instance Store: Is not considered good for encrypting data. So, if you want fast data, and the data doesn’t matter to you much, then you can go for Instance Store. Whereas if you really want encryption you want to purchase the data for a longer duration, you have to go for EBS Elastic Block Store.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does Amazon EC2 work?

A

EC2 (also known as Elastic Compute Cloud) is a computing environment that is provided by AWS. It supports a highly scalable computing capacity in AWS.

Behind the scene, not transparent to us, we do not know the server is doing, but it provides a very high computing capacity with some kind of an IOS. So instead of buying hardware for servers, we can use Amazon EC2 to deploy our application. We don’t need to buy hardware and install an IOS before using it, because EC2 is a complete computing suite. So there is no need to buy and maintain hardware within our own datacenter. We can just rent the Amazon EC2 servers. Based on our varying needs, we can also use as few, or as many Amazon EC2 instances.

If you want to scale up or scale down, you can do that. It even provides AutoScaling options, in which the instances scale up or down based on the load and traffic spikes. So that is another good option, and it is easy to deploy applications on EC2. It provides automated deployment.

Also, we can configure security and networking in Amazon EC2 much easily than in our own custom datacenter. So there are so many benefits of EC2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the difference between Stop and Terminate in an Amazon EC2 instance?

A
  • Stop an Instance
  • Terminate an Instance

The Stop and Terminate are two different things in EC2. So, what is the difference between them? First, we will address stopping an instance.

Stop an Instance: When we stop an instance, it performs a normal shutdown and moves into a stopped state. This instance can be restarted again at a later point in time. So, a stopped instance can be restarted again. We are not charged for additional instance hours when an instance goes to a stop state.

Terminate an Instance: When we terminate an Instance, the normal shut down takes place, and all the attached Amazon EBS volumes are deleted. In other words, all the connected data are deleted. The exception would be if we call the Delete on termination attribute as false, then the volume will not be terminated; otherwise, all volumes will be terminated and deleted. Once deleted, it can never be started again. So, when we stop an instance we can start it again, but in terminate, it’s not possible to start it again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the main uses of Amazon Elastic Compute Cloud (EC2)?

A
  • Easy Configuration
  • Control
  • Fast Reboot
  • Scalability
  • Resilient

The main uses of EC2 is first, it provides a scalable computing resources for creating a software infrastructure. It is very easy to deploy an application in EC2.

So the main uses are:

Easy configuration: We can easily configure our servers in EC2 and manager capacity. So, if you want to easy configuration, you can just go to EC2.

Control: EC2 also provides complete control of computing resources, even to developers. We don’t need special skills or special ops people for getting access to the EC2. Even developer people can access. The users can run the EC2 environment according to his or her system needs. So whatever needs you have, you can create an environment to accommodate you needs.

Fast reboot: It’s very fast to reboot an instance in EC2. So, because of the fast reboot the overall deployment, and development time is reduced in EC2.

Scalability: In EC2 we can create a highly scalable environment, based on the load that is expected with our application. So scalability is very good option and in EC2 and we don’t need to worry about that.

Resilient: It is very easy to create and terminate servers in EC2. Due to this, we can develop resilient applications in EC2. So basically, if we can create and terminate servers whenever we want, then it ultimately it provides resiliency to the application.
So just to give a recap, the main uses of EC2 are as follows, Easy Configuration, Control, Fast reboot, Scalability and Resiliency of the whole system. So these are the main uses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

So what are Spot instances in Amazon EC2?

A

What is the difference between spot instance, and on-demand instance in Amazon EC2? This is a follow up question, just to test your knowledge

Spot Instance: Spot instance and On Demand Instance are very similar in nature and they can be used for a similar purpose. The main difference is in their commitment. In spot instance, there is no commitment from either side, be it ours or from the AWS side. As soon as the bid price exceeds the spot price, or whenever the bid rises more than spot price, the new user will get the instance.

On Demand Instance: With an On-demand instance, a user has to pay the On-demand rate specified by Amazon. Once they buy the Instance to use, they continuing to pay the rate they bought it for from Amazon. In the spot instance, once the spot price exceeds the bid price, Amazon will shut it down and give it to new highest bidder. The benefit to the user is that they will not be charged for the partial hour in when instance was taken back from them. So, for the partial hour they are not charged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Auto-Scaling and how does it work?

A

This is not only an operations question, nowadays its also asked for developers.

Auto Scaling: Auto scaling is the ability of a system to scale itself automatically.

Based on triggers like the crashing of a server or low performance and high traffic, a system can automatically scale up or scale down.

AWS extensively supports Auto Scaling. It provides tools to create, configure and automatically start new instances without any manual intervention. As the name suggests, auto scaling takes place without any manual intervention.

Also, we can set the thresholds at which new instances will fire up. Or we can monitor the matrix like APA response time, number of requests per second, and based on these metrics, let the AWS provision and start new servers. “If you they asked you a definition, then you can just say,” Auto Scaling is the ability of a system to scale itself automatically based on the triggers like crashing of a server or low performance, or high traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What and how are Amazon Machine Image (AMI) and an Amazon Instance related?

A

AMI vs. Instance

AMI: An AMI is the template of Machine that is used to create an Instance.

Instance: An instance is used to denote the hardware of the server that is used for an instance.

AMI: Amazon Machine Image (AMI) is a template in which we can store the configuration of a server. It can be an operating system (OS), application server, web server, etc.

Think of it like a template. For example, in a Word template you can generate multiple letters and documents. Likewise, with AMI, the same way, you can use the same template to create different kinds of servers.

However, AMI in itself is not a server. An Instance is the actual server that is built by using an AMI. So Amazon instances are like a server, and it typically runs in Amazon AWS cloud. It’s mainly for AWS Cloud.

We can launch multiple types of instances from the same AMI. This is actually a good difference. You can have only one AMI, but from that single AMI you can create different kinds of instances. You can have different computing and memory configurations in each instance. For example, you can have an instance for Dev, another for QA, or for Prod environment. It may have different configurations but be from the same template. The same AMI can launch multiple instances.

Instance: So, now lets look at an Instance. What is an Instance? An instance is used to denote the hardware of the server that is used for an Instance. In each instance, there can be different capabilities, and we can work on an Instance the way we can work on any other server. However, on AMI, you cannot work. So that is the main difference.

AMI can be used to create an Instance on which we can work. An AMI is just a template of the machine - this is what you have to use in the interview.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a VPC and what are the benefits of using a Virtual Private Cloud in AWS

A

A VPC - Virtual Private Cloud is a network that is logical isolated from other networks in the cloud.

It allows you to easily customize your networking configuration.

It allows you to have your own IP address range, internet gateways and security groups.

The benefit of VPC is that it helps in aspects of cloud computing like privacy, security and preventing loss of proprietary data.

Subnets: A subnet can be thought of as dividing a large network into smaller networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What’s the difference between a VPN, VPS, and VPC?

A

A VPN makes the private network (such as a company network) of an entity accessible through public infrastructure, primarily the internet. A VPN can allow users to exchange data efficiently across shared or public networks, as though they are directly linked to the private network.

A VPN privately connects to a virtual network to prevent unauthorized traffic interception and allow efficient flow of data without incurring heavy costs of constructing a physical private network or corporate intranet infrastructure.

A VPS refers to the sharing of computing resources of a main host in a data center. Since a single host is partitioned into several virtual compartments where each unit is capable of functioning independently, each ‘instance’ is what is called a virtual private server.

A VPC, or virtual private cloud, is similar to a VPS. But where a VPS uses a fixed portion of a server with fixed resources, a VPC can manage large numbers of virtual machines and are not limited to a single, fixed-resource server. Users are not bound by the limitation sof the underlying hardware.

Furthermore, VPCs allow their users to manage their own service. They can turn servers on and off at their leisure. This allows an hourly pricing model instead of a monthly one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is AWS Lambda?

A
  • Run Code
  • No Server Provision
  • AutoScale
  • High Traffic

Run Code: AWS Lambda is a service from Amazon to run a specific piece of code in Amazon Cloud, without provisioning any server, so there is no effort involved in administration of servers, so we don’t have to buy a server for this process. We just have to run the code in AWS Lambda, and we are not charged, until our code starts running. Therefore it is a very cost effective solution to run code.

AutoScale: Also, AWS Lambda can automatically scale our application. When the number of requests to run the code increases. So we do not have to worry about scalability of application to use AWS, Lambda.

High Traffic: Lambda can handle very high traffic by AutoScaling.

No Server Provision: There’s no provisioning of servers. So all these things make AWS Lambda a very desired service from Amazon.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the main use cases for AWS Lambda?

A
  • Web Application
  • Internet of Things (IoT)
  • Mobile Backend
  • Real Time Stream processing
  • ETL
  • Real time file processing

Web Application: We can integrate AWS Lambda with other AWS services to create a web application that can scale up or down, with zero administrative effort for server management backup, or scalability it makes very good use of that.

Internet of Things: With the Internet of Things, we have applications, and we have machines, which have connectivity. So AWS Lambda, can be used to execute a piece of code on the basis of an event in the device. So there are different devices, and millions of devices can trigger an event and AWS Lambda can be used to run those events.

Mobile backend. We can create backend applications for mobile apps by using AWS Lambda. So that’s another use where backend applications can be run for mobile apps, and they’re a large number of mobile devices. So that can be used for that.

Real Time stream processing: We can use AWS Lambda, with Amazon Kinesis for processing real time streaming data. That is another use of Lambda whereby, if you have streams, then those streams can be connected to the Lambda, and based on any events in the streams, the code can run.

ETL: we can use AWS Lambda for Extract Transform and Load operations and data warehousing applications where Lambda can execute the code that can validate the data, filter the information, sort the data, transform data from one form to another form. It’s a very good use of AWS Lambda.

Real Time file processing: In Amazon S3, if we have a file, whenever there is any update on that file, AWS Lambda can be triggered by an event, and that event can do the processing of the file. For example, let’s say we upload an image file, then it can be converted into a thumbnail, index file, or a new format where you can make a video out of the images. So those kinds of things can be done in the real time by AWS Lambda.

21
Q

What is a Serverless Application in AWS?

A

A Serverless Application: is a combination of Lambda functions, event sources, and other resources that work together to perform tasks.

In AWS, we can create applications that are based on AWS Lambda. These applications are composed of functions that are triggered by an event and there’s no requirement to provision servers. AWS Lambda is called Serverless application in AWS, because no servers are provisioned.

When should you consider not using Serveless?

I.	Your Workloads are Constant
II.	You Fear Vendor Lock-In
III.	You Need Advanced Monitoring
IV.	You Have Long-Running Functions
V.	You Use Unsupported Language
22
Q

What is Amazon CloudFront?

A
  • Content Delivery Network (CDN)
  • Accelerated Delivery of Web Content
  • Integrate With Other AWS Product
  • Improve Performance of Web Applications

CloudFront is a Content Delivery Network service of very high performance, and it is very fast. CloudFront is useful to deliver content across the world. It can be used to accelerate the delivery of a website API’s or video content, etc. like in Netflix, to deliver the movie streams across the world.

We can integrate CloudFront with the other Amazon Web Services, so this provides a very good solution for web based application where you are integrating CloudFront with that other services of Amazon. It is also very useful service for Amazon, to improve the performance of your application. Let’s say you have a web application which is hosted at some other datacenter, and you want to improve the performance, then you can bring it to CloudFront and start using other features of the AWS like ElasticCache, Geotargeting to improve the performance.

23
Q

What are the main features of Amazon CloudFront?

A
  • Device Detection
  • Protocol Detection
  • Geo Targeting
  • Cache Behavior
  • Cross Origin Resourse Sharing

Device Detection: Some of the main features of the CloudFront are device detection. We can use our device to detect where the requests are coming from. That way, we can sometimes tailor our content according to the device. For exmple, if it’s a request from coming from an iPad, you can send a video which is best suited for the iPad display. Also, if a request comes from a low-end smartphone, you deliver content suitable for that kind of phone. If the request is coming for a projector or a PC then likewise, you would delivery content that is applicable to the device.

Protocol Detection: With Protocol Detection, we can even detect the protocol with how our content is getting access in the CloudFront. That also helps in using the fastest strategy or the best strategy for that protocol.

Geo Targeting: We have specific locations from where the requests are originating, we can use Geo Targeting for targeting the content to those areas.

Cache Behavior: Then we have Cache behavior how Caches are behaving.

Cross Origin Resource Sharing: This is a like high level topic for this. And we will not go much detail into that.

24
Q

What are CloudFront Events?

A

CloudFront Events:

  • Viewer
  • Viewer Response
  • Origin Request
  • Origin Response

What are the different types of events, triggered by Amazon CloudFront?
In Amazon CloudFront there are different types of events that can be triggered
which can be used by the application, one is…

Viewer Request: When an end user, or the client program makes an HTTPS request to the CloudFront. This event is triggered at the Edge location which is closer to the end user. So we can tell that the viewer has sent a request.

Viewer Response: Then we have viewer response, like when it CloudFront server is ready to respond to a request. This event is triggered that the response is ready and we are going to send it.

Origin Request: When the CloudFront server does not have the request object in its Cache, the server is forwarded to the origin server. So if it is not in the Cache or a region, or the Edge location, then we go to that original server, and at this time an event is triggered.

Origin Response: After the origin request, the origin is going to respond, then an event is triggered.

25
Q

So what are the important components of IAM?

A
  • IAM User
  • IAM Group
  • IAM Role
  • IAM Permission
  • IAM Policy

IAM User: The important component of IAM are like the ones in the diagram. We have IAM User which is a basic thing. An IAM user is a person or a service that will interact with an AWS. You can sign into AWS Management Console to perform tasks. The users are entities that have permission to access specific resources in the AWS environment.

IAM Group: IAM Group is just a collection of Im users. We can specify permission to an IAM Group. This helps in managing a large number of IAM Users. So by using a Group, you can manage large number of users and you can granting permissions specific to them. Otherwise you’ll have to give it to the every person.

Also, we can simply add or remove an IAM user in a Group, and then you don’t need to give permission to each user every time a user is added. We just have to give permission to a group. And then with adding and deleting or removing a user, the group will manage the permissions.

IAM Role: IAM Role is an identity, to which we give permission. We can create a role, and the Role does not have any credentials. The Role will not have a password or access key, we just give permissions to the Role. We can temporarily give an IAM role to an IAM User, so that the user can perform certain tasks and AWS. So User authentication is based on the password or access key of the user. But the User access can be based on the role that is assigned to a User.

IAM Permissions: In IAM, we can create two types of permissions. One is Identity Based Permission, and second is Resource Based Permission. Permission can be created to access or perform an action on an AWS Resource, and we can assign a permission to a User, Role, or a Group. We can also create permissions on Resources, like S3 bucket, Glacier Vault etc., and we can specify who has access to that Resource. So permission is something like a privilege that is given to the Users, Groups and Roles.

IAM Policy: An IAM policy is a document in which we list permissions to specify the actions, resources and effects. Policies are generally in a JSON format document, JavaScript, and we can attach a policy to an IAM User or a Group. That way we can manage the permissions in the IAM. These are the components which are mainly used in IAM.

26
Q

What are the important points about AWS IAM?

A
  • New User
  • Access Key
  • API Login
  • Universal Application
  • Root Account

New User: A new User in IAM does not have any permission. So, this is a important point one has to remember. A new User by default did not have any permission. They can log in, they can log out. They can be authenticated based on the User’s password, but they will not have any permission to do anything.
Access Key: So, AWS assigns a Secret Access Key to a new user but the access key cannot be used to log into the AWS console. You can log in using your user password, but you cannot log in by using the access, because access keys are used to access AWS via an API, or a Command Line Interface – CLI. So using an API, you can log in, and you have to specify the access key.

And another important point is that IAM is a universal application, so even if your application is deployed across multiple regions in AWS, the IAM will remain the same, because it’s universal. When we first set up our AWS account, we get a Root Account that has complete admin access. So that is another thing to bear in mind that the first User you create is the Root Account which will have the admin access. Later on, you can create more users, and you can start granting permissions and privileges to those users. You can also elevate the permission of somebody to that of admin user. So, these are the important points that one has to remember, while dealing with IAM related questions. We’ll have more questions about security in further topics, but this is one of the important things that we covered here.

In this section we will study about more questions and security. We have questions on Security Practices, User Security Management. If you don’t do this.

27
Q

How will you manage multiple users, and their access rights with Amazon IAM?

A
  • Security Credentials
  • Password Setup
  • Least Privilege
  • Grant Unique Credentials

AWS Identity and Access Management IAM is a web service in AWS Cloud. It provides us API’s to create multiple users and manage their permissions on AWS resources. Using these API’s and the tools, we can manage the user security management.

Security Credentials: A user in AWS is an identity with unique security credentials that can be used to access AWS services and resource.

Password Setup: With IAM, we do not need to share password or access keys. With Security Management, you can easily enable or disable users access as per the configuration, because each user has a different password or different access key.

Least Privilege: Also, we can implement the best practices of security in IAM by giving users the least privileges required for them to perform their job. It’s not good practice to give users all the privileges by default. It’s always best to try to give them the least privilege that is required to do their job.

Grant Unique Credentials: We have to grant unique credentials to every user with an AWS account. It is strongly advised against sharing passwords. Besides, there’s like no need to share credentials, because AWS can generate passwords and keys which can use to create unique credentials that are separate for each person and each role. Also this way, it’s very easy to pinpoint where any security issues may have originated. So that is why assigning unique credentials to users enables us to manage security issues with IAM.

In this section on Security, because it’s an important topic, we have multiple sections to study on Software Security and Encryption. So questions around these two topics are…

28
Q

What are the best practices of Software Security in Cloud?

A
  • Protect Data in Transit
  • Virtual Private Cloud
  • Protect Data at Rest
  • AWS Credentials
  • Credentials in AMI
  • Key Rotation

Software Security has some best practices. Earlier, we studied the General Security best practices for the User Management and are now this regarding Software Security Infosec. It’s also called infosec.

Protection Data in Transit: First on the list, you have to protect the data in transit. During the transmission of data from one place to another, we should use Secure Socket Layer SSL. This is also called Transport Layer Security TLS. This is usually done by HTTPS protocol. To do this, we need a certificate from a deputed Certification Authority, like VeriSign. Based on the certificate, the server can be authenticated by a client browser. This is how we protect the data in transit.

Virtual Private Cloud: Then we have a Virtual Private Cloud. We can create a Virtual Private Cloud by using Amazon VPC. This can help us in isolating the servers and logically within the AWS Cloud, similar to our colocated datacenter, we can create a VPC. This ensures that data transfer is secure within our Virtual Private Cloud, and we have peace of mind knowing that we can communicate from one server to another server within a VPC without worrying much about the security.

Protect Data at Rest: In case we have sensitive information like Date of Birth, SSN, Passwords, by regulatory law, we have to encrypt the data, so that even if someone gets a copy of the data, they cannot decrypt it easily. There are many encryption policies like this in Amazon S3, where we have best practice to always store the encrypted data in a sensitive way.

AWS Credentials: This is a best practice which many times people ignore. They store the key along with the data on the same instance. You should never do this. In AWS there are different types of credentials, we have access keys that are used for accessing REST API. Since these keys are sent over the web, we should use HTTPS protocol, so that they cannot be compromised or tampered with during the transit. So these keys are very important to be safeguarded. Some people make the mistake of embedding AWS credentials in Amazon Machine Image. We should never do this. We should always try to pass these credentials as an argument during the launch of an AMI. When we launch an AMI, it’s best we pass fully validate one’s credentials, rather than storing it to the AMI so that whoever gets the access to the image, can also get hold of the credentials too.

Key Rotation: We should keep rotating the secret access key on a regular basis, so that even if it is compromised, it cannot be used after the duration of the key having expired.

29
Q

When should we use Amazon DynamoDB versus Amazon S3?

A

DynamoDB: In Amazon, we have DynamoDB as well as S3. So, Dynamo DB is used for storing structured data. The data in Dynamo DB is also indexed by a primary key for fast access. Reads and writes in Dynamo DB have very low latency, due to the use of SSD. Because of the partitioned SSD the reads and writes are very fast.

Amazon S3: Is mainly used for storing unstructured binary large object based data. If it’s a binary data, it’s unstructured, and it does not have a fast index like DynamoDB. So, we should use Amazon S3 for storing objects with infrequent access requirements which are not access very fast. Another consideration is the size of data.

In Dynamo dB, the size of an item can be a maximum of 400 kilobytes, whereas in Amazon S3, you can have an object as large as five terabytes. So, if you have a large image, that kind of data can be stored in S3. DynamoDB is more suitable for storing small objects with frequent access, and S3 is ideal for storing large objects with infrequent access, and that is how we decide between DynamoDB and S3.

30
Q

What is your daily role as a DevOps Engineer?

A

DevOps Daily Role

  1. I Check my Email/Jira Tickets - I usually start my day with checking my email, and Jira Tickets, based on requirements.
  2. I Check Notifications from Monitoring Systems – I would ensure there is no unattended, or untouched notification line. If it’s unattended I would fix it. I will add new tasks. If there’s anything specifically that needs my attention, like an unaddressed notification. I’d fix it.
  3. I ensure that there is no critical alert unattended - I would ensure that there is no critical alert unattended. If there is an alert generated from monitoring systems, and nobody has acknowledged that alert, if it’s within my remit, I would fix it myself or I will to escalate it to the Senior DevOps Lead.
  4. I Provide help and support to the entire DevOps team – I provide help and support to the developers
  5. I provide support for the productions servers – If there’s an ongoing problem with the production servers, I am usually responsible for that and I resolve to fix the problem.
  6. Create Jenkins jobs for Deployment - If a new component is scheduled to go live, or if I have to modify the existing eg. Adding on a couple more servers. I would ensure it is done.
  7. Automation Admin Repetitive Task Primary Responsiblity - You need to create new so that is your day to day task. Then after automation admin repetitive task. If an admin is performing tasks same test every day the admin is performing.
  8. Supporting existing infra and Creating New Servers - I provide support for all the servers that exists within the environment, and create new servers when required. For example, if there is a new development going on, and there is a need to provide servers for development, I would determine what operating system is required, the size of the hard drive, obviously I would have a discussion with developers, but yes ultimately I decide what type of software will be running on that and how to it’s going to be installed. So that will be your task.
  9. Deployment code on Dev and Prod Servers - I’m also deploy code on Dev and Prod servers, based on the requirement and based on the particular scenario, you will deploy your code I use use Jenkins pipeline.
    In CodeDeploy, a deployment is the process, and the components involved in the process, of installing content on one or more instances. This content can consist of code, web and configuration files, executables, packages, scripts, and so on. CodeDeploy deploys content that is stored in a source repository, according to the configuration rules you specify.
  10. Checking for proper Approvals before code is released - Then I check for proper statements of approval before any deployment onto the production environment, so statements like UAT = User Acceptance Test. QAT = Quality Assurance Test, Security Approval should be there, and moreover, my tech team needs to give me the final greenlight before deployment.

I am Responsible for

  1. Build and Release Process
  2. Managing GIT Branches
  3. Automation (Jenkins/Ansible)
  4. Server & Application Support
  5. Ensuring Backup and Creating Backup Policy
31
Q

What is versioning?

A

So versioning means when you want to upload on file with the same name multiple times and you want to like have all the versions of that file like we are using it for software development in the same manner. We can use it. So, that is versioning

32
Q

What can I do with Amazon S3?

A

Amazon S3 stores data as objects within resources called “buckets”. You can store as many objects as you want within a bucket, and write, read, and delete objects in your bucket. Objects can be up to 5 terabytes in size.

33
Q

What is Amazon EC2 (Amazon Elastic Compute Cloud)?

A

Amazon Elastic Compute Cloud (Amazon EC2) is the Amazon’s web service that enables secure, scalable and resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.

34
Q

What you can do with Amazon EC2?

A

Amazon EC2 provides you with virtual computing environment and the means of creating instances i.e. virtual machines on the AWS infrastructure.

  • With Amazon EC2’s Elastic Web Scale Cloud Computing, you can increase or decrease capacity within minutes, not hours or days. You can commission one, hundreds, or even thousands of server instances simultaneously.
  • You can establish complete control on your computing resources and control your instances while interacting with instances as well. You can stop any instance, restart the same instance, reboot instances remotely.
  • Using Amazon EC2 you can develop and deploy applications faster and eliminate your need to invest in hardware up front.
  • With Amazon EC2’s simple web service interface you can obtain and configure capacity with minimal friction.
  • You can reduce the time required to obtain and boot new server instances to minutes, and quickly scale capacity, both up and down, as your computing requirements change.
  • You can change the economics of your computing by paying only for actual capacity usage.
  • Get tools to build failure resilient applications and to isolate them from common failure scenarios.
35
Q

What is AWS Auto Scaling?

A

AutoScaling monitors your application and automatically adjusts the capacity to maintain steady predictable performance at the lowest possible cost.

It is available at no additional cost. You only pay for the AWS resources needed to run your application and Amazon CloudWatch monitors.

AWS Auto Scaling is a service that allows automatic and safe scaling of multiple AWS resources, required to optimize the performance of your applications. It automatically tracks and adjusts scaling of compute resources.

As demand spikes, the AWS Auto Scaling service can automatically scale those resources, and, as demand drops, scale them back down.

36
Q

What is Amazon RDS?

A

Amazon RDS stands for Amazon Relational Database Service, which is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity, while managing time-consuming database administration tasks, freeing you up to focus on your applications and business.

This web service gives you access to the capabilities of a familiar MySQL, MariaDB, Oracle, SQL Server, or PostgreSQL database. This means that the code, applications, and tools you already use today with your existing databases should work seamlessly with Amazon RDS.

Amazon RDS can automatically back up your database and keep your database software up to date with the latest version.

You benefit from the flexibility of being able to easily scale the compute resources or storage capacity associated with your relational database instance. In addition,

Amazon RDS makes it easy to use replication to enhance database availability, improve data durability, or scale beyond the capacity constraints of a single database instance for read-heavy database workloads. As with all Amazon Web Services, there are no up-front investments required, and you pay only for the resources you use.

37
Q

Why do you want a managed Relational Database Service like Amazon RDS?

A

Because it takes over many of the difficult or tedious management tasks of a relational database:

  • When you buy a server, you get CPU, memory, storage, and IOPS, all bundled together. With Amazon RDS, these are split apart so that you can scale them independently. If you need more CPU, less IOPS, or more storage, you can easily allocate them.
  • Amazon RDS manages backups, software patching, automatic failure detection, and recovery.
38
Q

What is DynamoDB?

A

Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It’s a fully managed, multi-region, multi-master, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications.

DynamoDB can handle more than 10 trillion requests per day and can support peaks of more than 20 million requests per second.

Many of the world’s fastest growing businesses such as Lyft, Airbnb, and Redfin as well as enterprises such as Samsung, Toyota, and Capital One depend on the scale and performance of DynamoDB to support their mission-critical workloads.

Hundreds of thousands of AWS customers have chosen DynamoDB as their key-value and document database for mobile, web, gaming, ad tech, IoT, and other applications that need low-latency data access at any scale. Create a new table for your application and let DynamoDB handle the rest.

39
Q

Benefit of DynamoDB

A

DynamoDB is serverless with no servers to provision, patch, or manage and no software to install, maintain, or operate.

DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance. Availability and fault tolerance are built in, eliminating the need to architect your applications for these capabilities.

40
Q

What is AWS?

A

Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.

It provides customers with a wide array of cloud services. Running web and application servers in the cloud to host dynamic websites.

AWS offers compute power, database storage, content delivery and various other functionalities.

41
Q

What are the components of AWS

A

Monitoring = Cloudwatch
Content Delivery = CloudFront
Management = AWS Management Console
Compute = Elastic Compute Cloud (EC2) Elastic Load Balancing, AutoScaling
Storage = Simple Storage Service (S3) AWS Import/Export
Messaging = Simple Queue Service
Payment = Amazon Flexible Payment Service. (FPS)

42
Q

What is ELB Elastic Load Balancer?

A

Elastic Load Balancing (ELB) is a Load Balancing Service or (AWS) deployments. It automatically distributes incoming application traffic and scales resources to meet traffic demands.

So in other words, the Elastic Load Balancer accepts incoming traffic from clients and routes requests to its registered targets (such as EC2 instances) in one or more Availability Zones.

The Load Balancer also monitors the health of its registered targets and ensures that it routes traffic only to healthy targets

43
Q

What is AWS CloudTrail?

A

AWS CloudTrail is an AWS service that helps you to enable governace, risk auditing and compliance of your AWS account.

CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console. It records actions taken by the role, user, or AWS service.

44
Q

What is MFA in AWS?

A

AWS Multi-Factor Authentication (MFA) is the practice of requiring two or more forms of authentication to protect AWS resources.

It is an added security feature available through Amazon Identity Access Management (IAM) that strengthens surname and password credentials.

45
Q

What is Route 53?

A

Route-53 is a higly available and scalable Domain Name System (DNS) web service.

Route 53 effectively connects user requests to infrastructure running Using Amazon Route 53 Traffic Flow’s simple visual editor, you can easily manage how your end-users are routed to your application’s endpoints—whether in a single AWS region or distributed around the globe.

46
Q

What are Key Pairs?

A

Secure pairs are secure login information for the EC2 Instances.

Key pairs are used to connect to the Instance. We use key pairs that cotin a public key and private key

47
Q

What is AWS CloudWatch?

A

Amazon CloudWatch is a monitoring and management service that provides data and actionable insights for AWS, hybrid, and on-premises applications and infrastructure resources.

With CloudWatch, you can collect and access all your performance and operational data in form of logs and metrics from a single platform.

48
Q

How does AWS CloudWatch work?

A

How Amazon CloudWatch Works. Amazon CloudWatch is basically a metrics repository. An AWS service—such as Amazon EC2—puts metrics into the repository, and you retrieve statistics based on those metrics.

You can configure alarm actions to stop, start, or terminate an Amazon EC2 instance when certain criteria are met.

DevOps 101 Skills (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions