Domain 3: Deployment, Provision and Automation

Question 1

Bastion Host Tips

Answer 1

Connect to Private Instances. A bastion host enables you to connect to private instances in your VPC from an unstrusted network using SSH or RDP.

. A bastion host is in a public subnet and is reachable from the internet.

. You need to configure the security group associated with the private subnet to enable SSH / RDP access from the bastion

Question 2

EC2 Image Builder

Answer 2

. Automates the process of creating and maintaining AMI and Container Images.

. Select a base OS image, customize by adding software, test, and distribute to your chosen region.

Question 3

Load Balancers

Answer 3

.Application Load Balancers: HTTP/HTTPS. Intelligent load balancing. Route requests to a specific web server based on the type of the request.

. Network load balancer: It provides high-performance balancing TCP traffic.

. Classic load balancer: The legacy option that supports both HTTP/HTTPS and TCP.

. Gateway Load Balancer: Provides load balancing for third-party virtual appliances, like firewalls, intrusion detection and Prevention Systems.

. X-Forwarded-For: if you need the IPV4 address of your and user, look for the X-Forwarded-For header.

Question 4

Elastic Load Balancer CloudWatch Metrics

Answer 4

HealthyHostCount
UnhealthyHostCount
Request count
TargetResponseTime
HTTP Status Codes

Question 5

Access Logs load balancer.

Answer 5

Access Logs for load balancer are not enabled by default, we need to activate them.

. They are encrypted by default and stored in a S3 bucket and decrypted when we access them.

Question 6

Sticky sessions

Answer 6

. Sticky sessions override the algorithm and are really useful cause it uses a cookie to identify a session and send the requests to the same session for the same target.

. It really usefu ,for applications that cache information locally on the web
server.

. It’s common for shopping carts, online forms, a learning website which we don’t want to log out our customers halfway through a task.

Question 7

Load Balancing based On IP Addresses

Answer 7

Elastic Load Balancer allows you to balance traffic to targets based on IP addresses.

. Register Targets: when we register our EC2 targets, we can use their instance ID or private IP Address.

. Use Cases: EC2 instances that have multiple IP addresses, and resources that are accessed using an IP, example: RDS.

Question 8

Troubleshooting cloudformation

Answer 8

.Insufficient permissions: add permissions for the resources you are trying to create, delete or modify.

. Resource Limit Exceeded: Request a limit increase or delete unnecessary resources and retry.

. Update_ROLLBACK_FAILED: Fix the error causing the failure and retry.

Question 9

CloudFormation StackSets

Answer 9

It can Create, delete and Update cloudformation stacks across multiple AWS accounts and regions using a single operation.

. Resource Access Manager: allow you to share resources with other accounts, example: EC2 instances, S3 Buckets, and EC2 Image Builder.

. Cross-Account Roles: For the administrator account, use AWSCloudFormationStackSetAdministratorRole, which is allowed to assume AWSCloudFormationStackSetExecutionRole to provision resources in the target accounts.

Question 10

CloudFormation Best Practices

Answer 10

IAM: Control access to cloudformation using IAM.

Service Limits: If you hit a limit, Cloudformation will fail to create a stack, nowadays we can deploy 20 instances per region using a cloudformation template.

Avoid Manual Updates: Manual updates cause errors when you try to update or delete the stack.

Use a stack policy: Protect critical stack resources from unintentional updates and mistakes caused by human error.

Question 11

Blue/Green deployment

Answer 11

. Low risk deployment strategy: Blue is the current version of the application, green is the new version.

. Enables testing: After testing is complete, live traffic can be directed to the new version.

. Rollback is easy and fast: If something goes wrong after the new version is being used in production, simply redirect all traffic to the original environment.

Question 12

Rolling Deployment

Answer 12

. Batches: Deploy new application versions and other changes in batches.

. Cost effective: You can set the batch size and the minimum number of servers to keep in service.

. Complexity: Mixed environment. Rolling back involves a redeployment.

Question 13

Canary Deployments

Answer 13

An early warning system that can indicate that something is wrong in your application.

. It can deploy the new version to a small number of servers.

. Direct a small proportion of customer traffic to the new version ex: 10%.

. Enables canary testing: testing your application with a small proportion of real customers before roll out to everybody.