What are the four ways to pay for EC2?
On-Demand Reserved Spot Dedicated hosts
Conditions on payment for termination of a Spot EC2 instance
If the customer terminate the instance, he pays for the hour. If AWS terminate the instance, Amazon pays for the hour.
EBS Volume Types
SSD-GP2: General Purpose SSD (up to 10.000 IOPS) SSD-IO1: Provisioned IOPS SSD (up to 20.000 IOPS) HDD-ST1: Throughput Optimized HDD (magnetic. Frequently accessed workloads. No boot. Ex: big data, DWH, log processing) HDD-SC1: Cold HDD (magnetic. Less frequently accessed data. No boot. Lowest cost storage. Ex: File Server) HDD-Magnetic (standard): lowest bootable cost.
On how many EC2 instances can a EBS volume be mounted?
- An EBS volume can only be mounted on one EC2 instance. If you want to use shared disks, use EFS.
What is the status of Termination Protection by default?
Termination Protection is turned-off by default. It must be turned on manually.
What is the default action on the EBS root volume when the instance is terminated?
On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated.
Can root volumes be encrypted?
EBS boot (root) volumes can be encrypted (but not by default). This feature is based on another feature that allows you to copy an EBS snapshot while also applying encryption.
Volumes exist on … and Snapshots exist on ….
EBS and S3
When you take a Snapshot of a Volume, where does the Snapshot is stored?
On S3
Are Snapshots incremental?
Yes. Only the blocks that have changed since your last Snapshot are moved to S3. The first Snapshot may take some time to create.
What are Snapshots?
Snapshots are point in time copies of Volumes. Snapshots are incremental.
If you take a Snapshot of a encrypted Volume, will the Snapshot be encrypted?
Yes. Snapshots of encrypted Volumes are encrypted automatically.
If you restore a Volume from a encrypted Snapshot, will the Volume be encrypted?
Yes. Volumes restored from encrypted Snapshots are encrypted automatically.
Can snapshots can be shared?
Yes, but only if they are unencrypted. The Snapshots can be shared with other AWS account or made public.
What happens with the EC2 instance if you take a Snapshot of its EBS boot (root) Volume?
You can take a snapshot of an attached volume that is in use (although you should probably better stop it before). However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued. AWS will not reboot or stop the instance.
Instance Store volumes are also known as…
Ephemeral Storage
What happen if you stop an Instance Store instance?
The data in the Instance Store volumes will be lost
What is the difference between Instance Store volumes backed instances and EBS backed instances at Shutdown (Stop) time?
Instance Store backed instances cannot be stopped (only rebooted or terminated). EBS backed instances can be stopped without losing data.
What is the difference between Instance Store volumes backed instances and EBS backed instances at Reboot time?
Nothing. Both instance types can be rebooted without problems.
What happen if you reboot an Instance Store instance?
Nothing. An Instance Store backed instance can be rebooted without problems.
What happen to Instance Store and EBS boot (root) volumes when the instance is terminated?
By default, both root volumes will be deleted on termination. However with EBS volumes, you can tell AWS to keep the root device volume.
How do you tell AWS to keep an EBS root volume after terminating the instance?
Using the console, you can configure the DeleteOnTermination attribute when you launch an instance. To change this attribute for a running instance, you must use the command line.
How can I take a Snapshot of a RAID array?
Due to interdependencies of the array, there can be problems doing a hot Snapshot because of data held in cache by applications and the SO. To solve this, and application consistent snapshot must be taken. That is, stop the applications from writing to disk and flush all caches to disk. This can be done freezing the filesystem, unmounting the array or, more easily, shutting down the associated EC2 instance.
What’s is the scope of an AMI? (Global, regional…)
AMI’s are regional. An AMI can only be launched from the region in which is stored. However, AMI’s can be copied to other regions using the console, CLI or AWS EC2 API.
What are the time periods for standard and detailed monitoring?
Standard monitoring: 5 minutes Detailed monitoring: 1 minute
What is CloudWatch for?
CloudWatch is for performance monitoring. Don’t confuse it with CloudTrail (which is for auditing)
What can be done with CloudWatch?
Dashboards Alarms Events Logs Metrics (view)
What is a more secure alternative to storing access keys on EC2 instances?
Roles are more secure and easier to manage
How many IAM roles can be associated with an EC2 instance?
You can only associate one IAM role with an EC2 instance.
When can a role be assigned to an EC2 instance?
The role can be assigned at creation time or assigned/replaced/unassigned in runtime (Actions -> Instance Settings -> Attach/Replace IAM role, Select role or “No Role”). Previously, roles could be assigned only when the EC2 instance was launched (that is when it was being provisioned).
What’s is the scope of Roles? (Global, regional…)
Roles are global.
What is the URL to get instance metadata?
http://169.254.169.254/latest/meta-data/
What is the URL to get user data?
http://169.254.169.254/latest/user-data
What protocol does EFS support?
NFSv4
What are the storage limits of an EFS volume?
Can scale up to petabytes.
How many concurrent connections does an EFS volume supports?
Thousands of concurrent connections.
How is EFS data stored? (one AZ, multiple AZ, …)
Data is stored across multiple AZ’s within a region
What is the consistency model of EFS?
Read after Write consistency
What is Lambda?
AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you.
How can be Lambda used?
As an event-driven compute service As a compute service to run your code in response to HTTP requests using Amazon API Gateway or API calls using AWS SDKs.
Can I delete a snapshot of an EBS volume that is used as the root device of a registered AMI?
No. You can’t delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.
Can a (Clustered) Placement Group be deployed across multiple AZs?
No.
What is the command line command to create a snapshot?
ec2-create-snapshot
Can you attach an EBS volume to more than one EC2 instance at the same time?
No
A (Clustered) placement group is ideal for…
EC2 instances that require high network throughput and low latency across a single AZ.
Using the console, can I add a role to an EC2 instance after the instance has been launched?
Yes. Roles can be assigned/replaced/unassigned using the console after the instance has been launched (Actions -> Instance Settings -> Attach/Replace IAM role, Select role or “No Role”). Previously, roles could be assigned only when the EC2 instance was launched (that is when it was being provisioned).
Can I change permissions to a role, even if that role is already assigned to an existing EC2 instance?
Yes. These changes will take effect immediately.
What does EBS stands for?
Elastic Block Store
What is Amazon EBS?
Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.
What are the default traffic allowances for a Security Group?
All Inbound Traffic is Blocked by default (when you create a Security Group, you need to explicitly create a rule for each allowed inbound protocol). All Outbound Traffic is Allowed by default (when you create a Security Group, a “All traffic” to “Anywhere” rule is automatically created).
Can the volume type be changed when recovering a Volume from a Snapshot?
Yes. The Volume type can be changed from the default Volume type of the Volume from which the Snapshot was originally created.
What type of RAID is discouraged by Amazon?
RAID 5
When to use RAID on AWS?
When you are not getting the disk I/O that you require (typically RAID 0 or RAID 10).
What are Security Groups?
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance.
What is an AMI?
An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.
What does an AMI include?
A template for the root volume for the instance (for example, an operating system, an application server, and applications) Launch permissions that control which AWS accounts can use the AMI to launch instances A block device mapping that specifies the volumes to attach to the instance when it’s launched
With whom can an AMI be shared?
Publicly or with particular AWS accounts
What are the types or AMIs according its storage types?
EBS and Instance Store
You can select your AMI based on…
Region OS Architecture (32-bit or 64-bit) Launch permissions Storage for the root device (Instance Store or EBS)
Stopping vs Rebooting an EC2 instance
When you stop an EBS boot instance you are giving up the physical hardware that the server was running on and EC2 is free to start somebody else’s instance there. When you reboot, it’s a simple reboot at the OS level and the instance stays running on the same hardware, with the same private and public IP addresses, keeps the same Elastic IP address (if associated), and keeps the same ephemeral storage without getting wiped.
What is configured at Target Group level?
Mainly, “Health check settings”: - Protocol, Path (ex: /text.html) - Healthy threshold, Unhealthy threshold, Timeout, Interval and Success codes.
What component does and ELB depends on?
An ELB depends on a Target Group. The Target Group can be created in the same ELB creation steps (on a existing Target Group can be chosen)
What is configured at ELB level?
Name, Scheme (internet-facing, internal), Listeners, AZs Security Groups Target Group Targets
On what level are EC2 metrics and what kind of metrics can I monitor using CloudWatch?
EC2 metrics are on a hypervisor level. CPU, Disk, Network and Status (Memory is missing).
What is the command for the AWS cli?
aws
Where are AWS CLI credentials stored?
$HOME/.aws/credentials
What is the command to configure the credentials for AWS CLI?
aws configure
What is the first step to create an Autoscaling Group?
Create a Launch Configuration
What is a Launch Configuration?
Is a template that your Auto Scaling group will use to launch instances; its creation process is very similar to an EC2 instance creation process.
What is an Autoscaling Group?
You can use Auto Scaling to manage Amazon EC2 capacity automatically, maintain the right number of instances for your application, operate a healthy group of instances, and scale it according to your needs.
What is configured at Autoscaling Group level?
Name, size (of EC2 instances), VPC, Subnets, Load Balancing (specify is traffic is received from an ELB and Target Group selection). Scaling Policies: - Keep this group at its initial size - Use scaling policies to adjust the capacity of this group (Increase Group Size, Decrease Group Size)
What is a (Clustered) Placement Group?
A (Clustered) placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gbps network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.
Placement Groups characteristics
- A Clustered Placement Group can’t span multiple AZs. - A Spread Placement Group can. - The name must be unique within a AWS account - Only certain types of instances can be launched in a Placement Group (compute optimised, GPU, memory optimised, etc…) - AWS recommends homogenous instances within Placement Groups - You can’t merge Placement Groups - You can’t move and existing instance into a Placement Group. You can create an AMI from an existing instance, and then launch a new instance from the AMI into a Placement Group.
What are the billing increments in EC2?
Per hour for Windows instances and per second for Linux instances (for On-Demand, Reserved and Spot, with a minimum of 60 seconds)
How does EC2 per second billing works?
Amazon EC2 usage of Linux based instances that are launched in On-Demand, Reserved and Spot form will be billed on one second increments, with a minimum of 60 seconds
EC2 instance types
F for FPGA I for IOPS G - Graphics H - High Disk Throughput T cheap general purpose (think T2 Micro) D for Density R for RAM M - main choice for general purpose apps C for Compute P - Graphics (think Pics) X - Extreme Memory
What are the year terms for Reserved?
1 Year or 3 Year Terms.
Can a specific IP address be denied using Security Groups?
No. Security Groups only support rules to Allow (everything is Denied by default). To deny specific IPs, Network ACLs have to be used.
Do EC2 instances need to be restarted to apply changes to Security Groups?
No, changes to Security Groups take effect immediately.
Is it possible to use the same Security Group in several EC2 instances?
Yes. You can have any number of EC2 instances within a Security Group.
Can an EC2 instance use multiple Security Groups?
Yes. You can have multiple Security Groups attached to EC2 instances.
Can you specify Deny rules using Security Groups?
No, Security Groups deny everything by default. You can only specify Allow rules.
What does it mean that Security Groups are STATEFUL?
If you create an inbound rule allowing traffic in, that traffic is automatically allowed out again.
What are the default traffic allowances for the default VPC Security Group?
The default VPC Security Group has an inbound all traffic rule from itself. So, all instances in this security group can communicate with them. It has also the usual all outbound traffic enabled.
Can EBS volumes (type, size…) be modified on the fly?
Yes. We can modify volumes (even the root one) on the fly (type, size…). There won’t be downtimes, but a performance hit.
Can EBS and EC2 instances be in different AZs?
No. Volumes will ALWAYS be in the same availability zone as the EC2 instance.
How can an EBS volume be “moved” from an AZ to another?
Create a snapshot from the volume, and then: - Copy the snapshot to another region (Actions -> Copy), or - Create a new volume from the snapshot in another AZ (Actions -> Create Volume. The volume type can also be changed in this process), or - Create an Image from the snapshot which then can be copied (Actions -> Create Image. Image -> Actions -> Copy AMI).
How can an EC2 instance be migrated to another AZs or Region?
Create a snapshot from the EC2 instance volume and create an image from the snapshot, or create an image directly from the EC2 instance, and then move the image to another AZs or regions (to then launch an EC2 instance from the image).
From where can I create AMIs?
From: - EBS-backed EC2 instances - EBS volumes’ snapshots
What happens if the hypervisor fails in Instance Store volumes backed instances vs EBS backed instances?
With EBS backed instances, if the underlying hypervisor fails, the instance can be stopped and, when started again, it will start in a different hypervisor. This can’t be done with an Instance Store. If the underlying hypervisor fails, the instance is lost.
Can I detach an Instance Store volume?
No. Instance Store volumes don’t even appear in the Volumes list, so you can’t detach them.
What are the types of Load Balancers?
- Application Load Balancers - Network Load Balancers - Classic Load Balancers (“Elastic Load Balancers”, ELBs)
What error does the final user get if the application behind the Load Balancer does not respond within the idle timeout period?
HTTP 504 Gateway Timeout
How can an application behind a Load Balancer query the original end user IPv4 address?
Through the X-Forwarded-For header
What error does the final user get if the application behind the (Classic/Elastic) Load Balancer fails the health check?
HTTP 503 Service Unavailable
How are instances monitored by ELB reported?
InService or OutOfService
Are you given the IP address of an ELB?
No. Only a DNS name.
How can I run a configuration script during launch?
You can specify User Data to run a configuration script during launch. When creating: Advanced Details -> User Data (during instance creation). In runtime: Actions -> Instance Settings -> View/Change User Data.
Can a (Spread) Placement Group be deployed across multiple AZs?
Yes
What types of Placement Groups exist?
- Clustered Placement Group - Spread Placement Group
Can I move a reserved instance from one region to another?
No
What is the underlying Hypervisor for EC2?
Xen
If an Amazon EBS volume is an additional partition (not the root volume), can I detach it without stopping the instance?
Yes, although it may take some time.
Can the public IP address of an EC2 instance be managed in the instance?
No. The public IP address is not managed in the instance. It is instead ana lias applied as a NAT of the private IP address. It can not be managed via instance meta-data.
Which are the possible values for the “tenancy” attribute of an instance?
- default: your instance runs on shared hardware. - dedicated: your instance runs on single-tenant hardware. - host: your instance runs on a Dedicated Host, which is an isolated server with configurations that you can control.
After an instance is launched, can the “tenancy” be changed from “default” to “dedicated” or “host”?
No
After an instance is launched, can the “tenancy” be changed from “dedicated” or “host” to “default”?
No
After an instance is launched, can the “tenancy” be changed from “dedicated” to “host”, or from “host” to “dedicated”?
Yes. It is possible to transition between those modes by stopping the instance, setting the other mode and starting it again.
Is it possible to switch the tenancy of existing VPCs from dedicated to default?
(As of Oct 2017) Amazon EC2 allows customers to switch the tenancy of existing VPCs from dedicated to default instantly, by using the AWS CLI/SDK. Modifying the instance tenancy of the VPC does not affect the tenancy of any existing instances in the VPC. The next time you launch an instance in the VPC, it has a tenancy of default, unless you specify otherwise during launch. You cannot change the instance tenancy attribute of a VPC to dedicated.
Which option is a most cost-effective mean to develop a high-availability application? 1. ELB with a multi-AZ deployment of an auto-Scaling group of EC2 On-demand instances (primary) running in tandem with an auto-scaling group of EC2 Spot instances (secondary), or 2. ELB with a multi-AZ deployment of an auto-Scaling group of EC2 Spot instances (primary) running in tandem with an auto-scaling group of EC2 On-demand instances (secondary)
- With proper scripting and scaling policies, the On-demand instances behind the Spot instances will deliver the most cost-effective solution because the On-demand will only spin up if the Spot instances are not available.
Is User Data part of the AMI?
Yes
When copying an AMI, which type of information must be manually copied to the new instance?
- Launch permissions - User-defined tags - S3 bucket permissions
Can ALBs direct traffic based on the hostname? or only on the path?
ALBs allow you to set up multiple targets and route to them based on the path and/or hostname (previously, ALBs couldn’t direct traffic based on the hostname, but now they can)
Which of the following provide the lowest cost EBS options? (Choose 2)
Cold (sc1) Throughput Optimized (st1)
Which of the following statements are true about containers on AWS? (Choose 5)
ECS allows you to control the scheduling and placement of your containers and tasks. ECR can be used to store Docker images. You can install and manage Kubernetes on AWS, yourself. You can have AWS manage Kubernetes for you. To be able to use ECS, you must use the ECS Agent.
Is it possible to perform actions on an existing Amazon EBS Snapshot?
Yes, through the AWS APIs, CLI, and AWS Console.
What is the underlying Hypervisor for EC2 ? (Choose 2)
Nitro Xen
The use of a placement group is ideal
Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.
What is the default for inbound traffic for security groups?
blocked
What is the default for all inbound traffic for security groups?
allowed
If you open an inbound port for a security group, is it open for outbound?
yes
Can a volume for an EC2 instance be in another AZ?
No
What is cloudwatch default monitoring interval?
5 min
