Monday Flashcards
(79 cards)
1
Q
Compare ELB and ALB
A
ALB:
- Layer7 - Application Layer
- preferred for HTTP/HTTPS
ELB:
- Layer 4 (Network)
Both: you don’t see public IP - but therefore the DNS name. That’s because public IP might change
2
Q
Name 3 advantages of Redshift!
A
MPP (massive parallel processing)
doesn’t need indexes
fully managed, petabyte-scale data warehouse service
3
Q
S3 consistency for PUTs of new object
A
read after write - atomic updates (either complete old or complete new version - nothing mixed)
4
Q
Name the 2 EC2 status checks!
A
System status check - checking underlying HyperVisor and network
Instance status check
5
Q
What is Multi-AZ good for for RDS?
A
For disaster recovery (not performance!). Every change is mirrored to instance in other AZ synchronously!
6
Q
Should you attach IAM roles to EC2’s or single users?
A
EC2’s - no aws configure required. AWS CLI is preinstalled on Amazon Linux AMI
7
Q
Name 5 routing policies!
A
- Failover (active/Passive)
- Simple
- Weighted
- Latency
- Geolocation
8
Q
Properties of Snapshots?
A
- exist on S3
- are incremental
- creation while instance is running (except root volumes)
- can be shared if unencrypted
9
Q
S3 cross region application requirement?
A
bith buckets need versioning enabled
delete markers are also replicated
10
Q
How do container instances connect to a cluster?
A
ECS Container Agent
11
Q
What is a shard (Kinesis)?
A
A shard is a uniquely identified sequence of data records in a stream. A stream is composed of one or more shards, each of which provides a fixed unit of capacity.
12
Q
Properties of EFS!
A
- can be mounted to multiple instances
- pay as you use
- block based storage
- multi-az
- scale up to petabytes
- capacity is elastic
- user-level and directory-level permissions
- read after write consistency
13
Q
Is NotAction the same as Deny?
A
adds exception to list of actions
is not a Deny. User could still hive separate policy that grants him this action
14
Q
What does a NAT Gateway do?
A
going from private subnets
to internet - that need a public source IP - NAT does offers public IP and routes traffic to this port
15
Q
Which states does a Loadbalancer know?
A
InService and OutOfService
16
Q
What is a PLacement Group?
A
logical grouping of instances within a single AZ - 10GB/s network. low latency. only certain instance typed
17
Q
Benefits API GW!
A
- API caching
- throttle requests
- log to cloudwatch
- scales effortlessly
- CORS
- Staging…
18
Q
Will EBS root be deleted on termination by default?
A
yes
19
Q
DynamoDB consistency
A
- eventual consistent reads vs strongly consistent reads (default)
- consistency within a second - best read performance
20
Q
What is instance storage /ephemeral?
A
no persistence
directly attached - not separated from EC2 like EBS
21
Q
What do ECS Task Definitions include?
A
- which docker image
- how much CPU and memory in each container?
- networking mode
- ports mapping
- ENV
- IAM roles
…
22
Q
Which workloads is NOSQL perfect for?
A
many reads, great scalability and performance, not many joins
23
Q
What do ECS Services do?
A
run and maintain (like AutoScalingGroup) number of instances of task definition in ECS cluster
24
Q
Can a VPC span multiple AZ’s?
A
yes
25
Default ACL vs. default custom ACL
by default custem ACL’s: everything denied inbound and outbound
but default ACL for VPC allows all outbound and inbound traffic
26
What is Service Catalog?
Build out which services are authorized
27
How to boost performance of RDS?
read replicas
28
What is Lightsail?
Out of the box cloud
29
Actors in SWF?
Starter
- initiates WF
Workers
- interact with SWF to get tasks, process received tasks and return results
Decider
- controls coordination of tasks (ordering, concurrency, scheduling)
30
EMR vs Kinesis
EMR:
- offline batch jobs
Kinesis:
- real time processing
Offline batch jobs can be horizontally scaled by using a distributed data processing engine like Apache Hadoop. On AWS, you can use the Amazon Elastic MapReduce (Amazon EMR) service to run Hadoop workloads on top of a fleet of EC2 instances without the operational complexity. For real-time processing of streaming data, Amazon Kinesis partitions data in multiple shards that can then be consumed by multiple Amazon EC2 or AWS Lambda resources to achieve scalability.
31
S3 encryption
```
Client side before upload
Server side:
S3 Managed Keys: SSE-S3
- each object individual key
- key itself is encrypted with master key that is rotated
- AES256
```
AWS Key Management Service: SSE-KMS
- separate permissions for use of envelope key (key that protects datas encryption key)
- audit trail
- option to create managed encryption key yourself
Customer Provided Keys: SSE-C
- you manage the encryption keys
- AWS manages the encryption/decryption
32
Redundany typed
Standby
functionality is recovered on a secondary resource via failover - often used for stateful components like dbs
Active
functionality is recovered on a secondary resource via failover. one fails: rest absorbs larger share of workload
33
Which caching engines does ElasticCache support?
```
Memcached:
- memory object caching system
- protocol compliant
Redis:
- in-memory key-value store
- supports sorted sets and lists
- Elasticache supports Master/Slave replication and Multi-AZ
```
34
Is termination protection turned off or on by default?
turned off
35
S3 Storage Tiers
S3 normal
IA (infrequent access)
RR (reduced redundancy)
Glacier
36
Properties of AMI?
- created based on snapshot or volumes
| - not encrypted at rest
37
What is Storage Gateway?
Connect S3 to onPrem
| A VM you install onPrem
38
What happens when I enter URL in browser?
Client contacts ISP's DNS Resolver
- this asks Root name server for Top Level Domain
- returns reference to other NS for .com
Resolver asks NS .com
- returns ref to other NS example.com: Route53
Route 53 returns IP by checking HostedZone (container for individual records)
39
Name 4 default checks for Cloudwatch Metrics!
- CPU (CreditBalance, CreditUsage, Utilization)
- Disc (ReadBytes, ReadOps, WriteBytes, WriteOps)
- Network (In, Out, PacketsIn, PacketsOut)
- Status (Failed, Failed_Instance, Failed_System)
40
What is ELasticache?
webservice easy deploy, operate and scale in-memory cache in the cloud
41
WHat does a Policy statement consist of?
```
PARC
- Effect (Allow|Deny)
- Action
- Resource
- Condition
Condition
- multiple conditions are ANDed
- multiple values in one(!) condition are ORed
```
42
S3 Lifecycle management
Transitions (Glacier, IA)
Expiration - permanently delete
can set tags/filters to apply rule on
43
What is EMR?
big data processing
44
Elastic Transcoder
Media transcoder with presets.
| Pricing based on minutes transcoding and resolution
45
How is AWS Container Registry called?
ECR - can be combined with IAM and is usable with Docker CLI
46
Is replication of RDS read replicas sync or async?
async
47
SQS standard vs fifo!
Standard:
- almost unlimited number of tx/s
- guarantee that a message is delivered at least once
- message might be delivered out of order
Fifo:
- guarantee the order (FIFO)
- message delivered once and remains available until a consumer processes and deletes it
- no duplicates
- supports orderes message groups
- limited to 300 tx/s
48
What must a Subnet be associated with?
Route Table
49
Private IP address ranges?
internal address ranges:
10. 0.0.0 - 10.255.255.255 (10/8 prefix)
172. 16.0.0 - 172.31.255.255 (172.16/12 prefix)
192. 168.0.0 - 192.168.255.255 (192.168/16 prefix)
50
What is Athena?
SQL queries on S3
51
Why should main route table not be connected to interet?
new subnet is associated by default with main route table
52
How to encrypt an RDS instance?
Create encrypted snapshot and start new instance from it
53
Kinesis vs SQS
Amazon Kinesis is differentiated from Amazon’s Simple Queue Service (SQS) in that Kinesis is used to enable real-time processing of streaming big data. SQS, on the other hand, is used as a message queue to store messages transmitted between distributed application components.
Kinesis provides routing of records using a given key, ordering of records, the ability for multiple clients to read messages from the same stream concurrently, replay of messages up to as long as seven days in the past, and the ability for a client to consume records at a later time. Kinesis Streams will not dynamically scale in response to increased demand, so you must provision enough streams ahead of time to meet the anticipated demand of both your data producers and data consumers.
SQS provides for messaging semantics so that your application can track the successful completion of work items in a queue, and you can schedule a delay in messages of up to 15 minutes. Unlike Kinesis Streams, SQS will scale automatically to meet application demand. SQS has lower limits to the number of messages that can be read or written at one time compared to Kinesis, so applications using Kinesis can work with messages in larger batches than when using SQS.
54
Can read replicas of RDS be in another region?
yes
55
TCP handshake?
- > SYN
- > SYN, ACK
- > ACK
56
Can a subnet span multiple AZ's?
No
57
How is a S3 object identified uniquely?
bucket, key, version ID
58
Name one OLAP and one OLTP AWS resource!
OLTP: RDS
OLAP: Redshift
59
CF Edge Location, Origin, Distribution
Edge Location:
location where content will be cached - separate to AWS Region/AZ
Origin:
Origin of all files that CDN will distribute
Distribution:
name given the CDN which consists of a collection of Edge locations
- Web Distribution vs RTMP (used for media streaming)
60
S3 difference Bucket Policies and ACL!
Bucket Policies: entire bucket
| ACL: individual objects
61
VPC peering config
peering is always in a star configuration: ie 1 central VPC peers with 4 others. NO TRANSITIVE PEERING!!
62
Sort Policies, Groups, Roles and Resources for IAM!
Policies are applied to Roles and Groups.
| ROles are assigned to Resources
63
How many Internet GW per VPC?
only one
64
Compare SQS to SWF!
SQS:
- message oriented
- pull based (short and long polling)
- messages will be processed at least once
- visibility timeout
- types: standard vs fifo
SWF:
- task oriented
- tasks represent invocations of various processing steps
- coordinate work across distiributed components
- ensures task is only assigend once and is never duplicated!
65
What is AWS Artifact?
Compliance Documents
66
What is Data Pipeline?
AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR.
67
Which EC2 purchasing typed so you know?
- On-Demand instance
- Reserved Instance
- Scheduled Instance
- Spot Instance
- Dedicated Hosts
68
How many copies can Aurora loose without affect write or read capabilities?
2 write
| 3 read
69
S3 consistency for Puts and Deletes
eventual consistency
70
Explain the 2 IAM Policy Types!
TrustPolicy
- Who does the role trust? (effect, principal, action) default: root - whole account
AccessPolicy
- what can the role do?
71
SNS?
- push based
- publish subscribe
- Topics (group recipients) and messages
- endpoints (SMS, email, SQS, HTTP...)
72
Redshift columns vs record sets
It's all about columns!
- row-based: ideal for transaction processing
- column based: ideal for analytics - many aggregations and advanced compression (single datatype in column)
73
What does SOA record contain?
```
servername that supploed data for the zone
admin of the zone
current version of data file
ttl for resource records
etc.
```
74
After creation of VPC what do we have per default?
- RouteTable
- NACL
- Security Group
75
Compare SG to ACL's
ACL:
- stateless
- can block specific IP's
SG:
- stateful (as soon as you add an inbound rule a corresponding outbound rule is created although it’s not visible)
- can't specifically deny
- all inbound traffic blocked by default
- all outbound traffic allowed by default
76
Which configuration can RedShift run in?
single node (160 GB)
multi-node
- Leader node (manages client connections and receives queries)
- Compute node (store data and perform queries and computations)
77
What is Kinesis good for and which services does it consist of?
```
Streaming data
Kinesis Streams
- shard
- producers sends data here
- consumers turn data in sth. useful
- data is stored e.g. in Dynamo, S3, RDS...
Kinesis Firehose
- producers send data here
- no shards etc. - completely automated
- streams data to S3, ES Cluster
Kinesis Analytics
- SQL queries on data in Firehose or Streams
```
78
How are IAM policies enforced?
if there is a deny: deny
if there is no deny and an allow: allow
if there is no deny nor allow: deny
79
ACL 2 properties?
- rules are evaluated in numerical order (ascending)
| - separate inbound and outbound rules
