New notes

Question 1

What is the scope of a Virtual Private Cloud (VPC)?

Answer 1

Regional

VPCs are regional. You create VPCs in each region separately.

Question 2

At which level do you attach an Internet gateway?

Answer 2

VPC

Internet Gateways are attached to the VPC. You then need to add entries to the route tables for your public subnets to point to the IGW.

Question 3

AWS Outposts

Answer 3

An Outpost is a pool of AWS compute and storage capacity deployed at a customer site, e.g. EC2 instances

AWS operates, monitors, and manages this capacity as part of an AWS Region. You can create subnets on your Outpost and specify them when you create AWS resources such as EC2 instances, EBS volumes, ECS clusters, and RDS instances.

Question 4

RAID 0 vs RAID 1 (on EBS)

Answer 4

RAID 0 = used for performance (splits data across volumes, but if one fails then whole thing fails)
RIAD 1 = fault tolerance/failover (mirrors data)

Question 5

GaurdDuty vs Inspector vs Macie

Answer 5

Inspector = Scanning for potential vulnerabilities

Guard Duty = Scanning for active intrusion attempts

Macie = identify and alert on sensative data such as PII (Personally Identifiable Information)

Question 6

VPC overview - part 1

Answer 6

VPC Peering
- Connect two or more VPC’s using AWS network (not transitive) over IPv4 or IPv6
- Private connection

VPC Endpoints
- Allows access from your VPC to AWS services (e.g. S3, DynamoDB)
- Private connection

Direct Connect (DX)
- connect VPC to customer data center (over IPv4 and IPv6)
- consistent network experience
- private connection

Direct Connect Gateway
- connect one customer data center to multiple VPC on AWS

AWS Site-to-Site VPN
- Connects customer data center to AWS VPC
- private encrypted connection

Question 7

VPC overview - part 2

Answer 7

Egress-only Internet Gateway
- allows outbound only connection to your VPC (private subnet) to the internet (IPv6 only)
- public network

AWS VPN CloudHub
- Connect multiple VPC’s to multiple Customer data centers
- public network

Transit Gateway
- Connecting multiple VPC services together (spoke and hub) and is transitive
- public network

Internet Gateway
-

Question 8

SQS Visbility Timeout

Answer 8

SQS Visibility Timeout is a period of time during which Amazon SQS prevents other consumers from receiving and processing the message again.

In Visibility Timeout, a message is hidden only after it is consumed from the queue. Increasing the Visibility Timeout gives more time to the consumer to process the message and prevent duplicate reading of the message. (default: 30 sec., min.: 0 sec., max.: 12 hours)

Question 9

AWS App Runner

Answer 9

Similar to Beanstalk, but for containerised web apps

Question 10

Security Groups and NACL operate at which level?

Answer 10

Security Group = EC2 instance level

Network Access Control List (NACL) = subnet level

Question 11

Security Groups

Answer 11

Security groups are stateful, meaning if traffic can go out, then it can go back in.

Security Group = stateful (return traffic is automatcially allowed)

NACL = stateless (return traffic must be explicitily allowed by the rules)

Question 12

Bastion Hosts

Answer 12

Bastion hosts should be deployed in a public subnet

Question 13

AWS Fargate

Answer 13

AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes (EKS).

Question 14

Amazon EBS root device volumes

Answer 14

By default, Amazon EBS root device volumes are automatically deleted when the instance terminates.

You can preserve the volume by setting the value of DeleteOnTermination attribute of the EBS volumes to False.

Question 15

S3 Glacier retrival

Answer 15

Expedited retrievals allow you to quickly access your data when occasional urgent requests for a subset of archives are required. For all but the largest archives (250 MB+), data accessed using Expedited retrievals are typically made available within 1–5 minutes. Provisioned Capacity ensures that retrieval capacity for Expedited retrievals is available when you need it.

To make an Expedited, Standard, or Bulk retrieval, set the Tier parameter in the Initiate Job (POST jobs) REST API request to the option you want, or the equivalent in the AWS CLI or AWS SDKs. If you have purchased provisioned capacity, then all expedited retrievals are automatically served through your provisioned capacity.

Provisioned capacity ensures that your retrieval capacity for expedited retrievals is available when you need it. Each unit of capacity provides that at least three expedited retrievals can be performed every five minutes and provides up to 150 MB/s of retrieval throughput. You should purchase provisioned retrieval capacity if your workload requires highly reliable and predictable access to a subset of your data in minutes. Without provisioned capacity Expedited retrievals are accepted, except for rare situations of unusually high demand. However, if you require access to Expedited retrievals under all circumstances, you must purchase provisioned retrieval capacity.

Question 16

What will occur when an EC2 instance is stopped and started

Answer 16

– The underlying host for the instance is possibly changed.

– All data on the attached instance-store devices will be lost.

Question 17

Fargate

Answer 17

Fargate allocates the right amount of compute, eliminating the need to choose instances and scale cluster capacity. You only pay for the resources required to run your containers, so there is no over-provisioning and paying for additional servers.

By default, Fargate tasks are given a minimum of 20 GiB of free ephemeral storage, which meets the storage requirement in the scenario.

Question 18

AWS Cost Explorer

Answer 18

AWS Cost Explorer is a service provided by Amazon Web Services (AWS) that helps you visualize, understand, and analyze your AWS costs and usage. It provides a comprehensive set of tools and features to help you monitor and manage your AWS spending.

You can programmatically query your cost and usage data via the Cost Explorer API. You can query for aggregated data such as total monthly costs or total daily usage. You can also query for granular data, such as the number of daily write operations for DynamoDB database tables in your production environment.

Question 19

S3 Pre-signed URLs vs CloudFront Signed URLs vs Origin Access Identity (OAI) vs Origin Access Control (OAC)

Answer 19

https://tutorialsdojo.com/s3-pre-signed-urls-vs-cloudfront-signed-urls-vs-origin-access-identity-oai-origin-access-control-oac/

Question 20

Dynamo DB auto scailing

Answer 20

DynamoDB auto scaling uses the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf, in response to actual traffic patterns. This enables a table or a global secondary index to increase its provisioned read and write capacity to handle sudden increases in traffic, without throttling.

Question 21

CIDR notation

Answer 21

/32 denotes one IP address
/0 refers to the entire network

Question 22

EBS costs incurred

Answer 22

EBS Volumes attached to stopped EC2 Instances incur costs

Question 23

Elastic Fabric Adapter (EFA)

Answer 23

An Elastic Fabric Adapter (EFA) is a network device that you can attach to your Amazon EC2 instance to accelerate High Performance Computing (HPC) and machine learning applications.

Question 24

Amazon Kinesis Data Streams

Answer 24

Amazon Kinesis Data Streams enables real-time processing of streaming big data. It provides ordering of records, as well as the ability to read and/or replay records in the same order to multiple Amazon Kinesis Applications.

Consumers are: EMR, EC2, Lambda, Amazon Kinesis Data Analytics

Question 25

S3 buckets

Answer 25

S3 buckets are region specific

They are stored in 3 AZ’s per region