Section 5a: EC2

Question 1

EC2 stands for ___ and is what type of cloud computing?

Answer 1

Elastic Compute Cloud. Infrastructure as a Service.

Question 2

EC2 User data script allows you to

Answer 2

bootstrap your EC2 instance

Question 3

Bootstrapping means

Answer 3

launching commands when a machine starts

Question 4

The 4 major types of EC2 Instances are

Answer 4

General Purpose, Compute Optimized, Memory Optimized, Storage Optimized,

Question 5

General Purpose EC2 instances are useful for

Answer 5

a diversity of workloads such as web servers or code repositories

Question 6

Compute Optimized EC2 instances are useful for

Answer 6

compute-intensive tasks that require high performance
processors

Question 7

Memory Optimized EC2 instances are useful for

Answer 7

workloads that process large data sets in memory

Question 8

Storage Optimized EC2 instances are useful for

Answer 8

storage-intensive tasks that require high, sequential read and write
access to large data sets on local storage

Question 9

What do Security Groups control?

Answer 9

They control how traffic is allowed into or out of our EC2 Instances & are the fundamental of network security in AWS.

Question 10

Security Groups are

Answer 10

“firewalls” on EC2 instances

Question 11

Security Groups regulate these 4 things

Answer 11

• Access to Ports
• Authorised IP ranges – IPv4 and IPv6
• Control of inbound network (from other to the instance)
• Control of outbound network (from the instance to other)

Question 12

Can SGs be attached to one or multiple instances?

Answer 12

Multiple

Question 13

Can SGs be used in any region or are they confined to one region?

Answer 13

Confined to the region they were created in as VPCs

Question 14

Do SGs live “within” or “Outside” the EC2 instance?

Answer 14

Outside. EC2 instances can be blocked from “seeing” SGs.

Question 15

All outbound traffic is ____ and all inbound traffic is ___ by default.

Answer 15

All outbound traffic is authorized and all inbound traffic is blocked by default.

Question 16

Port 22

Answer 16

SSH (for linux)
and
SFTP (Secure File Transfer Protocol) – upload files using SSH

Question 17

Port 21

Answer 17

FTP (File Transfer Protocol) – upload files into a file share

Question 18

Port 80

Answer 18

HTTP – access unsecured websites

Question 19

Port 443

Answer 19

HTTPS – access secured websites

Question 20

Port 3389

Answer 20

RDP (Remote Desktop Protocol) – log into a Windows instance

Question 21

What are the 7 EC2 Instance Purchasing Options?

Answer 21

• On-Demand Instances
• Reserved (1 & 3 years)
• Savings Plans (1 & 3 years)
• Spot Instances
• Dedicated Hosts
• Dedicated Instances
• Capacity Reservations

Question 22

On-Demand Instances

Answer 22

short workload, predictable pricing, pay by second, highest cost. For short-term and uninterrupted workloads

Question 23

Reserved (1 & 3 years)

Answer 23

• Reserved Instances – long workloads. Recommended for steady-state usage applications
• Convertible Reserved Instances – long workloads with flexible instances

Question 24

Savings Plans (1 & 3 years)

Answer 24

commitment to an amount of usage, long workload. Locked to a specific instance family & AWS region

Question 25

Dedicated Hosts

Answer 25

book an entire physical server, control instance placement.
*Allows you address compliance requirements and use your existing server- bound software licenses.
*Can be on-demand or Reserved.
*Useful for software that have complicated licensing model
*Also useful for companies that have strong regulatory/compliance needs

Question 26

Dedicated Instances

Answer 26

no other customers will share your hardware
* Instances run on hardware that’s dedicated to you
* May share hardware with other instances in same account
* No control over instance placement

Question 27

Capacity Reservations

Answer 27

reserve capacity in a specific AZ for any duration
*charged at On-Demand rate whether you run instances or not
* Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ

Question 28

Spot Instances

Answer 28

short workloads, cheap, can lose instances (less reliable). The MOST cost-efficient instances in AWS. Not suitable for critical jobs or databases

Question 29

For EC2, AWS is responsible for

Answer 29

• Infrastructure (global
  network security)
• Isolation on physical hosts
• Replacing faulty hardware
• Compliance validation

Question 30

For EC2, the customer is responsible for

Answer 30

• Security Groups rules
• Operating-system patches and updates
• Software and utilities installed
  on the EC2 instance
• IAM Roles assigned to EC2 &
  IAM user access management
• Data security on your instance