Jon Bonso Udemy #4

When you launch an EC2 instance into a DEFAULT VPC - AWS gives it ___

When you launch an instance into a NON-DEFAULT VPC - AWS gives it ___

What to in a newly created VPC to make sure your EC2 gets a DNA hostname?
Click the card to flip 👆
1 / 48
Terms in this set (48)
When you launch an EC2 instance into a DEFAULT VPC - AWS gives it ___

When you launch an instance into a NON-DEFAULT VPC - AWS gives it ___

What to in a newly created VPC to make sure your EC2 gets a DNA hostname?
private and public hostnames

a private hostname only

- Enable DNA Hostnames + DNS Resolution
Key words:
- File operations
- Concurrent connections from multiple EC2 instances

What service?
EFS
Compared to EFS's ability to carry out low latency file operations and keep multiple concurrent EC2 connections, how is EBS different?
- Used for BLOCK STORAGE

- Can only keep 1 EC2 connection at a time
Use ___ to assess, audit, and evaluate the configuration of your AWS resources.
- Integrates with AWS Organizations
AWS Config
Configure a ___ to check for compliance on the password policy by checking the IAM_PASSWORD_POLICY on an account.
AWS Config rule
Most cost-effective EC2 instance type?

Most cost effective EC2 instance type, given:
- You only need to run the application periodically
- The application it will host is already designed to gracefully recover from failures?
Spot instances or Reserved Instances

Spot instances!
AWS KMS Customer Master Key (CMK)

Used for ___ encryption
most commonly, use CMKs to generate, encrypt, and decrypt the data keys that you use to encrypt your data.

Envelope

CMK -> data keys -> data
Private Virtual Interface

What service is it associated with?
Access a VPC using private IP addresses

Direct Connect
To use an OAI, create an OAI for ___ and grant access to the objects in a private S3 bucket to ___
CloudFront
That OAI
Which storage solution provides the LOWEST latency access to data from ONE SINGLE EC2 instance?
EBS
Why is S3 higher latency than EBS?- It is not in your VPC by default => data must cross Internet => higher latencyCustom messaging service needing: - Durable - Messages must be processed in order - No duplicate messages - Messages sent to EMR Default SQS queue vs. Kinesis Data Stream?Kinesis Data Stream! - Each data record in the stream is assigned a SEQUENCE NUMBER - Default SQS queue is not FIFO (cannot guarantee ordered message delivery)How many subnets do you need for: - HA - An Elastic Load Balancer directing traffic - A database tier needing to be separate from other resources - An application tier, needs to be in a private subnet6 total - 3 in each AZ: 2 private, 1 public - 2 AZsBest way to get an EC2 instance's associated IP addresses which your shell script can use?By using a Curl or Get Command to get the latest metadata information from http:///169.254.169.254/latest/meta-data/Are any costs incurred for creating and using a VPC?No.Which of the following AWS services will incur costs? (Select TWO.) - Using an Amazon VPC - EBS Volumes attached to stopped EC2 Instances - Public Data Set - A stopped On-Demand EC2 Instance - A running EC2 Instance- EBS Volumes attached to stopped EC2 Instances and - A running EC2 Instance (A stopped instance does not incur a fee, but the EBS volume using storage DOES!)Enable ___ to ensure that your S3 bucket would not be affected even if there is an outage in one of the Availability Zones or a regional service failure in us-east-1. Bu default, is an S3 bucket multi-AZ or multi-region?Cross-Region Replication Default: Multi-AZCloudTrail vs. X-RayCloudTrail = auditing X-Ray = detailed tracing and analyzing CloudTrail - primarily for IT audits and API logging of all your AWS resources, CANNOT trace/analyze user requests X-Ray - trace and analyze user requests as they travel through your API Gateway APIs to the underlying services - end-to-end view of entire request - good especially for microservices applicationsUse ___ WITH a Direct Connect service endpoint that will automate and accelerate the replication of data to and from various AWS storage services.a DataSync agentRDS Enhanced Monitoring metrics vs. CloudWatch Metrics for RDSRDS Enhanced Monitoring can give: - RDS child processes - RDS processes - OS processes RDS Enhanced Monitoring: gathers metrics from an agent on the DB instance CloudWatch: gathers metrics from the hypervisor for a DB instanceWhich feature in Amazon S3 enables fast, easy, and secure transfer of your files over long distances between your client and your Amazon S3 bucket? - How does it work?S3 Transfer Acceleration - leverages Amazon CloudFront's globally distributed AWS Edge Locations___ is a fast, fully managed database service powering graph use cases such as identity graphs, knowledge graphs, and fraud detection.Amazon NeptuneThe application tier hosted in an Auto Scaling group of EC2 instances is the only identified resource that needs to connect to the database. What should be the SOURCE for a specified port in the security group configuration inbound rules for this database?Security Group ID attached to the application tierFor Provisioned IOPS SSD (io1/io2) EC2 instances, The maximum ratio of provisioned IOPS to requested volume size (in GiB) is ___. Nitro instance family max IOPS = ___ Other instance families max IOPS = ___ E.g. Max IOPS for a 10GB volume = ___ Any supported instance with a volume size of 1280 GB or greater has a max IOPS of ___50:1 64000 32000 500 IOPS 64000Keep latency down by keeping ___ IOPS and ___ queue length.MAX lowBy default, all S3 resources (buckets, objects) are public or private? How to ensure that all of the objects uploaded to the S3 bucket can be read publicly all over the Internet? (2 possible ways)Private! 1. Grant PUBLIC READ ACCESS to the object WHEN UPLOADING it using the S3 console 2. Configure S3 BUCKET POLICY to set all objects in a bucket to PUBLIC READHow to integrate LDAP to IAM if your current identity store is not compatible with SAML?1. Develop an on-prem custom identity broker application 2. Use STS to issue short-lived AWS credentials___ is a feature of Amazon CloudFront that lets you run code closer to users of your application - improves performance and reduces latency - don't have to provision or manage infrastructure in multiple locations around the world - pay for only compute time you consumeLambda@EdgeCloudWatch default metricsCPU utilization Network utilization Disk performance Disk Reads/WritesEnable ___ on a Redshift cluster to build disaster-recovery to ensure business continuity even in the event of an AWS region outageCross-region Snapshots Copy - make sure that all new manual and automatic snapshots are copied to the specified region. - Can configure where to copy them and how long to store the copiesEnsure order processing system will only process an order once. Use ___ or ___?1. SQS FIFO queue 2. Amazon SWF - has guarantees around task assignments; ensures that a task is never duplicated and is assigned only onceAWS inspectorA security assessments service. helps you check for - unintended network accessibility of your EC2 instances - vulnerabilities on those EC2 instances___ Enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. How does it differ from a CloudWatch dashboard?Cloudwatch Logs Insights - More interactive and analytical than a CloudWatch dashboardGuardDuty vs. Shield vs. WAFGuardDuty - intelligent threat detection service for your AWS accounts and workloads WAF - protects your web apps from common exploits Shield - protects your AWS resources against DDoS attacksCloudTrail stores its logs in ___S3Redshift vs. RDSRedshift = OLAP (online analytical processing) RDS = OLTP (online transactional processing)If you got your certificate (SSL/TLS) from a 3rd party CA, which 2 places can you import it?1. IAM certificate store 2. ACMYou pay for all bandwidth into and out of S3, except for:- Data transferred IN from Internet - Data transferred OUT to EC2 instance in the same region as the S3 bucket (even if different account) - Data transferred OUT to CloudFrontA ____ family EC2 instance is designed for workloads that require high, sequential read and write access to very large data sets on local storage.Storage Optimized - Very low latency - High random IOPSStep Functions vs. Simple Workflow Service Which one is always recommended? When are Step Functions recommended in particular?Unless you have a reason to do otherwise, use Step Functions. They do similar things, but Step Functions is SERVERLESS and recommended by AWS.___ is an AWS-supported open-source cluster management tool that makes it easy for you to deploy and manage High-Performance Computing (HPC) clusters on AWSAWS ParallelCluster - Uses a simple txt file to model and provision all resources needed for you HPC applications in an automated and secure way___ configuration lets you improve your storage volumes' performance by distributing the I/O across the volumes in a strip. - Straight addition of throughput and IOPS This configuration can be implemented on ___ volumesRAID 0 BOTH EBS + Instance StoreProvisioned IOPS SSD is a type of ___ storagepersistent (EBS-backed)Which type of instance has better I/O performance InstanceStoreorEBS?Instance Store > EBSYou can specify ___ launch configuration for an ASG at a time. You ___ modify a launch configuration after you've created it. If you want to change the launch configuration for an ASG, you must ___.1 cannot Create a new launch configuration (e.g. with a new instance type) ; update the existing ASG with the new launch configurationWhat kind of protocol do: - Web apps (HTTP/HTTPS) - File transfers (FTP) - Email servers (SMTP) use?Application layer + TCP/TLS on transport layerWhat kind of protocol do: - Gaming - Video streaming use?UDP on transport layer only___ provide a record of actions taken by a user, role, or an AWS service in Amazon S3 ___ provide detailed records for the requests that are made to an S3 bucket.AWS CloudTrail logs - can enable object-level logging to get any api access/modification actions on S3 buckets/objects S3 server access logs