Just a place to put
some notes on the “AWS Certified Solutions Architect -
Associate (New!)” course from https://linuxacademy.com
Expanding Upon: AWS Essentials: EC2
EC2
Dashboard
AWS Services >
Compute: EC2
Left Panel:
- EC2 Dashboard
- Events
- Tags
- Reports
- Limits
+ INSTANCES:
Instances / Spot Requests / Reserved Instances / Dedicated Hosts
+ IMAGES: AMIs
/ Bundle Tasks
+ ELASTIC BLOCK
STORE: Volumes / Snapshots
+ NETWORK &
SECURITY: Security Groups / Elastics IPs / Placement Groups / Key Pairs /
Network Interfaces
+ LOAD BALANCING:
Load Balancers / Target Groups
+ AUTO SCALING:
Launch Configurations / Auto Scaling Groups
+ SYSTEMS MANAGER
SERVICES: Run Command / State Manager / Configuration Compliance /
Automations / Patch Compliance / Patch Baselines
+ SYSTEMS MANAGER
SHARED RESOURCES: Managed Instances / Activations / Documents / Maintenance
Windows / Parameter Store / Patches
Image: EC2
Dashboard
Additional
Information:
EC2 Bootstrapping, User-Data and Meta-Data
Viewing User-Data
& Instance Meta-Data:
When logged into an EC2 instance, you can view the
instance user-data used during creation, or meta-data, by executing one of the
following commands:
curl
http://169.254.169.254/latest/user-data
(displays bootstrapping commands)
curl
http:// 169.254.169.254/latest/meta-data (displays AMI, instance type,
etc)
Quiz
Q: IOPS are measured in what size “chunks?”
A: IOPS are measured in chunks of 256KB or smaller
Q: What best describes how EBS snapshots work?
A: Snapshots are
incremental in nature and are stored in S3
Q: You are a Solutions Architect and your company is
interested in moving some workload to AWS.
You are concerned that it will be very challenging to manage and control
all of the EC2 servers that will need to be deployed – specifically, how to
insure that fellow employees are installing the company approved operating
system version, with the right libraries and runtimes and with the proper
configuration settings. What EC2 feature
will best allow you to control this?
A: You can have a company policy stipulating that any new
instance must be launched using a custom
Amazon Machine Image (AMI) which specifies exactly which software and
associated settings you want to have installed on every new EC2 instance.
T: AMIs are
what dictate the instances operating
system and other software settings. It is the "instance type"
which determines the instances virtual hardware.
Q: What best describes the characteristics of EBS volumes?
A: They are
persistent and can live past the lifetime of the instance.
Q: If you are running a legacy application that has
hard-coded static IP addresses and is running on an EC2 instance, what is the
best failover solution that allows you to keep the same IP address on a new
instance?
A: Elastic IP
addresses (EIPs) are designed to be attached/detached and moved from one
EC2 instance to another. They are a great solution for keeping a static IP
address and moving it to a new instance if the current instance fails. This
will reduce or eliminate any downtime users may experience.
Q: If you are running an application in a production
environment and must add a new EBS volume with data from a snapshot, what
should you do to avoid degraded performance during the volume's first use?
A: Initialize the
data by readying each storage block on the volume
E: Volumes created from an EBS snapshot must be
initialized. Initializing occurs the first time a storage block on the volume
is read, and the performance impact can be impacted by up to 50%. You can avoid
this impact in production environments by manually reading all the blocks.
Q: What command should you run if you want to view an
instance's user-data?
A: curl http://169.254.169.254/latest/user-data
Q: Your company has been thinking about moving its
networking resources over to AWS. Your boss is particularly interested in the AWS shared responsibility model, as it
will allow him to offload some traditional responsibilities to AWS. He says
that he is happy that AWS will now handle the following responsibilities listed
below. However, you know that he is wrong and that AWS does not handle all of
them as part of the shared responsibility model. Which ... are not handled by
AWS?
A1: Security Groups
A2: Applying an SSL Certificate to an ELB
A3: Installation of custom firewall software
E: In the shared responsibility model, AWS is responsible
for DDOS protection, port scanning protection, and ingress network filtering.
You are responsible for managing Security Groups, Applying an SSL Certificate
to an ELB, and Installation of custom firewall software.
T: A key pair
is a combination of a public and private key that is used for authenticating
users when logging into an EC2 instance.
E: The public key pair is stored on the instance, and the
private key is given to you when the instance is created.
Q: If you are designing an application that requires fast (10Gbps), low-latency connections
between EC2 instances, what EC2 feature should you use?
A: Placement
groups
E: Placement groups are a clustering of EC2 instances in
one Availability Zone with fast (10Gbps) connections between them. This service
is used for applications that need extremely low-latency connections between
instances.
Q: You work in the IT department of a Fortune 500
financial services company. Your company has hundreds of servers and also uses
VMware for certain applications. You happened to run into one of the senior
directors in the hallway today, and she told you that she had just read an
article on cloud computing that mentioned EC2 instances and was wondering what
that was. What would be the best analogy to use in explaining to her what EC2
is?
A: EC2 is analogous
to our internal VMware environment and provides companies with virtual
servers that run in the cloud.
Q: What happens to data stored on an instance store volume when an EC2 instance is stopped or shutdown?
A: The data will be deleted
E: Since instance store volumes are ephemeral, data will
NOT be persistent and WILL be deleted if the instance is stopped or shut down.
AWS
Account & Services Layer: EC2
Image: AWS Account
& Services Layer (compute services)
Image: AWS Account
& Services Layer (EC2)
APPENDIX: AWS Elastic File System (EFS)
Images: AWS Console
> Storage: EFS
“An Amazon EFS file
system is accessed by EC2 instances running inside one of your VPCs. Instances
connect to a file system by using a network interface called a mount target.
Each mount target has an IP address, which we assign automatically or you can
specify.”
Image: EFS > Create File System - Step 1: Configure file
system access
Create File
System
Step 1: Configure
file system access
1.1: Select VPC
1.2: Create mount targets
Step 2: Configure
optional settings
2.1: Add tags
2.2: Choose performance mode:
- General Purpose (default)
- Max I/O
2.3: Enable encryption
EFS Things to Know
Elastic File System (EFS):
- EFS is a storage option for
EC2 that allows for a scalable
storage option
- EFS storage capacity is elastic
-- The storage capacity will
increase and decrease as you add or remove files
-- Applications running on an
EC2 instance using EFS will always have the storage they need, without having
to provision and attach larger storage devices
- EFS is fully-managed (no
maintenance required)
- Supports the Network File
System version 4.0 and 4.1 (NFSv4) protocols when mounting
- Best performance when using
an EC2 AMI with Linux Kernel 4.0 or newer
Benefits of EFS:
- The EFS file system can be
accessed by one (or more) EC2 instance at the same time
-- Shared file access across
all your EC2 instances
-- Applications that span
multiple EC2 instances can access the same data
- EFS file systems can be
mounted to on-premise servers (when connected to your VPC via AWS Direct
Connect)
-- This allows you to migrate
data from on-prem servers to EFS and/or use it as a backup solution
- EFS can scale to petabytes in
size, while maintaining low-latency and high levels of throughput
- You pay only for the amount
of storage you are using
Security:
- Control file system access
through POSIX permissions
- VPC for network access
control, and IAM for API access control
- Encrypt data at rest using
AWS Key Management Service (KMS)
When to use:
- Big Data and analytics
- Media processing workflows
- Web Servicing & Content
Management
APPENDIX: Steps to Encrypt Existing Amazon EBS Volume (Data-at-Rest)
1: Change the instance state (stop the instance)
2: Create a snapshot
3: Copy snapshot to change it to an encrypted snapshot
4: Create EBS volume from the snapshot
5: Attch volume to EC2 instance
Comments
Post a Comment