When ELB detects that an instance is unhealthy, it stops sending traffic to other instance and allows the in-flight requests to be completed. Connection Draining ensures that the unhealthy instance is terminated after the in-flight request and a new instance is created and traffic starts flowing into the new instance.
Manual Scaling is done manually whenever there is a requirement of increasing or decreasing the instances based on the load. Scaling could be also be done automatically based on the load/demand on the EC2 instance, one can define the Maximum and Minimum EC2 instance details based on the various metrics. Last option is Based on Schedule wherein one can define a specific duration or time in which how many minimum and maximum instances must be running irrespective of demand.
Elastic Load Balancing supports three types of load balancers -Classic, Application and Network. You can select the appropriate load balancer based on your application needs. If an application requires complex capabilities like Path-based and Host-based routing, recommended is Application Load Balancer. If extreme performance and static IP is needed for your application then we recommend you to use Network Load Balancer. If application requires basic features Classic Load Balancer is recommended.
No, Standby DB instance cannot be used for read or write operations, the secondary instance could be used only when the primary DN instance goes down.
If the resource in the stack cannot be created, then the CloudFormation automatically rolls back and terminates all the resources that were created in the CloudFormation template. This is a handy feature when you accidentally exceed your limit of Elastic IP addresses or don’t have access to an EC2 AMI.
While deleting a DB Instance, you have an option of creating a final DB snapshot, which is recommended. RDS retains this user-created DB snapshot along with all other manually created DB snapshots after the instance is deleted, also automated backups are deleted and only manually created DB Snapshots are retained.
AWS CloudFormation templates are YAML or JSON formatted text files that are comprised of five essential elements, they are:
* Template parameters
* Output values
* Data tables
* File format version
The three types of EC2 instances based on the costs are:
* On-Demand Instance - These instances are prepared as and when needed. Whenever you feel the need for a new EC2 instance, you can go ahead and create an on-demand instance. It is cheap for the short-time but not when taken for the long term.
* Spot Instance - These types of instances can be bought through the bidding model. These are comparatively cheaper than On-Demand Instances.
* Reserved Instance - On AWS, you can create instances that you can reserve for a year or so. These types of instances are especially useful when you know in advance that you will be needing an instance for the long term. In such cases, you can create a reserved instance and save heavily on costs.
An AWS Availability Zone is a physical location where an Amazon data center is located. On the other hand, an AWS Region is a collection or group of Availability Zones or Data Centers.
This setup helps your services to be more available as you can place your VMs in different data centers within an AWS Region. If one of the data centers fails in a Region, the client requests still get served from the other data centers located in the same Region. This arrangement, thus, helps your service to be available even if a Data Center goes down.
Amazon S3 is a REST Service, and you can send a request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.
Amazon Route 53 uses the following to provide high availability and low latency:
* Globally Distributed Servers - Amazon is a global service and consequently has DNS Servers globally. Any customer creating a query from any part of the world gets to reach a DNS Server local to them that provides low latency.
* Dependency - Route 53 provides a high level of dependability required by critical applications.
* Optimal Locations - Route 53 serves the requests from the nearest data center to the client sending the request. AWS has data-centers across the world. The data can be cached on different data-centers located in different regions of the world depending on the requirements and the configuration chosen. Route 53 enables any server in any data-center which has the required data to respond. This way, it enables the nearest server to serve the client request, thus reducing the time taken to serve.
AWS CloudFormation helps you provision and describe all of the infrastructure resources that are present in your cloud environment. On the other hand, AWS Elastic Beanstalk provides an environment that makes it easy to deploy and run applications in the cloud.
AWS CloudFormation supports the infrastructure needs of various types of applications, like legacy applications and existing enterprise applications. On the other hand, AWS Elastic Beanstalk is combined with the developer tools to help you manage the lifecycle of your applications.
AWS Snowball is basically a data transport solution for moving high volumes of data into and out of a specified AWS region. On the other hand, AWS Snowball Edge adds additional computing functions apart from providing a data transport solution. The snowmobile is an exabyte-scale migration service that allows you to transfer data up to 100 PB.
RTO or Recovery Time Objective is the maximum time your business or organization is willing to wait for a recovery to complete in the wake of an outage. On the other hand, RPO or Recovery Point Objective is the maximum amount of data loss your company is willing to accept as measured in time.
Here are the factors to consider during AWS migration:
* Operational Costs - These include the cost of infrastructure, ability to match * demand and supply, transparency, and others.
* Workforce Productivity
* Cost avoidance
* Operational resilience
* Business agility
The CloudFormation registry lists the extensions, both private and public (AWS), that are available for use in your CloudFormation account. An extension is an artifact, registered in the CloudFormation Registry, which augments the functionality of CloudFormation in a native manner.
Third-party resource types must be registered before they can be used to provision resources with AWS CloudFormation templates. Please see Using the AWS CloudFormation registry in our in the documentation for details.
Here are the steps involved in a CloudFormation solution:
* Create or use an existing CloudFormation template using JSON or YAML format.
* Save the code in an S3 bucket, which serves as a repository for the code.
* Use AWS CloudFormation to call the bucket and create a stack on your template.
* CloudFormation reads the file and understands the services that are called the relationship between the services, and provisions the services one after the other.
AWS CloudFormation is a service that gives developers and businesses a possible way to create a collection of related AWS and third-party resources, and provision and manage them in an orderly and predictable fashion.
Developers can deploy and update compute, database, and many other resources in a simple, declarative style that abstracts away the complexity of specific resource APIs. AWS CloudFormation is designed to allow resource lifecycles to be managed repeatably, predictable, and safely, while allowing for automatic rollbacks, automated state management, and management of resources across accounts and regions.
By default, the automatic rollback on error feature is enabled. This will direct CloudFormation to only create or update all resources in your stack if all individual operations succeed. If they do not, CloudFormation reverts the stack to the last known stable configuration.
For example,if you accidentally exceed your default limit of Elastic IP addresses, or you don not have access to an EC2 AMI that you are trying to run. This feature enables you to rely on the fact that stacks are created either fully or not at all, which simplifies system administration and layered solutions built on top of CloudFormation.
You can monitor VPC by using:
* CloudWatch and CloudWatch logs
* VPC Flow Logs
Here is a selection of security products and features:
* Security groups - This acts as a firewall for the EC2 instances, controlling inbound and outbound traffic at the instance level.
* Network access control lists - It acts as a firewall for the subnets, controlling inbound and outbound traffic at the subnet level.
* Flow logs - These capture the inbound and outbound traffic from the network interfaces in your VPC.
To fix this problem, you need to enable the DNS hostname resolution, so that the problem resolves itself.
You need to follow the four steps provided below to allow access. They are:
1. Categorize your instances
2. Define how authorized users can manage specific servers.
3. Lockdown your tags
4. Attach your policies to IAM users
Follow the steps provided below to recover an EC2 instance if you have lost the key:
1. Verify that the EC2Config service is running
2. Detach the root volume for the instance
3. Attach the volume to a temporary instance
4. Modify the configuration file
5. Restart the original instance
There are many types of AMIs, but some of the common AMIs are:
* Fully Baked AMI
* Just Enough Baked AMI (JeOS AMI)
* Hybrid AMI
SAM templates are an extension of AWS CloudFormation templates, with some additional components that make them easier to work with. For the full reference for AWS CloudFormation templates, see AWS CloudFormation Template Reference in the AWS CloudFormation User Guide.
Solaris is an operating system that uses SPARC processor architecture, which is not supported by the public cloud currently.
AIX is an operating system that runs only on Power CPU and not on Intel, which means that you cannot create AIX instances in EC2.
Since both the operating systems have their limitations, they are not currently available with AWS.
Here’s how you accomplish this:
1. Go to your PuTTY Configuration
2. Go to the category SSH -> Auth
3. Enable SSH agent forwarding to your instance
The three types of EC2 instances are:
* On-demand Instance
It is cheap for a short time but not when taken for the long term
* Spot Instance
It is less expensive than the on-demand instance and can be bought through bidding.
* Reserved Instance
If you are planning to use an instance for a year or more, then this is the right one for you.
While you may think that both stopping and terminating are the same, there is a difference. When you stop an EC2 instance, it performs a normal shutdown on the instance and moves to a stopped state. However, when you terminate the instance, it is transferred to a stopped state, and the EBS volumes attached to it are deleted and can never be recovered.
While both NAT Gateways and NAT Instances serve the same function, they still have some key differences.
AWS services that are not region-specific are:
* Route 53
* Web Application Firewall
The three major types of virtualization in AWS are:
* Hardware Virtual Machine (HVM)
It is a fully virtualized hardware, where all the virtual machines act separate from each other. These virtual machines boot by executing a master boot record in the root block device of your image.
Paravirtualization-GRUB is the bootloader that boots the PV AMIs. The PV-GRUB chain loads the kernel specified in the menu.
* Paravirtualization on HVM
PV on HVM helps operating systems take advantage of storage and network I/O available through the host.
Amazon CloudWatch helps you to monitor the application status of various AWS services and custom events. It helps you to monitor:
* State changes in Amazon EC2
* Auto-scaling lifecycle events
* Scheduled events
* AWS API calls
* Console sign-in events
Not all Amazon AWS services are available in all regions. When Amazon initially launches a new service, it doesn’t get immediately published in all the regions. They start small and then slowly expand to other regions. So, if you don’t see a specific service in your region, chances are the service hasn’t been published in your region yet. However, if you want to get the service that is not available, you can switch to the nearest region that provides the services.
DDoS is a cyber-attack in which the perpetrator accesses a website and creates multiple sessions so that the other legitimate users cannot access the service. The native tools that can help you deny the DDoS attacks on your AWS services are:
* AWS Shield
* AWS WAF
* Amazon Route53
* Amazon CloudFront
You can use AWS CodePipeline to trigger a Cloud Formation template to run in the deployment phase.
The pipeline has following stages:
>> Source phase: Fetch the latest commit.
>> Build phase: Build the code into a docker image and push it to ECR.
>> Deploy phase: Take the latest docker image from ECR, deploy it to ECS
<> In AWS CloudFormation related resources are managed as a single unit called a stack.
<> It is possible to create, update, and delete a collection of resources by creating, updating, and deleting stacks.
<> All the resources in a stack are defined by the stack's AWS CloudFormation template.
When two are dependent on one another we will get a circular dependency error because AWS CloudFormation is unable to clearly determine which resource should be created first
The first step is to examine the resources that are outlined and make sure that AWS CloudFormation can determine what resource order it should take.
To resolve a dependency error, add a DependsOn attribute to resources that depend on other resources in your template.
Using DependsOn, we can specify that a particular resource needs to be created before the other resource.
There is interleaved dependency between two resources.
* Resource X is dependent on Resource Y, and Resource Y is dependent on Resource X.
* When this type of situation occurs, you will get a circular dependency error because AWS CloudFormation is unable to clearly determine which resource should be created first.
* The AWS CloudFormation circular dependency can be caused by interactions between services that cause them to be mutually dependent.
Most of the AWS services have their logging options. Also, some of them have an account level logging, like in AWS CloudTrail, AWS Config, and others. Let’s take a look at two services in specific:
This is a service that provides a history of the AWS API calls for every account. It lets you perform security analysis, resource change tracking, and compliance auditing of your AWS environment as well. The best part about this service is that it enables you to configure it to send notifications via AWS SNS when new logs are delivered.
This helps you understand the configuration changes that happen in your environment. This service provides an AWS inventory that includes configuration history, configuration change notification, and relationships between AWS resources. It can also be configured to send information via AWS SNS when new logs are delivered.
The essential services that you can use are Amazon CloudWatch Logs, store them in Amazon S3, and then use Amazon Elastic Search to visualize them. You can use Amazon Kinesis Firehose to move the data from Amazon S3 to Amazon ElasticSearch.
The that can help you log into the AWS resources are:
* AWS CLI for Linux
* AWS CLI for Windows
* AWS CLI for Windows CMD
* AWS SDK
<> Infrastructure as a code : treat your infrastructure as a simplifying code that facilitates modification and changes.
<> Automated provisioning : We don't have to work on resources, we just have to improve his application. CloudFormation takes care of both the provision and control of resources
<> Safety controls : The inspections are automated to minimize stress and improve quality and efficiency.
<> Extensibility: CloudFormation Stack offers an expandable framework for our own extensions and adding them to the CloudFormation template. For a third party resource, customized extension provisioning can be created.
<> Centerlize Control : You can model a whole AWS infrastructure in a text file and construct multiple infrastructures with a single code using that design.
You can know that you are paying the correct amount for the resources that you are using by employing the following resources:
<> Check the Top Services Table
It is a dashboard in the cost management console that shows you the top five most used services. This will let you know how much money you are spending on the resources in question.
<> Cost Explorer
There are cost explorer services available that will help you to view and analyze your usage costs for the last 13 months. You can also get a cost forecast for the upcoming three months.
<> AWS Budgets
This allows you to plan a budget for the services. Also, it will enable you to check if the current plan meets your budget and the details of how you use the services.
<> Cost Allocation Tags
This helps in identifying the resource that has cost more in a particular month. It lets you organize your resources and cost allocation tags to keep track of your AWS costs.
You can upgrade or downgrade a system with near-zero downtime using the following steps of migration:
* Open EC2 console
* Choose Operating System AMI
* Launch an instance with the new instance type
* Install all the updates
* Install applications
* Test the instance to see if it’s working
* If working, deploy the new instance and replace the older instance
* Once it’s deployed, you can upgrade or downgrade the system with near-zero downtime.
* Take home these interview Q&As and get much more. Download the complete AWS Interview Guide here:
Here are the steps involved in a CloudFormation solution:
<> Create or use an existing CloudFormation template using JSON or YAML format.
<> Save the code in an S3 bucket, which serves as a repository for the code.
<> Use AWS CloudFormation to call the bucket and create a stack on your template.
<> CloudFormation reads the file and understands the services that are called, their order, the relationship between the services, and provisions the services one after the other.
Geo-Targeting is a concept where businesses can show personalized content to their audience based on their geographic location without changing the URL. This helps you create customized content for the audience of a specific geographical area, keeping their needs in the forefront.
AWS regions are separate geographical areas, like the US-West 1 (North California) and Asia South (Mumbai). On the other hand, availability zones are the areas that are present inside the regions. These are generally isolated zones that can replicate themselves whenever required.
The three basic types of cloud services are:
Here are some of the AWS products that are built based on the three cloud service types:
Computing - These include EC2, Elastic Beanstalk, Lambda, Auto-Scaling, and Lightsat.
Storage - These include S3, Glacier, Elastic Block Storage, Elastic File System.
Networking - These include VPC, Amazon CloudFront, Route53