Yes, the Internet gateway is needed to use VPC (virtual private cloud peering) connections.
The boot time for an Amazon instance store-backend AMI is less than 5 minutes.
A Geo-restriction feature helps you to prevent users of specific geographic locations from accessing content which you’re distributing through a CloudFront web distribution.
AWS Edge locations are services that redundantly cache data and images.
The types of AMI provided by AWS are:
1. Instance store backed
2. EBS backed
AWS IAM enables an administrator to provide granular level access to different users and groups. Different users and user groups may need different levels of access to different resources created. With IAM, you can create roles with specific access-levels and assign the roles to the users.
It also allows you to provide access to the resources to users and applications without creating the IAM Roles, which is known as Federated Access.
Lambda is an Amazon compute service which allows you to run code in the AWS Cloud without managing servers.
Geo-Targeting enables the creation of customized content based on the geographic location of the user. This allows you to serve the content which is more relevant to a user. For example, using Geo-Targeting, you can show the news related to local body elections to a user sitting in India, which you may not want to show to a user sitting in the US. Similarly, the news related to Baseball Tournament can be more relevant to a user sitting in the US, and not so relevant for a user sitting in India.
Eventual Consistency - It means that the data will be consistent eventually, but may not be immediate. This will serve the client requests faster, but chances are that some of the initial read requests may read the stale data. This type of consistency is preferred in systems where data need not be real-time. For example, if you don’t see the recent tweets on Twitter or recent posts on Facebook for a couple of seconds, it is acceptable.
Strong Consistency - It provides an immediate consistency where the data will be consistent across all the DB Servers immediately. Accordingly. This model may take some time to make the data consistent and subsequently start serving the requests again. However, in this model, it is guaranteed that all the responses will always have consistent data.
The three types of EC2 instances based on the costs are:
1. On-Demand Instance - These instances are prepared as and when needed. Whenever you feel the need for a new EC2 instance, you can go ahead and create an on-demand instance. It is cheap for the short-time but not when taken for the long term.
2. Spot Instance - These types of instances can be bought through the bidding model. These are comparatively cheaper than On-Demand Instances.
3. Reserved Instance - On AWS, you can create instances that you can reserve for a year or so. These types of instances are especially useful when you know in advance that you will be needing an instance for the long term. In such cases, you can create a reserved instance and save heavily on costs.
You can monitor Amazon VPC using:
<> CloudWatch
<> VPC Flow Logs
Amazon Route 53 uses the following to provide high availability and low latency:
<> Globally Distributed Servers - Amazon is a global service and consequently has DNS Servers globally. Any customer creating a query from any part of the world gets to reach a DNS Server local to them that provides low latency.
<> Dependency - Route 53 provides a high level of dependability required by critical applications.
<> Optimal Locations - Route 53 serves the requests from the nearest data center to the client sending the request. AWS has data-centers across the world. The data can be cached on different data-centers located in different regions of the world depending on the requirements and the configuration chosen. Route 53 enables any server in any data-center which has the required data to respond. This way, it enables the nearest server to serve the client request, thus reducing the time taken to serve.
Amazon Elasticcache is a web service which makes it easy to deploy, scale and store data in the cloud.
EC2 officially launched in the year 2006.
The Amazon CloudWatch has the following features:
<> Depending on multiple metrics, it participates in triggering alarms.
Helps in monitoring the AWS environments like CPU utilization, EC2, <> Amazon RDS instances, Amazon SQS, S3, Load Balancer, SNS, etc.
Yes, we can establish a peering connection to a VPC in a different region. It is called inter-region VPC peering connection.
AWS services that are not region-specific are:
IAM
Route 53
Web Application Firewall
CloudFront
Amazon CloudWatch helps you to monitor the application status of various AWS services and custom events. It helps you to monitor:
> State changes in Amazon EC2
> Auto-scaling lifecycle events
> Scheduled events
> AWS API calls
> Console sign-in events
In AWS IAM there are two types of roles. The IAM user will have a permanent identity. The federated user (Question# 5) will not have an identity.
User – Specific IAM entity
Group – These people will have the same kind of Access
These are short-lived security credentials. These you can create from AWSSTS service (AWS security Token Service).
> User-id and Password
> E-mail address and Password
> Access Keyes
> Key pair
> Multi-factor authentication
You can also be called an IAM entity.
You can control authorization by creating policies.
It’s to provide authorization for certain AWS resources – not all.
The best example is providing read-only access to the ‘S3’ service.
Snowball is a data transport option. It used source appliances to a large amount of data into and out of AWS. With the help of snowball, you can transfer a massive amount of data from one place to another. It helps you to reduce networking costs.
Edge location is the area where the contents will be cached. So, when a user is trying to access any content, the content will automatically be searched in the edge location.
Roles are used to provide permissions to entities which you can trust within your AWS account. Roles are very similar to users. However, with roles, you do not require to create any username and password to work with the resources.
5 VPC Elastic IP addresses are allowed for each AWS account.
No, currently Amazon VPI does not provide support for broadcast or multicast.
Key-pairs are secure login information for your virtual machines. To connect to the instances, you can use key-pairs which contain a public-key and private-key.
The possible connection errors one might encounter while connecting instances are
>> Connection timed out
>> User key not recognized by the server
>> Host key not found, permission denied
>> An unprotected private key file
>> Server refused our key or No supported authentication method available
>> Error using MindTerm on Safari Browser
>> Error using Mac OS X RDP Client
The buffer is used to make the system more robust to manage traffic or load by synchronizing different components. Usually, components receive and process the requests in an unbalanced way. With the help of a buffer, the components will be balanced and will work at the same speed to provide faster services.
With private and public subnets in VPC, database servers should ideally launch into private subnets.
T2 instances are designed to provide moderate baseline performance and the capability to burst to higher performance as required by the workload.
By default, you can create up to 100 buckets in each of your AWS accounts.
The essential services that you can use are Amazon CloudWatch Logs, store them in Amazon S3, and then use Amazon Elastic Search to visualize them. You can use Amazon Kinesis Firehose to move the data from Amazon S3 to Amazon ElasticSearch.
The that can help you log into the AWS resources are:
<> Putty
<> AWS CLI for Linux
<> AWS CLI for Windows
<> AWS CLI for Windows CMD
<> AWS SDK
<> Eclipse
Amazon S3 is a REST service, and you can send a request by using the REST API or the AWS SDK wrapper libraries that wrap the underlying Amazon S3 REST API.
An AMI includes the following things
<> A template for the root volume for the instance.
<> Launch permissions decide which AWS accounts can avail the AMI to launch instances.
<> A block device mapping that determines the volumes to attach to the instance when it is launched.
From a single AMI, you can launch multiple types of instances. An instance type defines the hardware of the host computer used for your instance. Each instance type provides different computer and memory capabilities. Once you launch an instance, it looks like a traditional host, and we can interact with it as we would with any computer.
You can upgrade or downgrade a system with near-zero downtime using the following steps of migration:
<> Open EC2 console
<> Choose Operating System AMI
<> Launch an instance with the new instance type
<> Install all the updates
<> Install applications
<> Test the instance to see if it’s working
<> If working, deploy the new instance and replace the older instance
<> Once it’s deployed, you can upgrade or downgrade the system with near-zero downtime.
Geo-Targeting is a concept where businesses can show personalized content to their audience based on their geographic location without changing the URL. This helps you create customized content for the audience of a specific geographical area, keeping their needs in the forefront.
Auto-scaling is a function that allows you to provision and launch new instances whenever there is a demand. It allows you to automatically increase or decrease resource capacity in relation to the demand.
AWS regions are separate geographical areas, like the US-West 1 (North California) and Asia South (Mumbai). On the other hand, availability zones are the areas that are present inside the regions. These are generally isolated zones that can replicate themselves whenever required.
A user who is allowed to access AWS resources from third-party vendors – such as Google, Facebook, Linked In, Corporate credentials, etc.
1. You can mange the users. You can control access keys, passwords, multifactor authentication.
2. Manages federated users
Yes, you can monitor the actives of IAM users. If any violation, you can remove access for the IAM user
No, the root user is also called the master user. The IAM user is subset of the root user.
The IAM’s full form is Identity and access management.