It helps business by managing IAM users and their access & it also manages access for federated users.
Eventual Consistency Model and Strong Consistency Model are the two models in DynamoDB.
Eventual Consistency Model, it maximizes read throughput but it doesn’t display the output of a recently completed write.
Strong Consistency Model, it delays in writing the data, however it shows the updated data every time you read it.
The types are completely baked AMI which are Slightly baked AMI (JeOS AMI) & Hybrid AMI.
The below mentioned services can be used for centralized logging solution.
Amazon CloudWatch Logs, this can be stored in Amazon S3.
Amazon Elastic Search can be used to visualize them.
Amazon Kinesis Firehouse can be used to move data from Amazon S3 to Amazon ElasticSearch.
The AWS Serverless Application repository is available in the AWS GovCloud (US-East) region. Hence, the availability of the services has increased to a total of 18 AWS regions i.e. across North America, South America, the EU & the Asia Pacific.
A single AMI is capable of launching multiple types of instances. The hardware of the host computer used for your instances is defined by the instance type. Each instances type has different computer and memory capabilities. After the launch of the instance, it looks like a traditional host and one can interact with it.
License in AWS is Amazon proprietary and in Openstack it is open source. The operating system in AWS depends on what the cloud administrators provides and in Openstack the OS is whatever AMIs provided by AWS.
DynamoDB supports GET/PUT operations by using a user-defined primary key. It provides flexible querying by letting you query on non-primary vital attributes using global secondary indexes and local secondary indexes.
RDS maintenance window lets you decide when DB instance modifications, database engine version upgrades, and software patching have to occur. The automatic scheduling is done only for patches that are related to security and durability. By default, there is a 30-minute value assigned as the maintenance window and the DB instance will still be available during these events though you might observe a minimal effect on performance.
There are two types of scaling - vertical scaling and horizontal scaling. Vertical scaling lets you vertically scale up your master database with the press of a button. A database can only be scaled vertically, and there are 18 different instances in which you can resize the RDS. On the other hand, horizontal scaling is good for replicas. These are read-only replicas that can only be done through Amazon Aurora.
Reserved instances and on-demand instances are the same when it comes to function. They only differ in how they are billed.
Reserved instances are purchased as one-year or three-year reservations, and in return, you get very low hourly based pricing when compared to the on-demand cases that are billed on an hourly basis.
Yes, you can set up AWS Config to deliver configuration updates from different accounts to one S3 bucket, once the appropriate IAM policies are applied to the S3 bucket.
Here’s how Amazon Route 53 provides the resources in question:
Globally Distributed Servers
Amazon is a global service and consequently has DNS services globally. Any customer creating a query from any part of the world gets to reach a DNS server local to them that provides low latency.
Dependency
Route 53 provides a high level of dependability required by critical applications
Optimal Locations
Route 53 uses a global anycast network to answer queries from the optimal position automatically.
Domain
A domain is a collection of data describing a self-contained administrative and technical unit. For example, www.simplilearn.com is a domain and a general DNS concept.
Hosted zone
A hosted zone is a container that holds information about how you want to route traffic on the internet for a specific domain. For example, lms.simplilearn.com is a hosted zone.
The Geo Based DNS routing takes decisions based on the geographic location of the request. Whereas, the Latency Based Routing utilizes latency measurements between networks and AWS data centers. Latency Based Routing is used when you want to give your customers the lowest latency possible. On the other hand, Geo Based routing is used when you want to direct the customer to different websites based on the country or region they are browsing from.
IAM enables to:
Manage IAM users and their access - AWS IAM provides secure resource access to multiple users.
Manage access for federated users – AWS allows you to provide secure . access to resources in your AWS account to your employees and applications without creating IAM roles.
There are two types of managed policies; one that is managed by you and one that is managed by AWS. They are IAM resources that express permissions using IAM policy language. You can create, edit, and manage them separately from the IAM users, groups, and roles to which they are attached.
The two key differences between the IAM role and IAM user are:
An IAM role is an IAM entity that defines a set of permissions for making AWS service requests, while an IAM user has permanent long-term credentials and is used to interact with the AWS services directly.
In the IAM role, trusted entities, like IAM users, applications, or an AWS service, assume roles whereas the IAM user has full access to all the AWS IAM functionalities.
AWS WAF or AWS Web Application Firewall protects your web applications from web exploitations. It helps you control the traffic flow to your applications. With WAF, you can also create custom rules that block common attack patterns. It can be used for three cases: allow all requests, prevent all requests, and count all requests for a new policy.
Application Load Balancer
Used if you need flexible application management and TLS termination.
Network Load Balancer
Used if you require extreme performance and static IPs for your applications.
Classic Load Balancer
Used if your application is built within the EC2 Classic network
Here’s the procedure for auto-deleting old snapshots:
<> As per procedure and best practices, take snapshots of the EBS volumes on Amazon S3.
<> Use AWS Ops Automator to handle all the snapshots automatically.
<> This allows you to create, copy, and delete Amazon EBS snapshots.
EBS is a kind of permanent storage in which the data can be restored at a later point. When you save data in the EBS, it stays even after the lifetime of the EC2 instance. On the other hand, Instance Store is temporary storage that is physically attached to a host machine. With an Instance Store, you cannot detach one instance and attach it to another. Unlike in EBS, data in an Instance Store is lost if any instance is stopped or terminated.
If the resource in the stack cannot be created, then the CloudFormation automatically rolls back and terminates all the resources that were created in the CloudFormation template. This is a handy feature when you accidentally exceed your limit of Elastic IP addresses or don’t have access to an EC2 AMI.
Here are some differences between AWS CloudFormation and AWS Elastic Beanstalk:
<. AWS CloudFormation helps you provision and describe all of the infrastructure resources that are present in your cloud environment. On the other hand, AWS Elastic Beanstalk provides an environment that makes it easy to deploy and run applications in the cloud.
<. AWS CloudFormation supports the infrastructure needs of various types of applications, like legacy applications and existing enterprise applications. On the other hand, AWS Elastic Beanstalk is combined with the developer tools to help you manage the lifecycle of your applications.
The AWS Resources owner is identical to an Administrator User. The Administrator User can build, change, delete, and inspect resources, as well as grant permissions to other AWS users.
Administrator Access without the ability to control users and permissions is provided to a Power User. A Power User Access user cannot provide permissions to other users but has the ability to modify, remove, view, and create resources.
Connection Draining is an AWS service that allows us to serve current requests on the servers that are either being decommissioned or updated.
By enabling this Connection Draining, we let the Load Balancer make an outgoing instance finish its existing requests for a set length of time before sending it any new requests. A departing instance will immediately go off if Connection Draining is not enabled, and all pending requests will fail.
The T2 Instances are intended to give the ability to burst to a higher performance whenever the workload demands it and also provide a moderate baseline performance to the CPU.
The T2 instances are General Purpose instance types and are low in cost as well. They are usually used wherever workloads do not consistently or often use the CPU.
AWS Snowball is basically a data transport solution for moving high volumes of data into and out of a specified AWS region. On the other hand, AWS Snowball Edge adds additional computing functions apart from providing a data transport solution. The snowmobile is an exabyte-scale migration service that allows you to transfer data up to 100 PB.
RTO or Recovery Time Objective is the maximum time your business or organization is willing to wait for a recovery to complete in the wake of an outage. On the other hand, RPO or Recovery Point Objective is the maximum amount of data loss your company is willing to accept as measured in time.
Here’s how you can add an existing instance to a new Auto Scaling group:
* Open EC2 console
* Select your instance under Instances
* Choose Actions -> Instance Settings -> Attach to Auto Scaling Group
* Select a new Auto Scaling group
* Attach this group to the Instance
* Edit the Instance if needed
* Once done, you can successfully add the instance to a new Auto Scaling group
We can have up to 200 Subnets per Amazon Virtual Private Cloud (VPC).
Here is a selection of security products and features:
<> Security groups - This acts as a firewall for the EC2 instances, controlling inbound and outbound traffic at the instance level.
<> Network access control lists - It acts as a firewall for the subnets, controlling inbound and outbound traffic at the subnet level.
<> Flow logs - These capture the inbound and outbound traffic from the network interfaces in your VPC.
To fix this problem, you need to enable the DNS hostname resolution, so that the problem resolves itself.
Storage classes available with Amazon s3 are:
<> Amazon S3 standard
<> Amazon S3 standard-infrequent Access
<> Amazon S3 Reduced Redundancy Storage
<> Amazon Glacier
You need to follow the four steps provided below to allow access. They are:
1. Categorize your instances
2. Define how authorized users can manage specific servers.
3. Lockdown your tags
4. Attach your policies to IAM users
Lifecycle hooks are used for autoscaling to put an additional wait time to a scale in or scale out event.
No, a Private IP Address of an EC2 instance cannot be changed. When an EC2 instance is launched, a private IP Address is assigned to that instance at the boot time. This private IP Address is attached to the instance for its entire lifetime and can never be changed.
Yes, it is possible by using the Multipart Upload Utility from AWS. With the Multipart Upload Utility, larger files can be uploaded in multiple parts that are uploaded independently. You can also decrease upload time by uploading these parts in parallel. After the upload is done, the parts are merged into a single object or file to create the original file from which the parts were created.
Recovery Time Objective - It is the maximum acceptable delay between the interruption of service and restoration of service. This translates to an acceptable time window when the service can be unavailable.
Recover Point Objective - It is the maximum acceptable amount of time since the last data restore point. It translates to the acceptable amount of data loss which lies between the last recovery point and the interruption of service.
An Instance Store Volume is temporary storage that is used to store the temporary data required by an instance to function. The data is available as long as the instance is running. As soon as the instance is turned off, the Instance Store Volume gets removed and the data gets deleted.
On the other hand, an EBS Volume represents a persistent storage disk. The data stored in an EBS Volume will be available even after the instance is turned off.
An Administrator User will be similar to the owner of the AWS Resources. He can create, delete, modify or view the resources and also grant permissions to other users for the AWS Resources.
A Power User Access provides Administrator Access without the capability to manage the users and permissions. In other words, a user with Power User Access can create, delete, modify or see the resources, but he cannot grant permissions to other users.
Follow the steps provided below to recover an EC2 instance if you have lost the key:
1. Verify that the EC2Config service is running
2. Detach the root volume for the instance
3. Attach the volume to a temporary instance
4. Modify the configuration file
5. Restart the original instance
The Key-Pairs are password-protected login credentials for the Virtual Machines that are used to prove our identity while connecting the Amazon EC2 instances. The Key-Pairs are made up of a Private Key and a Public Key which lets us connect to the instances.
There are many types of AMIs, but some of the common AMIs are:
Fully Baked AMI
Just Enough Baked AMI (JeOS AMI)
Hybrid AMI
Here’s how you can configure them:
Create an Alarm using Amazon CloudWatch
In the Alarm, go to Define Alarm -> Actions tab
Choose Recover this instance option
Solaris is an operating system that uses SPARC processor architecture, which is not supported by the public cloud currently.
AIX is an operating system that runs only on Power CPU and not on Intel, which means that you cannot create AIX instances in EC2.
Since both the operating systems have their limitations, they are not currently available with AWS.
Here’s how you accomplish this:
1. Go to your PuTTY Configuration
2. Go to the category SSH -> Auth
3. Enable SSH agent forwarding to your instance
While you may think that both stopping and terminating are the same, there is a difference. When you stop an EC2 instance, it performs a normal shutdown on the instance and moves to a stopped state. However, when you terminate the instance, it is transferred to a stopped state, and the EBS volumes attached to it are deleted and can never be recovered.
A Stateful Firewall is the one that maintains the state of the rules defined. It requires you to define only inbound rules. Based on the inbound rules defined, it automatically allows the outbound traffic to flow.
On the other hand, a Stateless Firewall requires you to explicitly define rules for inbound as well as outbound traffic.
For example, if you allow inbound traffic from Port 80, a Stateful Firewall will allow outbound traffic to Port 80, but a Stateless Firewall will not do so.
When AWS creates EC2 instances, there are some blocks of computing capacity and processing power left unused. AWS releases these blocks as Spot Instances. Spot Instances run whenever capacity is available. These are a good option if you are flexible about when your applications can run and if your applications can be interrupted.
On the other hand, On-Demand Instances can be created as and when needed. The prices of such instances are static. Such instances will always be available unless you explicitly terminate them.