How will do upload a file greater than 200 megabytes in Amazon S3?

• As we know that Amazon S3 supports of storing objects or files up to 5 terabytes.
• But if you want to upload an file greater than 100 megabytes then we have to use of Multipart upload functionality from AWS.
• we can upload an large file in multiple parts if we use Multipart upload.
• In this case , each part will be uploaded independently and uploading time decreases.

How do Encryption is done in S3?

 In Transit: SSL/TLS

 At Rest

 Server-Side in Encryption

 S3 Managed Keys – SSE-S3

 AWS Key Management Service, Managed of Keys – SSE-KMS

 Server-Side Encryption with Customer Provided Keys – SSE-C  Client-Side Encryptions

AWS Machine Learning certification Pre Test -1

List the components required to build Amazon VPC?

Ans: Subnet, Internet Gateway, NAT Gateway, HW VPN Connection, Virtual Private Gateway, Customer Gateway, Router, Peering Connection, VPC Endpoint for S3, Egress-only Internet Gateway.

How do you safeguard your EC2 instances running in a VPC?

Ans: Security Groups can be used to protect your EC2 instances in a VPC. We can configure both INBOUND and OUTBOUND traffic in a Security Group which enables secured access to your EC2 instances. Security Group automatically denies any unauthorized access to your EC2 instances.

AWS INTERVIEW QUESTION

AWS Certified Solutions Architect – Professional

In a VPC how many EC2 instances can you use?

Ans: Initially you are limited to launch 20 EC2 Instances at one time. Maximum VPC size is 65,536 instances.

Where does the query results from Athena get stored?

Answer : In Amazon S3

What is DNS?

• The Domain Name Service or DNS, is a name resolution service on a TCP/IP network.
• It is an application layer which defines how the application runs on different systems, pass the messages to each other.
• DNS stands for Domain Name System.
• DNS provides a mapping between the name of a host(on the network) and its address.
• DNS is required for the functioning of the internet.
• DNS is a service that translates the domain name into IP addresses.
• It applies to both IP version 4 and IP version 6.
• A DNS zone is related to a DNS domain name.Ex: cloudvikas.com.
• The DNS zone refers to the configuration of the
  • DNS records, or
  • DNS domain name and
  • The DNS server that has control over those records within that zone.

What is TTL or The time to live in DNS?

DNS TTL (time to live) is a setting that tells the DNS resolver how long to cache a query before requesting a new one. So its information is stored in the cache of the recursive or local resolver for the TTL before it reaches back out to collect new, updated details.

• Example: If a client queries its configured DNS server to resolve a name to an IP address then a server does a successful name resolution result, it will cache it for a period of time. That period of time is called the TTL or the time to live.
• We recommend a TTL of 24 hours (86,400 seconds). However, if you are planning to make DNS changes, you can lower the TTL to 5 minutes (300 seconds) at least 24 hours in advance of making the changes. 

Consider you need to allow inbound DNS client queries to a VPC subnet. Which port should you allow in the Network ACL rule?

Ans- 53

Question: Which type of DNS record routing rule allows sending a percentage of traffic to a specific host?

Ans – Weighted

Question: You are registering a new DNS domain through Route 53. What must you supply when registering the domain?

Ans – Contact details

Question: Which type of SQS queue does not use ordered messaging?

Ans – Standard

Question: Which terms best describe the purpose of AWS Lambda?

Ans – Triggers

Data processing

Question: With Simple Notification Service, which item is a communication channel to which messages are published?

ANs – Topic

Question: Which AWS resource lends itself to application component decoupling?

Ans – SQS

Question: Which of the following are valid SQS queue types?

Ans – FIFO

Standard

Question: Why do application containers start up very quickly?

Ans – They use the underlying host OS

Question: Which records exist automatically in a new hosted DNS zone?

Ans – NS

SOA

Question: Which of the following statements is correct? Choose two.

Security group rules have a priority number

Security groups are associated with EC2 instances

Network ACL rules have a priority number

Network ACLs are associated subnets

Ans – Network ACL rules have a priority number

Network ACLs are associated subnets

Question: You are using the AWS management console to create a new Network ACL. What must the ACL be associated with?

Ans – VPC

Question: You have created a network ACL. You now need to create ACL rules using the CLI. Which command should you use?

Ans – aws ec2 create-network-acl-entry

Question: Which PowerShell statement is used to create a Network ACL?

Ans – New-EC2NetworkAcl -VpcId

Question: Which AWS objects can Elastic IPs be associated with?

Ans – Instance

Network interface

Question: You are using the AWS management console to create a new Security Group. What must the security group be associated with?

Ans – VPC

Question: Which CLI command is used to list AWS Security Groups?

Ans – aws ec2 describe-security-groups

Question: we need to allow port 3389 traffic to pass into an EC2 instance. Which PowerShell cmdlet should we use to modify the security group associated with the instance?

Ans – Grant-EC2SecurityGroupIngress

Question: Which term best describes the role of an AWS Internet Gateway?

Ans – Pass-through

Question: You have created an Internet Gateway in VPC1, yet EC2 instances in VPC1 subnets cannot reach the Internet. What should you do?

Ans – Add a route from the subnets

Question: Which term best describes the role of an AWS NAT Gateway?

Ans – Proxy

Question: Which two items must a new NAT gateway be associated with?

Ans – Elastic IP

Subnet

How will you convert and migrate an on-premise Oracle database to AWS Aurora.

Answer : First we will convert database schema and code using AWS Schema Conversion Tool then will migrate data from the source database to the target database using AWS.

You expect a large number of GET and PUT requests on S3 bucket. You could expect around 300 PUT and 500 GET requests per second on the 53 bucket during a selling period on your web site. How will you do good design to ensure optimal performance?

Answer : We have to ensure the object names have appropriate key names.

Which AWS Service filter, transform messages (coming from sensor) and store them as time series data in Dynamo DB?

Answer : loT Rules Engine. The Rules Engine is a component of AWS IoT Core. The Rules Engine evaluates inbound messages published into AWS IoT Core and transforms and delivers them to another device or a cloud service, based on business rules you define.

Your Project is currently running an EMR cluster which is used to perform a processing task every day from 5pm to 10 pm. But the data admin has noticed that the cluster is being billed for the entire day. What will you do configuration here for the cluster to reduce the costs?

Answer : We can use transient clusters in EMR. There are two kinds of EMR clusters: transient and long-running. If you want to configure your cluster to be automatically terminated then it is terminated after all the steps complete.This is a transient cluster. Transient clusters are compute clusters that automatically shut down and stop billing when processing is finished.

Which storage types can be used with Amazon EMR?

Answer : Local file system

HDFS

EMRFS

Question: Which PowerShell cmdlet is used to add a new EC2 instance?

New-EC2Instance

Run-EC2Instance

Ans – New-EC2Instance

Question: Which port does SSH use?

25

22

Ans – 22

Question: You are using the AWS management console to launch a new EC2 Windows instance. You would like to have a script execute when the instance is launched. Into which field should you place the launch script commands?

VPC

User data

Ans – User data

Describe different types of Storage For Amazon Ec2?

AWS BIGDATA INTERVIEW QUESTION

AWS EC2 INTERVIEW QUESTION

• Amazon EBS- Amazon EBS provides durable, block-level storage volumes that you can attach to a running instance. You can use Amazon EBS as a primary storage device for data that requires frequent and granular updates. For example, Amazon EBS is the recommended storage option when you run a database on an instance.
• Amazon EC2 instance store- This disk storage is referred to as instance store. Instance store provides temporary block-level storage for instances. The data on an instance store volume persists only during the life of the associated instance; if you stop, hibernate, or terminate an instance, any data on instance store volumes is lost.
• Amazon EFS file system- Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances to mount the file system.
• Amazon S3- Amazon S3 provides access to reliable and inexpensive data storage infrastructure. It is designed to make web-scale computing easier by enabling you to store and retrieve any amount of data, at any time, from within Amazon EC2 or anywhere on the web.
• Adding storage- The root storage device contains all the information necessary to boot the instance. You can specify storage volumes in addition to the root device volume when you create an AMI or launch an instance using block device mapping.

What is auto-scaling?

• Autoscaling, also spelled auto scaling or auto-scaling, and sometimes also called automatic scaling, is a method used in cloud computing that dynamically adjusts the amount of computational resources in a server farm – typically measured by the number of active servers – automatically based on the load on the farm.
• Amazon EC2 Auto Scaling helps you maintain application availability and allows you to automatically add or remove EC2 instances according to conditions you define.
• Dynamic scaling responds to changing demand and predictive scaling automatically schedules the right number of EC2 instances based on predicted demand.
• If you specify scaling policies, then Amazon EC2 Auto Scaling can launch or terminate instances as demand on your application increases or decreases. For example, the following Auto Scaling group has a minimum size of one instance, a desired capacity of two instances, and a maximum size of four instances.
• When you use Amazon EC2 Auto Scaling, your applications gain the following benefits:
  • Better fault tolerance. Amazon EC2 Auto Scaling can detect when an instance is unhealthy, terminate it, and launch an instance to replace it.
  • Better availability.
  • Better cost management.

Can you establish a peering connection to a VPC in a different REGION?

No.

What are the Storage of classes of Amazon?

 Amazon S3

 Scalable Storage in Cloud

 Amazon EBS

 Block Storage for EC2

 AWS Elastic File System

 Managed File Storage for EC2

 Amazon Glacier

 Low-cost Achieve Storage in the

 cloud

 AWS Storage Gateway

 Hybrid Storage Integration

 Amazon Snowball

 Petabyte-Scale Data Transport

 AWS Snowball Edge

 Petabyte-scale Data to Transport with

 On-Demand Compute

 AWS Snowmobile

 Exabyte-scale Data to Transport

How to update AMI tools at the Boot Time on linux?

# Update to Amazon EC2 AMI tools

echo ” + Updating EC2 AMI tools”

yum update -y aws-amitools-ec2

echo ” + Updated EC2 AMI tools”

What are the top 10 advantages of Cloud Computing?

 Pay as you Go Model.

 Increased Mobility.

 Less or No CAPEX.

 High Availability.

 Easy to Manage.

 High Productivity.

 Environment Friendly.

 Less Deployment Time.

 Dynamic Scaling.

 Shared Resources.

How will do upload a file greater than 200 megabytes in Amazon S3?

• As we know that Amazon S3 supports of storing objects or files up to 5 terabytes.
• But if you want to upload an file greater than 100 megabytes then we have to use of Multipart upload functionality from AWS.
• we can upload an large file in multiple parts if we use Multipart upload.
• In this case , each part will be uploaded independently and uploading time decreases.

What are the two types of Load Balancer?

AWS Interview Question-2

Protected: AWS GLUE Interview Question-1

Ans: Classic LB and Application LB. ALB is the Content Based Routing.

Different types of Cloud Computing as per services?

Ans: PAAS (Platform As A Service), IAAS (Infrastructure As A Service), SAAS (Software As A Service)

Can a AMI be shared?

Ans: Yes. A developer can create an AMI and share it with other developers for their use. A shared AMI is packed with the components you need and you can customize the same as per your needs. As you are not an owner of a shared AMI there is a risk always involved.

Which component of a Red shift cluster, if down, it renders the Red shift cluster as unavailable?

Answer : Leader Node.The Leader Node in an Amazon Redshift Cluster manages all external and internal communication. It is responsible for preparing query execution plans whenever a query is submitted to the cluster.The Leader Node distributes data to the slices, and allocates parts of a user query or other database operation to the slices. Slices work in parallel to perform the operations.

What is a Hypervisor?

Ans: A Hypervisor is a kind of software that enables Virtualization. It combines physical hardware resources into a platform which is delivered virtually to one or more users. XEN is the Hypervisor for EC2.

How do Encryption is done in S3?

 In Transit: SSL/TLS

 At Rest

 Server-Side in Encryption

 S3 Managed Keys – SSE-S3

 AWS Key Management Service, Managed of Keys – SSE-KMS

 Server-Side Encryption with Customer Provided Keys – SSE-C  Client-Side Encryptions

What is Auto Scaling?

Ans: Creating duplicate instances during heavy business hours. Scale-IN and Scale-OUT are two different statues of Scaling. Scale-IN: Reducing the instances. Scale-OUT: Increasing the instances by duplicating.

AWS Interview Question-3

AWS Interview Question-4

Which SQL function statements can be used in Red shift to specify a result when there are multiple conditions?

Answer : Case expression

Key Pair and its uses?

Ans: We can use Key Pair to login to EC2 Instance in a secured way. When instances are spread across regions we need to create key pair in each region.

What is AMI?

Ans: AMI is defined as Amazon Machine Image. It’s a template comprising software configuration part. For example, Operating System, DB Server, Application Server, etc.,

You have to create an Amazon Machine Learning model to predict how many inches of snow will fall in an area based on the historical snowfall data. What type of modeling will you use?

Answer : Regression

Difference between Stopping and Terminating the Instances?

• When you STOP an instance it is a normal shutdown. The corresponding EBS volume attached to that instance remains attached and you can restart the instance later.
• When you TERMINATE an instance it gets deleted and you cannot restart that instance again later. And any EBS volume attached with that instance also deleted.

What is Shard in AWS Kinesis?

It is a group of data records in a stream.

AWS Certified Cloud Practitioner 1000 Practice Exam Questions

AWS Interview Question-6

When you launch a standby Relational Database Service instance will it be available in the same Available Zone?

Ans: Not advisable. Because the purpose of having standby RDS instance is to avoid an infrastructure failure. So you have to keep your standby RDS service in a different Availability Zone, which may have different infrastructure.

How will you load streaming data and establish scalable private connections to on-premise data centers ?Which service will you used for that?

Answer : Direct Connect and Kinesis Fire hose

• Establish a dedicated network connection from your premises to AWS.
• AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.
• Using AWS Direct Connect, you can establish private connectivity between AWS and your datacentre.
• Amazon Kinesis Firehose is the easiest way to load streaming data into AWS. It can capture and automatically load streaming data into Amazon S3 and Amazon Redshift

Difference between Amazon RDS, DynamoDB and Redshift?

Ans: RDS is meant for structured data only. DynamoDB is meant for unstructured data which is a NoSQL service. Redshift is a data warehouse product used for data analysis.

Which service is used by the Spark Streaming tool to consume data from Amazon Kinesis?

Answer : Amazon Kinesis Producer Library

There is a requirement to perform SQL querying along with complex queries on different backend data that include Red shift, My SQL Hive on EMR. H3, and PostgreSQL. How can we use Presto S in this case?

Answer : Presto is a high performance, distributed SQL query engine for big data. Its architecture allows users to query a variety of data sources such as Hadoop, AWS S3, Alluxio, MySQL, Cassandra, Kafka, MongoDB and Teradata. 

What are Lifecycle Hooks?

Ans: Lifecycle Hooks are used in Auto Scaling. Lifecycle hooks enable you to perform custom actions by pausing instances as an Auto Scaling group launches or terminates them. Each Auto Scaling group can have multiple lifecycle hooks.

We need to perform ad-hoc SQL queries on structured data in Project. As Data comes in constantly at a high velocity so what services should we use?

Answer : EMR + Red shift

AWS Certified Developer Associate QUIZ

AWS Interview Question-5

What is S3?

Ans: S3 stands for Simple Storage Service, with a simple web service interface to store and retrieve any amount of data from anywhere on the web.

Consider you have to load a lot of data once a week from your on-premise datacenter to AWS Redshift. Which AWS-Managed Cloud Data Migration Tools can be used for this data transfer in simple, fast, and secure way.

Answer : Direct Connect

What is AWS Lambada?

Ans: Lambda is an event-driven platform. It is a compute service that runs code in response to events and automatically manages the compute resources required by that code.

In S3 how many buckets can be created?

Ans: By default 100 buckets can be created in a region.

Which service is used by the AWS Athena in partitioning data?

Answer : Hive

What is CloudFront?

Ans: Amazon CloudFront is a service that speeds up transfer of your static and dynamic web content such as HTML files, IMAGE files., etc., CloudFront delivers your particulars thru worldwide data centers named Edge Locations.

Brief about S3 service in AWS?

Ans: S3, a Simple Storage Service from Amazon. You can move your files TO and FROM S3. Its like a FTP storage. You can keep your SNAPSHOTS in S3. You can also ENCRYPT your sensitive data in S3.

Explain Regions and Available Zones in EC2?

Ans: Amazon has hosted EC2 in various locations around the world. These locations are called REGIONS. For example in Asia, Mumbai is one region and Singapore is another region. Each region is composed of isolated locations which are known as AVAILABLE ZONES. Region is independent. But the Available Zones are linked thru low-latency links.

List the components required to build Amazon VPC?

Ans: Subnet, Internet Gateway, NAT Gateway, HW VPN Connection, Virtual Private Gateway, Customer Gateway, Router, Peering Connection, VPC Endpoint for S3, Egress-only Internet Gateway.

Can a EC2 instance inside your VPC connect with the EC2 instance belonging to other VPCs?

Ans: Yes, Possible. Provided an Internet Gateway is configured in such a way that traffic bounded for EC2 instances running in other VPCs.

How do you safeguard your EC2 instances running in a VPC?

• We can use security Groups to protect EC2 instances in a VPC.
• We can configure both INBOUND and OUTBOUND traffic in a Security Group which enables secured access to EC2 instances.
• Security Group automatically denies any unauthorized access to your EC2 instances.

How many EC2 instances can be used in a VPC?

Ans: 20 EC2 Instances. Maximum VPC size is 65,536 instances.

How can you monitor network traffic in your VPC?

Ans: It is possible using Amazon VPC Flow-Logs feature.

Can you establish a peering connection to a VPC in a different REGION?

Ans: Not possible. Peering Connection are available only between VPC in the same region.

Difference between Security Groups and ACLs in a VPC?

Ans: A Security Group defines which traffic is allowed TO or FROM EC2 instance. Whereas ACL, controls at the SUBNET level, scrutinize the traffic TO or FROM a Subnet.

Can you connect your VPC with a VPC owned by another AWS account in project?

Ans: Yes, it is Possible. We can provide details to the owner of other VPCs who can accept your connection.

What are all the different connectivity options available for your VPC?

Ans: Internet Gateway, Virtual Private Gateway, NAT, EndPoints, Peering Connections.

How an EC2 instance in a VPC establish the connection with the internet?

Ans: Using either a Public IP or an Elastic IP.

Describe about Reserved Instances ?

Reserved Instances:

• Purchase (or agree to purchase) usage of EC2 instances in advance for significant discounts over On-Demand pricing
• It Provides a capacity reservation when used in a specific AZ
• AWS Billing automatically applies discounted rates when you launch an instance that matches your purchased RI
• Its Capacity is reserved for a term of 1 or 3 years
• Its EC2 has three RI types: Standard, Convertible,and Scheduled
• Standard = commitment of 1 or 3 years, charged whether it’s on or off
• Scheduled = reserved for specific periods of time,accrue charges hourly, billed in monthly increments over the term (1 year)
• Its RIs are used for steady state workloads and predictable usage
• It is Ideal for applications that need reserved capacity
• It Can change the instance size within the same instance type
• Its Instance type modifications are supported for Linux only
• It Cannot change the instance size of Windows RIs
• It is Billed whether running or not
• It Can sell reservations on the AWS marketplace
• It Can be used in Auto Scaling Groups
• It Can be used in Placement Groups
• It Can be shared across multiple accounts within Consolidated Billing
• If you don’t need your RI’s, you can try to sell them on the Reserved Instance Marketplace

Different types of Cloud Computing as per services?

Ans: PAAS (Platform As A Service), IAAS (Infrastructure As A Service), SAAS (Software As A Service)

What is Security Group in AWS?

Amazon web Service provides a big scope of IT foundation and distributed computing administrations.

Every customer needs product with some degree of security where system traffic can be sifted properly. For that we need AWS Security Group services.

AWS works with security groups that help some level of control of system traffic related with EC2 instances. In Short,

• A security group acts as a virtual firewall that controls the traffic for EC2 instances.
• When we launch an instance, we can specify security group; otherwise, we must use the default security group.
• We can add rules to customize security group that allow traffic to or from its instances.
• If required, then we can modify rules(Inbound/Outbound) at any time, and it reflects simultaneously.
• We can customize our own firewall on EC2 instance, as in some of the cases, our requirements are not met by the defined security groups then we can provide our own firewall on EC2 instance in addition to use security groups.
• Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level.

• We can add rules to a security group that enable us to connect to our instance from our IP address using SSH.
• We can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere.

If you have requirements that doesn’t meet by the defined security groups, you can customize your own firewall on any of your instances in addition to using security groups.

Now we will learn about Security Groups and its uses step by step:

If you have to use in join level queries frequently then which distribution styles would you utilize for the table in Redshift?

Answer : KEY. A distribution key is a column that is used to determine the database partition in which a particular row of data is stored. A distribution key is defined on a table using the CREATE TABLE statement.  The columns of the unique or primary key are used as the distribution keys.

Which method can be used to disable automated snapshots in Red shift?

Answer : Set the retention period to -1

What is the default retention period for a Kinesis stream?

Answer : 1day

What is DynamoDB?

              DynamoDB is a non-relational database for applications that need performance at any scale.

• NoSQL managed database service
• Supports both key-value and document data model
• It’s really fast
  • Consistent responsiveness
  • Single-digit millisecond
• Unlimited throughput and storage
• Automatic scaling up or down
• Handles trillions of requests per day
• ACID transaction support
• On -demand backups and point-in-time recovery
• Encryption at rest
• Data is replication across multiple Availability zones
• Service-level agreement (SLA)up to 99.999%

What are the non-relational Databases?

The Non-Relational databases are NoSQL databases.
These databases are categorized into four groups:

• Key-value stores
• Graph stores
• Column stores
• Document stores

List the Data Types supported by DynamoDB?

DynamoDB supports four scalar data types, and they are:

• Number
• String
• Binary
• Boolean

DynamoDB supports collection data types such as:

• Number Set
• String Set
• Binary Set
• Heterogeneous List
• Heterogeneous Map

2) Is All Outbound traffic allowed?

By default, a security group includes an outbound rule that allows all outbound traffic. We can remove the rule and add outbound rules that allow specific outbound traffic only. If our security group has no outbound rules, no outbound traffic originating from our instance will be allowed.

3) Verify below statement whether it is correct or wrong?

Changes to Security Groups get effected immediately.

TRUE.

We have seen that once Security Group is modified (Inbound rules) then simultaneously it effects on URL.

• 4) Verify below statement whether it is correct or wrong?

You can have any number of EC2 instances within a security group.

TRUE.

We can assign up to five security groups to the instance.

Security groups act at the instance level. Each instance in your VPC can be assigned to a different set of security groups. If we don’t specify any particular group at launch time, the instance is automatically assigned to the default security group for the VPC.

5) Verify below statement whether it is correct or wrong?

Multiple security groups can be attached to EC2 Instances.

Ans — TRUE

Security Groups are STATEFUL.

Ans- True

If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again.

Ans – True

We cannot block specific IP addresses using Security Groups, instead use Network Access Control Lists.

Ans- True

6) How to create a Security Group?

To create a security group using the console

Step 1: Open the Amazon VPC console

Step 2: In the navigation pane, choose Security Groups.

Step 3: Choose Create Security Group.

Step 4: Enter a name for the security group and provide a description.

Step 5: Security Group will be created.

Summary:

• Open the Amazon EC2 console.
• From the left navigation bar, select a region for the security group.
• Click Security Groups in the navigation pane.
• Click Create Security Group.
• Enter a name for the new security group and a description.
• In the VPC list, select your VPC.
• On the Inbound tab, click Add Rule for each new rule, and then click Create.

7)What are the basic rules for defining name and description of security groups?

Names and descriptions can be upto 255 characters in length.

Names and descriptions are limited to the following characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*.

A security group name cannot start with sg-.

A security group name must be unique within the VPC.

8) How to delete a rule using the console?

Step 1: Open the Amazon console

Step 2: In the navigation pane, choose Security Groups.

Step 3: Select the security group to update.

Step 4: Choose Actions, Edit inbound rules or Actions, Edit outbound rules.

Step 5: Choose the delete button that you want to delete.

Step 6: Choose Save rules.

9) How to update a rule using the console

Step 1: Open the Amazon console

Step 2: In the navigation pane, choose Security Groups.

Step 3: Select the security group to update.

Step 4: Choose Actions, Edit inbound rules or Actions, Edit outbound rules.

Step 5: Modify the rule entry as required.

Step 6: Choose Save rules.

Amazon EBS is like a hard drive in the cloud that gives persistent block storage volumes for use with Amazon EC2 instances.

EBS volumes can be attached to EC2 instances and we can create a file system on top of these volumes. In this chapter, we will learn about EBS Volumes.

What is EBS?

Amazon Elastic Block Store (EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.

Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.

We can use EBS volumes as primary storage for data that requires frequent updates.After a volume is attached to an instance, we can use it like any other physical hard drive. EBS volumes are flexible.

If we delete any EC2 instance, then volumes attached to respective EC2 instance will be deleted.

What are the different types of EBS Storages?

Ans-There are 5 Different Types of EBS Storage:

General Purpose (SSD)

Provisioned IOPS (SSD)

Throughput Optimized Hard Disk Drive

Cold Hard Disk Drive

Magnetic

Difference between these EBS Volume types:

Now we will learn about EBS Volume creation.

Methods of Creating a Volume

1. Create and attach EBS volumes when you launch instances by specifying a block device mapping.
2. You can restore volumes from previously created snapshots.
3. Create an EBS volume and attach it to a running instance.

Let’s learn Method 1 now. Remaining methods will be discussed later.

Method 1: Create and attach EBS volumes when you launch instances by specifying a block device mapping.

Step 1:

Open the Amazon EC2 console 

AND Create an EC2 Instance (follow steps 1 to 6 in EC2 Creation -Chapter 1).

Step 2:

Add Storage

We can select storage type of any volume type. Even we can provide Storage size based on our needs. By Clicking on “ADD NEW VOLUME” new Volume type can be added.

Step 3: Fill next steps and launch EC2 instance.

Step 4: Navigate to Volumes tab and verify added Volumes:

Now we can modify Volumes size as per requirement.

Consider we have to increase size of io1 Volume type then navigate to Actions->Modify Volume.

And perform actions.

Once we modify volumes size , we get info saying that – it will take sometimes to reflect its changes.

Now refresh page and check whether size got increased or not.

So we have created EBS Volumes during launching EC2 Instance.

Q) Suppose we have to move Volumes in different Availability zones i.e. us-west-1c. How will we do it?

Solution: There are two ways to solve this problem.

Way 1:

Step 1: Create Snapshot first.

Note: Snapshot is photocopy of disk. In details,

An EBS snapshot is a point-in-time copy of your Amazon EBS volume, which is lazily copied to Amazon Simple Storage Service. EBS snapshots are incremental copies of data. This means that only unique blocks of EBS volume data that have changed since the last EBS snapshot are stored in the next EBS snapshot.

Navigate to Volumes and click on Actions->Create Snapshot

Snapshot is created and we can see created snapshot under snapshot.

Step 2: Now we will create Image which will be deployed in different Availability zone:

We can see created Images under AMIs tab.

Step 3: Now click on Launch and create EC2 instance.

Next:

Change the subnet level in different Availability zone:

In this way, we can move Volumes in different AZ.

Now continue remaining steps and Launch EC2 instance.

We can see, One EC2 instance is created in different zone i.e in us-west-1c.

Way 2:

Other ways, we can copy AMI image in different region.

Navigate to AMIs and then navigate to Actions->Copy AMI

We can change Destination region based on our requirement. In this way, EC2 instance from 1 region to another region is copied.

So we have discussed both ways to move Volumes in different AZ.

Post this lab , lets delete all EC2, Volumes ,Snapshots and images.

Q) If User terminates EC2 instance, will all Volumes linked to that EC2 deleted?

Ans- No. Lets understand in this way. We have terminated EC2 instance.

Lets navigate to Volumes and check whether all volumes are deleted or not.

Additional Volumes will not be deleted, which is added while EC2 creation. We have to delete Additional Volumes manually.

Now delete all volumes.

All volumes will be deleted.

Your software developers require an easy way to launch new instances that are customized with developer tools and settings. What should you do?

Ans – Create a custom AMI

Question: What service is aligned to the elasticity value proposition at AWS?

Ans – Auto-scaling

Q) How to delete Snapshot?

Navigate to Snapshot and delete.

Before deleting Snapshot, we must delete AMIs images.

Navigate to AMIs -> images and delete images.

Now we can delete Snapshot.

Difference between EBS and Instance Store:

As we know that we can select AMI based on below parameters:

1. Region (Regions and Availability Zones)
2. Operating system
3. Architecture
4. Launch Permissions
5. Storage for the Root Device

  There are 2 types of Storage for the Root Device

a) Instance Store

b) EBS Backed Volumes

For Instance Store Volumes: An instance launched from the AMI is an instance store volume if it is created from a template (stored in Amazon S3).

For EBS Volumes: An instance launched from the AMI is an Amazon EBS volume if it is created from an Amazon EBS snapshot.

Lets practice this.

Step 1: Create EC2 instance following steps defined in Chapter 1-EC2 instance creation.

Step 2: Create 2^nd instance – Click on Community AMIs and select EBS  UNDER Root device type.

Next Add Storages

Complete remaining steps and launch Instance.

This instance cannot be stopped.

Now we can terminate all Instances.

************************************************************************

How can we encrypt Root Device Volume?

We can encrypt Root Device Volume in following ways:

Step 1: Launch EC2 instance and navigate to Add Storage tab. We can see Encryption as Not Encrypted as default value. It cannot be changed.

Instance got created and navigate to Volumes:

It shows –it is Not Encrypted.

Step 2: Create Snapshot:

We can see, it is not encrypted.

Now we will copy this snapshot and allow encrypt option for this.

Now we can see encrypted snapshot:

Step 4: Create Image.

Image is created under AMIs.

Now we can launch Instance and check whether it is accepting encrypted or not.

It is encrypted and will throw error message if we try to select not encryption.

Important facts about AWS EBS volume encryption:

• root volume cannot be selected for encryption during instance launch.
• non-root volume can be encrypted during launch or after launch.
• root volume cannot be encrypted after the launch of an instance without creating a snapshot of it.

Points to remember:

• Volumes exist on EBS. Consider EBS as a virtual hard disk
• Snapshots exist on S3. Consider snapshots as a photograph of the disk.
• Snapshots are point in time copies of Volumes.
• Snapshots are incremental — this means that only the blocks that have changed since your last snapshot are moved to S3.
• To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.
• However you can take a snap while the instance is running.
• You can create AMI’s from both Volumes and Snapshots.
• You can change EBS volume sizes on the fly, including changing the size and storage type.
• Volumes will ALWAYS be in the same availability zone as the EC2 instance.
• To move an EC2 volume from one AZ to another, take a snapshot of it, create an AMI from the snapshot and then use the AMI to launch the EC2 instance in a new AZ.
• To move an EC2 volume from one region to another, take a snapshot of it, create an AMI from the snapshot and then copy the AMI from one region to the other. Then use the copied AMI to launch the new EC2 instance in the new region.
• Instance Store Volumes are sometimes called Ephemeral Storage.
• Instance store volumes cannot be stopped. If the underlying host fails, you will lose your data.
• EBS backed instances can be stopped. You will not lose the data on this instance if it is stopped.
• You can reboot both, you will not lose your data.
• By default, both ROOT volumes will be deleted on termination. However, with EBS volumes, you can tell AWS to keep the root device volume.
• Snapshots of encrypted volumes are encrypted automatically.
• Volumes restored from encrypted snapshots are encrypted automatically.
• Snapshots can be shared, but only if they are unencrypted.

QUESTION and ANSWER:

What are Benefits of Using EBS Volumes?

Ans : EBS volumes provide many benefits that are not supported by instance store volumes.

1. Data availability: At the point when you make an EBS volume in an Availability Zone, it is consequently reproduced inside that zone to prevent data loss due to failure of any single hardware component.

We can attach an EBS volume to one instance only but single instance can have multiple volumes linked. Incase multiple volumes are attached to a single instance then we can stripe data across the volumes for increased I/O and throughput performance.

• Data encryption: We can create encrypted EBS volumes with the Amazon EBS encryption feature. We can use encrypted EBS volumes to meet a wide range of data-at-rest encryption requirements.
• Snapshots: Amazon EBS gives the ability to create snapshots of any EBS volume and write a copy of the data in the volume to Amazon S3, where it is stored in multiple Availability Zones.

Can Spread Placement Groups be deployed across multiple Availability Zones?

Ans-Yes.

Your EC2 instance in us-east-1a is got terminated, and the attached EBS volume is now available. Your teammate tells you he can’t seen to attach it to your instance in us-east-1.What should be reason?

Ans-EBS volumes are AZ locked

What type of Amazon’s EBS volumes are?

Ans – Block based storage

Deepak has provisioned an 8TB gp2 EBS volume and he is running out of IOPS. What is NOT a way to increase performance?

Ans- Increase EBS Volume Size

What is the underlying Hypervisor for EC2 ? (Choose 2)

Nitro

Xen

Your Project Lead would like to leverage EBS volumes in parallel to linearly increase performance, while accepting greater failure risks. Which RAID mode helps him in achieving that?

Ans- RAID 0

Question: How does AWS refer to a custom user-defined virtual private cloud?

Ans – Non-default VPC

Spread Placement Groups can be deployed across multiple Availability Zones. Is it true or false?

Ans-True

Although EBS is already a replicated solution, Our company cloudvikas advised us to use a RAID mode that will mirror data and will allow our instance to not be affected if an EBS volume entirely fails. Which RAID mode will be recommend?

Ans- RAID 1

• If an Amazon EBS volume is an additional partition (not the root volume), can I detach it without stopping the instance?

Yes, although it may take some time.

• Ajit would like to have the same data being accessible as an NFS drive cross AZ on all your EC2 instances. What do you recommend?

ANS-Mount an EFS

• To retrieve instance metadata or user data,which IP Address will be used ?

Ans-http://169.254.169.254

Question: What is the software that produces and manages a virtual infrastructure, allowing multiple operating systems to run and share resources on a single physical machine?

Ans – Hypervisor

Question: Which type of risk treatment is best represented by the hybrid cloud deployment model?

Ans – Transference

Question: Which core service offers Linux virtual machines and applications?

Ans – Compute

 What is a master component for the creation of virtual servers (EC2 instances) in the Amazon Web Services (AWS) environment?

Ans – AMI

• Consider your project manager don’t want to loose the cache upon termination of your instance. Which storage mechanism do you recommend as a Solution Architect?

Ans –Instance Store

• if I terminated an EC2 instance, would that EBS root volume persist?

Ans: Only if I specify (using either the AWS Console or the CLI) that it should do so.

• Consider you have a requirement saying that You need EC2 instances with the highest performance while talking to each. Which placement group should you choose?

Ans- Cluster

• To help you manage your Amazon EC2 instances, you can assign your own metadata in the form of  some parameter? What is that parameter?

Ans – Tags

Question: You are in the EC2 instance view. Where should you click to retrieve an instance system log?

Ans – Actions

Question: What is the purpose of an EC2 launch configuration?

Ans – EC2 instance details for auto scaling

Question: What can be done when you need to capture VPC network traffic? The solution must involve the least amount of administrative effort possible.

Ans – Enable a flow log

Question: What type of scaling is AWS EC2 auto scaling?

Ans – Horizontal

Scaling out

• Your teammate plans to run NoSQL database year-round on EC2. Which instance launch mode should you choose?

Ans- Reserved Instances

Question: What instance type allows us to bid on spare Amazon EC2 computing capacity based on the price where instances are treated as a commodity?

Ans – Spot instances

Question: If you would like to receive EC2 instance metric data every minute. What should you do?

Ans – Enable detailed monitoring

• You need to know both the private IP address and public IP address of your EC2 instance. You should ________.

Ans – Retrieve the instance Metadata from .

• In AWS Project, 1 team member built and published an AMI in the region A and other teammate built in region B. Doing so , both team members cannot see their AMIs in their regions. What is reason?

Ans-An AMI created for a region can only be seen in that region only.

Question: Which AWS component is required when creating an auto-scaling group?

Ans – Launch configuration

Question: What benefit does a VPC transit gateway provide over VPC peering?

Ans – Scalability

Question: Which factor could prevent the configuration of EC2 instance auto recovery?

Ans – Instance type

Question: Which type of policy limits AWS permissions with AWS organizations?

Ans – Service control

Question: You need to join an existing EC2 Windows instance to an AWS Simple AD deployment. What information will you need?

Ans- DNS server IP address

Question: Consider you have deployed instances in a private subnet which connect to the internet or other AWS services, but it should prevent the internet from initiating a connection with those instances?

Ans -NAT gateway

Which of the following features only relate to Spread Placement Groups?

Ans: The placement group can only have 7 running instances per Availability Zone

Which EC2 launch modes allows you to get visibility into physical cores and underlying network socket?

Ans-Dedicated Hosts

Is it possible to perform actions on an existing Amazon EBS Snapshot?

Yes, through the AWS APIs, CLI, and AWS Console.

You are launching an application cloudvikas on EC2 and the whole process of installing the application takes about 40 minutes. You would like to minimize the total time for your instance to boot up. What do you recommend?

Ans- Create an AMI after installing the application and launch from the AMI

Can I use the AWS Console to add a role to an EC2 instance after that instance has been created and powered-up?

Ans- True

When creating a new security group, all inbound traffic is allowed by default. Is it true or false?

Ans-False

Which AWS CLI command should I use to create a snapshot of an EBS volume?

Ans: ec2 create-snapshot

EBS Snapshots are backed up to S3 in what manner?

Ans-Incrementally

Standard Reserved Instances can be moved between regions. Is it true or false?

Ans -False 

Consider you have large volume of data . You have to store them and access for a short period, but then it needs to be archived indefinitely. What is a cost-effective solution?

Answer : We can Store data in Amazon 53. and use lifecycle policies to archive to Amazon Glacier

Which of the following component for the AWS(Amazon Web Service) Machine learning service is used to generate predictions using the patterns extracted from the input data ?

Answer : Models