1. Explain how to launch EC2 instance in an Availability Zone?
Each region is independent in AWS and further consists of Availability Zones which are isolated, but are connected with a low latency link to other AZ’s in the same region. When you view your resources, you’ll only see the resources tied to the region you have specified. To launch an EC2 instance, you must select an AMI that’s in the same region (if the AMI is in another region then you can copy the AMI to the region you are using) and then you will be selecting an Availability Zone or you can let AWS choose it for you automatically.
2. What is an Elastic IP address?
There are basically two types of IP addresses. Public IP addresses and private IP addresses. To be connected to the internet each device or computer is assigned a unique IP address, so that it can be recognized uniquely among all the devices connected to the internet. Then there are private IP addresses which are used in internal networks like a local area network for a company. Now, since public IP addresses are finite, every time a computer is disconnected from the Internet, the public IP address of that computer is detached from it and is returned to the pool of unassigned public IP addresses and whenever another device has to be connected to the internet, it is assigned to it.
Now coming back to the question, Elastic IP addresses are not returned to the pool once you disconnect from the internet, it stays with your device or computer, in our case an instance, as long as you manually detach it. Therefore they are static public IP addresses.
3. Is one Elastic IP address enough for every instance that I have running?
Yes, every instance comes with its own private address and a public address. The private address is used to return to the Amazon EC2 when the instance is stopped or terminated, and the public address is associated exclusively with the instance until it is stopped or terminated, and this can be replaced by the Elastic IP address, which stays with the instance as long as the user doesn’t manually detach it.
4. Why am I limited to 5 Elastic IP addresses per region?
Since Public (IPV4) internet addresses are a scarce resource, there is only a limited amount of public IP space available, imagine if one person buys all the Elastic IP addresses, what will the other internet users do? Amazon EC2 is committed to help use this space efficiently. If someone needs more than 5 they can apply for it on the AWS Console.
5. What are the best practices for Security in Amazon EC2?
There are several best practices to secure Amazon EC2. A few of them are given below:
- Use AWS Identity and Access Management (IAM) to control access to your AWS resources.
- Restrict access by only allowing trusted hosts or networks to access ports on your instance.
- Review the rules in your security groups regularly, and ensure that you apply the principle of least
- Privilege – only open up permissions that you require.
- Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk.
6. What is S3? What is it used for? Should encryption be used in S3?
According to Amazon, S3 is storage for the Internet. They define it as a, “simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage infrastructure at very low costs”.
Amazon S3 provides a web service interface which you can use to store and retrieve any amount of data, at any time, from anywhere on the web. Using this web service, developers can easily build applications that make use of Internet storage.
Encryption should be used for sensitive data, as S3 is a proprietary technology developed by Amazon themselves, and yet to be proven from a security standpoint.
7. Can S3 be used with EC2 instances, if yes, how?
Yes, it can be used for instances with root devices backed by local instance storage. By using Amazon S3, developers have access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites. In order to execute systems in the Amazon EC2 environment, developers use the tools provided to load their Amazon Machine Images (AMIs) into Amazon S3 and to move them between Amazon S3 and Amazon EC2.
8. What are EBS Volumes?
Elastic Block Store(EBS) is a block level storage device, wherein each block acts as a separate hard drive. These volumes are used with EC2 instances, and each EBS volume can be attached to only one EC2 instance.
9. Should the EBS volumes be unmounted to take a snapshot?
Snapshots are basically copies of the volume, they can be done in real time while the volume is attached to the instance and is in use, but snapshots are just like a screenshot of the data that is present in the volume, it will not contain the data which is locally cached by the ongoing applications, therefore it is recommended to detach the volume cleanly and then take a snapshot, so that all the data is captured.
10. How is the data organized in Amazon Glacier?
You store your data in Amazon Glacier in the form of archives. Each archive has an archive ID attached to it which can be used to retrieve your data later. A single archive can have single or multiple no. of files. Once an archive is complete, it is stored in vaults. Vaults are the collection of archives that you use to organize your data.
11. Explain the mechanism of Transfer Acceleration?
To use transfer acceleration, you first have to enable it on your S3 bucket using the Amazon S3 console. After Transfer Acceleration is enabled, you can point your bucket’s PUT and GET requests to the s3-accelerate endpoint domain name. For standard data transfer, you can continue to use the regular endpoint.
12. How you speed up data transfer in Snowball?
The data transfer can be increased in the following way:
- By performing multiple copy operations at one time i.e. if the workstation is powerful enough, you can initiate multiple cp commands each from different terminals, on the same Snowball device.
- Copying from multiple workstations to the same snowball.
- Transferring large files or by creating a batch of small file, this will reduce the encryption overhead.
- Eliminating unnecessary hops i.e. make a setup where the source machine(s) and the snowball are the only machines active on the switch being used, this can hugely improve performance.
13. What is AWS VPC?
Virtual Private Cloud(VPC), wherein your instances are virtually isolated from other client’s instances on your Cloud Provider’s infrastructure. You can create a VPN connection to your VPC from your data center, this allows you to use your instances as if they were a part of your company’s network.
14. Can I, if yes, how do I connect a VPC to my corporate datacenter?
Yes, you can do this by establishing a VPN connection between your company’s network and your VPC, this will allow you to interact with your EC2 instances as if they were within your existing network. AWS does not perform Network Address Translation (NAT) on EC2 in a VPC accessed via a VPN connection.
15. Is it possible to change the private IP addresses of an EC2 while it is running/stopped in a VPC?
Primary private IP addresses are attached with the instance throughout its lifetime and cannot be changed, but secondary private addresses can be unassigned, assigned or moved between interfaces or instances at any point.
16. How am i charged and billed for my use of Amazon VPC?
For using or creating VPC there are no charges, usage for other services may be charged, like if you use EC2 with VPC, it will be charged at published rates for those resources. If you connect your VPC to a corporate data center using the optional hardware VPC connection, you will be charged for the time it is in the ‘available’ state. Standard data transfer rates will apply, also partial hours will be billed as full hours.
17. Will I get charged if I use other web services with my VPC?
Usage charges for other Amazon Web Services, including Amazon EC2, will still apply at published rates for those resources. Data transfer charges are not incurred when accessing Amazon Web Services, such as Amazon S3, via your VPC’s Internet gateway. Yes, you will be charged for the other services by the published rates, data transfer rates will also apply except in case of S3 where the data transfer rates are not applicable. If you are accessing AWS resources using your own VPN connection, you will incur Internet data transfer charges.
18. What is CloudFront?
CloudFront is a caching service by AWS, in which the data from client site gets transferred to the nearest edge location and from there the data is routed to your S3 AWS bucket over an optimised network path.
19. What is Transfer Acceleration?
Transfer Acceleration enables fast, easy and secure transfers over long distances by exploiting Amazon’s CloudFront edge technology.
20. If I’m using Amazon CloudFront, can I use Direct Connect to transfer objects from my own data center?
Yes. Amazon CloudFront supports custom origins including origins from outside of AWS. With AWS Direct Connect, you will pay data transfer rates for origin transfer.
21. If my AWS Direct Connect fails, will I lose my connectivity?
If a second Direct Connect connection has been enabled, and a failure happens, it will switch to the second. It is recommended to enable Bidirectional Forwarding Detection (BFD) when configuring your connections to ensure fast detection and failover. If you have configured a backup IPsec VPN connection instead, all VPC traffic will failover to the VPN connection automatically. Traffic to/from public resources such as Amazon S3 will be routed over the Internet. If you do not have a backup AWS Direct Connect link or a IPsec VPN link, then Amazon VPC traffic will be dropped in the event of a failure. Traffic to/from public resources will be routed over the Internet.