Uncategorised

AWS Certified Solutions Architect Exam Guide – Chapter-3

April 25, 2021 comments off

Know the basics of launching an Amazon EC2 instance.
To launch an instance, you must specify an, AMI, which defines the software on the instance at launch, and an instance type, which defines the virtual hardware supporting the instance (memory, vCPUs, and so on).

Know what architectures are suited for what Amazon EC2 pricing options.
Spot Instances are best suited for workloads that can accommodate interruption. Reserved Instances are best for consistent, long-term compute needs. On-Demand Instances provide flexible compute to respond to scaling needs.

Know how to combine multiple pricing options that result in cost optimization and scalability.
On-Demand Instances can be used to scale up a web application running on Reserved Instances in response to a temporary traffic spike. For a workload with several Reserved Instances reading from a queue, it’s possible to use Spot Instances to alleviate heavy traffic in a cost-effective way. These are just two of countless examples where a workload may use different pricing options.

Know the benefits of enhanced networking.
Enhanced networking enables you to get significantly Higher PPS performance, lower network jitter, and lower latencies.

Know the capabilities of VM Import/Export.
VM Import/Export allows you to import existing VMs to AWS as Amazon EC2 instances or AMIs. Amazon EC2 instances that were imported through VM Import/Export can also be exported back to a virtual environment.

Know the methods for accessing an instance over the internet.
You can access an Amazon EC2 instance over the web via public IP address, elastic IP address, or public DNS name.

There are additional ways to access an instance within an Amazon VPC, including private IP addresses and ENIs.
Know the lifetime of an instance store. Data on an instance store lost when the instance is stopped or terminated. Instance store data survives an OS reboot.

Know the properties of the Amazon EC2 pricing options.
On-Demand Instances require no up-front commitment, can be launched any time, and are billed by the hour. Reserve Instances require an up-front commitment and vary in cost depending on whether they are paid all up front, partially up front, or not up front. Spot Instances are launched when your bid price exceeds the current spot price. Spot Instances will run until the spot price exceeds your bid price, in which case the instance will get a two-minute warning and terminate.

Know what determines network performance.

Every instance type is rated for low, moderate, high, or 10 Gbps network performance, with larger instance types generally having higher rating. Additionally, some instance types offer enhanced networking, which provides additional improvement in network performance.

Know what instance metadata is and how it’s obtained.

Metadata is information about Amazon EC2 instance, such as instance ID, instance type, and security groups, that is available from within the instance. It can be obtained through an HTTP call to a specific IP address.

Know how security groups protect instances.

Security groups are virtual firewalls controlling traffic in and out of your Amazon EC2 instances. They are deny by default, and you can allow traffic by adding rules specifying traffic direction, port, protocol, and destination address (via Classless Inter-Domain Routing [CIDR] block). They are applied at the instance level, meaning that traffic between instances in the same security group must adhere to the rules of that security group. They are stateful, meaning that an outgoing rule will allow the response without a correlating incoming rule.

Know how to interpret the effect of security groups.

When an instance is a member of multiple security groups, the effect is a union of all the rules in all the groups.

Know the different Amazon EBS volume types,

their characteristics, and their appropriate workloads. Magnetic volumes provide an average performance of 100 IOPS and can be provisioned up to 1 TB. They are good for cold and infrequently accessed data. General-purpose SSD volumes provide three IOPS/GB up to 10,000 IOPS, with smaller volumes able to burst 3,000 IOPS. They can be provisioned up to 16TB and are appropriate for dev/test environments, small databases, and so forth. Provisioned IOPS SSD can provide up to 20,000 consistent IOPS for volumes up to 16 TB. They are the best choice for workloads such as large databases executing many transactions.

Know how to encrypt an Amazon EBS volume.

Any volume type can be encrypted at launch. Encryption is based on AWS KMS and is transparent to applications on the attached instances.

Understand the concept and process of snapshots. Snapshots provide a point-in-time backup of an Amazon EBS volume and are stored in Amazon S3. Subsequent snapshots are incremental—they only store deltas. When you request a snapshot, the point-in time snapshot is created immediately and the volume may continue to be used, but the snapshot may remain in pending status until all the modified blocks have been transferred to Amazon S3. Snapshots may be copied between regions.

Know how Amazon EBS-optimized instances affect Amazon EBS performance.

In addition to the IOPS that control the performance in and out of the Amazon EBS volume, use Amazon EBS-optimized instances to ensure additional, dedicated capacity for Amazon EBS I/O.

Exercises
For assistance in completing these exercises, refer to these user guides:

  • Amazon EC2 (Linux)—http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html
  • Amazon EC2 (Windows) -http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/concepts.html
  • Amazon EBS—http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html

EXERCISE 3.1
Launch and Connect to a Linux Instance
In this exercise, you will launch a new Linux instance, log in with SSH, and install any security updates.

  • Launch an instance in the Amazon EC2 console.
  • Choose the Amazon Linux AMI.
  • Choose the t2.medium instance type.
  • Launch the instance in either the default VPC or EC2-Classic.
  • Assign the instance a public IP address.
  • Add a tag to the instance of Key: Name, Value: Exercise 3.1
  • Create a new security group called Cert Book.
  • Add a rule to Cert Book allowing SSH access from the IP address of your workstation (www.WhatsMyIP.org is a good way to determine your IP address).
  • Launch the instance.
  • When prompted for a key pair, choose a key pair you already have or create a new one and download the private portion. Amazon generates a keyname.pem file, and you will need a keyname.ppk file to connect to the instance via SSH. Puttygen.exe is one utility that will create a .ppk file from a .pem file.
  • SSH into the instance using the public IP address, the user name ec2-user, and the keyname.ppk file.
  • From the command-line prompt, run sudo yum update-security –y.
  • Close the SSH window and terminate the instance.

EXERCISE 3.2
Launch a Windows Instance with Bootstrapping
In this exercise, you will launch a Windows instance an specify a very simple bootstrap script. You will then confirm that the bootstrap script was executed on the instance.

  • Launch an instance in the Amazon EC2 console.
  • Choose The Microsoft Windows Server 2012 Base AMI.
  • Choose the t2.medium instance type.
  • Launch the instance in either the default VPC or EC2-Classic.
  • Assign the instance a public IP address.
  • In the Advanced Details section, enter the following text as UserData:
  • Add a tag to the instance of Key: Name, Value: Exercise 3.2.
  • Use the Cert Book security group from Exercise 3.1.
  • Launce the instance.
  • Use the key pair from Exercise 3.1.
  • On the Connect Instance UI, decrypt the administrator password and then download the RDP file to attempt to connect to the instance. Your attempt should fail because the Cert Book security group does not allow RDP access.
  • Open the Cert Book security group and add a rule that allows RDP access from your IP address.
  • Attempt to access the instance via RDP again.
  • Once the RDP session is connected, open Windows Explorer and confirm that the c:\temp folder has been created.
  • End the RDP session and terminate the instance.

EXERCISE 3.3
Confirm That Instance Stores Are Lost When an Instance Is Stopped
In this exercise, you will observe that the data on an Amazon EC2 instance store is lost when the instance is stopped.

  • Launch an instance in the Amazon Management Console.
  • Choose the Microsoft Windows Server 2012 Base AMI.
  • Choose the m3.medium instance type.
  • Launch the instance in either the default VPC or EC2-Classic.
  • Assign the instance public IP address.
  • Add a tag to the instance of Key: Name, Value: Exercise 3.3.
  • Use the Cert Book security group as updated in Exercise 3.2.
  • Launch the instance.
  • Use the key pair from Exercise 3.1.
  • Decrypt the administrator password login to the instance via RDP.
  • Once the RDP session is connected, open Windows Explorer.
  • Create a new folder named z:\temp.
  • Log out of the RDP session.
  • In the console, set the state of the instance to Stopped.
  • Once the instance is stopped, start it again.
  • Log back into the instance using RDP.
  • Open Windows Explorer and confirm that the z:\temp folder is gone.
  • End the RDP session and terminate the instance.

    EXERCISE 3.4
    Launch a Spot Instance
    In this exercise, you will create a Spot Instance.
  • In the Amazon EC2 console, go to the Spot Request page.
  • Look at the pricing history for m3.medium, especially the recent price.
  • Make a note of the most recent price and Availability Zone.
  • Launch an instance in the Amazon EC2 console.
  • Choose the Amazon Linux AMI.
  • Choose the t2.medium instance type.
  • On the Configure Instance page, request a Spot Instance.
  • Launch the instance in either the default VPC or EC2-Classic. (Note the Default VPC will define the Availability Zone for the instance.)
  • Assign the instance a public IP address.
  • Request a Spot Instance and enter a bid a few cents above the recorded Spot price.
  • Finish launching the Instance.
  • Go back to the Spot Request page.
    Watch your request. If your bid was high enough, you should see it chance to Active and an instance ID appear.
  • Find the instance on the instance page of the Amazon EC2 console.
    Note the Lifecycle field in the Description that says Spot.
  • Once the instance is running, terminate it.

EXERCISE 3.5
Access Metadata
In this exercise, you will access the instance metadata from the OS.

  • Launch an instance in the Amazon EC2 console.
  • Choose the Amazon Linux AMI.
  • Choose the t2.medium instance type.
  • Launch the instance in either the default VPC or EC2-Classic.
  • Assign the instance a public IP address.
  • Add a tag to the instance of Key: Name, Value: Exercise 3.5.
  • Use the Cert Book security group.
  • Launch the instance.
  • Use the key pair from Exercise 3.1.
  • Connect the instance via SSH using the public IP address, the user name ec2-user, and the keyname.ppk file.
  • At the Linux command prompt, retrieve a list of the available metadata by typing:
    curl http://169.254.169.254/latest/meta-data/
  • To see a value, add the name to the end of the URL. For example, to see the security groups, type:
    Curl http://169.254.169.254/latest/meta-data/security-groups
  • Try other values as well. Names that end with a / indicate longer list of sub-values.
  • Close the SSH windows and terminate the instance.

EXERCISE 3.6
Create Amazon EBS Volume and Show That It Remains After the Instance Is Terminated
In this exercise, you will see how an Amazon EBS volume persists beyond the life of an instance.

  • Launch an instance in the Amazon EC2 console.
  • Choose the Amazon Linux AMI.
  • Choose the t2.medium instance type.
  • Launch the instance in either the default VPC or EC2-Classic.
  • Assign the instance a public IP address.
  • Add a second Amazon EBS volume of size 50 GB. Note that the Root Volume is set to Delete on Termination.
  • Add a tag to the instance of Key: Name, Value: Exercise 3.6.
  • Use the Cert Book security group from earlier exercises.
  • Launch the instance.
  • Find the two Amazon EBS volumes on the Amazon EBS console. Name them both Exercise 3.6.
  • Terminate the instance.
    Notice that the boot drive is destroyed, but the additional Amazon EBS volume remains and now says Available. Do not delete the Available volume.

    EXERCISE 3.7
    Take a Snapshot and Restore
    This exercise guides you through taking a snapshot and restoring it in three different ways.
  • Find the volume you created in Exercise 3.6 in the Amazon EBS console.
  • Take a snapshot of that volume. Name the snapshot Exercise 3.7.
  • On the snapshot console, wait for the snapshot to be completed. (As the volume was empty, this should be very quick.)
  • On the snapshot page in the AWS Management Console, choose the new snapshot and select Create Volume.
  • Create the volume with all the defaults.
  • Locate the snapshot again and again choose Create Volume, setting the size of the new volume to 100 GB (taking a snapshot and restoring the snapshot to a new, larger volume is how you address the problem of increasing the size of an existing volume). Locate the snapshot again and choose Copy. Copy the snapshot to another region. Make the description Exercise 3.7.
  • Go to the other region and wait for the snapshot to become available.
  • Create a volume from the snapshot in the new region. This is how you share an Amazon EBS volume between regions; that is, by taking a snapshot and copying the snapshot.
  • Delete all four volumes.

EXERCISE 3.8
Launch an Encrypted Volume
In this exercise, you will launch an Amazon EC2 instance with an encrypted Amazon EBS volume and store some data on it to confirm that the encryption is transparent to the instance itself.

  • Launch an instance in the Amazon EC2 console.
  • Choose the Microsoft Windows Server 2012 Base AMI.
  • Choose the m3.medium instance type.
  • Launch the instance in either the default VPC or EC2-Classic.
  • Assign the instance a public IP address.
  • On the storage page, add a 50 GB encrypted Amazon EBS volume.
  • Add a tag to the instance of Key: Name, Value: Exercise 3.8.
  • Use the Cert Book security group as updated in Exercise 3.2.
  • Launch the instance.
  • Choose the key pair from Exercise 3.1.
  • Decrypt the administrator password and log in to the instance using RDP.
  • Once the RDP session is connected, open Notepad.
  • Type some random information into Notepad, save it at d:\testfile.txt, and then close Notepad.
  • Find d:\testfile.txt in Windows Explorer and open it with Notepad. Confirm that the data is not encrypted in Notepad.
  • Log out.
  • Terminate the instance.

EXERCISE 3.9
Detach a Boot Drive and Reattach to Another Instance
In this exercise, you will practice removing an Amazon EBS volume from a stopped drive and attaching to another instance to recover the data.

  • Launch an instance in the Amazon EC2 console.
  • Choose the Microsoft Windows Server 2012 Base AMI.
  • Choose the t2.medium instance type.
  • Launch the instance in either the default VPC or EC2-Classic.
  • Assign the instance a public IP address.
  • Add a tag to instance of Key: Name, Value: Exercise 3.9 Source.
  • Use the Cert Book security group from earlier exercises.
  • Launch the instance with the key pair from Exercise 3.1.
  • Launch a second instance in the Amazon EC2 Console.
  • Choose the Microsoft Windows Server 2012 Base AMI.
  • Choose the t2.medium instance type.
  • Launch the instance in either the default VPC or EC2-Classic.
  • Assign the instance a public IP address.
  • Add a tag to the instance of Key: Name, Value: Exercise 3.9 Destination.
  • Use the Cert Book security group from earlier exercises.
  • Launch the instance with the key pair you used in Exercise 3.1.
  • Once both instances are running, stop the first instance (Source). Make a note of the instance ID.
  • Go to the Amazon EBS page in the Amazon EC2 console and find the volume attached to the Source instance via the instance ID. Detach the instance.
  • When the volume becomes Available, attach the instance to the second instance (Destination).
  • Log in to the Destination instance via RDP using the administrator account.
  • Open a command window (cmd.exe).
  • At the command prompt, type the following commands:
    c:\Users\Administrator >diskpart
    DISKPART>select disk 1
    DISKPART>online disk
    DISKPART>exit
    C:\User\Administrator>dir e:
    The volume removed from the stopped source drive can now be read as the E: drive on the destination instance, so its data can be retrieved.
  • Terminate all the instances and ensure the volumes are deleted in the process.

    Review Questions

Your web application needs four instances to support steady traffic nearly all of the time. On the last day of each month, the traffic triples. What is a cost-effective way to handle this traffic pattern?

  • Run 12 Reserved Instances all of the time.
  • Run four On-Demand Instances constantly, then add eight more On-Demand Instances on the last day of each month.
  • Run four Reserved Instances constantly, then add eight On-Demand instances on the last day of each month
  • Run four On-Demand Instances constantly, then add eight Reserved Instances on the last day of each month.

Your order-processing application processes orders extracted from a queue with two Reserved Instances processing 10 orders/minute. If an order fails during processing, then it is returned to the queue without penalty. Due to a weekend sale, the queues have several hundred orders backed up. While the backup is not catastrophic, you would like to drain it so that customers get their confirmation emails faster. What is a cost-effective way to drain the queue for orders?

  • Create more queues.
  • Deploy additional Spot Instances to assist in processing the orders.
  • Deploy additional Reserved Instances to assist in processing the orders.
  • Deploy additional On-Demand Instances to assist in processing the orders.

Which of the following must be specified when launching a new Amazon Elastic Compute Cloud (Amazon EC2) Windows instance? (Choose 2 answers)

  • The Amazon EC2 instance ID
  • Password for the administrator account
  • Amazon EC2 instance type
  • Amazon Machine Image (AMI)

You have purchased an m3.xlarge Linux Reserved instance in us-east-1a. In which ways can you modify this reservation? (Choose 2 answers)

  • Change it into two m3.large instances.
  • Change it to a Windows instance.
  • Move it to us-east-1b.
  • Change it to an m4.xlarge.

Your instance is associated with two security groups. The first allows Remote Desktop Protocol (RDP) access over port 3389 from Classless Inter-Domain Routing (CIDR) block 72.14.0.0/16. The second allows HTTP access over port 80 from CIDR block 0.0.0.0/0. What traffic can reach your instance?

  • RDP and HTTP access from CIDR block 0.0.0.0/0
  • No traffic is allowed.
  • RDP and HTTP traffic from 72.14.0.0/16
  • RDP traffic over port 3389 from 72.14.0.0/16 and HTTP traffic over port 80 from 0.0.00/0

Which of the following are features of enhanced networking? (Choose 3 answers)

  • More Packets Per Second (PPS)
  • Lower latency
  • Multiple network interfaces
  • Border Gateway Protocol (BGP) routing
  • Less jitter

You are creating a High-Performance Computing (HPC) cluster and need very low latency and high bandwidth between instances. What combination of the following will allow this? (Choose 3 answers)

  • Use an instance type with 10 Gbps network perfomance
  • Put the instances in a placement group
  • Use Dedicated Instances.
  • Enable enhanced networking on the instances.
  • Use Reserved Instances.

Which Amazon Elastic Compute Cloud (Amazon EC2) feature ensures that your instances will not share a physical host with instances from any other AWS customer?

  • Amazon Virtual Private Cloud (VPC)
  • Placement groups
  • Dedicated Instances
  • Reserved Instances

Which of the following are true of instance stores? (Choose 2 answers)

  • Automatic backups
  • Data is lost when the instance stops.
  • Very high IOPS
  • Charge is based on the total amount of storage provisioned.

Which of the following are features of Amazon Elastic Block Store (Amazon EBS)? (Choose 2 answers)

  • Data stored on Amazon EBS is automatically replicated within an Availability Zone.
  • Amazon EBS data is automatically backed up to tape.
  • Amazon EBS volumes can be encrypted transparently to workloads on the attached instance.
  • Data on an Amazon EBS volume is lost when the attached instance is stopped.

    You need to take a snapshot of an Amazon Elastic Block Store (Amazon EBS) volume. How long will the volume be unavailable?
  • It depends on the provisioned size of the volume.
  • The volume will be available immediately.
  • It depends on the amount of data stored on the volume.
  • It depends on whether the attached instance is an Amazon EBS-optimized instance.

You are restoring an Amazon Elastic Block Store (Amazon EBS) volume from a snapshot. How long will it be before the data is available?

  • It depends on the provisioned size of the volume.
  • The data will be available immediately.
  • It depends on the amount of data stored on the volume.
  • It depends on whether the attached instance is an Amazon EBS-optimized instance.

You have a workload that requires 15,000 consistent IOPS for data that must be durable. What combination of the following steps do you need? (Choose 2 answers)

  • Use an Amazon Elastic Block Store (Amazon EBS)-optimized instance.
  • Use an instance store.
  • Use a Provisioned IOPS SSD volume.
  • Use a magnetic volume.

Which of the following can be accomplished through bootstrapping?

  • Install the most current security updates.
  • Install the current version of the application.
  • Configure Operating System (OS) services.
  • All of the above.

How can you connect to a new Linux instance using SSH?

  • Decrypt the root password.
  • Using a certificate
  • Using the private half of the instance’s key pair
  • Using Multi-Factor Authentication (MFA)

VM Import/Export can import existing virtual machines as: (Choose 2 answers)

  • Amazon Elastic Blocks Store (Amazon EBS) volumes
  • Amazon Elastic Compute Cloud (Amazon EC2 ) instances
  • Amazon Machine Images (AMIs)
  • Security groups

    Which of the following can be used to address an Amazon Elastic Compute Cloud (Amazon EC2) instance over the web? (Choose 2 answers)
  • Windows machine name
  • Public DNS name
  • Amazon EC2 instance ID
  • Elastic IP address

Using the correctly decrypted Administrator password and RDP, you cannot log in to a Windows instance you just launched. Which of the following is a possible reason?

  • There is no security group rule that allows RDP access over port 3389 from your IP address.
  • The instance is Reserve Instance.
  • The instance is not using enhanced networking.
  • The instance is not an Amazon EBS-optimized instance.

You have workload that requires 1 TB of durable block storage at 1,500 IOPS during normal use. Every night there is an Extract, Transform, Load (ETL) task that requires 3,000 IOPS for 15 minutes. What is the most appropriate volume type for this workload?

  • Use a Provisioned IOPS SSD volume at 3,000 IOPS.
  • Use an instance store.
  • Use a general-purpose SSD volume.
  • Use a magnetic volume.

How are you billed for elastic IP addresses?

  • Hourly when they are associated with an instance
  • Hourly when they are not associated with an instance
  • Based on the data that flows through them
  • Based on the instance type to which they are attached
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)