EC2

Question 1

What are the four ways to pay for EC2?

Answer 1

On-Demand
Reserved
Spot
Dedicated

Question 2

Conditions on payment for termination of a Spot EC2 instance

Answer 2

If the customer terminates the instance, they pay for the hour. If AWS terminate the instance, Amazon pays for the hour.

Question 3

What’s is the scope of an AMI? (Global, regional…)

Answer 3

AMI’s are regional. An AMI can only be launched from the region in which is stored. However, AMI’s can be copied to other regions using the console, CLI or AWS EC2 API.

Question 4

What is a more secure alternative to storing access keys on EC2 instances?

Answer 4

Roles are more secure and easier to manage

Question 5

How many IAM roles can be associated with an EC2 instance?

Answer 5

You can only associate one IAM role with an EC2 instance.

Question 6

When can a role be assigned to an EC2 instance?

Answer 6

The role can be assigned at creation time or assigned/replaced/unassigned in runtime (Actions -> Instance Settings -> Attach/Replace IAM role, Select role or “No Role”).

Question 7

What is the URL to get instance metadata?

Answer 7

http://169.254.169.254/latest/meta-data/

Question 8

What is the URL to get user data?

Answer 8

http://169.254.169.254/latest/user-data

Question 9

Using the console, can I add a role to an EC2 instance after the instance has been launched?

Answer 9

Yes. Roles can be assigned/replaced/unassigned using the console after the instance has been launched (Actions -> Instance Settings -> Attach/Replace IAM role, Select role or “No Role”). Previously, roles could be assigned only when the EC2 instance was launched (that is when it was being provisioned).

Question 10

Can I change permissions to a role, even if that role is already assigned to an existing EC2 instance?

Answer 10

Yes. These changes will take effect immediately.

Question 11

Do EC2 instances need to be restarted to apply changes to Security Groups?

Answer 11

No, changes to Security Groups take effect immediately.

Question 12

Is it possible to use the same Security Group in several EC2 instances?

Answer 12

Yes. You can have any number of EC2 instances within a Security Group.

Question 13

Can an EC2 instance use multiple Security Groups?

Answer 13

Yes. You can have multiple Security Groups attached to EC2 instances.

Question 14

Can you specify Deny rules using Security Groups?

Answer 14

No, Security Groups deny everything by default. You can only specify Allow rules.

Question 15

What does it mean that Security Groups are STATEFUL?

Answer 15

If you create an inbound rule allowing traffic in, that traffic is automatically allowed out again.

Question 16

What are the default traffic allowances for the default VPC Security Group?

Answer 16

The default VPC Security Group has an inbound all traffic rule from itself. So, all instances in this security group can communicate with them. It has also the usual all outbound traffic enabled.

Question 17

How are instances monitored by ELB reported?

Answer 17

InService or OutOfService

Question 18

How can I run a configuration script during launch?

Answer 18

You can specify User Data to run a configuration script during launch. When creating: Advanced Details -> User Data (during instance creation). In runtime: Actions -> Instance Settings -> View/Change User Data.

Question 19

What types of Placement Groups exist?

Answer 19

• Cluster Placement Group: Low network latency, high network throughput
• Spread Placement Group: Individual critical EC2 instances
• Partition Placement Groups: Multiple EC2 instances; HDFS, HBase, and Cassandra.

Question 20

If an Amazon EBS volume is an additional partition (not the root volume), can I detach it without stopping the instance?

Answer 20

Yes, although it may take some time.

Question 21

Can the public IP address of an EC2 instance be managed in the instance?

Answer 21

No. The public IP address is not managed in the instance. It is instead ana lias applied as a NAT of the private IP address. It can not be managed via instance meta-data.

Question 22

Which are the possible values for the “tenancy” attribute of an instance?

Answer 22

• default: your instance runs on shared hardware.
• dedicated: your instance runs on single-tenant hardware.
• host: your instance runs on a Dedicated Host, which is an isolated server with configurations that you can control.

Question 23

What amount of access should be given to users?

Answer 23

Always give your users the minimum amount of access required to do their job

Question 24

Can policies attached to roles be updated? When do the changes take effect?

Answer 24

You can update a policy attached to a role, and it will take immediate effect

Question 25

Can roles be detached or attached to running EC2 instances?

Answer 25

You can attach and detach roles to running EC2 instances without having to stop or terminate those instances

Question 26

How are role permissions controlled?

Answer 26

Policies control a role’s permissions

Question 27

When do changes to security groups take effect?

Answer 27

Changes to security groups take effect immediately

Question 28

How many EC2 instances can share a security group?

Answer 28

You can have any number of EC2 instances within a security group

Question 29

How may security groups can be attached to an EC2 instance?

Answer 29

You can have multiple security groups attached to EC2 instances

Question 30

In a security group, is inbound traffic blocked or allowed by default?

Answer 30

All inbound traffic is blocked by default

Question 31

In a security group, is outbound traffic blocked or allowed by default?

Answer 31

All outbound traffic is allowed

Question 32

What is a bootstrap script?

Answer 32

A bootstrap script is a script that runs when the instance first runs. It passes user data to the EC2 instance and can be used to install applications as well to do updates and more.

Question 33

What is user data in the context of EC2?

Answer 33

User data are simply bootstrap scripts

Question 34

What is metadata in the context of EC2?

Answer 34

Metadata is data about the EC2 instance. You can use bootstrap scripts (user data) to access metadata

Question 35

What are the networking devices available in EC2?

Answer 35

• ENI
• EFA
• Enhanced networking

Question 36

What is a scenario for using ENI?

Answer 36

For basic networking. Perhaps you need a separate management network from your production network or a separate logging network, and you need to do it at a low cost. In this scenario, use multiple ENIs for each network.

Question 37

What is a scenario for using EFA?

Answer 37

For when you need to accelerate High-Performance Computing (HPC) and machine learning applications or if you need to do an OS bypass. If you see a scenario question mentioning HPC or ML and asking what network adapter you want, choose EFA.

Question 38

What is a scenario for using Enhanced Networking?

Answer 38

For when you need speeds between 10 Gbps and 100 Gbps. Anywhere you need reliable, high throughput.

Question 39

Which placement groups can span multiple AZ? Which can’t?

Answer 39

A cluster placement group can’t span multiple AZs. A spread and partition placement group can.

Question 40

Can any type of instance be launched in a placement group?

Answer 40

No. only certain types of instances can be launched in a placement group (compute optimised, GPU, memory optimised, storage optimised)

Question 41

Can placement groups be merged?

Answer 41

No, you can’t merge placement groups.

Question 42

Can you move an existing instance into a placement group?

Answer 42

You can move an existing instance into a placement group. Before you move the instance, it must be in the stopped state. You can move or remove an instance using the AWS CLI or the AWS SDK, but you can’t do it via the console yet.

Question 43

What EC2 pricing option can you use for special licensing requirements?

Answer 43

Dedicated hosts. An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, Microsoft SQL Server, and SUSE Linux Enterprise Server.

Question 44

Can you block Spot instances from terminating?

Answer 44

You can block Spot Instances from terminating by using Spot block.

Question 45

What is a Spot Fleet?

Answer 45

A Spot Fleet is a collection of Spot Instances and, optionally, On-Demand Instances.

Question 46

Up to what percentage of cost can you save by using Spot instances?

Answer 46

Spot Instances save up to 90% of the cost of On-Demand Instances.