9.0 AWS Services

Question 1

introduction to AWS

What does AWS stand for?

Answer 1

Amazon Web Services

Currently the most popular cloud platform, with a huge collection of services.

Question 2

introduction to AWS

In AWS, what are the three geographical scopes?

Answer 2

• Global
• Region
• Availability Zones

Different resources will be created in one of those scopes.

Question 3

introduction to AWS

What do you receive for first time registration on AWS?

Answer 3

1-year free of basic resources

Some services are NOT included in the free tier.

Question 4

Core AWS Services

What is the purpose of the IAM service in AWS?

Answer 4

to specify who or what can access which services and resources

Question 5

Core AWS Services

How is access granted to services and resources using IAM?

Answer 5

• Create and manage AWS Users and Groups
• Users and Groups are assigned an IAM Role
• Policies (set of permissions) are attached to the Role

Question 6

Core AWS Services

When you first set up an AWS account, what is the default user created in AWS IAM?

Answer 6

ROOT user

ROOT user has unlimited privileges.

Question 7

Core AWS Services

What is a best practice regarding the ROOT user in AWS?

Answer 7

Don’t use it.
Instead, create an admin user with less privileges to manage the whole account.

Question 8

Core AWS Services

What are the different types of IAM users?

Answer 8

• Human Users
• System Users

Question 9

Core AWS Services

Give an example of an IAM system user.

Answer 9

A ‘jenkins’ system user is created and given permissions to deploy Docker containers on AWS.

Question 10

Core AWS Services

What is the purpose of an IAM Group?

Answer 10

For granting access to multiple IAM users at once instead of trying to manage access individually

Question 11

Core AWS Services

What is an IAM role?

Answer 11

A role is used to grant AWS services access to other AWS services.

Question 12

Core AWS Services

How is an IAM role different from an IAM user?

Answer 12

Instead of being uniquely associated with one person, a
role is intended to be assumable by anyone who needs it

Question 13

Core AWS Services

Can an IAM policy be assigned to AWS services?

Answer 13

No, not directly. They must be attached to an IAM role.

Question 14

Core AWS Services

How do you grant AWS services access to other AWS services using IAM?

Answer 14

1. Create IAM Role
2. Assign Role AWS Service
3. Attach Policies to that Role

Question 15

Core AWS Services

Explain how CSPs manage physical data centers.

Answer 15

• CSPs are responsible for **securing **and managing physical data centers that run cloud resources.
• Data centers are located all over the world and clustered together in Availability Zones.
• One or more Availability Zones make up a Region.

Question 16

Core AWS Services

Explain VPCs in AWS

Answer 16

• Your own isolated network in the cloud
• Virtual representation of phsyical network infrastructure
• Default VPC in each Region
• A VPC spans all AZs (Subnets) in that Region
• Multiple VPCs in different Regions
• Your resources always have to run in a VPC

Question 17

Core AWS Services

Explain Subnets in AWS

Answer 17

• Range of internal IP addresses in your VPC
• Like a private network inside a network
• Subnet for each Availability Zone
• Based on your firewall configuration you can have a private and/or public subnet

Question 18

How is communication allowed inside a VPC?

Answer 18

IP addresses

When you create a new resource, such as an EC2 instance, an IP address is assigned within a subnet’s default internal IP range

Question 19

Core AWS Services

What is the purpose of an Internet Gateway in AWS?

Answer 19

Connect the VPC or its subnets to the internet

Question 20

Core AWS Services

At a high level, how do you secure your resources in AWS?

Answer 20

• Control access to your VPC
• Control access to your individual server instances

Question 21

Core AWS Services

What is the difference between a NACL and Security Group when it comes to access control?

Answer 21

• NACLs configures access on subnet level
• Security Group configures access on instance level

Question 22

Core AWS Services

What does CIDR stand for?

Answer 22

Classless Inter-Domain Routing

Defines a range of IP addresses.

Question 23

Core AWS Services

What’s the easiest way to choose a CIDR block?

Answer 23

Use a subnet calculator

Question 24

Core AWS Services

What is the relationship between a subnet and CIDR block?

Answer 24

When you create a subnet, you specify the IPv4 CIDR block for the subnet, which is a subset of the VPC CIDR block

Question 25

# Core AWS Services What is **Elastic Compute Cloud (EC2)**?

Answer 25

A virtual server in AWS, providing computing capacity

Question 26

# Core AWS Services How do you **launch** an EC2 instance in AWS?

Answer 26

1. Choose OS Image 2. Choose capacity 3. Network configurations 4. Add storage 5. Add tags 6. Configure Security Group

Question 27

# Core AWS Services How do you deploy a web app on an EC2 instance?

Answer 27

1. Create an EC2 instance on AWS 2. Connect to EC2 instance with ssh 3. Install Docker on remote EC2 instance 4. Run Docker container (docker login, pull, run) from private repository 5. Configure EC2 Security Group to access application externally from the browser

Question 28

# Core AWS Services How do you connect to an EC2 instance via SSH?

Answer 28

ssh -i .ssh/docker-server.pem ec2-user@18.184.54.160 ## Footnote Private SSH key must be downloaded first

Question 29

# Continous Deployment - Deploy to EC2 from Jenkins What is the most simple way to deploy a containerized app to an EC2 instance from Jenkins?

Answer 29

1. Connect to EC2 instance from Jenkins server via ssh (ssh agent) 2. Execute "docker run" on EC2 instance

Question 30

# Continous Deployment - Deploy to EC2 from Jenkins How do you connect to an EC2 instance from Jenkins server via SSH?

Answer 30

1. Install SSH Agent Plugin within Jenkins UI 2. Configure global credentials (id=ec2-server-key, name=ec2-user, kind=SSH Username with private key) 3. Use credential in 'deploy' stage in Jenkinsfile

Question 31

# Introduction to AWS CLI What is the **AWS Command Line Interface (CLI)** used for?

Answer 31

Interact with AWS account instead of using the UI ## Footnote Requires configuration with Access key ID and Secret Access Key.

Question 32

# Introduction to AWS CLI How do you access the UI versus CLI?

Answer 32

* UI access through password * CLI access through Access key ID and Secret Access Key

Question 33

# Introduction to AWS CLI How do you configure your AWS CLI?

Answer 33

`aws configure`

Question 34

# Introduction to AWS CLI What is the AWS CLI **command structure**?

Answer 34

* aws command subcommand [options] * aws iam list-groups * aws = the base call to the aws program * command = the AWS service * subcommand = specifies which operation to perform

Question 35

# Introduction to AWS CLI Give an example of launching a basic EC2 instance via AWS CLI

Answer 35

Question 36

What are some container services on AWS to help deploy containerized workloads?

Answer 36

* Elastic Container Registry (ECR) * Elastic Container Service (ECS) * Elastic Kubernetes Service (EKS)

Question 37

What is ECR?

Answer 37

Container registry to store, share and deploy container images

Question 38

What is ECS?

Answer 38

AWS proprietary container orchestration

Question 39

What is EKS?

Answer 39

Amazon's managed K8s service

Question 40

What are best practices for SSH keys?

Answer 40

* Keep your .pem file in the standard location in ~/.ssh/ with 400 permissions * Do not share these .pem files with co-workers. Private keys should be private to each user, generated by them. * Each user should generate their own SSH keypair and their public key should be deployed to each system they need access to.