What is the primary role of the EC2 Instance Profile?
A container that passes the IAM Role to the EC2 instance, allowing applications running on the instance to assume the role and access AWS services.
What is AWS Systems Manager (SSM) Session Manager used for?
It provides secure, auditable access to EC2 instances without needing SSH keys or opening inbound ports (like port 22) on the Security Group.
How do you securely provide application secrets (e.g., database password) to an EC2 instance at runtime?
Use AWS Secrets Manager or SSM Parameter Store (SecureString). The EC2 instance’s IAM Role must be granted permission to retrieve and decrypt the secret.
What is the primary function of AWS Instance Connect?
It provides a simple, browser-based way to connect to EC2 instances using temporary SSH keys that are automatically pushed to the instance metadata, eliminating the need to manage long-term SSH keys.
What are the three core components of an EC2 Auto Scaling Group (ASG)?
- Launch Template (or Launch Configuration)
- Auto Scaling Group (defines min, max, desired capacity)
- Scaling Policies (defines when to scale).
What is the difference between a Target Tracking Scaling Policy and a Step Scaling Policy?
- Target Tracking: The easiest way; sets a target value for a metric (e.g., keep average CPU utilization at 70%).
- Step Scaling: Defines specific actions (e.g., add 2 instances) based on specific CloudWatch alarm thresholds.
How does an Application Load Balancer (ALB) direct traffic to different target groups based on the request?
Using Listener Rules that can evaluate the request path, host header, or query strings.
What is the main benefit of using a Network Load Balancer (NLB) over an ALB?
NLB handles extremely high traffic and provides ultra-low latency (Layer 4 only), whereas ALB is better for flexible, feature-rich routing (Layer 7).
What happens if an instance in an Auto Scaling Group is marked as unhealthy by a Load Balancer?
The Load Balancer informs the Auto Scaling Group, and the ASG will terminate the unhealthy instance and launch a new replacement instance.
-
IAM 10118
-
S3 10174
-
S3 Object Lock8
-
S3 Performance10
-
S3 Sharing Buckets Across Accounts4
-
S3 Encryption and Versioning16
-
S3 Select and Glacier Select4
-
[Solutions Architect] S3 Storage Gateways14
-
[Solutions Architect] AWS Organizations7
-
CloudFront15
-
DataSync5
-
EC2 10134
-
AMI 10110
-
VPC Security Groups12
-
EBS 10117
-
Types of EBS Volumes18
-
ENI/ENA/EFA22
-
Encrypted Root Device Volumes7
-
Spot Instances and Spot Fleets15
-
EC2 Hibernate10
-
EC2 CloudWatch8
-
EC2 Misc.11
-
EFS11
-
[Solutions Architect] FSx5
-
[Solutions Architect] EC2 Placement Groups16
-
EC2 HPC5
-
AWS WAF6
-
Databases 10138
-
RDS48
-
DynamoDB40
-
Redshift15
-
Aurora17
-
Cacheing and Elasticache15
-
Advanced IAM16
-
DNS / Route 5333
-
Route53 Routing Policies11
-
VPCs48
-
NAT Instances and NAT Gateways16
-
Network ACLs8
-
VPC Flow Logs8
-
Load Balancers / High Availability 10127
-
ASGs4
-
Bastion Host and On-Premises High Availability7
-
SQS24
-
SWF6
-
SNS3
-
Elastic Transcoder2
-
API Gateway6
-
Kinesis 1017
-
Web Identity Federation and Cognito7
-
Event Processing Patterns5
-
Security23
-
Lambda19
-
Miscellaneous12
-
Containers and VMs38
-
[DEVELOPER] Advanced Lambda23
-
[DEVELOPER] Advanced SQS + SNS37
-
[DEVELOPER] Advanced Kinesis38
-
[DEVELOPER] Elasticache and Advanced RDS / Aurora3
-
[Developer] Advanced Database Topics49
-
[Developer] Advanced Analytics Topics18
-
[Developer] Monitoring Services6
-
[DEVELOPER] Advanced Storage Topics10
-
[DEVELOPER] Advanced Networking and Content Delivery26
-
[DEVELOPER] AI and ML20
-
[DEVELOPER] Developer tools14
-
[Developer] Step Functions13
-
[Developer] AWS Amplify11
-
[DEVELOPER] Advanced EC29
-
[DEVELOPER] Developer Security7
-
[DEVELOPER] Advanced API Gateway27
-
[Solutions Architect] Organizational Security15
-
[Solutions Architect] Active Directory22
-
[DEVELOPER] CloudTrail11
-
[Developer] X-Ray13
-
[Developer] SAM11
-
[Developer] Deployment Services40
