AWS Tutorial Terminology page 7

Question: What is Amazon EBS Snapshots?
You can back up the data on your Amazon EBS volumes to Amazon S3 at any point of time knows as snapshots.

Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.

When you delete a snapshot, only the data unique to that snapshot is removed.
Each snapshot contains all of the information needed to restore your data.



Question: What is enhanced networking on Linux?
Enhanced networking uses single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities on supported instance types. SR-IOV is a method of device virtualization that provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces.



Question: What is Spot Instances?
A Spot Instance is an unused EC2 instance that is available for less than the On-Demand price.
Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly.


The hourly price for a Spot Instance is called a Spot price.The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and adjusted gradually based on the long-term supply of and demand for Spot Instances.Your Spot Instance runs whenever capacity is available and the maximum price per hour for your request exceeds the Spot price.



Question: What is Amazon elastic map reduce?
Amazon EMR processes "big data" across a Hadoop cluster of virtual servers on Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3).


Question: What is the AWS Storage Gateway service?
The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud.


Question: Difference between Gateway cached volume and stored volume?
In the cached mode, your primary data is written to S3, while retaining your frequently accessed data locally in a cache for low-latency.
Whereas in the stored mode, your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS.


Question: What protection was on AWS Storage Gateway?
All data transferred between any type of gateway appliance and AWS storage is encrypted using SSL.
data stored by AWS Storage Gateway in S3 is encrypted server-side with Amazon S3-Managed Encryption Keys (SSE-S3).


Question: What is file gateway?
AWS Storage Gateway service that provides your applications a file interface to seamlessly store files as objects in Amazon S3, and access them, using industry standard file protocols.


Question:What is Amazon kinesis?
Amazon Kinesis is collect and process large streams of data records in real time.
The processed records can be sent to dashboards, used to send alerts and advertising strategies, or send data to a variety of other AWS services.


Question: What are benefits of Amazon Kinesis?

1. Kinesis Video Streams to capture, process, and store video streams for analytics and machine learning.
2. Kinesis Data Streams to build custom applications that analyze data streams using popular stream processing frameworks.
3. Kinesis Data Firehose to load data streams into AWS data stores.
4. Kinesis Data Analytics to analyze data streams with SQL.

Question: What is IOPS?
IOPS is the standard unit of measurement for I/O (Input/Output) operations per second.


Question: Amazon EBS General Purpose (SSD) volume type?
Elastic Block storage(EBS) General purpose (SSD) is default volume in EC2.
It is suitable for application from small to medium-sized databases, development and test environments, and boot volumes.


Question: What is Aws Data Pipeline?
AWS Data Pipeline is a web service that you can use to automate the movement and transformation of data.
With AWS Data Pipeline, you can define data-driven workflows, so that tasks can be dependent on the successful completion of previous tasks.



Question: What is Amazon Machine Images (AMI)?
An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud.

How to do SVN checkout in New EC2 instance

Step 1: Login to SSH

Login to Ec2 instance using public DNS (like ec2-54-173-191-129.compute-1.amazonaws.com)
For example:

ssh -i "arunkg.pem" ec2-user@ec2-54-173-191-129.compute-1.amazonaws.com

Step 2: Install the SVN

First you need to install the svn in EC2 instance.

sudo yum install mod_dav_svn subversion

(It will prompt to download the more data from internet, need to say yes)
Step 2: Do the SVN checkout

sudo svn checkout https://subversion.assembla.com/svn/mycityinfo/ mycity

here mycity is folder where all the files will download.


Step 2: Prompt the password for root
When it will promot for the root password, just press the enter key.


Step 3: Prompt the username/password of svn

You need to suply the username and password for assembla.com OR SVN.

How to create a new user to EC2 Instance in AWS?

Step 1: Login to SSH
Login to Ec2 instance using public DNS (like ec2-54-173-191-129.compute-1.amazonaws.com)
For example:

ssh -i "arunkg.pem" ec2-user@ec2-54-173-191-129.compute-1.amazonaws.com

Step 2: Use the following adduser command to add the newuser account to the system (with an entry in the /etc/passwd file).

sudo adduser newuser

Step 3:Switch to the new account so that newly created files have the proper ownership.

sudo su - newuser

Step 4 Create a folder and set the permission

mkdir .ssh
chmod 700 .ssh
cd .ssh

Step 5: Create a file named authorized_keys in the .ssh directory and change its file permissions to 600 (only the owner can read or write to the file).

touch authorized_keys
chmod 600 authorized_keys

Step 6: Open the authorized_keys and write public key in this.

vi authorized_keys

Paste the public key for your key pair into the file and save the changes.
For example:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V
hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr
lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ
qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb
BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE

Question: How to remove a user?

sudo userdel -r newuser

AWS Tutorial Terminology page 6

Question: What is Amazon Route 53?
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service.


Question: What are main functions of Route 53?

1. Register domain names: Your website needs a name, such as example.com. Route 53 lets you register a name for your website.
2. Route internet traffic to the resources: Connect the domain with website source code.
3. Check the health of your resources: Route 53 sends automated requests over the internet to a resource, such as a web server, to verify that it's available .

Question: Elaborate the Working of Route 53?
;
See details


Question: What is Network ACLs?
A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out.


Question: What are basics of Network ACLs?

1. Your VPC automatically comes with a modifiable default network ACL. By default, it allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic.
2. You can create a custom network ACL and associate it with a subnet. By default, each custom network ACL denies all inbound and outbound traffic until you add rules.
3. Each subnet in your VPC must be associated with a network ACL. If you don't explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL
4. You can associate a network ACL with multiple subnets
5. A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic

Question: What is Amazon EC2 Security Groups?
A security group acts as a virtual firewall that controls the traffic for one or more instances.
When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances.


Question: What are difference between security group and network ACL?

1. Network Access control lists are applicable at the subnet level, so any instance in the subnet with an associated NACL will follow rules of NACL. That's not the case with security groups, security groups has to be assigned explicitly to the instance.
2. By default your default vpc, will have a default Network Access Control List which would allow all traffic , both inbound and outbound.
3. NACLs are stateless unlike security groups. Security groups are statefull ,if you add an inbound rule say for port 80, it is automatically allowed out, meaning outbound rule for that particular port need not be explicitly added. But in NACLs you need to provide explicit inbound and outbound rules

Question: Name the several layers of Cloud Computing.?

1. PaaS: Platform as a Service
2. IaaS: Infrastructure as a Service
3. SaaS: Software as a Service

Question: What are the components involved in Amazon Web Services?
Amazon S3 : with this, one can retrieve the key information which are occupied in creating cloud structural design and amount of produced information also can be stored in this component that is the consequence of the key specified.
Amazon SimpleDB : helps in storing the transitional position log and the errands executed by the consumers.
Amazon SQS : this component acts as a mediator between different controllers. Also worn for cushioning requirements those are obtained by the manager of Amazon.
Amazon EC2 instance : helpful to run a large distributed system on the Hadoop cluster. Automatic parallelization and job scheduling can be achieved by this component.


Question: Name the various layers of the cloud architecture?

1. CC- Cluster Controller
2. SC- Storage Controller
3. CLC- Cloud Controller
4. Walrus
5. NC- Node Controller

AWS Tutorial Terminology page 5

Question: What is difference between stored volumes vs cached volumes?
Volume gateway provides an iSCSI target, which enables you to create volumes and mount them as iSCSI devices from your on-premises or EC2 application servers. The volume gateway runs in either a cached or stored mode.


In the cached mode, your primary data is written to S3, while retaining your frequently accessed data locally in a cache for low-latency access.

In the stored mode, your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS.


Question: What is VPC flow logs?
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.


Question: Where VPC flow logs are stored?
Flow log data is stored using Amazon CloudWatch Logs.


Question: What does do VPC flow logs?
to troubleshoot why specific traffic is not reaching an instance, which in turn helps you diagnose overly restrictive security group rules.
You can also use flow logs as a security tool to monitor the traffic that is reaching your instance.


Question: What are five pillars of AWS Well-Architected?

1. Security
2. Reliability
3. Performance
4. Cost optimization
5. Performance Excellence

Question: What is Placement Group?
Placement Group is a logical grouping of instances within a single Availability Zone (AZ) that enables applications to participate in a low-latency, 10 Gbps network. You create a placement group first, and then you can launch instances in the placement group.

Question: What is CNAME record?
CNAME record is a type of DNS record that maps an alias name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.


Question: What is Alias record?
An ALIAS record is a virtual record that we create to provide CNAME-like behavior on apex domains.
For example, if your domain is example.com and you want it to point to a myapp.herokuapp.com, then you cannot use a CNAME record, but you can use an ALIAS record.


Question: What is difference between CNAME Records and Alias Records?
Route 53 charges for CNAME queries whereas does not charge for Alias Records.


Question: What is difference between aws Scale up vs scale out?
Scaling up: when you change the instance types within your Auto Scaling Group to a higher type (for example, changing an instance from a m4.large to a m4.xlarge), scaling down is to do the reverse.
Scaling out: is when you add more instances to your Auto Scaling Group and scaling in is when you reduce the number of instances in your Auto Scaling Group.


Question: What is Amazon Kinesis Data Streams?
Amazon Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs.


Question: What is AWS Direct Connect?
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.