Skip to content

EC2 Exam Tips

EC2

  • Pricing Models
    • On Demand: Allows you to pay a fixed rate by the hour (or by the second) with no commitment.
    • Reserved: Provides you with a capacity reservation and offer a significant discount on the hourly charge for an instance. 1 Year or 3 Year terms.
    • Spot: Enables you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times.
      • If a spot instance is terminated by Amazon EC2, you will not be charged for a partial hour of usage; however, if you terminate the instances yourself, you will be charge for the complete hour in which the instance has run.
    • Dedicated Hosts: Physical EC2 server dedicated for your use. Dedicated hosts can help you reduce costs by allowing you to use your existing server-bound software licenses.
  • FIGHT-DR-MC-PX

EBS

  • SSD
    • General Purpose SSD: Balances price and performance for a wide variety of workloads
    • Provisioned IOPS SSD: Highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
  • Magnetic
    • Throughput Optimized HDD (Magnetic): Low cost HDD volume designed for frequently accessed, throughput-intensive workloads. Can't be boot volume.
    • Cold HDD (Magnetic): Lowest cost HDD volume designed for less frequently accessed workloads. Can't be boot volume.
    • Magnetic: Previous generation. Can be a boot volume.
  • There are three types of ELB Load Balancers
    • Application
    • Network
    • Classic
  • 504 Error means that the gateway has timed out. This means that the application is not responding within the idle timeout period.
    • Troubleshoot the application. Is it the Web Server or Database server?
  • If you need the IPv4 address of your end-user, look for the X-Forwarded-For header

Route53

  • Route53 is Amazon's DNS service
  • Allows you to map your domain names to
    • EC2 Instances
    • Load Balancers
    • S3 Buckets

CLI

  • Least Privilege: Always give your users the minimum amount of access required.
  • Create Groups: Always create groups and assign users to groups. Your users will automatically inherit the permissions of the group. The group's permissions are assigned using policy documents.
  • Secret Access Key: You will see this only once. If you do not save it, you can delete the Key Pair (Access Key ID and Secret Access Key) and regenerate it. You will need to run aws confgure again.
  • Never use just one access key: Do not create just one access key and share with all of your developers. If someone leaves the company on bad terms, then you will need to delete the key and create a new one and every developer would then need to update their keys. Instead, create one key per developer.
  • Never store your Access Key ID and Secret Access Keys in GitHub. People have written scripts to scan for these.
  • You can use the CLI on your PC. You can install the CLI on your Mac, Linux, or Windows PC. I personally use S3 to store all my files up in the cloud.

Roles

  • Once you've used aws configure, you will need to manually remove the credentials and config folders under ~/.aws. If you do not do this, any roles that you assign will be ignored, as the assigned credentials are overriding.
  • Roles allow you to not use Access Key ID's and Secret Access Keys
  • Roles are preferred from a security perspective
  • Roles are controlled by policies
  • You can change a policy on a role and it will take immediate affect
  • You can attach and detach roles to running EC2 instances without having to stop or terminate these instances

Volume Encryption

  • You can encrypt the root device volume (the volume the OS is installed on) using OS-level encryption.
  • You can encrypt the root device volume by first taking a snapshot of that volume and then creating a copy of that snap with encryption. You can then make an AMI of this snap and deploy the encrypted root device volume.
  • You can encrypt additional attached volumes using the console, CLI, or API.

RDS

  • OLTP
    • SQL Server
    • MySQL
    • PostgreSQL
    • Oracle
    • AuroraDB
    • MariaDB
  • NoSQL
    • DynamoDB
  • OLAP
    • RedShift
  • Elasticache (In-Memory Caching)
    • Memcached
    • Redis

Multi-AZ

Multi-AZ is for Disaster Recovery only. It is not primarily used for improving performance. For performance improvement, you need Read Replicas.

Read Replica Databases

  • Used for scaling, not disaster recovery.
  • Must have automatic backups turned on in order to deploy a read replica.
  • You can have up to 5 read replica copies of any database.
  • You can have read replicas of read replicas (but watch out for latency).
  • Each read replica will have its own DNS endpoint.
  • You can have read replicas that have Multi-AZ.
  • You can create read replicas of Multi-AZ source databases.
  • Read replicas can be promoted to be their own databases. This breaks the replication.
  • You can have a read replica in a second region (for MySQL and MariaDB)

Elasticache

  • Typically, you will be given a scenario where a particular database is under a lot of stress/load. You may be asked which service you should use to alleviate this.
    • Elasticache is a good answer if your database is particularly read-heavy and not prone to frequent changing.
    • Redshift is a good answer if the reason your database is feeling stress is because management keep running OLAP (Online Analytics Processing) transactions on it, etc.
    • Basically, for data warehousing, using Redshift; for simply taking stress off of your database, use Elasticache.
  • Use Memcached if
    • Object caching is your primary goal
    • You want to keep things as simple as possible
    • You want to scale your cache horizontally (scale out)
  • Use Redis if
    • You have advanced data types, such as lists, hashes and sets.
    • You are doing data sorting and ranking (such as leader boards)
    • Data persistence
    • Multi-AZ
    • Pub/Sub capabilities are needed