Professional Documents
Culture Documents
When would
you use each?
1)ondemand:
-->expensive model,pricing based on per hour or per second basis,no upfront
cost,flexible.
2)Reserved:
---> need to pay upfront either partial or full.70% discount compared to
ondemand pricing , long term commitment 1 or 3 years.
3)spot:
---> cheapest pricing model,90% discount compared to ondemand,price varies
based on instance availability.aws can get back instance
any time with 2 minute notice.
Describe the security considerations when launching EC2 instances. How can you
secure data at rest and in transit on EC2 instances?
security considerations:-
Network level:-
infrastructure level:-
1) EBS encryption
You are tasked with designing a highly available and fault-tolerant architecture
for a web application on AWS. How would you use EC2 instances to achieve this?
highly available:-
1) r53 - setting fail over routing policy - avoid region level failure
2) create subnet in all availability zone and use loadbalancer - avoid zone
level failure
fault tolerant:-
1) auto scaling - auto scaling terminate unhealthy instance and create new
instance
Explain the significance of an Amazon Machine Image (AMI). How can you create a
custom AMI, and when might you need to do so?
You need to optimize costs for a workload running on EC2 instances. What strategies
and services might you consider to achieve cost savings?
strategies:-
service:-
1) aws pricing calculator --> calculate a price of our architecture before
implementation
2) aws budget --> forecast bills,set alarm if it goes above certain limit
ex:-
development and test environments are typically only used for eight hours a
day during the work week. You can stop these resources when
they are not in use for a potential cost savings of 75% (40 hours versus
168 hours).
service:-
1) lambda --> automatically start and stop instance based on lambda
function we defined.
My Production website experiences varying levels of traffic throughout the day. How
can you ensure that your Amazon EC2 instances manage my
workloads???
1) auto scaling :-
My application needs to store sensitive data, and you want to ensure that the data
is encrypted at rest on EC2 instances. How can you enable this encryption?
1) kMS :-
-->aws create and manage these keys.we dont have any access over it.we
can only see the metedata of the key.
--> customer create and manage these keys.we have full control over
it.we can give access to user,rotate keys etc.
--> 1$/month for each key.it have usage cost depends on region.
2) set cronjobs to move logs of past seven days or so to s3 and clear logs over
time to get some space in ec2.
3) poor coding:- app server takes more time to compile the program
4) outdated os :- not updating the os too long lead to performance and security
issues.