Name 5 AWS services you have used and their use cases.
EC2 (Elastic Compute Cloud): It provides secure, resizable compute capacity in the cloud. It is used to host web applications, run batch processing jobs, and perform other computing tasks.
RDS (Relational Database Service): It is a managed database service that makes it easy to set up, operate, and scale a relational database in the cloud. It is used to store and manage data for web applications, mobile apps, and other software.
IAM (Identity and Access Management): It is a service that helps you control access to AWS resources. It is used to create and manage users, groups, and permissions for accessing AWS resources.
S3 (Simple Storage Service): It is a scalable object storage service that allows you to store and retrieve data from anywhere on the web. It is used to store and manage data for web applications, backup and recovery, and big data analytics.
ECS (Elastic Container Service): It is a fully managed container orchestration service that makes it easy to run, stop, and manage Docker containers on a cluster. It is used to deploy and manage containerized applications.
What tools are used to send logs to the cloud environment?
There are several tools that can be used to send logs to the cloud environment, including:
Amazon CloudWatch Logs: It is a managed service that makes it easy to centralize and monitor logs from AWS resources and applications.
AWS Lambda: It is a serverless compute service that can be used to process logs and send them to other services, such as Amazon S3 or Amazon Elasticsearch.
AWS Glue: It is a fully managed extract, transform, and load (ETL) service that can be used to transform and load log data into other data stores, such as Amazon Redshift or Amazon RDS.
What are IAM Roles? How do you create/manage them?
IAM Roles are a way to grant permissions to entities that you trust, such as AWS services or applications, without having to share long-term access keys. IAM Roles are created and managed in the IAM console. To create an IAM Role, you need to:
Go to the IAM console and click on "Roles".
Click on "Create role".
Choose the type of trusted entity that will assume the role (e.g., AWS service, another AWS account, or a web identity).
Choose the permissions that the role will have.
Add tags (optional).
Review and create the role.
To manage an IAM Role, you can use the IAM console to modify the role's permissions, add or remove policies, or delete the role.
How can you upgrade or downgrade a system with zero downtime?
To upgrade or downgrade a system with zero downtime, you can use a technique called blue-green deployment. In this approach, you create two identical environments, one "blue" and one "green". The blue environment is the current production environment, and the green environment is the new environment that you want to deploy to. To upgrade or downgrade the system, you follow these steps:
Deploy the new version of the system to the green environment.
Test the green environment to make sure that it is working correctly.
Switch traffic from the blue environment to the green environment.
Monitor the green environment to make sure that it is stable and performing well.
If there are any issues, switch traffic back to the blue environment.
What is infrastructure as code and how can you use it?
Infrastructure as code (IaC) is the practice of managing and provisioning infrastructure using code and software development techniques. With IaC, you can define your infrastructure as code, version control it, and automate its deployment and management. This approach can help you to reduce errors, increase efficiency, and improve collaboration between teams. To use IaC, you can use tools such as AWS CloudFormation, AWS CDK, or Terraform to define your infrastructure as code. You can then use these tools to deploy and manage your infrastructure in a repeatable and automated way.
What is a load balancer? Give scenarios of each kind of balancer based on your experience.
A load balancer is a software or hardware component that distributes incoming traffic across multiple targets, such as servers or applications, to ensure that no single target is overwhelmed with requests. It monitors the health of its registered targets and routes traffic only to the healthy targets. Load balancers can be used in various scenarios, such as:
Application Load Balancers: These are used to route HTTP/HTTPS traffic and support path-based routing. They can route requests to one or more ports on each container instance in your cluster and support dynamic host port mapping. Scenario: You have a web application that receives traffic through a domain name. The load balancer resolves the domain name using a Domain Name System (DNS) server and distributes the incoming traffic across multiple web servers. If one web server becomes unhealthy, the load balancer stops routing traffic to it and resumes routing traffic when the server becomes healthy again.
Network Load Balancers: These are used to route TCP traffic and can be more suitable for applications that require a more straightforward routing approach. Scenario: You have a network-facing application that receives incoming TCP connections. The load balancer distributes the connections across multiple instances of the application, ensuring that no single instance is overwhelmed with traffic. If an instance becomes unhealthy, the load balancer stops routing traffic to it and resumes routing traffic when the instance becomes healthy again.
What is CloudFormation and why is it used?
AWS CloudFormation is a service that allows you to create and manage AWS resources in an orderly and predictable fashion. It is a form of Infrastructure as Code (IaC), which means you can define your AWS resources in a text-based format (YAML or JSON) and automate their creation and management. CloudFormation templates can be version-controlled, allowing you to track changes and collaborate with other developers more effectively. Some use cases for CloudFormation include:
Automating the creation of AWS resources in response to user input or other events
Modeling the life cycle of resources in a structured fashion
Reproducing environments in a consistent manner (e.g., development, staging, and production environments)
Sharing resources and templates with other developers or teams within your organization
Difference between AWS CloudFormation and AWS Elastic Beanstalk?
AWS CloudFormation is a service that helps you create and manage AWS resources in a structured and predictable manner, allowing you to automate the creation and management of resources in Infrastructure as Code (IaC) format. It is useful for managing complex AWS resources and ensuring consistency across different environments (e.g., development, staging, and production).
AWS Elastic Beanstalk is a service that simplifies the process of deploying and managing applications in the AWS cloud. It is designed for developers and operators, providing an easy way to launch applications using familiar web application deployment tools like Git or the AWS Management Console. Elastic Beanstalk automatically handles the provisioning and management of AWS resources, such as EC2 instances, load balancers, and databases, to support your applications.
The main differences between AWS CloudFormation and AWS Elastic Beanstalk are:
CloudFormation focuses on creating and managing AWS resources, while Elastic Beanstalk focuses on deploying and managing applications on those resources.
CloudFormation is more suitable for complex AWS resources and Infrastructure as Code, while Elastic Beanstalk is more suitable for deploying and managing applications with minimal configuration.
CloudFormation requires more technical expertise, whereas Elastic Beanstalk is more user-friendly and designed for developers and operators.
What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
There are various security attacks that can occur on the cloud, such as:
Data breaches: Unauthorized access to sensitive data stored in the cloud.
Distributed Denial of Service (DDoS) attacks: A type of cyber attack where the goal is to overwhelm a system or resource with excessive traffic, making it unavailable to legitimate users.
Malware and ransomware: Malicious software that infiltrates systems and performs actions without the user's consent, such as stealing data or locking users out of their systems.
Cloud account hijacking: Unauthorized access to cloud accounts or resources, which can lead to unauthorized access to sensitive data and resources.
Insider threats: Employees or other insiders who have access to sensitive cloud data or resources and may misuse that access.
To minimize these security risks, you can take the following measures:
Implement strong access controls and authentication mechanisms, such as multi-factor authentication (MFA) and identity and access management (IAM) roles.
Regularly monitor and audit your cloud resources for suspicious activity and unauthorized access.
Encrypt sensitive data both in transit and at rest to protect it from unauthorized access.
Train employees on cloud security best practices and raise awareness about potential threats.
Use secure development practices, such as infrastructure as code and continuous integration/continuous deployment (CI/CD) pipelines, to minimize the risk of introducing vulnerabilities into your cloud environment.
Can we recover the EC2 instance when we have lost the key?
If you have lost the key pair for an EC2 instance, you cannot directly recover it from AWS. However, you have a few options to address the situation:
Create a new key pair: Generate a new key pair and use it to connect to the instance. You can use the AWS Management Console, AWS CLI, or SDKs to create a new key pair.
Use an existing key pair for another instance: If you have another EC2 instance with a key pair that you can use, you can transfer the key pair to the instance that requires it. Note that transferring a key pair between instances is not recommended from a security perspective, as it may compromise the security of other instances.
Contact AWS Support: If you still have access to the instance, you can contact AWS Support and explain the situation. They may be able to help you recover the key pair or provide guidance on the next steps to take.
Remember that it is essential to maintain regular backups of your EC2 instances and store the key pairs securely to avoid such situations in the future.
What is a gateway?
A gateway in the context of networking refers to a device or software that acts as an entry point to another network. It can perform various functions such as routing, protocol conversion, and security enforcement. In the context of AWS, a gateway can refer to services like API Gateway, which provides a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
What is the difference between Amazon RDS, DynamoDB, and Redshift?
Amazon RDS (Relational Database Service): It is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It supports various database engines such as MySQL, PostgreSQL, MariaDB, Oracle, and Microsoft SQL Server. RDS is suitable for traditional relational database use cases where structured data and complex queries are involved.
DynamoDB: It is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB is designed for applications that require single-digit millisecond latency for reads and writes, and the ability to handle large amounts of data. It is suitable for use cases such as web and mobile applications, gaming, IoT, and more.
Redshift: It is a fully managed, petabyte-scale data warehouse service in the cloud. It is designed for large-scale data analytics and warehousing. Redshift is optimized for high-performance analysis and reporting of large datasets using standard SQL and existing Business Intelligence (BI) tools.
Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
Yes, hosting a static website on Amazon S3 is a common and cost-effective approach. S3 provides a highly available and scalable platform for hosting static websites, and it can be used to deliver content with low latency through Amazon CloudFront, AWS's content delivery network. It also offers features such as versioning, access control, and server-side encryption. However, for dynamic websites that require server-side processing, a combination of S3 for static content and services like AWS Elastic Beanstalk or Amazon EC2 for server-side processing may be more suitable.
Thank you for reading until here. Happy Learning!