Table of contents
- Questions:
- Name 5 aws services you have used and what are the use cases?
- What are the tools used to send logs to the cloud environment?
- What are IAM Roles? How do you create /manage them?
- How to upgrade or downgrade a system with zero downtime?
- What is infrastructure as code and how do you use it?
- What is a load balancer? Give scenarios of each kind of balancer based on your experience.
- What is CloudFormation and why is it used for?
- Difference between AWS CloudFormation and AWS Elastic Beanstalk?
- What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
- Can we recover the EC2 instance when we have lost the key?
- What is a gateway?
- What is the difference between Amazon RDS, Dynamodb, and Redshift?
- Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
- Happy Learning :)
Today I have covered Question Set on AWS.
Questions:
Name 5 aws services you have used and what are the use cases?
EC2 -
Elastic Compute Cloud
- It is aweb service
that providessecure
,resizable compute
capacity in the cloud. It is designed to makeweb-scale cloud computing
it easier for developers. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment.S3 -
Simple Storage Service
- It is a web service offered by Amazon Web Services thatprovides object storage
through a web service interface. Amazon S3 uses the samescalable storage infrastructure
that Amazon.com uses to run its globale-commerce network
.RDS -
Relational Database Service
- It is a web service that makes it easier toset up
,operate
, andscale
arelational database in the cloud
. It providescost-efficient
,resizable capacity
for an industry-standard relational database and manages common database administration tasks.Lambda - It is a
serverless computing service
provided by AWS. It is acompute service
that lets yourun code
withoutprovisioning
ormanaging servers
. Lambda runs your codeonly when needed and scales automatically
, from afew requests per day
tothousands per second
.CloudFront - It is content
delivery network
offered by AWS. It is a global content delivery network service that securelydelivers data
,videos
,applications
, andAPIs
to your viewers withlow latency
andhigh transfer speeds
.
What are the tools used to send logs to the cloud environment?
CloudWatch - It is a
monitoring
andobservability service
built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers.CloudWatch provides you with
data
andactionable insights to monitor your applications
, respond to system-wideperformance changes
, optimize resource utilization
, and get a unified view ofoperational health
.CloudWatch collects
monitoring
andoperational data
in the form oflogs
,metrics
, andevents
, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers.
What are IAM Roles? How do you create /manage them?
IAM -
Identity and Access Management
- It is a web service that helps yousecurely control access
to AWS resources for your users. You use IAM tocontrol who can use your AWS resources (authentication)
andhow they can use resources (authorization)
.IAM Roles - It is an
IAM identity
that you can create in your account that hasspecific permissions
. It isnot associated
with aspecific user
orgroup
, and it isnot permanent
. It is atemporary identity
that can be used byapplications
,services
, orusers
assuming arole to perform
anoperation
.How to create IAM Roles?
Step 1: - Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
Step 2: - In the navigation pane, choose Roles, and then choose Create role.
Step 3: - Choose the service that will use this role. In this case, choose EC2, and then choose Next: Permissions.
Step 4: - On the Attach permissions policies page, choose the permissions to attach to the role. In this case, choose AmazonS3FullAccess, and then choose Next: Tags.
Step 5: - On the Add tags page, add any tags that you want to use to identify this role, and then choose Next: Review.
Step 6: - On the Review page, type a name for the role, and then choose Create role.
Link For Learning More About IAM Roles:
https://devops-rohit.hashnode.dev/day-38-cloud-security-aws-iam
How to upgrade or downgrade a system with zero downtime?
Upgrading
ordowngrading
a system withzero downtime
in AWS can be achieved using various strategies and services provided by AWS. The process involvescarefully planning
andimplementing the changes
to minimize any impact on the system availability. Here are some steps and techniques you can use to achieve zero-downtime upgrades or downgrades:Elastic Load Balancers (ELB): Deploy your system behind an Elastic Load Balancer (ELB) to distribute incoming traffic across multiple instances. During the upgrade or downgrade, you can take instances out of service one at a time, update them, and then add them back to the ELB.
Auto Scaling Groups: Deploy your instances within an Auto Scaling Group (ASG) so that it automatically replaces instances with the new version while maintaining the desired capacity. This way, you can perform rolling updates with zero downtime.
Blue/Green Deployment: Create a new environment ("Blue") with the updated version of your system alongside the existing environment ("Green"). Use Route 53 or an ELB to switch traffic gradually from the old environment to the new one.
AWS CodeDeploy: Utilize AWS CodeDeploy, which allows you to automate application deployments to EC2 instances or on-premises instances. CodeDeploy supports both rolling updates and blue/green deployments.
Amazon Elastic Beanstalk: If your system is built on AWS Elastic Beanstalk, it provides seamless updates to the underlying instances while maintaining the application's availability.
Database Replication: If the upgrade or downgrade involves changes to the database, consider using database replication (e.g., Amazon RDS Multi-AZ or read replicas) to maintain a redundant copy of the database during the update process.
What is infrastructure as code and how do you use it?
Infrastructure as Code (IaC)
means usingcode to define
andmanage your IT infrastructure
instead of manually setting it up. This code describes what resources you need(like servers, networks, and databases)
and how they should be configured. By doing this, you can automate the process ofcreating
andupdating
your infrastructure, making itfaster
,more consistent
, andeasier to manage
. It also allows you to version control yourinfrastructure
,collaborate with others
, and ensure that everyone is working with thesame setup
. Overall, Infrastructure as Code brings efficiency and reliability to infrastructure management.
What is a load balancer? Give scenarios of each kind of balancer based on your experience.
Load Balancer - It is a
device
that acts as areverse proxy
anddistributes network or application traffic
across a number of servers.Load balancers
are used toincrease capacity
(concurrent users) andreliability
of applications.They
improve the overall performance of applications
bydecreasing
the burden on servers associated withmanaging
andmaintaining
application andnetwork sessions
, as well as by performingapplication-specific tasks
.Types of Load Balancers:
Application Load Balancer (ALB) - It is a
layer 7 load balancer
that routestraffic
based onadvanced application-level
information, such as thecontent of the request
. It isbest suited
forload balancing
ofHTTP
andHTTPS
traffic and providesadvanced request routing
targeted at thedelivery of modern application architectures
, includingmicroservices
andcontainers
.Network Load Balancer (NLB) - It is a
layer 4 load balancer
that routestraffic
based onnetwork-level
information, such asIP addresses
andports
. It isbest suited
forload balancing
ofTCP
,UDP
, andTLS
traffic whereextreme performance
is required.Classic Load Balancer (CLB) - It is a
legacy load balancer
that routestraffic
based onlayer 4
information, such asIP addresses
andports
, andlayer 7
information, such asHTTP headers
,cookies
, andquery strings
. It isbest suited
forsimple load balancing
ofHTTP
andHTTPS
traffic.
What is CloudFormation and why is it used for?
AWS CloudFormation
is a service that lets youdefine
your AWS infrastructure ascode using templates
. With thisCloudFormation
, you canautomate the creation
,updating
, anddeletion of AWS resources
. It helpsmaintain consistent
andrepeatable infrastructure
configurations across different environments and simplifies the management of complex architectures. CloudFormation is useful for automating resource provisioning and ensuring that your infrastructure follows best practices and is easy to scale.
Difference between AWS CloudFormation and AWS Elastic Beanstalk?
AWS CloudFormation is an
Infrastructure as Code
service that allows you toprovision
andmanage AWS resources using templates
, giving you full control overinfrastructure management
.AWS Elastic Beanstalk is a Platform as a Service offering focused on simplifying the
deployment
andmanagement of applications
, abstracting away much of theinfrastructure complexity
fordevelopers
.Choosing between
CloudFormation
andElastic Beanstalk
depends onyour specific use case
. If you need fine-grained control over yourinfrastructure
and want tomanage the entire stack
, CloudFormation is a better fit. On the other hand, if you want a managed platform for deploying applications without worrying aboutinfrastructure details
,Elastic Beanstalk
is a more suitable choice.
What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
Common types of security attacks on the cloud include data breaches, DoS/DDoS attacks, MitM attacks, insider threats, data loss, account hijacking, injection attacks, XSS, CSRF, and SSRF.
To minimize these attacks:
Implement
strong access controls
andencryption
.Monitor
andaudit cloud activities
regularly.Keep software up to date with
security patches
.Use
firewalls
andsecurity groups
tocontrol traffic
.Deploy
intrusion detection/prevention
systems.Conduct
security testing
andtraining for employees
.Backup critical data
and have adisaster recovery plan
.Leverage
cloud provider security services
.
Can we recover the EC2 instance when we have lost the key?
- Yes, we can recover the EC2 instance when we have lost the key. We can do this by creating a
new key pair
andattaching it to the instance
. We can alsocreate an AMI of the instance
and launch a new instance from the AMI with anew key pair
.
What is a gateway?
- A
gateway
is anetwork node
thatconnects two networks
using different protocols together. It is adevice
thattranslates
theprotocols
used bytwo different networks
that arenot directly connected
. It is also known as aprotocol converter
.
What is the difference between Amazon RDS, Dynamodb, and Redshift?
Amazon RDS: Managed relational database service for traditional databases like MySQL, PostgreSQL, etc. Suitable for applications with structured data and SQL queries.
DynamoDB: Fully managed NoSQL database for high-performance, low-latency, and scalable applications, ideal for real-time and IoT use cases.
Redshift: Managed data warehousing service optimized for running complex analytical queries on large datasets, best suited for data warehousing and business intelligence.
Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
Yes, I would prefer to host a website on S3. It is a
cost-effective
andscalable
solution forstatic websites
. It also provideshigh availability
andreliability
with99.99% uptime
. S3 also supportscustom domain names
andSSL/TLS
certificates, which are essential forhosting websites
.