Q) What is AWS CloudWatch?
AWS CloudWatch is the web service that enables you to monitor AWS resources and the application that you run on AWS in real-time. CloudWatch is used to collect and track metrics, users also can send their own logs and custom metrics to CloudWatch for monitoring.
By using CloudWatch you can set the alarm which will send notification or make changes to the resources that you are monitoring when a threshold is breached.
Q) AWS CloudWatch Events?
Amazon CloudWatch Events delivers a near-real-time stream of system events that describe changes in Amazon Web Services (AWS) resources.
An event indicates a change in your AWS environment. AWS resources can generate events when their state changes.
These event changes can subsequently trigger notifications, or other actions, through the use of rules.
Q) What is IAM?
Amazon Identity and Access Management is a web service that helps you to securely control access to AWS resources for your user. You use IAM to control who can use your AWS resource (authentication) and what resources they can use and in what ways (authorization).
Q) What is IAM User?
AWS IAM User is an entity that you create in AWS to represent the person and application that uses it to interact with AWS.
A user in AWS consists of a name and credentials to sign in to Management console and Access Keys which is used by API or CLI.
IAM user gives you the ability to sing into AWS Management console for the interactive task and to make programmatic request to AWS services using the API or CLI.
Q) What is the IAM Group?
IAM Group is the collection of IAM Users. With the IAM group, it is easy to manage the permissions for each user.
Q) What is IAM Role?
IAM Role is an identity similar to IAM user with the permission policy attached to it that determines what it can do and cannot do in AWS. Roles do not have any credentials associated with it.
Q) What is IAM Policy?
A policy is an entity that, when attached to an identity or resource, defines its permissions. Policies are stored in AWS as JSON documents.
AWS Policies are of two types:
1. Identity-based policies:
A policy that is attached to an identity in IAM is known as an identity-based policy. Identity-based policies can include AWS managed policies, customer managed policies, and inline policies.
AWS managed policies are created and managed by AWS.
Customer managed policies are standalone policies that you administer in your own AWS account. You can then attach the policies to identities (users, groups, and roles) in your AWS account.
An inline policy is one that you create and embed directly to an IAM group, user, or role.
2. Resource-based policies:
Resource-based policies are the ones which can be directly attached to the AWS resource like S3( called Amazon S3 bucket policy).
Q) List the available CloudWatch metrics?
1. CPUUtilization
2. DiskReadOps
3. DiskWriteOps
4. DiskReadBytes
5. DiskWriteBytes
6. NetworkIn
7. NetworkOut
8. NetworkPacketsIn
9. NetworkPacketsOut
10. StatusCheckFailed
11. StatusCheckFailed_Instance
12. StatusCheckFailed_System
Q) What is Target Group?
A target group tells a load balancer where to direct traffic to: EC2 instances, fixed IP addresses; or AWS Lambda functions, amongst others. When creating a load balancer, you create one or more listeners and configure the listener rules to direct the traffic to one target group.
Q) Amazon S3 Storage Classes?
1. Amazon S3 Standard for
frequently access data.
2. Amazon S3
Intelligent-Tiering (S3 Intelligent-Tiering) for unknown and changing access
pattern.
3. Amazon S3 Standard
Infrequent Access for long-lived and less frequently access data.
4. Amazon S3 One
Zone-Infrequent Access (S3 One Zone-IA) for long-lived less frequently access
data
5. Amazon Glacier for
long term archival.
6. Amazon Glacier Deep
Archive for long-term archival.
Ref Link: https://aws.amazon.com/s3/storage-classes/
Q) What is Amazon ECR?
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS) simplifying development to production workflow.
Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications.
Amazon ECR eliminates the need to operate our container repository and worry about scaling the underlying infrastructure.
Q) What is ECS?
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service. Amazon ECS is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster.
Ref Link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
Q) Amazon ECS Launch Types
An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.
1. Fargate Launch Type
2. EC2 Launch Type
1. Farget Launch Type:
The Fargate launch type allows you to run your containerized applications without need to provision and manage the backend infrastructure.
2. EC2 Launch Type:
The EC2 launch type allows you to run your containerized applications on a cluster of Amazon EC2 instances that you manage.
Ref Link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html
Q) What is scalability?
Scalability is the ability to expand from the existing configuration of the system for handling the increasing amount of load. Scaling can be done by either adding extra hardware or by upgrading the current system configuration. There are two different ways to accomplish scaling, one is vertical scaling, and the other is horizontal scaling.
Q) What is Horizontal scaling?
Horizontal scaling is a strategy used to enhance the performance of the server node by adding more instances of the server to your existing pool of servers so that the load can be equally distributed.
Q) What is Vertical Scaling?
Vertical Scaling is an attempt to increase the capacity of a single machine. Here the resources such as processing power, storage, memory, and more are added to an existing work unit.
Ref Link: https://www.redswitches.com/blog/difference-between-horizontal-vertical-scaling
Q) What is CloudTrail?
AWS Cloud Trail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With AWS Cloud Trail, you can log, continuously monitor and retain account activity related to the actions across your AWS infrastructure.
CloudTrail provides event history of your AWS account activity, including action taken through the AWS management console, AWS SDK’s and command-line tools and other AWS services.
This event history simplifies security analysis, resource change tracking, and troubleshooting.
Q) What is AWS Config?
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
AWS Config is a service created specifically for assessing, monitoring, and auditing configuration changes within the AWS cloud by using various rules. It is a fully managed service, and it works by continuously recording resources configurations to a chosen S3 bucket and comparing them to the desired state.
Ref Link: https://n2ws.com/blog/aws-cloud/aws-config
Q) Ways to encrypt data in S3?
Amazon S3 supports the following encryption mechanisms to secure the data in S3:
1. Server-Side Encryption(SSE).
Ø Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). Encryption
Algorithm: AES-256
Ø Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS).
Ø Server-Side Encryption with Customer-Provided Keys (SSE-C).
2. Client-Side Encryption (CSE).
Q) Difference between a Spot instance and an On-Demand instance?
Both spot instances and on-demand instances are pricing models. A spot instance allows customers to purchase compute capacity with no upfront commitment. Moreover, the hourly rates for a spot instance are usually lower than what has been set for on-demand instances.
The bidding price for a spot instance is known as the spot price. It fluctuates based on the supply and demand for spot instances. In case the spot price gets higher than a customer’s maximum specified price, the EC2 instance will shut down automatically.
Q) What is AWS Inspector?
AWS Inspector is an automated security assessment service that helps to improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. It performs an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
Q) What is the Cooldown Period?
The cooldown period helps to ensure that your Auto Scaling group doesn't launch or terminate additional instances before the previous scaling activity takes effect.
A scaling cooldown helps you prevent your Auto Scaling group from launching or terminating additional instances before the effects of previous activities are visible.
Q) What is SNS?
SNS is fast, flexible, fully managed push notification service.
Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers). Publishers communicate asynchronously with subscribers by sending messages to a topic, which is a logical access point and communication channel. Clients can subscribe to the SNS topic and receive published messages using a supported protocol, such as Amazon SQS, AWS Lambda, HTTP, email, mobile push notifications, and mobile text messages (SMS).
Ref Link: https://docs.aws.amazon.com/sns/latest/dg/welcome.html
Q) AWS CloudFormation?
CloudFormation is a native Infrastructure-As-Code tool in AWS. It is written in a JSON or YAML format that allows you to deploy, manage, and configure any cloud resource available in AWS.
AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion.
A CloudFormation template is an actual file containing the infrastructure as code, specified in JSON or YAML format. It contains a description of the resources that the CloudFormation template is expected to create.
A stack is a set of all the resources that are created using a given CloudFormation template. We get a stack when we run a template. Thus, a stack is an instantiation of a template.
Parameters are inputs that users specify when creating a stack from a template.
Resources refer to the AWS resources that make up a stack. And lastly, events refer to all of the events that take place in the creation or updating of a CloudFormation stack. For example, any time a resource is created, updated, or deleted, an event is logged. Events are extremely helpful in tracking changes and also tracking errors.