AWS CloudFormation Exercise 5: Network Load Balancer creation

Exercise 5: Cloud Formation Template for Network Load Balancer

In This Exercise, we are going to create Network Load Balancer using the Cloud Formation Template written in YAML format. For this exercise, we need to keep few things ready.
1.   VPC (Default or Custom)
2.   Public Subnets
We are going to create a load balancer in Mumbai Region (ap-south-1), so we have configured VPC with public subnets (already configured in case of the default VPC) and the security group is configured with Port 80 and 443 inbound, we need to select subnets for each Availability Zone so that load balancer would route traffic to those subnets.

To get the Stack click on the link: Without SSL or With SSL and save it to server say under /opt directory.

1.   Login to AWS Management Console. AWS Console

2.   On Management Console click on “Cloud Formation” under the “Management and Governance” section.

3.   Now you will land on Cloud Formation Console. In Cloud Formation Console click on the “Create Stack” button.

Now follow the below steps to create a stack for this exercise

Step 1: Specify template

In this section choose the “Template is Ready” button and select “Upload a template file”. Now choose a file to upload from your personal computer where it is saved and upload. Now click on next.

Step 2: Specify stack details

Now Specify “Stack name” for e.g. Say “NLBStack” for this exercise. Now provide the values for parameters need to create Network Load Balancer stack, here we are giving the below parameter values.

1. VPCId: vpc-xxxxxxxxxx (Values to be replace)

2. MySubnetId: subnet-xxxxxxxxxx, subnet-xxxxxxxxxx, subnet-xxxxxxxxxx (Values to be replace)

Step 3: Configure stack options

On the “Configure stack options” page leave all settings default and click on next.

Step 4: Review Stack

In this step review all the settings that you have filled in and then click create stack.

After some time stack will be created and you can view and access resources created by the cloud formation stack.

Click below to get started

Create Stack

 

We can also create a stack using AWS CLI

AWS CLI for creating stack:

Note: Replace Template file name accordingly.

1.   To validate cloud formation template template

# aws cloudformation validate-template --template-body file:///<path-to-file>/ CFNCreateNLBwithOutput.yml


2.   To create stack

#aws cloudformation create-stack --stack-name NLBStack --template-body

file:///<path-to-file>/CFNCreateNLBwithOutput.yml --parameters

ParameterKey=VPCId,ParameterValue=vpc-xxxxxxxxxx

ParameterKey=MySubnetId,ParameterValue=subnet-xxxxxxxxxx\\,subnet-xxxxxxxxxx\\,subnet-xxxxxxxxxx


3.   To describe stack

#aws cloudformation describe-stacks --stack-name NLBStack

4.   To view the stack events
#aws cloudformation describe-stack-events --stack-name NLBStack

5.   To delete the stack

#aws cloudformation delete-stack --stack-name NLBStack


This completes internet-facing Network LoadBalancer creation using a cloud formation template with various parameters.

AWS CloudFormation Exercise 4: Application Load Balancer creation

 Exercise 4: Cloud Formation Template for Application Load Balancer

In This Exercise, we are going to create Application Load Balancer using the Cloud Formation Template written in YAML format. For this exercise, we need to keep few things ready.
1.   VPC (Default or Custom)
2.   Public Subnets
3.   Security Groups
We are going to create a load balancer in Mumbai Region (ap-south-1), so we have configured VPC with public subnets (already configured in case of the default VPC) and the security group is configured with Port 80 and 443 inbound, we need to select subnets for each Availability Zone so that load balancer would route traffic to those subnets.

To get the Stack click on the link: Without SSL or With SSL and save it to server say under /opt directory.

1.   Login to AWS Management Console. AWS Console

2. On Management Console click on “Cloud Formation” under the “Management and Governance” section.

3. Now you will land on Cloud Formation Console. In Cloud Formation Console click on the “Create Stack” button.

Now follow the below steps to create a stack for this exercise

Step 1: Specify template

In this section choose the “Template is Ready” button and select “Upload a template file”. Now choose a file to upload from your personal computer where it is saved and upload. Now click on next.

Step 2: Specify stack details

Now Specify “Stack name” for e.g. Say “ALBStack” for this exercise. Now provide the values for parameters need to create Application Load Balancer stack, here we are giving the below parameter values.

1. MyELBSecurityGroups: sg-xxxxxxxxxx(Value to be replace)

2. VPCId: vpc-xxxxxxxxxx (Values to be replace)

3. MySubnetId: subnet-xxxxxxxxxx, subnet-xxxxxxxxxx, subnet-xxxxxxxxxx (Values to be replace)

Step 3: Configure stack options

On the “Configure stack options” page leave all settings default and click on next.

Step 4: Review Stack

In this step review all the settings that you have filled in and then click create stack.

After some time stack will be created and you can view and access resources created by the cloud formation stack.

Click below to get started

Create Stack

 

We can also create a stack using AWS CLI

AWS CLI for creating stack:

Note: Replace Template file name accordingly.

1.   To validate cloud formation template template

#aws cloudformation validate-template --template-body file:///<path-to-file>/CFNCreateALBwithOutput.yml


2.   To create stack

#aws cloudformation create-stack --stack-name ALBStack --template-body

file:///<path-to-file>/CFNCreateALBwithOutput.yml --parameters

ParameterKey=MyELBSecurityGroup,ParameterValue=sg-09f534dac79a40ce2

ParameterKey=VPCId,ParameterValue=vpc-xxxxxxxxxx

ParameterKey=MySubnetId,ParameterValue=subnet-03a896945c3e5eb15\\,subnet-0a8957bd1f2621bf1\\,subnet-01e4eb75db170e6f8

 

3.   To describe stack

#aws cloudformation describe-stacks --stack-name ALBStack


4.   To view the stack events

#aws cloudformation describe-stack-events --stack-name ALBStack


5.   To delete the stack

#aws cloudformation delete-stack --stack-name ALBStack

This completes internet facing Application LoadBalancer creation using a cloud formation template with various parameters.

AWS CloudFormation Exercise 3: Classic Load Balancer creation

Exercise 3: Cloud Formation Template for Classic Load Balancer

In This Exercise, we are going to create internet facing Classic Load Balancer using the Cloud Formation Template written in YAML format. For this exercise, we need to keep few things ready.
1.   VPC (Default or Custom)
2.   Public Subnets
3.   Security Group
We are going to create a load balancer in Mumbai Region (ap-south-1), so we have configured VPC with public subnets (already configured in case of the default VPC) and the security group is configured with Port 80 inbound, we need to select subnets for each Availability Zone so that load balancer would route traffic to those subnets.

To get the Stack click on the link:- Without SSL or With SSL and save it to server say under /opt directory. 

1.   Login to AWS Management Console. AWS Console

2.   On Management Console click on “Cloud Formation” under the “Management and Governance” section.

3.   Now you will land on Cloud Formation Console. In Cloud Formation Console click on the “Create Stack” button.

Now follow the below steps to create a stack for this exercise

Step 1: Specify template

In this section choose the “Template is Ready” button and select “Upload a template file”. Now choose a file to upload from your personal computer where it is saved and upload. Now click on next.

Step 2: Specify stack details

Now Specify “Stack name” for e.g. Say “CLBStack” for this exercise. Now provide the values for parameters need to create Classic LoadBalancer stack, here we are giving the below parameter values.

1. MySubnetId: subnet-xxxxxxxxxx, subnet-xxxxxxxxxx, subnet-xxxxxxxxxx (Values to be replace)

2. MyELBSecurityGroups: sg-xxxxxxxxxx(Value to be replace)

Step 3: Configure stack options

On the “Configure stack options” page leave all settings default and click on next.

Step 4: Review Stack

In this step review all the settings that you have filled in and then click create stack.

After some time stack will be created and you can view and access resources created by the cloud formation stack.

Click below to get started

Create Stack

 

We can also create a stack using AWS CLI

AWS CLI for creating stack:

Note: Replace Template file name accordingly.

1.   To validate cloud formation template template

#aws cloudformation validate-template --template-body file:///<path-to-file>/ CFNCreateCLBwithOutput.yml


2.   To create stack

#aws cloudformation create-stack --stack-name CLBStack --template-body

file:///<path-to-file>/CFNCreateCLBwithOutput.yml --parameters

ParameterKey=MyELBSecurityGroup,ParameterValue=sg-xxxxxxxxxx

ParameterKey=MySubnetId,ParameterValue=subnet-xxxxxxxxxx\\,subnet-xxxxxxxxxx\\,subnet-xxxxxxxxxx


3.   To describe stack

#aws cloudformation describe-stacks --stack-name CLBStack


4.   To view the stack events

#aws cloudformation describe-stack-events --stack-name CLBStack


5.   To delete the stack

#aws cloudformation delete-stack --stack-name CLBStack

This completes internet facing Classic LoadBalancer using a cloud formation template with various parameters.

AWS CloudFormation Exercise 2: EC2 Instance with S3 Access

Exercise 2: Cloud Formation Template for EC2 Instance with S3 Read access IAM role

In This Exercise, we are going to create EC2 Instance using the Cloud Formation Template with S3 Read Access IAM role attached written in YAML format. For this exercise, we need to keep few things ready.
1.   VPC (Default or Custom)
2.   Public Subnets
3.   Security Groups
4.   KeyPair
We are going to create EC2 Instance in Mumbai Region (ap-south-1), so we have used image-id “ami-0732b62d310b80e97”, we have already created KeyPair separately to access our instance, the security group is configured with Port 22 inbound, Availability Zone we are using here is ap-south-1a.

To get the Stack click on the link: https://github.com/pranavdhopey and save it to server say under /opt directory.

1.   Login to AWS Management Console. AWS Console

2. On Management Console click on “Cloud Formation” under the “Management and Governance” section.

3. Now you will land on Cloud Formation Console. In Cloud Formation Console click on the “Create Stack” button.

Now follow the below steps to create a stack for this exercise

Step 1: Specify template

In this section choose the “Template is Ready” button and select “Upload a template file”. Now choose a file to upload from your personal computer where it is saved and upload. Now click on next.

Step 2: Specify stack details

Now Specify “Stack name” for e.g. Say “EC2S3AccessStack” for this exercise. Now provide the values for parameters need to create EC2 stack, here we are giving the below parameter values.

1. InstanceName: WebServer(Value to be replace)

2. MyInstanceType: t2.micro(Choose From DropDown)

3. MyKeyName: MumbaiKP(Provide your KeyPair Name)

4. MyAvailabilityZone: ap-south-1a(Value to be replace)

5. MySubnetId: subnet-xxxxxxxxxx(Value to be replace)

6. MySecurityGroups: sg-xxxxxxxxxx(Value to be replace)

Step 3: Configure stack options

On the “Configure stack options” page leave all settings default and click on next.

Step 4: Review Stack

In this step review all the settings that you have filled in and under the capabilities section click on the radio button to acknowledge that AWS CloudFormation might create IAM resources and then click create stack.

After some time stack will be created and you can view and access resources created by the cloud formation stack.

Click below to get started

Create Stack

 

We can also create a stack using AWS CLI

AWS CLI for creating stack:

1.   To validate cloud formation template template

#aws cloudformation validate-template --template-body file://<path-to-file>/CFNEC2LaunchTeplatewithS3Access.yml


2.   To create stack

#aws cloudformation create-stack --stack-name EC2S3AccessStack

--templatebody file://<path-to-file>/CFNEC2LaunchTeplatewithS3Access.yml

--parameters ParameterKey= InstanceName,ParameterValue=S3AccessServer

ParameterKey=MyKeyName,ParameterValue=MumbaiK

ParameterKey=MyInstanceType,ParameterValue=t2.micro

ParameterKey=MyAvailabilityZone,ParameterValue=ap-south-1a

ParameterKey=MySecurityGroups,ParameterValue=sg-xxxxxxxxxx

ParameterKey=MySubnetId,ParameterValue=subnet-xxxxxxxxxx --

capabilities CAPABILITY_IAM


3.   To describe stack

#aws cloudformation describe-stacks --stack-name EC2S3AccessStack


4.   To view the stack events

#aws cloudformation describe-stack-events --stack-name EC2S3AccessStack


5.   To delete the stack

#aws cloudformation delete-stack --stack-name EC2S3AccessStack

This completes EC2 instance creation with S3 Read Access IAM role attached using a cloud formation template with various parameters.

AWS Interview Questions and Answers: Part 3

Q) What is RDS?
Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud.  It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks.
Amazon RDS supports the following DB Engine.
1. Amazon Arora
2. MYSQL
3. MariaDB
4. PostgreSQL
5. Oracle
6. Microsoft SQL
Amazon RDS manages patching, upgrading, and backing up of data, etc. of the database for you without your intervention.

Q) What is AWS CloudWatch?
AWS CloudWatch is the web service that enables you to monitor AWS resources and the application that you run on AWS in real-time. CloudWatch is used to collect and track metrics, users also can send their own logs and custom metrics to CloudWatch for monitoring.
By using CloudWatch you can set the alarm which will send notification or make changes to the resources that you are monitoring when a threshold is breached.

Q) AWS CloudWatch Events?
Amazon CloudWatch Events delivers a near-real-time stream of system events that describe changes in Amazon Web Services (AWS) resources.
An event indicates a change in your AWS environment. AWS resources can generate events when their state changes.
These event changes can subsequently trigger notifications, or other actions, through the use of rules.

Q) What is IAM?
Amazon Identity and Access Management is a web service that helps you to securely control access to AWS resources for your user. You use IAM to control who can use your AWS resource (authentication) and what resources they can use and in what ways (authorization).

Q) What is IAM User?
AWS IAM User is an entity that you create in AWS to represent the person and application that uses it to interact with AWS.
A user in AWS consists of a name and credentials to sign in to Management console and Access Keys which is used by API or CLI.
IAM user gives you the ability to sing into AWS Management console for the interactive task and to make programmatic request to AWS services using the API or CLI.

Q) What is the IAM Group?
IAM Group is the collection of IAM Users. With the IAM group, it is easy to manage the permissions for each user.

Q) What is IAM Role?
IAM Role is an identity similar to IAM user with the permission policy attached to it that determines what it can do and cannot do in AWS. Roles do not have any credentials associated with it.

Q) What is IAM Policy?
A policy is an entity that, when attached to an identity or resource, defines its permissions. Policies are stored in AWS as JSON documents.
AWS Policies are of two types:
1.   Identity-based policies: 
A policy that is attached to an identity in IAM is known as an identity-based policy. Identity-based policies can include AWS managed policies, customer managed policies, and inline policies.
AWS managed policies are created and managed by AWS.
Customer managed policies are standalone policies that you administer in your own AWS account. You can then attach the policies to identities (users, groups, and roles) in your AWS account.
An inline policy is one that you create and embed directly to an IAM group, user, or role.
2.   Resource-based policies:
Resource-based policies are the ones which can be directly attached to the AWS resource like S3( called Amazon S3 bucket policy).

Q) List the available CloudWatch metrics?
1. CPUUtilization
2. DiskReadOps    
3. DiskWriteOps
4. DiskReadBytes
5. DiskWriteBytes
6. NetworkIn
7. NetworkOut
8. NetworkPacketsIn
9. NetworkPacketsOut    
10. StatusCheckFailed
11. StatusCheckFailed_Instance
12. StatusCheckFailed_System

Q) What is Target Group?
A target group tells a load balancer where to direct traffic to: EC2 instances, fixed IP addresses; or AWS Lambda functions, amongst others. When creating a load balancer, you create one or more listeners and configure the listener rules to direct the traffic to one target group.

Q) Amazon S3 Storage Classes?
1. Amazon S3 Standard for frequently access data.
2. Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) for unknown and changing access pattern.
3. Amazon S3 Standard Infrequent Access for long-lived and less frequently access data.
4. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived less frequently access data
5. Amazon Glacier for long term archival.
6. Amazon Glacier Deep Archive for long-term archival.

Ref Link: https://aws.amazon.com/s3/storage-classes/

Q) What is Amazon ECR?
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS) simplifying development to production workflow.
Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications.
Amazon ECR eliminates the need to operate our container repository and worry about scaling the underlying infrastructure. 

Q) What is ECS?
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service. Amazon ECS is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster. 

Ref Link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html

Q) Amazon ECS Launch Types
An Amazon ECS launch type determines the type of infrastructure on which your tasks and services are hosted.
1. Fargate Launch Type
2. EC2 Launch Type
 
1. Farget Launch Type:
The Fargate launch type allows you to run your containerized applications without  need to provision and manage the backend infrastructure.
2. EC2 Launch Type:
The EC2 launch type allows you to run your containerized applications on a cluster of Amazon EC2 instances that you manage.

Ref Link: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html

Q) What is scalability?
Scalability is the ability to expand from the existing configuration of the system for handling the increasing amount of load. Scaling can be done by either adding extra hardware or by upgrading the current system configuration. There are two different ways to accomplish scaling, one is vertical scaling, and the other is horizontal scaling.

Q) What is Horizontal scaling?
Horizontal scaling is a strategy used to enhance the performance of the server node by adding more instances of the server to your existing pool of servers so that the load can be equally distributed.

Q) What is Vertical Scaling?
Vertical Scaling is an attempt to increase the capacity of a single machine. Here the resources such as processing power, storage, memory, and more are added to an existing work unit.

Ref Link: https://www.redswitches.com/blog/difference-between-horizontal-vertical-scaling

Q) What is CloudTrail?
AWS Cloud Trail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With AWS Cloud Trail, you can log, continuously monitor  and retain account activity related to the actions across your AWS infrastructure.
CloudTrail provides event history of your AWS account activity, including action taken through the AWS management console, AWS SDK’s and command-line tools and other AWS services.
This event history simplifies security analysis, resource change tracking, and troubleshooting.

Q) What is AWS Config?
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. 
AWS Config is a service created specifically for assessing, monitoring, and auditing configuration changes within the AWS cloud by using various rules. It is a fully managed service, and it works by continuously recording resources configurations to a chosen S3 bucket and comparing them to the desired state.

Ref Link: https://n2ws.com/blog/aws-cloud/aws-config

Q) Ways to encrypt data in S3?
Amazon S3 supports the following encryption mechanisms to secure the data in S3:
1.   Server-Side Encryption(SSE).
Ø  Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). Encryption Algorithm: AES-256
Ø  Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS).
Ø  Server-Side Encryption with Customer-Provided Keys (SSE-C).
2. Client-Side Encryption (CSE).

Q) Difference between a Spot instance and an On-Demand instance?
Both spot instances and on-demand instances are pricing models. A spot instance allows customers to purchase compute capacity with no upfront commitment. Moreover, the hourly rates for a spot instance are usually lower than what has been set for on-demand instances.
The bidding price for a spot instance is known as the spot price. It fluctuates based on the supply and demand for spot instances. In case the spot price gets higher than a customer’s maximum specified price, the EC2 instance will shut down automatically.

Q) What is AWS Inspector?
AWS Inspector is an automated security assessment service that helps to improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. It performs an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.

Q) What is the Cooldown Period?
The cooldown period helps to ensure that your Auto Scaling group doesn't launch or terminate additional instances before the previous scaling activity takes effect.
A scaling cooldown helps you prevent your Auto Scaling group from launching or terminating additional instances before the effects of previous activities are visible.

Q) What is SNS?
SNS is fast, flexible, fully managed push notification service.
Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers). Publishers communicate asynchronously with subscribers by sending messages to a topic, which is a logical access point and communication channel. Clients can subscribe to the SNS topic and receive published messages using a supported protocol, such as Amazon SQS, AWS Lambda, HTTP, email, mobile push notifications, and mobile text messages (SMS).

Ref Link: https://docs.aws.amazon.com/sns/latest/dg/welcome.html

Q) AWS CloudFormation?
CloudFormation is a native Infrastructure-As-Code tool in AWS. It is written in a JSON  or YAML format that allows you to deploy, manage, and configure any cloud resource available in AWS.
AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion.
A CloudFormation template is an actual file containing the infrastructure as code, specified in JSON or YAML format. It contains a description of the resources that the CloudFormation template is expected to create.
A stack is a set of all the resources that are created using a given CloudFormation template. We get a stack when we run a template. Thus, a stack is an instantiation of a template.
Parameters are inputs that users specify when creating a stack from a template.
Resources refer to the AWS resources that make up a stack. And lastly, events refer to all of the events that take place in the creation or updating of a CloudFormation stack. For example, any time a resource is created, updated, or deleted, an event is logged. Events are extremely helpful in tracking changes and also tracking errors.



Go for Part 1, 2, and 4 of AWS Interview Question and Answer Series


Part 1: AWS Interview QnA Part 1

Part 2: AWS Interview QnA Part 2

Part 4: AWS Interview QnA Part 4

AWS Interview Questions and Answers: Part 2

Q) What is Route 53?
Amazon Route 53 is a highly available and scalable cloud DNS web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end-user to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
Amazon Route 53 performs three main functions:
1. Register domain names.
2. Route internet traffic to the resources for your domain.
3. Check the health of your resources.


Q) What is Elastic Load Balancing?
The load balancer distributes incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones. This increases the fault tolerance of your applications. Elastic Load Balancing detects unhealthy targets and routes traffic only to healthy targets.
The load balancer serves as a single point of contact for clients. This increases the availability of your application. You can add and remove targets from your load balancer as your needs change, without disrupting the overall flow of requests to your application. Elastic Load Balancing scales your load balancer as traffic to your application changes over time. Elastic Load Balancing can scale to the vast majority of workloads automatically.
You configure your load balancer to accept incoming traffic by specifying one or more listeners. A listener is a process that checks for connection requests. It is configured with a protocol and port number for connections from clients to the load balancer and a protocol and port number for connections from the load balancer to the instances.
Elastic Load Balancing supports four types of load balancers: Application Load Balancer, Network Load Balancer, Gateway Load Balancer and Classic Load Balancer.

Reference Link: How ELB works? 

Q) What is Connection Draining?
In AWS, when you enable connection draining on a load balancer, any back-end instances that you deregister will complete any requests that are in progress before deregistration.
Likewise, if any back-end instance fails a health check, then the load balancer stops sending requests to the unhealthy instance but will allow existing requests to complete.
Connection Draining is also integrated with Auto Scaling, making it even easier to manage the capacity behind your load balancer. When Connection Draining is enabled, Auto Scaling will wait for outstanding requests to complete before terminating instances.
When you enable connection draining, you can specify a maximum time for the load balancer to keep connections alive before reporting the instance as de-registered. The maximum timeout value can be set between 1 and 3,600 seconds (the default is 300 seconds). When the maximum time limit is reached, the load balancer forcibly closes connections to the de-registering instance.

Q) What is a Sticky session?
Sticky sessions allow load balancer to stick client session to specific backend EC2 instance with the cookies. If a client makes a request to ELB, it will be cookied and request routed to a specific backend server. All future requests from the client will be routed to the same backend server.
This is useful when your application is stateful and requires specific client requests to be routed to the same backend server each time.

Q) Cross-zone load balancing?
By default, the load balancer distributes traffic evenly across the availability zone that you enabled for your load balancer.
Cross-zone load balancing distributes traffic evenly across all registered instances in all enabled Availability Zones.
If cross-zone load balancing is disabled, the load balancer distributes traffic evenly across all enabled Availability Zones.

Reference Link: CrossZone LoadBalancing

Q) What is Internet Gateway?
An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet.

Q) What is NAT Gateways?
NAT Gateway to enable instances in a private subnet to connect to the Internet (for example, for software updates) or other AWS services, but prevent the Internet from initiating connections with the instances. A NAT device forwards traffic from the instances in the private subnet to the Internet or other AWS services, and then sends the response back to the instances. When traffic goes to the Internet, the source IPv4 address is replaced with the NAT device’s address and similarly, when the response traffic goes to those instances, the NAT device translates the address back to those instances private IPv4 addresses.

Q) Auto Scaling?
Auto Scaling is a service that allows you to scale amazon EC2 capacity automatically by scaling out or scaling in according to criteria that you defined. Amazon EC2 Auto Scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. 

Q) Auto Scaling Components
Autoscaling has following 3 components.
1. Launch Configuration or Launch template.
2. Auto Scaling Group.
3. Optional Scaling Policy.

1. Launch Configuration/Template.
A Launch configuration is the template that auto-scaling uses to launch new instances and it is composed of the configuration name, Amazon Machine Image (AMI), Amazon EC2 instance type, security group, and instance key pair.
Each Autoscaling group can have only one launch configuration at a time.

2. Auto Scaling Group.
An Autoscaling group is a collection of Amazon EC2 instances managed by auto-scaling services. Each auto-scaling group contains a configuration option that control when auto-scaling should launch new instances and terminate existing instances.
An auto-scaling group must contain a name and a minimum and a maximum number of instances that can be in the group. You can optionally specify the desired capacity, which is the number of instances that the group must have at all times. If you do not specify the desired capacity, then the default desired capacity is the minimum number of instances that you specify.

3. Scaling Plan.
It is a set of instructions that tell auto-scaling whether to scale out, launching new EC2 instances referenced in the associated launch configuration or scale in and terminate instances.

Amazon EC2 auto-scaling provides several ways for you to scale the auto scaling group:
1. Maintaining Current instance-level at all time
2. Manual Scaling
3. Scale based on Schedule
4. Scale based on demand
    Types of Scaling policies:
    i. Target tracking Scaling
    ii. Step scaling
    iii. Simple scaling

Q) VPC Endpoint.
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS private link without requiring an Internet Gateway, NAT Device, VPN Connection, or AWS Direct Connect connection.
Instances in your VPC do not require Public IP addresses to communicate with resources in service.
Traffic between your VPC and the other service do not leave the AWS network.

Interface Endpoint:
The interface endpoint is an elastic network interface with a Private IP Address. ENI will act as the entry point for the traffic that is destined for a particular service.
  
Gateway Endpoint:
Gateway endpoint is the gateway that you specify as a target for the route in your route table for traffic destined to supported services.

Q) What is AWS Direct Connect?
AWS Direct Connect enables you to securely connect your AWS environment to your on-premises data center or office location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic connection. AWS Direct Connect offers dedicated high speed, low latency connection, which bypasses internet service providers in your network path.

Q) Amazon Elastic File System (Amazon EFS).
Amazon Elastic File System (EFS) provides simple, scalable file storage in the cloud for use with Amazon EC2 or On-premise servers.
Amazon EFS file system can be mounted on Amazon EC2 instance or on-premises servers through AWS Direct connect connection.
Amazon EFS has a simple web services interface that allows to create and configure file system quickly and easily. EFS service manages all the file storage infrastructure for you.
EFS allows you to avoid the complexity of deploying, patching, and maintaining a file system configuration.
Amazon EFS service is designed to be highly scalable, highly available, and highly durable.
Amazon EFS file system stores data and metadata across multiple AZ in a region.
Amazon EFS supports NFS version 4.

Q) Hosted Zone in Route53?
Amazon Route53 Hosted zone is a collection of records for the specified domains.
You create a hosted zone for your domain and then create the records to tell the DNS how you want the traffic to be routed for that domain.
Basically hosted zone is a container that holds information about how you want to route traffic for your domain and subdomain.
There are two types of hosted zones:
1. Public hosted zones
Public hosted zones contain records that specify how you want to route traffic on the internet.
2. Private hosted zones
Private hosted zones contain records that specify how you want to route traffic in an Amazon VPC.

Q) What is a Sticky Session?
When the client gets load balanced to a particular target, every subsequent request from that client will go to the same target. This binding between client and target is called a session i.e. sticky session.  

Q) What is the Idle Timeout?
When the client connects to the Application load balancer listener, they establish the TCP connection. HTTP and HTTPS requests and responses traverses this connection.
When there is no traffic going over this connection, the connection is idle but it remains open.
Idle time out control how long the TCP connection can remain idle before the load balancer closes it.
Idle time out deals with TCP connection with the client and load balancer.

Q) What is the Keep-Alive Interval?
Keep-alive interval deals with the connection between the load balancer and back-end targets. The keep-alive setting controls how long the webserver will maintain an idle TCP connection with the load balancer.

Q) AWS DNS Routing Policy?
When you create a record, you choose routing policy, which determines how AWS Route 53 responds to DNS queries.
1. Simple routing policy: a single resource that performs a given function. For example, a web server or an elastic load balancer. 
2. Failover routing policy: Configure two resources in active-passive failover mode. If the active resource is healthy, 100% of the traffic goes to that resource. If active is unhealthy, traffic is routed to the passive resource.
3. Geolocation routing policy: Route traffic based on where the requester is located.
4. Geoproximity routing policy: If you have resources in multiple regions, you can route traffic to the nearest location, and optionally, shift traffic from resources in one location to another.
5. Latency routing policy: If you have resources in multiple regions, you can route traffic to the region that provides the best latency.
6. Multivalue answer routing policy: Route 53 returns with up to eight healthy records selected at random.
7. Weighted routing policy: Route traffic to multiple resources in proportions that you specify.

Q) What is VPC Flow Logs.
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon Cloud Watch Logs or Amazon S3. 
You can create a flow log for a VPC, a subnet, or a network interface. Flow Logs help in troubleshooting network connectivity issues, monitoring traffic in your VPC.

Q) Data Consistency model for Amazon S3.
1. Amazon S3 provides read-after-write consistency for PUTS of the new objects in your Amazon S3.
2. Amazon S3 provides eventual consistency for overwrite PUTS(update) and DELETE of object in your Amazon S3.

Q) Glacier Data retrieval process.
i) Expedited: within 1-5min, allows you to quickly access your data.
ii) Standard: within 3-5 Hours access your archive within several hours.
iii) Bulk: within 5-12 Hours, retrieve large amounts, even petabytes.

Q) What is VPC Peering?
VPC Peering connection is a networking connection between two VPC’s that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.
Instances in either VPC can communicate with each other as if they are within the same network.
You can create a peering connection between your own VPC’s or VPC’s with other AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).

Q) What is versioning?
Versioning allows you to keep multiple copies of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite.

Q) What is bucket policy?
A bucket policy is a resource-based AWS Identity and Access Management (IAM) policy. You add a bucket policy to a bucket to grant other AWS accounts or IAM user’s access permissions for the bucket and the objects in it.

Q) What is Elastic IP? When it will not incur any charges?
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An elastic IP address is allocated to your AWS account and is yours until you release it.
An Elastic IP address doesn’t incur charges as long as all the following conditions are true:
1.   The Elastic IP address is associated with an EC2 instance.
2.   The instance associated with the Elastic IP address is running.
3.   The instance has only one Elastic IP address attached to it.
4.   The Elastic IP address is associated with an attached network interface, such as a Network Load Balancer or NAT gateway.

Ref Link: https://aws.amazon.com/premiumsupport/knowledge-center/elastic-ip-charges/

Q) What is Warm-up time?
Warm-up value for Instances allows you to control the time until a newly launched instance can contribute to the CloudWatch metrics, so when warm-up time has expired, an instance is considered to be a part Auto Scaling group and will receive traffic.



Go for Part 1, 3, and 4 of AWS Interview Question and Answer Series


Part 1: AWS Interview QnA Part 1

Part 3: AWS Interview QnA Part 3

Part 4: AWS Interview QnA Part 4