AWS Core Services

1. What is Amazon EC2 and what are its key features?

Amazon EC2 (Elastic Compute Cloud) is a scalable computing service provided by Amazon Web Services. Its key features include:

• Virtual computing environments, known as instances
• A variety of configurations for instances, including memory, CPU, and storage options
• The ability to choose an operating system, including Linux and Windows
• The ability to scale instances up or down as needed to meet changing computing requirements

2. What is Amazon S3 and what are its use cases?

Amazon S3 (Simple Storage Service) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Some common use cases of S3 include:

• Backup and disaster recovery
• Big data analytics
• Content management and distribution
• Static website hosting
• Object storage for applications

3. What is Amazon VPC and what are its benefits?

Amazon VPC (Virtual Private Cloud) is a virtual network dedicated to your AWS account. It enables you to launch AWS resources into a virtual network that you’ve defined. Some benefits of using VPC include:

• Improved security by isolating your resources from the public internet
• The ability to connect your VPC to your own data center using VPN or AWS Direct Connect
• Fine-grained control over your network environment, including the ability to select IP address range, create subnets, and configure route tables

4. What is Amazon IAM and what are its key features?

Amazon IAM (Identity and Access Management) is a web service that provides authentication and authorization for AWS resources. Its key features include:

• Centralized control of AWS account security
• Shared access to AWS resources across multiple AWS accounts
• Fine-grained control of access to AWS resources
• Identity federation with existing corporate directories
• Multi-factor authentication support
• Support for PCI DSS Compliance.

5. How do you launch an EC2 instance?

To launch an EC2 instance, you need to complete the following steps:

• Log in to the AWS Management Console
• Navigate to the EC2 service
• Click the “Launch Instance” button to start the process
• Select an Amazon Machine Image (AMI) that will be used as the basis for the instance
• Choose an instance type based on the desired amount of CPU, memory, and storage
• Configure the instance details, such as network, subnet, IAM role, and storage options
• Launch the instance and assign a key pair for secure SSH access
• Monitor the instance to ensure it has started successfully

6. What is a bucket in Amazon S3?

A bucket in Amazon S3 is a container for storing objects, which can be thought of as files. Each object is stored in a bucket and is identified by a unique key, which is used to retrieve the object. Buckets are the top-level containers in S3, and can be located in a specific region and can be accessed via a unique endpoint.

7. What is a VPC endpoint in Amazon VPC?

A VPC endpoint in Amazon VPC is a horizontally-scaled, highly available VPC component that allows communication between instances in your VPC and AWS services without imposing availability risks or bandwidth constraints on your network traffic. There are two types of VPC endpoints: interface endpoints and gateway endpoints. Interface endpoints are powered by Elastic Network Interfaces (ENIs) and provide a private connection to services powered by Amazon S3 and DynamoDB. Gateway endpoints provide a more efficient way to access S3 and DynamoDB, bypassing the public internet.

8. What is an IAM role and how is it used?

An IAM role is an AWS Identity and Access Management (IAM) entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group and are intended to be assumed by AWS services, such as EC2 instances, Lambda functions, and AWS Elastic Beanstalk applications. To use an IAM role, you grant another AWS service permission to assume the role and act on behalf of your AWS account. This allows you to delegate specific tasks to the service, such as access to S3 or DynamoDB, without having to share long-term AWS credentials.

9. What is Amazon S3 Transfer Acceleration and how does it work?

Amazon S3 Transfer Acceleration is a feature of Amazon S3 that enables fast, easy, and secure transfers of large files over the public internet to S3 buckets. Transfer Acceleration leverages Amazon CloudFront’s globally distributed edge locations to accelerate uploads to S3. By uploading data to a CloudFront edge location closest to the source of the data, rather than directly to an S3 bucket, transfers can be greatly accelerated.

10. What is Amazon VPC peering and when would you use it?

Amazon VPC peering is a networking connection between two VPCs that enables communication between instances in different VPCs as if they were within the same network. VPC peering can be used when:

• You need to share resources between VPCs within the same AWS region
• You want to consolidate multiple VPCs into a single network
• You have regulatory or security requirements that prohibit communication with the public internet

11. What are IAM policies and how are they used?

IAM policies are sets of rules that define what actions are allowed or denied for an IAM user, group, or role. IAM policies are written in JSON and can be attached to an IAM user, group, or role to grant or restrict access to AWS resources. Policies can also be used to delegate access to AWS resources by specifying the conditions under which an action is allowed or denied. Policies can be created and managed through the AWS Management Console, AWS CLI, or AWS API.

12. What is Amazon EC2 Auto Scaling and why is it important?

Amazon EC2 Auto Scaling is a service that enables you to automatically scale your Amazon EC2 capacity up or down in response to changes in demand for your applications. Auto Scaling can help ensure that your application always has the appropriate amount of capacity to handle its workload, improve application availability, and reduce costs by allowing you to dynamically add or remove instances as needed. Auto Scaling is important because it can help you ensure that your application is always running optimally and responding quickly to changes in demand, even during unexpected spikes in traffic.

13. What is Amazon S3 Cross-Region Replication and why is it useful?

Amazon S3 Cross-Region Replication (CRR) is a feature of Amazon S3 that enables automatic, asynchronous copying of objects across S3 buckets in different regions. CRR is useful because it provides a way to maintain multiple, separate copies of your data in different regions, allowing you to achieve higher levels of durability, reduce latency for users in different regions, and comply with regulatory requirements. CRR can also help protect against region-wide events such as natural disasters or infrastructure failures.

14. What are Amazon VPC security groups and how are they used?

Amazon VPC security groups are a feature of Amazon VPC that provide stateful firewall protection for Amazon EC2 instances. Security groups act as a virtual firewall for instances, controlling incoming and outgoing network traffic based on a set of rules. Security groups can be used to allow or deny access to instances based on various criteria, such as IP address, port, and protocol. Security groups are stateful, meaning that if you allow traffic in one direction, the corresponding return traffic is automatically allowed.

15. What is IAM Federation and when would you use it?

IAM Federation is a feature of AWS Identity and Access Management (IAM) that allows you to grant users in your enterprise access to AWS resources without having to create AWS accounts for them. IAM Federation uses SAML 2.0-based identity providers such as Microsoft Active Directory or Okta to allow single sign-on (SSO) access to AWS resources. IAM Federation can be useful when you want to grant access to AWS resources without having to manage the underlying AWS accounts, or when you have users who need to access AWS resources using their existing corporate credentials.

16. What is Amazon EC2 instance store and what are its benefits?

Amazon EC2 instance store is a form of non-persistent storage that is physically attached to the host computer. EC2 instance store provides temporary block-level storage for instances. The data on an instance store volume persists only during the life of the associated instance. Instance store provides fast, low-latency access to data and can be useful for applications that require temporary storage of data that changes frequently, such as caches, buffers, and other temporary data. Additionally, instance store is ideal for applications that need the low latency and high I/O performance that local storage can provide.

17. What is Amazon S3 versioning and how does it work?

Amazon S3 versioning is a feature of Amazon S3 that allows you to store multiple versions of an object in the same S3 bucket. With versioning enabled, S3 automatically archives all versions of an object, including all writes and deletes, in the same bucket. This allows you to preserve, retrieve, and restore every version of every object in your S3 bucket. Versioning works by maintaining separate versions of an object within the same key, and automatically appending a version ID to each version of the object.

18. What is Amazon VPC endpoint and when would you use it?

An Amazon VPC endpoint is a VPC component that enables instances in your VPC to securely access services over the internet without requiring an internet gateway, VPN connection, or AWS Direct Connect connection. With VPC endpoints, traffic between your VPC and the service does not traverse the public internet. Instead, it stays within the Amazon network, improving security and reducing the risk of data transfer charges. VPC endpoints are useful when you want to access AWS services from your VPC without exposing your instances to the public internet, or when you want to reduce data transfer charges by using the Amazon network instead of the public internet.

19. What is IAM Role and how is it different from an IAM User?

An IAM role is a type of IAM identity that is created to delegate access to AWS resources. An IAM role does not have permanent long-term credentials such as a password or access keys, but can be assumed by an AWS service, an IAM user, or an application running on an EC2 instance. An IAM user, on the other hand, is a long-term identity that can be used to directly access AWS resources. The main difference between an IAM role and an IAM user is that an IAM role is intended to be assumed by an AWS service or application, while an IAM user is intended to be used by a person.

20. What is Amazon EC2 Spot Instances and when would you use them?

Amazon EC2 Spot Instances are spare Amazon EC2 instances that are available at a discounted price, compared to On-Demand instances. Spot Instances are useful when you have flexible start and end times for your applications, and can be terminated by Amazon EC2 when the Spot price exceeds the maximum price that you specified. Spot Instances are typically used for batch processing, scientific simulations, big data and analytics, and other workloads that can be interrupted. You can save up to 90% compared to On-Demand instances by using Spot Instances.