Pass Your Amazon AWS Certified Solutions Architect - Associate Certification Easy!

Prepare with top-notch Amazon AWS Certified Solutions Architect - Associate certification practice test questions and answers, vce exam dumps, study guide, video training course from ExamCollection. All Amazon AWS Certified Solutions Architect - Associate certification exam dumps & practice test questions and answers are uploaded by users who have passed the exam themselves and formatted them into vce file format.

AWS Fundamentals: IAM & EC2

22. Cross Account AMI Copy

So let's talk about cross-account AMI copying, because this is quite a frequent exam question, and there's a small little tip you need to have. So you can share an AMI with another AWS account, and when you do so, it does not change the ownership of the AMI. So if you share the account with someone else's account, you still own that AMI. But you should be aware that if they do copy your AMI and copy it into another region, they will become the owner of that AMI. So it doesn't prevent copying. So basically, if you need someone to not copy your AMI, you either grant them EBS snapshot access or SFC access. But that's not all. This is not enough. You can't just stop someone from copying because there is a way for someone to create and effectively copy your AMI if they launch an EC2 instance from an AMI you own and then mix an AMI from that EC2 instance. So the limit is that you can't copy an encrypted AMI that was shared with you by another account. Instead, if you have access to the underlying snapshot and encryption key, you copy while reencrypting with the key you own. So that means that you register the copied snapshot as a new AMI. And more importantly for the exam, you can't copy an AMI with an associated billing product code that was shared with you from another account. So basically, if you get a Windows AMI or an AMI from the AWS Marketplace, they will have a billing product instead. If you want to copy these things, what you do is create an instance, launch it from the instance, and then make an AMA from it from the instance, which effectively makes you a copy. And this is what the example asks you. The example asks you about billing products and says, "Okay, a billing product must be coming from Windows AMI or the Alias Marketplace." And so, when you do want to copy an AMI with a billing product, you first launch an EC-2 instance from the AMI, and then you make an AMI from that EC-2 instance, and that's it. All right, let's just quickly see in the UI how that works. So to share an AMI fairly easily, you right-click, and then you modify the image permissions. And here you can make it either public so anyone can see it or private, in which case you have to set the account numbers that you want to have access to, so you can have whatever you want. So, for example, if I take my account number right here, right click, and modify the image permissions, I can add whatever number I want. So I'll just add a three at the end and add permissions. And so all these accounts will have access to my AMI. If I tick the box, I create volume permissions. That basically means that these account members have the opportunity to make a copy of my AMI. Okay? They can still launch an instance from my AMI if I do not ticket. And then from that easy-to-create instance, they can create their own AMI. So it doesn't fully prevent them from copying it. It just prevents them from copying it using the copy utility, so they can't copy, am I right? Away. They have to launch an EC2 instance, and then from that easy instance, create an AMI from it. So that's what you should know. This is also valid for Marketplace images. So if someone shares an AMI from the Marketplace with you, you can't directly copy it. You would have to launch an easy-two instance, and from the easy-two instance, you would have to basically create a new AMI from it. So that's it. That's as simple as it is. But it is something that comes with the exam. So you need to see it once you know it. All right, that's it. I will see you at the next lecture.

23. EC2 Placement Groups

So now let's talk about placement groups. Placement groups are a little bit more advanced, and we want to use them once. We want to have control over how our easy-to-use instances are going to be placed within the AWS infrastructure. So that strategy can be defined using these placement groups. So we don't have direct interaction with AWS hardware, but we tell alias how we want our EC2 instances to be placed in relation to one another. So when you create a placement group, you have three strategies available for you. You have the cluster placement group in which your instances will be grouped together in a low-latency hardware setup within a single availability zone. This is going to give you high performance at high risk. We'll see this in detail in a second. Spread means that your instances are going to be spread across different hardware, and there is a restriction on this. That means you can only have seven easy instances per placement group, which is distributed across all AZs. When you have critical applications, you would use a spread placement group. Finally, the last one is a new kind of placement group that is really helpful. It's called partition. It's similar to the spread in that you want to spread your instances, but here they're spread across many different partitions, and these partitions rely on different sets of racks of hardware within an 80. What that means is that they're still spreading, but they're not isolated from one another failure.But a partition should be isolated from another partition that fails. The idea behind this is that you can scale to hundreds of easy instances per group, which allows you to run applications such as Hadoop, Cassandra, or Kafka. Now let's have a look at each of these placement groups in detail. For cluster, that means that all our easy-to-create instances are on the same rack, which means the same hardware, and they're in the same availability zone. So as you can see, all these instances are on the same hardware. And so why would we do this? Well, basically we would place them on the same rack because we want to have a cluster, we want to have super latency, and we want to have maybe a 10 GB/s network. So that means that we have an amazing network, right? But as a drawback of this great network that we have, we have the problem that if the rack fails or if there is a failure on the hardware, then all the easy two instances will fail at the same time. So we have increased our risk of having a failure that's going to be propagated across our entire stack. So when will we even use this? What's the benefit of having this increased risk? Well, we get a great network, and so for this, it means that we can have a big data job that we'll need to complete very fast, or maybe we have a requirement to have an application that is extremely low latency and has high network throughput, and we're willing to take on the risk of having this failure. So this is something you have to realise it'snot for every kind of application but if yourapplication needs super high bandwidth and loanc placement groupsis kind of a nice the cluster placement groupis kind of a nice way of doing it. The opposite of spread is spread, which spreads one to reduce the risk of failure. And so in this case, when we ask for a spread placement group, all the EC instances are going to be located on different hardware. So you can see here that we have three AZ and we have six EC2 instances, and each EC2 instance is on different hardware. So what does that mean? What we get is that we can span across multiple AZs, and there is a reduced risk of simultaneous mean? What wWell, because if my hardware fails, I'm pretty sure my other hardware will not fail. As a result, we've separated the risk of my two instances in the US east failing at the same time, which is a benefit. The con is that in this configuration, we're limited to seven instances per AZ per placement group. So there is a limit to how big your placement group can be, and so you need to have an application that's going to be of good size but not too big. The use case would be an application that needs to maximise high availability and reduce the risk, and in general, for critical applications, your instance failures must be isolated from one another. Keep in mind that we have a limit of seven instances per AZ per placement group. Now for the partition placement group within the AZ, we'll have different partitions. So, partitions are a set of racks, and we have here, in this example, three partitions. But we can create up to seven partitions in the partition placement group. So on each partition, you will have different EC2 instances. So in this example have foureasy two instances per partition. And here we can see that within a partition, all these two instances could fail together, but across two partitions, there is no failure that's shared. So this is why you would have partitions and an application that can tolerate the whole thing going down as long as your data is also well partitioned. So what can we know about this? Well, there are up to seven partitions per AZ. and up to hundreds of ETW instances as part of that placement group, and that is the difference versus the spread placement group. Because instances in a partition do not share racks with instances in other partitions, a partition failure can affect many EC2 but not other partitions. Easy two instances can get access to the metadata representing which partition they belong to, and the use cases for this kind of setup are going to be for distributed big data applications, usually. So HDFS, HBase, Cassandra, and Kafka All right, so let's have a look at the UI to see how we can create placement groups. So let's go ahead with creating our first placement group for this. The menu is on the left hand side, under "Network and Security," where you will find "placement groups," "create a placement group," and the first one is going to be called "My High Performance Application." And because this is a high-performance application, we want to create, and I'll just name it this way, I want to use the cluster strategy. Remember that cluster groups my instances together so that they have good network communication. So here we go. I've just created my first placement group, which is a cluster placement group. I can create another one, and this one, for example, will be my critical application. And it's critical because I want torun it as a spread cluster. And here our applications are going to be spread out as much as possible. But remember, we can only have seven instances per spread group. Okay? And finally, I will create one last one, my distributed application. And this one is going to be a partition strategy. And I have to select the number of partitions, and the tooltip tells me that the maximum number of partitions is seven. I will just go ahead and create three. Click on Create, and here we go. We get some information about all the placement groups we have. But how do we use these placement groups? Well, for this, we'll go to Instances and launch an instance. We'll create an Amazon Linux 2 instance, but we won't go all the way with creating the instance. To demonstrate the option, I'll select AT and 2 micro, click Configure Instance Details, and then Placement Group on the left hand side. And I can tick the box and add the instance to a placement group. Here I can create a new placement group or add to an existing one, but we choose one that's already there. So we could select a spread. And Spread allows us to launch up to seven more instances in this placement group. So there will be seven of them, who will be spread out across Raz. There will also be partition. And from here, we can set the target partition to one, two, or three. Or we could have an order distribution if you wanted AWS to try to equalise the partitioning of our EU instances. Alternatively, as you can see, cluster does not appear because it is not available for these two types of instances. So if I select something a little bit larger—something like M-5, a 24 x 36—I'm obviously not going to launch it, obviously.So I'll say yes, I would like to continue with this, and I'll say, okay, this time you're going to launch it as a cluster. And so the cluster placement group right now is available only for instance types that are quite high. So here we go. I could select my cluster type, and we'll be done. So that's it. This is how you would assign an Easy-Two instance to a placement group. And you can create many EC2 instances within a placement group. And then you would click on "review and launch." But we're not going to do this because I don't want to pay for an M-5, a 24 x 36. Okay. But at least I hope you understand how placement groups work and how we can use them through the console. Hope you like this lecture. I will see you at the next lecture.

24. Elastic Network Interfaces (ENI) with Hands On

Okay, now let's talk about elastic network interfaces, or ENI. So if you hear me sayeni, I mean elastic network interfaces. They're a logical component in a VPC, and they represent a virtual network card. So they're what gives EC two instances access to the network, but they're used outside of ECU instances as well, as we'll see later on in this course. So, for example, we have an availability zone, and we have one instance that is easy to attach to S 0, your primary ENI. And this will provide your easy instance-network connectivity and, for example, a private IP. So each Eni can have the following attributes Number one, it can have a primary private IPV four and one or more secondary IPV fours. OK? So in this example, I have one f zero, but you are more than welcome to add a secondary Enito EC 2, which would be f one, and this will give you another private IPV 4 as well. Okay? Each eni can also have an elastic IPV 4 for each private IPV 4 or one public IPV 4. So it gives you both a private and a public IPS in your hands. You can have one or more security groups attached to your eni, a Mac address attached to it, and other things. but I've just let it give you the most important bits right now in this lecture. And you can create enis independently from your EC2 instances and attach them on the fly or move them from EC2 instances for failover. So let's have a look at what it looks like. And by the way, they're bound to a specific availability zone, or AZ. So that means that if you create an ENI in a specific AZ, you can only have it bound to that specific AZ. So here's another EC-2 instance, and it has another ENI attached to it. For example, we can move one from the first EC2 instance to the second EC2 instance in order to move that private IP. That is, the private IP address will be transferred from the first EC2 instance to the second EC2 instance. and it's very, very helpful for failovers. For example, if your EC2 instance is accessed by a private static IP, then you can move that IP around between the two instances for failover purposes. Okay? So let's have a look at the hands to see what it looks like. Let's go ahead and create two instances very quickly. So I'm going to use Amazon Linux 2, select T 2 Micro, and then click Configure Instant Details. I will launch two instances, and I will go ahead and run them in the same availability zone. So for the submit, I will choose this one, for example, west one A, and then I will click on Add storage, add tags, configure security group review and launch, and launch, and I will say, "Okay, I have this key pair. Here we go. So two instances are being launched, and they are in the same availability zone, which is EU West One A. So if we click on this one, for example, we can see that there is an IPV, a public IP because they're launched publicly, but also a private IP that has been assigned. So we have both a private and a public IP. But the interesting thing is that on the network interfaces it says "F 0." And so if you click on it, this network interface F zero is going to be the primary interface for your easy two instances, and it represents an interface ID, which is an eni, and this long ID right here, and so what we can do is go to this eni tab and see what happens. So the two instances will both have an F zero here, and they have a different private IP. And by the way, if you wanted to access your network interfaces, you would go scroll all the way down, and under Network and Security, you have network interfaces. So there are two ways of getting to that screen right here, and I'm going to remove the search filter. So as we can see here, we have twonetwork interfaces that have been created for me asI've been creating my two easy two instances. So we have this one and that one, and if you look at each network interface ID, as we can see if we go all the way to the right, it's in use, and we have an IPV, four public IPs assigned to it, and also a primary private IP, and they're both different because they're both attached to a different EC2 instance. And so here we can see that, as we've created two easy instances, each one gets its own eni. The interesting bit is that we can go ahead and create our own network interfaces. So I'll just call it my secondary eni, and we'll pick a subnet, and we'll need to pick a subnet that's also EU West One A. So we are in the same AZ, and we can choose to assign a private IP, do auto assign, or have a custom one, but we'll just keep on auto assign. We could choose to be an elastic fabric adapter, and we'll see this hands-on when we go to the HPC section. So at the very end and for now, we're good. So we'll say IP 4 is auto-assigned. We can attach security groups, so we can attach the same security group as before. Click on Create, and we have our new ENI. So if I remove the search filter again, now we have three eyes, and it turns out that one of them is available while the other two are in use. So what I can do is take this ENI, right click, and click on attach, and that will allow me to attach this ENI that's available to one of my two instances. So, for example, I attached it to this one and clicked on Attach. As we can see now on the right side, it's in you. So it's been attached. And if I go back to my instances and refresh this page, what we should be seeing is that in one of the instances, it's going to have two ENS. So I click on the first one, and yes, as we can see for network interfaces, now we have two ends. We have f 0 and f 1. And so this one provides us this private IP right here, and this one provides us a secondary private IP that is different from the first one. And the really cool thing about it is that I'm able to move this engine. So right now, it's attached to this instance. But if I return to my network interfaces and detach it, I want to detach it and wait for it to happen. So it's going to take a few seconds. So let me refresh. Now it's available, so I can right-click again, attach it, and this time I can select an instance; it will be my other instance that's running. And here we go. I've made that ENI switch from instances if I go to my second instance. Now refresh; this one has only F zero, as expected, while the second has F zero and F one has two enis. So the really cool thing about it is now we can start playing with a lot of enis, and for each of these enis, they can be specified and managed accordingly, so you can manage IP addresses and assign more IP addresses. For example, this one now has two private IP addresses, which is quite nice. Then you can go ahead and also change the security groups attached to this entity. So I can attach a different security group to differenteni to manage security with more granularity, and I can change other settings such as tags, descriptions, flow logs, and create a flow log, and so on. So, for the time being, remember that an ENI is a virtual network interface that you can attach and detach from each of the two instances. There is a primary eni, which is F zero, and a secondary eni, which is F one, and they're different. And yes, one can be detached and reattached to other instances on demand; where F zero is the primary, it cannot be detached. OK? And so, just to finish this hands-on, you can detach this DNI, and then you can delete it when you're ready. So you need to wait for it to be done, but then you can delete it, right-click delete, and then you can go ahead back to our instances and terminate our two instances in here, and we're done with this. Hands on. Alright, that's it. I hope you like this lecture, and I will see you in the next lecture.

25. EC2 Hibernate

In this lecture, we are going to talk about a new feature from EC2 called EC2 hibernate. So let's get started. We know we can stop and terminate our EC-2 instances. And what happens? Well, when we stop them, the data on disk, if it's an EBS volume, is kept intact for the next start. And if you terminate our instance, then any data on our EBS volumes that is root that is also set up to be destroyed alongside our instances is going to be lost. OK, but if it's an EBS volume that's attached as a secondary drive and that's not meant to be destroyed when your instance is terminated, then you will obviously keep that data, obviously.So these are behaviours we know and have seen before. And when we start an instance, what happens? Well, on the first start, the operating system is going to boot, and then it's going to play the script from the EC to user data. This is how we customise our instances a little bit. And if we stop it and then restart it, just the operating system will boot. And your application, obviously, will start if you set it up, then your application will start.And if you have an internal cache on your easyto instance, then the cage will be warmed up. And all these things can take a bit of time if your application is slow to start or if your cache is slow to get warmed up. So there's a new option called EC-2 hibernate. What happens when we use EC Twobernate is that all the in-memory state is preserved. So that means that all the data in your RAM is going to be preserved, so that's your memory. So that means that when you restart your instance After hibernating it, the instant boot is going to be much faster because in fact, the operating system has not been stopped or restarted. As we'll see in the hands-on, the operating system will still be up. So it's as if we just hibernated or frozen our easy to instance state, and we can restart it to get back into a much faster state. What happens in the hood? Because it's really tough to maintain an in-memory state, obviously. Well, the whole state of the RAM is going to be dumped into a file onto the root EBS volume. As a result, the root EBS volume must be encrypted. And so what happens is this. So we have our easy-to-run two instances that are running, and there's an encrypted Amazon EBS root volume and the RAM. When we stop and hibernate, what's going to happen is that the RAM is going to be dumped onto the encrypted Amazon EBS root volume, and then the instance will be stopped. So there will be a shutdown of the instance, but not the OS. And then when we restart it, the RAM will go from the EBS volume into the RAM of the instance, and the instance will be running. So why would we do this? Well, the use cases are if you want to keep a long-running process running, or if you want to save the RAM state, or if you have services that take a lot of time to initialise and you don't want to really initialise them at start, then you would hibernate your instance and restart it. Your instance would then be saved. So now you know about EC's two hibernates. It doesn't support all the EC two instances currently support Cfour, C five, C three, M four and all the onesin this list right now you can see CM and R. Obviously, this can change over time as the feature gets better. The instance's RAM size must be less than 150 GB. That is the current limitation because you must spend and store all of the RAM on disk. So you need to have a big enough root EBS volume. It's currently not supported for bare metal instances. The AMI that it supports currently is AmazonLinux Two or Linux One or Ubuntu. You can use the root volume. So it has to be an EBS volume. It cannot be an instance store, it has to be encrypted, and it has to be large enough to support the dump of the full RAM size. Finally, it's only available for on-demand and reserved instances, so not spot instances. Furthermore, the instance cannot currently be hibernated for more than 60 days. So this information right here probably isn't what the exam will test you on. The exam will probably test you more on the feature itself than on how to save the RAM state and hibernate your instance. But this is more of some real-world experience that I'm giving you. So that if you want to use a feature, you are aware of its limitations, which, as with everything in AWS, change extremely quickly. And so it's very, very possible that in the future, obviously, there will be improvements on these things and that maybe more instances will be supported and so on. Okay? So see this as a guideline and a little bit less as a source of truth. Okay? So that's it for this lecture. I will see you in the next lecture for the hands-on exercise.

26. EC2 Hibernate - Hands On

Okay. So let's go ahead and run our instance so going toclick on launch an instance and try easy to Hibernate soas I said for now it's only supported on Amazon XTwo or Amazon Linux One so use Amazon X two andthen for the instance type I show you if I uset two micro and I click on Configure instance detail thenI cannot find any anything related to Hibernate in here butif I do previous and obviously if you do this tourall with me it's going to cost you a little bitof money because it's not a t two micro so ifyou just want to sit and watch you can definitely dothat so let's have a look at an instance for example Okay, I'll look at five large ones. This one, and I click Configure Instance Detail, and I say yes, I want to continue with the five large instances again. This will cost you money, okay? So if you don't want to pay any money, please don't follow me in this hands-on, and then I'll scroll down and here under shutdown behaviour it says stop and under stop it's a stop Hibernate behavior; enable Hibernation as an additional stop behavior, and to enable Hibernation you need enough space on your root EBS volume to accommodate for the instance memory or RAM, and it also needs to be an encrypted DBS volume, which we'll see now. I click on Add Storage, and as we can see, we get a warning message saying we should encrypt the volume; I'm going to click on it and choose default AWS EBS, so we use the default EBS encryption key for this EBS volume, which is perfect, and I'm also going to increase the size to 30 GB just to show you how it works, so we have a big enough EBS volume to get all the RAM into the encrypted EBS root volume, okay. I will just show you the name; I'll call it EC Two with Hibernate, and then I will click on Next Configure Security Group I will allow SSH on port 22 and click on "Review and Launch," choose my key, and say yes, acknowledge, and launch my instance okay.So we're good to go now that we have our instance being instantiated. Let me wait for it to start OK so myinstance has now started and I'm going to play and connectto it so click on Connect and I will use easyto instance connect just for fun I'll click on Connect andbecause my allowed port was on SSH from anything that I'min this is perfect you could use putty you could useyour SSH terminal for Linux or Mac whatever you want reallyand so I can click on uptime and say uptime andit say okay. My instance has been up for 1 minute OK, so notice that my instance has been up for 1 minute, and what I'm going to do now is hibernate it. So I'm going back to my instance and right-clicking instance state, and then I click on stop hibernating, so I'll say yes, please hibernate this instance, and now the instance is now stopping. Okay, so my instance has now been stopped by hibernate, so I'll right-click on it and select restart, and it will restart. But remember, because it's been hibernated, we should see the same in-memory state, and so we should see the same uptime. So let's wait for the instance to start. Okay? So the instance now has two instances running, and I'm going to close my old SSH connect, click Connect Again, and then click Easy to Instance Connect, click Connect, and we should be able to connect into the instance. And now, if I say uptime, we've been up for 7 minutes. So as we can see, the instance has been up and running for a long time; it has not been stopped, and therefore hybrid is working as expected. Alright, so that's it for this lecture. very simple. But I want to show you, ideally, how Ebnet works. And finally, I'll just click on "terminate" and terminate my instance, and we'll be done. Alright, that's it. I will see you at the next lecture.

ExamCollection provides the complete prep materials in vce files format which include Amazon AWS Certified Solutions Architect - Associate certification exam dumps, practice test questions and answers, video training course and study guide which help the exam candidates to pass the exams quickly. Fast updates to Amazon AWS Certified Solutions Architect - Associate certification exam dumps, practice test questions and accurate answers vce verified by industry experts are taken from the latest pool of questions.