AWS QUESTIONS

1. Define Cloud Computing.

Cloud computing is the on-demand delivery of IT resources over the
internet, allowing users to access and manage computing services, like
servers, storage, networking and databases without owning physical
hardware. It provides scalable and flexible resources, often on a pay-as-
you-go basis.
2. Specify the Services provided by cloud.

3. What is meant by middleware?

It is a layer which enables the developer to deploy the application more
effectively into the servers. Middleware is software that lies between an
operating system and the applications running on it.(Windows – Internet
information service (IIS), Linux – httpd(apache)).
4. Define region and availability zones in AWS. Specify how many regions
and availability zones are there to provide AWS services till date.
A region is a geographical area that contains multiple, physically
separated Availability Zones.
 An AZ is one or more discrete data centers with independent power,
networking, and cooling within a region. AZs are designed to be isolated
from each other to prevent a failure in one AZ from impacting others.
33 Regions, 105 Availability zones.
5. List the advantages of cloud.
On demand provision, Cost Efficiency, Scalability, Fault Tolerence, High
security and Availabilty.
6. Mention the major types of cloud with an example.
 Public cloud(AWS)
 Private Cloud(VMware Cloud Foundation)
 Hybrid Cloud(Microsoft Azure Stack)
7. List and explain the instance purchasing options in AWS.
 On demand - Instances are paid for by the second (or hour for older
generations), with no long-term commitments or upfront payments
 Reserved - Instances are purchased for a one- or three-year term with
a significant discount compared to On-Demand prices.
 Spot - Instances that take advantage of unused EC2 capacity at up to
90% off On-Demand prices
 Dedicated - Physical EC2 servers dedicated for your use, providing
visibility and control over how instances are placed on a server.
8. What is meant by hypervisor?
A hypervisor is a software layer that enables multiple virtual machines
(VMs) to run on a single physical host by managing and allocating hardware
resources to each VM. It creates, runs, and monitors the virtual
environments, isolating them from one another
9. What are the types of IT environment to run the applications?
Development, Quality analysis(QA), User acceptance test(UAT),
Production.
10. Specify the types of instances in AWS. Give the realtime examples of
each. How should i choose the instance type which is suitable for my
application?
Factors need to help to choose instance types:
 Operating System
 Number of CPU cores
 Amount of system memory (RAM)
 Storage space
 GPU cores
 Network bandwidth requirement

General Purpose Instances(web servers, mobile and enterprise level

applications), Compute Optimized Instances(image processing or
mathematical operations), Memory Optimized Instances(big data analysis,
cluster running on hadoop), Storage Optimized(suitable for cloud native
applications that contain high transaction and low latency such as data
warehousing), Accelerated computing(floating point calculators, data
pattern matching).
11. What is Status Check or 2/2 check in EC2. Specify the factors which
affects this checks respectively.
Instance check – Exhaust memory, corrupted file system, Incorrect
networking.
System check – Loss of network connectivity, loss of system power,
hardware issues.
12. Differntiate TCP & UDP.
TCP UDP
Secure Insecure
Connection oriented Connectionless
Flow control No flow control
20 bytes header 8 byte header
3 way handshake No handshake mechanism
Ex: HTTPS, FTP Ex: DHCP, SNMP
13. How many inbound rules can be added to an security group?
60 inbound rules.
14. How many security groups can be added to a server(instance)?
1 or more security groups for each instance with a max. of five per
network interface.
15. Specify the port range in networking.
0 to 65535
16. What is the maximum number of Elastic IP addresses allowed per AWS
account by default?
20
17. What is reserved and unreserved port. Specify its range.
Reserved ports are typically associated with well-known services or
protocols. They range from 0 to 1023. Port 80 for HTTP, port 443 for
HTTPS, port 22 for SSH.
Unreserved ports are available for general use and are not assigned to
specific services or protocols. They range from 1024 to 65535.
18. Write a Linux command to remove a package from a web server.
sudo apt remove [package]
19. Specify the default port number of RDP and SSH respectively.
RDP – 3389(windows)
SSH – 22 (Linux)
20. Specify the default port number of HTTP and HTTPS respectively.
HTTP – 80
HTTPs - 443
21. Which is used as middleware component to create a webserver for
windows and linux respectively ?
IIS – Internet information service
 httpd – hypertext transfer protocol deamon
22. Define Inbound and Outbound rules of security group in AWS?
 Inbound Rules: Control incoming traffic based on defined protocols,
ports, and sources.
 Outbound Rules: Control outgoing traffic based on defined protocols,
ports, and destinations. Generally we cannot consider the inbound rules.
23. Read all Linux commends which is used to create a webserver in AWS.
24. How many no. of instances can be created at a time?
20 instance per region.
25. What is Security groups?
A security group controls the traffic that is allowed to reach and leave the
resources that it is associated with. For example, after you associate a security
group with an EC2 instance, it controls the inbound and outbound traffic for the
instance.
26. Define Lifecycle management in ec2 instance.
Perform Snapshot and AMI automatically at regular interval

DAY 03– EC2 ADVANCE

1. How will you secure your instance in AWS public cloud?
I will assign public IP to my jump server/bastion host and other server
which contains critical info/app assign private IP and it not be exposed to
public user. When user comes to the server they will authorize by the
bastion host and will redirect to the respective server where the respective
application will contains user satisfying info/app.
2. List the types of volume in AWS.
 General purpose SSD(gp2)
 General purpose SSD(gp3)
 Provisioned IOPS SSD(io1)
 Provisioned IOPS SSD(io2)
  Cold HDD(sc1)
 Throughput optimized HDD(st1)
 Magnetic (standard)
3. How will you secure your volume in instance (server) of a AWS?
With the help of KMS
4. Simply Differentiate EBS & EFS
Feature Amazon EBS
Data Access Accessed as block devices
(volumes) attached to EC2
instances
Latency Low-latency access suitable
for transactional workloads
Example Use Cases Databases, boot volumes,
transaction-heavy
applications
Availability and Designed for high
Durability availability within a single
Availability Zone (AZ)
Amazon EFS
Accessed as a file system
from multiple EC2
instances
Higher latency compared to
EBS, suitable for file-based
workloads
Web serving, content
management, home
directories, big data
applications
Designed for high
availability and durability
across multiple AZs

5. List the Six pillars of AWS.

 Operational Excellence
 Security
 Reliability
 Performance Efficiency
 Cost Optimization
 Sustainability

6. How many secondary volume can be attached to a single instance?

The maximum number of Amazon EBS volumes that you can attach to an
instance depends on the instance type and instance size.
Instance size Volume limit
Medium/large/xlarge/2xlarge/4xlarge/8xlarge/ 32
12xlarge
16xlarge 48
24xlarge 64
 32xlarge 88
48xlarge 128
Metel-16x1/metel-24x1 39
Metel-32x1/metel-48x1 79

7. What is the maximum capacity of each secondary volume?

16 TB
8. Is it possible to decrease volume in instance?
You can't decrease the size of an EBS volume directly. However can
reduce by following the below steps.
 Snapshot the volume
 Create a new smaller EBS volume
 Attach the new volume
 Format the new volume
 Mount the new volume
 Copy data from old volume to the new volume
 Prepare the new volume
 Detach and unmount old volume.
DAY 04 – S3
1. Storage Classes in AWS S3.
 Standard
 Standard IA
 Onezone IA
 Glacier instant retrieval
 Glacier flexible retrieval
 Glacier deep archieve
 Reduced redundancy
 Intelligent tiering
2. What is versioning in AWS S3?
 Versioning in Amazon S3 is a means of keeping multiple variations of an
object in the same bucket. You can use the S3 Versioning feature to
preserve, retrieve, and restore every version of every object stored in your
buckets. Versioning-enabled buckets can help you recover objects from
accidental deletion or overwrite.
3. How will you restore the deleted files in S3?
If you will delete the DELETE MARKER file it will restore.
4. Mention the features of buckets and objects in S3?
Bucket –
 Unlimited size
 Bucket name should be globally unique
 Bucket is defaultly private
Object –
 Unimited size
 Max size of single file – 5TB
Properties:
 Bucket versioning
 Default encryption
 Intelligent tiering
 Server access logging
 Cloud trail
 Event notification
 Transfer acceleration
 Object lock
 Requester pays
 Static web hosting
5. How many buckets can be created per AWS account?
100 buckets
6. What is meant by ACL in S3?
 Amazon S3 access control lists (ACLs) enable you to manage access to
S3 buckets and objects. Every S3 bucket and object has an ACL attached to
it as a subresource. The ACLs define which AWS accounts or groups are
granted access along with the type of access.
DAY 05 – IAM
1. How many IAM users can be create per AWS account?
5000
2. How many policies can be attached to a single IAM user?
20 AWS managed & customer managed policies and the inline
policy is unlimited.
3. How many policies can be attached to a IAM group?
10 AWS managed & customer managed policies and the inline
policy is unlimited.
4. How many IAM groups can be created in AWS?
300
5. What are the types of policies are in IAM ?
 Aws managed policies
 Customer managed policies
 Inline policies
6. What are the services in aws are global specific?
 IAM
 AWS organizations
 AWS cloudfront
 Route 53
 Global accelerator
 S3
 AWS WAF
7. What is permission boundary in IAM?
 In AWS Identity and Access Management (IAM), a permission
boundary is an advanced feature that defines the maximum
permissions an IAM entity (user or role) can have. And also if the user
belonging to a particular group which contains all preveliged high
level permissions but we can assign the particular policies to that user
even if he belonging to that group.
8. Define roles in an IAM.
In AWS Identity and Access Management (IAM), roles are a way
to grant trusted entities permissions to perform specific actions on
AWS resources. Unlike users, roles do not have long-term credentials
such as passwords or access keys. Instead, roles are assumed by
trusted entities, which then receive temporary security credentials that
grant them access to the resources specified in the role's policies. And
also roles is important for AWS services to connect with other
services.
9. Is it possible to attach multiple roles to an IAM user and why?
No, it is not possible to attach multiple roles directly to a single
IAM user in AWS. IAM users can have multiple policies attached to
them, but they can only assume one role at a time.
10. Difference between permission boundary, inline policy and AWS
managed policies.
Permission Inline policy AWS managed
boundary policies.
Sets the maximum Provides additional Pre-defined policies
permissions for an IAM
permissions to an IAM created and managed by
entity.
entity. AWS.
Attached to an IAM Directly embedded Attached directly to an
entity (user or role).
within an IAM entity's IAM entity (user or role).
JSON policy.
This policy is specific for This policy can be
 one user and it will be attached to multiple users
deleted when user is and it is not deleted when
deleted user is removed.

11.If the key file of an ec2 instance is deleted unfortunately how will
you login to that instance?
Method 01:
i. Create image if the existing ec2 instance.
ii. Now stop the old instance
iii. Then create ec2 instance by instance using AMI option with
new key pair
iv. Now we get the old instance data in an new instance it is done
with the help of AMI.
Method 02:
i. Stop the original instance
ii. detach the old volume
iii. Attach the old volume to newly created instance
iv. Connect the instance.
v. lsblk – list blocks
vi. use mkdir/mnt/dir.name command to make directory
vii. cd /mnt/dirname
viii. now mount by using the command
mount –o rw,nouuid /dev/xvdf1 /mnt/dirname
ix. copy .ssh/authorized keys to mnt new volume by using
command
cat /home/ec2-user/.ssh/authorized_keys >> /mnt/dir.name/ home/ec2
user/.ssh/authorized_keys
x. unmount /mnt/dir.name
xi. detach the old volume from new instance & stop new instance
 xii. Attach the old volume to a old instance as root volume by using
/dev/xvda
xiii. Start the original instance & connect using new key.

DAY 06 NETWORKING & VPC PART 01

1. Define VPC service in AWS.
VPC allows to creating our own network infrastructure for our own
purpose in public cloud. A virtual private cloud (VPC) is a virtual
network dedicated to your AWS account. It is logically isolated
from other virtual networks in the AWS Cloud. You can launch
your AWS resources, such as Amazon EC2 instances, into your
VPC.
2. Define the IPV4 range in networking.
0 to 255
3. How many VPC can be created in an region?
Total 5 VPC (in that 1 default).
4. How many elastic IP can be created in an region?
5 in a region.
5. How many security groups can be created in an region?
2500 in a region.
6. How many network interface can be created for a EC2 instance?
Total 2 (in that 1 default)
7. Difference between NAT (network address translation) & Internet
gateway (IGW).
NAT IGW
NAT allows the private subnet IGW allows the public subnet
(database, backend)instances to access (frontend)instances to access the
the internet service. internet service.
It converts the private IP and passes the
 request through the internet gateway.
NAT gateway presents only in Public
subnet.

8. Define OSI model.

9. If when your application wet down in aws production

environment as a cloud engineer how will you troubleshoot?
 Check whether the service is running.
 Check 2/2 status check.
 See logs to identify who made any error or what kind of
problem is arised.
 Check security group whether the port number is changed.
10. Define subnetting.
A subnetwork or subnet is a logical subdivision of an IP
network. The practice of dividing a network into two or more
networks is called subnetting. Computers that belong to a subnet
 are addressed with a common, identical, most-significant bit-group
in their IP address.
11. Specify the classes in a IPV4.

12.Important points to remember in CIDR.

(I) In general, the first IP address is assigned for network
purpose last IP address assigned for broadcast purpose. But
in cloud, 5 IP address are assigned for default purposes
which is given below.
First ip 0.0 - Network Address
Second ip 0.1 - Reserved by AWS for the VPC router
Third ip 0.2 - Reserved by AWS DNS
Fourth ip 0.3 - Reserved by AWS Future Use
Last ip 0.255 - Network Boardcast

(II) CIDR suggest the user to use the IPV4 bit from 28 to 16
because if we use above 28 the IP production is less which
 leads to insufficient of IP and if we use below 16 the IP will
be produced many which leads to wastage of IP.
13. Concpet of IGW,NAT, route table, route, subnet

DAY 07 (SATURDAY SESSION – SCENARIO BAESD QUESTIONS)

01.How will you troubleshoot slow response of an application?

(i) Hardware level check :
 Check CPU status (kill unwanted background process)
 Check Memory status (clear cache)
 Check disk status (unwanted log file transfer to S3)
(ii) Check Network traffic( network traffic will be increased when
particular source arise request many times & it can be troubleshooted by
using WAF service – it will restrict the user to made many request at a
time.)
(iii) If this all low level components are running properly then reach
application team to watch any memory leakage.
(iv) Finally reach the DB team - that team will implement ready’s cache
to stop the request to access the DB all time. From this processing request
by DB will be faster.
02.How will you select your instance for your customer?
 Choose the instance type.(General purpose SSD(gp2), General
purpose SSD(gp3), Provisioned IOPS SSD(io1), Provisioned IOPS
SSD(io2), Cold HDD(sc1), Throughput optimized HDD(st1),
Magnetic (standard))
 And also choose instance family(t – series, m - series) read all which
is important.
03.Is it possible to encrypt the EBS volume in running state of an
instance?
No. Alternatively, snapshot the volume and encrypt it then attach
to the respective instance.
04. How will you secure your EC2?
 Security group (add inbound & outbound rules)
 EBS volume encryption
 Enable MFA to secure whole AWS account.
 Implement VPC (private)
 IAM
 Take backup at regular interval.
05.How will you recover your customer account which is getting
hacked?
 The only way is to maintain a separate account and keep backups
of all your data from the main account.
 And also ask the customer I will recover your data till previous
night or say some time….is this ok to lost the remaining data which
is not backedup. Once the customer agreed start initiate backup
process & terminate the old account immediately.
 Once the process is done undertake deep analyse about in which
way the hacker get into the account and tighten the security group
where it needed.
06.How will you manage your customer billing to optimize cost?
Use AWS service called cost explorer (need to study in detail to
optimize cost) and also use AWS purchase option (on demand, reserved,
spot, dedicated, dedicated host).

DAY 08 – VPC PART- 02

01.Specify the components of VPC.
 CIDR
 Subnets
 Routing table
 Routes
 IGW
 NAT-GW
 Security groups
 Network access control list(NACL)

02.Define CIDR.
Classless inter-domain routing (CIDR) is a set of Internet protocol
(IP) standards that is used to create unique identifiers for networks and
individual devices. The IP addresses allow particular information
packets to be sent to specific computers. ... That system is known as
CIDR notation.
03.Define Route table.
A route table contains a set of rules, called routes, that are used to
determine where network traffic is directed.Each subnet in your VPC
must be associated with a route table; the table controls the routing for
the subnet. A subnet can only be associated with one route table at a
time, but you can associate multiple subnets with the same route table.
 04. Define Internet gateway.
 An Internet gateway is a horizontally scaled, redundant, and
highly available VPC component that allows communication
between instances in your VPC and the Internet. It therefore
imposes no availability risks or bandwidth constraints on your
network traffic.
 An Internet gateway supports IPv4 and IPv6 traffic.

To enable access to or from the Internet for instances in a VPC subnet, you
must do the following:

 Attach an Internet gateway to your VPC.

 Ensure that your subnet's route table points to the Internet
gateway.
 Ensure that instances in your subnet have a globally unique IP
address (public IPv4 address, Elastic IP address, or IPv6
address).
 Ensure that your network access control and security group rules
allow the relevant traffic to flow to and from your instance.
05.Write down the steps to create VPC.
 Create a own VPC.
 Create a Public and Private subnet for different AZ by assigning
diferent CIDR blocks.
 Create Internet Gateway & attach it to the VPC.
 Create Routing table [RT], One as Public & One as Private by
associating the appropirate subnets to it.
 Edit the Public route table's Route alone and map the IGW, not the
Private and leave it as it is.
 Create Two Security Groups - One for Public [Edit the Inbound
rules with RDP, HTTP/HTTPS, SSH and map 0.0.0.0/0 in the
 source] & One for Private [Edit the inbound rules and map the SG
of Public in the source].
 Create Two EC2s one in public and one in private subnets with
proper Security Groups.
 Login into Public and check the internet connection.
 Create NAT gateway with new Elastic IP for the internet
connection in the Public Subnet. Map it to Private RT.
 Now login into the Private EC2 and verify the connectivity and
Internet facility.

06.What are all the VPC component which is created as default?

 DHCP option set(automatically assign IP)
 Main route table
 Main network ACL.
07.Difference between security group & NACL.

SECURITY GROUP NACL

It is referred as statefull firewall
It is referred as stateless firewall
Can create SG at EC2 instance level Can create NACL at subnet level
It cannot able to deny IP address can It can able to allow & deny IP address
only allow.

08.Difference between authentication & authorization.

AUTHENTICATION AUTHORIZATION
The process of verifying the identity of
a user. The process of granting or denying
access to resources.
Logging in with a username and
password. Accessing files, databases, or resources
based on user roles.

09.How will you monitor your VPC ?

With the help of VPC flow log.
10.Is it possible to edit(add/remove ip address range) of IPV4 CIDR
block?
It's not possible to change or modify the IP address range of an
existing virtual private cloud (VPC) or subnet. However, you can do
one of the following:

 Add an additional IPv4 CIDR block as a secondary CIDR to your

VPC.
 Create a new VPC with your preferred CIDR block and then
migrate the resources from your old VPC to the new VPC (if
applicable)

11.If accidently set the CIDR subnet value is given more than
required as a result more servers or came to that subnet in that
case can decrease the subnet size ?
In AWS, once you have created a subnet with a certain CIDR
block, you cannot directly decrease the subnet size or change its
 CIDR block. However, you can address this situation by creating a
new, smaller subnet and migrating your resources to this new subnet.
12.Define lifecycle management in S3?
Initially the object which was created in S3 is in standard storage
class. If the particular object needs to move to another class it can be
done but the object should be placed in that class for atleast 30 days.
Therefore the lifecycle management keeps the object in a rotational
basis

DAY 09 – VPC PEERING

01. Define VPC peering.
 It is a method in VPC which is used to connect multiple VPC’s by
exchanging route table of each subnet with each other
 Request accept method.
 One way communication between instances.
Advantages :
One to one communication is faster.
Disadvantage:
When more no.of VPC’s comes into play routing becomes
complex.
02. Define Transit gateway in VPC.
AWS Transit Gateway allows you to connect multiple VPCs
and on-premises networks through a single gateway. In order to
overcome the problem of VPC peering, transit gateway act as a
medium between multiple VPC’s. It contains all CIDR IPV4 block
address. When any one vpc try to establish connection with other
the transit gateway checks whether that IP block address is present
 in that record. If it is present then allow this traffic to respective
VPC to establish connection.

03. Define S2S VPN.

S2S VPN establish communication between on premises
data centre and cloud data centre via internet. In some
situation, company needs to keep their database in their own
datacentre itself to keep it more secure and places the frontend and
backend servers in cloud datacentres. In this scenario, if we want to
communicate with an on premises datacenter to cloud via internet
S2S VPN service is used.
 IPSEC TUNNEL

 Customer gateway: need to give public IP to cloud.

 VPC Gateway: CIDR configure by AWS.
 S2S VPN : make use of above details and produce IPSEC config file
then the file is send to n/w admin in on premises to setup this file in
on premises. As a result IPSEC tunnel is established to transfer data
between them.

04. Direct connect:

 Connecting on premises data centres to cloud via physical
medium(not via internet) is called direct connect.
 They lay fibre optic cable in underground & transmit data to cloud.
 Cost is very expensive.

05. Is it possible to use single NAT gateway to multiple subnet which is

associated with another VPC?
No, a single NAT Gateway cannot be directly shared across
multiple subnets in different VPCs without using a Transit Gateway or a
similar solution.

Reasons You Can't Directly Share a NAT Gateway Across VPCs:

VPC Isolation:

 VPCs are isolated networks within AWS, and resources like NAT Gateways are
bound to their specific VPC. This means they cannot be accessed directly by
resources in another VPC without an intermediary.

Routing Restrictions:
 Each VPC has its own routing tables, and you can't directly route traffic between
VPCs without a connection like VPC peering, a Transit Gateway, or a VPN.

DAY 10 – ROUTE 53
01. Define R53 in AWS.
Route 53 is a global access AWS service which is considered as
highly available Domain name system (DNS). 53 is a port number.

02. Basic network flow using DNS.

 TLD – Top level domain

 Root domain
 Child domain

03. How many name servers will be created after purchasing domain
from any domain selling vendors?
4 name servers.
04. Define DNSSEC.
 DNSSEC stands for Domain name system ssecurity extensions,
kind of certificate used to protect domains.
 Prevents from DNS spoofing
05. Define user data in AWS.
 User data is a bootstrap script it will execute when
provisioning of EC2 instance.
 It is not possible to edit user data in a running instance.
06. What are the types of routing policy in an AWS R53?
 Simple routing policy – Use for a single resource that performs a
given function for your domain, for example, a web server that
serves content for the example.com website. You can use simple
routing to create records in a private hosted zone.
 Failover routing policy(mostly used) – Use when you want to
configure active-passive failover. You can use failover routing to
create records in a private hosted zone.
 Geolocation routing policy – Use when you want to route traffic
based on the location of your users. You can use geolocation routing
to create records in a private hosted zone.
 Geoproximity routing policy – Use when you want to route traffic
based on the location of your resources and, optionally, shift traffic
from resources in one location to resources in another location. You
can use geoproximity routing to create records in a private hosted
zone.
 Latency routing policy(mostly used) – Use when you have
resources in multiple AWS Regions and you want to route traffic to
the Region that provides the best latency. You can use latency
routing to create records in a private hosted zone.
 IP-based routing policy – Use when you want to route traffic based
on the location of your users, and have the IP addresses that the
traffic originates from.
 Multivalue answer routing policy – Use when you want Route 53
to respond to DNS queries with up to eight healthy records selected
at random. You can use multivalue answer routing to create records
in a private hosted zone.
 Weighted routing policy(mostly used) – Use to route traffic to
multiple resources in proportions that you specify. You can use
weighted routing to create records in a private hosted zone.

07.List the types of records in an R53?

 A – record – used for IPV4 address
 AAAA – record – used for IPV6 address
 CNAME–record – used to connect for load balancer/sub
domains(WWW,Dev etc.,).
 MX – record – used for mail exchange servers
08. How will you troubleshoot when DNS not responding even the
applications are running successfully?
Simply clear the cache
09.Overall concept of R53.

10.What is the maximum number of characters allowed in a domain

name registered with Amazon Route 53?
63
11.What is the purpose of a health check in Amazon Route 53?
Ensure the health of resources like EC2 instances or S3 buckets
12.Which AWS service can be integrated with Amazon Route 53 for
health checks and automatic failover?
Amazon RDS

13.AWS Datacenter Disaster recovery(DCDR).

In AWS disaster include natural disasters like earthquakes or floods,
technical failures such as power or network loss, and human actions such
as inadvertent or unauthorized modifications.
Ultimately, any event that prevents a workload or system from fulfilling
its business objectives in its primary location is classified a disaster.

Objectives:

 Recovery time objective (RTO): The maximum acceptable delay

between the interruption of service and restoration of service. This
determines an acceptable length of time for service downtime.
  Recovery point objective (RPO): The maximum acceptable amount
of time since the last data recovery point. This determines what is
considered an acceptable loss of data.

Disaster recovery strategies:

Backup and restore:

 In addition to data recovery, you must redeploy the infrastructure,

configuration, and application code in the recovery Region.
 To enable infrastructure to be redeployed quickly without errors, you
should always deploy using infrastructure as code (IaC) using services
such as AWS CloudFormation or the AWS Cloud Development Kit
(AWS CDK).

 In addition to user data, be sure to also back up code and configuration,

including Amazon Machine Images (AMIs) you use to create Amazon
EC2 instances. You can use AWS CodePipeline to automate
redeployment of application code and configuration.

Pilot light :{Switched OFF ,Switcheed ON}

  With the pilot light approach, you replicate your data from one Region to
another and provision a copy of your core workload infrastructure.
 Unlike the backup and restore approach, your core infrastructure is
always available and you always have the option to quickly provision a
full scale production environment by switching on and scaling out your
application servers.
 This recovery option requires you to change your deployment approach.
You need to make core infrastructure changes to each Region and deploy
workload (configuration, code) changes simultaneously to each Region.
This step can be simplified by automating your deployments and using
infrastructure as code (IaC) to deploy infrastructure across multiple
accounts and Regions.

Warm standby:

 The warm standby approach involves ensuring that there is a scaled

down, but fully functional, copy of your production environment in
another Region. This approach extends the pilot light concept and
decreases the time to recovery because your workload is always-on in
another Region.
 The distinction is that pilot light cannot process requests without
additional action taken first, whereas warm standby can handle traffic (at
reduced capacity levels) immediately. The pilot light approach requires
you to “turn on” servers, possibly deploy additional (non-core)
infrastructure, and scale up, whereas warm standby only requires you to
scale up (everything is already deployed and running).

Multi-site active/active:

 You can run your workload simultaneously in multiple Regions as part of

a multi-site active/active or hot standby active/passive strategy.
 Multi-site active/active serves traffic from all regions to which it is
deployed, whereas hot standby serves traffic only from a single region,
and the other Region(s) are only used for disaster recovery.
 With a multi-site active/active approach, users are able to access your
workload in any of the Regions in which it is deployed.
 This approach is the most complex and costly approach to disaster
recovery, but it can reduce your recovery time to near zero for most
disasters.
DAY 11 - ELASTIC LOAD BALANCER AND AUTO SCALING
GROUP(ASG practical hands on not done)

01. Types of load balancer in AWS.

 Classic LB – outdated – works as round robin model
 Application LB – mostly used – path based routing
 Network LB – mostly used – run application in diff/- ports
 Gateway LB – not widely used
02. Define auto scaling group in aws?
ASG is a service where the no of instance is increases
exponentially when there is a need of extra instance.
For example: if there are 3 instances running in an account, their
average average of all three instance - cpu utilization will exceed
70% then the ASG will add extra server to withstand the server
request after 300 sec and thereby prevent the existing servers to fell
into unhealthy state.

Components:
These components are called grouping size:
 Launch template => AMI
 Minimum : 3
 Desired : 2
 Maximimum : 6
03. Define load balancer in AWS?
 Elastic Load Balancing automatically distributes your incoming
traffic across multiple targets, such as EC2 instances, containers,
and IP addresses, in one or more Availability Zones. This
increases availability of your application.
  LB consider health check while routing traffic.
 It provides cross zone support.
04. What is stickiness in load balancer?
Stickiness is a term that is used to describe the functionality of a
load balancer to repeatedly route traffic from a client to a single
destination, instead of balancing the traffic across multiple
destinations.
05. Monolithic vs Microservices:

06. What are all the possibilities to create as target group when
creating application load balancer.
  Instances
 IP addresses
 Lamda function
 Application load balancer
07.Network LB work on layer 4 of OSI which means transport
with TCP, UDP