Day 49 of #90DaysOfDevOps
Name 5 aws services you have used and what are the use cases?
EC2: Elastic Compute Cloud is used for creating virtual machines. Apart from this, it provides multiple facilities such as creating and maintaining launch templates, AMIs, snapshots, volumes(storage), networking and security for machines, load balancing and auto-scaling.
IAM: Identity and Access Management is used for providing permissions (roles and policies) to access certain services to users and groups.
ECR: Elastic Container Repository is used for storing containers in AWS like DockerHub.
ECS: Elastic Container Service is a fully managed container orchestration service provided by AWS. It allows you to run and manage Docker containers on a cluster of virtual machines (EC2 instances) without having to manage the underlying infrastructure.
CloudWatch: it is used to set alarms and monitor the logs of AWS services. We can set alarms on any of the metrics to receive notifications when the metric crosses the specified threshold.
What are the tools used to send logs to the cloud environment?
- Several tools can be used to send logs to the cloud environment, including Amazon CloudWatch Logs, AWS CloudTrail, and AWS Elastic Beanstalk.
What are IAM Roles? How do you create /manage them?
IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumed by anyone who needs it.
To create it go to the IAM from the AWS dashboard and click on the Roles. Then select a trusted entity, add permissions and click on Create.
How to upgrade or downgrade a system with zero downtime?
- To upgrade or downgrade a system with zero downtime, you can use techniques such as blue-green deployment, rolling deployment, or canary deployment. These techniques involve creating a duplicate environment, deploying the updated version to the duplicate environment, and gradually shifting traffic from the old environment to the new one.
What is infrastructure as code and how do you use it?
Infrastructure as code is the process of managing and provisioning computer data center resources through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
To use IAC, you need to define your infrastructure as code by creating scripts or configuration files that describe the desired state of your infrastructure. Once the code has been written, you can use a tool like CloudFormation or Terraform to provision and manage the infrastructure. The key benefits of IAC include version control, consistency, and automation. By using IAC, you can ensure that all environments are created and configured in the same way, reduce the risk of errors and inconsistencies, and speed up the deployment process by automating the provisioning and configuration of infrastructure.
What is a load balancer? Give scenarios of each kind of balancer based on your experience.
A load balancer is a device or software that distributes incoming network traffic across multiple servers to improve the performance, availability, and scalability of applications or services. It can help to distribute the workload among servers and prevent overloading.
Types of load balancers:
Classic Load Balancer (CLB): This load balancer routes traffic based on either the IP address of the client or the requested hostname. It supports both HTTP and HTTPS protocols, as well as TCP and SSL protocols.
some scenarios where a Classic load balancer may be used are:
1)Serving static websites or applications that do not rely on cookies
2)Distributing traffic across multiple web or application servers in a simple setup
3)Handling TCP or SSL traffic for non-HTTP/HTTPS applications.
Application Load Balancer (ALB): This is a more advanced load balancer that operates at the application layer (Layer 7) and can route traffic based on the content of the request. ALB supports features such as path-based routing, host-based routing, and routing based on HTTP headers or query strings. It can also handle sticky sessions for applications that require session persistence, such as e-commerce websites or SaaS applications.
some scenarios where an application load balancer may be used are
1)Routing traffic to multiple microservices based on path or host
Handling traffic for complex web applications with multiple tiers
Network Load Balancer(NLB): It is a Layer 4 (transport layer) load balancer that can handle high volumes of traffic with low latency and high throughput. Also used to handle TCP and UDP traffic at the transport layer.
What is CloudFormation and why is it used?
- AWS CloudFormation is a service that allows you to model and provision AWS resources in a declarative way using templates. It is used to automate the deployment and management of infrastructure as code in AWS, making it easier to create, update, and delete stacks of resources with minimal effort. By using CloudFormation, you can create and configure resources in a consistent and repeatable way, reducing the time and effort required to manage your infrastructure.
Difference between AWS CloudFormation and AWS Elastic Beanstalk?
AWS CloudFormation is a service that automates the deployment and management of infrastructure resources, CloudFormation is focused on infrastructure management and provides more flexibility and control over the resources being deployed. It allows for custom scripts and more granular resource configuration.
AWS Elastic Beanstalk is a platform that simplifies the deployment and management of applications by providing a preconfigured platform. It is focused on application management and provides a preconfigured platform that simplifies the deployment and management of applications. It includes a variety of prebuilt components, such as load balancers and databases, which can be quickly and easily configured.
What are the kinds of security attacks that can occur on the cloud? And how can we minimize them?
Several kinds of security attacks can occur on the cloud, including
1)Distributed Denial of Service (DDoS) attack
2)Malware and viruses
3)Data breaches and theft
4)Cross-site scripting (XSS) attacks
5)SQL injection attacks
6)Phishing attacks
To minimize these security attacks, here are some best practices:
1)Use strong authentication and authorization mechanisms, such as multi-factor authentication and role-based access control.
2)Implement encryption for data at rest and in transit.
3)Implement network security controls such as firewalls and intrusion detection and prevention systems.
4)Implement regular security audits and vulnerability assessments.
5)Maintain compliance with industry standards and regulations.
6)Implement security monitoring and logging to detect and respond to security incidents.
7)Use a trusted cloud service provider with a strong track record of security and compliance.
Can we recover the EC2 instance when we have lost the key?
We can recover an EC2 instance when we have lost the key pair by creating a new key pair, stopping the instance, detaching the root volume, launching a new instance with the new key pair, attaching the root volume to the new instance, starting the new instance, and updating security groups and IP addresses as needed.
There is another way to recover an ec2 instance, if we have lost the key pair, we can create an AMI of the existing instance, and then launch a new instance. We can then select a new key pair by following the instance launch wizard.
What is a gateway?
- A gateway is a network component that serves as a bridge or a transition point between different networks. It is used to facilitate communication and data transfer between networks that may have different communication protocols and addressing schemes. Gateways can be used to connect different cloud environments.
What is the difference between the Amazon Rds, Dynamodb, and Redshift?
Amazon RDS, DynamoDB, and Redshift are three different database services offered by Amazon Web Services (AWS) with different use cases and functionalities.
Amazon RDS (Relational Database Service): is a fully managed relational database service that makes it easy to set up, operate, and scale a relational database in the cloud. It supports popular database engines like MySQL, PostgreSQL, Oracle, and SQL Server. With RDS, you don't have to worry about managing the underlying infrastructure, including patching, backups, and replication. Instead, you can focus on building and optimizing your applications.
Amazon DynamoDB: on the other hand, is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It is designed to handle large amounts of unstructured data, such as documents, images, and social media content. DynamoDB is a serverless database, which means that you don't have to manage any servers or infrastructure.
Amazon Redshift: is a fully managed data warehouse service that makes it easy to analyze large amounts of data using SQL and business intelligence tools. It is designed for online analytical processing (OLAP) and supports big data analytics. Redshift is optimized for querying and analyzing large datasets and is based on a columnar storage format. It provides fast query performance and allows you to scale your cluster up or down depending on your needs.
Do you prefer to host a website on S3? What's the reason if your answer is either yes or no?
Hosting a website on S3 may be a good option for simple static websites that don't require server-side scripting or complex functionality. S3 charges based on the amount of storage used and data transferred, which can be significantly cheaper than using a traditional web hosting service.
However, for more advanced websites or applications, other web hosting services may be a better fit. S3 doesn't support server-side scripting, which means you can't use popular web technologies like PHP or ASP.net. S3 also lacks some features that are typically included in web hosting services, such as domain name registration, email hosting, and database support.