What does AWS use when you copy an instance store–backed AMI to a different region?

What does AWS use when you copy an instance store–backed AMI to a different region?

• EFS
• EBS
• S3
• Glacier

Explanation

When you copy an instance store–backed Amazon Machine Image (AMI) to a region, you create an Amazon S3 bucket for the AMIs copied to that region. All instance store–backed AMIs that you copy to that region are stored in this bucket. The bucket names have the format amis-for-account-in-region-hash (for example, amis-for-123456789012-in-us-east-2-yhjmxvp6).

You can copy an Amazon Machine Image (AMI) within or across AWS Regions. You can copy both Amazon EBS-backed AMIs and instance-store-backed AMIs. You can copy AMIs with encrypted snapshots and also change encryption status during the copy process. You can copy AMIs that are shared with you.

Copying a source AMI results in an identical but distinct target AMI with its own unique identifier. You can change or deregister the source AMI with no effect on the target AMI. The reverse is also true.

With an Amazon EBS-backed AMI, each of its backing snapshots is copied to an identical but distinct target snapshot. If you copy an AMI to a new Region, the snapshots are complete (non-incremental) copies. If you encrypt unencrypted backing snapshots or encrypt them to a new KMS key, the snapshots are complete (non-incremental) copies. Subsequent copy operations of an AMI result in incremental copies of the backing snapshots.

Source

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html

Read More

Which of the following methods is a valid way to encrypt an existing EBS volume?

Which of the following methods is a valid way to encrypt an existing EBS volume?

• Mark the volume as encrypted in the management console
• Export the volume with the encryption flag set
• Create a snapshot of the unencrypted volume, copy the snapshot and encrypt it, and restore the snapshot to a new EBS volume
• None of the above; EBS volumes do not support encryption

Explanation

There is no direct way to encrypt an unencrypted EBS volume. You can use the encryption property of a snapshot, however, in order to encrypt the volume in an indirect way.

Use Amazon EBS encryption as a straight-forward encryption solution for your EBS resources associated with your EC2 instances. With Amazon EBS encryption, you aren't required to build, maintain, and secure your own key management infrastructure. Amazon EBS encryption uses AWS KMS keys when creating encrypted volumes and snapshots.

Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data-at-rest and data-in-transit between an instance and its attached EBS storage.

Source

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

Read More

What type of queue is available in all regions with SQS?

What type of queue is available in all regions with SQS?

• First-in, first-out delivery
• High throughput
• Limited throughput
• Exactly-once processing

Explanation

The high throughput queue is available in all regions.

Amazon SQS stores all message queues and messages within a single, highly-available AWS region with multiple redundant Availability Zones (AZs), so that no single computer, network, or AZ failure can make messages inaccessible.

Source

https://aws.amazon.com/sqs/features/

Read More

Your IT group maintains an application on AWS to provide development and testing platforms for your developers. Currently each environment consists of an m1.small EC2 instance. Your developers report to your group performance degradation as they increase network load in the test environment. How would you mitigate these performance issues in the test environment?

Your IT group maintains an application on AWS to provide development and testing platforms for your developers. Currently each environment consists of an m1.small EC2 instance. Your developers report to your group performance degradation as they increase network load in the test environment. How would you mitigate these performance issues in the test environment?

• Upgrade the m1.small to a larger instance type.
• Add an additional ENI to the test instance.
• Use the EBS optimized option to offload EBS traffic.
• Configure Amazon CloudWatch to provision more network bandwidth when network utilization exceeds 80 percent.

Explanation

Note that the EBS optimized option is not available for this EC2 instance.

An Amazon EBS-optimized instance uses an optimized configuration stack and provides additional, dedicated capacity for Amazon EBS I/O. This optimization provides the best performance for your EBS volumes by minimizing contention between Amazon EBS I/O and other traffic from your instance

Source

https://docs.aws.amazon.com/prescriptive-guidance/latest/sql-server-ec2-best-practices/ebs-optimize.html

Read More

You have a customer expecting massive IOPS needs (15,000 IOPS) in a critical business application. What type of storage should you consider?

 You have a customer expecting massive IOPS needs (15,000 IOPS) in a critical business application. What type of storage should you consider?

• SSD
• Provisioned IOPS
• Turbo IOPS
• Optimized networking

Explanation

Provisioned IOPS can support up to 20,000 IOPS.

Provisioned IOPS volumes, backed by solid-state drives (SSDs), are the highest performance Elastic Block Store (EBS) storage volumes designed for your critical, IOPS-intensive and throughput-intensive workloads that require low latency.

Source 

https://aws.amazon.com/ebs/provisioned-iops/#:~:text=Provisioned%20IOPS%20volumes%2C%20backed%20by,workloads%20that%20require%20low%20latency

Read More