AWS OpsWorks, AWS KMS
1. How is AWS OpsWorks different than AWS CloudFormation?
Ans: OpsWorks and CloudFormation both support application modelling, deployment, configuration, management and related activities. Both support a wide variety of architectural patterns, from simple web applications to highly complex applications. AWS OpsWorks and AWS CloudFormation differ in abstraction level and areas of focus. AWS CloudFormation is a building block service which enables customer to manage almost any AWS resource via JSON-based domain specific language. It provides foundational capabilities for the full breadth of
AWS, without prescribing a particular model for development and operations. Customers define templates and use them to provision and manage AWS resources, operating systems and application code. In contrast, AWS OpsWorks is a higher level service that focuses on providing highly productive and reliable DevOps experiences for IT administrators and ops-minded developers. To do this, AWS OpsWorks employs a configuration management model based on concepts such as stacks and layers, and provides integrated experiences for key activities
like deployment, monitoring, auto-scaling, and automation. Compared to AWS CloudFormation, AWS OpsWorks supports a narrower range of application-oriented AWS resource types including Amazon EC2 instances, Amazon EBS volumes, Elastic IPs, and Amazon CloudWatch metrics.
2. I created a key in Oregon region to encrypt my data in North Virginia region for security purposes. I added two users to the key and an
external AWS account. I wanted to encrypt an object in S3, so when I tried, the key that I just created was not listed. What could be the
reason?
A. External aws accounts are not supported.
B. AWS S3 cannot be integrated KMS.
C. The Key should be in the same region.
D. New keys take some time to reflect in the list.
Answer C.
Explanation: The key created and the data to be encrypted should be in the same region. Hence the approach taken here to secure the data is incorrect.
3. A company needs to monitor the read and write IOPS for their AWS MySQL RDS instance and send real-time alerts to their
operations team. Which AWS services can accomplish this?
A. Amazon Simple Email Service
B. Amazon CloudWatch
C. Amazon Simple Queue Service
D. Amazon Route 53
Answer B.
Explanation: Amazon CloudWatch is a cloud monitoring tool and hence this is the right service for the mentioned use case. The other options
listed here are used for other purposes for example route 53 is used for DNS services, therefore CloudWatch will be the apt choice.
4. What happens when one of the resources in a stack cannot be created successfully in AWS OpsWorks?
Ans:When an event like this occurs, the “automatic rollback on error” feature is enabled, which causes all the AWS resources which were created successfully till the point where the error occurred to be deleted. This is helpful since it does not leave behind any erroneous data, it ensures the
fact that stacks are either created fully or not created at all. It is useful in events where you may accidentally exceed your limit of the no. of Elastic IP addresses or maybe you may not have access to an EC2 AMI that you are trying to run etc.
5. What automation tools can you use to spinup servers?
Any of the following tools can be used:
• Roll-your-own scripts, and use the AWS API tools. Such scripts could be written in bash, perl or other language of your choice.
• Use a configuration management and provisioning tool like puppet or its successor Opscode Chef. You can also use a tool like Scalr.
• Use a managed solution such as Rightscale.
A. External aws accounts are not supported.
B. AWS S3 cannot be integrated KMS.
C. The Key should be in the same region.
D. New keys take some time to reflect in the list.
Answer C.
Explanation: The key created and the data to be encrypted should be in the same region. Hence the approach taken here to secure the data is incorrect.
6. A company needs to monitor the read and write IOPS for their AWS MySQL RDS instance and send real-time alerts to their
operations team. Which AWS services can accomplish this?
A. Amazon Simple Email Service
B. Amazon CloudWatch
C. Amazon Simple Queue Service
D. Amazon Route 53
Answer B.
Explanation: Amazon CloudWatch is a cloud monitoring tool and hence this is the right service for the mentioned use case. The other options listed here are used for other purposes for example route 53 is used for DNS services, therefore CloudWatch will be the apt choice.
7. What happens when one of the resources in a stack cannot be created successfully in AWS OpsWorks?
Ans:When an event like this occurs, the “automatic rollback on error” feature is enabled, which causes all the AWS resources which were created successfully till the point where the error occurred to be deleted. This is helpful since it does not leave behind any erroneous data, it ensures the
fact that stacks are either created fully or not created at all. It is useful in events where you may accidentally exceed your limit of the no. of Elastic IP addresses or maybe you may not have access to an EC2 AMI that you are trying to run etc.
8. What automation tools can you use to spinup servers?
Ans: Any of the following tools can be used:
• Roll-your-own scripts, and use the AWS API tools. Su ch scripts could be written in bash, perl or other language of your choice.
• Use a configuration management and provisioning tool like puppet or its successor Opscode Chef. You can also use a tool like Scalr.
• Use a managed solution such as Rightscale.