More AWS questions

Created also the file for Grafana questions.
2021-11-22 19:29:57 +02:00
parent ed45cd1213
commit 63a3b2ef2d
8 changed files with 205 additions and 7 deletions
--- a/exercises/aws/README.md
+++ b/exercises/aws/README.md
@ -37,6 +37,7 @@ Note: Provided solutions are using the AWS console. It's recommended you'll use
 |--------|--------|------|----|----|
 | Application Load Balancer | ELB, ALB | [Exercise](app_load_balancer.md) | [Solution](solutions/app_load_balancer.md) | Easy |
 | Multiple Target Groups | ELB, ALB | [Exercise](alb_multiple_target_groups.md) | [Solution](solutions/alb_multiple_target_groups.md) | Easy |
+| Network Load Balancer | ELB, NLB | [Exercise](network_load_balancer.md) | [Solution](solutions/network_load_balancer.md) | Easy |

 #### AWS - Lambda

@ -1110,6 +1111,14 @@ Application Load Balancer (ALB).
 True.
 </b></details>

+<details>
+<summary>What are some use cases for using Gateway Load Balancer?</summary><br><b>
+
+* Intrusion Detection
+* Firewall
+* Payload manipulation
+</b></details>
+
 <details>
 <summary>Explain "health checks" in the context of AWS ELB</summary><br><b>

@ -1157,12 +1166,94 @@ Application Load Balancer (routing based on different endpoints + HTTP is used).
 False. ALB can route to multiple target groups.
 </b></details>

+<details>
+<summary>If you wanted to analyze network traffic, you would use the `____ load balancer`</summary><br><b>
+
+Gateway Load Balancer
+</b></details>
+
+<details>
+<summary>Who has better latency? Application Load Balancer or Network Load Balancer?</summary><br><b>
+
+Network Load Balancer (~100 ms) as ALB has a latency of ~400 ms
+</b></details>
+
+<details>
+<summary>True or False? Network load balancer has one static IP per availability zone</summary><br><b>
+
+True.
+</b></details>
+
+<details>
+<summary>What are the supported target groups for network load balancer?</summary><br><b>
+
+* EC2 instance
+* IP addresses
+* Application Load Balancer
+</b></details>
+
+<details>
+<summary>What are the supported target groups for gateway load balancer?</summary><br><b>
+
+* EC2 instance
+* IP addresses (must be private IPs)
+</b></details>
+
+<details>
+<summary>Name one use case for using application load balancer as a target group for network load balancer</summary><br><b>
+
+You might want to have a fixed IP address (NLB) and then forward HTTP traffic based on path, query, ... which is then done by ALB
+</b></details>
+
+<details>
+<summary>What are some use cases for using Network Load Balancer?</summary><br><b>
+
+* TCP, UDP traffic
+* Extreme performance
+</b></details>
+
 <details>
 <summary>True or False? Network load balancers operate in layer 4</summary><br><b>

 True. They forward TCP, UDP traffic.
 </b></details>

+<details>
+<summary>True or False? It's possible to enable sticky session for network load balancer so the same client is always redirected to the same instance</summary><br><b>
+
+False. This is only supported in Classic Load Balancer and Application Load Balancer.
+</b></details>
+
+<details>
+<summary>Explain Cross Zone Load Balancing</summary><br><b>
+
+With cross zone load balancing, traffic distributed evenly across all (registered) instances in all the availability zones.
+</b></details>
+
+<details>
+<summary>True or False? For application load balancer, cross zone load balancing is always on and can't be disabled</summary><br><b>
+
+True
+</b></details>
+
+<details>
+<summary>True or False? For network load balancer, cross zone load balancing is always on and can't be disabled </summary><br><b>
+
+False. It's disabled by default
+</b></details>
+
+<details>
+<summary>True or False? In regards to cross zone load balancing, AWS charges you for inter AZ data in network load balancer but no in application load balancer</summary><br><b>
+
+False. It charges fir inter AZ data in network load balancer, but not in application load balancer
+</b></details>
+
+<details>
+<summary>True or False? Both ALB and NLB support multiple listeners with multiple SSL certificates </summary><br><b>
+
+True
+</b></details>
+
 #### AWS Security

 <details>
@ -2180,3 +2271,12 @@ Security group isn't attached to your EFS or it lacks a rule to allow NFS traffi
 2. Copy the snapshot and mark the "Encrypt" option
 3. Create a new EBS volume out of the encrypted snapshot
 </b></details>
+
+<details>
+<summary>You've created a network load balancer but it doesn't work (you can't reach your app on your EC2 instance). What might be a possible reason?</summary><br><b>
+
+Missing security group or misconfigured one.
+For example, if you go to your instances in the AWS console you might see that the instances under your NLB are in "unhealthy status" and if you didn't create a dedicated security group for your NLB, that means that the security group used is the one attached to the EC2 instances.
+
+Go to the security group of your instance(s) and enable the traffic that NLB should forward (e.g. TCP on port 80).
+</b></details>
--- a/exercises/aws/alb_multiple_target_groups.md
+++ b/exercises/aws/alb_multiple_target_groups.md
@ -11,5 +11,5 @@ One EC2 instance with a simple web application that shows the web page with the
  1. healthy threshold: 3
  2. unhealthy threshold: 3
  3. interval: 10 seconds
-2. Create another target group
+2. Create another target group for the third instance
  1. Traffic should be forwarded to this group based on the "/test" path
--- a/exercises/aws/network_load_balancer.md
+++ b/exercises/aws/network_load_balancer.md
@ -0,0 +1,13 @@
+## AWS ELB - Network Load Balancer
+
+### Requirements                   
+
+Two running EC2 instances
+
+### Objectives
+
+1. Create a network load balancer 
+  1. healthy threshold: 3
+  2. unhealthy threshold: 3
+  3. interval: 10 seconds
+  4. Listener should be using TCP protocol on port 80
--- a/exercises/aws/solutions/alb_multiple_target_groups.md
+++ b/exercises/aws/solutions/alb_multiple_target_groups.md
@ -11,7 +11,7 @@ One EC2 instance with a simple web application that shows the web page with the
  1. healthy threshold: 3
  2. unhealthy threshold: 3
  3. interval: 10 seconds
-2. Create another target group
+2. Create another target group for the third instance
  1. Traffic should be forwarded to this group based on the "/test" path

 ### Solution
--- a/exercises/aws/solutions/network_load_balancer.md
+++ b/exercises/aws/solutions/network_load_balancer.md
@ -0,0 +1,35 @@
+## AWS ELB - Network Load Balancer
+
+### Requirements                   
+
+Two running EC2 instances
+
+### Objectives
+
+1. Create a network load balancer 
+  1. healthy threshold: 3
+  2. unhealthy threshold: 3
+  3. interval: 10 seconds
+  4. Listener should be using TCP protocol on port 80
+
+### Solution
+
+#### Console
+
+1. Go to EC2 service
+2. Click in the left side menu on "Load balancers" under "Load balancing"
+3. Click on "Create load balancer"
+4. Choose "Network Load Balancer"
+5. Insert a name for the LB
+6. Choose AZs where you want the LB to operate
+7. Choose a security group
+8. Under "Listeners and routing" click on "Create target group" and choose "Instances"
+  1. Provide a name for the target group
+  2. Set healthy threshold to 3
+  3. Set unhealthy threshold to 3
+  4. Set interval to 10 seconds
+  5. Set protocol to TCP and port to 80
+  6. Click on "Next" and choose two instances you have
+  7. Click on "Create target group"
+9. Refresh target groups and choose the one you've just created
+10. Click on "Create load balancer" and wait for it to be provisioned
--- a/exercises/grafana/README.md
+++ b/exercises/grafana/README.md
@ -0,0 +1,7 @@
+## Grafana
+
+<details>
+<summary>Explain what is Grafana</summary><br><b>
+
+[Grafana Docs](https://grafana.com/docs/grafana/latest/introduction): "Grafana is a complete observability stack that allows you to monitor and analyze metrics, logs and traces. It allows you to query, visualize, alert on and understand your data no matter where it is stored. Create, explore, and share beautiful dashboards with your team and foster a data driven culture."
+</b></details>
--- a/exercises/security/README.md
+++ b/exercises/security/README.md
@ -389,7 +389,23 @@ MAC address flooding attack (CAM table flooding attack) is a type of network att
 <summary>What is Cache Poisoned Denial of Service?</summary><br><b>

 CPDoS or Cache Poisoned Denial of Service. It poisons the CDN cache. By manipulating certain header requests, the attacker forces the origin server to return a Bad Request error which is stored in the CDN’s cache. Thus, every request that comes after the attack will get an error page.
+</b></details>

+<details>
+<summary>What is the difference if any between SSL and TLS?</summary><br><b>
+</b></details>
+
+<details>
+<summary>What is SNI (Server Name Indication)?</summary><br><b>
+
+[Wikipedia](https://en.wikipedia.org/wiki/Server_Name_Indication): "an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process"
+</b></details>
+
+<details>
+<summary>What benefits SNI introduces?</summary><br><b>
+
+SNI allows a single server to serve multiple certificates using the same IP and port.<br>
+Practically this means that a single IP can server multiple web services/pages, each using a different certificate.
 </b></details>

 #### Security - Threats