Essential AWS Questions

Essential AWS Questions

My way to AWS Solutions Architect

In my time learning AWS, I have come across some essential questions.

What considerations do we take into account to choose the right AWS Region?

  • Latency. Choosing a region that is close helps you to prevent long wait times for your customers.

  • Price. Due to financial factors, AWS prices vary from one region to another.

  • Service availability. Some services might not be available in some regions.

  • Compliance. Some data needs to be stored in a specific geographic territory to comply with regulations.

Who is responsible for securing your AWS environment?

Security and compliance are a shared responsibility between AWS and you.

An analogy to understand this is similar to how a construction company builds a building and it's on them to make sure that the building itself is stable and secure, then you can rent out an apartment in that building. It's up to you to lock the door to your apartment.

For security in the cloud, the base layer is secured by AWS. It's up to you to lock the door.

AWS is responsable for:

  • Hardware or AWS Global Infrastructure, physical infrastructure where the cloud is running.

  • Software, through virtualization, for example, if we created a VM EC2 instance, is on physical computing, as well as everything through the hypervisor level. If the hypervisor needs to be patched or updated that is the responsibility of AWS.

You are responsible for:

  • Security configuration in all your services. For example in an EC2 instance: patching the operating systems, encrypting data in transit and at rest, configuring firewalls, and controlling who has access to these resources and how much access they have.

    Many times, AWS offers native features you can enable o to achieve a secure solution. It's up to you to actually use them.

What do we need to choose the right compute option?

Three types of computing options are available: virtual machines (VMs), container services, and serverless. Choose an option, it depends on the context, the requirements, the use frequency, refactoring, high availability, etc.

Note: Beneath the surface, some AWS compute services use Amazon EC2 or use virtualization concepts.

What are the container orchestration services and their differences?

To manage your computing at a large scale, you should consider the following:

  • How to place your containers on your instances

  • What happens if your container fails

  • What happens if your instance fails

  • How to monitor deployments of your containers

This coordination is handled by a container orchestration service. AWS offers two container orchestration services:

  • Amazon Elastic Container Service (Amazon ECS)

  • Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS is conceptually similar to Amazon ECS, but with the following differences:

  • In Amazon ECS, the machine that runs the containers is an EC2 instance that has an ECS agent installed and configured to run and manage your containers. This instance is called a container instance. In Amazon EKS, the machine that runs the containers is called a worker node or Kubernetes node.

  • An ECS container is called a task. An EKS container is called a pod.

  • Amazon ECS runs on AWS native technology. Amazon EKS runs on Kubernetes.