AWS EC2 Instance Roles and IAM Roles
12 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of an InstanceProfile in AWS EC2?

  • To store temporary credentials created for assuming roles
  • To assign a public IP address to the EC2 instance
  • To provide a wrapper around IAM roles and allow permissions inside the instance (correct)
  • To grant permissions to applications running on an EC2 instance

    • What happens to the IP address of an EC2 instance when it is stopped and started?

  • IP address is permanently deleted
  • IP address changes (correct)
  • IP address remains the same
  • IP address is released

    • Which data storage option survives a reboot but does not survive a stop or terminate action in EC2?

  • Additional EBS Volumes
  • EBS Volume
  • Root EBS Volume
  • Instance Store (correct)

    • What is required to SSH into an EC2 instance?

    <p>A Security Group allowing port 22</p> Signup and view all the answers

    What happens to an EBS volume when an EC2 instance is terminated?

    <p>EBS volume is deleted along with the instance</p> Signup and view all the answers

    Why are IAM Roles preferred for granting permissions between AWS services?

    <p>They grant temporary credentials to services assuming the role</p> Signup and view all the answers

    What should you do if you want to allow only 'yourself' in the security group and also permit '18.206.107.24/29'?

    <p>Allow '0.0.0.0/0' in the security group</p> Signup and view all the answers

    What happens to instance store disks when you move an EC2 instance to another EC2 host?

    <p>They are lost</p> Signup and view all the answers

    What method must you use to connect to an Amazon EC2 instance?

    <p>Pub/Priv key pair</p> Signup and view all the answers

    What happens if you restrict SSH access on an EC2 instance and do not allow the AWS IP range for EC2 Instance Connect?

    <p>You will restrict SSH access for all users except AWS IP range</p> Signup and view all the answers

    In which format should you provide a shell script when launching an EC2 instance?

    <p><code>user_data</code> field with a shell script</p> Signup and view all the answers

    What is the fate of terminated instances on AWS?

    <p>They will disappear after a few hours and cannot be manually removed</p> Signup and view all the answers

    Study Notes

    Instance Roles

    • IAM roles are used to grant permissions to AWS services, allowing a service to assume the role and inherit its permissions
    • EC2 instance roles are roles that an instance can assume, and anything running on that instance has the permissions granted by the role
    • Assuming a role grants temporary credentials to the service, which can be delivered to an EC2 instance using an InstanceProfile

    EC2 Instances

    • InstanceProfile is a wrapper around the IAM role, allowing permissions to be delivered to an EC2 instance
    • Creating an IAM role and attaching a permission policy to the role is necessary for the role to be assumed by an EC2 instance

    IP Addresses

    • Rebooting an instance keeps the IP address
    • Stopping and starting an instance changes the IP address

    Storage

    • Instance Store: data survives reboot, but does not survive stop, hibernate, or terminate
    • EBS Volume: survives stop, restart, and termination; root EBS volume is deleted by default when instance is terminated

    SSH

    • Requires a one-time download of ssh key pair at instance creation
    • Requires a public IP address for the instance
    • Requires a Security Group allowing port 22
    • Defaults to user ec2-user
    • Restricting SSH access may restrict the AWS IP range for EC2 Instance Connect

    EC2 Instance Connect

    • Originating connections come from an AWS IP range
    • Restricting SSH access may restrict the AWS IP range for EC2 Instance Connect
    • Solve by allowing 0.0.0.0/0 or adding a security group with the EC2 Instance Connect IP range

    Scripting

    • When launching an EC2 instance, you can pass a shell script or Cloud init directive to User Data using user_data arg in Terraform code
    • Example of a "here" doc assigned to user_data

    Connecting

    • Linux: SSH client, EC2 Instance Connect, AWS Systems Manager Session Manager
    • Windows: Putty, SSH client, AWS Systems Manager Session Manager, Windows Subsystem for Linux (WSL)
    • Amazon EC2 supports ED25519 and 2048-bit SSH-2 RSA keys for Linux instances

    Instance Lifecycle

    • Deleted, terminated, or released resources cannot be recovered
    • Terminated instances will be deleted after a few hours and cannot be manually removed

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Learn about the best way for AWS services to be granted permissions to other AWS services through IAM roles. Discover how EC2 instance roles work and how permissions are granted to anything running on the instance. Explore how temporary credentials are created for whoever assumes the role.

    More Like This

    Identity &amp; Federation in AWS Quiz
    10 questions

    Identity &amp; Federation in AWS Quiz

    RestfulUnakite2503 avatar
    RestfulUnakite2503
    AWS Identity and Access Management (IAM)
    30 questions

    AWS IAM Quiz: Master Identity and Access Management

    BestKnownPascal avatar
    BestKnownPascal
    AWS IAM Roles
    11 questions

    AWS IAM Roles

    PicturesqueTriangle avatar
    PicturesqueTriangle
    AWS SDK Quiz
    44 questions

    AWS SDK Quiz

    FlatteringNephrite8392 avatar
    FlatteringNephrite8392
    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser