12 Questions
What is the purpose of an InstanceProfile in AWS EC2?
To provide a wrapper around IAM roles and allow permissions inside the instance
What happens to the IP address of an EC2 instance when it is stopped and started?
IP address changes
Which data storage option survives a reboot but does not survive a stop or terminate action in EC2?
Instance Store
What is required to SSH into an EC2 instance?
A Security Group allowing port 22
What happens to an EBS volume when an EC2 instance is terminated?
EBS volume is deleted along with the instance
Why are IAM Roles preferred for granting permissions between AWS services?
They grant temporary credentials to services assuming the role
What should you do if you want to allow only 'yourself' in the security group and also permit '18.206.107.24/29'?
Allow '0.0.0.0/0' in the security group
What happens to instance store disks when you move an EC2 instance to another EC2 host?
They are lost
What method must you use to connect to an Amazon EC2 instance?
Pub/Priv key pair
What happens if you restrict SSH access on an EC2 instance and do not allow the AWS IP range for EC2 Instance Connect?
You will restrict SSH access for all users except AWS IP range
In which format should you provide a shell script when launching an EC2 instance?
user_data field with a shell script
What is the fate of terminated instances on AWS?
They will disappear after a few hours and cannot be manually removed
Study Notes
Instance Roles
- IAM roles are used to grant permissions to AWS services, allowing a service to assume the role and inherit its permissions
- EC2 instance roles are roles that an instance can assume, and anything running on that instance has the permissions granted by the role
- Assuming a role grants temporary credentials to the service, which can be delivered to an EC2 instance using an InstanceProfile
EC2 Instances
- InstanceProfile is a wrapper around the IAM role, allowing permissions to be delivered to an EC2 instance
- Creating an IAM role and attaching a permission policy to the role is necessary for the role to be assumed by an EC2 instance
IP Addresses
- Rebooting an instance keeps the IP address
- Stopping and starting an instance changes the IP address
Storage
- Instance Store: data survives reboot, but does not survive stop, hibernate, or terminate
- EBS Volume: survives stop, restart, and termination; root EBS volume is deleted by default when instance is terminated
SSH
- Requires a one-time download of ssh key pair at instance creation
- Requires a public IP address for the instance
- Requires a Security Group allowing port 22
- Defaults to user
ec2-user - Restricting SSH access may restrict the AWS IP range for EC2 Instance Connect
EC2 Instance Connect
- Originating connections come from an AWS IP range
- Restricting SSH access may restrict the AWS IP range for EC2 Instance Connect
- Solve by allowing
0.0.0.0/0or adding a security group with the EC2 Instance Connect IP range
Scripting
- When launching an EC2 instance, you can pass a shell script or Cloud init directive to User Data using
user_dataarg in Terraform code - Example of a "here" doc assigned to
user_data
Connecting
- Linux: SSH client, EC2 Instance Connect, AWS Systems Manager Session Manager
- Windows: Putty, SSH client, AWS Systems Manager Session Manager, Windows Subsystem for Linux (WSL)
- Amazon EC2 supports ED25519 and 2048-bit SSH-2 RSA keys for Linux instances
Instance Lifecycle
- Deleted, terminated, or released resources cannot be recovered
- Terminated instances will be deleted after a few hours and cannot be manually removed
Learn about the best way for AWS services to be granted permissions to other AWS services through IAM roles. Discover how EC2 instance roles work and how permissions are granted to anything running on the instance. Explore how temporary credentials are created for whoever assumes the role.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
