We want to have control over how our easy-to-use instances are going to be placed within the AWS infrastructure. Placement groups are a little bit more advanced, and we want to use them once. So now let's talk about placement groups. But it is something that comes with the exam. You would have to launch an easy-two instance, and from the easy-two instance, you would have to basically create a new AMI from it. So if someone shares an AMI from the Marketplace with you, you can't directly copy it. This is also valid for Marketplace images. They have to launch an EC2 instance, and then from that easy instance, create an AMI from it. It just prevents them from copying it using the copy utility, so they can't copy, am I right? Away. So it doesn't fully prevent them from copying it. And then from that easy-to-create instance, they can create their own AMI. Okay? They can still launch an instance from my AMI if I do not ticket. That basically means that these account members have the opportunity to make a copy of my AMI. If I tick the box, I create volume permissions. And so all these accounts will have access to my AMI. So I'll just add a three at the end and add permissions. So, for example, if I take my account number right here, right click, and modify the image permissions, I can add whatever number I want. And here you can make it either public so anyone can see it or private, in which case you have to set the account numbers that you want to have access to, so you can have whatever you want. So to share an AMI fairly easily, you right-click, and then you modify the image permissions. All right, let's just quickly see in the UI how that works. The example asks you about billing products and says, "Okay, a billing product must be coming from Windows AMI or the Alias Marketplace." And so, when you do want to copy an AMI with a billing product, you first launch an EC-2 instance from the AMI, and then you make an AMI from that EC-2 instance, and that's it. If you want to copy these things, what you do is create an instance, launch it from the instance, and then make an AMA from it from the instance, which effectively makes you a copy. So basically, if you get a Windows AMI or an AMI from the AWS Marketplace, they will have a billing product instead. And more importantly for the exam, you can't copy an AMI with an associated billing product code that was shared with you from another account. So that means that you register the copied snapshot as a new AMI. Instead, if you have access to the underlying snapshot and encryption key, you copy while reencrypting with the key you own. So the limit is that you can't copy an encrypted AMI that was shared with you by another account. You can't just stop someone from copying because there is a way for someone to create and effectively copy your AMI if they launch an EC2 instance from an AMI you own and then mix an AMI from that EC2 instance. So basically, if you need someone to not copy your AMI, you either grant them EBS snapshot access or SFC access. But you should be aware that if they do copy your AMI and copy it into another region, they will become the owner of that AMI. So if you share the account with someone else's account, you still own that AMI. So you can share an AMI with another AWS account, and when you do so, it does not change the ownership of the AMI. So let's talk about cross-account AMI copying, because this is quite a frequent exam question, and there's a small little tip you need to have. All Amazon AWS Certified Solutions Architect - Associate certification exam dumps & practice test questions and answers are uploaded by users who have passed the exam themselves and formatted them into vce file format. Prepare with top-notch Amazon AWS Certified Solutions Architect - Associate certification practice test questions and answers, vce exam dumps, study guide, video training course from ExamCollection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |