acloudguru Flashcards
You previously used access keys to access S3 from an EC2 instance, but changed to a role.
But you still cannot connect.
What could be a reason?
The credentials are still stored in /.aws and need to be deleted first.
How to encrypt a volume currently attached to an instance?
- Create a snapshot
- Copy the snapshot (same region) and choose “Encrypt this snapshot”
How to create multiple AWS CLI profiles (for example with different roles)
aws configure –profile my_other_profile
What ist the API call to obtain a session for MFA for CLI/SDK?
And what is returned?
STS GetSessionToken
aws sts-get-session-token –serial-number [your device] –token-code [current code] –duration [ttl]
SecretAccessKey
SessionToken
Expiration
AccessKeyId
What should be done when an “intermittent error” occurs?
Implement Exponential Backoff, since a rate limit for API calls has been hit
What ist “Exponential Backoff”
on failed API calls the wait time to the next call is increased on failure.
1s -> 2s -> 4s -> 8s
What is the chain of priorities for CLI credentials?
- CLI options
- ENV variables (AWS_ACCESS_KEY_ID..)
- CLI credentials file
- CLI configuration file
- Container credentials
- Instance Profile credentials
What are the option for SigV4 signing?
Using HTTP Header
Using query string options
For which actions is MFA delete (if enabled) neccessary?
- Permanently delete
- suspend versioning
S3: How are deletes on an CRR Bucket handled?
Per default: no replication of delete marker, but can be set.
S3: Is it possible to chain replication across three regions?
No,
Lambda: What is needed to connect Lambda to a file system?
A connection to a VPC
CodeCommit: What are the three merge strategies?
Fast forward merge
Squash and merge
3-way merge
CodeCommit: What are approval rules?
Rule that says how many developers have to vote for a pull request to be pulled.
Possible to specify who counts for the voting
Possible to specify the branches
What is CodeArtifact?
Repository for storing build artifacts (like jar files)
CodeBuild: what should be enabled to visualize the status of the build?
BuildBadge
CodeBuild: What can be source provider?
CodeCommit
S3
GitHub
CodeBuild: What are the two authentification methods for GitHub?
Personal Token
OAuth
CodeBuild: What are the three options to reference the right code in CodeCommit?
Branch
Commit ID
Git Tag
CodeBuild: What can be done to troubleshoot a running build job?
Use the CLI and utilize the codebuild-breakpoint command
CodeBuild: what are the four phases in the BuildSpec?
install
pre_build
build
post_build
CodeDeploy: What are the Compute platforms for an application?
OnPremise
EC2
Lambda
ECS
CodeDeploy: Which are the two methods of deployment?
In-Place (not for lambda)
Blue/Green
CodeDeploy: What are the four parts of the appspec file?
Version
Files
OS
Hooks
CodeDeploy: What are the 13 appspec hooks?
ApplicationStop DownloadBundle BeforeInstall Install AfterInstall
ApplicationStart ValidateService BeforeBlockTraffic BlockTraffic AfterBlockTraffic BeforeAllowTraffic AllowTraffic AfterAllowTraffic
S3: What is needed for Static Website Hosting?
Public S3 Bucket
Bucket Policy
index.html file (does not need to be named index.html)
Cloudformation: What is a Stack Policy?
Defines the resources that you want to protect from unintentional updates during a stack update.
CloudFormation: What are the four operations of a change set?
Create
View
Execute
Delete
API Gateway: What is a Resource Policy?
A Resource Policy is a JSON policy document that you attach to an API to control whether a specified principal (typically an IAM user or role) can invoke the API. You can use a Resource Policy to enable users from a different AWS account to securely access your API or to allow the API to be invoked only from specified source IP address ranges or CIDR blocks. Resource Policies can be used with REST APIs in Amazon API Gateway.
API Gateway: What is the HTTP Code for a dropped request de to throtteling?
HTTP 429 Too Many Requests
API Gateway: Does Amazon API Gateway provide API result caching?
Yes,
- specifying its size in gigabytes
- TTL
- provisioned for a specific stage
API Gateway: Can you change a public or private API endpoint type in API Gateway?
Yes, it will take up to 60s.
The following endpoint type changes are supported:
- From edge-optimized to regional or private
- From regional to edge-optimized or private
- From private to regional
You cannot change a private API into an edge-optimized API.
API Gateway: What are the three types of endpoints?
Edge-optimized API endpoints
- best for geographically distributed clients.
- routed to the nearest CloudFront Point of Presence
Regional API endpoints
- clients in the same region.
Private API endpoints
- can only be accessed from your Amazon Virtual Private Cloud (VPC) using an interface VPC endpoint
Kinesis: What are the three factors that determine the number of shards necessary?
Record size (in KB) Writes per second
Kinesis: How many shards are necessary for 300 writes/sec on 50kb size?
15
(300*50) / 1000
Kinesis: What are the limits per shard?
1000kb / 1000 writes per second
Kinesis: What are the three types of producers?
Amazon Kinesis Agent
AWS SDK
Amazon Kinesis Producer Library (KPL)
IAM: Which three ways can you authenticate a MFA device?
AWS Management Console, API, CLI