APP SERVICES, CONTAINERS & SERVERLESS Flashcards
What’s a Task Role used for within ECS?
It allows the Task to assume an IAM role that it requires for access to other AWS ressources.
What’s a Task representing within ECS?
It represents the entire application, which may consist of one or more containers.
What’s a Service Definition used for within ECS?
It defines how an application scales, i.e. how many applications run in parallel in an ECS cluster, including a load balancers to distribute traffic. Services should be used for any production workloads.
What’s a Container Definition within the context of ECS?
Part of the Task Definition, defining the properties for a single container such image, port number, CPU & memory
What’s a Task Definition used for within ECS?
Defines the security (Task Role) and container(s) to use, and the resources (CPU, memory, network, etc.) that each container gets assigned.
Which two cluster types exist with ECS?
EC2 mode and Fargate mode
What is maximum size for a payload with SNS?
256 KB
What is maximum size for a message with SQS?
256 KB
What’s VisibilityTimeout referring to with SQS?
Time that a message is hidden in the queue after it’s been picked up
How often can a message be delivered with Standard vs FIFO queues in SQS?
Standard: at least once
FIFO: exactly once
What is the performance of FIFO queues with and without batching (in messages per second)?
Batch: 3000 messages per second
Non-Batch: 300 messages per second
What’s the maximum time in seconds allowed for Long Polling with SQS (configured via waitTimeSeconds)?
Up to 20 seconds
How long can a message live in SQS?
Up to 14 days
What is important to know about the names of FIFO queues?
The name of a FIFO queue must end with the .fifo suffix
What’s the SQS Extended Client Library used for?
It automatically puts the payload of messages larger than 256 KB onto S3 when sending a message, and links the S3 object in the SQS message. When processing a message, it will also automatically retrieve the payload via S3 again and delete the S3 object when processing was finished successfully.
What are the min, max and default values for VisibilityTimeout in SQS?
Min: 0 seconds
Max: 12 hours
Default: 30 seconds
On which elements in SQS can the VisibilityTimeout be set?
Queue or Per-Message
What’s DelaySeconds referring to with SQS?
Time that a message is hidden in the queue after it’s been added to the queue
What are the min and max values for DelaySeconds in SQS?
Min: 0
Max: 15 minutes
When support for protocols like AMQP, MQTT, OpenWire or STOMP is required, what AWS service is a great fit?
Amazon MQ
If you’re using Jakarta Messaging API (formerly Java Message Service or JMS API) and want to continue using this on AWS, what AWS service is a great fit?
Amazon MQ
Is Amazon MQ a public or private service?
Private, so it requires setup in a VPC
What are supported runtimes with Lambda?
Python, Ruby, Java, Go, C#, NodeJS
Other languages are supported via Custom Runtimes.
What’s the min and max memory allocation with Lambda?
Min: 128 MB
Max: 3 GB
What’s the max run time with Lambda before a function times out?
15 minutes
Where does Lambda provision temporary storage, and how much of it?
512 MB storage available via /tmp
When running Lambda in private mode (=> using a VPC), what two options would you have to access a public AWS service such as DynamoDB?
Option 1: deploy VPC Endpoint for DynamoDB in private subnet
Option 2: deploy NATGW + IGW in public subnet
What serverless service requires EC2 network permissions under certain conditions?
AWS Lambda, when run in private mode (=> using a VPC) as it requires permissions to create ENIs
What are resource-based policies used for in the context of AWS Lambda?
They define what services and accounts can invoke the Lambda function. This is in contrast to IAM roles that are attached to the Lambda function and control the permissions the function has to other services.
What are the three invocation modes available for Lambda?
Synchronous, Asynchronous, Event Source Mapping
When Lambda functions are invoked via Event Source Mapping, does the Lambda function require permissions on the source (like a Kinesis Stream)?
Yes. And that is in contrast to the other two modes (Synchronous, Asynchronous), where data is delivered to the Lambda by the service, rather than Lambda reading from the service.
Which services invoke Lambda functions via Event Source Mapping?
Kinesis Streams, SQS Queues, DynamoDB Streams, Amazon Managed Streaming for Kafka
What does a Lambda version consist of?
Code and configuration of the Lambda function
In which scenario can usage of the /tmp storage in Lambda improve performance?
It can be used to download and store resources such as images, that may be required for additional invocations of the same Lambda function. If the same function is executed multiple times, they can likely re-use what’s been stored in /tmp by a previous execution (but no guarantee).
If requests from a client or responses from a Lambda function contain headers with multiple values or contains the same header multiple times, or query parameters with multiple values for the same key, what do you need to enable to support this?
Multi-value headers
When implementing an event-based application model, should you use AWS CloudWatch Events or AWS EventBridge?
AWS EventBridge as this supports everything CloudWatch Event does, and additional things.
What are valid targets for an Amazon API Gateway request?
- Lambda
- HTTP
- Mock
- AWS Services
- VPC Link
What “authorizers” are supported by Amazon API Gateway?
Most common: Cognito (via User Pools) and Lambda Authorizers
But also via IAM, resource policies and endpoint policies.
What endpoint types does Amazon API Gateway support?
Regional, Edge-Optimized, Private
What’s HTTP error code 400 referring to?
Bad Request - Generic
What’s HTTP error code 403 referring to?
Access Denied
What’s HTTP error code 429 referring to?
Too Many Requests (Throttling, etc.)
What’s HTTP error code 502 referring to in the context of API Gateway?
Bad Gateway (e.g. bad output from Lambda)
What’s HTTP error code 503 referring to in the context of API Gateway?
Service unavailable (e.g. backend endpoint offline)
What’s HTTP error code 504 referring to in the context of API Gateway?
Integration failure/timeout (e.g. Lambda took more than 29s to respond)
Can Amazon API Gateway caches be encrypted?
Yes
What is the min, max and default TTL for the cache of Amazon API Gateway?
Min: 0
Max: 3600 seconds
Default: 300 seconds
What’s the max. duration of a Step Function execution?
1 year
What are the two execution types that exist with AWS Step Functions?
Standard and Express
What’s ASL in context of AWS Step Functions?
Amazon Stages Language - JSON template that defines an AWS Step Function flow
What are common integrations for a Task within AWS Step Functions?
Lambda, Batch, DynamoDB, ECS, SNS, SQS, Glue, SageMaker, EMR, Step Functions
What’s the max. duration of a Simple Workflow Service (SWF) execution?
1 year
What is AWS Flow Framework?
Collection of convenience libraries that make it faster and easier to build applications with Amazon Simple Workflow
When any kind of external signal is required to be fed into a workflow, what is the right product to use?
Amazon Simple Workflow Service (SWF)
When it’s required to launch child workflows (and returning to the parent), what is the right product to use?
Amazon Simple Workflow Service (SWF)
When you need bespoke/complex decision logic in a workflow, what is the right product to use?
Amazon Simple Workflow Service (SWF)
When an integration with Mechanical Turk is required, what is the right product to use?
Amazon Simple Workflow Service (SWF)
When having to choose between Amazon Elastic Transcoder and AWS Elemental MediaConvert, what’s the better product?
AWS Elemental MediaConvert as it’s a super set of Amazon Elastic Transcoder, with more features and lower costs.
When would you still use Amazon Elastic Transcoder, instead of using it’s successor, AWS Elemental MediaConvert?
When any of the following is required
- WebM (VP8/VP9) input and output
- Animated GIF output
- MP3, FLAC, Vorbis, and WAV audio-only output
What’s the “sam-package” command used for?
Takes local assets, builds a ZIP file from them, and uploads it to S3. Also generates the sam-deploy.yaml in the working directory that is required for the sam-deploy command.
What’s the “sam-deploy” command used for?
Deploys the infrastructure that’s defined in sam-deploy.yaml to AWS. If no sam-deploy.yaml exists yet, will also run sam-package before the deployment.
Can you access Kinesis Video Streams data directly on the underlying storage (S3, EBS, EFS, etc.)?
No, only via APIs
What are valid data sources for AWS Glue (name 6)?
- S3
- RDS
- JDBC-compatible DBs
- DynamoDB
- Kinesis Data Stream
- Apache Kafka
What are valid data targets for AWS Glue (name 3)?
- S3
- RDS
- JDBC-compatible DBs
