AWS 15, 16, 17

Question 1

How do we enable Cross Account in CodeCommit?

Answer 1

Use IAM Role in your AWS Account and use AWS STS (with AssumeRole API)

Question 2

How can you trigger CodeCommit notifications?

Answer 2

AWS SNS, AWS Lambda or AWS CloudWatch Event Rules

Question 3

What are artifacts in CodePipeline?

Answer 3

Artifacts are stored in Amazon S3 and passed on to the next stage. It is the result of the previous stages action.

Question 4

What must you do before you can interact (clone, pull, push, etc) with a CodeCommit repository?

Answer 4

You must generate credentials for either HTTPS or SSH in IAM for the User you are using.

Question 5

What is the CodePipeline service role?

Answer 5

It is an IAM role that allows CodePipeline to communicate with the services it needs to

Question 6

Stages in CodePipeline cannot have multiple Action Groups, true or false?

Answer 6

False. Stages can have multiple action groups

Question 7

How can we define our CodeBuild build instructions?

Answer 7

With a buildspec.yml file. Must be root of directory.

Question 8

How can we speed up our building of an artifact in CodeBuild?

Answer 8

We can choose the cache option to store needed dependencies for our build

Question 9

By default, your CodeBuild containers will be launched inside your VPC, true or false?

Answer 9

False. They will be launched outside. Therefore, it cannot access resources in a VPC. You must specify a VPC configuration.

Question 10

What are the steps to make CodeDeploy work?

Answer 10

Each EC2 machine (or On Premise machine) must be running the CodeDeploy Agent;
The agent is continuously polling AWS CodeDeploy for work to do;
Application is pulled from GitHub or S3;
EC2 will run the deployment instructions;
CodeDeploy Agent will report success / failure of deployment on the instance

Question 11

How are EC2 instances grouped in CodeDeploy?

Answer 11

They are grouped by deployment group (dev / test/ prod)

Question 12

What is the order of the hooks in CodeDeploy?

Answer 12

ApplicationStop;
DownloadBundle;
BeforeInstall;
AfterInstall;
ApplicationStart;
ValidateService;

Question 13

What are the two primary types of deployment targets for AWS CodeDeploy?

Answer 13

Set of EC2 instances with tags, or directly to an ASG. Can do a mix of both if needed/wanted/

Question 14

Before we can do CodeDeploy with EC2 instances, what must we do?

Answer 14

Make sure the Instances have the CodeDeploy agent;
We must create two IAM roles. We need to create one for CodeDeploy to interact with other AWS services and create one for our EC2 so that it can access necessary resources.

Question 15

What file must be present for your application in CodeDeploy?

Answer 15

appspec.yml ; Must be at root directory.

Question 16

What are the two deployment types for CodeDeploy?

Answer 16

In-place and Blue/Green

Question 17

What are the three provided deployment configurations for CodeDeploy Deployment Group?

Answer 17

AllAtOnce, OneAtATime, HalfAtATime

Question 18

Regarding in-place deployments between CodeDeploy and an ASG, what happens to instances that are created after a deploy by the ASG?

Answer 18

CodeDeploy and ASG will go ahead and run a deployment on those instances

Question 19

For a Blue/Green deployment in CodeDeploy with an ASG, what must we make sure we have?

Answer 19

We need an ELB. A new target group will be created to deploy the new instances and versions and health check them. Then the ELB will route to the new versions in the new target group. Will get rid of the old one.

Question 20

If a rollback happens in CodeDeploy, what happens?

Answer 20

CodeDeploy redeploys the last known good revision as a new deployment. So we will get a new deployment id.

Question 21

What is CodeStar?

Answer 21

It quickly builds a project with a CICD pipeline, repository, possible IDE, team member access and other project needs.

Question 22

Which AWS Service helps you run automated test in your CICD?

Answer 22

CodeBuild

Question 23

You are looking to automatically trigger a code analysis at each commit in CodeCommit to ensure your developers haven’t committed secret credentials. How can you achieve this?

Answer 23

Integrate SNS / Lambda with CodeCommit

Question 24

You want to send email alerts anytime pull requests are open or comments are added to commits in CodeCommit. You should use

Answer 24

AWS CloudWatch events that push to SNS

Question 25

What are the use cases for SNS / Lambda notifications in CodeCommit?

Answer 25

Deletion of branches;
Trigger for pushes that happens in master branch;
Notify external Build System;
Trigger AWS Lambda functions to perform codebase analysis;

Question 26

What are the use cases for CloudWatch Event Rules?

Answer 26

Trigger for pull request updates (created, updated, deleted, commented);
Commit comment events;

Question 27

You want to give a colleague that has an IAM User in another AWS Account access to your CodeCommit repository. How should you achieve that?

Answer 27

Setup an IAM Role in your account and tell him to use STS cross-account access to assume that role

Question 28

How can we react to CodePipeline state changes?

Answer 28

AWS CloudWatch Events. We can have these create SNS notifications like failed pipelines and cancelled stages

Question 29

Which AWS Services allow you to track and audit API calls made to and from CodePipeline?

Answer 29

AWS Cloud Trail

Question 30

Your CodeBuild has failed. What isn’t a solution to troubleshoot what happened?
Look through Logs in AWS CloudWatch logs;
Look through Logs in AWS S3;
SSH into the CodeBuild container to debug from there;
Run CodeBuild locally to reproduce the build;

Answer 30

SSH into CodeBuild container. CodeBuild containers are deleted at the end of their execution. You can’t SSH into them, even while they’re running

Question 31

Which hook step should be used in appspec.yml file to ensure the application is properly running after being deployed?

Answer 31

ValidateService

Question 32

You’ve created a fleet of EC2 & on-premise instances and you’re trying to run your first CodeDeploy. It doesn’t work, why?

Answer 32

You’ve probably forgotten to install and start the CodeDeploy agent

Question 33

What is in-place deployment?

Answer 33

CodeDeploy will perform a rolling update across Amazon EC2 instances. We can specify the number of instances to be taken offline at a time.

Question 34

What is the Dockerrun.aws.json do for us in Elastic Beanstalk with Multi Docker Container?

Answer 34

It is used to generate the tasks definitions. Must be at the root of the source code.

Question 35

What are the Template components for CloudFormation?

Answer 35

Resources: your AWS resources declared in the template;
Parameters: the dynamic inputs for your template;
Mappings: the static variables for your template;
Outputs: References to what has been created;
Conditionals: List of conditions to perform resource creation;
Metadata;

Question 36

What is the AWS CloudFormation resource type reference form?

Answer 36

AWS::service-name::data-type-name (ex: AWS::EC2::Instance)

Question 37

How can you work around the AWS Services that are not yet supported in CloudFormation templates?

Answer 37

Use AWS Lambda Custom Resources

Question 38

How do we reference a parameter in AWS CloudFormation templates?

Answer 38

!Ref

Question 39

True or false, you can use parameters to reference resources in CloudFormation templates?

Answer 39

True. Say you create a new security group. We can reference that security group in the Instance resource declaration.

Question 40

What are Psuedo Parameters in CloudFormation templates?

Answer 40

They allow us to access values AWS and CloudFormation already know about such as Region, NoValue or maybe StackId

Question 41

What is the difference between mappings and parameters in CloudFormation template?

Answer 41

Mappings should be used when we know in advance all the values that can be taken and can be deduced from variables such as Region, AZ, AWS Account, Environment etc;

Use parameters when the values are really user specific

Question 42

What is the syntax for FindInMap

Answer 42

!FindInMap [MapName, TopLevelKey, SecondLevelKey]

Question 43

What are Outputs in CloudFormation template?

Answer 43

The Outputs section declares optional output values that we can import into other stacks (if you export them first)

Question 44

You can’t delete a CloudFormation stack that has outputs defined. Why not?

Answer 44

There is another CloudFormation stack that is using the outputs.

Question 45

What function do you use to import other StackFormation outputs?

Answer 45

Fn::ImportValue

Question 46

What do you get back if the FN::Ref function references a resource?

Answer 46

It returns the physical ID of the underlying resource (ex: EC2 ID)

Question 47

What is the Fn::Join syntax?

Answer 47

!Join [ delimiter, [ comma-delimited list of values ] ]

Question 48

What is a benefit of CloudWatch EC2 Detailed monitoring?

Answer 48

We can use detailed monitoring (for a cost) to get data on EC2 on a 1-minute period instead of the standard metric of “every 5 minutes”

Question 49

What is a high resolution custom metric in CloudWatch?

Answer 49

We can increase the metric resolution from the standard 1 minute to up to 1 second (StorageResolution API parameter);
Has higher cost;

Question 50

What is the API call for CloudWatch to send Metric Data?

Answer 50

PutMetricData

Question 51

What is the CloudWatch logs storage architecture?

Answer 51

There are log groups, usually representing an application;

Log stream, instances within application / log files / containers

Question 52

If logs are not sending to AWS CloudWatch, what could be a possible issue?

Answer 52

IAM permissions may not be correct

Question 53

By default, your logs will automatically go from your EC2 instance to your CloudWatch logs, true or false?

Answer 53

False. We must have a CloudWatch agent running on the EC2 instance.

Question 54

What is the difference between Logs Agent and the Unified Agent?

Answer 54

Logs Agent is the old agent and Unified Agent is the newer one;
Unified agent can grab addition system-level metrics and send them to CW;
There is also centralized configuration using the SSM Parameter Store

Question 55

CoudWatch log metric filters will retroactively grab data from logs, true or false?

Answer 55

False.

Question 56

We have created a Cloud Watch metric filter monitoring EC2 server errors. We want to notify developers when there is a certain number of errors. What can we do?

Answer 56

We can set a CloudWatch alarm on top of our metric filter, and send notifications to SNS

Question 57

What is the difference between EventBridge’s default event bus and partner event bus?

Answer 57

The default event bus are events generated by AWS services (CloudWatch Events);
The Partner event bus are events recieved from SaaS services or applications (3rd Party)

Question 58

How do we enable X-Ray?

Answer 58

1) In your code, we must import the AWS X-Ray SDK with code modifications
2) Install the X-Ray daemon or enable X-Ray AWS Integration

Question 59

If X-Ray is not working on an EC2 instance what could be 2 possible causes?

Answer 59

Ensure the IAM Role has proper permissions;

Ensure the EC2 Instance is running the X-Ray Daemon

Question 60

If X-Ray is not working in AWS Lambda what could be 2 possible causes?

Answer 60

1) Ensure it has an IAM execution role with proper policy

2) Ensure that X-Ray is imported in the code

Question 61

What is X-Ray Instrumentation in code?

Answer 61

It is installing the X-Ray SDK, a little configuration and it gives you the ability to customize and annotate the data that the SDK sends to X-Ray

Question 62

What are annotations in X-Ray?

Answer 62

They are key value pairs that we use to index traces and use with filters

Question 63

What is X-Ray sampling?

Answer 63

It allows you to control the amount of data that is recorded.
We define a reservoir, which ensures a minimum amount of data is collected;
We define a rate, which is additional data beyond the reservoir size

Question 64

What are the X-Ray Write APIs?

Answer 64

PutTraceSegments: Uploads segment documents to AWS X-Ray
PutTelemetryRecords: Used by the AWS X-Ray daemon to upload telemetry
GetSamplingRules: Retrieve all sampling rules (to know what/when to send)

Question 65

What is the difference between BatchGetTraces and GetTraceSummaries in the X-Ray Read API?

Answer 65

GetTraceSummaries will retrieve IDs and annotations for traces available for a specified time frame using an optional filter.
To get the full traces, we can pass the IDs to BatchGetTraces and receive a collection of segment documents that originates from a single request.

Question 66

What is a trace, segment and sub-segment in X-Ray?

Answer 66

A segment is a section of data about the compute resources running application logic when a process happens.
A sub-segment is a smaller chunk of the segment process.
A trace collects all the segments generated by a single request.

Question 67

Elastic Beanstalk comes with the X-Ray daemon and runs it automatically, true or false?

Answer 67

False. It comes with the daemon but must be configured with a .config file in the .ebextension folder or in the EB console;
Make sure the instance profile has correct IAM permissions to write to X-Ray;
Instrument your application code with the X-Ray SDK

Question 68

X-Ray daemon is provided for Multicontainer Docker, true or false?

Answer 68

False

Question 69

How can we configure X-Ray and ECS?

Answer 69

You can configure a container to be a “deamon container” either as a container on each EC2 instance or as a side car (running a deamon container alongside each app container)

Question 70

How do we configure X-Ray and Fargate?

Answer 70

The side car pattern. We can link the deamon container and the application container together. he have to do the side car pattern because we don’t have control over the instances

Question 71

What is CloudTrail best used for?

Answer 71

Monitoring user, account and resource activity regarding AWS Services and changes to AWS infrastructure

Question 72

We’d like to have CloudWatch Metrics for EC2 at a 1 minute rate. What should we do?

Answer 72

Enable Detailed Monitoring;

Basic Monitoring is metrics every five minutes

Question 73

We want more prompt scaling with ASG. What should we do in CloudWatch?

Answer 73

Enable detailed monitoring. It will find metrics quicker and therefor scale quicker.

Question 74

High Resolution Custom Metrics have a minimum resolution of …

Answer 74

1 second

Question 75

To send a custom metric to CloudWatch, which API should we use?

Answer 75

PutMetricData

Question 76

An Alarm on a High Resolution Metric can be triggered as often as

Answer 76

10 seconds

Question 77

CloudWatch logs automatically expire after 7 days by default, true or false?

Answer 77

False. They never expire by default

Question 78

All of a sudden, your CodePipeline breaks because it says it cannot find the target Elastic Beanstalk environment to deploy your application to. What should you do to find the root cause of this problem?

Answer 78

Look in CloudTrail. There is likely a “delete” event in Elastic Beanstalk.

Question 79

How should you configure the XRay daemon to send traces across accounts?

Answer 79

Create a role on another account, and allow a role in your account to assume that role.

Question 80

You would like to index your XRay traces in order to search and filter through them efficiently. What should you use?

Answer 80

Annotations

Question 81

GetSamplingRules is a GET call, true or false?

Answer 81

False, it is a POST call

Question 82

What is the default X-Ray sampling configuration for the SDK?

Answer 82

The reservoir is the first request every second and five percent additional requests