AWS Certified Developer Official Study Guide (Percipio PDF)

Question 1

Access key

Answer 1

A type of security credential that is associated with an identity.

Question 2

Providing Access best practice.

Answer 2

1. Do not use root user to generate access key.
2. Instead, create IAM user and generate access key from this user.
3. To provide admin access, add that user to a group that provides admin permissions.

Question 3

IAM user.

Answer 3

1. Can be assigned long-term security credentials.
2. Create an IAM user when you have a new team member or application that needs to make AWS API calls.
3. Manage API permission of the user by associating permissions policies with the user or adding the user to a group that has permissions policies associated with it.
4. Can assign IAM user AWS Management Console Access (username / password) and / or Programmatic Access (Access Key ID / Secret Access Key).

Question 4

IAM Access

Answer 4

1. IAM users prompted to sign in with either: a) Account ID or b) alias
2. IAM user names only need to be unique within user account
3. If MFA (Multi-factor authentication) is enabled, they will need their MFA code to sign in.

Question 5

AWS Infrastructure services

Answer 5

1. Compute
2. Storage
3. Networking
4. Databases

Question 6

AWS Platform capabilities

Answer 6

1. Mobile services
2. Analytics
3. Machine Learning

Question 7

API

Answer 7

1. Application Programming Interface - allows you to managed all of your resources programmatically.
2. Ex: Can provision virtual servers on demand in minutes and pay for compute capacity used. Likewise you can de-provision servers by making single API call for resources you no longer need.

Question 8

AWS Management Console

Answer 8

1. Web interface where you can create, configure, and monitor AWS resources in your account.
2. Available for iOS and Android.

Question 9

How to manage your AWS resources.

Answer 9

1. AWS Management Console
2. AWS CLI
3. SDKs

Question 10

SDK languages

Answer 10

1. Java
2. .NET
3. JavaScript
4. PHP
5. PHP
6. Python
7. Ruby
8. Go
9. C++

Question 11

AWS Specialty SDKs

Answer 11

1. Ex: AWS Mobile SDK

2. AWS Internet of Things (IoT) Device SDK

Question 12

Amazon Python SDK

Answer 12

1. Called Boto

Question 13

CLI - Install boto3

Answer 13

pip install boto3 –upgrade -user

Question 14

AWS CLI

Answer 14

1. Command Line Interface - allows you to perform similar actions as SDKs but in an interactive environment
2. Good environment for experimenting w/ AWS features.
3. If CLI and SDKs are on same server they can share configuration settings

Question 15

Other specialty command line tools

Answer 15

1. PowerShell
2. Elastic Beanstalk
3. AWS SAM local

Question 16

*Know how to manage AWS resources.

Answer 16

1. AWS SDK, AWS CLI, and AWS Management Console. All manage resources within account.

Question 17

*Know importance of AWS Regions

Answer 17

1. Be able to identify the impact of AWS Region Selection on your application code. Such as the relationship between region selection and user latency.
2. Recognize how region selection impacts API calls and API endpoints.

Question 18

*Know about IAM users and IAM roles

Answer 18

1. Know when it is appropriate to use IAM users or IAM roles for a given application that needs to make AWS API calls.

Question 19

*Know how to recognize valid IAM policies.

Answer 19

1. Identify valid IAM policies and predict the effects of policy statements.

Question 20

AWS region

Answer 20

1. Each AWS Region is located in a separate geographic area and maintains its own, isolated copies of AWS Services.
2. For many AWS services you are required to select a specific region to process API requests and in which to provision your resources.

Question 21

AWS regions are highly available

Answer 21

True

Question 22

Availablity Zones

Answer 22

1. Each AWS Region contains multiple data centers grouped together into Availabilty Zones.
2. This allows AWS to provide highly available services in a way that differentiates them from traditional architectures with single or multiple data centers.
3. AZ operate independently and are physically separated.
4. Connected via low-latency, high throughput redundant networking.

Question 23

Latency

Answer 23

1. Delay between user’s action and a web application’s response to that action.

Question 24

Throughput

Answer 24

1. Rate of production or the rate at which something is processed.
2. Ex: In communication = Rate of successful message delivery

Question 25

AWS Cloud
AWS Region
AWS AvailabilityZone

Answer 25

In descending order of more specific

Question 26

How to improve resilience of application?

Answer 26

1. AWS customers can deploy a copy of each application to a 2nd Availablity Zone within the same region.
2. This allows the application to remain available to customers even if entire data center is disrupted.
3. Many AWS services automatically replicate data across multiple Availability Zones within an AWS Region to provide high availablity and durability of data.

Question 27

Amazon S3

Answer 27

1. Amazon Simple Storage Service
2. An example of an AWS service that replicates data across Availablity Zones within a region.
3. Enables you to upload files and store those files as objects within a bucket.
4. By default, S3 automatically replicates objects across a minimum of 3 Availablity Zones within the region hosting the bucket. (Designed to protect data against the loss of one entire Availablity Zone)

Question 28

Regional API Endpoints

Answer 28

1. Many AWS services expose regional API endpoints.
2. When making web service calls to regional endpoints, the region can typically be identified in the URL you invoke.
3. API calls to a regional endpoint usually only affect the resources within the specific AWS Region that corresponds to that endpoint.

Question 29

URL order

Answer 29

1. Ex:
   polly.us-west-2.amazonaws.com/v1/speech
   polly = service
   us-west-2 = region
   /v1/speech = API action

Question 30

CLI Upload polly lexicon to a specific region

Answer 30

aws polly put-lexicon – name awsLexicon –content file: //aws-lexicon.xml –region us-west-2

1. After this Lexicon has been uploaded you can use it
2. Will only run in this region
3. Lexicon must be uploaded to each region where it will be used.
4. AWS does not automatically copy your data for these services to other regions without explicit action.

Question 31

us-east-1

Answer 31

US East (N.Virginia)

Question 32

us-west-2

Answer 32

US West (Oregon)

Question 33

eu-central-1

Answer 33

EU (Frankfurt)

Question 34

eu-west-2

Answer 34

EU (London)

Question 35

eu-west-3

Answer 35

EU (Paris)

Question 36

ap-northeast-1

Answer 36

Asia Pacific (Tokyo)

Question 37

ap-south-1

Answer 37

Asia Pacific (Mumbai)

Question 38

ap-southeast-1

Answer 38

Asia Pacific (Singapore)

Question 39

Some AWS Services are not limited to a single region.

Answer 39

1. Ex: IAM
2. When you interact with these, the upper right hand side shows “Global”
3. API endpoint for IAM is the same regardless of region

Question 40

IAM availablity

Answer 40

1. Since it’s not region-dependent, having IAM resources available in multiple regions is a useful strategy.
2. IAM provides a way to create API credentials (which means you can have the same set of API credentials regardless of region)

Question 41

*Know the naming conventions for regions

Answer 41

us-east-1
us-west-2
eu-central-1
eu-west-2
eu-west-3
ap-northeast-1
ap-south-1
ap-southeast1

Question 42

Things to consider when choosing a region

Answer 42

1. Availablity of services required by your application (each region exposes own AWS Cloud endpoints, not all services are available in all regions)
2. Latency (Choose a region closer to application users, on-premise servers or other workloads), this allows you to decrease latency of calls
3. Price (prices are set per region, consider cost when service availability and latency are similar)
4. Data Residency (choose a region that allows your stay compliant with regulatory or contractual requirements to store data within a specific geographic region)
5. Business continuity (Choose a pair of regions based on any specific requirements regarding data replication for disaster recovery. Ex: distance of second location from primary AWS region)

Question 43

IAM

Answer 43

AWS Identity and Access Management.

1. Where you create an identity in AWS. (An access key is a type of security credential that is associated with an identity.)
2. IAM manages authentication and authorization for people or applications.
3. IAM provides users, groups and roles as identities that you can manage.
4. IAM authenticates security credentials used to sign an API call to verify request is coming from a known identity.
5. Then IAM authorizes the request by evaluating the policies associated with the identity and resources affected by the request.

Question 44

*Know when you first log in with email address and password.

Answer 44

1. You are authenticating as the root user for your account.
2. Few AWS operations require a root user permission.
3. To protect your account, do not generate an access key based on your root user.
4. Instead, create an IAM user to generate an access key for that user.
5. To provide administrator access, add that user to a group that provides administrator privileges.

Question 45

Users

Answer 45

1. IAM users can be assigned long-term security credentials.
2. Manage the API permissions of the user by associating the permissions policies with the user or adding the user to a group that has permissions policies associated with it.

Question 46

User Access

Answer 46

1. After you create an IAM user, you can assign credentials to allow AWS Management access, programmatic access or both

Question 47

AWS Management Access vs Programmatic Access

Answer 47

1. AWS Management Console Access: User Name + Password

2. Programmatic Access: Access Key ID + Secret Access Key

Question 48

AWS Management Console Access

Answer 48

1. Sign in to the console with IAM user name and password.
2. Users will be prompted with either account ID or alias, therefore, IAM usernames only need to be unique within your account

Question 49

*Know how to simplify sign-in in Management Console.

Answer 49

1. Use the special sign-in link in the IAM dashboard that prefills the account field in the console sign-in form.

Question 50

Programmatic Access

Answer 50

1. For programmatic access, create an access key for the IAM user.
2. An AWS access key is composed of 2 distinct parts: Access key ID and secret access key.

Question 51

Ex: When you don’t want to create and manage new sets of long-term credentials for team members

Answer 51

1. In a large company with many employees.
2. You can use corporate identity store instead of creating new identities and credentials for each team member.
3. Alternatively, can delegate permissions to an AWS service to perform actions on your behalf
4. Ex: Common example- when application code is running on an AWS compute service, like EC2 that needs permissions to make AWS Calls, AWS recommends allowing EC2 to manage credentials for each instance.
   * In both these examples, instead of creating a new IAM user, create an IAM role to assign permissions. IAM roles can be assumed for short-term sessions.

Question 52

How to control access to an IAM role

Answer 52

1. define a TRUST POLICY that specifies which PRINCIPALS can assume a role.
2. Potential principals include AWS services and also users who have authenticated using identity federation.
3. Principals can also include users who authenticate with web identity federation, IAM users, IAM groups, or IAM roles from OTHER accounts.

Question 53

Instance

Answer 53

1. Provisioned computing environment.
2. EC2 enables you to provision these environments
3. Can select hardware, in control of OS and any software that runs on the instance.

Question 54

EC2 instance

Answer 54

1. Runs on a host machine within a specific Availablity Zone.
2. Instances present an virtualized interface to machine resources to the OS.
3. This virtualization enables multiple, different guest environments to share the same underlying host machine.

Question 55

Bare-metal access

Answer 55

1. Provides your applications with direct access to the processor and memory resources of the underlying server.
2. Some EC2 instances offer this service.

Question 56

Instance type - list all

Answer 56

1. General Purpose - balance mix of CPU, RAM and other resources.
2. Compute Optimized - high amount of CPU (high performing web servers, scientific modeling, video encoding).
3. Memory optimized - large amount of RAM (in memory DBs, and distrubted web scale in-memory caches)
4. Storage Optimized - large amount of storage and input/output (I/O) throughput (datawarehousing, analytics, and big data distributed computing)
5. Accelerated Computing - Dedicated graphics processing unit (GPU) or Field Programmable Gate Array (FPGA) resources (3D rendering, deep learning, genomics resource, real time video processing)

Question 57

Amazon EBS

Answer 57

1. Amazon Elastic Block Store - persistent storage service
2. Provides block storage devices for Amazon EC2 instances.
3. Certain instance types enable you to mount volumes based on an instance store (temporary storage local to the host machine)
4. Can be encrypted
5. EBS suitable for installing OS and applications for data you want to store persistently