AWS CLI, SDK, IAM, Roles & Policies

Question 1

What does AWS EC2 Instance Metadata (IMDS) allow?

Answer 1

It allows AWS EC2 instances to ”learn about themselves” without using an IAM Role for that purpose.

Question 2

You can retrieve the ………from the……., but you CANNOT retrieve the………..

Answer 2

IAM Role name, metadata, IAM Policy

Question 3

How can you perform actions on AWS directly from your applications code ? (without using the CLI).

Answer 3

Use an SDK (software development kit)

Question 4

We have to use the……… when coding against……….

Answer 4

AWS SDK, AWS Services

Question 5

if you don’t specify or configure a default region,……

Answer 5

then us-east-1 will be chosen by default

Question 6

What should you do if you get ThrottlingException intermittently?

Answer 6

Use exponential backoff

Question 7

Must only implement the retries on……. and…..
Do not implement on the……

Answer 7

5xx server errors, throttling, 4xx client errors

Question 8

What is Exponential Backoff?

Answer 8

A strategy used in computing to manage retries of failed requests.

Question 9

How does Exponential Backoff work:

Answer 9

1. Start with a wait time for the first retry, for example, one second.
2. If the first retry fails, double the wait time for the next attempt, resulting in a two-second delay
   .
3. Continue doubling the wait time for each subsequent retry (four seconds, eight seconds, sixteen seconds, etc.).

Question 10

Order of the AWS CLI Credentials Provider Chain?

Answer 10

1. Command line options
2. Environment variables
3. CLI credentials file
4. CLI configuration file
5. Container credentials
6. Instance profile credentials

Question 11

Order of AWS SDK Default Credentials Provider Chain?

Answer 11

1. Java system properties
2. Environment variables
3. The default credential profiles file
4. Amazon ECS container credentials
5. Instance profile credentials

Question 12

NEVER EVER STORE AWS CREDENTIALS IN YOUR CODE

Best practice is for……… to be……… from the…………

Answer 12

credentials, inherited, credentials chain

Question 13

If working within AWS how should you grant permissions?

Answer 13

IAM Roles

Question 14

EC2 Instances Roles grant permission for?

Answer 14

EC2 Instance

Question 15

ECS roles grant permission for?

Answer 15

ECS taskes

Question 16

Lambda Roles grant permissions for?

Answer 16

Lambda functions

Question 17

how do you grant permissions working outside of AWS?

Answer 17

Environment variables / named profiles

Question 18

When are requests signed for you?

Answer 18

If you use the SDK or CLI, or HTTP

Question 19

Do all requests to Amazon S3 need to signed?

Answer 19

No, some don’t need to be signed.

Question 20

When you have an IAM role attached to your EC2 instance and you run AWS CLI commands from inside this instance, AWS CLI uses the …………. to get ……… credentials.

Answer 20

Instance Metatdata, temporary

Question 21

What must be created to use MFA with the CLI

Answer 21

Create a temporary session

Question 22

How can you get temporary session credentials?

Answer 22

Must run STS GetSession Token API call