AWS Cloud Developer: AWS Management

Question 1

Cloud Trail

Answer 1

Cloud Trail allows you to audit (or review) everything that occurs in your AWS account. Cloud Trail does this by recording all the AWS API calls occurring in your account and delivering a log file to you.

CloudTrail provides event history of your AWS account activity, including:

who has logged in
services that were accessed
actions performed
parameters for the actions
responses returned
This includes actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

Question 2

How long long does Cloud Trail keep logs for

Answer 2

CloudTrail shows results for the last 90 days.

Question 3

How many trails can be created in an AWS region

Answer 3

five trails in an AWS region.

Question 4

Benefits of Cloud Trail

Answer 4

Simplified compliance
With AWS CloudTrail, simplify your compliance audits by automatically recording and storing event logs for actions made within your AWS account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of-compliance events, accelerate incident investigations, and expedite responses to auditor requests.
Visibility into user and resource activity
AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.

Security analysis and troubleshooting
With AWS CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time.
Security automation
AWS CloudTrail allows you track and automatically respond to account activity threatening the security of your AWS resources. With Amazon CloudWatch Events integration, you can define workflows that execute when events that can result in security vulnerabilities are detected. For example, you can create a workflow to add a specific policy to an Amazon S3 bucket when CloudTrail logs an API call that makes that bucket public.

Question 5

Cloud Watch

Answer 5

Cloud Watch is a service that monitors resources and applications that run on AWS by collecting data in the form of logs, metrics, and events.

Question 6

Clout Watch Features

Answer 6

Collect and track metrics
Collect and monitor log files
Set alarms and create triggers to run your AWS resources
React to changes in your AWS resources

Question 7

What is Infrastructure as Code and why do we need it?

Answer 7

Infrastructure as Code
Infrastructure as Code allows you to describe and provision all the infrastructure resources in your cloud environment. You can stand up servers, databases, runtime parameters, resources, etc. based on scripts that you write. Infrastructure as Code is a time-saving feature because it allows you to provision (or stand up) resources in a reproducible way.

Question 8

AWS Cloud Formation

Answer 8

AWS Cloud Formation allows you to model your entire infrastructure in a text file template allowing you to provision AWS resources based on the scripts you write.

Question 9

In What format is a Cloud Formation template written

Answer 9

JSON or YAML

Question 10

AWS CLI

Answer 10

The AWS CLI (or Command Line Interface) allows you to access and control services running in your AWS account from the command line. To use the CLI, simply download, install, and configure it.