AWS cloud guru developer Flashcards
what languages are supported by aws lambda
node.js, java, python, go, C#
what tool allows you to debug what’s happening inside a lambda function
AWS X rays
what is sqs visibility timeout
its the amount of time a message remains in an invisible state. The invisible state is the state a message gets into after it has been picked up by a server for processing.
what if the visibility timeout occurs before the server finishes processing the message.
The message becomes visible again and another server can take up it’s processing. If the first server that took this up processes it, it can result in multiple processing of the same mesaage.
what if the server finishes processing before the visibility timeout occurs?
the message is deleted from the queue
what are the min and max values of the visibility timeout of an SQS queue
30 seconds to 12 hours
what service is used for sending email only?
SES - simple email service.
while uploading your deployment package to AWS lambda, what information do you need to provide as configuration?
name of the handler method, compute requirements, and runtime.
what permission policies should you set on the zip file which you upload as a lambda function?
read permission for global users
with what permissions does AWS lambda access other resources from your code?
The same permission as that of the IAM user who is running the lambda function.
in the context of a lamda frunction, for poll based sources where is the event source mapping stored?
in AWS lambda
in the context of a lamda frunction, for push based event sources where is the event sourc mapping stored?
in the source service or resorce (e/g/S3)
in the context of a lamda frunction, what is an event source mapping?
delineates what events to track and what functions to invoke.
where are event source mappings stored in the event source or the lambda function?
for push based events like S3 in the event source
for poll based events in the lambda function,
if you’re using an S3 as an event source, where do you configure the notification?
Notification configuration.
In the context of AWS lambda what are the primary resources
The lambda function and event source mapping.
when launching an ec2 instance which volume is not and cannot be encrypted at the time of launch?
root volume
how long does it take for a change of rule in security group to take effect?
almost immediately.
are security group rules stateful? what does it mean?
yes, it means when you create an inbound rule, a corresponding outobound rule for the same port is implicitly created. e.g. allowing incoming http will allow your server to respond as well
are network access control list rules stateful?
no ther are not.
if you want to block a particular port or ip address, can you do it with a security group or a network access control list?
network access control list.
can you assign multiple security groups to an ec2 instance?
yea
whats one thing aws does to achieve high availability and durability on ebs?
automatically replicate an EBS volume within the availability zone/
what are different EBS options available?
SSD - general purpose SSD, provisioned IOPS SSD
HDD - throughput optimized HDD, cold HDD, EBS magnetic
what availability zone is the EBS in compared to the ec2 instance?
EBS volume and EC2 instance are in the same availability zone.
if you terminate an ec2 instance what happens to the root device volume?
that gets deleted as well.
if you terminate an ec2 instance what happens to the additional volumes (other than the root) which are attached?
they are not deleted by default. In fact they become “available” for use.
what are two different ways you can create an image from a snapshot?
volume – snapshot–image
volume –image
what are different ways in which you could select AMIUs
PORAS - permissions, operating system, region, architecture - 32 vs 64 bits, storage for the root device.
if the snapshot out of which an image was created is encrypted, then can you launch that image on a volume that is unencrypted?
no
what is the encryption status of volumes restored from encrypted snapshots
they are encrypted as well.
what is the difference between cloud watch and cloud trail?
cloud watch = monitoring performance (gym)
cloud trail = monitoring API calls (CCTV camera)
what is the default monitoring interval of ec2 by cloud watch?
every 5 minutes.
2 differences between efs and ebs
increase in size, mounted simaltaneously on multiple ec2 instances
difference between acl and security groups
acls - stat, have both allow and deny rules
what is a bastion host?
it’s a host in the public subnet that you use to connect to an instance in the private subnet
what is the largest subnet you can use in an AWS VPS?
/16
what is the smallest subnet you can condigure in an AWS VPC?
/28
what kind of vpc configuration peering is allowed: star or transitive
star only not transitive
what is created by default when a vpc is created?
security group, network acl and route table
how many IP addresses are reserved per subnet?
5
can you have multiple internet gateways per vpc?
no
can you use a security group from one vpc in another vpc?
no, security groups do not span VPCs
what is the difference between a nat instance and a nat gateway?
a nat instance is an ec2 instance with nat functionality whereas a nat gateway ihas HA, etc.
are NAT gateways assigned to a security group?
no
are nat gateways automatically assigned a public IP address?
yes
which of the following does a security group allow by default: all in bound traffic or all outbound traffic?
all outbound traffic
how many public subnets do you need at a minimum ro be able to configure a load balancer?
two
at what different levels can flow logs be created?
VPC, subnet, network interface level
after creating a flowlog can you change it’s association?
no
