AWS Developer Flashcards
What are the 3 types of IAM Roles?
- AWS Resources (Delegation)
- Cross Accounts (permissions to IAM users across AWS accounts)
- Federated Identity
What is an IAM Role Federation?
The use of and external IdP (Identity Provider) for authentication of the user.
What is an IdP?
Identity Provider - Can be used for authentication in applications.
What is a Policy?
A JSON document that states the permissions that can be applied to IAM users, groups, roles, or resources.
What are Inline Policies?
A policy created for a specific user, group, or role.
What are Managed Policies?
Policies that are either built-in AWS policies or customer created. Any update to an existing managed policy will create a new policy.
What is STS?
Security Token Service - An AWS web service that provides dynamic temporary security credentials from an IAM user or for a federated user like in Web Identity Federation (granted from IdPs).
What is a Private Cloud?
Infrastructure and application services provided from secured remote facilities for IT services on-demand that is controlled by a single organization. This requires manual upgrades by the staff and data center infrastructure.
What is a Public Cloud?
Infrastructure and application services provided from secured remote facilities for IT services on-demand that is accessible to the public for subscription. Services are provided in a “pay as you go” model and resources tend to be unlimited. This is what AWS is.
What is an ARN
Amazon Resource Name - A formatted string to identify resources in AWS.
What is MFA?
Multi-Factor Authentication - A User setting to require a 6 digit authentication code that is provided through security hardware, software, or SMS.
What is PaaS?
Platform as a Service - A development environment is provided by a third party.
What is IaaS?
Infrastructure as a Service - Hardware or computing services provided by a third party.
What is Elasticity?
The ability to add or remove resources based on demand.
What is Scalability?
The ability add resources to an existing instance (scale up) or in parallel to an existing instance (scale out).
What is IAM?
Identity and Access Management.
What is NACL?
Network Access Control List are inbound and outbound network traffic rules applied at the subnet level.
What is a Security Group?
Inbound and outbound network traffic rules applied to EC2 instances in a VPC.
What is VGW?
Virtual Private Gateway
What is CGW?
Customer Gateway
What is CIDR?
A set of IP standards used to create a unique identity for a network.
What is Egress Traffic?
Outbound network traffic.
What is IGW?
Internet Gateway - a virtual router in a VPC for EC2 instances to communicate to the internet.
What is MAC?
Media Access Control address.
What is a Route Table?
A set of rules for a VPC that determines how network traffic is routed within it.
What is an Egress-Only IGW?
A virtual router which only works with IPv6 for EC2 instances to have access to the internet, but the EC2 instances are not available from the internet.
What is NAT?
Network Access Translation - a virtual router or gateway in a VPC that enables an instance in a private subnet to interact with the internet.
What is an AZ?
Availability Zone - The location of the AWS servers within a regions. Each region has 2 or more Availability Zones.
What is DHCP?
Dynamic Host Configuration Protocol - dynamically assigns IP addresses to instances in a VPC
What is DNS?
Domain Name Server - used to translate domain names to an IP address and provide configuration information to instances within a network
What is VPC Peering?
Used to connect two different VPCs within the same region for routing traffic between them using IPv4 or IPv6 address, so that the VPCs can communicate with each other.
What is VPC Endpoint?
A service that sets up a private connection between different AWS services without going through communication gateways (IGW, NAT, VPN Connection,…)
What is Instance Store for an EC2?
Temporary storage, which uses ephemeral block storage, where the data gets wiped out if the EC2 is stopped or terminated.
What is EBS?
Elastic Block Storage - Used to persistent storage for EC2 instances.
What is an AMI?
An image or template to create EC2 instances from.
What is Lifecycle Management?
A tool in S3 that provides the ability to transition an object from one storage class to another
What is RDS?
Relational Database Services - A database service, which automatically handles the hardware and database patches for particular databases.
What is ADFS?
Active Directory Federation Service - uses Active Directory to get temporary credentials (STS).
What is the ADFS API call?
AssumeRoleWithSAML
What is the Web Identity Federation call?
AssumeRoleWithWebIdentity
What is a Global Secondary Index (GSI) in DynamoDB?
An Index that can contain a partition key and a sort key that are not in the primary key and can span across all table partitions.
What is a Local Secondary Index (LSI) in DynamoDB?
An Index that contains the partition key of the base table, but can have a different sort key.
What is an SNS topic?
An access point between the publishing server and the subscribers to push messages to.
What is CloudFormation?
The service provides the ability to script through code the creation of a cloud infrastructure.
What is a CloudFormation Template (CFT)
The scripted program in JSON or YAML that is used to setup a new cloud infrastructure.
What is Elastic Beanstalk?
A service for web applications that handles the creation of the appropriate infrastructure.
What is Lambda?
A serverless compute service for running code or functions.
What is the required section in a Template of Cloud Formation?
Resources
How many days can an RDS instance be stopped.
7
What is the maximum size of an item in a Dynamo DB table?
400 KB
What is CORS?
Cross Origin Resource Sharing - Allows access from a client web application to resources hosted on a another domain, mainly to access S3 files. By default this access is prevented by web browsers, but this can be addressed through an XML document on the S3 bucket.
What is an IAM Role?
An IAM entity that enforces one or more Policies.
What is an ELB?
Elastic Load Balancer - An AWS Service to automatically distribute incoming network or application traffic to be processed accross multiple EC2 instances.
What is a Sticky Session or Session Affinity in an ELB?
A setting to consistently route traffic from a particular user to the same target instance.
What is the largest object size supported by S3?
5 TB
What is the billing unit for running a Lambda function?
100 milliseconds
What is AWS Storage Gateway?
A service to connect on-premise environments with cloud storage through software.
What is CloudFront?
A content delivery network across the globe that caches data in different locations for speeding up transfer of data.
What is EFS?
Elastic File System - A file storage service which can be used with multiple EC2 instances through NFS mounts, but it is not accessible through Windows based EC2 instances.
How many S3 buckets can an AWS account have?
100, but Amazon can be contacted to increase the limit.
What is the S3 Data Consistency policy.
For puts of new objects Read After Write Consistency. For overwrite puts and deletes, Eventual Consistency.
What is Route 53?
An AWS DNS for routing user to AWS services or non-AWS infrastructure.
What is SWF?
Simple Workflow Service - A workflow management service for building applications that can handle work through multiple resources.
What Amazon Services are offered at no cost.
Auto Scaling, Amazon VPC
How many DynamoDB tables are initially allowed for an account?
256
What is the default Visibility Timeout set to in SQS?
30 seconds
How large are the data chunks are SQS messages billed at?
64 KB
How long can a SWF workflow task live?
1 year
How long can a SQS message remain in the queue?
14 days
How long can a message be made invisible to workers in SQS?
12 hours
Name 4 supported languages by the AWS SDK.
Java .Net Node.js PHP Python Ruby Go C++
What is Server-Side Encryption?
Use the Amazon server to encrypt an object or data before saving it and then decrypting it when downloading.
What is Client-Side Encryption?
Encrypting data or object client-side and uploading the encrypted data or object to AWS (S3). This requires manual management of the encryption process and encryption keys.
What is the default timeout for a Lambda function?
3 seconds
What is long polling in SQS?
Long polling is a setting through ReceiveMessageWaitTimeSeconds where a response returned when a message arrives in the SQS queue or it has timed out. This is done to save money over immediate return or short polling.
How many SQS messages are available per month in the free tier?
1 million
What is the general primary key strategy for Dynamo DB tables?
Many to few principle.
How many secondary indexes are allowed on a Dynamo DB table?
10 - 5 local secondary and 5 global secondary
What is the EC2 API call to retrieve a list of AMIs.
DescribeImages
Can SWF Tasks be assigned more than once?
No
What is the maximum number of Topics allowed per account for SNS?
100,000
What is the maximum size limit for a EC2 Instance Store?
10 GB
What is the AWS Direct Connect service?
Provides a dedicated private connection from a remote network to your PC.
What is the maximum number of SWF activity types?
10,000
What is SES?
Simple Email Service
What is the max limit of parameters for a Cloud Formation Template?
60
What is the maximum number of open SWF activity tasks?
1000
What is the maximum number of subnets for a VPC?
200
What is the maximum number parameters allowed in a CloudFormation Template?
60
What is a Placement Group?
Determines how instances are deployed on the underlying hardware (hypervisor) as Cluster or Spread.
What is Spot Pricing for instances?
Instances are deployed when the pricing for the instance type reaches an agreed pricing.
