AWS Developer Associate - C02 (Set 1) Flashcards
The ALB does not show the application servers the IP of the client directly. How can the application servers see the IP of the client?
By looking at the X-Forwarded-For Header
Which ELB has Cross-Zone Load Balancing enabled by default?
ALB
ALB uses what protocols?
HTTP & HTTPS
What is the order of hierarchy with an ASG, ELB, and EC2 instances
Users access ELB, which points to the ASG, which points to EC2 instances
NLB uses what protocols?
TCP & UDP
What is an example target if you use ASG Target Tracking Scaling?
To keep the CPU Utilization below 70%
Which is higher performing in latency and requests/second, NLB or ALB?
NLB
What is ASG Simple / Step Scaling?
Adding X units after a CloudWatch Alarm is triggered.
ie: When a CloudWatch Alarm is triggered (CPU > 70%), then add 2 units
What are the target groups for NLB?
EC2 Instances, IP Addresses, ALB, Health Checks
ASG Scheduled Actions
Anticipates scaling based on known usage patterns
What is ASG Predictive Scaling?
Continuously forecasting load and scheduling scaling ahead of expected high usage periods.
Metrics to scale on for ASG:
CPUUtilization, RequestCountPerTarget, Average Network in / out, Any other custom metric
What is scaling cooldown, and what is the default time for it?
After a scaling activity happens, you are in the cooldown period, with a default of 300 seconds
What are the target groups for ALB?
EC2 Instances, ECS tasks, Lambda Functions, IP Addresses
What types of Databases can you have within RDS?
Postgres, MySQL, MariaDB, Oracle, Microsoft SQL Server, Aurora
RDS Read Replicas use what type of reads?
RDS Read Replicas are asynchronous, so they use eventually consistent reads.
Aurora grows in increments of ___ GB up to ___TB
10 GB … 128 TB
Does RDS & Aurora support at-rest or in-flight encryption?
Both, KMS for at rest and TLS-ready by default
What types of ElastiCache are there?
Redis and Memcached
Which Elasticache is highly available?
Redis
Which Elasticache is non persistent?
Memcached
Which Elasticache supports backup and restore features?
Redis
Which Elasticache supports sharding and multi-threaded architecture?
Memcached
Which cache of ElastiCache is simpler in terms of setup and use?
Memcached
Each Route53 record contains (5):
Domain/subdomain Name, Record Type (A/AAAA), Value, Routing Policy, TTL
What types of DNS record types does Route53 support?
A, AAAA, CNAME, NS
What is Record Type A?
Maps a hostname to IPv4
What is Record Type AAAA?
Maps a hostname to IPv6
What is Record Type CNAME?
Maps a hostname to another hostname
What is Record Type NS?
Name Servers for the Hosted Zone
What is the subdomain in the following example: http://www.tinydancinghorse.com ?
www
What is the Top level domain in: http://www.tinydancinghorse.com ?
com
What is the Domain Name in the following example: http://www.tinydancinghorse.com ?
tinydancingHorse
What is the Root domain in: http://www.tinydancinghorse.com?
Tinydancinghorse.com
What does a CNAME do in Route53?
Points a hostname to any other hostname (app.mydomain.com -> bla.anything.com)
What does an Alias do in Route53?
Points a hostname to an AWS Resource (app.mydomain.com -> bla.amazonaws.com) AND Works for ROOT domain and NON ROOT domain
What Record type is an Alias Record in Route53
A or AAAA
How do you set the TTL for an Alias Record in Route53?
You can’t
What types of Routing Policies does Route53 support? (7)
Simple, Weighted, Failover, Latency Based, Geolocation, Multi-Value answer, Geoproximity
What does simple routing policy do?
Routes traffic to a single resource. If multiple values are returned, random one is chosen by the client.
What does the weighted routing policy do?
Control the % of the requests that go to each specific resource
What does the latency-based routing policy do?
Redirects to the resource that has the least latency close to us - Latency is based on traffic between users and AWS Regions
Where do Route53 health checks if an EC2 instance is within an ASG within an ALB?
The ALB
Are Route53 health checkers inside or outside of the VPC?
Outside
What does the Geolocation Routing Policy do?
Routes based on user location, specific to continent, country, or state
What does the Geoproximity routing policy do?
Routes traffic to resources based on the geographic location of users and resources
What do Internet Gateways do for VPCs?
Helps our VPC instance connect with the external internet
What do NAT Gateways do?
Allows our VPC to access the internet through the Internet Gateway (IGW) while staying private
What is a NACL?
A Network ACL is a firewall which controls traffic to and from a subnet, which can have ALLOW or DENY rules, only including IP addresses
What is a security group?
A firewall that controls traffic to and from an ENI/EC2 Instance. It can only have ALLOW rules, which include IP addresses and other security groups
What AWS services access a VPC through a VPC Endpoint?
S3 and DynamoDB
What AWS services access a VPC through a VPC Endpoint Interface?
Anything other than S3 and DynamoDB
What is the URL for EC2 Instance Metadata?
http://169.254.169.254/latest/meta-data
Can you retrieve the IAM Role name or the IAM policy from the metadata?
Just the IAM Role name
What API call do you need to use for MFA?
STS GetSessionToken; $> sts get-session-token
What S3 encryption type requires HTTPS over HTTP?
SSE-C
What is the default encryption in S3?
SSE-S3
Why can’t you generate a pre-signed S3 URL and paste it in the browser if you use SSE-C?
For non-SSE-C objects, you can generate a presigned URL and directly paste that URL into a browser to access the data. However, you cannot do this for SSE-C objects, because in addition to the presigned URL, you also must include HTTP headers that are specific to SSE-C objects. Therefore, you can use presigned URLs for SSE-C objects only programmatically.
What must be enabled to use MFA delete in S3?
Versioning must be enabled.
What is the purpose of CloudFront?
It is a CDN (Content Delivery Network) that gives developers an easy and cost effective way to distribute content with low latency and high data transfer speeds.
What is the API in CloudFront that invalidates part of the cache?
CreateInvalidation API
Where are Docker images stored in AWS?
Amazon ECR (Elastic Container Registry)
What is AWS Fargate and which AWS Services does it support?
It is Amazon’s own Serverless container platform, which works with ECS and EKS
What are the two launch types for ECS?
EC2 & Fargate
What is the difference between Fargate and EC2 launch types for ECS?
Fargate is serverless with no infrastructure to manage, while EC2 Launch type requires you to provision & maintain the EC2 Instances
What is a Task Role?
It allows the containers in your task to assume an IAM role without having to use AWS credentials inside the containers.
Which Load Balancer is not compatible with ECS Fargate?
CLB - Classic Load Balancer
Which ECS Launch type(s) does EFS work with?
Both EC2 and Fargate
Is EFS serverless or not?
Serverless
What is Target Tracking ECS Autoscaling?
Scales based on a target value for a specific CloudWatch metric
What is Step Scaling ECS Autoscaling?
Scales by adding X tasks based on a specific CloudWatch alarm
What is Scheduled Scaling ECS Autoscaling?
Scales the number of ECS tasks based on the time or day.
What is the problem with autoscaling for EC2 ECS?
ECS Service autoscaling only scales at the task level, it does not scale the EC2 instances
What are the 7 crucial bits of information in an ECS Task Definition?
Image Name, Port binding for container & host, Memory & CPU, Environment Variables, Networking Information, IAM Role, Logging Config
For which ECS Launch type can you define a Task Placement Strategy or Task Placement Constraints?
ECS EC2
Is EFS Multi-AZ by default?
Yes
What is the Login command for Amazon ECR?
Aws ecr get-login-password
What is the managed Node Group in EKS?
It creates and manages EC2 instance nodes for you, which are a part of an ASG managed by EKS
What are Self-managed nodes in EKS?
Nodes created by you and managed by an ASG
What maintenance is required for Fargate with EKS?
None required as there are no nodes to be managed.
What are the 3 Elastic Beanstalk components?
Application, application version, and Environment
What is the directory for Elastic Beanstalk Extensions?
.ebextensions/
What is the suffix for Elastic Beanstalk extension files?
.config
What does Elastic Beanstalk rely on under the hood?
CloudFormation
What are the 6 components of a CloudFormation template?
Resources (mandatory), Parameters, Mappings, Outputs, Conditionals, Metadata
What is in the resources component of CloudFormation?
The aws resources declared in the template
What is in the parameters component of CloudFormation?
The dynamic inputs for your template so you can input custom values each time you create or update a stack
What is in the mappings component of CloudFormation?
Maps, their keys, and values which can be referenced in your CloudFormation template.
What is in the outputs component of CloudFormation?
Outputs from the current stack, which can be referenced by other stacks.
How do you reference a parameter in cloudFormation?
Fn::Ref or !Ref
When to use parameters instead of mappings in CloudFormation?
When the values are really user specific
How do you access values in a map?
Fn::FindInMap or !FindInMap
What are the three parameters passed into the !FIndInMap function?
MapName, TopLevelKey, SecondLevelKey
Can you delete a stack if one of its outputs is referenced by another CloudFormation stack?
No, you must delete the stacks that reference the base stack before deleting the base stack.
How do you use an output value in a different stack?
Fn::ImportValue or !ImportValue
What is the function to reference parameters or resources?
Fn::Ref or !Ref
What is the function to get attributes?
Fn::GetAtt or !GetAtt
What is the function used to access a map value?
Fn::FindInMap or !FindInMap
What is the function used to import values exported in other templates?
Fn::ImportValue or !ImportValue
What happens in a CloudFormation rollback when stack creation fails?
Everything gets deleted
What happens in a CloudFormation rollback when the Stack Update fails?
The stack automatically rolls back to the previous known working state.
What is CloudWatch mainly used for?
Providing metrics, logs, events and alarm
What is X-Ray for?
Troubleshooting app performance and errors
What is CloudTrail for?
Internal monitoring of API calls and auditing changes to Resources by users
By default, how often do EC2 instances share instance metrics?
Every 5 minutes
Is AWS CloudTrail enabled by default?
Yes
What does CloudTrail provide?
Governance, compliance, and audit for your AWS Account
How long are events stored in CloudTrail?
90 days
What is the max message size in SQS - Standard?
256 KB
Does SQS have in flight encryption?
Yes, it uses HTTPS
Does SQS have at-rest encryption?
Yes, it uses KMS
What is Message Visibility Timeout in SQS?
It is the length of time which the message will become invisible to other consumers after the message is polled.
What is SQS Delay Queue?
Delays a message so that consumers won’t see it immediately for up to 15 minutes
What is SQS Long Polling?
When a consumer requests messages from the queue, it can “wait” for messages to arrive if there are none in the queue
What does the SQS API CreateQueue do?
Creates an SQS queue
What does the SQS API PurgeQueue do?
Deletes all of the messages in the queue
What does the SQS API SendMessage do?
Sends a message onto SQS
What is the SQS MaxNumberOfMessages default and max?
Default of 1, max of 10
What is the SQS API ReceiveMessageWaitTimeSeconds for?
It is used for Long Polling.
How many consumers can you have per SQS FIFO Group?
Just one
What does the SQS + SNS Fan Out architecture look like?
Producer sends a message to SNS with a specific topic, then SNS sends the message to a different SQS Queue depending on the topic.
What can you do if you need the messages to be in order by topic?
Use SNS FIFO
What can you do if your SQS Queue only wants to hear certain messages from an SNS topic?
Use SNS Message filtering
What does Kinesis Data Streams do?
It captures, processes, and stores data streams
What does Kinesis Data Firehose do?
It captures, transforms, and delivers streaming data to data lakes, data stores, and analytics services.
What does Kinesis Data Analytics do?
Analyze data streams with SQL or Apache Flink
What does Kinesis Video Streams do?
Capture, process and store video streams
Do Kinesis Data Streams have security in flight and at rest?
Yes, via HTTPS in flight and using KMS at rest
What should you use in SQS FIFO to group messages together, but in order by group?
Group ID
Do NoSQL Databases scale vertically or horizontally?
Horizontally
What is the maximum size of an item in DynamoDB?
400KB
What are the datatypes supported in DynamoDB?
Scalar, String, Binary, Boolean, Document (List/Map), Set (String set, Number set…)
What are the two options for primary keys in DynamoDB?
Partition key OR partition key + sort key
How large of a write is one WCU?
1KB
How many Strongly consistent reads does one RCU represent?
1
How many eventually consistent reads does one RCU represent?
2
How large of a read is one RCU?
4KB
If there is an RCU issue in DynamoDB, what can we use to help?
DynamoDB Accelerator (DAX)
What kind of read is GetItem on DynamoDB?
Eventually Consistent read
How can you only retrieve certain attributes of an item from DynamoDB through GetItem?
By using ProjectionExpression
Can you use BatchWriteItem to update items in DynamoDB?
No, only to create them.
What is the max data written in one BatchWriteItem call?
16 MB
For Read queries on DynamoDB, would you use Filter Expression filters, or would you use Condition Expressions?
Filter Expression filters are for reads, Condition Expressions are for writes
When can you define a Local Secondary Index?
ONLY AT TABLE CREATION
What is the purpose of a Local Secondary Index?
An alternative sort key for your table
What is the purpose of a Global Secondary Index?
An alternative primary key/partition key from the base table (Like looking at the same table organized in a different manner with a different primary key)
When can you add a Global Secondary Index?
Any time after table creation
What happens if the writes are throttled on the Global Secondary Index of a DynamoDB table?
The writes will be throttled on the main table
What is a DynamoDB Stream?
An ordered stream of item-level modifications in a table
How long is data retained in a DynamoDB stream?
Up to 24 hours
What is a DynamoDB Transaction?
An operation coordinated to add one or more items across one or more tables. The operation only happens if all of the operations are successful.
How much more expensive are transactions in DynamoDB?
Reads and Writes are both twice as expensive using DynamoDB Transactions
What are the 3 endpoint types for API Gateway?
Edge-Optimized, Regional, and Private
Who can access Private API Gateway Endpoints?
Can be accessed from the VPC
If you make changes in API Gateway and aren’t seeing the changes take place, what is likely the issue??
For API Gateway, you need to make a “deployment” for changes to be in effect
How can you have dev, test and prod environments in API Gateway?
By having multiple stages, one for each, as they can all have their own Stage variables
How does API Gateway Canary deployment work?
It points a small percentage of the traffic (5%) to the new service, and if nothing fails, it will switch over 100% of the traffic
What is the API Gateway MOCK Integration type for?
It returns a response without sending the request to the backend
What is the API Gateway HTTP/AWS Integration type for?
So you can configure both the integration request and response, and setup data mapping using mapping templates for the request & response
What is the API Gateway AWS_PROXY Integration type for?
Sending the incoming request directly through to the Lambda function, which will handle the request and forward an HTTP response
Which API use XML/JSON between SOAP and REST?
SOAP uses XML, REST uses JSON
How can you reduce the number of calls to the backend using API Gateway?
API Gateway Caching API responses
What is the default TTL for APIGW caching?
300 seconds
What do the CacheHitCount & CacheMissCount metrics help you define using API Gateway?
The efficiency of the API Gateway cache
What does the IntegrationLatency metric tell you about API Gateway?
The time between when API Gateway relays a request to the backend and when it receives a response from the backend
What should you ensure is enabled when API calls to API Gateway are failing from another domain?
Ensure CORS is enabled
What mode of security should you use for API gateway if you want to authorize using 3rd party tokens?
Custom Lambda Authorizer
What is API Gateway’s Websocket API good for?
It is a two-way interactive communication between a user’s browser and the server, it is good for multiplayer games, collaboration and chat platforms
What is AWS CodeCommit for?
Storing our code, similar to Git
What is AWS CodePipeline for?
It’s used to model, visualize, and automate the steps required to release your software.
What is AWS CodeBuild for?
Building and testing our code
What is AWS CodeDeploy for?
Deploying the code to any instance, including EC2
What is AWS CodeStar for?
It provides the tools you need to quickly develop, build, and deploy applications on AWS. You can set up your entire CICD pipeline in minutes.
What is AWS CodeArtifact for?
It stores, publishes, and shares software packages
What is AWS CodeGuru for?
Automated code reviews using Machine Learning
How do AWS CodeCommit, CodeBuild, and CodeDeploy pass information between themselves?
They create artifacts stored in S3, which the next stage can reference
What file contains the build instructions for AWS CodeBuild?
Buildspec.yml
What is in the env section of the AWS CodeBuild buildspec.yml?
Defines environment variables
What is in the phases section of the AWS CodeBuild buildspec.yml?
Specific commands to run
What is in the artifacts section of the AWS CodeBuild buildspec.yml?
What to upload to S3
What is in the cache section of the AWS CodeBuild buildspec.yml?
Files to cache to S3 for future build speedup
What file contains instructions for deployment when using CodeDeploy?
Appspec.yml
When using SAM, where is the application actually built?
The application is built locally, before the package is zipped and uploaded to S3.
After building the application, what happens when using SAM?
The CloudFormation template is zipped and uploaded to S3
What does SAM framework rely upon to update Lambda function?
AWS CodeDeploy
What is AutoPublishAlias in SAM?
Detects when new code is being deployed, creates and publishes an updated version of that function with the latest code.
What is DeploymentPreference for in SAM?
Lets you choose Canary, Linear, or AllAtOnce deployment types for your application
What are hooks in SAM?
Pre and post traffic shifting Lambda functions to test your deployment
What is SAM built on?
CloudFormation
What sections does SAM require? (2)
Transform and Resources sections
What command for SAM fetches dependencies and creates local deployment artifacts?
Sam build
What command for SAM packages and uploads to AmazonS3?
Sam package
What command for SAM deploys to CloudFormation?
Sam deploy
What is AWS CDK?
The AWS Cloud Development Kit allows you to define your cloud infrastructure in a familiar language like JS or Python
What AWS service does AWS CDK leverage?
AWS CloudFormation
What is Cognito User Pools for?
Creates a serverless database of users for sign in functionality for app users. It provides access to AWS, not individual AWS resources.
What is special about Cognito User Pools Hosted Authentication UI?
You can add it to your app as a sign in form and customize the CSS
What does Cognito User Pools Adaptive Authentication do?
Examines each sign-in attempt risk and requires MFA for high-risk sign-in attempts
What must the ALB use to set authentication rules for oidc or cognito?
An HTTPS listener
What does Cognito Identity Pools do?
Get identities for “users” so they obtain temporary AWS credentials. It can provide access to specific individual AWS resources.
What is the Step function state Choice State?
Test for a condition to send to a branch
What is the Fail or succeed state in a step function?
Stop execution with failure or success
What is the Pass state in a step function?
Simply pass its input to its output or inject fixed data, but do no work
What is the Wait state in a step function?
Provide a delay for a certain amount of time or until a specified time/date
What is the Map State in a Step Function?
It runs a set of workflow steps for each item in a dataset
What is the Parallel State in a Step Function?
It begins parallel branches of execution
What performs the tasks in a Step Function Activity Task?
Activity Workers
What is it that AppSync relies on?
GraphQL
What is AppSync for?
Allows your applications to access exactly the data they need. It is a flexible API to securely access, manipulate, and combine data from multiple sources
What does AWS Amplify do?
It lets frontend web and mobile developers easily build, ship, and host full-stack apps on AWS
What does AWS Amplify support language-wise?
Angular, React, flutter…
What does AWS Amplify use for authentication?
Amazon Cognito
What does AWS Amplify use for a datastore?
It leverages Amazon AppSync and Amazon DynamoDB
What is AWS Direct Connect?
A network service that provides an alternative to using the internet to utilize AWS Cloud Services
Are Lambda Environmental variables secure by default?
Yes, they are encrypted by default
How can you use AWS CodeDeploy for an on-premises server?
Use AWS SSM to install the CodeDeploy agent and register your on-premises servers as a deployment group
What does AWS SSM do?
Updates, manages, and configures resources on instances or on-premises servers.
How can you effectively monitor Elastic Beanstalk resources and receive performance notifications?
Enable enhanced health reporting for the Elastic Beanstalk environment
When should you use AWS::Serverless::SimpleTable vs AWS::DynamoDB::SimpleTable?
Use AWS::DynamoDB::SimpleTable when you need advanced functionalities for DynamoDB; Use AWS::Serverless::SimpleTable when you only need basic functionalities
What is the AWS::Serverless::Application resource type used for in SAM?
It embeds a serverless application from the SAR (Serverless Application Registry) or from an Amazon S3 bucket as a nested application
What is the AWS::Serverless::Function SAM resource used to create?
It creates a Lambda function
Replace this card
Replace
What happens when you use the DynamoDB DELETE action on an empty set?
It causes an error
What happens when you try to perform multiple actions in a single expression for DynamoDB?
It performs the multiple actions specified. This does not cause an error.
How can you change a Lambda function’s behavior without updating the code itself?
Use the environment variables, which is a pair of strings stored in the function’s configuration
What is ChangeMessageVisibility used to reduce?
It reduces message reprocessing
When does the data get written to the cache in a write-through caching?
At the same time as the database
At what point can you create Local Secondary Indexes?
ONLY at table creation
Are Local Secondary Indexes Strongly or Eventually Consistent reads?
You can use either with a local secondary index
Are Global Secondary Indexes Strongly or Eventually Consistent reads?
Eventually Consistent Reads only
Which is simpler, Memcached or Redis?
Memcached
What does Amazon Connect do?
It helps you integrate with other enterprise applications, such as Salesforce
How often are KMS keys rotated when you enable automatic key rotation?
About once a year
What application can Amazon Macie be used for?
S3 only
What does Amazon Macie do?
Identifies sensitive data in S3 buckets
What is SAR (Serverless Application Repository)?
It’s a managed repository for serverless applications, enabling developers to store and share reusable applications.
What should you do if your asynchronously triggered lambda function fails and you need it to run?
Wait for it to auto retry, asynchronously triggered lambda functions will auto retry twice after an error
How can you get close monitoring of SWF (Simple Workflow Service) processes?
Use the AWS Management Console & Visibility APIs
What are Visibility APIs within the SWF (Simple Workflow Service)?
It helps you get run-time information to monitor all executions and get detailed data.
Should you use Cognito User pools or Identity pools if you want to give access to just one AWS resource?
Identity pools, it can give access to sole resources
What can you use to ensure your DynamoDB data is encrypted in transit and at rest?
DynamoDB Encryption Client
What is DynamoDB Encryption Client?
A software library that enables you to protect your DynamoDB data in transit and at rest
What is the beginning of the AWS CLI command to create an Amazon Cognito Identity pool?
Aws cognito-identity…
What does a developer NEED to do to convert a legacy java app Jar file after uploading the jar to turn it into a lambda function?
Define a handler function
What is the Elastic Beanstalk proxy server?
It helps you serve static files from elastic beanstalk from directories within your web app.
Can X-Ray be used for REST APIs, SOAP APIs, or both?
REST APIs only
What section of a CloudFormation template lets you deploy variable sized instances based on the environment (dev, test, prod…)?
Conditions
Can a VPN help give applications programmatic access to resources?
No. Only IAM roles or other AWS credentials can give programmatic access to resources.
What type of keys do AWS services integrated with KMS use, symmetric or asymmetric?
Symmetric
What is AWS CloudHSM?
AWS CloudHSM provides hardware security modules that are used to generate, store and manage encryption keys that are symmetric or asymmetric.
What AWS service should you use if you want a single tenant, tamper-proof AWS hardware device?
AWS CloudHSM
What happens when your Lambda function is throttled from a stream-based event source?
The Lambda tries to process the throttled batch of records until the data expires
After uploading several files to an S3 bucket to test it, you are unable to delete it. What is the issue?
S3 buckets must be empty to be deleted.
Should you create an access key for your AWS root account?
No, unless you absolutely need to
Should you enable MFA for your AWS root account?
Yes
Is it good practice to share the root access key with a trusted team member as backup?
No (Not according to Amazon at least)
What does AWS recommend for super-fast, zero-downtime deploys, with rollbacks available?
Blue-Green deployments
