AWS Developer Associate - C02 (Set 2) Flashcards
What can you use to speed up distribution of static and dynamic web content to users?
AWS CloudFront.
It is a web service that speeds up distribution of web content to users through a worldwide network of data centers called edge locations.
What does AWS CodePipeline use to automatically start the pipeline? (Assuming you used the AWS CodePipeline console to construct the pipeline)
AWS CloudWatch Events (AKA EventBridge) are used to automatically start the pipeline.
When using CodeDeploy, what is required to revert changes if anything goes wrong during deployment?
Nothing, CodeDeploy should be able to rollback on its own.
What can you do to set up notifications if CodeDeploy fails a deployment and rolls back?
Set up a Lambda function subscribed to CodeDeploy events using CloudWatch Events.
When you create a CloudTrail trail, by default, only what type of events are logged?
Only Management events are logged.
To track Lambda function invocations with AWS CloudTrail, what type of events will need to be loggeed?
Data Events will show Lambda invocations.
What are CloudTrail Insights?
They help developers identify and respond to unusual activity associated with API calls and API error rates by analyzing CloudTrail management events.
What are CloudTrail data events?
They provide visibility into the resource operations performed on or within a resource.
What are CloudTrail management events?
They provide visibility into management operations that are performed on resources in the AWS account.
Is CodeDeploy able to deploy out to EC2 instances despite them being within an Auto Scaling Group?
Yes, the ASG has no effect and CodeDeploy will still deploy changes automatically.
What AWS service can you use to send notification messages to an HTTP or HTTPS endpoint?
AWS SNS
Between SNS and SQS, which supports sending notifications to HTTP / HTTPS endpoints?
AWS SNS
What is a Lambda function’s Execution Role?
It refers to the AWS IAM Role that grants the function permission to access specific AWS services and resources.
What can you do to reduce AWS Lambda latency?
Configure provisioned concurrency
How does reserved concurrency affect a Lambda function’s execution?
It ensures the number of instances defined will be available concurrently and exclusively for a given function, but also limits functions from using concurrency outside of the reservation.
How can you use AWS KMS to detect which KMS key was used to encrypt each ciphertext?
You can’t; AWS KMS does not store information about which key was used for which ciphertext.
How can you tell which AWS KMS key was used to encrypt a given ciphertext?
By analyzing AWS CloudTrail logs
What does AssumeRoleWithWebIdentity API return?
It returns a set of temporary security credentials for users who have been authenticated with a web identity provider.
Why might you not be able to call APIs such as GetFederationTokens or GetSessionTokens after calling AssumeRoleWithWebIdentity?
Because this returns a temporary set of credentials and disallows calling those two APIs.
What is Lambda@Edge?
It is a feature of CloudFront feature that can customize the content shown to different users using a CloudFront distribution.
What is a good alternative when objects you intended to upload to DynamoDB are larger than 400KB and aren’t able to be compressed?
Writing attribute values of the objects to S3
When creating a user pool and you want users to use SMS for MFA, is it necessary to set up any additional roles for this?
Yes, when MFA is required, phone numbers will be verified and you must provide a role to allow Amazon Cognito to send SMS messages.
What two things does a developer need for programmatic access to AWS resources, or access from the AWS CLI?
An Access Key ID and a Secret Access Key.
What does the X-Amzn-Trace-Id tracing header do?
It sends AWS X-Ray trace headers through all layers the request goes through.
What does the SAM Resource AWS::Serverless::StateMachine create?
It creates an AWS Step Functions state machine
What does the SAM Resource AWS::Serverless::Api create?
It creates a collection of Amazon API Gateway resources and methods that can be invoked through HTTPS endpoints. It is not explicitly needed as a resource of this type is implicitly created in AWS::Serverless::Function
What does the SAM Resource AWS::Serverless::Application create?
It embeds a serverless application from the AWS SAR (Serverless Application Registry) or from an S3 bucket as a nested application.
What does the SAM Resource AWS::Serverless::Connector create?
It configures permissions between two resources
What does the SAM Resource AWS::Serverless::Function create?
It creates an AWS Lambda function, an AWS IAM execution Role, and event source mappings that trigger the function.
What does the SAM Resource AWS::Serverless::HttpApi create?
It creates an Amazon API Gateway HTTP API, which enables you to create RESTful APIs with lower latency and lower costs than REST APIs.
What does the SAM Resource AWS::Serverless::LayerVersion create?
It creates a Lambda LayerVersion that contains library or runtime code needed by a Lambda function. It is equivalent to AWS::Lambda::LayerVersion.
What does the SAM Resource AWS::Serverless::SimpleTable create?
It creates a DynamoDB table with a single attribute primary key. If you need more advanced usage of DynamoDB, use AWS::DynamoDB::Table instead.
To grant IAM permissions, users or groups can be assigned JSON documents called ____?
Policies
What do policies do in IAM?
They define the permissions of the users
What are the 3 properties an IAM Policy consists of?
Version, Id, Statement
What are the 6 properties an IAM Policy Statement consists of?
Sid, Effect, Principal, Action, Resource, Condition
What is a Sid in an IAM policy statement?
The identifier for the statement. This field is optional.
What is the Effect in an IAM policy statement?
Whether the statement will allow or deny access
What is the Principal in an IAM policy statement?
The account/user/role to which this policy will be applied to
What is the Action in an IAM policy statement?
A list of actions this policy will allow or deny
What is the Resource in an IAM policy statement?
A list of resources to which the actions will be applied to
What is the Condition in an IAM policy statement?
Conditions for when this policy is in effect. This field is optional.
