Chapter 1 Introduction to AWS Cloud Api Flashcards
What is AWS SAM Local?
Tool which allows you to test serverless functions locally
What is SAM
‘Serverless Application Model’: an open source framework for building serverless applications. You build templates for Lambda and deploy them via CloudFormation
How does AWS use access keys when forming an HTTP header?
It will use access key credentials to create time based signature string. This is called the AWS Signature Version 4 signing process.
Default object replication consists of…
replicating objects across at least 3 AZs within a region
Considerations when choosing regions not based on service availability or latency
“De Bo Punches”
- Data residency (compliance/regulation)
- Business Continuity (select 2 regions in close proximity for disaster recover)
- Price (price implications)
How to define an IAM role? What are its constituent parts?
Via a ‘trust policy’. This consists of
- Effect (i.e. ‘allow’)
- Principal (i.e. the specific aws service(s) which assum role)
- Action (action performed against a aspecifc aws resource)
Describe anatomy of a STS token
It consists of a self contained access key id, secret access key, session token, and expiration date
Can an IAM user be a a principal within an trust policy?
Yes
What are a couple of scenarios in which use of IAM Users (not roles) would be acceptable?
For code running on local development laptop or on prem server
ARN scheme
Partition (aws.) Service Region AccountID Resource
IAM policies behavior when both deny and allow exist for same API action
default to deny
do IAM policies expire?
no
When IAM user makes API call, his long term credentials are valid in which context? AZ, Region, all regions?
across all regions
Through which means does an IAM role have the authorization to perform an action?
STS token
The principals who have access to assume an IAM role are defined in which document?
IAM Trust Policy
