CLI & SDK Flashcards
Using the CLI, how can you test whether or not you have the correct permissions to complete a task.
- Use the CLI –dry run command BEFORE the commands you are testing.
- If it is successful, a message will be returned that the task was not complete because of the –dry-run flag but that you do have correct permissions.
- Otherwise an error message is returned with an STS encrypted message.
How can you decrypt an STS (security service token) message in the CLI?
You run the sts decode-authorization-message command.
How can you use MFA with CLI?
- You must create a temporary session
- In order to create a temporary session you must run the security service token (STS ) GetSessionToken API call
What programming language is the CLI written in?
Python SDK (boto3)
When should you use an AWS SDK?
*** THIS IS A PLACEHOLDER -
EXAM EXPECTS YOU TO KNOW THIS - MORE LATER ***
What should you do if you get a ThrottlingException intermittenly?
- Use Exponential Backoff
- It is a retry mechanism included in SDK API calls
- This must be implemented yourself is using the API as is or in specific cases
AWS CLI Credentials Provider Chain
In what order (first to last) does the CLI look for credentials?
- Command Line Options
- Environment Variables
- CLI credentails file
- CLI configuration file
- Container credentials
- Instance profile credentials
AWS SDK Default Credentials Provider Chain
In what order does an SDK look for credentials?
- Environment variables
- system properties
- default credential profiles file
- Amazon ECS container credentials
- Instance profile credentials
What is Signature v4 (SigV4)?
Means that your requests to AWS are signed using your credentials so that you are authenticated against AWS
EXAMPLES
- Sign request usin HTTP Headers
- Query String Option (i.e. S3 presigned URL)
I have an on-premise personal server that I’d like to use to perform AWS API calls. How should I do this?
I should run aws configure and put my credentials there. Invalidate them when I’m done.
