CLI, SDK, IAM roles & Policies

Question 1

What does IMDS stand for and what functionality does it provide EC2 instances?

Answer 1

It stands for EC2 Instance Metadata and it allows EC2 instances to learn about themselves without using an IAM role

Question 2

What is the difference between IMDSv1 and IMDSv2?

Answer 2

IMDSv1 directly accesses http://[ip.address]/latest/meta-data directly whereas IMDSv2 is more secure and uses a session token for related calls

Question 3

How can you use MFA with the AWS CLI?

Answer 3

You must create a temporary session using the STS GetSessionToken API call

Question 4

What is a possible solution when encountering intermittent errors due to API rate limits?

Answer 4

Implement exponential backoff

Question 5

What is a possible solution when encountering consistent errors due to API rate limits?

Answer 5

Request an API throttling limit increase

Question 6

What is the process to increase service quotas?

Answer 6

Open a ticket with AWS

Question 7

On what errors should you implement exponential backoff?

Answer 7

Only 5xx server errors not 4xx client errors

Question 8

List, in order, the locations the CLI will look for credentials

Answer 8

1. Command line
2. Environment variables
3. CLI credentials file
4. CLI configuration file
5. Container credentials
6. Instance profile credentials

Question 9

What are the two options for SigV4 request signing?

Answer 9

1. HTTP Authorization header
2. X-Amz-Signature query string

Question 10

What runtime does the AWS CLI use?

Answer 10

Python