CSA Flashcards
Lambda-support languages (5)
python Go C# (.NET core) node.js (javascrip) Java
Lambda triggers (9 most used)
- API Gateway
- Alexa Skills Kit
- CloudFront
- CloudWatch Events
- CloudWatch Logs
- DynamoDB
- Kinesis
- S3
- SNS
others: • SQS • AWS IoT • Alexa Smart Home • CodeCommit • Cognito Sync Trigger
Route53 DNS Routing Options (6)
Simple weighted Latency-based Failover Geolocation Multivalue ANswer
What 10 AWS services are serverless?
- Compute: Lambda (+ Lambda@edge for Cloudfront)
- Storage: S3
- DB: DynamoDB
- API Gateway
- AWS AppSync
- Orchestration: AWS step functions
- Message queuing: SQS
- Notification: SNS
- Analytics: Kinesis
- Interactive query: Athena
What are the key differences between Multi-AZ DB’s and Read Replicas?
Multi-AZ is for DR/maintenance (active-passive), Read-replicas are for improved performance and resiliency
M-AZ is synchronous, Read-replicas are asynch.
M-AZ has one defined endpoint, RR has endpoint for each replica
List the 6 key AWS databases and their uses
- RDS – OLTP (RDBMS)
- DynamoDB – noSQL
- Redshift – OLAP
- Elasticache – in-mem caching
- Aurora - Customer, high-perf RDBMS
- Neptune - Graph database
What are the 6 DB’s available within RDS?
Oracle Aurora PostgresSQL MySQL MariaDB MS SQL Server
What are the 5 key basic components of a VPC?
IGW (Internet gateway/VPG) Route tables Subnets Security Groups NACL's
List the (8 ) steps to creating a custom VPC
1) Create VPC (creates default security group, NACL & route
2) Create subnets
3) Create iNet Gateway
4) Create route table
5) link public subnet to Inet gateway
6) Setup auto-assign of public IP’s if desired
7) Create instances in each subnet
8) Create security groups as needed (HTTP, etc) to allow access between subnets
At what three levels can VPC flowlogs be created?
o VPC – all VPC traffic
o Subnet – all subnet traffic
o Network interface – per instance
What are the two types of VPC endpoints?
o Interface endpoint – elastic network interface (ENI) – entry point for traffic destined to the service
o Gateway endpoint – serves as a target for a route in your route table for traffic destined for the service. Similar to NAT gateway, is more resilient than interface.
What are the two type of SQS queues and key differences?
1) Standard (default) - volume/speed, but risk of 2x delivery and mis-ordering
2) FIFO - 300/sec but guaranteed 1x and ordering (use case: banking)
What are the 3 actors of SWF (Simple Workflow Service)
1) Activity Workers = programs that interact with SWF to get tasks, process them and return result
2) Deciders = controls the coordination of tasks – ordering, concurrency, scheduling
3) Workflow Starters - initiates workflow (i.e. a web site sending transaction)
What are 4 differences between SWF and SQS?
o SWF only assigns ONCE, whereas SQS can assign 2x (due to timeout)
o SWF is task-orientated, SQS is message-orientated
o SWF keeps track of all app tasks. With SQS, you need to implement your own app-level tracking
o SWF retention max = 1 year. SQS = 14 days
• Exam: scenarios usually around when to use SWF vs SQS
o Any human interaction should be SWF
o Delivery timeframe – longer than 12 hours, then SWF
What are the 3 core service of Kinesis?
1) Streams - shards, hold data 12h - 7d. Manual scaling
2) Firehose - automated, no shards, no retention. Batching, encrypting, compressing
3) Analytics - Analysis of data in Streams or Firehose
What are the 8 types of subscribers (protocols) to SNS
HTTP HTTPS Email Email-JSON Lambda Application SQS SMS
What is the IP to get user and meta data from an instance?
169.254.169.254
/latest (or date)/meta-data
/latest (or date)/user-data
/latest (or date)/dynamic
What are 4 key capabilities of AWS Organizations
1) Consolidate billing
2) Centrally manage policies across accounts
3) Control access to services/actions (SCP - Service Control Policies)
4) Automate AWS account create/delete
What are the steps to enable cross-account access?
(need to know account #’s)
1) In dev: Create user + group
2) In prod:
a) Create read-write-app-bucket policy
b) Create UpdateApp cross account role
c) Apply policy to the role
3) in Dev: Create new in-line policy & apply to the group created earlier
4) Use “Switch Role” from Account drop-down
What are the 2 types of resource groups?
1) Classic - global or regional, view-only
2) AWS Systems Manager - regional only, automation, insights, health checks, etc
What are the 9 steps of a typical STS authentication process?
o Step 1 – user enters their ID & password
o Step 2 – App passes ID/pw to broker
o Step 3 - Broker verifies via LDAP/AD that ID/pw are correct
o Step 4+5: On EXAM: STS returns to broker:
Access key
Secret access key
Token (demonstrates that user is authenticated)
Duration (can last between 1 – 36 hours)
o Step 6: Broker sends STS info to app
o Step 7: App connects to S3 with token
o Step 8/9: S3 verifies user has permissions for that resource
What are the 7 key components of docker?
1) Docker image
2) Docker container
3) Layers / Union File System
4) DockerFile
5) Docker Daemon / Engine (runtime)
6) Docker client – interface between user and daemon
7) Docker registries – i.e. Dockerhub, ECH, etc
List the 2 types of ECS schedulers
o Service Scheduler
Container re-launch on failure
Can ensure tasks are registered against ELB
o Custom Scheduler
Build you own schedulers
Leverage third-party schedulers, like Blox
What are the 4 default metrics provided by Cloudwatch?
o CPU
o Storage
o Network
o Status
What are the 4 IAM policy types?
1) Identity-based (Managed & inline)
2) Resource-based
3) Organizations SCP
4) ACL’s
What 5 operating systems are included free with EC2?
- Redhat Enterprise Linux
- SUSE enterprise Linux
- Windows Server
- Oracle Enterprise Server
- MS SQL Server
What are the 5 pillars of a well-architected framework?
1) Operational Excellence
2) Security
3) Reliability
4) Performance Efficiency
5) Cost Optimization
What are the 4 AWS Support plans?
1) Basic
2) Developer
3) Business
4) Enterprise
What five categories does Trusted Advisor cover?
- Cost optimization
- Performance
- Security
- Fault tolerance
- Service limits
What are the 4 valid orgins for CloudFront?
1) S3 bucket
2) S3 bucket set up as a Mediastore container
3) MediaPackage Channel
4) Custom - EC2 instance, http server, etc
(note: Lamba is not a valid origin)
What are the 13 key design principles?
1) Scalability
2) Disposable Resources, not fixed servers
3) Automation
4) Loose Coupling
5) Services, no Servers
6) Databases
7) Data Warehouse
8) Search
9) Removing Single Points of Failure
10) Optimize for Cost
11) Caching
12) Security
13) Real-time monitoring
What 5 AWS Resources are “reservable”
EC2 Redshift RDS DynamoDB Cloudfront
List common AWS support tools and their scope
- AWS Config – track and maintain configurations
- Amazon Inspector – automated security & compliance assessment (Includes pre-configured checks for common best practices)
- AWS Trusted Advisor – optimization of cost & performance, basic security checks, fault tolerance & service limits
- Access Advisor – visibility into policies/access that is not used, so you can remove
- Consolidated billing
TCO calculator, COst estimator, AWS budgets, etc
What are the three key points of S3’s data consistency model?
o PUTS of new objects – read-after write consistency (with caveat)
o Overwrite PUTS and DELETES – eventual consistency
o Object-locking not supported
What are the 4 options for encrypting S3 data?
1) Client side encryption
2) Server-side encryption with S3 managed keys (SSE-S3)
3) Server side encryption with KMS (SSE-KMS)
4) Server-side encryption with Customer keys (SSE-C)
What are the four things you can do with CloudWatch?
1) Create dashboard
2) Monitor/react to events
3) Monitor logs
4) set alarms based on thresholds
What are the two types of EC2 Placement groups
1) Clustered (default). Single AZ, low-latency,
2) Spread. New in 2017, can span AZ, set on specific hardware to ensure decoupling
What are the 3 AWS Storage Gateway options?
1) Tape Gateway
2) Volume Gateway (cached & stored)
3) File Gateway (S3 via local VM/app & NFS)
What services are included in free tier and which stay free (within limits)?
o Expire after 12 months: EC2 S3 RDS Cloudfront o Always free (each have limits): DynamoDB Glacier Lambda
