Deck Flashcards
Does IAM apply to regional assets?
No, IAM is universal across the platform
What is the root IAM account?
The account created when the AWS instance is first setup
Should you use IAM roles or hard coded secrets/keys in programmatic access?
IAM roles
Do new users have permissions when they are created?
No
Can you view a new user’s access key id & secret access key after creation?
No
Can you use the access keys to login to the AWS console?
No
Should the root account have MFA setup?
Yes, always
True or False: AWS recommends that EC2 instances have credentials stored on them so that the instances can access other resources (such as S3 buckets).
False
What is the best way to enable your EC2 instance to read files in an S3 bucket?
Create an IAM role with read access to S3 and assign the role to the EC2 instance
What is an IAM Policy?
A JSON document which defines one or more permissions
What IAM entity can you use to delegate access to your AWS resources to users, groups or services?
IAM Role
What are the EC2 Options
On Demand, Reserved, Spot, Dedicated Hosts
What is the Reserved EC2 Option
provides you with a capacity reservation, and offer a significant discount on the hourly charge for an instance. 1 or 3 year term reservation
FIGHTDRMCPX
FPGA, IOPS, Graphics, High Disk Throughput, Cheap General Purpose(T2 Micro), Density, Ram, Main choice for general purpose apps(M), Compute, Graphics(Pics), Extreme Memory
What is Amazon EBS?
Elastic Block Storage (disk)
What EBS type would I use for more than 10000 IOPS?
IO1 aka, not GP2
What EBS type would I use for less than 10000 IOPS?
GP2
What is the On Demand EC2 Option
Allows you to pay a fixed rate by the hour or second with no commitment
What is the Spot EC2 option
enables you to bid whatever price you want for the instance - instances are brought online when the price drops at or below your bid and then terminated when the price goes back up
What is the dedicated hosts EC2 option
Physical EC2 server dedicated for your use.
True or False: When a sport EC2 instance is terminated by Amazon, you will not be charged for the partial hour of use
True
What types of SSD storage does Amazon offer for EC2?
General Purpose SSD and Provisioned IOPS SSD
What types of Magnetic storage does Amazon offer for EC2?
Throughput Optimized HDD, Cold HDD, and Magnetic
What is an EC2 Security Group
Virtual Firewall
What types of Load balancers exist on Amazon
Application, Network, and Classic Load Balancer
What are application load balancers
Best suited for load balancing HTTP/S traffic and operate at layer 7
What are network load balancers
Best suited for TCP traffic where extreme performance is needed, operates at layer 4
What are classic load balancers
Legacy elastic load balancers, does both layer 4 and layer 7
With a classic load balancer, what happens when your application stops responding
Load balancer responds with a 504 error
What is the X-Forwarded-For header
Header that contains the actual client IP Address for a request that came through a classic load balancer
What is Amazon Route53
Amazon DNS service
What services can you map domain names to with Route53
EC2 instances, Load Balancers, S3 Buckets
What do all AWS CLI commands start with
AWS
How much access should I grant to CLI users
The least amount needed to do their job
Should users be assigned to groups
Yes, this is preferred way of granting permissions
How can you access Amazon services from EC2 instances without an access key
Use IAM Roles assigned to the instance
What is the preferred way of granting access to Amazon services for EC2 instances
IAM Roles
What controls what an IAM Role can do
JSON Policy
When do changes to policies on a role take affect
Immediately
Can you attach or detach a role from a running EC2 instance
Yes
If you create an EBS volume from an encrypted snapshot, is the newly created volume encrypted?
Yes
If you create an EBS volume from an unencrypted snapshot, is the newly created volume unencrypted?
Yes
If you create an EBS volume from an encrypted snapshot, is the newly created volume unencrypted?
No
If you create an EBS volume from an unencrypted snapshot, is the newly created volume encrypted?
No
Do your EC2 instances need to be in the same availability zone as the EBS volumes they use?
Yes
When creating a volume from a snapshot, can you change whether the drive is encrypted or not?
No, the un/encryption is all based on the snapshot itself and cannot be changed
What are the two ways for encrypting a root EBS drive?
Using the OS, like Bitlocker, or by taking a snapshot in AWS Console
What is the preferred way of encrypting a root EBS drive?
Using the AWS Console and a snapshot
Can you encrypt an unencrypted EBS snapshot?
Yes
How do you encrypt an unencrypted EBS snapshot?
Create a copy of the snapshot
What is Amazon RDS
Relational Database Service
What is Amazon Elasticache
Web service that makes it easy to deploy, operate, and scale an in-memory cache
What two open-source in-memory caching engines are supported by Elasticache
Memcached and Redis
Is Amazon RDS service for OLTP or OLAP
OLTP
What is Amazon’s NoSQL Db?
DynamoDB
What is Amazon’s OLAP service?
Redshift
By default, can resource security groups talk to one antoher?
No
How can you make it so one security group can talk to another?
Define an inbound rule for the target security group from the source security group. i.e. Db group and web server group
What are the two types of RDS backups in AWS?
Automated backups and Database snapshots
How can you restore a RDS db from an Automated Backup
You can restore to any point within a retention period
How long is the retention period for an Automated Backup
one to 35 days
True or False: Automated RDS backups take a full snapshot daily
true
Do Automated backups store transaction logs throughout the day?
Yes
How accurate is a recovery from an Automated Backup for RDS
Down to a second
Where does Amazon store the Automated backups
In a S3 bucket
Ture or False: When you restore a RDS from a backup,, a new database is created
True
True or False: When you restore a RDS from a Automated Backup, a new database is created
True
True or False: When you restore a RDS from a snapshot, a new database is created
True
Does a RDS instance restored from a backup get a new DNS pointer?
Yes
Can you encrypt an existing RDS instance in place?
No, you must create a snapshot
In RDS, what is Multi-AZ
When you select to have a database live in multiple availability zones for disaster recovery
In RDS, is Multi-AZ designed and used for high availability?
No, for disaster recovery
Do you ever use a public IP when working with a RDS database instance?
No, never use public IP - always use the DNS name
When should you use the DNS name to connect to a RDS instance?
Always
True or False: RDS Multi-AZ is used for disaster recovery only
True
True or False: RDS Multi-AZ is used for increasing performance
False
How would I increase performance of my RDS instance?
Using a read replica
What is a RDS read replica
Automatically updated RDS instances used to increase read throughput for your database instance
Can you have read replicas of a read replica?
Yes
True or False: RDS Read replica is used for disaster recovery only
False
True or False: RDS Read Replica is used for increasing performance
True
True or False: Each read replica of a RDS instance will have its own DNS endpoint
True
Can you have Multi-AZ for read replicas?
Yes
Can you have both Read Replica and Multi-AZ RDS instances?
Yes
True or False: A read replica can be promoted to become its own RDS instance?
True
What does promoting a read replica to its own database do?
Creates a RDS instance from the read replica and breaks replication
True or False: You can’t have read replicas in a second region?
False, you can
Which Elsticache provider do you use to have Multi-AZ
Redis
Does the Memcached Elasticache provider allow for Multi-AZ
No
Which Elasticache provider should I use if object caching is my primary goal?
Memcached
Which Elasticache provider should I use if I want the simplest possible approach
Memcached
Which Elasticache provider should I use if I am planning on running large cache nodes, and require multithreaded performance with utilization of multiple cores?
Memcached
Which Elasticache provider should I use if I need to scale my cache horizontally as i grow?
Memcached
Which Elasticache provider should I use if I have more advanced datatypes
Redis
Which Elasticache provider should I use if sorting and ranking datasets in memory will help me
Redis
Which Elasticache provider should I use if persistance of my keystore is important
Redis
Which Elasticache provider should I use if I want to run Multi-AZ
Redis
If my database is under a lot of stress/load and is read heavy executing many OLTP, what Amazon service should i use to alleviate this?
Elasticache
If my database is under a lot of stress/load and is executing OLAP, what Amazon service should I use to alleviate this?
Redshift
Which Elasticache provider should I use if I need pub/sub capabilities?
Redis
Which Elasticache provider should I use if I am implementing leaderboards?
Redis
What is S3?
Simple Storage Service
What does S3 provide to customers?
secure, durable, highly-scalabale object storage
What is the main purpose of S3?
To store objects, not operating systems or databases
Can I use S3 to store/run a database?
No
Can I use S3 to store/run an operating system?
No
Can I use S3 to store a webpages, files, or images?
Yes
Is S3 a safe place to store your files?
Yes
Does S3 store your objects across multiple devices and facilities?
Yes
Does S3 have high availability built in?
Yes
True or False: S3 has an element of disaster recovery built in?
True
How big can one file be in S3?
5TB
True or False: S3 provides unlimited storage
True
True or False: S3 limits your total amount of storage
False
If I have a 4.5TB file, can I store this in S3?
Yes
If I have a 5.1TB file, can I store this in S3?
No
What are folders called in S3?
Buckets
What is a bucket in S3?
Location files are stored (folder)
True or False: S3 bucket names must be unique globally
True
What HTTP code is returned when you successfully upload a file to S3?
200 OK
What data consistency does S3 provide for PUTs of new objects?
Read after write
How long do I have to wait to access my file in S3 after I have finished uploading it?
You don’t have to wait at all
What data consistency does S3 provide for overwriting an existing file with a PUT or DELETEs on a file?
Eventual Consistency
True or False: S3 is a key-value store
True
An S3 object consists of _______
Key, Value, Version ID, Metadata, Subresources
Does S3 support versioning of specific files?
Yes
Is S3 designed to sustain the loss of 2 facilities at the same time?
Yes
What is S3 - IA?
S3 for infrequently accessed data
When using S3 - IA, do I pay per data retrieval?
Yes
What is S3 - One Zone IA?
S3 for infrequently accessed data that is only in one availability zone
What is S3 reduced redundancy storage?
S3 for data that is easy to recreate, like thumbnails
What is S3 Glacier?
Very cheap S3 bucket for archiving data.
How long do you have to wait before accessing your data in Glacier?
3-5 hours
Which S3 storage class has the highest availability and durability?
Standard
What is S3 Intelligent tiering?
automatically moves your S3 buckets to the most cost effective tier based on how you access each object
What is S3 intelligent tiering used for?
Unknown or unpredictable access patterns
What are the two tiers for S3 intelligent tiering?
Frequent and infrequent
How long does data have to go unaccessed before it is moved to the infrequent tire in S3 intelligent tiering?
30 consecutive days
How much does S3 Intelligent tiering cost?
$0.0025 per 1000 objects/month
What do you get charged for in S3
Storage per GB, Requests, Storage management pricing, data management pricing(for moving data out of S3), Transfer Acceleration (using cloudfront)
True or False: Newly created buckets in S3 are publicly available?
False
True or False: Newly created buckets in S3 are private?
True
What are the mechanisms for controlling access to your S3 buckets?
Bucket policies and access control lists
What is an S3 Bucket Policy
Access control policy at the bucket level
What is a S3 Access Control List
Access control policy at the object level
Can I configure my S3 bucket to log accesses?
Yes
Can I configure my S3 bucket to log accesses and store those logs in another bucket?
Yes
Does S3 support encryption on objects?
Yes
Will S3 encrypt your objects for you?
Yes
True or False: I must encrypt files myself before uploading them to S3 if I want them to be encrypted
False
True or False: I cannot log API actions at the bucket level in S3
False
What tool can I use to log actions at the bucket level in S3
CloudTrail, for additional cost
Can I monitor the performance of requests into my S3 buckets?
Yes, using CloudWatch
Can you upload a publicly available file to a private bucket?
No, the bucket must be publicly available
If a bucket is publicly available, are all the objects automatically publicly available?
No
What types of encryption does S3 support?
In transit and at rest
What types of in transit security are supported by S3?
SSL/TLS
What types of at rest encryption does S3 support?
SSE-S3, SSE-KMS, SSE-C
Can I encrypt existing objects in my S3 bucket?
Yes
Can I provide my own keys for S3 encryption?
Yes
How would I enforce S3 object encryption on my bucket for all newly uploaded files?
Using a bucket policy
What encryption parameter should you include to encrypt your files at upload time?
x-amz-server-side-encryption: AES256 or ams:kms
Does S3 support CORS access?
Yes
What is CloudFront?
Amazon’s CDN
What is an Edge Location in CloudFront?
Geographically dispersed data centers that you can select to host your CDN in
What is an Origin in CloudFront?
This is the origin of all the files that the CDN will distribute
What are valid Origins for a CloudFront CDN?
S3 Bucket, EC2 instance, Elastic Load Balancer, or Route53
What is a CloudFront Distribution
Name given to a CDN which consists of a collection of edge locations
What is a CloudFront Web Distribution?
A distribution typically used for WebSites
What is RTMP in CloudFront?
A distribution used for media streaming on the CDN
What does RTMP stand for in CloudFront
Real Time Messaging Protocol
If I want to optimize performance for global users of my S3 backed website, what tool should I use?
CloudFront
Can I use CloudFront with any non-AWS Origin server?
Yes
Is a CloudFront edge location the same thing as an AWS Region or Availability Zone?
No
True or False: CloudFront edge locations are read-only
False
How long are objects cached in an edge location?
For the TTL (Time to LIve)
True or False: I cannot manually clear an edge location cache
False, you can
True or False: Manually clearing an edge location cache is free
False, it costs
I have content on my website that I want to restrict to paid users only and I’m using CloudFront for CDN. How do I achieve this?
By using the Signed URLs/Signed Cookies option
True or False: The first time a user access a file using cloudfront, the file will load fast
False
When does a file get cached in an edge location by cloudfront?
The first time a user access the file
How would I optimize performance for my GET-Intensive S3 workloads?
CloudFront CDN
How would I optimize performance for my Mixed Request Type workloads
Using a random key name instead of a sequential one
What are the S3 storage classes?
S3, S3 - IA, S3 - One Zone IA, S3 - Reduced Redundancy, Glacier
What is the default TTL for CloudFront cache?
24 hours
True or False: If you want to enable a user to download private data directly from S3, you can use a signed URL
True
What is the largest file size you can transfer to S3 using a PUT operation?
5GB
What are the ways to trigger an AWS lambda
HTTP Triggers and event triggers
What is API Gateway
The API proxy service
What languages are supported by Lambda
Node.js, Java, Python, C#, Go
If I execute less than 1 million requests per month, will I incur a charge for my lambda functions?
No
If I execute more than 1 million requests per month, will I incur a charge for my lambda functions?
Yes, $0.20 per 1 million requests
Is there a charge for the duration my lambda functions run?
Yes, $0.00001667 per GB-Second
True or False: Lambda scales out (not up) automatically
True
Are my lambda functions independent, meaning 1 trigger means 1 function?
Yes
Is lambda a compute service?
Yes
What services in AWS are serverless?
Lambda, S3, API Gateway, Dynamo Db
Can my lambda function trigger other lambda functions?
Yes
What service allows you to debug your lambda functions
AWS X-Ray
Are lambdas limited to interacting with other services that are in the same region as the lambda itself?
No
True or False: An AWS API Gateway exposes HTTPS Endpoints to define a RESTful API
True
Can I track and control API usage using an AWS API Gateway?
Yes
Can I cache API Responses with API Gateway
Yes, for a specified TTL
What are the Lambda triggers?
API Gateway, AWS IoT, Alexa Skills Kit, Alexa Smart Home, CloudFront, CloudWatch events, CloudWatch Logs, CodeCommit, Cognito Sync Trigger, DynamoDb, Kinesis, S3, SNS
Does AWS Lambda support versioning
Yes
Can I have more than one version of my Lambda published?
Yes
What are the ARN types for Lambda functions
Qualified and Unqualified
What is a Qualified ARN
The function ARN with the version suffix
What is an Unqualified ARN
The function ARN without the version suffix
What is a Lambda alias
A name that points to a particular version of your lambda function
Can I change a lambda function version after I have published it?
No, you must edit the $LATEST version
Can I split traffic across two versions of a lambda?
Yes
How would I split traffic across two versions of a lambda?
Using an alias
Can I include the $LATEST version in an alias that splits traffic between two versions of a lambda
No, you can only used published versions
What are step functions?
These allow you to visualize and test your serverless applications by providing a GUI to arrange and visualize the components of your applications
What is AWS X-Ray
A service that collects data about requests that your application serves and provides tools you can use to view, filter, and gain insights into that data to identify issues
How does data flow in X-Ray
X-Ray SDK -> X-Ray Daemon -> X-Ray API -> X-Ray Console
What services does X-Ray work with?
Elastic Load Balancers, Lambda, API Gateway, EC2, Elastic Beanstalk
What programming languages does X-Ray support
Java, Go, Node.js, python, Ruby, .NET
True of False: One can import a API definition to API Gateway
True
What specification should an API Definition be written in to import it to API Gateway
Swagger v2.0/OpenAPI
What is the steady state default throttling setting for API Gateway
10000 requests per second
What is the maximum concurrent requests for API Gateway
5000
What error will you receive if you exceed your request throttling limits with API Gateway
429 Too Many Requests
If a caller submits 10000 requests evenly across a one second time span, will API Gateway process them all?
Yes
If a caller submits 10000 requests in the first millisecond of a one second time span, will API Gateway process them all?
No, only 5000 will get handled, the others will get a 429
If a caller submits 5000 requests in the first millisecond and then evenly spreads 5000 requests across the remaining 999 milliseconds in a one second time span, will API Gateway process them all?
Yes
Can you use API Gateway to pass through SOAP requests?
Yes
Can you lift the DynamoDb default throttling limits?
Yes
What are the data models supported by DynamoDB
document and key/value pairs
What physical storage technology is utilized by DynamoDb
SSDs
Do DynamoDBs get spread across regions?
Yes, spread across three geographically distinct data centers
What data consistency models does DynamoDb support?
Eventual Consist Reads and strongly consistent reads
In DynamoDb, what is Eventually Consistent reads?
Consistency across all copies of data is reached within a second.
What DynamoDb consistency model offers the best read performance?
Eventually Consistent Reads
In DynamoDB, what is Strongly Consistent Reads?
Reflects all writes that received a successful response prior to the read
In DynamoDb, what specifications can i use in a stored document?
JSON, HTML, XML
What types of Primary Keys does DynamoDb use?
Partition key and composite key
What is a partiion key in dynamodb
A unique attribute(column) on teh data i.e. UserId
What is a composite key in dynamodb
A partition key coupled with a sort key
When should I use a composite key instead of a partition key
When the partition key is not unique to my table i.e. forum posts
If I have multiple records in a DynamoDb table that will have the same partition key, what primary key type should I use?
Composite Key
Does DynamoDb allow for restricting users’ access to only their own data?
Yes, via an IAM Condition
How would I restrict DynamoDb access so that a user can only access their own data?
Using an IAM Condition
What does DynamoDb consist of?
Tables, items, and Attributes
Hos is general access to a DynamoDb database controlled?
IAM Policies
If I want to enable fine grained access control for my dynamoDb, i.e. row level security, what IAM condition parameter would I use?
dynamodb:LeadingKeys
What are the types of indexes supported by DynamoDb
Local Secondary Index and Global Secondary Index
In dynamodb, what is a local secondary index?
created at table creation time, same partition key as your table, different sort key, increases query performance for the composite key used to define it
In dynamodb, what is a global secondary index?
created whenever, different partition and sort key, increases query performance when using the composite key used to define it
Does a local secondary index use the same partition key as the table?
Yes
Does a local secondary index us the same sort key as the table?
No
Does a global secondary index use the same partition key as the table its on?
No
Does a global secondary index use the same sort key as the table its on?
No
When can you create a local secondary index?
At table creation time
When can you create a global secondary index?
Any time
Can I create a local secondary index after i have created my table?
No
What are the ways to get data out of a dynamodb table?
Scan and Query
What is a dynamodb query?
Operation that finds items in a table based on the primary key
For a dynamodb query, what is a ProjectionExpression?
The equivalent of the select statement for sql - filters the attributes returned for a given query
Can you reverse the order that a query returns results in for DynamoDb?
Yes
What parameter would I use to reverse the query results in dynamo db?
ScanIndexForward
What consistency model do queries use by default?
Eventually Consistent
Can I use a different consistency model for my dynamodb queries?
Yes, can set to Strongly Consistent
What is a scan operation in DynamoDb
an operation that examines every item in the table
Can you limit attributes returned by a scan operation?
Yes
How would I limit the attributes returned by a scan operation?
Use the ProjectExpression parameter
Does a scan operation filer the data on the server side?
No, it dumps the data out, then filters it
What is the most efficient way to get data out of a dynamodb table?
Query
True or False: A scan dumps the entire table to memory, then filters
True
Can you page results from a dynamo query or scan
Yes
What is the default order of results for a dynamodb data operation?
Ascending Order
What is DynamoDb provisioned throughput?
Throttling for Dynamodb measured in capacity units configured when you create your table
How do you calculate how many read units are needed for a strongly consistent table?
you take the size of each item / 4KB, round up to the nearest whole number, then multiply by the number of reads per second
How do you calculate how many read units are needed for an eventually consistent table?
You take the number needed for a strongly consistent table and divide by two
How do you calculate how many write units are needed?
You take the size of each item, divide by 1 KB, round up to the nearest whole number, multiply by the number of writes per second
What is one write capacity unit?
1 x 1 KB Write per second
What is one read capacity unit?
1 x 4 KB Strongly consistent read OR 2 x 4 KB Eventually consistent reads per second
What is the DynamoDb on-demand capacity model?
Allows your DB to automatically scale for the workload
If I have unpredictable or unknown capacity needs, what capacity model should I use?
On demand
Can I change the capacity model my dynamodb uses after its created?
Yes
How often can I change the dyanmodb capacity model
Once per day
What is DAX
DynamoDb Accelerator
What is DynamoDb Accelerator (DAX)?
A Fully managed, clustered in-memory cache for dynamodb
How much faster is DAX?
10x read performance
Does DAX improve write performance?
No
What consistency model and operation does DAX use if there is a cache miss?
Eventually Consistent GetItem
What caching strategies are available in ElastiCache
Lazy Loading and Write Through
What is the lazy loading strategy in ElastiCache
Loads the data into the cache only when it’s necessary
When using the lazy loading strategy in ElastiCache, what happens when there is a cache miss?
ElastiCache returns null and Your application fetches the data from the database and then writes the data into the cache
What is write through caching strategy for ElastiCache
Adds or updates data to the cache whenever data is written to the database
True or False: DAX only supports write-through caching strategy
True
True or False: You can use DAX or ElastiCache with DynamoDb
True
How would I avoid stale data in my ElastiCache when using the Lazy Loading strategy?
Using a TTL
What are DynamoDb transactions?
ACID Transactions
What does ACID stand for?
Atomic, Consistent, Isolated, Durable
Can I read/write data across multiple tables in a DynamoDb transaction?
Yes
Do DynamoDb transactions allow for me to check a pre-requisite condition before writing to a table?
Yes
What is DynamoDb TTL?
TTL attribute defines an expiry time for your data after which the data is marked for deletion
How long can it take for an item to be deleted after the TTL expires in dynamodb?
Up to 48 hours
What are DynamoDb streams?
Time-ordered sequence of item level modifiations
True or False: A dynamoDb stream is like an audit trail for an item
True
Are my DynamoDb streams encrypted?
yes, at rest
How long are my DynamoDb streams stored?
24 hours
What item update lifecycle hooks can I use for dynamodb streams?
Before and after
How does my application access dynamodb streams?
Via a separate API from the DynamoDb one
True or False: DynamoDb streams are NOT recorded near-real time
False
Can I use DynamoDb streams as a Lambda trigger?
Yes
If I exceed the provisioned throughput for my DynamoDb, what exception do I get?
ProvisionedThroughputExceededException
What is exponential backoff for provisioned throughput in DynamoDB?
Waits progressively longer to retry a request when failed requests happen
When using exponential backoff, if your request still has not succeeded after one minute, what does this indicate?
That your request may be too large for the provisioned throughput on your table and that you may need to increase the limits
True or False: A local secondary index can be deleted at any time
False
True or False: A global secondary index can be deleted at any time
True
What service should you use to securely store confidential information like credentials and license codes?
Systems Manager Parameter Store
What API Call should you use to get multiple items from a DynamoDb table
BatchGetItem
What is KMS
Key Management Service
Are KMS Encryption Keys Regional?
Yes
True or False: KMS Encryption Keys are globally available
False
Can I export my customer master key?
No
What does a customer master key consist of?
alias, creation date, description, key state, key material
What terminal command do you have to run in order to use the AWS CLI?
aws configure
What CLI command do I use to encrypt a file using KMS?
aws kms encrypt
What CLI command do I use to decrypt a file using KMS>
aws kms decrypt
What does the CLI command aws kms encrypt do
encrypts a local file using KMS
What does the CLI command aws kms decrypt do
decrypts a local frile using KMS
What does the CLI command aws kms re-encrypt do
re encrypts an already encrypted file by decrypting it to plain text, encrypting, and immediately destroying the plain text
What does the CLI command aws kms enable-key-rotation do
Turns on key rotation so that they key is changed every year
What is KMS envelope encryption
The process of encrypting your envelope key
Describe KMS envelope enccryption
We use the CMK to encrypt the key that is used to encrypt our data
How long does it take to delete an encryption key
7 to 30 days
What is SQS?
Simple Queue Service
How big can my SQS message be?
256 KB
What types of queues are available on SQS
Standard queues and FIFO Queues
Do standard SQS queues have ordering
No
Are standard SQS queues guaranteed to deliver a message at least once?
Yes
Are standard SQS queues guaranteed to delivery a message only once?
No
True or False: FIFO SQS queues have an order
True
True or False: FIFO SQS queues delivery a message exactly once
True
I need to guarantee my message is only processed one time - which SQS queue type should I use
FIFO
What is the transaction limit for a FIFO SQS queue
300 transaction per second
What is the transaction limit for a Standard SQS queue
There isn’t one
True or False: SQS is Pull based
True
True or False: SQS is push based
False
What is the time span that a message can live in a SQS queue?
1 minute to 14 days
What is the default retention period for SQS messages?
4 days
What is visibility timeout in SQS?
The amount of time that the message is invisible in the SQS queue after a reader picks up that message
What is the default visibility timeout
30 seconds
What is the maximum visibility timeout
12 hours
What is SWS Long Polling?
This is a type of polling that doesn’t return until a message arrives in the queue or the long poll times out
What is amazon SNS?
Simple Notification Service
What is SNS used for?
Think push notifications
True or False: SNS is instantaneous push-based delivery of notification
true
What pricing model is used by SNS
Pay as you go
If I need to use Pull based messaging which service should I use?
SQS
If I need to use push based messaging, which service should I use
SNS
True or False: SNS uses a Pub-Sub model
True
True or False: SQS uses a Pub-Sub model
False
What format of notification can I send using SNS
SMS, Email, SQS, HTTP
What is SES
Simple Email Service
Can SES be used to receieve emails
Yes
True or False: SES can trigger lambda functions or SNS services when email is received
True
True or False: SES allows users to send automated emails
True
True or False: SES can send more than just email
False
What is Amazon Kinesis
An AWS service to send your streaming data to
What are Kinesis streams made out of
Shards
What is kinesis firehose
Kinesis without streams or shards
What are kinesis analytics
Allows you to run SQL queries to send on to a destination
What is elasticbeanstalk
A service for deploying and scaling web applications developed in various languages
What programming languages does ElasticBeanstalk support?
Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker
What web servers does ElasticBeanstalk support
Tomcat, Nginx, Puma, Passenger, and IIS
Does ElasticBeanstalk autoscale up and down?
Yes
What is an ElasticBeanstalk deployment policy
Method under which ElasticBeanstalk deploys changes or updates
What are the options for an ElasticBeanstalk deployment
All at once, rolling, rolling with additional batch, immutable
Will I have downtime with an ElasticBeanstalk all at once deployment
Yes
How does an all at once ElasticBeanstalk deployment work
It deploys the new version to all instances simultaneously
How do you recover from a failed all at once ElasticBeanstalk deployment
You must roll back the changes by re-deploying the original version to all your instances
What is an ElasticBeanstalk rolling deployment
Deploys the new version in batches
How does a rolling deployment work
Takes each batch of instances out of service while the deployment takes place
Will I experience downtime with a rolling deployment?
No
What is the negative impact for a rolling deployment
Reduced capacity
How do I recover from a rolling deployment failure
You must perform an additional rolling update to roll back the changes
What is rolling deployment with additional batch policy
Launches additional batch of instances during update
Will I experience downtime during a rolling deployment with additional batch policy
No
Will I experience any loss of capacity during a rolling deployment with additional batch policy
No
How do I recover from a failure during a rolling deployment with additional batch policy
Perform an additional rolling update to roll back the changes
What is immutable deployment in ElasticBeanstalk
Deploys a the new version to a fresh group of instances in their own new autoscaling group
Will I experience downtime during an immutable deployment
No
How do I recover from a failure during an immutable deployment
Terminate the new auto scaling group, done
Can I customize my ElasticBeanstalk environment
Yes
How would I customize my ElasticBeanstalk environment
Using an ElasticBeanstalk configuration file
What specifications are supported for an ElasticBeanstalk configuration file
YAML and JSON
What folder must my ElasticBeanstalk configuration files be in?
.ebextensions
Does the name of my ElasticBeanstalk configuraiton file matter?
No
What file extension does my ElasticBeanstalk configuration file need to have
.config
Where should the .ebextensions folder go for it to configure my ElasticBeanstalk env
In the root of the repo
Can I put my .config files for ElasticBeanstalk under source control
Yes
What options do I have for launching an RDS instance
Launch within ElasticBeanstalk and Launch outside ElasticBeanstalk
Which RDS instance launch strategy should I use for my production instance
Outside ElasticBeanstalk
What is the systems manager parameter store
Place to store sensitive information to share across services
What types of data are supported by the systems manager parameter store
String, String List, Secure String
Does the systems manager parameter store support versioning of parameters?
Yes
What API Call would you use to extend the time allowed for a SQS message to be processed by a consumer
ChangeMessageVisibility
What is the maximum timeout for visibility of a message in a SQS queue
12 Hours
What is the maximum long poll timeout
20 Seconds
What is AWS Storage Gateway
Service used for attaching infrastructure located in a data center to the aws storage infrastructure
What are all of the DevOps services prefixed with
Code, i.e. CodeCommit, CodeBuild, CodePipeline, CodeDeploy
Where can I deploy code using CodeDeploy
EC2, on-premise systems, and lambda functions
What are the deployment approaches when using CodeDeploy
In-Place and Blue/Green
What deployment targets can I use an in-place deployment strategy from CodeDeploy for?
EC2 and on-premise systems
Can I do an in-place deployment from CodeDeploy on a Lamdba
No
For CodeDeploy, what doe the Blue and Green colors represent
Blue are the active deployment and green are the new release
What is a CodeDeploy deployment group
Set of EC2 instances or Lambda functions to which a new version of the software is to be deployed
What is a CodeDeploy Deployment
The process and components used to apply a new revision
What is a CodeDeploy Deployment Configuration
A set of deployment rules as well as success/Failure conditions used during a deployment
What is a CodeDeploy AppSpec File
Defines the deployment actions you want CodeDeploy to do
What is a CodeDeploy revision
Everything needed to deploy the new version
What is a CodeDeploy Application
Unique Identifier for the application you want to deploy
What are the fields in a CodeDeploy app spec file?
Version, resources, hooks
What are the CodeDploy Hooks?
BeforeAllowTraffic, AfterAllowTraffic, BeforeInstall, AfterInstall, ApplicationStart, ValidateStart, BeforeBlockTraffic, BlockTraffic, AfterBlockTrffic,ApplicationStop, DownloadBUndle, Install, ApplicationStart, ValidateService, AllowTraffic
What fields does an on-premise AppSpec file have
version, os, files, hooks
What are the three stages of hooks for a CodeDeploy lifecycle
Traffic Deregistration, Application Upgrade, Traffic Registration
What is BigBAADBrazenIconAboutAllVisualBAAmfs
The order of CodeDeploy lifecycle hooks
BeforeBlockTraffic BlockTraffic AfterBlockTraffic ApplicationSTop DownloadBundle BeforeInstall Install AfterInstall ApplicationStart ValidateService BeforeAllowTraffic AllowTraffic AfterAllowTraffic
What is CloudFormation
Allows you to provision infrastructure using code
What specifications does CloudFormation support
YAML and JSON
Is CloudFormation free to use?
Yes
What is the only mandatory section for a CloudFormation template?
Resources
What are the main sections for a CloudFormation template
Parameters, Conditions, Resources, Mappings, Transforms
What is the serverless appliation model (SAM)
An extension of the CloudFormation used to define serverless applications
What are the SAM cli commands
sam package and sam deploy
What is a CloudFormation Nested Stack
Allow you to reuse your CloudFormation code
If I want to use the output of my CloudFormation stack
as input to another CloudFormation stack, which section would I use?
Outputs
How can you prevent CloudFormation from deleting your entire stack on failure?
Set the Rollback on failure radio button to no in the console or use the –disable-rollback flag with the AWS CLI
Which section of the CloudTransformations spec do you use to reference code in an S3 bucket
Transforms
What is web identity federation
Allows users to login to AWS using a 3rd part provider like Facebook, Amazon, or Google
What is Amazon Cognito
Web Identity Federation provider
What is the recommended identity provider for mobile apps running on AWS
Cognito
What is a Cognito user pool
Directories used to managed signup and sign-in functionality for mobile and web applications
What are Cognito identity pools
These enable you to create unique identifiers for your users and auth them with identity providers
What technology does Cognito use to provide a seamless experience for you application
Push Synchronization
What are the different types of IAM Policies
Managed Policies, Customer Managed Policies, Inline Policies
What is a IAM managed policy
An IAM Policy which is created and administered by AWS
What is a IAM Customer Managed Policy
An IAM policy which is created and administered by the customer
What is a IAM Inline Policy
An IAM Policy that is embedded within the user, group or role to which it applied
Can an Inline policy apply to more than one object?
No
What is assume-role-with-web-identity
API Provided by STS that allows you to get temporary security credentials for user authenticated by a mobile or web app
What is returned from the STS when making an assume-role-with-web-identity call
The role’s ARN and ID along with the toke, access key, and expiration
What is cross account access
This grants access to multiple AWS instances using a single identity
What is CLoudWatch
A monitoring service that allows you to keep track of your AWS resources and applications running in AWS
What does CloudWatch monitor by default on your EC2 instances
CPU, Network, Disk, Status Check
I want to Monitor RAM usage on an EC2 instance, how would I do that?
Create a custom CloudWatch Metric
What is the default monitoring interval on EC2 for CloudWatch
5 minutes
Can I make CloudWatch monitor my EC2 instances on a shorter interval
Yes, you can select detailed monitoring which shortens the interval to 1 minute
How long does CloudWatch store your data by default
Indefinitely
Can I get data about an EC2 instance after it is terminated?
Yes
For custom metrics in CloudWatch, what is the minimum granularity I can have?
1 minute
What is a CloudWatch alarm
A noification for a CloudWatch threshold
CloudWatch VS CloudTrail
CloudTail is used to track API calls, CloudWatch monitors performance
What is AWS Config
Records the state of your AWS environment and will notify you of changes
What is the default S3 bucket limit per AWS account?
100
