Documentation, FAQs Flashcards
X-RAY
Which are the languages supported for Services such as EC2?
You can use X-Ray with applications written in - Java, - Node.js - .NET - (Go, Ruby, Python) that are deployed on these services.
X-RAY
Which are the supported services?
AWS X-Ray works with
- Amazon EC2
- Amazon EC2 Container Service (Amazon ECS)
- AWS Lambda
- Amazon SQS
- Amazon SNS
- AWS Elastic Beanstalk
X-Ray
The there a region limit for the service?
No, with X-Ray, you can trace requests made to applications that span multiple AWS accounts, AWS Regions, and Availability Zones.
X-Ray
What needs to be done to enable X-Ray on Elastic Beanstalk?
You only have to integrate the X-Ray SDK with your application since the X-Ray agent is pre-installed on Elastic Beanstalk.
X-Ray
What is a Service map?
Visual representation of the data flow in the services, which enables a high-level overview, but also allows to drill down into issues
X-Ray
What is a Filter Expression?
Way to filter traces to specific use cases, for example traces that too more than 5seconds or where a 5xx error was thrown
X-Ray
What is the use of the X-Ray daemon ?
Instead of sending data directly into X-Ray the daemon buffers segments in a queue and uploads them in batches.
The daemon is available for Linux, Windows, and macOS, and is included on AWS Elastic Beanstalk and AWS Lambda platforms.
X-Ray
What is a segment?
An X-Ray segment encapsulates all the data points for a single component.
A Segment is the result of a Request, it includes:
- The host – hostname, alias or IP address
- The request – method, client address, path, user agent
- The response – status, content
- The work done – start and end times, subsegments
- Issues that occur – errors, faults and exceptions, including automatic capture of exception stacks.
Segment documents can be up to 64 kB in size.
Segments include system-defined and user-defined data in the form of annotations and are composed of one or more sub-segments that represent remote calls made from the service.
X-Ray
What is a subsegment?
Subsegments provide more granular timing information and details about downstream calls
This lets you see all of your downstream dependencies, even if they don’t support tracing, or are external
Can contain additional details about a call to an AWS service, an external HTTP API, or an SQL database.
You can even define arbitrary subsegments to instrument specific functions or lines of code in your application.
X-Ray
What are Traces?
A trace ID tracks the path of a request through your application. A trace collects all the segments generated by a single request. That request is typically an HTTP GET or POST request that travels through a load balancer, hits your application code, and generates downstream calls to other AWS services or external web APIs. The first supported service that the HTTP request interacts with adds a trace ID header to the request, and propagates it downstream to track the latency, disposition, and other request data.
X-Ray
What is the TraceId?
Send as X-Amzn-Trace-Id it contains the root id, sampling info and additionally the parent segment ID
X-Ray
What are annotations?
Annotations are simple key-value pairs that are indexed for use with filter expressions.
Use annotations to record information on segments or subsegments that you want indexed for search.
X-Ray
What is the main difference between Annotations and Metadata?
Metadata is not indexed, therefore not used for searching with filter expressions
X-Ray
How long does it take for trace data to be available in X-Ray?
Generally available for retrieval and filtering within 30 seconds of it being received by the service.
X-Ray
How far back can I query the trace data? How long does X-Ray store trace data for?
X-Ray stores trace data for the last 30 days.
This enables you to query trace data going back 30 days.
X-Ray
Are there partial traces?
In some situations (connectivity issues, delay in receiving segments, and so on) it is possible that trace information provided by the X-Ray APIs will be partial. In those situations, X-Ray tags traces as incomplete or partial.
KMS
How to encrypt/decrypt locally?
The AWS Encryption SDK supports AWS KMS as a root key provider for developers who need to encrypt/decrypt data locally within their applications.
KMS
What needs to be done after a key is automatically rotated?
Nothing, the service automatically keeps older versions of the root key available to decrypt previously encrypted data
KMS
What is an Asymmetric Key?
For symmetric keys the same key is used for encryption and decryption - for asymmetric key that is a public and a private key.
The public key is send to the user, while the private key does not leave HSM.
Asymmetric keys cannot be used with the Custom Key Store option.
KMS
How to handle a key that could be compromised?
Temporarily disable keys so they cannot be used by anyone
Re-enable disabled keys if cleared
KMS
How is enveloped encryption done?
KMS creates a data key
data key is used to encrypt data
data key is encrypted with (plaintext) mater key
data key is stored alongside encrypted data
KMS
What is a customer managed KMS key?
A key created and stored in KMS, it differs from the AWS managed key, which is created by AWS and used for specific services
KMS
What type of keys can I import?
256-bit symmetric keys.
KMS
What’s the difference between a key I import and a key I generate in AWS KMS?
Keys generated by AWS KMS do not have an expiration time and cannot be deleted immediately; there is a mandatory 7 to 30 day wait period. All customer managed KMS keys, irrespective of whether the key material was imported, can be manually disabled or scheduled for deletion.
KMS
What keys can be rotated automatically?
KMS generated keys can be rotated once a year.
Automatic key rotation is not supported for imported keys, asymmetric keys, or keys generated in an AWS CloudHSM cluster using the AWS KMS custom key store feature.
KMS
What is the API call to get the public key of an asymmetric key?
GetPublicKey
KMS
How can data keys and data key pairs be exported out of the HSMs in plain text?
“GenerateDataKey” API or the “GenerateDataKeyWithoutPlaintext” API.
Asymmetric data key pairs: “GenerateDataKeyPair” API or the “GenerateDataKeypairWithoutPlaintext” API.
Step functions
What is a state machines / state?
State Machine: complete workflow
State: a single step in the workflow
Step functions
What is a Task?
Tasks perform work, either by coordinating another AWS service or an application that you can host basically anywhere
Step functions
What is a Pass state?
Pass their input as output to the next state.
Step functions
What are Parallel States?
Begin multiple branches of execution at the same time, such as running multiple Lambda functions at once.
Step functions
What is a Choice State?
Choice states add branching logic to your state machine, and make decisions based on their input.
Step functions
What is a state transition?
When you execute your state machine, each move from one state to the next is called a state transition.
Step Functions
In what language is a step function written?
Amazon States Language (JSON based)