Exam 3 Flashcards
How would you test a new version of your API Gateway endpoints?
Use a Canary Deployment which allows you to split traffic into separate versions
If you want to make a Cloudformation stack subnet info available to other stacks, what would you do?
Use the Export field in the Output section of the stack’s template
What ECS configuration setting do you need to change to authorize IAM roles?
ECS_ENABLE_TASK_IAM_ROLE
What is the maximum data size supported by AWS KMS?
4KB
How do you reference a parameter in a Cloudformation template?
!Ref
How do you add authentication to API requests to AWS API Gateway?
IAM permissions with sigv4
When using AWS CodeCommit and AWS CodeDeploy, what file contains the settings for a successful deployment?
.appspec file at the root of the directory
A new project demands a throughput requirement of 10 strongly consistent reads per second of 6KB in size each. How many read capacity units will you need when configuring your DynamoDB table?
20:
6KB / 4 KB = 1.5 or 2 read capacity units.
2 x 10 = 20
How can you make sure that a Lambda will send data to X-Ray?
Enable Lambda X-Ray active tracing
How can you isolate credentials so that a container never has access to credentials intended for another container?
Create an IAM role for ECS and assign it to tasks.
How can you secure Kinesis Data Streams service that won’t require code changes on your end?
- Encryption in flight with HTTPS endpoint
- KMS encryption for data at rest
What 2 things do you need to do to ensure AWS Kinesis can scale?
- The partition key must take a great number of different values
- You need to add shards
How can you encrypt/decrypt 1MB of data coming through a Lambda?
Envelope encryption and store as file in code
What CodeDeploy hook event should you use to verify a deployment?
ValidateService
What would you enable to aid in debugging a failed Codedeploy build?
S3 and Cloudwatch Integration
