freecodecamp Flashcards
ElasticBeanstalk
Which deployment method should be used if a fast rollback is required?
Immutable
This creates a new set of instances and switches the load balancing.
The old servers are still present.
ElasticBeanstalk
What are the 6 Linux Server Configurations?
PUCCFS
Packages - What additional packages (nginx, redis e.g.) should be installed Usually done with “yum”
Users/Groups
Commands - Runs commands, such as staring nginx
Container Commands
Files - Creates files, for example for configs
Services - Checks the status of a service (nginx - ensureRunning: true)
ElasticBeanstalk
You need to get the AMI of a specific Java Version, how to do this?
Use the describe-platform-version command with the region and the platform-arn parameter
ElasticBeanstalk
Where are the configuration files stored?
.ebextenstions
ElasticBeanstalk
It takes to long to start up a service, what can be done?
Use a custom AMI with all needed services baked in
ElasticBeanstalk
What is the CLI command to swap environments?
eb swap [original] –destination_name [new]
ECS
What is an essential container?
Required setting, if this container fails or stops, all other container will be stopped.
A task has at least one essential container
ECS
How to include secrets form the Parameter store?
Use the Value From instead of Value in the Environment variables
X-Ray
What does the Service Graph show?
Client, front-end services (lambda, sns, ec2), back-end services (databases)
It improves view into bottlenecks and latency spikes
X-Ray
What is a segment, and what data does it show?
A segment is the service that is sending data like it’s IP, the taken request, what work has been done, if it was successful or not (and the reasons)
X-Ray
You know that there are failed requests, but you cannot see them in X-Ray - what could be a reason?
The sampling rate is too low
ACM
Which services can you attach a certificate to?
ELB
CloudFront
API Gateway
(ElasticBeanstalk through an ELB)
ACM
What is SSL Termination?
The encryption is decrypted on the ALB
Route53
How to connect to on-premise servers?
Use Route53 Resolver
CLI
You need to switch between Accounts while using the CLI, what can be done?
using the profile parameter
aws s3api list-buckets –profile admin_mark
The profile makes reference to the .credentials file
[mark] aws_access_key=123 aws_secret_access_key=ABC [admin_mark] .. ..
KMS
What are the common five KMS CLI commands
aws kms create-key aws kms encrypt aws kms decrypt aws kms re-encrypt aws kms enable-key-rotation
SQS
You have messages around 3mb and want to deliver them to SQS using the PHP SDK, how can this be done?
It cannot be done with the SDK for PHP.
But for Java you can use the SQS Extended Client Library for Java for messages up to 2GB.
It will put the message to S3 and send the reference to SQS.
Parameter Store
What are the differences between Standard and Advanced tier?
4kb / 8kb
10.000 params / 100.000 params
no policies / parameter policies
Parameter Store
What are parameter policies?
Forcing an update or delete on a parameter.
Especially useful for passwords.
Parameter Store
How to create hierachy in parameters?
include a names structure separated by /
DynamoDB
What is a partition and how are they created?
A slice of a large table group by similiar data -
They are automatically created by AWS, when more than 10GB of new data is inserted or the read/write capacity for a single partition is reached.
DynamoDB
What are the use cases for on-demand capacity?
- New project
- unpredictable Traffic
- align cost with usage
DynamoDB
What are DynamoDB Transactions?
All-or-nothing requests across multiple tables for read (TransactGetItems) and write (TransactWriteItems) actions.
In addition to the normal read/write consumption there are two underlying requests.
One for preparing the transaction and one for committing the transaction
DynamoDB
How does TTL work?
NOT given in seconds on the item, but you define a column that specifies the datetime the item should expire
DynamoDB
I set a TTL on a column, but the data does not get deleted, what could be a reason?
The string representing the time is not formated in epoch time.
DynamoDB
You want to get notified (via E-Mail) when a user gets deleted from a table, how to do this?
Set up DynamoDB Streams, which will call a Lambda function which can take the action
DynamoDB
I received the ThrottlingException, what could be the reason?
Too many request to CreateTable, UpdateTable or DeleteTable
DynamoDB
I received the ProvisionedThroughputError, what could be the reason?
Reached max. allowed provisioned capacity
DynamoDB
What is the main advantage of a Local, compared to a Global Secondary Index?
You can strong consistency only with a LSI
IAM
What is the process to get access using an WebIdentity provider?
- Authenticate with OAUth (e.g.) on the Identity Provider
- IP sends a JWT
- Use CLI or SDK to call the AssumeRoleWithWebidentity on STS, sending the credentials
- STS returns the temp. security credentials
CloudFront
What specifies a Distribution?
A Distribution is a collection of Edge Locations (defined as “Price Class”)
- Type: Web / RTMP
- Behaviour: HTTPS redirect, Viewer access, TTL
- Error / Root Page
- Geo Restrictions
CloudFront
What is Lamdba@Edge?
Using four (Viewer/Origin request & Viewer/Origin response) hooks to change the behaviour of the requests using lambda
CloudFront
How to disallow direct access to the origin S3?
Use Restrict Bucket Access and (automatically) create a Origin Access Identity (OAI)
CloudFront
How to invalidation all or single data?
Using a wildcard to erase all or use the filename for a single item
CloudTrail
What is the difference between Event History and a Trail
EventHistory is enabled by default and stores data (visible in a GUI) for 90 days
A trail logs indefinitely in S3 and can be crawled using Athena
CloudTrail
I created a trail but data is missing from other regions, what is the problem
CloudTrail can be inter-regional - but it must be set up on creation.
Note: it is not one trail, but the trail configuration is copied to other regions
CloudFormation
What is FN::GetAttr?
Allows to get many attributes from a resource, such as a Security Group ID, the private IP or the Availability Zone
CloudFormation
On what resources should you use a CreationPolicy and on which a WaitCondition?
CP: EC2 & ASG
WC: Everything else like an ELB
CodeBuild
What are the phases?
install
pre_build
build
post_build
Lambda
What is the (soft) limit of concurrent running functions?
1000
Lambda
What are the RAM limits?
128mb to 3008mb
Lambda
What ist the max. runtime, and would could be an alternative?
15min
Use Fargate
Lambda
What is a (un)qualified ARN?
Qualified: ends with a version indicator, such as &LATEST
An unqualified just lists the function
Lambda
What is an alias?
friendlier name that also references a specific version
Lambda
What are Layers?
Additional code, such as libraries that are put in a zip file and attached to the function.
In unzipped state cannot exceed 250mb an there’s a limit of 5 layers
