General Flashcards
What error will you get if you try to ssh into an instance with a new keypair?
Permissions 0644 for are too open.
What should you run to resolve permission 0644 error?
chmod 0400
Can security groups span regions?
No
What is the most likely cause of a connection timeout?
Issue in Security Group.
What is the most likely cause of a Connection Refused error?
An application error after successfully communicating with server
What are the default inbound/outbound rules for a default security group?
All inbound traffic is blocked
All outbound traffic is allowed
What is the difference between an IP assigned to an instance and an Elastic IP?
An assigned IP can change if the instance is rebooted. An Elastic IP is an IP you manage and allows you to have a fixed IP for your instance
What are 5 features of the Application Load Balancer?
- Handles Layer 7 HTTP traffic
- It can load balanced to multiple applications on the same machine
- It can load balance based on the route in the URL
- It can load balance based on the hostname in the URL
- It has a port mapping feature to redirect to a dynamic port
What does an A record do?
Maps a URL to an IPv4 address
What does an AAAA record do?
Maps a URL to an IPv6 address
What does a CNAME do?
Maps a url to another url (one domain to another).
What does an Alias do?
Maps a URL to an AWS resource.
What does ASYNC Replication mean?
It means that the consistency will be eventual consistency.
How is RDS data encrypted at REST?
AWS-KMS using AES-256 encryption.
How do you enforce SSL in PostgreSQL?
On the AWS RDS Console in Parameter Groups, set rds.force_ssl=1
How do you enforce SSL in MySQL?
In the DB, set:
GRANT USAGE ON . TO ‘mysqluser’@’%’ REQUIRE SLL;
How do you enable SSE-S3?
When posting an object, set a header to:
“x-amz-server-side-encryption”: “AES256”
How do you enable SSE-KMS?
When posting an object, set a header to:
“x-amz-server-side-encryption”: “aws:kms”
What is a CMK?
A KMS Customer Master Key
What does CORS stand for?
Cross Origin Resource Sharing
Why would you need to enable CORS?
If you request data from another s3 bucket
Previously, what would you have done to optimize your s3 key performance?
prefix the keys with random characters.
What is Lazy Loading in Elasticache?
Lazy Loading means to Load only when necessary.
What is Write Through in Elasticache?
It is when you add or update the cache when the database is updated
What is S3 Select and Glacier Select?
It allows you to use SQL SELECT queries to tell S3 or Glacier exactly what attributes/filters you want.
What file formats does S3 Select work with?
CSV, JSON or Parquet
Can you use subqueries or joins in S3 SELECT?
No
What 2 things must you do to enable HTTPS on ElasticBeanstalk?
- Load an SSL Cert onto the Load Balancer
- Configure a Security Group Rule to allow incoming traffic on port 443
What 3 ways can you assign an SSL cert to the load balancer for Elastic Beanstalk?
- In the AWS console, in the ELB configuration
- In the code, in the ebextensions/securelistener-alb.config file
- Using AWS Certificate Manager
How do you configure ELasticBeanstalk to redirect from HTTP to HTTPS?
- Configure instances to redirect
- Configure Application Load Balancer with a rule
- Make sure Health Checks are not redirected
What is the max version count that ElasticBeanstalk can store?
1000
What are the 2 Lifecycle policies for ElasticBeanstalk?
- Time Based
- Space Based
What is a worker environment?
It is an ElasticBeanstalk application for workloads that take long to complete
In ElasticBeanstalk, how can you define periodic tasks?
In a cron.yaml file
What is Kinesis KCL?
It is Kinesis Client Library which is a Java library that helps read a record from a Kinesis Stream
How many KCL instances can query a shard?
1
How do you bundle your dependencies with you Lambda function?
You need to install your packages alongside your code and zip together
What is the max size of the Lambda /tmp directory
512MB
What is Lambda@Edge?
It is the process of deploying a Lambda function into a CDN network to make the Lambda Global
