Integration, Messaging, & Access Flashcards
What are the two main patterns for application communication?
Synchronous and Asynchronous/Event-based.
What AWS service is used for asynchronous queue-based communication?
Amazon SQS.
What AWS service is used for pub/sub messaging?
Amazon SNS.
What AWS service is used for real-time data streaming?
Amazon Kinesis.
What is the default message retention period in SQS?
4 days (can be increased up to 14 days).
What is the max message size in SQS?
256 KB (larger messages require SQS Extended Client).
What is a Dead Letter Queue (DLQ) in SQS?
A secondary queue for messages that can’t be processed after multiple attempts.
What is SQS Long Polling?
A method to wait for messages, reducing empty responses and API calls.
What is SQS FIFO queue used for?
For strict message ordering and exactly-once processing.
How is message deduplication handled in SQS FIFO?
Using content-based deduplication or explicit deduplication ID.
What is Amazon SNS used for?
To send messages to multiple subscribers (Pub/Sub model).
What is the fan-out pattern in SNS?
SNS topic sends the same message to multiple SQS queues.
What is Kinesis Data Streams used for?
To capture, process, and store real-time streaming data.
What are Kinesis capacity modes?
Provisioned and On-Demand.
What is the throughput per shard in Kinesis provisioned mode?
1 MB/s input, 2 MB/s output.
What are the consumer types in Kinesis?
Shared (Classic) Fan-out and Enhanced Fan-out.
What is Amazon Kinesis Data Firehose?
A fully managed service to load streaming data into AWS data stores.
What is Kinesis Data Analytics used for?
To analyze streaming data using SQL or Apache Flink.
How is data ordering managed in Kinesis?
Using partition keys to route data to the same shard.
How does SQS FIFO handle message ordering?
Using message group IDs for ordered processing within groups.
What is the key difference between SQS and SNS?
SQS is a pull-based queue, SNS is a push-based pub/sub system.
What is the key use case of Kinesis over SQS?
Real-time big data analytics, streaming ETL, and reprocessing data.
What is AWS Cognito used for?
To provide user identities and enable secure access to web and mobile applications.
What is a Cognito User Pool?
A serverless user directory for managing sign-up, sign-in, and user profile management.
What is a Cognito Identity Pool?
A service to grant users temporary AWS credentials to access AWS services.
How do Cognito User Pools integrate with apps?
They integrate with API Gateway and Application Load Balancer for authentication.
What kind of login does Cognito User Pool support?
Username/email and password, with optional MFA.
What is the use of JWT in Cognito?
It is a JSON Web Token used to authenticate and transfer user claims.
What is Cognito Hosted UI?
A customizable web UI for user authentication provided by Cognito.
What is Adaptive Authentication in Cognito?
It evaluates risk scores and prompts MFA for suspicious logins.
What are Cognito Lambda Triggers?
Custom code hooks triggered during the authentication flow.
What is required for Cognito custom domains?
An ACM certificate in us-east-1 and configuration in App Integration.
How does ALB use Cognito for authentication?
It offloads user authentication to Cognito using HTTPS listeners.
What are the benefits of using Cognito with ALB?
Simplifies auth logic by letting ALB handle user authentication.
What identity sources does Cognito Identity Pool support?
Public providers, Cognito User Pools, OIDC, SAML, developer identities.
What is unauthenticated access in Identity Pools?
Allows guest users to access AWS services with limited permissions.
How does Identity Pool grant AWS credentials?
Using STS and IAM roles based on user identity and policy rules.
What are IAM roles in Cognito Identity Pools?
Roles assigned to authenticated and guest users to control access.
How do CUP and CIP differ?
CUP is for authentication; CIP is for authorization.
Can Cognito support federated identities?
Yes, via User Pools and Identity Pools using OIDC, SAML, and social logins.
How can sign-in risk be mitigated in Cognito?
By using adaptive authentication and MFA.
What is the trust relationship in IAM roles for Identity Pools?
A trust policy must allow Cognito Identity Pools to assume the role.
