Lambda & SAM

Question 1

AWS SAM Template Anatomy

Sections of SAM Template

Answer 1

1. Transform (reqd)
2. Globals (optional)
3. Description (optional)
4. Resources section. (reqd)
5. Metadata (optional)
6. Parameters (optional)
7. Mappings (optional)
8. Conditions (optional)
9. Outputs (optional)

Question 2

AWS SAM resources

Answer 2

AWS::Serverless::Api
AWS::Serverless::Application
AWS::Serverless::Function
AWS::Serverless::HttpApi
AWS::Serverless::LayerVersion
AWS::Serverless::SimpleTable
AWS::Serverless::StateMachine

Question 3

AWS::Serverless::Api

Answer 3

Creates a collection of Amazon API Gateway resources and methods that can be invoked through HTTPS endpoints.

Question 4

AWS::Serverless::Application

Answer 4

Embeds a serverless application from the AWS Serverless Application Repository or from an Amazon S3 bucket as a nested application

Question 5

AWS::Serverless::Function

Answer 5

Creates a Lambda function, IAM execution role, and event source mappings that trigger the function.

Question 6

AWS::Serverless::HttpApi

Answer 6

Creates an API Gateway HTTP API, which enables you to create RESTful APIs with lower latency and lower costs than REST APIs

Question 7

AWS::Serverless::LayerVersion

Answer 7

Creates a Lambda LayerVersion that contains library or runtime code needed by a Lambda Function.

Question 8

AWS::Serverless::SimpleTable

Answer 8

Creates a DynamoDB table with a single attribute primary key. It is useful when data only needs to be accessed via a primary key.

Question 9

AWS::Serverless::StateMachine

Answer 9

Creates an AWS Step Functions state machine, which you can use to orchestrate Lambda functions and other AWS resources to form complex and robust workflows.

Question 10

Deploying Serverless Applications Gradually

Steps Involved in built-in with CodeDeploy to provide gradual Lambda deployments

Answer 10

• Deploys new versions of your Lambda function, and automatically creates aliases that point to the new version.
• Gradually shifts customer traffic to the new version until you’re satisfied that it’s working as expected, or you roll back the update.
• Defines pre-traffic and post-traffic test functions to verify that the newly deployed code is configured correctly and your application operates as expected.
• Rolls back the deployment if CloudWatch alarms are triggered.

Question 11

Deployment Preference Types

Answer 11

Canary: Traffic is shifted in two increments. You can choose from predefined canary options. The options specify the percentage of traffic that’s shifted to your updated Lambda function version in the first increment, and the interval, in minutes, before the remaining traffic is shifted in the second increment.

Linear: Traffic is shifted in equal increments with an equal number of minutes between each increment. You can choose from predefined linear options that specify the percentage of traffic that’s shifted in each increment and the number of minutes between each increment.

All-at-once: All traffic is shifted from the original Lambda function to the updated Lambda function version at once.

Question 12

Canary

Answer 12

Canary: Traffic is shifted in two increments. You can choose from predefined canary options. The options specify the percentage of traffic that’s shifted to your updated Lambda function version in the first increment, and the interval, in minutes, before the remaining traffic is shifted in the second increment.

Question 13

Linear

Answer 13

Linear: Traffic is shifted in equal increments with an equal number of minutes between each increment. You can choose from predefined linear options that specify the percentage of traffic that’s shifted in each increment and the number of minutes between each increment.

Question 14

All-at-once

Answer 14

All-at-once: All traffic is shifted from the original Lambda function to the updated Lambda function version at once.

Question 15

Deployment Preference Type

Answer 15

Canary10Percent30Minutes

Canary10Percent5Minutes

Canary10Percent10Minutes

Canary10Percent15Minutes

Linear10PercentEvery10Minutes

Linear10PercentEvery1Minute

Linear10PercentEvery2Minutes

Linear10PercentEvery3Minutes

AllAtOnce

Question 16

SAM / Controlling Access to API Gateway APIs

Answer 16

Lambda authorizers.

Amazon Cognito user pools.

IAM permissions.

API keys.

Resource policies.

Question 17

Lambda authorizers.

Answer 17

Lambda authorizer is a Lambda function that you provide to control access to your API. When your API is called, this Lambda function is invoked with a request context or an authorization token that is provided by the client application.

Question 18

Amazon Cognito user pools.

Answer 18

Amazon Cognito user pools are user directories in Amazon Cognito. A client of your API must first sign a user in to the user pool, and obtain an identity or access token for the user. Then your API is called with one of the returned tokens. The API call succeeds only if the required token is valid

Question 19

IAM permissions.

Answer 19

You can control who can invoke your API using IAM permissions. Users calling your API must be authenticated with IAM credentials. Calls to your API only succeed if there is an IAM policy attached to the IAM user that represents the API caller, an IAM group that contains the user, or an IAM role that is assumed by the user.

Question 20

API keys.

Answer 20

API keys are alphanumeric string values that you distribute to application developer customers to grant access to your API.

Question 21

Resource policies.

Answer 21

Resource policies are JSON policy documents that you can attach to an API Gateway API to control whether a specified principal (typically an IAM user or role) can invoke the API