Main

Question 1

In AWS, how do you protect pushes/merges from unauthorized users to the master branch (using Code Commit).

Answer 1

IAM Policy With Explicit Deny

Question 2

A collection of build commands and related settings, in YAML format, that CodeBuild uses to run a build.

Answer 2

buildspec.yml

Question 3

In CodeCommit, how do you authenticate users over https?

Answer 3

1. Create IAM User
2. Setup HTTP/SSH connection to CodeCommit through IAM user
3. Authenticate through Git

Question 4

How do you protect branches from unwanted commits?

Answer 4

IAM Policy With Explicit Deny

Question 5

T/F: Code Commit contains several triggers and configurable notifications that can call SNS topics and Lambda functions in response to various activity within your repository.

Answer 5

T

Question 6

The timeout range for AWS Code Build (How long a build can run before being marked failed)?

Answer 6

5 minutes to 8 hours

Question 7

buildspec.yml: env

Answer 7

This optional parameter of the buildspec.yml file allows for variable declaration, parameter-store, exported variables, secrets-manager, et.al.

Question 8

buildspec.yml: phases

Answer 8

This parameter of the buildspec.yml file allows you to designate commands that will occur during the install, pre_build, build, and post_build stages of the build/test.

Question 9

buildspec.yml: artifacts

Answer 9

This parameter of the buildspec.yml file allows you to save various files after a build is done (S3).

Question 10

buildspec.yml: cache

Answer 10

This parameter of the buildspec.yml file is used to store files which can speed up deployment during subsequent builds/tests.

Question 11

buildspec.yml: finally

Answer 11

This parameter of the buildspec.yml file will allow you to designate commands to run even if prior commands fail.

Question 12

buildspec.yml: override

Answer 12

You can specify env variables in buildspec.yml OR you can add them as environment variables ___________ when configuring a new build operation (from the console).

Question 13

What two services can you utilize/integrate with your code build deployment to encrypt your environment variables during a build?

Answer 13

Parameter Store, Secrets manager

Question 14

T/F: Code Build allows you to encrypt artifacts before your upload them to S3 (natively within Code Build)

Answer 14

T

Question 15

How can you view your previous Code Build history if the docker container that was spun up to build your application has been terminated post-build?

Answer 15

Cloudwatch Logs

Question 16

Single Target Deployment Strategy

Answer 16

Is exactly what it sounds. All resources go to one single server.

Question 17

All at Once Deployment Strategy

Answer 17

Like Single Target Deployment Strategy but with multiple targets.

Question 18

Minimum in-service Deployment Strategy

Answer 18

Deployment happens in multiple stages keeping the minimum number of services live before deploying the new version of the application

Question 19

Rolling Deployment Strategy

Answer 19

X Number of deployments happen, then the next X number of deployments happen, etc

Question 20

Blue Green Deployment Strategy

Answer 20

Add matching separate environment to existing environment then point domain to new environment. Once we can confirm the new (or green) environment is working, blue then shuts down.

Question 21

Canary Deployment Strategy

Answer 21

Like Blue Green deployment, but it slowly adds users to the new deployment environment.

Question 22

Cloudformation Parameters

Answer 22

Variables in Terraform essentially. Variables to pass through at runtime.

Question 23

Cloudformation Mapping

Answer 23

Key value pairs that change per environment (for example) that are automatically determined. These defer from parameters because these values can not be passed into the build at runtime by a user/program.

Question 24

Cloudformation Resources

Answer 24

Where your actual resources are declared

Question 25

Cloudformation Outputs

Answer 25

Results from the template. Think ‘data’ from Terraform

Question 26

Intrinsic Function !FindInMap

Answer 26

Get mapping of a variable.  Example:
Properties:
  ImageId: !FindInMap
    - RegionMap
    - API64

Question 27

Intrinsic Function !Base64

Answer 27

Returns base64 representation of the input string

Question 28

Intrinsic Function !CiDr

Answer 28

Returns an array of CIDR address blocks. Example:

!Cidr [ ipBlock, count, cidrBits]

Question 29

Intrinsic Function !GetAtt

Answer 29

Returns the value of an attribute from a resource in the template. Example:
!GetAtt logicalNameOfResource.attributeName

Question 30

Intrinsic Function !GetAZs

Answer 30

Returns an array that lists Availability Zones for a specified region. Example
!GetAZs {region}

Question 31

Intrinsic Function !ImportValue

Answer 31

Returns the value of an output exported by another stack. Example:
!ImportValue sharedValueToImport

Question 32

Intrinsic Function !Join

Answer 32

Appends a set of values into a single value, separated by the specified delimiter.

Question 33

Intrinsic Function !Select

Answer 33

Returns a single object from a list of object

Question 34

Intrinsic Function !Split

Answer 34

Splits string into an array

Question 35

Intrinsic Function !Sub

Answer 35

Substitutes variables in an input string with values you specify.

Question 36

Intrinsic Function !Transform

Answer 36

Specifies a macro to perform custom processing on part of a stack template.

Question 37

Intrinsic Function !Ref

Answer 37

Returns the value of the specified parameter or resource

Question 38

Cloudformation DependsOn

Answer 38

Controls resource creation order within Cloudformation. In other words, it specifies the following resource is a dependancy.

Question 39

Cloudformation Creation Policies

Answer 39

Prevent a resource from reaching create complete until AWS CloudFormation receives a specified number of success signals or the timeout period is exceeded.
Example:
CreationPolicy:
  resourceSignal:
    Count: '3'
    Timeout: PT15M

Question 40

CloudFormation Wait Conditions & Handlers

Answer 40

Allows you to coordinate stack resource creation with other configuration actions that are external to the stack.

Question 41

CloudFormation: The 4 components of wait conditions:

Answer 41

1. They depend on the resources you are waiting on
2. A handle property references the above handle
3. They have a response timeout
4. They have a ‘count’, if none is specified the default is 1

Question 42

CloudFormation why are Nested Stacks a thing?

Answer 42

Split up huge sets of infrastructure to be split over multiple templates.

Question 43

CloudFormation: What are resource deletion policies?

Answer 43

Property defined in a cloud formation template to control what happens to each resource when a stack is deleted. Values can include: Delete, Retain, Snapshot

Question 44

CloudFormation: How are resources impacted when a template gets updated?

Answer 44

Depends on the resource. They can experience complete replacement, some interruptions, no interruptions, or be deleted.

Question 45

What are CloudFormation Change Sets?

Answer 45

A preview of CloudFormation template changes.

Question 46

CloudFormation: What are custom resources?

Answer 46

Custom resources enable you to write custom provisioning logic in templates. In other words, extend CloudFormation beyond AWS.

Question 47

Can you create an Elastic Beanstalk configuration outside of the supported languages?

Answer 47

Potentially yes. Elastic Beanstalk supports docker containers which could be used inside elastic beanstalk.

Question 48

Elastic Beanstalk: What are EB extensions?

Answer 48

They allow advanced environment customization with configuration files that also allow developers to configure the systems being deployed automatically. They are YAML or JSON formatted and are placed in a folder called .ebextensions

Question 49

What are the main purposes of AWS Config?

Answer 49

To give you an overview of resources being used over several accounts. You can set rules to monitor, assess, and track changes as well as keep track of changes that have happened to each account.

Question 50

What is AWS Managed Services?

Answer 50

Provides ongoing management of your AWS infrastructure so you can focus on your applications.

Question 51

What are AWS lambda step functions?

Answer 51

A service that allows you to orchestrate your lambda functions. A reliable way to step through the functions that power your application in a particular order that you require.

Question 52

OpsWorks: What is Berkshelf?

Answer 52

A dependency management system for Chef.

Question 53

What is OpsWorks?

Answer 53

Essentially Ansible for AWS. It uses Chef recipes to deploy servers/run scripts and keeps all application components in the same area.

Question 54

CloudWatch Retention time for data points with a period of under 60 seconds

Answer 54

3 hours

Question 55

CloudWatch Retention time for data points with a period of 60 seconds

Answer 55

15 days

Question 56

CloudWatch Retention time for data points with a period of 300 seconds (5 minutes)

Answer 56

63 days

Question 57

CloudWatch Retention time for data points with a period of 3600 seconds (1 hour)

Answer 57

445 days (15 months)

Question 58

(T/F) CloudWatch: Data points published with shorter periods get aggregated together for long term storage.

Answer 58

T: They will get averaged together by each retention period level.

Question 59

Give a brief overview of how to report logs in CloudWatch (3 High level steps)

Answer 59

1. Install Agent
2. Configure agent to sync log file
3. Turn on Service

Question 60

What is AWS X-Ray?

Answer 60

It’s AWS’s application monitoring tool like Instana. Must be configured with an application.

Question 61

What is AWS Service Catalog?

Answer 61

A more granular way of granting access to products within AWS.

Question 62

What is AWS Trusted Advisor?

Answer 62

A service that provides you with real-time guidance to ensure your aws resources are provisioned and managed correctly, and are following AWS best practices.

Question 63

What is the prefix for an On-Premise instance managed in AWS Systems Manager?

Answer 63

mi

Question 64

What is AWS Systems Manager?

Answer 64

A way to manage on premise machines and aws ec2 instances by grouping. It also gives the ability to organize inventory and run commands based on defined grouping.

Question 65

What is AWS Organizations?

Answer 65

Basically AD for managing multiple AWS Organization accounts (dev, prod, ops, etc) in AWS.

Question 66

What is AWS Secrets Manager?

Answer 66

Secret store that is accessed through https.

Question 67

What is Amazon Macie?

Answer 67

A managed service that gives you a dashboard of data activity. Alerts can also be setup for data anomalies. Can only be configured for s3 at the moment.

Question 68

What is AWS Certificate Manager?

Answer 68

Manager that is used to create or import new TLS/SSL certificates.

Question 69

What is Amazon GuardDuty?

Answer 69

A threat detection service that continuously monitors for malicious or unauthorized behavior. Monitors things like unusual api calls, unauthorized deployments, and compromised instances.