Notes 1

Question 1

DynamoDB streams detect data modifications in a table and can automatically trigger a Lambda function. True or False?

Answer 1

True

Question 2

CloudTrail is used for?

Answer 2

CloudTrail Logs provide you specific information on what occurred in your AWS account

Question 3

CloudWatch is used for?

Answer 3

CloudWatch Logs reports on application logs

Question 4

What is Route53?

Answer 4

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service.

Question 5

What is Amazon Kenisis?

Answer 5

Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.

Question 6

What is AWS ECS?

Elastic Container Service

Answer 6

Amazon ECS (Elastic Container Service) is a fully managed container orchestration service that makes it easy for you to deploy, manage, and scale containerized applications. Think of it being like Docker.

Question 7

What is AWS X-Ray used for?

Answer 7

AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors

Question 8

What is Amazon Inspector?

Answer 8

Amazon Inspector is a vulnerability management service that continuously scans your AWS workloads for vulnerabilities. Amazon Inspector automatically discovers and scans Amazon EC2 instances and container images residing in Amazon Elastic Container Registry (Amazon ECR) for software vulnerabilities and unintended network exposure.

Question 9

What is Amazon Cognito?

Answer 9

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps.

Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, or Google.

Question 10

Which key/value cache store is suitable for single and which for multithreaded?

Answer 10

Redis for single threaded server, Memcache for multi-threaded

Question 11

When would you choose Memache over Redis?

Answer 11

You can choose Memcached over Redis if you have the following requirements:

• You need the simplest model possible.
• You need to run large nodes with multiple cores or threads.
• You need the ability to scale out and in, adding and removing nodes as demand on your system increases and decreases.
• You need to cache objects, such as a database.

Question 12

What should the developer do to prevent a Lambda function from throttling?

Answer 12

Nothing, Lambda will automatically scale to handle the load

Question 13

What should be done to only allow authorized clients to invalidate an API Gateway cache entry when submitting API requests?

Answer 13

1. Client sends a request with “Cache-Control: max-age=0” in the header.
2. Tick the “Required Authorization” in cache settings of your API via the console.

Question 14

What are the 5 deployment method types?

1. All at once
2. Rolling
3. Rolling with additional batch
4. Immutable
5. Blue/Green

Answer 14

• All at once – Deploy the new version to all instances simultaneously. All instances in your environment are out of service for a short time while the deployment occurs.
• Rolling – Deploy the new version in batches. Each batch is taken out of service during the deployment phase, reducing your environment’s capacity by the number of instances in a batch.
• Rolling with additional batch – Deploy the new version in batches, but first launch a new batch of instances to ensure full capacity during the deployment process.
• Immutable – Deploy the new version to a fresh group of instances by performing an immutable update.
• Blue/Green - Deploy the new version to a separate environment, and then swap CNAMEs of the two environments to redirect traffic to the new version instantly.

Question 15

In a MSQL RDS database, how can you capture SQL statements that took longer to execute for troubleshooting?

Answer 15

Enable “Slow Query Log” in RDS. You can also enable logs to CloudWatch from RDS: Audit log, Error Log, General Log and Slow Query Log

Question 16

In DynamoDB, how can you fetch just some of the attribute? E.g. if a table contains “id”, “course_id”, “course_title”, “price”, “rating” and you only want to return “course_id” and “price”.

Answer 16

Use “Projection Expression”.

To read data from a table, you use operations such as “GetItem”, “Query”, or “Scan”. DynamoDB returns all of the item attributes by default. To get just some, rather than all of the attributes, use a “projection expression”.

Question 17

What are the three task placement strategies ECS supports?

binpack, random, spread

Answer 17

Amazon ECS supports the following task placement strategies:

binpack - Place tasks based on the least available amount of CPU or memory. This minimizes the number of instances in use.

random - Place tasks randomly.

spread - Place tasks evenly based on the specified value. Accepted values are attribute key-value pairs, instanceId, or host.

Question 18

What is the difference between DynamoDB “eventually consistent” and “strongly consistent” reads?

Answer 18

=== Eventually Consistent Reads ===

When you read data from a DynamoDB table, the response might not reflect the results of a recently completed write operation. The response might include some stale data. If you repeat your read request after a short time, the response should return the latest data.

=== Strongly Consistent Reads ===

When you request a strongly consistent read, DynamoDB returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful. However, this consistency comes with some disadvantages:

A strongly consistent read might not be available if there is a network delay or outage. In this case, DynamoDB may return a server error (HTTP 500).

Strongly consistent reads may have higher latency than eventually consistent reads.

Strongly consistent reads are not supported on global secondary indexes.

Strongly consistent reads use more throughput capacity than eventually consistent reads.

=====

GetItem provides an eventually consistent read by default. If your application requires a strongly consistent read, set ConsistentRead to true.

Question 19

What are the four DynamoDB StreamViewType types?

• KEYS_ONLY
• NEW_IMAGE
• OLD_IMAGE
• NEW_AND_OLD_IMAGES

Answer 19

When an item in the table is modified, StreamViewType determines what information is written to the stream for this table. Valid values for StreamViewType are:

KEYS_ONLY - Only the key attributes of the modified item are written to the stream.

NEW_IMAGE - The entire item, as it appears after it was modified, is written to the stream.

OLD_IMAGE - The entire item, as it appeared before it was modified, is written to the stream.

NEW_AND_OLD_IMAGES - Both the new and the old item images of the item are written to the stream.

Question 20

An application running Lambda function + API Gateway + DynamoDB is getting 504 errors after a spike in traffic, what is the likely cause of this?

Answer 20

API Gateway request has timed out due to the Lambda function running for longer than 29 seconds.

Question 21

What is the different between AWS Cloudwatch metric types “Standard resolution” and “High Resolution”?

Answer 21

• Standard resolution, with data having a one-minute granularity
• High resolution, with data at a granularity of one second

Note “Standard resolution” is the default.

Question 22

AWS Lambda Invoke API types

Answer 22

In the Invoke API, you have 3 options to choose from for the InvocationType:

RequestResponse (default) - Invoke the function synchronously. Keep the connection open until the function returns a response or times out. The API response includes the function response and additional data.

Event - Invoke the function asynchronously. Send events that fail multiple times to the function’s dead-letter queue (if it’s configured). The API response only includes a status code.

DryRun - Validate parameter values and verify that the user or role has permission to invoke the function.

Question 23

AWS Lambda sync vs async function invocation

Answer 23

With synchronous invocation, you wait for the function to process the event and return a response. With asynchronous invocation, Lambda queues the event for processing and returns a response immediately. For asynchronous invocation, Lambda handles retries and can send invocation records to a destination.

https://docs.aws.amazon.com/lambda/latest/dg/lambda-invocation.html

Question 24

What are DynamoDB Streams?

Answer 24

DynamoDB Streams captures a time-ordered sequence of item-level modifications in any DynamoDB table, and stores this information in a log for up to 24 hours.

A DynamoDB stream is an ordered flow of information about changes to items in an Amazon DynamoDB table. When you enable a stream on a table, DynamoDB captures information about every modification to data items in the table.

Each event is represented by a stream record, and captures the following events:

• A new item is added to the table: captures an image of the entire item, including all of its attributes.
• An item is updated: captures the “before” and “after” image of any attributes that were modified in the item.
• An item is deleted from the table: captures an image of the entire item before it was deleted.

Question 25

Monitor API execution in CloudWatch…

Answer 25

You can monitor API execution using CloudWatch, which collects and processes raw data from API Gateway into readable, near real-time metrics. These statistics are recorded for a period of two weeks, so that you can access historical information and gain a better perspective on how your web application or service is performing. By default, API Gateway metric data is automatically sent to CloudWatch in one-minute periods.

The metrics reported by API Gateway provide information that you can analyze in different ways. The list below shows some common uses for the metrics. These are suggestions to get you started, not a comprehensive list.

• Monitor the “IntegrationLatency” metrics to measure the responsiveness of the backend.
• Monitor the “Latency” metrics to measure the overall responsiveness of your API calls.
• Monitor the “CacheHitCount” and “CacheMissCount” metrics to optimize cache capacities to achieve a desired performance.

Question 26

What is Lazy Loading cache in ElastiCache?

Answer 26

Lazy Loading, as its name implies, is a caching strategy that loads data into the cache only when necessary. Here is how it works:

If the data exists in the cache and is current, ElastiCache returns the data to your application. This event is also called “Cache Hit”.

• If there is a “Cache Miss”, or in other words, the data does not exist in the cache, or the data in the cache has expired, then your application requests the data from your data store which returns the data to your application. Your application then writes the data received from the store to the cache so it can be more quickly retrieved next time it is requested.

Question 27

What is a VPC flow log?

Answer 27

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs and Amazon S3.

Question 28

What does concurrent executions mean?

Answer 28

Concurrent executions refers to the number of executions of your function code that are happening at any given time.

Question 29

What are Lambda Layers?

Answer 29

Lambda layers provide a convenient way to package libraries and other dependencies that you can use with your Lambda functions. Using layers reduces the size of uploaded deployment archives and makes it faster to deploy your code.

A layer is a .zip file archive that can contain additional code or data. A layer can contain libraries, a custom runtime, data, or configuration files. Layers promote code sharing and separation of responsibilities so that you can iterate faster on writing business logic.

You can use layers only with Lambda functions deployed as a .zip file archive. For functions defined as a container image, you package your preferred runtime and all code dependencies when you create the container image. For more information, see Working with Lambda layers and extensions in container images on the AWS Compute Blog.

A function can use up to 5 layers at a time. The total unzipped size of the function and all layers can’t exceed the unzipped deployment package size limit of 250 MB.

Question 30

In DynamoDB, what is the different between a “Global secondary index” and a “Local secondary index”?

Answer 30

Global secondary index – An index with a partition key and sort key that can be different from those on the table.

Local secondary index – An index that has the same partition key as the table, but a different sort key.

Question 31

DynamoDB throttling…

Answer 31

Throttling prevents your application from consuming too many capacity units (read/write). DynamoDB can throttle read or write requests that exceed the throughput settings for a table, and can also throttle read requests exceeds for an index.

When a request is throttled, it fails with an HTTP 400 code (Bad Request) and a ProvisionedThroughputExceededException

Question 32

What are DynamoDB transactions?

Answer 32

Amazon DynamoDB transactions simplify the developer experience of making coordinated, all-or-nothing changes to multiple items both within and across tables.

Question 33

What are DynamoDB Global tables?

Answer 33

Global tables provide a solution for deploying a multi-region, multi-master database, without having to build and maintain your own replication solution.

Question 34

A web application gets a lots of traffic all of a sudden and need to scale to the demand. What service should be used along with API Gateway to handle this traffic spike?

Answer 34

Lambda

Lambda can scale faster than the regular Auto Scaling feature of Amazon EC2, Amazon Elastic Beanstalk, or Amazon ECS. This is because AWS Lambda is more lightweight than other computing services.

Question 35

When to use S3 vs EFS vs EBS

Answer 35

=== EBS (Elastic Block Storage) ===
EBS is a high-performance per-instance block storage system designed to act as storage for a single EC2 instance (most of the time). EBS’s use case is more easily understood than the other two. It must be paired with an EC2 instance. So when you need a high-performance storage service for a single instance, use EBS.

=== EFS (Elastic File System) ===
EFS is a highly scalable file storage system designed to provide flexible storage for multiple EC2 instances. EFS may be used whenever you need a shared file storage option for multiple EC2 instances with automatic, high-performance scaling. This makes it a great candidate for file storage for content management systems; for lift and shift operations, as its autoscaling potential means you do not need to re-architect; for application development, as EFS’s shareable file storage is ideal for storing code and media files.

=== S3 (Simple Storage Service) ===
S3 is an object storage system, designed to provide archiving and data control options and to interface with other services beyond EC2. It’s also useful for storing static html pages and shared storage for applications. S3 is good at storing long-term data due to its archiving system. Things like reports and records, which may go unused for years, can be stored on S3 at a lower cost than the other two storage services discussed.
As already stated, S3 is also useful for storing data on which complex queries may be run. This makes it useful for data related to customer purchases, behaviour or profiles, because that data can be easily queried and fed into analytics tools. This capacity for interfacing with other tools also makes S3 great for back-up and restoration, as it can be paired with Amazon Glacier for even more secure backing up. S3 also supports static websites, so if you need to host a static HTML page, S3 is a good choice.

Question 36

In a VPC (Virtual Private Cloud) what is a “Route Table”?

Answer 36

A Route Table contains a set of rules, called routes, that are used to determine where network traffic is directed.

Question 37

What is an Internet Gateway?

Answer 37

An Internet Gateway allows communication between instances in your VPC and the internet.

Question 38

What is a NAT (Network Address Translation)?

Answer 38

A NAT (Network Address Translation) enable instances in a private subnet to connect to the internet or other.

There are two types of NAT, NAT Gateway and NAT instance. In most cases, a NAT Gateway is used.

Question 39

What is VPC peering?

Answer 39

VPC peering is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network.

Question 40

What does an ELB (Elastic Load Balancer) do?

Answer 40

Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones.

Question 41

What does an NLB (Network Load Balancer) do?

Answer 41

Network Load Balancer operates at the connection level (Layer 4), routing connections to targets – Amazon EC2 instances, microservices, and containers – within Amazon Virtual Private Cloud (Amazon VPC) based on IP protocol data. Ideal for load balancing of both TCP and UDP traffic, Network Load Balancer is capable of handling millions of requests per second while maintaining ultra-low latencies.

Question 42

In RDS (Relational Database Service), what is the best way to increase read throughput for a website that is getting high traffic?

Answer 42

Use “Read Replicas”.

Amazon RDS Read Replicas provide enhanced performance and durability for database (DB) instances. This feature makes it easy to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.

When creating a read replica, there are a few things to consider. First, you must enable automatic backups on the source DB instance by setting the backup retention period to a value other than 0.

Question 43

Long vs short polling (SQS)

Answer 43

Long polling helps reduce the cost by eliminating the number of empty responses and false empty responses. While the regular short polling returns immediately, even if the message queue being polled is empty, long polling doesn’t return a response until a message arrives in the message queue, or the long poll times out.

SQS uses short polling by default. Short polling works for scenarios that require higher throughput.

Question 44

SQS (Simple Queue Service) visibility timeout

Answer 44

To prevent other consumers from processing a message redundantly, SQS sets a visibility timeout, a period of time SQS prevents other consumers from receiving and processing the message. The default visibility timeout for a message is 30 seconds. The minimum is 0 seconds. The maximum is 12 hours.

Question 45

In SQS, what does “ReceiveMessageWaitTimeSeconds” do?

Answer 45

The “ReceiveMessageWaitTimeSeconds” is the queue attribute that determines whether you are using Short or Long polling. By default, its value is zero which means it is using Short polling. If it is set to a value greater than zero, then it is Long polling.

Question 46

What is AWS Redshift?

Answer 46

Amazon Redshift uses SQL to analyze structured and semi-structured data across data warehouses, operational databases, and data lakes, using AWS-designed hardware and machine learning to deliver the best price performance at any scale.

Amazon Redshift is used when the data to be analyzed is humongous. The data has to be at least of a petabyte-scale (1015 bytes) for Redshift to be a viable solution.

Question 47

*** Review chapter 19 videos - CloudWatch, X-RAY **