Other Services

Question 1

How do you deploy resources or make infrastructure changes when using CloudFormation or other IaC?

Answer 1

You deploy resources with code. You can deploy an entire infrastructure with just a JSON or YAML file.

You make changes by editing the deployment code.

Resources created by cloud formation should only be managed through editing your cloud formation configuration files (stacks).

To delete resources remove them from the file, or delete the entire file and cloud formation takes charge of deleting everything in the correct order with no errors.

Question 2

When do we use cloudformation in the exam?

Answer 2

When we need to repeat an architecture in a different environment, different region, or different AWS Account.

Question 3

What happens to your existing EC2 instance when in cloud formation you modify an already deployed configuration to for example change the EC2 instance type.

Answer 3

The existing EC2 instance will be replaced with a new one that will “supplant” the previouse instance.

Question 4

What are cloudformation service roles?

Answer 4

IAM roles that allow cloudformation to create, update or delete stack resources on your behalf.

You can specify an iam role for the creation of a configuration in cloudformation, or you can leave it blank in case you want it to use your users permissions instead.

The iam:PassRole permission is crucial for allowing users to specify a role that CloudFormation can assume. If a user wants to deploy a stack that requires CloudFormation to assume a specific role (like a service role), the user needs to have iam:PassRole permission for that role.
Without iam:PassRole, a user cannot tell CloudFormation to use a service role, even if that role has the necessary permissions to create or modify resources.

A user with passrole can create resources through cloudformation even if the user itself doesn’t have the permission.

Question 5

What is Amazon SES?

Answer 5

Simple Email Service:
It allows you to send emails globally and at scale.
You can use it in conjunction with applications as an SMTP server to send emails to users.

Similar to zimbra.

Question 6

What is Amazon Pinpoint?

Answer 6

Marketing communications service.

For sending programmed messages in bulk.
Can create message templates, delivery schedules, and full campaigns.

Supports Email, SMS, Push notifications, voice, in app messaging.

Main use cases if to send SMS messages to customers. Can also receive replies cause its inbound/outbound service.

Use it with other services to automate delivery of sms.

Question 7

What are the differences between amazon SNS, SES, and Pinpoint?

Answer 7

In SNS and SES you manage the message audience from your app, content of message, and delivery schedule.

With Pinpoint, you can create message templates, delivery schedules,

Question 8

What is SSM session manager?

Answer 8

Allows you to start an SSH connection to your instances without using port 22 or any other port. This is for better security.

Needs SSM agent installed on instances to work. Amazon AMIs include the ssm agent by default.

Question 9

What is fleet manager?

Answer 9

The SSM feature that lets you centrally manage all your EC2 instances with the ssm agent intalled. You can update their agent version and do other management tasks.

Question 10

Which SSM feature lets you manage all your ssm agent instances?

Answer 10

Fleet Manager

Question 11

Which SSM feature lets you access your instances through SSH without using any port?

Answer 11

Session Manager

Question 12

What do EC2 instances need to have be managed by SSM?

Answer 12

The SSM Agent. Amazon AMIs include it by default.
And they need an instance role that lets them contact SSM Service.

Question 13

What is SSM Run Command?

Answer 13

Allows you to run commands or scripts to groups of SSM Agent installed server. These could be EC2 instances but also onpremises servers. This has integrations with IAM, CloudTrail, SNS. and EventBridge for automation of script running.

Question 14

What is SSM Patch Manager?

Answer 14

Automates the patching process of managed instances. You can patch automatically, or scheduled maintenance. You can generate reports on patch version compliance.

Question 15

What is SSM Automation?

Answer 15

Configure SSM documents to automate and simplify common tasks in EC2 and in other services too, like restarting instances, creating AMIs, Snapshot your RDS Databases, etc.

Integrated with EventBridge and AWS Config. AWS Config uses ssm automation to remediate.

Question 16

What is AWS Cost Explorer

Answer 16

To visualize, understand, and manage your AWS Costs and usage over time.

Create custom reports for costs and usage data, like diagrams and graphs.

You can get monthly, weekly, hourly graphs, for granularity.

Gives you a savings plan to help you lower your bill costs.

Gives you a forecast of up to 12 months based o previous usage.

Question 17

What is AWS Cost Anomaly Detection?

Answer 17

Continuously monitors your usage and uses ML to detect unusual spends in your accounts.

Question 18

What is AWS Batch?

Answer 18

Fully managed batch processing service.

You can run 10000s of computing batch jobs on aws.

A batch job is a computing job that has a start and an end. So it happens in a time period, for example between 1:00hs and 3:00hs.

Batch will dinamically start EC2 instances and spot instances to accomodate to the load in which you have to run these batch jobs.

Batch can also run serverless with fargate, instead of creating EC2 instances. Batch can also run in EKS.

Question 19

How does Batch work?

Answer 19

Batch jobs are defined as docker images that run in ECS, that can run on many EC2 instances, in fargate, or in EKS.
You upload your image and specify the resources you want to use for the job and batch runs it as containers, on a scheduled window.
Then you get your results in S3 or other user defined storage.

Question 20

What other aws service does batch use behind the scenes to run the compute?

Answer 20

ECS. It runs ECS containers either on EC2 instances, fargate, or EKS.

Question 21

What is Amazon AppFlow?

Answer 21

A service for integration between SaaS applications and AWS.
It allows you to securely transfer data between SaaS apps and AWS. Simplifying the integration.

SaaS apps include Salesforce, Slack, SAP, etc.

Data can be transfered to S3, Redshift, and other services.

Question 22

What is AWS Amplify?

Answer 22

A web and mobile app fullstack development tool.

It’s a managed service that uses other aws services behind the scenes, like S3, cognito, appsync, apigw, lambda, etc, to build the backend of your app, and then lets you use whichever frontend language.

It can be deployed by using cloudfront.

It’s an elastic beanstalk version for web and mobile apps.

Question 23

As part of your Disaster Recovery strategy, you would like to make sure your entire infrastructure is code (IaC) so that you can easily re-deploy it in any AWS region. Which AWS service do you recommend?

Answer 23

CloudFormation

Question 24

Which AWS service allows you to send marketing SMS and push notifications to a large number of customers with personalized messages?

Answer 24

AWS Pinpoint

Question 25

What is the most secure way to connect to an EC2 instance without exposing the SSH port 22?

Answer 25

SSM Session Manager

Question 26

Which AWS service allows you to run and schedule hundreds of thousands of computing jobs on AWS such as big data and complex analytics jobs?

Answer 26

AWS Batch

Question 27

The company you are working on is using Salesforce and Slack internally. For archival and some analytics requirements, you have been tasked to transfer the data in both Salesforce and Slack to AWS in an S3 bucket. Which AWS service is best suited for this scenario?

Answer 27

AWS AppFlow