PP ET Flashcards
In Elastic Beanstalk, how would you change from using a micro to large instance to handle more requests?
create a NEW config file with the instance type set to large
In Elastic Beanstalk, name the 2 times you can set configuration options?
- when you create your environment
- save the configuration options in a configuration file
In Elastic Beanstalk, what happens if the same value is set in multiple locations?
The value used depends on order of precedence (highest -> lowest)
- settings specified during a create/update environment API
- settings loaded from a saved configuration.
- settings loaded from configuration files in the .ebextensions folder
- settings loaded as default value
What do we know about Elastic Beanstalk config files?
Settings aren’t applied directly to the environment and you need to deploy a new version with updated config to implement changes
What does resource: AWS::Serverless:Application in the SAM template do?
It embeds nested apps from S3 buckets in
It uses nested stacks in Cloud Formation to do this
What would you use if you want to update and persist in one transaction & roll back if update fails
Use Transact* operation in DynamoDB that lets you group multiple operations into 1 transaction that rolls back if 1 fails
Users are seeing 5XXX response error codes at irregular intervals when they are using a Java app that makes API requests directly to AWS.
How would you update the app to improve resilliancy?
Use the AWS SDK for Java to interact with AWS APIs because:
- Automatic retries (if 5XXX error)
- Exponential back off (waits between retries)
- Abstracts complexities of APIs
A company is using Cloud Front distribution to store their data in US region.
How would the company launch an app in the UK that stores data in the UK, without deploying a specific mobile client for the UK?
- Create a Lambda@Edge function
- Associate the Lambda@Edge function with origin request trigger
What is Lambda@Edge function?
Allows you to run code on Cloud Front edge locations (close to users globally) in response to Cloud Front events.
What is an origin request trigger?
An event that happens before Cloud Front sends a request to the origin
A developer is using SAM LOCAL CLI to test a Lambda function.
The app implemented by the lambda function makes several API calls using the SDK.
How would you allow the function to make API calls in a test AWS account from a developers laptop?
Add a test profile by using the aws configure command with the –profile option. Run AWS SAM by using the sam local invoke command with the –profile option.
Name 2 ways to make API requests from an EC2 instance to an S3 bucket secure?
- Create an IAM role with permissions to the S3 bucket
- Add the IAM role to the instance profile and attach the instance profile to an EC2 instance
What is an instance profile?
a container for an IAM role (can use to pass role info)
Cloud Front is being configured to encrypt data in transit.
You are running an app in the EU region.
A new ACM is created in the EU region (the same region the app is running)
But these settings are not visible to Cloud Front.
How would you make these settings visible to Cloud Front?
- ACM must be created in the SAME region as Cloud Front
- CNAME in Cloud Front must be the same as the domain name in the certificate
Users login with Facebook to your app that’s using an Application Load Balancer with Cloud Front.
How would you authenticate users?
Configure Cognito integration with the Application Load Balancer
What does a function need to do if it wants to determine whether they are running on a GPU instance?
Retrieve the instance type from the instance meta data:
curl http://169.254.169.254/latest/meta-data/instance-type
An app uses MFA and cognito user pools.
What is the most efficient way to send a login notification activity every time a user logs in?
Use a cognito post-authentication trigger that calls a Lambda function to send an email notification via SES that a user has logged in
What does SES stand for?
Simple Email Service
What is a post-authentication Lambda trigger?
Only invokes lambda after user authorised
A company has a 3 tier web app behind Cloud Front distribution
How would a developer monitor the error rates and anomalies of the Cloud Front distribution with the shortest possible interval?
- Activate real time logs (Cloud Front distribution)
- Create a stream (Kinesis Data Stream)
- Configure Kinesis Streams to deliver logs to Open Search Service (Elastic Search Service)
- Create a dashboard (OpenSearch in Kibana)
What service would you use to store SNS messages that were not able to be delivered?
SQS (dead letter queue)
An app has 1 Docker image that is built and pushed to a public Docker registry.
How would you deploy it on Elastic Beanstalk?
Create a docker-compose.yml file and use the Elastic Beanstalk CLI to deploy the app
In a three tier app, how would you decouple a RDS DB instance from the Elastic Beanstalk environment?
Create a new Elastic Beanstalk environment (that connects to the DB instance) and create a new DB instance (from a snapshot of the old DB instance)
An API Gateway endpoint exposes a Lambda function that processes and stores a clothing stores online transactions.
The number of transactions rapidly increases throughout the day and almost no transactions at night.
What is the cheapest way to increase the elasticity of the system>
Migrate from RDS to Aurora SQL and use an auto scaling policy to scale read replicas based on the number of database connections
(can have up to 15 read replicas)
What is the most secure way to configure Lambda function access to DynamoDB table?
Create an IAM policy (that allows access to the DynamoDB table (and attach this policy to the Lambda function’s IAM role)
What user authorisation and authentication would you implement for a web app hosted on an EC2 instance to ensure that their credentials are encrypted and secure in transit and at rest?
Use Amazon Cognito (to configure a user pool) and the Cognito API (to authenticate and authorise users)