Practice 3 Flashcards
AWS AppSync
> simplifies application development by letting you create a flexible API to securely access, manipulate, and combine data from one or more data sources.
managed service that uses GraphQL to make it easy for applications to get exactly the data they need.
workflow in SWF
defines all the activities in the workflow.
purpose of a decision task
tells the decider the state of the workflow execution
activity task
tells the worker to perform a function
SWF task
represents a single task in the workflow
Kinesis data stream stores records from(duration)
24 hours by defaultto a maximum of 168 hours.
Server-Side Encryption
You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects
Client-Side Encryption
You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.
2 Client-Side Encryptions
- Client-Side Encryption with AWS KMS–Managed Customer Master Key (CMK)
- Client-Side Encryption Using a Client-Side Master Key
CloudFront Origin Access Identity
feature which ensures that only CloudFront can serve S3 content
Glacier retrieval options
- Standard - 3 - 5 hours
- Expedited - 1 - 5 mins
- Bulk - 5 - 12 hours
Glacier Select
you can run queries and custom analytics on your data that is stored in Glacier, without having to restore your data to a hotter tier like Amazon S3
Glacier Provisioned Capacity
> ensures that your retrieval capacity for expedited retrievals is available when you need it.
Each unit of capacity provides that at least three expedited retrievals can be performed every five minutes and provides up to 150 MB/s of retrieval throughput.
Why purchase Glacier Provisioned Capacity
You should purchase provisioned retrieval capacity if your workload requires highly reliable and predictable access to a subset of your data in minutes
Ranged Archive Retrievals
retrieve an archive from Glacier, you can optionally specify a range, or portion, of the archive to retrieve:
> Manage your data downloads
> Retrieve a targeted part of a large archive
Amazon S3 now provides increased performance to support at least ? requests per second to add data and ? requests per second to retrieve data
at least 3,500 requests per second to add data and 5,500 requests per second to retrieve data
Lambda automatically monitors functions on your behalf and reports metrics through Amazon CloudWatch:
- Duration – The average, minimum, and maximum execution times.
- Invocations – The number of times that the function was invoked in each 5-minute period.
- Error count and success rate (%) – The number of errors and the percentage of executions that completed without error.
- DeadLetterErrors – The number of events that Lambda attempted to write to a dead-letter queue, but failed.
- IteratorAge – For stream event sources, the age of the last item in the batch when Lambda received it and invoked the function.
- Throttles – The number of times that execution failed due to concurrency limits.
The following VPC peering connection configurations are not supported.
- Overlapping CIDR Blocks
- Transitive Peering
- Edge to Edge Routing Through a Gateway or Private Connection
Therevoke-security-group-ingresscommand
removes one or more ingress rules from a security group
revoke-security-group-egress
Removes one or more egress rules from a security group
When connecting to your EC2 instance via SSH, you need to ensure that
port 22 is allowed on the security group of your EC2 instance.
Network ACL is much suitable to control the traffic that goes in and out of your entire VPC and not just on one EC2 instance.- T or F
true
You can modify a launch configuration after creating it - T or F
false; you can’t modify
When you create a launch configuration, you specify information for the instances such as the:
- block device mapping.
- Amazon Machine Image (AMI) ID
- key pair,
- instance type,
- Security groups
Active-Active Failover
Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Route 53 can detect that it’s unhealthy and stop including it when responding to queries.
Active-Passive Failover
Use an active-passive failover configuration when you want a primary resource or group of resources to be available the majority of the time and you want a secondary resource or group of resources to be on standby in case all the primary resources become unavailable. When responding to queries, Route 53 includes only the healthy primary resources. If all the primary resources are unhealthy, Route 53 begins to include only the healthy secondary resources in response to DNS queries.
How does Amazon ElastiCache improve database performance?
By caching database query results.
Lambda error EC2ThrottledException
- You only specified one subnet in your Lambda function configuration. That single subnet runs out of available IP addresses and there is no other subnet or Availability Zone which can handle the peak load.
- Your VPC does not have sufficient subnet ENIs or subnet IPs.
allowed block size in VPC is between
a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses) and not/27 netmask
Billed EC2 instance states
- running
- stopping - billed if preparing to hibernate
- terminated - reserved instances are billed until the end of their term according to their payment option
Unbilled Ec2 instance states
- Pending
- stopping - if preparing to stop
- stopped
- shutting down
- terminated
The presigned URLs are useful if
you want your user/customer to be able to upload a specific object to your bucket, but you don’t require them to have AWS security credentials or permissions.
origin access identity (OAI)
prevents users from viewing your s3 files by simply using the direct URL for the file..instead they would need to access it using a cloudfront URL
Signed URLS vs signed cookies
Signed URLS:
1. RMTP distribution (streaming) - signed cookies aren’t supported for RMTP
2. Restrict access to individual files (ex: installation download for your application)
3. client using custom HTTP that don’t support cookies
signed cookies:
1. provide access to multiple restricted files
2. you don’t want to change current urls
