Review Flashcards
Monthly billing for lambda is based on what?
Execution request and the time is rounded to the nearest 100 ms.
which is a compulsory section in CFT
resources
Maximum size of an item in DynamoDB table
400KB
AWS service supports infrastructure as a code?
CloudFormation
a Load balancer can span across?
Multiple AZs
What can be used to provide internet connectivity to the resources residing in a private subnet?
Internet gateway.
CloudWatch
can not manually deleted.
DATA STORED IN A S3 CAN BE ACCESSED FROM?
anywhere across the internet.
By default, which of the following metrics are not supported by CLoudWatch?
Memory free/used.
which Services is used along with S3 to enable S3 Transfer Acceleration?
CloudFront
MySQL RDS instance
CAN NOT be stopped or paused. TO SAVE MONEY, the user needs to take the final snapshot, terminate the instance and launch a new instance in the future from that snapshot.
Elastic Load Balancing
use SSL certificate in order to improve your system security. use AWS identity and Access Management to upload your certificate to your load balancer.
SQS Time to live
1 minute to 2 weeks
SQS data size in a message
256KB
EBS Volume
it is required to mount the device when a user creates an EBS volume and attaches it as a device.
DynamoDb access
Amazon DynamoDB integrates with AWS Identity and Access Management(IAM). You can use AWS IAM to grant access to Amazon DynamoDB resources and API actions. To do this, you first write an AWS IAM policy, which is a document that explicitly lists the permissions you want to grant. you then attach that policy to an AWS IAM user or role.
Best suitable options to allow access to the log bucket.
Provide ACL for the logging group.
CloudFormation
gives developers and systems administrators an easy way to create and manage collections of AWS resources. you can now set ReadReplicas for your databases with RDS when you create a new cloudFormation template.
AWS RDS with multi AZ feature
the user can not provision the availability zone. RDS is launched automatically instead.
user need to specify whether it is multi AZ or not.
AWS Elastic Beanstalk
support multiple running environment.
Ec2-classic
AWS does not provide a fixed MAC address to the instances launched in ECs-classic. If the instance is launched as apart of EC2-VPC, it ca have an ENI which can have a fixed MAC. However, with EC2-CLassic, every time the instance is started or stopped it will have a new MAC address. To get this MAC, the orgAMzation can run a script on boot which can fetch the instance metadata and get the MAC address from that instance metadata.
IAM User
IAM users by default cannot change their password. the root owner or IAM administrator needs to set the policy in the password policy page, which should allow the user to change their password. Once it is enabled, the IAM user can always change heir passwords from the AWS console or CLI.
EBS volume
provides persistent data storage. the user cam attacj a volume to any instance provided they are both in the same AZ.
ReceiveMessageWaitTimeSeconds
when set to greater than zero enables long polling. Long polling allows the Amazon SQS service to wait until a message is available in the queue before sending a response.
S3 bucket policies
require a Principal be defined.
If you do not ensure that DNS is re-resolved or use multiple test clients to simulate increased load, the test may continue to hit a single IP address when Elastic Load Balancing has actually allocated many more IP addresses. Because your end users will not all be resolving to that single IP address, your test will not be a realistic sampling of real-world behavior.
Use a third party load-testing service to send requests from globally distributed clients, Force the software-based load tester to re-resolve DNS before every request
MissingSecurityHeader
400 bad request would be the HTTP response code for Missing SecurityHeader.
S3:ReducedRedundancyLostObject
S3 provides the S3:ReducedRedundancyLostObject for objects that are using the Reduce Redundancy Storage class on Amazon S3. This notification is used with SNS and sends a JSON object notification to the subscribed SNS topics if an object is lost by Amazon S3. This allows you to create automation and be informed with RRS (99.9% durability storage) has an object data loss from one of your buckets. AWS now supports event notifications for object creation as well.
API call to attach an EBS volume to an EC2 instance
AttachVolume
necessary steps to set up a static website on S3.
Upload an index document to your S3 bucket, Enable static website hosting in your S3 bucket properties, Select the “Make Public” permission for your bucket’s objects
What is the API call used when authenticating users against a Web Identity Provider like Facebook, Google, Amazon, etc.)?
AssumeRoleWithWebIdentity API call while passing the provider’s token and specifying the ARN (Amazon Resource Number) for the IAM Role.
What is the default timeout of Temporary Security Credentials issued by AWS after a user has authenticated with a third-party Identity Provider?
1 hour – minimum is 15 minutes
In what order are Atomic Counters written to a DynamoDB?
All write requests are applied in the order in which they are received.
ec2-net-utils
For AWS Linus, it is a package that configures additional network interfaces that the user can attach while the instance is running, refreshes secondary IP addresses during DHCP lease renewal, and updates the related routing rules.
send push notifications to mobile devices using SNS and ADM
need to obtain RegistrationID and Client secret. you do not need Device token.
MS SQL RDS
does not support multi AZ
HOW TO CONFIGURE TERMINATION POLICIES?
either specify any one of the policies as a standalone policy or list multiple policies in an ordered list.
S3 Bucket ACL
can grant permission to S3 Log Delivery group to write access log objects to the user’s bucket.
Elastic Beanstalk
support multiple environments
ec2-share-image-attribute
share image
IAM role
– IAM roles are based on temporary security tokens, so they are rotated automatically. Keys in the source
code cannot be rotated (and are a very bad idea). It’s impossible to retrieve credentials from an S3 bucket if you
don’t already have credentials for that bucket. Active Directory authorization will not grant access to AWS
resources.
Which relational database engines does Amazon RDS support?
Amazon RDS supports Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL database engines.
the default interval for CloudWatch metrics
1 minutes?
how to attach volume to an EC2 instance from different AZ?
take a snapshot of the volume and create a new volume in the instance’s AZ, then attach.
multiple IAM group policies
always aggregated.
Connect to RDS(MYSQL)
open port 3306 in the security group for MYSQL.
Can user create a larger EBS volume from an existing snapshot with lower size?
Yes, user need to change the size of the device with resize…
AWS ELB with custom domain
by creating CNAME with the existing domain name service provider;
by creating a record with Route 53.
can be used to bootstrap both the chef Server and chef Client software
CloudFormation
Amazon RDS DB instance back up
automated backups and DB snapshots.
CLI commands for EC2 instances
ec2-accept-vpc-peering-connection; ec2-allocate-address; ec2-assign-private-ip-address; ec2-associate-address; ec2-associate-dbcp-options; ec2-associate-route-table; ec2-attach-internet-gateway; ec2-attach-network-interface(not ec2-allocate-interface).
SQS security
SQS uses either your Access Key ID or an X.509 certificate to authenticate your identity.
x-Forwarded-Port
identify the port used by the client while requesting ELB.
Tag limits
10 tags er load balancer;
max key length 127;
max value length 255;
keys and values are case sensitive.
DB parameter group
contains engine configuration values that can be applied to one or more DB instances of the same instance type.
RDS charge
on a pay as you go basis. It charges the user based on the instance type, number of hours that the instance is running, data transfer, storage cost as well for I/O request. the monitoring is free of cost.
SQS free tier message limit
1 million
SQS allow anonymous access queue
Yes
Can an AMI launch EC2 instance within same region?
Yes
AWS console for DynamoDB
can setup alarms to monitor your table’s capacity usage;
create, update, and delete tables;
View your table’s top monitoring metrics on real-time graphs from CloudWatch.
can not import data from other databases or from files.
Shared responsibility
Customer’s responsibility:
Life-cycle management of IAM credentials;
Security group and ACL settings
Encryption of EBS volumes
Patch management on the EC2 instance’s OS;
AWS responsibility:
Decommissioning storage devices?;
controlling physical access to compute resources;
manual auto scalling
modify the desired capacity. if the user is trying to CLI, use command as-set-desired-capacity – desired-capacity