Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Certified Developer Associate 2021 > Revisões Provas > Flashcards

Revisões Provas Flashcards

1
Q

Qual o tipo de instância que entra na categoria de reservada mas pode ter suas configurações alteradas?

A

É a Convertible Reserved Instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Como funciona KMS?

A

KMS salva chaves mestres (master Key), que é responsável por descriptografar outras chaves simétricas (simetric data key).

Então quando um dado precisa ser criptografado, ele é criptografado utilizando a simetric data Key e em sequência a simetric data Key é criptografada pela chave mestre gerenciada pelo KMS.

AWS KMS supports three types of CMKs: customer-managed CMKs, AWS managed CMKs, and AWS owned CMKs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Por que o deploy immutable zera os créditos Burst?

A

Por que ele irá dobrar a quantidade de instâncias em um novo ASG, para realizar o deploy da aplicação, destruindo as instâncias anteriores

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Como funciona o Access Advisor feature on IAM console

A

To help identify the unused roles, IAM reports the last-used timestamp that represents when a role was last used to make an AWS request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Qual a diferença entre o SAM e o CDK?

A

O SAM é um template mais conciso para criação de infraestrutura serverless.
O CDK é uma forma de criar infraestrutura utilizando linguagens mais conhecidas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Quais são as duas formas de realizar o deploy de SSL certificates?

A

Através do AWS Certificate Manager e IAM (para regiões que não suporta o ACM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A new project demands a throughput requirement of 10 strongly consistent reads per second of 6KB in size each.

A

Um RCU representa:

  • duas evetually consistent read para itens de até 4kb
  • uma strogly consistent read para itens de até 4kb

Logo serão necessárias 20 RCU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Se uma lambda escreve no DynamoDb com putItem dois itens, um de 0,5 KB e outro de 3.5 KB por segundo,quantos WCU são necessários?

A

É consumido um WCU por até 1KB de dado escrito por segundo.

O primeiro item, consome (0.5-→1kb) 1 WCU e o segundo item (3.5→4kb) consome 4 WCU, portanto é necessário 5 WCU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Como funciona a distribuição de carga em uma aplicação distribuída em duas ou mais AZ?

A

A load balancer accepts incoming traffic from clients and routes requests to its registered targets (such as EC2 instances) in one or more Availability Zones.

The nodes for a load balancer distribute requests from clients to registered targets. When cross-zone load balancing is enabled, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. When cross-zone load balancing is disabled, each load balancer node distributes traffic only across the registered targets in its Availability Zone. With Application Load Balancers, cross-zone load balancing is always enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Que tipos de políticas apenas limitam às permissões dos usuários?

A

AWS Organization Service Control Police (SCP) (limita o máximo de permissão que uma conta pode ter)
e
Permissions Boundary (Maximum permissions that the identity-based policies can grant to an entity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Qual credencial o code commit não aceita?

A

IAM user password.

SSH keys, Gir Credentials e AWS Access keys são aceitas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Quais são os recursos suportados pelo SAM?

A

SAM supports the following resource types:

AWS::Serverless::Api

AWS::Serverless::Application

AWS::Serverless::Function

AWS::Serverless::HttpApi

AWS::Serverless::LayerVersion

AWS::Serverless::SimpleTable

AWS::Serverless::StateMachine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Autoscaling group pode criar instâncias em diferentes AZs? E diferentes regiões?

A

Sim, ele pode criar instâncias em diferentes AZs mas não em diferentes regiões.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Dedicated Instances são isoladas no nível de hardware?

A

Sim, elas são. Dedicated Instances são criadas somente em hardware dedicado, porém são mais baratas do que dedicated host.

Dedicated Instances are Amazon EC2 instances that run in a virtual private cloud (VPC) on hardware that’s dedicated to a single customer. Dedicated Instances that belong to different AWS accounts are physically isolated at a hardware level, even if those accounts are linked to a single-payer account. However, Dedicated Instances may share hardware with other instances from the same AWS account that are not Dedicated Instances.

A Dedicated Host is also a physical server that’s dedicated for your use. With a Dedicated Host, you have visibility and control over how instances are placed on the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Quais são as principais sessões do template do Cloud Watch?

A

AWSTemplateFormatVersion: “version date”

Description:
String

Metadata:
template metadata

Parameters:
set of parameters

Rules:
set of rules

Mappings:
set of mappings

Conditions:
set of conditions

Transform:
set of transforms

Resources:
set of resources

Outputs:
set of outputs
Template sections
Templates include several major sections. The Resources section is the only required section. Some sections in a template can be in any order. However, as you build your template, it can be helpful to use the logical order shown in the following list because values in one section might refer to values from a previous section.

Format Version (optional)
The AWS CloudFormation template version that the template conforms to. The template format version isn't the same as the API or WSDL version. The template format version can change independently of the API and WSDL versions.

Description (optional)
A text string that describes the template. This section must always follow the template format version section.

Metadata (optional)
Objects that provide additional information about the template.

Parameters (optional)
Values to pass to your template at runtime (when you create or update a stack). You can refer to parameters from the Resources and Outputs sections of the template.

Rules (optional)
Validates a parameter or a combination of parameters passed to a template during a stack creation or stack update.

Mappings (optional)
A mapping of keys and associated values that you can use to specify conditional parameter values, similar to a lookup table. You can match a key to a corresponding value by using the Fn::FindInMap intrinsic function in the Resources and Outputs sections.

Conditions (optional)
Conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update. For example, you could conditionally create a resource that depends on whether the stack is for a production or test environment.

Transform (optional)
For serverless applications (also referred to as Lambda-based applications), specifies the version of the AWS Serverless Application Model (AWS SAM) to use. When you specify a transform, you can use AWS SAM syntax to declare resources in your template. The model defines the syntax that you can use and how it is processed.

You can also use AWS::Include transforms to work with template snippets that are stored separately from the main AWS CloudFormation template. You can store your snippet files in an Amazon S3 bucket and then reuse the functions across multiple templates.

Resources (required)
Specifies the stack resources and their properties, such as an Amazon Elastic Compute Cloud instance or an Amazon Simple Storage Service bucket. You can refer to resources in the Resources and Outputs sections of the template.

Outputs (optional)
Describes the values that are returned whenever you view your stack’s properties. For example, you can declare an output for an S3 bucket name and then call the aws cloudformation describe-stacks AWS CLI command to view the name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Para que ser AWS Trusted Advisor?

A

AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Para o que serve o IAM Access Analyzer?

A

AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Para o que serve o Amazon Inspector?

A

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following represents the correct order of steps to be followed for creating an app using AWS CDK?

A

Create the app from a template provided by AWS CDK -> Add code to the app to create resources within stacks -> Build the app (optional) -> Synthesize one or more stacks in the app -> Deploy stack(s) to your AWS account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Como especificar ações no code deploy?

Qual a ordem do workflow de deploy para Lambdas e EC2/on-premises compute platform?

A

Adicionar o arquivo appspec.yml na pasta root com as especificações de ações em cada passo.

Os passos do workflow são:
1 - Criar aplicação
2 - Especificar o deployment Group
»> Especifica o tipo do deploy (in-place or blue/green deploy) e em quais instância será realiza o deploy
3 - Especificar a configuração do deploy
»> How many instances your application revisions should be simultaneously deployed and to describe the success and failure conditions for the deployment.
4 - Upload Revision
»> You must include an application specification file (AppSpec file). This file contains deployment instructions, such as where to copy the files onto each instance and when to run deployment scripts.
5 - Deploy
»> Deploy your application revision to the deployment group. (seguindo as instruções do AppSpec.yml
6 - Check Results
7 - Redeploy as needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Qual o arquivo utilizado pelo codebuild? Qual a estrutura desse arquivo?

A

É o buildspec que deve ser colocado na pasta root com as especificações do build.

version: 0.2

phases:
  install:
    runtime-versions:
      java: corretto11
  pre_build:
    commands:
      - echo Nothing to do in the pre_build phase...
  build:
    commands:
      - echo Build started on `date`
      - mvn install
  post_build:
    commands:
      - echo Build completed on `date`
artifacts: -- represents the set of build output artifacts that CodeBuild uploads to the output bucket.
  files:
    - target/messageUtil-1.0.jar
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Quais são os tipos de discos EBS?

Qual o máximo e o mínimo de volume e IOPS

A

Há 3 tipos: Solid State Drivers (SSD), Hard Disk Drives (HDD) e previous generation.

O SSD tem duas categorias, a General Purpose SSD (gp2 e gp3) e Provisioned IOPS SSD.

O gp2 e gp3 pode ter volume de 1GiB a 16 TiB, com máximo de 16000 IOS (apps de baixa latência / ambientes de dev). Gp2 atinge os 16k IOPS com 5.3TiB. o gp3 atinga 16kIOPS com 32GiB

Já o Provisioned IOPS SSD tem volume de4GiB até 16TiB, com IOPS per volume de até 64000 (workloads de alto IOPS, I/O instensive database workloads.
* O IOPS cresce conforme o tamanho do disco.

Já o HDD o Throughput Optimized HDD e Cold HDD; São comummente utilizados para DW, Log Processing, Big data, onde os dados são pouco acessados. Máximo de 500 IOPS e 125GiB - 16 TiB).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Visando separar workloads pesados da aplicação web que deve ter resposta rápida, qual a melhor forma de fazer isso utilizando o Elastic Benstalk?

A

Utilizando dedicated worker enviroment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Qual comando utilizado para habitar a monitoração detalhada de instâncias ec2?

A

aws ec2 monitor-instances –instance-ids i-1234567890abcdef0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Qual header é utilizado para identificar o IP do cliente em uma requisição?

A

X-Forwarded-For

26
Q

Qual a diferença entre API Gateway HTTP e API Gateway Rest?

A

Vantagens API HTTP:

O API Gateway HTTP é mais barata e de baixa latência (também íntegra com lambda). As APIs HTTP são compatíveis com a autorização OIDC e OAuth 2.0 e vêm com suporte interno para CORS e implantações automáticas.

Desvantagens API HTTP:
Não tem tratamento de transformação do corpo, validação do pedido/resposta (request/response), e na parte de segurança não pode utilizar o WAF (web application firewall)

Vatangens API Restt:
Possui plano de uso, chaves de API
Validação do resquest/response
Logs de acesso com o firehose, segurança do WAF citado acima, integração com o xray

https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html

27
Q

Qual o limite de variáveis de ambientes para uma função lambda?

A

O limite é de 4KB para todas as variáveis de ambientes , mas não há limite para a quantidade de variáveis criadas

28
Q

Como realizar o deploy de uma API em produção no API Gateway?

A

After creating your API, you must deploy it to make it callable by your users. To deploy an API, you create an API deployment and associate it with a stage. A stage is a logical reference to a lifecycle state of your API (for example, dev, prod, beta, v2). API stages are identified by the API ID and stage name. They’re included in the URL that you use to invoke the API. Each stage is a named reference to a deployment of the API and is made available for client applications to call.

Stages enable robust version control of your API. In our current use-case, after the updates pass the test, you can promote the test stage to the prod stage. The promotion can be done by redeploying the API to the prod stage or updating a stage variable value from the stage name of test to that of prod.

29
Q

O que acontece se terminar um container que esteja stopado no cluster ECS?

A

If you terminate a container instance while it is in the STOPPED state, that container instance isn’t automatically removed from the cluster. You will need to deregister your container instance in the STOPPED state by using the Amazon ECS console or AWS Command Line Interface. Once deregistered, the container instance will no longer appear as a resource in your Amazon ECS cluster.

30
Q

Qual a resolução das métricas do cloud Watch?

A

O default é de 5 minutos. É possível habilitar a monitoração detalhada para obter coletas a cada um minuto. Para janelamemto menores é possível utilizar a custom metric com granularidade de até 1 segundo

31
Q

Como monitorar métricas com janelamemto de 10 segundos da minha infra?

A

Create a high-resolution custom metric and push the data using a script triggered every 10 seconds

Using high-resolution custom metric, your applications can publish metrics to CloudWatch with 1-second resolution. You can watch the metrics scroll across your screen seconds after they are published and you can set up high-resolution CloudWatch Alarms that evaluate as frequently as every 10 seconds. You can alert with High-Resolution Alarms, as frequently as 10-second periods. High-Resolution Alarms allow you to react and take actions faster and support the same actions available today with standard 1-minute alarms.

32
Q

Quando utilizar step functions?

A

Standard Workflows on AWS Step Functions are suitable for long-running, durable, and auditable workflows that can also support any human approval steps - Standard Workflows on AWS Step Functions are more suitable for long-running, durable, and auditable workflows where repeating workflow steps is expensive (e.g., restarting a long-running media transcode) or harmful (e.g., charging a credit card twice). Example workloads include training and deploying machine learning models, report generation, billing, credit card processing, and ordering and fulfillment processes. Step functions also support any human approval steps.

You should use Express Workflows for workloads with high event rates and short duration* - You should use Express Workflows for workloads with high event rates and short durations. Express Workflows support event rates of more than 100,000 per second.

33
Q

Quais são as principais sessões do AppSpec file (arquivo do CodeDeploy)?

A

version: 0.0
os: linux
files:
- source: /
destination: /var/www/html/WordPress
hooks:
BeforeInstall:
- location: scripts/install_dependencies.sh
timeout: 300
runas: root
AfterInstall:
- location: scripts/change_permissions.sh
timeout: 300
runas: root
ApplicationStart:
- location: scripts/start_server.sh
- location: scripts/create_test_db.sh
timeout: 300
runas: root
ApplicationStop: – Para e remover pacotes da antiga versão da aplicação
- location: scripts/stop_server.sh
timeout: 300
runas: root
ValidateService – This is the last deployment lifecycle event. It is used to verify the deployment was completed successfully.

34
Q

Quando deve-se utilizar o Instace Store Volumes?

A

Para dados efemeros, que não precisam ser salvos. Isso se deve pois caso uma EC2 seja Stopada ou terminada, os dados serão apagados.

35
Q

Quais são os tipos de integração do API Gateway da AWS?

A

AWS: This type of integration lets an API expose AWS service actions. In AWS integration, you must configure both the integration request and integration response and set up necessary data mappings from the method request to the integration request, and from the integration response to the method response.

AWS_PROXY: This type of integration lets an API method be integrated with the Lambda function invocation action with a flexible, versatile, and streamlined integration setup. This integration relies on direct interactions between the client and the integrated Lambda function.

With this type of integration, also known as the Lambda proxy integration, you do not set the integration request or the integration response. API Gateway passes the incoming request from the client as the input to the backend Lambda function. The integrated Lambda function takes the input of this format and parses the input from all available sources, including request headers, URL path variables, query string parameters, and applicable body. The function returns the result following this output format.

This is the preferred integration type to call a Lambda function through API Gateway and is not applicable to any other AWS service actions, including Lambda actions other than the function-invoking action.

HTTP: This type of integration lets an API expose HTTP endpoints in the backend. With the HTTP integration, also known as the HTTP custom integration, you must configure both the integration request and integration response. You must set up necessary data mappings from the method request to the integration request, and from the integration response to the method response.

HTTP_PROXY: The HTTP proxy integration allows a client to access the backend HTTP endpoints with a streamlined integration setup on single API method. You do not set the integration request or the integration response. API Gateway passes the incoming request from the client to the HTTP endpoint and passes the outgoing response from the HTTP endpoint to the client.

MOCK: This type of integration lets API Gateway return a response without sending the request further to the backend. This is useful for API testing because it can be used to test the integration set up without incurring charges for using the backend and to enable collaborative development of an API.

36
Q

Qual o tamanho máximo da mensagem que pode ser enviada no SQS?

A

O tamanho máximo é de 256KB

37
Q

Qual a diferença entre LSI e GSI do DynamoDb?

A

DynamoDB supports two types of secondary indexes:

Global secondary index — An index with a partition key and a sort key that can be different from those on the base table. A global secondary index is considered “global” because queries on the index can span all of the data in the base table, across all partitions. A global secondary index is stored in its own partition space away from the base table and scales separately from the base table. Utiliza a mesma partitiom Key, muda apenas a sort Key. Pode ser criada apenas no momento de criação da tabela. Consome os mesmos recursos da tabela principal.

Local secondary index — An index that has the same partition key as the base table, but a different sort key. A local secondary index is “local” in the sense that every partition of a local secondary index is scoped to a base table partition that has the same partition key value.
Pode ter qualquer partition Key e sort Key, além de poder ser criada a qualquer momento. Consome recursos de forma independente.

38
Q

Qual a ordem que o client irá buscar pelas credenciais que for utilizado o construtor default?

A

If your application creates an AWS client using the default constructor, then the client will search for credentials using the default credentials provider chain, in the following order:

In the Java system properties: aws.accessKeyId and aws.secretKey.

In system environment variables: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

In the default credentials file (the location of this file varies by platform).

Credentials delivered through the Amazon EC2 container service if the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

In the instance profile credentials, which exist within the instance metadata associated with the IAM role for the EC2 instance.

Web Identity Token credentials from the environment or container.

39
Q

Como garantir Cross acount access?

A

To grant cross-account permissions, you need to attach an identity-based permissions policy to an IAM role. For example, the AWS account A administrator can create a role to grant cross-account permissions to AWS account B as follows:

The account A administrator creates an IAM role and attaches a permissions policy—that grants permissions on resources in account A—to the role.

The account A administrator attaches a trust policy to the role that identifies account B as the principal who can assume the role.

The account B administrator delegates the permission to assume the role to any users in account B. This allows users in account B to create or access queues in account A.

40
Q

Qual a diferença entre Cognito User Pools e Cognito Identity Pools e Cognito Sync?

A

Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. Identity pools provide AWS credentials to grant your users access to other AWS services.

AWS Cognito User Pools is there to authenticate users for your applications which looks similar to Cognito Identity Pools. The difference is that Identity Pools allows a way to authorize your users to use the various AWS services and User Pools is not about authorizing to AWS services but to provide add sign-up and sign-in functionality to web and mobile applications.

Cognito Sync - You can use it to synchronize user profile data across mobile devices and the web without requiring your own backend. The client libraries cache data locally so your app can read and write data regardless of device connectivity status.

41
Q

Como expor informações de um template cloud formation para utilização de outro Stack?

A

Use ‘Export’ field in the Output section of the stack’s template

To share information between stacks, export a stack’s output values. Other stacks that are in the same AWS account and region can import the exported values.

To export a stack’s output value, use the Export field in the Output section of the stack’s template. To import those values, use the Fn::ImportValue function in the template for the other stacks.

42
Q

Quais são os 3 possíveis targets de um ALB?

A

Instance, IP and Lambda.

If you specify targets using an instance ID, traffic is routed to instances using any private IP address from one or more network interfaces - If you specify targets using an instance ID, traffic is routed to instances using the primary private IP address specified in the primary network interface for the instance.

If you specify targets using IP addresses, traffic is routed to instances using the primary private IP address - If you specify targets using IP addresses, you can route traffic to an instance using any private IP address from one or more network interfaces. This enables multiple applications on an instance to use the same port.

43
Q

O que pode ser feito para entender a mensagem criptografada de falha de acesso?

Encoded authorization failure message: 6h34GtpmGjJJUm946eDVBfzWQJk6z5GePbbGDs9Z2T8xZj9EZtEduSnTbmrR7pMqpJrVYJCew2m8YBZQf4HRWEtrpncANrZMsnzk.

A

AWS STS decode-authorization-message
Use decode-authorization-message to decode additional information about the authorization status of a request from an encoded message returned in response to an AWS request. If a user is not authorized to perform an action that was requested, the request returns a Client.UnauthorizedOperation response (an HTTP 403 response). The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.

44
Q

Which of the following AWS CLI commands can you use to upload AWS Lambda functions and AWS CloudFormation templates to AWS?

A

cloudformation packageandcloudformation deploy
AWS CloudFormation gives developers and businesses an easy way to create a collection of related AWS and third-party resources and provision them in an orderly and predictable fashion.

45
Q

Para o que serve Cloud Front origin groups?

A

Use CloudFront’s Origin Groups to group both static and dynamic requests into one request for further processing - You can set up CloudFront with origin failover for scenarios that require high availability. To get started, you create an Origin Group with two origins: a primary and a secondary. If the primary origin is unavailable or returns specific HTTP response status codes that indicate a failure, CloudFront automatically switches to the secondary origin. Origin Groups are for origin failure scenarios and not for request routing.

46
Q

Qual parâmetro é utilizado para invalidar o cache pelo cliente e obter o dados direto do endpoint obtendo as respostas mais recentes?

A

Using the Header Cache-Control: max-age=0

A client of your API can invalidate an existing cache entry and reload it from the integration endpoint for individual requests. The client must send a request that contains the Cache-Control: max-age=0 header. The client receives the response directly from the integration endpoint instead of the cache, provided that the client is authorized to do so. This replaces the existing cache entry with the new response, which is fetched from the integration endpoint.

47
Q

Qual a diferença entre Security Group e ACL?

A

Security groups are stateful, so allowing inbound traffic to the necessary ports enables the connection. Network ACLs are stateless, so you must allow both inbound and outbound traffic.

To enable the connection to a service running on an instance, the associated network ACL must allow both inbound traffic on the port that the service is listening on as well as allow outbound traffic from ephemeral ports. When a client connects to a server, a random port from the ephemeral port range (1024-65535) becomes the client’s source port.

The designated ephemeral port then becomes the destination port for return traffic from the service, so outbound traffic from the ephemeral port must be allowed in the network ACL.

By default, network ACLs allow all inbound and outbound traffic. If your network ACL is more restrictive, then you need to explicitly allow traffic from the ephemeral port range.

If you accept traffic from the internet, then you also must establish a route through an internet gateway. If you accept traffic over VPN or AWS Direct Connect, then you must establish a route through a virtual private gateway.

48
Q

Quais bancos de dados eu posso utilizar a autenticação IAM?

A

IAM database authentication works with MySQL and PostgreSQL.

You can authenticate to your DB instance using AWS Identity and Access Management (IAM) database authentication. With this authentication method, you don’t need to use a password when you connect to a DB instance. Instead, you use an authentication token. An authentication token is a unique string of characters that Amazon RDS generates on request. Each token has a lifetime of 15 minutes. You don’t need to store user credentials in the database, because authentication is managed externally using IAM.

49
Q

Qual o tamanho máximo do container que uma.lambda pode ter?

Quais a forma de testar lambda localmente?

O que é obrigatório ter no container para ele rodar através de lambda?

A

10GB

Através do lambda runtime emulator.

É obrigatório ter o lambda runtime api

50
Q

Qual é o visibility timeout default da fila sqs? É possível trocar o tipo da fila após sua criação?

A

O default é 30 segundos. Não é possível trocar o tipo da fila após sua criação

51
Q

Como utilizar métricas do sqs para traking scalling policy o ASG ?

A

tracking scaling policy - If you use a target tracking scaling policy based on a custom Amazon SQS queue metric, dynamic scaling can adjust to the demand curve of your application more effectively.

The issue with using a CloudWatch Amazon SQS metric like ApproximateNumberOfMessagesVisible for target tracking is that the number of messages in the queue might not change proportionally to the size of the Auto Scaling group that processes messages from the queue. That’s because the number of messages in your SQS queue does not solely define the number of instances needed. The number of instances in your Auto Scaling group can be driven by multiple factors, including how long it takes to process a message and the acceptable amount of latency (queue delay).

The solution is to use a backlog per instance metric with the target value being the acceptable backlog per instance to maintain. You can calculate these numbers as follows:

Backlog per instance: To calculate your backlog per instance, start with the ApproximateNumberOfMessages queue attribute to determine the length of the SQS queue (number of messages available for retrieval from the queue). Divide that number by the fleet’s running capacity, which for an Auto Scaling group is the number of instances in the InService state, to get the backlog per instance.

Acceptable backlog per instance: To calculate your target value, first determine what your application can accept in terms of latency. Then, take the acceptable latency value and divide it by the average time that an EC2 instance takes to process a message.

To illustrate with an example, let’s say that the current ApproximateNumberOfMessages is 1500 and the fleet’s running capacity is 10. If the average processing time is 0.1 seconds for each message and the longest acceptable latency is 10 seconds, then the acceptable backlog per instance is 10 / 0.1, which equals 100. This means that 100 is the target value for your target tracking policy. If the backlog per instance is currently at 150 (1500 / 10), your fleet scales out, and it scales out by five instances to maintain proportion to the target value.

52
Q

Qual a diferença entre Alias Record e CNAME Record?

A

Aliás Record pode redirecionar para recursos da AWS utilizando o endereço raiz e é gratuito.

CNAME Record não pode, ele deve utilizar subdominios para redirecionar. É pago

53
Q

Como obter informações de metadata da instância?

A

http://169.254.169.254/latest/meta-data

54
Q

Qual o nome do componente de cachê do DynamoDb?

A

DynamoDB DAX

Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement: from milliseconds to microseconds: even at millions of requests per second.

55
Q

Quais são os parâmetros de página de API?

A

–max-items

–starting-token

For commands that can return a large list of items, the AWS Command Line Interface (AWS CLI) has three options to control the number of items included in the output when the AWS CLI calls a service’s API to populate the list.

”–page-size” - You can use the –page-size option to specify that the AWS CLI requests a smaller number of items from each call to the AWS service. The CLI still retrieves the full list but performs a larger number of service API calls in the background and retrieves a smaller number of items with each call.

56
Q

Quantas instâncias por shard eu posso ter no Kinessis

A

Uma instância por shard

57
Q

Quais são as estratégias de cachê do ElasticCache?

A

Write Through strategy

The write-through strategy adds data or updates data in the cache whenever data is written to the database.

Lazy Loading strategy with TTL

In the case of Lazy Loading, the data is loaded onto the cache whenever the data is missing from the cache. In case the blog gets updated, it won’t be updated from the cache unless that cache expires (in case you used a TTL). Time to live (TTL) is an integer value that specifies the number of seconds until the key expires. When an application attempts to read an expired key, it is treated as though the key is not found. The database is queried for the key and the cache is updated. Therefore, for a while, old data will be served to users which is a problem from a requirements perspective as we don’t want any stale data.

58
Q

Qual forma de autenticação não é compatível com o API Gateway?

A

The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). However, is not supported at the time with API Gateway.

59
Q

Como fazer a comunicar entre instâncias em uma VPC e um s3 e um DynamoDb?

A

Create a separate gateway endpoint for S3 and DynamoDB each. Add two new target entries for these two gateway endpoints in the route table of the custom VPC

Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components. They allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints on your network traffic.

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

There are two types of VPC endpoints: interface endpoints and gateway endpoints. An interface endpoint is an elastic network interface with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service.

A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. The following AWS services are supported:

Amazon S3

DynamoDB

60
Q

Explique os HTTP code response com sua relação com o balanceador

A

HTTP 503 - HTTP 503 indicates ‘Service unavailable’ error. This error in ALB is an indicator of the target groups for the load balancer having no registered targets.

Incorrect options:

HTTP 500 - HTTP 500 indicates ‘Internal server’ error. There are several reasons for their error: A client submitted a request without an HTTP protocol, and the load balancer was unable to generate a redirect URL, there was an error executing the web ACL rules.

HTTP 504 - HTTP 504 is ‘Gateway timeout’ error. Several reasons for this error, to quote a few: The load balancer failed to establish a connection to the target before the connection timeout expired, The load balancer established a connection to the target but the target did not respond before the idle timeout period elapsed.

HTTP 403 - HTTP 403 is ‘Forbidden’ error. You configured an AWS WAF web access control list (web ACL) to monitor requests to your Application Load Balancer and it blocked a request.

61
Q

Como garantir e ao mesmo tempo limitar a concorrência de funções lambdas?

A

Set up reserved concurrency for the Lambda function B so that it throttles if it goes above a certain concurrency limit

AWS Certified Developer Associate 2021 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions