Scenarios

Question 1

Scenario:

An application running in a local server is converted to
a Lambda function. When the function was tested, an
Unable to import module error showed.

Answer 1

Solution:

Install the missing modules in your application’s folder
and package them into a ZIP file before uploading to
AWS Lambda

Question 2

Scenario:

A Developer is writing a Lambda function that will be
used to send a request to an API in different
environments (Prod, Dev, Test). The function needs to
automatically invoke the correct API call based on the
environment.

Answer 2

Solution:

Use Environment Variables

Question 3

Scenario:
A Lambda function needs temporary storage to store
files while executing.

Answer 3

Solution:

Store the files in the /tmp directory

Question 4

Scenario:

Lambda function is writing data into an RDS database.
The function needs to reuse the database connection
to reduce execution time.

Answer 4

Solution:

Use execution context by placing the database
connection logic outside of the event handler.

Question 5

Scenario:
A Developer needs to increase the CPU available to a
Lambda function to process data more efficiently.

Answer 5

Solution:
Increase the allocated memory of the function.

Question 6

Scenario:
A Developer has an application that uses a RESTful API
hosted in API Gateway. The API requests are failing
with a “No ‘Access-Control-Allow-Origin’
header is present on the requested
resource” error message.

Answer 6

Solution:

Enable CORS in the API Gateway Console.

Question 7

Scenario:

A website integrated with API Gateway requires user
requests to reach the backend server without
intervention from the API Gateway. Which integration
type should be used?

Answer 7

Solution:

HTTP_PROXY

Question 8

Scenario:

A serverless application is composed of AWS Lambda,
DynamoDB, and API Gateway. Users are complaining
about getting HTTP 504 errors.

Answer 8

Solution:

The API requests are reaching the maximum integration
timeout for API Gateway (29 seconds).

Question 9

Scenario:

How to invalidate API Gateway cache?

Answer 9

Solution:

1. Send a request with a Cache-Control:
   max-age header.
2. Enable the Require Authorization option
   on your API cache settings.

Question 10

Scenario:

A developer needs to deploy different API versions in
API Gateway

Answer 10

Solution:

Use stage variables

Question 11

Scenario:

A Developer needs a cost-effective solution to delete
session data in a DynamoDB table.

Answer 11

Solution:

Expire session data with DynamoDB TTL

Question 12

Scenario:

New changes to a DynamoDB table should be recorded
in another DynamoDB table.

Answer 12

Solution:

Use DynamoDB Streams

Question 13

Scenario:

Reduce the DynamoDB database response time.

Answer 13

Solution:

Use DynamoDB Accelerator (DAX)

Question 14

Scenario:

Choosing the best partition key for the DynamDB table, involves

Answer 14

Solution:

Using the partition key with the highest cardinality (e.g.
student ID, employee ID)

Question 15

Scenario:

An application uses a DynamoDB database with Global
Secondary Index. DynamoDB requests are returning a
ProvisionedThroughputExceededException error. Why is
this happening?

Answer 15

Solution:

The write capacity of the GSI is less than the base
table.

Question 16

Scenario:

What section must be added to a CloudFormation
template to include resources defined by AWS SAM?

Answer 16

Solution:

Transform

Question 17

Scenario:

A developer needs a reliable framework for building
serverless applications in AWS

Answer 17

Solution:

AWS SAM

Question 18

Scenario:

A CloudFormation stack creation process failed
unexpectedly.

What happens next?

Answer 18

Solution:

CloudFormation will roll back by deleting resources that
it has already created.

Question 19

Scenario:

A CloudFormation template will be used across
multiple AWS accounts

Answer 19

Solution:

Use CloudFormation StackSets

Question 20

Scenario:

It is required that incoming traffic is shifted in two
increments. 10% of the traffic must be shifted in the
first increment, and the remaining 90% should be
deployed after some minutes.

Answer 20

Solution:

Canary

Question 21

Scenario:

You need to authenticate users of a website using
social media identity profiles.

Answer 21

Solution:

Amazon Cognito Identity Pools

Question 22

Scenario:

A company has two accounts. The developers from
Account A need to access resources on Account B.

Answer 22

Solution:
Use cross-account access role

Question 23

Scenario:

Multiple developers need to make incremental code
updates to a single project and then deploy the new
changes.

Describe simplest way to achieve this.

Answer 23

Solution:

Use AWS CodeCommit as the code repository and
directly deploy the new package using AWS
CodeDeploy.

Question 24

Scenario:

A development team is using CodePipeline to automate
their deployment process. The code changes must be
reviewed by a person before releasing to production

Answer 24

Solution:

Add a manual approval action stage

Question 25

Scenario:
A Developer needs to decode an encoded authorization
failure message.

Answer 25

Solution:

Use the aws sts
decode-authorization-message command.

Question 26

Scenario:
How can a Developer verify permission to call a CLI
command without actually making a request?

Answer 26

Solution:

Use the –dry-run parameter along with the CLI
command.

Question 27

Scenario:
A Developer needs to deploy a CloudFormation
template from a local computer.

Answer 27

Solution:
Use the aws cloudformation package and aws
cloudformation deploy command

Question 28

Scenario:
A Developer has to ensure that no applications can
fetch a message from an SQS queue that’s being
processed or has already been processed.

Answer 28

Solution:
Increase the VisibilityTimeout value using the
ChangeMessageVisibility API and delete the
message using the DeleteMessage API.

Question 29

Scenario:

A Developer has created an IAM Role for an application
that uploads files to an S3 bucket. Which API call
should the Developer use to allow the application to
make upload requests?

Answer 29

Solution:

Use the AssumeRole API
https://

Question 30

How does Lambda scale?

Answer 30

Out (horizontally)

Question 31

How do you increase the CPU available to a Lambda function?

Answer 31

Increase available memory

Question 32

How do you enable tracing in Lambda functions?

Answer 32

1. Give Permissions to
   Execution Role
2. Enable Tracing with X-Ray

Question 33

Where can you store a temporary file of 100 MB when executing a Lambda?

Answer 33

Use /tmp directory

Question 34

Send request headers with multiple values as an array from Application Load
Balancer to a Lambda Function

Answer 34

Enable Multi-value headers
on ALB

Question 35

Event notifications from an S3 bucket trigger Lambda function to create
thumbnails for images. How do you avoid configuring the Lambda function
version in S3 event notification every time there is a new version?

Answer 35

Create an Alias for your
Lambda function and use it
from the S3 event
notification

Question 36

Create separate dev, test, qa and prod
environments for API Gateway and Lambda

Answer 36

Create multiple stages for API Gateway. Use Lambda
Aliases as Stage Variables - map to different Lambda
versions

Question 37

Expose API around a backend SOAP web service

Answer 37

Use Mapping Templates to convert JSON to XML

Question 38

You are releasing an API with breaking change.
You do NOT want to impact existing clients

Answer 38

Deploy new version to a new stage

Question 39

An API Gateway is invoking a Lambda. What
happens if Lambda take 5 minutes to process the
request

Answer 39

Timeout after 30 seconds (max allowed for API Gateway)

Question 40

Can an API Gateway client invalidate a cache
entry?

Answer 40

By using header Cache-Control:max-age=0.
User Policy
allows execute-api:InvalidateCache

Question 41

Amazon Cognito

Create customized plans for API Consumers -
Basic, Premium, Full

Answer 41

Use Usage Plans

Question 42

Amazon Cognito

Maintain Your Own Registry of Hundreds of Users for a Web Application

Answer 42

User Pool

Question 43

Amazon Cognito

Maintain Your Own Registry of Thousands of Users for a Mobile Application

Answer 43

User Pool

Question 44

Amazon Cognito

Create Sign Up Pages or Sign In Pages

Answer 44

User Pool

Question 45

Amazon Cognito

Create Password Reset Page

Answer 45

User Pool

Question 46

Amazon Cognito

Guest Access or Anonymous Access

Answer 46

Identity Pool

Question 47

Amazon Cognito

Support authentication for your mobile/web app without needing to maintain your own
users

Answer 47

Identity Pool

Question 48

Amazon Cognito

Give access to AWS resources based on Social IDs (OpenID/OIDC)

Answer 48

Identity Pool

Question 49

Amazon Cognito

Give access to AWS resources based on Corporate Directory (SAML)

Answer 49

Identity Pool

Question 50

Amazon S3 Scenarios - Security

Prevent objects from being deleted
or overwritten for a few days or forever

Answer 50

Use Amazon S3 Object Lock. Can be enabled only on new buckets.
Automatically enables versioning. Prevents deletion of objects. Allows
you to meet regulatory requirements

Question 51

Amazon S3 Scenarios - Security

Protect against accidental deletion

Answer 51

Use Versioning

Question 52

Amazon S3 Scenarios - Security

Protect from changing versioning
state of a bucket

Answer 52

Use MFA Delete. You need to be an owner of the bucket AND Versioning
should be enabled.

Question 53

Amazon S3 Scenarios - Security

Question 54

Amazon S3 Scenarios - Security

Avoid content scraping. Provide
secure access.

Answer 54

Pre Signed URLS. Also called Query String Authentication.

Question 55

Amazon S3 Scenarios - Security

Enable cross domain requests to S3
hosted website (from
www.abc.com to www.xyz.com)

Answer 55

Use Cross-origin resource sharing (CORS)

Question 56

Amazon S3 Scenarios - Costs

Important pricing elements

Answer 56

Cost of Storage (per GB), (If Applicable) Retrieval Charge (per GB),
Monthly tiering fee (Only for Intelligent Tiering), Data transfer fee

Question 57

Amazon S3 Scenarios - Costs

Is Data Transfer Free?

Answer 57

Nope. Some of free things include
Data transfer into Amazon S3, From Amazon S3 to Amazon CloudFront,
From Amazon S3 to services in the same region

Question 58

Amazon S3 Scenarios - Costs

Reduce Costs

Answer 58

Use proper storage classes.
Configure lifecycle management.

Question 59

Amazon S3 Scenarios - Costs

Analyze storage access patterns
and decide the right storage class

Answer 59

Use Intelligent Tiering.
Use Storage Class Analysis reports to get an analysis

Question 60

Amazon S3 Scenarios - Costs

Move data automatically between
storage classes

Answer 60

Use Lifecycle Rules

Question 61

Amazon S3 Scenarios - Costs

Remove objects from buckets a

Answer 61

Use Lifecycle Rules and configure Expiration policy

Question 62

Improve S3 bucket
performance

Answer 62

Use Prefixes. Supports upto 3,500 RPS to add data and 5,500 RPS to retrieve data with
each S3 prefix.

Question 63

Upload large objects
to S3

Answer 63

Use Multipart Upload API.
Advantages: 1. Quick recovery from any network issues 2. Pause and resume object
uploads 3. Begin an upload before you know the final object size.
Recommended for files >100 MB and mandatory for files >4 GB

Question 64

Amazon S3 Scenarios - Performance

Get part of the object

Answer 64

Use Byte-Range Fetches - Range HTTP header in GET Object request
Recommended: GET them in the same part sizes used in multipart upload

Question 65

Amazon S3 Scenarios - Performance

Is this recommended:
EC2 (Region A) <-> S3
bucket (Region B)

Answer 65

No. Same region recommended.
Reduce network latency and data transfer costs

Question 66

Amazon S3 Scenarios - Performance

Faster Data Transfer
to S3

Answer 66

Consider Transfer acceleration - Enable fast, easy and secure transfers of files to and
from your bucket

Question 67

I want to change object metadata or manage tags or ACL or
invoke Lambda function for billions of objects stored in a
single S3 bucket

Answer 67

Generate S3 inventory report
Perform S3 Batch Operations using the
report

Question 68

Need S3 Bucket (or Object) Access Logs

Answer 68

Enable S3 Server Access Logs (default: off).
Configure the bucket to use and a prefix
(logs/).

Question 69

IAM:

How to rotate access keys
without causing problems?

Answer 69

Create new access key
Use new access key in all apps
Disable original access key
Test and verify
Delete original access key

Question 70

How are multiple permissions
resolved in IAM Policy?

Answer 70

If there is an explicit deny - return deny
If there is no explicit deny and there is an explicit allow - allow
If there is no explicit allow or deny - deny

Question 71

Which region are IAM users
created in ?

Answer 71

IAM Users are global entities.
Can use AWS services in any geographic region

Question 72

What is the difference between
IAM user, Federated user and Web
identity federation user?

Answer 72

IAM users - created and maintained in your AWS account
Federated users - External Users outside AWS
Web identity federation users - Amazon Cognito, Amazon, Google, or
any OpenID Connect-compatible provider Accounts

Question 73

Relational database for analytics processing of petabytes of data

Answer 73

Amazon Redshift

Question 74

Cache data from database for a web application

Answer 74

Amazon
ElastiCache

Question 75

Very high consistency of data is needed while processing thousands of transactions per
second

Answer 75

RDS

Question 76

Transaction application needing to process million transactions per second

Answer 76

DynamoDB