Scenarios Flashcards
Scenario:
An application running in a local server is converted to
a Lambda function. When the function was tested, an
Unable to import module error showed.
Solution:
Install the missing modules in your application’s folder
and package them into a ZIP file before uploading to
AWS Lambda
Scenario:
A Developer is writing a Lambda function that will be
used to send a request to an API in different
environments (Prod, Dev, Test). The function needs to
automatically invoke the correct API call based on the
environment.
Solution:
Use Environment Variables
Scenario:
A Lambda function needs temporary storage to store
files while executing.
Solution:
Store the files in the /tmp directory
Scenario:
Lambda function is writing data into an RDS database.
The function needs to reuse the database connection
to reduce execution time.
Solution:
Use execution context by placing the database
connection logic outside of the event handler.
Scenario:
A Developer needs to increase the CPU available to a
Lambda function to process data more efficiently.
Solution:
Increase the allocated memory of the function.
Scenario:
A Developer has an application that uses a RESTful API
hosted in API Gateway. The API requests are failing
with a “No ‘Access-Control-Allow-Origin’
header is present on the requested
resource” error message.
Solution:
Enable CORS in the API Gateway Console.
Scenario:
A website integrated with API Gateway requires user
requests to reach the backend server without
intervention from the API Gateway. Which integration
type should be used?
Solution:
HTTP_PROXY
Scenario:
A serverless application is composed of AWS Lambda,
DynamoDB, and API Gateway. Users are complaining
about getting HTTP 504 errors.
Solution:
The API requests are reaching the maximum integration
timeout for API Gateway (29 seconds).
Scenario:
How to invalidate API Gateway cache?
Solution:
- Send a request with a Cache-Control:
max-age header. - Enable the Require Authorization option
on your API cache settings.
Scenario:
A developer needs to deploy different API versions in
API Gateway
Solution:
Use stage variables
Scenario:
A Developer needs a cost-effective solution to delete
session data in a DynamoDB table.
Solution:
Expire session data with DynamoDB TTL
Scenario:
New changes to a DynamoDB table should be recorded
in another DynamoDB table.
Solution:
Use DynamoDB Streams
Scenario:
Reduce the DynamoDB database response time.
Solution:
Use DynamoDB Accelerator (DAX)
Scenario:
Choosing the best partition key for the DynamDB table, involves
Solution:
Using the partition key with the highest cardinality (e.g.
student ID, employee ID)
Scenario:
An application uses a DynamoDB database with Global
Secondary Index. DynamoDB requests are returning a
ProvisionedThroughputExceededException error. Why is
this happening?
Solution:
The write capacity of the GSI is less than the base
table.
Scenario:
What section must be added to a CloudFormation
template to include resources defined by AWS SAM?
Solution:
Transform
Scenario:
A developer needs a reliable framework for building
serverless applications in AWS
Solution:
AWS SAM
Scenario:
A CloudFormation stack creation process failed
unexpectedly.
What happens next?
Solution:
CloudFormation will roll back by deleting resources that
it has already created.
Scenario:
A CloudFormation template will be used across
multiple AWS accounts
Solution:
Use CloudFormation StackSets
Scenario:
It is required that incoming traffic is shifted in two
increments. 10% of the traffic must be shifted in the
first increment, and the remaining 90% should be
deployed after some minutes.
Solution:
Canary
Scenario:
You need to authenticate users of a website using
social media identity profiles.
Solution:
Amazon Cognito Identity Pools
Scenario:
A company has two accounts. The developers from
Account A need to access resources on Account B.
Solution:
Use cross-account access role
Scenario:
Multiple developers need to make incremental code
updates to a single project and then deploy the new
changes.
Describe simplest way to achieve this.
Solution:
Use AWS CodeCommit as the code repository and
directly deploy the new package using AWS
CodeDeploy.
Scenario:
A development team is using CodePipeline to automate
their deployment process. The code changes must be
reviewed by a person before releasing to production
Solution:
Add a manual approval action stage
Scenario:
A Developer needs to decode an encoded authorization
failure message.
Solution:
Use the aws sts
decode-authorization-message command.
Scenario:
How can a Developer verify permission to call a CLI
command without actually making a request?
Solution:
Use the –dry-run parameter along with the CLI
command.
Scenario:
A Developer needs to deploy a CloudFormation
template from a local computer.
Solution:
Use the aws cloudformation package and aws
cloudformation deploy command
Scenario:
A Developer has to ensure that no applications can
fetch a message from an SQS queue that’s being
processed or has already been processed.
Solution:
Increase the VisibilityTimeout value using the
ChangeMessageVisibility API and delete the
message using the DeleteMessage API.
Scenario:
A Developer has created an IAM Role for an application
that uploads files to an S3 bucket. Which API call
should the Developer use to allow the application to
make upload requests?
Solution:
Use the AssumeRole API
https://
How does Lambda scale?
Out (horizontally)
How do you increase the CPU available to a Lambda function?
Increase available memory
How do you enable tracing in Lambda functions?
- Give Permissions to
Execution Role - Enable Tracing with X-Ray
Where can you store a temporary file of 100 MB when executing a Lambda?
Use /tmp directory
Send request headers with multiple values as an array from Application Load
Balancer to a Lambda Function
Enable Multi-value headers
on ALB
Event notifications from an S3 bucket trigger Lambda function to create
thumbnails for images. How do you avoid configuring the Lambda function
version in S3 event notification every time there is a new version?
Create an Alias for your
Lambda function and use it
from the S3 event
notification
Create separate dev, test, qa and prod
environments for API Gateway and Lambda
Create multiple stages for API Gateway. Use Lambda
Aliases as Stage Variables - map to different Lambda
versions
Expose API around a backend SOAP web service
Use Mapping Templates to convert JSON to XML
You are releasing an API with breaking change.
You do NOT want to impact existing clients
Deploy new version to a new stage
An API Gateway is invoking a Lambda. What
happens if Lambda take 5 minutes to process the
request
Timeout after 30 seconds (max allowed for API Gateway)
Can an API Gateway client invalidate a cache
entry?
By using header Cache-Control:max-age=0.
User Policy
allows execute-api:InvalidateCache
Amazon Cognito
Create customized plans for API Consumers -
Basic, Premium, Full
Use Usage Plans
Amazon Cognito
Maintain Your Own Registry of Hundreds of Users for a Web Application
User Pool
Amazon Cognito
Maintain Your Own Registry of Thousands of Users for a Mobile Application
User Pool
Amazon Cognito
Create Sign Up Pages or Sign In Pages
User Pool
Amazon Cognito
Create Password Reset Page
User Pool
Amazon Cognito
Guest Access or Anonymous Access
Identity Pool
Amazon Cognito
Support authentication for your mobile/web app without needing to maintain your own
users
Identity Pool
Amazon Cognito
Give access to AWS resources based on Social IDs (OpenID/OIDC)
Identity Pool
Amazon Cognito
Give access to AWS resources based on Corporate Directory (SAML)
Identity Pool
Amazon S3 Scenarios - Security
Prevent objects from being deleted
or overwritten for a few days or forever
Use Amazon S3 Object Lock. Can be enabled only on new buckets.
Automatically enables versioning. Prevents deletion of objects. Allows
you to meet regulatory requirements
Amazon S3 Scenarios - Security
Protect against accidental deletion
Use Versioning
Amazon S3 Scenarios - Security
Protect from changing versioning
state of a bucket
Use MFA Delete. You need to be an owner of the bucket AND Versioning
should be enabled.
Amazon S3 Scenarios - Security
Amazon S3 Scenarios - Security
Avoid content scraping. Provide
secure access.
Pre Signed URLS. Also called Query String Authentication.
Amazon S3 Scenarios - Security
Enable cross domain requests to S3
hosted website (from
www.abc.com to www.xyz.com)
Use Cross-origin resource sharing (CORS)
Amazon S3 Scenarios - Costs
Important pricing elements
Cost of Storage (per GB), (If Applicable) Retrieval Charge (per GB),
Monthly tiering fee (Only for Intelligent Tiering), Data transfer fee
Amazon S3 Scenarios - Costs
Is Data Transfer Free?
Nope. Some of free things include
Data transfer into Amazon S3, From Amazon S3 to Amazon CloudFront,
From Amazon S3 to services in the same region
Amazon S3 Scenarios - Costs
Reduce Costs
Use proper storage classes.
Configure lifecycle management.
Amazon S3 Scenarios - Costs
Analyze storage access patterns
and decide the right storage class
Use Intelligent Tiering.
Use Storage Class Analysis reports to get an analysis
Amazon S3 Scenarios - Costs
Move data automatically between
storage classes
Use Lifecycle Rules
Amazon S3 Scenarios - Costs
Remove objects from buckets a
Use Lifecycle Rules and configure Expiration policy
Improve S3 bucket
performance
Use Prefixes. Supports upto 3,500 RPS to add data and 5,500 RPS to retrieve data with
each S3 prefix.
Upload large objects
to S3
Use Multipart Upload API.
Advantages: 1. Quick recovery from any network issues 2. Pause and resume object
uploads 3. Begin an upload before you know the final object size.
Recommended for files >100 MB and mandatory for files >4 GB
Amazon S3 Scenarios - Performance
Get part of the object
Use Byte-Range Fetches - Range HTTP header in GET Object request
Recommended: GET them in the same part sizes used in multipart upload
Amazon S3 Scenarios - Performance
Is this recommended:
EC2 (Region A) <-> S3
bucket (Region B)
No. Same region recommended.
Reduce network latency and data transfer costs
Amazon S3 Scenarios - Performance
Faster Data Transfer
to S3
Consider Transfer acceleration - Enable fast, easy and secure transfers of files to and
from your bucket
I want to change object metadata or manage tags or ACL or
invoke Lambda function for billions of objects stored in a
single S3 bucket
Generate S3 inventory report
Perform S3 Batch Operations using the
report
Need S3 Bucket (or Object) Access Logs
Enable S3 Server Access Logs (default: off).
Configure the bucket to use and a prefix
(logs/).
IAM:
How to rotate access keys
without causing problems?
Create new access key
Use new access key in all apps
Disable original access key
Test and verify
Delete original access key
How are multiple permissions
resolved in IAM Policy?
If there is an explicit deny - return deny
If there is no explicit deny and there is an explicit allow - allow
If there is no explicit allow or deny - deny
Which region are IAM users
created in ?
IAM Users are global entities.
Can use AWS services in any geographic region
What is the difference between
IAM user, Federated user and Web
identity federation user?
IAM users - created and maintained in your AWS account
Federated users - External Users outside AWS
Web identity federation users - Amazon Cognito, Amazon, Google, or
any OpenID Connect-compatible provider Accounts
Relational database for analytics processing of petabytes of data
Amazon Redshift
Cache data from database for a web application
Amazon
ElastiCache
Very high consistency of data is needed while processing thousands of transactions per
second
RDS
Transaction application needing to process million transactions per second
DynamoDB
