Serverless and App Services

Question 1

Event Driven Architecture

Answer 1

Producers generate event when something happens

Events are delivered to consumers

Actions are taken & the system returns to waiting

they only consume resources while handling events

Question 2

AWS Lambda

Answer 2

Function-as-a-service(Faas) - short running & focussed

Lambda functions are loaded and run in a runtime environment

you are billed for the duration that a function runs

Question 3

How long can AWS Lambda function run ?

Answer 3

900s(15min) function time out

Question 4

Lambda user cases

Answer 4

serveles Application (s3, API gateway, lambda)

File processing (s3, s3 events, lambda)

Database Triggers(DynamoDb, streams, Lambda)

serverless CRON(EventBridge/CW Events + Lambda)

Realtime stream Data processing(Kinesis + lambda)

Question 5

Public Lambda

Answer 5

by default lambda functions are given public networking. They can access public AWS services and the public internet.

But Lambda functions have no access to VPC based services public IPS unless public IPs are provided & security controls allow external access

Question 6

Private Lambda

Answer 6

a single connection between the Lambda service VPC and your VPC is created for every unique combination of security group and subnets used by you Lambda function

an ENI gets created in the VPC

Question 7

Lambda Logging CloudWatch logs

Answer 7

Logs from Lambda execution

CloudWatch Logs requires permissions via execution role

Question 8

What metrics can Cloud Watch logging capture with Lambda ?

Answer 8

metrics :

invocation success/failure

Retries

Latency

Question 9

How does security work with Lambda ?

Answer 9

Lambda resources policy controls WHAT services and accounts can INVOKE lambda functions

Lambda execution roles are IAM roles attached to lambda Functions which control the PERMISSIONS the lambda function RECEIVES

Question 10

How many ways can Lambda functions be Invoked ?

Answer 10

Synchronous invocation

Asynchronous invocation

Event source Mapping

Question 11

Lambda Synchronous Invocation

Answer 11

Question 12

Lambda Asynchronous Invocation

Answer 12

Question 13

Lambda Event sources Mapping

Answer 13

Question 14

When running Asynchronous operations what key features does an Lambda function have to have ?

Answer 14

The Lambda function needs to be idempotent reprocessing a result should have the same end state

Question 15

X-Ray and Lambda

Answer 15

Lambda can be integrated with X-Ray for distributed tracing

X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture.

Question 16

Lambda Function Versions

Answer 16

A version is the code + the configuration of the Lambda Function

it’s immutable - It never changes once published & has it’s own amazon Resources Name

Question 17

Lambda version Pointer

Answer 17

$Latest points at the latest version

Question 18

AWS Lambda Aliases

Answer 18

Aliases (DEV, STAGE, PROD) point at a version - can be changed

Question 19

Explain the Invocation of a Lambda Function ? Is there always an immediate start for Lambda Functions?

Answer 19

Question 20

Event Bridge

Answer 20

if x happens , or at y times(s) … do z

Event Bridge is CloudWatch Event V2(*)

Question 21

Limitation of CloudWatch Events ?

Answer 21

only one bus for the account (implicit )

Question 22

Explain how Event Bridge works ?

Answer 22

Event Bridge can have additional event buses

rules match incoming events (or schedules )

Routes the events to 1+ Targets .. e.g. Lambda

Question 23

Explain Serverless Architecture

Answer 23

you manage few if any servers -low overhead

Application are a collection of small & specialized functions

stateless and Ephemeral environments - duration billing

event-driven consumption only when being used

Faas is used where possible for computer functionality

Question 24

Simple Notification Services(SNS)

Answer 24

Public Aws a pub/sub messaging service networking connectivity with Public endpoints

coordinates the sending and delivery of messages

Question 25

How does SNS Work ?

Answer 25

SNS Topics are the bases entity of SNS permissions and configuration

a publisher sends messages to a Topic

Topics have subscribers which receive messages

Question 26

SNS resiliency ?

Answer 26

HA and scalable region resilient

Question 27

SNS security

Answer 27

Server sided Encryption (SSE)

Question 28

SNS Delivery options

Answer 28

delivery status including HTTP, lambda and SQS

Delivery Retried - reliable delivery

Question 29

How you you enable cross account access to SNS?

Answer 29

Topic policy

Question 30

Step functions

Answer 30

allows you to create state machines

serverless workflow start → states → end

states are things which occurred

Maximum Duration 1 year

Question 31

What are the two options for workflow in AWS step functions

Answer 31

standard workflow - default 1 year limit

express Workflow - high Volume Workflow 5 min Limit

Question 32

How are state machines started ?

Answer 32

started via API Gateway, IOT Rules Event Bridge Lambda

Question 33

How are State machines written ?

Answer 33

Written in Amazon states Languages(ASL) - Json Template

Question 34

How do State machines gets their permissions ?

Answer 34

IAM Role is used for permissions

Question 35

API Gateway

Answer 35

create and manage APIs

Endpoint /entry- point for applications

sits between applications & intergradations (services)

Question 36

What are some of the things API Gateway can do ?

Answer 36

authorization

throttling

caching

cors transformation

opAPI spec direct integration and much more.

Question 37

API GateWay cache

Answer 37

can be used to reduce the number of calls made to the backend integration and improve client performance

Question 38

API Gateway Endpoints

Answer 38

Edge-optimized : any incoming requests are routed Routed to the nearest CloudFront point of presence

Regional : clients in the same region

private: Endpoint accessible only within a VPC via interface endpoint

Question 39

API Gateway Stages

Answer 39

APIs are deployed to stages, each stage has one deployment

Question 40

API Gateway states + Canary deployments

Answer 40

stages can be enabled for canary deployments. if Done deployments are made to the canary not the stage.

Stages enabled for canary deployments can be configured so a certain percentage of traffic is sent to the canary.This can be adjusted over time - or canary can be promoted to make it the new base ‘stage’

Question 41

API Gateway 4xx Errors

Answer 41

invalid request on client side

Question 42

API Gateway 5xx Errors

Answer 42

valid request backend issue

Question 43

Simple Queue Service (SQS)

Answer 43

public , fully managed , highly-available Queues

standard = at-least-once or FIFO = exactly-once

messages up to 256 KB ins size - link to large data

Question 44

How are messages handled in SQS

Answer 44

Received messages are hidden (visibility timeout)

…. then either reappear(retry) or are explicitly deleted

Dead-Letter queues can be used for problem messages

Question 45

Visibility Timeout

Answer 45

amount of time an message is hidden when it’s received if not explicitly deleted then that message will reappear in the queue

Question 46

SQS FIFO(performance)

Answer 46

3,000 messages per second with batching , or up to 300 messages per second without

Question 47

How is SQS billed

Answer 47

Billed based on ‘requests’

1 request = 1-10 messages up to 256kb total

Question 48

SQS Polling

Answer 48

short point = immediate if not messages on queue it will still check the queue and consume a request

Long polling = wait time seconds if no message on queue how you should use SQS because it uses few requests

Question 49

SNS and SQS Fanout

Answer 49

the messages is added onto a SNS topic

the SNS topic would have a number of subscribers for a project requirement

so each subscribers has it’s own queue and it’s own auto-scaling group which scales based of the length of the individual queue

Question 50

Kinesis

Answer 50

a scalable streaming service

producers send data into kinesis stream

stream store 24-hr moving window of data

multiple consumer access data from that moving window

Question 51

States In a State Machine

Answer 51

succeed & Fail

wait

choice

parallel

Map

Task

Question 52

Kinesis Data Firehouse

Answer 52

Fully managed service to load data for data lakes , data stores and analytics services

Automatic scaling fully server less resilient

Near real Time delivery (-60 seconds)

supports transformation of data on the fly(lambda)

billing Volume through firehouse

Question 53

Where can Kinesis Data Firehouse deliver data ?

Answer 53

HTTP endpoints

splunk

redshift

ElastiSearch

Destination Bucket

Question 54

Kinesis Data Analytics

Answer 54

Real time processing of data

using structured Query Language (SQL)

fits between two streams of data an input stream and output stream and allows

you in real time to use SQL queries to adjust the data from the input to the output

Question 55

When would you get real time delivery Using Kinesis Data Analytics ?

Answer 55

When you use AWS Lambda or Kinesis Data streams as a destination

Question 56

Some valid destinations for Kinesis Analytics ?

Answer 56

Firehose (S3, Redshift, ElasticSearch & Splunk )

Aws Lambda

Kinesis Data streams

Question 57

Where can Kinesis Data Analytics ingest Data from ?

Answer 57

Kinesis Data Streams or Firehouse

and can also ingest reference data from an s3 bucket

Question 58

What are some use cases for Kinesis Data Analytics

Answer 58

streaming data needing real-time SQL processing

Time-series analytics … elections/e-sports

Real-time dashboards- leaderboards for games

Real-time metrics -Security & response teams

Question 59

Amazon Cognito

Answer 59

Authentication = login verify credentials

Authorization = mange access to services

User-management = to allow the creation and management of a server as user database

Authentication, Authorization, and User-management for `Web/mobile apps

Question 60

How many ways can you uses Amazon Cognito ?

Answer 60

user pools - sign-in and get a Json Web Token(JWT)

user directory management and profiles, sign-up & sign-in (customizable webUI), MFA and other security features

identity Pools - Allow you to offer access to Temporary AWS credentials

Question 61

What are some forms of Identity Acces

Answer 61

unauthenticated identities -Guest users

Federated identities -SWAP google, Facebook, twitter SAML 2.0 & user Pool for short term AWS credentials to access AWS resources