SQS, SNS and Kinesis

Question 1

Why would you use a queue for messages?

Answer 1

The messages are asynchronous / event based, and so we need a queue to send them between applications.

Question 2

Give a high level description of the model of SQS, SNS and Kinesis.

Answer 2

SQS - queue model
SNS - pub/sub model
Kinesis - real-time streaming model

Question 3

What are the generic names for a objects that send messages into a queue, and objects that poll the queue for the message?

Answer 3

Producer and Consumer

Question 4

Why is SQS useful for application decoupling?

Answer 4

• Unlimited number of messages in queue, unlimited throughput
• Low latency (<10 ms on publish and receive)

Question 5

What are some caveats of SQS?

Answer 5

• Default retention of messages is 4 days, max is 14
• Limitation of 256kb per message
• Can have duplicate messages (‘at least once delivery, occasionally’) so need idempotency
• Can have out of order messages (‘best effort ordering’)

Question 6

What is the API name for producing messages to the queue?

Answer 6

SendMessage API

Question 7

How long does a message last in the queue (and which API can remove them)?

Answer 7

A message is persisted until a consumer deletes it using the DeleteMessage API, but has a default retention period of 4 days and a max of 14

Question 8

How many messages are returned on a single Poll?

Answer 8

Up to 10 per Poll

Question 9

How can you improve throughput of message processing?

Answer 9

Scale consumers horizontally using an ASG on the CloudWatch Queue Length metric (ApproximateNumberOfMessages) - set up an alarm that scales the group when it is hit.

Question 10

How does SQS allow us to optimize our application in terms of EC2 instance type?

Answer 10

SQS allows us to decouple the front and back end instance types, and so we can configure the instance types separately to be optimal for the type of workload (e.g., if the backend application is video processing, we can use an instance type with a GPU).

Question 11

What encryption is available for SQS?

Answer 11

• In-flight encryption using HTTPS API
• At-rest encryption using KMS keys
• Client-side encryption if the client wants to perform en/decryption itself

Question 12

How can you allow cross-account access or other services access to SQS?

Answer 12

SQS Access Policies (similar to S3 bucket policies)

Question 13

What is required in an SQS Access Policy to allow an EC2 instances (for example) to poll for messages?

Answer 13

The Principal field of the policy is set to “AWS”: [“{account_id}”], where account_id is the ID of the instance.

Question 14

What is required in an SQS access policy to allow and S3 bucket to publish S3 event notifications to an SQS queue?

Answer 14

The Condition should include:
“ArnLike”:{“aws:SourceArn”: “{bucket_arn}”},
“StringEquals”:{“aws:SourceAccount”: “{bucket_owner_account_id}”}

Question 15

What is the Message Visibility Timeout?

Answer 15

The period of time after a message has been polled by one consumer that the message remains invisible to other consumers (default 30s). After this timeout, the message becomes visible again, unless the message has been deleted during processing.

Question 16

What should be done if a Consumer needs more than the allotted time to process a message before it is made visible again? What considerations should be made for this?

Answer 16

Call the ChangeMessageVisibility API to increase the invisibility time.
- If the timeout window is too high and a Consumer crashes during processing, re-processing will take time.
- If the window is too low, we may get duplicate processing.

Question 17

How can you determine when a message should enter the Dead Letter Queue?

Answer 17

Set a MaximumReceives threshold to determine how many times a message can be reinserted into the queue after processing.

Question 18

How must an SQS Queue relate to a DLQ?

Answer 18

DLQ of a FIFO queue must also be FIFO; DLQ of a Standard queue must also be a Standard queue

Question 19

Why should you set a long retention time in the DLQ?

Answer 19

Make sure the messages are processed before they expire.

Question 20

How do you re-process messages in the DLQ if you have fixed the original processing issue?

Answer 20

Use Redrive to Source to push the message from the DLQ to the SQS queue

Question 21

How do you prevent consumers from seeing a published message in a queue straight away?

Answer 21

Use a ‘Delay’ Queue - set the delay to a given period of time (default is 0 seconds)
- Can override the default on send using the DelaySeconds param

Question 22

What is Long Polling?

Answer 22

When a consumer requests messages from a queue, it can ‘wait’ for messages to arrive if there are none in the queue (from 1 to 20 seconds).

Question 23

Why is Long Polling preferable to Short Polling?

Answer 23

• Decreases the number of API calls made to SQS while increasing the efficiency and latency of your application

Question 24

How to you enable Long Polling?

Answer 24

Either enable at the queue level or at the API level using ReceiveMessageWaitTimeSeconds

Question 25

What is the max. standard message size, and how can you send larger than this? What is a use case of this?

Answer 25

Use the SQS Extended Client
- If a Producer wants to send large (say, 1GB) messages, it will send the large message to and S3 bucket, and a small metadata message to the SQS queue containing a pointer to the bucket
- The consumer will poll for the small metadata message, and retrieve the large message from S3
- Can be used for video processing: the video is uploaded to S3 and a message is sent to the SQS queue

Question 26

List the key API calls for SQS

Answer 26

• CreateQueue (attribute: MessageRetentionPeriod), DeleteQueue (along with all message in the queue)
• PurgeQueue: delete all messages in the queue
• SendMessage (attribute: DelaySeconds), ReceiveMessage, DeleteMessage
• MaxNumberOfMessages: default 1, max 10 (for ReceiveMessage API)
• ReceiveMessageWaitTimeSeconds: Long Polling
• ChangeMessageVisibility: change the message timeout

Question 27

What batch API calls can you do for SQS?

Answer 27

SendMessage, DeleteMessage, ChangeMessageVisibility

Question 28

What are the advantages of a FIFO queue?

Answer 28

• Exactly-once send capability (by removing duplicates)
• Messages are processed in order by the consumer

Question 29

What are the disadvantages of a FIFO queue?

Answer 29

Limited throughput: 300 msg/s without batching, 3000 with

Question 30

What is the naming constraint on FIFO queues?

Answer 30

The name must end in ‘.fifo’

Question 31

What is meant by the interval for de-duplication?

Answer 31

The time period after a message is received in which duplicate messages will be removed - 5 minutes

Question 32

What are the two de-duplication methods?

Answer 32

• Content-based: will do a SHA-256 hash of the message body
• Explicitly provide a Message Deduplication ID

Question 33

How can you order at different levels within a FIFO queue?

Answer 33

Specify the MessageGroupID to order messages within their groups.

Question 34

Give a simple description of a typical pub/sub pattern.

Answer 34

• ‘Event Producer’ (publisher) sends a message to one SNS topic
• ‘Event Receiver’ (subscriber) subscribes to that topic (meaning multiple subscribers per topic)
• Each subscriber will get all the messages in that topic (depending on if there is a filter present or not)

Question 35

What sort of subscribers can there be for an SNS topic?

Answer 35

• Email, SMS, HTTP(S) endpoints
• SQS, Lambda, Kinesis Data Firehose

Question 36

What sort of encryption does SNS allow?

Answer 36

• In-flight encryption using HTTPS API
• At-rest encryption using KMS keys
• Client-side encryption if the client wants to perform en/decryption itself

Question 37

How can you allow cross-account access or other services access to SNS?

Answer 37

SNS Access Policies (similar to S3 bucket policies)

Question 38

Describe the Fan Out pattern.

Answer 38

SNS & SQS
- Push once in SNS, receive in all SQS queues that are subscribers
- Fully decoupled, no data loss
- SQS allows for data persistence, delayed processing and retries of work
- Ability to add more SQS subscribers over time
- Cross-Region Delivery: works with SQS queues in other regions

Question 39

Why might an SNS not be able to push a message into an SQS queue?

Answer 39

SQS does not have correct access policy allowing SNS to write

Question 40

What is an application of the fan out pattern wrt. S3?

Answer 40

You can only have one S3 event rule for the same combination of event type (e.g., object create) and prefix (e.g., images)
- Send the S3 event to an SNS topic
- Subscribers to that topic will receive the event

Question 41

What is an application of the fan out pattern wrt. Kinesis?

Answer 41

SNS can send to Kinesis which can then send data to S3 or any supported KDF destination

Question 42

What are some limitations of a FIFO SNS topic?

Answer 42

• Any subscribing queues must be FIFO as well
• Limited throughput (same as SQS FIFO)

Question 43

What is message filtering? Give a use case.

Answer 43

A JSON policy used to filter messages sent to SNS topic’s subscriptions
- A buying service publishes orders an SNS topic
- Multiple queues are subscribed, one for placed orders and one for cancelled orders
- Use a message filter to only allow ‘placed’ orders to a certain queue, and ‘cancelled’ orders to another

Question 44

What subscriptions can you have to an SNS topic?

Answer 44

KDF, SQS, Lambda, Email, Email-JSON, HTTP(S), SMS

shelesk

Question 45

What is the purpose of Kinesis? Give some examples of data.

Answer 45

Collect, process and analyze streaming data in real-time
- Application logs, Metrics, Website clickstreams, IoT telemetry data

Question 46

What four parts of Kinesis are there?

Answer 46

Data Streams: capture, process and store data streams
Data Firehose: load data streams into AWS data stores
Data Analytics: analyze data streams with SQL or Apache Flink
Video Streams: capture, process and store video streams

Question 47

Describe the basic structure of a Kinesis Data Stream.

Answer 47

A Data Stream in made up of N numbered shards, and can be scaled as desired
- The number of shards determines ingestion and consumption rate
- Must be provisioned ahead of time, data is split across shards

Question 48

Describe the structure of a Record entering the Data Stream.

Answer 48

A Record is composed of a Partition Key (determines which shard will pick it up) and a Data Blob (up to 1mb)

Question 49

What is the rate limit of producers pushing records to a Data Stream?

Answer 49

Producers can send data at a rate of 1MB/sec or 1000 msg/sec per shard

Question 50

Describe the structure of a Record leaving the Data Stream.

Answer 50

Partition key, Sequence no. (unique per partition-key within a stream) and Data blob.

Question 51

What is the consumption rate limit of records leaving the Data Stream?

Answer 51

2MB/sec (shared) per shard all consumers OR 2MB/sec (enhanced) per shard per consumer

Question 52

How long is the Data Stream retention period?

Answer 52

1 to 365 days

Question 53

Why is data inserted in Kinesis referred to as immutable?

Answer 53

Once inserted, it can’t be deleted

Question 54

List some Producers for Kinesis.

Answer 54

AWS SDK, Kinesis Producer Library (KPL), Kinesis Agent

Question 55

List some Consumers for Kinesis.

Answer 55

Write your own with: Kinesis Client Library (KCL), AWS SDK
Managed: Lambda, Kinesis Data Firehose, Kinesis Data Analytics

Question 56

Describe the Provisioned Capacity Mode for K. Data Stream.

Answer 56

• Choose the number of shards provisioned & scale manually or by using API
• Each shard gets 1MB/s in (or 1000 msg/sec)
• Each shard gets 2MB/s out (classic or enhanced fan-out consumer)
• Pay per shard provisioned per hour

Question 57

Describe the On-demand Capacity Mode for K. Data Stream.

Answer 57

• No need to provision or manage capacity
• Default capacity provisioned (4 MB/s or 4000 msg/s)
• Scales automatically based on observed throughput peak during last 30 days
• Pay per stream per hour & data in/out per GB

Question 58

Can you access Kinesis through a private subnet?

Answer 58

Yes, VPC endpoints are available for access within the VPC

Question 59

How can you monitor API calls for Kinesis?

Answer 59

Monitor using CloudTrail - API calls are available there

Question 60

How does the partition key determine the shard?

Answer 60

The partition key must be specified for the record entered into Kinesis - it is then put through a Hash function and then delivered to a particular shard.
- All data with the same resultant hash is delivered to the same shard.

Question 61

What consideration should be taken for partition keys?

Answer 61

Must use a highly distributed partition key to avoid a ‘hot partition’ (i.e., 1 shard has more throughput than other shards).

Question 62

What is the error when a shard is ‘overloaded’, and how can this be handled?

Answer 62

ProvisionedThroughputExceeded
- Use highly distributed partition key
- Retries with exponential backoff
- Increase shards (shard-splitting)

Question 63

Describe the difference between the shared (classic) and enhanced fan-out consumer

Answer 63

Shared (classic):
- 2 MB/s per shard across all consumers
- Uses the GetRecords() api call
- If 3 applications need to call GetRecords from a single shard, they all shard 2 MB/s of throughput
- Max 5 GetRecords API calls/sec
- Latency ~200ms, low cost, returns up to 10MB (or up to 10,000) records

Enhanced
- 2 MB/s per consumer per shard
- Uses the SubscribeToShard() api call
- Applications subscribe to the shard, and then data is pushed (over HTTP/2 at 2 MB/s regardless of the number of consumers
- Latency ~70ms, higher cost
- Soft limit of 5 consumer applications (KCL) per data stream

Question 64

Describe how Kinesis Data Streams can work with AWS lambda

Answer 64

• Supports class and enhanced fan-out consumers
• Read records in batches (GetBatch)
• Can configure batch size and batch window
• Lambda automatically retries on error until success or data expiration
• Can process up to 10 batches per shard simultaneously

Question 65

How many KCL instances per shard are allowed?

Answer 65

1: 4 shards = max. 4 KCL (Kinesis client library) instances for example.

Question 66

What is the KCL?

Answer 66

Kinesis Client Library - Java lib. that helps read records from a Data Stream with distributed applications sharing the read workload.

Question 67

What is a ‘hot shard’ and how would you deal with it?

Answer 67

When a disproportionate amount if data is sent to a single shard (compared with the others)
-> Split the shard to increase capacity
-> Old shard is closed and will be deleted once the data is expired

Question 68

What are some limitations of shard splitting?

Answer 68

• No automatic scaling (must manually increase/decrease capacity)
• Can’t split into more than two shards in a single operation

Question 69

Describe shard merging

Answer 69

Combine two shards into one
- Can be used to group two shards with low traffic (cold shards)
- Old shards are closed and will be deleted once the data is expired

Question 70

What AWS destinations can Kinesis Data Firehose write to?

Answer 70

S3, Redshift (copy through S3) and OpenSearch

Question 71

Give a high level description of Firehose

Answer 71

Producers push data to Firehose, which can then optionally transform the data using a Lambda, and batch write to a given destination.
- There is also the option to send either All or only Failed data to a backup S3 bucket.

Question 72

Why is Firehose known as a Near Real Time service?

Answer 72

• 60 second latency minimum for non-full batches
• Or minimum 1MB of data at a time

Question 73

Compare Kinesis Data Streams and Data Firehose

Answer 73

Data Streams:
- Streaming service for ingest at scale
- Write custom code (producer/consumer)
- Real-time (~200ms)
- Manage scaling (shard splitting/merging)
- Data storage for 1 to 365 days
- Supports replay capability

Data Firehose:
- Load streaming data into S3/Redshift/OpenSearch/3rd party/custom HTTP
- Fully managed
- Near real-time
- Auto scaling
- No data storage
- Doesn’t support replay capability

Question 74

Give a high level description of the flow of Kinesis Data Analytics for SQL applications

Answer 74

• Data is read from sources such as Data Streams of Data Firehose
• Can then apply SQL statements to the data for real-time analytics
• Can also apply some reference data during this step from S3
• Data can then be sent either to Data Streams (and on to Lambda/other applications) or to Firehose (and then to S3, Redshift, OpenSearch etc.)

Question 75

What are the use cases of Data Analytics for SQL applications?

Answer 75

• Timeseries analytics
• Real-time dashboards
• Real-time metrics

Question 76

Describe Data Analytics for Apache Flink

Answer 76

Use Flink (Java, Scala or SQL) to process and analyze streaming data
- Receive data from Data Streams or MSK (managed streaming service for apache kafka)
- Flink is more powerful than just SQL
- Managed service: provision compute resources, parallel computation, automatic scaling
- Application backups (implemented as checkpoints and snapshots)
- Cannot read from Firehose

Question 77

How does SQS FIFO Group ID compare to a Partition Key?

Answer 77

Group ID allows messages to be grouped when they are related to each other
- Grouped messages can be consumers by different consumers (similar to distributing Records to different shards based on the partition key)

Question 78

How does SQS FIFO compare to Data Streams with an example of 100 producers, 5 Kinesis shards, 1 SQS FIFO?

Answer 78

With an example of 100 producers, 5 Kinesis shards, 1 SQS FIFO
Data Streams:
- 20 producers per shard
- Data is ordered within each shard
- Max number of consumers in parallel is 5 (1 per shard)
- Can recieve up to 5MB/s of data
SQS FIFO
- 100 group IDs
- 100 consumers, 1 group ID per consumer
- 300 messages per second (or 3000 with batching)

Question 79

Contrast SQS, SNS and Kinesis

Answer 79

SQS
- Consumers ‘pull data’
- Data is deleted after being consumed
- Can have as many consumers as we want
- No need to provision throughput
- Ordering guarantees only on FIFO queues
- Individual message delay capbility
SNS:
- Push data to many subscribers
- 12.5 million subscribers per topic
- Data is not persisted (lost if not delivered)
- Pub/sub
- No need to provision throughput
- Integrates with SQS for fan-out architecture pattern
- FIFO capability
Kinesis:
- Standard: pull data, 2MB/s per shard
- Enhanced fan out: push data, 2MB/s per shard per consumer
- Possibility to replay data
- Meant for real-time big data, analytics, ETL (extract, transform, load)
- Ordering at the shard level
- Data expires after X days
- Provisioned mode or on-demand capacity mode