Tutorial Dojo Test 4

Question 1

attribute is required if you have any VPC-gateway attachment in your stack.

If your AWS CloudFormation template defines a VPC, a gateway, and a gateway attachment, any resources that require the gateway are …

Answer 1

DependsOn

Question 2

Elastic Beanstalk All at once

Answer 2

Deploy the new version to all instances simultaneously. All instances in your environment are out of service for a short time while the deployment occurs.

Question 3

Elastic Beanstalk -Rolling deployment

Answer 3

Deploy the new version in batches. Each batch is taken out of service during the deployment phase, reducing your environment’s capacity by the number of instances in a batch.

Question 4

Elastic Beanstalk- Rolling with additional batch:

Answer 4

Deploy the new version in batches, but first launch a new batch of instances to ensure full capacity during the deployment process.

Question 5

Elastic Beanstalk - Immutable deployment

Answer 5

launch a full set of new instances running the new version of the application in a separate Auto Scaling group, alongside the instances running the old version. Immutable deployments can prevent issues caused by partially completed rolling deployments. If the new instances don’t pass health checks, Elastic Beanstalk terminates them, leaving the original instances untouched.

Question 6

Elastic Beanstalk - Traffic-splitting deployments

Answer 6

let you perform canary testing as part of your application deployment. In a traffic-splitting deployment, Elastic Beanstalk launches a full set of new instances just like during an immutable deployment. It then forwards a specified percentage of incoming client traffic to the new application version for a specified evaluation period.

Question 7

Amazon Athena

Answer 7

is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to setup or manage, and you can start analyzing data immediately. You don’t even need to load your data into Athena, it works directly with data stored in S3.

Question 8

Amazon S3 Select

Answer 8

S3 Select only allows simple SQL query executions for the purpose of filtering data.

Question 9

need to configure the template so that values are based on the region in which the template is launched in.

Answer 9

The optional Mappings section matches a key to a corresponding set of named values.

For example, if you want to set values based on a region, you can create a mapping that uses the region name as a key and contains the values you want to specify for each specific region.

You use the Fn::FindInMap intrinsic function to retrieve values in a map.

Question 10

Outputs

Answer 10

is used to declare output values that you can import into other stacks.

Question 11

Amazon Cognito

Answer 11

Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.

Question 12

Amazon Cognito used Pool Provides

Answer 12

User pools provide:

• Sign-up and sign-in services.
• A built-in, customizable web UI to sign in users.
• Social sign-in with Facebook, Google, Login with Amazon, and Sign in with Apple, as well as sign-in with SAML identity providers from your user pool.
• User directory management and user profiles.
• Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.
• Customized workflows and user migration through AWS Lambda triggers.

Question 13

share an AMI with specific AWS accounts

Answer 13

All you need are the AWS account IDs. AMIs are a regional resource. Therefore, sharing an AMI makes it available in that region. To make an AMI available in a different region, copy the AMI to the region and then share it. There is no limit to the number of AWS accounts with which an AMI can be shared.

Take note that you cannot directly share an AMI that contains a snapshot of an encrypted volume. You can share your encrypted snapshots with other AWS accounts. This enables the other account to copy the snapshots to other regions, re-encrypt the snapshots, and create AMIs using the encrypted snapshots.

Question 14

S3 Versioning

Answer 14

A means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.

Question 15

add another layer of security by configuring a bucket to enable MFA (multi-factor authentication) Delete

Answer 15

• Change the versioning state of your bucket
• Permanently delete an object version
  MFA Delete requires two forms of authentication together:
• Your security credentials
• The concatenation of a valid serial number, a space, and the six-digit code displayed on an approved authentication device

Question 16

share an AMI with specific AWS accounts

Answer 16

without making the AMI public

All you need are the AWS account IDs. AMIs are a regional resource. Therefore, sharing an AMI makes it available in that region. To make an AMI available in a different region, copy the AMI to the region and then share it. There is no limit to the number of AWS accounts with which an AMI can be shared.

Take note that you cannot directly share an AMI that contains a snapshot of an encrypted volume. You can share your encrypted snapshots with other AWS accounts. This enables the other account to copy the snapshots to other regions, re-encrypt the snapshots, and create AMIs using the encrypted snapshots.

Question 17

cfn-init

Answer 17

It interprets the metadata that contains the sources, packages, files, and services. You run the script on the EC2 instance when it is launched. The script is installed by default on Amazon Linux and Windows AMIs.

Question 18

cfn-get-metadata

Answer 18

only a wrapper script that retrieves either all metadata that is defined for a resource or path to a specific key or a subtree of the resource metadata, but does not interpret the resource metadata, install packages, create files, and start services.

Question 19

cfn-signal

Answer 19

Does not perform any retrieval and interpretation of resource metadata, installation of packages, creation of files, and starting of services. Instead, it is a wrapper thats signals an AWS CloudFormation WaitCondition for synchronizing other resources in the stack when the application is ready.

Question 20

cfn-hup

Answer 20

Because it is a daemon that checks for updates to metadata and executes custom hooks when changes are detected. It does not retrieve and interpret the resource metadata, install packages, create files, and start services unlike cfn-init helper script.

This daemon that detects changes in resource metadata and runs user-specified actions when a change is detected. This allows you to make configuration updates on your running Amazon EC2 instances through the UpdateStack API action.

Question 21

How will the Administrator extend the Active Directory domain to AWS and control access to the cloud resources?

Answer 21

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft Active Directory (AD), enables your directory-aware workloads and AWS resources to use managed Active Directory (AD) in AWS.

AWS Managed Microsoft AD is built on actual Microsoft AD and does not require you to synchronize or replicate data from your existing Active Directory to the cloud.

You can use the standard AD administration tools and take advantage of the built-in AD features, such as Group Policy and single sign-on.

With AWS Managed Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to your domain, and use AWS End-User Computing (EUC) services, such as Amazon WorkSpaces, with AD users and groups.

Question 22

AWS Cognito Auth

Answer 22

Cognito is for federation to your web and mobile apps running on AWS. It allows you to authenticate users through social identity providers. But since the company is already using Microsoft AD, AWS Directory Service is the better choice here.

Question 23

Single Sign-On Auth

Answer 23

only helps you manage SSO access and user permissions across all your AWS accounts in AWS Organizations. AWS SSO integrates with Microsoft AD using AWS Directory Service, so there is no need to create users and groups. Just use Directory Service instead.