Udemy Test 1 Flashcards
EFS issue resulted in the poor performance of the application that reads and writes data into the file system.
What step should the SysOps administrator perform to resolve the high PercentIOLimit metric on the file system?
Build a new EFS file system that is configured with Max I/O performance mode. Utilize AWS DataSync to migrate data to the newly created EFS file system.
As the user visits grow, the IT department decides to implement a caching service for faster database performance and to maintain high availability for the RDS instance.
Which combination of steps should the SysOps admin perform to accomplish the requirement?
Utilize Amazon ElastiCache for Redis data store to support the demands of the database.
- Activate Multi-AZ deployment for the data store.
Does multi-az support in-memory cache service like Amazon ElastiCache for Memcached data store
No it does not
Users started to report that they are being served with the desktop version of the website when using mobile phones.
Which action can help the SysOps administrator resolve the issue?
Update the CloudFront distribution origin settings. Add a User-Agent header to the list of origin custom headers.
configure CloudFront to forward one or more of the following headers to your custom origin if you cache based on the device the user is using
- CloudFront-Is-Desktop-Viewer
- CloudFront-Is-Mobile-Viewer
- CloudFront-Is-SmartTV-Viewer
- CloudFront-Is-Tablet-Viewer
Can you set the cache behavior of the CloudFront distribution to forward the User-Agent header?
No, this is configured in the Origin Custom Headers setting. Not the CF distribution.
CreationPolicy attribute supported resources
AWS::AutoScaling::AutoScalingGroup, AWS::EC2::Instance, and AWS::CloudFormation::WaitCondition.
What is CreationPolicy attribute?
Use attribute when you want to wait on resource configuration actions before stack creation proceeds.
DependsOn attribute
you can specify that the creation of a specific resource follows another.
When you add a DependsOn attribute to a resource, that resource is created only after the creation of the resource specified in the DependsOn attribute.
Can you modify the existing EFS file system configuration and activate Max I/O performance mode?
you can’t change the performance mode configuration of an EFS file system right away. You need to migrate the data to another file system configured with your desired performance mode.
Nested Stacks are used when
infrastructure grows, common patterns can emerge in which you declare the same components in multiple templates.
Nested stacks are stacks created as part of other stacks. You create a nested stack within another stack by using the AWS::CloudFormation::Stack resource. Nested stacks can themselves contain other nested stacks, resulting in a hierarchy of stacks.
Users are directed to the AWS region nearest to them
Set up a Route 53 Geoproximity routing policy to direct users to their closest region.
Latency-based routing is primarily used to minimize end-user latency. Not use to route to closest region.
Configuring VPC site to site
On VGW - add the customer on-premise subnet route as destination.
On CGW- Add AWS VPC subnet as destination.
How to automatically encrypting newly created EBS volumes?
You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create.
Default only applies to specific AWS regions.
Example is when EC2 instance is created.
AWS Config only encrypts the existing ebs volumes with encrypted-volume option.
AWS Budgets VS Billing Alarm
AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define.
Amazon CloudWatch Billing Alarm - although you can use this to monitor your estimated AWS charges and specified thresholds, this service still does not allow you to set coverage targets and receive alerts when your utilization drops below the threshold you define.
How to increase cache hit ratio when it’s low with cloud front?
using CloudFront is to reduce the number of requests that your origin server must respond to directly. Assisting with load of origin.
increasing the proportion of your viewer requests that are served from CloudFront edge caches instead of going to your origin servers for content
- Increase the TTL of your objects
- Configure the distribution to forward only the required query string parameters, cookies or request headers for which your origin will return unique objects.
- Remove Accept-Encoding header when compression is not needed
- Serving Media Content by using HTTP
What is a stackset?
You can use AWS CloudFormation StackSets to launch AWS Service Catalog products across multiple AWS Regions and accounts.
You can specify the order in which products deploy sequentially within AWS Regions. Across accounts, products are deployed in parallel.
When launching, users can specify failure tolerance and the maximum number of accounts in which to deploy in parallel.
Stack Policy
prevent stack resources from being unintentionally updated or deleted during a stack update by using a stack policy.
Change Sets are used when
When you need to update a stack, understanding how your changes will affect running resources before you implement them can help you update stacks with confidence.
Change sets allow you to preview how proposed changes to a stack might impact your running resources, for example, whether your changes will delete or replace any critical resources, AWS CloudFormation makes the changes to your stack only when you decide to execute the change set, allowing you to decide whether to proceed with your proposed changes or explore other changes by creating another change set.
ACM functionality - Private certificate authority
ACM manages
private CA service that helps you easily and securely manage the lifecycle of your private certificates. ACM Private CA provides you a highly-available private CA service without the upfront investment and ongoing maintenance costs of operating your own private CA or private CA hierarchy.
ACM - Secure key management
Strong encryption and key management best practices are used when protecting and storing private keys.
ACM - Integrated with other AWS cloud services
Elastic Load Balancer
Amazon CloudFront distribution or API in Amazon API Gateway.
works with AWS Elastic Beanstalk and AWS CloudFormation
ACM functionality
managed renewal for your Amazon-issued SSL/TLS certificates.
This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching.
ACM Renewal Eligibility
- if associated with another AWS service, such as Elastic Load Balancing or CloudFront.
- exported since being issued or last renewed.
- if it is a private certificate issued by calling the ACM RequestCertificate API and then exported or associated with another AWS service.
- if it is a private certificate issued through the management console and then exported or associated with another AWS service.
