Advanced Topics AWS Developer
CLI option that will allow you to retrieve a subset of the attributes coming from a DynamoDB scan
--projection-expression
Tools you can use to monitor your data streams in Kinesis
-CloudWatch -Kinesis Agent -Kinesis libraries
Kinesis Data Firehose
-Easiest way to load streaming data into data stores and analytics tools. -Automatically scales to match the throughput of your data -Can batch, compress, and encrypt data before loading it
At what frequency do EC2 instances report their metrics under details monitoring configuration?
1 minute
Number of nodes a memcached cluster can horizontally scale to.
1 to 20
Cache data if:
1. It is slow or expensive to acquire when compared to cache retrieval. 2. It is accessed with sufficient frequency 3. Relatively static, or if rapidly changing, staleness is not a big issue.
Resolutions you can choose for CloudWatch Alarms for High res custom metrics
10 seconds, 30 seconds
Max visibility time of an SQS message in a queue
12 hours
Max number of attributes combined in a primary key
2
Max long poll time out
20 seconds
Amount of time CloudFront objects (files) are cached
24 hours by default
Data stream retention period
24 hours, or up to 7 days when extended retention is enabled
How large can an SQS message be?
256KB
DynamoDB point-time-recovery
35 days to restore the table that was lost.
Max data size supported by AWS KMS
4KB
Max size for a trace
500 KB
Largest size file you can transfer to S3 using a PUT
5GB
How to add AWS X-Ray SDK (Java)
Add SDK as a dependency in your build configuration
How to add AWS X-Ray SDK (Node.js)
Add it to the your application's dependencies, usually via package.json
Write-Through
Adds data or updates data in the cache whenever data is written to the database.
TTL
Allows us to enjoy each caching strategy and largely avoid cluttering up the cache with superfluous data.
Kinesis Data Analytics
Analyze streaming data, gain actionable insights, and respond to your business and customer needs in real time. You can quickly build SQL queries and Java apps using built-in templates and operators for common processing functions to organize, transform, aggregate, and analyze data at any scale.
S3 versioning
Any objects uploaded prior to versioning will have the version ID as NULL
Sampling algorithm
Applied by X-Ray SDK to determine which requests get traced efficiently.
Edge Location
CDN End Points (data centers) for CloudFront User is routed to a location that provides lowest latency
Lazy Loading
Caching strategy that loads data into the cache only when necessary
Lambda@Edge customization
Can help your CloudFront distribution to serve private content from your own custom origin, as an option to using signed URLs or signed cookies
Redis AUTH command
Can improve data security by requiring the user to enter a password before they are granted permission to execute Redis commands on a password-protected Redis Server
How could you monitor a functions code for error rates?
CloudWatch Metrics
AWS service that will help you with token handling and validation
Cognito User Pools
In order to enable ecryption at rest using EC2 and EBS, you need to:
Configure encryption when creating the EBS volume
You want to receive an email whenever a user pushes code to your CodeCommit repo, how can you configure this?
Configure notifications in the console, this will create notification to an SNS topic which will trigger an email
CORS
Defines a way for client web applications that are loaded in one domain to interact with resources in a different domain
How to run X-Ray daemon for your Docker containers deployed using AWS Fargate (2)
Deploy the X-Ray daemon agent as a sidecar container
provides in-memory cacheing specifically for DynamoDB
DynamoDB Accelerator
How can you ensure that your EC2 instances execute a customizable set of instructions when they first start?
EC2 User Data
Error code for creating a S3 bucket that already exists
Error: 409
Cannot monitor shard-level metrics in Kinesis Data Streams. True or False?
False
Each cache node does not have its own DNS name and port. True or False?
False
ElastiCache does not work with both Redis and Memcached engines. True or False?
False
In general, Scan operations are more efficient than other operation in DynamoDB. True or False?
False
Repositories are not automatically encrypted at rest. True or False?
False
S3 buckets do not provide eventual consistency for overwrite PUTS and DELETES. True or False?
False
SNS messages can be customized by protocol type. True or False?
False
STS supported for API Gateway. True or False?
False
Scan is more efficient than a query. True or False?
False
X-Ray SDK sends trace data directly to X-Ray. True or False?
False
Filter expressions
For advanced tracing, used to find traces related to specific paths or users.
Service graph
JSON document that contains information about the services and resources that make up your application. X-Ray uses this object to generate a visualization called a "service map". Retained for 30 days.
How does KMS encryption work?
KMS stores the CMK, and receives data from the clients, which it encrypts and sends back
You have created a test environment in Elastic Beanstalk and as part of that environment, you have created an RDS database. How can you make sure the database can be explored after the environment is destroyed?
Make a selective delete in Elastic Beanstalk
In S3 what can be used to delete a large number of objects?
Multi-Object Delete
Company needs a load balancing solution capable of handling millions of requests per second. What is the best load balancing solution for this?
Network Load Balancer
How much data can be stored in S3?
No limits to the amount of data
Have a high number of DynamoDB partitions and would like to scan them faster. What should you use?
Parallel scans
Amazon Kinesis Agent
Pre-built java application that offers an easy way to collect and send data to your Amazon Kinesis data stream
How to run X-Ray daemon for your Docker containers deployed using AWS Fargate (1)
Provide the correct IAM task role to the X-Ray container
AWS X-Ray SDK for Node.js
Provides middleware that you can use to instrument incoming HTTP requests
Team using SQS but need to ensure that deleting messages in the queue will not require reconfiguration of the queue. What API call do you use?
PurgeQueue
How do you bundle your Lambda function to add dependencies?
Put the function and the dependencies in one folder and zip them.
Scan operation
Returns one or more items and item attributes by accessing every item in a table or a secondary index.
Trace sending flow to X-Ray
SDK sends JSON segment documents to an X-Ray daemon process listening for UDP traffic. X-Ray daemon buffers segments in a queue and uploads them to X-Ray in batches.
Encryption mechanism where HTTPS (SSL) is mandatory
SSE-C
Amazon DynamoDB
Service that doesn't send its own segments
You would like to encrypt your buildspec.yml file to run build commands in CodeBuild. You want your build artifacts encrypted, which of the following must you use to accomplish this?
Specify a KMS key to use
Memcached Node Failure
Spread your cached data over more nodes. Because Memcached does not support replication, a node failure will always result in some data loss from your cluster. Same with AZs
CloudFront distribution
Tells CloudFront which origin servers to get your files from when users request the files through your website or application. Can also specify details such as whether to log requests and if you want distribution to be enabled as soon as its created
How does S3 determine which partition to use to Store files?
The key name determines which partition the file is stored in
AWS X-Ray function with graphs
This service uses the data that your application sends to generate a service graph. Each AWS resource that sends data to X-Ray appears as a service in the graph
AWS X-Ray receives data from services as segments, then groups segments that have a common request into traces. True or False?
True
If you lambda function invocation fails because of a network timeout or because you've reached the lambda invocation limit, Firehose retries the invocation 3 times by default. True or False?
True
If you're executing .NET code against AWS on an EC2 instance that is assigned an IAM role, the code will assume the same permissions as the IAM role. True or False?
True
Kinesis data firehose can invoke your lambda function to transform incoming source data and deliver the transformed data to destinations. True or False?
True
Memcached clusters always start out empty unless your application populates it. True or False?
True
Partition key not being distributed enough can cause a ProvisionedThroughputException. True or False?
True
Scan uses eventually consistent reads when accessing the data in a table. True or False?
True
To avoid calling the service every time your app serves a request, the SDK sends the trace data to an X-Ray daemon, which collects segments for multiple requests and uploads them in batches. True or False?
True
When deploying app code to Lambda, the AppSpec file can be written in JSON. True or False?
True
When you scale a Memcached cluster vertically (up or down), you must create a new cluster. True or False?
True
X-Ray processes the traces to generate a service graph that provides a visual representation of your application. True or False?
True
API call used to increase the number of shards allocated to your stream
UpdateShardCount
For what kinds of operations is it possible to get stale data as a result of eventual consistency?
Updating existing object Deleting existing object
How to declare a lambda function in CloudFormation (1)
Upload all the code as a zip to S3 and refer the object in AWS::Lambda::Function block
Cognito user pools
Used for authentication (identity verification). Used for: - design sign-up and sign-in webpages for your app - access and manage user data - track user device, location, and IP address
How CloudFront delivers content
User specifies origin servers (like an S3 bucket or your own HTTP server), from which CloudFront gets your files which will then be distributed from CloudFront edge locations all over the world
AWS CloudFront
Web service that speeds up distribution of your static and dynamic web content to your users. A content delivery network (CDN)
How to declare a lambda function in CloudFormation (2)
Write the AWS Lambda code inline in CloudFormation in the AWS::Lambda::Function block as long as there are no dependencies
active tracing
X-Ray integration that is only applicable with Lambda
AWS Encryption SDK
client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It enables you to focus on the core functionality of your application, rather than on how to best encrypt and decrypt your data.
Trace
collects all the segments generated by a single request. The request is typically an HTTP GET or POST that travels through a load balancer, hits your app code, and generates downstream calls to other AWS services or external web APIs.
Which of the following attributes make a good Sort key? a. CustomerID b. EmailAddress c. OrderNumber d. InvoiceDate
d
ElastiCache node
fixed-size chunk of secure, network-attached RAM. Can exist in isolation from or in some relationship with other nodes.
You are using S3 in AP-Northeast to host a static website in a bucket called "acloudguru". What would the new URL endpoint be?
http://acloudguru.s3-website-ap-northeast-1.amazonaws.com
Kinesis Partition Key
meaningful identifier such as a user ID or a timestamp. Specified by your data producer while putting data into a data strea.
How X-Ray works
provides an end-to-end, cross-service, app-centric view of requests flowing through your app by aggregating the data gathered from individual services in your app into a single unit called a "trace"
Segment
provides the name of the compute resource running your app logic, details about the request sent by your app, and details about the work done.
Active instrumentation (tracing)
type of X-Ray integration that samples and instruments incoming requests.
Sequence number
unique identifier for each data stream record. Assigned by Kinesis data streams when a data producer calls PutRecord or PutRecords API.
Cognito Identity pool
used for authorization (access controls). Used for: - give users access to AWS resources, such as S3, or DynamoDB table - Generate temporary AWS credentials for unauthenticated users
You would like to use SSE-S3 encryption mechanism. What header must you set in your request?
x-amz-server-side-encryption:AES256