Other AWS Services Flashcards
What service would you integrate with a Lambda function to send emails?
SES - Simple Email Service
What is the advantage of OpenSearch over DynamoDB?
OpenSearch allows you to search any field, even for partial matches
Give three patterns for OpenSearch usage
OpenSearch with DynamoDB: stream the DB data through a lambda function to OpenSearch. Use OpenSearch to search the data, but DDB to retrieve items
OpenSearch with CloudWatch Logs: Create a subscription filter to stream specific data either through a lambda or through data firehose into OpenSearch
OpenSearch with Kinesis Data Streams: stream data through either a lambda function of data firehose (with an optional lambda for data transformation) to OpenSearch
How can you query data within S3 using SQL? Give a use case for this.
Amazon Athena - serverless query service to analyze data using SQL
- business intelligence, analytics, reporting, analyze CloudTrail trails or any sort of logs.
Give 4 methods for improving performance of Athena queries.
Use columnar data
- Can transform to Apache Parquet or ORC
- Use Glue to convert the data
Compress data for smaller retrievals
Partition datasets in S3 for querying on ‘virtual columns’
- i.e., use the filepath to act as columns, e.g. s3://athena/flight/parquet/year=1991/month=1/day=1/
Use larger files (> 128 MB) rather than many small files
How would you use Athena to query services such as CloudWatch Logs, DDB, RDS, or even on premises database?
Use Federated Query - uses data source connectors that run on AWS Lambda to run federated queries on other services
What is AWS MSK?
Managed Streaming for Apache Kafka (alternative to Kinesis)
- create Kafka noes, deploy cluster etc.
How does Apache Kafka work (high level)?
Producers write information to a Kafka topic - this is written to a Broker Node within an MSK Cluster, and then replicated to other nodes in that cluster.
- Consumers then poll the topic for updates
What are the differences between Kinesis Data Streams and MSK?
KDS:
- 1 MB message size limit
- Data Streams with Shards
- Shard splitting and merging
- TLS in-flight encryption
- KMS at-rest encryption
MSK
- 1MB default size limit, can be raised
- Kafka topics with partitions
- Can only add partitions, cannot remove
- Plaintext or TLS in-flight encryption
- KMS at-rest encryption
What service lets you manage TLS and SSL certificates?
AWS Certificate Manager (ACM)
How would you issue public and private certificates?
ACM for public certificates
AWS Private Certificate Authority (CA)
- Managed service allows your to create private certificate authorities
- Certificates are only trusted by your Organisation (not the public internet)
- Certificates work with AWS services that are integrated with ACM
What is a use case for private certifications?
- Encrypted TLS communcation, crytographically signing code
- Authenticate users, computers, API endpoints, IoT devices
- Enterprise customers building a public key infrastructure (PKI)
What is Amazon Macie?
Data security and privacy services that uses machine learning and pattern matching to discover and protect your sensitive data in AWS
- Identifies and alerts you to sensitive data (PII)
What service can you use to manage settings such as feature flags, application tuning, allow/block listing dynamically (without code changes)?
AppConfig
How could you monitor the difference between feature flags in an A/B test?
CloudWatch Evidently
- Validate new features by serving them to a specified % of users
- Collect and analyze data
Used for launches, experiments, beta testing via an Override (allows you to specify a config for a specific user)
