A Cloud Guru Test Flashcards
How can you configure CodeBuild to notify the DevOps team of a failure in the build process?
Use CloudWatch Events and an SNS topic to notify subscribers of build events. CodeBuild natively supports CloudWatch Events, and SNS is a subscription based notification service that integrates with CloudWatch.
Which service enables you to automatically build, test and release new software whenever a developer makes an update to their code?
CodePipeline. CodePipeline automates the build, test and can be used to deploy phases of your release process every time there is a code change, based on the release model you define.
What services are compatible with CodeDeploy managed deployments?
CodeDeploy supports EC2, ECS (both EC2 and Fargate), Lambda and on-premises servers.
A developer needs to share an EBS volume with a second AWS account. What actions need to be performed to accomplish this task in the most optimal way?
It is not possible to directly share an EBS volume with another account. In order to accomplish the required task, it is required to create an EBS volume snapshot and grant permissions to that snapshot to the second AWS account.
An organization has mandated that all data within its DynamoDB tables must be encrypted at rest using an AWS owned key. What must a developer do to ensure this?
There’s no need to do anything; all DynamoDB tables are encrypted at rest with an AWS owned key by default. Non-encrypted DynamoDB tables are no longer supported in AWS.
What is canary deployment?
With canary deployment, traffic is shifted in two increments. The options specify the percentage of traffic that’s shifted to your updated Lambda function version in the first increment, and the interval, in minutes, before the remaining traffic is shifted in the second increment.
E.g., :
Canary10Percent30Minutes
What is linear deployment?
Linear deployment is when traffic is shifted in equal increments with an equal number of minutes between each increment.
E.g.:
Linear10PercentEvery1Minute
What is all at once deployment?
All traffic is shifted from the original Lambda function to the updated Lambda function version at once.
How to deploy a serverless application gradually?
If you use AWS SAM to create your serverless application, it comes with built-in CodeDeploy to ensure safe Lambda deployments. In the SAM template, you can specify the AutoPublishAlias and the DeploymentPreference.
The AutoPublishAlias detects when new code is being deployed and creates and published an updated version of that function with the latest code. It automatically creates an alias that points to the updated version of the Lambda function.
In the DeploymentPreference type, you can specify canary, linear or all at once.
What is the Lambda IteratorAge metric?
For stream-based invocations, Lambda emits the IteratorAge metric. IteratorAge metric is the time between when the last record in a batch was recorded and when Lambda reads the record. In general, iterator age increases when a function can’t keep up with processing the amount of data that is being written to the streams.
What’s the proper way of storing a credit card number that a Lambda function needs to use?
You can store it as an environment variable, however you should encrypt this before deploying, because the default encryption occurs after deploying, not during deployment.
How can my AWS Lambda function customize its behavior to the device and app making the request?
When called through the AWS Mobile SDK, Lambda functions automatically gain insight into the device and application that made the call through the ‘context’ object.
What happens if your Lambda code is too large?
It will trigger a code storage exception error.
What is the PreconditionFailedException (HTTP status code 412) in Lambda?
Your Lambda will throw a PreconditionFailedException when the RevisionId does not match the latest RevisionId for the Lambda function or alias. Call the GetFunction or GetAlias API to retrieve the latest RevisionId for your resource.
This error is often used as a protection against a racing condition when multiple people are working on the same function.
What happens if most or all clients of an API invalidates the cache?
It could significantly increase the latency of your API. You can either impose an InvalidateCache policy, or choose the Require authorization checkbox in the console.
What is a cross-origin HTTP request?
A cross-origin HTTP request is one that is made to:
- a different domain
- a different subdomain
- a different port
- a different protocol
What is a simple HTTP request?
An HTTP request is simple if all of the following conditions are true:
- it is issued against an API resource that allows only GET, HEAD and POST requests
- If it is a POST method request, it must include an Origin header
- The request payload content type is text/plain, multipart/form-data, or application/x-www-form-urlencoded.
- The request does not contain custom headers
What’s required for a response to a simple cross-origin POST method request?
For a simple cross-origin POST method request, the response from your resource needs to incldue the header Access-Control-Allow-Origin.
What is a symmetric key?
When you create a customer master key (CMK) in KMS, by default, you get a symmetric CMK. Symmetric keys are used in symmetric encryption, where the same key is used for encryption and decryption.
AWS services that are integrated with KMS use symmetric CMKs to protect your data. These services do not support asymmetric CMKs.
You have used a CMK to create a data key using the GeneratedDataKey operation to encrypt your application’s data using envelope encryption. You have been asked to provide temporary secured access to external auditors so that they can audit the data stored. These auditors should be able to immediately gain access to your data. What is the most effective and efficient way of achieving this?
Use grant tokens after using grants with the decrypt and re-encrypt operation. Using grant tokens received from the CreateGrant request will mitigate potential delay and grant immediate access. Decrypt operation is needed for the auditors to decrypt and re-encrypt this data.
What is data key caching?
Data key caching lets you reuse the data keys that protect your data, instead of generating a new data key for each encryption operation.
Data key caching can reduce latency, improve throughput, reduce cost. In particular, caching might help if your application is hitting the KMS requests-per-second limit and raising the limit does not solve the problem.
However, these benefits come with some security tradeoffs. Encryption best practices generally discourage extensive reuse of data keys.
What’s the LocalCryptoMaterialsCache?
To make data key caching easier to implement, the AWS Encryption SDK provides LocalCryptoMaterialsCache, an in-memory, least-recently-used cache with a configurable size.
You’re the lead developer for a company that uses KMS to decrypt passwords from an RDS MySQL database using an asymmetric CMK. While decrypting the data you receive an InvalidCipherTextException error. What could have caused this error?
EncryptionAlgorithm is set to default value. Asymmetric CMKs cannot use the default algorithm, because the default one is for used for symmetric keys only. For symmetric CMKs, the default value would work.
How do you control the behaviors of your APIs backend interactions?
You control the behaviors of your APIs backend integrations by setting up the integration request and integration response. These involve data mappings between a method and its corresponding integration.
