AWS CLI, SDK, IAM Roles & Policies

Question 1

What is the purpose of EC2 Instance Metadata?

Answer 1

To allow an EC2 instance to learn about itself, such as instance ID, without needing IAM permissions.

Question 2

What is the URL for EC2 Instance Metadata?

Answer 2

http://169.254.169.254/latest/meta-data

Question 3

Can you retrieve IAM policy from EC2 metadata?

Answer 3

No, only IAM Role name is available, not the policy.

Question 4

What is the difference between metadata and user data on EC2?

Answer 4

Metadata is instance information; user data is a launch script run once at boot.

Question 5

What is the difference between IMDSv1 and IMDSv2?

Answer 5

IMDSv1 allows direct metadata access; IMDSv2 requires a session token for improved security.

Question 6

How do you use MFA with the AWS CLI?

Answer 6

Use the STS GetSessionToken API to generate temporary credentials.

Question 7

What is the command to get temporary credentials using MFA in AWS CLI?

Answer 7

aws sts get-session-token –serial-number <mfa-arn> --token-code <code> --duration-seconds 3600</code></mfa-arn>

Question 8

Which programming languages are supported by AWS SDK?

Answer 8

Java, .NET, Node.js, PHP, Python (boto3), Go, Ruby, C++.

Question 9

Which SDK does AWS CLI use internally?

Answer 9

Python SDK - boto3.

Question 10

What region is used by default if not configured in SDK?

Answer 10

us-east-1.

Question 11

What is Exponential Backoff used for in AWS?

Answer 11

To handle intermittent throttling errors with retries after increasing delays.

Question 12

What should you do for consistent API throttling?

Answer 12

Request a service limit increase.

Question 13

What are example API rate limits in AWS?

Answer 13

EC2 DescribeInstances: 100 calls/sec; S3 GET: 5500 per second per prefix.

Question 14

What is the AWS CLI credentials provider chain order?

Answer 14

1. CLI options 2. Env vars 3. CLI credentials file 4. CLI config file 5. ECS container creds 6. EC2 instance profile.

Question 15

What is the AWS SDK default credentials provider chain?

Answer 15

1. Java properties 2. Env vars 3. Credentials file 4. ECS container creds 5. EC2 instance profile.

Question 16

In a scenario where environment variables are used on an EC2 instance, why might it override instance profile permissions?

Answer 16

Because environment variables have higher priority in the credentials provider chain.

Question 17

What is the top AWS credential management best practice?

Answer 17

Never store AWS credentials in your code.

Question 18

How should credentials be managed inside AWS?

Answer 18

Use IAM roles: EC2 roles, Lambda roles, ECS roles.

Question 19

How should credentials be managed outside AWS?

Answer 19

Use environment variables or named profiles.

Question 20

What is SigV4 in AWS?

Answer 20

It’s the signing process used to authenticate AWS HTTP requests.

Question 21

When do you need to manually use SigV4?

Answer 21

When making direct HTTP API calls without the SDK or CLI.

Question 22

Do AWS CLI and SDK sign requests automatically with SigV4?

Answer 22

Yes, they handle the signing process automatically.

Question 23

What is a subnet?

Answer 23

A partition of a VPC’s network; tied to an Availability Zone.