Collection

Question 1

KDS

Answer 1

• Retention 1-365 days
• Record = Partition Key + Data Blob 1MB
• Provisioned
  
  • IN : 1MB per shard per sec
  • OUT : 2MB per shard per sec
• On-demand
  
  • 4MB or 4000 records per second
  • scales automatically based on throughput during last 30 days
• replicates to 3 AZ

Question 2

Kinesis Producer SDK

Answer 2

• Use Cases : Support multiple programming languages
• PutRecord vs PutRecords
• PutRecords uses batching and increase throughput
• ProvisionedThroughputExceeded Exception
  
  • Solution : Retries with backoff, increase # shards and choice of partition key

Question 3

Kinesis Producer Library

Answer 3

• Use Cases : High performance and long-running producers
• Synchronous and Asynchronous API
• Batching –> 1MB/s or 1000 records /s
• Compression must be implemented by users
• KPL records must be decoded with KCL or special helper library
• RecordMaxBufferedTime 100ms

Question 4

Kinesis Agent

Answer 4

• Use Cases : Monitor log files and send them to KDS
• On top of KPL
• Features
  
  • write from multiple directories to multiple kinesis streams
  • preprocess data before sending
  • Able to handle file rotation, checkpointing and retry
  • Emit metrics to CloudWatch for monitoring

Question 5

Kinesis Consumer SDK

Answer 5

• 2MB per shard per second
• GetRecords returns up to 10MB /sec or up to 1000 records per second
• Max 5 GetRecords API
• 200ms latency

Question 6

Kinesis Client Library

Answer 6

• Read records from Kinesis produced by KPL
• Share multiple shards with multiple consumer in one group
• Checkpointing feature to resume progress
• Leverage DynamoDB for checkpointing
  
  • Make sure to provision enough WCU / RCU
  • Use on-demand for DynamoDB otherwise DynamoDB will slow down KCL
• ExpiredIterationException
  
  • Solution : increase WCU

Question 7

Kinesis Connector Library

Answer 7

• S3
• DynamoDB
• Redshift
• ElasticSearch

Question 8

Kinesis and Lambda

Answer 8

• Lambda can source records from KDS
• Lambda consumer has library to de-aggregate record from the KPL

Question 9

Kinesis Enhanced Fan Out

Answer 9

• 2MB /consumer /sec /shard
• Kinesis pushes data to consumer over HTTP2
• 70 ms latency
• Default limit of 5 consumers using enhanced fan out per data stream
• Use SubscribeToShard API

Question 10

Auto Scaling

Answer 10

• API call to change the number of shards is UpdateShardCount
• We can implement AutoScaling with AWS Lambda

Question 11

KDS Security

Answer 11

• EIF : SSL
• EAR : KMS
• VPC
• KCL –> grant read and write access to DynamoDB table

Question 12

Kinesis Data Firehose

Answer 12

• Fully managed
• Near real time (60 sec latency)
• Auto scaling
• Spark / KCL do not read from KDF
• Destination : s3, Splunk, Redshift, ElasticSearch
• Record Size 1MB
• Replicates records to 3 AZ
• Retention 24 hours

Question 13

KDF Buffer

Answer 13

• 2 mins
• 32MB

Question 14

SQS Standard

Answer 14

• Fully managed
• 1-14 days retention
• 10ms latency
• 256KB msg body + metadata
• Horizontal scaling in term of number of consumer
• Max 120,000 in-flight messages being processed by consumers

Question 15

SQS Producing Messages

Answer 15

• Provide delay delivery
• Get back
  
  • msg id
  • md5 hash of the body

Question 16

SQS Consuming Messages

Answer 16

• Poll 10 msg at a time
• Process the message within the visibility timeout
• Delete the msg using msg id and recipt handler
• max 120,000 in-flight msg being processed by consumers

Question 17

SQS FIFO Queue

Answer 17

• Name of queue must end in .fifo
• Lower throughput (30,000 msg per sec with batching and 3000 per second without)
• messages are processed in order by consumer
• msg are sent exactly once

Question 18

SQS Security

Answer 18

• EIF : HTTPs
• EAR : KMS
• IAM

Question 19

IoT Device Gateway

Answer 19

• Serves as entry point for IoT devices connecting to AWS
• Supports MQTT, Websocket and HTTP1.1 protocols
• Fully managed
• Scale automatically to support over 1 billion Things

Question 20

IoT Message Broker

Answer 20

• Pub Sub pattern with low latency
• Msg sent using MQTT, WebSocket and HTTP1.1
• Msg are published into topics
• Msg broker forwards msg to all clients connected to the topic

Question 21

IoT Authentication

Answer 21

• 3 authN
  
  • X.509 certification
  • AWS SigV4
  • Custom tokens with custom authorizers
• For mobile
  
  • Cognito Identities
• Web / Desktop / CLI
  
  • IAM
  • Federated Identities

Question 22

IoT Authorization

Answer 22

• AWS IoT Policies
  
  • Attach to X.509 certificates or Cognito Identities
  • Able to revoke any device at any time
  • IoT Policies are JSON doc
  • Can be attached to groups instead of individual Things
• IAM Policies
  
  • Attached to users, group or roles
  • Used for controlling IoT AWS APIs

Question 23

IoT Device Shadow

Answer 23

• JSON doc representing the state of a connected Thing
• IoT Thing will retrieve the state when online and adapt

Question 24

IoT Rules Engines

Answer 24

• Rules are defined on the MQTT topics
• Rules = when it is triggered
• Use Cases
  
  • Augment or filter data received from a device
  • Write data received from a device to a DynamoDB database
  • Save a file to S3
• Rules need IAM roles to perform their actions

Question 25

IoT Greengrass

Answer 25

• IoT Greengrass brings the compute layer to the device directly
• We can execute AWS Lambda functions on the devices
• Operate offline
• Deploy functions from the cloud directly to the devices

Question 26

Data Migration Service

Answer 26

• Homo and Hetero
• Continuous data replication using Change Data Capture
• Require EC2 instance to perform the replication tasks

Question 27

Data Migration Service Schema Conversion Tool

Answer 27

• Prefer compute-intensive instances to optimize data conversions

Question 28

Direct Connect (DX)

Answer 28

• Provides a dedicated private connection from a remote network to your VPC
• Require to setup a Virtual Private Gateway on your VPC
• Use Cases
  
  • Increase Bandwidth Throughput
  • Consistent network experience
  • Hybrid Env
• Support IPv4 and IPv6
• If DX is setup to one or more VPC in different regions, use Direct Connect Gateway

Question 29

Direct Connection Types

Answer 29

• Dedicated
  
  • 1,10,100 Gbps
  • physical ethernet port dedicated to a customer
• Hosted
  
  • 50,500Mbps to 10Gbps
  • Capacity can be added or removed on demand
• Lead time are often longer than 1 month to establish a new connection

Question 30

Direct Connect Encryption

Answer 30

• In Transit : not private
• AWS DC + VPC provides an IPsec encrypted private connection

Question 31

Direct Connect Max Resiliency

Answer 31

• Multiple DX per 1 location

Question 32

Snowcone

Answer 32

• Light
• Device for edge computing, storage and data transfer
• 8 TB
• Connect it to internet and use AWS DataSync to send data

Question 33

Snowball Edge

Answer 33

• Storage Optimized
  
  • 80TB
• Compute Optimized
  
  • 42TB
• Provide block storage and S3-compatible object storage

Question 34

Snowmobile

Answer 34

• 100PB
• High Security, Temperature Controlled, GPS, 247 video surveillance
• Better than Snowball if transferring more than 10PB

Question 35

AWS OpsHub

Answer 35

• Manage your Snow Family Device

Question 36

AWS Managed Streaming Kafka

Answer 36

• Fully managed
• Data Stored in EBS
• Message size 1MB to 10MB
• Choose number of AZ
• Choose the VPC and subnet
• Choose the broker instance type
• Choose the size of EBS volume
• Durability & Availability
  
  • Ensure the replication factor (RF) is at least 2 for 2 AZ clusters and at least 3 for 3 AZ clusters
  • Set minimum in-sync replicas (miniISR) to at most RF-1

Question 37

MSK Security

Answer 37

• EIF : TLS
• EAR : KMS
• AuthN and AuthZ
  
  • Mutual TLS + Kafka ACLs
  • SASL / SCRAM + Kafka ACLs
  • IAM

Question 38

MSK Monitoring

Answer 38

• CloudWatch Metrics
  
  • Basic monitoring, enhanced monitoring, topic level monitoring
• Prometheus
• Broker Log delivery
  
  • To CloudWatch, S3, KDS

Question 39

MSK Connect

Answer 39

• Managed Kafka Connect Workers
• Auto-scaling capabilities
• Deploy any Kafka Connect connectors to MSK as a plugin

Question 40

KDS > SQS

Answer 40

• Ability for multiple applications to consume the same stream concurrently
• Ability to consume records in the same order a few hours later

Question 41

KDF Sources

Answer 41

• KDF API
• KDS
• Other AWS Services
• Kinesis Agent
• AWS Lambda

Question 42

KDF + Lambda Transformation

Answer 42

All transformed records from Lambda must be returned to Firehose with following 3 parameters
- recordId
- result
- data
Enable source record backup and KDF will deliver the un-transformed incoming data to a separate S3 bucket

Question 43

Kinesis Video Streams

Answer 43

• Fully managed
• Service for media ingestion, storage and processing
• Use Cases
  
  • Smart Home : Stream video and audio from camera-equipped home devices
  • Smart City
  • Industrial Automation
• Integrates with ML Framework

Question 44

Kinesis Video Stream Concepts

Answer 44

• Video Stream
  
  • resource that enables you to capture live video and other time-encoded data
• Fragment
  
  • Self-contained sequence of media frames
• Chunk
  
  • KVS stores videos in chunks