CSA Flashcards
Lambda-support languages (5)
python Go C# (.NET core) node.js (javascrip) Java
Lambda triggers (9 most used)
- API Gateway
- Alexa Skills Kit
- CloudFront
- CloudWatch Events
- CloudWatch Logs
- DynamoDB
- Kinesis
- S3
- SNS
others: • SQS • AWS IoT • Alexa Smart Home • CodeCommit • Cognito Sync Trigger
Route53 DNS Routing Options (6)
Simple weighted Latency-based Failover Geolocation Multivalue ANswer
What 10 AWS services are serverless?
- Compute: Lambda (+ Lambda@edge for Cloudfront)
- Storage: S3
- DB: DynamoDB
- API Gateway
- AWS AppSync
- Orchestration: AWS step functions
- Message queuing: SQS
- Notification: SNS
- Analytics: Kinesis
- Interactive query: Athena
What are the key differences between Multi-AZ DB’s and Read Replicas?
Multi-AZ is for DR/maintenance (active-passive), Read-replicas are for improved performance and resiliency
M-AZ is synchronous, Read-replicas are asynch.
M-AZ has one defined endpoint, RR has endpoint for each replica
List the 6 key AWS databases and their uses
- RDS – OLTP (RDBMS)
- DynamoDB – noSQL
- Redshift – OLAP
- Elasticache – in-mem caching
- Aurora - Customer, high-perf RDBMS
- Neptune - Graph database
What are the 6 DB’s available within RDS?
Oracle Aurora PostgresSQL MySQL MariaDB MS SQL Server
What are the 5 key basic components of a VPC?
IGW (Internet gateway/VPG) Route tables Subnets Security Groups NACL's
List the (8 ) steps to creating a custom VPC
1) Create VPC (creates default security group, NACL & route
2) Create subnets
3) Create iNet Gateway
4) Create route table
5) link public subnet to Inet gateway
6) Setup auto-assign of public IP’s if desired
7) Create instances in each subnet
8) Create security groups as needed (HTTP, etc) to allow access between subnets
At what three levels can VPC flowlogs be created?
o VPC – all VPC traffic
o Subnet – all subnet traffic
o Network interface – per instance
What are the two types of VPC endpoints?
o Interface endpoint – elastic network interface (ENI) – entry point for traffic destined to the service
o Gateway endpoint – serves as a target for a route in your route table for traffic destined for the service. Similar to NAT gateway, is more resilient than interface.
What are the two type of SQS queues and key differences?
1) Standard (default) - volume/speed, but risk of 2x delivery and mis-ordering
2) FIFO - 300/sec but guaranteed 1x and ordering (use case: banking)
What are the 3 actors of SWF (Simple Workflow Service)
1) Activity Workers = programs that interact with SWF to get tasks, process them and return result
2) Deciders = controls the coordination of tasks – ordering, concurrency, scheduling
3) Workflow Starters - initiates workflow (i.e. a web site sending transaction)
What are 4 differences between SWF and SQS?
o SWF only assigns ONCE, whereas SQS can assign 2x (due to timeout)
o SWF is task-orientated, SQS is message-orientated
o SWF keeps track of all app tasks. With SQS, you need to implement your own app-level tracking
o SWF retention max = 1 year. SQS = 14 days
• Exam: scenarios usually around when to use SWF vs SQS
o Any human interaction should be SWF
o Delivery timeframe – longer than 12 hours, then SWF
What are the 3 core service of Kinesis?
1) Streams - shards, hold data 12h - 7d. Manual scaling
2) Firehose - automated, no shards, no retention. Batching, encrypting, compressing
3) Analytics - Analysis of data in Streams or Firehose
What are the 8 types of subscribers (protocols) to SNS
HTTP HTTPS Email Email-JSON Lambda Application SQS SMS
What is the IP to get user and meta data from an instance?
169.254.169.254
/latest (or date)/meta-data
/latest (or date)/user-data
/latest (or date)/dynamic
What are 4 key capabilities of AWS Organizations
1) Consolidate billing
2) Centrally manage policies across accounts
3) Control access to services/actions (SCP - Service Control Policies)
4) Automate AWS account create/delete
What are the steps to enable cross-account access?
(need to know account #’s)
1) In dev: Create user + group
2) In prod:
a) Create read-write-app-bucket policy
b) Create UpdateApp cross account role
c) Apply policy to the role
3) in Dev: Create new in-line policy & apply to the group created earlier
4) Use “Switch Role” from Account drop-down
What are the 2 types of resource groups?
1) Classic - global or regional, view-only
2) AWS Systems Manager - regional only, automation, insights, health checks, etc
What are the 9 steps of a typical STS authentication process?
o Step 1 – user enters their ID & password
o Step 2 – App passes ID/pw to broker
o Step 3 - Broker verifies via LDAP/AD that ID/pw are correct
o Step 4+5: On EXAM: STS returns to broker:
Access key
Secret access key
Token (demonstrates that user is authenticated)
Duration (can last between 1 – 36 hours)
o Step 6: Broker sends STS info to app
o Step 7: App connects to S3 with token
o Step 8/9: S3 verifies user has permissions for that resource
What are the 7 key components of docker?
1) Docker image
2) Docker container
3) Layers / Union File System
4) DockerFile
5) Docker Daemon / Engine (runtime)
6) Docker client – interface between user and daemon
7) Docker registries – i.e. Dockerhub, ECH, etc
List the 2 types of ECS schedulers
o Service Scheduler
Container re-launch on failure
Can ensure tasks are registered against ELB
o Custom Scheduler
Build you own schedulers
Leverage third-party schedulers, like Blox
What are the 4 default metrics provided by Cloudwatch?
o CPU
o Storage
o Network
o Status
