Names (API, CLI, etc.) Flashcards
1
Q
When requesting SSE-S3 encryption for objects sent so S3, what key-value pair must be present in the header?
A
“x-amz-server-side-encryption”: “AES256”
2
Q
When requesting SSE-KMS encryption for objects sent to S3, what key-value pair must be present in the header?
A
“x-amz-server-side-encryption”: ”aws:kms”
3
Q
What CLI option/flag should be used to simulate an AWS API call without using resources?
(Note: this option is not available on all API calls)
A
–dry-run
4
Q
You may get long error messages from failed AWS API calls. Which command is used to decode these error messages?
A
sts decode-authorization-message
5
Q
If you want detailed information on an EC2 instance, which URL should you query from that instance?
A
http://169.254.169.254/latest/meta-data
6
Q
If you want detailed information on the launch script of an EC2 instance, which URL should you query from that instance?
A
http://169.254.169.254/latest/user-data
7
Q
To use MFA with the CLI, which API call is used?
A
STS GetSessionToken
8
Q
To use MFA with the CLI, what CLI command is used?
A
aws sts get-session-token –serial-number arn-of-the-mfa-device –tokencode code-from-token –duration-seconds 3600
9
Q
When you upload objects to an S3 bucket encrypted with SSE-KMS, which KMS API call is used?
A
GenerateDataKey
10
Q
When you download objects from an S3 bucket encrypted with SSE-KMS, which KMS API call is used?
A
Decrypt
11
Q
If you want to invalidate part of your CloudFront cache, which API call can you use?
A
CreateInvalidation
12
Q
If you want to place ECS tasks on EC2 machines with the least available amount of memory (to minimize # of EC2 instances and save costs), fill in the Xs.
“placementStrategy”: [
{
“type”: X1,
“field”: X2
}
]
A
X1 = “binpack”
X2 = “memory”
13
Q
If you want to place ECS tasks on EC2 machines randomly, fill in the X.
“placementStrategy”: [
{
“type”: X
}
]
A
X = “random”
14
Q
If you want to place ECS tasks on EC2 machines distributed evenly across the ECS availability zone, fill in the X.
“placementStrategy”: [
{
“type”: X,
“field”: “attribute:ecs.availability-zone”
}
]
A
X = “spread”
15
Q
If you want to place ECS tasks on their own EC2 instances, fill in the X.
“placementStrategy”: [
{
“type”: X
}
]
A
X = “distinctInstance”
16
Q
If you want to place ECS tasks on EC2 only in us-east-1a and us-west-2b, fill in the X.
“placementStrategy”: [
{
“type”: X,
“expression”: “attribute:ecs.availability-zone in [us-east-1a, us-east-2b]”
}
]
A
X = “memberOf”
17
Q
To login to ECR using AWS CLI v2, what CLI command is used?
A
aws ecr get-login-password –region region | docker login –username AWS –password-stdin aws_account_id.dkr.ecr.region.amazonaws.com
18
Q
To push to Amazon ECR, what CLI command is used?
A
docker push aws_account_id.dkr.ecr.region.amazonaws.com/demo:latest
19
Q
To pull from Amazon ECR using the CLI, what CLI command is used?
A
docker pull aws_account_id.dkr.ecr.region.amazonaws.com/demo:latest
20
Q
The directory at the root of your EB project that contains all your .config files has what directory name?
A
.ebextensions/
21
Q
EB Single Docker requires one of two files in order to get the container up and running. What are the names of those two files?
(Bonus points, what’s the difference between the two?)
A
Dockerfile : (EB will build and run the container)
Dockerrun.aws.json (v1) : (Describe where an already built container is)
22
Q
An EB Multi Docker Container app requires a file with what filename to generate the ECS task definition?
(Bonus points: where should the file be located?)
A
Dockerrun.aws.json (v2)
(at the root of the source code)
23
Q
You want to create an EB custom platform. The filename of the AMI must be what?
A
Platform.yaml
24
Q
AWS CodeBuild reads build instructions from a file with what name?
A
buildspec.yml
25
The CodeDeploy Agent runs deployment instructions based on a file with what name?
appspec.yml
26
In CloudFormation templates, functions in are prefixed with Fn::
What is the .yml shorthand for function prefixes that's used in place of Fn:: ?
!
27
In CloudFormation templates, what is the .yml function for referencing parameters and resources?
(Bonus points: What do Parameters and Resources return?)
!REF
Parameters returns the value of the parameter. Resources returns the physical ID of the underlying resource.
28
In CloudFormation templates, what is the .yml function for referencing the attributes of the resources you create? (ex: the AZ of an EC2 machine)
!GetAtt
29
In CloudFormation templates, what is the .yml function for accessing values from key-value pairs listed in the Mappings section of your template?
!FindInMap
30
In CloudFormation templates, what is the .yml function for importing values that are exported from your other CloudFormation templates?
!ImportValue
31
In CloudFormation templates, what .yml function should you use if you want to generate the following output based on the given input?
Input: “ :: ”, ["Hello", "World", “!”]
Output: “Hello :: World :: !”
!Join
32
In CloudFormation templates, what is the .yml function equivalent to the str.replace() method?
What is the syntax?
!Sub
!Sub
- String
- { Var1Name: Var1Value, Var2Name: Var2Value }
33
In CloudFormation templates, what are the 5 .yml condition functions?
!IF
!AND
!OR
!NOT
!EQUALS
34
To send custom metrics to CloudWatch, which API call is used?
PutMetricData
35
To modify metric resolution in CloudWatch, which API call is used?
(Bonus points: what are the logging frequencies for Standard and High Resolution?)
StorageResolution
( Standard: 60 sec
High Resolution: 1/5/10/30 sec )
36
To move log data from CloudWatch to S3, which API call is used?
(Bonus points: how long does the transfer take?)
CreateExportTask
| (up to 12 hours)
37
To test CloudWatch alarms and notifications, what CLI command is used?
**aws cloudwatch set-alarm-state** --alarm-name "myalarm" --state-value ALARM --state-reason "testing purposes"
38
To upload segment documents to AWS X-Ray, which API call is used?
PutTraceSegments
39
The AWS X-Ray daemon uploads telemetry with which API call?
PutTelemetryRecords
40
To retrieve all sampling rules for X-Ray, which API call is used?
GetSamplingRules
41
Which 3 AWS X-Ray API calls are considered Write APIs?
PutTraceSegments
PutTelemetryRecords
GetSamplingRules
42
To get the main X-Ray service graph, which API call is used?
GetServiceGraph
43
To retrieve a list of traces specified by ID in X-Ray, which API call is used?
(Note: each trace is a collection of segment documents that originates from a single request)
BatchGetTraces
44
To retrieve IDs and annotations for X-Ray traces available for a specified time frame (using an optional filter), which API call is used?
(Note: to get the full traces, pass the trace IDs to BatchGetTraces)
GetTraceSummaries
45
To retrieve a service graph for one or more specific trace IDs, which API call should be used?
GetTraceGraph
46
Which 4 AWS X-Ray API calls are considered Read APIs?
GetServiceGraph
BatchGetTraces
GetTraceSummaries
GetTraceGraph
47
To run X-Ray with EB, you can either set the option in the console or with a configuration file in DIRECTORY/FILENAME
What are the missing strings?
DIRECTORY = .ebextensions/
FILENAME = xray-daemon.config
48
To allow cross account access to SQS queues for an AWS account with a principal of 111122223333, what key-value pair should be present in the IAM policy statement?
“Princical”: { "AWS": [111122223333] }
49
What does this IAM policy enable?
This policy enables an S3 bucket with a specific source account to write to this SQS queue.
50
To change the message visibility timeout in SQS queues, which API call is used?
ChangeMessageVisibility
51
Which SQS parameter determines the number of retries before a message is sent to the queue's DLQ (if configured)?
MaximumReceives
52
Which SQS parameter determines the number of seconds a message must stay in queue before it becomes visible to consumers?
DelaySeconds
53
SQS Long Polling can be enabled at the queue level or at the API level using which SQS parameter?
WaitTimeSeconds
54
List the 9 essential SQS API calls:
(Bonus points: which 3 have Batch APIs?)
CreateQueue, DeleteQueue
PurgeQueue,
**SendMessage**, ReceiveMessage, **DeleteMessage**
MaxNumberOfMessages
ReceiveMessageWaitTimeSeconds
**ChangeMessageVisbility**
55
To create an SQS queue, which API call is used?
(Bonus points: which argument can be used to set how long a message should be kept in queue before being discarded)
CreateQueue
| (MessageRetentionPeriod)
56
To delete an SQS queue (and all messages inside), which API call is used?
DeleteQueue
57
To delete all the messages in an SQS queue but not the queue itself, which API call is used?
PurgeQueue
58
To send a message to an SQS queue, which API call is used?
(Bonus points: which argument is used to set the number of seconds of delay)
SendMessage
| (DelaySeconds)
59
To poll an SQS queue for messages, which API call is used?
ReceiveMessage
60
To delete an SQS message after it has been processed by a consumer, which API call is used?
DeleteMessage
61
To change the number of SQS messages received in a ReceiveMessage API call, which [API call / SQS parameter] is used?
(Bonus points: what is the default number, min number, and max number)
MaxNumberOfMessages
| (1, 1, 10)
62
To enable long polling of an SQS queue, which [API call / SQS parameter] is used?
ReceiveMessageWaitTimeSeconds
63
To change the message timeout for an SQS queue, which [API call / SQS parameter] is used?
ChangeMessageVisbility
64
Which 3 SQS API calls have batch APIs available?
SendMessage
DeleteMessage
ChangeMessageVisibility
65
Which parameter is used to order subsets of an SQS FIFO queue?
MessageGroupID
66
Which 3 Lambda environment variables are communicated with X-Ray?
\_X\_AMZN\_TRACE\_ID
AWS\_XRAY\_CONTEXT\_MISSING
AWS\_XRAY\_DAEMON\_ADDRESS
67
Which Lambda environment variable contains the tracing heading for X-Ray?
\_X\_AMZN\_TRACE\_ID
68
To configure Lambda with VPC Lambda will create an ENI, but it first needs which AWS managed IAM role?
AWSLambdaVPCAccessExecutionRole
69
Which 3 DynamoDB API calls are considered Write APIs?
PutItem
UpdateItem
Conditional Writes
70
To create or replace items in a DynamoDB table, which API call is used?
PutItem
71
To update an existing item in DynamoDB or create a new one if it doesn't exist, which API call is used?
UpdateItem
72
To accept a write/update/delete in DynoamoDB only if certain conditions are met, which parameter/category is used?
Conditional Writes
73
Which 3 DynamoDB API calls are considered Read API calls?
GetItem
Query
Scan
74
To retrieve a specific item from DynamoDB based on its primary key, which API call is used?
(Bonus points: what parameter is used to retrieve only specified attributes of the item?)
GetItem
| (ProjectionExpression)
75
To retrieve a list of items from a DynamoDB table based on conditions, which API call is used?
Which parameter uses comparison operators on the partition and sort keys?
Which parameter allows additional filtering on non-key attributes after retrieval but before delivery?
Query
(KeyConditionExpression)
(FilterExpression)
76
When querying a DynamoDB table…
Which expression uses comparison operators on the partition and sort keys?
Which expression allows additional filtering on non-key attributes after retrieval but before delivery?
KeyConditionExpression
FilterExpression
77
To retrieve all items from a DynamoDB table, which API call is used?
Scan
78
To delete an item in a DynamoDB table, which API call is used?
DeleteItem
79
To delete an entire DynamoDB table, which API call is used?
DeleteTable
80
Which 2 DynamoDB API calls are used for batch operations?
(Bonus points: which two standard DynamoDB API calls does BatchWriteItem use?)
BatchWriteItem
BatchGetItem
(PutItem and DeleteItem)
81
In DynamoDB streams you can choose the scope of information that will be written to the stream by using one of 4 options. List the 4 options.
KEYS\_ONLY
NEW\_IMAGE
OLD\_IMAGE
NEW\_AND\_OLD\_IMAGES
82
Which 2 DynamoDB CLI options/flags are good to know for the exam?
(Bonus points: what 3 general AWS CLI pagination options/flags are good to know for the exam?)
--filter-expression
--projection-expression
( --page-size
--max-items
--starting-token )
83
To filter DynamoDB items before they are returned to you, which AWS CLI option/flag is used?
--filter-expression
84
To only return specified attributes of an item from a DynamoDB table, which AWS CLI option/flag is used?
--projection-expression
85
List 3 AWS CLI pagination options/flags and their effect
--page-size retrieve items in more API calls
--max-items set the max number of items to show in the CLI (returns NextToken)
--starting-token specify the last NextToken to retrieve the next set of items
86
To specify that the AWS CLI retrieves the full list of items (from DynamoDB, S3, etc.), but with a larger number of API calls, which CLI option/flag is used?
--page-size
87
To specify the max number of items to show in the CLI, what CLI option/flag is used?
(Bonus points: what's the name of the variable returned, used to retrieve the next page of items?)
--max-items
| ( NextToken )
88
To specify the previous NextToken (generated from a CLI command with the --max-items option/flag) to retrieve the next set of items, which CLI option/flag is used?
--starting-token
89
Which 2 DynamoDB API calls are part of DynamoDB Transactions?
(Bonus points: what API calls fall under their umbrella?)
TransactGetItems
TransactWriteItems
( 1+ GetItem operations
1+ PutItem, UpdateItem, DeleteItem operations )
90
TransactGetItems performs which standard DynamoDB API call?
GetItem
91
TransactWriteItems performs which 3 standard DynamoDB API calls?
PutItem, UpdateItem, DeleteItem
92
To limit DynamoDB access for users to row-level access based on the primary key, which IAM policy key is used?
## Footnote
(Bonus points: what is the syntax?
"Condition": {
KEY1: {
KEY2: [STRING]
}
)
LeadingKeys
## Footnote
( "Condition": {
“ForAllValues:StringEquals”: {
“dynamodb:LeadingKeys”: ["${cognito-identity.amazonaws.com::sub}"]
}
)
93
For a client to invalidate an API gateway cache, what should be included in the header?
Cache-Control: max-age=0
94
List 7 API GateWay CloudWatch Metrics:
CacheHitCount, CacheMissCount
Count
IntegrationLatency
Latency
4XX error, 5xx error
95
To observe the efficiency of your API gateway cache, which 2 CloudWatch metrics are used?
CacheHitCount, CacheMissCount
96
To measure the total number of API requests to your API Gateway in a given period, which CloudWatch metric is used?
Count
97
To measure the time between when API Gateway relays a request to the backend and when it received a response from the backend, which CloudWatch metric is used?
IntegrationLatency
98
To measure the total time from when API Gateway receives a request and when it returns a response, which CloudWatch metric is used?
Latency
99
An API Gateway returning 4XX (400) and 5XX (500) http response status codes indicates what?
4XX: client-side error
5XX: server-side error
100
Which 4XX http response status code indicates throttling?
(Bonus points: how should this error be handled by the client?)
429 Too Many Requests
| (Retry with exponential backoff)
101
Http response status codes 400, 403, and 429 indicate what?
400: bad request
403: unauthorized
429: throttling
102
Http status response codes 502, 503, and 504 indicate what?
502: Bad Gateway Exception (bad response or heavy loads)
503: Service Unavailable Exception
504: Integration Failure (Ex: Lambda timeout after 29 seconds)
103
The OPTIONS pre-flight request for CORS must contain which 3 headers?
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Allow-Origin
104
To package a SAM template, which 2 interchangeable CLI commands are used?
aws cloudformation package
sam package
105
To deploy a SAM template, which 2 interchangeable CLI commands are used?
aws cloudformation deploy
sam deploy
106
To indicate a YAML template is a SAM template, what header should be included?
Transform : ‘AWS::Serverless-2016-10-31’
(mnemonic: Uncle SAM → Trump Elected in 2016 → Scary like Halloween
Trump Halloween)
107
List the 3 SAM resource types as written in the YAML template:
AWS::Serverless::Function
AWS::Serverless::Api
AWS::Serverless::SimpleTable
108
To give read only permissions to objects in S3, which SAM policy template is used?
S3ReadPolicy
109
To allow polling of an SQS queue, which SAM resource policy is used?
SQSPollerPolicy
110
To allow CRUD operations in DynamoDB, which SAM policy template is used?
DynamoDBCrudPolicy
111
List the 6 AWS Step Functions states:
Choice State
Fail or Succeed State
Pass State
Wait State
Map State
Parallel State
112
Step Functions error handling uses which 2 logic phrases?
Retry and Catch
113
List the 4 step functions SLS (State Language Spec) Retry keys:
“Retry”: [{key1:val, key2:val, etc}]
ErrorEquals
IntervalSeconds
BackoffRate
MaxAttempts
114
To match a specific kind of Step Function error, which SLS (State Language Spec) key is used?
ErrorEquals
115
To specify a Step Function initial delay before retrying an error, which SLS (State Language Spec) Retry key is used?
IntervalSeconds
116
To multiply Step Functions delays after each error retry, which SLS (State Language Spec) Retry key is used?
BackoffRate
117
To specify the maximum number of attempts for Step Functions error retries, which SLS (State Language Spec) Retry key is used?
(Bonus points: what is the default value?)
MaxAttempts
| (default 3 max attempts)
118
List the 3 Step Functions SLS (State Language Spec) Catch keys:
ErrorEquals
Next
ResultPath
119
To match a specific kind of Step Function error, which SLS (State Language Spec) Catch Key is used?
ErrorEquals
120
To send a Step Function to another state after an error is caught, which SLS (State Language Spec) Catch Key is used?
Next
121
To determine what input is sent to the state specified in the Next field of a Step Function after an error is caught, which SLS (State Language Spec) Catch Key is used?
ResultPath
122
List the 4 ways you can authorize applications to interact with your AWS AppSync GraphQL API:
API\_KEY
AWS\_IAM
OPENID\_CONNECT
AMAZON\_COGNITO\_USER\_POOLS
123
List the 7 AWS STS API Calls needed for the exam:
(3/3/1)
AssumeRole
AssumeRoleWithSAML
AssumeRoleWithWebIdentity
GetSessionToken
GetFederationToken
GetCallerIdentity
DecodeAuthorizationMessage
124
To assume roles within your account or cross account, which STS API call is used?
AssumeRole
125
To return credentials for users logged in with SAML, which STS API call is used?
AssumeRoleWithSAML
126
To return credentials for a user logged in with an IdP, which STS API call is used?
(Note: AWS recommends AWS Identity Pools instead)
AssumeRoleWithWebIdentity
127
Which STS API call is used for MFA login from a user or AWS account root user?
GetSessionToken
128
To obtain temporary credentials for a federated user, which STS API call is used?
GetFederationToken
129
To return details about the IAM user or role used in the API call, which STS API call is used?
GetCallerIdentity
130
To decode an error message when an AWS API call is denied, which STS API call is used?
DecodeAuthorizationMessage
131
To enforce MFA, which **“Condition”: { “Bool”: { key:val } }** key-value pair should be present in the IAM policy?
“aws:MultiFactorAuthPresent”: “true”
132
To grant a user permission to pass a role to an AWS service, which IAM permission do you need?
iam:PassRole
| (i.e. "Action": “iam:PassRole”)
133
Which hashing algorithm is used for symmetric encryption in KMS?
AES-256
134
Which hashing algorithms are used for asymmetric encryption in KMS?
RSA & ECC key pairs
135
To encrypt anything over 4KB, which KMS API call is used?
GenerateDataKey
136
List 5 KMS Symmetric APIs:
Encrypt
GenerateDataKey
GenerateDataKeyWithoutPlaintext
Decrypt
GenerateRandom
137
To encrypt up to 4KB of data, which KMS API call is used?
Encrypt
138
To generate a unique symmetric data key (DEK) and return both a plaintext copy and encrypted copy of the key, which KMS API call is used?
GenerateDataKey
139
To generate a unique symmetric data key (DEK) and return only an encrypted copy of the key, which KMS API call is used?
(Note: this is generally only for later use)
GenerateDataKeyWithoutPlaintext
140
To decrypt up to 4KB of data (including data encryption keys, or DEK), which KMS API call is used?
Decrypt
141
To return a random byte string, which KMS API call is used?
GenerateRandom
142
When you exceed a KMS request quota, which exception is thrown?
(Bonus points: how should you address and resolve this exception?)
ThrottlingException
| (exponential backoff)
143
SSE-KMS uses which 2 KMS API calls?
GenerateDataKey and Decrypt
144
To force SSL in an S3 bucket policy, which effect and key-value pair should be present in the bucket policy?
i.e. "Effect“: EFFECT, Condition”: { “Bool”: { KEY:VAL} }
“Effect”: “**Deny**”
“Bool”: { **“aws:SecureTransport”: “false”** }
145
When using CloudWatch logs API via CLI, one of two flags regarding log groups must be present in the call. List those two flags:
(Bonus points: when would you use one vs the other?)
associate-kms-key (if the log group already exists)
create-log-group (if the log group doesn't exist yet)
