RandomNuggets Flashcards
(158 cards)
1
Q
SQL
Too many connections error
A
ERROR 1040
2
Q
Scale UP
A
Increase instance size
3
Q
Scale UP
A
Increase max instances up to Max # of open shards
4
Q
Scale Up
A
Increase # shards
5
Q
S3
Encrypt all objects uploaded by their app to S3 with
A
SSE-S3
6
Q
S3
Header used by SSE-S3
A
x-amz-server-side-encryption
7
Q
Encryption
Encrypt plaintext data with a data key
then
encrypt the data key with a top-level plaintext master key.
A
Envelope Encryption
8
Q
Requests
2 eventually consistent read requests are equal to
A
One STRONG read request
9
Q
Deployments
Deploy new version to all EXISTING only
No new EC2
A
All at once
10
Q
Deployments
New version in batches to Existing - no new resources
A
Rolling
11
Q
CloudWatch
Collects system metrics and log files from EC2 and on premises servers
A
CloudWatch Agent
12
Q
X-Ray
Trace and analyze user requests as they travel through API-Gateway to underlying services.
A
X-Ray
13
Q
DynamoDB streams
Life expectancy is like a fly’s
A
24 hours
14
Q
Dev Tools
CodeCommit is like
A
Git
15
Q
Dev Tools
Code Build is like
A
Jenkins
16
Q
Dev Tools
Automates code deployment to instances - EC2
A
Code Deploy
17
Q
Authentication
A directory in Amazon Cognito
A
User pool
18
Q
Shards
Two eventually Consistent
A
1 Read
19
Q
Role
To assume a role an app calls AWS STS and passes the ARN of the role to use.
A
AssumeRole
20
Q
Scale
Vertical
A
Scale Up
21
Q
Scale
Horizontal
A
Adding More of what you have
22
Q
Security
These are STATEFUL
A
Security Groups
23
Q
Security
All outbound traffic
A
permitted
24
Q
File
File system used with EC2
A
Elastic File System
EFS
25
Networking
Network device attached to EC2 to accelerate learning apps and High Performance Computing (HPC)
Elastic Fabric Adapter
26
Lambda
zipp archives
Distribution mechanism for libraries, custom run times and other dependencies
Layers
27
Lambda
Trigger and executer
Trigger
28
Lambda
Compute model
Serverless
29
Lambda
Stores code in S3 and encrypts it
At rest
30
Lambda
Package code and dependencies in a deployment package
Function
31
Lambda
Log streams are monitored by
CloudWatch
32
Lambda
To create lambda function
Upload deployment package
33
Lambda
Basic function settings
Description
Memory Usage
Execution timeout
Role
34
Lambda
If variables need to reference more than 1 function
Parameter Store
35
Authentication
Rotates keys or variables automatically
Secrets Manager
36
Lambda Edge
Run lambda functions to custom content that is delivered by CloudFront
LambdaEdge
37
Lambda. with *CloudFront
AFTER *
BEFORE. *
AFTER. *
BEFORE. *
Receives Request
Forwards Request
Receives Request
Forwards
38
ECS: Deployment
Service scheduler replacing current running version of container with latest # of tasks and or removed from service is controlled by deployment and config
MiN/MAX
Rolling
39
ECS: Deployment
Verify new deployment of a service before send prod traffic to it and must be configured to use ALB or NLB
Blue Green with AWS Code Deploy
40
Task Placement Strategy
Least available amount of CPU or Memory
Binpack
41
Task Placement Strategy
Place tasks randomly
Random
42
Task Placement Strategy
Evenly based on specified values - default is spread across AZs
Spread
43
Task Placement Strategy
The types can be
Combined
44
S3
For object > 5 GB - 5TB
Use Multi-part upload
45
S3
Pull out ONLY the data that you need from an object
S3 Select
46
CloudWatch
Metrics are by default
5 mins
47
CloudWatch
Can be
1 min
48
S3
Event histories recorded in S3 are recorded in
CloudTrail
49
S3
To make objects publicly readable
Get Object Permission
50
S3
Asynchronous copying of objects across buckets in different AWS regions
Cross Region Replication
51
S3
Cross Region Replication requirement
Source and Destination have versioning enabled
Different regions
S3 must have permission to replace from source to destination.
52
EFS
To access EFS in a VPC you create one or more
Mount targets in VPC
53
EFS
Automatically mount your file system using mount helper
fstab
54
Database
Atomicity/Consistency/Isolation/Durability
ACID
55
Aurora
Minimum storage
10 GB
56
Database
One or more DB instances and cluster volumes that manage data for them
DB Cluster
57
Database
Virtual database storage volume that spans multiple AZs with each AZ have a copy of the DB cluster
Cluster Volume
58
Cluster
Primary read/write ops and performs all data mods to cluster volume
Primary
59
Aurora
Each Aurora DB cluster has
One primary database
60
Aurora
Same storage volume as Primary DB
Aurora Replica
61
Aurora Endpoint
Current primary DB instance for DB cluster
Cluster
62
Aurora Endpoint
One available aurora replica for DB cluster
used for Read-Queries
Reader
63
Aurora Endpoint
Set of DB instances you choose when you connect aurora
Custom
performs load balancing
64
Aurora Endpoint
Specific DB instance within an aurora cluster
Instance
65
Aurora Integrity
Maintains 6 copies of data across
3. AZs
66
Aurora Instance Type
Memory Optimized
xxx
67
Aurora Instance Type
Burstable Performance
xxx
68
Monitoring
When changes occur
RDS Events
69
Monitoring
Metrics in real time for OS
RDS Enhanced Monitoring
70
Monitoring
Monitor RDS DB instances load - for troubleshooting
RDS Performance Insights
71
DynamoDB
Allows you to query data in tables using ALTERNATE KEYS in addition to queries against the primary key
Secondary Index
72
DynamoDB
How many secondary indexes can be created on a table
1 or more
73
DynamoDB
Partition key and sort key different from those on table
Global Secondary Index
Up to 20
74
DynamoDB
Same partition key as table and DIFFERENT sort key
Local Secondary Index
75
DynamoDB
Stream records are organized into
Shards
76
DynamoDB Streams
Use with Lambda to create
Triggers
77
Lambda
Code that executes automatically whenever an event of interest appears in a stream
Trigger
78
DynamoDB Type
1 value - num, string, binary, boolean and null.
Scalar
Primary Keys
79
DynamoDB
Doc type can represent a complex structure with nested attributes like in a JSON doc, list or map
Document Type
80
DynamoDB
Set Type
Multiple scalar values
81
DynamoDB
Returns most up to data information
Strongly Consistent
82
DynamoDB
One Read Capacity unit
2 eventually consistent
up to. 4KB in size
83
DynamoDB
1 write per second up to 1 KB
Write Capacity Unit
84
DynamoDB
Prevents app from consuming too many capacity units
Throttling
85
DynamoDB
HTTP 400 (Bad Request) Provisioned Throughput Exceeded Exception
Throttled Request
86
Expression
Items within query results should be returned (all others are discarded)
Filter Expression
87
Query
Single query operation can return max of
1 MB
88
Query
Limit number of items that it returns
Query Operation
89
Query
Reads every item in a table or secondary index
Scan
90
Policy Element
ARN to identify resource of policy
Resource
91
Policy Element
Allow or Deny keyword
Action
92
Policy Element
Allow or Deny effect
Effect
93
Policy Element
User that policy is attached too
Principle
94
Authentication
Customers can sign into identity provider then obtain temporary security credentials from AWS Security Token Service - STS
Web Identity Federation
95
CloudWatch
An alarm is a
Single metric
96
CloudWatch
Monitor, store and access log files from CloudTrail or other service
CloudWatch Logs
97
CloudWatch
Match events and route them
CloudWatch Events
98
CloudTrail
Share logs between accounts on the trail of apes
CloudTrail Log Monitoring
99
Response
Microsecond response times - eventually consistent data
DAX
100
ELB
7th layer
Application Load Balancer
101
ELB
4th layer
Network Load Balancer
102
ELB
Time out value
60 Seconds
103
Route53
Public Hosted Zones are
Domain Names
104
Route53
Resource record sets that route traffic to resources
Records
105
Route53
Route traffic to S3 buckets, CloudFront distributions and other AWS resources
Alias Records
106
Route53
Info about your domain traffic
NAME: domain name or subdomain
TYPE: traffic route
Value
What records contain
107
Route53
Consecutive times endpoint must fail to respond to requests
Failure Threshold
108
Route53
Container for records information on how to route traffic
Hosted Zones
109
Route53
Translate domain names into IP addresses so that computers can communicate with eachother
Name Servers
110
Route53
Method of routing traffic from unhealthy resources to healthy ones
DNS Failover
111
Route53
Route internet traffic to single resource
you can specify multiple values
Simple Routing Policy
112
Route53
Route based on the LOCATION of users
Geolocation
113
Route53
Route traffic based on the location of resources and can route traffic to areas of bias.
Geoproxiimity
114
Route53
Resources in multiple locations and you want to route traffic that provides best latency.
Latency
115
Route53
Respond with up to 8 records selected at random
Multi-value Answer
116
Route53
Route traffic to multiple
Weighted
117
Route53
Information about the routing configuration you want to create.
Traffic Policy
118
Route53
Resolver
Regional
119
Route53 Resolver
endpoint specified by VPC
Inbound
120
Route53 Resolver
endpoint that forwards queries
Outbound
121
Route53
All records have same
Name
Type
Routing policy
Used when
you want all resources available a majority of the time
122
Route53
Use when you want a primary resource or group available all of the time and you want a secondary resource or group or resources on standby
Active-Passive Failover
123
VPC
Range of IP addresses
Subnet
124
VPC
Subnet connected to internet
Public
125
VPC
Subnet protected with security groups and nacls
Private
126
VPN
Connection requires a concentrator
Virtual Private Gateway
127
VPC
This is located in customers data center
Customer Gateway
128
VPN
Moveable from virtual private gateway to AWS Transit Gateway
AWS Site-to-Site Virtual Private Network (VPN)
129
VPC
Privately connect VPC to supported AWS services - does NOT leave AWS network
Private Link
130
VPC
Connection between YOUR VPC and a VPC in ANOTHER account that enables routing between them with overlapping CIDR blocks
VPC Peering
131
VPC
10.0.0.0/16
Primary CIDR block
132
ACL
Allows all traffic to flow in and out of associated subnets
Default
133
ACL
Captures information about IP traffic going to and from NICS in your VPC - in CloudWatch logs
Flow Logs
134
Security Group
Level
Instance
135
Security Group
Automatically Allowed
Stateful
136
Security Group
What does it do with rules
Evaluate them
137
Security Group
What does this apply to
EC2
138
Security Groups
When applied
When launching or at a later time
139
NACL
Level
Subnet
140
NACL
Rule disposition
Allow or Deny
141
NACL
Explicitly Allowed
Stateless
142
NACL
How are rules processed
In order
143
NACL
Associated with
All instances in the subnets associated with it.
144
IPV
Egress only
IPV6
145
VPC
Enable instances in private subnets to connect to the internet BUT prevent internet from accessing the instances and can support up to 55,000 connections
NAT Gateway
146
VPC
Uses Hub and Spoke
Transit Gateway
147
IAM
If you are the only person who works on an account
Create User
148
IAM
If others need to work in account that you are using that requires no other identity mechanism
Create User
149
IAM
If you use EC2 you should create
A Role
150
IAM
If you have an app on your mobile phone that makes requests to AWS
Create Role
151
IAM
If you have users authenticating in your corporate network and you want to federate then
Creat Role
152
Policies
Attached to multiple users, groups and roles
Managed
Stand-Alone
153
Policies
Imbedded directly into a single user, group or role.
Inline
154
Policies
Permission policies you attach to AWS resources such as S3
Resource Based
155
Policies
Resource based attached to roles that define which principle can assume them
Trust Policy
156
IAM Best Practice
Do not use this for day to day
Root account
157
IAM Best Practice
Create individual ones for each human being
User
158
IAM Best Practice
For permissions use these
Groups
