Serverless Overview

Question 1

What AWS services are serverless?

Answer 1

• AWS Lambda & Step Functions
• DynamoDB
• AWS Cognito
• AWS API Gateway
• Amazon S3
• AWS SNS & SQS
• AWS Kinesis
• Aurora Serverless

Question 2

Pricing on AWS Lambda?

Answer 2

• Pay per request and compute time

• $0.20 per 1 million requests thereafter ($0.0000002 per request)

• 400,000 GB-seconds of compute time per month if FREE • == 400,000 seconds if function is 1GB RAM
• == 3,200,000 seconds if function is 128 MB RAM
• After that $1.00 for 600,000 GB-seconds

• Free tier of 1,000,000 AWS Lambda requests and 400,000 GBs of compute time

Question 3

Lambda Timeout

Answer 3

Default 3 seconds, max 300s (5minutes) (new limit 15 minutes) Exam expects 5 minutes

Question 4

Lambda - Security - This must be attached to the Lambda function

Answer 4

IAM execution role

Question 5

Lambda - Disk capacity?

Answer 5

512 MB

Question 6

Lambda - Concurrency limits

Answer 6

1000

Question 7

Lambda - Deployment - Max Lambda function deployment size

Answer 7

50MB

Question 8

Lambda - Size of uncompressed deployment (code + dependencies)

Answer 8

150MB

Question 9

Lambda - Can use __ directory to load other files at startup

Answer 9

/tmp

Question 10

Lambda - Size of environment variables

Answer 10

4KB

Question 11

DynamoDB - Is what kind of DB?

Answer 11

NoSQL database - not a relational database

Question 12

DynamoDB is made of __?

Answer 12

tables

Question 13

Each DynamoDB has a ___?

Answer 13

Primary key

Question 14

Each DynamoDB item has ___?

Answer 14

Attributes (can be added over time – can be null)

Question 15

max size of a DDB item?

Answer 15

400KB

Question 16

What data types are supported in DDB?

Answer 16

• Scalar Types: String, Number, Binary, Boolean, Null
• DocumentTypes:List,Map
• Set Types: String Set, Number Set, Binary Set

Question 17

DDB If burst credit are empty, you’ll get a __?

Answer 17

“ProvisionedThroughputException”.

Question 18

Explain DDB Dax

Answer 18

• DAX = DynamoDB Accelerator

* Seamless cache for DynamoDB, no application re- write

Question 19

What does DDB DAX solve?

Answer 19

• Solves the Hot Key problem (too many reads)

* 5 minutes TTL for cache by default

Question 20

Explain DDB Streams

Answer 20

• Changes in DynamoDB (Create, Update, Delete) can end up in a DynamoDB Stream
• This stream can be read by AWS Lambda, and we can then do:
• React to changes in real time (welcome email to new users)
• Analytics

Question 21

List some features of API Gateway

Answer 21

• Handle API versioning (v1, v2…)
• Handle different environments (dev, test, prod…)
• Handle security (Authentication and Authorization)
• Create API keys, handle request throttling
• Swagger / Open API import to quickly define APIs • Transform and validate requests and responses
• Generate SDK and API specifications
• Cache API responses

Question 22

API Gateway – Security - IAM Permissions

Answer 22

• Create an IAM policy authorization and attach to User / Role
• API Gateway verifies IAM permissions passed by the calling application
• Good to provide access within your own infrastructure
• Leverages “Sig v4” capability where IAM credential are in headers IAM

Question 23

Explain API Gateway – Security
Lambda Authorizer (formerly Custom Authorizers)

Answer 23

• Uses AWS Lambda to validate the token in header being passed • Option to cache result of authentication
• Helps to use OAuth / SAML / 3rd party type of authentication
• Lambda must return an IAM policy for the user

Question 24

Explain API Gateway – Security Cognito User Pools

Answer 24

• Cognito fully manages user lifecycle
• API gateway verifies identity automatically from AWS Cognito • No custom implementation required
• Cognito only helps with authentication, not authorization

Question 25

What’s Cognito User Pools:

Answer 25

• Sign in functionality for app users
• Integrate with API Gateway
• Create a serverless database of user for your mobile apps
• Simple login: Username (or email) / password combination
• Possibility to verify emails / phone numbers and add MFA
• Can enable Federated Identities (Facebook, Google, SAML…)

Question 26

Explain Cognito Identity Pools (Federated Identity):

Answer 26

• Provide AWS credentials to users so they can access AWS resources directly
• Integrate with Cognito User Pools as an identity provider

• Goal:
• Provide direct access to AWS Resources
from the Client Side • How:
• Log in to federated identity provider – or remain anonymous
• Get temporary AWS credentials back from the Federated Identity Pool
• These credentials come with a pre-defined IAM policy stating their permissions
• Example:
• provide (temporary) access to write to S3 bucket using Facebook Login

Question 27

Cognito User Pools Send back what ?

Answer 27

JSON Web Tokens

Question 28

Cognito User Pools can integrate with API Gateway for authentication?

Answer 28

True