Troubleshooting and Optimisation

Question 1

Amazon X-ray annotations

Answer 1

• indexed key-value pairs that are used to filter traces
• designed to be used for querying X-Ray traces, enabling you to find traces that match specific conditions
• apply annotations to include important attributes such as user IDs, order IDs, account IDs, or any other attribute that you might want to quickly filter and search for during trace analysis

Question 2

Amazon X-ray metadata

Answer 2

• used to store additional information that is not indexed and is more contextual than annotations
• key-value pairs that provide supplemental data to your traces and segments for more detailed analysis and debugging

Question 3

Amazon Athena

Answer 3

interactive query service provided by Amazon Web Services (AWS) that allows you to analyze data directly in Amazon S3 using standard SQL

Question 4

X-ray BatchGetTraces API

Answer 4

this API retrieves a list of traces specified by ID

Question 5

Sampling Rules in the AWS X-Ray Console

Answer 5

sampling rules tell the X-Ray SDK how many requests to record for a set of criteria

Question 6

X-ray GetTraceSummaries API

Answer 6

GetTraceSummaries operation retrieves IDs and annotations for traces available for a specified time frame using an optional filter

Question 7

API Gateway Private Integrations

Answer 7

• makes it easier to expose your HTTP/HTTPS resources behind an Amazon VPC for access by clients outside of the VPC
• you can enable access to HTTP/HTTPS resources within a VPC without detailed knowledge of private network configurations or technology-specific appliances

Question 8

AWS WAF

Answer 8

• web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer
• lets you control requests to your content (eg. allow all except x, block all except x)

Question 9

Amazon GuardDuty

Answer 9

a threat detection service that continuously monitors malicious activity and unauthorized behavior to protect your AWS accounts and workloads

Question 10

AWS Firewall Manager

Answer 10

simplifies your AWS WAF and AWS Shield Advanced administration and maintenance tasks across multiple accounts and resources

Question 11

Network Access Control List

Answer 11

optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets

Question 12

CloudWatch vs Enhanced Monitoring Metrics for RDS

Answer 12

• CloudWatch gathers metrics about CPU utilization from the hypervisor for a DB instance, and Enhanced Monitoring gathers its metrics from an agent on the instance
• you might find differences between the measurements, because the hypervisor layer performs a small amount of work

Question 13

VPC Flow Logs

Answer 13

• enables you to capture information about the IP traffic going to and from network interfaces in your VPC
• Flow log data can be published to Amazon CloudWatch Logs and Amazon S3

Question 14

CloudTrail

Answer 14

• enables you to track and log all actions taken within your AWS environment
• includes API calls made through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services

Question 15

AWS Inspector

Answer 15

• automated security assessment service that helps improve the security and compliance of applications deployed on AWS

Question 16

Amazon CloudWatch

Answer 16

• enables you to collect both system metrics and log files from AWS services
• take note that CloudWatch does not monitor the memory, swap, and disk space utilization of your instances

Question 17

CloudWatch detailed monitoring for EC2

Answer 17

• sends metric data for your instance to CloudWatch in 1-minute periods instead of 5 minute periods
• does not include the memory utilisation

Question 18

Which environment variables are used by AWS Lambda to facilitate communication with X-Ray?

Answer 18

• AWS_XRAY_CONTEXT_MISSING (x-ray sdk usis this to determine behaviour in the event your function tries to record X-ray data but tracing header is not available, LOG_ERROR by default)
• _X_AMZN_TRACE_ID (tracing header = contains sampling decision, trace ID, parent segment ID)

Question 19

cron.yaml

Answer 19

You can define periodic tasks in a file named cron.yaml in your source bundle to add jobs to your worker environment’s queue automatically at a regular intervals

Question 20

appspec.yml

Answer 20

• defines how the CodeDeploy deployment should proceed
• it specifies the deployment process, including which files should be deployed, where they should be deployed, and any scripts or hooks that should be executed during the deployment

Question 21

env.yaml

Answer 21

this is primarily used to configure the environment name, solution stack, and environment links to use when creating your environment in Elastic Beanstalk.

Question 22

Dockerrun.aws.json

Answer 22

primarily used in multi-container Docker environments that are hosted in Elastic Beanstalk

Question 23

X-ray segment document

Answer 23

• JSON formatted string that contains information about the work that your application does in service of a request
• your application can record data about the work that it does itself in segments or work that uses downstream services and resources in subsegments

Question 24

What is an X-ray segment?

Answer 24

• The compute resources running your application logic send data about their work as segments
• A segment provides the resource’s name, details about the request, and details about the work done

Question 25

CloudWatch namespace

Answer 25

- container for CloudWatch metrics - Metrics in different namespaces are isolated from each other so that metrics from different applications are not mistakenly aggregated into the same statistics

Question 26

X-Forwarded-For header

Answer 26

If a load balancer or other intermediary forwards a request to your application, X-Ray takes the client IP from the X-Forwarded-For header in the request instead of from the source IP in the IP packet

Question 27

API Gateway 504 errors with Lambda function

Answer 27

Maximum integration timeout for API gateway is 29 seconds, so if Lambda does not respond in this time API gateway will return 504 gateway timeout

Question 28

The AWS X-Ray daemon is a software application that listens for traffic on ...

Answer 28

UDP port 2000, gathers raw segment data, and relays it to AWS X-ray API

Question 29

How to enable X-ray on EC2 instances?

Answer 29

Use a user data script to run the daemon automatically

Question 30

How to enable X-ray on ECS cluster?

Answer 30

Create a Docker image to run the X-ray daemon

Question 31

How to enable X-ray on Elastic Beanstalk environment?

Answer 31

Enable the X-Ray daemon by including the xray-daemon.config configuration file in the .ebextensions directory of your source code

Question 32

What is CloudFront Count metric?

Answer 32

Total number of API requests in a given period

Question 33

What is CloudFront Latency metric vs IntegrationLatency metric?

Answer 33

Latency measures responsiveness of API calls whereas IntegrationLatency measures responsiveness of the backend

Question 34

What is CloudFront CacheMissCount and CacheHitCount?

Answer 34

CacheMissCount gets the number of requests served from the backend in a given period when API caching is enabled, CacheHitCount fetches the number of requests served from the API cache in a given period

Question 35

Which environment variables are used by AWS Lambda to facilitate communication with X-Ray?

Answer 35

_X_AMZN_TRACE_ID: contains trace ID, segment ID, sampling decision AWS_XRAY_CONTEXT_MISSING: X-Ray SDK uses this variable to determine its behavior in the event that your function tries to record X-Ray data, but a tracing header is not available AWS_XRAY_DAEMON_ADDRESS: exposes the X-Ray daemon’s address in the following format: IP_ADDRESS:PORT

Question 36

What is Lambda@Edge for?

Answer 36

- lets you run code at AWS edge locations - speeds up distribution of your website's content to users globally - can tailor content dynamically based on user attributes

Question 37

What does projection expression do in dynamoDB?

Answer 37

Allows you to return only some item attributes when querying the table eg. if you only want course_title, price

Question 38

What is expression attributes names in dynamoDB?

Answer 38

Expression Attribute Names are like nicknames you give to your attribute names. They help avoid problems when your attribute names clash with reserved words or contain special characters that DynamoDB doesn't like. Eg. can't use name, so specify #N instead (always starts with #)

Question 39

What are Lambda ENIs?

Answer 39

ENIs allow your Lambda functions to access resources inside your VPC, such as databases, file systems, and other services that require VPC-level security (automatically configured by AWS when you configure a Lambda function to connect to VPC)

Question 40

What is a NAT gateway?

Answer 40

service provided by AWS that allows instances within a private subnet in your Virtual Private Cloud (VPC) to securely connect to the internet or other AWS services, while preventing the internet from initiating connections to those instances

Question 41

How would you refactor your application to use Scan operations in a way that minimises impact on request rate?

Answer 41

reduce the impact of the scan operation by setting a smaller page size as a Scan operation reads an entire page

Question 42

How big can a segment document be?

Answer 42

64kb

Question 43

What do you set namespace field to for X-ray subsegments?

Answer 43

set to 'aws' for AWS SDK calls and 'remote' for other downstream calls