Cantrill - Practical Quiz
| No | Q | A | Ref |
|---|---|---|---|
| 1 | ELB - User login randomly | ELB Sticky Session + Store session in DynamoDB | |
| 2 | Config SQS Short/Long Polling | Queue’s ReceiveMessageWaitTimeSeconds attribute ReceiveMessage call’s WaitTimeSeconds param | |
| 3 | DynamoDB TTL | 1 process using TTL attribute and mark expired another process delete these expired items | |
| DynamoDB Streams | DynamoDB Stream is a 24h flow of item changes | ||
| 4 | Lambda function reuse execution environment between invocations | Cache static assets locally in the /tmp directory | Lambda Best Practice |
| Initialize SDK clients and database connections outside of the function handler | |||
| 5 | Best practice to apply permissions to an EC2 instance | EC2 Instance Profile | |
| 6 | Serve private content with CloudFront & S3 | - Require users access private content by using CloudFront signed URL, signed cookies: | Serve Private Content |
| 👈️ This is implicit enabled after a signer is added | |||
| - Require users access your content by using CloudFront URLs, not directly from origin: | |||
| 👈️ This is done with OAC (for S3 origin), or custom header (for custom origin) | |||
| 7 | Protect API Gateway & Lambda | Both run outside VPC, needs to use WAF | |
| 8 | S3 - Encryption in transit | It’s default | |
| 9 | Process orders in 48 hours (in the origin order) & Cost effective | 48 hours -> Not Lambda -> Step Function + Lambda | |
| In order -> SQS FIFO | |||
| 10 | Using CWAgent to write logs to CloudWatch Logs from an EC2 instance in private subnet | - CloudWatch Logs is an public service, which can be access other AWS services, or on-premise servers. | |
| - To send logs to CloudWatch Logs without sending them through the internet, | |||
| 1. A private connection needs to be established between your VPC and CloudWatch Logs | Using CloudWatch Logs with interface VPC endpoints | ||
| 2. The EC2 instance have enough permissions to send logs to CW Logs | |||
| 2a. EC2 instance profile (role) have permissions | Grant permissions that the CloudWatch agent needs to write metrics to CloudWatch | ||
| 2b. Endpoint allows access (by default, endpoint policy allow all access to it) | Default endpoint policy | ||
| 11 | API - Gateway - Use the same function for multiple stages? | Use stage variable to change the endpoint for each stage | API Gateway - Stage variable |
| 12 | How to give custom permissions to millions of users? | Use Cognito Federated Users + IAM policy variable | IAM Policy for federated users |
| 13 | RDS Replica endpoints | Each RDS Replica has its own endpoint. Except Aurora, RDS doesn’t provide a reader endpoint with load balancing | |
| 14 | Add sign up, sign in features | Cognito User Pool | |
| 15 | DynamoDB RCU/WRU calculation | 1 RCU = 4KB/s, 1 WRU = 1KB/s | |
| 16 | Where to store CW Agent config? | SSM Parameter Store | |
| 17 | Elastic Beanstalk deploy to brand new infrastructure | - EB immutable deployment | Elastic Beanstalk & Blue-Green deployment |
| - Manually deploy to a new environment, EB supports swap DNS to the new environment | |||
| 18 | API Gateway - Legacy APIs required transformation | Use integration HTTP | |
| 19 | Delete all items in a DynamoDB table everyday? | ??? Use DynamoDB TTL | |
| 20 | Route traffic from ELB to Lambda functions | You can register your Lambda functions as targets of ELB listener | |
| 21 | SQS message size limit | 256KB. To work with larger files, offload it to S3 | |
| 22 | CloudFormation: Share stack vs share template | Share stacks with Stack Reference; Share template with Nested Stack | |
| 23 | Where is CORS applied? | CORS is applied to the origin being accessed, not the origin accessing. | |
| 24 | Which services use CloudFormation under the hood? | SAM, Elastic Beanstalk | |
| 25 | What is the size limit for data sent to AWS KMS? | 4KB. To encrypt larger file, use DEK and envelope encryption | |
| 26 | S3 encryption by S3 server, manage key by application | SSE-C | |
| 27 | ??? | ||
| 28 | Tracing between many AWS services | X-ray | |
| 29 | Host website on S3 | - Turn on Static Website Hosting | |
| - Allow public access with bucket policy | |||
| 30 | Decouple apps & Serverless scaling | Use SQS + Lambda (config function concurrency) | |
| 31 | Give access to CodeCommit repo | CodeCommit control access via IAM users: Create HTTPs credential in IAM; or create SSH key & associate to IAM user | |
| 32 | Whenever a new comment added, send an email? | DynamoDB Stream + Lambda trigger + SNS | |
| 33 | SQS: Messages process twice? | VisibilityTimeout not long enough | |
| 34 | Import APIs to API Gateway | Import OpenAPI definitions | |
| 35 | Upload file to S3 - Improve performance? | Transfer Acceleration | |
| 36 | Kinesis: Improve performance? | Increase number of shards (shard splitting) | |
| 37 | Lambda: Share library | Lambda Layer | |
| 38 | Collect real time data | Kinesis Data Streams | |
| 39 | Reuse Lambda function for multi stages | Use stage variable | |
| 40 | Embed Lambda function in CloudFormation template | Code’s ZipFile | |
| 41 | Host static website | S3 + CloudFront | |
| 42 | Config/Update EC2 instance with CloudFormation | cfn-init + cfn-signal & cfn-hup | |
| 43 | Query only a part of data on S3 | S3 Select | |
| 44 | Attach an EBS volume to EC2 instance | Create file system; Mount it | |
| 45 | DynamoDB: Primary key | Student ID | |
| 46 | APIs to request temporary credentials with IAM | AssumeRole, AssumeRoleWithSAML, AssumeRoleWithWebIdentity | |
| 47 | API Gateway: Ensure searchString parameter is in the request | Method Request | |
| 48 | Increase CPU allocation of a Lambda function | Increase memory allocation | |
| 49 | CloudWatch namespace & metrics | ||
| 50 | Run AWS CLI in EC2, what will happened? | It won’t run. AWS CLI use other credential first ??? | |
| 51 | DynamoDB WCU | Write operation is not strongly/eventually consistent. Only read has consistent problem. | |
| 52 | Send a message to user | SNS | |
| 53 | S3 ListAPI | max-items, page-size | |
| 54 | DynamoDB: Improve read performance | DAX | |
| 55 | Migrate microservice to AWS, low operation overhead | ECS Fargate | |
| 56 | DynamoDB eventually read | Use less RCU than strong consistent read, may receive outdated data | |
| 57 | Which S3 encryption option can be used with CloudHSM? | CSE | |
| 58 | CloudFront stale object | Invalidate | |
| 59 | Failover to an maintenance page on S3 | Route 53 + Health-check | |
| 60 | S3: Block all access except from CloudFront | OAC, OAI (legacy) | |
| 61 | Improve performance of app (using DynamoDB) without modify code | Increase RCU | |
| 62 | Application workflow take up to 45 min + Cost effective | Step Function + Lambda | |
| 63 | ASG: Instances started & terminated rapidly | Increase cooldown time | |
| 64 | SQS + 5 EC2 instances | Increase polling time; Use ASG for scaling based on queue length | |
| 65 | Check if a Spot instance is terminated | Use instance metadata service |