No		Q	A	Ref
1	✅	Improve performance of S3 upload	Multipart upload
2	✅	Caching: Lazy-load & Write-through
3	✅	Lambda: Different parameter depends on environment	Environment variable (# Stage variable)
4	❌	AWS SAM: shift traffic to new version	SAM Deployment strategy	SAM - Deploying gradually
			- AllAtOnce (1 deploy)
			- Canary 10% 5, 10, 15, 30 min (2 deploys)
			- Linear 10% Every 1, 2, 3, 10 min
5	✅	API Gateway: same API Gateway for multiple environments	Stage variable
6	✅	CloudWatch Alarm: When to alarm?	Period / Evaluation Periods / Data points to Alarm
7	✅	SAM: Nested application	AWS::Serverless::Application
8	✅	Lambda deploy: Graduate increase traffic to new version	Lambda supports traffic shifting for aliases (by setting traffic weight). (That’s why SAM have canary, linear deployment strategy )
9	✅	API Gateway: Map data for microservice (in container)	Use HTTP integration (Not AWS or _PROXY)
10	✅	Database scale globally, handle frequent schema changes	DynamoDB (not Aurora)
11	✅	API Gateway - TTL 300s. How client can invalidate cache?	Send request with Cache-Control: max-age=0 header
12	❌	Lambda: Response to user after 5 min	Lambda Invoke API InvocationType	Invoke - InvocationType
			- RequestResponse: Synchronous invocation
			- Event: Asynchronous invocation
			- DryRun: Validate params/role
13	✅	Session data store on DynamoDB. Delete session of logged out users?	Use DynamoDB TTL (when will an item is eligible for expiration - in epoch time)
14	❌	S3: Remove PII before return to application	Use S3 Object Lambda to process object before return to application	S3 Object Lambda S3 Object Lambda Use with CloudFront
15	✅	Serve content based on location	- CloudFront can add header about viewer location’s location (based on the viewer’s IP address).
			- Use a CloudFront function to return the URL base on these headers (e.g. CloudFront-Viewer-Country)
16	✅	What to do after update Cfn template of a Lambda function?	1. aws cloudformation package: Uploads local artifacts to S3, update Cfn template to reference these artifacts
			2. aws cloudformation deploy: Update (deploy) the Cfn stack
17	✅	Multi-thread key-value cache store	Elasticache for Memcached
18	❌	Only allow authorized clients to invalidate an API Gateway cache	- API Gateway Additional settings / Per-key cache invalidation / Require authorization	Invalidate an API Gateway cache entry
			- Client send request with Cache-Control: max-age=0 header.
19	✅	Process long-running tasks	Elastic Beanstalk worker environment (an HTTP request handler that EB invokes with an SQS queue)
20	✅	ECS: Where to config port for container?	Task definition
21	❌	Lambda: 50 requests/s; 100 s/request 👉️ 5.000 concurrency execution	Default quota of Lambda concurrency execution: 1.000 (can be increased to 10.000)
22	✅	Can Lambda handle 10 requests/s (each request take 50s)	500 concurrent execution (Lambda can handles without doing anything. The default limit is 1.000)
23	✅	DynamoDB table attributes: UserID (PK) - GameTitle (SK) - TopScore. Get max TopScore of each game?	Create a Global Secondary Index: GameTitle (PK) - TopScore (SK). Query 1 item for each game in descending order.
24	✅	Kinesis Data Streams: How many worker is optimal to process a number of shards?	1:1 ratio
25	✅	AWS CLI timeout when list bucket with 10.000 objects	Add pagination parameter when use AWS CLI
26	✅	Permission to Create/Delete GitCommit repos	codecommit:CreateRepository & codecommit:DeleteRepository
27	✅	DynamoDB Streams: Send a copy of old item to S3	StreamViewType: OLD_IMAGE

No		Q	A	Ref
1	❌	Give a program to AWS services	- Best practice: EC2 instance profile (IAM Role)
			- On premise: Long-term credential
2	✅	Share DB endpoint	Use System Manager Parameter Store secure string
3	❌	Database credential - How to encrypt & auto rotate?	- AWS Secret Manager + Enable auto rotate
			- IAM DB Authentication: Authenticate connection with IAM
4	✅	API Gateway: Allow another account invoke via IAM Role	1. From the other account, grant permission to interact with this API Gateway	Managing access to API Gateway
			2. From this account, attach a resource-policy to API Gateway that grant the IAM role from other account permission to invoke	Allow roles in another AWS account to use an API
5	✅	Grant permission to access only some path of a S3 bucket	Use S3 bucket policy, with the policy statement Resource including the path
6	✅	Login with social site: Facebook…, then access to AWS service	Cognito Identity Pool (Federated Identity)
7	✅	S3 - Encrypt AE256	x-amz-server-side-encryption: AE256
8	❌	S3 - Ensure all objects are encryption at rest with SSE-KMS	Add a bucket policy which denies any s3:PutObject action unless the request includes the x-amz-server-side-encryption header.
9	✅	KMS - Generate data key but not use immediately	GenerateDataKeyWithoutPlaintext

No		Q	A	Ref
1	❌	Implement subscription with API Gateway	Use usage plan to distribute APIs & throttle usages based on defined limit/quota	API Gateway - Usage plan
2	❌	Lambda, pause task & wait for external process	Step Function - Callback pattern (SQS + SNS + Lambda)	Step Function - Callback Pattern
			- waitForTaskToken
			- SendTaskSuccess (with the task token)
3	✅	Deploy Lambda with CodeDeploy	CodeDeploy deploy configuration:
			- EC2, on-premise: AllAtOnce, HalfAtATime, OneAtATime (Can be Blue/Green or in-place)
			- Lambda, ECS: AllAtOnce, Canary, Linear
4	✅	Build, test, deploy serverless app	Serverless Application Model (SAM)
5	❌	SAM template requires sections	Transform & Resources
6	❌	Create Lambda function with CLI error InvalidParameterValueException	Invalid parameter: maybe a role can’t be assumed
7	❌	ECS schedule task based on CPU/memory	ECS - Task placement strategy: binpack, spread, random

No		Q	A	Ref
1	✅	Move session data to AWS, 100% CPU, HA	ElastiCache for Redis
2	✅	sam local - Access denied	1. aws configure --profile; 2. sam local invoke --profile
3	✅	Cost effective when using SQS	Long polling (config ReceiveMessage WaitTime)
4	✅	Record all changes to a DynamoDB table to another one	DynamoDB Streams + Lambda (write to another DynamoDB table)
5	✅	DynamoDB - Reduce queries	DAX
6	❌	Serve private content from CloudFront	1. Use signed-URL, sign-cookies
			2. Use Lambda@Edge + Cognito 👉️ Authentication@Edge
7	❌	X-ray: How to debug?	_X_AMZN_TRACE_ID + AWS_XRAY_CONTEXT_MISSING
8	✅	ECS store data in DynamoDB, how to verify each new items?	DynamoDB Streams + Lambda
9	✅	API Gateway - 504	504 Gateway timeout -> Integration timeout after 30s
10	✅	RDS - Too many connections	RDS Proxy
11	✅	API Gateway timeout - Which CW metrics to watch?	Latency, IntegrationLatency
12	❌	CloudFront HTTPS	Viewer Protocol Policy: Only HTTPS or Redirect HTTP to HTTPS
13	✅	CloudFront - end-to-end SSL	Viewer Protocol Policy, Origin Protocol Policy: HTTPS
14	❌	DynamoDB Scan improve performance	- Default page size: 1MB (Max) -> Reduce page size
			- Use Query instead of Scan
15	✅	Capture IP in/out of an VPC	VPC Flow Log
16	✅	Elastic Beanstalk config for cron-job	cron.yaml
17	✅	DynamoDB - Fetch only some attributes	Use projection attributes
18	✅	Lambda function download same big file	Use /tmp
19	❌	Use Lambda function inside a VPC	- By default, Lambda is public (has internet access)
			- After enable VPC for a Lambda function, it lose internet access,
			- If you require internet access for Lambda function:
			1. Add a NATGW to VPC
			2. Allow outbound traffic with security group
20	❌	X-Ray filter trace	1. Add annotation to record data used to group traces (indexed to used with filter expression)
			(metadata is extra data about data that isn’t indexed )
			2. Use filter expression to group traces in the console
21	✅	App deploy with Elastic Beanstalk - Config X-Ray	.ebextensions/xray-daemon.config
22	❌	API Gateway: Lambda Proxy - 502 Bad Gateway	In Lambda proxy integration, the backend Lambda function must return output according a JSON format	Output format of a Lambda function for proxy integration