Tutorial Dojo - DVA-C02 - Summary
Domain 1: Development with AWS Services
| No | Q | A | Ref | |
|---|---|---|---|---|
| I.4 | ❌ | AWS SAM: shift traffic to new version | SAM Deployment strategy | [SAM - Deploying gradually] |
| I.12 | ❌ | Lambda: Response to user after 5 min | Lambda Invoke API InvocationType | [Invoke - InvocationType] |
| I.14 | ❌ | S3: Remove PII before return to application | Use S3 Object Lambda to process object before return to application | [S3 Object Lambda] [S3 Object Lambda Use with CloudFront] |
| I.18 | ❌ | Only allow authorized clients to invalidate an API Gateway cache | - API Gateway Additional settings / Per-key cache invalidation / Require authorization | [Invalidate an API Gateway cache entry] |
| I.21 | ❌ | Lambda: 50 requests/s; 100 s/request 👉️ 5.000 concurrency execution | Default quota of Lambda concurrency execution: 1.000 (can be increased to 10.000) | |
| II.7 | ❌ | Tracking number of visitors on website (use DynamoDB) | 1. (May over/under count) “Atomic counter” - just increase the counter without checking current value | |
| II.8 | ❌ | Kinesis Data Streams: Duplicate Records | - Two primary reasons: 1. Producer retries; 2. Consumer retries. | [Handling Duplicate Records - Kinesis] |
| II.9 | ❌ | X-Ray: Include info about calls to AWS services | Include sub-segment in the segment document | |
| II.10 | ❌ | DynamoDB: Forum (PK) - Subject (SK) - LastPostUpdateTime. Finds on posts of a forum in last 3 months | Add LSI: Forum (PK) - LastPostUpdateTime (SK). Use Query operation. | |
| II.19 | ❌ | Elastic Beanstalk: Deploy infrastructure has an RDS instance coupling with EB. How to migrate RDS? | 1. Create RDS snapshot; enable RDS deletion protection | |
| II.31 | ❌ | Lambda: Concurrency quotas | - Account-level: 1.000 unit of concurrency | [Lambda Concurrency Quotas] |
| II.33 | ❌ | Elastic Beanstalk: Environment manifest (environment name, solution stack…) | - Environment manifest: /env.yaml | [Environment manifest (env.yaml) - Elastic Beanstalk] |
| III.3 | ❌ | API Gateway: Lambda Proxy integration | Recommend: Simple setup | |
| III.12 | ❌ | Deploy serverless app: Run C++ | Lambda doesn’t support C++ -> Create custom runtime | |
| III.14 | ❌ | SQS: postpone delivery messages to queue | Delay queue (not using visibility timeout) | |
| III.16 | ❌ | ECS: EC2. Task placement? | 1. Cluster constraint; 2. Task placement constraint; 3. Task placement strategy | |
| III.18 | ❌ | Kinesis Data Streams: Re-sharding, Scaling, and Parallel Processing | 1. One worker can process many shards. 2. Optimal ratio is 1 worker : 1 shard | |
| III.19 | ❌ | DynamoDB: Concurrency write | Optimistic Locking + Conditional Writes | |
| III.20 | ❌ | DynamoDB: For each request, return WCU consumed (base table & GSI) | ReturnConsumedCapacity: | |
| IV.8 | ❌ | DynamoDB - GSI: Consumed throughput; Consistency? | GSI has its own consumed throughput. GSI only supports eventually consistent read | |
| IV.15 | ❌ | ECS: Tasks are scheduled on instances with enough resources. Which task placement strategy? | Random | |
| IV.33 | ❌ | Deploy containerized apps? ECS, EKS or Elastic Beanstalk? | Under the hood, Elastic Beanstalk uses ECS (& ELB, ASG) | |
| V.1 | ❌ | Lambda: Debug - Return log stream for the function instance | Use context.logStreamName | |
| V.8 | ❌ | X-Ray: Group the trace | Subsegment: breakdown segment & provide granular timing detail about downstream calls (to AWS services, HTTP APIs, SQL queries) | |
| V.14 | ❌ | Step Functions: Break a task into multiple tasks (process synchronously) | Step Functions state types: | [1.14] |
| V.18 | ❌ | Lambda: Provide a public HTTPS endpoint & ensure it executes only if the request’s from valid user | 1. Use Lambda function URL | [1.18] |
| V.19 | ❌ | In-house authentication system, support sync user data between devices/platforms | Cognito Identity Pools - Developer-authenticated identities: | |
| V.22 | ❌ | DynamoDB: Python call BatchGetItem return partial data. Why? Fix? | - BatchGetItem use more than the provisioned throughput limit | |
| VI.17 | ❌ | Lambda: Use C++ | Build a custom runtime for C++ | [1.17] |
Domain 2: Security
| No | Q | A | Ref | |
|---|---|---|---|---|
| I.1 | ❌ | Give a program to AWS services | - Best practice: EC2 instance profile (IAM Role) | |
| I.3 | ❌ | Database credential - How to encrypt & auto rotate? | - AWS Secret Manager + Enable auto rotate | |
| I.8 | ❌ | S3 - Ensure all objects are encryption at rest with SSE-KMS | Add a bucket policy which denies any s3:PutObject action unless the request includes the x-amz-server-side-encryption header. | |
| II.6 | ❌ | Provide application in ECS access to the required AWS resources | Fargate: IAM Role -> attach to task | |
| II.7 | ❌ | KMS: Envelope Encryption | 1. encrypt plaintext data with a data key | |
| IV.1 | ❌ | 1 bucket - many users. How to redact PII & manage access permission? | Use S3 Object Lambda (+) Access Point | |
| V.1 | ❌ | S3: Encryption each files with different keys. Cost-effective, low overhead | - SSE-S3: use the same key for all files. | |
| V.5 | ❌ | KMS features | ||
| V.9 | ❌ | AWS CLI: UnauthorizedOperation error with encoded authorization message. What to do? | Decode the message with STS decode-authorization-message | [2.9] |
| V.12 | ❌ | Serverless app defined with Cloud Development Kit (CDK). How to test local? | 1. (From CDK template) “Synthesize” & output Cfn template with cdk synth | [2.12 What is CDK?] [2.12 CDK toolkit commands] |
| V.13 | ❌ | Cognito Identity Pools: What does Cognito returns to authenticated/unauthenticated user? | - For authenticated users: Cognito returns the token | |
| VI.8 | ❌ | System Managers Parameter Store: Notify if a parameter hasn’t been rotated in 90 days. | 1. Use Advanced tier / Parameter polices / Notification policies |
Domain 3: Deployment
| No | Q | A | Ref | |
|---|---|---|---|---|
| I.1 | ❌ | Implement subscription with API Gateway | Use usage plan to distribute APIs & throttle usages based on defined limit/quota | [API Gateway - Usage plan] |
| I.2 | ❌ | Lambda, pause task & wait for external process | Step Function - Callback pattern (SQS + SNS + Lambda) | [Step Function - Callback Pattern] |
| I.5 | ❌ | SAM template requires sections | Transform & Resources | |
| I.6 | ❌ | Create Lambda function with CLI error InvalidParameterValueException | Invalid parameter: maybe a role can’t be assumed | |
| I.7 | ❌ | ECS schedule task based on CPU/memory | ECS - Task placement strategy: binpack, spread, random | |
| II.5 | ❌ | CodeDeploy AppSpec - Run a task before traffic is shifted to a Lambda function | AppSpec hook | |
| III.6 | ❌ | CodeDeploy deployment type (How the latest revision is deployed to instance?) | 1. In-place (EC2/On-Premises); 2. Blue/green | |
| IV.1 | ❌ | SAM deploy process (From local machine) | 1. Build (local); | |
| V.2 | ❌ | CodeDeploy: Rollback | CodeDeploy rolls back deployments by redeploying a previously deployed revision of an application as a new deployment (with new deployment ID) | [3.2] |
| V.7 | ❌ | CodeCommit: How to setup for a new user? | Use AWS credential (with credential-helper) | [3.7] |
| V.9 | ❌ | SAM: How to deploy (& test)? | 1. (Once time) sam init |
Domain 4: Troubleshooting and Optimization
| No | Q | A | Ref | |
|---|---|---|---|---|
| I.6 | ❌ | Serve private content from CloudFront | 1. Use signed-URL, sign-cookies | |
| I.7 | ❌ | X-ray: How to debug? | _X_AMZN_TRACE_ID + AWS_XRAY_CONTEXT_MISSING | |
| I.12 | ❌ | CloudFront HTTPS | Viewer Protocol Policy: Only HTTPS or Redirect HTTP to HTTPS | |
| I.14 | ❌ | DynamoDB Scan improve performance | - Default page size: 1MB (Max) -> Reduce page size | |
| I.19 | ❌ | Use Lambda function inside a VPC | - By default, Lambda is public (has internet access) | |
| I.20 | ❌ | X-Ray filter trace | 1. Add annotation to record data used to group traces (indexed to used with filter expression) | |
| I.22 | ❌ | API Gateway: Lambda Proxy - 502 Bad Gateway | In Lambda proxy integration, the backend Lambda function must return output according a JSON format | [Output format of a Lambda function for proxy integration] |
| II.5 | ❌ | Kinesis Data Streams: Not enough shards & Instances CPU 100% | 1. Increase number of shards (shard splitting). 2. Increase instance size | |
| II.6 | ❌ | RDS can’t handle read | 1. Use RDS Multi-AZ Cluster (not Multi-AZ Instance) | |
| II.7 | ❌ | X-Ray - namespace, metadata | X-Ray namespace: distinguish AWS/remote | |
| II.8 | ❌ | CloudWatch - namespace | CloudWatch namespace: container for metrics, e.g. aws/lambda | |
| III.1 | ❌ | Collect trace from multiple backends, AWS SDK, SQL queries… | AWS Distro for OpenTelemetry (supports collect from X-Ray) | |
| V.1 | ❌ | Lambda: Function created with Cfn doesn’t send logs to CW? | Modify ExecutionRole & add AWSLambdaBasicExecutionRole managed policy | |
| V.2 | ❌ | ECS: EC2 launch type. Terminate an instance (after it’s stopped), but the container instance still appear in ECS cluster | Terminate an instance: | |
| V.4 | ❌ | API Gateway: Enable API caching. How to test the function without caching? | 0. Create a resource-based policy to allows the API Gateway execution service to invalidate the cache for requests on the specified resource | [4.4] |
| V.13 | ❌ | DynamoDB: Optimize Scan in low-demand time? | Parallel scan: distribute workload across the partitions of the table (by passing Segment and TotalSegments parameters into the Scan operation) | [4.13] |