AWS Developer Associate Practice Questions Part 4

In Amazon SWF, the progress of every workflow execution is recorded in its workflow history, which Amazon SWF maintains. The workflow history is a detailed, complete, and consistent record of every event that occurred since the workflow execution started.

If the user is going to specify an IP range in RDS security group, AWS recommends using the private IP address of the Amazon EC2 instance. This provides a more direct network route from the Amazon EC2 instance to the Amazon RDS DB instance, and does not incur network charges for the data sent outside of the Amazon network.

When a user is trying to mount a blank EBS volume, it is required that the user first creates a file system within the volume. If the volume is created from an existing snapshot then the user needs not to create a file system on the volume as it will wipe out the existing data.

AWS IAM allows an organization to create multiple users and provide them access to various AWS services. By default when the user is created, he does not have password enabled and can not login to AWS console. If the organization wants to allow the users to login to AWS console, they can enable password for each user. It is required that IAM users follow certain guidelines to set their IAM login password.  For this IAM provides root account owner to setup passwrod policy. The password policy also lets the specify whether all IAM users can change their own passwords. As part of policy, organization can specify that passwords for IAM users must be of a certain minimum length, must include certain characters, and a few more criteria such as below.

One upper / lower or both letters

One alpha numeric

One number

AWS Identity and Access Management is a web service that enables the AWS customers to manage users and user permissions in AWS. The IAM is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, the organizaiton can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.

The IAM users by default cannot change their password. The root owner or IAM administrator needs to set the policy in the password policy page, which should allow the user to change their password. Once it is enabled, the IAM user can always change their passwords from the AWS console or CLI.

To host a static website, the user needs to configure an Amazon S3 bucket for website hosting and then upload the website contents to the bucket. The website is then available at the region-specific website endpoint of the bucket.

Optional parameters are listed in the Parameters section. Parameters enable you to pass values to your template at runtime, and can be dereferenced in the Resources and Outputs sections of the template.

AWS Elastic Beanstalk stores your application files and optionally server log files in Amazon S3. If you are using the AWS Management Console, Git, the AWS Toolkit for Visual Studio, or AWS Toolkit for Eclipse, an Amazon S3 bucket will be created in your account for you and the files you upload will be automatically copied from your local client to Amazon S3. Optionally, you may configure Elastic Beanstalk to copy your server log files every hour to Amazon S3. You do this by editing the environment configuration settings.

In AWS CloudFormation, tags are arbitrary key-value pairs that can be used to identify your stack for purposes such as cost allocation. A Key consists of any alphanumeric characters but must not contain any spaces. Tag keys can be up to 127 characters long. A Value consists of any alphanumeric characters or spaces. Tag values can be up to 255 characters long.

To configure the message retention period, set the MessageRetentionPeriod attribute using the SetQueueAttributes method. This attribute is used to specify the number of seconds a message will be retained by SQS. Currently the default value for the message retention period is 4 days. Using the MessageRetentionPeriod attribute, the message retention period can be set anywhere from 60 seconds (1 minute), up to 1209600 seconds (14 days).

To host a static website, the user needs to configure an Amazon S3 bucket for website hosting and then upload the website contents to the bucket. The user can configure the index, error document as well as configure the conditional routing of on object name.

Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available. Using SQS, the application has to just send the data to SQS and SQS transmits it to the log file whenever it is available.

If an EBS volume is not in the same AZ of an EC2 instance, it cannot be attached to the instance. The only option is to take a snapshot of the volume and create a new volume in the instance’s AZ.

These services are designed to complement each other. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud. It is integrated with developer tools and provides a one-stop experience for you to manage the lifecycle of your applications. AWS CloudFormation is a convenient deployment mechanism for a broad range of AWS resources. It supports the infrastructure needs of many different types of applications such as existing enterprise applications, legacy applications, applications built using a variety of AWS resources and container-based solutions (including those built using AWS Elastic Beanstalk).

AWS CloudFormation introduces two new concepts: The template, a JSON-format, text-based file that describes all the AWS resources you need to deploy to run your application and the stack, the set of AWS resources that are created and managed as a single unit when AWS CloudFormation instantiates a template.

With Amazon SQS version 2008-01-01, the maximum message size for both SOAP and Query requests is 8KB.

If you need to send messages to the queue that are larger than 8 KB, AWS recommends that you split the information into separate messages. Alternatively, you could use Amazon S3 or Amazon SimpleDB to hold the information and include the pointer to that information in the Amazon SQS message.

If you send a message that is larger than 8KB to the queue, you will receive a MessageTooLong error with HTTP code 400.

In AWS EC2, while configuring a security group, the user needs to specify the IP address in CIDR notation. The CIDR IP range 10.20.30.40/32 says it is for a single IP 10.20.30.40. If the user specifies the IP as 10.20.30.40 only, the security group will not accept and ask it in a CIRD format.

The cost of an IAM user or groups can never be tracked separately for the purpose of billing. The best solution in this case is to create a separate account for each department and use consolidated billing.

Amazon SQS is engineered to always be available and deliver messages. One of the resulting tradeoffs is that SQS does not guarantee first in, first out delivery of messages. For many distributed applications, each message can stand on its own, and as long as all messages are delivered, the order is not important. If your system requires that order be preserved, you can place sequencing information in each message, so that you can reorder the messages when the queue returns them.

In Amazon SNS, when you want to subscribe to a topic and receive notifications to your email, select Email in the Protocol drop-down box. Enter an email address you can use to receive the notification in the Endpoint field.

With AWS Identity and Access Management (IAM), you can create IAM users to control who has access to which resources in your AWS account. You can use IAM with AWS CloudFormation to control what AWS CloudFormation actions users can perform, such as view stack templates, create stacks, or delete stacks.

In addition to AWS CloudFormation actions, you can manage what AWS services and resources are available to each user.

In Amazon DynamoDB, a database is a collection of tables. A table is a collection of items and each item is a collection of attributes.

If an Amazon EBS volume is the root device of an instance, it cannot be detached unless the instance is in the stopped state.

In Amazon SWF, at times you might want to record information in the workflow history of a workflow execution that is specific to your use case. Markers enable you to record information in the workflow execution history that you can use for any custom or scenario-specific purpose.

Multi-Factor Authentication adds an extra level of security for all the users. The user can enable MFA for all IAM users which ensures that each user has to provide an extra six digit code for authentication.

With version 2008-01-01, the PeekMessage action has been removed from Amazon SQS. This functionality was used mainly to debug small systems — specifically to confirm a message was successfully sent to the queue or deleted from the queue.
To do this with version 2008-01-01, you can log the message ID and the receipt handle for your messages and correlate them to confirm when a message has been received and deleted.

Amazon SQS makes a best effort to preserve order in messages, but due to the distributed nature of the queue, AWS cannot guarantee that you will receive messages in the exact order you sent them. You typically place sequencing information or timestamps in your messages so that you can reorder them upon receipt.

In Amazon SWF, depending on the size and sensitivity of the data, you can pass data directly or pass a pointer to data stored on another system or service (such as Amazon S3 or Amazon DynamoDB). Both the data passed directly and the pointers to other data stores are recorded in the workflow execution history; however, Amazon SWF does not copy or cache any of the data from external stores as part of the history.

In DynamoDB, an index cannot be modified once it is created.

The AWS ELB allows mapping a custom domain name with ELB. The user can map ELB with DNS in two ways: 1) By creating CNAME with the existing domain name service provider or 2) By creating a record with Route 53.

In Amazon SWF, Workflow retention time is up to 90 days.

The AWS console for DynamoDB enables you to do all the above operation but not Importing Data from other databases or from files and it is not possible to do it.

File change notifications can be sent via email to users following the resource with Amazon Simple Email Service (Amazon SES), an easy-to-use, cost-effective email solution.

The only recommended use case for the S3 bucket ACL is to grant the write permission to the Amazon S3 Log Delivery group to write access log objects to the user’s bucket.

Every Amazon SQS queue has a configurable visibility timeout. For the designated amount of time after a message is read from a queue, it will not be visible to any other reader. As long as the amount of time that it takes to process the message is less than the visibility timeout, every message will be processed and deleted. In the event that the component processing the message fails or becomes unavailable, the message will again become visible to any component reading the queue once the visibility timeout ends. This allows you to have many components all reading messages from the same queue, with each working to process different messages.

The EBS snapshots are a point in time backup of the volume. It is helpful to move the volume from one AZ to another or  launch a new instance. The user can increase the size of the volume but cannot decrease it less than the original snapshot size.

In AWS CloudFormation, CloudFormer is itself an AWS CloudFormation stack. You run CloudFormer by launching the stack from your AWS environment. It runs on a t1.micro Amazon EC2 instance and requires no other resources.

An S3 object ACL is the only way to manage access to objects which are not owned by the bucket owner. An AWS account that owns the bucket can grant another AWS account permission to upload objects. The bucket owner does not own these objects. The AWS account that created the object must grant permissions using object ACLs.

The Multi AZ feature allows the user to achieve High Availability. For Multi AZ, Amazon RDS automatically provisions and maintains a synchronous “standby” replica in a different Availability Zone.

Amazon SNS currently supports up to 3,000 topics per AWS Account. To request a higher limit it is possible to contact Amazon.

DynamoDB has seamless scalability with no table size limits and unlimited storage, so you shouldn’t be worried about managing storage on the host or to provisioning more drive, as your data requirement changes.

DynamoDB supports in-place atomic updates.

In DynamoDB, a secondary index is a data structure that contains a subset of attributes from a table, along with an alternate key to support Query operations. DynamoDB supports the following two types of secondary indexes:

• Local secondary index is an index that has the same hash key as the table, but a different range key. A local secondary index is “local” in the sense that every partition of a local secondary index is scoped to a table partition that has the same hash key.
• Global secondary index is an index with a hash and range key that can be different from those on the table. A global secondary index is considered “global” because queries on the index can span all of the data in a table, across all partitions.

A stack is the set of AWS resources that are created and managed as a single unit when AWS CloudFormation initiates a template.

To configure the Auto Scaling termination policy, the user can either specify any one of the policies as a standalone policy or list multiple policies in an ordered list. The policies are executed in the order that they are listed.

In Amazon DynamoDB, a database is a collection of tables. A table is a collection of items and each item is a collection of attributes.

The RDS instances unlike the AWS EBS backed instances cannot be stopped or paused. The user needs to take the final snapshot, terminate the instance and launch a new instance in the future from that snapshot.

With regard to RDS, the user can manage the configuration of a DB engine by using a DB parameter group. A DB parameter group contains engine configuration values that can be applied to one or more DB instances of the same instance type.

AWS CloudFormation gives developers and systems administrators an easy way to create and manage collections of AWS resources. You can now set Read Replicas for your databases with RDS when you create a new CloudFormation template.You can start using it with the sample template of CloudFormation.

AWS Glacier has four resources. Vault and Archives are core data model concepts. Job is required to initiate download of archive. The notification configuration is required to send user notification when archive is available for download.

Authentication mechanisms are provided to ensure that messages stored in Amazon SQS queues are secured against unauthorized access. Only the AWS account owners can access the queues they create.

Amazon SQS uses proven cryptographic methods to authenticate your identity, either through the use of your Access Key ID and request signature, or through the use of an X.509 certificate.

The instances that reside in the private subnets of your VPC are not reachable from the Internet, meaning that is not possible to ssh into them. To interact with them you can use a bastion server, located in a public subnet, that will act as a proxy for them.
You can also connect if you have direct connect or vpn.

The Amazon Simple Workflow Service (Amazon SWF) makes it easier to develop asynchronous and distributed applications by providing a programming model and infrastructure for coordinating distributed components and maintaining their execution state in a reliable way. By relying on Amazon SWF, you are freed to focus on building the aspects of your application that differentiate it.

To help manage EC2 instances as well as their usage in a better way, the user can tag the instances. The tags are metadata assigned by the user which consists of a key and a value. One resource can have a maximum of 10 tags.

When a user creates an EBS volume, the user can attach it to a running instance. The user can attach multiple volumes to the same instance and stripe them together to increase the I/O. The user can take a snapshot from the existing volume but cannot create an AMI from the volume. However, the user can create an AMI from a snapshot.

Currently, in DynamoDB, an index cannot be modified once it is created.

If a user is running two instances in separate AZs, it will provide HA with ELB since ELB will automatically stop routing the traffic to unhealthy instances and send it to healthy instances only.