1. Beanstalk config format -> .ebextenstion/<mysetting>.config
2. Europe user get served from Europe server -> R53 geoloction based routing
3. ALB does not have target group -> We get 503 error
4. Prevent codebuild running too long -> Enable codebuild timeouts
5. Service to store and deploy dockers -> ECR
6. EC2 Auto scaling,
Auto Scaling groups cannot span across multiple Regions
An ASG can contain EC2 in one or more AZ within the same Region
7. MFA mechanisms is NOT for root user authentication -> SMS based MFA
8. Beanstalk relies on -> AWS cloudformation
9. Valid SAM resource types
AWS::Serverless::Api
AWS::Serverless::Application
AWS::Serverless::Function
AWS::Serverless::HttpApi
AWS::Serverless::LayerVersion
AWS::Serverless::SimpleTable
AWS::Serverless::StateMachine
10. In Beanstalk reuse RDS connection and re-create Elasticache for each deployment -> define ElastiCache in .ebextension/ & RDS refer via env var
11. To create digital signature for SSH into EC2 -> need key pairs
12. Instead of creating individual policies for each user, you can use policy variables and create a single policy that applies to multiple users (a group policy). Policy variables act as placeholders. When you make a request to AWS, the placeholder is replaced by a value from the request when the policy is evaluated.
13. In IAM, a principal is a person or application that can make a request for an action or operation on an AWS resource. The principal is authenticated as the AWS account root user or an IAM entity to make requests to AWS
14. IAM, the Resource element specifies the object or objects that the statement covers. You specify a resource using an ARN
15. Deploy with MINIMUM application downtime and the ability to rollback quickly -> Blue/Green
16. API Gateway usage plans
A usage plan specifies who can access one or more deployed API stages and methods—and also how much and how fast they can access them. The plan uses API keys to identify API clients and meters access to the associated API stages for each key.
17. CodeCommit does not support username and password based credentials
18. Amazon SQS uses a visibility timeout to prevent other consumers from receiving and processing the same message. The default visibility timeout for a message is 30 seconds. The minimum is 0 seconds. The maximum is 12 hours.
19. EC2 User data scripts are executed with root permission, It runs only for the first time of launching
20. A-Record -> Used to point a domain or subdomain to an IP address.
21. PTR Record -> A Pointer (PTR) record resolves an IP address to a fully-qualified domain name (FQDN) as an opposite to what A record does.
22. Alias records let you route traffic to selected AWS resources, such as CloudFront distributions and Amazon S3 buckets
23. security credentials can only be created by the AWS Account root user -> CloudFront key pairs
24. Secret Manager -> can be used to store db credentials and api keys and rotate it
25. Allow a Lambda function in its AWS Account A to access a DynamoDB table in another AWS Account B ->
Create an IAM role in account B with access to DynamoDB.
Modify the trust policy of the role in Account B to allow the execution role of Lambda to assume this role.
Update the Lambda function code to add the AssumeRole API call
26. T2 micro running for 30 seconds -> has no charge cos it is free tier
27. Lambda A gets throttled cos Lambda B takes many invocations -> Then setup reserved concurrency to Lamba B so it limits the max concurrency
28. AWS require approx 5 weeks of usage data for generating budget forecast
29. ELB marks EC2 target group as unhealthy but you were able to access EC2 direclty and see the website ->
Either EC2 security group is blocking traffic from ELB
or health check url is wrongly configured in ELB for this EC2
30. Which will help identify unused IAM roles and remove them without disrupting any service -> Access Advisor feature of IAM
31. The only resource-based policy that the IAM service supports -> Trust policy
32. Policy only limit permissions but cannot grant permissions ->
SCP, Permission boundary
33. Service to identify security issues with minimum effort -> IAM access Analyzer
34. Syntax for getting value form mapping -> !FindInMap [ MapName, TopLevelKey, SecondLevelKey ]
35. CloudFormation valid sections
AWSTemplateFormatVersion
Description
Metadata
Parameters
Mapping
Conditions
Transform
Resources
Outputs
36. Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer.
Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses.
Access logging is an optional feature of Elastic Load Balancing that is disabled by default
37. In CloudFormation , Exported Output Values in CloudFormation must have unique names within a single Region
38. We can deploy SSL certificates using ACM or IAM
39. For a cross-stack reference and use the Export output field to flag the value of one resource from one stack. Then use Fn::ImportValue intrinsic function to import the value of that into the other stack
40. ELB feature, Build high available system, Separate public and private traffic
41. You need to activate IAM user access to the Billing and Cost Management console for all the users who need access - By default, IAM users do not have access to the AWS Billing and Cost Management console.
42. Application Load Balancer can be used to securely authenticate users for accessing your applications. This enables you to offload the work of authenticating users to your load balancer so that your applications can focus on their business logic.
43. You cannot directly integrate Cognito User Pools with CloudFront distribution as you have to create a separate Lambda@Edge
44. How KMS work -> KMS stores the CMK, and receives data from the clients, which it encrypts and sends back
45. You can create one or more aliases for your AWS Lambda function. A Lambda alias is like a pointer to a specific Lambda function version. You can use routing configuration on an alias to send a portion of traffic to a Lambda function version. For example, you can reduce the risk of deploying a new version by configuring the alias to send most of the traffic to the existing version, and only a small percentage of traffic to the new version.
No comments:
Post a Comment