Which entities can exist in IAM?
- Users - Groups - Roles
To whom can an IAM policy be assigned?
Groups, users and roles
What is an IAM policy?
doc defining permissions
To whom can a IAM policy be assigned?
Users, groups and roles
You have an AWS ec2 server that needs access to another AWS service. How would you grant the access?
Create an IAM role with the required permissions and assign it to the ec2 server
Is IAM regional or global?
global
What are the IAM access keys used for
Programmatic Access to AWS
You want to rotate passwords regularly. How do you do it?
Set it up in IAM
True or False? AWS recommends that EC2 instances have credentials stored on them so that the instances can access other resources (such as S3 buckets).
False. Access should be granted by IAM roles
Which tool can you use to test that an IAM policy attached to a user, group or role works as expected?
IAM policy Simulator
Which IAM entity can you use to delegate access to trusted entities such as IAM users, applications, or AWS services such as EC2?
IAM role
Which is the best way to enable S3 read-access for an EC2 instance?
Create an IAM role with the access policy and grant it to the instance
If encryption is set on your AWS account, can you override it for specific volumes?
no
If your account has encryption enabled, can you create a volume from an unencrypted snapshot?
no
What is a load balancer?
A load balancer distributes traffic accross a network
Which types of load balancers to exist in AWS?
- application lb - network lb - gateway lb - classic lb
Which types of request can the application Load balancer handle?
HTTP(S) request
Which types of requests can the network load balancer handle
TCP requests
Which types of requests can the classic load balancer handle?
HTTP(S) and TCP
In the OSI model, on which layer does the Application load balancer operate?
Layer 7, application layer
Based on what does the application load balancer routes request?
HTTP Header
Which load balancer is more performant, network or application lb?
network is much more performant
What's the role of the x-forwarded-for Header?
Saves the IP address of the original client when using a load balancer
When a load balancer returns with a HTTP 504 Gateway timeout error, which component should you check first?
The end-application
What does the Gateway load balancer load balance?
Third-Party virtual appliances - firewalls - intrusion detection systems
What can you do after losing your secret access key to the aws cli?
regenerate it
When while using the AWS CLI, you encounter a "timeout" error, what could be the cause and what could you do?
cause: to much data solution: use pagination
What is oltp?
Online transaction processing - data processing -many small queries fast
What is OLAP?
= Online analytics processing - complex queries - analyzes historic data
Are RDS suited for OLTP or OLAP?
OLTP
In RDS, which deployment options are available?
- single DB instance - multi-AZ DB instance - multi AZ DB cluster
How can you achieve better database performance without data incosistency?
Read-Only instances of your DB
What is a read replica?
Read-Only copy of DB
Imagine you have a BI application that needs to analyze your business data and puts a strain on your data base.
How can you improve performance without impacting users?
Read-Replica for the BI app
Which backup-strategy supports Point-In-Time Recovery?
RDS Automated Backup
In which case would you use a db snapshot?
Before a significant data event, ie major upgrade
Is a Database Backup applied to the existing instance or to a new one?
To a new one, with a new DNS endpoint
When can encryption at rest be enabled?
Only on instance creation
Which Aspects of the DB does encryption at rest cover?
All, including backups and logs
How can you encrypt a running DB instance?
1. take Snapshot 2. Encrypt Snapshot 3. Launch new instance from Snapshot
You want to horizontally scale your db infrastructure. What must you use?
RDS Proxy
When does the RDS open the connection to the Database?
It constantly keeps open a pool of open connections
What are the two types of caches available in ElastiCache?
- memcached - redis
For which kind of Database is ElastiCache particulary useful?
- read-heavy - rather infrequent changes
In comparison to ElastiCache's Memcached mode, name three advantages of Redis Mode
- data persistence - support for lists - support for Multi-AZ
Name a use case for ElastiCache in Redis mode
- gaming leaderbords
Can MemoryDB for Redis be used as a primary DB?
Yes
Name a use case for MemoryDB for Redis
- online gaming - millions of users - user-generated 3d worlds
What does MemoryDB for Redis and Elasticache have in common?
- in memory data stores
What is the difference between ElastiCache for Redis and MemoryDB for Redis=
Elasticache is a cache for a database MemoryDB is an actual database
