BrowseAWS
Associate

General

What are these?

AWS_ACCESS_KEY_ID=ASIAIOSFODNN7EXAMPLE      
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY     
AWS_SESSION_TOKEN=AQoDYXdzEJr...     
  • Temporary Security Credentials can be recognized by the AWS_SESSION_TOKEN
  • IAM User Access Keys look similar, but don’t have an AWS_SESSION_TOKEN
  • EC2 Key Pair look different
  • Root User Access Keys look similar, but don’t have an AWS_SESSION_TOKEN and is strongly recommended not to use!
Which resources can assume IAM Roles? (Choose all applicable)
  • IAM Users, EC2 Instances, S3 Buckets, and ECS Containers can assume roles.
  • The root account cannot assume roles
Which 3 components are required for an autoscaling group to scale in or out based on load on the cluster?
  • The AutoScaling Group is required, without Scaling Policies it is essentially an AutoHealing Group.
  • Scaling Policies are required to increase or decrease the desired capacity with some logic.
  • CloudWatch Alarms are required to trigger Scaling Policies.
  • An AutoScaling Group is not required, because you could also have a (web) application that should scale without a Load Balancer.
  • CloudWatch Logs and CloudWatch Synthetics are other services not really involved in Auto Scaling situations. At least it not required.
What are valid CloudWatch Alarm States?
A metric alarm has the following possible states:
OK – The metric or expression is within the defined threshold.
ALARM – The metric or expression is outside of the defined threshold.
INSUFFICIENT_DATA – The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state.
Source
Your VPC has an Internet Gateway and has Public, Private and Isolated Subnets. You want to access SNS from an EC2 in the Isolated Subnet. Which option would you use?
The isolated subnet should not be accessible from/to the internet, neither via the NAT Gateway nor the Internet Gateway. A VPC Endpoint is the solution. There are two types: Gateway Endpoint only for DynamoDB and S3, or Interface Endpoint for hundreds of AWS services.
Which modes are available in the AWS Storage Gateway appliance?

AWS Storage Gateway Modes are:

  1. Tape stores data on Glacier or S3
  2. Volume stores data in S3 which could be migrated to EBS
  3. S3 File stores data as S3 objects

Source

Some databases can work best in N groups, where each group is on different hardware, while nodes in the same group should share the same underlaying hardware. Which strategy should you use?
Next Chapter: Practice Set 1