AWS DynamoDB facts and summaries, AWS DynamoDB Top 10 Questions and Answers Dump
Definition 1: Amazon DynamoDB is a fully managed proprietary NoSQL database service that supports key-value and document data structures and is offered by Amazon.com as part of the Amazon Web Services portfolio. DynamoDB exposes a similar data model to and derives its name from Dynamo, but has a different underlying implementation. Dynamo had a multi-master design requiring the client to resolve version conflicts and DynamoDB uses synchronous replication across multiple datacenters for high durability and availability.
Definition 2: DynamoDB is a fast and flexible non-relational database service for any scale. DynamoDB enables customers to offload the administrative burdens of operating and scaling distributed databases to AWS so that they don’t have to worry about hardware provisioning, setup and configuration, throughput capacity planning, replication, software patching, or cluster scaling.
Amazon DynamoDB explained
- Fully Managed
- Fast, consistent Performance
- Fine-grained access control
- Flexible

AWS DynamoDB Facts and Summaries
- Amazon DynamoDB is a low-latency NoSQL database.
- DynamoDB consists of Tables, Items, and Attributes
- DynamoDb supports both document and key-value data models
- DynamoDB Supported documents formats are JSON, HTML, XML
- DynamoDB has 2 types of Primary Keys: Partition Key and combination of Partition Key + Sort Key (Composite Key)
- DynamoDB has 2 consistency models: Strongly Consistent / Eventually Consistent
- DynamoDB Access is controlled using IAM policies.
- DynamoDB has fine grained access control using IAM Condition parameter dynamodb:LeadingKeys to allow users to access only the items where the partition key vakue matches their user ID.
- DynamoDB Indexes enable fast queries on specific data columns
- DynamoDB indexes give you a different view of your data based on alternative Partition / Sort Keys.
- DynamoDB Local Secondary indexes must be created when you create your table, they have same partition Key as your table, and they have a different Sort Key.
- DynamoDB Global Secondary Index Can be created at any time: at table creation or after. They have a different partition Key as your table and a different sort key as your table.
- A DynamoDB query operation finds items in a table using only the primary Key attribute: You provide the Primary Key name and a distinct value to search for.
- A DynamoDB Scan operation examines every item in the table. By default, it return data attributes.
- DynamoDB Query operation is generally more efficient than a Scan.
- With DynamoDB, you can reduce the impact of a query or scan by setting a smaller page size which uses fewer read operations.
- To optimize DynamoDB performance, isolate scan operations to specific tables and segregate them from your mission-critical traffic.
- To optimize DynamoDB performance, try Parallel scans rather than the default sequential scan.
- To optimize DynamoDB performance: Avoid using scan operations if you can: design tables in a way that you can use Query, Get, or BatchGetItems APIs.
- When you scan your table in Amazon DynamoDB, you should follow the DynamoDB best practices for avoiding sudden bursts of read activity.
- DynamoDb Provisioned Throughput is measured in Capacity Units.
- 1 Write Capacity Unit = 1 x 1KB Write per second.
- 1 Read Capacity Unit = 1 x 4KB Strongly Consistent Read Or 2 x 4KB Eventually Consistent Reads per second. Eventual consistent reads give us the maximum performance with the read operation.
- What is the maximum throughput that can be provisioned for a single DynamoDB table?
DynamoDB is designed to scale without limits. However, if you want to exceed throughput rates of 10,000 write capacity units or 10,000 read capacity units for an individual table, you must Contact AWS to increase it.
If you want to provision more than 20,000 write capacity units or 20,000 read capacity units from a single subscriber account, you must first contact AWS to request a limit increase. - Dynamo Db Performance: DAX is a DynamoDB-compatible caching service that enables you to benefit from fast in-memory performance for demanding applications.
- As an in-memory cache, DAX reduces the response times of eventually-consistent read workloads by an order of magnitude, from single-digit milliseconds to microseconds
- DAX improves response times for Eventually Consistent reads only.
- With DAX, you point your API calls to the DAX cluster instead of your table.
- If the item you are querying is on the cache, DAX will return it; otherwise, it will perform and Eventually Consistent GetItem operation to your DynamoDB table.
- DAX reduces operational and application complexity by providing a managed service that is API compatible with Amazon DynamoDB, and thus requires only minimal functional changes to use with an existing application.
- DAX is not suitable for write-intensive applications or applications that require Strongly Consistent reads.
- For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to over-provision read capacity units. This is especially beneficial for applications that require repeated reads for individual keys.
- Dynamo Db Performance: ElastiCache
- In-memory cache sits between your application and database
- 2 different caching strategies: Lazy loading and Write Through: Lazy loading only caches the data when it is requested
- Elasticache Node failures are not fatal, just lots of cache misses
- Avoid stale data by implementing a TTL.
- Write-Through strategy writes data into cache whenever there is a change to the database. Data is never stale
- Write-Through penalty: Each write involves a write to the cache. Elasticache node failure means that data is missing until added or updated in the database.
- Elasticache is wasted resources if most of the data is never used.
- Time To Live (TTL) for DynamoDB allows you to define when items in a table expire so that they can be automatically deleted from the database. TTL is provided at no extra cost as a way to reduce storage usage and reduce the cost of storing irrelevant data without using provisioned throughput. With TTL enabled on a table, you can set a timestamp for deletion on a per-item basis, allowing you to limit storage usage to only those records that are relevant.
- DynamoDB Security: DynamoDB uses the CMK to generate and encrypt a unique data key for the table, known as the table key. With DynamoDB, AWS Owned, or AWS Managed CMK can be used to generate & encrypt keys. AWS Owned CMK is free of charge while AWS Managed CMK is chargeable. Customer managed CMK’s are not supported with encryption at rest.
- Amazon DynamoDB offers fully managed encryption at rest. DynamoDB encryption at rest provides enhanced security by encrypting your data at rest using an AWS Key Management Service (AWS KMS) managed encryption key for DynamoDB. This functionality eliminates the operational burden and complexity involved in protecting sensitive data.
- DynamoDB is a alternative solution which can be used for storage of session management. The latency of access to data is less , hence this can be used as a data store for session management
- DynamoDB Streams Use Cases and Design Patterns:
How do you set up a relationship across multiple tables in which, based on the value of an item from one table, you update the item in a second table?
How do you trigger an event based on a particular transaction?
How do you audit or archive transactions?
How do you replicate data across multiple tables (similar to that of materialized views/streams/replication in relational data stores)?
As a NoSQL database, DynamoDB is not designed to support transactions. Although client-side libraries are available to mimic the transaction capabilities, they are not scalable and cost-effective. For example, the Java Transaction Library for DynamoDB creates 7N+4 additional writes for every write operation. This is partly because the library holds metadata to manage the transactions to ensure that it’s consistent and can be rolled back before commit.You can use DynamoDB Streams to address all these use cases. DynamoDB Streams is a powerful service that you can combine with other AWS services to solve many similar problems. When enabled, DynamoDB Streams captures a time-ordered sequence of item-level modifications in a DynamoDB table and durably stores the information for up to 24 hours. Applications can access a series of stream records, which contain an item change, from a DynamoDB stream in near real time.
AWS maintains separate endpoints for DynamoDB and DynamoDB Streams. To work with database tables and indexes, your application must access a DynamoDB endpoint. To read and process DynamoDB Streams records, your application must access a DynamoDB Streams endpoint in the same Region
- 20 global secondary indexes are allowed per table? (by default)
- What is one key difference between a global secondary index and a local secondary index?
A local secondary index must have the same partition key as the main table - How many tables can an AWS account have per region? 256
- How many secondary indexes (global and local combined) are allowed per table? (by default): 25
You can define up to 5 local secondary indexes and 20 global secondary indexes per table (by default) – for a total of 25. - How can you increase your DynamoDB table limit in a region?
By contacting AWS and requesting a limit increase - For any AWS account, there is an initial limit of 256 tables per region.
- The minimum length of a partition key value is 1 byte. The maximum length is 2048 bytes.
- The minimum length of a sort key value is 1 byte. The maximum length is 1024 bytes.
- For tables with local secondary indexes, there is a 10 GB size limit per partition key value. A table with local secondary indexes can store any number of items, as long as the total size for any one partition key value does not exceed 10 GB.
- The following diagram shows a local secondary index named LastPostIndex. Note that the partition key is the same as that of the Thread table, but the sort key is LastPostDateTime.
- Relational vs Non Relational (SQL vs NoSQL)



Top
Reference: AWS DynamoDB
AWS DynamoDB Questions and Answers Dumps
Q0: What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?
- A. Amazon DynamoDB auto scaling
- B. Amazon DynamoDB cross-region replication
- C. Amazon DynamoDB Streams
- D. Amazon DynamoDB Accelerator
Top
Q2: A security system monitors 600 cameras, saving image metadata every 1 minute to an Amazon DynamoDb table. Each sample involves 1kb of data, and the data writes are evenly distributed over time. How much write throughput is required for the target table?
- A. 6000
- B. 10
- C. 3600
- D. 600
Q3: You are developing an application that will interact with a DynamoDB table. The table is going to take in a lot of read and write operations. Which of the following would be the ideal partition key for the DynamoDB table to ensure ideal performance?
- A. CustomerID
- B. CustomerName
- C. Location
- D. Age
Top
Q4: A DynamoDB table is set with a Read Throughput capacity of 5 RCU. Which of the following read configuration will provide us the maximum read throughput?
- A. Read capacity set to 5 for 4KB reads of data at strong consistency
- B. Read capacity set to 5 for 4KB reads of data at eventual consistency
- C. Read capacity set to 15 for 1KB reads of data at strong consistency
- D. Read capacity set to 5 for 1KB reads of data at eventual consistency
Q5: Your team is developing a solution that will make use of DynamoDB tables. Due to the nature of the application, the data is needed across a couple of regions across the world. Which of the following would help reduce the latency of requests to DynamoDB from different regions?
- A. Enable Multi-AZ for the DynamoDB table
- B. Enable global tables for DynamoDB
- C. Enable Indexes for the table
- D. Increase the read and write throughput for the tablez
Q6: An application is currently accessing a DynamoDB table. Currently the tables queries are performing well. Changes have been made to the application and now the performance of the application is starting to degrade. After looking at the changes , you see that the queries are making use of an attribute which is not the partition key? Which of the following would be the adequate change to make to resolve the issue?
- A. Add an index for the DynamoDB table
- B. Change all the queries to ensure they use the partition key
- C. Enable global tables for DynamoDB
- D. Change the read capacity on the table
Q7: Company B has created an e-commerce site using DynamoDB and is designing a products table that includes items purchased and the users who purchased the item.
When creating a primary key on a table which of the following would be the best attribute for the partition key? Select the BEST possible answer.
- A. None of these are correct.
- B. user_id where there are many users to few products
- C. category_id where there are few categories to many products
- D. product_id where there are few products to many users
Q8: Which API call can be used to retrieve up to 100 items at a time or 16 MB of data from a DynamoDB table?
- A. BatchItem
- B. GetItem
- C. BatchGetItem
- D. ChunkGetItem
Q9: Which DynamoDB limits can be raised by contacting AWS support?
- A. The number of hash keys per account
- B. The maximum storage used per account
- C. The number of tables per account
- D. The number of local secondary indexes per account
- E. The number of provisioned throughput units per account
Top
Q10: Which approach below provides the least impact to provisioned throughput on the “Product”
table?
- A. Create an “Images” DynamoDB table to store the Image with a foreign key constraint to
the “Product” table - B. Add an image data type to the “Product” table to store the images in binary format
- C. Serialize the image and store it in multiple DynamoDB tables
- D. Store the images in Amazon S3 and add an S3 URL pointer to the “Product” table item
for each image
Top
Q11: You’re creating a forum DynamoDB database for hosting forums. Your “thread” table contains the forum name and each “forum name” can have one or more “subjects”. What primary key type would you give the thread table in order to allow more than one subject to be tied to the forum primary key name?
- A. Hash
- B. Range and Hash
- C. Primary and Range
- D. Hash and Range
Amazon Aurora explained:
- High scalability
- High availability and durability
- High Performance
- Multi Region

Amazon ElastiCache Explained
- In-Memory data store
- High availability and reliability
- Fully managed
- Supports two pop
- Open source engine

Amazon Redshift explained
- Fast, fully managed, petabyte-scale data warehouse
- Supports wide range of open data formats
- Allows you to run SQL queries against large unstructured data in Amazon Simple Storage Service
- Integrates with popular Business Intelligence (BI) and extract, Transform, Load (ETL) solutions.

Amazon Neptune Explained
- Fully managed graph database
- Supports open graph APIs
- Used in Social Networking
-
Amazon Neptune Explained
Other AWS Facts and Summaries and Questions/Answers Dump
- AWS S3 facts and summaries and Q&A Dump
- AWS DynamoDB facts and summaries and Questions and Answers Dump
- AWS EC2 facts and summaries and Questions and Answers Dump
- AWS Serverless facts and summaries and Questions and Answers Dump
- AWS Developer and Deployment Theory facts and summaries and Questions and Answers Dump
- AWS IAM facts and summaries and Questions and Answers Dump
- AWS Lambda facts and summaries and Questions and Answers Dump
- AWS SQS facts and summaries and Questions and Answers Dump
- AWS RDS facts and summaries and Questions and Answers Dump
- AWS ECS facts and summaries and Questions and Answers Dump
- AWS CloudWatch facts and summaries and Questions and Answers Dump
- AWS SES facts and summaries and Questions and Answers Dump
- AWS EBS facts and summaries and Questions and Answers Dump
- AWS ELB facts and summaries and Questions and Answers Dump
- AWS Autoscaling facts and summaries and Questions and Answers Dump
- AWS VPC facts and summaries and Questions and Answers Dump
- AWS KMS facts and summaries and Questions and Answers Dump
- AWS Elastic Beanstalk facts and summaries and Questions and Answers Dump
- AWS CodeBuild facts and summaries and Questions and Answers Dump
- AWS CodeDeploy facts and summaries and Questions and Answers Dump
- AWS CodePipeline facts and summaries and Questions and Answers Dump
2022 AWS Certified Developer Associate Exam Preparation: Questions and Answers Dump
Welcome to AWS Certified Developer Associate Exam Preparation: Definition and Objectives, Top 100 Questions and Answers dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates

What is the AWS Certified Developer Associate Exam?
This AWS Certified Developer-Associate Examination is intended for individuals who perform a Developer role. It validates an examinee’s ability to:
- Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
- Demonstrate proficiency in developing, deploying, and debugging cloud-based applications by using AWS
Recommended general IT knowledge
The target candidate should have the following:
– In-depth knowledge of at least one high-level programming language
– Understanding of application lifecycle management
– The ability to write code for serverless applications
– Understanding of the use of containers in the development process
Recommended AWS knowledge
The target candidate should be able to do the following:
- Use the AWS service APIs, CLI, and software development kits (SDKs) to write applications
- Identify key features of AWS services
- Understand the AWS shared responsibility model
- Use a continuous integration and continuous delivery (CI/CD) pipeline to deploy applications on AWS
- Use and interact with AWS services
- Apply basic understanding of cloud-native applications to write code
- Write code by using AWS security best practices (for example, use IAM roles instead of secret and access keys in the code)
- Author, maintain, and debug code modules on AWS
What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
– Design architectures (for example, distributed system, microservices)
– Design and implement CI/CD pipelines
- Administer IAM users and groups
- Administer Amazon Elastic Container Service (Amazon ECS)
- Design AWS networking infrastructure (for example, Amazon VPC, AWS Direct Connect)
- Understand compliance and licensing
Exam content
Response types
There are two types of questions on the exam:
– Multiple choice: Has one correct response and three incorrect responses (distractors)
– Multiple response: Has two or more correct responses out of five or more response options
Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50 questions that will affect your score.
Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.
Exam results
The AWS Certified Developer – Associate (DVA-C01) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.
Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam. The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context.
The percentage in each domain represents only scored content.
Domain 1: Deployment 22%
Domain 2: Security 26%
Domain 3: Development with AWS Services 30%
Domain 4: Refactoring 10%
Domain 5: Monitoring and Troubleshooting 12%
Domain 1: Deployment
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
– Commit code to a repository and invoke build, test and/or deployment actions
– Use labels and branches for version and release management
– Use AWS CodePipeline to orchestrate workflows against different environments
– Apply AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeStar, and AWS
CodeDeploy for CI/CD purposes
– Perform a roll back plan based on application deployment policy
1.2 Deploy applications using AWS Elastic Beanstalk.
– Utilize existing supported environments to define a new application stack
– Package the application
– Introduce a new application version into the Elastic Beanstalk environment
– Utilize a deployment policy to deploy an application version (i.e., all at once, rolling, rolling with batch, immutable)
– Validate application health using Elastic Beanstalk dashboard
– Use Amazon CloudWatch Logs to instrument application logging
1.3 Prepare the application deployment package to be deployed to AWS.
– Manage the dependencies of the code module (like environment variables, config files and static image files) within the package
– Outline the package/container directory structure and organize files appropriately
– Translate application resource requirements to AWS infrastructure parameters (e.g., memory, cores)
1.4 Deploy serverless applications.
– Given a use case, implement and launch an AWS Serverless Application Model (AWS SAM) template
– Manage environments in individual AWS services (e.g., Differentiate between Development, Test, and Production in Amazon API Gateway)
Domain 2: Security
2.1 Make authenticated calls to AWS services.
– Communicate required policy based on least privileges required by application.
– Assume an IAM role to access a service
– Use the software development kit (SDK) credential provider on-premises or in the cloud to access AWS services (local credentials vs. instance roles)
2.2 Implement encryption using AWS services.
– Encrypt data at rest (client side; server side; envelope encryption) using AWS services
– Encrypt data in transit
2.3 Implement application authentication and authorization.
– Add user sign-up and sign-in functionality for applications with Amazon Cognito identity or user pools
– Use Amazon Cognito-provided credentials to write code that access AWS services.
– Use Amazon Cognito sync to synchronize user profiles and data
– Use developer-authenticated identities to interact between end user devices, backend
authentication, and Amazon Cognito
Domain 3: Development with AWS Services
3.1 Write code for serverless applications.
– Compare and contrast server-based vs. serverless model (e.g., micro services, stateless nature of serverless applications, scaling serverless applications, and decoupling layers of serverless applications)
– Configure AWS Lambda functions by defining environment variables and parameters (e.g., memory, time out, runtime, handler)
– Create an API endpoint using Amazon API Gateway
– Create and test appropriate API actions like GET, POST using the API endpoint
– Apply Amazon DynamoDB concepts (e.g., tables, items, and attributes)
– Compute read/write capacity units for Amazon DynamoDB based on application requirements
– Associate an AWS Lambda function with an AWS event source (e.g., Amazon API Gateway, Amazon CloudWatch event, Amazon S3 events, Amazon Kinesis)
– Invoke an AWS Lambda function synchronously and asynchronously
3.2 Translate functional requirements into application design.
– Determine real-time vs. batch processing for a given use case
– Determine use of synchronous vs. asynchronous for a given use case
– Determine use of event vs. schedule/poll for a given use case
– Account for tradeoffs for consistency models in an application design
Domain 4: Refactoring
4.1 Optimize applications to best use AWS services and features.
Implement AWS caching services to optimize performance (e.g., Amazon ElastiCache, Amazon API Gateway cache)
Apply an Amazon S3 naming scheme for optimal read performance
4.2 Migrate existing application code to run on AWS.
– Isolate dependencies
– Run the application as one or more stateless processes
– Develop in order to enable horizontal scalability
– Externalize state
Domain 5: Monitoring and Troubleshooting
5.1 Write code that can be monitored.
– Create custom Amazon CloudWatch metrics
– Perform logging in a manner available to systems operators
– Instrument application source code to enable tracing in AWS X-Ray
5.2 Perform root cause analysis on faults found in testing or production.
– Interpret the outputs from the logging mechanism in AWS to identify errors in logs
– Check build and testing history in AWS services (e.g., AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline) to identify issues
– Utilize AWS services (e.g., Amazon CloudWatch, VPC Flow Logs, and AWS X-Ray) to locate a specific faulty component
Which key tools, technologies, and concepts might be covered on the exam?
The following is a non-exhaustive list of the tools and technologies that could appear on the exam.
This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list is no indication of relative weight or importance:
– Analytics
– Application Integration
– Containers
– Cost and Capacity Management
– Data Movement
– Developer Tools
– Instances (virtual machines)
– Management and Governance
– Networking and Content Delivery
– Security
– Serverless
AWS services and features
Analytics:
– Amazon Elasticsearch Service (Amazon ES)
– Amazon Kinesis
Application Integration:
– Amazon EventBridge (Amazon CloudWatch Events)
– Amazon Simple Notification Service (Amazon SNS)
– Amazon Simple Queue Service (Amazon SQS)
– AWS Step Functions
Compute:
– Amazon EC2
– AWS Elastic Beanstalk
– AWS Lambda
Containers:
– Amazon Elastic Container Registry (Amazon ECR)
– Amazon Elastic Container Service (Amazon ECS)
– Amazon Elastic Kubernetes Services (Amazon EKS)
Database:
– Amazon DynamoDB
– Amazon ElastiCache
– Amazon RDS
Developer Tools:
– AWS CodeArtifact
– AWS CodeBuild
– AWS CodeCommit
– AWS CodeDeploy
– Amazon CodeGuru
– AWS CodePipeline
– AWS CodeStar
– AWS Fault Injection Simulator
– AWS X-Ray
Management and Governance:
– AWS CloudFormation
– Amazon CloudWatch
Networking and Content Delivery:
– Amazon API Gateway
– Amazon CloudFront
– Elastic Load Balancing
Security, Identity, and Compliance:
– Amazon Cognito
– AWS Identity and Access Management (IAM)
– AWS Key Management Service (AWS KMS)
Storage:
– Amazon S3
Out-of-scope AWS services and features
The following is a non-exhaustive list of AWS services and features that are not covered on the exam.
These services and features do not represent every AWS offering that is excluded from the exam content.
Services or features that are entirely unrelated to the target job roles for the exam are excluded from this list because they are assumed to be irrelevant.
Out-of-scope AWS services and features include the following:
– AWS Application Discovery Service
– Amazon AppStream 2.0
– Amazon Chime
– Amazon Connect
– AWS Database Migration Service (AWS DMS)
– AWS Device Farm
– Amazon Elastic Transcoder
– Amazon GameLift
– Amazon Lex
– Amazon Machine Learning (Amazon ML)
– AWS Managed Services
– Amazon Mobile Analytics
– Amazon Polly
– Amazon QuickSight
– Amazon Rekognition
– AWS Server Migration Service (AWS SMS)
– AWS Service Catalog
– AWS Shield Advanced
– AWS Shield Standard
– AWS Snow Family
– AWS Storage Gateway
– AWS WAF
– Amazon WorkMail
– Amazon WorkSpaces
To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.
AWS Certified Developer – Associate Practice Questions And Answers Dump
Q0: Your application reads commands from an SQS queue and sends them to web services hosted by your
partners. When a partner’s endpoint goes down, your application continually returns their commands to the queue. The repeated attempts to deliver these commands use up resources. Commands that can’t be delivered must not be lost.
How can you accommodate the partners’ broken web services without wasting your resources?
- A. Create a delay queue and set DelaySeconds to 30 seconds
- B. Requeue the message with a VisibilityTimeout of 30 seconds.
- C. Create a dead letter queue and set the Maximum Receives to 3.
- D. Requeue the message with a DelaySeconds of 30 seconds.
Top
Q1: A developer is writing an application that will store data in a DynamoDB table. The ratio of reads operations to write operations will be 1000 to 1, with the same data being accessed frequently.
What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?
- A. Amazon DynamoDB auto scaling
- B. Amazon DynamoDB cross-region replication
- C. Amazon DynamoDB Streams
- D. Amazon DynamoDB Accelerator
Top
Q2: You are creating a DynamoDB table with the following attributes:
- PurchaseOrderNumber (partition key)
- CustomerID
- PurchaseDate
- TotalPurchaseValue
One of your applications must retrieve items from the table to calculate the total value of purchases for a
particular customer over a date range. What secondary index do you need to add to the table?
- A. Local secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
TotalPurchaseValue attribute - B. Local secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
TotalPurchaseValue attribute - C. Global secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
TotalPurchaseValue attribute - D. Global secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
TotalPurchaseValue attribute
Top
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q3: When referencing the remaining time left for a Lambda function to run within the function’s code you would use:
- A. The event object
- B. The timeLeft object
- C. The remains object
- D. The context object
Top
Q4: What two arguments does a Python Lambda handler function require?
- A. invocation, zone
- B. event, zone
- C. invocation, context
- D. event, context
Q5: Lambda allows you to upload code and dependencies for function packages:
- A. Only from a directly uploaded zip file
- B. Only via SFTP
- C. Only from a zip file in AWS S3
- D. From a zip file in AWS S3 or uploaded directly from elsewhere
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q6: A Lambda deployment package contains:
- A. Function code, libraries, and runtime binaries
- B. Only function code
- C. Function code and libraries not included within the runtime
- D. Only libraries not included within the runtime
Q7: You are attempting to SSH into an EC2 instance that is located in a public subnet. However, you are currently receiving a timeout error trying to connect. What could be a possible cause of this connection issue?
- A. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic, but does not have an outbound rule that allows SSH traffic.
- B. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND has an outbound rule that explicitly denies SSH traffic.
- C. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND the associated NACL has both an inbound and outbound rule that allows SSH traffic.
- D. The security group associated with the EC2 instance does not have an inbound rule that allows SSH traffic AND the associated NACL does not have an outbound rule that allows SSH traffic.
Top
Q8: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?
- A. Create and assign EIP to each instance
- B. Create and attach a second IGW to the VPC.
- C. Create and utilize a NAT Gateway
- D. Connect to a VPN
Top
Q9: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?
- A. Security Groups
- B. Route Tables
- C. Elastic Load Balancer
- D. Auto Scaling
Top
Q10: Lambda allows you to upload code and dependencies for function packages:
- A. Only from a directly uploaded zip file
- B. Only from a directly uploaded zip file
- C. Only from a zip file in AWS S3
- D. From a zip file in AWS S3 or uploaded directly from elsewhere
Q11: You’re writing a script with an AWS SDK that uses the AWS API Actions and want to create AMIs for non-EBS backed AMIs for you. Which API call should occurs in the final process of creating an AMI?
- A. RegisterImage
- B. CreateImage
- C. ami-register-image
- D. ami-create-image
Q12: When dealing with session state in EC2-based applications using Elastic load balancers which option is generally thought of as the best practice for managing user sessions?
- A. Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information
- B. Permenantly assigning users to specific instances and always routing their traffic to those instances
- C. Using Application-generated cookies to tie a user session to a particular instance for the cookie duration
- D. Using Elastic Load Balancer generated cookies to tie a user session to a particular instance
Q13: Which API call would best be used to describe an Amazon Machine Image?
- A. ami-describe-image
- B. ami-describe-images
- C. DescribeImage
- D. DescribeImages
Q14: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?
- A. Autoscaling requires using Amazon EBS-backed instances
- B. Virtual Private Cloud requires EBS backed instances
- C. Amazon EBS-backed instances can be stopped and restarted without losing data
- D. Instance-store backed instances can be stopped and restarted without losing data
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q15: After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called Toto.pem) you try and SSH into your IP address (54.1.132.33) using the following command.
ssh -i my_key.pem ec2-user@52.2.222.22
However you receive the following error.
@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@
What is the most probable reason for this and how can you fix it?
- A. You do not have root access on your terminal and need to use the sudo option for this to work.
- B. You do not have enough permissions to perform the operation.
- C. Your key file is encrypted. You need to use the -u option for unencrypted not the -i option.
- D. Your key file must not be publicly viewable for SSH to work. You need to modify your .pem file to limit permissions.
Q16: You have an EBS root device on /dev/sda1 on one of your EC2 instances. You are having trouble with this particular instance and you need to either Stop/Start, Reboot or Terminate the instance but you do NOT want to lose any data that you have stored on /dev/sda1. However, you are unsure if changing the instance state in any of the aforementioned ways will cause you to lose data stored on the EBS volume. Which of the below statements best describes the effect each change of instance state would have on the data you have stored on /dev/sda1?
- A. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is not ephemeral and the data will not be lost regardless of what method is used.
- B. If you stop/start the instance the data will not be lost. However if you either terminate or reboot the instance the data will be lost.
- C. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is ephemeral and it will be lost no matter what method is used.
- D. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.
Q17: EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:
- A. Can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored
- B. Can only be used to launch EC2 instances in the same country as the AMI is stored
- C. Can only be used to launch EC2 instances in the same AWS region as the AMI is stored
- D. Can be used to launch EC2 instances in any AWS region
Q18: Which of the following statements is true about the Elastic File System (EFS)?
- A. EFS can scale out to meet capacity requirements and scale back down when no longer needed
- B. EFS can be used by multiple EC2 instances simultaneously
- C. EFS cannot be used by an instance using EBS
- D. EFS can be configured on an instance before launch just like an IAM role or EBS volumes
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q19: IAM Policies, at a minimum, contain what elements?
- A. ID
- B. Effects
- C. Resources
- D. Sid
- E. Principle
- F. Actions
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q20: What are the main benefits of IAM groups?
- A. The ability to create custom permission policies.
- B. Assigning IAM permission policies to more than one user at a time.
- C. Easier user/policy management.
- D. Allowing EC2 instances to gain access to S3.
Q21: What are benefits of using AWS STS?
- A. Grant access to AWS resources without having to create an IAM identity for them
- B. Since credentials are temporary, you don’t have to rotate or revoke them
- C. Temporary security credentials can be extended indefinitely
- D. Temporary security credentials can be restricted to a specific region
Q22: What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?
- A. Amazon DynamoDB auto scaling
- B. Amazon DynamoDB cross-region replication
- C. Amazon DynamoDB Streams
- D. Amazon DynamoDB Accelerator
Top
Q23: A Developer has been asked to create an AWS Elastic Beanstalk environment for a production web application which needs to handle thousands of requests. Currently the dev environment is running on a t1 micro instance. How can the Developer change the EC2 instance type to m4.large?
- A. Use CloudFormation to migrate the Amazon EC2 instance type of the environment from t1 micro to m4.large.
- B. Create a saved configuration file in Amazon S3 with the instance type as m4.large and use the same during environment creation.
- C. Change the instance type to m4.large in the configuration details page of the Create New Environment page.
- D. Change the instance type value for the environment to m4.large by using update autoscaling group CLI command.
Q24: What statements are true about Availability Zones (AZs) and Regions?
- A. There is only one AZ in each AWS Region
- B. AZs are geographically separated inside a region to help protect against natural disasters affecting more than one at a time.
- C. AZs can be moved between AWS Regions based on your needs
- D. There are (almost always) two or more AZs in each AWS Region
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q25: An AWS Region contains:
- A. Edge Locations
- B. Data Centers
- C. AWS Services
- D. Availability Zones
Top
Q26: Which read request in DynamoDB returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful?
- A. Eventual Consistent Reads
- B. Conditional reads for Consistency
- C. Strongly Consistent Reads
- D. Not possible
Top
Q27: You’ ve been asked to move an existing development environment on the AWS Cloud. This environment consists mainly of Docker based containers. You need to ensure that minimum effort is taken during the migration process. Which of the following step would you consider for this requirement?
- A. Create an Opswork stack and deploy the Docker containers
- B. Create an application and Environment for the Docker containers in the Elastic Beanstalk service
- C. Create an EC2 Instance. Install Docker and deploy the necessary containers.
- D. Create an EC2 Instance. Install Docker and deploy the necessary containers. Add an Autoscaling Group for scalability of the containers.
Top
Q28: You’ve written an application that uploads objects onto an S3 bucket. The size of the object varies between 200 – 500 MB. You’ve seen that the application sometimes takes a longer than expected time to upload the object. You want to improve the performance of the application. Which of the following would you consider?
- A. Create multiple threads and upload the objects in the multiple threads
- B. Write the items in batches for better performance
- C. Use the Multipart upload API
- D. Enable versioning on the Bucket
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Top
Q29: A security system monitors 600 cameras, saving image metadata every 1 minute to an Amazon DynamoDb table. Each sample involves 1kb of data, and the data writes are evenly distributed over time. How much write throughput is required for the target table?
- A. 6000
- B. 10
- C. 3600
- D. 600
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q30: What two arguments does a Python Lambda handler function require?
- A. invocation, zone
- B. event, zone
- C. invocation, context
- D. event, context
Top
Q31: Lambda allows you to upload code and dependencies for function packages:
- A. Only from a directly uploaded zip file
- B. Only via SFTP
- C. Only from a zip file in AWS S3
- D. From a zip file in AWS S3 or uploaded directly from elsewhere
Top
Q32: A Lambda deployment package contains:
- A. Function code, libraries, and runtime binaries
- B. Only function code
- C. Function code and libraries not included within the runtime
- D. Only libraries not included within the runtime
Top
Q33: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?
- A. Create and assign EIP to each instance
- B. Create and attach a second IGW to the VPC.
- C. Create and utilize a NAT Gateway
- D. Connect to a VPN
Top
Q34: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?
- A. Security Groups
- B. Route Tables
- C. Elastic Load Balancer
- D. Auto Scaling
Top
Q30: Lambda allows you to upload code and dependencies for function packages:
- A. Only from a directly uploaded zip file
- B. Only from a directly uploaded zip file
- C. Only from a zip file in AWS S3
- D. From a zip file in AWS S3 or uploaded directly from elsewhere
Answer:
Top
Q31: An organization is using an Amazon ElastiCache cluster in front of their Amazon RDS instance. The organization would like the Developer to implement logic into the code so that the cluster only retrieves data from RDS when there is a cache miss. What strategy can the Developer implement to achieve this?
- A. Lazy loading
- B. Write-through
- C. Error retries
- D. Exponential backoff
Answer:
Top
Q32: A developer is writing an application that will run on Ec2 instances and read messages from SQS queue. The nessages will arrive every 15-60 seconds. How should the Developer efficiently query the queue for new messages?
- A. Use long polling
- B. Set a custom visibility timeout
- C. Use short polling
- D. Implement exponential backoff
Top
Q33: You are using AWS SAM to define a Lambda function and configure CodeDeploy to manage deployment patterns. With new Lambda function working as per expectation which of the following will shift traffic from original Lambda function to new Lambda function in the shortest time frame?
- A. Canary10Percent5Minutes
- B. Linear10PercentEvery10Minutes
- C. Canary10Percent15Minutes
- D. Linear10PercentEvery1Minute
Top
Q34: You are using AWS SAM templates to deploy a serverless application. Which of the following resource will embed application from Amazon S3 buckets?
- A. AWS::Serverless::Api
- B. AWS::Serverless::Application
- C. AWS::Serverless::Layerversion
- D. AWS::Serverless::Function
Top
Q35: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?
- A. Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
- B. Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
- C. Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
- D. Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.
Top
Q36: You are developing an application that will be comprised of the following architecture –
- A set of Ec2 instances to process the videos.
- These (Ec2 instances) will be spun up by an autoscaling group.
- SQS Queues to maintain the processing messages.
- There will be 2 pricing tiers.
How will you ensure that the premium customers videos are given more preference?
- A. Create 2 Autoscaling Groups, one for normal and one for premium customers
- B. Create 2 set of Ec2 Instances, one for normal and one for premium customers
- C. Create 2 SQS queus, one for normal and one for premium customers
- D. Create 2 Elastic Load Balancers, one for normal and one for premium customers.
Top
Q37: You are developing an application that will interact with a DynamoDB table. The table is going to take in a lot of read and write operations. Which of the following would be the ideal partition key for the DynamoDB table to ensure ideal performance?
- A. CustomerID
- B. CustomerName
- C. Location
- D. Age
Top
Q38: A developer is making use of AWS services to develop an application. He has been asked to develop the application in a manner to compensate any network delays. Which of the following two mechanisms should he implement in the application?
- A. Multiple SQS queues
- B. Exponential backoff algorithm
- C. Retries in your application code
- D. Consider using the Java sdk.
Top
Q39: An application is being developed that is going to write data to a DynamoDB table. You have to setup the read and write throughput for the table. Data is going to be read at the rate of 300 items every 30 seconds. Each item is of size 6KB. The reads can be eventual consistent reads. What should be the read capacity that needs to be set on the table?
- A. 10
- B. 20
- C. 6
- D. 30
Top
Q40: You are in charge of deploying an application that will be hosted on an EC2 Instance and sit behind an Elastic Load balancer. You have been requested to monitor the incoming connections to the Elastic Load Balancer. Which of the below options can suffice this requirement?
- A. Use AWS CloudTrail with your load balancer
- B. Enable access logs on the load balancer
- C. Use a CloudWatch Logs Agent
- D. Create a custom metric CloudWatch lter on your load balancer
Top
Q41: A static web site has been hosted on a bucket and is now being accessed by users. One of the web pages javascript section has been changed to access data which is hosted in another S3 bucket. Now that same web page is no longer loading in the browser. Which of the following can help alleviate the error?
- A. Enable versioning for the underlying S3 bucket.
- B. Enable Replication so that the objects get replicated to the other bucket
- C. Enable CORS for the bucket
- D. Change the Bucket policy for the bucket to allow access from the other bucket
Top
Q42: Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch. You will leverage Amazon Simple Storage Service (S3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You also need to manage the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below
- A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URL for the appropriate content.
- B. Use AWS Identity and Access Management (IAM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
- C. Authenticate your users at the application level, and use AWS Security Token Service (STS)to grant token-based authorization to S3 objects.
- D. Authenticate your users at the application level, and send an SMS token message to the user. Create an Amazon S3 bucket with the same name as the SMS message token, and move the user’s objects to that bucket.
Top
Q43: Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Choose the option that is cost-effective and can fulfill the requirements.
- A. Publish your data to CloudWatch Logs, and congure your application to Autoscale to handle the load on demand.
- B. Publish your log data to an Amazon S3 bucket. Use AWS CloudFormation to create an Auto Scaling group to scale your post-processing application which is congured to pull down your log les stored an Amazon S3
- C. Post your log data to an Amazon Kinesis data stream, and subscribe your log-processing application so that is congured to process your logging data.
- D. Create a multi-AZ Amazon RDS MySQL cluster, post the logging data to MySQL, and run a map reduce job to retrieve the required information on user counts.
Answer:
Top
Q44: You’ve been instructed to develop a mobile application that will make use of AWS services. You need to decide on a data store to store the user sessions. Which of the following would be an ideal data store for session management?
- A. AWS Simple Storage Service
- B. AWS DynamoDB
- C. AWS RDS
- D. AWS Redshift
Answer:
Top
Q45: Your application currently interacts with a DynamoDB table. Records are inserted into the table via the application. There is now a requirement to ensure that whenever items are updated in the DynamoDB primary table , another record is inserted into a secondary table. Which of the below feature should be used when developing such a solution?
- A. AWS DynamoDB Encryption
- B. AWS DynamoDB Streams
- C. AWS DynamoDB Accelerator
- D. AWSTable Accelerator
Top
Q46: An application has been making use of AWS DynamoDB for its back-end data store. The size of the table has now grown to 20 GB , and the scans on the table are causing throttling errors. Which of the following should now be implemented to avoid such errors?
- A. Large Page size
- B. Reduced page size
- C. Parallel Scans
- D. Sequential scans
Top
Q47: Which of the following is correct way of passing a stage variable to an HTTP URL ? (Select TWO.)
- A. http://example.com/${}/prod
- B. http://example.com/${stageVariables.}/prod
- C. http://${stageVariables.}.example.com/dev/operation
- D. http://${stageVariables}.example.com/dev/operation
- E. http://${}.example.com/dev/operation
- F. http://example.com/${stageVariables}/prod
Top
Q48: Your company is planning on creating new development environments in AWS. They want to make use of their existing Chef recipes which they use for their on-premise configuration for servers in AWS. Which of the following service would be ideal to use in this regard?
- A. AWS Elastic Beanstalk
- B. AWS OpsWork
- C. AWS Cloudformation
- D. AWS SQS
Top
Q49: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?
- A. Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
- B. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
- C. Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
- D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.
Top
Q50: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?
- A. Cognito Data
- B. Cognito Events
- C. Cognito Streams
- D. Cognito Callbacks
Top
Q51: You’ve developed a set of scripts using AWS Lambda. These scripts need to access EC2 Instances in a VPC. Which of the following needs to be done to ensure that the AWS Lambda function can access the resources in the VPC. Choose 2 answers from the options given below
- A. Ensure that the subnet ID’s are mentioned when conguring the Lambda function
- B. Ensure that the NACL ID’s are mentioned when conguring the Lambda function
- C. Ensure that the Security Group ID’s are mentioned when conguring the Lambda function
- D. Ensure that the VPC Flow Log ID’s are mentioned when conguring the Lambda function
Top
Q52: You’ve currently been tasked to migrate an existing on-premise environment into Elastic Beanstalk. The application does not make use of Docker containers. You also can’t see any relevant environments in the beanstalk service that would be suitable to host your application. What should you consider doing in this case?
- A. Migrate your application to using Docker containers and then migrate the app to the Elastic Beanstalk environment.
- B. Consider using Cloudformation to deploy your environment to Elastic Beanstalk
- C. Consider using Packer to create a custom platform
- D. Consider deploying your application using the Elastic Container Service
Top
Q53: Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.
- A. 10
- B. 160
- C. 155
- D. 16
Top
Q54: Which AWS Service can be used to automatically install your application code onto EC2, on premises systems and Lambda?
- A. CodeCommit
- B. X-Ray
- C. CodeBuild
- D. CodeDeploy
Top
Q55: Which AWS service can be used to compile source code, run tests and package code?
- A. CodePipeline
- B. CodeCommit
- C. CodeBuild
- D. CodeDeploy
Top
Q56: How can your prevent CloudFormation from deleting your entire stack on failure? (Choose 2)
- A. Set the Rollback on failure radio button to No in the CloudFormation console
- B. Set Termination Protection to Enabled in the CloudFormation console
- C. Use the –disable-rollback flag with the AWS CLI
- D. Use the –enable-termination-protection protection flag with the AWS CLI
Q57: Which of the following practices allows multiple developers working on the same application to merge code changes frequently, without impacting each other and enables the identification of bugs early on in the release process?
- A. Continuous Integration
- B. Continuous Deployment
- C. Continuous Delivery
- D. Continuous Development
Q58: When deploying application code to EC2, the AppSpec file can be written in which language?
- A. JSON
- B. JSON or YAML
- C. XML
- D. YAML
Q59: Part of your CloudFormation deployment fails due to a mis-configuration, by defaukt what will happen?
- A. CloudFormation will rollback only the failed components
- B. CloudFormation will rollback the entire stack
- C. Failed component will remain available for debugging purposes
- D. CloudFormation will ask you if you want to continue with the deployment
Top
Q60: You want to receive an email whenever a user pushes code to CodeCommit repository, how can you configure this?
- A. Create a new SNS topic and configure it to poll for CodeCommit eveents. Ask all users to subscribe to the topic to receive notifications
- B. Configure a CloudWatch Events rule to send a message to SES which will trigger an email to be sent whenever a user pushes code to the repository.
- C. Configure Notifications in the console, this will create a CloudWatch events rule to send a notification to a SNS topic which will trigger an email to be sent to the user.
- D. Configure a CloudWatch Events rule to send a message to SQS which will trigger an email to be sent whenever a user pushes code to the repository.
Top
Q61: Which AWS service can be used to centrally store and version control your application source code, binaries and libraries
- A. CodeCommit
- B. CodeBuild
- C. CodePipeline
- D. ElasticFileSystem
Top
Q62: You are using CloudFormation to create a new S3 bucket, which of the following sections would you use to define the properties of your bucket?
- A. Conditions
- B. Parameters
- C. Outputs
- D. Resources
Top
Q63: You are deploying a number of EC2 and RDS instances using CloudFormation. Which section of the CloudFormation template would you use to define these?
- A. Transforms
- B. Outputs
- C. Resources
- D. Instances
Top
Q64: Which AWS service can be used to fully automate your entire release process?
- A. CodeDeploy
- B. CodePipeline
- C. CodeCommit
- D. CodeBuild
Top
Q65: You want to use the output of your CloudFormation stack as input to another CloudFormation stack. Which sections of the CloudFormation template would you use to help you configure this?
- A. Outputs
- B. Transforms
- C. Resources
- D. Exports
Top
Q66: You have some code located in an S3 bucket that you want to reference in your CloudFormation template. Which section of the template can you use to define this?
- A. Inputs
- B. Resources
- C. Transforms
- D. Files
Top
Q67: You are deploying an application to a number of Ec2 instances using CodeDeploy. What is the name of the file
used to specify source files and lifecycle hooks?
- A. buildspec.yml
- B. appspec.json
- C. appspec.yml
- D. buildspec.json
Q68: Which of the following approaches allows you to re-use pieces of CloudFormation code in multiple templates, for common use cases like provisioning a load balancer or web server?
- A. Share the code using an EBS volume
- B. Copy and paste the code into the template each time you need to use it
- C. Use a cloudformation nested stack
- D. Store the code you want to re-use in an AMI and reference the AMI from within your CloudFormation template.
Q69: In the CodeDeploy AppSpec file, what are hooks used for?
- A. To reference AWS resources that will be used during the deployment
- B. Hooks are reserved for future use
- C. To specify files you want to copy during the deployment.
- D. To specify, scripts or function that you want to run at set points in the deployment lifecycle
Q70: Which command can you use to encrypt a plain text file using CMK?
- A. aws kms-encrypt
- B. aws iam encrypt
- C. aws kms encrypt
- D. aws encrypt
Q72: Which of the following is an encrypted key used by KMS to encrypt your data
- A. Custmoer Mamaged Key
- B. Encryption Key
- C. Envelope Key
- D. Customer Master Key
Q73: Which of the following statements are correct? (Choose 2)
- A. The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
- B. The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
- C. The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
- D. The Customer MasterKey is used to encrypt and decrypt plain text files.
Q74: Which of the following statements is correct in relation to kMS/ (Choose 2)
- A. KMS Encryption keys are regional
- B. You cannot export your customer master key
- C. You can export your customer master key.
- D. KMS encryption Keys are global
Q75: A developer is preparing a deployment package for a Java implementation of an AWS Lambda function. What should the developer include in the deployment package? (Select TWO.)
A. Compiled application code
B. Java runtime environment
C. References to the event sources
D. Lambda execution role
E. Application dependencies
Q76: A developer uses AWS CodeDeploy to deploy a Python application to a fleet of Amazon EC2 instances that run behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. What should the developer include in the CodeDeploy deployment package?
A. A launch template for the Amazon EC2 Auto Scaling group
B. A CodeDeploy AppSpec file
C. An EC2 role that grants the application access to AWS services
D. An IAM policy that grants the application access to AWS services
Q76: A company is working on a project to enhance its serverless application development process. The company hosts applications on AWS Lambda. The development team regularly updates the Lambda code and wants to use stable code in production. Which combination of steps should the development team take to configure Lambda functions to meet both development and production requirements? (Select TWO.)
A. Create a new Lambda version every time a new code release needs testing.
B. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready unqualified Amazon Resource Name (ARN) version. Point the Development alias to the $LATEST version.
C. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to the production-ready qualified Amazon Resource Name (ARN) version. Point the Development alias to the variable LAMBDA_TASK_ROOT.
D. Create a new Lambda layer every time a new code release needs testing.
E. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready Lambda layer Amazon Resource Name (ARN). Point the Development alias to the $LATEST layer ARN.
Q77: Each time a developer publishes a new version of an AWS Lambda function, all the dependent event source mappings need to be updated with the reference to the new version’s Amazon Resource Name (ARN). These updates are time consuming and error-prone. Which combination of actions should the developer take to avoid performing these updates when publishing a new Lambda version? (Select TWO.)
A. Update event source mappings with the ARN of the Lambda layer.
B. Point a Lambda alias to a new version of the Lambda function.
C. Create a Lambda alias for each published version of the Lambda function.
D. Point a Lambda alias to a new Lambda function alias.
E. Update the event source mappings with the Lambda alias ARN.
Q78: A company wants to store sensitive user data in Amazon S3 and encrypt this data at rest. The company must manage the encryption keys and use Amazon S3 to perform the encryption. How can a developer meet these requirements?
A. Enable default encryption for the S3 bucket by using the option for server-side encryption with customer-provided encryption keys (SSE-C).
B. Enable client-side encryption with an encryption key. Upload the encrypted object to the S3 bucket.
C. Enable server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Upload an object to the S3 bucket.
D. Enable server-side encryption with customer-provided encryption keys (SSE-C). Upload an object to the S3 bucket.
Q79: A company is developing a Python application that submits data to an Amazon DynamoDB table. The company requires client-side encryption of specific data items and end-to-end protection for the encrypted data in transit and at rest. Which combination of steps will meet the requirement for the encryption of specific data items? (Select TWO.)
A. Generate symmetric encryption keys with AWS Key Management Service (AWS KMS).
B. Generate asymmetric encryption keys with AWS Key Management Service (AWS KMS).
C. Use generated keys with the DynamoDB Encryption Client.
D. Use generated keys to configure DynamoDB table encryption with AWS managed customer master keys (CMKs).
E. Use generated keys to configure DynamoDB table encryption with AWS owned customer master keys (CMKs).
Q80: A company is developing a REST API with Amazon API Gateway. Access to the API should be limited to users in the existing Amazon Cognito user pool. Which combination of steps should a developer perform to secure the API? (Select TWO.)
A. Create an AWS Lambda authorizer for the API.
B. Create an Amazon Cognito authorizer for the API.
C. Configure the authorizer for the API resource.
D. Configure the API methods to use the authorizer.
E. Configure the authorizer for the API stage.
Q81: A developer is implementing a mobile app to provide personalized services to app users. The application code makes calls to Amazon S3 and Amazon Simple Queue Service (Amazon SQS). Which options can the developer use to authenticate the app users? (Select TWO.)
A. Authenticate to the Amazon Cognito identity pool directly.
B. Authenticate to AWS Identity and Access Management (IAM) directly.
C. Authenticate to the Amazon Cognito user pool directly.
D. Federate authentication by using Login with Amazon with the users managed with AWS Security Token Service (AWS STS).
E. Federate authentication by using Login with Amazon with the users managed with the Amazon Cognito user pool.
Question: A company is implementing several order processing workflows. Each workflow is implemented by using AWS Lambda functions for each task. Which combination of steps should a developer follow to implement these workflows? (Select TWO.)
A. Define a AWS Step Functions task for each Lambda function.
B. Define a AWS Step Functions task for each workflow.
C. Write code that polls the AWS Step Functions invocation to coordinate each workflow.
D. Define an AWS Step Functions state machine for each workflow.
E. Define an AWS Step Functions state machine for each Lambda function.
Answer: A. D.
Notes: Step Functions is based on state machines and tasks. A state machine is a workflow. Tasks perform work by coordinating with other AWS services, such as Lambda. A state machine is a workflow. It can be used to express a workflow as a number of states, their relationships, and their input and output. You can coordinate individual tasks with Step Functions by expressing your workflow as a finite state machine, written in the Amazon States Language.
ReferenceText: Getting Started with AWS Step Functions.
ReferenceUrl: https://aws.amazon.com/step-functions/getting-started/
Category: Development
Welcome to AWS Certified Developer Associate Exam Preparation: Definition and Objectives, Top 100 Questions and Answers dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates

What is the AWS Certified Developer Associate Exam?
This AWS Certified Developer-Associate Examination is intended for individuals who perform a Developer role. It validates an examinee’s ability to:
- Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
- Demonstrate proficiency in developing, deploying, and debugging cloud-based applications by using AWS
Recommended general IT knowledge
The target candidate should have the following:
– In-depth knowledge of at least one high-level programming language
– Understanding of application lifecycle management
– The ability to write code for serverless applications
– Understanding of the use of containers in the development process
Recommended AWS knowledge
The target candidate should be able to do the following:
- Use the AWS service APIs, CLI, and software development kits (SDKs) to write applications
- Identify key features of AWS services
- Understand the AWS shared responsibility model
- Use a continuous integration and continuous delivery (CI/CD) pipeline to deploy applications on AWS
- Use and interact with AWS services
- Apply basic understanding of cloud-native applications to write code
- Write code by using AWS security best practices (for example, use IAM roles instead of secret and access keys in the code)
- Author, maintain, and debug code modules on AWS
What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
– Design architectures (for example, distributed system, microservices)
– Design and implement CI/CD pipelines
- Administer IAM users and groups
- Administer Amazon Elastic Container Service (Amazon ECS)
- Design AWS networking infrastructure (for example, Amazon VPC, AWS Direct Connect)
- Understand compliance and licensing
Exam content
Response types
There are two types of questions on the exam:
– Multiple choice: Has one correct response and three incorrect responses (distractors)
– Multiple response: Has two or more correct responses out of five or more response options
Select one or more responses that best complete the statement or answer the question. Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50 questions that will affect your score.
Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.
Exam results
The AWS Certified Developer – Associate (DVA-C01) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether you passed. Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels.
Your score report could contain a table of classifications of your performance at each section level. This information is intended to provide general feedback about your exam performance. The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.
Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam. The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context.
The percentage in each domain represents only scored content.
Domain 1: Deployment 22%
Domain 2: Security 26%
Domain 3: Development with AWS Services 30%
Domain 4: Refactoring 10%
Domain 5: Monitoring and Troubleshooting 12%
Domain 1: Deployment
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
– Commit code to a repository and invoke build, test and/or deployment actions
– Use labels and branches for version and release management
– Use AWS CodePipeline to orchestrate workflows against different environments
– Apply AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeStar, and AWS
CodeDeploy for CI/CD purposes
– Perform a roll back plan based on application deployment policy
1.2 Deploy applications using AWS Elastic Beanstalk.
– Utilize existing supported environments to define a new application stack
– Package the application
– Introduce a new application version into the Elastic Beanstalk environment
– Utilize a deployment policy to deploy an application version (i.e., all at once, rolling, rolling with batch, immutable)
– Validate application health using Elastic Beanstalk dashboard
– Use Amazon CloudWatch Logs to instrument application logging
1.3 Prepare the application deployment package to be deployed to AWS.
– Manage the dependencies of the code module (like environment variables, config files and static image files) within the package
– Outline the package/container directory structure and organize files appropriately
– Translate application resource requirements to AWS infrastructure parameters (e.g., memory, cores)
1.4 Deploy serverless applications.
– Given a use case, implement and launch an AWS Serverless Application Model (AWS SAM) template
– Manage environments in individual AWS services (e.g., Differentiate between Development, Test, and Production in Amazon API Gateway)
Domain 2: Security
2.1 Make authenticated calls to AWS services.
– Communicate required policy based on least privileges required by application.
– Assume an IAM role to access a service
– Use the software development kit (SDK) credential provider on-premises or in the cloud to access AWS services (local credentials vs. instance roles)
2.2 Implement encryption using AWS services.
– Encrypt data at rest (client side; server side; envelope encryption) using AWS services
– Encrypt data in transit
2.3 Implement application authentication and authorization.
– Add user sign-up and sign-in functionality for applications with Amazon Cognito identity or user pools
– Use Amazon Cognito-provided credentials to write code that access AWS services.
– Use Amazon Cognito sync to synchronize user profiles and data
– Use developer-authenticated identities to interact between end user devices, backend
authentication, and Amazon Cognito
Domain 3: Development with AWS Services
3.1 Write code for serverless applications.
– Compare and contrast server-based vs. serverless model (e.g., micro services, stateless nature of serverless applications, scaling serverless applications, and decoupling layers of serverless applications)
– Configure AWS Lambda functions by defining environment variables and parameters (e.g., memory, time out, runtime, handler)
– Create an API endpoint using Amazon API Gateway
– Create and test appropriate API actions like GET, POST using the API endpoint
– Apply Amazon DynamoDB concepts (e.g., tables, items, and attributes)
– Compute read/write capacity units for Amazon DynamoDB based on application requirements
– Associate an AWS Lambda function with an AWS event source (e.g., Amazon API Gateway, Amazon CloudWatch event, Amazon S3 events, Amazon Kinesis)
– Invoke an AWS Lambda function synchronously and asynchronously
3.2 Translate functional requirements into application design.
– Determine real-time vs. batch processing for a given use case
– Determine use of synchronous vs. asynchronous for a given use case
– Determine use of event vs. schedule/poll for a given use case
– Account for tradeoffs for consistency models in an application design
Domain 4: Refactoring
4.1 Optimize applications to best use AWS services and features.
Implement AWS caching services to optimize performance (e.g., Amazon ElastiCache, Amazon API Gateway cache)
Apply an Amazon S3 naming scheme for optimal read performance
4.2 Migrate existing application code to run on AWS.
– Isolate dependencies
– Run the application as one or more stateless processes
– Develop in order to enable horizontal scalability
– Externalize state
Domain 5: Monitoring and Troubleshooting
5.1 Write code that can be monitored.
– Create custom Amazon CloudWatch metrics
– Perform logging in a manner available to systems operators
– Instrument application source code to enable tracing in AWS X-Ray
5.2 Perform root cause analysis on faults found in testing or production.
– Interpret the outputs from the logging mechanism in AWS to identify errors in logs
– Check build and testing history in AWS services (e.g., AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline) to identify issues
– Utilize AWS services (e.g., Amazon CloudWatch, VPC Flow Logs, and AWS X-Ray) to locate a specific faulty component
Which key tools, technologies, and concepts might be covered on the exam?
The following is a non-exhaustive list of the tools and technologies that could appear on the exam.
This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam.
The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list is no indication of relative weight or importance:
– Analytics
– Application Integration
– Containers
– Cost and Capacity Management
– Data Movement
– Developer Tools
– Instances (virtual machines)
– Management and Governance
– Networking and Content Delivery
– Security
– Serverless
AWS services and features
Analytics:
– Amazon Elasticsearch Service (Amazon ES)
– Amazon Kinesis
Application Integration:
– Amazon EventBridge (Amazon CloudWatch Events)
– Amazon Simple Notification Service (Amazon SNS)
– Amazon Simple Queue Service (Amazon SQS)
– AWS Step Functions
Compute:
– Amazon EC2
– AWS Elastic Beanstalk
– AWS Lambda
Containers:
– Amazon Elastic Container Registry (Amazon ECR)
– Amazon Elastic Container Service (Amazon ECS)
– Amazon Elastic Kubernetes Services (Amazon EKS)
Database:
– Amazon DynamoDB
– Amazon ElastiCache
– Amazon RDS
Developer Tools:
– AWS CodeArtifact
– AWS CodeBuild
– AWS CodeCommit
– AWS CodeDeploy
– Amazon CodeGuru
– AWS CodePipeline
– AWS CodeStar
– AWS Fault Injection Simulator
– AWS X-Ray
Management and Governance:
– AWS CloudFormation
– Amazon CloudWatch
Networking and Content Delivery:
– Amazon API Gateway
– Amazon CloudFront
– Elastic Load Balancing
Security, Identity, and Compliance:
– Amazon Cognito
– AWS Identity and Access Management (IAM)
– AWS Key Management Service (AWS KMS)
Storage:
– Amazon S3
Out-of-scope AWS services and features
The following is a non-exhaustive list of AWS services and features that are not covered on the exam.
These services and features do not represent every AWS offering that is excluded from the exam content.
Services or features that are entirely unrelated to the target job roles for the exam are excluded from this list because they are assumed to be irrelevant.
Out-of-scope AWS services and features include the following:
– AWS Application Discovery Service
– Amazon AppStream 2.0
– Amazon Chime
– Amazon Connect
– AWS Database Migration Service (AWS DMS)
– AWS Device Farm
– Amazon Elastic Transcoder
– Amazon GameLift
– Amazon Lex
– Amazon Machine Learning (Amazon ML)
– AWS Managed Services
– Amazon Mobile Analytics
– Amazon Polly
– Amazon QuickSight
– Amazon Rekognition
– AWS Server Migration Service (AWS SMS)
– AWS Service Catalog
– AWS Shield Advanced
– AWS Shield Standard
– AWS Snow Family
– AWS Storage Gateway
– AWS WAF
– Amazon WorkMail
– Amazon WorkSpaces
To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.
AWS Certified Developer – Associate Practice Questions And Answers Dump
Q0: Your application reads commands from an SQS queue and sends them to web services hosted by your
partners. When a partner’s endpoint goes down, your application continually returns their commands to the queue. The repeated attempts to deliver these commands use up resources. Commands that can’t be delivered must not be lost.
How can you accommodate the partners’ broken web services without wasting your resources?
- A. Create a delay queue and set DelaySeconds to 30 seconds
- B. Requeue the message with a VisibilityTimeout of 30 seconds.
- C. Create a dead letter queue and set the Maximum Receives to 3.
- D. Requeue the message with a DelaySeconds of 30 seconds.
Top
Q1: A developer is writing an application that will store data in a DynamoDB table. The ratio of reads operations to write operations will be 1000 to 1, with the same data being accessed frequently.
What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?
- A. Amazon DynamoDB auto scaling
- B. Amazon DynamoDB cross-region replication
- C. Amazon DynamoDB Streams
- D. Amazon DynamoDB Accelerator
Top
Q2: You are creating a DynamoDB table with the following attributes:
- PurchaseOrderNumber (partition key)
- CustomerID
- PurchaseDate
- TotalPurchaseValue
One of your applications must retrieve items from the table to calculate the total value of purchases for a
particular customer over a date range. What secondary index do you need to add to the table?
- A. Local secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
TotalPurchaseValue attribute - B. Local secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
TotalPurchaseValue attribute - C. Global secondary index with a partition key of CustomerID and sort key of PurchaseDate; project the
TotalPurchaseValue attribute - D. Global secondary index with a partition key of PurchaseDate and sort key of CustomerID; project the
TotalPurchaseValue attribute
Top
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q3: When referencing the remaining time left for a Lambda function to run within the function’s code you would use:
- A. The event object
- B. The timeLeft object
- C. The remains object
- D. The context object
Top
Q4: What two arguments does a Python Lambda handler function require?
- A. invocation, zone
- B. event, zone
- C. invocation, context
- D. event, context
Q5: Lambda allows you to upload code and dependencies for function packages:
- A. Only from a directly uploaded zip file
- B. Only via SFTP
- C. Only from a zip file in AWS S3
- D. From a zip file in AWS S3 or uploaded directly from elsewhere
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q6: A Lambda deployment package contains:
- A. Function code, libraries, and runtime binaries
- B. Only function code
- C. Function code and libraries not included within the runtime
- D. Only libraries not included within the runtime
Q7: You are attempting to SSH into an EC2 instance that is located in a public subnet. However, you are currently receiving a timeout error trying to connect. What could be a possible cause of this connection issue?
- A. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic, but does not have an outbound rule that allows SSH traffic.
- B. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND has an outbound rule that explicitly denies SSH traffic.
- C. The security group associated with the EC2 instance has an inbound rule that allows SSH traffic AND the associated NACL has both an inbound and outbound rule that allows SSH traffic.
- D. The security group associated with the EC2 instance does not have an inbound rule that allows SSH traffic AND the associated NACL does not have an outbound rule that allows SSH traffic.
Top
Q8: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?
- A. Create and assign EIP to each instance
- B. Create and attach a second IGW to the VPC.
- C. Create and utilize a NAT Gateway
- D. Connect to a VPN
Top
Q9: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?
- A. Security Groups
- B. Route Tables
- C. Elastic Load Balancer
- D. Auto Scaling
Top
Q10: Lambda allows you to upload code and dependencies for function packages:
- A. Only from a directly uploaded zip file
- B. Only from a directly uploaded zip file
- C. Only from a zip file in AWS S3
- D. From a zip file in AWS S3 or uploaded directly from elsewhere
Q11: You’re writing a script with an AWS SDK that uses the AWS API Actions and want to create AMIs for non-EBS backed AMIs for you. Which API call should occurs in the final process of creating an AMI?
- A. RegisterImage
- B. CreateImage
- C. ami-register-image
- D. ami-create-image
Q12: When dealing with session state in EC2-based applications using Elastic load balancers which option is generally thought of as the best practice for managing user sessions?
- A. Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information
- B. Permenantly assigning users to specific instances and always routing their traffic to those instances
- C. Using Application-generated cookies to tie a user session to a particular instance for the cookie duration
- D. Using Elastic Load Balancer generated cookies to tie a user session to a particular instance
Q13: Which API call would best be used to describe an Amazon Machine Image?
- A. ami-describe-image
- B. ami-describe-images
- C. DescribeImage
- D. DescribeImages
Q14: What is one key difference between an Amazon EBS-backed and an instance-store backed instance?
- A. Autoscaling requires using Amazon EBS-backed instances
- B. Virtual Private Cloud requires EBS backed instances
- C. Amazon EBS-backed instances can be stopped and restarted without losing data
- D. Instance-store backed instances can be stopped and restarted without losing data
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q15: After having created a new Linux instance on Amazon EC2, and downloaded the .pem file (called Toto.pem) you try and SSH into your IP address (54.1.132.33) using the following command.
ssh -i my_key.pem ec2-user@52.2.222.22
However you receive the following error.
@@@@@@@@ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@
What is the most probable reason for this and how can you fix it?
- A. You do not have root access on your terminal and need to use the sudo option for this to work.
- B. You do not have enough permissions to perform the operation.
- C. Your key file is encrypted. You need to use the -u option for unencrypted not the -i option.
- D. Your key file must not be publicly viewable for SSH to work. You need to modify your .pem file to limit permissions.
Q16: You have an EBS root device on /dev/sda1 on one of your EC2 instances. You are having trouble with this particular instance and you need to either Stop/Start, Reboot or Terminate the instance but you do NOT want to lose any data that you have stored on /dev/sda1. However, you are unsure if changing the instance state in any of the aforementioned ways will cause you to lose data stored on the EBS volume. Which of the below statements best describes the effect each change of instance state would have on the data you have stored on /dev/sda1?
- A. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is not ephemeral and the data will not be lost regardless of what method is used.
- B. If you stop/start the instance the data will not be lost. However if you either terminate or reboot the instance the data will be lost.
- C. Whether you stop/start, reboot or terminate the instance it does not matter because data on an EBS volume is ephemeral and it will be lost no matter what method is used.
- D. The data will be lost if you terminate the instance, however the data will remain on /dev/sda1 if you reboot or stop/start the instance because data on an EBS volume is not ephemeral.
Q17: EC2 instances are launched from Amazon Machine Images (AMIs). A given public AMI:
- A. Can only be used to launch EC2 instances in the same AWS availability zone as the AMI is stored
- B. Can only be used to launch EC2 instances in the same country as the AMI is stored
- C. Can only be used to launch EC2 instances in the same AWS region as the AMI is stored
- D. Can be used to launch EC2 instances in any AWS region
Q18: Which of the following statements is true about the Elastic File System (EFS)?
- A. EFS can scale out to meet capacity requirements and scale back down when no longer needed
- B. EFS can be used by multiple EC2 instances simultaneously
- C. EFS cannot be used by an instance using EBS
- D. EFS can be configured on an instance before launch just like an IAM role or EBS volumes
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q19: IAM Policies, at a minimum, contain what elements?
- A. ID
- B. Effects
- C. Resources
- D. Sid
- E. Principle
- F. Actions
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q20: What are the main benefits of IAM groups?
- A. The ability to create custom permission policies.
- B. Assigning IAM permission policies to more than one user at a time.
- C. Easier user/policy management.
- D. Allowing EC2 instances to gain access to S3.
Q21: What are benefits of using AWS STS?
- A. Grant access to AWS resources without having to create an IAM identity for them
- B. Since credentials are temporary, you don’t have to rotate or revoke them
- C. Temporary security credentials can be extended indefinitely
- D. Temporary security credentials can be restricted to a specific region
Q22: What should the Developer enable on the DynamoDB table to optimize performance and minimize costs?
- A. Amazon DynamoDB auto scaling
- B. Amazon DynamoDB cross-region replication
- C. Amazon DynamoDB Streams
- D. Amazon DynamoDB Accelerator
Top
Q23: A Developer has been asked to create an AWS Elastic Beanstalk environment for a production web application which needs to handle thousands of requests. Currently the dev environment is running on a t1 micro instance. How can the Developer change the EC2 instance type to m4.large?
- A. Use CloudFormation to migrate the Amazon EC2 instance type of the environment from t1 micro to m4.large.
- B. Create a saved configuration file in Amazon S3 with the instance type as m4.large and use the same during environment creation.
- C. Change the instance type to m4.large in the configuration details page of the Create New Environment page.
- D. Change the instance type value for the environment to m4.large by using update autoscaling group CLI command.
Q24: What statements are true about Availability Zones (AZs) and Regions?
- A. There is only one AZ in each AWS Region
- B. AZs are geographically separated inside a region to help protect against natural disasters affecting more than one at a time.
- C. AZs can be moved between AWS Regions based on your needs
- D. There are (almost always) two or more AZs in each AWS Region
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q25: An AWS Region contains:
- A. Edge Locations
- B. Data Centers
- C. AWS Services
- D. Availability Zones
Top
Q26: Which read request in DynamoDB returns a response with the most up-to-date data, reflecting the updates from all prior write operations that were successful?
- A. Eventual Consistent Reads
- B. Conditional reads for Consistency
- C. Strongly Consistent Reads
- D. Not possible
Top
Q27: You’ ve been asked to move an existing development environment on the AWS Cloud. This environment consists mainly of Docker based containers. You need to ensure that minimum effort is taken during the migration process. Which of the following step would you consider for this requirement?
- A. Create an Opswork stack and deploy the Docker containers
- B. Create an application and Environment for the Docker containers in the Elastic Beanstalk service
- C. Create an EC2 Instance. Install Docker and deploy the necessary containers.
- D. Create an EC2 Instance. Install Docker and deploy the necessary containers. Add an Autoscaling Group for scalability of the containers.
Top
Q28: You’ve written an application that uploads objects onto an S3 bucket. The size of the object varies between 200 – 500 MB. You’ve seen that the application sometimes takes a longer than expected time to upload the object. You want to improve the performance of the application. Which of the following would you consider?
- A. Create multiple threads and upload the objects in the multiple threads
- B. Write the items in batches for better performance
- C. Use the Multipart upload API
- D. Enable versioning on the Bucket
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Top
Q29: A security system monitors 600 cameras, saving image metadata every 1 minute to an Amazon DynamoDb table. Each sample involves 1kb of data, and the data writes are evenly distributed over time. How much write throughput is required for the target table?
- A. 6000
- B. 10
- C. 3600
- D. 600
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Q30: What two arguments does a Python Lambda handler function require?
- A. invocation, zone
- B. event, zone
- C. invocation, context
- D. event, context
Top
Q31: Lambda allows you to upload code and dependencies for function packages:
- A. Only from a directly uploaded zip file
- B. Only via SFTP
- C. Only from a zip file in AWS S3
- D. From a zip file in AWS S3 or uploaded directly from elsewhere
Top
Q32: A Lambda deployment package contains:
- A. Function code, libraries, and runtime binaries
- B. Only function code
- C. Function code and libraries not included within the runtime
- D. Only libraries not included within the runtime
Top
Q33: You have instances inside private subnets and a properly configured bastion host instance in a public subnet. None of the instances in the private subnets have a public or Elastic IP address. How can you connect an instance in the private subnet to the open internet to download system updates?
- A. Create and assign EIP to each instance
- B. Create and attach a second IGW to the VPC.
- C. Create and utilize a NAT Gateway
- D. Connect to a VPN
Top
Q34: What feature of VPC networking should you utilize if you want to create “elasticity” in your application’s architecture?
- A. Security Groups
- B. Route Tables
- C. Elastic Load Balancer
- D. Auto Scaling
Top
Q30: Lambda allows you to upload code and dependencies for function packages:
- A. Only from a directly uploaded zip file
- B. Only from a directly uploaded zip file
- C. Only from a zip file in AWS S3
- D. From a zip file in AWS S3 or uploaded directly from elsewhere
Answer:
Top
Q31: An organization is using an Amazon ElastiCache cluster in front of their Amazon RDS instance. The organization would like the Developer to implement logic into the code so that the cluster only retrieves data from RDS when there is a cache miss. What strategy can the Developer implement to achieve this?
- A. Lazy loading
- B. Write-through
- C. Error retries
- D. Exponential backoff
Answer:
Top
Q32: A developer is writing an application that will run on Ec2 instances and read messages from SQS queue. The nessages will arrive every 15-60 seconds. How should the Developer efficiently query the queue for new messages?
- A. Use long polling
- B. Set a custom visibility timeout
- C. Use short polling
- D. Implement exponential backoff
Top
Q33: You are using AWS SAM to define a Lambda function and configure CodeDeploy to manage deployment patterns. With new Lambda function working as per expectation which of the following will shift traffic from original Lambda function to new Lambda function in the shortest time frame?
- A. Canary10Percent5Minutes
- B. Linear10PercentEvery10Minutes
- C. Canary10Percent15Minutes
- D. Linear10PercentEvery1Minute
Top
Q34: You are using AWS SAM templates to deploy a serverless application. Which of the following resource will embed application from Amazon S3 buckets?
- A. AWS::Serverless::Api
- B. AWS::Serverless::Application
- C. AWS::Serverless::Layerversion
- D. AWS::Serverless::Function
Top
Q35: You are using AWS Envelope Encryption for encrypting all sensitive data. Which of the followings is True with regards to Envelope Encryption?
- A. Data is encrypted be encrypting Data key which is further encrypted using encrypted Master Key.
- B. Data is encrypted by plaintext Data key which is further encrypted using encrypted Master Key.
- C. Data is encrypted by encrypted Data key which is further encrypted using plaintext Master Key.
- D. Data is encrypted by plaintext Data key which is further encrypted using plaintext Master Key.
Top
Q36: You are developing an application that will be comprised of the following architecture –
- A set of Ec2 instances to process the videos.
- These (Ec2 instances) will be spun up by an autoscaling group.
- SQS Queues to maintain the processing messages.
- There will be 2 pricing tiers.
How will you ensure that the premium customers videos are given more preference?
- A. Create 2 Autoscaling Groups, one for normal and one for premium customers
- B. Create 2 set of Ec2 Instances, one for normal and one for premium customers
- C. Create 2 SQS queus, one for normal and one for premium customers
- D. Create 2 Elastic Load Balancers, one for normal and one for premium customers.
Top
Q37: You are developing an application that will interact with a DynamoDB table. The table is going to take in a lot of read and write operations. Which of the following would be the ideal partition key for the DynamoDB table to ensure ideal performance?
- A. CustomerID
- B. CustomerName
- C. Location
- D. Age
Top
Q38: A developer is making use of AWS services to develop an application. He has been asked to develop the application in a manner to compensate any network delays. Which of the following two mechanisms should he implement in the application?
- A. Multiple SQS queues
- B. Exponential backoff algorithm
- C. Retries in your application code
- D. Consider using the Java sdk.
Top
Q39: An application is being developed that is going to write data to a DynamoDB table. You have to setup the read and write throughput for the table. Data is going to be read at the rate of 300 items every 30 seconds. Each item is of size 6KB. The reads can be eventual consistent reads. What should be the read capacity that needs to be set on the table?
- A. 10
- B. 20
- C. 6
- D. 30
Top
Q40: You are in charge of deploying an application that will be hosted on an EC2 Instance and sit behind an Elastic Load balancer. You have been requested to monitor the incoming connections to the Elastic Load Balancer. Which of the below options can suffice this requirement?
- A. Use AWS CloudTrail with your load balancer
- B. Enable access logs on the load balancer
- C. Use a CloudWatch Logs Agent
- D. Create a custom metric CloudWatch lter on your load balancer
Top
Q41: A static web site has been hosted on a bucket and is now being accessed by users. One of the web pages javascript section has been changed to access data which is hosted in another S3 bucket. Now that same web page is no longer loading in the browser. Which of the following can help alleviate the error?
- A. Enable versioning for the underlying S3 bucket.
- B. Enable Replication so that the objects get replicated to the other bucket
- C. Enable CORS for the bucket
- D. Change the Bucket policy for the bucket to allow access from the other bucket
Top
Q42: Your mobile application includes a photo-sharing service that is expecting tens of thousands of users at launch. You will leverage Amazon Simple Storage Service (S3) for storage of the user Images, and you must decide how to authenticate and authorize your users for access to these images. You also need to manage the storage of these images. Which two of the following approaches should you use? Choose two answers from the options below
- A. Create an Amazon S3 bucket per user, and use your application to generate the S3 URL for the appropriate content.
- B. Use AWS Identity and Access Management (IAM) user accounts as your application-level user database, and offload the burden of authentication from your application code.
- C. Authenticate your users at the application level, and use AWS Security Token Service (STS)to grant token-based authorization to S3 objects.
- D. Authenticate your users at the application level, and send an SMS token message to the user. Create an Amazon S3 bucket with the same name as the SMS message token, and move the user’s objects to that bucket.
Top
Q43: Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Choose the option that is cost-effective and can fulfill the requirements.
- A. Publish your data to CloudWatch Logs, and congure your application to Autoscale to handle the load on demand.
- B. Publish your log data to an Amazon S3 bucket. Use AWS CloudFormation to create an Auto Scaling group to scale your post-processing application which is congured to pull down your log les stored an Amazon S3
- C. Post your log data to an Amazon Kinesis data stream, and subscribe your log-processing application so that is congured to process your logging data.
- D. Create a multi-AZ Amazon RDS MySQL cluster, post the logging data to MySQL, and run a map reduce job to retrieve the required information on user counts.
Answer:
Top
Q44: You’ve been instructed to develop a mobile application that will make use of AWS services. You need to decide on a data store to store the user sessions. Which of the following would be an ideal data store for session management?
- A. AWS Simple Storage Service
- B. AWS DynamoDB
- C. AWS RDS
- D. AWS Redshift
Answer:
Top
Q45: Your application currently interacts with a DynamoDB table. Records are inserted into the table via the application. There is now a requirement to ensure that whenever items are updated in the DynamoDB primary table , another record is inserted into a secondary table. Which of the below feature should be used when developing such a solution?
- A. AWS DynamoDB Encryption
- B. AWS DynamoDB Streams
- C. AWS DynamoDB Accelerator
- D. AWSTable Accelerator
Top
Q46: An application has been making use of AWS DynamoDB for its back-end data store. The size of the table has now grown to 20 GB , and the scans on the table are causing throttling errors. Which of the following should now be implemented to avoid such errors?
- A. Large Page size
- B. Reduced page size
- C. Parallel Scans
- D. Sequential scans
Top
Q47: Which of the following is correct way of passing a stage variable to an HTTP URL ? (Select TWO.)
- A. http://example.com/${}/prod
- B. http://example.com/${stageVariables.}/prod
- C. http://${stageVariables.}.example.com/dev/operation
- D. http://${stageVariables}.example.com/dev/operation
- E. http://${}.example.com/dev/operation
- F. http://example.com/${stageVariables}/prod
Top
Q48: Your company is planning on creating new development environments in AWS. They want to make use of their existing Chef recipes which they use for their on-premise configuration for servers in AWS. Which of the following service would be ideal to use in this regard?
- A. AWS Elastic Beanstalk
- B. AWS OpsWork
- C. AWS Cloudformation
- D. AWS SQS
Top
Q49: Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website hosting. The users can log in to this app using their Google/Facebook login accounts. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?
- A. Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website
- B. Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for access.
- C. Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary credentials
- D. Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.
Top
Q50: Your application currently makes use of AWS Cognito for managing user identities. You want to analyze the information that is stored in AWS Cognito for your application. Which of the following features of AWS Cognito should you use for this purpose?
- A. Cognito Data
- B. Cognito Events
- C. Cognito Streams
- D. Cognito Callbacks
Top
Q51: You’ve developed a set of scripts using AWS Lambda. These scripts need to access EC2 Instances in a VPC. Which of the following needs to be done to ensure that the AWS Lambda function can access the resources in the VPC. Choose 2 answers from the options given below
- A. Ensure that the subnet ID’s are mentioned when conguring the Lambda function
- B. Ensure that the NACL ID’s are mentioned when conguring the Lambda function
- C. Ensure that the Security Group ID’s are mentioned when conguring the Lambda function
- D. Ensure that the VPC Flow Log ID’s are mentioned when conguring the Lambda function
Top
Q52: You’ve currently been tasked to migrate an existing on-premise environment into Elastic Beanstalk. The application does not make use of Docker containers. You also can’t see any relevant environments in the beanstalk service that would be suitable to host your application. What should you consider doing in this case?
- A. Migrate your application to using Docker containers and then migrate the app to the Elastic Beanstalk environment.
- B. Consider using Cloudformation to deploy your environment to Elastic Beanstalk
- C. Consider using Packer to create a custom platform
- D. Consider deploying your application using the Elastic Container Service
Top
Q53: Company B is writing 10 items to the Dynamo DB table every second. Each item is 15.5Kb in size. What would be the required provisioned write throughput for best performance? Choose the correct answer from the options below.
- A. 10
- B. 160
- C. 155
- D. 16
Top
Q54: Which AWS Service can be used to automatically install your application code onto EC2, on premises systems and Lambda?
- A. CodeCommit
- B. X-Ray
- C. CodeBuild
- D. CodeDeploy
Top
Q55: Which AWS service can be used to compile source code, run tests and package code?
- A. CodePipeline
- B. CodeCommit
- C. CodeBuild
- D. CodeDeploy
Top
Q56: How can your prevent CloudFormation from deleting your entire stack on failure? (Choose 2)
- A. Set the Rollback on failure radio button to No in the CloudFormation console
- B. Set Termination Protection to Enabled in the CloudFormation console
- C. Use the –disable-rollback flag with the AWS CLI
- D. Use the –enable-termination-protection protection flag with the AWS CLI
Q57: Which of the following practices allows multiple developers working on the same application to merge code changes frequently, without impacting each other and enables the identification of bugs early on in the release process?
- A. Continuous Integration
- B. Continuous Deployment
- C. Continuous Delivery
- D. Continuous Development
Q58: When deploying application code to EC2, the AppSpec file can be written in which language?
- A. JSON
- B. JSON or YAML
- C. XML
- D. YAML
Q59: Part of your CloudFormation deployment fails due to a mis-configuration, by defaukt what will happen?
- A. CloudFormation will rollback only the failed components
- B. CloudFormation will rollback the entire stack
- C. Failed component will remain available for debugging purposes
- D. CloudFormation will ask you if you want to continue with the deployment
Top
Q60: You want to receive an email whenever a user pushes code to CodeCommit repository, how can you configure this?
- A. Create a new SNS topic and configure it to poll for CodeCommit eveents. Ask all users to subscribe to the topic to receive notifications
- B. Configure a CloudWatch Events rule to send a message to SES which will trigger an email to be sent whenever a user pushes code to the repository.
- C. Configure Notifications in the console, this will create a CloudWatch events rule to send a notification to a SNS topic which will trigger an email to be sent to the user.
- D. Configure a CloudWatch Events rule to send a message to SQS which will trigger an email to be sent whenever a user pushes code to the repository.
Top
Q61: Which AWS service can be used to centrally store and version control your application source code, binaries and libraries
- A. CodeCommit
- B. CodeBuild
- C. CodePipeline
- D. ElasticFileSystem
Top
Q62: You are using CloudFormation to create a new S3 bucket, which of the following sections would you use to define the properties of your bucket?
- A. Conditions
- B. Parameters
- C. Outputs
- D. Resources
Top
Q63: You are deploying a number of EC2 and RDS instances using CloudFormation. Which section of the CloudFormation template would you use to define these?
- A. Transforms
- B. Outputs
- C. Resources
- D. Instances
Top
Q64: Which AWS service can be used to fully automate your entire release process?
- A. CodeDeploy
- B. CodePipeline
- C. CodeCommit
- D. CodeBuild
Top
Q65: You want to use the output of your CloudFormation stack as input to another CloudFormation stack. Which sections of the CloudFormation template would you use to help you configure this?
- A. Outputs
- B. Transforms
- C. Resources
- D. Exports
Top
Q66: You have some code located in an S3 bucket that you want to reference in your CloudFormation template. Which section of the template can you use to define this?
- A. Inputs
- B. Resources
- C. Transforms
- D. Files
Top
Q67: You are deploying an application to a number of Ec2 instances using CodeDeploy. What is the name of the file
used to specify source files and lifecycle hooks?
- A. buildspec.yml
- B. appspec.json
- C. appspec.yml
- D. buildspec.json
Q68: Which of the following approaches allows you to re-use pieces of CloudFormation code in multiple templates, for common use cases like provisioning a load balancer or web server?
- A. Share the code using an EBS volume
- B. Copy and paste the code into the template each time you need to use it
- C. Use a cloudformation nested stack
- D. Store the code you want to re-use in an AMI and reference the AMI from within your CloudFormation template.
Q69: In the CodeDeploy AppSpec file, what are hooks used for?
- A. To reference AWS resources that will be used during the deployment
- B. Hooks are reserved for future use
- C. To specify files you want to copy during the deployment.
- D. To specify, scripts or function that you want to run at set points in the deployment lifecycle
Q70: Which command can you use to encrypt a plain text file using CMK?
- A. aws kms-encrypt
- B. aws iam encrypt
- C. aws kms encrypt
- D. aws encrypt
Q72: Which of the following is an encrypted key used by KMS to encrypt your data
- A. Custmoer Mamaged Key
- B. Encryption Key
- C. Envelope Key
- D. Customer Master Key
Q73: Which of the following statements are correct? (Choose 2)
- A. The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
- B. The Envelope Key or Data Key is used to encrypt and decrypt plain text files.
- C. The envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key.
- D. The Customer MasterKey is used to encrypt and decrypt plain text files.
Q74: Which of the following statements is correct in relation to kMS/ (Choose 2)
- A. KMS Encryption keys are regional
- B. You cannot export your customer master key
- C. You can export your customer master key.
- D. KMS encryption Keys are global
Q75: A developer is preparing a deployment package for a Java implementation of an AWS Lambda function. What should the developer include in the deployment package? (Select TWO.)
A. Compiled application code
B. Java runtime environment
C. References to the event sources
D. Lambda execution role
E. Application dependencies
Q76: A developer uses AWS CodeDeploy to deploy a Python application to a fleet of Amazon EC2 instances that run behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. What should the developer include in the CodeDeploy deployment package?
A. A launch template for the Amazon EC2 Auto Scaling group
B. A CodeDeploy AppSpec file
C. An EC2 role that grants the application access to AWS services
D. An IAM policy that grants the application access to AWS services
Q76: A company is working on a project to enhance its serverless application development process. The company hosts applications on AWS Lambda. The development team regularly updates the Lambda code and wants to use stable code in production. Which combination of steps should the development team take to configure Lambda functions to meet both development and production requirements? (Select TWO.)
A. Create a new Lambda version every time a new code release needs testing.
B. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready unqualified Amazon Resource Name (ARN) version. Point the Development alias to the $LATEST version.
C. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to the production-ready qualified Amazon Resource Name (ARN) version. Point the Development alias to the variable LAMBDA_TASK_ROOT.
D. Create a new Lambda layer every time a new code release needs testing.
E. Create two Lambda function aliases. Name one as Production and the other as Development. Point the Production alias to a production-ready Lambda layer Amazon Resource Name (ARN). Point the Development alias to the $LATEST layer ARN.
Q77: Each time a developer publishes a new version of an AWS Lambda function, all the dependent event source mappings need to be updated with the reference to the new version’s Amazon Resource Name (ARN). These updates are time consuming and error-prone. Which combination of actions should the developer take to avoid performing these updates when publishing a new Lambda version? (Select TWO.)
A. Update event source mappings with the ARN of the Lambda layer.
B. Point a Lambda alias to a new version of the Lambda function.
C. Create a Lambda alias for each published version of the Lambda function.
D. Point a Lambda alias to a new Lambda function alias.
E. Update the event source mappings with the Lambda alias ARN.
Q78: A company wants to store sensitive user data in Amazon S3 and encrypt this data at rest. The company must manage the encryption keys and use Amazon S3 to perform the encryption. How can a developer meet these requirements?
A. Enable default encryption for the S3 bucket by using the option for server-side encryption with customer-provided encryption keys (SSE-C).
B. Enable client-side encryption with an encryption key. Upload the encrypted object to the S3 bucket.
C. Enable server-side encryption with Amazon S3 managed encryption keys (SSE-S3). Upload an object to the S3 bucket.
D. Enable server-side encryption with customer-provided encryption keys (SSE-C). Upload an object to the S3 bucket.
Q79: A company is developing a Python application that submits data to an Amazon DynamoDB table. The company requires client-side encryption of specific data items and end-to-end protection for the encrypted data in transit and at rest. Which combination of steps will meet the requirement for the encryption of specific data items? (Select TWO.)
A. Generate symmetric encryption keys with AWS Key Management Service (AWS KMS).
B. Generate asymmetric encryption keys with AWS Key Management Service (AWS KMS).
C. Use generated keys with the DynamoDB Encryption Client.
D. Use generated keys to configure DynamoDB table encryption with AWS managed customer master keys (CMKs).
E. Use generated keys to configure DynamoDB table encryption with AWS owned customer master keys (CMKs).
Q80: A company is developing a REST API with Amazon API Gateway. Access to the API should be limited to users in the existing Amazon Cognito user pool. Which combination of steps should a developer perform to secure the API? (Select TWO.)
A. Create an AWS Lambda authorizer for the API.
B. Create an Amazon Cognito authorizer for the API.
C. Configure the authorizer for the API resource.
D. Configure the API methods to use the authorizer.
E. Configure the authorizer for the API stage.
Q81: A developer is implementing a mobile app to provide personalized services to app users. The application code makes calls to Amazon S3 and Amazon Simple Queue Service (Amazon SQS). Which options can the developer use to authenticate the app users? (Select TWO.)
A. Authenticate to the Amazon Cognito identity pool directly.
B. Authenticate to AWS Identity and Access Management (IAM) directly.
C. Authenticate to the Amazon Cognito user pool directly.
D. Federate authentication by using Login with Amazon with the users managed with AWS Security Token Service (AWS STS).
E. Federate authentication by using Login with Amazon with the users managed with the Amazon Cognito user pool.
Q82: A company is implementing several order processing workflows. Each workflow is implemented by using AWS Lambda functions for each task. Which combination of steps should a developer follow to implement these workflows? (Select TWO.)
A. Define a AWS Step Functions task for each Lambda function.
B. Define a AWS Step Functions task for each workflow.
C. Write code that polls the AWS Step Functions invocation to coordinate each workflow.
D. Define an AWS Step Functions state machine for each workflow.
E. Define an AWS Step Functions state machine for each Lambda function.
Q83: A company is migrating a web service to the AWS Cloud. The web service accepts requests by using HTTP (port 80). The company wants to use an AWS Lambda function to process HTTP requests. Which application design will satisfy these requirements?
A. Create an Amazon API Gateway API. Configure proxy integration with the Lambda function.
B. Create an Amazon API Gateway API. Configure non-proxy integration with the Lambda function.
C. Configure the Lambda function to listen to inbound network connections on port 80.
D. Configure the Lambda function as a target in the Application Load Balancer target group.
Q84: A company is developing an image processing application. When an image is uploaded to an Amazon S3 bucket, a number of independent and separate services must be invoked to process the image. The services do not have to be available immediately, but they must process every image. Which application design satisfies these requirements?
A. Configure an Amazon S3 event notification that publishes to an Amazon Simple Queue Service (Amazon SQS) queue. Each service pulls the message from the same queue.
B. Configure an Amazon S3 event notification that publishes to an Amazon Simple Notification Service (Amazon SNS) topic. Each service subscribes to the same topic.
C. Configure an Amazon S3 event notification that publishes to an Amazon Simple Queue Service (Amazon SQS) queue. Subscribe a separate Amazon Simple Notification Service (Amazon SNS) topic for each service to an Amazon SQS queue.
D. Configure an Amazon S3 event notification that publishes to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe a separate Simple Queue Service (Amazon SQS) queue for each service to the Amazon SNS topic.
Q85: A developer wants to implement Amazon EC2 Auto Scaling for a Multi-AZ web application. However, the developer is concerned that user sessions will be lost during scale-in events. How can the developer store the session state and share it across the EC2 instances?
A. Write the sessions to an Amazon Kinesis data stream. Configure the application to poll the stream.
B. Publish the sessions to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe each instance in the group to the topic.
C. Store the sessions in an Amazon ElastiCache for Memcached cluster. Configure the application to use the Memcached API.
D. Write the sessions to an Amazon Elastic Block Store (Amazon EBS) volume. Mount the volume to each instance in the group.
Q86: A developer is integrating a legacy web application that runs on a fleet of Amazon EC2 instances with an Amazon DynamoDB table. There is no AWS SDK for the programming language that was used to implement the web application. Which combination of steps should the developer perform to make an API call to Amazon DynamoDB from the instances? (Select TWO.)
A. Make an HTTPS POST request to the DynamoDB API endpoint for the AWS Region. In the request body, include an XML document that contains the request attributes.
B. Make an HTTPS POST request to the DynamoDB API endpoint for the AWS Region. In the request body, include a JSON document that contains the request attributes.
C. Sign the requests by using AWS access keys and Signature Version 4.
D. Use an EC2 SSH key to calculate Signature Version 4 of the request.
E. Provide the signature value through the HTTP X-API-Key header.
Q87: A developer has written several custom applications that read and write to the same Amazon DynamoDB table. Each time the data in the DynamoDB table is modified, this change should be sent to an external API. Which combination of steps should the developer perform to accomplish this task? (Select TWO.)
A. Configure an AWS Lambda function to poll the stream and call the external API.
B. Configure an event in Amazon EventBridge (Amazon CloudWatch Events) that publishes the change to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) data stream.
C. Create a trigger in the DynamoDB table to publish the change to an Amazon Kinesis data stream.
D. Deliver the stream to an Amazon Simple Notification Service (Amazon SNS) topic and subscribe the API to the topic.
E. Enable DynamoDB Streams on the table.
Q88: A company is migrating the create, read, update, and delete (CRUD) functionality of an existing Java web application to AWS Lambda. Which minimal code refactoring is necessary for the CRUD operations to run in the Lambda function?
A. Implement a Lambda handler function.
B. Import an AWS X-Ray package.
C. Rewrite the application code in Python.
D. Add a reference to the Lambda execution role.
Q89: A company plans to use AWS log monitoring services to monitor an application that runs on premises. Currently, the application runs on a recent version of Ubuntu Server and outputs the logs to a local file. Which combination of steps should a developer perform to accomplish this goal? (Select TWO.)
A. Update the application code to include calls to the agent API for log collection.
B. Install the Amazon Elastic Container Service (Amazon ECS) container agent on the server.
C. Install the unified Amazon CloudWatch agent on the server.
D. Configure the long-term AWS credentials on the server to enable log collection by the agent.
E. Attach an IAM role to the server to enable log collection by the agent.
Q90: A developer wants to monitor invocations of an AWS Lambda function by using Amazon CloudWatch Logs. The developer added a number of print statements to the function code that write the logging information to the stdout stream. After running the function, the developer does not see any log data being generated. Why does the log data NOT appear in the CloudWatch logs?
A. The log data is not written to the stderr stream.
B. Lambda function logging is not automatically enabled.
C. The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.
D. The Lambda function outputs the logs to an Amazon S3 bucket.
AWS Certified Developer Associate exam: Whitepapers
AWS has provided whitepapers to help you understand the technical concepts. Below are the recommended whitepapers for the AWS Certified Developer – Associate Exam.
- Overview of Amazon Web Services
- Architecting for the Cloud: AWS Best Practices
- AWS Security Best Practices whitepaper, August 2016
- AWS Well-Architected Framework whitepaper, November 2017 Version 1.3 DVA-C01 Page |2
- Architecting for the Cloud AWS Best Practices whitepaper, February, 2016
- Practicing Continuous Integration and Continuous Delivery on AWS Accelerating Software Delivery with DevOps whitepaper, June 2017
- Microservices on AWS whitepaper, September 2017
- Serverless Architectures with AWS Lambda whitepaper, November 2017
- Optimizing Enterprise Economics with Serverless Architectures whitepaper, October 2017
- Running Containerized Microservices on AWS whitepaper, November 2017
- Blue/Green Deployments on AWS whitepaper, August 2016
Online Training and Labs for AWS Certified Developer Associates Exam
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
AWS Developer Associates Jobs
AWS Certified Developer-Associate Exam info and details, How To:
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
The AWS Certified Developer Associate exam is a multiple choice, multiple answer exam. Here is the Exam Overview:
- Certification Name: AWS Certified Developer Associate.
- Prerequisites for the Exam: None.
- Exam Pattern: Multiple Choice Questions
- The AWS Certified Developer-Associate Examination (DVA-C01) is a pass or fail exam. The examination is scored against a minimum standard established by AWS professionals guided by certification industry best practices and guidelines.
- Your results for the examination are reported as a score from 100 – 1000, with a minimum passing score of 720.
- Exam fees: US $150
- Exam Guide on AWS Website
- Available languages for tests: English, Japanese, Korean, Simplified Chinese
- Read AWS whitepapers
- Register for certification account here.
- Prepare for Certification Here
-
Exam Content Outline
Domain % of Examination Domain 1: Deployment (22%)
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
1.2 Deploy applications using Elastic Beanstalk.
1.3 Prepare the application deployment package to be deployed to AWS.
1.4 Deploy serverless applications22% Domain 2: Security (26%)
2.1 Make authenticated calls to AWS services.
2.2 Implement encryption using AWS services.
2.3 Implement application authentication and authorization.26% Domain 3: Development with AWS Services (30%)
3.1 Write code for serverless applications.
3.2 Translate functional requirements into application design.
3.3 Implement application design into application code.
3.4 Write code that interacts with AWS services by using APIs, SDKs, and AWS CLI.30% Domain 4: Refactoring
4.1 Optimize application to best use AWS services and features.
4.2 Migrate existing application code to run on AWS.10% Domain 5: Monitoring and Troubleshooting (10%)
5.1 Write code that can be monitored.
5.2 Perform root cause analysis on faults found in testing or production.10% TOTAL 100%
AWS Certified Developer Associate exam: Additional Information for reference
Below are some useful reference links that would help you to learn about AWS Certified Developer Associate Exam.
- Developing on AWS: An instructor-led live or virtual 3-day course
- https://aws.amazon.com/certification/faqs/
- AWS Digital Training: Application Services, Developer Tools, and other services covered on the exam
- Prepare for AWS Certification
- AWS EC2 Instance info
- AWS Certified Developer Associate Exam Guide
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Other Relevant and Recommended AWS Certifications

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
- AWS Certified Cloud Practitioner
- AWS Certified Solutions Architect – Associate
- AAWS Certified Developer – Associate
- AWS Certified SysOps Administrator – Associate
- AWS Certified Solutions Architect – Professional
- AWS Certified DevOps Engineer – Professional
- AWS Certified Big Data Specialty
- AWS Certified Advanced Networking.
- AWS Certified Security – Specialty
Other AWS Facts and Summaries and Questions/Answers Dump
- AWS S3 facts and summaries and Q&A Dump
- AWS DynamoDB facts and summaries and Questions and Answers Dump
- AWS EC2 facts and summaries and Questions and Answers Dump
- AWS Serverless facts and summaries and Questions and Answers Dump
- AWS Developer and Deployment Theory facts and summaries and Questions and Answers Dump
- AWS IAM facts and summaries and Questions and Answers Dump
- AWS Lambda facts and summaries and Questions and Answers Dump
- AWS SQS facts and summaries and Questions and Answers Dump
- AWS RDS facts and summaries and Questions and Answers Dump
- AWS ECS facts and summaries and Questions and Answers Dump
- AWS CloudWatch facts and summaries and Questions and Answers Dump
- AWS SES facts and summaries and Questions and Answers Dump
- AWS EBS facts and summaries and Questions and Answers Dump
- AWS ELB facts and summaries and Questions and Answers Dump
- AWS Autoscaling facts and summaries and Questions and Answers Dump
- AWS VPC facts and summaries and Questions and Answers Dump
- AWS KMS facts and summaries and Questions and Answers Dump
- AWS Elastic Beanstalk facts and summaries and Questions and Answers Dump
- AWS CodeBuild facts and summaries and Questions and Answers Dump
- AWS CodeDeploy facts and summaries and Questions and Answers Dump
- AWS CodePipeline facts and summaries and Questions and Answers Dump
AWS Certified Developer Associate exam: Whitepapers
AWS has provided whitepapers to help you understand the technical concepts. Below are the recommended whitepapers for the AWS Certified Developer – Associate Exam.
- Overview of Amazon Web Services
- Architecting for the Cloud: AWS Best Practices
- AWS Security Best Practices whitepaper, August 2016
- AWS Well-Architected Framework whitepaper, November 2017 Version 1.3 DVA-C01 Page |2
- Architecting for the Cloud AWS Best Practices whitepaper, February, 2016
- Practicing Continuous Integration and Continuous Delivery on AWS Accelerating Software Delivery with DevOps whitepaper, June 2017
- Microservices on AWS whitepaper, September 2017
- Serverless Architectures with AWS Lambda whitepaper, November 2017
- Optimizing Enterprise Economics with Serverless Architectures whitepaper, October 2017
- Running Containerized Microservices on AWS whitepaper, November 2017
- Blue/Green Deployments on AWS whitepaper, August 2016
Online Training and Labs for AWS Certified Developer Associates Exam
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
AWS Developer Associates Jobs
AWS Certified Developer-Associate Exam info and details, How To:
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
The AWS Certified Developer Associate exam is a multiple choice, multiple answer exam. Here is the Exam Overview:
- Certification Name: AWS Certified Developer Associate.
- Prerequisites for the Exam: None.
- Exam Pattern: Multiple Choice Questions
- The AWS Certified Developer-Associate Examination (DVA-C01) is a pass or fail exam. The examination is scored against a minimum standard established by AWS professionals guided by certification industry best practices and guidelines.
- Your results for the examination are reported as a score from 100 – 1000, with a minimum passing score of 720.
- Exam fees: US $150
- Exam Guide on AWS Website
- Available languages for tests: English, Japanese, Korean, Simplified Chinese
- Read AWS whitepapers
- Register for certification account here.
- Prepare for Certification Here
-
Exam Content Outline
Domain % of Examination Domain 1: Deployment (22%)
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns.
1.2 Deploy applications using Elastic Beanstalk.
1.3 Prepare the application deployment package to be deployed to AWS.
1.4 Deploy serverless applications22% Domain 2: Security (26%)
2.1 Make authenticated calls to AWS services.
2.2 Implement encryption using AWS services.
2.3 Implement application authentication and authorization.26% Domain 3: Development with AWS Services (30%)
3.1 Write code for serverless applications.
3.2 Translate functional requirements into application design.
3.3 Implement application design into application code.
3.4 Write code that interacts with AWS services by using APIs, SDKs, and AWS CLI.30% Domain 4: Refactoring
4.1 Optimize application to best use AWS services and features.
4.2 Migrate existing application code to run on AWS.10% Domain 5: Monitoring and Troubleshooting (10%)
5.1 Write code that can be monitored.
5.2 Perform root cause analysis on faults found in testing or production.10% TOTAL 100%
AWS Certified Developer Associate exam: Additional Information for reference
Below are some useful reference links that would help you to learn about AWS Certified Developer Associate Exam.
- Developing on AWS: An instructor-led live or virtual 3-day course
- https://aws.amazon.com/certification/faqs/
- AWS Digital Training: Application Services, Developer Tools, and other services covered on the exam
- Prepare for AWS Certification
- AWS EC2 Instance info
- AWS Certified Developer Associate Exam Guide
The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
Other Relevant and Recommended AWS Certifications

The Cloud is the future: Get Certified now.
The AWS Certified Solution Architect Average Salary is: US $149,446/year. Get Certified with the App below:
- AWS Certified Cloud Practitioner
- AWS Certified Solutions Architect – Associate
- AAWS Certified Developer – Associate
- AWS Certified SysOps Administrator – Associate
- AWS Certified Solutions Architect – Professional
- AWS Certified DevOps Engineer – Professional
- AWS Certified Big Data Specialty
- AWS Certified Advanced Networking.
- AWS Certified Security – Specialty
Other AWS Facts and Summaries and Questions/Answers Dump
- AWS S3 facts and summaries and Q&A Dump
- AWS DynamoDB facts and summaries and Questions and Answers Dump
- AWS EC2 facts and summaries and Questions and Answers Dump
- AWS Serverless facts and summaries and Questions and Answers Dump
- AWS Developer and Deployment Theory facts and summaries and Questions and Answers Dump
- AWS IAM facts and summaries and Questions and Answers Dump
- AWS Lambda facts and summaries and Questions and Answers Dump
- AWS SQS facts and summaries and Questions and Answers Dump
- AWS RDS facts and summaries and Questions and Answers Dump
- AWS ECS facts and summaries and Questions and Answers Dump
- AWS CloudWatch facts and summaries and Questions and Answers Dump
- AWS SES facts and summaries and Questions and Answers Dump
- AWS EBS facts and summaries and Questions and Answers Dump
- AWS ELB facts and summaries and Questions and Answers Dump
- AWS Autoscaling facts and summaries and Questions and Answers Dump
- AWS VPC facts and summaries and Questions and Answers Dump
- AWS KMS facts and summaries and Questions and Answers Dump
- AWS Elastic Beanstalk facts and summaries and Questions and Answers Dump
- AWS CodeBuild facts and summaries and Questions and Answers Dump
- AWS CodeDeploy facts and summaries and Questions and Answers Dump
- AWS CodePipeline facts and summaries and Questions and Answers Dump
AWS Breaking News and Top Stories
- Architecture Advise (Cloudfront / S3 / ALB / Fargate)by /u/Elezium
Howdy, We are in the process of migrating some of our applications to AWS. We will use ECS Fargate for our RestAPI (Spring) and our frontends are React / Angular. I was thinking about the best way around it and I would appreciate some advise from the expert out there! Our applications are public so I was thinking Cloudfront / S3. Where I am less sure is the communication with the Fargate Backend. I see some possible scenarios: CloudFront / S3 -> API Gateway (RestAPi proxy mode) -> ALB -> AWS Fargate or CloudFront / S3 -> ALB (public) -> AWS Fargate Authorization is currently managed by the RestAPI so we would not use that API Gateway feature. API Key could be useful. Throttling at the ALB level can be done with a WAF. So I'm wondering if using an API Gateway in this scenario adds values or just complexity? Other suggestion for this type of architecture are welcome too. 😉 Thanks! submitted by /u/Elezium [link] [comments]
- IAM policy not working on groupby /u/masterjx9
I created a test policy to see the permissions work. The policy: Gives access to everything. Its just a test, so its not a real thing we are going to do. It is suppose to enforce mfa. Here is what the policy looks like: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "*", "Resource": "*", "Condition": { "BoolIfExists": { "aws:MultiFactorAuthPresent": "true" } } } ] } I added the test policy to a test group and added a test user to the test group. However, when I login to the console with the test user, it doesn't force the user to use MFA. Also, it blocks the user from IAM, S3, etc saying that the user doesn't have permissions even though he is in a group that has a policy for access to everything. Any ideas? I am new to AWS so I could be missing a concept. (Again, this is just a test. I really don't want to have to explain why the policy is for everything. Its more of a concept to test permissions on a policy that can be applied to a group with IAM users. submitted by /u/masterjx9 [link] [comments]
- Square Brackets [ ] are causing output errors in Event Bridge Input Transformer? How to fix?by /u/alex6219
Here's a sample code that I'm trying to extract from: { "detail": { "responseElements": { "failedRequests": [], "pendingRequests": [{ <--------------- [ causes issues with output "bundleId": "xxx-xxxxxxxxx", "rootVolumeEncryptionEnabled": false, "userVolumeEncryptionEnabled": false, "workspaceId": "xx-xxxxxxxxx", "userName": "testwebsite.com\\username", "directoryId": "x-xxxxxxxxx", "state": "PENDING" }] <---------------------------------- ] causes issues with output } } } In my Input Path, I've entered the following: "user": "$.detail.responseElements.pendingRequests.userName", "workspace": "$.detail.responseElements.pendingRequests.workspaceId" I get an error message saying "Output can not be generated, because field "$.detail.responseElements.pendingRequests.workspaceId" can not be found in the sample event" But if I remove the [ ] from the sample code, everything works perfectly. However, I need those [ ] to be included in the code as that is what is included in the original event. How can I get the Input Paths to work if there is a [ ] in the variable? EDIT: For anyone that comes across this post, I added [0] to the input variable after pendingRequests: ex. "workspace": "$.detail.responseElements.pendingRequests[0].workspaceId" submitted by /u/alex6219 [link] [comments]
- Alternative to ffmpegby /u/eyekay234
I'm presently running ffmpeg for video transcoding and encoding and experience a huge latency of 7-11secs delay. Does anyone know any alternative to ffmpeg i can use to achieve anything within the range of 0-3secs latency or a better way for encoding ffmpeg to help achieve this as I'm presently running it on a c6 instance submitted by /u/eyekay234 [link] [comments]
- Auto scaling and Elastic Ipby /u/eyekay234
I have three sets of ec2 instances that have three different elastic ips attached to them. There's a need for me to create a different auto scaling group say ASG1 for the first instance, ASG2 for the second and ASG3 for the third. The issues I'm having now are divided into two. (1) I have to add each of these instances into the various autoscaling groups and ensure that they dont get terminated when there's a scale in (2) Wondering what happens and how to configure the assigned elastic ip addresses as the application attached to these instances all communicate with those instances via the assigned elastic ips submitted by /u/eyekay234 [link] [comments]
- AWS role and policyby /u/tall_sand_2020
How does your organization manage the creation and maintenance of roles and policies within AWS accounts to ensure they are delivered in a timely manner and are least privilege? Who owns that function? Your cyber security team? Or your AWS platform team? submitted by /u/tall_sand_2020 [link] [comments]
- Create global admin that isn't root userby /u/masterjx9
I am looking though an aws environment and I was trying configure the best permission policy that would allow a user to do everything, but they are not root user. I saw a policy already called "Administrators" that looked like this: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" }, { "Effect": "Deny", "Action": "iam:Delete*", "Resource": "*" } ] } Is that a good policy for an administrator who can do everything but isn't root?What is a good link to find actions that pertain to allow or deny for a resource? submitted by /u/masterjx9 [link] [comments]
- AWS consultant is proposing wide open subscribe and receive policies in IoT. Should we be concerned?by /u/ancap_attack
I'm part of a company doing a large scale IoT migration and we've been working with some AWS consultants to assist us in setting up AWS resources. My concern is what they are proposing as the device to mobile app architecture - they want us to allow the mobile app to subscribe directly to device-level topics, using a wildcard policy attached to the Cognito identity of the user to facilitate this. This worries me because using this policy, ANY authenticated user of our app could listen to ANY device topic if they were able to get the credentials from the app and set up a connection to the IoT endpoint, or possibly if they were super advanced, modify the compiled application code directly to change the topic subscriptions. The consultant has said that the credentials shouldn't get out of the application and if they do, you have bigger problems on your hands. The way I see it, topics should be delimited by the Cognito identityId and users should not be able to subscribe to topics that don't start with that identityId, but this requires that we set up some sort of iot republisher lambda that can use our business logic that maps devices to users. The other option is to make IoT policies that are specific to a given user, but managing the updating and deleting of those policies when devices get registered and deregistered seems like a nightmare. Curious if anyone else has implemented IoT subscriptions on mobile devices and if this concern has come up or possibly been addressed in a different way. I'm just kind of shocked that someone who does full time professional AWS consulting isn't wanting to utilize security built into IoT and IAM. submitted by /u/ancap_attack [link] [comments]
- Lambda with APIGW OR Lambda with CloudFrontby /u/kickyblue
Hey folks, I've written a Lambda function (In Java), which returns a gif for every request it receives (based on the parameters passed). The Invoker is APIGW using HTTP endpoints. Everything works fine so far. I am just wondering if I should use CloudFront as the invoker instead of APIGW? This link will be attached to our email campaigns concealed in an image tag. submitted by /u/kickyblue [link] [comments]
- Introducing the new AWS Step Functions Workflows Collectionby /u/ckilborn
submitted by /u/ckilborn [link] [comments]
- Can VPC to VPC tunnel IP respond to ICMP over VPC to on-prem tunnel?by /u/LarrBearLV
I have a VPC that is connected to a customer's VPC via S2S VPN. My VPC also connects to on-prem via a S2S VPN. Can the VPC to VPC tunnel IP (169.254.x.x) responded to ICMPs coming over the VPC to on-prem tunnel? I can ping the tunnel IPs of the VPC to on-prem from on-prem. I have advertised the VPC to VPC tunnel IPs to my on-prem via prefx-list and they are in the route table on-prem, but no ICMP response. On-prem is advertising a default route to my VPC. They are all on same transit gateway. Possibly the VPC to VPC tunnel IPs can only communicate over their tunnel and that's it? The ICMP is for our monitoring via NMS. submitted by /u/LarrBearLV [link] [comments]
- How do I create a proxy for an s3 bucket?by /u/Drauxus
I am a complete noob and could really use some help with this. I need to setup a proxy for an s3 bucket. I've looked around online but everything I have seen either doesn't match what I am looking for or I don't understand what they are doing. I'm hoping someone here might be able to point in the right direction. submitted by /u/Drauxus [link] [comments]
- Noob Billing Question - I read the sticky!by /u/Fuersty
I have used EC2 and S3 reasonably extensively at my day job. I'm obviously not as concerned with day to day budgets there, and our needs are quite simple and its pretty straight forward to figure out our costs. On my own time I've spun up a non-free EC2 instance and have started running some tests sending data in and out of it over the past 24 hours. For the life of me I cannot figure out how much I've spent (or will be charged for) in these last 24 hours. It looks like you can create some sort of costing report, but doing so requires a S3 bucket for them to deliver the report to? Which I don't have. I found the "Cost Explorer" feature which has a ready made template called "Daily Costs" but I run that and it says it requires at least 4 days before it will show any data? I can run a CSV report that breaks down every Amazon service I'm touching and it has a "Usage Value" column that I'm assuming associated with the number of "units" of that service I consumed, but no actual costs? Good lord, I know I am missing something simple, I imagine? How can I make sure something isn't going wildly unexpected beyond the $0.056 an hour for the EC2 instance itself?? I know I'm paying more for egress and ingress and all that other fun stuff.. but how much? submitted by /u/Fuersty [link] [comments]
- How to configure s3 server side access logs to multiple bucketsby /u/bibi143143
We have our customer S3 access log delivered to a s3 bucket in our production account.The customer also want access to those logs but we can not give them access to our production account to read the logs.Is it possible to configure s3 server side access logs to deliver to multiple s3 buckets in different AWS account.If not please how can I solve this issue without given the customer access to our production account. submitted by /u/bibi143143 [link] [comments]
- List of EventNames from CloudTrailby /u/sqdge
I'm wondering if anyone knows where I can find a list of all EventNames that could be recorded by CloudTrail, organized by the system that might send them (e.g. "WAF", "Lambda", "API Gateway", etc.). I've come across https://www.gorillastack.com/blog/real-time-events/cloudtrail-event-names/ but the list isn't comprehensive. Additionally, I'm aware of https://gist.github.com/pkazi/8b5a1374771f6efa5d55b92d8835718c but it doesn't tell me which product produces those event names. I would have expected AWS to have that resource, but I've looked in the AWS Docs but can't seem to find anything. submitted by /u/sqdge [link] [comments]
- Using Systems Manager to download and run scripts on EC2 instancesby /u/bitbythecron
Is it possible to host a shell script (doesn't have to be shell or bash, could be python if absolutely needed) in either S3 or GitHub, and configure AWS Systems Manager to deploy that script to a given EC2 instance and run it? If not, is there any way to automate a script deployment + execution on an EC2 instance? And if there is a way to do this, then the next question is: can I trigger this Systems Manager deployment/execution from a CloudWatch/EventBridge Event and/or a Lambda (and if so, how)? submitted by /u/bitbythecron [link] [comments]
- IAM Changes not taking effectby /u/jonathantn
Is anyone else noticing that IAM changes in us-east-1 don't seem to be taking effect quickly? (yes, us-east-1 is not good for you). I'm having a devil of a time getting the IAM role changed to allow invocation of a lambda function from a step function. I've verified all the permissions and ARN. Waiting to talk with someone from AWS support, but curious if anyone else is having issues this morning? submitted by /u/jonathantn [link] [comments]
- AWS IoT - Do I store the access and secret keys as environment variables on the device for production?by /u/FooBazBar01
The devices I'm working on use the AWS SDK for IoT services. Unless I'm missing something and there's another way, the SDK requires you to use access and secret keys. What are the best practices for this when you go into production? What happens if I store them as environmental variables and they get compromised? submitted by /u/FooBazBar01 [link] [comments]
- Can I show the password policy/complexity in the password change page?by /u/No-Wallaby6514
I want to force users to change their password, but when they are redirected to the password changing password, there is no information on the password requirements. Example It says password does not conform to the account password policy, but I want it to say, for example: At least 12 characters (required for your Muhlenberg password)—the more characters, the better A mixture of both uppercase and lowercase letters A mixture of letters and numbers Inclusion of at least one special character, e.g., ! @ # ? ] I Googled for this but didn't quite find what I need. Maybe I'm missing something? submitted by /u/No-Wallaby6514 [link] [comments]
- terragrunt in production?by /u/subhumanprimate
Has anyone any experience? Would they do it again? Happy? Unhappy? Gotchas? submitted by /u/subhumanprimate [link] [comments]
- What's the difference between AWS Athena and Databricks SQL Serverless?by /u/the_travelo_
submitted by /u/the_travelo_ [link] [comments]
- Just updated my Serverless Backend Template by including Jest for testing and Commitlint for better commit message. Built with Node.js + TypeScript + Serverless Framework + ESLint + Prettier + Husky + Lint-Staged + VSCode + Dotenvby /u/ixartz
Recently, I was spending my time to write tests for my project. So, I took also the opportunity to update my Node.js Starter template. Now, it includes Jest as the testing framework. Everything is configured for you, you only need to write tests 😉 Here is the link to the Node.js Boilerplate code: https://github.com/ixartz/Serverless-Boilerplate-Express-TypeScript Using Express.js on AWS Lambda is extremely controversial, I got question all the time why I'm using Express.js on Serverless environment. I'm using AWS Lambda Function URLs and there is no API gateway. It also means there is no cost related to API gateway, cheaper and less things to manage. Of course, if you need advanced feature, you can definitively switch to API gateway easily, you only need to update the configuration file (only 2/3 lines of configuration) Serverless framework Offline Support with serverless-offline Environment variable with serverless-dotenv Live Reload ExpressJS TypeScript with Strict mode ESLint with Airbnb configuration Prettier, integrated to ESLint Husky Commitlint Lint-Staged Running linter Running type checking before committing Jest VSCode with breakpoint and debugging with extension and tasks Totally open to feedback and suggestion. submitted by /u/ixartz [link] [comments]
- Network Load Balancer not routing traffic on private subnetby /u/BeardNashor
Hi guys, I've been trying for a week now to set up a load balancer with ECS but I just can't figure out why It doesn't route my traffic on a private subnet and I'm running out of options, so if anyone can give me at least a hint of what to do it would be very appreciated. Current setup: (all in the same VPC) public subnet VPN node (ec2) Internet and Nat gateways private subnet Network load balancer ECS cluster node (ec2) running a few containers Varnish Nginx phpfpm Notes: I need intercommunication between containers. So for example, if I send a request to the load balancer on port 80 where Varnish's service is listening. Then Varnish should make another request to the load balancer on port 8080 where Nginx is listening, and so on until the initial request is satisfied. I know that if the LB is inside the private subnet it won't be reachable from the internet, but it should still work if requests are made from the VPN node. The LB is set to internal schema inside the private subnet Current behavior: If I curl the LB standing in the VPN node, the request reaches Varnish but it seems that Varnish cannot reach Nginx for some reason and returns an error. If I curl the LB standing in the ECS node (that is inside the private subnet) it doesn't reach Varnish and the curl request hangs. [Important] If I put the LB inside the public subnet, leaving the ECS in the private. It all works just fine. I can curl the LB from the VPN or the ECS node and all the containers can communicate between them using the LB. I think this means the following Configurations are fine and the "app" it's working Security Groups are fine and are not filtering my requests Unfortunately I can't leave the LB in a public subnet because It would expose ports that shouldn't be reachable from internet submitted by /u/BeardNashor [link] [comments]
- ALB 502 error, not fixingby /u/Salt-Amoeba-7255
I have set up an ALB but it keeps giving a 502 error. I am directing traffic to a target group with instance that is marked as healthy. In the ec2 instance nginx logs I can see the health checks reaching the instance. However, when I attempt to access the site from the configured domain (matched to load balancer) I'm getting a 502 error and no logs are generated on the ec2 instance (i.e. request isn't reaching it). I've temporarily allowed all traffic from all ports to the EC2 instance (to debug) and also all traffic is allowed to the ALB, however the issue isn't fixing. The EC2 instance has a django app running behind nginx, it works fine with letsencrypt also on the instance. I've since removed letsencrypt and terminating SSL at the ALB level however this leads to the 502 error. Can anyone help? submitted by /u/Salt-Amoeba-7255 [link] [comments]
- A Beginner Friendly Introduction to Pipelines and Terraformby /u/andreacavagna
submitted by /u/andreacavagna [link] [comments]
- Check it first: operating within Amazon Web Services (AWS) and billingby /u/goguppy
Hello and welcome to the /r/AWS subreddit! We are here to support those that are new to Amazon Web Services (AWS) along with those that continue to maintain and deploy on the AWS Cloud! An important consideration of utilizing the AWS Cloud is controlling operational expense (costs) when maintaining your AWS resources and services utilized. We've curated a set of documentation, articles and posts that help to understand costs along with controlling them accordingly. See below for recommended reading based on your AWS journey: If you're new to AWS and want to ensure you're utilizing the free tier.. What is the AWS Free Tier, and how do I use it? How do I make sure I don't incur charges when I'm using the AWS Free Tier? A Beginner’s Guide to AWS Cost Management Using the AWS Free Tier If you're a regular user (think: developer / engineer / architect) and want to ensure costs are controlled and reduce/eliminate operational expense surprises.. AWS Well-Architected Framework: Cost Optimization Pillar AWS Cost Optimization Best Practices How to manage cost overruns in your AWS multi-account environment pt1 How to manage cost overruns in your AWS multi-account environment pt2 Continued reading material, straight from the /r/AWS community.. Please note, this is a living thread and we'll do our best to continue to update it with new resources/blog posts/material to help support the community. Thank you! Your /r/AWS Moderation Team submitted by /u/goguppy [link] [comments]
- Does this mean that I passed the cloud practitioner? I never saw a pass/fail screen I also don’t have a pass/fail status on Pearsonby /u/ElChappyShampoo
submitted by /u/ElChappyShampoo [link] [comments]
- I made this to help me pass whilst studying for my Cloud Practitioner examby /u/justajolt
Cloud practitioner practise tool I've found it useful, so I've polished it up a little and here it is. I usually do a session of 40-50 questions, then study the stuff that the report says I'm rubbish at! The drill mode is especially harsh in exposing what I do and don't know. Fill yer boots. submitted by /u/justajolt [link] [comments]
- Interview with Amazonby /u/PuzzleheadedSet3615
Just received an Email from AWS as a SR cloud support engineer, I don't remember applying for a SR position. I was aiming for an entry level . What do I do? submitted by /u/PuzzleheadedSet3615 [link] [comments]
- During exam materialsby /u/cult_of_me
Hello fellow exam takers! Regarding SAA-C02: are any materials (personal notes for example) are allowed to be used during the test? or am I to rely on my memory only? I could not find any mentions of it in the documentation. Thanks! submitted by /u/cult_of_me [link] [comments]
- Did anyone feel confident after taking an exam but later find out you had failed?by /u/PacePossible1408
I just took the cloud practitioner test. I feel really confident about it. I find the test surprisingly easy. But since the test is easy, I need to get more questions correct to pass. When I took Udemy tests, I only passed 3/6 so I’m worried that my confidence is misplaced. It sucks that I have to wait for results. I only used a cloud guru as a resource. I took practice tests on Udemy but didn’t take any courses on there. submitted by /u/PacePossible1408 [link] [comments]
- Cannot check into my certification examby /u/johnsmithx0
I scheduled an exam with Pearson VUE I ran the system requirements TWICE, once on the day I registered and 30 minutes before the exam. I was given the green light to just check in on the exam date but the day arrived and I couldn't check-in. I am confused regarding the start time I don't know if it's local time or some other time zone I scheduled it for 9:45 p.m. and I was checking in at 9:15 as per the instructions and no matter how many times I ran the software I could not check-in. Is " Etc/GMT+8 - GMT-08:00" another time zone? is it EST? I had to reschedule and luckily I was able to for tomorrow. I am concerned I am going to run into the same issue again can someone who's taken the exam with Pearson VUE please let me know if you ran into the same issue and or what I can do to not run into this issue tomorrow. submitted by /u/johnsmithx0 [link] [comments]
- Hi, I’ve developer associate exam after 2 weeks. I’ve 6 months of experience in AWS and I’ve completed Stephane Maarek’s courses. Anyone tips or suggestions would be helpful. TIA.by /u/ninjafrmIn
submitted by /u/ninjafrmIn [link] [comments]
- Maarek or Cantrill course for SAA-CO2?by /u/um_rr
I recently passed the CCP and am moving on to SAA. I hope to take and pass the exam by August 30th which is the last date for the current C02 exam and wanted to start prepping by choosing a course that would get me a good understanding of the material. I have fairly basic AWS experience in my work and took Maarek's CCP course which gave me a good understanding of the basics. I've also already purchased the TD/Boso SAA test prep course. What course would you recommend me to take to get a good understanding of the material and pass the SAA before the new exam comes out? submitted by /u/um_rr [link] [comments]
- SAA course on ACGby /u/TranceSoulBrother
For those that have studied for SAA on ACG, how up to date is the course? Couldn’t easily find when it was made. 2021 or 2022 or whatever. Is it worth spending time on it vs just the Cantrill course? submitted by /u/TranceSoulBrother [link] [comments]
- Just took the SAA-c02 exam; a word of warning!by /u/wheatleyjj
Wanted to jot something down whilst this was all still fresh in my mind. I have been using AWS for ~5-6 years, but not in an architecting capacity. Only my last year has been in a large organisation. I had the urge to get some AWS qualifications whilst talking with my teams so picked up the CCP exam which was pretty easy without prep. Moving to the solution architect one I thought I’d run through some of the material listed on the certification overview (I’ve never paid for explicit courses for other certs before, so why start now… right?) Using the twitch power hour series from last year, the practice exam and the practice questions set - along with some YouTube content I felt relatively confident until I’ve just taken it. It feels like there has been a shift in service focus/question depth that just wasn’t touched in the power hour series specifically. I’m hoping that it was limited to the 15 unscored beta questions with SAA-c03 coming in august, but I can’t help but dread that I’ve underestimated the exam. We will see tomorrow - but I would say to take some extra time looking for up to date resources (like this sub recommends /u/acantril / Stephane’s courses) - just to make sure you don’t get too flustered when you see something you don’t understand. submitted by /u/wheatleyjj [link] [comments]
- Just passed my Cloud Partitioner Exam in two weeks, with little to no knowledge of computer lingo starting. Some tips I recommend.by /u/Inner-Bus1926
Highly recommend watching YouTube videos on cloud partitioners free exams. Download apps regarding cloud partitioner exams so your study doesn’t stop when you’re in the bathroom. Think of real life scenarios and how it can be applied with what you learned so far. If you’re unsure of something, ALWAYS google or watch another video of it being explained. My methodology in learning is if you can’t explain it, you didn’t learn it. Lastly, the exam did consist a lot of Well-Built Architecture Framework and billing questions. Make sure that it’s well understood. submitted by /u/Inner-Bus1926 [link] [comments]
- No pass/fail status or screen after exam - Cloud Practitionerby /u/ElChappyShampoo
Took the CPC this morning and I felt like I did well but there was so pass/fail screen neither is there a pass/fail status on the Pearson VUI. Only status I have is „Exam Delivered Successfully“. Anyone have a similar experience? Let me know! submitted by /u/ElChappyShampoo [link] [comments]
- Stuck Trying to Loginby /u/Iconically_Lost
Hi, So I am trying to log into the AWS Training and Certification portal, and am failing to sing in since it doesn't give me the option. I'm at the "Sing in or Sign Up" and the only options I get are company email, partner, or AWS employee. I'm neither. I have done AWS exams in the past and do hold several certs. So I do have a valid Training account. It does give a 4th option, Amazon(shopping). If you click on this, it will sing in with you shopping list account and then ask to give it permission. So the problem is: The shopping account has the same email used, I do not wish to grant my shopping account access to my certification. As per the FAQ I should be able to use the AWS Training account I used previously without linking it to my shopping list. But I cannot figure out how to do it, and or to view my current certs or book new exams. So has anyone managed to log into their Certification portal, with just a regular email. *EDIT*, Half the issues with linking the shopping account with my Cert portal. Is that the shopping has my name shorthanded. But the cert are my full legal(passport/Driver Lic) name. I don't want to use this full name in my shopping. I like using my shorthanded version. I can't be the first person having this issue. As I spoke to 2x people in the office and both had the same issue a while ago. Apparently it was a nightmare to get AWS to correct it. https://preview.redd.it/czjv9s6ci6891.png?width=775&format=png&auto=webp&s=1bd046c4674399c491f92bce1a97ecd2586031b8 https://preview.redd.it/atgz7pgdi6891.png?width=926&format=png&auto=webp&s=4f796186cf0db13244b48e49faf05a26e5236d8c submitted by /u/Iconically_Lost [link] [comments]
- [Free] AWS Certified Solutions Architect Associate (SAA-C02) Self-study Resourcesby /u/Anastasia_IT
Hi community, We have new updates and fixes on the AWS Certified Solutions Architect Associate (SAA-C02) path, which you might find useful. It's absolutely free to enroll. https://examsdigest.com/courses/amazon-aws-saa-c02/ Changelog. [improve] Domain 2.0 Design High-Performing Architectures [improve] Domain 3.0 Design Secure Applications and Architectures Happy learning, Anastasia submitted by /u/Anastasia_IT [link] [comments]
- Passed SAA-C02 in 3 weeksby /u/Taron_G
Hi All, Got my pass for AWS SAA-C02, and I thought I'd do a write up of what I did and how the process went for me. I started studying almost exactly 3 weeks before the date of the exam. My resources were Stephane Maarek's udemy course, Maarek's set of 6 practise exams, and also the set of 6 tutorialsdojo practise exams (Jon Bonso). I did not read any whitepapers, or other resources. I did the udemy course at between 1.5x to 2x and skipped the hands-on videos. I did not do any of the hands-on excercises. I was impatient to start doing the practise tests, so I took the first of Maarek's set when I was only 45% of the way through the course. I continued to work through the course doing an exam every so often, doing the last 2 exams after I had completed the course. I only took each practise exam once, but reviewed the questions I got wrong several times. My scores were: 66%, 61%, 60%, 69%, 70% and 66%. I then started doing the tutorialsdojo practise exams. Again, I only took each exam once, my scores were: 77%, 74%, 83%, 77%, 75% and 86%. I felt that Maarek's practise exams were unbalanced compared to tutorialsdojo/jon bonso, as I scored the same on the first Maarek test, when I had done less than half the course, as I did on the last test when I had finished it. That doesn't seem right. They were still definitely worth doing however, and helped plug a lot of gaps that either weren't in the course or that didn't stick with me for whatever reason. I would suggest they need some rebalancing somehow. The real exam was more similar to the tutorialsdojo practise exams, but with fewer easy questions. Most questions were longer, asking about multiple services in one question, and the answers were also longer, taking more time to read and parse than either of the sets of practise exams. The overall difficulty of the exam was not too bad, and was about what I was expecting. I completed the real exam with 40 minutes to spare which I used to review flagged questions. I flagged about half the questions in the exam, but after reviewing them I only changed 1 answer. I had no issues with the exam proctors, and they said nothing to me after the initial check-in, or 'greet' as they call it. I did have a clear desk and uncluttered room. After submitting I got no pass/fail result, only this text, which I think is now standard for the exam: Thank you for taking the AWS Certified Solutions Architect - Associate exam. After your exam, AWS evaluates compliance with testing policies and procedures and the validity of exam results before the results are officially posted in your AWS Certification Account. This process can take up to 5 business days. When your results are available, you will receive an email stating your exam results and score report are available for download under Previous Exams. If your results are not available after 5 business days or if you have any questions about the AWS Certification program, please contact AWS Training and Certification Support (https://www.aws.training/Support). After nearly 24 hours the result appeared in the AWS certification 'Exam history' section as a pass (but no email, so check the portal), and had a link to a PDF which contained the score and breakdown of sections. I scored 833, which isn't bad after 3 weeks of study - but I should note that I do have previous experience in cloud, but no previous certs. I took the course and the cert to plug any gaps in my knowledge. It turned out that you can use AWS professionally and still only know a limited amount about a limited set of services, the ones that you directly use. I feel that taking the cert gave me a much better overview of AWS services and how they fit together, but actually doing real-world projects with the new services, and comparing them to other cloud offerings, is required to really have a reliable overview of the subject. Next I will be looking in Azure, GCP and Kubernetes. Hope this info helps someone! submitted by /u/Taron_G [link] [comments]
- Need help figuring out how to study for AWS CCPby /u/analuciferase
I’m pretty new to AWS and have no experience in the cloud. The biggest domain that i’m struggling with is technology. What are some resources that i can use to study the technology domain? submitted by /u/analuciferase [link] [comments]
- AWS Security Architect - Coding Interviewby /u/xaveri88
Is there anyone who applied for a security architect position at AWS Canada and able to share their experience? The recruiter also told me that there will be a live coding exam and I am curious to know what they will be asking me to code. Thanks submitted by /u/xaveri88 [link] [comments]
- Yet another SAA-C02 completion postby /u/PokingLaughingCrying
Hey everyone! I passed the SAA-C02 a few days ago with a score of 845/1000! I started studying mid march 2022 with u/acantril course. Absolutely incredible resource and worth the time it takes to complete. My studies with that finished at the beginning of June. Following up with that I used u/stephanemaarek course, but I skipped the labs and just focused on the content as a refresher. While I was doing this I practiced with tutorials dojo exams. I felt the difficulty was on par with the exam and was scoring between 85-90% on them. Thanks u/jon-bonso-tdojo! I'm really glad I did the u/stephanemaarek course as well, specifically the machine learning section the day before the exam definitely snagged me some points. I had 2 questions on it! Mostly just picking the correct service to use. I had a handful of questions about HPC's which was interesting, more than I thought I would! Not sure what's next for me, I completed the CKA earlier this year and have a cloud resume developed from the cloud resume challenge. The last piece is implementing testing in the deployment pipeline. Maybe I'll try and use terraform instead of CloudFormation. Who knows! submitted by /u/PokingLaughingCrying [link] [comments]
- Is MBA useless for entry level Cloud role ?by /u/PM_40
Have an MBA and I was thinking which Cloud role could use some of the MBA type skills - documentation, process analysis, management. Is MBA useless for entry level Cloud role ? I am planning to do some certificates to get into Cloud space. submitted by /u/PM_40 [link] [comments]
- Free AWS Mini Project - Hybrid DNS AWS <=> ONPREM (with videos)by /u/acantril
https://preview.redd.it/f0pqfz5jg2891.png?width=3832&format=png&auto=webp&s=08ab0ec4226ffad8a0ac89e4dd87ae9f07e1047a Hi Everyone ! I just wanted to throw another free mini project out there for everyone to use - another one with videos. https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-hybrid-dns I maintain a AWS mini project REPO https://github.com/acantril/learn-cantrill-io-labs These are mini projects which help improve your practical implementation skills - I've had students tell me these have made the difference in interview situations. Today I added my AWS Hybrid DNS mini project to the list (https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-hybrid-dns) which includes videos. The videos are linked in that link, or available on YouTube here https://www.youtube.com/watch?v=UmPTavtAB9s&list=PLTk5ZYSbd9MjGUpHNvjhGiy2SESdYZwce (I uploaded 6k resolution versions, YouTube are still processing above 5k) In this one, we simulate a hybrid network environment with AWS on one side, and a simulated on-premises environment on the other. We implement network connectivity and then by creating inbound & outbound route53 endpoints we connect the Linux named based DNS to AWS allowing bi-directional resolution (AWS => ONPREM & ONPREM => AWS) But wait, there's more... I've been progressively going through my mini projects repo and adding video guides to the most popular ones: With this one you will use codecommit as a repo, build docker images with codebuild, and use pipeline and deploy to push the docker image to ECS Fargate (a simple container of cats dockerized application) https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-codepipeline-catpipeline If you want to create a Dynamic BGP VPN check this one out https://github.com/acantril/learn-cantrill-io-labs/blob/master/aws-hybrid-bgpvpn If you fancy creating a working web identity federation application check this out https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-cognito-web-identity-federation or if you want to create a serverless reminder application using S3 API Gateway, Lambda, Step functions, SNS and SES check this out https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-serverless-pet-cuddle-o-tron and if you want to do a full architecture evolution of a monolithic web app through to a scalable and self-healing architecture ... this is the one for you https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-elastic-wordpress-evolution I'm going to go through as many of these as i can and add high quality video guides, but these are the ones so far. if you do enjoy them, please spread the word. They are taken from my courses, but these are usable for free !!! if you want notifications on new video guides then subscribe to my channel https://youtube.com/c/learncantrill submitted by /u/acantril [link] [comments]
- Need AWS certification ASAP super importantby /u/AkCute
basically im going to thailand in 30 days with my friends but my dad is saying he will cancel tickets if I dont get aws cert by then also will be traveling during this time but can dedicate like 2-3 hours per day to study plz let me know what the fastest way to get some certification is submitted by /u/AkCute [link] [comments]
- Failed exam for AWS Certified Developer - Associateby /u/RP_m_13
Hey guys, I have been preparing for AWS Certified Developer - Associate, I have finished the Cantrill course, then used dojo practice exams with Stephane Maarek practice exams, where I have landed consistently +80%. But I just tried to go with certification and failed it, I'm still waiting for detailed results because 5 days have not passed since my try. I feel really bad because it is my first AWS certification ever, and my first try. And I do not know what to practice or to do this 14 days before next attempt. Any tips, advice UPD: Just got results, Landed with 702 score ; C submitted by /u/RP_m_13 [link] [comments]
- Exam Rules (Associate Developer)by /u/ISpamThereforeIStink
I'm going for my Associate Dev Certificate in the next couple weeks. Feeling fairly good about the material itself, but I've always been pretty bad at exams. I dunno if I have like undiagnosed ADD, but in general with passive activities like reading, watching movies, and yes taking exams, my mind tends to drift around a lot and it's hard to stay focused. I do fine with more active things like video games and playing music, which is probably why I like coding. In taking some practice exams, I'm realizing I stay more focused and tend to do better when I'm able to take notes on a blank piece of paper. Even literally just writing things like "ASG --> EC2" when reading a question helps a TON. I feel like I know the answer to this already, but there's no physical pen & paper notes taking of any kind allowed, correct? I've seen some people mention an online whiteboard kinda in microsoft paint style, is this the case for Pearson & PSI? What about In person & online? Any accommodations I'm not seeing to help with this? Appreciate any help / advice folks have! TLDR: What's the deal with taking notes during the exam? submitted by /u/ISpamThereforeIStink [link] [comments]
- SAA-C02 - Woke up to this email. Encouragement for those will take soonby /u/ThrivingNomadic
https://preview.redd.it/uu9ayvb8py791.png?width=614&format=png&auto=webp&s=5660821a483f72d6694d9be505df67b43c77d839 To my surprise, I woke up to this email this morning. Scored 798. I took the exam Saturday mid-day and wasn't expecting an answer until Monday. But it came Sunday morning. This post is only to be served as encouragement for those who will take it soon. TIMELINE: I was in a bit of a rush. My timeline was one month because I will be making a cross country move next month. Then I found out this version of the exam was retiring end of August, that put even more pressure. I spent the past month studying 3-5hrs a day. Every single day. BACKGROUND: I work at home as helpdesk with an insane amount of downtime. I would have about 2hours of actual work done per day, then study for the remainder of my shift/day. My work actually encourages to use the downtime and earn certs they reimburse for. STUDY SOURCE: Before knowing about this sub, I searched on YouTube 'AWS Cert' and came across NetworkChuck's AWS video. He recommended Anthony Sequeira on Udemy. No surprise as I am sure he gets an actual cut of the deal. But after completing this course, there was SO much missing. I still felt lost. The material just wasn't there. I was not prepared to take the exam at all. It was a good beginners level intro course for Practitioner, definitely not Solutions Architect. Then I found this sub and went with Stéphane Maarek (Udemy) and https://tutorialsdojo.com/ Practice Exams. Stéphane Maarek (Udemy): I could not recommend this highly enough for hands on. Actually doing it hands on makes you remember a lot of things. His 825-page slide was SUPER beneficial as it served as a cheat-sheet for me. Whenever I needed to remember or reference what a certain service was for, I used the search function of the slide and BOOM. I finished the Udemy course in 2 weeks. These slides ARE NOT FREE, you must purchase the Udemy course to access them. https://tutorialsdojo.com/ : I still needed something to supplement the videos and the Practice Exams here I also highly recommend. The way the questions are worded were very similar to the actual exam. It helped me know what to look for, how to use elimination technique, how to search for keywords and key concepts within each question. I consistently scored 60-70s my first round of practice exams but I was not satisfied enough. After taking another week to study, I was consistently scoring 77-85%. His cheat-sheet section and Comparison of AWS Services section was also a game changer for me. Available free here: https://tutorialsdojo.com/comparison-of-aws-services/ ADVICE: If you are bi-lingual, you can get extra +30minutes accommodation. I am spanish but took the test in english. You dont have to call for this accommodation. You literally select it from the accomodations page and it was instantly approved. This saved my butt as I flagged so many questions, it took exactly the remaining 30 minutes to revisit. There are other available accomodations on the list. Eat something light as you will be sitting still for good bit. I took my test at home. If you are in apartments, CLOSE YOUR WINDOW. I have kids that play outside constantly. If the proctor hears this, they will absolutely not hesitate to end your exam. I was getting worried that too many of my answers were "A" option. Like an insane amount. It became a distractor. Process of elimination is key. Every instructor will tell you this. When you are consistently scoring 80s in the above practice exam, then you are ready. A Warning I feel like I definitely got some Beta questions in from the new C03 exam as there was a keyword i have not heard any instructor talk about. There were three questions that talked about "AWS Data Lake" either in the question itself or in the answers. This was the first time I heard of this word. I knew the concept but I had no idea this was an AWS service. I went back to my study materials and confirmed no instructor covered this keyword. Cheers! submitted by /u/ThrivingNomadic [link] [comments]
Top 100 AWS Certified Cloud Practitioner Exam Preparation Questions and Answers Dumps
Welcome to the Top 100 AWS Certified Cloud Practitioner Exam Preparation Questions and Answers Dumps :
Top 100 Questions and Answers Dumps,
Courses, Labs and Training Materials,
Jobs,
AWS Cloud Support Engineer Job Interview Prep,
Latest Products & Services at AWS RE:INVENT

The AWS Certified Cloud Practitioner average salary is — $131,465/year
What is the AWS Certified Cloud Practitioner Exam?
The AWS Certified Cloud Practitioner Exam (CLF-C01) is an introduction to AWS services and the intention is to examine the candidates ability to define what the AWS cloud is and its global infrastructure. It provides an overview of AWS core services security aspects, pricing and support services. The main objective is to provide an overall understanding about the Amazon Web Services Cloud platform. The course helps you get the conceptual understanding of the AWS and can help you know about the basics of AWS and cloud computing, including the services, cases and benefits [Get AWS CCP Practice Exam PDF Dumps here]
2022 AWS CCP CLF-C01 Practice Exam Course on – Top 250+ Questions and Detailed Answers – Success Guaranteed – Save 50% with this link

AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.
AWS Certified Cloud Practitioner Exam Prep (CLF-C01) Questions and Answers
AWS Certified Cloud Practitioner Exam Certification Prep Quiz App
Download AWS Cloud Practitioner Exam Prep Pro App (No Ads, Full Version with Answers) for:

AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11

Below we are providing you with:
- aws cloud practitioner exam questions
- aws cloud practitioner sample questions
- aws cloud practitioner exam dumps
- aws cloud practitioner practice questions and answers
- aws cloud practitioner practice exam questions and references
Q1: For auditing purposes, your company now wants to monitor all API activity for all regions in your AWS environment. What can you use to fulfill this new requirement?
- A. For each region, enable CloudTrail and send all logs to a bucket in each region.
- B. Enable CloudTrail for all regions.
- C. Ensure one CloudTrail is enabled for all regions.
- D. Use AWS Config to enable the trail for all regions.
Answer:
Top
Q2: What is the best solution to provide secure access to an S3 bucket not using the internet?
- A. Use a VPN connection.
- B. Use an Internet Gateway.
- C. Use a VPC Endpoint to access S3.
- D. Use a NAT Gateway.
Answer:
Top
Q3: In the AWS Shared Responsibility Model, which of the following are the responsibility of AWS?
- A. Securing Edge Locations
- B. Encrypting data
- C. Password policies
- D. Decomissioning data
Answer:
Top
Q4: You have EC2 instances running at 90% utilization and you expect this to continue for at least a year. What type of EC2 instance would you choose to ensure your cost stay at a minimum?
- A. Dedicated host instances
- B. On-demand instances
- C. Spot instances
- D. Reserved instances
Answer:
Top
Q5: What tool would you use to get an estimated monthly cost for your environment?
- A. TCO Calculator
- B. Simply Monthly Calculator
- C. Cost Explorer
- D. Consolidated Billing
Answer:
Top
Q6: How do you make sure your organization does not exceed its monthly budget?
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11 [Get AWS CCP Practice Exam PDF Dumps here]
- A. Sign up for the free alert under filing preferences in the AWS Management Console.
- B. Set a schedule to regularly review the Billing an Cost Management dashboard each month.
- C. Create an email alert in AWS Budget
- D. In CloudWatch, create an alarm that triggers each time the limit is exceeded.
Answer:
Top
Q7: An Edge Location is a specialization AWS data centre that works with which services?
- A. Lambda
- B. CloudWatch
- C. CloudFront
- D. Route 53
Answer:
Top
Q8: What is the preferred method of linking 2 AWS accounts?
- A. AWS Organizations
- B. Cost Explorer
- C. VPC Peering
- D. Consolidated billing
Answer:
Top
Q9: Which of the following service is most useful when a Disaster Recovery method is triggered in AWS.
- A. Amazon Route 53
- B. Amazon SNS
- C. Amazon SQS
- D. Amazon Inspector
Answer:
Q10: Which of the following disaster recovery deployment mechanisms that has the highest downtime
- A. Pilot light
- B. Warm standby
- C. Multi Site
- D. Backup and Restore
Answer: iOS – Android [Get AWS CCP Practice Exam PDF Dumps here]
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11 [Get AWS CCP Practice Exam PDF Dumps here]
Q11: Your company is planning to host resources in the AWS Cloud. They want to use services which can be used to decouple resources hosted on the cloud. Which of the following services can help fulfil this requirement?
- A. AWS EBS Volumes
- B. AWS EBS Snapshots
- C. AWS Glacier
- D. AWS SQS
Answer:
Q12: If you have a set of frequently accessed files that are used on a daily basis, what S3 storage class should you store them in?
- A. Infrequent Access
- B. Fast Access
- C. Reduced Redundancy
- D. Standard
Answer:
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11 [Get AWS CCP Practice Exam PDF Dumps here]

Q13: What is the availability and durability rating of S3 Standard Storage Class?
Choose the correct answer:
- A. 99.999999999% Durability and 99.99% Availability
- B. 99.999999999% Availability and 99.90% Durability
- C. 99.999999999% Durability and 99.00% Availability
- D. 99.999999999% Availability and 99.99% Durability
Answer:
Q14: What AWS database is primarily used to analyze data using standard SQL formatting with compatibility for your existing business intelligence tools
- A. Redshift
- B. RDS
- C. DynamoDB
- D. ElastiCache
Answer:
Q15: What are the benefits of DynamoDB?
Choose the 3 correct answers:
- A. Single-digit millisecond latency.
- B. Supports multiple known NoSQL database engines like MariaDB and Oracle NoSQL.
- C. Supports both document and key-value store data models.
- D. Automatic scaling of throughput capacity.
Answer:
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
[Get AWS CCP Practice Exam PDF Dumps here]
Q16: Which of the following are the benefits of AWS Organizations?
Choose the 2 correct answers:
- A. Analyze cost before migrating to AWS.
- B. Centrally manage access polices across multiple AWS accounts.
- C. Automate AWS account creation and management.
- D. Provide technical help (by AWS) for issues in your AWS account.
Answer: iOS – Android [Get AWS CCP Practice Exam PDF Dumps here]
Q17: There is a requirement hosting a set of servers in the Cloud for a short period of 3 months. Which of the following types of instances should be chosen to be cost effective.
- A. Spot Instances
- B. On-Demand
- C. No Upfront costs Reserved
- D. Partial Upfront costs Reserved
Answer:
Q18: Which of the following is not a disaster recovery deployment technique.
- A. Pilot light
- B. Warm standby
- C. Single Site
- D. Multi-Site
Answer:
Top
Q19: Which of the following are attributes to the costing for using the Simple Storage Service. Choose 2 answers from the options given below
- A. The storage class used for the objects stored.
- B. Number of S3 buckets.
- C. The total size in gigabytes of all objects stored.
- D. Using encryption in S3
Answer:
Q20: What endpoints are possible to send messages to with Simple Notification Service?
Choose the 3 correct answers:
- A. SQS
- B. SMS
- C. FTP
- D. Lambda
Answer:
Top
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Q21: What service helps you to aggregate logs from your EC2 instance? Choose one answer from the options below:
- A. SQS
- B. S3
- C. Cloudtrail
- D. Cloudwatch Logs
Answer:
Q22: A company is deploying a new two-tier web application in AWS. The company wants to store their most frequently used data so that the response time for the application is improved. Which AWS service provides the solution for the company’s requirements?
- A. MySQL Installed on two Amazon EC2 Instances in a single Availability Zone
- B. Amazon RDS for MySQL with Multi-AZ
- C. Amazon ElastiCache
- D. Amazon DynamoDB
Answer:
Top
Q23: You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet your requirements?
- A. Spot Instances
- B. Reserved Instances
- C. Dedicated Instances
On-Demand Instances
Answer:
Top
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Q24: Which of the following features is associated with a Subnet in a VPC to protect against Incoming traffic requests?
- A. AWS Inspector
- B. Subnet Groups
- C. Security Groups
- D. NACL
Answer:
Top
Q25: A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing Overall CPU resources for the web tier?
- A. Amazon EBC volume.
- B. Amazon S3
- C. Amazon EC2 instance store
- D. Amazon RDS instance
Answer:
Top
Q26: What are characteristics of Amazon S3?
Choose 2 answers from the options given below.
- A. S3 allows you to store objects of virtually unlimited size.
- B. S3 allows you to store unlimited amounts of data.
- C. S3 should be used to host relational database.
- D. Objects are directly accessible via a URL.
Answer:
Q26: When working on the costing for on-demand EC2 instances , which are the following are attributes which determine the costing of the EC2 Instance. Choose 3 answers from the options given below
- A. Instance Type
- B. AMI Type
- C. Region
- D. Edge location
Answer:
Q27: You have a mission-critical application which must be globally available at all times. If this is the case, which of the below deployment mechanisms would you employ
- A. Deployment to multiple edge locations
- B. Deployment to multiple Availability Zones
- D. Deployment to multiple Data Centers
- D. Deployment to multiple Regions
Answer:
Q28: Which of the following are right principles when designing cloud based systems. Choose 2 answers from the options below
- A. Build Tightly-coupled components
- B. Build loosely-coupled components
- C. Assume everything will fail
- D. Use as many services as possible
Answer:
Q29: You have 2 accounts in your AWS account. One for the Dev and the other for QA. All are part of consolidated billing. The master account has purchase 3 reserved instances. The Dev department is currently using 2 reserved instances. The QA team is planning on using 3 instances which of the same instance type. What is the pricing tier of the instances that can be used by the QA Team?
- A. No Reserved and 3 on-demand
- B. One Reserved and 2 on-demand
- C. Two Reserved and 1 on-demand
- D. Three Reserved and no on-demand
Answer:
Q30: Which one of the following features is normally present in all of AWS Support plans
- A. 24/7 access to Customer Service
- B. Access to all features in the Trusted Advisor
- C. A technical Account Manager
- D. A dedicated support person
Answer:
Q31: Which of the following storage mechanisms can be used to store messages effectively which can be used across distributed systems?
- A. Amazon Glacier
- B. Amazon EBS Volumes
- C. Amazon EBS Snapshots
- D. Amazon SQS
Answer:
Q32: You are exploring what services AWS has off-hand. You have a large number of data sets that need to be processed. Which of the following services can help fulfil this requirement.
- A. EMR
- B. S3
- C. Glacier
- D. Storage Gateway
Answer:
Q33: Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities
- A. AWS Trusted Advisor
- B. AWS Inspector
- C. AWS WAF
- D. AWS Shield
Answer:
Top
Q34: Your company is planning to offload some of the batch processing workloads on to AWS. These jobs can be interrupted and resumed at any time. Which of the following instance types would be the most cost effective to use for this purpose.
- A. On-Demand
- B. Spot
- C. Full Upfront Reserved
- D. Partial Upfront Reserved
Answer:
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Q35: Which of the following is not a category recommendation given by the AWS Trusted Advisor?
- A. Security
- B. High Availability
- C. Performance
- D. Fault tolerance
Answer:
Q36: Which of the below cannot be used to get data onto Amazon Glacier.
- A. AWS Glacier API
- B. AWS Console
- C. AWS Glacier SDK
- D. AWS S3 Lifecycle policies
Answer:
Q37: Which of the following from AWS can be used to transfer petabytes of data from on-premise locations to the AWS Cloud.
- A. AWS Import/Export
- B. AWS EC2
- C. AWS Snowball
- D. AWS Transfer
Answer:
Q38: Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities
- A. AWS Trusted Advisor
- B. AWS Inspector
- C. AWS WAF
- D. AWS Shield
Answer:
Top
Q39: Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move.
- A. AWS Database Migration Service
- B. AWS VM Migration Service
- C. AWS Inspector
- D. AWS Trusted Advisor
Answer:
Top
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Q40: Which of the following features of AWS RDS allows for offloading reads of the database.
- A. Cross region replication
- B. Creating Read Replica’s
- C. Using snapshots
- D. Using Multi-AZ feature
Answer:
Top
Q41: Which of the following does AWS perform on its behalf for EBS volumes to make it less prone to failure?
- A. Replication of the volume across Availability Zones
- B. Replication of the volume in the same Availability Zone
- C. Replication of the volume across Regions
- D. Replication of the volume across Edge locations
Answer:
Q42: Your company is planning to host a large e-commerce application on the AWS Cloud. One of their major concerns is Internet attacks such as DDos attacks.
Which of the following services can help mitigate this concern. Choose 2 answers from the options given below
- A. A. Cloudfront
- B. AWS Shield
- C. C. AWS EC2
- D. AWS Config
Answer:
Q43: Which of the following are 2 ways that AWS allows to link accounts
- A. Consolidating billing
- B. AWS Organizations
- C. Cost Explorer
- D. IAM
Answer:
Q44: Which of the following helps in DDos protection. Choose 2 answers from the options given below
- A. Cloudfront
- B. AWS Shield
- C. AWS EC2
- D. AWS Config
Answer:
Q45: Which of the following can be used to call AWS services from programming languages
- A. AWS SDK
- B. AWS Console
- C. AWS CLI
- D. AWS IAM
Answer:
Q46: A company wants to host a self-managed database in AWS. How would you ideally implement this solution?
- A. Using the AWS DynamoDB service
- B. Using the AWS RDS service
- C. Hosting a database on an EC2 Instance
- D. Using the Amazon Aurora service
Answer:
Q47: When creating security groups, which of the following is a responsibility of the customer. Choose 2 answers from the options given below.
- A. Giving a name and description for the security group
- B. Defining the rules as per the customer requirements.
- C. Ensure the rules are applied immediately
- D. Ensure the security groups are linked to the Elastic Network interface
Answer:
Q48: There is a requirement to host a database server for a minimum period of one year. Which of the following would result in the least cost?
- A. Spot Instances
- B. On-Demand
- C. No Upfront costs Reserved
- D. Partial Upfront costs Reserved
Answer:
Q49: Which of the below can be used to import data into Amazon Glacier?
Choose 3 answers from the options given below:
- A. AWS Glacier API
- B. AWS Console
- C. AWS Glacier SDK
- D. AWS S3 Lifecycle policies
Answer:
Q50: Which of the following can be used to secure EC2 Instances hosted in AWS. Choose 2 answers
- A. Usage of Security Groups
- B. Usage of AMI’s
- C. Usage of Network Access Control Lists
- D. Usage of the Internet gateway
Answer:
Q51: Which of the following can be used to host virtual servers on AWS
- A. AWS IAM
- B. AWS Server
- C. AWS EC2
- D. AWS Regions
Answer:
Q52: You plan to deploy an application on AWS. This application needs to be PCI Compliant. Which of the below steps are needed to ensure the compliance? Choose 2 answers from the below list:
- A. Choose AWS services which are PCI Compliant
- B. Ensure the right steps are taken during application development for PCI Compliance
- C. Encure the AWS Services are made PCI Compliant
- D. Do an audit after the deployment of the application for PCI Compliance.
Answer:
Q54: The Trusted Advisor service provides insight regarding which four categories of an AWS account?
- A. Security, fault tolerance, high availability, performance and Service Limits
- B. Security, access control, high availability, performance and Service Limits
- C. Performance, cost optimization, Security, fault tolerance and Service Limits
- D. Performance, cost optimization, Access Control, Connectivity, and Service Limits
Answer:
Top
Q55: As per the AWS Acceptable Use Policy, penetration testing of EC2 instances
- A. May be performed by AWS, and will be performed by AWS upon customer request
- B. May be performed by AWS, and is periodically performed by AWS
- C. Are expressly prohibited under all circumtances
- D. May be performed by the customer on their own instances with prior authorization from AWS
- E. May be performed by the customer on their own instances, only if performed from EC2 instances
Answer:
Top
Q56: What is the AWS feature that enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket
- A. File Transfer
- B. HTTP Transfer
- C. Transfer Acceleration
- D. S3 Acceleration
Answer:
Top
Q56: What best describes an AWS region?
Choose the correct answer:
- A. The physical networking connections between Availability Zones.
- B. A specific location where an AWS data center is located.
- C. A collection of DNS servers.
- D. An isolated collection of AWS Availability Zones, of which there are many placed all around the world.
Answer:
Top
Q57: Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud?
- A. The number of servers migrated to AWS
- B. The number of users migrated to AWS
- C. The number of passwords migrated to AWS
- D. The number of keys migrated to AWS
Answer:
Q58: Which AWS Services can be used to store files? Choose 2 answers from the options given below:
- A. Amazon CloudWatch
- B. Amazon Simple Storage Service (Amazon S3)
- C. Amazon Elastic Block Store (Amazon EBS)
- D. AWS COnfig
- D. AWS Amazon Athena
Q59: What best describes Amazon Web Services (AWS)?
Choose the correct answer:
- A. AWS is the cloud.
- B. AWS only provides compute and storage services.
- C. AWS is a cloud services provider.
- D. None of the above.
Answer:
Q60: Which AWS service can be used as a global content delivery network (CDN) service?
- A. Amazon SES
- B. Amazon CouldTrail
- C. Amazon CloudFront
- D. Amazon S3
Answer:
Q61: What best describes the concept of fault tolerance?
Choose the correct answer:
- A. The ability for a system to withstand a certain amount of failure and still remain functional.
- B. The ability for a system to grow in size, capacity, and/or scope.
- C. The ability for a system to be accessible when you attempt to access it.
- D. The ability for a system to grow and shrink based on demand.
Answer:
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Q62: The firm you work for is considering migrating to AWS. They are concerned about cost and the initial investment needed. Which of the following features of AWS pricing helps lower the initial investment amount needed?
Choose 2 answers from the options given below:
- A. The ability to choose the lowest cost vendor.
- B. The ability to pay as you go
- C. No upfront costs
- D. Discounts for upfront payments
Answer:
Q63: What best describes the concept of elasticity?
Choose the correct answer:
- A. The ability for a system to grow in size, capacity, and/or scope.
- B. The ability for a system to grow and shrink based on demand.
- C. The ability for a system to withstand a certain amount of failure and still remain functional.
- D. ability for a system to be accessible when you attempt to access it.
Answer:
Q64: Your company has started using AWS. Your IT Security team is concerned with the security of hosting resources in the Cloud. Which AWS service provides security optimization recommendations that could help the IT Security team secure resources using AWS?
- A. AWS API Gateway
- B. Reserved Instances
- C. AWS Trusted Advisor
- D. AWS Spot Instances
Answer:
Q65: What is the relationship between AWS global infrastructure and the concept of high availability?
Choose the correct answer:
- A. AWS is centrally located in one location and is subject to widespread outages if something happens at that one location.
- B. AWS regions and Availability Zones allow for redundant architecture to be placed in isolated parts of the world.
- C. Each AWS region handles a different AWS services, and you must use all regions to fully use AWS.
- D. None of the above
Answer
Q66: You are hosting a number of EC2 Instances on AWS. You are looking to monitor CPU Utilization on the Instance. Which service would you use to collect and track performance metrics for AWS services?
- A. Amazon CloudFront
- B. Amazon CloudSearch
- C. Amazon CloudWatch
- D. AWS Managed Services
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Answer:
Q67: Which of the following support plans give access to all the checks in the Trusted Advisor service.
Choose 2 answers from the options given below:
- A. Basic
- B. Business
- C. Enterprise
- D. None
Answer:
Q68: Which of the following in AWS maps to a separate geographic location?
A. AWS Region
B. AWS Data Centers
C. AWS Availability Zone
Answer:
Q69: What best describes the concept of scalability?
Choose the correct answer:
- A. The ability for a system to grow and shrink based on demand.
- B. The ability for a system to grow in size, capacity, and/or scope.
- C. The ability for a system be be accessible when you attempt to access it.
- D. The ability for a system to withstand a certain amount of failure and still remain functional.
Answer
Q70: If you wanted to monitor all events in your AWS account, which of the below services would you use?
- A. AWS CloudWatch
- B. AWS CloudWatch logs
- C. AWS Config
- D. AWS CloudTrail
Answer:
Q71: What are the four primary benefits of using the cloud/AWS?
Choose the correct answer:
- A. Fault tolerance, scalability, elasticity, and high availability.
- B. Elasticity, scalability, easy access, limited storage.
- C. Fault tolerance, scalability, sometimes available, unlimited storage
- D. Unlimited storage, limited compute capacity, fault tolerance, and high availability.
Answer:
Q72: What best describes a simplified definition of the “cloud”?
Choose the correct answer:
- A. All the computers in your local home network.
- B. Your internet service provider
- C. A computer located somewhere else that you are utilizing in some capacity.
- D. An on-premise data center that your company owns.
Answer
Top
Q73: Your development team is planning to host a development environment on the cloud. This consists of EC2 and RDS instances. This environment will probably only be required for 2 months.
Which types of instances would you use for this purpose?
- A. On-Demand
- B. Spot
- C. Reserved
- D. Dedicated
Answer:
Q74: Which of the following can be used to secure EC2 Instances?
- A. Security Groups
- B. EC2 Lists
- C. AWS Configs
- D. AWS CloudWatch
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Answer:
Q75: What is the purpose of a DNS server?
Choose the correct answer:
- A. To act as an internet search engine.
- B. To protect you from hacking attacks.
- C. To convert common language domain names to IP addresses.
- D. To serve web application content.
Answer:
Q76:What best describes the concept of high availability?
Choose the correct answer:
- A. The ability for a system to grow in size, capacity, and/or scope.
- B. The ability for a system to withstand a certain amount of failure and still remain functional.
- C. The ability for a system to grow and shrink based on demand.
- D. The ability for a system to be accessible when you attempt to access it.
Answer:
Top
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Q77: What is the major difference between AWS’s RDS and DynamoDB database services?
Choose the correct answer:
- A. RDS offers NoSQL database options, and DynamoDB offers SQL database options.
- B. RDS offers one SQL database option, and DynamoDB offers many NoSQL database options.
- C. RDS offers SQL database options, and DynamoDB offers a NoSQL database option.
- D. None of the above
Answer:
Q78: What are two open source in-memory engines supported by ElastiCache?
Choose the 2 correct answers:
- A. CacheIt
- B. Aurora
- C. MemcacheD
- D. Redis
Answer:
Q79: What AWS database service is used for data warehousing of petabytes of data?
Choose the correct answer:
- A. RDS
- B. Elasticache
- C. Redshift
- D. DynamoDB
Answer:
Q80: Which AWS service uses a combination of publishers and subscribers?
Choose the correct answer:
- A. Lambda
- B. RDS
- C. EC2
- D. SNS
Answer:
Q81: What SQL database engine options are available in RDS?
Choose the 3 correct answers:
- A. MySQL
- B. MongoDB
- C. PostgreSQL
- D. MariaDB
Answer:
Q81: What is the name of AWS’s RDS SQL database engine?
Choose the correct answer:
- A. Lightsail
- B. Aurora
- C. MySQL
- D. SNS
Answer:
Q82: Under what circumstances would you choose to use the AWS service CloudTrail?
Choose the correct answer:
- A. When you want to log what actions various IAM users are taking in your AWS account.
- B. When you want a serverless compute platform.
- C. When you want to collect and view resource metrics.
- D. When you want to send SMS notifications based on events that occur in your account.
Answer:
Q83: If you want to monitor the average CPU usage of your EC2 instances, which AWS service should you use?
Choose the correct answer:
- A. CloudMonitor
- B. CloudTrail
- C. CloudWatch
- D. None of the above
Answer:
Q84: What is AWS’s relational database service?
Choose the correct answer:
- A. ElastiCache
- B. DymamoDB
- C. RDS
- D. Redshift
Answer:
Q85: If you want to have SMS or email notifications sent to various members of your department with status updates on resources in your AWS account, what service should you choose?
Choose the correct answer:
- A. SNS
- B. GetSMS
- C. RDS
- D. STS
Answer:
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Q86: Which AWS service can provide a Desktop as a Service (DaaS) solution?
A. EC2
B. AWS Systems Manager
C. Amazon WorkSpaces
D. Elastic Beanstalk
Q87: Your company has recently migrated large amounts of data to the AWS cloud in S3 buckets. But it is necessary to discover and protect the sensitive data in these buckets. Which AWS service can do that?
A. GuardDuty
B. Amazon Macie
C. CloudTrail
D. AWS Inspector
Q88: Your Finance Department has instructed you to save costs wherever possible when using the AWS Cloud. You notice that using reserved EC2 instances on a 1year contract will save money. What payment method will save the most money?
A: Deferred
B: Partial Upfront
C: All Upfront
D: No Upfront
Q89: A fantasy sports company needs to run an application for the length of a football season (5 months). They will run the application on an EC2 instance and there can be no interruption. Which purchasing option best suits this use case?
A. On-Demand
B. Reserved
C. Dedicated
D. Spot
Q90: Your company is considering migrating its data center to the cloud. What are the advantages of the AWS cloud over an on-premises data center?
A. Replace upfront operational expenses with low variable operational expenses.
B. Maintain physical access to the new data center, but share responsibility with AWS.
C. Replace low variable costs with upfront capital expenses.
D. Replace upfront capital expenses with low variable costs.
Q91: You are leading a pilot program to try the AWS Cloud for one of your applications. You have been instructed to provide an estimate of your AWS bill. Which service will allow you to do this by manually entering your planned resources by service?
A. AWS CloudTrail
B. AWS Cost and Usage Report
C. AWS Pricing Calculator
D. AWS Cost Explorer
Q92: Which AWS service would enable you to view the spending distribution in one of your AWS accounts?
A. AWS Spending Explorer
B. Billing Advisor
C. AWS Organizations
D. AWS Cost Explorer
Q93: You are managing the company’s AWS account. The current support plan is Basic, but you would like to begin using Infrastructure Event Management. What support plan (that already includes Infrastructure Event Management without an additional fee) should you upgrade to?
A. Upgrade to Enterprise plan.
B. Do nothing. It is included in the Basic plan.
C. Upgrade to Developer plan.
D. Upgrade to the Business plan. No other steps are necessary.
Q94: You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. To where can these reports be published?
A. Trusted Advisor
B. An S3 Bucket that you own.
C. CloudWatch
D. An AWS owned S3 Bucket.
Q95: What can we do in AWS to receive the benefits of volume pricing for your multiple AWS accounts?
A. Use consolidated billing in AWS Organizations.
B. Purchase services in bulk from AWS Marketplace.
C. Use AWS Trusted Advisor
D. You will receive volume pricing by default.
Q96: A gaming company is using the AWS Developer Tool Suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end-to-end through the application?
A. AWS X-Ray
B. CloudWatch
C. AWS Inspector
D. CloudTrail
Q97: A company needs to use a Load Balancer which can serve traffic at the TCP, and UDP layers. Additionally, it needs to handle millions of requests per second at very low latencies. Which Load Balancer should they use?
A. TCP Load Balancer
B. Application Load Balancer
C. Classic Load Balancer
D. Network Load Balancer
Q98: Your company is migrating its services to the AWS cloud. The DevOps team has heard about infrastructure as code, and wants to investigate this concept. Which AWS service would they investigate?
A. AWS CloudFormation
B. AWS Lambda
C. CodeCommit
D. Elastic Beanstalk
Q99: You have a MySQL database that you want to migrate to the cloud, and you need it to be significantly faster there. You are looking for a speed increase up to 5 times the current performance. Which AWS offering could you use?
A. Elasticache
B. Amazon Aurora
C. DynamoDB
D. Amazon RDS MySQL
Q100:A developer is trying to programmatically retrieve information from an EC2 instance such as public keys, ip address, and instance id. From where can this information be retrieved?
A. Instance metadata
B. Instance Snapshot
C. CloudWatch Logs
D. Instance userdata
Q101: Why is AWS more economical than traditional data centers for applications with varying compute workloads?
A) Amazon EC2 costs are billed on a monthly basis.
B) Users retain full administrative access to their Amazon EC2 instances.
C) Amazon EC2 instances can be launched on demand when needed.
D) Users can permanently run enough instances to handle peak workloads.
Q102: Which AWS service would simplify the migration of a database to AWS?
A) AWS Storage Gateway
B) AWS Database Migration Service (AWS DMS)
C) Amazon EC2
D) Amazon AppStream 2.0
Q103: Which AWS offering enables users to find, buy, and immediately start using software solutions in their AWS environment?
A) AWS Config
B) AWS OpsWorks
C) AWS SDK
D) AWS Marketplace
Q104: Which AWS networking service enables a company to create a virtual network within AWS?
A) AWS Config
B) Amazon Route 53
C) AWS Direct Connect
D) Amazon Virtual Private Cloud (Amazon VPC)
Q105: Which component of the AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery?
A) AWS Regions
B) Edge locations
C) Availability Zones
D) Virtual Private Cloud (VPC)
Q106: How would a system administrator add an additional layer of login security to a user’s AWS Management Console?
A) Use Amazon Cloud Directory
B) Audit AWS Identity and Access Management (IAM) roles
C) Enable multi-factor authentication
D) Enable AWS CloudTrail
Q107: Which service can identify the user that made the API call when an Amazon EC2 instance is terminated?
A) AWS Trusted Advisor
B) AWS CloudTrail
C) AWS X-Ray
D) AWS Identity and Access Management (AWS IAM)
Q108: Which service would be used to send alerts based on Amazon CloudWatch alarms?
A) Amazon Simple Notification Service (Amazon SNS)
B) AWS CloudTrail
C) AWS Trusted Advisor
D) Amazon Route 53
Q109: Where can a user find information about prohibited actions on the AWS infrastructure?
A) AWS Trusted Advisor
B) AWS Identity and Access Management (IAM)
C) AWS Billing Console
D) AWS Acceptable Use Policy
Q110: Which of the following is an AWS responsibility under the AWS shared responsibility model?
A) Configuring third-party applications
B) Maintaining physical hardware
C) Securing application access and data
D) Managing guest operating systems
Q111: Which recommendations are included in the AWS Trusted Advisor checks? (Select TWO.)
AWS CCP Exam Topics:
The AWS Cloud Practitioner exam is broken down into 4 domains
- Cloud Concepts
- Security and Compliance
- Technology
- Billing and Pricing.
AWS Certified Cloud Practitioner Exam Whitepapers:
AWS has provided whitepapers to help you understand the technical concepts. Below are the recommended whitepapers.
- Overview of Amazon Web Services
- Architecting for the Cloud: AWS Best Practices
- How AWS Pricing works whitepaper.
- The Total Cost of (Non) Ownership of Web Application in the Cloud
- Compare AWS Support Plans
Online Training and Labs for AWS Cloud Certified Practitioner Exam
AWS Cloud Practitioners Jobs
AWS Certified Cloud Practitioner Exam info and details, How To:
The AWS Certified Cloud Practitioner Exam is a multiple choice, multiple answer exam. Here is the Exam Overview:
- Certification Name: AWS Certified Cloud Practitioner.
- Prerequisites for the Exam: None.
- Exam Pattern: Multiple Choice Questions
- Number of Questions: 65
- Duration: 90 mins
- Exam fees: US $100
- Exam Guide on AWS Website
- Available languages for tests: English, Japanese, Korean, Simplified Chinese
- Read AWS whitepapers
- Register for certification account here.
- Prepare for Certification Here
Additional Information for reference
Below are some useful reference links that would help you to learn about AWS Practitioner Exam.
- AWS certified cloud practitioner/
- certification faqs
- AWS Cloud Practitioner Certification Exam on Quora
Other Relevant and Recommended AWS Certifications
AWS Certified Cloud Practitioner
AWS Certified Solutions Architect – Associate
AWS Certified Solution Architect Exam Prep App: Free
AAWS Certified Developer – Associate
AWS Certified SysOps Administrator – Associate
AWS Certified Solutions Architect – Professional
AWS Certified DevOps Engineer – Professional
AWS Certified Big Data Specialty
AWS Certified Advanced Networking.
AWS Certified Security – Specialty
Other AWS Certification Exams Questions and Answers Dumps:
Top 200 AWS Certified Associate SysOps Administrator Practice Quiz – Questions and Answers Dumps
Big Data and Data Analytics 101 – Top 50 AWS Certified Data Analytics – Specialty Questions and Answers Dumps
CyberSecurity 101 and Top 25 AWS Certified Security Specialty Questions and Answers Dumps
Networking 101 and Top 20 AWS Certified Advanced Networking Specialty Questions and Answers Dumps
Other AWS Facts and Summaries and Questions/Answers Dump
- AWS S3 facts and summaries and Q&A Dump
- AWS DynamoDB facts and summaries and Questions and Answers Dump
- AWS EC2 facts and summaries and Questions and Answers Dump
- AWS Serverless facts and summaries and Questions and Answers Dump
- AWS Developer and Deployment Theory facts and summaries and Questions and Answers Dump
- AWS IAM facts and summaries and Questions and Answers Dump
- AWS Lambda facts and summaries and Questions and Answers Dump
- AWS SQS facts and summaries and Questions and Answers Dump
- AWS RDS facts and summaries and Questions and Answers Dump
- AWS ECS facts and summaries and Questions and Answers Dump
- AWS CloudWatch facts and summaries and Questions and Answers Dump
- AWS SES facts and summaries and Questions and Answers Dump
- AWS EBS facts and summaries and Questions and Answers Dump
- AWS ELB facts and summaries and Questions and Answers Dump
- AWS Autoscaling facts and summaries and Questions and Answers Dump
- AWS VPC facts and summaries and Questions and Answers Dump
- AWS KMS facts and summaries and Questions and Answers Dump
- AWS Elastic Beanstalk facts and summaries and Questions and Answers Dump
- AWS CodeBuild facts and summaries and Questions and Answers Dump
- AWS CodeDeploy facts and summaries and Questions and Answers Dump
- AWS CodePipeline facts and summaries and Questions and Answers Dump
- Pros and Cons of Cloud Computing
- Cloud Customer Insurance – Cloud Provider Insurance – Cyber Insurance
Below is a listing of AWS certification exam quiz apps for all platforms:
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
AWS Certified Cloud practitioner Exam Prep FREE version: CCP, CLF-C01
Online Training and Labs for AWS Certified Solution Architect Associate Exam
AWS Certified Solution Architect Associate Jobs
AWS Certification and Training Apps for all platforms:
AWS Cloud practitioner FREE version:
AWS Certified Cloud practitioner for the web:pwa
AWS Certified Cloud practitioner Exam Prep App for iOS
AWS Certified Cloud practitioner Exam Prep App for Microsoft/Windows10
AWS Certified Cloud practitioner Exam Prep App for Android (Google Play Store)
AWS Certified Cloud practitioner Exam Prep App for Android (Amazon App Store)
AWS Certified Cloud practitioner Exam Prep App for Android (Huawei App Gallery)
AWS Solution Architect FREE version:
AWS Certified Solution Architect Associate Exam Prep App for iOS:
Solution Architect Associate for Android Google Play
AWS Certified Solution Architect Associate Exam Prep App :Pwa
AWS Certified Solution Architect Associate Exam Prep App for Amazon android
AWS Certified Cloud practitioner Exam Prep App for Microsoft/Windows10
AWS Certified Cloud practitioner Exam Prep App for Huawei App Gallery
AWS Cloud Practitioner PRO Versions:
AWS Certified Cloud practitioner PRO Exam Prep App for iOS
AWS Certified Cloud Practitioner PRO Associate Exam Prep App for android google
AWS Certified Cloud practitioner Exam Prep App for Amazon android
AWS Certified Cloud practitioner Exam Prep App for Windows 10
AWS Certified Cloud practitioner Exam Prep PRO App for Android (Huawei App Gallery)
AWS Solution Architect PRO
AWS Certified Solution Architect Associate PRO versions for iOS
AWS Certified Solution Architect Associate PRO Exam Prep App for Android google
AWS Certified Solution Architect Associate PRO Exam Prep App for Windows10
AWS Certified Solution Architect Associate PRO Exam Prep App for Amazon android
Huawei App Gallery: Coming soon
AWS Certified Developer Associates Free version:
AWS Certified Developer Associates for Android (Google Play)
AWS Certified Developer Associates Web/PWA
AWS Certified Developer Associates for iOs
AWS Certified Developer Associates for Android (Huawei App Gallery)
AWS Certified Developer Associates for windows 10 (Microsoft App store)
Amazon App Store: Coming soon
AWS Developer Associates PRO version
PRO version with mock exam for android (Google Play)
PRO version with mock exam ios
AWS Certified Developer Associates PRO for Android (Microsoft App Store)
AWS Certified Developer Associates PRO for Android (Huawei App Gallery): Coming soon
Latest Cloud AWS Cloud Training Questions and Answers from around the Web:
Jon Bonso vs Stephane Maarek CCP Practice Exam Differences
Tutorialsdojo.com are the best in the market IMO
They have a long standing reputation for quality.
I’ve used them, I’ve recommended them to friends and family and I recommend them to students of my AWS courses also.
And last but not least, the Djamgatech Apps for iOs and and android.
Practice on the web directly here via the AWS Cloud Practitioner Exam Perp App
I would also recommend checking: Exam Digest
What is the difference between Amazon EC2 Savings Plans and Spot Instances?
Amazon EC2 Savings Plans are ideal for workloads that involve a consistent amount of compute usage over a 1-year or 3-year term.
With Amazon EC2 Savings Plans, you can reduce your compute costs by up to 72% over On-Demand costs.
Spot Instances are ideal for workloads with flexible start and end times, or that can withstand interruptions. With Spot Instances, you can reduce your compute costs by up to 90% over On-Demand costs.
Unlike Amazon EC2 Savings Plans, Spot Instances do not require contracts or a commitment to a consistent amount of compute usage.
Amazon EBS vs Amazon EFS
An Amazon EBS volume stores data in a single Availability Zone.
To attach an Amazon EC2 instance to an EBS volume, both the Amazon EC2 instance and the EBS volume must reside within the same Availability Zone.
Amazon EFS is a regional service. It stores data in and across multiple Availability Zones.
The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access Amazon EFS using AWS Direct Connect.
Which cloud deployment model allows you to connect public cloud resources to on-premises infrastructure?
Applications made available through hybrid deployments connect cloud resources to on-premises infrastructure and applications. For example, you might have an application that runs in the cloud but accesses data stored in your on-premises data center.
What is the difference between Amazon EC2 Savings Plans and Spot Instances?
Amazon EC2 Savings Plans are ideal for workloads that involve a consistent amount of compute usage over a 1-year or 3-year term.
With Amazon EC2 Savings Plans, you can reduce your compute costs by up to 72% over On-Demand costs.
Spot Instances are ideal for workloads with flexible start and end times, or that can withstand interruptions. With Spot Instances, you can reduce your compute costs by up to 90% over On-Demand costs.
Unlike Amazon EC2 Savings Plans, Spot Instances do not require contracts or a commitment to a consistent amount of compute usage.
Which benefit of cloud computing helps you innovate and build faster?
Agility: The cloud gives you quick access to resources and services that help you build and deploy your applications faster.
Which developer tool allows you to write code within your web browser?
Cloud9 is an integrated development environment (IDE) that allows you to write code within your web browser.
Which method of accessing an EC2 instance requires both a private key and a public key?
SSH allows you to access an EC2 instance from your local laptop using a key pair, which consists of a private key and a public key.
Which service allows you to track the name of the user making changes in your AWS account?
CloudTrail tracks user activity and API calls in your account, which includes identity information (the user’s name, source IP address, etc.) about the API caller.
Which analytics service allows you to query data in Amazon S3 using Structured Query Language (SQL)?
Athena is a query service that makes it easy to analyze data in Amazon S3 using SQL.
Which machine learning service helps you build, train, and deploy models quickly?
SageMaker helps you build, train, and deploy machine learning models quickly.
Which EC2 storage mechanism is recommended when running a database on an EC2 instance?
EBS is a storage device you can attach to your instances and is a recommended storage option when you run databases on an instance.
Which storage service is a scalable file system that only works with Linux-based workloads?
EFS is an elastic file system for Linux-based workloads.

Which AWS service provides a secure and resizable compute platform with choice of processor, storage, networking, operating system, and purchase model?
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. Amazon EC2 offers the broadest and deepest compute platform with choice of processor, storage, networking, operating system, and purchase model. Amazon EC2.
Which services allow you to build hybrid environments by connecting on-premises infrastructure to AWS?
Site-to-site VPN allows you to establish a secure connection between your on-premises equipment and the VPCs in your AWS account.
Direct Connect allows you to establish a dedicated network connection between your on-premises network and AWS.
What service could you recommend to a developer to automate the software release process?
CodePipeline is a developer tool that allows you to continuously automate the software release process.
Which service allows you to practice infrastructure as code by provisioning your AWS resources via scripted templates?
CloudFormation allows you to provision your AWS resources via scripted templates.
Which machine learning service allows you to add image analysis to your applications?
Rekognition is a service that makes it easy to add image analysis to your applications.
Which services allow you to run containerized applications without having to manage servers or clusters?
Fargate removes the need for you to interact with servers or clusters as it provisions, configures, and scales clusters of virtual machines to run containers for you.
ECS lets you run your containerized Docker applications on both Amazon EC2 and AWS Fargate.
EKS lets you run your containerized Kubernetes applications on both Amazon EC2 and AWS Fargate.
Amazon S3 offers multiple storage classes. Which storage class is best for archiving data when you want the cheapest cost and don’t mind long retrieval times?
S3 Glacier Deep Archive offers the lowest cost and is used to archive data. You can retrieve objects within 12 hours.

In the shared responsibility model, what is the customer responsible for?
You are responsible for patching the guest OS, including updates and security patches.
You are responsible for firewall configuration and securing your application.
A company needs phone, email, and chat access 24 hours a day, 7 days a week. The response time must be less than 1 hour if a production system has a service interruption. Which AWS Support plan meets these requirements at the LOWEST cost?
The Business Support plan provides phone, email, and chat access 24 hours a day, 7 days a week. The Business Support plan has a response time of less than 1 hour if a production system has a service interruption.
For more information about AWS Support plans, see Compare AWS Support Plans.
Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances?
Spot Instances are discounted more heavily when there is more capacity available in the Availability Zones.
For more information about Spot Instances, see Amazon EC2 Spot Instances.
Which of the following is an advantage of consolidated billing on AWS?
Consolidated billing is a feature of AWS Organizations. You can combine the usage across all accounts in your organization to share volume pricing discounts, Reserved Instance discounts, and Savings Plans. This solution can result in a lower charge compared to the use of individual standalone accounts.
For more information about consolidated billing, see Consolidated billing for AWS Organizations.
A company requires physical isolation of its Amazon EC2 instances from the instances of other customers. Which instance purchasing option meets this requirement?
With Dedicated Hosts, a physical server is dedicated for your use. Dedicated Hosts provide visibility and the option to control how you place your instances on an isolated, physical server. For more information about Dedicated Hosts, see Amazon EC2 Dedicated Hosts.
A company is hosting a static website from a single Amazon S3 bucket. Which AWS service will achieve lower latency and high transfer speeds?
CloudFront is a web service that speeds up the distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. Content is cached in edge locations. Content that is repeatedly accessed can be served from the edge locations instead of the source S3 bucket. For more information about CloudFront, see Accelerate static website content delivery.
Which AWS service provides a simple and scalable shared file storage solution for use with Linux-based Amazon EC2 instances and on-premises servers?
Amazon EFS provides an elastic file system that lets you share file data without the need to provision and manage storage. It can be used with AWS Cloud services and on-premises resources, and is built to scale on demand to petabytes without disrupting applications. With Amazon EFS, you can grow and shrink your file systems automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.
For more information about using Amazon EFS, see Walkthrough: Create and mount a file system on premises with AWS Direct Connect and VPN.
Which service allows you to generate encryption keys managed by AWS?
KMS allows you to generate and manage encryption keys. The keys generated by KMS are managed by AWS.
Which service can integrate with a Lambda function to automatically take remediation steps when it uncovers suspicious network activity when monitoring logs in your AWS account?
GuardDuty can perform automated remediation actions by leveraging Amazon CloudWatch Events and AWS Lambda. GuardDuty continuously monitors for threats and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. GuardDuty analyzes multiple AWS data sources, such as AWS CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs.
Which service allows you to create access keys for someone needing to access AWS via the command line interface (CLI)?
IAM allows you to create users and generate access keys for users needing to access AWS via the CLI.
Which service allows you to record software configuration changes within your Amazon EC2 instances over time?
Config helps with recording compliance and configuration changes over time for your AWS resources.
Which service assists with compliance and auditing by offering a downloadable report that provides the status of passwords and MFA devices in your account?
IAM provides a downloadable credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices.
Which service allows you to locate credit card numbers stored in Amazon S3?
Macie is a data privacy service that helps you uncover and protect your sensitive data, such as personally identifiable information (PII) like credit card numbers, passport numbers, social security numbers, and more.
How do you manage permissions for multiple users at once using AWS Identity and Access Management (IAM)?
An IAM group is a collection of IAM users. When you assign an IAM policy to a group, all users in the group are granted permissions specified by the policy.
Which service protects your web application from cross-site scripting attacks?
Which AWS Trusted Advisor real-time guidance recommendations are available for AWS Basic Support and AWS Developer Support customers?
Basic and Developer Support customers get 50 service limit checks.
Basic and Developer Support customers get security checks for “Specific Ports Unrestricted” on Security Groups.
Basic and Developer Support customers get security checks on S3 Bucket Permissions.
Which service allows you to simplify billing by using a single payment method for all your accounts?
Organizations offers consolidated billing that provides 1 bill for all your AWS accounts. This also gives you access to volume discounts.
Which AWS service usage will always be free even after the 12-month free tier plan has expired?
One million Lambda requests are always free each month.
What is the easiest way for a customer on the AWS Basic Support plan to increase service limits?
The Basic Support plan allows 24/7 access to Customer Service via email and the ability to open service limit increase support cases.
Which types of issues are covered by AWS Support?
“How to” questions about AWS service and features
Problems detected by health checks

Which features of AWS reduce your total cost of ownership (TCO)?
Sharing servers with others allows you to save money.
Elastic computing allows you to trade capital expense for variable expense.
You pay only for the computing resources you use with no long-term commitments.
Which service allows you to select and deploy operating system and software patches automatically across large groups of Amazon EC2 instances?
Systems Manager allows you to automate operational tasks across your AWS resources.
Which service provides the easiest way to set up and govern a secure, multi-account AWS environment?
Control Tower allows you to centrally govern and enforce the best use of AWS services across your accounts.
Which cost management tool gives you the ability to be alerted when the actual or forecasted cost and usage exceed your desired threshold?
Budgets allow you to improve planning and cost control with flexible budgeting and forecasting. You can choose to be alerted when your budget threshold is exceeded.
Which tool allows you to compare your estimated service costs per Region?
The Pricing Calculator allows you to get an estimate for the cost of AWS services. Comparing service costs per Region is a common use case.
Who can assist with accelerating the migration of legacy contact center infrastructure to AWS?
Professional Services is a global team of experts that can help you realize your desired business outcomes with AWS.
The AWS Partner Network (APN) is a global community of partners that helps companies build successful solutions with AWS.
Which cost management tool allows you to view costs from the past 12 months, current detailed costs, and forecasts costs for up to 3 months?
Cost Explorer allows you to visualize, understand, and manage your AWS costs and usage over time.
Which service reduces the operational overhead of your IT organization?
Managed Services implements best practices to maintain your infrastructure and helps reduce your operational overhead and risk.
How do I set up Failover on Amazon AWS Route53?
-
How can a program running inside AWS EC2 determine which VPC and security group an incoming IP address or TCP connection belongs to, for application-layer firewalling?
I assume it is your subscription where the VPCs are located, otherwise you can’t really discover the information you are looking for. On the EC2 server you could use AWS CLI or Powershell based scripts that query the IP information. Based on IP you can find out what instance uses the network interface, what security groups are tied to it and in which VPC the instance is hosted. Read more here… -
What are some tips, tricks and gotchas when using AWS Lambda to connect to a VPC?
When using AWS Lambda inside your VPC, your Lambda function will be allocated private IP addresses, and only private IP addresses, from your specified subnets. This means that you must ensure that your specified subnets have enough free address space for your Lambda function to scale up to. Each simultaneous invocation needs its own IP. Read more here…
How do AWS step functions communicate with lambda functions which are in a VPC?
When a Lambda “is in a VPC”, it really means that its attached Elastic Network Interface is the customer’s VPC and not the hidden VPC that AWS manages for Lambda.
The ENI is not related to the AWS Lambda management system that does the invocation (the data plane mentioned here). The AWS Step Function system can go ahead and invoke the Lambda through the API, and the network request for that can pass through the underlying VPC and host infrastructure.
Those Lambdas in turn can invoke other Lambda directly through the API, or more commonly by decoupling them, such as through Amazon SQS used as a trigger. Read more ….
How do I invoke an AWS Lambda function programmatically?
public InvokeResult invoke(InvokeRequest request)
Invokes a Lambda function. You can invoke a function synchronously (and wait for the response), or asynchronously. To invoke a function asynchronously, set InvocationType
to Event
.
For synchronous invocation, details about the function response, including errors, are included in the response body and headers. For either invocation type, you can find more information in the execution log and trace.
When an error occurs, your function may be invoked multiple times. Retry behavior varies by error type, client, event source, and invocation type. For example, if you invoke a function asynchronously and it returns an error, Lambda executes the function up to two more times. For more information, see Retry Behavior.
For asynchronous invocation, Lambda adds events to a queue before sending them to your function. If your function does not have enough capacity to keep up with the queue, events may be lost. Occasionally, your function may receive the same event multiple times, even if no error occurs. To retain events that were not processed, configure your function with a dead-letter queue.
The status code in the API response doesn’t reflect function errors. Error codes are reserved for errors that prevent your function from executing, such as permissions errors, limit errors, or issues with your function’s code and configuration. For example, Lambda returns TooManyRequestsException
if executing the function would cause you to exceed a concurrency limit at either the account level ( Concurrent Invocation Limit Exceeded
) or function level ( Reserved Function Concurrent Invocation LimitExceeded
).
For functions with a long timeout, your client might be disconnected during synchronous invocation while it waits for a response. Configure your HTTP client, SDK, firewall, proxy, or operating system to allow for long connections with timeout or keep-alive settings.
This operation requires permission for the lambda:InvokeFunction action. Read more…
What are the differences between default and non-default AWS VPCs?
Default VPC
- 1 per region
- a set VPC CIDR range … you can’t changed it
- has everything configured by default .. 1 subnet per AZ, an internet gateway, routes and subnets set to allocate IPv4 by default.
Custom VPCs
- As any as you want per region (within limits)
- Customisable CIDR range
- Customisable subnet structure
- Nothing configured by default, you have to configure everything
The subnet mask determines how many bits of the network address are relevant (and thus indirectly the size of the network block in terms of how many host addresses are available) –
192.0.2.0, subnet mask 255.255.255.0 means that 192.0.2 is the significant portion of the network number, and that there 8 bits left for host addresses (i.e. 192.0.2.0 thru 192.0.2.255)
192.0.2.0, subnet mask 255.255.255.128 means that 192.0.2.0 is the significant portion of the network number (first three octets and the most significant bit of the last octet), and that there 7 bits left for host addresses (i.e. 192.0.2.0 thru 192.0.2.127)
When in doubt, envision the network number and subnet mask in base 2 (i.e. binary) and it will become much clearer. Read more here…
What are some best practices securing my Amazon Virtual Private Cloud (VPC)?
IAM is the new perimeter.
Separate out the roles needed to do each job. (Assuming this is a corporate environment)
Have a role for EC2, another for Networking, another for IAM.
Everyone should not be admin. Everyone should not be able to add/remove IGW’s, NAT gateways, alter security groups and NACLS, or setup peering connections.
Also, another thing… lock down full internet access. Limit to what is needed and that’s it. Read more here….
Within a single VPC, the subnets’ route tables need to point to each other. This will already work without additional routes because VPC sets up the local
target to point to the VPC subnet.
Security groups are not used here since they are attached to instances, and not networks.
See: Amazon Virtual Private Cloud
The NAT EC2 instance (server), or AWS-provided NAT gateway is necessary only if the private subnet internal addresses need to make outbound connections. The NAT will translate the private subnet internal addresses to the public subnet internal addresses, and the AWS VPC Internet Gateway will translate these to external IP addresses, which can then go out to the Internet. Read more here ….
What are the applications (or workloads) that cannot be migrated on to cloud (AWS or Azure or GCP)?
A good example of workloads that currently are not in public clouds are mobile and fixed core telecom networks for tier 1 service providers. This is despite the fact that these core networks are increasingly software based and have largely been decoupled from the hardware. There are a number of reasons for this such as the public cloud providers such as Azure and AWS do not offer the guaranteed availability required by telecom networks. These networks require 99.999% availability and is typically referred to as telecom grade.
The regulatory environment frequently restricts hosting of subscriber data outside the of the operators data centers or in another country and key network functions such as lawful interception cannot contractually be hosted off-prem. Read more here….
How many CIDRs can we add to my own created VPC?
You can add up to 5 IPv4 CIDR blocks, or 1 IPv6 block per VPC. You can further segment the network by utilizing up to 200 subnets per VPC. Amazon VPC Limits. Read more …
Why can’t a subnet’s CIDR be changed once it has been assigned?
Sure it can, but you’ll need to coordinate with the neighbors. You can merge two /25’s into a single /24 quite effortlessly if you control the entire range it covers. In practice you’ll see many tiny allocations in public IPv4 space, like /29’s and even smaller. Those are all assigned to different people. If you want to do a big shuffle there, you have a lot of coordinating to do.. or accept the fallout from the breakage you cause. Read more…
Can one VPC talk to another VPC?
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
What questions to expect in cloud support engineer deployment roles at AWS?
Cloud Support Engineer (CSE) is a role which requires the following abilities:
- Wide range of technical skills
- Good communication and time management
- Good knowledge about the AWS services, and how to leverage them to solve simple to complex problems.
As your question is related to the deployment Pod, you will probably be asked about deployment methods (A/B testing like blue-green deployment) as well as pipelining strategies. You might be asked during this interview to reason about a simple task and to code it (like parsing a log file). Also review the TCP/IP stack in-depth as well as the tools to troubleshoot it for the networking round. You will eventually have some Linux questions, the range of questions can vary from common CLI tools to Linux internals like signals / syscalls / file descriptors and so on.
Last but not least the Leadership principles, I can only suggest you to prepare a story for each of them. You will quickly find what LP they are looking for and would be able to give the right signal to your interviewer.
Finally, remember that theres a debrief after the (usually 5) stages of your on site interview, and more senior and convincing interviewers tend to defend their vote so don’t screw up with them.
Be natural, focus on the question details and ask for confirmation, be cool but not too much. At the end of the day, remember that your job will be to understand customer issues and provide a solution, so treat your interviewers as if they were customers and they will see a successful CSE in you, be reassured and give you the job.
Expect questions on cloudformations, Teraform, Aws ec2/rds and stack related questions.
Its a high tech call center. You are expected to take calls, chats of customers and give them technical advice. You will not be doing any of the cool stuff you did earlier (if you are coming from engineering job or DBA). You will surely gain a very good knowledge of multiple AWS services and the one that you will be hired in, however most of the knowledge will be theoretical and nothing practical in day-to-day life.
It also depends on the support team you are being hired for. Networking or compute teams (Ec2) have different interview patterns vs database or big data support.
In any case, basics of OS, networking are critical to the interview. If you have a phone screen, we will be looking for basic/semi advance skills of these and your speciality. For example if you mention Oracle in your resume and you are interviewing for the database team, expect a flurry of those questions.
Other important aspect is the Amazon leadership principles. Half of your interview is based on LPs. If you fail to have scenarios where you do not demonstrate our LPs, you cannot expect to work here even though your technical skills are above average (Having extraordinary skills is a different thing).
The overall interview itself will have 1 phone screen if you are interviewing in the US and 1–2 if outside US. The onsite loop will be 4 rounds , 2 of which are technical (again divided into OS and networking and the specific speciality of the team you are interviewing for ) and 2 of them are leadership principles where we test your soft skills and management skills as they are very important in this job. You need to have a strong view point, disagree if it seems valid to do so, empathy and be a team player while showing the ability to pull off things individually as well. These skills will be critical for cracking LP interviews.
You will NOT be asked to code or write queries as its not part of the job, so you can concentrate on the theoretical part of the subject and also your resume. We will grill you on topics mentioned on your resume to start with.
Traditional monolithic architectures are hard to scale: TRUE
Monolithic architecture is something that build from single piece of material, historically from rock. Monolith term normally use for object made from single large piece of material.” – Non-Technical Definition. “Monolithic application has single code base with multiple modules.
Large Monolithic code-base (often spaghetti code) puts immense cognitive complexity on the developer’s head. As a result, the development velocity is poor. Granular scaling (i.e., scaling part of the application) is not possible. Polyglot programming or polyglot database is challenging.
Drawbacks of Monolithic Architecture
This simple approach has a limitation in size and complexity. Application is too large and complex to fully understand and made changes fast and correctly. The size of the application can slow down the start-up time. You must redeploy the entire application on each update.
18. Sticky Sessions help increase your application’s scability: FALSE
Sticky sessions, also known as session affinity, allow you to route a site user to the particular web server that is managing that individual user’s session. The session’s validity can be determined by a number of methods, including a client-side cookies or via configurable duration parameters that can be set at the load balancer which routes requests to the web servers.
Some advantages with utilizing sticky sessions are that it’s cost effective due to the fact you are storing sessions on the same web servers running your applications and that retrieval of those sessions is generally fast because it eliminates network latency. A drawback for using storing sessions on an individual node is that in the event of a failure, you are likely to lose the sessions that were resident on the failed node. In addition, in the event the number of your web servers change, for example a scale-up scenario, it’s possible that the traffic may be unequally spread across the web servers as active sessions may exist on particular servers. If not mitigated properly, this can hinder the scalability of your applications. Read more here …
AWS recommends replicating across Availability Zones for resiliency: TRUE
If you need to replicate your data or applications in an AWS Local Zone, AWS recommends that you use one of the following zones as the failover zone:
-
Another Local Zone
-
An Availability Zone in the Region that is not the parent zone. You can use the describe-availability-zones command to view the parent zone.
For more information about AWS Regions and Availability Zones, see AWS Global Infrastructure.
What are the benefits of AWS Cloud Computing?
- Trade Capital expenses for variable expenses
- Increase speed and agility
- Benefit from massive economies at scale
- Stop spending money on running and maintaining data centers
- Stop guessing capacity
- Go global in minutes
What is the default behavior for an EC2 instance when terminated?
After you terminate an instance, it remains visible in the console for a short while, and then the entry is automatically deleted. You cannot delete the terminated instance entry yourself. After an instance is terminated, resources such as tags and volumes are gradually disassociated from the instance, therefore may no longer be visible on the terminated instance after a short while.
When an instance terminates, the data on any instance store volumes associated with that instance is deleted.
By default, Amazon EBS root device volumes are automatically deleted when the instance terminates. However, by default, any additional EBS volumes that you attach at launch, or any EBS volumes that you attach to an existing instance persist even after the instance terminates. This behavior is controlled by the volume’s DeleteOnTermination
attribute, which you can modify
For more information, please visit: Terminate Your Instance
How do Amazon EC2 EBS burst credits work?
The documentation on General Purpose SSD (gp2) EBS volumes can be found at this page: New SSD-Backed Elastic Block Storage
When you first launch an instance with gp2 volumes attached, you get an initial burst credit allowing for up to 30 minutes of 3,000 iops/sec.
After the first 30 minutes, your volume will accrue credits as follows (taken directly from AWS documentation):
Within the General Purpose (SSD) implementation is a Token Bucket model that works as follows
- Each token represents an “I/O credit” that pays for one read or one write.
- A bucket is associated with each General Purpose (SSD) volume, and can hold up to 5.4 million tokens.
- Tokens accumulate at a rate of 3 per configured GB per second, up to the capacity of the bucket.
- Tokens can be spent at up to 3000 per second per volume.
- The baseline performance of the volume is equal to the rate at which tokens are accumulated — 3 IOPS per GB per second.
In addition to this, gp2 volumes provide baseline performance of 3 iops per Gb, up to 1Tb (3000 iops). Volumes larger than 1Tb no longer work on the credit system, as they already provide a baseline of 3000 iops. Gp2 volumes have a cap of 10,000 iops regardless of the volume size (so the iops max out for volumes larger than 3.3Tb)
Is elastic IP service free if we associate it with any VM (EC2 server)?
Elastic IP addresses are free when you have them assigned to an instance, feel free to use one! Elastic IPs get disassociated when you stop an instance, so you will get charged in the mean time. The benefit is that you get to keep that IP allocated to your account though, instead of losing it like any other. Once you start the instance you just re-associate it back and you have your old IP again.
Here are the changes associated with the use of Elastic IP addresses
No cost for Elastic IP addresses while in use
* $0.01 per non-attached Elastic IP address per complete hour
* $0.00 per Elastic IP address remap – first 100 remaps / month
* $0.10 per Elastic IP address remap – additional remap / month over 100
If you require any additional information about pricing please reference the link below
Amazon EC2 Pricing – Amazon Web Services
The other cost are as outlined in the paragraph you have quoted.
How do I reduce my AWS EC2 cost? My AWS EC2 expenditure comprises 80% of my AWS bill.
The short answer to reducing your AWS EC2 costs – turn off your instances when you don’t need them.
Your AWS bill is just like any other utility bill, you get charged for however much you used that month. Don’t make the mistake of leaving your instances on 24/7 if you’re only using them during certain days and times (ex. Monday – Friday, 9 to 5).
To automatically start and stop your instances, AWS offers an “EC2 scheduler” solution. A better option would be a cloud cost management tool that not only stops and starts your instances automatically, but also tracks your usage and makes sizing recommendations to optimize your cloud costs and maximize your time and savings.
You could potentially save money using Reserved Instances. But, in non-production environments such as dev, test, QA, and training, Reserved Instances are not your best bet. Why is this the case? These environments are less predictable; you may not know how many instances you need and when you will need them, so it’s better to not waste spend on these usage charges. Instead, schedule such instances (preferably using ParkMyCloud). Scheduling instances to be only up 12 hours per day on weekdays will save you 65% – better than all but the most restrictive 3-year RIs!
You can also save money with:
- Spot Instances
- AWS Dedicated Hosts & Dedicated Instances
- Auto Scaling Groups
- Rightsizing
What is the difference between an Instance, AMI and Snaphots in AWS? What are they used for?
Well AWS is a web service provider which offers a set of services related to compute, storage, database, network and more to help the business scale and grow
All your concerns are related to AWS EC2 instance, so let me start with an instance
Instance:
- An EC2 instance is similar to a server where you can host your websites or applications to make it available Globally
- It is highly scalable and works on the pay-as-you-go model
- You can increase or decrease the capacity of these instances as per the requirement
AMI:
- AMI provides the information required to launch the EC2 instance
- AMI includes the pre-configured templates of the operating system that runs on the AWS
- Users can launch multiple instances with the same configuration from a single AMI
Snapshot:
- Snapshots are the incremental backups for the Amazon EBS
- Data in the EBS are stored in S3 by taking point-to-time snapshots
- Unique data are only deleted when a snapshot is deleted
- Multiple EBS can be created using these snapshots
What are the main differences between a VPNs, VPS and VPC?
They are definitely all chalk and cheese to one another.
A VPN (Virtual Private Network) is essentially an encrypted “channel” connecting two networks, or a machine to a network, generally over the public internet.
A VPS (Virtual Private Server) is a rented virtual machine running on someone else’s hardware. AWS EC2 can be thought of as a VPS, but the term is usually used to describe low-cost products offered by lots of other hosting companies.
A VPC (Virtual Private Cloud) is a virtual network in AWS (Amazon Web Services). It can be divided into private and public subnets, have custom routing rules, have internal connections to other VPCs, etc. EC2 instances and other resources are placed in VPCs similarly to how physical data centers have operated for a very long time.
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
What is the use of elastic IP in AWS?
Elastic IP address is basically the static IP (IPv4) address that you can allocate to your resources.
Now, in case that you allocate IP to the resource (and the resource is running), you are not charged anything. On the other hand, if you create Elastic IP, but you do not allocate it to the resource (or the resource is not running), then you are charged some amount (should be around $0.005 per hour if I remember correctly)
Additional info about these:
You are limited to 5 Elastic IP addresses per region. If you require more than that, you can contact AWS support with a request for additional addresses. You need to have a good reason in order to be approved because IPv4 addresses are becoming a scarce resource.
In general, you should be good without Elastic IPs for most of the use-cases (as every EC2 instance has its own public IP, and you can use load balancers, as well as map most of the resources via Route 53).
One of the use-cases that I’ve seen where my client is using Elastic IP is to make it easier for him to access specific EC2 instance via RDP, as well as do deployment through Visual Studio, as he targets the Elastic IP, and thus does not have to watch for any changes in public IP (in case of stopping or rebooting).
Why would you choose not to use AWS Transit Gateway instead of VPC peering?
At this time, AWS Transit Gateway does not support inter region attachments. The transit gateway and the attached VPCs must be in the same region. VPC peering supports inter region peering.
Difference between AWS Workspace and AWS Ec2 VM?
- The EC2 instance is server instance whilst a Workspace is windows desktop instance
-
Both Windows Server and Windows workstation editions have desktops. Windows Server Core doesn’t not (and AWS doesn’t have an AMI for Windows Server Core that I could find).
-
It is possible to SSH into a Windows instance – this is done on port 22. You would not see a desktop when using SSH if you had enabled it. It is not enabled by default.
-
If you are seeing a desktop, I believe you’re “RDPing” to the Windows instance. This is done with the RDP protocol on port 3389.
- Two different protocols and two different ports.
- Workspaces doesn’t allow terminal or ssh services by default. You need to use Workspace client. You still can enable RDP or/and SSH but this is not recommended.
- Workspaces is a managed desktop service. AWS is taking care of pre-build AMIs, software licenses, joining to domain, scaling etc.
- What is Amazon EC2? Scalable, pay-as-you-go compute capacity in the cloud. Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.
- What is Amazon WorkSpaces? Easily provision cloud-based desktops that allow end-users to access applications and resources. With a few clicks in the AWS Management Console, customers can provision a high-quality desktop experience for any number of users at a cost that is highly competitive with traditional desktops and half the cost of most virtual desktop infrastructure (VDI) solutions. End-users can access the documents, applications and resources they need with the device of their choice, including laptops, iPad, Kindle Fire, or Android tablets.
- Amazon EC2 can be classified as a tool in the “Cloud Hosting” category, while Amazon WorkSpaces is grouped under “Virtual Desktop”.
-
Some of the features offered by Amazon EC2 are:
- Elastic – Amazon EC2 enables you to increase or decrease capacity within minutes, not hours or days. You can commission one, hundreds or even thousands of server instances simultaneously.
- Completely Controlled – You have complete control of your instances. You have root access to each one, and you can interact with them as you would any machine.
- Flexible – You have the choice of multiple instance types, operating systems, and software packages. Amazon EC2 allows you to select a configuration of memory, CPU, instance storage, and the boot partition size that is optimal for your choice of operating system and application.
On the other hand, Amazon WorkSpaces provides the following key features:
- Support Multiple Devices- Users can access their Amazon WorkSpaces using their choice of device, such as a laptop computer (Mac OS or Windows), iPad, Kindle Fire, or Android tablet.
- Keep Your Data Secure and Available- Amazon WorkSpaces provides each user with access to persistent storage in the AWS cloud. When users access their desktops using Amazon WorkSpaces, you control whether your corporate data is stored on multiple client devices, helping you keep your data secure.
- Choose the Hardware and Software you need- Amazon WorkSpaces offers a choice of bundles providing different amounts of CPU, memory, and storage so you can match your Amazon WorkSpaces to your requirements. Amazon WorkSpaces offers preinstalled applications (including Microsoft Office) or you can bring your own licensed software.
Amazon EBS vs Amazon EFS
An Amazon EBS volume stores data in a single Availability Zone.
To attach an Amazon EC2 instance to an EBS volume, both the Amazon EC2 instance and the EBS volume must reside within the same Availability Zone.
Amazon EFS is a regional service. It stores data in and across multiple Availability Zones.
The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access Amazon EFS using AWS Direct Connect.
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11

AWS Services Cheat Sheet:
Compute
Category | Service | Description |
Instances (Virtual machines) | EC2 | Provides secure, resizable compute capacity in the cloud. It makes web-scale cloud computing easier for developers. EC2 |
EC2 Spot | Run fault-tolerant workloads for up to 90% off. EC2Spot | |
EC2 Autoscaling | Automatically add or remove compute capacity to meet changes in demand. EC2_AustoScaling | |
Lightsail | Designed to be the easiest way to launch & manage a virtual private server with AWS. An easy-to-use cloud platform that offers everything need to build an application or website. Lightsail | |
Batch | Enables developers, scientists, & engineers to easily & efficiently run hundreds of thousands of batch computing jobs on AWS. Fully managed batch processing at any scale. Batch | |
Containers | Elastic Container Service (ECS) | Highly secure, reliable, & scalable way to run containers. ECS |
Elastic Container Registry (ECR) | Easily store, manage, & deploy container images. ECR | |
Elastic Kubernetes Service (EKS) | Fully managed Kubernetes service. EKS | |
Fargate | Serverless compute for containers. Fargate | |
Serverless | Lambda | Run code without thinking about servers. Pay only for the compute time you consume. Lamda |
Edge and hybrid | Outposts | Run AWS infrastructure & services on premises for a truly consistent hybrid experience. Outposts |
Snow Family | Collect and process data in rugged or disconnected edge environments. SnowFamily | |
Wavelength | Deliver ultra-low latency application for 5G devices. Wavelenth | |
VMware Cloud on AWS | Innovate faster, rapidly transition to the cloud, & work securely from any location. VMware_On_AWS | |
Local Zones | Run latency sensitive applications closer to end-users. LocalZones |
Networking and Content Delivery
Use cases | Functionality | Service | Description |
Build a cloud network | Define and provision a logically isolated network for your AWS resources | VPC | VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. VPC |
Connect VPCs and on-premises networks through a central hub | Transit Gateway | Transit Gateway connects VPCs & on-premises networks through a central hub. This simplifies network & puts an end to complex peering relationships. TransitGateway | |
Provide private connectivity between VPCs, services, and on-premises applications | PrivateLink | PrivateLink provides private connectivity between VPCs & services hosted on AWS or on-premises, securely on the Amazon network. PrivateLink | |
Route users to Internet applications with a managed DNS service | Route 53 | Route 53 is a highly available & scalable cloud DNS web service. Route53 | |
Scale your network design | Automatically distribute traffic across a pool of resources, such as instances, containers, IP addresses, and Lambda functions | Elastic Load Balancing | Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as EC2’s, containers, IP addresses, & Lambda functions. ElasticLoadBalancing |
Direct traffic through the AWS Global network to improve global application performance | Global Accelerator | Global Accelerator is a networking service that sends user’s traffic through AWS’s global network infrastructure, improving internet user performance by up to 60%. GlobalAccelerator | |
Secure your network traffic | Safeguard applications running on AWS against DDoS attacks | Shield | Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. Shield |
Protect your web applications from common web exploits | WAF | WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. WAF | |
Centrally configure and manage firewall rules | Firewall Manager | Firewall Manager is a security management service which allows to centrally configure & manage firewall rules across accounts & apps in AWS Organization. link text | |
Build a hybrid IT network | Connect your users to AWS or on-premises resources using a Virtual Private Network | (VPN) – Client | VPN solutions establish secure connections between on-premises networks, remote offices, client devices, & the AWS global network. VPN |
Create an encrypted connection between your network and your Amazon VPCs or AWS Transit Gateways | (VPN) – Site to Site | Site-to-Site VPN creates a secure connection between data center or branch office & AWS cloud resources. site_to_site | |
Establish a private, dedicated connection between AWS and your datacenter, office, or colocation environment | Direct Connect | Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. DirectConnect | |
Content delivery networks | Securely deliver data, videos, applications, and APIs to customers globally with low latency, and high transfer speeds | CloudFront | CloudFront expedites distribution of static & dynamic web content. CloudFront |
Build a network for microservices architectures | Provide application-level networking for containers and microservices | App Mesh | App Mesh makes it accessible to guide & control microservices operating on AWS. AppMesh |
Create, maintain, and secure APIs at any scale | API Gateway | API Gateway allows the user to design & expand their own REST and WebSocket APIs at any scale. APIGateway | |
Discover AWS services connected to your applications | Cloud Map | Cloud Map permits the name & handles the cloud resources. CloudMap |
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Storage
Service | Description |
AWS S3 | S3 is the storehouse for the internet i.e. object storage built to store & retrieve any amount of data from anywhere S3 |
AWS Backup | AWS Backup is an externally-accessible backup provider that makes it easier to align & optimize the backup of data across AWS services in the cloud. AWS_Backup |
Amazon EBS | Amazon Elastic Block Store is a web service that provides block-level storage volumes. EBS |
Amazon EFS Storage | EFS offers file storage for the user’s Amazon EC2 instances. It’s kind of blob Storage. EFS |
Amazon FSx | FSx supply fully managed 3rd-party file systems with the native compatibility & characteristic sets for workloads. It’s available as FSx for Windows server (Fully managed file storage built on Windows Server) & Lustre (Fully managed high-performance file system integrated with S3). FSx_Windows FSx_Lustre |
AWS Storage Gateway | Storage Gateway is a service which connects an on-premises software appliance with cloud-based storage. Storage_Gateway |
AWS DataSync | DataSync makes it simple & fast to move large amounts of data online between on-premises storage & S3, EFS, or FSx for Windows File Server. DataSync |
AWS Transfer Family | The Transfer Family provides fully managed support for file transfers directly into & out of S3. Transfer_Family |
AWS Snow Family | Highly-secure, portable devices to collect & process data at the edge, and migrate data into and out of AWS. Snow_Family |
Classification:
Object storage: S3
File storage services: Elastic File System, FSx for Windows Servers & FSx for Lustre
Block storage: EBS
Backup: AWS Backup
Data transfer:
Storage gateway –> 3 types: Tape, File, Volume.
Transfer Family –> SFTP, FTPS, FTP.
Edge computing and storage and Snow Family –> Snowcone, Snowball, Snowmobile
Databases
Database type | Use cases | Service | Description |
Relational | Traditional applications, ERP, CRM, e-commerce | Aurora, RDS, Redshift | RDS is a web service that makes it easier to set up, control, and scale a relational database in the cloud. Aurora RDS Redshift |
Key-value | High-traffic web apps, e-commerce systems, gaming applications | DynamoDB | DynamoDB is a fully administered NoSQL database service that offers quick and reliable performance with integrated scalability. DynamoDB |
In-memory | Caching, session management, gaming leaderboards, geospatial applications | ElastiCache for Memcached & Redis | ElastiCache helps in setting up, managing, and scaling in-memory cache conditions. Memcached Redis |
Document | Content management, catalogs, user profiles | DocumentDB | DocumentDB (with MongoDB compatibility) is a quick, dependable, and fully-managed database service that makes it easy for you to set up, operate, and scale MongoDB-compatible databases.DocumentDB |
Wide column | High scale industrial apps for equipment maintenance, fleet management, and route optimization | Keyspaces (for Apache Cassandra) | Keyspaces is a scalable, highly available, and managed Apache Cassandra–compatible database service. Keyspaces |
Graph | Fraud detection, social networking, recommendation engines | Neptune | Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets. Neptune |
Time series | IoT applications, DevOps, industrial telemetry | Timestream | Timestream is a fast, scalable, and serverless time series database service for IoT and operational applications that makes it easy to store and analyze trillions of events per day. Timestream |
Ledger | Systems of record, supply chain, registrations, banking transactions | Quantum Ledger Database (QLDB) | QLDB is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority. QLDB |
Developer Tools
Service | Description |
Cloud9 | Cloud9 is a cloud-based IDE that enables the user to write, run, and debug code. Cloud9 |
CodeArtifact | CodeArtifact is a fully managed artifact repository service that makes it easy for organizations of any size to securely store, publish, & share software packages used in their software development process. CodeArtifact |
CodeBuild | CodeBuild is a fully managed service that assembles source code, runs unit tests, & also generates artefacts ready to deploy. CodeBuild |
CodeGuru | CodeGuru is a developer tool powered by machine learning that provides intelligent recommendations for improving code quality & identifying an application’s most expensive lines of code. CodeGuru |
Cloud Development Kit | Cloud Development Kit (AWS CDK) is an open source software development framework to define cloud application resources using familiar programming languages. CDK |
CodeCommit | CodeCommit is a version control service that enables the user to personally store & manage Git archives in the AWS cloud. CodeCommit |
CodeDeploy | CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as EC2, Fargate, Lambda, & on-premises servers. CodeDeploy |
CodePipeline | CodePipeline is a fully managed continuous delivery service that helps automate release pipelines for fast & reliable app & infra updates. CodePipeline |
CodeStar | CodeStar enables to quickly develop, build, & deploy applications on AWS. CodeStar |
CLI | AWS CLI is a unified tool to manage AWS services & control multiple services from the command line & automate them through scripts. CLI |
X-Ray | X-Ray helps developers analyze & debug production, distributed applications, such as those built using a microservices architecture. X-Ray |
Migration & Transfer services
Service | Description |
Migration Evaluator | Build a data-driven business case for AWS. ME |
Migration Hub | Migration Hub provides a single location to track the progress of app migrations across multiple AWS & partner solutions. MigrationHub |
Application Discovery Service | Application Discovery Service helps enterprise customers plan migration projects by gathering information about their on-premises data centers. ADS |
Server Migration Service (SMS) | SMS is an agentless service which makes it easier & faster to migrate thousands of on-premises workloads to AWS. SMS |
Database Migration Service (DMS) | DMS helps migrate databases to AWS quickly & securely. DMS |
CloudEndure Migration | CloudEndure Migration simplifies, expedites, & reduces the cost of cloud migration by offering a highly automated lift-&-shift solution. CloudEndure |
VMware Cloud on AWS | Refer compute section. |
DataSync | Refer storage section. |
Transfer Family | Refer storage section. |
Snow Family | Refer storage section. |
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
SDKs & Toolkits
Service | Description |
CDK | CDK uses the familiarity & expressive power of programming languages for modeling apps. CDK |
Corretto | Corretto is a no-cost, multiplatform, production-ready distribution of the OpenJDK. Corretto |
Crypto Tools | Cryptography is hard to do safely & correctly. The AWS Crypto Tools libraries are designed to help everyone do cryptography right, even without special expertise. Crypto Tools |
Serverless Application Model (SAM) | SAM is an open-source framework for building serverless applications. It provides shorthand syntax to express functions, APIs, databases, & event source mappings. SAM |
Tools for developing and managing applications on AWS |
Security, Identity, & Compliance
Category | Use cases | Service | Description |
Identity & access management | Securely manage access to services and resources | Identity & Access Management (IAM) | IAM is a web service for safely controlling access to AWS services. IAM |
Securely manage access to services and resources | Single Sign-On | SSO helps in simplifying, managing SSO access to AWS accounts & business applications. SSO | |
Identity management for apps | Cognito | Cognito lets you add user sign-up, sign-in, & access control to web & mobile apps quickly and easily. Cognito | |
Managed Microsoft Active Directory | Directory Service | AWS Managed Microsoft Active Directory (AD) enables your directory-aware workloads & AWS resources to use managed Active Directory (AD) in AWS. DirectoryService | |
Simple, secure service to share AWS resources | Resource Access Manager | Resource Access Manager (RAM) is a service that enables you to easily & securely share AWS resources with any AWS account or within AWS Organization. RAM | |
Central governance and management across AWS accounts | Organizations | Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Orgs | |
Detection | Unified security and compliance center | Security Hub | Security Hub gives a comprehensive view of security alerts & security posture across AWS accounts. SecurityHub |
Managed threat detection service | GuardDuty | GuardDuty is a threat detection service that continuously monitors for malicious activity & unauthorized behavior to protect AWS accounts, workloads, & data stored in S3. GuardDuty | |
Analyze application security | Inspector | Inspector is a security vulnerability assessment service improves the security & compliance of the AWS resources. Inspector | |
Record and evaluate configurations of your AWS resources | Config | Config is a service that enables to assess, audit, & evaluate the configurations of AWS resources. Config | |
Track user activity and API usage | CloudTrail | CloudTrail is a service that enables governance, compliance, operational auditing, & risk auditing of AWS account. CloudTrail | |
Security management for IoT devices | IoT Device Defender | IoT Device Defender is a fully managed service that helps secure fleet of IoT devices. IoTDD | |
Infrastructure protection | DDoS protection | Shield | Shield is a managed DDoS protection service that safeguards apps running. It provides always-on detection & automatic inline mitigations that minimize application downtime & latency. Shield |
Filter malicious web traffic | Web Application Firewall (WAF) | WAF is a web application firewall that helps protect web apps or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. WAF | |
Central management of firewall rules | Firewall Manager | Firewall Manager eases the user AWS WAF administration & maintenance activities over multiple accounts & resources. FirewallManager | |
Data protection | Discover and protect your sensitive data at scale | Macie | Macie is a fully managed data (security & privacy) service that uses ML & pattern matching to discover & protect sensitive data. Macie |
Key storage and management | Key Management Service (KMS) | KMS makes it easy for to create & manage cryptographic keys & control their use across a wide range of AWS services & in your applications. KMS | |
Hardware based key storage for regulatory compliance | CloudHSM | CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate & use your own encryption keys. CloudHSM | |
Provision, manage, and deploy public and private SSL/TLS certificates | Certificate Manager | Certificate Manager is a service that easily provision, manage, & deploy public and private SSL/TLS certs for use with AWS services & internal connected resources. ACM | |
Rotate, manage, and retrieve secrets | Secrets Manager | Secrets Manager assist the user to safely encode, store, & recover credentials for any user’s database & other services. SecretsManager | |
Incident response | Investigate potential security issues | Detective | Detective makes it easy to analyze, investigate, & quickly identify the root cause of potential security issues or suspicious activities. Detective |
Fast, automated, cost- effective disaster recovery | CloudEndure Disaster Recovery | Provides scalable, cost-effective business continuity for physical, virtual, & cloud servers. CloudEndure | |
Compliance | No cost, self-service portal for on-demand access to AWS’ compliance reports | Artifact | Artifact is a web service that enables the user to download AWS security & compliance records. Artifact |
Data Lakes & Analytics
Category | Use cases | Service | Description |
Analytics | Interactive analytics | Athena | Athena is an interactive query service that makes it easy to analyze data in S3 using standard SQL. Athena |
Big data processing | EMR | EMR is the industry-leading cloud big data platform for processing vast amounts of data using open source tools such as Apache Spark, Hive, HBase,Flink, Hudi, & Presto. EMR | |
Data warehousing | Redshift | The most popular & fastest cloud data warehouse. Redshift | |
Real-time analytics | Kinesis | Kinesis makes it easy to collect, process, & analyze real-time, streaming data so one can get timely insights. Kinesis | |
Operational analytics | Elasticsearch Service | Elasticsearch Service is a fully managed service that makes it easy to deploy, secure, & run Elasticsearch cost effectively at scale. ES | |
Dashboards & visualizations | Quicksight | QuickSight is a fast, cloud-powered business intelligence service that makes it easy to deliver insights to everyone in organization. QuickSight | |
Data movement | Real-time data movement | 1) Amazon Managed Streaming for Apache Kafka (MSK) 2) Kinesis Data Streams 3) Kinesis Data Firehose 4) Kinesis Data Analytics 5) Kinesis Video Streams 6) Glue | MSK is a fully managed service that makes it easy to build & run applications that use Apache Kafka to process streaming data. MSK KDS KDF KDA KVS Glue |
Data lake | Object storage | 1) S3 2) Lake Formation | Lake Formation is a service that makes it easy to set up a secure data lake in days. A data lake is a centralized, curated, & secured repository that stores all data, both in its original form & prepared for analysis. S3 LakeFormation |
Backup & archive | 1) S3 Glacier 2) Backup | S3 Glacier & S3 Glacier Deep Archive are a secure, durable, & extremely low-cost S3 cloud storage classes for data archiving & long-term backup. S3Glacier | |
Data catalog | 1) Glue 2)) Lake Formation | Refer as above. | |
Third-party data | Data Exchange | Data Exchange makes it easy to find, subscribe to, & use third-party data in the cloud. DataExchange | |
Predictive analytics && machine learning | Frameworks & interfaces | Deep Learning AMIs | Deep Learning AMIs provide machine learning practitioners & researchers with the infrastructure & tools to accelerate deep learning in the cloud, at any scale. DeepLearningAMIs |
Platform services | SageMaker | SageMaker is a fully managed service that provides every developer & data scientist with the ability to build, train, & deploy machine learning (ML) models quickly. SageMaker |
Containers
Use cases | Service | Description |
Store, encrypt, and manage container images | ECR | Refer compute section |
Run containerized applications or build microservices | ECS | Refer compute section |
Manage containers with Kubernetes | EKS | Refer compute section |
Run containers without managing servers | Fargate | Fargate is a serverless compute engine for containers that works with both ECS & EKS. Fargate |
Run containers with server-level control | EC2 | Refer compute section |
Containerize and migrate existing applications | App2Container | App2Container (A2C) is a command-line tool for modernizing .NET & Java applications into containerized applications. App2Container |
Quickly launch and manage containerized applications | Copilot | Copilot is a command line interface (CLI) that enables customers to quickly launch & easily manage containerized applications on AWS. Copilot |
Serverless
Category | Service | Description |
Compute | Lambda | Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. |
Lambda@Edge | Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance & reduces latency. | |
Fargate | Refer containers section | |
Storage | S3 | Refer storage section |
EFS | Refer storage section | |
Data stores | DynamoDB | DynamoDB is a key-value & document database that delivers single-digit millisecond performance at any scale. |
Aurora Serverless | Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora (MySQL & PostgreSQL-compatible editions), where the database will automatically start up, shut down, & scale capacity up or down based on your application’s needs. | |
RDS Proxy | RDS Proxy is a fully managed, highly available database proxy for RDS that makes applications more scalable, resilient to database failures, & more secure. | |
API Proxy | API Gateway | API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, & secure APIs at any scale. |
Application integration | SNS | SNS is a fully managed messaging service for both system-to-system & app-to-person (A2P) communication. |
SQS | SQS is a fully managed message queuing service that enables to decouple & scale microservices, distributed systems, & serverless applications. | |
AppSync | AppSync is a fully managed service that makes it easy to develop GraphQL APIs by handling the heavy lifting of securely connecting to data sources like AWS DynamoDB, Lambda. | |
EventBridge | EventBridge is a serverless event bus that makes it easy to connect applications together using data from apps, integrated SaaS apps, & AWS services. | |
Orchestration | Step Functions | Step Functions is a serverless function orchestrator that makes it easy to sequence Lambda functions & multiple AWS services into business-critical applications. |
Analytics | Kinesis | Kinesis makes it easy to collect, process, & analyze real-time, streaming data so one can get timely insights. |
Athena | Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. |
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Application Integration
Category | Service | Description |
Messaging | SNS | Reliable high throughput pub/sub, SMS, email, and mobile push notifications |
SQS | Message queue that sends, stores, and receives messages between application components at any volume | |
MQ | Message broker for Apache ActiveMQ that makes migration easy and enables hybrid architectures | |
Workflows | Step Functions | Coordinate multiple AWS services into serverless workflows so you can build and update apps quickly |
API management | API Gateway | Create, publish, maintain, monitor, & secure APIs at any scale for serverless workloads & web apps |
AppSync | Create a flexible API to securely access, manipulate, & combine data from one or more data sources | |
Event bus | EventBridge | Build an event-driven architecture that connects application data from your own apps, SaaS, & AWS services |
AppFlow | Automate the flow of data between SaaS applications & AWS services at nearly any scale, without code. |
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
Management & Governance Services
Category | Service | Description |
Enable | Control Tower | The easiest way to set up and govern a new, secure multi-account AWS environment. ControlTower |
Organizations | Organizations helps centrally govern environment as you grow & scale workloads on AWS Organizations | |
Well-Architected Tool | Well-Architected Tool helps review the state of workloads & compares them to the latest AWS architectural best practices. WATool | |
Budgets | Budgets allows to set custom budgets to track cost & usage from the simplest to the most complex use cases. Budgets | |
License Manager | License Manager makes it easier to manage software licenses from software vendors such as Microsoft, SAP, Oracle, & IBM across AWS & on-premises environments. LicenseManager | |
Provision | CloudFormation | CloudFormation enables the user to design & provision AWS infrastructure deployments predictably & repeatedly. CloudFormation |
Service Catalog | Service Catalog allows organizations to create & manage catalogs of IT services that are approved for use on AWS. ServiceCatalog | |
OpsWorks | OpsWorks presents a simple and flexible way to create and maintain stacks and applications. OpsWorks | |
Marketplace | Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, & deploy software that runs on AWS. Marketplace | |
Operate | CloudWatch | CloudWatch offers a reliable, scalable, & flexible monitoring solution that can easily start. CloudWatch |
CloudTrail | CloudTrail is a service that enables governance, compliance, operational auditing, & risk auditing of AWS account. CloudTrail | |
Config | Config | |
Systems Manager | Systems Manager to plan, proctor, & automate administration tasks on the AWS resources. SystemsManager | |
Cost & usage report | Refer cost management section | |
Cost explorer | Refer cost management section | |
Managed Services | Operate your AWS infrastructure on your behalf. ManagedServices | |
X Ray | X-Ray |
AWS CCP CLF-C01 on Android – AWS CCP CLF-C01 on iOS – AWS CCP CLF-C01 on Windows 10/11
AWS Recommended security best practices
Turn on multifactor authentication for the “root” account |
Turn on CloudTrail log file validation. |
Enable CloudTrail multi-region logging. |
Integrate CloudTrail with CloudWatch. |
Enable access logging for CloudTrail S3 buckets. |
Enable access logging for Elastic Load Balancer (ELB). |
Enable Redshift audit logging. |
Enable Virtual Private Cloud (VPC) flow logging. |
Require multifactor authentication (MFA) to delete CloudTrail buckets |
Enable CloudTrail logging across all AWS. |
Turn on multi-factor authentication for IAM users. |
Enable IAM users for multi-mode access. |
Attach IAM policies to groups or roles |
Rotate IAM access keys regularly, and standardize on the selected number of days |
Set up a strict password policy. |
Set the password expiration period to 90 days and prevent reuseCustomer Visualforce pages with standard headers |
Don’t use expired SSL/TLS certificates |
User HTTPS for CloudFront distributions |
Restrict access to CloudTrail bucket. |
Encrypt CloudTrail log files at rest |
Encrypt Elastic Block Store (EBS) database. |
Provision access to resources using IAM roles. |
Ensure EC2 security groups don’t have large ranges of ports open |
Configure EC2 security groups to restrict inbound access to EC2. |
Avoid using root user accounts. |
Use secure SSL ciphers when connecting between the client and ELB. |
Use secure SSL versions when connecting between client and ELB. |
Use a standard naming (tagging) convention for EC2. |
Encrypt RDS. |
Ensure access keys are not being used with root accounts. |
Use secure CloudFront SSL versions. |
Enable the require_ssl parameter in all Redshift clusters. |
Rotate SSH keys periodically. |
Minimize the number of discrete security groups. |
Reduce number of IAM groups. |
Terminate unused access keys |
Disable access for inactive or unused IAM users |
Remove unused IAM access keys |
Delete unused SSH Public Keys |
Restrict access to AMIs. |
Restrict access to EC2 security groups. |
Restrict access to RDS instances. |
Restrict access to Redshift clusters. |
Restrict outbound access. |
Disallow unrestricted ingress access on uncommon ports. |
Restrict access to well-known ports such as CIFS, FTP, ICMP, SMTP, SSH, Remote desktop |
Inventory & categorize all existing custom apps by the types of data stored, compliance requirements & possible threats they face. |
Involve IT security throughout the development process. |
Grant the fewest privileges as possible for application users |
Enforce a single set of data loss prevention policies across custom applications and all other cloud services. |
Encrypt highly sensitive data such as protected health information (PHI) or personally identifiable information (PII). |
AWS RE:INVENT 2021 – LATEST PRODUCTS AND SERVICES ANNOUNCED:
1- Read For Me
Read For Me launched at the 2021 AWS re:Invent Builders’ Fair in Las Vegas. A web application which helps the visually impaired ‘hear documents. With the help of AI services such as Amazon Textract, Amazon Comprehend, Amazon Translate and Amazon Polly utilizing an event-driven architecture and serverless technology, users upload a picture of a document, or anything with text, and within a few seconds “hear” that document in their chosen language.

2- Delivering code and architectures through AWS Proton and Git
Infrastructure operators are looking for ways to centrally define and manage the architecture of their services, while developers need to find a way to quickly and safely deploy their code. In this session, learn how to use AWS Proton to define architectural templates and make them available to development teams in a collaborative manner. Also, learn how to enable development teams to customize their templates so that they fit the needs of their services.
3- Accelerate front-end web and mobile development with AWS Amplify
User-facing web and mobile applications are the primary touchpoint between organizations and their customers. To meet the ever-rising bar for customer experience, developers must deliver high-quality apps with both foundational and differentiating features. AWS Amplify helps front-end web and mobile developers build faster front to back. In this session, review Amplify’s core capabilities like authentication, data, and file storage and explore new capabilities, such as Amplify Geo and extensibility features for easier app customization with AWS services and better integration with existing deployment pipelines. Also learn how customers have been successful using Amplify to innovate in their businesses.
3- Train ML models at scale with Amazon SageMaker, featuring Aurora
Today, AWS customers use Amazon SageMaker to train and tune millions of machine learning (ML) models with billions of parameters. In this session, learn about advanced SageMaker capabilities that can help you manage large-scale model training and tuning, such as distributed training, automatic model tuning, optimizations for deep learning algorithms, debugging, profiling, and model checkpointing, so that even the largest ML models can be trained in record time for the lowest cost. Then, hear from Aurora, a self-driving vehicle technology company, on how they use SageMaker training capabilities to train large perception models for autonomous driving using massive amounts of images, video, and 3D point cloud data.
AWS RE:INVENT 2020 – LATEST PRODUCTS AND SERVICES ANNOUNCED:
1-Modernize log analytics with Amazon Elasticsearch Service
4- Amazon Location Service: Enable apps with location features
5- Automate, track, and manage tasks with Amazon Connect Tasks
6- Solve customer issues quickly with Amazon Connect Wisdom
7- Introducing Amazon Managed Service for Grafana:
Prometheus is a popular open-source monitoring and alerting solution optimized for container environments. Customers love Prometheus for its active open-source community and flexible query language, using it to monitor containers across AWS and on-premises environments. Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service. In this session, learn how you can use the same open-source Prometheus data model, existing instrumentation, and query language to monitor performance with improved scalability, availability, and security without having to manage the underlying infrastructure.
AWS CloudShell is a free, browser-based shell available from the AWS console that provides a simple way to interact with AWS resources through the AWS command-line interface (CLI). In this session, see an overview of both AWS CloudShell and the AWS CLI, which when used together are the fastest and easiest ways to automate tasks, write scripts, and explore new AWS services. Also, see a demo of both services and how to quickly and easily get started with each.
12-AWS Fault Injection Simulator: Fully managed chaos engineering service