AWS DEV: Quizzes, Cheat Sheets, Flash Cards, Mock Exams, FAQs

1

Distributed Session Management
When dealing with session state in EC2-based applications using Elastic load balancers, distributed Session Management is generally thought of as the best practice for managing user sessions :
Having the ELB distribute traffic to all EC2 instances and then having the instance check a caching solution like ElastiCache running Redis or Memcached for session information

2

Security Token, Access Key ID, Secret Access Key
When requested through an STS API call, credentials are returned with Security Token, Access Key ID, Secret Access Key

3

AWS Secrets Manager
AWS Secrets Manager helps to protect the credentials needed to access databases, applications, services, and other IT resources. The service enables users to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to the Secrets Manager APIs, eliminating the need to hard code sensitive information in plaintext. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB.

4

Resource Policy
A resource policy can be used to grant API access to one AWS account to users in a different AWS account using Signature Version 4 (SigV4) protocols.

5

AWS Lambda function's execution role
An AWS Lambda function's execution role grants it permission to access AWS services and resources. Users provide this role when a function is created, and Lambda assumes the role when a function is invoked.

6

Snapshots
If a user copies an encrypted snapshot, the copy of the snapshot must also be encrypted. If a user copies an encrypted snapshot across Regions, users cannot use the same AWS KMS encryption key for the copy as used for the source snapshot, because KMS keys are Region-specific. Instead, users must specify a KMS key that is valid in the destination Region.

7

Lazy loading
Lazy loading is a concept where the loading of a record is delayed until it is needed. Lazy loading first checks the cache. If a record is not present, lazy loading retrieves the record from the database, and then stores the record in the cache.

8

EC2 instance key rotation
If an EC2 instance uses an instance role, key rotation is automatic and handled by IAM/STS.

9

VPC endpoints for Amazon S3
VPC endpoints for Amazon S3 provide secure connections to S3 buckets that do not require a gateway or NAT instances. NAT Gateways and Internet Gateways still route traffic over the Internet to the public endpoint for Amazon S3. There is no way to connect to Amazon S3 via VPN.

10

Retrieve User Data from running EC2
To retrieve user data from within a running instance, use the following URI:http://169.254.169.254/latest/user-data