Amazon Web Services (AWS) & Microsoft Azure


  • 'docker ps -a' to show containers status
    • Up = Running
  • To kill the container use 'docker kill [NAMES]'


  • Task roles is the best practice way of providing permissions to running containers on ECS.

  • ECS Fargate mode should be used if want as little admin overhead as possible.

  • ECS Service is used to configure scaling and HA for containers.

  • 3 cluster modes are available within ECS:
    • Network Only (Fargate)
    • EC2 Linux + Networking
    • EC2 Windows + Networking
  • Docker is the only container platform supported by Amazon ECS at this time.

  • Container images store in a container registry.

  • The advantages/benefits of container are Fast to startup, Portable, and Lightweight.
Bootstrapping Wordpress Installation:

  • A Dev has been asked to build a real-time dashboard web application to visualize the key prefixes and storage size of objects in Amazon S3 buckets. Amazon DynamoDB will be used to store the Amazon S3 metadata. The optimal and MOST cost-effective design to ensure that the real-time dashboard is kept up to date with the state of the objects in the Amazon S3 buckets is Use an Amazon CloudWatch event backed by an AWS Lambda function. Issue an Amazon S3 API call to get a list of all Amazon S3 objects and persist the metadata within DynamoDB. Have the web application poll the DynamoDB table to reflect this change.

  • An on-premises application is implemented using a Linux, Apache, Mysql, and Php (LAMP) stack. The Dev wants to run this application in AWS. Amazon EC2 and Aurora can be used to run this stack.

  • A dev is building a backend system for the long-term storage of information from an inventory management system. The information needs to be stored so that other teams can build tools to report and analyze the data. To achieve the FASTEST running time the dev should Create an AWS Lambda function that writes to Amazon S3 synchronously. Set the inventory system to retry failed requests.

  • A Dev is working on an application that handles 10MB documents that contain highly-sensitive data. The application will use AWS KMS to perform client-side encryption. Should Invoke the GenerateDataKey API to retrieve the plaintext version of the data encryption key to encrypt the data.
    GenerateDataKey API: Generates a unique data key. This operation returns a plaintext copy of the data key and a copy that is encrypted under a Customer Master Key (CMK) that specify. Can use the plaintext key to encrypt data outside of KMS and store the encrypted data key with the encrypted data.

  • A dev is using AWS CodeDeploy to deploy an application running on Amazon EC2. The dev wants to change the file permissions for a specific deployment file. To meet this requirement a dev should use AfterInstall lifecycle event.

  • An application ingests a large number of small messages and stores them in a database. The application uses AWS Lambda. A dev team is making changes to the application's processing logic. In testing, it is taking more than 15 mins to process each message. The team is concerned the current backend may time out. To ensure each message is processed in the MOST scalable way to the backend system should Add the messages to an Amazon SQS queue. Set up an Amazon EC2 instance to poll the queue and process messages as they arrive.

  • A dev has discovered that an application responsible for processing messages in an Amazon SQS queue is routinely falling behind. The application is capable of processing multiple messages in one execution, but is only receiving one message at a time. To increase the number of messages the application receives the dev should Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a value greater than the default of 1.

  • A dev is writing an AWS Lambda function. The dev wants to log key events that occur during the Lambda function and include a unique identifier to associate the events with a specific function invocation. To help the dev accomplish this objective should Obtain the request identifier from the Lambda context object. Architect the application to write logs to the console.

  • A dev is trying to monitor an application's status by running a cron job that returns 1 if the service is up and 0 if the service is down. The dev created code that uses an AWS CLI put-metric-alarm command to publish the custom metrics to Amazon CloudWatch and create an alarm. However the dev is unable to create an alarm as the custom metrics do not appear in the CloudWatch console. This issue cause from The dev needs to use the put-metric-data command.

  • A company runs an e-commerce website that uses Amazon DynamoDB where pricing for items is dynamically updated in real time. At any given time, multiple updates may occur simultaneously for pricing information on a particular product. This is causing the original editor's changes to be overwritten without a proper review process. To prevent this overwriting should use DynamoDB Conditional writes option.

  • Company C provides an online image recognition service and utilizes SQS to decouple system components for scalability. The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible. However, Company C is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. Company C can reduce the number of empty responses by Set the Imaging queue ReceiveMessageWaitTimeSeconds attribute to 20 sec.

  • A dev has created a REST API using Amazon API Gateway. The dev wants to log who and how each caller accesses the API. The dev also wants to control how long the logs are kept. To meet these requirements the dev should Enable API Gateway execution logging. Delete old logs using API Gateway retention settings.

  • Company D is currently hosting their corporate site in an Amazon S3 bucket with Static Website Hosting enabled. Currently, when visitors go to the index.html page is returned. Company D now would like a new page welcome.html to be returned when a visitor enters in the browser. The steps will allow Company D to meet this requirement are:
    • Upload an html page named welcome.html to their S3 bucket
    • Set the Index Document property to welcome.html.
  • A company is launching an ecommerce website and will host the static data in Amazon S3. The company expects approximately 1,000 Transactions Per Second (TPS) for GET and PUT requests in total. Logging must be enabled to track all requests and must be retained for auditing purposes. The MOST cost-effective solution is Enable AWS CloudTrail logging for the S3 bucket-level action and create a lifecycle policy to expire the data in 90 days.
Last edited:







  • An application takes 40 sec to process instructions received in an Amazon SQS message. Assuming the SQS queue is configured with the default VisibilityTimeout value, upon receiving a message, to ensure that no other instances can retrieve a message that has already been processed or is currently being processed, the BEST way is Use the ChangeMessageVisibility API to increase the VisibilityTimeout, then use the DeleteMessage API to delete the message.

  • A Dev needs to deploy an application running on AWS Fargate using Amazon ECS. The application has environment variables that must be passed to a container for the application to initialize. The environment variables should be passed to the container by Define an array that includes the environment variables under the environment parameter within the task definition.

  • A company is developing a web application that allows its employees to upload a profile picture to a private Amazon S3 bucket. There is no size limit for the profile pictures, which should be displayed every time an employee log in. For security reasons, the pictures cannot be publicly accessible. A viable long-term solution for this scenario is Save the picture's S3 key in an Amazon DynamoDB table. Create an Amazon S3 VPC endpoint to allow the employees to download pictures once they log in.

  • A dev creates an Amazon S3 bucket to store project status files that are uploaded hourly. The dev also crates an AWS Lambda function that will be used to process the project status files. To invoke the function with the LEAST amount of AWS infrastructure the dev should Create an S3 event notification to invoke the function when a new object is created in the S3 bucket.

  • A dev from AnyCompany's AWS account needs access to the Example Corp. AWS account AnyCompany uses an identity provider that is compatible with OpenID Connect. The MOST secure way for Example Corp to allow dev access is Create a user in the Example Corp account and provide the access keys.

  • A dev is designing a distributed application built using a microservices architect spanning multiple AWS accounts. The company's operations team wants to analyze and debug application issues from a centralized account. The dev can meet these requirements by Use an Amazon X-Ray agent with role assumption on to publish data into the centralized account.

  • The Dev for a retail company must integrate a fraud detection solution into the order processing solution. The fraud detection solution takes between ten and thirty mins to verify an order. At peak, the web site can receive one hundred orders per min. The most scalable method to add the fraud detection solution to the order processing pipeline is Add all new orders to an SQS queue. Configure an Auto Scaling group that uses the queue depth metric as its unit of scale to launch a dynamically-sized fleet of EC2 instances spanning multiple AZs with the fraud detection solution installed on them to pull orders from this queue. Update the order with a pass or fails status.

  • An on-premises application makes repeated calls to store files to Amazon S3. As usage of the application has increased, "LimitExceeded" errors are being logged. To fix this error should be Implement exponential backoffs in the application.

  • A dev is working on an AWS Lambda function that accesses Amazon DynamoDB. The Lambda function must retrieve an item and update some of its attributes or create the item if it does not exist. The Lambda function has access to the primary key. To achieve this functionality the dev should request:
    dynamodb: PutItem

  • A company wants to make sure that only one user from its Admin group has the permanent right to delete an Amazon EC2 resource. There should be no changes in the existing policy under the Admin group. To meet these requirements a dev should use Inline policy.

  • A Dev wants to debug an application by searching and filtering log data. The application logs are stored in Amazon CloudWatch Logs. The Dev creates a new metric filter to count exceptions in the application logs. However, no result are returned from the logs. The reason that no filtered results are being returned is CloudWatch Logs only publishes metric data for events that happen after the filter is created.

  • A supplier is writing a new RESTful API for customers to query the status of orders. The customers requested the API endpoint. The application designs meet the requirements are Amazon API Gateway; AWS Lambda and Amazon S3; Amazon CloudFront.

  • An application on AWS is using third-party APIs. The Dev needs to monitor API errors in the code, and wants to receive notifications if failures go above a set threshold value. The Dev can achieve these requirements by Publish a custom metric on Amazon CloudWatch and use Amazon SNS for notification.

  • Company B has an S3 bucket containing premier content that they intend to make available to only paid subscribers of their website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors. Company B can provide only paid subscribers the ability to download a premier content file in the S3 bucket by Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.

  • The format of structured notification messages sent by Amazon SNS is An JSON object containing MessageId, unsubscribeURL, Subject, Message and other values.

  • A dev has built an application using Amazon Cognito for authentication and authorization. After a user is successfully logged in to the application, the application creates a user record in an Amazon DynamoDB table. The correct flow to authenticate the user and create a record in the DynamoDB table is Authenticate and get a token from an Amazon Cognito identity pool. Use the token to access DynamoDB.

  • A dev is building an application. The application's front end is developed in JavaScript, and the data is stored in an Amazon DynamoDB table. During testing, the application returns an HTTP 5xx error from the strongly consistent reads to the DynamoDB table; "Internal server error (Service: AmazonDynamoDBv2. Status Code: 500; Error Code; InternalServerError)." Actions the developer should take to mitigate this error are Avoid strongly consistent reads and Retry the failed read requests with exponential backoff.

  • A dev is building a serverless application using AWS Lambda and must create a REST API using an HTTP GET method. To be defined to meet this requirement needs An Amazon API Gateway with a Lambda function and An exposed GET method in Amazon Route 53.

  • An application runs on multiple EC2 instances behind an ELB. The session data best written so that it can be served reliably across multiple requests is Write data to Amazon EC2 Instance Store.
Last edited:


  • Enhanced Networking Provide Higher Packets Per Second (PPS), Consistent Low Latency, and High Throughput benefits.

  • Cluster placement group:
    • should be used when need the best performance within EC2
    • Only one AZ can be used
  • Spread placement group
    • is ideal when need the best levels of resilience
    • 7 instances Per AZ can be
  • If run a large application which uses 100's of EC2 instances and it needs exposure to physical location for performance and availability reasons. Should use Partition placement group.

  • Can permissions be provided to an application running in EC2 using best practices by Instance Profile & IAM Role.

  • There is no charge for EC2 instances running on a dedicated host and the host is dedicated to you.

  • EC2 user-data feature allows to provide commands that the instance will run at startup.

  • Commands specified in user-data get executed Once when the instance is provisioned.


  • nonportable.yaml:
        Type: 'AWS::S3::Bucket'
          BucketName: 'dogpics1337'
        Type: 'AWS::EC2::Instance'
          KeyName: 'A4L'
          InstanceType: 't2.micro'
          ImageId: 'ami-0c802847a7dd848c0' > for Singapore Region









  • A Dev is going to deploy an AWS Lambda function that requires significant CPU utilization. Approach will MINIMIZE the average runtime of the function is Deploy the function with its memory allocation set to the maximum amount.

  • A Dev is trying to make API calls using SDK. The IAM user credentials used by the application require multi-factor authentication for all API calls. Method the Dev use to access the multi-factor authentication protected API is GetCallerIdentity.

  • A Dev has created a software package to be deployed on multiple EC2 instances using IAM roles. Actions could be performed to verify IAM access to get records from Amazon Kenesis Streams are Use the AWS CLI to retrieve the IAM group and Validate the IAM role policy with the IAM policy simulator.

  • A Dev needs temporary access to resources in a second account. The MOST secure way to achieve this is Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.

  • An application stores images in an S3 bucket. Amazon S3 event notifications are used to trigger a Lambda function that resizes the images. Processing each image takes less than a second. AWS Lambda will handle the additional traffic by scale out to execute the requests concurrently.

  • An application reads data from an Amazon DynamoDB table. Several times a day, for a period of 15 sec, the application receives multiple ProvisionedThroughputEceeded errors. This exception should be handled by Retry the failed read requests with exponential backoff.

  • An application uploads photos to an Amazon S3 bucket. Each photo that is uploaded to the S3 bucket must be resized to a thumbnail image by the application. Each thumbnail image is uploaded with a new name in the same S3 bucket. Service can a dev configure to directly process each single S3 event for each S3 object upload is AWS Lambda.

  • When a Dev tries to run an AWS CodeBuild project, it raises an error because the length of all environment variables exceeds the limit for the combined maximum of characters. The recommended solution is Use AWS Systems Manager Parameter Store to store large numbers of environment variables.

  • A dev is working on a web application that runs on Amazon Elastic Container Service (Amazon ECS) and uses an Amazon DynamoDB table to store data. The application performs a large number of read requests against a small set of the table data. The dev can improve the performance of these requests by:
    • Create an Amazon ElastiCache cluster. Configure the application to cache data in the cluster.
    • Increase the read capacity of the DynamoDB table.
  • A company has a three-tier application that is deployed in Amazon ECS. The application is using an Amazon RDS for MySQL DB instance. The application performs more database reads than writes. During times of peak usage, the application's performance degrades. When this performance degradation occurs, the DB instance's ReadLatency metric in Amazon CloudWatch increases suddenly. A dev should modify the application to improve performance by Use Amazon ElastiCache to cache query results.

  • A Dev team currently supports an application that uses an in-memory store to save accumulated game results. Individual results are stored in a database. As part of migrating to AWS, the team needs to use automatic scaling. The team knows this will yield inconsistent results. The team should store these accumulated game results to BEST allow for consistent results without impacting performance in Amazon ElastiCache.

  • A dev registered an AWS Lambda function as a target for an Application Load Balancer (ALB) using a CLI command. However, the Lambda function is not being invoked when the client sends requests through the ALB. The Lambda function is not being invoked because The permissions to invoke the Lambda function are missing.

  • DynamoDB uses optimistic concurrency control and conditional writes for consistency.

  • A company is developing an application that will be accessed through the Amazon API Gateway REST API. Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically. A dev can meet these requirements by Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.

  • A dev is building an application that reads 90 Items of data each second from an Amazon DynamoDB table. Each item is 3 KB in size. The table is configured to use eventually consistent reads. Read capacity units should the dev provision for the table is (Size of each item at 4KB increments) x 90 Items / 8 = 45 RCUs.
Last edited:


  • nonportable.json
  • portable-stage1.json
  • portable-stage2.json
  • portable-stage3.json












  • 1_userdata.yaml
  • 2_userdata with signal.yaml
  • 3_cfninit with signal.yaml
  • 4_cfninit with signal and cfnhup.yaml

  • When a Simple Queue Service (SQS) message triggers a task that takes 5 mins to complete, process will result in successful processing of the message and remove it from the queue while minimizing the chances of duplicate processing is Retrieve the message with an increased visibility timeout, process the message, delete the message from the queue.

  • A Dev is asked to implement a caching layer in front of Amazon RDS. Cached content is expensive to regenerate in case of service failure. Implementation would work while maintaining maximum uptime is Implement Amazon ElastiCache Redis in Cluster Mode.

  • A company is developing a serverless ecommerce web application. The application needs to make coordinated, all-or-nothing changes to multiple items in the company's inventory table in Amazon DynamoDB. Solution will meet these requirements is Use the TransactWriteitem operation to group the changes. Update the items in the table.

  • A company has a web application in an Amazon Elastic Container Service (Amazon ECS) cluster running hundreds of secure services in AWS Fargate containers. The services are in target groups routed by an Application Load Balancer (ALB). Application users log in to the website anonymously, but they must be authenticated using any OpenID Connect protocol-compatible identity provider (IdP) to access the secure services. Authentication approach would meet these requirements with the LEAST amount of effort by Configure the services to use Amazon Cognito.

  • The programming languages have an officially supported AWS SDK are PHP and Java.

  • A team of Dev must migrate an application running inside an AWS Elastic Beanstalk environment from a Classic Load Balancer to an Application Load Balancer. Steps should be taken to accomplish the task using the AWS Management Console are:
    1. Create a new environment with the same configurations except for the load balancer type.
    2. Deploy the same application version as used in the original environment.
    3. Run the swap-environment-cnames action.
By default, Elastic Beanstalk creates an Application Load Balancer for environment when enable load balancing with the Elastic Beanstalk console or the EB CLI. It configures the load balancer to listen for HTTP traffic on port 80 and forward this traffic to instances on the same port. Can choose the type of load balancer that environment uses only during environment creation. Later, can change settings to manage the behavior of running environment's load balancer, but can't change its type.​
  • Application is trying to upload a 6 GB file to Simple Storage Service and receive a 'Proposed upload exceeds the maximum allowed object size.' error message. A possible solution for this is Use the multi-part upload API for this object.

  • A Dev is writing an imaging micro service on AWS Lambda. The service is dependent on several libraries that are not available in the Lambda runtime environment. Strategy should the Dev follow to create the Lambda deployment package is Create a ZIP file with the source code and a script that installs the dependent libraries at runtime.

  • A company is running an application on AWS Elastic Beanstalk in a single-instance environment. The company's deployments must avoid any downtime. Deployment option will meet these requirements is Immutable.

  • A dev is building a static, client-side rendered website that is powered by ReactJS. The code has no server-side generated components and does not need to run any programming languages on the server. However, the code serves static HTML, CSS, and JavaScript to the client on each request. The dev's solution to host the website must maximize performance and cost-effectiveness. Combination of AWS services or resources should the dev use to meet these requirements are Amazon CloudFront and Amazon S3.

  • A dev team decides to adopt a Continuous Integration/Continuous Delivery (CI/CD) process using AWS CodePipeline and AWS CodeCommit for a new application. However, management wants a person to review and approve the code before it is deployed to production. The dev team can add a manual approver to the CI/CD pipeline by Add an approval action to the pipeline. Configure the approval action to publish to an Amazon SNS topic when approval is required. The pipeline execution will stop and wait for an approval.

  • While developing an application that runs on Amazon EC2 in an Amazon VPC, a Dev identifies the need for centralized storage of application-level logs. AWS service can be used to securely store these logs is Amazon CloudWatch Logs.

  • Custom libraries should be utilized in AWS Lambda by Modify the function runtime to include the necessary library.

  • Given the following AWS CloudFormation template:
    Description: Creates a new Amazon S3 bucket for shared content. Uses a random bucket name to avoid conflicts.
        Type: AWS::S3::Bucket
          Value: !Ref ContentBucket
    The MOST efficient way to reference the new Amazon S3 bucket from another AWS CloudFormation template is Add an Export declaration to the outputs section of the original template and use ImportValue in other templates.
Last edited:


  • template1.yaml
  • template2.yaml

  • basicS3bucket.yaml
  • customresource.yaml

  • CloudFormation Custom Resources use to extend its funtionality or integrate it with other system.

  • Designing a system using CloudFormation which has two distinct parts. Infrastructure (which includes a VPC, subnets, gateways and configuration) and multiple application instances. Should design this using Stack Exports/Imports (cross stack references).

  • CloudFormation Stack Roles allows identities to deploy infrastructure in a controlled way, beyond their usual permissions.

  • CloudFormation Intrinsic Functions Is often used to improve portability and make a template able to adjust itself based on where it's applied.

  • CloudFormation CFN-HUP allows EC2 instances to update their configuration if a STACK changes.

  • CloudFormation CFN-SIGNAL allows an instance to tell CloudFormation when it's finished bootstrapping and configuration.

  • CloudFormation Change Sets allows it to be integrated into a Organisations Change management processes.

  • If have two stacks which are always applied together (e.g. VPC stack and App Stack) should use Nested Stacks.

  • If need to deploy Infrastructure to multiple regions and accounts should use CloudFormation Stack Sets.

  • CloudFormation DependsOn allows to influence the order of resources created by CFN.







  • A dev is writing an application to analyze the traffic to a fleet of Amazon EC2 instances. The EC2 instances run behind a public Application Load Balancer (ALB). An HTTP server runs on each of the EC2 instances, logging all requests to a log file.
    The dev wants to capture the client public IP addresses. The dev analyzes the log files and notices only the IP address of the ALB. The dev must Install the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log file to capture the client public IP addresses in the log file.

  • A dev is creating AWS CloudFormation templates to manage an application's deployment in Amazon Elastic Container Service (Amazon ECS) through AWS CodeDeploy. The dev wants to automatically deploy new versions of the application to a percentage of users before the new version becomes available for all users. The dev should manage the deployment of the new version by Deploy the new version in a new CloudFormation stack. After testing is complete, update the application's DNS records for the new stack.

  • A dev is preparing a deployment package using AWS Cloud Formation. The package consists of two separate templates: one for the infrastructure and one for the application. The application has to be inside the VPC that is crated from the infrastructure template. The application stack can refer to the VPC created from the infrastructure template by Use the Ref function to import the VPC into the application stack from the infrastructure template.

  • A dev must allow guest users without logins to access an Amazon Cognito-enabled site to view files stored within an Amazon S3 bucket. The dev should meet these requirements by Create a new user pool, enable access to unauthenticated identities, and grant access to AWS resources.

  • In a multi-container Docker environment in AWS Elastic Beanstalk, to configure container instances in the environment is required An Amazon ECS task definition.

  • A front-end web application is using Amazon Cognito user pools to handle the user authentication flow. A dev is integrating Amazon DynamoDB into the application using the AWS SDK for JavaScript. The dev would securely call the API without exposing the access or secret keys by Hardcode the credentials use Amazon S3 to host the web application, and enable server-side encryption.

  • An organization is using Amazon CloudFront to ensure that its users experience low-latency access to its web application. The organization has identified a need to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application. These requirements can be met by Use AWS KMS to encrypt traffic between CloudFront and the web application and Set the Origin Protocol Policy to "HTTPS Only".

  • A company wants to implement authentication for its new REST service using Amazon API Gateway. To authenticate the calls, each request must include HTTP headers with a client ID and user ID. These credentials must be compared to authentication data in an Amazon DynamoDB table. The company MUST do to implement this authentication in API Gateway is Implement an AWS Lambda authorizer that references the DynamoDB authentication table.

  • A comapny has an AWS Lambda function that runs hourly, reads log files that are stored in Amazon S3, and forwards alerts to Amazon Simpile Notification Service (Amazon SNS) topics based on content. A dev wants to add a custom metric to the Lambda function to track the number of alerts of each type for each run. The dev needs to log this information in Amazon CloudWatch in a metric that is named Lambda/AlertCounts. The dev should modify the Lambda function to meet this requirement with the LEAST operational overhead by Add a call to the PutMetricAlarm API operation. Pass an array of alerts in the metrics member with the namespace of "Lambda/AlertCounts".

  • A company uses a third-party tool to build, bundle, and package rts applications on-premises and store them locally. The company uses Amazon EC2 instances to run its front-end applications. An application can be deployed from the source control system onto the EC2 instances by Upload the bundle to an Amazon S3 bucket and specify the S3 location when doing a deployment using AWS CodeDeploy.

  • A company needs to ingest terabytes of data each hour from thousands of sources that are delivered almost continually throughout the day. The volume of messages generated varies over the course of the day.
    Messages must be delivered in real time for fraud detection and live operational dashboards. Approach will meet these requirements is Use Amazon Kinesis Data Streams with Kinesis Client Library to ingest and deliver messages.

  • An application is running on a cluster of Amazon EC2 instance. While trying to read objects stored within a single Amazon S3 bucket that are encrypted with server-side encryption with AWS KMS managed keys (SSE-KMS), the application receives the following error:
    Service : AWSKMS: Status Code: 400: Code : ThrottlingException
    Combination of steps should be taken to prevent this failure are:
    • Contact AWS Support to request an AWS KMS rate limit increase.
    • Import a Customer Master Key (CMK) with a larger key size.
Last edited:













  • A meteorological system monitors 600 temperature gauges, obtaining temperature samples every minute and saving each sample to a DynamoDB table. Each sample involves writing 1K of data and the writes are evenly distributed over time.
    600 / 60 secs = 10/sec. All writes are 1K (only unit of read provisioned throughput are rounded up to increment of 4K).
    10 x 1 = 10 write capacity units.

  • A dev has written an application that runs on Amazon EC2 instances and generates a value every minute. The Dev wants to monitor and graph the values generated over time without logging in to the instance each time. Approach should the Dev use to achieve this goal is Publish each generated value as a custom metric to Amazon CloudWatch using available AWS SDKs.

  • A three-tier application hosted on AWS uses Amazon RDS for MySQL as its database. A dev must ensure the database credentials are stored and accessed securely. The MOST secure way for the dev to achieve this is Store the credentials in a configuration file and commit it to the GIT repository.

  • A company experienced partial downtime during the last deployment of a new application AWS Elastic Beanstalk split the environment's Amazon EC2 instances into batches and deployed a new version one batch at a time after taking them out of service. Therefore, full capacity was not maintained during deployment. The dev plans to release a new version of the application, and is looking for a policy that will maintain full capacity and minimize the impact of the failed deployment. Dev policy should the dev use is Rolling with an Additional Batch.

  • A dev is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB in the local development environment, the application has used IAM access keys. The application is now ready for deployment onto an ECS cluster. The application should authenticate with AWS services in production by Configure an ECS task IAM role for the application to use.

  • A company process incoming documents from an Amazon S3 bucket. Users upload documents to an S3 bucket using web user interface. Upon receiving files in S3, and AWS Lambda function is invoked to process the files, but the Lambda function times out intermittently. If the Lambda function is configured with the default settings, when there is a timeout exception The S3 event is discarded after the event is retried twice.

  • A dev wants to insert a record into an Amazon DynamoDB table as soon as a new file is added to an Amazon S3 bucket. Necessary steps to achieve this is Configure an S3 event to invoke a Lambda function that inserts records into DynamoDB.

  • A dev is building an application on Amazon EC2. The dev encountered an "Access Denied" error on some of the API calls to AWS services while testing. The dev needs to modify permissions that have been already given to the instance. These requirements can be met with minimal changes and minimum downtime by Update the attached IAM role adding the needed permissions.

  • A dev receives the following error message when trying to launch or terminate an Amazon EC2 instance using a boto4 script.
    boto.exception.BotoServerError: BotoServerError: 503 Service Unavailable
    <?xml version="1.0" encoding="UTF-8"?>
    <Message>Request limit exceeded.</Message></Error></Errors><RequestID>c0eefd95-64c4-5812-c839-edff0c7a7dfe</RequestID>
    To correct this error message the dev should Upgrade to the latest AWS CLI version so that boto4 can handle higher request rates.

  • A company hosts a monolithic application on Amazon EC2 instances. The company starts converting some features of the application to a serverless architecture by using Amazon API Gateway and AWS Lambda. After the migration, some users report problems with payment processing. Upon inspection, a dev discovers that the Lambda function that calls the external payment API is taking longer than expected. Therefore, the API Gateway requests are timing out. To resolve this issue in the serverless architecture the dev should Use Amazon Simple Queue Service (Amazon SQS) with API Gateway and the Lambda function to asynchronously call the payment API.

  • A Dev has an application that can upload tens of thousands of objects per second to Amazon S3 in parallel within a single AWS account. As part of new requirements, data stored in S3 must use Server Side Encryption with AWS KMS (SSE-KMS). After creating this change, performance of the application is slower. The MOST likely the cause of the application latency is The AWS KMS API calls limit is less than needed to achieve the desired performance.

  • An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services. The MOST secure way to provide access to the AWS services with MINIMAL management overhead is Use EC2 instance profiles.

  • A Dev wants access to make the log data of an application running on an EC2 instance available to systems administrators. To enables monitoring of this metric in Amazon CloudWatch is Install the Amazon CloudWatch Logs agent on the EC2 instance that the application is running on.

  • A dev has written an Amazon Kinesis Data Streams application. As usage grows and traffic increases over time, the application is regularly receiving ProvisionedThroughputExceededException error message. To resolve the error the dev should Increase the:
    • delay between the GetRecords call and the PutRecords call.
    • number of shards in the data stream.
  • A dev is building a WebSocket API using Amazon API Gateway. The payload sent to this API is JSON that includes an action key. This key can have three different values, create, update, and remove. The dev must integrate with different routes based on the value of the action key of the incoming JSON payload. The dev can accomplish this task with the LEAST amount of configuration by Set the value of the route selection expression to $request.body action.
Last edited:


  • A company is using AWS CodePipeline to deliver one of its applications. The delivery pipeline is triggered by changes to the master branch of an AWS CodeCommit repository and uses AWS CodeBuild to implement the test and build stages of the process and AWS CodeDeploy to deploy the application. The pipeline has been operating successfully for several months and there have been no modifications. Following a recent change to the application's source code, AWS CodeDeploy has not deployed the updates application as expected. The possible causes are:
    • The change was not made in the master branch of the AWS CodeCommit repository.
    • One of the earlier stages in the pipeline failed and the pipeline has terminated.
  • The default chosen region when making an API call with an AWS SDK is us-east-1.
    This section applies only when using a client builder to access AWS services. AWS clients created by using the client constructor will not automatically determine region from the environment and will, instead, use the default SDK region (us-east-1).

  • An Amazon DynamoDB table uses a Global Secondary Index (GSI) to support read queries. The primary table is write-heavy, whereas the GSI is used for read operations. Looking at Amazon CloudWatch metrics, the Dev notices that write operations to the primary table are throttled frequently under heavy write activity. However, write capacity units to the primary table are available and not fully consumed. The table being throttled because The GSI write capacity units are underprovisioned.

  • An ecommerce application is using Amazon Simple Notification Service (Amazon SNS) with an AWS Lambda subscription to save all new orders into an Amazon DynamoDB table. The company wants to record all the orders that are more than a certain amount of money in a separate table. The company wants to avoid changes to the processes that post orders to Amazon SNS or the current Lambda function that saves the orders to the DynamoDB table. A dev can implement this feature with the LEAST change to the existing application by Modify the Lambda code to filter the orders and save the appropriate orders to a separate table.

  • An application is running on an EC2 instance. The Dev wants to store an application metric in Amazon CloudWatch. The best practice for implementing this requirement is Use the CloudWatch PutMetricData API call to submit a custom metric to CloudWatch. Launch the EC2 instance with the required IAM role to enable the API call.

  • After launching an instance that intend to serve as a Network Address Translation (NAT) device in a public subnet, modify route tables to have the NAT device be the target of internet bound traffic of private subnet. When try and make an outbound connection to the Internet from an instance in the private subnet, are not successful. Could resolve the issue by Disabling the Source/Destination. Then check attribute on the NAT instance.

  • A dev wants to use React to build a web and mobile application. The application will be hosted on AWS. The application must authenticate users and then allow users to store and retrieve files that they own. The dev wants to use Facebook for authentication. MOST accelerate the development and deployment of this application on AWS is AWS Amplify CLI.

  • Attempt to store an object in the US-STANDARD region in Amazon S3, and receive a confirmation that it has been successfully stored. Then immediately make another API call and attempt to read this object. S3 tells that the object does not exist. Because US-STANDARD uses eventual consistency and it can take time for an object to be readable in a bucket.

  • A dev is refactoring a monolithic application. The application takes a POST request and performs several operations. Some of the operations are in parallel while others run sequentially. These operations have been refactored into individual AWS Lambda functions. The POST request will be processed by Amazon API Gateway. The dev should invoke the Lambda functions in the same sequence using API Gateway by Use Amazon SQS to invoke the Lambda functions.

  • No additional services cost with the use of the AWS platform are Auto Scaling and CloudFormation.

  • An application under development is required to store hundreds of video files. The data must be encrypted within the application prior to storage, with a unique key for each video file. The Dev should code the application by Use the KMS GenerateDataKey API to get a data key. Encrypt the data with the data key. Store the encrypted data key and data.

  • A company has an application that logs all information to Amazon S3. Whenever there is a new log file, an AWS Lambda function is invoked to process the log files. The code works, gathering all of the necessary information. However, when checking the Lambda function logs, duplicate entries with the same request ID are found. Causing the duplicate entries is The Lambda function failed, and the Lambda service retired the invocation with a delay.
Last edited: