HTML Maker
1. does AWS CDK support Kotlin?
It is possible to write AWS CDK applications in JVM-hosted languages other than Java (for example, Kotlin, Groovy, Clojure, or Scala), but the experience may not be particularly idiomatic, and we are unable to provide any support for these languages.
https://docs.aws.amazon.com/cdk/v2/guide/work-with-cdk-java.html
1. how to implement the serverless saga pattern by using AWS Step Functions
The saga pattern is a failure management pattern that helps establish consistency in distributed applications and coordinates transactions between multiple microservices to maintain data consistency. When you use the saga pattern, every service that performs a transaction publishes an event that triggers subsequent services to perform the next transaction in the chain. This continues until the last transaction in the chain is complete. If a business transaction fails, saga orchestrates a series of compensating transactions that undo the changes that were made by the preceding transactions.
This pattern demonstrates how to automate the setup and deployment of a sample application (which handles travel reservations) with serverless technologies such as AWS Step Functions, AWS Lambda, and Amazon DynamoDB.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/implement-the-serverless-saga-pattern-by-using-aws-step-functions.html
1. Will there be support for MongoDB to DocumentDB migration tool?
we can use DMS to migrate from MongoDB to Amazon DocumentDB
https://docs.aws.amazon.com/dms/latest/sbs/chap-mongodb2documentdb.html
2. how to migrate Oracle to AWS S3?
use DMS to migrate from Oracle to AWS S3 datalake
https://docs.aws.amazon.com/dms/latest/sbs/oracle-s3-data-lake.html
3. what's the data transfer cost for AWS RDS across regions Replication/Copy?
DB snapshot copy is charged for the data transferred to copy the snapshot data across Regions. When the snapshot is copied, standard Amazon RDS database snapshot charges will apply to store it in the destination Region.
https://aws.amazon.com/rds/pricing
https://aws.amazon.com/blogs/architecture/exploring-data-transfer-costs-for-aws-managed-databases/
1. in AWS networking, five addresses reserved are in VPC or in subnet level?
It's in subnet level, the first four IP addresses and the last IP address in each subnet CIDR block are not available and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved:
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS. The IP address of the DNS server is always the base of the VPC network range plus 2.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. AWS does not support broadcast in a VPC; therefore, we reserve this address.
2. does Amazon DynamoDB endpoints support HTTPS protocol?
Yes, Amazon DynamoDB service endpoints support HTTP and HTTPS protocol.
https://docs.aws.amazon.com/general/latest/gr/ddb.html
1. What's the Auto Scaling predictive policy pricing?
There is no additional charge for AWS Auto Scaling. You pay only for the AWS resources needed to run your applications and Amazon CloudWatch monitoring fees.
https://aws.amazon.com/autoscaling/pricing/?nc1=h_ls
1. What's AWS Firewall Manager pricing?
AWS Network Firewall protection policy, AWS WAF protection policy, Amazon VPC security group protection policy, Amazon Route 53 Resolver DNS Firewall protection policy and Third-party firewall protection policy around $100.00 per policy per Region (as of July 2023)
AWS Shield Advanced protection policy can be created using AWS Firewall Manager only for Shield Advanced users. The price is included in the AWS Shield Advanced subscription at no additional cost.
reference: https://aws.amazon.com/firewall-manager/pricing/?nc1=h_ls
1. Does CloudTrail log include resource Tag information?
There is resource ID but no Tag information in CloudTrail (ex. StopInstances), but you can retrieve tags with resource ID
ex. AWS SDK to retrieve tags in Python
import boto3
# Create an AWS SDK client for the desired service
client = boto3.client('ec2') # Example for EC2, replace with the appropriate service
# Specify the resource identifier
resource_id = 'your-resource-id' # Replace with the actual resource ID
# Retrieve the tags for the resource
response = client.describe_tags(Filters=[{'Name': 'resource-id', 'Values': [resource_id]}])
# Extract the tags from the response
tags = response['Tags']
# Print the tags
for tag in tags:
print(f"Key: {tag['Key']}, Value: {tag['Value']}")
CloudTrail Json:
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "xxxx",
"arn": "arn:aws:iam::xxxx:user/testli1",
"accountId": "xxxx",
"accessKeyId": "xxxx",
"userName": "testli1",
"sessionContext": {
"sessionIssuer": {},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-06-21T16:25:47Z",
"mfaAuthenticated": "true"
}
}
},
"eventTime": "2023-06-21T16:28:19Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "StopInstances",
"awsRegion": "eu-west-3",
"sourceIPAddress": "x.x.x.x",
"userAgent": "AWS Internal",
"requestParameters": {
"instancesSet": {
"items": [
{
"instanceId": "i-xxxx"
}
]
},
"force": false
},
"responseElements": {
"requestId": "xxxx-d3db-4052-8952-xxxx",
"instancesSet": {
"items": [
{
"instanceId": "i-xxxx",
"currentState": {
"code": 64,
"name": "stopping"
},
"previousState": {
"code": 16,
"name": "running"
}
}
]
}
},
"requestID": "xxxx-d3db-4052-8952-xxxx",
"eventID": "xxxx-42fa-4006-9edd-xxxx",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "xxxx",
"eventCategory": "Management",
"sessionCredentialFromConsole": "true"
}
1. what's AWS Analytics Service ?
With CloudWatch RUM, you can perform real user monitoring to collect and view client-side data about your web application performance from actual user sessions in near real time.
https://docs.aws.amazon.com/fr_fr/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM.html
https://aws.amazon.com/fr/about-aws/whats-new/2021/11/amazon-cloudwatch-rum-applications-client-side-performance/
2. what's CloudWatch log retention time?
You can change the log data retention setting for CloudWatch logs. By default, logs are kept indefinitely and never expire. You can adjust the retention policy for each log group, keeping the indefinite retention
https://docs.aws.amazon.com/fr_fr/managedservices/latest/userguide/log-customize-retention.html
3. Does standby instances in Amazon RDS Multi-AZ deployments support read only access?
Readable standby instances in Amazon RDS Multi-AZ deployments: A new high availability option
https://aws.amazon.com/fr/blogs/database/readable-standby-instances-in-amazon-rds-multi-az-deployments-a-new-high-availability-option/
1. Can we generate the architectural diagram from our deployed resources in AWS?
Workload Discovery on AWS (formerly called AWS Perspective) is a tool to visualize AWS Cloud workloads. Use Workload Discovery on AWS to build, customize, and share detailed architecture diagrams of your workloads based on live data from AWS.
https://aws.amazon.com/solutions/implementations/workload-discovery-on-aws/
1. Can Cluster, spread, partition group can span multiple Availability Zones ?
A cluster placement group is a logical grouping of instances within a single Availability Zone.
A partition placement group can have partitions in multiple Availability Zones in the same Region
A rack spread placement group can span multiple Availability Zones in the same Region.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
1. Can gateway endpoint be deployed to connect to S3 of another region?
A gateway endpoint is available only in the Region where you created it. Be sure to create your gateway endpoint in the same Region as your S3 buckets.
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
1. how to access from VPC to OpenSearch?
You can access an Amazon OpenSearch Service domain by setting up an OpenSearch Service-managed VPC endpoint (powered by AWS PrivateLink). These endpoints create a private connection between your VPC and Amazon OpenSearch Service. You can access OpenSearch Service VPC domains as if they were in your VPC, without the use of an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC don't need public IP addresses to access OpenSearch Service.
https://docs.aws.amazon.com/opensearch-service/latest/developerguide/vpc-interface-endpoints.html
1. difference between dedicated instance and dedicated host?
"Dedicated Instances that belong to different AWS accounts are physically isolated at a hardware level, even if those accounts are linked to a single payer account. However, Dedicated Instances might share hardware with other instances from the same AWS account that are not Dedicated Instances. Note"
URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
"An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, Microsoft SQL Server, SUSE, and Linux Enterprise Server."
URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html
"Dedicated Instances - You pay for the instances, but they get placed on whatever dedicated hardware Amazon decides. Dedicated Host - You pay for the entire physical server and can, in effect, run instances on it as you please. Long version: In both cases, its hardware that only your instances will use."
URL: https://serverfault.com/questions/808706/what-is-the-difference-between-an-amazon-dedicated-instance-and-a-dedicated-host
2.How does AWS apply the Uptime Institute guidelines?
The AWS Global Cloud Infrastructure is the most secure, extensive, and reliable cloud platform. AWS data centers are generally designed to meet the requirements of concurrent maintainability, which is at the core of the Uptime Institute Tier standards. However, AWS has chosen not to have a certified Uptime Institute-based tiering level so that we have more flexibility to expand and improve performance. AWS' approach to infrastructure ensures the highest level of performance and availability for our customers. Specifically, AWS infrastructure within our Availability Zones exceeds concurrent maintainability standards by also focusing on metrics not tracked by those standards.
https://aws.amazon.com/compliance/uptimeinstitute/
1. How to copy the network traffic and replay?
Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of type interface.
https://docs.aws.amazon.com/vpc/latest/mirroring/what-is-traffic-mirroring.html
1. Can we use Swagger on API Gateway?
The OpenAPI Specification (aka Swagger) provides a structured way for describing REST APIs. The AWS API Gateway can be configured based on this Swagger.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions.html
2. Do you have SQS Request offloading usecase?
SQS Request offloading moves slow operations off of interactive request paths by enqueueing the request.
In some cases, we can offload resource-intensive workloads to asynchronous processes using standard SQS queues and Lambda functions
3. If it's large message size, how we do it with SQS?
To manage large Amazon Simple Queue Service (Amazon SQS) messages, you can use Amazon Simple Storage Service (Amazon S3) and the Amazon SQS Extended Client Library for Java. This is especially useful for storing and consuming messages up to 2 GB.
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-s3-messages.html
4. how to manage/troubleshoot API Gateway timeout?
To troubleshoot 504 timeout errors from API Gateway, first identify and verify the source of the error in your Amazon CloudWatch execution logs. Then, use one or more of the following methods to reduce the runtime of your integration requests until they don't timeout.
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-504-errors/?nc1=h_ls
1. Can we use CIDR start from no 0 value?
https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
198.51.100.14/24 represents the IPv4 address 198.51.100.14 and its associated network prefix 198.51.100.0, or equivalently, its subnet mask 255.255.255.0, which has 24 leading 1-bits.
test in AWS
198.51.100.14/24
not supported in AWS, must be a valid IPv4 CIDR.
2. Difference between Dynamic scaling and Predictive scaling, which one is better?
Dynamic scaling scales the capacity of your Auto Scaling group as traffic changes occur.
Use predictive scaling to increase the number of EC2 instances in your Auto Scaling group in advance of daily and weekly patterns in traffic flows.
One of the best practice is to use predictive scaling with dynamic scaling. Dynamic scaling is used to automatically scale capacity in response to real-time changes in resource utilization. Using it with predictive scaling helps you follow the demand curve for your application closely, scaling in during periods of low traffic and scaling out when traffic is higher than expected. When multiple scaling policies are active, each policy determines the desired capacity independently, and the desired capacity is set to the maximum of those.
https://aws.amazon.com/fr/blogs/storage/reduce-storage-costs-with-fewer-noncurrent-versions-using-amazon-s3-lifecycle/
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scale-based-on-demand.html
3. When the object is deleted when activing Expire current version and Permanently delete noncurrent versions of objects?
Days after objects become noncurrent – After the specified number of days since the object became noncurrent, it will be permanently removed.
https://aws.amazon.com/fr/blogs/storage/reduce-storage-costs-with-fewer-noncurrent-versions-using-amazon-s3-lifecycle/
1. What's the difference between Access point and Bucket Policy and the benefit of using Access point?
An access point is associated with exactly one Amazon S3 bucket
https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-access-points.html
Benefit of Access points:
Specific Prefixes
Specific originating VPC
Specific Tags on Objects
https://repost.aws/questions/QU2lGn8dF5QmahMU_WS1vtJA/s-3-access-policy-vs-s-3-bucket-policies-how-they-interact
2. RDS DB, is it incremental or full backup on snapshots?
The first snapshot of a DB instance contains the data for the full DB instance. Subsequent snapshots of the same DB instance are incremental, which means that only the data that has changed after your most recent snapshot is saved.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
Backup point-in-time recovery
https://aws.amazon.com/fr/blogs/storage/point-in-time-recovery-and-continuous-backup-for-amazon-rds-with-aws-backup/
07/12/2022
1. How Instance mata data access is secured on AWS Instance?
You can access instance metadata from a running instance using one of the following methods:
Instance Metadata Service Version 1 (IMDSv1) – a request/response method
Instance Metadata Service Version 2 (IMDSv2) – a session-oriented method
IMDS Attached locally to every EC2 instance, it runs on a special “link local” IP address of 169.254.169.254 that means only software running on the instance can access it, the IMDS solved a big security headache for cloud users by providing access to temporary, frequently rotated credentials, removing the need to hardcode or distribute sensitive credentials to instances manually or programmatically. For applications with access to IMDS, it makes available metadata about the instance, its network, and its storage. The IMDS also makes the AWS credentials available for any IAM role that is attached to the instance.
With IMDSv2, every request is now protected by session authentication. A session begins and ends a series of requests that software running on an EC2 instance uses to access the locally-stored EC2 instance metadata and credentials.
AWS source below:
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
06/12/2022
1. How to avoid having overlapping IP spaces on VPC?
There is an Amazon IPAM (Amazon VPC IP Address Manager) which might be the VPC feature you are looking for to manage the IP address in AWS Cloud, Amazon VPC IP Address Manager (IPAM) is a VPC feature that makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads. You can use IPAM automated workflows to more efficiently manage IP addresses, link below:
https://docs.aws.amazon.com/vpc/latest/ipam/what-it-is-ipam.html
https://aws.amazon.com/fr/blogs/networking-and-content-delivery/managing-ip-pools-across-vpcs-and-regions-using-amazon-vpc-ip-address-manager/
2. Does one single ENI with Private IP supports two or more AWS services with Interface Endpoint?
When trying to create a new Interface endpoint, we can not specify two services on the same Interface endpoint, so I confirm that only one service can be associated to that ENI, Interface Endpoint link below:
https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html
HTML Maker