DynamoDB的问题。
对于web session的解释为
“AWS Dynamo DB is a NoSQL database that can handle massive concurrent read and writes. Using AWS Dynamo DB console one can configure reads/writes per second and accordingly Dynamo DB will provision the required infrastructure at the backend. So scalability and administration needs are taken care by the service itself. Internally all data items are stored on Solid State Drives (SSDs) and are automatically replicated across three Availability Zones in a Region to provide built-in high availability and data durability. AWS Dynamo DB also provides SDK’s and session state extensions for a variety of languages such as Java,Net, PHP, Ruby, etc.”
对于metadata的解释为
“To speed up access to relevant data, many developer pair Amazon S3 with a search engine such as Amazon CloudSearch or a database such as Amazon Dynamo DB or Amazon RDS. In these scenarios, Amazon S3 stores the actual information, and the search engine or database serves as the repository for associated metadata (e.x. the object name, size, keywords)”
Your unique account sign-in page URL is created automatically when you begin using IAM. You do not have to do anything to use this sign-in page.
https://My_AWS_Account_ID.signin.aws.amazon.com/console/
You can also customize the account sign-in URL for your account if you want the URL to contain your company name (or other friendly identifier) instead of your AWS account ID number.
| storage-full | The instance has reached its storage capacity allocation. This is a critical status and should be remedied immediately; you should scale up your storage by modifying the DB instance. Set CloudWatch alarms to warn you when storage space is getting low so you don’t run into this situation. |
关于DB instance更多的status,查看这里。
这组测试里竟然有5道计算Read/Write Capacity的问题,无一例外我都是蒙的。这其实是DynamoDB Auto-Scaling的问题。
这部分在ACloudGuru里完全没有讲,在AWS的这个文档里有说明:
“One read capacity unit represents one strongly consistent read per second, or two eventually consistent reads per second, for an item up to 4 KB in size. ”
“One write capacity unit represents one write per second for an item up to 1 KB in size.”
所以我重新来计算这5道题。
57题 – eventual read – (2x) (4k) – 5*10k/4k/2=50/8=6.x ~ 7 //这么算是错的。不能先用5*10k再用4k分,因为文件是不能拆分的,所以要先用10k/4k = 2.5 ~ 3,5*3=15 一共需要15个unit,但是是eventual read,一个unit可以当两个用,因此15/2=7.5 ~8。
51题 – wtire – (1x) (1k) – 10.5K = 10.5 units ~ 11, 5*11 = 55 units。
39题 – strong read – (1x) (4k) – 10KB/4KB = 2.5 ~ 3 units, 5*3 = 15 units。
14题 – wirite – (1x) (1k) – 10kb = 10units, 5*10 = 50 units。
3题 – eventual read – (2x) (4k) – 6KB/4KB = 1.25 ~ 2 units, 10*2=20 units, 20/2 = 10 units。
这个视频里同样没有讲过,在白皮书《AWS_Securing_Data_at_Rest_with_Encryption》有提到:
Amazon Glacier
Before it’s written to disk, data are always automatically encrypted using 256-bit AES keys unique to the Amazon Glacier service that are stored in separate systems under AWS control. This feature is offered at no additional cost beyond what you pay for using Amazon Glacier.
AWS Storage Gateway
The AWS Storage Gateway transfers your data to AWS over SSL and stores data encrypted at rest in Amazon S3 or Amazon Glacier using their respective server side encryption schemes. A
在SQS的文档里有说明:
For the WaitTimeSeconds parameter of the ReceiveMessage action, a value set between 1 and 20 has priority over any value set for the queue attributeReceiveMessageWaitTimeSeconds.
如果没记错的话,ReceiveMessageWaitTimeSeconds也是一个考点。
SAML = Security Assertion Markup Language
这道题网上争论的结果是D啊……
不知为何当时做题是就是想着Provisioned IOPS是给OLAP用的……
Provisioned IOPS storage is optimized for I/O intensive, online transaction processing (OLTP) workloads that have consistent performance requirements. 
查询了半天就是没找到DynamoDB可以join两个table,结果发现题目的答案就是不能……
参考Amazon DynamoDB的Developer Guide:
Joining Two DynamoDB tables
The following example maps another Hive table (east_coast_states) to a table in DynamoDB. The SELECT statement is a join across these two tables. The join is computed on the cluster and returned. The join does not take place in DynamoDB.
Route53的课程需要重新温习。
You can also use Alias records to map your sub-domains to your ELB load balancers, CloudFront distributions, or S3 website buckets.
更多说明在这段说明:
Alias resource record sets are virtual records that work like CNAME records. But they differ from CNAME records in that they are not visible to resolvers. Resolvers only see the A record and the resulting IP address of the target record. As such, unlike CNAME records, alias resource record sets are available to configure a zone apex (also known as a root domain or naked domain) in a dynamic environment.
同理35题,看到apex就选Alias。
有个Comment这么说的:
“CloudFormation provides the ability to create infrastructure in a consistent and repeatable way. With Git you have the ability to maintain the CloudFormation template versioning in case you want to revert. CloudWatch metrics is just for monitoring while resource tagging will help tag the resource but will not create it.”
是不是因为要求只是volume的加密,而不是说传输中的加密,所以不应该选SSL。
这题肯定是out-of-date了,现在支持FIFO了。
哦对,没好好看题。这题不应该错。
在AWS DevOps Blog上有解释:
But what if you want to retain your data when you or someone else deletes your stack? Maybe you want to migrate your data to another stack or maybe you want to prevent your data from being unintentionally deleted. If that’s the case, you can have CloudFormation automatically retain resources or take snapshots of your database resources. Doing so preserves your data even if your stack is deleted.
To retain a resource or to create a snapshot when a stack is deleted, specify a DeletionPolicy for the corresponding resource in your CloudFormation template. Describe the resource like you normally would and just add the DeletionPolicy attribute, as shown in the following example:
"myS3Bucket" : {
"Type" : "AWS::S3::Bucket",
"DeletionPolicy" : "Retain"
}
如果我能知道Bastion是堡垒的意思的话,也许就能够理解这个题目了。
堡垒主机就是跳板,所以肯定要有公共IP,然后限制访问。
在AWS Security Token Service里有说明:
AssumeRoleWithWebIdentity
Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider, such as Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider.
AssumeRoleWithSAML
Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based AWS access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other APIs that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS APIs in the IAM User Guide.
我自己的简单理解是SAML是你登陆了同公司的认证,WebIdentity是Web提供方,比如facebook。



































