These are the bare minimum concepts needed to answer the quiz correctly.
Source: Quiz provided by the user. fileciteturn0file0
Store frequently read data in Redis instead of repeatedly querying the database.
Read-heavy + rarely changing data = Redis Cache-Aside
How long an item stays in cache before expiring.
Short TTL = Good balance between performance and freshness
A website loads files from another domain.
Example
Website:
www.example.com
Assets:
assets.example.comBrowser blocks requests unless CORS allows them.
Configure CORS on the S3 bucket.
Allow:
Cross-domain browser request → Configure S3 CORS
Access another AWS account securely.
Account A
|
AssumeRole
|
Account BSTS returns
Cross-account access = STS AssumeRole
Company wants AWS KMS but wants to provide its own encryption key.
Use
Customer Managed KMS Key (CMK)
with
Imported Key Material
| Requirement | Solution |
|---|---|
| Your own encryption key | KMS CMK + Imported Key Material |
Allow someone to download/upload a specific object temporarily.
No AWS account required.
Temporary S3 access → Pre-Signed URL
Trace requests across microservices.
Shows
Very useful for
Microservice performance visualization = X-Ray Service Map
Sometimes AWS CLI returns
Encoded authorization failureDecode using
aws sts decode-authorization-messageShows
Encoded permission error → decode-authorization-message
If something suddenly disappears
Example
First check
CloudTrail
It records
Who deleted something? → CloudTrail
Instead of typing
--region
--outputevery time,
Run
aws configureStores
Location
~/.aws/config
~/.aws/credentialsCLI defaults → aws configure
Users already have Azure AD accounts.
Do NOT create IAM users.
Instead
Azure AD
↓
Cognito User Pool
↓
JWT Token
↓
API Gateway / LambdaSupports
Enterprise login → Cognito Federation
Purpose
Prove CloudTrail logs were not modified.
Enable
Log File Integrity Validation
CloudTrail creates
Can later verify
Tamper-proof CloudTrail logs → Log File Integrity Validation
| Scenario | AWS Service/Feature |
|---|---|
| Read-heavy database | ElastiCache Redis |
| Cache strategy | Cache-Aside (Lazy Loading) |
| Cache freshness | TTL |
| Cross-domain S3 access | S3 CORS |
| Cross-account access | STS AssumeRole |
| Your own encryption key | KMS CMK + Imported Key Material |
| Temporary S3 download | Pre-Signed URL |
| Microservice tracing | X-Ray Service Map |
| Decode IAM error | aws sts decode-authorization-message |
| Who deleted a resource | CloudTrail |
| Configure AWS CLI defaults | aws configure |
| Azure AD login | Cognito User Pool Federation |
| Verify CloudTrail logs not altered | CloudTrail Log File Integrity Validation |