Developing Serverless Solutions on AWS Quiz Questions and Answers

Your company plans to move their on-premise data stores and code to AWS. They have some Node.js code that needs to be ported onto AWS with the least amount of administrative headache. You also need to minimise the cost of hosting the code base. Which of the following service would you use for this purpose?

Answer :
  • AWS Lambda 

Explanation :

AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time you consume - there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service - all with zero administration. AWS Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. All you need to do is supply your code in one of the languages that AWS Lambda supports (currently Node.js, Java, C#, Go and Python).

Which compute service is available at Cloudfront’s edge locations?

Answer :
  • Lambda

Explanation :

<p>Amazon CloudFront announces the general availability of<strong>&nbsp;CloudFront Functions</strong>, a new serverless edge compute capability. You can use this new CloudFront feature to run JavaScript functions across 225+ CloudFront edge locations in 90 cities across 47 countries.</p>

A Security Engineer is working with a product team to build a web application on AWS. The application uses Amazon S3 to host HTML pages and other static content, API Gateway and AWS Lambda to provide RESTful services, and Amazon DynamoDB to store state and other data. The users already exist in a directory exposed via a SAML identity provider (IDP). What should the Security Engineer do to enable users to be authenticated into the web application and call APIs? (Select three)

Answer :
  • Configure a SAML Identity Provider in Amazon Cognito to map attributes to the Cognito User Pool attributes.
  • Configure the identity provider to add the Amazon Cognito User Pool as a relying party.

Explanation :

When Cognito receives a SAML assertion it needs to be able to map SAML attributes to user pool attributes:. When configuring Cognito to receive SAML assertions from an identity provider you need ensure that the IDP is configured to have Cognito as a relying party.

An organization is fostering a report executed by AWS Step Functions. Amazon CloudWatch shows errors in the Step Functions task state machine. To investigate each assignment, the state input should be incorporated alongside the error message in the state yield. Which coding practice can safeguard the state's first information and the mistake?

Answer :
  • Use ResultPath in a Catch statement to include the error with the original input.

Explanation :

The output of a state can be a copy of its input, the result it produces (for example, output from a Task state’s Lambda function), or a combination of its input and result. Use ResultPath to control which combination of these is passed to the state output.

As a best practice, how many accounts should be used per environment?

Answer :
  • Separate account per environment

Explanation :

It allows you to secure each account with IAM credentials more effectively with less complexity in your IAM policies within a given account. This practice also makes it less complex to differentiate which resources are associated with each environment.

What performs the work in a workflow when using AWS Step Functions?

Answer :
  • Activity Worker

Explanation :

The activity worker polls Step Functions for work, takes any inputs from Step Functions, performs the work using your code, and returns results. Since activity workers request work, it is easy to use workers that are deployed behind a firewall.

When it comes to passing data to Lambda functions, in order to use AWS managed or customer managed keys, allowing shared access across multiple functions and secrets rotation, which options would be best suited?

Answer :
  • AWS Secret Manager

Explanation :

Environment variables are scoped to a single function. Values in Parameter Store or Secrets Manager can be shared across multiple applications. Secrets Manager has the added benefit of secrets rotation and cross-account access.

When passing data to Lambda functions, to use AWS managed or customer managed keys, allowing shared access across multiple functions and secrets rotation, which options would be best suited?

Answer :
  • AWS Secret Manager

Explanation :

Environment variables are scoped to a single function. Values in Parameter Store or Secrets Manager can be shared across multiple applications. Secrets Manager has the added benefit of secrets rotation and cross-account access.

How is the Total Cost of Ownership (TCO) impacted if we are using serverless architectures?

Answer :
  • Serverless Architectures lower the overall TCO

Explanation :

Serverless architectures can lower the overall Total Cost of Ownership (TCO) since many of the networking, security, and DevOps management tasks are included in the cost of the service.