What is AWS Certificate Manager (ACM) primarily used for in application development?
Provisioning, managing, and deploying public and private SSL/TLS certificates for integrated services like Load Balancers, CloudFront, and API Gateway.
Can an ACM-issued certificate be installed directly on an Amazon EC2 instance?
No.
ACM certificates must be deployed on an integrated service (e.g., ALB, CloudFront, API Gateway). For a standalone EC2 server, you would need to import a certificate.
When retrieving secrets from Secrets Manager in code, how should developers retrieve the secret value?
Do not cache it.
Instead, retrieve the secret programmatically at runtime using the AWS SDK, and configure a client-side or server-side caching strategy if needed.
What is Amazon GuardDuty and what are its primary data sources?
A threat detection service that continuously monitors for malicious activity and unauthorized behavior.
It analyzes:
- VPC Flow Logs,
- CloudTrail Management Event Logs
- DNS Logs.
What is Amazon Inspector used for in a continuous integration/continuous deployment (CI/CD) pipeline?
An automated security assessment service that scans EC2 instances for software vulnerabilities and unintentional network exposure, and also scans container images in ECR.
When a security issue is flagged by GuardDuty, which service can be used to visually trace and understand the root cause of the issue?
Amazon Detective.
It automatically collects log data and uses a graph model to visualize and analyze security findings.
What is the pupose of a Cognito Identity Pool?
It allows users (authenticated via User Pools or federated) to obtain temporary AWS credentials to directly access other AWS services (like S3 or DynamoDB).
-
IAM 10118
-
S3 10174
-
S3 Object Lock8
-
S3 Performance10
-
S3 Sharing Buckets Across Accounts4
-
S3 Encryption and Versioning16
-
S3 Select and Glacier Select4
-
[Solutions Architect] S3 Storage Gateways14
-
[Solutions Architect] AWS Organizations7
-
CloudFront15
-
DataSync5
-
EC2 10134
-
AMI 10110
-
VPC Security Groups12
-
EBS 10117
-
Types of EBS Volumes18
-
ENI/ENA/EFA22
-
Encrypted Root Device Volumes7
-
Spot Instances and Spot Fleets15
-
EC2 Hibernate10
-
EC2 CloudWatch8
-
EC2 Misc.11
-
EFS11
-
[Solutions Architect] FSx5
-
[Solutions Architect] EC2 Placement Groups16
-
EC2 HPC5
-
AWS WAF6
-
Databases 10138
-
RDS48
-
DynamoDB40
-
Redshift15
-
Aurora17
-
Cacheing and Elasticache15
-
Advanced IAM16
-
DNS / Route 5333
-
Route53 Routing Policies11
-
VPCs48
-
NAT Instances and NAT Gateways16
-
Network ACLs8
-
VPC Flow Logs8
-
Load Balancers / High Availability 10127
-
ASGs4
-
Bastion Host and On-Premises High Availability7
-
SQS24
-
SWF6
-
SNS3
-
Elastic Transcoder2
-
API Gateway6
-
Kinesis 1017
-
Web Identity Federation and Cognito7
-
Event Processing Patterns5
-
Security23
-
Lambda19
-
Miscellaneous12
-
Containers and VMs38
-
[DEVELOPER] Advanced Lambda23
-
[DEVELOPER] Advanced SQS + SNS37
-
[DEVELOPER] Advanced Kinesis38
-
[DEVELOPER] Elasticache and Advanced RDS / Aurora3
-
[Developer] Advanced Database Topics49
-
[Developer] Advanced Analytics Topics18
-
[Developer] Monitoring Services6
-
[DEVELOPER] Advanced Storage Topics10
-
[DEVELOPER] Advanced Networking and Content Delivery26
-
[DEVELOPER] AI and ML20
-
[DEVELOPER] Developer tools14
-
[Developer] Step Functions13
-
[Developer] AWS Amplify11
-
[DEVELOPER] Advanced EC29
-
[DEVELOPER] Developer Security7
-
[DEVELOPER] Advanced API Gateway27
-
[Solutions Architect] Organizational Security15
-
[Solutions Architect] Active Directory22
-
[DEVELOPER] CloudTrail11
-
[Developer] X-Ray13
-
[Developer] SAM11
-
[Developer] Deployment Services40
