- Familiarize yourself with the Authentication and Authorization terms.
- Familiarize yourself with the term service-level agreement (SLA)
- Challenge (8k): use
aws cloudtrail lookup-eventscommand (and other linux filtering commands) to fetch all EC2 instances for which a given IAM role is associated. This docs may help. - Challenge (23k): use AWS DynamoDB, or (AWS Lambda)[https://docs.aws.amazon.com/lambda/latest/dg/welcome.html] to implement a race condition solution for parallel writing s3 objects.
Create the below policies following the Principle of least privilege.
- IAM policy with permissions to start and stop EC2 instance.
- IAM policy with permissions read object from S3 buckets except objects starting with "internal/"
- IAM policy with permissions to upload objects from
STANDARDandSTANDARD_IAstorage classes only. - IAM policy with permissions to attach EBS to EC2.
- IAM policy with permissions to attach EBS to EC2 from
us-east-1region only. - IAM policy with permissions to attach EBS to EC2 from all US and EU regions.
- IAM policy which denying users to assign policies to and identity, which means, users under this policy cannot assign IAM policies to other users, groups, roles.
Write some Python code that computes the Etag of a given file. Make sure you get the same results as appears in S3 console when uploading this file to a bucket. The algorithm can be found here.
- Subnet sizing - https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-sizing
- Read about Bastion Host
- Differences between Security Group and Access Control Lists (ACL) in AWS - https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html
- Async IO in Python: A Complete Walkthrough
- Challenge (23k) - Deploy Network Load Balancer with Application Load Balancer as a target, as described here.
Write bash scripts that automatically rotates SSH keys for a given host ec2-user@host. The script should work as follows:
- Generate RSA key pair locally.
- Connect to the host.
- Append the public keys of the new generated key-pair into
~/.ssh/authorized_keysfile. - Close the connection.
- Connect to the host using the new generated key, and remove the public key of the old key from
~/.ssh/authorized_keys.
Note that the above steps should be automatically executed by the Bash script, not manually.
- Service outage
- Read about Application-based stickiness
- Horizontal vs Vertical autoscale
- Async communication with AWS SQS and SNS
- Familiarize yourself with Apache Kafka and RabbitMQ
JSON Web Token (JWT) defines a way for securely transmitting information between parties (e.g. two different micro-services) as a JSON object. Further reading
Inspired by the code under lambda-api/app.py, write some Python script that communicates with you RDS database. You can either write/read/delete some data.
Choose some interesting API from the list bellow:
https://github.com/public-apis/public-apis
Communicate with the API using 3 different ways:
- From your terminal using
curl. - Using Postman.
- From Python code that you'll write using
requestspackage.
Run the official Grafana Docker image on your local machine. Configure CloudWatch as a data source. Explore the different metrics...
Please clean your redundant and orphan resources from our shared AWS account: VPCs, NAT Gateways, Load Balancers, RDS Databases.