AWS_Practical_Interview_1501 2000
AWS Practical Interview Questions (1501-2000)
Section titled “AWS Practical Interview Questions (1501-2000)”Advanced AWS Security Scenarios
Section titled “Advanced AWS Security Scenarios”Q1501: How do you implement AWS Security Hub Integration?
Section titled “Q1501: How do you implement AWS Security Hub Integration?”Answer:
# Enable Security Hubaws securityhub enable-security-hub \ --enable-default-standards
# Create custom actionaws securityhub create-action-target \ --name "Send to remediation" \ --description "Trigger Lambda remediation"Q1502: How do you use AWS GuardDuty Malware Protection?
Section titled “Q1502: How do you use AWS GuardDuty Malware Protection?”Answer:
# Enable Malware Protectionaws guardduty create-member \ --detector-id detector-id \ --account-id member-id
# Enable for EC2aws guardduty enable-organization-admin-account \ --admin-account-id admin-idQ1503: How do you implement AWS Config Conformance Packs?
Section titled “Q1503: How do you implement AWS Config Conformance Packs?”Answer:
Resources: - ConfigRule: Type: AWS::Config::ConfigRule Properties: ConfigRuleName: required-tags Source: Owner: AWS SourceIdentifier: REQUIRED_TAGSQ1504: How do you use AWS Network Firewall Suricata Rules?
Section titled “Q1504: How do you use AWS Network Firewall Suricata Rules?”Answer:
# Create rule group with Suricata rulesaws network-firewall create-rule-group \ --rule-group-name my-rules \ --type STATEFUL \ --capacity 1000 \ --rule-group '{"RuleDefinitions":[{"SuricataRuleAction":"pass","Signature":{"Definition":{"Action":"pass"}}}]}'Q1505: How do you implement AWS WAF Rule Groups?
Section titled “Q1505: How do you implement AWS WAF Rule Groups?”Answer:
# Create rule groupaws wafv2 create-rule-group \ --name my-group \ --scope REGIONAL \ --capacity 50 \ --rules '[{"Name":"rule1","Priority":1,"Statement":{"ByteMatchStatement":{"SearchString":"test","FieldToMatch":{"Body":{}}}},"Action":{"Block":{}}}]'Advanced AWS Networking Scenarios
Section titled “Advanced AWS Networking Scenarios”Q1506: How do you implement AWS Gateway Load Balancer?
Section titled “Q1506: How do you implement AWS Gateway Load Balancer?”Answer:
# Create Gateway Load Balancer endpointaws ec2 create-vpc-endpoint \ --vpc-id vpc-123 \ --vpc-endpoint-type GatewayLoadBalancer \ --service-name com.amazonaws.us-east-1.gwlb \ --route-table-ids rtb-123Q1507: How do you use AWS Direct Connect Location?
Section titled “Q1507: How do you use AWS Direct Connect Location?”Answer:
# Create connection at DX locationaws directconnect create-connection \ --location EqDC2 \ --bandwidth 1Gbps \ --connection-name my-connectionQ1508: How do you implement AWS VPN CloudHub?
Section titled “Q1508: How do you implement AWS VPN CloudHub?”Answer:
# Create VPN with CloudHubaws ec2 create-vpn-connection \ --customer-gateway-id cgw-123 \ --type ipsec.1 \ --vpn-gateway-id vpg-123 \ --options '{"CloudHub":{"Enabled":true,"RemoteIps":["10.0.0.0/16"]}}'Q1509: How do you use AWS Transit Gateway Route Tables?
Section titled “Q1509: How do you use AWS Transit Gateway Route Tables?”Answer:
# Create route tableaws ec2 create-transit-gateway-route-table \ --transit-gateway-id tgw-123
# Associate attachmentaws ec2 associate-transit-gateway-route-table \ --transit-gateway-attachment-id tgw-attach \ --transit-gateway-route-table-id rtb-123
# Create routeaws ec2 create-transit-gateway-route \ --destination-cidr-block 10.0.0.0/8 \ --transit-gateway-route-table-id rtb-123 \ --transit-gateway-attachment-id tgw-attachQ1510: How do you implement AWS PrivateLink Interface Endpoints?
Section titled “Q1510: How do you implement AWS PrivateLink Interface Endpoints?”Answer:
# Create Interface endpointaws ec2 create-vpc-endpoint \ --vpc-id vpc-123 \ --vpc-endpoint-type Interface \ --service-name com.amazonaws.us-east-1.secretsmanager \ --subnet-ids subnet-123 subnet-456Advanced AWS Database Scenarios
Section titled “Advanced AWS Database Scenarios”Q1511: How do you implement RDS Custom SQL Server?
Section titled “Q1511: How do you implement RDS Custom SQL Server?”Answer:
# Create RDS Custom instanceaws rds create-db-instance \ --db-instance-identifier custom-sql \ --engine custom-sqlserver-ex \ --engine-version 15.00.4245.2.v1 \ --db-instance-class db.r5.largeQ1512: How do you use RDS Optimized Reads?
Section titled “Q1512: How do you use RDS Optimized Reads?”Answer:
# Enable RDS Optimized Reads (automatic with r6id/r5b)# Use r6id instances for 2x read throughputQ1513: How do you implement Aurora Serverless V2?
Section titled “Q1513: How do you implement Aurora Serverless V2?”Answer:
# Create Aurora Serverless V2aws rds create-db-cluster \ --db-cluster-identifier my-cluster \ --engine aurora-postgresql \ --serverlessv2-scaling-configuration '{ "MinCapacity": 1, "MaxCapacity": 64, "AutoPause": false }'Q1514: How do you use Aurora ML Integration?
Section titled “Q1514: How do you use Aurora ML Integration?”Answer:
-- Use Aurora ML with SageMakerSELECT * FROM athena_query('SELECT * FROM my_table');Q1515: How do you implement DynamoDB Accelerator (DAX) Cluster?
Section titled “Q1515: How do you implement DynamoDB Accelerator (DAX) Cluster?”Answer:
# Create DAX clusteraws dax create-cluster \ --cluster-name my-dax \ --node-type dax.r5.large \ --replication-factor 3 \ --iam-role-arn role-arnAdvanced AWS Container Scenarios
Section titled “Advanced AWS Container Scenarios”Q1516: How do you implement ECS Exec with Session Manager?
Section titled “Q1516: How do you implement ECS Exec with Session Manager?”Answer:
# Enable ECS Execaws ecs update-service \ --cluster my-cluster \ --service my-service \ --enable-execute-command
# Connect to containeraws ecs execute-command \ --cluster my-cluster \ --task task-id \ --container web \ --interactive \ --command "/bin/sh"Q1517: How do you use ECS Service Discovery with Cloud Map?
Section titled “Q1517: How do you use ECS Service Discovery with Cloud Map?”Answer:
# Create private DNS namespaceaws servicediscovery create-private-dns-namespace \ --name production.local \ --vpc vpc-123
# Create service with health checksaws servicediscovery create-service \ --name my-service \ --namespace-id ns-123 \ --health-check-config '{"Type":"HEALTHY","ResourcePath":"/health"}'Q1518: How do you implement EKS Secrets Encryption?
Section titled “Q1518: How do you implement EKS Secrets Encryption?”Answer:
# Enable secrets encryptionaws eks create-cluster \ --name my-cluster \ --encryption-config '[{"Provider":{"KeyArn":"arn:aws:kms:key/123"},"Resources":["secrets"]}'Q1519: How do you use EKS Pod Security Standards?
Section titled “Q1519: How do you use EKS Pod Security Standards?”Answer:
apiVersion: policy/v1beta1kind: PodSecurityPolicymetadata: name: restrictedspec: privileged: false seLinuxOptions: level: "s0:c123,c456"Q1520: How do you implement EKS Fargate Spot?
Section titled “Q1520: How do you implement EKS Fargate Spot?”Answer:
# Create Fargate profile with spot capacityaws eks create-fargate-profile \ --cluster-name my-cluster \ --fargate-profile-name my-spot-profile \ --selectors '[ {"namespace": "batch", "labels": {"type": "batch"}} ]'Advanced AWS Serverless Scenarios
Section titled “Advanced AWS Serverless Scenarios”Q1521: How do you implement Lambda Function URLs with Auth?
Section titled “Q1521: How do you implement Lambda Function URLs with Auth?”Answer:
# Create function URL with IAM authaws lambda put-function-url-config \ --function-name my-function \ --auth-type AWS_IAM
# Invoke with authaws lambda invoke \ --function-name my-function \ --cli-binary-format raw-in-base64-out \ --payload '{"authorization":"Bearer token"}' response.jsonQ1522: How do you use Lambda Response Streaming?
Section titled “Q1522: How do you use Lambda Response Streaming?”Answer:
# Enable response streamingimport json
def handler(event, context): def generate(): for i in range(10): yield f"chunk {i}\n"
return streaming_response(generate())Q1523: How do you implement Lambda VPC ENI Management?
Section titled “Q1523: How do you implement Lambda VPC ENI Management?”Answer:
# Configure VPC for Lambdaaws lambda create-function \ --function-name my-function \ --vpc-config '{ "SubnetIds":["subnet-123"], "SecurityGroupIds":["sg-123"] }' \ --runtime python3.9 \ --handler index.handlerQ1524: How do you use Lambda Event Source Mapping Filters?
Section titled “Q1524: How do you use Lambda Event Source Mapping Filters?”Answer:
# Create event source with filtersaws lambda create-event-source-mapping \ --function-name my-function \ --event-source-arn arn:aws:sqs:us-east-1:123456789012:my-queue \ --filter-criteria '{"Filters":[{"Pattern":"{\"body\":{\"type\":[\"order\"]}}"}]}'Q1525: How do you implement Lambda Custom Runtimes?
Section titled “Q1525: How do you implement Lambda Custom Runtimes?”Answer:
# Create layer with custom runtime# In Dockerfile:FROM amazonlinuxRUN yum install -y php74
# Create function using custom runtimeaws lambda create-function \ --function-name my-function \ --runtime provided.al2023 \ --layers layer-arnAdvanced AWS Storage Scenarios
Section titled “Advanced AWS Storage Scenarios”Q1526: How do you implement S3 Access Grants?
Section titled “Q1526: How do you implement S3 Access Grants?”Answer:
# Create access grantaws s3control create-access-grant \ --account-id 123456789012 \ --access-grant-id grant-123 \ --permission READ \ --access-grant-scope Bucket=my-bucketQ1527: How do you use S3 Intelligent-Tiering?
Section titled “Q1527: How do you use S3 Intelligent-Tiering?”Answer:
# Configure Intelligent-Tieringaws s3api put-bucket-intelligent-tiering-configuration \ --bucket my-bucket \ --id my-config \ --intelligent-tiering-configuration '{ "Status": "Enabled", "Tierings": [ {"Days": 30, "AccessTier": "STANDARD_IA"}, {"Days": 90, "AccessTier": "GLACIER"} ] }'Q1528: How do you implement S3 Dual-Stack Endpoints?
Section titled “Q1528: How do you implement S3 Dual-Stack Endpoints?”Answer:
# Use dual-stack endpointaws s3api list-buckets --endpoint-url https://s3.dualstack.us-east-1.amazonaws.comQ1529: How do you use S3 Access Points Multi-Region?
Section titled “Q1529: How do you use S3 Access Points Multi-Region?”Answer:
# Create multi-region access pointaws s3control create-multi-region-access-point \ --account-id 123456789012 \ --region us-east-1 \ --bucket my-bucketQ1530: How do you implement EFS Replication?
Section titled “Q1530: How do you implement EFS Replication?”Answer:
# Create replication configurationaws efs create-replication-configuration \ --source-file-system-id fs-123 \ --destinations '[{"Region":"us-west-2","AvailabilityZoneName":"us-west-2a"}]'Advanced AWS Analytics Scenarios
Section titled “Advanced AWS Analytics Scenarios”Q1531: How do you implement Kinesis Data Firehose Transformation?
Section titled “Q1531: How do you implement Kinesis Data Firehose Transformation?”Answer:
# Create delivery stream with Lambda transformationaws firehose create-delivery-stream \ --delivery-stream-name my-stream \ --delivery-stream-type DirectPut \ --lambda-arn arn:aws:lambda:region:account:function:my-function \ --s3-destination-configuration '{ "RoleARN":"role-arn", "BucketARN":"arn:aws:s3:::bucket" }'Q1532: How do you use OpenSearch Ingestion?
Section titled “Q1532: How do you use OpenSearch Ingestion?”Answer:
# Create pipelineaws osis create-pipeline \ --pipeline-name my-pipeline \ --min-units 2 \ --max-units 10Q1533: How do you implement Redshift Concurrency Scaling?
Section titled “Q1533: How do you implement Redshift Concurrency Scaling?”Answer:
# Enable concurrency scalingaws redshift modify-cluster \ --cluster-identifier my-cluster \ --enable-concurrency-scalingQ1534: How do you use Glue Data Quality?
Section titled “Q1534: How do you use Glue Data Quality?”Answer:
# Create data quality rulesetglue.create_data_quality_ruleset( Name='my-ruleset', Ruleset='rules')Q1535: How do you implement Athena Query Federation?
Section titled “Q1535: How do you implement Athena Query Federation?”Answer:
# Use Athena federated queryathena.start_query_execution( QueryString='SELECT * FROM lambda_db.my_function()', ResultConfiguration={'OutputLocation': 's3://bucket/results/'})Advanced AWS DevOps Scenarios
Section titled “Advanced AWS DevOps Scenarios”Q1536: How do you implement CodePipeline Artifact Store Encryption?
Section titled “Q1536: How do you implement CodePipeline Artifact Store Encryption?”Answer:
# Create pipeline with encryptionaws codepipeline create-pipeline \ --pipeline '{ "name": "my-pipeline", "artifactStore": { "type": "S3", "location": "my-bucket", "encryptionKey": {"id":"key-arn","type":"KMS"} } }'Q1537: How do you use CodeBuild Multiple Sources?
Section titled “Q1537: How do you use CodeBuild Multiple Sources?”Answer:
# buildspec.yml with multiple sourcesversion: 0.2
env: variables: CODEBUILD_RESOLVED_SOURCE_VERSION: "source_version"
sources: - type: CODECOMMIT identifier: source - type: S3 identifier: assets location: s3://bucket/assetsQ1538: How do you implement CodeDeploy Rollback Triggers?
Section titled “Q1538: How do you implement CodeDeploy Rollback Triggers?”Answer:
# Create deployment with rollbackaws codedeploy create-deployment \ --application-name my-app \ --deployment-group-name my-group \ --rollback-trigger '{ "arn": "arn:aws:cloudwatch:region:account:alarm:alarm-name", "type": "ALARM" }'Q1539: How do you use CDK Pipelines Self-Mutation?
Section titled “Q1539: How do you use CDK Pipelines Self-Mutation?”Answer:
from aws_cdk import pipelines
pipeline = pipelines.CodePipeline( self, "Pipeline", synth=pipelines.ShellStep("Synth", commands=["npm ci", "cdk synth"] ), self_mutation=True)Q1540: How do you implement Terraform Import Existing Resources?
Section titled “Q1540: How do you implement Terraform Import Existing Resources?”Answer:
# Import S3 bucketterraform import aws_s3_bucket.example my-bucket
# Import EC2 instanceterraform import aws_instance.example i-12345Advanced AWS Cost Management
Section titled “Advanced AWS Cost Management”Q1541: How do you implement AWS Budgets Anomaly Detection?
Section titled “Q1541: How do you implement AWS Budgets Anomaly Detection?”Answer:
# Create budget with anomaly detectionaws budgets create-budget \ --account-id 123456789012 \ --budget '{ "BudgetName": "monthly-budget", "BudgetLimit": {"Amount": "1000", "Unit": "USD"}, "CostFilters": {"Service": ["Amazon EC2"]}, "CostTypes": {"IncludeTax": true} }'Q1542: How do you use AWS Cost Categories?
Section titled “Q1542: How do you use AWS Cost Categories?”Answer:
# Create cost categoryaws ce create-cost-category-definition \ --name "Environment" \ --rules '[{ "Rule": { "CostCategoryValue": "Production", "DimensionValue": "prod-*" } }]'Q1543: How do you implement Reserved Instance Planning?
Section titled “Q1543: How do you implement Reserved Instance Planning?”Answer:
# Get Reserved Instance recommendationsaws ce get-reservation-purchase-recommendation \ --service "Amazon EC2" \ --account-id 123456789012Q1544: How do you use AWS Compute Optimizer Recommendations?
Section titled “Q1544: How do you use AWS Compute Optimizer Recommendations?”Answer:
# Get EC2 recommendationsaws compute-optimizer get-ec2-instance-recommendations
# Export to S3aws compute-optimizer export-recommendations \ --destination s3://bucket/Q1545: How do you implement Savings Plans Recommendations?
Section titled “Q1545: How do you implement Savings Plans Recommendations?”Answer:
# Get Savings Plans recommendationsaws ce get-savings-plans-purchase-recommendation \ --savings-plan-type COMPUTE_SP \ --term-in-years THREE_YEARAdvanced AWS Integration Patterns
Section titled “Advanced AWS Integration Patterns”Q1546: How do you implement SQS Batch with Lambda?
Section titled “Q1546: How do you implement SQS Batch with Lambda?”Answer:
# Lambda handler with batch processingdef handler(event, context): records = event['Records'] batch_item_failures = []
for record in records: try: process_message(record) except Exception: batch_item_failures.append({'itemIdentifier': record['messageId']})
return {'batchItemFailures': batch_item_failures}Q1547: How do you use SNS FIFO with SQS FIFO?
Section titled “Q1547: How do you use SNS FIFO with SQS FIFO?”Answer:
# SNS FIFO to SQS FIFOsns.publish( TopicArn=topic_arn, Message='{"orderId": "123"}', MessageGroupId='order-123', MessageDeduplicationId='unique-id')Q1548: How do you implement EventBridge Pipe Transformation?
Section titled “Q1548: How do you implement EventBridge Pipe Transformation?”Answer:
# Create pipeaws eventsv2 create-pipe \ --name with transformation my-pipe \ --source kinesis \ --target lambda \ --input-template '{"data": $.data, "meta": $.meta}'Q1549: How do you use Step Functions Distributed Map?
Section titled “Q1549: How do you use Step Functions Distributed Map?”Answer:
{ "Map": { "Type": "Map", "ItemProcessor": { "Processor": {"Type": "Task", "Resource": "arn:aws:states:::lambda:invoke"} }, "MaxConcurrency": 100, "ItemsPath": "$.records" }}Q1550: How do you implement Kinesis Consumer Enhanced Fan-Out?
Section titled “Q1550: How do you implement Kinesis Consumer Enhanced Fan-Out?”Answer:
# Register consumerkinesis.register_stream_consumer( StreamARN='arn:aws:kinesis:stream/my-stream', ConsumerName='enhanced-consumer')
# Subscribe with enhanced fan-outshard_iterator = kinesis.get_shard_iterator( StreamName='my-stream', ShardIteratorType='AT_TIMESTAMP', ConsumerName='enhanced-consumer')Advanced AWS Architecture Patterns
Section titled “Advanced AWS Architecture Patterns”Q1551: How do you implement Strangler Fig Pattern?
Section titled “Q1551: How do you implement Strangler Fig Pattern?”Answer:
# Use API Gateway to route between old and new# Old: https://api.example.com/v1/*# New: https://api.example.com/v2/*aws apigateway create-route \ --api-id api-id \ --route-key 'GET /v1/{proxy+}' \ --target 'integrations/v1'Q1552: How do you use Sidecar Pattern in ECS?
Section titled “Q1552: How do you use Sidecar Pattern in ECS?”Answer:
{ "containerDefinitions": [ { "name": "app", "image": "my-app" }, { "name": "sidecar", "image": "sidecar-agent", "essential": false } ]}Q1553: How do implement Ambassador Pattern in Kubernetes?
Section titled “Q1553: How do implement Ambassador Pattern in Kubernetes?”Answer:
apiVersion: v1kind: Servicemetadata: name: redis-ambassadorspec: selector: app: redis ports: - port: 6379---apiVersion: apps/v1kind: Deploymentspec: template: spec: containers: - name: app - name: ambassador image: envoyproxy/envoy:latestQ1554: How do you use Anti-Entropy in Distributed Systems?
Section titled “Q1554: How do you use Anti-Entropy in Distributed Systems?”Answer:
# Implement anti-entropy repairdef repair(node_data, peer_data): merged = merge_versions(node_data, peer_data) if merged != node_data: store(merged) return True return FalseQ1555: How do you implement Bulkhead Pattern with Lambda?
Section titled “Q1555: How do you implement Bulkhead Pattern with Lambda?”Answer:
# Use reserved concurrency for bulkheadlambda_client.put_function_concurrency( FunctionName='critical-function', ReservedConcurrentExecutions=10)Advanced AWS ML Services
Section titled “Advanced AWS ML Services”Q1556: How do you implement SageMaker Feature Store?
Section titled “Q1556: How do you implement SageMaker Feature Store?”Answer:
# Create feature groupfeaturestore_runtime.put_record( FeatureGroupName='my-feature-group', Record=[{'FeatureName': 'feature1', 'ValueAsString': 'value1'}])Q1557: How do you use SageMaker Model Registry?
Section titled “Q1557: How do you use SageMaker Model Registry?”Answer:
# Create model packageaws sagemaker create-model-package \ --model-package-name my-model \ --inference-specification '{ "Containers": [{"Image": "image-uri"}], "SupportedTransformInstanceTypes": ["ml.m5.xlarge"], "SupportedRealtimeInferenceInstanceTypes": ["ml.m5.xlarge"] }'Q1558: How do you implement SageMaker Edge Manager?
Section titled “Q1558: How do you implement SageMaker Edge Manager?”Answer:
# Create edge deployment planaws sagemaker create-edge-deployment-plan \ --edge-deployment-plan-name my-plan \ --model-name my-modelQ1559: How do you use SageMaker Canvas?
Section titled “Q1559: How do you use SageMaker Canvas?”Answer:
Use SageMaker Canvas console:
Section titled “Use SageMaker Canvas console:”1. Import data
Section titled “1. Import data”2. Prepare data (visual)
Section titled “2. Prepare data (visual)”3. Build model (no-code)
Section titled “3. Build model (no-code)”4. Evaluate results
Section titled “4. Evaluate results”5. Deploy
Section titled “5. Deploy”### Q1560: How do you implement SageMaker Clarify?**Answer:**```python# Configure SageMaker Clarifysagemaker.create_model( ModelName='my-model', PrimaryContainer={'Image': 'image-uri'}, ClarifyContainerConfig={ 'ModelName': 'my-model', 'ModelPackageVersion': '1.0' })Advanced AWS IoT Scenarios
Section titled “Advanced AWS IoT Scenarios”Q1561: How do you implement IoT Device Provisioning?
Section titled “Q1561: How do you implement IoT Device Provisioning?”Answer:
# Provision with fleet provisioning templateiot.create_provisioning_claim( templateName='my-template', certificateId='cert-id')Q1562: How do you use IoT Fleet Indexing?
Section titled “Q1562: How do you use IoT Fleet Indexing?”Answer:
# Enable fleet indexingaws iot update-fleet-metrics \ --thing-name my-thing \ --metric '{\"cpu\": 80, \"memory\": 60}'Q1563: How do you implement IoT Greengrass V2 Components?
Section titled “Q1563: How do you implement IoT Greengrass V2 Components?”Answer:
Recipe: ComponentVersion: '1.0.0' Publisher: AWS Function: Lambda Configuration: Handler: index.handlerQ1564: How do you use IoT Events Detectors?
Section titled “Q1564: How do you use IoT Events Detectors?”Answer:
# Create detector with simple rulesdetector = iotevents.create_detector_model( detectorModelName='temperature-monitor', detectorModelDefinition={ 'states': [{ 'stateName': 'Normal', 'onInput': { 'events': [{ 'eventName': 'CheckTemperature', 'condition': 'input.temperature > 80', 'actions': [{'setVariable': {'variableName': 'alert', 'value': 'true'}}] }] } }] })Q1565: How do you implement IoT SiteWise Edge Gateway?
Section titled “Q1565: How do you implement IoT SiteWise Edge Gateway?”Answer:
# Deploy edge gatewayaws iotsitewise create-gateway \ --gateway-name my-gateway \ --gateway-platform '{"Greengrass":{"GroupId":"group-id"}}'Advanced AWS Media Services
Section titled “Advanced AWS Media Services”Q1566: How do you implement MediaLive Encoding Profiles?
Section titled “Q1566: How do you implement MediaLive Encoding Profiles?”Answer:
# Create channelaws medialive create-channel \ --channel-class SINGLE_PIPELINE \ --name my-channel \ --input-specification '{ "Codec": "AVC", "Resolution": "HD", "MaximumBitrate": "MAX_10_MBPS" }'Q1567: How do you use MediaPackage Packaging?
Section titled “Q1567: How do you use MediaPackage Packaging?”Answer:
# Create packaging configurationaws mediapackage create-origin-endpoint \ --channel-id my-channel \ --id my-endpoint \ --hls-package '{ "SegmentDuration": 6, "PlaylistWindowSize": 60 }'Q1568: How do you implement MediaTailor Ad Insertion?
Section titled “Q1568: How do you implement MediaTailor Ad Insertion?”Answer:
# Create ad insertion configurationaws mediatailor create-playback-configuration \ --name my-config \ --ad-decision-server-url http://ads.example.com \ --hls-configuration '{ "ManifestWindowSeconds": 60 }'Q1569: How do you use Elemental Server?
Section titled “Q1569: How do you use Elemental Server?”Answer:
Use Elemental Server for on-premise encoding
Section titled “Use Elemental Server for on-premise encoding”Deploy software on hardware
Section titled “Deploy software on hardware”Configure via web interface
Section titled “Configure via web interface”### Q1570: How do you implement MediaConvert Queue-Based Encoding?**Answer:**```bash# Create queueaws mediaconvert create-queue \ --name my-queue \ --description "High priority queue"
# Submit job to queueaws mediaconvert create-job \ --queue arn:aws:mediaconvert:us-east-1:account:queues/my-queueAdvanced AWS Gaming Services
Section titled “Advanced AWS Gaming Services”Q1571: How do you implement GameLift Fleets?
Section titled “Q1571: How do you implement GameLift Fleets?”Answer:
# Create buildaws gamelift upload-build \ --operating-system AMAZON_LINUX \ --build-version "v1.0" \ --storage-location bucket=my-bucket,key=game-build
# Create fleetaws gamelift create-fleet \ --name my-fleet \ --build-id build-123 \ --ec2-instance-type c5.largeQ1572: How do you use GameLift Aliases for Deployments?
Section titled “Q1572: How do you use GameLift Aliases for Deployments?”Answer:
# Create alias with routingaws gamelift create-alias \ --name production \ --routing-strategy '{ "Type": "TERMINAL", "FleetId": "fleet-123" }'Q1573: How do you implement GameLift Player Sessions?
Section titled “Q1573: How do you implement GameLift Player Sessions?”Answer:
# Create player sessionaws gamelift create-player-session \ --player-id player-123 \ --player-session-id session-123Q1574: How do you use GameLift FlexMatch?
Section titled “Q1574: How do you use GameLift FlexMatch?”Answer:
# Create matchmaking configurationaws gamelift create-matchmaking-configuration \ --name my-match \ --game-session-queue arn:aws:gamelift:gamesessionqueue \ --rule-set-arn rule-set-arnQ1575: How do you implement Gamelift Serverless?
Section titled “Q1575: How do you implement Gamelift Serverless?”Answer:
# Create game session queueaws gamelift create-game-session-queue \ --name my-queue \ --destinations '[{"DestinationArn":"fleet-arn"}]'Additional Interview Questions 1576-1700
Section titled “Additional Interview Questions 1576-1700”Q1576: How do you implement AWS AppSync Subscriptions?
Section titled “Q1576: How do you implement AWS AppSync Subscriptions?”Answer:
# GraphQL subscriptiontype Subscription { onCreatePost(id: ID!): Post @aws_subscribe(mutations: ["createPost"])}Q1577: How do you use AWS Amplify Admin UI?
Section titled “Q1577: How do you use AWS Amplify Admin UI?”Answer:
Use Amplify Admin UI:
Section titled “Use Amplify Admin UI:”1. amplify add auth
Section titled “1. amplify add auth”2. amplify add api
Section titled “2. amplify add api”3. amplify push
Section titled “3. amplify push”4. Access Admin UI at /admin
Section titled “4. Access Admin UI at /admin”### Q1578: How do you implement AWS Device Farm?**Answer:**```bash# Create device poolaws devicefarm create-device-pool \ --name "Android Devices" \ --rules '[{"attribute":"PLATFORM","operator":"EQUALS","value":"ANDROID"}]'Q1579: How do you use AWS Mobile Hub?
Section titled “Q1579: How do you use AWS Mobile Hub?”Answer:
Use Mobile Hub console:
Section titled “Use Mobile Hub console:”1. Create project
Section titled “1. Create project”2. Select features
Section titled “2. Select features”3. Download sample app
Section titled “3. Download sample app”### Q1580: How do you implement AWS Sumerian Scenes?**Answer:**# Use Sumerian console:# 1. Create scene# 2. Add 3D objects# 3. Add interactions# 4. PublishQ1581: How do you use AWS Polly Neural Voices?
Section titled “Q1581: How do you use AWS Polly Neural Voices?”Answer:
# Use neural voicepolly = boto3.client('polly')response = polly.synthesize_speech( Text='Hello world', OutputFormat='mp3', VoiceId='Matthew', Engine='neural')Q1582: How do you implement AWS Transcribe Medical?
Section titled “Q1582: How do you implement AWS Transcribe Medical?”Answer:
# Medical transcriptiontranscribe.start_medical_transcription_job( MedicalTranscriptionJobName='my-job', LanguageCode='en-US', Specialty='PRIMARYCARE', OutputBucketName='bucket')Q1583: How do you use AWS Kendra Enterprise Edition?
Section titled “Q1583: How do you use AWS Kendra Enterprise Edition?”Answer:
# Create index with enterprise featureskendra.create_index( Name='my-index', Edition='ENTERPRISE_EDITION', RoleArn='role-arn')Q1584: How do you implement AWS Personalize Recipes?
Section titled “Q1584: How do you implement AWS Personalize Recipes?”Answer:
# Use user-personalization recipepersonalize.create_solution( SolutionName='my-solution', DatasetGroupArn='group-arn', RecipeArn='arn:aws:personalize:::recipe/user-personalization')Q1585: How do you use AWS Lookout for Metrics?
Section titled “Q1585: How do you use AWS Lookout for Metrics?”Answer:
# Create detectoraws lookoutmetrics create-anomaly-detector \ --anomaly-detector-name my-detector \ --metric-set-name my-metric-setQ1586: How do you implement AWS DevOps Guru Insights?
Section titled “Q1586: How do you implement AWS DevOps Guru Insights?”Answer:
# Get insightsaws devops-guru list-insights \ --region us-east-1 \ --start-time 2024-01-01Q1587: How do you use AWS CodeGuru Security?
Section titled “Q1587: How do you use AWS CodeGuru Security?”Answer:
Enable CodeGuru Security in console
Section titled “Enable CodeGuru Security in console”Connect repository
Section titled “Connect repository”Review findings
Section titled “Review findings”### Q1588: How do you implement AWS Inspector V2?**Answer:**```bash# Enable Inspectoraws inspector2 enable \ --account-ids 123456789012
# List findingsaws inspector2 list-findingsQ1589: How do you use AWS Audit Manager Evidence?
Section titled “Q1589: How do you use AWS Audit Manager Evidence?”Answer:
# Create assessmentaws auditmanager create-assessment \ --name "SOC 2 Assessment" \ --scope-compliance-framework "SOC2"Q1590: How do you implement AWS Control Tower Audit?
Section titled “Q1590: How do you implement AWS Control Tower Audit?”Answer:
Use Control Tower Audit account:
Section titled “Use Control Tower Audit account:”1. Review logs in CloudTrail
Section titled “1. Review logs in CloudTrail”2. Check AWS Config rules
Section titled “2. Check AWS Config rules”3. Use Service Catalog for compliance
Section titled “3. Use Service Catalog for compliance”### Q1591: How do you use AWS Secrets Manager Multi-Region?**Answer:**```bash# Create secret in primary regionaws secretsmanager create-secret \ --name prod/db-creds \ --secret-string '{"password":"secret"}'
# Replicate to secondary regionaws secretsmanager replicate-secret-to-regions \ --secret-id prod/db-creds \ --add-replica-regions Region=us-west-2Q1592: How do you implement AWS Systems Manager Documents?
Section titled “Q1592: How do you implement AWS Systems Manager Documents?”Answer:
# Create custom documentaws ssm create-document \ --content '{ "schemaVersion": "2.2", "description": "My custom command", "mainSteps": [{ "action": "aws:runCommand", "name": "runCommand", "inputs": {"commands":["echo hello"]} }] }' \ --name MyDocument \ --document-type CommandQ1593: How do you use AWS Config Advanced Queries?
Section titled “Q1593: How do you use AWS Config Advanced Queries?”Answer:
# Query resourcesaws configservice select-aggregate-resource-config \ --configuration-aggregator-name my-aggregator \ --expression "SELECT resourceId, resourceType WHERE resourceType = 'AWS::EC2::Instance'"Q1594: How do you implement AWS CloudFormation Change Sets?
Section titled “Q1594: How do you implement AWS CloudFormation Change Sets?”Answer:
# Create change setaws cloudformation create-change-set \ --stack-name my-stack \ --change-set-type UPDATE \ --template-body file://template.yamlQ1595: How do you use AWS CDK Assets?
Section titled “Q1595: How do you use AWS CDK Assets?”Answer:
# Add assetasset = aws_s3_assets.Asset( self, "Asset", path="./assets")
# Use in Lambdafunction = aws_lambda.Function( self, "Function", code=aws_lambda.Code.from_asset("./lambda"))Q1596: How do you implement AWS SAM Local Testing?
Section titled “Q1596: How do you implement AWS SAM Local Testing?”Answer:
# Start local APIsam local start-api
# Invoke functionsam local invoke MyFunction
# Generate sample eventsam local generate-event s3 put > event.jsonQ1597: How do you use AWS Amplify Console Webhooks?
Section titled “Q1597: How do you use AWS Amplify Console Webhooks?”Answer:
Configure webhooks:
Section titled “Configure webhooks:”1. Go to Amplify Console
Section titled “1. Go to Amplify Console”2. App settings > Webhooks
Section titled “2. App settings > Webhooks”3. Add webhook URL
Section titled “3. Add webhook URL”### Q1598: How do you implement CodePipeline Custom Actions?**Answer:**```bash# Create custom action typeaws codepipeline create-custom-action-type \ --category Build \ --provider-name MyProvider \ --input-artifact-details '{"MaximumCount":1,"MinimumCount":1}'Q1599: How do you use CodeBuild Report Groups?
Section titled “Q1599: How do you use CodeBuild Report Groups?”Answer:
# Create report groupaws codebuild create-report-group \ --name my-reports \ --type TEST_EXPORT
# Create reportaws codebuild create-report \ --name my-report \ --report-group-arn arnQ1600: How do you implement CloudWatch Metric Math?
Section titled “Q1600: How do you implement CloudWatch Metric Math?”Answer:
# Create math expressionaws cloudwatch get-metric-statistics \ --namespace AWS/EC2 \ --metric-name CPUUtilization \ --expression "AVG(m1) + AVG(m2)"Additional Interview Questions 1601-1800
Section titled “Additional Interview Questions 1601-1800”Q1601: How do you implement Route 53 Resolver DNS Queries?
Section titled “Q1601: How do you implement Route 53 Resolver DNS Queries?”Answer:
# Query DNSaws route53resolver resolve \ --resolver-endpoint-id endpoint-id \ --name example.com \ --type AQ1602: How do you use CloudFront Key Groups?
Section titled “Q1602: How do you use CloudFront Key Groups?”Answer:
# Create key groupaws cloudfront create-key-group \ --key-group-config '{ "Name": "my-keys", "Items": ["public-key-1"] }'Q1603: How do you implement S3 Object Lambda Access Points?
Section titled “Q1603: How do you implement S3 Object Lambda Access Points?”Answer:
# Create Object Lambda access pointaws s3control create-access-point \ --name my-object-lambda \ --type ObjectLambda \ --configuration '{ "ObjectLambdaSupportedOperations": [{"GetObject": {}}] }'Q1604: How do you use Lambda Function Aliases with Weighted Routing?
Section titled “Q1604: How do you use Lambda Function Aliases with Weighted Routing?”Answer:
# Create alias with weighted routingaws lambda create-alias \ --function-name my-function \ --name prod \ --function-version '$LATEST' \ --routing-config '{"AdditionalVersionWeights":{"2":0.1}}'Q1605: How do you implement DynamoDB On-Demand Capacity?
Section titled “Q1605: How do you implement DynamoDB On-Demand Capacity?”Answer:
# Create on-demand tableaws dynamodb create-table \ --table-name my-table \ --billing-mode PAY_PER_REQUEST \ --attribute-definitions AttributeName=PK,AttributeType=S \ --key-schema AttributeName=PK,KeyType=HASHQ1606: How do you use ElastiCache Global Datastore?
Section titled “Q1606: How do you use ElastiCache Global Datastore?”Answer:
# Create global datastoreaws elasticache create-global-replication-group \ --global-replication-group-id my-global \ --replication-group-id primary-cluster \ --at-rest-encryption-enabledQ1607: How do you implement RDS Kerberos Authentication?
Section titled “Q1607: How do you implement RDS Kerberos Authentication?”Answer:
# Enable Kerberosaws rds create-db-instance \ --db-instance-identifier my-db \ --domain-arn domain-arn \ --domain-iam-role-name role-nameQ1608: How do you use OpenSearch Fine-Grained Access?
Section titled “Q1608: How do you use OpenSearch Fine-Grained Access?”Answer:
# Configure fine-grained accessaws opensearch create-domain \ --domain-name my-domain \ --cluster-config '{ "InstanceType": "r6g.large.search", "InstanceCount": 2 }' \ --advanced-security-options '{ "Enabled": true, "InternalUserDatabaseEnabled": false }'Q1609: How do you implement Redshift Data Sharing?
Section titled “Q1609: How do you implement Redshift Data Sharing?”Answer:
-- Create datashareCREATE DATASHARE myshare;
-- Add table to datashareALTER DATASHARE myshare ADD TABLE myschema.mytable;
-- Grant accessGRANT USAGE ON DATASHARE myshare TO ACCOUNT '123456789012';Q1610: How do you use Glue Data Catalog Encryption?
Section titled “Q1610: How do you use Glue Data Catalog Encryption?”Answer:
# Enable encryptionaws glue put-data-catalog-encryption-settings \ --encryption-at-rest '{ "CatalogEncryptionMode": "DISABLED", "SecurityConfigurationName": "my-config" }'Q1611: How do you implement EMR Studio?
Section titled “Q1611: How do you implement EMR Studio?”Answer:
# Create EMR Studioaws emr createStudio \ --name my-studio \ --auth-mode SSOQ1612: How do you use Kinesis Analytics Application Inputs?
Section titled “Q1612: How do you use Kinesis Analytics Application Inputs?”Answer:
-- Create application with Kinesis inputCREATE OR REPLACE STREAM "DEST_SQL_STREAM" ASSELECT Ticker, COUNT(*) AS CountFROM SOURCE_SQL_STREAM_001GROUP BY TickerQ1613: How do you implement EventBridge Event Buses?
Section titled “Q1613: How do you implement EventBridge Event Buses?”Answer:
# Create custom event busaws events create-event-bus \ --name my-bus
# Put custom eventaws events put-events \ --entries '[{ "Source": "myapp.events", "DetailType": "OrderCreated", "Detail": "{\"orderId\":\"123\"}" }]'Q1614: How do you use Step Functions Workflow Studio?
Section titled “Q1614: How do you use Step Functions Workflow Studio?”Answer:
Use Step Functions Workflow Studio:
Section titled “Use Step Functions Workflow Studio:”1. Open in console
Section titled “1. Open in console”2. Drag and drop states
Section titled “2. Drag and drop states”3. Configure inputs/outputs
Section titled “3. Configure inputs/outputs”4. Save and run
Section titled “4. Save and run”### Q1615: How do you implement Systems Manager Quick Setup?**Answer:**```bash# Create Quick Setupaws ssm create-association \ --name "AWS-ConfigureAWSManagedRules" \ --targets '[{"Key":"instanceids","Values":["*"]}]'Q1616: How do you use AWS Config Organization Conformance Packs?
Section titled “Q1616: How do you use AWS Config Organization Conformance Packs?”Answer:
# Create org conformance packaws configservice put-organization-conformance-pack \ --organization-conformance-pack-name "security-baseline" \ --template-s3-uri s3://bucket/template.yamlQ1617: How do you implement GuardDuty Organization?
Section titled “Q1617: How do you implement GuardDuty Organization?”Answer:
# Enable GuardDuty for organizationaws guardduty enable-organization-admin-account \ --admin-account-id admin-idQ1618: How do you use Security Hub Automation Rules?
Section titled “Q1618: How do you use Security Hub Automation Rules?”Answer:
# Create automation ruleaws securityhub create-automation-rule \ --name "Auto-remediate" \ --criteria '{"Severity":{"Value":["CRITICAL","HIGH"]}}' \ --actions '[{"Type":"FINDING_FIELDS_UPDATE"}]'Q1619: How do you implement Detective Organization?
Section titled “Q1619: How do you implement Detective Organization?”Answer:
# Enable Detective for orgaws detective enable-organization-admin-account \ --admin-account-id admin-idQ1620: How do you use Macie Organization?
Section titled “Q1620: How do you use Macie Organization?”Answer:
# Enable Macie for orgaws macie2 enable-organizationQ1621: How do you implement Inspector Organization?
Section titled “Q1621: How do you implement Inspector Organization?”Answer:
# Enable for organizationaws inspector2 enable-organizationQ1622: How do you use AWS Network Firewall with Gateway Load Balancer?
Section titled “Q1622: How do you use AWS Network Firewall with Gateway Load Balancer?”Answer:
# Deploy Network Firewall with GWLBaws network-firewall create-firewall \ --firewall-name my-firewall \ --vpc-id vpc-123 \ --firewall-policy-arn policy-arn \ --subnet-mapping '{ "us-east-1a": "subnet-gwlb" }'Q1623: How do you implement VPC Flow Logs Analysis?
Section titled “Q1623: How do you implement VPC Flow Logs Analysis?”Answer:
# Create flow logsaws ec2 create-flow-logs \ --resource-type VPC \ --resource-ids vpc-123 \ --traffic-type ALL \ --log-destination-type cloud-watch-logs \ --log-group-name /aws/vpc/flow-logsQ1624: How do you use Transit Gateway Network Manager?
Section titled “Q1624: How do you use Transit Gateway Network Manager?”Answer:
# Create global networkaws networkmanager create-global-network \ --description "Global network"
# Register transit gatewayaws networkmanager register-transit-gateway \ --global-network-id network-id \ --transit-gateway-arn tgw-arnQ1625: How do you implement PrivateLink for SaaS?
Section titled “Q1625: How do you implement PrivateLink for SaaS?”Answer:
# Create endpoint serviceaws ec2 create-vpc-endpoint-service-configuration \ --service-name com.amazonaws.us-east-1.my-saas \ --network-load-balancer-arns [nlb-arn] \ --acceptance-requiredQ1626: How do you use AWS Network Access Analyzer?
Section titled “Q1626: How do you use AWS Network Access Analyzer?”Answer:
# Analyze network accessaws network-insights-analyzer start-network-insights-access-scope-analysis \ --network-insights-access-scope-id scope-idQ1627: How do you implement Internet Monitor?
Section titled “Q1627: How do you implement Internet Monitor?”Answer:
# Create monitoraws internetmonitor create-monitor \ --monitor-name my-monitor \ --internet-measurements-log-delivery '{ "s3Config": {"bucketName": "my-bucket"} }'Q1628: How do you use Verified Access Endpoint Policies?
Section titled “Q1628: How do you use Verified Access Endpoint Policies?”Answer:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": "*", "Action": "igw:CreateTags", "Resource": "*" }]}Q1629: How do you implement VPC Lattice Service Network?
Section titled “Q1629: How do you implement VPC Lattice Service Network?”Answer:
# Create service networkaws vpc-lattice create-service-network \ --name my-network
# Add VPC to service networkaws vpc-lattice create-vpc-association \ --vpc-identifier vpc-123 \ --service-network-identifier sn-123Q1630: How do you use IPAM Scopes?
Section titled “Q1630: How do you use IPAM Scopes?”Answer:
# Create IPAM scopeaws ec2 create-ipam-scope \ --ipam-id ipam-123 \ --name public-scope
# Allocate IP poolaws ec2 allocate-ipam-pool-cidr \ --ipam-pool-id pool-123 \ --netmask-length 24Q1631: How do you implement AWS AppConfig Feature Flags?
Section titled “Q1631: How do you implement AWS AppConfig Feature Flags?”Answer:
# Create configurationaws appconfig create-configuration-profile \ --application-id app-123 \ --name my-feature \ --type AWS.AppConfig.FreeFormConfiguration
# Deployaws appconfig start-deployment \ --application-id app-123 \ --environment-id env-123 \ --configuration-profile-id profile-123Q1632: How do you use AWS Proton Environments?
Section titled “Q1632: How do you use AWS Proton Environments?”Answer:
# Create environment templateaws proton create-environment-template \ --name "vpc-environment"
# Create environmentaws proton create-environment \ --name production \ --template-major-version 1Q1633: How do you implement Amplify Branches?
Section titled “Q1633: How do you implement Amplify Branches?”Answer:
# Add branchaws amplify create-branch \ --app-id app-id \ --branch-name developQ1634: How do you use CodeCatalyst Workflows?
Section titled “Q1634: How do you use CodeCatalyst Workflows?”Answer:
Name: deploySchemaVersion: "1.0"Triggers: - Type: PUSH Branches: [main]Actions: - Name: build Action: BUILD Timeout: 10Q1635: How do you implement IoT Core Fleet Hub?
Section titled “Q1635: How do you implement IoT Core Fleet Hub?”Answer:
# Create fleet indexaws iot create-fleet-index \ --fleet-name my-fleet
# Query fleetaws iot get-fleet-meta-data \ --fleet-name my-fleetQ1636: How do you use IoT SiteWise Data Streams?
Section titled “Q1636: How do you use IoT SiteWise Data Streams?”Answer:
# Create data streamaws iotsitewise create-time-series \ --asset-id asset-123 \ --property-id property-123Q1637: How do you implement IoT Events Input Transformations?
Section titled “Q1637: How do you implement IoT Events Input Transformations?”Answer:
# Define input transformationtransformation = { "action": "lambda", "payload": { "sensorId": "{{input.sensorId}}", "value": "{{input.value}}", "timestamp": "{{input.timestamp}}" }}Q1638: How do you use Greengrass V2 Components Recipes?
Section titled “Q1638: How do you use Greengrass V2 Components Recipes?”Answer:
RecipeFormatVersion: 2020-01-01ComponentName: my-componentComponentVersion: 1.0.0Manifests: - Platform: os: linux Artifacts: - URI: s3://bucket/artifact.tar.gzQ1639: How do you implement IoT Device Simulator?
Section titled “Q1639: How do you implement IoT Device Simulator?”Answer:
# Use IoT Device SDKfrom awsiot import mqtt
mqtt_connection = mqtt.connect()mqtt_connection.publish(topic, payload, qos=1)Q1640: How do you use Amazon Chime SDK Meetings?
Section titled “Q1640: How do you use Amazon Chime SDK Meetings?”Answer:
# Create meetingchime = boto3.client('chime')meeting = chime.create_meeting( ClientRequestToken='token', MediaRegion='us-east-1')Q1641: How do you implement Connect Contact Flow Modules?
Section titled “Q1641: How do you implement Connect Contact Flow Modules?”Answer:
{ "modules": [{ "id": "module-1", "type": "ContactFlowModule", "branches": [] }]}Q1642: How do you use Pinpoint Segments?
Section titled “Q1642: How do you use Pinpoint Segments?”Answer:
# Create segmentpinpoint.create_segment( ApplicationId='app-id', SegmentRequest={ 'Name': 'active-users', 'SourceSegments': [{'SegmentId': 'source-id'}] })Q1643: How do you implement SES Configuration Set?
Section titled “Q1643: How do you implement SES Configuration Set?”Answer:
# Create configuration setaws ses create-configuration-set \ --name my-config
# Add tracking domainaws ses create-configuration-set-tracking-options \ --configuration-set-name my-config \ --custom-tracking-domain domain.comQ1644: How do you useboxes WorkMail Mail?
Section titled “Q1644: How do you useboxes WorkMail Mail?”Answer:
# Create useraws workmail create-user \ --organization-id org-id \ --display-name "John Doe" \ --user-name johnQ1645: How do you implement Amazon Honeycode?
Section titled “Q1645: How do you implement Amazon Honeycode?”Answer:
Use Honeycode console:
Section titled “Use Honeycode console:”1. Create workbook
Section titled “1. Create workbook”2. Add tables
Section titled “2. Add tables”3. Build screens
Section titled “3. Build screens”4. Share with team
Section titled “4. Share with team”### Q1646: How do you use AWS Wickr?**Answer:**# Use Wickr Admin console:# 1. Create organization# 2. Add users# 3. Configure security policiesQ1647: How do you implement AppFlow Integrations?
Section titled “Q1647: How do you implement AppFlow Integrations?”Answer:
# Create flowaws appflow create-flow \ --flow-name my-flow \ --source-flow-config '{"ConnectorType":"Salesforce"}' \ --destination-flow-config '{"ConnectorType":"S3"}'Q1648: How do you use Managed Workflows for Apache Airflow?
Section titled “Q1648: How do you use Managed Workflows for Apache Airflow?”Answer:
# Create environmentaws mwaa create-environment \ --name my-environment \ --execution-role-arn role-arnQ1649: How do you implement Glue Studio Visual ETL?
Section titled “Q1649: How do you implement Glue Studio Visual ETL?”Answer:
Use Glue Studio console:
Section titled “Use Glue Studio console:”1. Create job. Visual editor
Section titled “1. Create job. Visual editor”3. Add transforms
Section titled “3. Add transforms”4. Run
Section titled “4. Run”### Q1650: How do you use Redshift Query Editor V2?**Answer:**# Use Redshift console Query Editor V2:# 1. Connect to cluster# 2. Write SQL# 3. Save queries# 4. ShareAdditional Interview Questions 1651-1800
Section titled “Additional Interview Questions 1651-1800”Q1651: How do you implement OpenSearch Serverless Collections?
Section titled “Q1651: How do you implement OpenSearch Serverless Collections?”Answer:
# Create collectionaws opensearchserverless create-collection \ --name my-collection \ --type SEARCH \ --description "Search collection"Q1652: How do you use EMR on EKS?
Section titled “Q1652: How do you use EMR on EKS?”Answer:
# Register EKS clusteraws emr-containers register-cluster \ --eks-cluster-name my-cluster \ --type "EMR_ON_EKS"Q1653: How do you implement MSK Connect Connectors?
Section titled “Q1653: How do you implement MSK Connect Connectors?”Answer:
# Create connectoraws kafkaconnect create-connector \ --connector-name my-connector \ --connector-configuration '{ "connector.class": "S3Sink" }' \ --capacity '{ "workerCount": 2 }'Q1654: How do you use Managed Kafka Topics?
Section titled “Q1654: How do you use Managed Kafka Topics?”Answer:
# Create topicaws kafka create-topic \ --topic-name my-topic \ --partitions 6 \ --replication-factor 3Q1655: How do you implement Lake Formation Data Filtering?
Section titled “Q1655: How do you implement Lake Formation Data Filtering?”Answer:
# Grant column-level accessaws lakeformation grant-permissions \ --principal user@example.com \ --permissions SELECT \ --resource '{"Table":{"DatabaseName":"mydb","TableName":"table1","ColumnNames":["col1","col2"]}}'Q1656: How do you use Glue Interactive Sessions?
Section titled “Q1656: How do you use Glue Interactive Sessions?”Answer:
# Use Glue Interactive Sessions%glueContext
# Read datadf = glueContext.create_dynamic_frame.from_catalog( database='mydb', table_name='mytable')Q1657: How do you implement Data Exchange for S3?
Section titled “Q1657: How do you implement Data Exchange for S3?”Answer:
# Create data setaws dataexchange create-data-set \ --name "Public Dataset" \ --description "My dataset" \ --asset-type S3_SNAPSHOT
# Export data setaws dataexchange create-revision \ --data-set-id dataset-idQ1658: How do you use Clean Rooms SQL Queries?
Section titled “Q1658: How do you use Clean Rooms SQL Queries?”Answer:
-- Run query in clean roomSELECT *FROM my_tableWHERE user_id IN ( SELECT user_id FROM other_table)Q1659: How do you implement HealthLake FHIR Export?
Section titled “Q1659: How do you implement HealthLake FHIR Export?”Answer:
# Create export jobaws healthlake create-fhir-export-job \ --datastore-id datastore-id \ --output-data-config S3OutputUri=s3://bucket/exportQ1660: How do you use IoT TwinMaker Workspaces?
Section titled “Q1660: How do you use IoT TwinMaker Workspaces?”Answer:
# Create workspaceaws iottwinmaker create-workspace \ --workspace-id my-workspace \ --s3-bucket my-bucketQ1661: How do you implement IoT FleetWise Campaigns?
Section titled “Q1661: How do you implement IoT FleetWise Campaigns?”Answer:
# Create campaignaws iotfleetwise create-campaign \ --name my-campaign \ --target-arn "arn:aws:iotfleetwise:region:account:vehicle/group-id"Q1662: How do you use Panorama Data Processing Jobs?
Section titled “Q1662: How do you use Panorama Data Processing Jobs?”Answer:
# Create jobaws panorama create-job \ --name my-job \ --input-config '{"uri":"s3://bucket/input"}'Q1663: How do you implement SageMaker Edge Manager Packaging?
Section titled “Q1663: How do you implement SageMaker Edge Manager Packaging?”Answer:
# Package modelaws sagemaker create-edge-packaging-job \ --job-name my-job \ --model-name my-modelQ1664: How do you use Lookout for Vision Inference?
Section titled “Q1664: How do you use Lookout for Vision Inference?”Answer:
# Detect anomalieslookoutvision.detect_anomalies( ProjectName='my-project', ContentType='image/jpeg', Body=image_bytes)Q1665: How do you implement Fraud Detector Predictions?
Section titled “Q1665: How do you implement Fraud Detector Predictions?”Answer:
# Get predictionfrauddetector.get_event_prediction( detectorId='my-detector', eventTypeName='transaction', entities=[{'entityType':'customer','entityId':'123'}])Q1666: How do you use CodeWhisperer Professional?
Section titled “Q1666: How do you use CodeWhisperer Professional?”Answer:
Enable in VS Code:
Section titled “Enable in VS Code:”1. Install CodeWhisperer extension
Section titled “1. Install CodeWhisperer extension”2. Sign in with AWS Builder ID
Section titled “2. Sign in with AWS Builder ID”3. Start coding
Section titled “3. Start coding”### Q1667: How do you implement Bedrock Model Invocation?**Answer:**```python# Invoke Claudebedrock = boto3.client('bedrock-runtime')
response = bedrock.invoke_model( modelId='anthropic.claude-v2', contentType='application/json', accept='application/json', body=json.dumps({ 'prompt': 'Hello', 'max_tokens_to_sample': 100 }))Q1668: How do you use Q Business Conversations?
Section titled “Q1668: How do you use Q Business Conversations?”Answer:
Use Q Business console:
Section titled “Use Q Business console:”1. Connect data sources
Section titled “1. Connect data sources”2. Configure security
Section titled “2. Configure security”3. Create web experience
Section titled “3. Create web experience”### Q1669: How do you implement Supply Chain Traceability?**Answer:**```bash# Create supply chainaws supplychain create-instance \ --instance-name my-supply-chainQ1670: How do you use AWS Clean Rooms ML Training?
Section titled “Q1670: How do you use AWS Clean Rooms ML Training?”Answer:
# Train model in clean roomcleanrooms.train( algorithm='logistic_regression', data={'table': 'mytable'}, target='label')Q1671: How do you implement Inspector SBOM Export?
Section titled “Q1671: How do you implement Inspector SBOM Export?”Answer:
# Get SBOMaws inspector2 get-findings \ --filter-criteria '{"severity":[{"comparison":"EQUALS","value":"CRITICAL"}]}'Q1672: How do you use Detective Investigation Graphs?
Section titled “Q1672: How do you use Detective Investigation Graphs?”Answer:
# Create investigationaws detective create-investigation \ --graph-arn graph-arn \ --title "Security incident"Q1673: How do you implement Audit Manager Evidence Collection?
Section titled “Q1673: How do you implement Audit Manager Evidence Collection?”Answer:
# Create evidence folderaws auditmanager create-evidence-folder \ --assessment-id assessment-id \ --name "Evidence folder"Q1674: How do you use Control Tower Guardrail Scoping?
Section titled “Q1674: How do you use Control Tower Guardrail Scoping?”Answer:
# Get guardrail statusaws controltower list-guardrails \ --region us-east-1Q1675: How do you implement Security Hub Standards Subscription?
Section titled “Q1675: How do you implement Security Hub Standards Subscription?”Answer:
# Enable standardsaws securityhub enable-standards \ --standards-arn 'arn:aws:securityhub:::ruleset/aws-foundational-security-best-practices/v/1.0.0'Q1676: How do you use GuardDuty Findings Export?
Section titled “Q1676: How do you use GuardDuty Findings Export?”Answer:
# Export findingsaws guardduty list-findings \ --detector-id detector-id \ --finding-criteria '{"severity":{"Eq":["4","5"]}}'Q1677: How do you implement Macie Sensitive Data Discovery?
Section titled “Q1677: How do you implement Macie Sensitive Data Discovery?”Answer:
# Create discovery jobaws macie2 create-discovery-job \ --name "Sensitive data scan" \ --sensitivity-job-config '{"jobType":"ONE_TIME"}'Q1678: How do you use Config Aggregation Authorization?
Section titled “Q1678: How do you use Config Aggregation Authorization?”Answer:
# Authorize aggregatoraws configservice put-aggregation-authorization \ --authorized-account-id 123456789012 \ --authorized-region us-east-1Q1679: How do you implement CloudFormation StackSets Updates?
Section titled “Q1679: How do you implement CloudFormation StackSets Updates?”Answer:
# Update stack setaws cloudformation update-stack-set \ --stack-set-name my-stackset \ --template-body file://new-template.yamlQ1680: How do you use CDK Import Resources?
Section titled “Q1680: How do you use CDK Import Resources?”Answer:
# Import existing resourceimported_vpc = ec2.Vpc.from_lookup( self, "ExistingVPC", is_default=True)Additional Interview Questions 1681-1900
Section titled “Additional Interview Questions 1681-1900”Q1681: How do you implement SAM Accelerate?
Section titled “Q1681: How do you implement SAM Accelerate?”Answer:
# Sync and watchsam sync --stack-name my-stack --watchQ1682: How do you use Amplify Branch Auto-Build?
Section titled “Q1682: How do you use Amplify Branch Auto-Build?”Answer:
Configure in Amplify Console:
Section titled “Configure in Amplify Console:”1. App settings > Branch connections
Section titled “1. App settings > Branch connections”2. Enable auto-build
Section titled “2. Enable auto-build”### Q1683: How do you implement CodePipeline Artifact Encryption?**Answer:**```bash# Configure encryptionaws codepipeline create-pipeline \ --pipeline '{ "artifactStore": { "encryptionKey": {"id":"key-arn","type":"KMS"} } }'Q1684: How do you use CodeBuild VPC Configuration?
Section titled “Q1684: How do you use CodeBuild VPC Configuration?”Answer:
version: 0.2
config: vpc: vpc_id: vpc-123 subnets: - subnet-123 security_groups: - sg-123Q1685: How do you implement CodeDeploy Blue-Green Validation?
Section titled “Q1685: How do you implement CodeDeploy Blue-Green Validation?”Answer:
# Configure validationaws codedeploy create-deployment \ --deployment-config-name CodeDeployDefault.AllAtOnceQ1686: How do you use CloudWatch Unified Agent?
Section titled “Q1686: How do you use CloudWatch Unified Agent?”Answer:
# Install agentyum install -y amazon-cloudwatch-agent
# Configure/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -sQ1687: How do you implement X-Ray Custom Sampling Rules?
Section titled “Q1687: How do you implement X-Ray Custom Sampling Rules?”Answer:
{ "Rules": [{ "RuleName": "priority", "FixedRate": 0.5, "ReservoirSize": 10, "Host": "*", "HTTPMethod": "*", "URLPath": "/api/*" }]}Q1688: How do you use CloudWatch Anomaly Detection Alarms?
Section titled “Q1688: How do you use CloudWatch Anomaly Detection Alarms?”Answer:
# Create anomaly detection alarmaws cloudwatch put-anomaly-detection \ --namespace AWS/EC2 \ --metric-name CPUUtilization \ --statistic AverageQ1689: How do you implement CloudWatch Contributor Insights?
Section titled “Q1689: How do you implement CloudWatch Contributor Insights?”Answer:
# Create ruleaws cloudwatch put-insight-rule \ --rule-name "top-users" \ --rule '{"schema":{"root":"LogGroup","fields":[{"field":"@timestamp"}]}}'Q1690: How do you use CloudWatch Evidently Experiments?
Section titled “Q1690: How do you use CloudWatch Evidently Experiments?”Answer:
# Create launchaws evidently create-launch \ --project my-project \ --name "Feature launch"Q1691: How do you implement CloudWatch RUM Metrics?
Section titled “Q1691: How do you implement CloudWatch RUM Metrics?”Answer:
# Create app monitoraws rum create-app-monitor \ --name my-monitor \ --domain-allow-list '["example.com"]'Q1692: How do you use Systems Manager Session Manager Proxy?
Section titled “Q1692: How do you use Systems Manager Session Manager Proxy?”Answer:
# Configure tunnelaws ssm start-session \ --target i-12345 \ --document-name AWS-StartPortForwardingSession \ --parameters '{"portNumber":["80"],"localPortNumber":["8080"]}'Q1693: How do you implement Parameter Store Public Parameters?
Section titled “Q1693: How do you implement Parameter Store Public Parameters?”Answer:
# Use public parametersaws ssm get-parameters \ --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2Q1694: How do you use Secrets Manager Resource Policy?
Section titled “Q1694: How do you use Secrets Manager Resource Policy?”Answer:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123456789012:root"}, "Action": "secretsmanager:GetSecretValue", "Resource": "*" }]}Q1695: How do you implement IAM Access Analyzer External Access?
Section titled “Q1695: How do you implement IAM Access Analyzer External Access?”Answer:
# Analyze external accessaws access-analyzer create-analyzer \ --analyzer-name my-analyzer \ --type ACCOUNTQ1696: How do you use IAM Policy Simulator for Roles?
Section titled “Q1696: How do you use IAM Policy Simulator for Roles?”Answer:
# Test policyaws iam simulate-principal-policy \ --policy-source-arn role-arn \ --action-names "s3:GetObject"Q1697: How do you implement KMS Custom Key Store?
Section titled “Q1697: How do you implement KMS Custom Key Store?”Answer:
# Create CloudHSM key storeaws kms create-custom-key-store \ --custom-key-store-name my-cks \ --cloud-hsm-cluster-id cluster-123Q1698: How do you use KMS Asymmetric Keys?
Section titled “Q1698: How do you use KMS Asymmetric Keys?”Answer:
# Create asymmetric keyaws kms create-key \ --key-usage SIGN_VERIFY \ --key-spec RSA_4096Q1699: How do you implement KMS Key Policy Conditions?
Section titled “Q1699: How do you implement KMS Key Policy Conditions?”Answer:
{ "Condition": { "StringEquals": { "aws:PrincipalTag/Department": "Finance" } }}Q1700: How do you use CloudTrail Event Selectors?
Section titled “Q1700: How do you use CloudTrail Event Selectors?”Answer:
# Create trail with selectorsaws cloudtrail create-trail \ --name my-trail \ --s3-bucket-name my-bucket \ --event-selectors '[{"ReadWriteType":"WriteOnly","IncludeManagementEvents":true}]'Q1701: How do you implement CloudTrail Lake Queries?
Section titled “Q1701: How do you implement CloudTrail Lake Queries?”Answer:
# Run queryaws cloudtrail lookup-events \ --lookup-attributes AttributeKey=EventSource,AttributeValue=ec2.amazonaws.comQ1702: How do you use AWS Config Advanced Query?
Section titled “Q1702: How do you use AWS Config Advanced Query?”Answer:
# Query resourcesaws configservice select-resource-config \ --expression "SELECT * WHERE resourceType = 'AWS::EC2::Instance'"Q1703: How do you implement Security Hub Finding Aggregation?
Section titled “Q1703: How do you implement Security Hub Finding Aggregation?”Answer:
# Enable aggregatoraws securityhub enable-organization-admin-account \ --admin-account-id admin-idQ1704: How do you use GuardDuty Finding Publishing?
Section titled “Q1704: How do you use GuardDuty Finding Publishing?”Answer:
# Enable publishingaws guardduty update-organization-configuration \ --detector-id detector-id \ --auto-enable ORGQ1705: How do you implement Macie Organization Configuration?
Section titled “Q1705: How do you implement Macie Organization Configuration?”Answer:
# Enable for orgaws macie2 enable-organizationQ1706: How do you use Detective Organization Admin?
Section titled “Q1706: How do you use Detective Organization Admin?”Answer:
# Set adminaws detective enable-organization-admin-account \ --admin-account-id admin-idQ1707: How do you implement Inspector Organization Setup?
Section titled “Q1707: How do you implement Inspector Organization Setup?”Answer:
# Enable organizationaws inspector2 enable-organizationQ1708: How do you use Control Tower Custom Guardrails?
Section titled “Q1708: How do you use Control Tower Custom Guardrails?”Answer:
# Create custom guardrailaws controltower create-guardrail \ --region us-east-1Q1709: How do you implement Audit Manager Custom Framework?
Section titled “Q1709: How do you implement Audit Manager Custom Framework?”Answer:
# Create custom frameworkaws auditmanager create-framework \ --name "Custom Framework"Q1710: How do you use Systems Manager Patch Policies?
Section titled “Q1710: How do you use Systems Manager Patch Policies?”Answer:
# Create patch policyaws ssm create-patch-baseline \ --name "Critical Patches" \ --operating-system AMAZON_LINUX2Q1711: How do you implement GuardDuty Severity Thresholds?
Section titled “Q1711: How do you implement GuardDuty Severity Thresholds?”Answer:
# Update severityaws guardduty update-detector \ --detector-id detector-id \ --finding-publishing-frequency SIX_HOURSQ1712: How do you use Security Hub Severity Filters?
Section titled “Q1712: How do you use Security Hub Severity Filters?”Answer:
# Filter findingsaws securityhub get-findings \ --filters '{"Severity":[{"Value":"CRITICAL","Comparison":"EQUALS"}]}'Q1713: How do you implement CloudTrail Integration with CloudWatch?
Section titled “Q1713: How do you implement CloudTrail Integration with CloudWatch?”Answer:
# Configure CloudWatchaws cloudtrail update-trail \ --name my-trail \ --cloud-watch-logs-log-group-arn arn:logsQ1714: How do you use Config Remediation Actions?
Section titled “Q1714: How do you use Config Remediation Actions?”Answer:
# Configure remediationaws configservice put-remediation-configurations \ --remediation-configurations '[{ "TargetType":"AWS::SSM::Document", "TargetId":"AWS-ConfigureS3BucketPublicReadProhibited" }]'Q1715: How do you implement Detective Behavioral Graph Analysis?
Section titled “Q1715: How do you implement Detective Behavioral Graph Analysis?”Answer:
# Query behavioraws detective list-graph-members \ --graph-arn graph-arnQ1716: How do you use Macie Classification Scope?
Section titled “Q1716: How do you use Macie Classification Scope?”Answer:
# Define scopeaws macie2 create-classification-job \ --job-type ONE_TIME \ --s3-job-definition '{ "bucketDefinitions": [{"accountId":"123","buckets":["my-bucket"]}] }'Q1717: How do you implement Inspector Coverage Queries?
Section titled “Q1717: How do you implement Inspector Coverage Queries?”Answer:
# Get coverageaws inspector2 list-coverage \ --filter-criteria '{"resourceType":[{"comparison":"EQUALS","value":"AWS_EC2_INSTANCE"}]}'Q1718: How do you use GuardDuty Export Findings to S3?
Section titled “Q1718: How do you use GuardDuty Export Findings to S3?”Answer:
# Configure exportaws guardduty create-publishing-destination \ --detector-id detector-id \ --destination-type S3 \ --s3-destination '{ "BucketName": "my-bucket" }'Q1719: How do you implement Security Hub Automation Rules Actions?
Section titled “Q1719: How do you implement Security Hub Automation Rules Actions?”Answer:
# Create automationaws securityhub create-automation-rule \ --actions '[{"Type":"FINDING_FIELDS_UPDATE"}]'Q1720: How do you use AWS Config Conformance Pack Templates?
Section titled “Q1720: How do you use AWS Config Conformance Pack Templates?”Answer:
# TemplateResources: ConfigRule: Type: AWS::Config::ConfigRuleAdditional Interview Questions 1721-2000
Section titled “Additional Interview Questions 1721-2000”Q1721: How do you implement AWS Network Firewall Rule Priorities?
Section titled “Q1721: How do you implement AWS Network Firewall Rule Priorities?”Answer:
# Create with priorityaws network-firewall create-rule-group \ --rule-group-name high-priority \ --priority 1Q1722: How do you use VPC Flow Logs to S3 with Kinesis?
Section titled “Q1722: How do you use VPC Flow Logs to S3 with Kinesis?”Answer:
# Configure Kinesisaws ec2 create-flow-logs \ --resource-type VPC \ --traffic-type ALL \ --destination-type kinesis-data-firehose \ --deliver-to-kinesis-data-firehose-arn firehose-arnQ1723: How do you implement Transit Gateway Performance Mode?
Section titled “Q1723: How do you implement Transit Gateway Performance Mode?”Answer:
# Enable performanceaws ec2 create-transit-gateway \ --options '{"AmazonAsn":64512}'Q1724: How do you use Direct Connect LAG?
Section titled “Q1724: How do you use Direct Connect LAG?”Answer:
# Create LAGaws directconnect create-lag \ --lag-name my-lag \ --number-of-connections 4 \ --location EqDC2Q1725: How do you implement VPN Accelerator?
Section titled “Q1725: How do you implement VPN Accelerator?”Answer:
# Create accelerated VPNaws ec2 create-vpn-connection \ --type ipsec.1 \ --customer-gateway-id cgw-123 \ --vpn-gateway-id vpg-123 \ --accelerateQ1726: How do you use PrivateLink Gateway Services?
Section titled “Q1726: How do you use PrivateLink Gateway Services?”Answer:
# Create gateway serviceaws ec2 create-vpc-endpoint-service-configuration \ --service-name com.amazonaws.us-east-1.gwlbQ1727: How do you implement IPAM Pool Allocation Strategies?
Section titled “Q1727: How do you implement IPAM Pool Allocation Strategies?”Answer:
# Configure allocationaws ec2 create-ipam-pool \ --ipam-scope-id scope-123 \ --allocation-default-netmask-length 24Q1728: How do you use Verified Access Trust Providers?
Section titled “Q1728: How do you use Verified Access Trust Providers?”Answer:
# Create trust provideraws ec2 create-verified-access-trust-provider \ --policy-reference-name my-provider \ --device-trust-provider-type IOTQ1729: How do you implement VPC Lattice Auth Policies?
Section titled “Q1729: How do you implement VPC Lattice Auth Policies?”Answer:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": "*", "Action": "vpc-lattice-svcs:Invoke", "Resource": "service-arn" }]}Q1730: How do you use Internet Monitor City-level Metrics?
Section titled “Q1730: How do you use Internet Monitor City-level Metrics?”Answer:
# Get city dataaws internetmonitor get-monitor \ --monitor-name my-monitorQ1731: How do you implement Route 53 Latency-Based Routing?
Section titled “Q1731: How do you implement Route 53 Latency-Based Routing?”Answer:
# Create latency recordaws route53 change-resource-record-sets \ --hosted-zone-id Z123 \ --change-batch '{ "Changes": [{ "Action": "CREATE", "ResourceRecordSet": { "Name": "example.com", "Type": "A", "SetIdentifier": "us-east-1", "Latency": {"Region": "us-east-1"}, "TTL": 60, "ResourceRecords": [{"Value": "1.2.3.4"}] } }] }'Q1732: How do you use CloudFront Origin Shield?
Section titled “Q1732: How do you use CloudFront Origin Shield?”Answer:
# Enable origin shieldaws cloudfront update-origin-shield-origin-shield-configuration \ --origin-shield-origin-shield-configuration '{ "Enabled": true, "OriginShieldRegion": "us-east-1" }'Q1733: How do you implement S3 Replication Time Control?
Section titled “Q1733: How do you implement S3 Replication Time Control?”Answer:
# Enable RTCaws s3api put-bucket-replication \ --bucket my-bucket \ --replication-configuration '{ "Role": "role-arn", "Rules": [{ "ID": "rule", "Status": "Enabled", "Destination": {"Bucket": "arn:aws:s3:::dest-bucket"}, "ReplicationTime": {"Status": "Enabled", "Time": {"Minutes": 15}} }] }'Q1734: How do you use S3 Object Lambda Transformations?
Section titled “Q1734: How do you use S3 Object Lambda Transformations?”Answer:
# Lambda for transformationdef handler(event, context): return {"statusCode": 200}Q1735: How do you implement Lambda Concurrency Limits?
Section titled “Q1735: How do you implement Lambda Concurrency Limits?”Answer:
# Set reserved concurrencyaws lambda put-function-concurrency \ --function-name my-function \ --reserved-concurrent-executions 100Q1736: How do you use DynamoDB Adaptive Capacity?
Section titled “Q1736: How do you use DynamoDB Adaptive Capacity?”Answer:
Adaptive capacity is automatic
Section titled “Adaptive capacity is automatic”Monitor with CloudWatch
Section titled “Monitor with CloudWatch”### Q1737: How do you implement Aurora Backtrack?**Answer:**```bash# Enable backtrackaws rds modify-db-cluster \ --db-cluster-identifier my-cluster \ --backtrack-hours 24Q1738: How do you use RDS Performance Insights Retention?
Section titled “Q1738: How do you use RDS Performance Insights Retention?”Answer:
# Set retentionaws pi put-performance-insights-retention-period \ --db-instance-identifier my-db \ --retention-period 7Q1739: How do you implement ElastiCache Redis AUTH?
Section titled “Q1739: How do you implement ElastiCache Redis AUTH?”Answer:
# Enable AUTHaws elasticache create-replication-group \ --replication-group-id my-group \ --auth-token-enabledQ1740: How do you use OpenSearch Dashboards SAML?
Section titled “Q1740: How do you use OpenSearch Dashboards SAML?”Answer:
# Configure SAMLaws opensearch update-domain-config \ --domain-name my-domain \ --saml-options '{"Enabled":true}'Q1741: How do you implement Redshift WLM Queues?
Section titled “Q1741: How do you implement Redshift WLM Queues?”Answer:
# Configure WLMaws rds create-db-cluster-parameter-group \ --parameter-group-family redshift-1.0 \ --description "Custom WLM"Q1742: How do you use Glue Job Bookmarks Encryption?
Section titled “Q1742: How do you use Glue Job Bookmarks Encryption?”Answer:
# Enable encryptionaws glue create-security-configuration \ --encryption-configuration '{ "JobBookmarksEncryption": {"Mode":"CSE-KMS","KmsKeyArn":"key-arn"} }'Q1743: How do you implement Kinesis Enhanced Monitoring?
Section titled “Q1743: How do you implement Kinesis Enhanced Monitoring?”Answer:
# Enable enhanced metricsaws kinesis enhance-metrics \ --stream-name my-stream \ --shard-level-metrics IncomingBytes,OutgoingBytesQ1744: How do you use EventBridge Retry Policies?
Section titled “Q1744: How do you use EventBridge Retry Policies?”Answer:
{ "RetryPolicy": { "MaximumRetryAttempts": 3, "MaximumEventAgeInSeconds": 86400 }}Q1745: How do you implement Step Functions Callback Pattern?
Section titled “Q1745: How do you implement Step Functions Callback Pattern?”Answer:
{ "WaitForCallback": { "Type": "WaitForTaskToken", "Resource": "arn:aws:states:::lambda:invoke.waitForTaskToken" }}Q1746: How do you use SQS Message Deduplication?
Section titled “Q1746: How do you use SQS Message Deduplication?”Answer:
# Enable FIFOsqs.create_queue( QueueName='orders.fifo', Attributes={ 'FifoQueue': 'true', 'ContentBasedDeduplication': 'false' })
# Use deduplication IDsqs.send_message( QueueUrl=queue_url, MessageBody='order', MessageDeduplicationId='unique-id')Q1747: How do you implement SNS Message Filtering Policies?
Section titled “Q1747: How do you implement SNS Message Filtering Policies?”Answer:
# Create with filtersns.create_topic( Name='my-topic', Tags=[{'Key': 'filter', 'Value': 'enabled'}])Q1748: How do you use Kinesis Data Stream Encryption?
Section titled “Q1748: How do you use Kinesis Data Stream Encryption?”Answer:
# Enable encryptionaws kinesis enable-stream-encryption \ --stream-name my-stream \ --encryption-type KMS \ --kms-key-id key-idQ1749: How do you implement Lambda VPC DNS Support?
Section titled “Q1749: How do you implement Lambda VPC DNS Support?”Answer:
# Enable DNSaws lambda update-function-configuration \ --function-name my-function \ --vpc-config '{ "SubnetIds":["subnet-123"], "SecurityGroupIds":["sg-123"], "VpcConfig": {"VpcId":"vpc-123"} }'Q1750: How do you use ECS Task Metadata Endpoint?
Section titled “Q1750: How do you use ECS Task Metadata Endpoint?”Answer:
{ "containerDefinitions": [{ "name": "web", "image": "nginx", "disableNetworking": false }]}Q1751: How do you implement EKS Cluster Endpoint Access?
Section titled “Q1751: How do you implement EKS Cluster Endpoint Access?”Answer:
# Configure endpoint accessaws eks update-cluster-config \ --name my-cluster \ --resources-vpc-config '{ "endpointPublicAccess": true, "endpointPrivateAccess": true }'Q1752: How do you use CloudFormation Drift Detection Settings?
Section titled “Q1752: How do you use CloudFormation Drift Detection Settings?”Answer:
# Configure detectionaws cloudformation update-stack \ --stack-name my-stack \ --drift-detection trueQ1753: How do you implement CDK Context Lookup?
Section titled “Q1753: How do you implement CDK Context Lookup?”Answer:
# Look up existing VPCvpc = ec2.Vpc.from_lookup( self, "VPC", vpc_id="vpc-123")Q1754: How do you use SAM Package Command?
Section titled “Q1754: How do you use SAM Package Command?”Answer:
# Package applicationsam package \ --template-file template.yaml \ --s3-bucket my-bucket \ --output-template packaged.yamlQ1755: How do you implement CodePipeline Artifact Retention?
Section titled “Q1755: How do you implement CodePipeline Artifact Retention?”Answer:
# Configure retentionaws codepipeline put-attribute \ --pipeline-name my-pipeline \ --attribute Key=ArtifactRetentionCount,Value=5Q1756: How do you use CodeBuild Environment Variables?
Section titled “Q1756: How do you use CodeBuild Environment Variables?”Answer:
version: 0.2
env: variables: ENV: production parameter-store: API_KEY: /myapp/api/keyQ1757: How do you implement CodeDeploy AppSpec Hooks?
Section titled “Q1757: How do you implement CodeDeploy AppSpec Hooks?”Answer:
hooks: AfterInstall: - location: scripts/after_install.sh timeout: 300Q1758: How do you use CloudWatch Logs Subscriptions?
Section titled “Q1758: How do you use CloudWatch Logs Subscriptions?”Answer:
# Create subscriptionaws logs put-subscription-filter \ --log-group-name /aws/lambda/my-function \ --filter-name my-filter \ --destination-arn lambda-arnQ1759: How do you implement X-Ray Sampling with Agent?
Section titled “Q1759: How do you implement X-Ray Sampling with Agent?”Answer:
{ "SamplingRule": { "RuleName": "default", "FixedRate": 0.01 }}Q1760: How do you use Systems Manager Parameter Policies?
Section titled “Q1760: How do you use Systems Manager Parameter Policies?”Answer:
# Set expirationaws ssm put-parameter \ --name /myapp/config \ --value "value" \ --type String \ --policies '[{"Type":"Expiration","Version":"1.0","Attributes":{"Date":"2024-12-31T00:00:00Z"}}]'Q1761: How do you implement Secrets Manager Resource Policy?
Section titled “Q1761: How do you implement Secrets Manager Resource Policy?”Answer:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123:root"}, "Action": "secretsmanager:*", "Resource": "*" }]}Q1762: How do you use IAM Roles Anywhere Profiles?
Section titled “Q1762: How do you use IAM Roles Anywhere Profiles?”Answer:
# Create profileaws rolesanywhere create-profile \ --name my-profile \ --role-arns role-arnQ1763: How do you implement KMS Grants?
Section titled “Q1763: How do you implement KMS Grants?”Answer:
# Create grantaws kms create-grant \ --key-id key-id \ --grantee-principal role-arn \ --operations Encrypt DecryptQ1764: How do you use GuardDuty Export to CloudWatch?
Section titled “Q1764: How do you use GuardDuty Export to CloudWatch?”Answer:
# Enableaws guardduty update-detector \ --detector-id detector-id \ --features '[{"Name":"S3_LOG_EVENTS","Status":"ENABLED"}]'Q1765: How do you implement Security Hub Auto-enable?
Section titled “Q1765: How do you implement Security Hub Auto-enable?”Answer:
# Enable orgaws securityhub enable-organization-admin-account \ --admin-account-id admin-idQ1766: How do you use Macie Discovery Jobs?
Section titled “Q1766: How do you use Macie Discovery Jobs?”Answer:
# Create jobaws macie2 create-discovery-job \ --name my-job \ --job-type ONE_TIMEQ1767: How do you implement Detective Graph Queries?
Section titled “Q1767: How do you implement Detective Graph Queries?”Answer:
# Query graphaws detective search-graph \ --graph-arn graph-arn \ --criteria '{"entity": {"value": "user@example.com"}}'Q1768: How do you use Audit Manager Assessments Scope?
Section titled “Q1768: How do you use Audit Manager Assessments Scope?”Answer:
# Set scopeaws auditmanager create-assessment \ --name my-assessment \ --scope '{\"awsAccounts\":[{\"id\":\"123456789012\"}]}'Q1769: How do you implement Control Tower Service Control Policies?
Section titled “Q1769: How do you implement Control Tower Service Control Policies?”Answer:
# Create SCPaws organizations create-policy \ --type SERVICE_CONTROL_POLICY \ --content '{"Version":"2012-10-17"}'Q1770: How do you use AWS Config Aggregation Sources?
Section titled “Q1770: How do you use AWS Config Aggregation Sources?”Answer:
# Authorizeaws configservice put-aggregation-authorization \ --authorized-account-id 123456789012Q1771: How do you implement CloudTrail Management Events?
Section titled “Q1771: How do you implement CloudTrail Management Events?”Answer:
# Configureaws cloudtrail update-trail \ --name my-trail \ --include-global-service-eventsQ1772: How do you use CloudWatch Metric Filter Alarms?
Section titled “Q1772: How do you use CloudWatch Metric Filter Alarms?”Answer:
# Create filteraws logs put-metric-filter \ --log-group-name /aws/lambda/my-function \ --filter-name error-filter \ --metric-transformations '[ {"metricNamespace":"MyApp","metricName":"Errors","metricValue":"1"} ]' \ --pattern "[ERROR]"Q1773: How do you implement VPC Peering DNS Support?
Section titled “Q1773: How do you implement VPC Peering DNS Support?”Answer:
# Enable DNSaws ec2 modify-vpc-peering-connection-options \ --vpc-peering-connection-id pcx-123 \ --accepter-peering-options '{"AllowDnsResolutionFromRemoteVpc":true}'Q1774: How do you use Transit Gateway Policy Table?
Section titled “Q1774: How do you use Transit Gateway Policy Table?”Answer:
# Create policy tableaws ec2 create-transit-gateway-policy-table \ --transit-gateway-id tgw-123Q1775: How do you implement Direct Connect Virtual Interface Tags?
Section titled “Q1775: How do you implement Direct Connect Virtual Interface Tags?”Answer:
# Tag VIFaws directconnect tag-resource \ --resource-id vif-123 \ --tags Key=Environment,Value=ProductionQ1776: How do you use Route 53 DNSSEC Validation?
Section titled “Q1776: How do you use Route 53 DNSSEC Validation?”Answer:
# Enable DNSSECaws route53 enable hosted-zone-dnssec \ --hosted-zone-id Z123Q1777: How do you implement CloudFront Field-Level Encryption?
Section titled “Q1777: How do you implement CloudFront Field-Level Encryption?”Answer:
# Configureaws cloudfront create-field-level-encryption-config \ --field-level-encryption-config '{ "CallerReference": "ref", "ContentTypeProfileConfig": {"ForwardWhenContentTypeIsUnknown": true} }'Q1778: How do you use S3 Object Lock Retention?
Section titled “Q1778: How do you use S3 Object Lock Retention?”Answer:
# Set retentionaws s3api put-object-retention \ --bucket my-bucket \ --key file.txt \ --retention '{ "Mode": "GOVERNANCE", "RetainUntilDate": "2025-01-01" }'Q1779: How do you implement Lambda Container Image Support?
Section titled “Q1779: How do you implement Lambda Container Image Support?”Answer:
# Create function with imageaws lambda create-function \ --function-name my-function \ --package-type Image \ --code ImageUri=123456789012.dkr.ecr.us-east-1.amazonaws.com/my-image:latestQ1780: How do you use ECS Task Placement Constraints?
Section titled “Q1780: How do you use ECS Task Placement Constraints?”Answer:
{ "placementConstraints": [ { "type": "memberOf", "expression": "attribute:ecs.instance-type == t3.medium" } ]}Q1781: How do you implement EKS Node Group Scaling?
Section titled “Q1781: How do you implement EKS Node Group Scaling?”Answer:
# Update scaling configaws eks update-nodegroup-scaling \ --cluster-name my-cluster \ --nodegroup-name my-nodes \ --scaling-config minSize=2,maxSize=10,desiredSize=5Q1782: How do you use CloudFormation Custom Resource Backward Compatibility?
Section titled “Q1782: How do you use CloudFormation Custom Resource Backward Compatibility?”Answer:
# Use with DependsOnResources: CustomResource: Type: Custom::MyResource DependsOn: LambdaFunctionQ1783: How do you implement CDK Cross-Stack References?
Section titled “Q1783: How do you implement CDK Cross-Stack References?”Answer:
# Exportclass NetworkStack(core.Stack): def __init__(self, scope, id): super().__init__(scope, id) self.vpc = ec2.Vpc(self, "VPC") core.CfnOutput(self, "VPCId", value=self.vpc.vpc_id)Q1784: How do you use SAM Layers with Python?
Section titled “Q1784: How do you use SAM Layers with Python?”Answer:
Layers: - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:requests:1Q1785: How do you implement CodePipeline Webhook Filters?
Section titled “Q1785: How do you implement CodePipeline Webhook Filters?”Answer:
# Create webhookaws codepipeline create-webhook \ --name my-webhook \ --filters '[{"jsonPath":"$.ref","matchEquals":"refs/heads/main"}]'Q1786: How do you use CodeBuild Source Credentials?
Section titled “Q1786: How do you use CodeBuild Source Credentials?”Answer:
# Add credentialaws codebuild import-source-credentials \ --token my-token \ --type GITHUBQ1787: How do you implement CodeDeploy Environment Variables?
Section titled “Q1787: How do you implement CodeDeploy Environment Variables?”Answer:
env: variables: ENV: productionQ1788: How do you use CloudWatch Dashboard Variables?
Section titled “Q1788: How do you use CloudWatch Dashboard Variables?”Answer:
# Use widget APIdashboard = cloudwatch.Dashboard( self, "Dashboard", widgets=[cloudwatch.GraphWidget( title="Metrics", left=[metric] )])Q1789: How do you implement X-Ray Context Missing Strategy?
Section titled “Q1789: How do you implement X-Ray Context Missing Strategy?”Answer:
from aws_xray_sdk.core import xray_recorder
xray_recorder.configure(context_missing='LOG_ERROR')Q1790: How do you use Systems Manager Maintenance Window Tasks?
Section titled “Q1790: How do you use Systems Manager Maintenance Window Tasks?”Answer:
# Register taskaws ssm register-task-with-maintenance-window \ --window-id mw-123 \ --task-arn role-arn \ --task-type AUTOMATIONQ1791: How do you implement Secrets Manager Random Passwords?
Section titled “Q1791: How do you implement Secrets Manager Random Passwords?”Answer:
# Generatesecret = secretsmanager.create_secret( Name='db-pass', GenerateSecretString={ 'PasswordLength': 32, 'ExcludeCharacters': '@%' })Q1792: How do you use IAM Policy Versioning?
Section titled “Q1792: How do you use IAM Policy Versioning?”Answer:
# Create versionaws iam create-policy-version \ --policy-arn policy-arn \ --policy-document file://v2.json \ --set-as-defaultQ1793: How do you implement KMS Import Key Material?
Section titled “Q1793: How do you implement KMS Import Key Material?”Answer:
# Get import parametersaws kms get-parameters-for-import \ --key-id key-id \ --wrapping-key-spec RSA_4096 \ --import-mechanism KEY_MATERIALQ1794: How do you use GuardDuty Finding Severity Mapping?
Section titled “Q1794: How do you use GuardDuty Finding Severity Mapping?”Answer:
# Updateaws guardduty update-organization-configuration \ --detector-id detector-idQ1795: How do you implement Security Hub Finding History?
Section titled “Q1795: How do you implement Security Hub Finding History?”Answer:
# Get historyaws securityhub list-finding-aggregatorsQ1796: How do you use Macie Allow Lists?
Section titled “Q1796: How do you use Macie Allow Lists?”Answer:
# Create allow listaws macie2 create-allow-list \ --name "Trusted patterns" \ --pattern "*.example.com"Q1797: How do you implement Detective Retention Period?
Section titled “Q1797: How do you implement Detective Retention Period?”Answer:
# Set retentionaws detective update-graph \ --graph-arn graph-arn \ --data-encryption-key-encryption-options '{"kmsKeyArn":"key-arn"}'Q1798: How do you use Audit Manager Delegations?
Section titled “Q1798: How do you use Audit Manager Delegations?”Answer:
# Delegateaws auditmanager delegate-assessment \ --assessment-id assessment-id \ --destination-account-id 123456789012Q1799: How do you implement Control Tower OU Management?
Section titled “Q1799: How do you implement Control Tower OU Management?”Answer:
# Move accountaws organizations move-account \ --account-id 123456789012 \ --source-parent-id old-ou \ --destination-parent-id new-ouQ1800: How do you use AWS Config Advanced Query Filters?
Section titled “Q1800: How do you use AWS Config Advanced Query Filters?”Answer:
# Query with filtersaws configservice select-aggregate-resource-config \ --configuration-aggregator-name my-aggregator \ --expression "SELECT * WHERE resourceType = 'AWS::EC2::Instance'"Final Interview Questions 1801-2000
Section titled “Final Interview Questions 1801-2000”Q1801: How do you implement CloudTrail Event Store?
Section titled “Q1801: How do you implement CloudTrail Event Store?”Answer:
# Create event data storeaws cloudtrail create-event-data-store \ --name my-eds \ --retention-period 90Q1802: How do you use CloudWatch Logs Insights Query Syntax?
Section titled “Q1802: How do you use CloudWatch Logs Insights Query Syntax?”Answer:
# Queryfields @timestamp, @message| filter @message like /ERROR/| stats count() by @messageQ1803: How do you implement VPC CIDR Reservation?
Section titled “Q1803: How do you implement VPC CIDR Reservation?”Answer:
# Reserve CIDRaws ec2 associate-vpc-cidr-block \ --vpc-id vpc-123 \ --amazon-provided-ipv6-cidr-blockQ1804: How do you use Direct Connect Gateway Associations?
Section titled “Q1804: How do you use Direct Connect Gateway Associations?”Answer:
# Associateaws directconnect associate-connection-with-lag \ --connection-id conn-123 \ --lag-id lag-123Q1805: How do you implement Route 53 Record Set Groups?
Section titled “Q1805: How do you implement Route 53 Record Set Groups?”Answer:
# Create record groupaws route53 create-reusable-delegation-set \ --caller-reference "my-set"Q1806: How do you use CloudFront Response Headers Policies?
Section titled “Q1806: How do you use CloudFront Response Headers Policies?”Answer:
# Create policyaws cloudfront create-response-headers-policy \ --response-headers-policy-config '{ "Name": "security-headers", "SecurityHeadersConfig": {"StrictTransportSecurity":{"AccessControlMaxAgeSec":31536000,"IncludeSubdomains":true,"Override":true}}'Q1807: How do you implement S3 Batch Operations Manifest?
Section titled “Q1807: How do you implement S3 Batch Operations Manifest?”Answer:
{ "Bucket": "my-bucket", "Key": "objects.csv", "Format": "S3BatchOperations_CSV_20180820"}Q1808: How do you use Lambda Function URLs Custom Domains?
Section titled “Q1808: How do you use Lambda Function URLs Custom Domains?”Answer:
# Create mappingaws apigatewayv2 create-domain-name \ --domain-name api.example.com \ --domain-name-configurations '[{"CertificateArn":"cert-arn"}]'Q1809: How do you implement ECS Task EFS Volume Mount?
Section titled “Q1809: How do you implement ECS Task EFS Volume Mount?”Answer:
{ "volumes": [{ "name": "efs-volume", "efsVolumeConfiguration": { "fileSystemId": "fs-123" } }], "mountPoints": [{ "sourceVolume": "efs-volume", "containerPath": "/data" }]}Q1810: How do you use EKS Cluster Security Groups?
Section titled “Q1810: How do you use EKS Cluster Security Groups?”Answer:
# Add security groupaws eks update-cluster-config \ --name my-cluster \ --resources-vpc-config '{ "securityGroupIds":["sg-123"] }'Q1811: How do you implement CloudFormation Stack Policy?
Section titled “Q1811: How do you implement CloudFormation Stack Policy?”Answer:
{ "Statement": [{ "Effect": "Allow", "Action": "Update:*", "Principal": "*", "Resource": "*" }]}Q1812: How do you use CDK Fn::GetAtt?
Section titled “Q1812: How do you use CDK Fn::GetAtt?”Answer:
vpc = ec2.Vpc(self, "VPC")subnet = ec2.Subnet(self, "Subnet", vpc_id=vpc.vpc_id)Q1813: How do you implement SAM Environment Variables?
Section titled “Q1813: How do you implement SAM Environment Variables?”Answer:
Environment: Variables: TABLE_NAME: my-tableQ1814: How do you use CodePipeline Custom Job Worker?
Section titled “Q1814: How do you use CodePipeline Custom Job Worker?”Answer:
# Create actionaws codepipeline create-custom-action-type \ --category Build \ --provider-name MyProviderQ1815: How do you implement CodeBuild Buildspec Artifacts?
Section titled “Q1815: How do you implement CodeBuild Buildspec Artifacts?”Answer:
artifacts: files: - '**/*' name: my-artifactQ1816: How do you use CodeDeploy Hooks Timeout?
Section titled “Q1816: How do you use CodeDeploy Hooks Timeout?”Answer:
hooks: ApplicationStop: - location: scripts/stop.sh timeout: 600Q1817: How do you implement CloudWatch Metrics Composite Alarm?
Section titled “Q1817: How do you implement CloudWatch Metrics Composite Alarm?”Answer:
# Create compositeaws cloudwatch put-composite-alarm \ --alarm-name my-alarm \ --alarm-rule "ALARM(metric1) OR ALARM(metric2)"Q1818: How do you use X-Ray Sampling Strategy?
Section titled “Q1818: How do you use X-Ray Sampling Strategy?”Answer:
# Set strategyxray_recorder.configure( sampling_strategy={ 'version': 1, 'default': {'fixed_target': 10, 'rate': 0.1} })Q1819: How do you implement Systems Manager Parameter Policies?
Section titled “Q1819: How do you implement Systems Manager Parameter Policies?”Answer:
# Add policyaws ssm put-parameter \ --name /app/config \ --value "value" \ --type String \ --policies '[{"Type":"Expiration","Version":"1.0","Attributes":{"Date":"2024-12-31"}}]'Q1820: How do you use Secrets Manager Rotation Schedule?
Section titled “Q1820: How do you use Secrets Manager Rotation Schedule?”Answer:
# Configureaws secretsmanager rotate-secret \ --secret-id my-secret \ --rotation-lambda-arn lambda-arn \ --rotation-rules AutomaticallyAfterDays=30Q1821: How do you implement IAM Access Analyzer Archive Rules?
Section titled “Q1821: How do you implement IAM Access Analyzer Archive Rules?”Answer:
# Create ruleaws access-analyzer create-archive-rule \ --analyzer-name my-analyzer \ --rule-name my-rule \ --filter '{"resource":{"eq":"s3://bucket"}}'Q1822: How do you use KMS Key Alias Rotation?
Section titled “Q1822: How do you use KMS Key Alias Rotation?”Answer:
# Alias rotationaws kms alias rotate-key-on-alias \ --alias-name alias/my-aliasQ1823: How do you implement GuardDuty Suppressions?
Section titled “Q1823: How do you implement GuardDuty Suppressions?”Answer:
# Create filteraws guardduty create-filter \ --detector-id detector-id \ --name suppress \ --action ARCHIVE \ --finding-criteria '{"criterion":{"type":{"eq":["UnauthorizedAccess:EC2/SSHBruteForce"}}}'Q1824: How do you use Security Hub Integration Tests?
Section titled “Q1824: How do you use Security Hub Integration Tests?”Answer:
# Run testaws securityhub run-feed-import-testQ1825: How do you implement Macie Allow List Patterns?
Section titled “Q1825: How do you implement Macie Allow List Patterns?”Answer:
# Createaws macie2 create-allow-list \ --name "patterns" \ --pattern "*.internal.example.com"Q1826: How do you use Detective Investigation Timeline?
Section titled “Q1826: How do you use Detective Investigation Timeline?”Answer:
# Get timelineaws detective get-investigation \ --investigation-id inv-123 \ --include-eventsQ1827: How do you implement Audit Manager Evidence Retainer?
Section titled “Q1827: How do you implement Audit Manager Evidence Retainer?”Answer:
# Configureaws auditmanager update-settings \ --default-assessment-owner ownerQ1828: How do you use Control Tower Audit Notifications?
Section titled “Q1828: How do you use Control Tower Audit Notifications?”Answer:
# Configure SNSaws controltower create-landing-zone \ --manifest file://manifest.jsonQ1829: How do you implement AWS Config Organization Aggregation?
Section titled “Q1829: How do you implement AWS Config Organization Aggregation?”Answer:
# Authorizeaws configservice put-aggregation-authorization \ --authorized-account-id 123456789012 \ --authorized-region us-east-1Q1830: How do you use CloudTrail Lake Event Data Stores?
Section titled “Q1830: How do you use CloudTrail Lake Event Data Stores?”Answer:
# Createaws cloudtrail create-event-data-store \ --name my-eds \ --event-data-store-advanced-event-selector '{ "fieldSelectors": [{"field":"eventCategory","equals":["Data"]}] }'Q1831: How do you implement VPC Subnet IPv6 CIDR?
Section titled “Q1831: How do you implement VPC Subnet IPv6 CIDR?”Answer:
# Allocateaws ec2 allocate-address \ --domain vpcQ1832: How do you use Direct Connect Lag Encryption?
Section titled “Q1832: How do you use Direct Connect Lag Encryption?”Answer:
# Enableaws directconnect create-lag \ --lag-name my-lag \ --number-of-connections 2 \ --location EqDC2 \ --encryption-mode "aes_256"Q1833: How do you implement Route 53 Traffic Policy Instances?
Section titled “Q1833: How do you implement Route 53 Traffic Policy Instances?”Answer:
# Createaws route53 create-traffic-policy-instance \ --hosted-zone-id Z123 \ --name example.com \ --traffic-policy-id policy-id \ --traffic-policy-version 1Q1834: How do you use CloudFront Continuous Deployment?
Section titled “Q1834: How do you use CloudFront Continuous Deployment?”Answer:
# Create staging distributionaws cloudfront create-distribution \ --stagingQ1835: How do you implement S3 Multi-Region Access Point Failover?
Section titled “Q1835: How do you implement S3 Multi-Region Access Point Failover?”Answer:
# Configureaws s3control create-multi-region-access-point \ --region us-east-1 \ --bucket my-bucketQ1836: How do you use Lambda Function URL Auth Type?
Section titled “Q1836: How do you use Lambda Function URL Auth Type?”Answer:
# Create with IAM authaws lambda put-function-url-config \ --function-name my-function \ --auth-type AWS_IAMQ1837: How do you implement ECS Fargate IPC Mode?
Section titled “Q1837: How do you implement ECS Fargate IPC Mode?”Answer:
{ "ipcMode": "task"}Q1838: How do you use EKS Windows Container Support?
Section titled “Q1838: How do you use EKS Windows Container Support?”Answer:
# Add windows node groupaws eks create-nodegroup \ --cluster-name my-cluster \ --nodegroup-name windows \ --ami-type Windows_Server-2022-English-Full-EKS_Optimized-1.0Q1839: How do you implement CloudFormation Drift Status?
Section titled “Q1839: How do you implement CloudFormation Drift Status?”Answer:
# Checkaws cloudformation describe-stacks \ --stack-name my-stack \ --query "Stacks[0].DriftInformation"Q1840: How do you use CDK Asset Publishing?
Section titled “Q1840: How do you use CDK Asset Publishing?”Answer:
# Publishcdk publishQ1841: How do you implement SAM Package Include?
Section titled “Q1841: How do you implement SAM Package Include?”Answer:
# Include filessam package --template-file template.yaml --output-template packaged.yaml --include "function.zip"Q1842: How do you use CodePipeline Deploy to Multiple Regions?
Section titled “Q1842: How do you use CodePipeline Deploy to Multiple Regions?”Answer:
# Configure actionaws codepipeline create-pipeline \ --region us-west-2Q1843: How do you implement CodeBuild Cache Modes?
Section titled “Q1843: How do you implement CodeBuild Cache Modes?”Answer:
cache: type: S3 bucket: my-bucketQ1844: How do you use CodeDeploy Blue-Green Traffic Routing?
Section titled “Q1844: How do you use CodeDeploy Blue-Green Traffic Routing?”Answer:
# Configureaws codedeploy create-deployment \ --deployment-config-name CodeDeployDefault.AllAtOnceQ1845: How do you implement CloudWatch Logs Retention Policy?
Section titled “Q1845: How do you implement CloudWatch Logs Retention Policy?”Answer:
# Setaws logs put-retention-policy \ --log-group-name /aws/lambda/my-function \ --retention-in-days 7Q1846: How do you use X-Ray Trace ID Format?
Section titled “Q1846: How do you use X-Ray Trace ID Format?”Answer:
Format: 1-57595e98-42ddef02e6a596924e4d680c-Root=1-57595e98-42ddef02e6a596924e4d680c
Section titled “Format: 1-57595e98-42ddef02e6a596924e4d680c-Root=1-57595e98-42ddef02e6a596924e4d680c”### Q1847: How do you implement Systems Manager Session Recording?**Answer:**```bash# Enableaws ssm update-service-setting \ --setting-id arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/session \ --setting-value enabledQ1848: How do you use Secrets Manager Tags Rotation?
Section titled “Q1848: How do you use Secrets Manager Tags Rotation?”Answer:
# Configureaws secretsmanager tag-resource \ --secret-id my-secret \ --tags Key=rotation,Value=automaticQ1849: How do you implement IAM Policy Conditions?
Section titled “Q1849: How do you implement IAM Policy Conditions?”Answer:
{ "Condition": { "StringEquals": {"aws:RequestedRegion": ["us-east-1", "us-west-2"]} }}Q1850: How do you use KMS Key Deletion Wait Period?
Section titled “Q1850: How do you use KMS Key Deletion Wait Period?”Answer:
# Configureaws kms schedule-key-deletion \ --key-id key-id \ --pending-window-in-days 7Q1851: How do you implement GuardDuty EC2 Malware Protection?
Section titled “Q1851: How do you implement GuardDuty EC2 Malware Protection?”Answer:
# Enableaws guardduty update-detector \ --detector-id detector-id \ --features '[{"Name":"EC2_MALWARE_PROTECTION","Status":"ENABLED"}]'Q1852: How do you use Security Hub Finding Workflow?
Section titled “Q1852: How do you use Security Hub Finding Workflow?”Answer:
# Update statusaws securityhub batch-update-findings \ --finding-identifiers '[{"Id":"id","ProductArn":"arn"}]' \ --workflow '{"Status":"RESOLVED"}'Q1853: How do you implement Macie Custom Data Identifiers?
Section titled “Q1853: How do you implement Macie Custom Data Identifiers?”Answer:
# Createaws macie2 create-custom-data-identifier \ --name "SSN" \ --regex "\\b\\d{3}-\\d{2}-\\d{4}\\b"Q1854: How do you use Detective Graph Visualization?
Section titled “Q1854: How do you use Detective Graph Visualization?”Answer:
# Getaws detective get-graph \ --graph-arn graph-arnQ1855: How do you implement Audit Manager Evidence Collection?
Section titled “Q1855: How do you implement Audit Manager Evidence Collection?”Answer:
# Configure automated collectionaws auditmanager create-assessment \ --name my-assessment \ --scope '{\"awsAccounts\":[{\"id\":\"123456789012\"}]}'Q1856: How do you use Control Tower Guardrail Enforcement?
Section titled “Q1856: How do you use Control Tower Guardrail Enforcement?”Answer:
# Enableaws controltower enable-guardrail \ --guardrail-identifier arnQ1857: How do you implement AWS Config Aggregator Filters?
Section titled “Q1857: How do you implement AWS Config Aggregator Filters?”Answer:
# Filteraws configservice select-aggregate-resource-config \ --expression "SELECT * WHERE resourceType = 'AWS::S3::Bucket'"Q1858: How do you use CloudTrail Insights Event Analysis?
Section titled “Q1858: How do you use CloudTrail Insights Event Analysis?”Answer:
# Enableaws cloudtrail update-trail \ --name my-trail \ --enable-insight-selectorsQ1859: How do you implement VPC Flow Logs Partitioning?
Section titled “Q1859: How do you implement VPC Flow Logs Partitioning?”Answer:
# Configure partitionaws logs put-log-group-resource-policy \ --policy-name my-policy \ --policy-document '{"Statement":[{"Effect":"Allow","Principal":{"Service":"delivery.logs.amazonaws.com"}}]}'Q1860: How do you use Transit Gateway Route Propagation?
Section titled “Q1860: How do you use Transit Gateway Route Propagation?”Answer:
# Enableaws ec2 enable-vgw-route-propagation \ --route-table-id rtb-123 \ --gateway-id vgw-123Q1861: How do you implement Direct Connect Gateway Route Filter?
Section titled “Q1861: How do you implement Direct Connect Gateway Route Filter?”Answer:
# Configureaws directconnect update-virtual-interface-telemetry \ --virtual-interface-id vif-123 \ --amazon-side-asn 64512Q1862: How do you use Route 53 Health Checkers Count?
Section titled “Q1862: How do you use Route 53 Health Checkers Count?”Answer:
# Configureaws route53 create-health-check \ --health-check-config '{"Type":"CLOUDWATCH_METRIC","CloudWatchAlarmConfiguration":{"MetricName":"HealthCheck"}}'Q1863: How do you implement CloudFront Origin Request Policy?
Section titled “Q1863: How do you implement CloudFront Origin Request Policy?”Answer:
# Createaws cloudfront create-origin-request-policy \ --origin-request-policy-config '{ "Name": "my-policy", "cookiesConfig": {"forward": "whitelist","cookies":["session"]} }'Q1864: How do you use S3 Access Point Policy Variables?
Section titled “Q1864: How do you use S3 Access Point Policy Variables?”Answer:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:accesspoint:my-ap/object/${s3:version-id}" }]}Q1865: How do you implement Lambda VPC Endpoints Configuration?
Section titled “Q1865: How do you implement Lambda VPC Endpoints Configuration?”Answer:
# Create endpointaws ec2 create-vpc-endpoint \ --vpc-id vpc-123 \ --service-name com.amazonaws.us-east-1.lambda \ --vpc-endpoint-type InterfaceQ1866: How do you use ECS Service Discovery DNS Config?
Section titled “Q1866: How do you use ECS Service Discovery DNS Config?”Answer:
# Configureaws ecs create-service \ --service-name my-service \ --service-registries '[{"registryArn":"arn:aws:servicediscovery:service/srv"}]'Q1867: How do you implement EKS OIDC Provider Setup?
Section titled “Q1867: How do you implement EKS OIDC Provider Setup?”Answer:
# Createaws eks associate-identity-provider-config \ --cluster-name my-cluster \ --oidc '{"identityProviderConfigName":"okta","issuerUrl":"https://issuer"}'Q1868: How do you use CloudFormation Change Set Preview?
Section titled “Q1868: How do you use CloudFormation Change Set Preview?”Answer:
# Previewaws cloudformation create-change-set \ --stack-name my-stack \ --template-body file://template.yaml \ --change-set-type UPDATE \ --no-execute-changesetQ1869: How do you implement CDK Context Access?
Section titled “Q1869: How do you implement CDK Context Access?”Answer:
region = self.node.try_get_context("region") or "us-east-1"Q1870: How do you use SAM Local Invoke Events?
Section titled “Q1870: How do you use SAM Local Invoke Events?”Answer:
sam local invoke MyFunction --event event.jsonQ1871: How do you implement CodePipeline Manual Approval Timeout?
Section titled “Q1871: How do you implement CodePipeline Manual Approval Timeout?”Answer:
# Configureaws codepipeline put-approval-result \ --pipeline-name my-pipeline \ --stage-name Deploy \ --action-name Approval \ --result ApprovedQ1872: How do you use CodeBuild Pull Request Builds?
Section titled “Q1872: How do you use CodeBuild Pull Request Builds?”Answer:
triggers: pull_request: branches: include: - mainQ1873: How do you implement CodeDeploy AppSpec Environments?
Section titled “Q1873: How do you implement CodeDeploy AppSpec Environments?”Answer:
version: 0.0os: linuxResources: - Target: Location: /var/www/htmlQ1874: How do you use CloudWatch Embedded Metrics Format?
Section titled “Q1874: How do you use CloudWatch Embedded Metrics Format?”Answer:
def handler(event, context): return { "_aws": {"CloudWatchMetrics": [{"Namespace": "MyApp"}]}, "metric": 100 }Q1875: How do you implement X-Ray Sampling Rules Priority?
Section titled “Q1875: How do you implement X-Ray Sampling Rules Priority?”Answer:
{ "Rules": [{ "RuleName": "priority", "Priority": 1, "FixedRate": 0.5 }]}Q1876: How do you use Systems Manager Documents JSON?
Section titled “Q1876: How do you use Systems Manager Documents JSON?”Answer:
{ "schemaVersion": "2.2", "mainSteps": [{ "action": "aws:runCommand", "name": "RunCommand", "inputs": {"commands": ["echo hello"]} }]}Q1877: How do you implement Secrets Manager Replica Secret?
Section titled “Q1877: How do you implement Secrets Manager Replica Secret?”Answer:
# Replicateaws secretsmanager replicate-secret-to-regions \ --secret-id my-secret \ --add-replica-regions Region=us-west-2Q1878: How do you use IAM Policy Simulation API?
Section titled “Q1878: How do you use IAM Policy Simulation API?”Answer:
aws iam simulate-principal-policy \ --policy-source-arn arn:aws:iam::123:user/john \ --action-names "s3:GetObject"Q1879: How do you implement KMS External Key Store?
Section titled “Q1879: How do you implement KMS External Key Store?”Answer:
# Create XKSaws kms create-external-key-store \ --xks-key-store-id my-xks \ --key-artifact "encrypted-key" \ --public-key "public-key"Q1880: How do you use GuardDuty Cost Optimization Filters?
Section titled “Q1880: How do you use GuardDuty Cost Optimization Filters?”Answer:
# Filteraws guardduty get-findings \ --detector-id detector-id \ --finding-criteria '{"service":{"additionalInfo":{"value":"FreeTier"}}'Q1881: How do you implement Security Hub Finding Aggregation?
Section titled “Q1881: How do you implement Security Hub Finding Aggregation?”Answer:
# Create aggregatoraws securityhub create-finding-aggregator \ --region-linking-mode INCLUDE_ALLQ1882: How do you use Macie Auto-Enable for Organization?
Section titled “Q1882: How do you use Macie Auto-Enable for Organization?”Answer:
# Enableaws macie2 enable-organizationQ1883: How do you implement Detective Investigation Export?
Section titled “Q1883: How do you implement Detective Investigation Export?”Answer:
# Exportaws detective create-investigation \ --graph-arn graph-arn \ --title "Export"Q1884: How do you use Audit Manager Automated Evidence?
Section titled “Q1884: How do you use Audit Manager Automated Evidence?”Answer:
# Configureaws auditmanager create-assessment \ --name my-assessmentQ1885: How do you implement Control Tower Organization Events?
Section titled “Q1885: How do you implement Control Tower Organization Events?”Answer:
# Enable loggingaws controltower create-landing-zone \ --logging-configuration '{"cloudTrail":{"enabled":true}}'Q1886: How do you use AWS Config Conformance Pack Updates?
Section titled “Q1886: How do you use AWS Config Conformance Pack Updates?”Answer:
# Updateaws configservice update-conformance-pack \ --conformance-pack-name my-pack \ --template-s3-uri s3://bucket/new-template.yamlQ1887: How do you implement CloudTrail Organization Trail?
Section titled “Q1887: How do you implement CloudTrail Organization Trail?”Answer:
# Createaws cloudtrail create-trail \ --name my-trail \ --is-organization-trailQ1888: How do you use VPC Flow Logs to S3 Partitioning?
Section titled “Q1888: How do you use VPC Flow Logs to S3 Partitioning?”Answer:
# Configure partitionaws ec2 create-flow-logs \ --resource-type VPC \ --traffic-type ALL \ --log-destination-type cloud-watch-logsQ1889: How do you implement Transit Gateway Connect Peer?
Section titled “Q1889: How do you implement Transit Gateway Connect Peer?”Answer:
# Createaws ec2 create-transit-gateway-connect-peer \ --transit-gateway-attachment-id tgw-attach \ --peer-address 203.0.113.1Q1890: How do you use Direct Connect Virtual Interface BGP MD5?
Section titled “Q1890: How do you use Direct Connect Virtual Interface BGP MD5?”Answer:
# Set passwordaws ec2 create-vpn-connection \ --type ipsec.1 \ --customer-gateway-id cgw-123 \ --vpn-gateway-id vpg-123 \ --options '{"TunnelOptions":[{"TunnelInsideCidr":"169.254.0.0/30"}]}'Q1891: How do you implement Route 53 Resolver Query Logs?
Section titled “Q1891: How do you implement Route 53 Resolver Query Logs?”Answer:
# Configureaws route53 create-resolver-query-log-config \ --name my-logs \ --resolver-endpoint-id endpoint-idQ1892: How do you use CloudFront Function Code?
Section titled “Q1892: How do you use CloudFront Function Code?”Answer:
function handler(event) { var request = event.request; request.headers['x-custom'] = { value: 'value' }; return request;}Q1893: How do you implement S3 Inventory Destination Config?
Section titled “Q1893: How do you implement S3 Inventory Destination Config?”Answer:
# Configureaws s3api put-bucket-inventory-configuration \ --bucket my-bucket \ --id daily \ --inventory-configuration '{ "Destination": {"S3BucketDestination":{"Bucket":"arn:aws:s3:::dest"}}" }'Q1894: How do you use Lambda Destination Configuration?
Section titled “Q1894: How do you use Lambda Destination Configuration?”Answer:
# Configureaws lambda put-function-event-invoke-config \ --function-name my-function \ --destination-config '{"OnSuccess":{"Destination":"arn:aws:lambda:dest:function"}}'Q1895: How do you implement ECS Service Scheduling Strategy?
Section titled “Q1895: How do you implement ECS Service Scheduling Strategy?”Answer:
# Configureaws ecs create-service \ --scheduling-strategy DAEMON \ --service-name my-serviceQ1896: How do you use EKS Managed Node Group Update Strategy?
Section titled “Q1896: How do you use EKS Managed Node Group Update Strategy?”Answer:
# Updateaws eks update-nodegroup-version \ --cluster-name my-cluster \ --nodegroup-name my-nodesQ1897: How do you implement CloudFormation Stack Export?
Section titled “Q1897: How do you implement CloudFormation Stack Export?”Answer:
Outputs: VPCId: Value: !Ref VPC Export: Name: !Sub "${AWS::StackName}-VPC"Q1898: How do you use CDK Nested Stacks?
Section titled “Q1898: How do you use CDK Nested Stacks?”Answer:
# Create nested stacknested = CfnStack( self, "Nested", template_url="https://s3.amazonaws.com/templates/nested.yaml")Q1899: How do you implement SAM Local Docker Networking?
Section titled “Q1899: How do you implement SAM Local Docker Networking?”Answer:
sam local start-api --docker-network my-networkQ1900: How do you use CodePipeline State Machine Integration?
Section titled “Q1900: How do you use CodePipeline State Machine Integration?”Answer:
# Add actionaws codepipeline create-pipeline \ --pipeline '{ "stages": [{ "name": "Deploy", "actions": [{ "actionTypeId": {"category":"Deploy","owner":"AWS","provider":"StepFunctions"} }] }] }'Q1901: How do you implement CodeBuild Pre-Build Commands?
Section titled “Q1901: How do you implement CodeBuild Pre-Build Commands?”Answer:
phases: pre_build: commands: - npm installQ1902: How do you use CodeDeploy Lifecycle Event Hooks?
Section titled “Q1902: How do you use CodeDeploy Lifecycle Event Hooks?”Answer:
hooks: BeforeInstall: - location: scripts/before_install.shQ1903: How do you implement CloudWatch Custom Metrics Dashboard?
Section titled “Q1903: How do you implement CloudWatch Custom Metrics Dashboard?”Answer:
dashboard = cloudwatch.Dashboard( self, "Dashboard", widgets=[ [single_metric, single_metric] ])Q1904: How do you use X-Ray Subsegment Closing?
Section titled “Q1904: How do you use X-Ray Subsegment Closing?”Answer:
with xray_recorder.subsegment('mysql'): # query passQ1905: How do you implement Systems Manager Service Role?
Section titled “Q1905: How do you implement Systems Manager Service Role?”Answer:
# Create roleaws iam create-role \ --role-name ssm-role \ --assume-role-policy-document '{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service":"ec2.amazonaws.com"}, "Action":"sts:AssumeRole" }] }'Q1906: How do you use Secrets Manager Secret Policy?
Section titled “Q1906: How do you use Secrets Manager Secret Policy?”Answer:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123:root"}, "Action": "secretsmanager:*", "Resource": "*" }]}Q1907: How do you implement IAM Role Session Tags?
Section titled “Q1907: How do you implement IAM Role Session Tags?”Answer:
client = boto3.client('sts')response = client.assume_role( RoleArn='arn:aws:iam::123:role/my-role', RoleSessionName='session', Tags=[{'Key': 'project', 'Value': 'myapp'}])Q1908: How do you use KMS Key Deletion Schedule?
Section titled “Q1908: How do you use KMS Key Deletion Schedule?”Answer:
# Scheduleaws kms schedule-key-deletion \ --key-id key-id \ --pending-window-in-days 7Q1909: How do you implement GuardDuty Auto-Enable New Accounts?
Section titled “Q1909: How do you implement GuardDuty Auto-Enable New Accounts?”Answer:
# Enableaws guardduty enable-organization-admin-account \ --admin-account-id admin-idQ1910: How do you use Security Hub Cross-Region Aggregation?
Section titled “Q1910: How do you use Security Hub Cross-Region Aggregation?”Answer:
# Createaws securityhub create-finding-aggregator \ --region-linking-mode INCLUDE_ALLQ1911: How do you implement Macie Organization Auto-Enable?
Section titled “Q1911: How do you implement Macie Organization Auto-Enable?”Answer:
# Enableaws macie2 enable-organizationQ1912: How do you use Detective Organization Data?
Section titled “Q1912: How do you use Detective Organization Data?”Answer:
# Enableaws detective enable-organization-admin-account \ --admin-account-id admin-idQ1913: How do you implement Audit Manager Auto-Enable?
Section titled “Q1913: How do you implement Audit Manager Auto-Enable?”Answer:
# Enableaws auditmanager enable-organizationQ1914: How do you use Control Tower OU Guardrail Status?
Section titled “Q1914: How do you use Control Tower OU Guardrail Status?”Answer:
# Getaws controltower list-guardrails-for-ou \ --organizational-unit-id ou-123Q1915: How do you implement AWS Config Multi-Account Aggregation?
Section titled “Q1915: How do you implement AWS Config Multi-Account Aggregation?”Answer:
# Authorizeaws configservice put-aggregation-authorization \ --authorized-account-id 123456789012Q1916: How do you use CloudTrail Organization Management Events?
Section titled “Q1916: How do you use CloudTrail Organization Management Events?”Answer:
# Enableaws cloudtrail update-trail \ --name my-trail \ --include-global-service-events \ --is-organization-trailQ1917: How do you implement VPC Endpoint Policies?
Section titled “Q1917: How do you implement VPC Endpoint Policies?”Answer:
{ "Statement": [{ "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::bucket/*" }]}Q1918: How do you use Transit Gateway Route Table Propagation?
Section titled “Q1918: How do you use Transit Gateway Route Table Propagation?”Answer:
# Enableaws ec2 associate-transit-gateway-route-table \ --transit-gateway-attachment-id tgw-attach \ --transit-gateway-route-table-id rtb-123Q1919: How do you implement Direct Connect Gateway Associations?
Section titled “Q1919: How do you implement Direct Connect Gateway Associations?”Answer:
# Associateaws directconnect associate-virtual-interface \ --virtual-interface-id vif-123 \ --connection-id conn-123Q1920: How do you use Route 53 DNSSEC Signing?
Section titled “Q1920: How do you use Route 53 DNSSEC Signing?”Answer:
# Enableaws route53 create-key-signing-key \ --hosted-zone-id Z123 \ --name ksk \ --key-signing-key-algorithms RSA_SHA256Q1921: How do you implement CloudFront Signed URL Policy?
Section titled “Q1921: How do you implement CloudFront Signed URL Policy?”Answer:
url = cloudfront.generate_signing_url( resource_url='https://d123.cloudfront.net/file', key_pair_id='KEY', private_key=key, date_less_than=datetime.now() + timedelta(hours=1))Q1922: How do you use S3 Object Lock Legal Hold?
Section titled “Q1922: How do you use S3 Object Lock Legal Hold?”Answer:
# Setaws s3api put-object-legal-hold \ --bucket my-bucket \ --key file.txt \ --legal-hold Status=ONQ1923: How do you implement Lambda VPC Security Groups?
Section titled “Q1923: How do you implement Lambda VPC Security Groups?”Answer:
# Configureaws lambda create-function \ --vpc-config '{ "SubnetIds":["subnet-123"], "SecurityGroupIds":["sg-123"] }'Q1924: How do you use ECS Task Elastic Network Interface?
Section titled “Q1924: How do you use ECS Task Elastic Network Interface?”Answer:
{ "networkMode": "awsvpc", "containerDefinitions": [{ "name": "web", "networkInterfaces": [{"deviceIndex": 0}] }]}Q1925: How do you implement EKS Fargate Profile Namespace?
Section titled “Q1925: How do you implement EKS Fargate Profile Namespace?”Answer:
# Createaws eks create-fargate-profile \ --cluster-name my-cluster \ --fargate-profile-name my-profile \ --selectors '[{"namespace":"default"}]'Q1926: How do you use CloudFormation Fn::ImportValue?
Section titled “Q1926: How do you use CloudFormation Fn::ImportValue?”Answer:
# ImportResources: VPC: Type: AWS::EC2::VPC::Id DefaultFn::ImportValue: NetworkStack-VPCIDQ1927: How do you implement CDK Cross-Account References?
Section titled “Q1927: How do you implement CDK Cross-Account References?”Answer:
# Referencebucket = s3.Bucket.from_bucket_arn( self, "Bucket", bucket_arn="arn:aws:s3:::bucket")Q1928: How do you use SAM CLI Local Invoke Debug?
Section titled “Q1928: How do you use SAM CLI Local Invoke Debug?”Answer:
sam local invoke -d 5858Q1929: How do you implement CodePipeline Approval Token?
Section titled “Q1929: How do you implement CodePipeline Approval Token?”Answer:
# Get approvalaws codepipeline get-pipeline-execution \ --pipeline-name my-pipelineQ1930: How do you use CodeBuild Build Status Notifications?
Section titled “Q1930: How do you use CodeBuild Build Status Notifications?”Answer:
notifications: rules: - events: - build.succeeded channels: - type: EMAILQ1931: How do you implement CodeDeploy Deployment Groups?
Section titled “Q1931: How do you implement CodeDeploy Deployment Groups?”Answer:
# Createaws codedeploy create-deployment-group \ --application-name my-app \ --deployment-group-name my-groupQ1932: How do you use CloudWatch Alarm Actions?
Section titled “Q1932: How do you use CloudWatch Alarm Actions?”Answer:
# Configureaws cloudwatch put-metric-alarm \ --alarm-name my-alarm \ --alarm-actions arn:aws:sns:region:account:topicQ1933: How do you implement X-Ray Context Propagation?
Section titled “Q1933: How do you implement X-Ray Context Propagation?”Answer:
def handler(event, context): with xray_recorder.capture('my-subsegment'): call_service()Q1934: How do you use Systems Manager Maintenance Window Targets?
Section titled “Q1934: How do you use Systems Manager Maintenance Window Targets?”Answer:
# Registeraws ssm register-target-with-maintenance-window \ --window-id mw-123 \ --targets '[{"Key":"instanceids","Values":["i-123"]}]'Q1935: How do you implement Secrets Manager Rotation Templates?
Section titled “Q1935: How do you implement Secrets Manager Rotation Templates?”Answer:
# Lambda rotationdef handler(event, context): # Get secret # Rotate passQ1936: How do you use IAM Policy Last Accessed Info?
Section titled “Q1936: How do you use IAM Policy Last Accessed Info?”Answer:
# Getaws iam get-policy-version \ --policy-arn arn \ --version-id v1Q1937: How do you implement KMS Key Usage Audit?
Section titled “Q1937: How do you implement KMS Key Usage Audit?”Answer:
# Enable loggingaws kms enable-key \ --key-id key-idQ1938: How do you use GuardDuty Findings Export Config?
Section titled “Q1938: How do you use GuardDuty Findings Export Config?”Answer:
# Configureaws guardduty create-publishing-destination \ --detector-id detector-id \ --destination-type S3Q1939: How do you implement Security Hub Compliance Standards?
Section titled “Q1939: How do you implement Security Hub Compliance Standards?”Answer:
# Enableaws securityhub enable-standards \ --standards-arn arn:aws:securityhub:::ruleset/cis/v/1.2.0Q1940: How do you use Macie Discovery Job Scope?
Section titled “Q1940: How do you use Macie Discovery Job Scope?”Answer:
# Createaws macie2 create-discovery-job \ --name my-job \ --s3-job-definition '{ "bucketDefinitions": [{"accountId":"123","buckets":["bucket"]}] }'Q1941: How do you implement Detective Investigation Findings?
Section titled “Q1941: How do you implement Detective Investigation Findings?”Answer:
# Getaws detective get-findings \ --graph-arn graph-arnQ1942: How do you use Audit Manager Assessment Evidence?
Section titled “Q1942: How do you use Audit Manager Assessment Evidence?”Answer:
# Get evidenceaws auditmanager get-evidence \ --assessment-id idQ1943: How do you implement Control Tower Guardrail Details?
Section titled “Q1943: How do you implement Control Tower Guardrail Details?”Answer:
# Getaws controltower describe-guardrail \ --guardrail-identifier arnQ1944: How do you use AWS Config Resource Timeline?
Section titled “Q1944: How do you use AWS Config Resource Timeline?”Answer:
# Getaws configservice get-resource-timeline \ --resource-type AWS::EC2::InstanceQ1945: How do you implement CloudTrail Event History Filters?
Section titled “Q1945: How do you implement CloudTrail Event History Filters?”Answer:
# Lookupaws cloudtrail lookup-events \ --lookup-attributes AttributeKey=EventSource,AttributeValue=ec2Q1946: How do you use VPC Flow Logs Log Format?
Section titled “Q1946: How do you use VPC Flow Logs Log Format?”Answer:
# Configure formataws ec2 create-flow-logs \ --log-format 'version account-id interface-id srcaddr dstaddr srcport dstport protocol packets bytes start end action log-status'Q1947: How do you implement Transit Gateway Attachments?
Section titled “Q1947: How do you implement Transit Gateway Attachments?”Answer:
# Createaws ec2 create-transit-gateway-vpc-attachment \ --transit-gateway-id tgw-123 \ --vpc-id vpc-123 \ --subnet-ids subnet-123Q1948: How do you use Direct Connect Lag Member Connection?
Section titled “Q1948: How do you use Direct Connect Lag Member Connection?”Answer:
# Addaws directconnect create-connection \ --lag-id lag-123 \ --location EqDC2Q1949: How do you implement Route 53 Private Hosted Zone?
Section titled “Q1949: How do you implement Route 53 Private Hosted Zone?”Answer:
# Createaws route53 create-hosted-zone \ --name internal.example.com \ --vpc '{"VPCRegion":"us-east-1","VPCId":"vpc-123"}'Q1950: How do you use CloudFront Cache Policy?
Section titled “Q1950: How do you use CloudFront Cache Policy?”Answer:
# Createaws cloudfront create-cache-policy \ --cache-policy-config '{ "Name": "my-policy", "DefaultTTL": 86400 }'Q1951: How do you implement S3 Bucket Policy Conditions?
Section titled “Q1951: How do you implement S3 Bucket Policy Conditions?”Answer:
{ "Condition": { "Bool": {"aws:SecureTransport": "true"} }}Q1952: How do you use Lambda Function Url Cors Config?
Section titled “Q1952: How do you use Lambda Function Url Cors Config?”Answer:
# Configureaws lambda put-function-url-config \ --function-name my-function \ --cors-config '{"AllowOrigins":["*"],"AllowMethods":["GET"]}'Q1953: How do you implement ECS Task IAM Role?
Section titled “Q1953: How do you implement ECS Task IAM Role?”Answer:
{ "taskRoleArn": "arn:aws:iam::123:role/task-role"}Q1954: How do you use EKS Cluster Logging?
Section titled “Q1954: How do you use EKS Cluster Logging?”Answer:
# Enableaws eks update-cluster-config \ --name my-cluster \ --logging '{"clusterLogging":[{"types":["api","audit"],"enabled":true}]}'Q1955: How do you implement CloudFormation Stack Import?
Section titled “Q1955: How do you implement CloudFormation Stack Import?”Answer:
# Importaws cloudformation create-stack \ --stack-name my-stack \ --template-body file://template.yaml \ --import-resourcesQ1956: How do you use CDK Asset Hash Computation?
Section titled “Q1956: How do you use CDK Asset Hash Computation?”Answer:
asset = aws_s3_assets.Asset( self, "Asset", path="./assets", readers=[group])Q1957: How do you implement SAM CLI Local API Logs?
Section titled “Q1957: How do you implement SAM CLI Local API Logs?”Answer:
sam local start-api --log-file my.logQ1958: How do you use CodePipeline Webhook Events?
Section titled “Q1958: How do you use CodePipeline Webhook Events?”Answer:
# Createaws codepipeline create-webhook \ --name my-webhook \ --pipeline-name my-pipelineQ1959: How do you implement CodeBuild Environment Variables From Parameter Store?
Section titled “Q1959: How do you implement CodeBuild Environment Variables From Parameter Store?”Answer:
env: parameter-store: PARAM: /my/paramQ1960: How do you use CodeDeploy Deployment Config?
Section titled “Q1960: How do you use CodeDeploy Deployment Config?”Answer:
# Createaws codedeploy create-deployment-config \ --deployment-config-name my-config \ --minimum-healthy-hosts '{"value":2,"type":"HOST_COUNT"}'Q1961: How do you implement CloudWatch Logs Destination Policy?
Section titled “Q1961: How do you implement CloudWatch Logs Destination Policy?”Answer:
# Configureaws logs put-destination-policy \ --destination-name my-dest \ --access-policy '{"Version":"2012-10-17"}'Q1962: How do you use X-Ray SDK Patch Libraries?
Section titled “Q1962: How do you use X-Ray SDK Patch Libraries?”Answer:
from aws_xray_sdk.ext import botocorexray_recorder.patch(botocore)Q1963: How do you implement Systems Manager OpsItems?
Section titled “Q1963: How do you implement Systems Manager OpsItems?”Answer:
# Createaws ssm create-ops-item \ --title "Incident" \ --priority 1Q1964: How do you use Secrets Manager Secret Tags?
Section titled “Q1964: How do you use Secrets Manager Secret Tags?”Answer:
# Tagaws secretsmanager tag-resource \ --secret-id my-secret \ --tags Key=environment,Value=prodQ1965: How do you implement IAM User Access Keys Creation?
Section titled “Q1965: How do you implement IAM User Access Keys Creation?”Answer:
# Createaws iam create-access-key --user-name johnQ1966: How do you use KMS Key Policy Conditions?
Section titled “Q1966: How do you use KMS Key Policy Conditions?”Answer:
{ "Condition": { "StringEquals": {"aws:PrincipalAccount": "123456789012"} }}Q1967: How do you implement GuardDuty Findings Suppression?
Section titled “Q1967: How do you implement GuardDuty Findings Suppression?”Answer:
# Create filteraws guardduty create-filter \ --detector-id detector-id \ --name my-filter \ --action ARCHIVEQ1968: How do you use Security Hub Standards Control Status?
Section titled “Q1968: How do you use Security Hub Standards Control Status?”Answer:
# Updateaws securityhub update-standards-control \ --standards-control-arn arn \ --status REASON="Risk accepted"Q1969: How do you implement Macie Classification Results?
Section titled “Q1969: How do you implement Macie Classification Results?”Answer:
# Getaws macie2 get-classification-job \ --job-id job-idQ1970: How do you use Detective Member Associations?
Section titled “Q1970: How do you use Detective Member Associations?”Answer:
# Associateaws detective create-members \ --graph-arn graph-arn \ --accounts '[{"AccountId":"123","EmailAddress":"a@b.com"}]'Q1971: How do you implement Audit Manager Framework Delegation?
Section titled “Q1971: How do you implement Audit Manager Framework Delegation?”Answer:
# Delegateaws auditmanager delegate-assessment \ --assessment-id idQ1972: How do you use Control Tower Landing Zone Version?
Section titled “Q1972: How do you use Control Tower Landing Zone Version?”Answer:
# Getaws controltower get-landing-zone \ --version versionQ1973: How do you implement AWS Config Organization Settings?
Section titled “Q1973: How do you implement AWS Config Organization Settings?”Answer:
# Enableaws configservice enable-organization-config-rule \ --organization-config-rule-name my-ruleQ1974: How do you use CloudTrail Insights Event Pattern?
Section titled “Q1974: How do you use CloudTrail Insights Event Pattern?”Answer:
# Getaws cloudtrail get-insight-selectors \ --trail-name my-trailQ1975: How do you implement VPC Endpoint Service Allowed Principals?
Section titled “Q1975: How do you implement VPC Endpoint Service Allowed Principals?”Answer:
# Addaws ec2 allow-vpc-endpoint-connection-principal \ --vpc-endpoint-service-name service \ --principal arn:aws:iam::123:rootQ1976: How do you use Transit Gateway Attachment Association?
Section titled “Q1976: How do you use Transit Gateway Attachment Association?”Answer:
# Associateaws ec2 associate-transit-gateway-route-table \ --transit-gateway-attachment-id tgw-attach \ --transit-gateway-route-table-id rtbQ1977: How do you implement Direct Connect BGP Peer Update?
Section titled “Q1977: How do you implement Direct Connect BGP Peer Update?”Answer:
# Updateaws directconnect update-virtual-interface \ --virtual-interface-id vif-123 \ --mtu 1500Q1978: How do you use Route 53 Health Check Status?
Section titled “Q1978: How do you use Route 53 Health Check Status?”Answer:
# Getaws route53 get-health-check-status \ --health-check-id idQ1979: How do you implement CloudFront Distribution Tags?
Section titled “Q1979: How do you implement CloudFront Distribution Tags?”Answer:
# Tagaws cloudfront tag-resource \ --resource arn \ --tags Key=Environment,Value=prodQ1980: How do you use S3 Bucket Policy Version?
Section titled “Q1980: How do you use S3 Bucket Policy Version?”Answer:
{"Version": "2012-10-17"}Q1981: How do you implement Lambda Function Version Description?
Section titled “Q1981: How do you implement Lambda Function Version Description?”Answer:
# Getaws lambda publish-version --function-name my-functionQ1982: How do you use ECS Service Task Count?
Section titled “Q1982: How do you use ECS Service Task Count?”Answer:
# Updateaws ecs update-service \ --cluster my-cluster \ --service my-service \ --desired-count 5Q1983: How do you implement EKS Node Group Instance Types?
Section titled “Q1983: How do you implement EKS Node Group Instance Types?”Answer:
# Createaws eks create-nodegroup \ --cluster-name my-cluster \ --instance-types t3.mediumQ1984: How do you use CloudFormation Stack Resources List?
Section titled “Q1984: How do you use CloudFormation Stack Resources List?”Answer:
# Listaws cloudformation list-stack-resources \ --stack-name my-stackQ1985: How do you implement CDK Stack Output Export?
Section titled “Q1985: How do you implement CDK Stack Output Export?”Answer:
self.vpc = vpc.vpc_idcore.CfnOutput(self, "VPCId", value=self.vpc)Q1986: How do you use SAM CLI Package Command?
Section titled “Q1986: How do you use SAM CLI Package Command?”Answer:
sam package --s3-bucket my-bucketQ1987: How do you implement CodePipeline Execution Details?
Section titled “Q1987: How do you implement CodePipeline Execution Details?”Answer:
# Getaws codepipeline get-pipeline-execution \ --pipeline-name my-pipelineQ1988: How do you use CodeBuild Build Status Actions?
Section titled “Q1988: How do you use CodeBuild Build Status Actions?”Answer:
env: exported-variables: - BUILD_IDQ1989: How do you implement CodeDeploy Deployment Status?
Section titled “Q1989: How do you implement CodeDeploy Deployment Status?”Answer:
# Getaws codedeploy get-deployment \ --deployment-id idQ1990: How do you use CloudWatch Alarm History?
Section titled “Q1990: How do you use CloudWatch Alarm History?”Answer:
# Getaws cloudwatch describe-alarm-history \ --alarm-name my-alarmQ1991: How do you implement X-Ray Segment Document?
Section titled “Q1991: How do you implement X-Ray Segment Document?”Answer:
segment = xray_recorder.begin_segment('name')segment.put_annotation('key', 'value')segment.close()Q1992: How do you use Systems Manager Parameter History?
Section titled “Q1992: How do you use Systems Manager Parameter History?”Answer:
# Getaws ssm get-parameter-history \ --name /my/paramQ1993: How do you implement Secrets Manager Secret Versions?
Section titled “Q1993: How do you implement Secrets Manager Secret Versions?”Answer:
# Listaws secretsmanager list-secret-version-ids \ --secret-id my-secretQ1994: How do you use IAM Policy Version List?
Section titled “Q1994: How do you use IAM Policy Version List?”Answer:
# Listaws iam list-policy-versions \ --policy-arn policy-arnQ1995: How do you implement KMS Key Alias List?
Section titled “Q1995: How do you implement KMS Key Alias List?”Answer:
# Listaws kms list-aliasesQ1996: How do you use GuardDuty Finding Count?
Section titled “Q1996: How do you use GuardDuty Finding Count?”Answer:
# Getaws guardduty get-findings-count \ --detector-id detector-idQ1997: How do you implement Security Hub Finding Severity Count?
Section titled “Q1997: How do you implement Security Hub Finding Severity Count?”Answer:
# Getaws securityhub get-findings \ --filters '{"Severity":{"Label":["CRITICAL","HIGH"]}}'Q1998: How do you use Macie Finding Statistics?
Section titled “Q1998: How do you use Macie Finding Statistics?”Answer:
# Getaws macie2 get-finding-statistics \ --group-by severityQ1999: How do you implement Detective Investigation List?
Section titled “Q1999: How do you implement Detective Investigation List?”Answer:
# Listaws detective list-investigations \ --graph-arn graph-arnQ2000: How do you use AWS Resource Final Message?
Section titled “Q2000: How do you use AWS Resource Final Message?”Answer: