AWS Certified Solutions Architect - Associate (Application)

# AWS Certified Solutions Architect - Associate (Application) ###### tags: `AWS` ### Amazon SQS A webservice that gives you access to a message queue that can be used to store messages while waiting for a computer to process them. - **Decouple** the components of an application so they run independently, easing message management between components. - Fail-safe queue - Messages can contain up to 256KB of text in any format. #### Queue Types - Standard queues(default) - Nearly-unlimited number of transactions per second and guarantee that a message is delivered at least once. - Multiple copies of the same message being delivered twice. ![](https://i.imgur.com/Jg1kXLe.png) - FIFO queues - FIFO - exactly-once processing the order - Limited to 300 tps, slower than standard ![](https://i.imgur.com/hcMTpBP.png) Tips: - SQS is pull-based, not pushed-based. - Messages are 256 KB in size. - Messages can be kept in the queue from 1 min to 14 days; the default retention period is 4 days. - SQS guarantees that your messages will be provessed at least once. - Amazon SQS long polling is a way to retrieve messages from your Amazon SQS queues. While the regular short polling returns immediately, long polling doesn't return a response until a message arrives in the message queue, or the long poll times out. (long-polling to reduce cost) - **decoupling** -> SQS > Visibility timeout is the aompunt of time that message is invisible in the SQS queue after a reader picks up that message. Provideed the job is processed before the visibility timeout expires, the message will then be deleted from the queue. > - Visibility timeout maximum is 12 hours ### Simple Work Flow (SWF) SWF is a web service that makes it easy to coordinate work across distributed application components. > SWF has a way of basically combining your digital environment along with manual tasks with **human beings**. Tips: #### SWF vs SQS | | SWF | SQS | | -------- | -------- | -------- | | **Retention period** | 14 days | 1 year| | **API** | Task-oriented API | Massage-oriented API| | **Task-assignment** | Only once | Need to handle duplicate message| | **Tracking** | All the tasks and events in an application | Need to implement your application-level tracking, especially if your application uses multiple queues #### SWF actors - Workflow Starters - An application that can start a workflow. - Deciders - Control the flow of activity tasks in a workflow execution. - Activity Workers - Carry out the activity tasks. ### Simple Notification Service SNS is a web service that makes it easy to set up, operate, and send notifications from the cloud. #### A Topic SNS allows you to group multiple recipients using topics. A topic is an "access point" for allowing recipients to dynamically subscribe for identical copies of the same notification. Very HA!! ![](https://i.imgur.com/6m24dhH.png) Tips: - Instantaneous, push-based delivery (no polling) - Simple APIs and easy integration with applications - Flexible message delivery over multiple transport protocols - Inexpensive, pay-as-you-go model with no up-front costss - Web-based AWS Management Console offers the simplicity of a point-and-click interface #### SNS vs SQS | | SNS | SQS | | -------- | -------- | -------- | | **Messaging Services** | Yes | Yes | | **Based-on** | Push | Polls| ### Elastic Transcoder - Media Transcoder in the cloud - Conver media files from the origin source format in to different formats - Provides transcoding presets for popular output formats (You don't need to guess about best working) - Pay based on the minutes that you transcode and the resolution at which you transcode ![](https://i.imgur.com/x6x9Vce.png) ### API Gateway API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale. ![](https://i.imgur.com/z8VVAzp.png) #### What can API Gateway do - Expose HTTPS endpoints to define a RESTful API - Serverless-ly connect to service like Lambda & DynamoDB - Send each API endpoint to a different target - Run efficently with low cost - Scale effortlessly - Track and control usage by API key - Throttle requests to prevent attacks - Connect to CloudWatch to log all requests for monitoring - Maintain multiple versions of your API #### How do I configure - Define an API(container) - Define Resources and nested Resources (URL paths) - For each Resource: - Select supported HTTP methods(verbs) - Set security - Choose target(such as EC2, Lambda, DynamoDB, etc.) - Set request and response transformations #### How do I deploy - Deploy API to a stage: - Uses API Gateway domain, by default - Can use custom domain - Now supports AWS Certificate Manager: free SSL/TLS certs #### Features - API Gateway Caching You can enable API caching in Amazon API Gateway to cache your endpoint's response. With caching, you can reduce the number of calls made to your endpoint and also improve the latency. ![](https://i.imgur.com/n71YZ7Y.png) > API Gateway cache the lambda result. - Same Origin Policy A web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. > This is done to prevent Cross-Site-Scripting(XSS) attacks. > - Enforced by web browsers. > - Ignored by tools like PostMan and curl. - CORS Cross-origin resource sharing is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested from another domain outside the domain from which the first resource was served. > CORS is one way the server at the other end(not the client code in the browser) can relax the same-origin policy. > CORs in Action > - Browser makes an HTTP OPTIONS call for a URL(OPRIONS is an HTTP method like GET, PUT, and POST) > - Server return a response that says: "These other domains are approved to GET this URL" > - ERROR - "Origin policy cannot be read at the remote resource?" You need to enable CORS on API Gateway. Tips: - Remember what API Gateway is at a high level - API Gateway has caching capabilities to increase performance - API Gateway is low cost and scales automatically - You can throttle API Gateway to prevent attacks - You can log results to CloudWatch - If you are using JS/AJAX that uses multiple domains with API Gateway, ensure that you have enabled CORS on API gateway. - CORS us enforced by the client ### Kinesis #### Streaming Data Streaming Data is data that is generated ccontinuously by thousands of data sources, which typically send in the data records simultaneously, and in small sizes (order of KBs) - Purchases from online stores - Stock Prices - Game data - Social network data - Geospatial data - iOT sensor data Amazon Kinesis is a platform on AWS to send your straming data to. Kinesis makes it easy to load and analyze straming data. #### 3 types - Kinesis Streams ![](https://i.imgur.com/QDXyKiF.png) Kinesis Streams Consist of Shards; - Kinesis Firehose(without data persistence) ![](https://i.imgur.com/2gbP6gn.png) (Results can be transfer to S3, redshift, or ElasticSearch) - Kinesis Analytics ![](https://i.imgur.com/fwIH7rg.png) Tips: - Know the difference between Kinesis Streams and Kinesis Firehose - Understand what Kinesis Analytics is. ### Web Identity Federation & Cognito Web Identity Federation lets you give your users access to AWS resources after they have successfully authenticated with a web-based identity provider like Amazon, FB, Google.. #### Features - Sign-up and sign-in to your apps - Access for guest users - Acts as an Identity Broker between your applivation and Web ID providers, so you don't need to write any additional code. - Synchronizes user data for multiple devices. - Recommended for all mobile applications AWS services. ![](https://i.imgur.com/ywlixde.png) #### Cognito User Pools(User-based) User Pools are user directories used to manage sign-up and sign-in functionality for mobile and web applications. > User pool is user-based. It handles things like user registration, authentication, and account recovery #### Cognito Identity Pools(Resource-based) Identity Pools enable provide temporary AWS credentials to access AWS services like S3 or DynamoDB. > Identity pools authorise access to your AWS resources. ![](https://i.imgur.com/OzGgbOD.png) #### Cognito Synchtonisation Cognito tracks the association between user identity and the varoius different devices they sign-in from. ![](https://i.imgur.com/UxPGcXj.png) Tips: - Federation allows users to authenticate with a Web Identity Provider(Google, FB, Amazon) - The user authenticates first with the Web ID provider and receives and authentication token, which is exchanged for temporary AWS credentials allowing then to assume an IAM role. - Cognito is an Identity Broker which handles interaction between your applications and the Web ID provider. (don'r need to write by your own)