AWS Certified Developer - Associate
- Exam guide - https://d1.awsstatic.com/training-and-certification/docs-dev-associate/AWS-Certified-Developer-Associate_Exam-Guide.pdf
- Exam prep - https://skillbuilder.aws/category/exam-prep/developer-associate
AWS Certified Solutions Architect - Associate
- Exam guide - https://d1.awsstatic.com/training-and-certification/docs-sa-assoc/AWS-Certified-Solutions-Architect-Associate_Exam-Guide_C03.pdf
- Exam prep - https://skillbuilder.aws/category/exam-prep/solutions-architect-associate
IAM
- users and user groups
- roles - credentials provided by a Role are temporary and automatically rotated by AWS.
- policies - like permissions
Glue
- supported data file sources https://docs.aws.amazon.com/databrew/latest/dg/supported-data-file-sources.html
Lambda
- Max 15 minute execution time - https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html
Step Functions
SQS
- pull (consumers poll for messages)
- 1 to 1
SNS
- fan-out (messages are pushed to subscribers)
- 1 to many
VPC
- for a region e.g.
eu-west-1
- one or more subnets in each availability zone
- Each subnet has a route table associated with it that tells network traffic where to go.
- network ACL (access control list) on the VPC - stateless firewall for subnets - If you allow inbound traffic on port 80, you must also create a corresponding outbound rule to allow the response traffic on the appropriate port range (ephemeral ports). The ACL inspects each packet in isolation, without considering previous packets.
- internet gateway (IGW) to make subnet public
Security Groups
- stateful
- When you allow inbound traffic on a certain port (e.g., port 80 for HTTP), the Security Group automatically allows the return traffic from the instance on an ephemeral port. It “remembers” the initial request.
A complete Security Group rule has three pieces:
- Type: The kind of traffic (e.g., TCP, which is used for most database connections).
- Port: The specific “door” for that traffic. For a MySQL database, this would be port
3306
. - Source: This is the clever part. Instead of using the web server’s specific IP address, we can use the web server’s own Security Group as the source.
So, the rule on the database’s Security Group would look like this:
- Allow traffic of type TCP on port 3306 but only from sources that are part of the web-server-security-group.