Published on

K8s Architecture


In this cheat sheet, you learn about how AWS services solve our problems/requirements. This cheat sheet will be helpful for the last-day revision for AWS Certified Developer Associate. Direct Keywords

Here, Direct keywords mean which keywords directly reflect an AWS Service. These are must-know pairs of keywords & AWS Services. Without learning them, never ever go to the AWS Certification exam.


Test permissions using AWS CLI 

aws sts assume-role 

ASG to Maintain capacity at a specified target. Target tracking scaling policy

Use libraries in Lambda without needing to include them in your deployment package. Create Layer in Lambda

Increase performance of S3 

Split reads across prefixes 

Encryption at rest in DynamoDB 

Amazon DynamoDB Encryption Client 

Optimize scan of DynamoDB 

Use parallel scan and limit parameter 

To ensure most up-to-date data retrieved from DynamoDB for all queries 

Set  ConsistentRead parameter to true when calling Read operation (such as GetItem, Query, and Scan) 

Cache items from DynamoDB  Improve read performance 

Use DynamoDB Accelerator 

Group transaction of DynamoDB in all-or-nothing update 


Group transaction of DynamoDB without all-or-nothing requirement 


Selection of attributes from base table but organized by primary key that is different from base table 

Global Secondary Index 

Alarm with period of 10 /30 seconds  Higher charge 

High-resolution Alarm 

Alarm with period of any multiple of 60 seconds 

Regular CW Alarm 

Search & filter log data coming into CW Logs.  Turn log data into numerical CW Metrics that can be graphed and set an alarm on. 

CW Metric Filter 

Audit AWS API calls AWS CloudTrail

defines the deployment actions you want AWS CodeDeploy to execute.


AppSpec file for an Amazon ECS or AWS Lambda deployment appspec.YAML

AppSpec file for an EC2/On-Premises deployment appspec.yml

Use IAM Roles to generate temporary credentials for users  Synchronize data across devices without the need to create backend applications

Amazon Cognito 

For Authorization(Access Control)  Enable users in your user pool to access AWS resources 

Amazon Cognito Identity Pools 

User can access only their own data 

Use Trust policy with IAM condition key to limit access 

Create SSL/TLS certificates 

AWS Certificate Manager 


How to Synchronize data across devices without the need to create backend applications?

Amazon Cognito PROBLEMS/NEED

How to control the placement of tasks of Docker containers on Amazon ECS?

Task Placement Constraint PROBLEMS/NEED

How to improve the Lambda function's performance, considering the Lambda function is downloading a file less than 512MB & it is called multiple times a second?

Cache the file in the /tmp directory PROBLEMS/NEED

How to obscured secret values in Lambda console & API output even for users who have permission to use the key?

Encrypt secret values client-side using encryption helpers PROBLEMS/NEED

How to Associate AWS Resources with the event source?

Amazon CloudWatch Events PROBLEMS/NEED

How to invalidate API Cache?

Pass an HTTP header called Cache-Control:max-age=0 PROBLEMS/NEED

How to initially direct a percentage of traffic to the new version of Lambda code and gradually increase this over time & also be able to roll back if required?

Create Lambda Alias, assign current and new versions and use traffic shifting to assign a percentage of traffic to the new version PROBLEMS/NEED

How to modify the Lambda function to ensure data is encrypted before it is uploaded to the S3 bucket.

Use the GenerateDataKey API, then use the data key to encrypt the file using the Lambda code PROBLEMS/NEED

How to add a manual approval step before the code is deployed into the production environment in release process workflow of the application running on Amazon ECS?.

Use an approval action in a stage in AWS CodePipeline before deployment PROBLEMS/NEED

How to encrypt all traffic between users and CloudFront, and all traffic between CloudFront and the web application?

Set the Viewer Protocol Policy to “HTTPS Only” or “Redirect HTTP to HTTPS” PROBLEMS/NEED

How to restrict AWS services, resources, and API actions that can be accessed by users in the account which is a member account in AWS Organizations?

Use Service Control Policy (SCP) PROBLEMS/NEED

How to deploy serverless applications composed of AWS Lambda, Amazon API Gateway, and Amazon DynamoDB using simple syntax?

Use Serverless Application Model PROBLEMS/NEED

Developers need a centralized private repository for managing source code. The repository should support updates from multiple sources. Which service he should use?

AWS CodeCommit