Please enable JavaScript.
Coggle requires JavaScript to display documents.
AWS CLI & SDK - Coggle Diagram
AWS CLI & SDK
API Rate Limits
Examples:
- DescribeInstances API for EC2 has a limit of 100 calls per seconds
- GetObject on S3 has a limit of 5500 GET per second per prefix
Intermittent Errors
- implement Exponential Backoff
- Retry mechanism already included in AWS SDK API calls
- Must implement yourself if using the AWS API as-is or in specific cases
- Must only implement the retries on 5xx server errors and throttling
- Do not implement on the 4xx client errors
- How it works:
- 1st retry after an error wait for e.g. 1 sec
- 2nd retry wait for 2 sec
- 3rd retry wait for 4 sec
- 4th retry wait for 8 sec
- 5th retry wait for 16 sec
Consistent Errors
- request an API throttling limit increase
Signing AWS API requests
- When you call the AWS HTTP API, you sign the request so that AWS can identify you, using your AWS credentials (access key & secret key)
- Some requests to Amazon S3 don’t need to be signed (e.g. public object)
- If you use the SDK or CLI, the HTTP requests are signed for you
- You should sign an AWS HTTP request using Signature v4 (SigV4)
1 Create Canonical Request
2 Create String to Sign
3 Calculate Signature
4 Add Signature to Request
SigV4 Request options
-
Query String option, ex: S3 pre-signed URLs (signature in X-Amz-Signature)
AWS CLI configure
Profile
- In addition to [default] you can add multiple account credentials using prfiles
- aws configure --profile my-profile (create new profile)
- aws s3 ls --profile myprofile (use the profile)
MFA with CLI/SDK
- To use MFA with the CLI, you must create a temporary session
- To do so, you must run the STS GetSessionToken API call
- aws sts get-session-token --serial-number <arn-of-the-mfa-device> --token- <code code-from-token> --duration-seconds 3600
- returns the following info in a json:
- Access Key ID
- secret Access Key
- Session Token
- Expiration
AWS SDK
Overview
- Perform actions on AWS directly from your applications code (without using the CLI)
- Official SDKs are:
- Java
- .net
- Node.js
- php
- Python (named boto3 / botocore)
- Go
- Ruby
- C++
- We have to use the AWS SDK when coding against AWS Services such as DynamoDB
- The exam expects you to know when you should use an SDK
- If you don’t specify or configure a default region, then us-east-1 will be chosen by default
-
-
-