DP-420 Azure Cosmos DB Specialist
Enjoyed this exam as it's practical and hands-on.Notes: Azure Cosmos DB Overview
Certification
Having taken some certifications over the years, I've decided to put them here for reference. I'm not a big fan of certifications, but they are a good way to structure my learning and ensure I cover the fundamentals.
Notes: Azure Cosmos DB Overview
AZ-104 / AZ-305 Azure Solution Architect
One of the toughest exam I facedNotes: Azure Administrator Associate (AZ-104)
Microsoft Certified: Azure DevOps Engineer Expert (AZ-400)
A practical hands-on exam that tests your ability to design and implement DevOps solutions on Azure. It is a challenging exam that requires a good understanding of Azure DevOps and DevOps practices. Most learning resources can be obtained from Microsoft Learn.
Additional Notes: Azure DevOpsAWS Certified AI Practitioner(AIF-C01)
Very useful to understand the AI services provided by AWS and how to use them in real world scenarios.
Notes: AI FundamentalsLinked Notes to AWS Certified AI Practitioner.,
Practically learned:
Practically learned:
- Machine Learning and Terminology
- Prompt Engineering
- AWS AI Services
Learning Prompt Engineering with Google
Example:
Output expectation / control:
| Input Prompt | Reference |
|---|---|
| Task | Describe your task, specifying a persona and format preference.
|
| Context | Specify goals, constraints, and requirements. Context has the potential to be the longest piece of a prompt. One of the most powerful and reliable ways to provide an AI tool with context is to give the model specific reference materials to use.
|
| Reference | Add examples, zero/single/few shots for gen AI tool can use to inform its output. Use:
|
| Evaluate | evaluate the output to identify opportunities for improvement. |
| Iterate | Iterate on your initial prompt to attain those improvements. |
I want to surprise my friend with a birthday meal. <- why task
Can you suggest a Gourmet chef <- task
I want a list of vegetarian food menu item. <- task/context
She prefes Italian food, and she is allergic to nuts. <- context
She is a vegetarian. <- context
She is a fan of pasta. <- context/reference
I want asian cuisine like Dim Sum. <- reference
I know Ching Chong restaurant is good in serving Dim Sum. <- referenceI want a gourmet chef suggestion for a list of vegetarian food menu to bring my Chinese friend for a surprised dinner. She prefers Asian food. Could you suggest a menu list? I would prefer to bring her to a dim sum restaurant similar to Ching Chong restaurant located in Los Angeles.
I am tight on budget, so list me 2 menu and no appetizer.
Output expectation / control:
- Revisit the prompting framework - add personas, context
- Break the prompt into shorter sentences - chain of thoughts
- Introduce contrainsts
- Tweak your phrasing / swith analogous task
Important are the following:
Example: Use LLM to generate prompt for image generation. I.e. create a poster. Then using that prompt to generate an image, remember to set the a format. E.g.
- Subject
- Format
- Size
- Color
- Asthetics
Example: Use LLM to generate prompt for image generation. I.e. create a poster. Then using that prompt to generate an image, remember to set the a format. E.g.
Generate a poster for a music concert <- task
The image should be photorealistic <- format
The poster should display a sense of excitement and energy <- aesthetics
The color scheme should be vibrant and eye-catching <- color
The poster should be in portrait orientation <- format
The poster should include the following text: "Live in Concert: The Rocking Band" <- context
The poster should be 24 inches by 36 inches in size <- size
Add all the images or url required.
- Protecting privacy: Removes potentially sensitive information from previous interactions.
- Avoiding bias: Prevents the tool from carrying forward assumptions or stereotypes from earlier prompts.
- Reducing confusion: Ensures the tool focuses solely on the current task and context.
- Troubleshooting: Refreshes the tool when it seems stuck or is producing unexpected results.
| Risk | Mitigation |
|---|---|
| Bias |
|
| Hallucination |
|
| Inconsistency and relevance | Example of word: "Think outside the box"
|
| Responsibility |
|
AWS Solution Architect Associate
- CLI -> create access key
- Role -> AWS Service, AWS Account, Web Identity, SAML 2.0 Factory
- Security Tools
- IAM Credential Reports(all users + various credential + last used)
- IAM Access Advisor(services access & not & permission)
- Guidelines
- Don't use root access except to create account
- One physical user = One access user
- Assign user to group & assign permission to group
- Create strong password
- Enforce MFA - virtual, universal, hardware FOB
- Create & use role for giving permission to AWS Service
- Use Access Key for program access (CLI, SDK)
- Audit permission of account using IAM Credential
- Never share IAM user & access key
- IAM Role & IAM Policies(JSON)
{ Version: 2012-10-07 Id: "s3-access", Statement: [ {"{"} "sid": 10202 "Effect": "Allow" // Deny "Princial": {"{"} "AWS": ["arn.aws..."], "Canonical user": "123", "Federated": [] "Resource": "s3:mybucket" //NOT Resource {"}"} {"}"} ] }
- Have an instance store.
- On-Demand
- Reserved Instanced & Convertible
- Saving Plans - commit of min usage and allow convertible, get charged even not used (used to be Capacity Reserved)
- Spot Instance
- Dedicated Host
- Dedicated Instance
- Spot Instance can only terminate if Open/Active/Disabled
- Spot can have x5, c5 in instances too
- Spot Fleet - Set of instance + optional on Demand
- Lowest Price
- Diversified
- Capacity Optimized
- Price Capacity Optimized
- Elastic IP - > 1 public ip, max 5
- Elastic Network Interface (ENI) - > 1 private ip, same Az and has MAC Address
- Placement group:
- Cluster - same Az
- Spread - Different region or Az, 1 Az max 7
- Partition - up to 7 partition, partition do not share rack & can be in same Az or not
- Hibernate - only if EBS encryption enabled, save the RAM state. Only charge storage.
- Instance Store - ephemeral, physical and very high IOP, emptied when stop.
- Root volume type are default deleted on terminate.
- It's a network drive.
- To move to new Az use snapshot
- To Hibernate at instance stop, needs to use encrypt. It stores all RAM into EBS.
- Snapshot archive are cheaper (72%) but takes 24-72 restore
- Recycle bin 1 to 1 year retention
- Fast snapshot restore - $$$$
- Types: only gp(General SSD) & io(Provisioned IPs) can be use as Root Volume
- gp3 - can increate IOP to 16k, throughput 1000MBis
- gp2 - max 16k with 3 IOP per GB, 5334 max IOPs
- io1 - 4-16GB, max PIOP 64k
- io2 - max 256k with 1000:1, Support EBS multi-attached
- st1 - 125GB-16TB of HDD
- sc1 - infrequent access 250 IOP of Cold HDD
- Multi-attached is only for Same Az, max 16 EC, and for filesystem that is cluster aware (linux)
- Encryption:
- Data is encrypted when 1) at rest, 2) snapshot and 3) in-flight between instance and volume
- To encrypt un-encrypted data -> snapshot -> copy -> create new EBS
- Snapshot templates and even EBS storage.
- Region specific but can be copied over via console/commandline.
- $$$ than 3 gp price
- Encryption at rest using KMS.
- Use NSF v4.1 and Linux based AMI.
- Can be Multi-Az of One Zone. One Zone is only for IA
- Can be access by Lambda, EC2 and Sagemaker
- Through Put:
- Provisioned
- Elastic
- Bursting
- Storage Tier:
- Standard
- Infrequent Access(IA)
- Archive
- Lifecycle Policy - Standard to IA
- Enable to EC by security group not ip
- Types:
- Application Load Balancer - routing table based on hostname, path, header or querystring. X-Forwarded-For/Port/Proto. Target group can be by ip, instance or lambda.
- Network Load Balancer - 1 EIP, TCP/UDP, NLB can have sub ALB
- Gateway Load Balancer - target group is 3rd-party. GENEVA protocol 6081.
- Multi Az but spread across Region
- Access via DNS except for Network that has ip
- Can have healthcheck
- Sticky Session
- Only GLB no sticky
- AWSALB and AWSALBAPP is for application based cookie
- AWSALB and AWSALBTG is for duration based cookie
- Cross Zone Balancing - enabled and not by instance, but sub-sub zone.
- Server Name Indication(SNI) - solve multiple TLS certificate onto one webserver/ALB.
- Connection Draining - allow EC2 to finish all request before shutdown. Time based, 0 is disabled.
- Launch Template to define AMI, Instance Type, EBS Volume, Security Group, SSH key pair, IAM Role, VPC, LB
- Specify Min, Max and Initial
- Can use Cloudwatch as alarm
- Health check can be for both EC2 / ELB, health check terminates the EC2.
- Scaling strategy Scheduled, Predictive(AI), Dynamic(resource) , default is 30second cooldown.
- Able to integrate with CloudWatch(with custom metric) to trigger alarm, and configure scaling to run based on alarm.
- Auto scale, if free storage *lt; 10% and for 5minutes
- 6 hours past last configuration.
- 1 master multiple Replica
- Supported Postgres, MySql, MariaDB, Oracle, SqlServer, DB2, Aurora
- Multi Az support does not require connection string change. (Only read replica required)
- Replica
- Up to 15 read replica
- Free if same Az
- Sync for multi Az
- Ansync (Eventually Consistent) for same Az
- Aurora
- Auto Multi Az & Multi Region
- Regional cluster with 1 writer endpoint and reader endpoint
- Only 4 replica up only can write, 3 replica up only can read.
- Machine Learning by SageMaker and Comprehend
- Can have custom endpoint(a reader endpoint) to point specific instance.
- Can use serverless - Aurora Fleet
- Global Aurora - Cross Region or Global DB (1 primary region, up-to-5 secondary region, up-to 16 read replica per region)
- RDS Proxy - db connection pool and must be private!
- ElasticCache
- Redis Auth - IAM, use password token or SSL
- Memcache - supports SASL based authentication
- Redis supported sorted set guaranteed.
- Pattern
- Lazy Loading
- Write through(add/update db)
- Session Store(ttl)
- RDS Custom - only Oracle and SQL Server, can SSH to do patch.
- Security
- Data encrypted at rest, but KMS must be defined on creation.
- Master not encrypted, replica is not
- To encrypt an unecrypted, go snapshot route
- IAM Authentication except Oracle and SqlServer, but can SSH
- Audit log can be sent to Cloud Watch
- Security Group to control network.
- Backup auto every 5mins. Aurora cannot be disabled)
- Backup snapshot is 1 to 35 days.
- Backup Snapshot only restores to new DB and only MySQL/Aurora support from S3. Aurora used percona to do it.
- Cloning feature only available for Aurora.
- Record Types:
- A - map hostname to ipv4
- A (alias) - like CNAME but have native healthcheck, can set APEX but not TTL
- AAAA - map hostname to ipv6
- CNAME - map hostname to hostname
- NS - name server for hosted zone
- Routing Policy:
- Weighted
- Simple - multiple A with random
- Latency - closest, but you need to set region yourself
- Failover - one primary, one secondary
- Geolocation - same as latency, but specify country. If default is set means have default.
- geoproximity - weighted region
- ip base routing - use CIDR
- multivalue - like simple but add health check
- Health Check
- Calculated Health Check - up to 256 & can be OR/AND, 30 seconds interval with 18% of 2xx or 3xx
- Private Hosted Zone - Have to go thru CloudWatch
- Cannot route based on path
- Different than ALB, loadbalanced by region, health check is by TTL
- Bucket name is globally unique and region based
- Naming is lowercase + number + only allow dash (-) except -s3alias and --
- Key consist of prefix(path) + object_name
- Max 5MB and big upload is via multi-part
- Security
- Userbase (IAM)
- Resource based - Bucket Policy / Object ACL / Bucket ACL
- Can be encrypted
- S3 have a Block public access and highest even from IAM and Resource control. Means this have to be enabled before Bucket policy
- Support make S3 as static website
- Versioning
- When disabled all object have version = null. Important for on and off versioning.
- Suspend versioning does not delete prev version
- Delete versioning only add DELETE MARKER
- If delete a file with version (show version), it is Permanent Delete
- Replication
- Same Region Replica
- Cross Region Replica
- Only new objects are replicated, but can use S3 Batch Replica to do old
- Able to replicate DELETE MARKERS but need to be enabled. NOTE: records with version are not replicated.
- No chain - do not support bucket 1 TO bucket 2 TO bucket 3
- Types:
- Standard - have > 3 zones
- Infrequent Access
- Intelligent Tiering
- One Zone IA
- Glacier Storage
- Instant Retrieval - like I/A min 90days
- Flexible Retrieval - take 1 - 5 min, 3 - 5 hours, 5 - 12 hours
- Deep Retrieval - 12 - 48 hours
- Possible to make requester pays for S3.
- S3 Lifecycle
- use Storage Class Analysis - a tool for Standard and Standard IA to help analyze a report between 24-48 hours
- Move non-current version and can set to permanent delete too.
- Can have delete non-complete multi-part objects
- Rules can be added to tags.
- Can add delete on expire.
- Event supported Event Bridge, Lambda Function, SQS, SNS
- Transfer - Transfer Acceleration via multipart, s3 byte range transfer, batch via s3 select
- S3 storage lens - analyze object, discover anamolities, cost efficiency. split to:
- Organization
- Account
- Region
- Bucket
- Encryption: (policy runs before encryption so header can be checked.)
- SSE KMS - cheaper for custom with bucket key
- DSSE KMS - 2 x faster
- SSE-C - https with a key but still via kms, s3-x-ams-server-side header
- Client side encryption
- Other features include:
- CORS
- MFA Delete
- Access logs
- Presigned URL - up-to 12 hours, can even delete or upload
- Object Lock
- Compliance (fixed)
- Goverenence (some can change)
- Retention Period (can extend to indefinitely)
- Legal Hold (with s3:PutObjectLegalHold role, one can change it)
- Access Point: Good for s3 Lambda Function
- Always us-east-1 server
- Underlyer of API-Gateway
- Can use geographic restriction
- If to allow ec2 need to find all edge locations
- 3 class
- All
- class 200 - except south america and australia
- only US and Europe
- use anycast to nearest edge
- Have 1 static ip
- Can do health checks
- For Elastic ip, ec2, ALB and NLB
AWS Certified Cloud Practitioner
- Spot Instances
- On Demand
- Reserved Instances (1 yr / 3yr)
- Convertible Reserved Instances (Only 1 Available Zone)
- Savings Plan (min usage of RI)
- Dedicated Hosts (License)
Responsibility for Patch Management, Configuration Management and Awareness and Training
- Business Perspective
- People Perspective
- Governence Perspective
- Platform Perspective
- Security and Operation Perspective
- Rehosting
- Replatforming
- Retire
- Repurchase
- Refactoring and Retaining / Rearchitecture
Operation Excellence → Security → Reliability → Performance Efficiency → Cost Optimisation → Sustainability
- Trade Fixed Expenses for Variable Expenses
- Benefit from Massive scale of Economics
- Stop Guessing Capacity
- Increase Speed & Agiity
- Stop Spending money running & maintaining data center
- Go global in minutes
Sun Java Certified
Old collection without streaming/parallel capabilites with Java 1.2.
Functional Programming Principal In Scala
Synthetic sugars to use collection correctly without side-effects.
Concept of val and const that prevents immutability and to use collections (Haskell like) trigger.
Understanding the concept of programming paradigm. Like higher order functions, currying.
Using match and generics. Was not too strong on this.
Boost of confidence in writing good programming functions and ease pickup of both Kotlin and Javascript.
NPM Commands
| Command | Reference |
|---|---|
| npm install 'packages@version' | # update to latest but based on ~, ^, |
| npm update 'packages' | Updates work even on sub-project like jose in firebase-admin |
| npm audit fix | Fix security issues |
| npm ls 'package' | List installed package and dependencies |