Common HTTP response codes:

• 501 - Not implemented (elb transfer enconding not supported)
• 502 - Bad gateway (response from integration was in bad format)
• 503 - Service unavailable (no registered targets in auto scaling group)
• 504 - Gateway timeout (Lambda function was running for more than 29s)
• 429 - Throttling / Too many requests
• 401 - Unauthorized
• 403 - Access denied (Invalid authorization token)

IAM / STS

• Trust policy is a resource based policy for an IAM role
• STS can be enabled/disabled per region

CLI

• Credentials stored manually in .aws/credentials file or Enviroment variables take precedence over the IAM role assigned to an EC2 instance

EC2

• Zonal reserved instances provide capacity reservation in the specified availability zone. Regional reserved instances DO NOT.
• Here is the correct way of reusing SSH keys in your AWS Regions:
  • Generate a public SSH key (.pub) file from the private SSH key (.pem) file.
  • Set the AWS Region you wish to import to.
  • Import the public SSH key into the new Region.
• A Reserved Instance billing benefit can apply to a maximum of 3600 seconds (one hour) of instance usage per clock-hour. You can run multiple instances concurrently, but can only receive the benefit of the Reserved Instance discount for a total of 3600 seconds per clock-hour; instance usage that exceeds 3600 seconds in a clock-hour is billed at the On-Demand rate.

EBS

• If an EBS volume is the root device of an instance, you must stop the instance before you can detach the volume.
• Support both in-flght (from instance to volume) and at rest encryption