# SUMMARY

* **`Cache-Control max-age`** lets you specify **how long** (in seconds) that you want **an object to remain in the cache before CloudFront gets the object again from the origin serve**.<br>

* If you get a&#x6E;**`Insufficient instance capacity`error**, try **submitting a new request for instance after a few minutes**.<br>

* **Enhanced networking** provides many features, such as: **higher bandwidth**, **higher packet per second (PPS) performance**, and **consistently lower inter-instance latencies**.<br>

* Use **InnoDB as the storage engine for your MySQL database** and also **partition your large tables so that file sizes are under the 16 TiB limit**.<br>

* **Aurora Replicas = Milliseconds** Asynchronous Replication.

* **RDS Read Replicas = Seconds** Asynchronous Replication.<br>

* **Kinesis Data Streams = Can set a Lambda function as a destination**.

* **Kinesis Data Firehose = Cannot set a Lambda function as a destination**.<br>

* You can do **VPC Peering across AWS regions**.<br>

* **To optimize costs, you should use Multi-AZ only for very important tiers**, for example not development or test.<br>

* **If you want to force SSL, use the `rds.force_ssl`** parameter and you can also **download the RDS Root CA certificate and import the certificate to your servers** and configure your application to use SSL to encrypt the connection to RDS.<br>

* There are **several ways of identity federation in AWS:**

  * **Web identity federation - Google, Facebook or any other OpenID Connect (OIDC)-compatible IdP**.
  * **Cognito - Preferred way of web identity federation** because it does a lot of the work for you.
  * **Custom identity broker - When you manually set it up** because your identity store is not compatible with SAML 2.0.
  * **SAML 2.0 - An open federation standard that allows an identity provider (IdP)** to authenticate users and pass identity and security information about them to a service provider (SP).
  * **Active Directory Federation Services (AD FS) - It authenticates the user against Active Directory** and temporary credentials are returned using STS AssumeRoleWithSAML.

* To enable internet access in a VPC, you need to **create an internet gateway (IG) and attach it to your VPC**. Then **add a route to the route table that directs internet-bound traffic to the internet gateway**.<br>

* An **endpoint group routes requests to one or more registered endpoints in Global Accelerator**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://karansingh.gitbook.io/tutorialsdojo-wrong-answers/test-6-78/summary.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.