1 |
1,01 |
CF |
User authent.& AD |
User access: simplest payed, 14d S3. |
C)S3 bkt= CF origin & OAI with signed URL access: expiry= 14d. |
2 |
1,02 |
Lambda |
IAM plcy |
Interpret IAM plcy: Lambda actions. |
C)100.220.0.0/20 can delete λ fct (Deny Lambda:Create&:DeleteFct, Res.:*, Cond.:IpAddress:220.100.16.0/20.) |
3 |
1,03 |
S3 |
object protect |
Privileged user access: prevent static S3 data loss. |
A)object MFA Delete, E)S3 bkt vers. |
4 |
1,04 |
Glb Accelerator |
connect onprem |
Scalable, min config: onprem FW to ALB’s IP adr. |
C)glb Accelerator & ALBs in diff. regions, &onprem firewall`s rule: allow static IP adr. |
5 |
1,05 |
DataSync |
migr f-sys |
Migr & sync: csv files 2 copies onprem & S3. |
A)DataSync onprem to replicate csv to onprem storage & S3 bkt. |
6 |
1,06 |
EC2 AS |
monolith |
Slow response: 3 tier monolith app spikes. |
C)ASG scale web & app tiers horizontal & ALB. |
7 |
1,07 |
R53 |
DR |
Cost-eff DR: RDS Oracle 2 regions, RPO=24h/ RTO=3h. |
D)R53 failover, &daily RDS snapshot to region2 & new insts: user data script for APIs. |
8 |
1,08 |
EBS |
Encrypt replica |
Encrypt: all EBS snapshots. |
A)EBS default encrypt for region. |
9 |
1,09 |
EC2 |
Inst |
Cost: migr licensed app, EC2 pricing option. |
A)Dedicated reserved hosts. |
10 |
1,10 |
VPC |
IP access |
IP adr: space fault of VPC IPv6. |
B)IPv4 subnet with larger range & launch inst. |
11 |
1,11 |
SQS |
msg |
Async svc msging: 2 parallel msgs/ 3 svcs. |
C)SNS topic filter for email orders/-cancel to 3 micro svcs via 3 SQS ques, 2 ques for email order/ cancel. |
12 |
1,12 |
SQS |
request |
Resistent writes: unpredictable to DB. |
D)SQS FIFO receives writes & que draining (delete) when writes are polled to DB. |
13 |
1,13 |
S3 |
LC cost & retention |
LC cost: S3 IA >30d, retrieve 5Min, old vrsn 1wk. |
B)current object LC 30d to Glacier, previous vers LC 1d to Deep Archive. |
14 |
1,14 |
API GW |
static/dyn |
Ovhead: growth & peaks, static front & fast JSON DB. |
C)S3 static website,& app layer with API GW, λ-fct, & DynamoDB with user data. |
15 |
1,15 |
KDS |
NR/T data process |
Remove NR/T sensi data: transaction moves to DocDB. |
C)KDS with Lambda remove sensi data & store in DynamoDB, others consume KDS directly. |
16 |
1,16 |
VPC |
connect NAT |
Cost-eff connect: prv subnet NAT to internet & S3. |
C)S3 VPC GW endpt plcy & update route table for VPC endpt. |
17 |
1,17 |
R53 |
deploy/test region |
Highest perf: R53 plcy & ALB 3 regions. |
A)R53 A record with latency plcy. |
18 |
1,18 |
VPC |
ext. inst access |
Secure onprem: pub Linux bastion, prv subnet app insts. |
C)Bastion Sgrp: allow external IP range inbound, D)App inst Sgrp: allow bastion host inbound SSH prv IP adr. |
19 |
1,19 |
S3 |
Encrypt rest&in-transit |
Encrypt: at rest & in-transit S3 log. |
A)client-side encrypt for S3 encrypt upload. |
20 |
1,20 |
Redshift |
acc access |
Cost-eff share: Redshift cross-acc. |
C)share Redshift cluster snapshot with Sales acc & restore with shared ID. |
21 |
1,21 |
Secrets Mgr |
Encrypt key & cred |
Creds & Ovhead: 14day rotation, Aurora. |
A)Secrets Mgr with new KMS key & 14d rotation. |
22 |
1,22 |
Glb Accelerator |
UDP & TCP |
HA: glb UDP game. |
D)NLB regional distri &glb Accelerator routing to regional endpt. |
23 |
1,23 |
VPC |
internet access |
Internet to ALB: HA prv insts order app, RDS. |
A)2 prv subnets: ASG & RDS Multi-AZ insts, E)ALB & 2 AZ: 2 pub subnets NAT GWs & 2 prv subnets. |
24 |
1,24 |
Config |
Compliance |
Least ops remediate: detect IAM keys >90d. |
C)Config rule check key age,& EventBridge rule to λ fct remove key. |
25 |
1,25 |
RDS |
DR |
DR RPO <1s: server fleet & RDS PostgreSQL. |
A)DB inst Multi-AZ deploy. |
26 |
1,26 |
WAF |
DDoS & floods |
Ovhead: defend HTTP flood attacks on API requests. |
B)regional WAF & ACL rate-based rule for API GW stage. |
27 |
1,27 |
Glue |
logging |
Fast aggr scan: log query S3/QuickSight. |
A)S3 with Glue ETL job to Redshift with aggr queries. |
28 |
1,28 |
Org |
Org |
Most secure record: CT in Org accs. |
C)accs = OUs, & org root SCP: prevent users disabling CT. |
29 |
1,29 |
ElastiCache |
Optim CPU util |
Slow table search: high RDS MySQL CPU util, 1AZ. |
B)ElastiCache Redis cache prod cat, &populate cache: lazy loading. |
30 |
1,30 |
Cognito |
User authent.& AD |
User authent: app access on behalf. |
C)Default IAM role for authent. users, E)Cognito for user authent. |
31 |
1,31 |
FSx |
onprem f-share |
Durable, HA data migr: multi Windows f-shares insts. |
C)f-share env to FSx Windows with Multi-AZ & migr to FSx Windows f-Server. |
32 |
1,32 |
Config |
Cert |
ACM cert: notify before 30day expiry. |
B)Config rule checks cert 30d expiry, & non Comply EventBridge SNS custom alert. |
33 |
1,33 |
R53 |
glb website/DNS |
HA migr, Ovhead: 2 DNS servers hosting 200 zones. |
A)200 new hosted zones & import zone files in R53 console. |
34 |
1,34 |
Glb Accelerator |
HTTP/S |
Exploit protected, perf: static HTTP IP glb HA app. |
B)glb Accelerator with ALB linked WAF in each Region & EC2 insts. |
35 |
1,35 |
EC2 AS |
Scale ASG |
Scaling: ALB, ASG sharp biz load rise, wk-end=0. |
D)track scaling on inst CPU util, E)ASG sched Scaling, wk-end min=max=desired= 0, wk-days default. |
36 |
1,36 |
MQ |
HA AZ |
HA, Ovhead: RabbitMQ app1&2 to PostgreSQL same AZ. |
B)active/standby RabbitMQapp app1 inst,& app2 to RDS PostgreSQL inst, all Multi-AZ. |
37 |
1,37 |
SSM |
moni |
RDP/ SSH access: env moni & notify. |
A)CW app insight creates SSM OpsItems if RDP or SSH access is detected. |
38 |
1,38 |
DX |
migr large/ fast |
Continuous migr: secure, consistent 1mth 50TB. |
C)Snowball: initial transfer & ongoing DX connect. |
39 |
1,39 |
WAF |
attacks |
Protect: ext. malicious IP adr on CF/ ALB & WAF. |
B)WAF with IP match condition & block malicious IP adr. |
40 |
1,40 |
VPC |
subnet route |
Pub Sgrp to prv: app to MS SQL. |
A)pub app Sg: 0.0.0.0/0. inbound to 443, C)MS SQL DB Sgrp for web-tier 1433 inbound. |
41 |
1,41 |
EC2 |
IAM plcy |
interpret IAM plcy: EC2 users. |
C)terminate insts (Allow ec2:Terminateinsts; Res.:*) with user IP= 10.100.100.254 in us-east-1. |
42 |
1,42 |
CT |
Audit&Tag |
Auditable & synced: onprem expand to archive records. |
A)new & existing data hybrid DataSync to S3 bkt with object lock & CT data events. |
43 |
1,43 |
DMS |
data lake |
Ovhead: cont. onprem Oracle to data lake. |
C)DMS to transfer data to S3, & Glue to transform data & integrate to S3 data lake. |
44 |
1,44 |
GLB |
subnet route |
IP packets, Ovhead: FW to prv inst app & DB. |
D)inspection VPC with GLB endpt for incoming packets, forwarded to FW. |
45 |
1,45 |
Quicksight |
user shared access |
Author mngmt access: visuals, S3 data lake & RDS. |
B)QuickSight analysis with data lake source & dashboard shared users & groups. |
46 |
1,46 |
EBS |
storage IOPS |
Consistent IOPS: EBS with app access. |
C)General purpose SSD (gp3) EBS root vol & Prov IOPS SSD (io2) EBS vol. |
47 |
1,47 |
Glue |
Stream |
R/T stream: transform to S3 SQL query. |
A)KDS streams, KDA transforms, KDF to S3/ Athena query, B)MSK & Glue transform to S3/ Athena query. |
48 |
1,48 |
Storage GW |
LC cost & retention |
Expand onprem storage: low-latency SMB, LC manage cap. |
B)Storage GW with LC to S3 Deep Archive. |
49 |
1,49 |
SQS |
REST |
Sequenced order: REST API GW & app. |
B)API GW integration & msg with app order to SQS FIFO que invoke fct. |
50 |
1,50 |
DX |
connect onprem |
Min impact: internet growth, onprem backup to S3. |
B)DX connect with direct backup. |
51 |
1,51 |
Macie |
Compliance |
Min dev remediation: auto PII, SFTP upload. |
B)Macie S3 objects-scan for PII, SNS notify to remove PII objects. |
52 |
1,52 |
DX |
onprem Backup |
Cost-eff extend: onprem HA & low latency, no failing. |
A)DX connect to region & VPN connect as backup for DX fails. |
53 |
1,53 |
CF |
glb website/DNS |
Expand: dyn US website to EU in few days. |
C)CF with a custom origin pointing to onprem servers. |
54 |
1,54 |
S3 |
analytics |
Ovhead: analytics 2x S3 to λ fct & SageMaker. |
D)S3 bkt replicas; analysis bkt event to EventBridge/ ObjectCreated rule targets: Lambda, SageMaker Pipelines. |
55 |
1,55 |
EC2 AS |
Scale ASG |
Cost-eff scale: slow on-demand app inst, PHP SW & MySQL. |
D)migr to Aurora MySQL DB inst, AMI with app in launch template & ASG Spot Fleet with ALB. |
56 |
1,56 |
CW |
moni |
Perf moni: CPU util metrics >50%, disk IOPS. |
A)CW composite alarms where possible. |
57 |
1,57 |
ECS |
Scale container |
Ovhead: migr container app, scale deployment, HA. |
A)Container images in ECR repo, ECS Fargate type to run containers & on demand AS target tracking. |
58 |
1,58 |
Backup |
Backup |
Ovhead: 2nd region backup EC2 & RDS insts |
A)AWS Backup copies EC2 & RDS insts backups to separate region. |
59 |
1,59 |
ECS |
HA AZ |
HA min intervention: ELB container app, relational DB. |
A)RDS inst Multi-AZ, D)ECS Fargate launch type to handle dyn app load. |
60 |
1,60 |
ElastiCache |
session data |
Distri session storage: ALB, Multi-AZ ASG. |
A)ElastiCache to manage & store session data. |
61 |
1,61 |
CostExplorer |
Billing |
Cost: mthly inst acc usage threshold. |
C)Cost budget for each acc with mthly insts scope & SNS threshold alert. |
62 |
1,62 |
RDS |
DB query,reads |
RR: RDS MySQL. |
C)long-run transactions to complete for RR creation, E)auto- backups with retention period >0. |
63 |
1,63 |
EC2 AS |
Optim CPU util |
Cost: AS 5 insts, CPU util <10%, freq surges to 65%. |
B)ASG target tracking av CPU util metric=50%, desired/min/max/ insts= 3/2/6. |
64 |
1,64 |
ETranscoder |
f-convert/format |
Ovhead, perf: scaling mobile play raw S3 videos. |
A)CF for content, C)ETranscoder convert video files to appropriate formats. |
65 |
1,65 |
SQS |
response |
Ops eff: min maint & 24h buffer, quote response app. |
C)SNS topic to multiple SQS ques, SNS msgs to selected SQS que on filter quote, SQS que with server. |
66 |
2,01 |
Storage GW |
onprem f-share |
Cost-eff expand: onprem to immediate retrieve storage. |
B)Storage GW cached vols to S3 bkt, copy local data subsets. |
67 |
2,02 |
EC2 |
Inst |
Cost-eff insts: critical, vary day/night load. |
A)Spot Fleet. |
68 |
2,03 |
WAF |
DDoS & floods |
Cost: mitigate DDoS assault, ALB ASG app insts. |
A)WAF ACL rate-based, &CF distri with WAF ACL &CF to ALB. |
69 |
2,04 |
VPC |
subnet route |
VPC ACL: web inst port 443. |
A)Sgrp source 0.0.0.0/0 to TCP 443, E)ACL 0.0.0.0/0 inbound TCP 443 & outbound TCP 32768-65535 to 0.0.0.0/0. |
70 |
2,05 |
CF |
Transfer cost |
Transfer costs, no changes: CF & single-use txt file. |
A)Lambda@Edge compress user files. |
71 |
2,06 |
IAM |
acc access |
Most secure access: 3rd party acc. |
C)cross-acc IAM role w external ID. |
72 |
2,07 |
API GW |
user shared access |
Cost, HA: user's fast, sporadic S3 upload ML models. |
C)1 model per API GW path-based routing to λ-fcts. |
73 |
2,08 |
Snowball |
migr large/ fast |
Onprem audits: quarterly low-bandwidth 60TB export. |
D)Snowball: export job request, then deploy Snowball device onprem. |
74 |
2,09 |
R53 |
DR |
DR region downtime: ELB app insts, DynamoDB. |
D)DR region: ASG & ELB, DynamoDB glb table; DR: CW alarm to λ fct update R53 to new ELB. |
75 |
2,10 |
API GW |
REST |
Ops eff: modernize dropped migr RESTful transaction. |
A)app layer= API GW to λ fct, & comm layer= SQS. |
76 |
2,11 |
ElastiCache |
NR/T data process |
NR/T scoreboard: 3-tier VPC & RDS MySQL. |
B)ElastiCache Redis cluster: compute & cache score to display. |
77 |
2,12 |
ECS |
HA AZ |
HA: rolling ECS update, min 100 requests/s. |
D)3 AZs with each 2 tasks. |
78 |
2,13 |
CF |
HTTP/S |
Secure app: HTTP/S CF, restrict app’s access. |
C)CF field-level encrypt. |
79 |
2,14 |
Aurora |
DB query,reads |
Connect: 3 of 6 special Aurora replicas. |
A)workload with custom endpt. |
80 |
2,15 |
S3 |
IAM plcy |
interpret IAM plcy: MFA net effect |
D)MFA required for object to bkt (Deny s3:PutObject, Res.:*, Condition:BoolIfExists:{MFAPresent:false}) |
81 |
2,16 |
ECS |
Scale container |
AS: ECS insts & CW alarm. |
C)ECS scale out svc CPU util or high cluster memory reservation. |
82 |
2,17 |
API GW |
monolith |
HA scaled, ms API: convert monolithic app. |
B)API GW & edge-optimized API endpt, Lambda, DynamoDB. |
83 |
2,18 |
RDS |
Encrypt rest&in-transit |
Author view: existing RDS data. |
D)RDS encrypt. with customer mngd KMS key. |
84 |
2,19 |
FSx |
User authent.& AD |
Author download: onprem Windows f-server. |
B)migr FSx onprem AD & Client VPN. |
85 |
2,20 |
DX |
connect onprem |
Secure connect VPC: HA, max resil. 2x 500miles centers. |
C)2DX for each 1st & 2nd data center & terminate at 2DX locations on 2 devices. |
86 |
2,21 |
SQS |
static/dyn |
sharp requests: dyn API & 3 workers, static S3. |
D)CF origin S3 static content, & API requests to SQS for later EC2 processing. |
87 |
2,22 |
Org |
object protect |
prv S3 object in acc's bkt |
D)S3 Block Public Access, & SCP to prevent IAM users setting changes. |
88 |
2,23 |
AD |
User authent.& AD |
User permsn & Ovhead: job role sec access. |
A)SSO deploy for onprem AD connect with central users & perm. |
89 |
2,24 |
DMS |
migr app & DB |
Migr least costs: daily 3GB SQL query app. |
D)DMS replication of onprem DB to Redshift cluster with query. |
90 |
2,25 |
ALB |
logging |
Most ops eff: visibility ALB abnormal accessing. |
B)ALB access logging to S3 with Athena table querying logs. |
91 |
2,26 |
CF |
Storage |
Strong consistent storage: freq shared ASG app. |
B)Mount EFS f-sys on individ. insts, E)CF to S3 storage & Cache-Control header to no-cache. |
92 |
2,27 |
GuardDuty |
attacks |
Thread detect: respond via VPC-ALB WAF. |
A)GuardDuty threat detection & WAF rules adjust by λ fct, invoked fromh EventBridge findings filter. |
93 |
2,28 |
VPC |
connect |
Cost: photo transfer app, same S3 region. |
D)S3 VPC GW endpt to VPC & attach S3 bkt access plcy. |
94 |
2,29 |
VPC |
internet access |
Prv route to pub subnet: medical S3 records, app insts. |
C)insts to prv subnets & S3 VPC endpt to route table for prv subnets. |
95 |
2,30 |
Network FW |
ext. inst access |
Approved repo access: VPC prv inst. |
A)Route table for prv subnet outbound to Network FW & domain list rule grps. |
96 |
2,31 |
S3 |
Encrypt rest&in-transit |
Encrypt & Ovhead: S3 multi-region. |
B)customer mngd multi-region KMS client-side encrypt key & replication between bkts each region. |
97 |
2,32 |
S3 |
Encrypt key & cred |
Encrypt & Ovhead: : S3 bkt, yearly auto-rotate. |
B)KMS customer mngd, auto rotated key & default encrypt behavior to S3 bkt. |
98 |
2,33 |
EB |
deploy/test region |
Fast auto-deploy: validated infra, ASG-2AZ, ALB & RDS. |
D)EB to use prototype infra ref to auto- deploy new envs in 2 AZs. |
99 |
2,34 |
Aurora |
Backup |
Recover MySQL: mysqldump, snapshot for Aurora MySQL. |
A)RDS snapshot to recreate Aurora cluster, C)dump to S3 to recreate Aurora cluster. |
100 |
2,35 |
ElastiCache |
session data |
Durable session store: ALB app insts, & RDS Maria. |
B)DynamoDB store session info, D)ElastiCache Redis with session info. |
101 |
2,36 |
S3 |
LC cost & retention |
Cost: HA S3 bkt multipart, IA & inconsist >30d. |
A)LC 30d to Intelligent-Tiering, B)S3 LC plcy: clean up incomplete multipart uploads. |
102 |
2,37 |
Pinpoint |
msg |
msg retain 1y: confirm & store SMS mobile app. |
B)Pinpoint journey to send events to KDS for analysis & archiving. |
103 |
2,38 |
ACM |
Cert |
CA SSL/TLS cert: pub ALB app, yearly extern rotate. |
D)ACM import SSL/TLS cert to ALB with EventBridge expiry notify for man rotation. |
104 |
2,39 |
Polly |
f-convert/format |
Ovhead: audio of product names, abbrvs in manual. |
A)Polly custom lexicons for prod names & abbrevs, & StartSpeechSynthesisTask API ops for prod manual. |
105 |
2,40 |
Athena |
data lake |
Ovhead: column-level LFN to S3 data lake. |
D)LFN blueprint to S3 data lake with column-level control QuickSight, & Athena source to QuickSight. |
106 |
2,41 |
EBS |
Failover |
Slow test cloning: high test I/O EBS, same region. |
D)EBS fast prod snapshot restore to test inst EBS vols. |
107 |
2,42 |
SSM |
inst |
Fast patch: 3rd party SW on EC2 Linux insts. |
B)SSM Patch Manager. |
108 |
2,43 |
S3 |
LC cost & retention |
Storage access: freq <1y, after 9y archive max. resil. |
C)S3 LC >1y Standard to Glacier Deep Archive & Object Lock in compl mode for 10y. |
109 |
2,44 |
KDS |
Stream |
Streams, Ovhead: ingest to API transform & store. |
C)API GW API to KDS as source to KDF stream with λ fcts transform & S3. |
110 |
2,45 |
EC2 |
Encrypt key & cred |
Secure share AMI: MSP acc custom mngd KMS key. |
B)AMI’s launchPermission to share with Partner's acc & key plcy allow key usage by Partner's acc. |
111 |
2,46 |
EC2 AS |
Decouple |
Decouple: stateless, job scaled app, durable storage. |
C)SQS que holding jobs, ASG with app AMI launch template & scaling on SQS que items. |
112 |
2,47 |
Glue |
analytics |
Reprocess old XML: Glue ETL job to S3. |
A)job to use job bookmarks. |
113 |
2,48 |
Lambda |
data process |
Scaling: growth, vary storage app, DynamoDB metadata. |
C)Lambda to process, store photos in S3 & metadata in DynamoDB. |
114 |
2,49 |
Glb Accelerator |
glb website/DNS |
Expand: 2nd US region, NLB apps, US&EU clients. |
B)standard glb Accelerator endpt groups us-west-2/ eu-west-1 & NLB endpts. |
115 |
2,50 |
EC2 |
storage IOPS |
Max I/O perf: 10TB media storage, & 900TB archive. |
D)max perf EC2 inst store, S3 durable storage, Glacier archive. |
116 |
2,51 |
EKS |
Inst node |
Cost, Ovhead: container app tolerating disruptions. |
B)Spot insts in EKS managed node group. |
117 |
2,52 |
S3 |
Compliance |
Comply no modify/ delete: >1y S3 of med. Trial. |
B)S3 Object Lock compliance mode with retention= 365d. |
118 |
2,53 |
EC2 |
Inst |
Cost, no downtime: process vary SQS msgs. |
D)Reserved/ On-demand insts for baseline/ additional load. |
119 |
2,54 |
EC2 |
HA AZ |
HA, no changes: single AZ app insts. |
B)ASG with 3 insts across each of 2 AZ in 1 region. |
120 |
2,55 |
DynamoDB |
static/dyn |
HA & fast read/write scale: website min maint & patching. |
A)CF distri for S3 static content, & dyn API GW endpt, Lambda & on-demand DynamoDB table. |
121 |
2,56 |
EB |
migr app & DB |
Migr HA, min dev: MS .NET app. |
E)DMS migr Oracle to RDS Multi-AZ, B)EB .NET platform rehost app with Multi-AZ deploy. |
122 |
2,57 |
SQS |
request |
Prevent request loss: API GW, λ fct to limited DynamoDB. |
D)SQS que with Lambda buffering writes to DynamoDB. |
123 |
2,58 |
Glb Accelerator |
moni |
Glb low latency: health moni regional ALB apps. |
A)glb Accelerator with ALB as endpt,& port listener with regional endpt. |
124 |
2,59 |
Macie |
analytic query |
Latency: high-traffic protected data query. |
B)DynamoDB employee data hyrarchies, mthly to S3, E)Macie for acc, integrate Macie & EventBridge mthly SNS. |
125 |
2,60 |
FSx |
Storage |
Process lab multi Linux insts: sub-mil & 6GB/s. |
B)FSx Lustre SSD, raw data S3 import/ export, mount to insts. |
126 |
2,61 |
TA |
Billing |
Cost: 90d on-demand RDS Oracle, TA checks. |
A)TA recos from RDS insts acc, D)Review the TA check for RDS Idle DB Insts. |
127 |
2,62 |
Aurora |
DB query,reads |
Latency, min changes: RDS RR peak consistency. |
A)Migr DB to Aurora MySQL & replace MySQL RR with Aurora RR AS. |
128 |
2,63 |
EC2 AS |
Optim CPU util |
Ovhead: AS 30Min start/ batch, CPU util vary, base60%. |
C)ASG predictive scaling plcy CPU-util=60%, insts pre-launch 30Min before job run. |
129 |
2,64 |
Glb Accelerator |
UDP & TCP |
HA & perf: 53 to onprem UDP app. |
A) glb Accelerator & 3regional NLB onprem endpts, CNAME access: accelerator DNS. |
130 |
2,65 |
Snowball |
migr large/ fast |
Cost migr: NAS encrypt 600TB/2wk, pub upload 100 MB/s. |
C)several Snowball Edge Storage Optimized devices to S3. |
131 |
3,01 |
StepFct |
up/download |
Cost: vary, spiky S3 media upload, DynamoDB metadata. |
B)Trigger StepFcts when object is stored in S3 bkt, StepFcts process object & write metadata to DynamoDB table. |
132 |
3,02 |
CT |
logging |
Access: log S3 records & its changes. |
C)CT trail on S3 report bkt with event logs to new bkt & validation. |
133 |
3,03 |
FSx |
onprem Backup |
Fault-tolerant backup: Windows home Dir & AD access. |
B)Multi-AZ to FSx Windows joins AD. |
134 |
3,04 |
Lambda |
IAM plcy |
IAM plcy: EventBridge permsn invoke λ fct. |
D)res.-based plcy as fct action 'Lambda:InvokeFunction' & principal= :events.amazonaws.com. |
135 |
3,05 |
SQS |
monolith |
Fail >4 msg attempts: monolith deletes SQS msgs. |
B)SQS dead-letter: msg 4 times to dead-letter. |
136 |
3,06 |
EFS |
LC cost & retention |
Cost storage: NAS LC, VPC infreq sync data. |
D)EFS in VPC & LC after appropriate days to IA. |
137 |
3,07 |
SQS |
acc access |
Access w/o permsn: User to SQS acc. |
C)SQS access plcy for cross acc. |
138 |
3,08 |
KDA |
Decouple |
Decouple w/o data loss: NR/T analysis on inst fleet. |
B)KDS captures website data for KDA query & KDF to persist data on S3. |
139 |
3,09 |
Transit GW |
connect onprem |
Slow VPN throughput: onprem to AWS. |
B)Transit GW: equal cost multipath routing & VPN tunnels. |
140 |
3,10 |
ALB |
HTTP/S |
No coding: NLB ignoring HTTP errors. |
C)Replace NLB with ALB & HTTP health checks URL, AS replace unhealthy. |
141 |
3,11 |
ECS |
Scale container |
Scale HA: cont. growth container min 3 insts app. |
A)ECS Fargate desired task = 3 in a cluster with app task definitions. |
142 |
3,12 |
S3 |
object protect |
Secure pub access: static S3. |
B)S3 bkt vers & Object Lock retention,& pub static website bkt with read-only. |
143 |
3,13 |
EFS |
migr f-sys |
Doc store cost: HA, shared migr 7TB f-sys. |
D)EFS-IA, mounted to ASG insts. |
144 |
3,14 |
EC2 AS |
data process |
Occasional high, slow orders: inst app, Aurora. |
B)SQS que orders, ALB & ASG target tracking plcy on SQS que length metrics. |
145 |
3,15 |
RDS |
Encrypt rest&in-transit |
Encrypt in-transit: all RDS MySQL inst. |
D)Download AWS root certs for all connections to RDS inst. |
146 |
3,16 |
EFS |
Storage |
Persistent share, Ovhead: storage & EKS Fargate. |
B)Register EFS f-sys in EKS storage class object with same f-sys for all containers. |
147 |
3,17 |
CFN |
Failover |
Failover: S3 & app to 2nd region |
D)CFN app & S3 bkt parameter for S3 CRR; DR with CFN template deploy & local S3 bkt=parameter. |
148 |
3,18 |
EC2 |
Inst |
Cost: predictable daily/ weekly load, HA app insts. |
B)Reserved/ Spot insts for baseline/ additional load. |
149 |
3,19 |
VPC |
IP access |
Secure access: app & RDS inst, glb dyn IP adr. |
A)0.0.0.0/0 to Web server Sgrp inbound 443, & DB inst Sgrp for inbound 3306 from web servers Sg. |
150 |
3,20 |
Transfer |
data lake |
Ovhead, HA: transfer SFTP to S3 data lake. |
A)Transfer Family with SFTP-enabled server, pub endpt & S3 data lake= destination. |
151 |
3,21 |
DynamoDB |
Backup |
Min coding, same availability: Backup DynamoDB. |
B)DynamoDB export to S3 bkt with cont. backups & table PITR recovery. |
152 |
3,22 |
CW |
moni |
Perf, ops eff: app traffic stateful M5 inst tasks. |
D)Modify CFN templates, replace with R5 EC2 inst, & plan inst cap with CW agent custom metrics. |
153 |
3,23 |
SSM |
ext. inst access |
Remote access, Ovhead: repeatable inst & admin. |
B)IAM role to each inst,& SSM session manager for remote SSH session. |
154 |
3,24 |
EC2 AS |
HA AZ |
HA scalable: single CMS & DB inst. |
C)Aurora with diff AZ RR, ALB ASG inst AMI across 2 AZs. |
155 |
3,25 |
Aurora |
migr app & DB |
Migr continuous: AS MySQL transaction. |
C)Cont. DMS migr to Aurora with AS. |
156 |
3,26 |
NLB |
UDP & TCP |
Fast failover: regional UDP devices. |
B)Glb accelerator with region NLB = endpt, &NLB target = cluster svc of ECS Fargate type. |
157 |
3,27 |
Athena |
analytic query |
Ovhead, changes: simple on-demand query S3 logs. |
C)Athena directly with S3 to run queries as needed. |
158 |
3,28 |
CW |
user shared access |
Least priviledge access: to CW dashboard. |
A)Share CW dashboard with prod manager's email adr & shareable link to prod manager. |
159 |
3,29 |
CF |
IP access |
Restrict access: IP range on CF static S3 bkt. |
A)S3 bkt= CF origin & OAI read perm, B)WAF web ACL on CF distri with EC2 Sgrp IP restrict. |
160 |
3,30 |
EC2 |
Transfer cost |
Transfer cost: batched insts to 2x S3. |
C)all insts in same AZ. |
161 |
3,31 |
API GW |
Cert |
HTTPS cert: 3rd party, regional API GW. |
C)R53 to company DN & API GW endpt & attached ACM pub cert same region. |
162 |
3,32 |
S3 |
f-convert/format |
Cost: scalable 5MB pdf to jpg convert. |
A)pdf to S3 with PUT event invoke λ fct to convert to jpg & store S3. |
163 |
3,33 |
S3 |
Encrypt replica |
Encrypt & Ovhead: replica, serverless S3 analytics. |
A)New S3 bkt with CRR to other region S3 bkt, multi-Region SSE-KMS & Athena query. |
164 |
3,34 |
PrvLink |
connect onprem |
Prv connect: ext provider VPC to spec VPC svc. |
D)PrvL connect to target svc VPC endpt. |
165 |
3,35 |
Org |
Org |
Avoid missed emails: root Org notifies. |
D)same root user email adr for existing & new accs to alternate contacts in Org's console or programmatically. |
166 |
3,36 |
CF |
static/dyn |
Glb latency: news via static/dyn ALB HTTPS & API inst. |
A)1region app stack & CF for static/dyn content with ALB origin. |
167 |
3,37 |
CF |
Stream |
R/T streams: glb VOD svcs. |
A)CF |
168 |
3,38 |
Glb Accelerator |
Failover |
Auto-failover: VoIP/UDP to ASG region. |
A)NLB & associated target group with ASG & NLB as glb Accelerator endpt in each region. |
169 |
3,39 |
API GW |
response |
AS: elastic tax compute, holiday season. |
B)API GW REST API passes item names to Lambda tax computations. |
170 |
3,40 |
DynamoDB |
request |
Read delays, no reconfig: DynamoDB metadata. |
B)DAX. |
171 |
3,41 |
EB |
deploy/test region |
Ovhead, HA: Java & PHP app in test env. |
B)2 EB test env with apps,& URL swap between multiple EB test envs. |
172 |
3,42 |
RDS |
DB query,reads |
Timeouts: no interruption, 1-time RDS MySQL query. |
A)Reporting queries to RR. |
173 |
3,43 |
VPC |
connect |
Cost: ElastiCache, VPC EC2 insts same region. |
A)VPC peering route tables, ElastiCache cluster’s Sgrp inbound rule allow app’s Sg. |
174 |
3,44 |
CF |
glb website/DNS |
Glb perf w/o changes: multiling. website fleet, 1 region. |
B)ALB= CF origin, & Header cache behavior: only cache on Accept-Language request header. |
175 |
3,45 |
Storage GW |
DR |
DR least latency & change: iSCSI device. |
D)Storage GW local vol copy, sched snapshots DR restore to inst EBS vol. |
176 |
3,46 |
NLB |
NR/T data process |
R/T store NoSQL scores ASG spikes |
B)NLB distribution & DynamoDB on-demand. |
177 |
3,47 |
SES |
msg |
Ovhead: traffic rise, email svc on insts app & DB. |
B)config the web inst to send email through SES. |
178 |
3,48 |
FSx |
Storage |
Migr HP storage: hot & economic cold tiers. |
A)S3 bkt: cold data storage, D)FSx Lustre: HP parallel hot storage. |
179 |
3,49 |
PrvLink |
connect NAT |
Cost: NAT GW requests. |
A)VPC peering 2 VPC, &prv adr with API access, D)PrivateLink: API& client VPC, &PrivateLink adr: API access. |
180 |
3,50 |
AD |
User authent.& AD |
SSO onprem: mngd MS AD to Org accs. |
B)SSO with 2-way forest or domain trust to connect self-managed MS AD with Dir svc. |
181 |
3,51 |
EC2 |
Inst node |
Lowest latency: inst node, NR/T stream. |
A)enhanced networking (ENA) for each inst, C)cluster placement group. |
182 |
3,52 |
CFN |
Org |
Migr VPC Org: app's department Org, CFN stacks. |
C)Change sets before updating CFN stacks, E)CFN cross-stack ref. |
183 |
3,53 |
Shield |
DDoS & floods |
HA infra, no downtime: DDoS, Windows inst. |
A)Shield Advanced to stop DDoS attack, C)website to CF for static & dyn content. |
184 |
3,54 |
EventBridge |
REST |
Extract app: REST API statistic, email report distri. |
D)EventBridge sched. event invokes λ fct query, E)app to S3 with event to SNS topic email. |
185 |
3,55 |
Textract |
f-extract |
Ops eff, max scaled: etract med docs. |
E)Upload invokes λ fct, Textract converts to raw txt, Comprehend Medics extracts, B)S3 bkt & Athena query. |
186 |
3,56 |
S3 |
Encrypt key & cred |
Encrypt & Ovhead: : 5y storage, yearly key vrsn rotate. |
B)docs to S3 with Object Lock compl. mode, D)SSE-KMS with customer mngd KMS key rotation. |
187 |
3,57 |
SQS |
data process |
Connect issues: SNS topic ingest & λ fct |
B)SQS que & subscribe to SNS topic, E)modify λ fct to read from SQS que. |
188 |
3,58 |
R53 |
Compliance |
Nonviolating & individual: country distri rights. |
C)R53 geolocation plcy. |
189 |
3,59 |
Snowball |
migr large/ fast |
Migr: 750TB, limited 1MB/s to S3 Glacier. |
D)Snowball Edge optim devices to destination= S3 bkt with LC to S3 Glacier. |
190 |
3,60 |
EBS |
storage IOPS |
Persistent DB: host 64k IOPS on single EBS vol. |
B)Nitro-based inst with EBS provisioned IOPS SSD (io1) with 64k IOPS. |
191 |
3,61 |
CloudHSM |
Audit&Tag |
CT independend: audit key integration to clean mat. |
B)CloudHSM: LC/ audit & KMS. |
192 |
3,62 |
Storage GW |
LC cost & retention |
Cost, low ops: onprem to AWS 7y IA tape backup. |
D)Deep Archive LC via standard S3 to move backup to S3 Glacier. |
193 |
3,63 |
EC2 AS |
Optim CPU util |
Low CPU util: same fault tolerance. |
D)new launch config: smaller inst types & update ASG. |
194 |
3,64 |
S3 |
analytics |
Cost-eff failover: ms analytics, JSON retrieve >30d. |
C)S3 Standard. |
195 |
3,65 |
WAF |
attacks |
Min user impact: block high rate bad IP adrs. |
B)ALB & WAF rate-limiting rule. |
196 |
4,01 |
Lambda |
data process |
Ovhead, max scalability: Python app & JSON to SQL. |
B)λ fct to run Python process of JSON in S3, results to Aurora DB. |
197 |
4,02 |
FSx |
migr f-sys |
Persistent onprem copies: HPC Linux f-sys, Spot insts. |
A)FSx for Lustre, S3 integrated. |
198 |
4,03 |
SQS |
msg |
Ops eff msging: app intercomm >2d failed buffer. |
C)SQS que & dead-letter que for failed msgs. |
199 |
4,04 |
FSx |
migr f-sys |
Migr & share: HA Windows app to shared f-sys. |
B)FSx Windows f-server & mount each FSx f-sys to each Windows inst. |
200 |
4,05 |
DMS |
data lake |
Ovhead: cont. onprem Oracle to data lake. |
C)DMS to transfer data to S3, & Glue to transform data & integrate to S3 data lake. |
201 |
4,06 |
DX |
connect |
Cost: DX egress query, data warehouse, noncache webpage. |
D)visual tool in data warehouse region via DX in same region. |
202 |
4,07 |
EC2 AS |
Scale ASG |
Low cost dev: env ALB & ASG min 2 app insts. |
D)Reduce max insts in dev env’s ASG. |
203 |
4,08 |
Glue |
f-convert/format |
Ovhead: convert 1GB csv to Parquet in S3. |
D)S3 PUT event to λ fct invoke Glue ETL job. |
204 |
4,09 |
CF |
static/dyn |
Sharp rise: API static S3/dyn 3-tier ALB app insts. |
D)CF static content,& website requests to SQS que for EC2 insts. |
205 |
4,10 |
R53 |
Failover |
Ovhead, min changes: failover error page R53 ALB. |
B)R53 active-passive failover to S3 error page, R53 health checks ALB endpt. |
206 |
4,11 |
Aurora |
DB query,reads |
Write delays: Aurora Multi-AZ on DB reads rise & I/O. |
C)app with appropriate Aurora RR endpt. |
207 |
4,12 |
RDS |
DB query,reads |
HA & ACID: SQL queries & analytics. |
C)fully managed RDS MySQL with Multi-AZ. |
208 |
4,13 |
KMS |
Encrypt key & cred |
Encrypt auto-rotated key: native SW EBS & S3. |
B)KMS with CMK to store master key material to rotate keys. |
209 |
4,14 |
EC2 |
Storage |
Fastest temp. storage: EC2 multi-stage file storage. |
D)Multi inst store vols with sw RAID 0. |
210 |
4,15 |
RDS |
Compliance |
Backup retention: 90d Aurora. |
B)Config RDS to copy auto- snapshots to a user-managed S3 bkt with 90LC. |
211 |
4,16 |
EMR |
analytics |
Big data: SQL query & BI access. |
B)EMR data process to Redshift. |
212 |
4,17 |
KMS |
Audit&Tag |
Auditor share: RDS DB. |
D)DB encrypt. snapshot & share with KMS key access. |
213 |
4,18 |
SQS |
data process |
Multi target sys: single RDS car listing. |
D)RDS event subscribed to SNS fan out for multi SQS ques with λ fct update target. |
214 |
4,19 |
Storage GW |
onprem Backup |
Secure automation & maint: local access onprem vol backup. |
D)Storage GW vol to sw & map onprem, local mount & access vols. |
215 |
4,20 |
VPC |
internet access |
Ovhead, max secure: pub prices to ALB & prv MySQL. |
B)NAT GW in pub & prv subnet route table: internet-bound to NAT GW. |
216 |
4,21 |
ECS |
Optim CPU util |
CPU util & cost: ECS-Fargate. |
D)AS target tracking on ECS metric with CW alarm. |
217 |
4,22 |
Storage GW |
onprem f-share |
Durable NFS, low-latency: onprem to AWS storage. |
A)app data Storage GW to S3, onprem app servers to file GW using NFS. |
218 |
4,23 |
EC2 |
Inst |
Cost: too many licensed vCPU cores. |
B) config CPU cores & threads on selected inst during inst launch. |
219 |
4,24 |
CF |
HTTP/S |
Secure low latency: HTTPS near edge, 3-tiers HA. |
C)HTTPS content via pub ALB as CF origin with redundant insts in prv subnet. |
220 |
4,25 |
PrvLink |
connect onprem |
Prv VPN: onprem to ECS prv IP env. |
B)1 VPC NLB & PrivateLink endpt to ECS. |
221 |
4,26 |
NLB |
Encrypt rest&in-transit |
Secure transit: NLB to 3-tier app. |
A)TLS listener & NLB server cert. |
222 |
4,27 |
ElastiCache |
request |
Improve w/o scaling: slow game, sub-ms RDS metadata. |
C)ElastiCache for Redis layer in front DB. |
223 |
4,28 |
NLB |
UDP & TCP |
Low latency: 3mil requests/s & TCP endpt. |
A)app's pub TCP port access to NLB. |
224 |
4,29 |
VPC |
internet access |
Secure connect: internet pay svc to VPC. |
B)pay requests to NAT GW in pub subnet, &app servers in prv subnet. |
225 |
4,30 |
Org |
Org |
Least Ovhead access: Org mngmt acc to S3. |
A)S3 bkt plcy: aws:PrincipalOrgID glb key with org ID ref. |
226 |
4,31 |
VPC |
subnet route |
Most secure prv: prv λ fct to prv DB. |
B)λ fct in Sg1 with access DB's Sg2. |
227 |
4,32 |
KDS |
Stream |
Interrupted streams: KDS to S3. |
A)Change KDS 24h default retention period. |
228 |
4,33 |
SQS |
Storage |
Safe storage: during Aurora updates. |
D)SQS FIFO to new λ fct polling que to Aurora. |
229 |
4,34 |
CF |
up/download |
Cost: S3 pre-signed US&EU download. |
B)direct customer requests & signed URLs to CF & existing S3 bkt as origin. |
230 |
4,35 |
API GW |
data process |
Ovhead: hourly HTTP sensor request, mngd DB. |
A)API GW & λ fct: sensor data, process to DynamoDB. |
231 |
4,36 |
RDS |
migr large/ fast |
No perf issues: freq high onprem writes to migr MySQL. |
A)RDS MySQL inst with prov. IOPS SSD, CW monitors write ops metrics to adjust prov. IOPS if necessary. |
232 |
4,37 |
EB |
user shared access |
HA share, least changes: S3 images & 3-tier RDS MySQL. |
D)EB load-balanced Multi-AZ envs for front-end & app layer, RDS Multi-AZ DB inst, serve S3 images. |
233 |
4,38 |
EC2 |
Inst node |
Lowest latency: inst node, NR/T stream. |
B)spread placement group, C)Elastic Fabric Adapter (EFA) to each inst. |
234 |
4,39 |
EC2 |
IAM plcy |
IAM plcy: Access Denied on EC2 administrator IAM role. |
D)terminate from wrong IP (Deny ec2:Terminateinst, Res.:*) Cond.: Not IP: 192.0.2.0/24, 203.0.113.0/24. |
235 |
4,40 |
S3 |
logging |
Ovhead: aggr 3x S3 VPC flow logs in Mngmt acc. |
A)VPC flow logs to S3 bkts SRR to central S3 bkt & allow other acc's S3 objects. |
236 |
4,41 |
CW |
moni |
Ident users: CW on prv API GW & λ fct app. |
A)Config CW Lambda Insights & examine network usage graph with dashboard multi-fct view. |
237 |
4,42 |
Fargate |
static/dyn |
Changes: availability static/dyn insts, MySQL. |
C)ALB: S3 static content, & dyn Fargate for app/web server & migr DB to Aurora serverless. |
238 |
4,43 |
DynamoDB |
DB query,reads |
Glb fast & consist.: central table for regional ticket <1s. |
A)DynamoDB glb table for center reservation table, & correct endpt with read/ write each region. |
239 |
4,44 |
EC2 |
Transfer cost |
Transaction cost: latency-sensi apps throughput. |
A)insts in same region & AZ, &clustre placement group. |
240 |
4,45 |
Textract |
f-extract |
Ovhead: API GW & λ fct PHI ident. PDF/JPEG. |
C)Textract extracts report txt & Comprehend Medical identifies PHI from extracted txt. |
241 |
4,46 |
Amplify |
monolith |
Ovhead, no code change: split monolith for scalability. |
B)Amplify hosts monolith (fullstack) app, & connect it to API GW with Lambda. |
242 |
4,47 |
Backup |
Compliance |
Least ops retention: 7y DynamoDB. |
B)AWS Backup sched & retention plcys for table. |
243 |
4,48 |
Backup |
Backup |
Consistent backup: daily & restorable RDS >2y. |
A)RDS DB insts with AWS Backup vault & plan on daily schedule & 2y expiry. |
244 |
4,49 |
Lambda |
user shared access |
Irreg. access: async ML model API, max 1GB S3 data. |
C)API to SQS que & invoke event deploys model as λ fct, SQS que size based AS to increase λ fct’s vCPU. |
245 |
4,50 |
CF |
static/dyn |
Latency: dyn content R53 DN, ALB app, static S3. |
A)R53 for CF distri to origins: S3 bkt & ALB. |
246 |
4,51 |
SQS |
Decouple |
Min config scaling: API GW, λ fct app & Aurora. |
D)SQS que integrates 2 λ fcts: fct1 receive info, fct2 load to DB. |
247 |
4,52 |
S3 |
LC cost & retention |
S3 LC cost: random & fast retrieval <1y & IA >1y |
B)S3 Intelligent-Tiering LC >1y to Glacier Flex Retrieval, query & retrieve: Athena/Int.-Tiering, & Glacier select. |
248 |
4,53 |
Aurora |
HA AZ |
HA, min down/loss: ASG inst, 1Aurora PostgreSQL/ 1AZ. |
B)ASG multiple AZ with Multi-AZ DB & RDS Proxy inst. |
249 |
4,54 |
RDS |
DR |
DR, Ovhead: OS access, latest Oracle versn. |
A)migr Oracle to EC2 inst & set up DB replication to diff region. |
250 |
4,55 |
Lambda |
Inst |
Cost: daily 12h 3-tier app & RDS MySQL. |
D)λ fcts to start & stop DB inst with EventBridge sched rule to invoke λ fcts event target. |
251 |
4,56 |
Cognito |
User authent.& AD |
Author restrict & cost: glb fastest serverless app. |
A)Cognito authent & Lambda@Edge for authorization with CF web app. |
252 |
4,57 |
API GW |
REST |
Min code changes: prv API GW to 2 VPC REST APIs. |
B)VPC interface endpt. |
253 |
4,58 |
EBS |
storage IOPS |
Slow down if IOPS>20k: RDS, EBS gp3 SSD. |
C)Replace vol with Prov. IOPS SSD (io2) vol. |
254 |
4,59 |
VPC |
subnet route |
VPC ACL: 182.20.0.0/16, pub app inst/ prv MySQL SSL. |
B)web Sgrp to DB Sgrp inbound: MySQL 3306, D)0.0.0.0/0 to web Sgrp inbound 443 & NACL deny 182.20.0.0/16. |
255 |
4,60 |
RDS |
migr app & DB |
Migr fast: DMS, sufficient band, 80k IOPS RDS MySQL. |
A)Disable RDS inst's Multi-AZ, B)new DMS inst that has a larger inst size. |
256 |
4,61 |
WAF |
attacks |
Block botnets: fraudulent pub API requests. |
B)Integrate λ fct logic to ignore fraudulent IP adr, C)WAF targets malicious requests & trigger filter actions. |
257 |
4,62 |
CF |
glb website/DNS |
Glb site: content based user devices |
A)CF cache multiple vers, C)Lambda@Edge fct user-Agent header: spec. objects. |
258 |
4,63 |
Athena |
analytic query |
Unstable 1-time query: Athena & batched/h S3 PB bkt. |
B)S3 data partition date & region, E)Glue ETL convert .csv to Parquet. |
259 |
4,64 |
CtrTower |
connect onprem |
Prv VPC: onprem w/o internet to ap-northeast-3. |
A)CtrTower guardrails deny internet & region access, C)Org SCPS prevent VPC internet & deny region access. |
260 |
4,65 |
RDS |
Scale ASG |
AS unpredict. growth: RDS Oracle inst PL/SQL fct. |
A)AS fo RDS Oracle storage, D)ASG with average CPU scaling metric. |
261 |
5,01 |
EFS |
Storage |
Resil. ACID: storage app replace EBS. |
C)ALB w ASGs across multi AZs, & data to EFS mount target= each inst. |
262 |
5,02 |
EFS |
user shared access |
Individual access: HP ML, concur. Fargate storage. |
C)EFS file share with IAM role to Fargate. |
263 |
5,03 |
Storage GW |
onprem Backup |
Onprem backup: NFS file backup, fast access. |
D)script: copy data to Storage GW file virt appliance/ NOT onprem NFS share. |
264 |
5,04 |
RDS |
migr app & DB |
Migr app: replace DB, fast MS SQL copy. |
D)RDS SQL server Multi-AZ & RR, & restore RDS snapshot for test DB. |
265 |
5,05 |
S3 |
Encrypt rest&in-transit |
Encrypt least effort: CF origin S3 objects. |
B)S3 bkt default encrypt, inventory list of unencrypt objects for S3 Batch copy cmd to encrypt. |
266 |
5,06 |
RDS |
DR |
DR RPO<3h, RTO<2h: RDS Oracle Multi-AZ, 2 regions. |
A)DR promote RR to master in us-west-2. |
267 |
5,07 |
EC2 AS |
HA AZ |
Cost: min. 4 insts SLA. |
C)Min. 6 ASG insts on 3 AZ. |
268 |
5,08 |
EC2 AS |
Scale ASG |
App timeouts: ASG 1Min booting insts. |
C)AS step scaling & inst warmup. |
269 |
5,09 |
EFS |
Storage |
Store high freq: concurrent 10MB ECS tasks. |
B)EFS prov throughput mode. |
270 |
5,10 |
Lambda |
up/download |
Cost: S3 upload & extract metadata <5s |
B)S3 object event to λ fct extract metadata. |
271 |
5,11 |
S3 |
IAM plcy |
IAM plcy: least-privilege S3 object delete. |
D)Allow: S3:DeleteObject, Res.:bktname/*. |
272 |
5,12 |
CF |
static/dyn |
Cost: US/EU/CA users of CF static S3. |
C)CF price class restrict to only served countries. |
273 |
5,13 |
VPC |
subnet route |
Pub Sgrp to prv: ELB 433 to prv MySQL & web. |
C)Sgrp ELB port 443, & web Sgrp to port 3306 Sgrp MySQL. |
274 |
5,14 |
MQ |
HA AZ |
HA: simple app inst, ActiveMQ msg to RDS MySQL. |
D)MQ active/standby brokers on ASG insts in 2 AZ,& Multi-AZ RDS MySQL. |
275 |
5,15 |
S3 |
LC cost & retention |
Ovhead S3 LC: vary image lifes, no retrieve cost/ delay. |
A)S3 Intelligent-Tiering. |
276 |
5,16 |
Athena |
analytics |
Cost: mthly analytics of 200GB in S3. |
B)Glue data cat. with S3 Athena query & QuickSight. |
277 |
5,17 |
RDS |
Encrypt replica |
Encrypt continuous: RDS Multi-AZ, snapshot. |
A)encrypt latest DB snapshot copy, & restore encrypt snapshot to replace DB. |
278 |
5,18 |
ALB |
glb website/DNS |
Migr path-based website: DX to onprem servers. |
C)ALB path-based routing to target group with correct servers. |
279 |
5,19 |
SQS |
Decouple |
Cost, util: infreq multiple inst apps to S3 archive. |
D)redesign app: event-driven with SQS que to Lambda. |
280 |
5,20 |
ResGrp |
Audit&Tag |
Fast ident: `app` tag & value. |
D)query with AWS Resource Groups Tag Editor & report resources on tag. |
281 |
5,21 |
EC2 AS |
Optim CPU util |
CPU util & costs: known biz/night load. |
D)1 week observing CPU util when desired inst=50%, & create dyn scaling with it. |
282 |
5,22 |
VPC |
connect NAT |
Cost: replace DynamoDB's NAT inst. |
A)VPC GW endpt direct to DynamoDB. |
283 |
5,23 |
ECS |
Storage |
Ovhead: Docker app 50GB f-storage. |
C)ECS Fargate type cluster & svc with container image as task definition & EFS vol. |
284 |
5,24 |
SQS |
data process |
Ovhead, fast storage: vary S3 upload, transfer JSON. |
C)S3 bkt event to SQS que λ fct to process JSON to DynamoDB. |
285 |
5,25 |
DX |
migr large/ fast |
Fast migr: 200TB SAN via 500 MB/s to S3. |
D)10 GB/s DX migr initial 200TB to S3 with file sync app, sync data changes until SAN decommissioned. |
286 |
5,26 |
KDF |
Stream |
NR/T encrypt, Ovhead: analysis, central Parquet storage. |
D)KDF stream to S3 with KDA. |
287 |
5,27 |
Org |
Org |
FullAccess SCP plcy: OU create S3 bkt in 1 region. |
B)SCP with 'Deny string not like us-east-2'. |
288 |
5,28 |
Aurora |
request |
No coding: non-response sharp writes, 2-tier/ RDS MySQL. |
D)migr to Aurora Serverless with max cap units (ACUs) for traffic increases. |
289 |
5,29 |
SQS |
request |
Slow R/T API writes: min RDS connects & loss. |
C)API to SQS que & invokes λ fct writes to DB. |
290 |
5,30 |
Glue |
f-convert/format |
Ovhead: no bandwidth migr & transfer 50TB/wk. |
C)Copy to Snowball Edge Storage optim device with Glue custom transform job. |
291 |
5,31 |
Transcribe |
f-extract |
PII remove: S3 voice based txt record. |
C)S3 bkt audio file upload & invoke λ fct for Transcribe job to remove PII & store in other S3 bkt. |
292 |
5,32 |
R53 |
DR |
DR RTO/RPO 30min: ALB, inst app & Aurora. |
A)Required infra region2, & R53 active-passive failover, Aurora replica region 2. |
293 |
5,33 |
Redshift |
Compliance |
Audit record DB: 7day, predict. read&write, RPO<5h. |
C)Redshift concur. scaling, audit logging, 4h DB snapshots. |
294 |
5,34 |
API GW |
User authent.& AD |
Subscribers control & Ovhead: API GW. |
D)API usage plan & access keys to limit non-subscription user. |
295 |
5,35 |
API GW |
static/dyn |
Ovhead, ms latency: 1-deal-a-day website. |
D)CF static S3 bkt origin, & parallel API GW to λ fcts to DynamoDB. |
296 |
5,36 |
Lambda |
IAM plcy |
IAM plcy: least priviledge λ fct access DynamoDB table. |
A)Allow DynamoDB:PutItem,:UpdateItem,:DeleteItem, Res.:DynamoDB:table/books. |
297 |
5,37 |
DMS |
HA AZ |
HA, Ovhead: eventual consist., 1AZ NoSQL DB. |
D)modify ASG to EC2 insts across 3 AZs, &DMS migr embedded NoSQL DB to DynamoDB. |
298 |
5,38 |
CF |
glb website/DNS |
Perf: remove CF cache & S3 website content. |
B)S3 bkt content delete & invalidate CF file path to clear cache. |
299 |
5,39 |
KDF |
analytics |
Ovhead: NR/T analytic app process. |
D)KDF ingestion, transform with Lambda, & write to ES. |
300 |
5,40 |
Aurora |
Inst node |
Ovhead, timeout: app’s λ fct access Aurora. |
D)RDS Proxy, cluster as target DB, λ fcts to connect to proxy, not cluster. |
301 |
5,41 |
Transit GW |
connect onprem |
Connect onprem: via 600 MB/s to 2 intercomm VPC/region. |
D)Transit GW & 2 attached VPCs, VPN tunnel to transit GW. |
302 |
5,42 |
ALB |
subnet route |
ALB to prv app insts. |
D)pub subnets in each AZ with ALB & pub subnet route tables to prv subnets. |
303 |
5,43 |
Secrets Mgr |
Encrypt key & cred |
Creds & Ovhead: mthly rotate, RDS multi-region maint. |
A)multi-region secret replication in Secrets Mngr with & sched regional rotation. |
304 |
5,44 |
Config |
moni |
Unauth changes: moni config of S3 bkt. |
A)Config with appropriate rules. |
305 |
5,45 |
RDS |
Inst |
Cost: mthly test RDS MySQL inst, no compute impact. |
C)snapshot after tests, terminate DB inst & restore snapshot when required. |
306 |
5,46 |
ALB |
HTTP/S |
Separation: website HTTPS requests. |
C)ALB Listener rule to redirect HTTP to HTTPS. |
307 |
5,47 |
FSx |
migr f-sys |
Migr, no changes, Ovhead: fast 5TB VPN & Windows f-sys. |
D)FSx Windows on AWS, onprem load & files to FSx File GW onprem. |
308 |
5,48 |
S3 |
LC cost & retention |
Cost: critical, immediate S3 retrieve, IA <30d, delete >4y. |
C)S3 bkt LC>30d to S3 Standard-IA, delete files >4y. |
309 |
5,49 |
DataSync |
onprem f-share |
Secure transfer: onprem SAN JSON, NR/T to S3. |
B)DataSync over DX. |
310 |
5,50 |
S3 |
Transfer cost |
Transfer cost: EU firm access US S3 bkt data. |
A)Requester Pays. |
311 |
5,51 |
WAF |
attacks |
Protect, least effect: SQL inject, API GW script attacks. |
A)WAF in 2 regions with regional web ACLs & API stage. |
312 |
5,52 |
RDS |
connect |
Least change: timeout, high CPU util/ open Aurora connect. |
B)RDS Proxy for DB, modify λ fct for RDS Proxy & not DB endpt. |
313 |
5,53 |
SQS |
monolith |
No inter-comm: ECS replaces monolith. |
B)SNS topic, data producer’s code, notifications to topic & data consumers subscribed to topic. |
314 |
5,54 |
EC2 |
Failover |
Auto-failover & HA: EC2 DB inst app. |
A)Launch 2 insts in diff AZ, same region with DB in cluster & replication. |
315 |
5,55 |
SQS |
msg |
Failed order: auto-reprocess RDS requests. |
C)ASG insts with order sys sending msgs to SQS que & insts to consume msgs. |
316 |
5,56 |
CF |
up/download |
Cost-eff & resil: upload infreq SFTP to CF. |
C)CF with OAI to prv S3 bkt & website content upload via AWS CLI. |
317 |
5,57 |
EC2 AS |
Scale ASG |
Cost-eff scale up: ALB-ASG app insts, biz/night 2/20. |
A)Sched action with desired cap= 20, shortly before office opens. |
318 |
5,58 |
Aurora |
DB query,reads |
Latency, min changes: 3-tier, PostgreSQL query S3 reports. |
B)Aurora PostgreSQL DB cluster & Replica with queries for reports. |
319 |
5,59 |
Storage GW |
onprem f-share |
Ovhead: store CSV in NR/T network share, daily reports. |
B)S3 File GW, biz sys with S3 File GW network share. |
320 |
5,60 |
DynamoDB |
NR/T data process |
NR/T scale app: persistent S3 data. |
A)DynamoDB trigger λ fct parse payload/data to S3, B)SQS que to trigger λ fct parse payload/writes to S3. |
321 |
5,61 |
Config |
Audit&Tag |
Safeguard CT: for comply audit. |
A)CT log file validation, E)Config rule monitor CT config on SSE-KMS. |
322 |
5,62 |
Org |
User authent.& AD |
Central Dir svc: move from single to Multi-acc archi. |
A)Org with all features & new accs, E)Org SSO connect to corporate dir svc. |
323 |
5,63 |
VPC |
internet access |
Prv VPC route: config prv λ fct & DynamoDB. |
A)VPC endpt allows write to spec. DynamoDB tables, D)Lambda execution role access VPC endpt GW. |
324 |
5,64 |
LFN |
analytic query |
Ovhead 1-time query: BI & KPI, central sensor stream. |
A)Athena 1-time query & QuickSight KPI, E)LFN blueprints for data lake ident, Glue crawl to S3 in Parquet. |
325 |
5,65 |
SQS |
Encrypt rest&in-transit |
Encrypt & author: at rest/in-transit SQS/SNS. |
B)SNS customer managed key & its plcy, D)SQS with customer managed key plcy: principals, only TLS. |
326 |
6,01 |
S3 |
IAM plcy |
IAM plcy: access to 2x S3 named bkts. |
A)Allow s3:ListBucket, Res:s3:bkt1; Allow s3:GetObject, PutObject, Res:s3:bkt1/*; Deny s3:*,Res: s3:bkt2, s3:bkt2/*. |
327 |
6,02 |
FSx |
onprem Backup |
Least effort backup: min 1wk, SMB server. |
A)FSx Windows file shares & desired backup storage. |
328 |
6,03 |
EFS |
onprem f-share |
HA analytics store: onprem & multi AZ insts. |
D)EFS to onprem servers, & copy files to EFS. |
329 |
6,04 |
EC2 AS |
HA AZ |
HA 3-tier app: 3AZ, experienced load metric. |
D)EC2 ASG target tracking & ALB. |
330 |
6,05 |
S3 |
HA AZ |
HA 99% , cost: S3 static website. |
A)deploy app to S3 bkt & vers disabled in 1 region. |
331 |
6,06 |
EC2 AS |
Scale ASG |
Cost: overnight S3 shelve images, ALB inst workers. |
D)SQS msg with images on scale-in protected Spot insts, ASG with dyn. scaling & CW que msg metric. |
332 |
6,07 |
VPC |
connect |
Cost-eff connect: 2 intercomm VPC in 1 region/acc. |
C)VPC peering between VPCs, & update route tables for peering. |
333 |
6,08 |
Redshift |
f-convert/format |
Cost: join S3 csv eff with Redshift reports. |
A)Redshift Spectrum: S3 bkt query & join data in Redshift, &QuickSight visualizations. |
334 |
6,09 |
Aurora |
DR |
DR RTO=15Min: failover to 2nd region, Aurora MySQL. |
D)Aurora glb DB cluster in region1, &EventBridge rule to λ fct promote cluster2. |
335 |
6,10 |
KDS |
Stream |
Cost-eff NR/T Clickstream. |
D)KDF, E)KDA query. |
336 |
6,11 |
ElastiCache |
request |
Slow game: mobile read/write peak, growth of RDS. |
D)Modify game with Redis ElastiCache before DB inst. |
337 |
6,12 |
DocDB |
migr app & DB |
Migr, no changes, Ovhead: K8 & MongoDB. |
D)EKS Fargate for compute & DocumentDB with MongoDB compatibility. |
338 |
6,13 |
Billing |
Billing |
Ovhead: view project expenses. |
D)Billing cost allocaction tags & reports on it. |
339 |
6,14 |
VPC |
IP access |
Ovhead: expand IP adr space, 10.10.1.0/24 CIDR block. |
B)secondary CIDR block of 10.10.2.0/24 to VPC. |
340 |
6,15 |
DynamoDB |
user shared access |
Secure: 3-tier inst access prv DynamoDB, hide API creds. |
B)app insts with inst profile including IAM role for read & write on DynamoDB tables. |
341 |
6,16 |
S3 |
up/download |
Fast & simple: glb transfer to S3 bkt. |
A)destination bkt S3TA, &multipart uploads. |
342 |
6,17 |
EFS |
Storage |
Store mounted ECS: to EC2 across AZs, 3GB/s burst. |
B)ECS task definitions mount EFS vol at launch. |
343 |
6,18 |
DX |
connect |
Dedicated connect: 2 regions 4GB/s. |
C)1DX GW & 1x 4GB/s DX partner hosted connection, associated with DX GW. |
344 |
6,19 |
EMR |
Inst node |
Cost-eff migr: intra-day on-demand ETL Hadoop to EMR. |
A) zonal res. insts for master & core nodes, use Spot Fleet for the task nodes. |
345 |
6,20 |
ECS |
Encrypt rest&in-transit |
IAM role security: ECS app, ALB & EFS. |
A)Decompose ECS IAM inst role & use only ECS task roles, B)EFS in transit encrypt. |
346 |
6,21 |
FSx |
migr large/ fast |
HPC access: Snowball Edge, sub-mil/ high-throughput. |
B)S3 bkt import via FSx Lustre f-sys to access HPC cluster inst. |
347 |
6,22 |
Aurora |
Encrypt key & cred |
Custom mngd key: share Aurora backup. |
B)DB snapshot & add acquiring company's acc to KMS key plcy, Share snapshot with acquiring company's acc. |
348 |
6,23 |
EKS |
Encrypt rest&in-transit |
Encrypt at rest & Ovhead: EKS & EBS KMS-CMK. |
B)CMK encrypt of EBS vols in EKS cluster, D)IAM role perm to CMK & associate with EKS cluster. |
349 |
6,24 |
SQS |
msg |
Ovhead: SQS dubl. emails. |
C)Increase SQS visibility timeout> timeout of total fct + batch window. |
350 |
6,25 |
Lambda |
data process |
Persistent data: λ fct, API GW & Aurora. |
A)λ fct split in 2, &fct 1 receives API GW & sends to SQS, SQS item to fct 2 to Aurora. |
351 |
6,26 |
ElastiCache |
request |
Slow read/query: ASG app, RDS PostgreSQL inst. |
B)read traffic to RR for RDS inst, D)app to cache queries in ElastiCache. |
352 |
6,27 |
Glue |
f-convert/format |
Low dev: covert S3 csv to Parquet. |
B)Glue crawler, & ETL job for csv convert to Parquet to S3. |
353 |
6,28 |
AppFlow |
data process |
Ovhead, slow multi source: (SaaS) app to S3 bkt. |
B)AppFlow flow transfers SaaS source to S3 bkt, & S3 upload events to SNS topic. |
354 |
6,29 |
EventBridge |
moni |
Min Ovhead alert: inst CreateImage API. |
C) EventBridge rule for CreateImage API call with SNS topic alert when a Createlmage API call is detected. |
355 |
6,30 |
S3 |
Compliance |
Control change: & delete of S3 object. |
D)S3 Object Lock legal hold & vers with s3:PutObjectLegalHold perm to user’s IAM plcys to delete objects. |
356 |
6,31 |
EFS |
Storage |
Improve file visibility: only 1 doc subset. |
C)EBS vol copies to EFS & changed app saves docs to EFS. |
357 |
6,32 |
SQS |
data process |
Stateless & durable: auto-process S3 images. |
A)image upload S3 bkt to SQS que, B)SQS que invocate to λ fct & delete msg after. |
358 |
6,33 |
Config |
Audit&Tag |
Min eff auto-check: Redshift cluster tags. |
A)Config rules to define & detect non properly tagged resources. |
359 |
6,34 |
FSx |
onprem f-share |
Durable, HA storage: 2 Windows file shares/inst. |
C)Migr to FSx Windows & extend file share to FSx Windows with Multi-AZ. |
360 |
6,35 |
VPC |
subnet route |
VPC Sgrp: DB subnet access. |
C)Sgrp allows inbound traffic from Sgrp that is assigned to insts in the prv subnets & attach Sgrp to DB insts. |
361 |
6,36 |
Rekognition |
Compliance |
Min dev image share: w/o inapprop. content. |
B)Rekognition detects inappropriate content, human review of low-confidence predicts. |
362 |
6,37 |
KDF |
Stream |
Daily glb clickstream: 30TB to platform. |
D)KDS collect with KDF transmit to S3 data lake & load to Redshift analysis. |
363 |
6,38 |
Secrets Mgr |
Encrypt key & cred |
Creds & Ovhead: : auto rotated, inst app & RDS. |
C)EC2 role access to DB creds in Secrets Mngr with auto rotation. |
364 |
6,39 |
VPC |
up/download |
Cost: photo up/download, same S3 bkt region. |
D)S3 VPC GW endpt to VPC & endpt access plcy to S3 bkts. |
365 |
6,40 |
Aurora |
DB query,reads |
Slow transfer: no interrupt, app prod to staging MySQL. |
B)Aurora MySQL, prod: Multi-AZ RR & staging: cloning DB on-demand. |
366 |
6,41 |
CF |
static/dyn |
Ovhead, scalable: quarterly patched static website. |
A)CF for website with HTTPS, D)static S3 website. |
367 |
6,42 |
EC2 |
Inst |
Cost-eff insts: unpredict. & interrupt. Fargate/ Lambda. |
A)Spot insts for data ingestion layer, C)1y Compute Savings Plan front end & API layer. |
368 |
6,43 |
RDS |
migr app & DB |
Min data loss: 2 node transaction to MySQL DB. |
B)Multi-AZ RDS MySQL DB inst with sync replication. |
369 |
6,44 |
DynamoDB |
LC cost & retention |
Cost, dev eff: data <30d in DynamoDB. |
D)app attribute= current timestamp + 30d= DynamoDB TTL. |
370 |
6,45 |
EC2 AS |
msg |
Slow-down on growth: app1 & SQS msg, app2 invites. |
D)invitation app with ASG to scale on SQS que depth. |
371 |
6,46 |
CW |
NR/T data process |
Serverless NR/T: report AS events to dashboard & S3. |
A)CW metric streams EC2 AS status data to KDF & store in S3. |
372 |
6,47 |
Glb Accelerator |
glb website/DNS |
Expand: HA & latency to 2nd ALB region. |
C)ALB insts in region2 & glb Accelerator endpt group with 2 region load balancer endpts. |
373 |
6,48 |
KDS |
NR/T data process |
Eff iOT R/T preserve: event data. |
A)KDS R/T events with equip. partition, & KDF to S3. |
374 |
6,49 |
Aurora |
DB query,reads |
Unequal query: EU app R53 geoprox. to US MySQL DB. |
D)migr to Aurora MySQL glb DB compatability mode & RRs in 1 EU region. |
375 |
6,50 |
AD |
User authent.& AD |
Secure archi & Ovhead: AD & app on same inst. |
A)Uninstall current AD & change Directory svc to mngd AD. |
376 |
6,51 |
SQS |
static/dyn |
Decouple, scalability: static front, RDS backend. |
D)Static S3 front-end; requests to API GW, SQS & backend ASG insts, que depth scaled to RDS. |
377 |
6,52 |
Shield |
attacks |
Prevent attacks: new common vulnerables, ALB app inst. |
B)appropriate managed rule for AWS WAF & associate it with ALB. |
378 |
6,53 |
RDS |
DB query,reads |
Latency, min changes: read overload of single RDS MySQL. |
A)RDS RR with read-only to RR endpts, RDS Multi-AZ. |
379 |
6,54 |
IAM |
IAM plcy |
Interpret IAM plcy 1&2 actions. |
C)delete EC2 insts Allow IAM:Get*,IAM:List*,KMS:List*,ds:*,ec2:*,logs:Get*; Res.:*; &Deny ds.delete*, Res.:*. |
380 |
6,55 |
EC2 AS |
response |
Response time SLA: I/O-intense SQS msgs. |
D)inst based AMI launch in ASG tracking on oldest SQS msg. |
381 |
6,56 |
DX |
connect onprem |
Secure, scalable: onprem to shareless S3 VPC, 1region. |
A)DX & VPN connection for each VPC to connect back to the data center. |
382 |
6,57 |
ECS |
Scale container |
Scale, no infra change: min maint, container app. |
A)ECS cluster, D)ECS Fargate type with desired task=2. |
383 |
6,58 |
FSx |
migr f-sys |
Migr, no changes: f-sys LINUX/ Windows apps, data dupl. |
D)Migr to inst: a)sim app to Linux, b)visual app to Windows, &FSx NetApp ONTAP for storage. |
384 |
6,59 |
API GW |
static/dyn |
Cost: dyn contact S3 static website |
B)API GW endpt with Lambda backend call to SES. |
385 |
6,60 |
CF |
User authent.& AD |
User access, min change: CF coded URL to S3 videos. |
A)signed cookies, B)signed URLs. |
386 |
6,61 |
S3 |
Encrypt rest&in-transit |
Encrypt: all S3 uploaded objects. |
D)bkt plcy deny: PutObject w/o x-amz-server-side-encryption header set. |
387 |
6,62 |
EBS |
Scale ASG |
Initial latency: sharp rise, ASG-AMI. |
B)EBS FSR provision new AMI & replace AMI in ASG. |
388 |
6,63 |
Batch |
Inst |
Ovhead: sched 1h tasks on 1 inst scalability. |
A)AWS Batch to run scheduled job tasks with EventBridge. |
389 |
6,64 |
ECS |
Optim CPU util |
Const. CPU util: simple 1h job ops of S3 records. |
C)ECS Fargate type & sched. EventBridge event for ECS task to run job. |
390 |
6,65 |
Glb Accelerator |
Failover |
Latency, region failover: glb UDP, N-stored response. |
B)glb Accelerator, 2 NLB/2 regions as endpt, Fargate ECS cluster svc cluster = NLB target. |