In a move toward using microservices, a company's management team has asked all development teams to build their services so that API requests depend only on that service's data store. One team is building a Payments service which has its own database; the service needs data that originates in the Accounts database. Both are using Amazon DynamoDB.
What approach will result in the simplest, decoupled, and reliable method to get near-real time updates from the Accounts database?
A developer is creating an AWS Lambda function that needs network access to private resources in a VPC.
Comprehensive Detailed Step by Step Explanation with All AWS Developer Reference:
When you need to provide an AWS Lambda function access to private resources in a VPC, the most common and straightforward approach is to attach the Lambda function to a VPC via private subnets. Once the Lambda function is associated with the VPC, you need to configure appropriate security groups to control the access to the private resources.
Lambda with VPC Access: Lambda functions can be attached to private subnets in a VPC, allowing them to access resources like RDS, EC2, or internal services within that VPC.
Security Groups: A security group acts as a virtual firewall for the Lambda function, ensuring that it can access only the necessary resources and ports in the VPC.
Alternatives:
Option B involves routing traffic through a VPN, which adds unnecessary complexity and operational overhead compared to simply attaching the Lambda to the VPC.
Option C requires configuring a VPC endpoint and a NAT gateway, which can be complex and costly.
Option D refers to AWS PrivateLink, which is used to access services over private connections, but it's unnecessary in this scenario unless you need a cross-VPC connection.
A company runs a payment application on Amazon EC2 instances behind an Application Load Balance The EC2 instances run in an Auto Scaling group across multiple Availability Zones The application needs to retrieve application secrets during the application startup and export the secrets as environment variables These secrets must be encrypted at rest and need to be rotated every month.
Which solution will meet these requirements with the LEAST development effort?
AWS Secrets Manager:Built for managing secrets, providing encryption, automatic rotation, and access control.
Customer Master Key (CMK):Provides an extra layer of control over encryption through AWS KMS.
Automatic Rotation:Enhances security by regularly changing the secret.
User Data Script:Allows secrets retrieval at instance startup and sets them as environment variables for seamless use within the application.
AWS Secrets Manager Documentation:https://docs.aws.amazon.com/secretsmanager/
AWS KMS Documentation:https://docs.aws.amazon.com/kms/
User Data for EC2 Instances:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html
An Amazon Simple Queue Service (Amazon SQS) queue serves as an event source for an AWS Lambda function In the SQS queue, each item corresponds to a video file that the Lambda function must convert to a smaller resolution The Lambda function is timing out on longer video files, but the Lambda function's timeout is already configured to its maximum value
What should a developer do to avoid the timeouts without additional code changes'?
Visibility Timeout: When an SQS message is processed by a consumer (here, the Lambda function), it's temporarily hidden from other consumers. Visibility timeout controls this duration.
How It Helps:
Increase the visibility timeout beyond the maximum processing time your Lambda might typically take for long videos.
This prevents the message from reappearing in the queue while Lambda is still working, avoiding premature timeouts.
A developer is creating an Amazon DynamoDB table by using the AWS CLI The DynamoDB table must use server-side encryption with an AWS owned encryption key
How should the developer create the DynamoDB table to meet these requirements?
Default SSE in DynamoDB:DynamoDB tables are encrypted at rest by default using an AWS owned key (SSE-S3).
No Additional Action Needed:Creating a table without explicitly specifying a KMS key will use this default encryption.
Tasia
3 days agoToi
19 days agoSabra
29 days agoAvery
1 months agoDyan
2 months agoEve
2 months agoSolange
2 months agoErick
3 months agoTeddy
3 months agoColeen
3 months agoIlona
4 months agoAn
5 months agoLavera
5 months agoEdwin
5 months agoKaitlyn
6 months agoCordelia
6 months agoTroy
6 months agoClorinda
6 months ago