A company is running a large containerized workload in the AWS Cloud. The workload consists of approximately 100 different services. The company uses Amazon Elastic Container Service (Amazon ECS) to orchestrate the workload.
Recently, the company's development team started using AWS Fargate instead of Amazon EC2 instances in the ECS cluster. In the past, the workload has come close to running the maximum number of EC2 instances that are available in the account.
The company is worried that the workload could reach the maximum number of ECS tasks that are allowed. A solutions architect must implement a solution that will notify the development team when Fargate reaches 80% of the maximum number of tasks.
What should the solutions architect do to meet this requirement?
A company has developed a new release of a popular video game and wants to make it available for public download The new release package is approximately 5 GB in size. The company provides downloads for existing releases from a Linux-based publicly facing FTP site hosted in an on-premises data center The company expects the new release will be downloaded by users worldwide The company wants a solution that provides improved download performance and low transfer costs regardless of a user's location
Which solutions will meet these requirements'?
Create an S3 Bucket:
Navigate to Amazon S3 in the AWS Management Console and create a new S3 bucket to store the game files. Enable static website hosting on this bucket.
Upload Game Files:
Upload the 5 GB game release package to the S3 bucket. Ensure that the files are publicly accessible if required for download.
Configure Amazon Route 53:
Set up a new domain or subdomain in Amazon Route 53 and point it to the S3 bucket. This allows users to access the game files using a custom URL.
Use Amazon CloudFront:
Create a CloudFront distribution with the S3 bucket as the origin. CloudFront is a content delivery network (CDN) that caches content at edge locations worldwide, improving download performance and reducing latency for users regardless of their location.
Publish the Download URL:
Use the CloudFront distribution URL as the download link for users to access the game files. CloudFront will handle the efficient distribution and caching of the content.
This solution leverages the scalability of Amazon S3 and the performance benefits of CloudFront to provide an optimal download experience for users globally while minimizing costs.
Reference
Amazon CloudFront Documentation
Amazon S3 Static Website Hosting
A company has implemented a new security requirement According to the new requirement, the company must scan all traffic from corporate AWS instances in the company's VPC for violations of the company's security policies. As a result of these scans the company can block access to and from specific IP addresses.
To meet the new requirement, the company deploys a set of Amazon EC2 instances in private subnets to serve as transparent proxies The company installs approved proxy server software on these EC2 instances The company modifies the route tables on all subnets to use the corresponding EC2 instances with proxy software as the default route The company also creates security groups that are compliant with the security policies and assigns these security groups to the EC2 instances
Despite these configurations, the traffic of the EC2 instances in their private subnets is not being properly forwarded to the internet.
What should a solutions architect do to resolve this issue?
Identify Proxy EC2 Instances:
Determine which EC2 instances in the private subnets are running the proxy server software.
Disable Source/Destination Checks:
For each of these EC2 instances, go to the AWS Management Console.
Navigate to the EC2 dashboard, select the instance, and choose 'Actions' > 'Networking' > 'Change Source/Dest. Check'.
Disable the source/destination check for these instances.
Disabling source/destination checks allows the EC2 instances to route traffic appropriately, enabling them to function as network appliances or proxies. This ensures that traffic from other instances in the private subnets can be routed through the proxy instances to the internet, meeting the company's security requirements.
Reference
Amazon EC2 User Guide on Source/Destination Checks
A company creates an AWS Control Tower landing zone to manage and govern a multi-account AWS environment. The company's security team will deploy preventive controls and detective controls to monitor AWS services across all the accounts. The security team needs a centralized view of the security state of all the accounts.
Which solution will meet these requirements'?
Enable AWS Security Hub:
Navigate to the AWS Security Hub console in your management account and enable Security Hub. This process integrates Security Hub with AWS Control Tower, allowing you to manage and monitor security findings across all accounts within your organization.
Designate a Delegated Administrator:
In AWS Organizations, designate one of the AWS accounts as the delegated administrator for Security Hub. This account will have the responsibility to manage and oversee the security posture of all accounts within the organization.
Deploy Controls Across Accounts:
Use AWS Security Hub to automatically enable security controls across all AWS accounts in the organization. This provides a centralized view of the security state of all accounts and ensures continuous monitoring and compliance.
Utilize AWS Security Hub Features:
Leverage the capabilities of Security Hub to aggregate security alerts, run continuous security checks, and generate findings based on the AWS Foundational Security Best Practices. Security Hub integrates with other AWS services like AWS Config, Amazon GuardDuty, and AWS IAM Access Analyzer to enhance security monitoring and remediation.
By integrating AWS Security Hub with AWS Control Tower and using a delegated administrator account, you can achieve a centralized and comprehensive view of your organization's security posture, facilitating effective management and remediation of security issues.
Reference
AWS Security Hub now integrates with AWS Control Tower77
AWS Control Tower and Security Hub Integration76
A software as a service (SaaS) company provides a media software solution to customers The solution is hosted on 50 VPCs across various AWS Regions and AWS accounts One of the VPCs is designated as a management VPC The compute resources in the VPCs work independently
The company has developed a new feature that requires all 50 VPCs to be able to communicate with each other. The new feature also requires one-way access from each customer's VPC to the company's management VPC The management VPC hosts a compute resource that validates licenses for the media software solution
The number of VPCs that the company will use to host the solution will continue to increase as the solution grows
Which combination of steps will provide the required VPC connectivity with the LEAST operational overhead'' (Select TWO.)
Create a Transit Gateway:
Step 1: In the AWS Management Console, navigate to the VPC Dashboard.
Step 2: Select 'Transit Gateways' and click on 'Create Transit Gateway'.
Step 3: Configure the transit gateway by providing a name and setting the options for Amazon side ASN and VPN ECMP support as needed.
Step 4: Attach each of the company's VPCs and relevant subnets to the transit gateway. This centralizes the network management and simplifies the routing configurations, supporting scalable and flexible network architecture.
Set Up AWS PrivateLink:
Step 1: Create a Network Load Balancer (NLB) in the management VPC that points to the compute resource responsible for license validation.
Step 2: Create an AWS PrivateLink endpoint service pointing to this NLB.
Step 3: Allow each customer's VPC to create an interface endpoint to this PrivateLink service. This setup enables secure and private communication between the customer VPCs and the management VPC, ensuring one-way access from each customer's VPC to the management VPC for license validation.
This combination leverages the benefits of AWS Transit Gateway for scalable and centralized routing, and AWS PrivateLink for secure and private service access, meeting the requirement with minimal operational overhead.
Reference
Amazon VPC-to-Amazon VPC Connectivity Options
AWS PrivateLink - Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Connecting Your VPC to Other VPCs and Networks Using a Transit Gateway
Avery
11 days agoVi
14 days agoLashawn
23 days agoBette
27 days agoTammi
28 days agoTonette
1 months agoReuben
1 months agoNorah
2 months agoBrinda
2 months agoJesus
3 months agoLizbeth
3 months agoKassandra
4 months agoDella
4 months agoCarli
4 months agoAleta
4 months agoLeonora
4 months agoMelynda
5 months ago