SOA-C02 Exam Dumps - AWS Certified SysOps Administrator - Associate (SOA-C02)

https://aws.amazon.com/blogs/security/how-to-enable-secure-access-to-kibana-usin g-aws-single-sign-on/

https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-cogn ito-auth.html

Since the EC2 instance is attempting to access the internet using HTTP (port 80) but is configured only to allow HTTPS (port 443) traffic, the security group needs adjustment:

Security Group Configuration: The outbound rules of the security group associated with the EC2 instance must allow traffic over HTTP. Add an outbound rule that enables port 80 to destination 0.0.0.0/0. This rule will allow the instance to send HTTP requests to any IP address on the internet.

Test Connectivity: After updating the security group, test the connectivity using the curl command again to ensure the configuration allows internet access via HTTP.

This change is necessary because the existing security group configuration does not permit outbound HTTP traffic, which is essential for accessing websites using HTTP.

"The limit for a backtrack window is 72 hours.....Backtracking is only available for DB clusters that were created with the Backtrack feature enabled....Backtracking "rewinds" the DB cluster to the time you specify. Backtracking is not a replacement for backing up your DB cluster so that you can restore it to a point in time....You can backtrack a DB cluster quickly. Restoring a DB cluster to a point in time launches a new DB cluster and restores it from backup data or a DB cluster snapshot, which can take hours."

https://docs.aws.amazon.com/AmazonRDS/l atest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html

To identify both tagged and untagged EC2 instances across multiple AWS Regions efficiently:

AWS Tag Editor: Tag Editor allows you to search for resources across your AWS account by tags, including both tagged and untagged resources.

Search Setup: In the Tag Editor, select all the Regions where the company operates. Specify the resource type as AWS::EC2::Instance to focus the search on EC2 instances.

View and Export Data: Execute the search to view all EC2 instances, along with their associated tags and instance IDs. This data can be exported for further analysis or reporting.

Using the Tag Editor is an operationally efficient way to quickly get a comprehensive view of resource tagging across multiple Regions, aiding in compliance and resource management tasks.

To implement a highly available solution that provides the functionality to use a minimum of three On-Demand instances and three Spot instances when prices are at a certain threshold, defining an Amazon EC2 Auto Scaling group using a launch template is the most suitable solution. This approach minimizes operational overhead by consolidating configuration and management tasks.

Define a Launch Template:

Use the provided AMI in the launch template.

Configure the instance type, key pair, security groups, and other necessary parameters.

Create an Auto Scaling Group:

Use the launch template for the Auto Scaling group.

Specify a desired capacity of three On-Demand instances.

Configure the Auto Scaling group to use mixed instances policies, which allow you to specify a combination of On-Demand and Spot instances.

Set the maximum price for Spot instances in the launch template to ensure that Spot instances are used only when their prices are below the specified threshold.

Configuration Steps:

Open the EC2 console and navigate to "Launch Templates."

Create a new launch template with the necessary configurations.

Navigate to "Auto Scaling Groups" and create a new Auto Scaling group using the launch template.

Configure the desired capacity, minimum capacity, and maximum capacity.

Under "Advanced Options," specify the mixed instances policy and set the maximum price for Spot instances.

References:

Amazon EC2 Auto Scaling Launch Templates

Auto Scaling Mixed Instances Policies

The most operationally efficient solution to provide email notifications and insert a record into a database when a file is put into an S3 bucket is to use S3 event notifications that target an SNS topic with two subscriptions.

Set Up S3 Event Notification:

Open the S3 console and select the bucket.

Navigate to "Properties" -> "Event notifications" -> "Create event notification."

Configure the event to trigger on s3:ObjectCreated:*.

Create an SNS Topic:

Open the SNS console and create a new topic.

Set up two subscriptions for the SNS topic:

One subscription to send the email notification.

Another subscription to invoke an AWS Lambda function that inserts the record into the database.

Lambda Function for Database Insertion:

Create an AWS Lambda function to handle the database insertion.

Configure the function to trigger from the SNS topic.

References:

Configuring S3 Event Notifications

Amazon SNS Subscriptions

Invoking Lambda with SNS

To meet the requirements for data storage and retrieval, the most cost-effective solution is to store the data in S3 Standard for the first 90 days and set up an S3 Lifecycle rule to move the data to S3 Glacier Flexible Retrieval after 90 days.

S3 Standard:

Provides high availability and low latency access.

Suitable for frequently accessed data.

S3 Lifecycle Rule:

Set up a lifecycle rule to transition the data from S3 Standard to S3 Glacier Flexible Retrieval after 90 days.

S3 Glacier Flexible Retrieval offers low-cost archival storage with retrieval times ranging from minutes to hours, which meets the requirement of less than 5 hours.

Implementation Steps:

Open the S3 console.

Select the bucket and navigate to "Management" -> "Lifecycle rules."

Create a new lifecycle rule to transition objects from S3 Standard to S3 Glacier Flexible Retrieval after 90 days.

References:

Amazon S3 Storage Classes

S3 Lifecycle Configuration

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.htm

Amazon RDS supports SSL/TLS encryption for connections to the database, and this can be enabled by creating a custom parameter group and setting the rds.force_ssl parameter to 1. This will ensure that all connections to the database are encrypted, protecting the data and maintaining compliance with the company's requirements.l