A retail company needs to provide a series of data files to another company, which is its business partner. These files are saved in an Amazon S3 bucket under Account A, which belongs to the retail company. The business partner company wants one of its IAM users, User_DataProcessor, to access the files from its own AWS account (Account B).
Which combination of steps must the companies take so that User_DataProcessor can access the S3 bucket successfully? (Choose two.)
For User_DataProcessor in Account B to access the S3 bucket in Account A, two key steps are needed. Firstly, Account A needs to add a policy to the S3 bucket that explicitly allows the IAM user from Account B the necessary permissions to access the bucket. This is achieved by specifying the principal as the IAM user and granting the required actions, as shown in option C. Secondly, Account B must assign an IAM policy to User_DataProcessor that grants permission to perform the required actions (GetObject and ListBucket) on the S3 bucket in Account A, which is specified in option D. Together, these steps ensure that cross-account access is correctly configured.
A company is running a traditional web application on Amazon EC2 instances. The company needs to refactor the application as microservices that run on containers. Separate versions of the application exist in two distinct environments: production and testing. Load for the application is variable, but the minimum load and the maximum load are known. A solutions architect needs to design the updated application with a serverless architecture that minimizes operational complexity.
Which solution will meet these requirements MOST cost-effectively?
To design a cost-effective serverless architecture that minimizes operational complexity while refactoring a traditional web application as microservices, using Amazon Elastic Container Service (ECS) with the Fargate launch type is a suitable solution. ECS with Fargate allows automatic scaling of containers based on the load, which handles the variable workload effectively. By uploading the container images to Amazon Elastic Container Registry (ECR) and deploying tasks from these images, the operational management is streamlined. Configuring two auto-scaled ECS clusters ensures separate environments for production and testing. Additionally, using Application Load Balancers to direct traffic to the ECS clusters aids in efficiently distributing the load. This solution fully leverages AWS managed services, reducing the overall operational burden and cost.
A company has a multi-tier web application that runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB and the Auto Scaling group are replicated in a backup AWS Region. The minimum value and the maximum value for the Auto Scaling group are set to zero. An Amazon RDS Multi-AZ DB instance stores the application’s data. The DB instance has a read replica in the backup Region. The application presents an endpoint to end users by using an Amazon Route 53 record.
The company needs to reduce its RTO to less than 15 minutes by giving the application the ability to automatically fail over to the backup Region. The company does not have a large enough budget for an active-active strategy.
What should a solutions architect recommend to meet these requirements?
To achieve an automatic failover to the backup region and maintain an RTO of less than 15 minutes within a limited budget, the solution should include mechanisms for monitoring the primary region and taking swift action if it becomes unhealthy. Configuring an AWS Lambda function in the backup region to promote the read replica and modify the Auto Scaling group values of instances ensures that resources can quickly be provisioned in the backup region when needed. Using Route 53 with a health check to monitor the web application and sending an SNS notification to trigger the Lambda function when the primary region is unhealthy allows traffic to be rerouted to the backup region promptly. This setup avoids the need for an expensive active-active strategy while providing the necessary failover capability.
A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state.
A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failure with the least possible downtime.
Which combination of steps will meet these requirements? (Choose three.)
To ensure automatic recovery from failure with minimal downtime, several steps can be taken. First, using an Elastic Load Balancer to distribute traffic across multiple EC2 instances and ensuring these instances are part of an Auto Scaling group with a minimum capacity of two instances can help maintain application availability if one instance fails. Then, modifying the DB instance to create a Multi-AZ deployment ensures that the database remains available by automatically failing over to a secondary availability zone in the event of an issue. Finally, creating a replication group for the ElastiCache for Redis cluster and enabling Multi-AZ on the cluster ensures that the in-memory data store is resilient and can fail over to another availability zone if necessary. This combination achieves a robust, highly available architecture capable of automatically recovering from failures with minimal downtime.
A retail company is operating its ecommerce application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses an Amazon RDS DB instance as the database backend. Amazon CloudFront is configured with one origin that points to the ALB. Static content is cached. Amazon Route 53 is used to host all public zones.
After an update of the application, the ALB occasionally returns a 502 status code (Bad Gateway) error. The root cause is malformed HTTP headers that are returned to the ALB. The webpage returns successfully when a solutions architect reloads the webpage immediately after the error occurs.
While the company is working on the problem, the solutions architect needs to provide a custom error page instead of the standard ALB error page to visitors.
Which combination of steps will meet this requirement with the LEAST amount of operational overhead? (Choose two.)
To provide a custom error page instead of the standard ALB error page with the least operational overhead, two steps are necessary. First, create an Amazon S3 bucket to host a static webpage and upload the custom error pages to that S3 bucket. This allows for a highly-available location to store the error pages. Second, configure a CloudFront custom error page to handle the custom error responses effectively. This setup leverages existing services with minimal additional configuration, offering an efficient and scalable solution without the need for complex DNS changes or handling custom code for each error.