AWS-02

To meet the requirements of reducing the on-premises data center footprint and minimizing storage costs, the solutions architect should set up an AWS Storage Gateway file gateway. This service allows the application to store files in Amazon S3, reducing the need for on-premises storage. The file gateway provides a seamless integration between the application and Amazon S3, allowing the files to be accessed and managed in the same way as they were on the network file share. This solution enables cost savings by leveraging the scalable and cost-effective storage of Amazon S3 while still providing the necessary functionality for the legacy document management application.

AWS Snowball is a service that allows for the migration of large amounts of data to and from the AWS Cloud. It is specifically designed for situations where the network bandwidth is limited or the data size is too large to be transferred over the network within a reasonable time frame. In this scenario, with a limited network bandwidth of 15 Mbps, it would not be feasible to transfer 20 TB of data within 30 days. Therefore, using AWS Snowball, which physically transfers the data using a secure appliance, would be the most appropriate solution to meet the requirements.

To meet the requirement of providing a consistent user experience during spikes in traffic on specific holidays, a solutions architect can use scheduled scaling. With scheduled scaling, the architect can configure the auto scaling group to automatically adjust the number of EC2 instances based on predefined schedules. This allows the architect to anticipate the spikes in traffic during holidays and scale up the resources accordingly, ensuring that the website can handle the increased load and provide a consistent user experience.

The company should use Amazon S3 website hosting for the backup website and Route 53 failover routing policy. This solution allows the company to host the backup website on Amazon S3, which provides high availability and durability. Route 53's failover routing policy ensures that traffic is directed to the backup website if the primary website is down. This setup allows users to reach the backup website and contact the company through the provided phone number and email address.

The combination of Amazon CloudFront and Amazon S3 is the recommended solution because it meets all the given requirements. Amazon CloudFront is a content delivery network (CDN) that provides low latency and high transfer speeds globally. It can distribute the downloadable historical performance reports efficiently to users around the world, ensuring the fastest possible response time. Amazon S3 is a cost-effective and scalable storage service that can securely store the reports. This combination eliminates the need for provisioning infrastructure resources, as both services are managed by AWS, making it a cost-effective solution.

Amazon FSx for Windows File Server is the correct solution for this scenario. FSx for Windows File Server provides a fully managed shared file system that is integrated with the corporate Active Directory domain. It offers high durability, is managed by AWS, and provides the required levels of throughput and IOPS. This solution is specifically designed for Windows workloads and is the best fit for the given requirements.

Migrating the file share to Amazon FSx for Windows File Server is the most resilient and durable replacement for the on-premises file share. Amazon FSx for Windows File Server is a fully managed native Windows file system that is built on Windows Server and provides compatibility with Windows applications. It offers high durability and availability, with automatic backups and continuous replication across multiple Availability Zones. This ensures that the data is protected against failures and provides a reliable file storage solution for the IIS web application.

Setting up a VPC peering connection between VPC-A and VPC-B will meet the requirements of secure access without a single point of failure or bandwidth concerns. VPC peering allows communication between instances in different VPCs using private IP addresses, without the need for internet gateways, VPN connections, or NAT devices. It provides a secure and reliable connection between the two VPCs, ensuring that the application running in VPC-A can access files in the EC2 instance in VPC-B.

Amazon Aurora is the correct answer because it is a fully managed relational database service that is compatible with MySQL and PostgreSQL. It provides the capability to dynamically scale storage capacity, allowing the company to easily adjust the storage capacity as needed. Additionally, Aurora supports table joins, making it suitable for the company's requirement of performing table joins in their web application.

The solution of using Amazon CloudFront and Amazon S3 to host static images is the most cost-effective because it allows for the caching and distribution of static content closer to the international users, reducing latency and improving browsing experience. This solution leverages the global network of CloudFront edge locations to serve the static content from locations closer to the users, resulting in faster load times. Additionally, hosting static images on S3 is cost-effective as it offers low storage and data transfer costs.

To achieve the objective of allowing the EC2 instance in the private subnet to access public websites without revealing its IP address or allowing incoming connections, a NAT gateway can be created in a public subnet. By routing outbound traffic from the private subnet through the NAT gateway, the EC2 instance's IP address is hidden from external websites. This ensures that only outbound connections are initiated from the EC2 instance, providing the desired level of security and privacy.

To securely meet the requirements of providing limited access to users without AWS credentials, a solutions architect should generate a pre-signed URL to share with the users. A pre-signed URL is a time-limited URL that provides temporary access to specific objects in an S3 bucket. This allows the users to access the files without needing AWS credentials, while also ensuring that the access is limited to a specific time period. This approach provides a secure and controlled method for sharing files with external users.

To meet the requirements of reaching the desired EC2 capacity quickly and allowing the Auto Scaling group to scale down after batch jobs are complete, the solutions architect should configure scheduled scaling. By setting up a schedule, the Auto Scaling group can automatically scale up to the desired compute level before the batch jobs start at 1 AM every night. This ensures that the peak capacity is reached in a timely manner. Once the batch jobs are complete, the Auto Scaling group can then scale down, optimizing costs and resource utilization.

To ensure continuous internet connectivity for the instances in the private subnets, a NAT gateway should be deployed in a public subnet of each Availability Zone. NAT gateway allows instances in the private subnets to connect to the internet while also providing a highly available solution across the Region. Deploying a NAT instance in each Availability Zone would also work, but it is a less preferred option as it requires more management and configuration compared to the NAT gateway. Deploying a transit gateway or an internet gateway would not fulfill the requirement of allowing instances in private subnets to connect to the internet.

To achieve rapid and concurrent read and write access to shared storage, the best solution is to create an Amazon EFS (Elastic File System) file system and mount it from each EC2 instance. Amazon EFS provides a scalable and fully managed file storage service that can be easily shared across multiple instances. By mounting the EFS file system on each instance, the applications can access and modify the hierarchical directory structure concurrently and efficiently. This ensures consistent and reliable access to the shared storage for all instances in the VPC.

The correct answer is MySQL-compatible Amazon Aurora Multi-AZ and Amazon RDS for SQL Server Standard Edition Multi-AZ.

These two database implementations, MySQL-compatible Amazon Aurora Multi-AZ and Amazon RDS for SQL Server Standard Edition Multi-AZ, are designed to provide high availability and fault tolerance.

Amazon Aurora Multi-AZ provides automatic failover to a standby replica in the event of a failure, ensuring that the database remains available even in the case of a hardware or software failure.

Similarly, Amazon RDS for SQL Server Standard Edition Multi-AZ also provides high availability by automatically replicating the database to a standby instance in a different Availability Zone.

By leveraging these two database implementations, the mission-critical web application can ensure that the database remains highly available and fault tolerant.

The solution architect should recommend creating a read replica of the primary database and having the business analysts run their queries on it. This solution allows the business analysts to perform their read-only queries without impacting the performance of the primary database. By offloading the read workload to the read replica, the web application's performance degradation can be minimized, and the existing architecture can remain largely unchanged.

Enabling versioning on the S3 bucket ensures that multiple versions of each object are stored, allowing the company to recover previous versions in case of accidental deletion or data corruption. Using MFA Delete adds an extra layer of security by requiring multi-factor authentication before an object can be deleted, preventing unauthorized deletion and reducing the risk of data loss.

The correct solution is to use an AWS Storage Gateway file gateway to provide file storage to AWS and then perform analytics on this data in the AWS Cloud. This solution allows the company to access the data from on-premises applications for local data processing using an NFS protocol, while also making the data accessible from the AWS Cloud for further analytics and batch processing. The file gateway provides a seamless integration between on-premises and cloud storage, allowing the company to leverage the benefits of both environments for their hybrid workload.

To secure the root user of the newly provisioned AWS account, it is recommended to create IAM users for daily administrative tasks and enable multi-factor authentication (MFA) on the root user. By creating IAM users, the root user's credentials are not used for daily tasks, reducing the risk of unauthorized access. Enabling MFA adds an extra layer of security by requiring an additional authentication factor, such as a code from a mobile app or a physical device, to access the account. This helps protect against unauthorized access even if the root user's password is compromised.

To ensure that the company's application can access the Amazon S3 bucket without traffic traversing the internet, a solutions architect should configure a VPC gateway endpoint for Amazon S3 in the VPC. This allows the application to connect directly to the S3 bucket within the VPC, without needing to go over the internet. This ensures a secure and private connection for accessing the sensitive data in the S3 bucket.

By using Amazon SQS with AWS Lambda to generate reports, the long-running requests can be offloaded from the web application and processed asynchronously. This means that the web application can quickly respond to other users' requests, making the system more responsive. SQS acts as a buffer, storing the requests until they can be processed by the Lambda function. This solution allows for scalability and ensures that the system can handle a large number of requests without becoming unresponsive.

Amazon FSx is the correct answer because it is an AWS managed service that provides fully managed Windows file servers that are accessible using the Server Message Block (SMB) protocol. It is designed for migrating Windows-based applications that require file storage, making it suitable for the company's file server workload migration. Amazon EBS and Amazon S3 are not specifically designed for SMB protocol access, while Amazon EC2 is a virtual server and does not provide a fully managed file server solution.

not-available-via-ai

To accomplish the migration of the Microsoft Windows-based application to AWS with a shared Windows file system, the solution architect should configure Amazon FSx for Windows File Server. This service provides a fully managed native Windows file system that is accessible from multiple Amazon EC2 Windows instances. By mounting the Amazon FSx volume to each Windows instance, the application can continue to use the shared file system seamlessly. This option is the most appropriate and efficient solution for the given scenario.

To create a highly available bastion host architecture, the solutions architect should use a Network Load Balancer backed by an Auto Scaling group with instances in multiple Availability Zones as the target. This setup ensures that the bastion host is distributed across multiple zones, providing resilience within a single AWS Region. Additionally, using Auto Scaling allows for automatic scaling of the bastion host based on demand, reducing the effort required for maintenance.

The most cost-effective solution is to use DEV with Scheduled Reserved Instances and PROD with Reserved Instances. This strategy allows for the utilization of reserved instances, which offer significant cost savings compared to on-demand instances. By using scheduled reserved instances for DEV, the instances can be run for a specific number of hours each day, aligning with the required 10-hour runtime. For PROD, running the instances 24/7 makes the use of reserved instances the most cost-effective option. This strategy optimizes costs by leveraging reserved instances for both environments while efficiently utilizing the instances based on their specific requirements.

The correct solution is to deploy a NAT gateway inside the public subnet for each Availability Zone and associate it with an Elastic IP address. By doing this, the database servers in the private subnet will be able to access patches on the internet through the NAT gateway. Updating the routing table of the private subnet to use the NAT gateway as the default route ensures that all outgoing traffic from the private subnet is directed through the NAT gateway, maintaining database security. This solution requires the least operational overhead as it leverages the built-in NAT gateway service provided by AWS.

The recommended solution is to launch AWS Global Accelerator and create endpoints for all the Regions. By registering all the ALBs in different Regions to the corresponding endpoints, the company can have a one-time, highly available solution to address the request. This solution will also help reduce the number of IPs that need to be allowed by the firewall, making it more efficient and manageable.

Storing the video in an Amazon S3 bucket and creating an Amazon CloudFront distribution will decrease cost without compromising user accessibility. Amazon S3 is a cost-effective storage service, and CloudFront is a content delivery network that caches the video content at edge locations worldwide. This means that users can access the video from the nearest edge location, reducing the load on the EBS volume and decreasing costs.

The recommended solution is to use a fully managed Amazon RDS for MySQL database in a Multi-AZ design. This solution ensures high availability and ACID compliance in the data tier. Amazon RDS for MySQL is a managed database service that handles routine tasks like backups, software patching, and automatic failure detection and recovery. The Multi-AZ design provides redundancy by automatically replicating data to a standby instance in a different Availability Zone. This design ensures that data is protected and available even in the event of a failure.

A transit gateway with AWS Transit Gateway is the best networking solution for the given scenario. It allows for centralized networking setup by connecting multiple VPCs and VPNs. This solution can accommodate the company's growth to hundreds of VPCs and handle the new requests for site-to-site VPNs. With a transit gateway, all VPCs and VPNs can be connected, making it easier to manage and maintain the network architecture.

Adding Amazon DynamoDB Accelerator (DAX) to the mobile chat application's data store can significantly reduce the latency for reading new messages. By configuring DAX for the new messages table and updating the code to use the DAX endpoint, the application can benefit from the in-memory caching provided by DAX. This allows for faster access to frequently accessed data, improving the overall performance of the application without requiring major changes to the existing codebase.

Using S3 Intelligent-Tiering storage will lower costs without compromising the availability of objects. This storage class automatically moves objects between two access tiers: frequent access and infrequent access. It uses machine learning to analyze access patterns and moves objects that have not been accessed for 30 consecutive days to the infrequent access tier, which has a lower storage cost. If the objects are accessed again, they are automatically moved back to the frequent access tier. This ensures that less frequently accessed data is stored in a lower-cost storage tier while still being readily available when needed.

Creating an Amazon S3 bucket and hosting the website there is the most cost-effective method for hosting the website. Amazon S3 is a highly scalable and cost-efficient storage service that allows users to store and retrieve any amount of data at any time. It is designed for high durability, availability, and performance. By hosting the website in an S3 bucket, the development team can take advantage of the low cost of storage and data transfer, eliminating the need for managing and maintaining servers or containers. Additionally, S3 provides built-in features for website hosting, making it easy to configure and manage the website.

The correct solution is to create a Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached and configure the volume to have 64,000 IOPS. This solution meets the criteria of the database administrator by providing the required IOPS for the database. The Nitro-based instances are optimized for high-performance and can handle the workload efficiently. The use of Provisioned IOPS SSD ensures consistent and predictable performance for the database.

A placement group using a cluster placement strategy should be included in the architectural design. This is because a cluster placement strategy ensures that EC2 instances are placed in close proximity to each other, reducing network latency. It also allows for high network throughput as it enables instances within the placement group to communicate with each other using enhanced networking. This makes it the ideal choice for an application that requires low network latency and high network throughput between EC2 instances.

To ensure highly resilient application connectivity between AWS and the on-premises data center, it is recommended to configure DX connections at multiple DX locations. This configuration provides redundancy and fault tolerance by establishing multiple connections between the on-premises data center and AWS. If one DX location or connection fails, the application traffic can still be routed through the remaining connections, ensuring continuous connectivity and minimizing downtime.

The recommended architecture is to configure two Amazon EC2 instances to run both applications and to configure Amazon Elastic File System (Amazon EFS) with General Purpose performance mode and Bursting Throughput mode to store the data. This architecture allows both applications to access the same files at the same time with low latency. Amazon EFS provides a scalable file storage system that can handle concurrent access from multiple instances, making it suitable for this scenario. The General Purpose performance mode ensures low latency for file access, and Bursting Throughput mode allows for bursts of high throughput when needed.

To address the slowdown in reading data while minimizing latency, the company should add read replicas for the RDS instances and direct read traffic to the replica. By adding read replicas, the workload can be distributed across multiple instances, reducing the load on the main RDS instance and improving read performance. This solution is more effective than reducing the CPU utilization threshold or replacing the load balancer. Adding Multi-AZ support to the RDS instances would improve availability but may not directly address the latency issue.

Amazon Aurora Global Database is the correct answer because it is designed to provide low-latency global access to a single database with a replication lag of less than 1 second. It also has the ability to automatically failover to a secondary region within 1 minute, meeting the RPO and RTO requirements mentioned in the question.

S3 Intelligent-Tiering is the best storage option for this scenario because it automatically moves data between two access tiers based on its usage patterns. Frequently accessed files will be stored in the frequent access tier, while rarely accessed files will be moved to the infrequent access tier. This allows for cost optimization as the architect only pays for the storage and retrieval of files based on their actual usage. Additionally, S3 Intelligent-Tiering provides resilience to the loss of an Availability Zone by replicating data across multiple zones.

To ensure that the application has permission to access Amazon S3, a solutions architect should create an IAM role with S3 permissions. This role can then be specified as the taskRoleArn in the task definition. By doing this, the application running on Amazon ECS will be granted the necessary permissions to make API calls to Amazon S3 and store the resized images.

The solution architect should recommend client-side encryption with a master key stored in AWS Key Management Service (AWS KMS) to satisfy the internal security compliance requirement of encrypting data before sending it to Amazon S3. This approach ensures that the sensitive user data is encrypted before it leaves the client's environment, providing an additional layer of security. The master key stored in AWS KMS allows for secure management and control of the encryption keys.

The solution architect should recommend setting up AWS Storage Gateway to connect with the backup applications using the iSCSI virtual tape library (VTL) interface. This solution allows the company to eliminate the use of physical backup tapes, reducing costs and simplifying the on-premises backup infrastructure. Additionally, it preserves the existing investment in the on-premises backup applications and workflows.

The solutions architect should recommend Amazon EBS General Purpose SSD (gp2) as the most cost-effective storage option that does not sacrifice performance. Although the application is used infrequently, it requires a maximum of 200 GB storage space and experiences peaks in disk I/O. General Purpose SSD (gp2) offers a balance between performance and cost, providing consistent performance for a wide range of workloads. It is suitable for applications with moderate I/O requirements, making it the appropriate choice in this scenario.

To reduce internet latency for global users accessing the application deployed in different AWS Regions, a solutions architect should recommend setting up AWS Global Accelerator and adding endpoints. AWS Global Accelerator is a service that improves the performance and availability of applications by directing traffic to the nearest AWS edge location. By adding endpoints, the architect can distribute the traffic across multiple regions, reducing latency and improving the user experience. This solution ensures that users can access the application with better performance and reduced latency.

The correct answer is to use an Amazon CloudFront distribution with an OAI and configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. The application should set an expiration of 14 days for the URL. This implementation is the least complicated because it leverages the CloudFront content delivery network to improve performance and security. By using signed URLs, access to the content is controlled and limited to a specific time period. The expiration of 14 days ensures that users have access to the content for a limited time before being denied access.

To accomplish the task of identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes, the solutions architect should enable the AWS Config service with the appropriate rules. AWS Config allows for continuous monitoring and recording of AWS resource configurations, including S3 buckets. By enabling AWS Config with the appropriate rules, the architect can ensure that any unauthorized access or configuration changes to the S3 buckets will be detected and recorded, helping to ensure the security and integrity of the company's data.

Deploying an AWS Storage Gateway file gateway on-premises and associating it with an Amazon S3 bucket is the best solution for this scenario. This allows the company to have a durable backup storage solution for its on-premises database servers while ensuring quick access to the backups for recovery. The file gateway provides seamless integration between on-premises applications and the AWS storage services, allowing easy backup and restore operations. By associating it with an Amazon S3 bucket, the backups can be stored securely and accessed as needed. This solution minimizes operational overhead and provides a reliable and efficient backup storage solution.