Pass the Amazon Web Services AWS Certified Associate SOA-C02 Questions and answers with CertsForce

To automate the execution of a Python script every night efficiently:

Convert Python Script to Lambda:

Create an AWS Lambda function and upload the Python script.

Ensure the function has the necessary IAM permissions to perform the required maintenance tasks.

The requirement is to automate recovery if the service crashes on any of the EC2 instances.

Option A: Install the Amazon CloudWatch agent on the EC2 instances. Configure the CloudWatch agent to monitor the service. Set the CloudWatch action to restart if the service health check fails . This is a valid solution because the CloudWatch agent can be configured to monitor the service and take action (restart the service) if the health check fails .

Option C: Tag the EC2 instances. Use AWS Systems Manager State Manager to create an association that uses the AWS-RunShellScript document. Configure the association command with a script that checks if the service is running and that starts the service if the service is not running. For targets, specify the EC2 instance tag. Schedule the association to run every 5 minutes678. This is a valid solution because AWS Systems Manager State Manager can be used to maintain a consistent state of the EC2 instances. It can run a script to check if the service is running and start the service if it’s not running678.

Option B: Tag the EC2 instances. Create an AWS Lambda function that uses AWS Systems Manager Session Manager to log in to the tagged EC2 instances and restart the service. Schedule the Lambda function to run every 5 minutes . This is not a valid solution because AWS Lambda functions are not designed to log in to EC2 instances and restart services. They are used for running serverless applications.

Option D: Update the EC2 user data that is specified in the Auto Scaling group’s launch template to include a script that runs on a cron schedule every 5 minutes131415. This is not a valid solution because user data scripts are run only during the launch of an EC2 instance. They are not designed to run on a schedule.

Option E: Update the EC2 user data that is specified in the Auto Scaling group’s launch template to ensure that the service runs during startup. Redeploy all the EC2 instances in the Auto Scaling group with the updated launch template131416. This is not a valid solution because while user data can be used to ensure that the service runs during startup, it does not provide a solution for when the service crashes after the EC2 instance has started.

In AWS CloudFormation, the PrivateDnsName property of an EC2 instance cannot be directly set within the template. This property is automatically assigned by AWS when the instance is launched within a VPC and is associated with the private IP address of the instance. The attempt to explicitly set PrivateDnsName in a CloudFormation template will result in an error, causing the stack creation to fail. Therefore, option C is correct. For reference, the AWS documentation on EC2 instances in CloudFormation does not list PrivateDnsName as a configurable property AWS CloudFormation User Guide.

To identify both tagged and untagged EC2 instances across multiple AWS Regions efficiently:

AWS Tag Editor: Tag Editor allows you to search for resources across your AWS account by tags, including both tagged and untagged resources.

Search Setup: In the Tag Editor, select all the Regions where the company operates. Specify the resource type as AWS::EC2::Instance to focus the search on EC2 instances.

View and Export Data: Execute the search to view all EC2 instances, along with their associated tags and instance IDs. This data can be exported for further analysis or reporting.

Using the Tag Editor is an operationally efficient way to quickly get a comprehensive view of resource tagging across multiple Regions, aiding in compliance and resource management tasks.

Using a CloudWatch alarm with an EventBridge rule provides an automated, direct way to reboot the EC2 instance without extra components like SES or Lambda. This is a straightforward approach with low operational overhead.

The issue with the inability to upload a file to an Amazon S3 bucket from an EC2 instance in a private subnet is likely due to missing route table entries for the S3 gateway endpoint.

Update the Route Table:

Ensure that the route table associated with the EC2 subnet includes the S3 prefix list destination routes to the S3 gateway endpoint.

This allows the EC2 instance to communicate with the S3 bucket using the S3 gateway endpoint.

VPC Endpoints for Amazon S3

Routing for S3 Endpoints

Enable deletion protection for the DynamoDB tables:

Deletion protection is a feature that prevents accidental deletion of DynamoDB tables. When enabled, it requires an additional step to disable this protection before the table can be deleted.

Steps:

Go to the AWS Management Console.

Navigate to DynamoDB.

Select the table you want to protect.

Choose the "Overview" tab.

Under "Deletion protection," click "Enable deletion protection."

AWS DynamoDB Deletion Protection

Enable point-in-time recovery (PITR) for the DynamoDB tables:

PITR provides continuous backups of your DynamoDB tables. You can restore the table to any point in time within the last 35 days.

Steps:

Go to the AWS Management Console.

Navigate to DynamoDB.

Select the table you want to enable PITR for.

Choose the "Backups" tab.

Click on "Enable Point-in-Time Recovery."

If a table is accidentally deleted, you can restore it using PITR.

Go to the DynamoDB console.

Select "Backups" from the navigation pane.

Find the table backup and choose "Restore."

To automate the invocation of an AWS Lambda function at the end of each day, you can use Amazon EventBridge (formerly known as CloudWatch Events) to create a scheduled rule.

Create a Scheduled EventBridge Rule:

Open the Amazon EventBridge console at Amazon EventBridge Console.

Choose Create rule.

Provide a name and description for the rule.

For Rule type, choose Schedule.

Define a cron expression that runs the rule at the end of each day. For example, cron(0 0 * * ? *) runs the function at midnight UTC.

Set the Target:

In the Targets section, choose Add target.

For Target type, select Lambda function.

Choose the Lambda function you want to invoke.

Create the Rule:

Review the settings and choose Create rule.

This setup ensures that the Lambda function runs automatically at the specified time every day.

Amazon EventBridge Scheduler

Managing EventBridge Rules

The issue of "request timed out" when pinging the public IP address of the EC2 instance could be due to the Network ACL (NACL) inbound rules.

Check NACL Inbound Rules:

Network ACLs act at the subnet level and can explicitly allow or deny traffic to or from a subnet.

Ensure that the NACL associated with the subnet containing the EC2 instance has inbound rules that allow ICMP traffic (which is used for ping).

Example rule to allow inbound ICMP traffic:

Rule Number: 100

Type: ICMP

Protocol: 1

Port Range: N/A (ICMP doesn't use ports)

Source: 0.0.0.0/0 (or specific IP range)

Allow/Deny: ALLOW

To optimize the routing of requests to the application for users in different geographic locations, use Amazon Route 53's latency-based routing:

Latency Routing Policy: Modify the Route 53 DNS settings for app.anycompany.com by changing the routing policy to latency. This policy routes user requests to the server that has the lowest latency relative to the user's location.

Configure Latency Records: Create latency records for each ALB—one for the ALB in us-west-2 and another for the new ALB in ap-southeast-2. Route 53 will automatically direct traffic to the endpoint that provides the lowest latency connection to the user.

Seamless User Experience: By using latency routing, the URL remains the same (app.anycompany.com), but the backend service location varies based on which endpoint is likely to respond the fastest. This setup provides a seamless experience for users, reducing latency without requiring any changes to how they access the application.

This method leverages Route 53's advanced DNS capabilities to ensure optimal performance and user experience by dynamically routing traffic based on geographic latency considerations.