Amazon Exam DOP-C02 Topic 9 Question 10 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 10
Topic #: 9

A company is using an organization in AWS Organizations to manage multiple AWS accounts. The company's development team wants to use AWS Lambda functions to meet resiliency requirements and is rewriting all applications to work with Lambda functions that are deployed in a VPC. The development team is using Amazon Elastic Pile System (Amazon EFS) as shared storage in Account A in the organization.

The company wants to continue to use Amazon EPS with Lambda Company policy requires all serverless projects to be deployed in Account B.

A DevOps engineer needs to reconfigure an existing EFS file system to allow Lambda functions to access the data through an existing EPS access point.

Which combination of steps should the DevOps engineer take to meet these requirements? (Select THREE.)

AUpdate the EFS file system policy to provide Account B with access to mount and write to the EFS file system in Account A.

BCreate SCPs to set permission guardrails with fine-grained control for Amazon EFS.

CCreate a new EFS file system in Account B Use AWS Database Migration Service (AWS DMS) to keep data from Account A and Account B synchronized.

DUpdate the Lambda execution roles with permission to access the VPC and the EFS file system.

ECreate a VPC peering connection to connect Account A to Account B.

FConfigure the Lambda functions in Account B to assume an existing IAM role in Account A.
A Lambda function in one account can mount a file system in a different account. For this scenario, you configure VPC peering between the function VPC and the file system VPC. https://docs.aws.amazon.com/lambda/latest/dg/services-efs.html
https://aws.amazon.com/ru/blogs/storage/mount-amazon-efs-file-systems-cross-account-from-amazon-eks/
1. Need to update the file system policy on EFS to allow mounting the file system into Account B.
## File System Policy
$ cat file-system-policy.json
{
'Statement': [
{
'Effect': 'Allow',
'Action': [
'elasticfilesystem:ClientMount',
'elasticfilesystem:ClientWrite'
],
'Principal': {
'AWS': 'arn:aws:iam:::root' # Replace with AWS account ID of EKS cluster
}
}
]
}
2. Need VPC peering between Account A and Account B as the pre-requisite
3. Need to assume cross-account IAM role to describe the mounts so that a specific mount can be chosen.

Show Suggested Answer

Suggested Answer: A, E, F

by Janine at Aug 05, 2023, 04:35 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!