A company has multiple lines of business (LOBs) that toll up to the parent company. The company has asked its solutions architect to develop a solution with the following requirements
* Produce a single AWS invoice for all of the AWS accounts used by its LOBs.
* The costs for each LOB account should be broken out on the invoice
* Provide the ability to restrict services and features in the LOB accounts, as defined by the company's governance policy
* Each LOB account should be delegated full administrator permissions regardless of the governance policy
Which combination of steps should the solutions architect take to meet these requirements'? (Select TWO.)
Create AWS Organization:
In the AWS Management Console, navigate to AWS Organizations and create a new organization in the parent account.
Invite LOB Accounts:
Invite each Line of Business (LOB) account to join the organization. This allows centralized management and governance of all accounts.
Enable Consolidated Billing:
Enable consolidated billing in the billing console of the parent account. Link all LOB accounts to ensure a single consolidated invoice that breaks down costs per account.
Apply Service Control Policies (SCPs):
Implement Service Control Policies (SCPs) to define the services and features permitted for each LOB account as per the governance policy, while still delegating full administrative permissions to the LOB accounts.
By consolidating billing and using AWS Organizations, the company can achieve centralized billing and governance while maintaining independent administrative control for each LOB account
A medical company is running a REST API on a set of Amazon EC2 instances The EC2 instances run in an Auto Scaling group behind an Application Load Balancer (ALB) The ALB runs in three public subnets, and the EC2 instances run in three private subnets The company has deployed an Amazon CloudFront distribution that has the ALB as the only origin
Which solution should a solutions architect recommend to enhance the origin security?
Store Secret in AWS Secrets Manager:
Create a random string in AWS Secrets Manager to be used as a custom HTTP header value.
Set Up Automatic Rotation:
Implement a Lambda function to handle automatic rotation of the secret in AWS Secrets Manager, ensuring the header value remains secure.
Configure CloudFront Custom Header:
In the CloudFront distribution settings, configure an origin custom header with the name and value from AWS Secrets Manager. This header will be included in requests forwarded to the ALB.
Create AWS WAF Web ACL:
Create a Web ACL in AWS WAF with a string match rule to allow requests that include the custom header with the correct value.
Associate the Web ACL with the ALB to filter incoming traffic based on the custom header.
By using this method, you can ensure that only requests coming through CloudFront (which injects the custom header) can reach the ALB, enhancing the origin security
A company has multiple lines of business (LOBs) that toll up to the parent company. The company has asked its solutions architect to develop a solution with the following requirements
* Produce a single AWS invoice for all of the AWS accounts used by its LOBs.
* The costs for each LOB account should be broken out on the invoice
* Provide the ability to restrict services and features in the LOB accounts, as defined by the company's governance policy
* Each LOB account should be delegated full administrator permissions regardless of the governance policy
Which combination of steps should the solutions architect take to meet these requirements'? (Select TWO.)
Create AWS Organization:
In the AWS Management Console, navigate to AWS Organizations and create a new organization in the parent account.
Invite LOB Accounts:
Invite each Line of Business (LOB) account to join the organization. This allows centralized management and governance of all accounts.
Enable Consolidated Billing:
Enable consolidated billing in the billing console of the parent account. Link all LOB accounts to ensure a single consolidated invoice that breaks down costs per account.
Apply Service Control Policies (SCPs):
Implement Service Control Policies (SCPs) to define the services and features permitted for each LOB account as per the governance policy, while still delegating full administrative permissions to the LOB accounts.
By consolidating billing and using AWS Organizations, the company can achieve centralized billing and governance while maintaining independent administrative control for each LOB account
A company needs to use an AWS Transfer Family SFTP-enabled server with an Amazon S3 bucket to receive updates from a third-party data supplier. The data is encrypted with Pretty Good Privacy (PGP) encryption The company needs a solution that will automatically decrypt the data after the company receives the data
A solutions architect will use a Transfer Family managed workflow The company has created an 1AM service role by using an 1AM policy that allows access to AWS Secrets Manager and the S3 bucket The role's trust relationship allows the transfer amazonaws com service to assume the rote
What should the solutions architect do next to complete the solution for automatic decryption'?
Store the PGP Private Key:
Step 1: In the AWS Management Console, navigate to AWS Secrets Manager.
Step 2: Store the PGP private key in Secrets Manager. Ensure the key is encrypted and properly secured.
Set Up the Transfer Family Managed Workflow:
Step 1: In the AWS Transfer Family console, create a new managed workflow.
Step 2: Add a nominal step to the workflow that includes the decryption of the files. Configure this step with the PGP decryption parameters, referencing the PGP private key stored in Secrets Manager.
Step 3: Associate this workflow with the Transfer Family SFTP server, ensuring that incoming files are automatically decrypted upon receipt.
This solution ensures that the data is securely decrypted as it is transferred from the SFTP server to the S3 bucket, automating the decryption process and leveraging AWS Secrets Manager for key management.
Reference
AWS Transfer Family Documentation
Using AWS Secrets Manager for Managing Secrets
AWS Transfer Family Managed Workflows
A company is developing an application that will display financial reports. The company needs a solution that can store financial Information that comes from multiple systems. The solution must provide the reports through a web interface and must serve the data will less man 500 milliseconds or latency to end users. The solution also must be highly available and must have an RTO or 30 seconds.
Which solution will meet these requirements?
For an application requiring low-latency access to financial information and high availability with a Recovery Time Objective (RTO) of 30 seconds, using Amazon DynamoDB for data storage and Amazon QuickSight for reporting is the most suitable solution. DynamoDB offers fast, consistent, and single-digit millisecond latency for data retrieval, meeting the latency requirements. QuickSight's ability to directly query DynamoDB datasets and provide embedded dashboards for reporting enables real-time financial report generation. This combination ensures high availability and meets the RTO requirement, providing a robust solution for the application's needs.
Amazon DynamoDB Documentation: Describes the features and benefits of DynamoDB, emphasizing its performance and scalability for applications requiring low-latency access to data.
Amazon QuickSight Documentation: Provides information on using QuickSight for creating and embedding interactive dashboards, including direct querying of DynamoDB datasets for real-time data visualization.
Kassandra
15 days agoDella
26 days agoCarli
1 months agoAleta
1 months agoLeonora
1 months agoMelynda
2 months ago