A company has Linux-based Amazon EC2 instances. Users must access the instances by using SSH with EC2 SSH Key pairs. Each machine requires a unique EC2 Key pair.
The company wants to implement a key rotation policy that will, upon request, automatically rotate all the EC2 key pairs and keep the key in a securely encrypted place. The company will accept less than 1 minute of downtime during key rotation.
Which solution will meet these requirement?
To meet the requirements for automatic key rotation of EC2 SSH key pairs with minimal downtime, storing the keys in AWS Secrets Manager and defining a rotation schedule is the most suitable solution. AWS Secrets Manager supports automatic rotation of secrets, including SSH keys, by invoking a Lambda function that can handle the creation of new key pairs and the replacement of public keys on EC2 instances. Updating the corresponding private keys in Secrets Manager ensures secure and centralized management of SSH keys, complying with the key rotation policy and minimizing operational overhead.
AWS Secrets Manager Documentation: Describes how to store and rotate secrets, including SSH keys, using Secrets Manager and Lambda functions.
AWS Lambda Documentation: Provides information on creating Lambda functions for custom secret rotation logic.
AWS Best Practices for Security: Highlights the importance of key rotation and how AWS services like Secrets Manager can facilitate secure and automated key management.
A solutions architect is reviewing an application's resilience before launch. The application runs on an Amazon EC2 instance that is deployed in a private subnet of a VPC.
The EC2 instance is provisioned by an Auto Scaling group that has a minimum capacity of I and a maximum capacity of I. The application stores data on an Amazon RDS for MySQL DB instance. The VPC has subnets configured in three Availability Zones and is configured with a single NAT gateway.
The solutions architect needs to recommend a solution to ensure that the application will operate across multiple Availability Zones.
Which solution will meet this requirement?
The goal is to ensure the application operates across multiple Availability Zones. That means removing single points of failure in compute, database, and network egress for private subnets.
For compute, the Auto Scaling group currently has min=1 and max=1, which guarantees only one instance is running at a time. Even if the Auto Scaling group spans multiple subnets, a single-instance configuration cannot provide multi-AZ active capacity because a failure of the Availability Zone hosting the single instance would cause downtime until a new instance is launched in a different zone. To operate across multiple Availability Zones, the solution should run multiple instances across different AZs, which implies increasing the minimum capacity above 1 and allowing the group to launch across multiple subnets/AZs.
For the database, a single-AZ RDS for MySQL instance is a single point of failure. Converting to an RDS Multi-AZ configuration provides synchronous replication to a standby in a different Availability Zone and managed failover to maintain availability when the primary AZ or instance fails.
For NAT, a single NAT gateway is an AZ-scoped managed resource. If private subnets in other AZs route to a NAT gateway in one AZ, an AZ outage can break outbound connectivity for workloads that depend on NAT. The resilient pattern is to deploy a NAT gateway in each Availability Zone and configure each private subnet's route table to use the NAT gateway in the same AZ.
Option A addresses all three: it deploys additional NAT gateways per AZ and updates route tables accordingly, converts RDS to Multi-AZ, and adjusts Auto Scaling to launch across AZs with min and max set to 3 so there are instances running in multiple AZs simultaneously. This ensures the application remains available across AZ failures, meeting the requirement.
Option B replaces NAT with a virtual private gateway, which is used for VPN/Direct Connect connectivity, not for internet egress from private subnets. It does not satisfy the NAT functionality requirement. Although Aurora can provide high availability, the NAT replacement is not correct for the described architecture.
Option C increases operational overhead by replacing NAT gateway with NAT instances, which are self-managed and less resilient without additional design. It also changes the database engine to PostgreSQL unnecessarily and does not directly address the requirement with minimal change.
Option D improves NAT resiliency but only enables RDS automatic backups, which is a durability feature, not a high availability feature. Backups do not provide automatic failover and do not ensure the application will operate across multiple AZs. Also, keeping Auto Scaling min/max at 1 still leaves the application compute layer single-AZ at any given moment.
Therefore, option A is the correct solution.
A company has built a high performance computing (HPC) cluster in AWS tor a tightly coupled workload that generates a large number of shared files stored in Amazon EFS. The cluster was performing well when the number of Amazon EC2 instances in the cluster was 100. However, when the company increased the cluster size to 1,000 EC2 instances, overall performance was well below expectations.
Which collection of design choices should a solutions architect make to achieve the maximum performance from the HPC cluster? (Select THREE.)
A . High performance computing (HPC) workload cluster should be in a single AZ.
C . Elastic Fabric Adapter (EFA) is a network device that you can attach to your Amazon EC2 instances to accelerate High Performance Computing (HPC)
F . Amazon FSx for Lustre - Use it for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling.
Cluster -- packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
A company has several Amazon DynamoDB tables in an AWS Region. Each table has more than 100,000 records and was created with default table settings.
To reduce costs, the company needs to identify unused tables. However, the company must maintain the availability and current performance capability of the tables in case the company must use the tables in the future.
Which combination of steps will meet these requirements? (Select THREE.)
A company is migrating its infrastructure to the AWS Cloud. The company must comply with a variety of regulatory standards for different projects. The company needs a multi-account environment.
A solutions architect needs to prepare the baseline infrastructure. The solution must provide a consistent baseline of management and security, but it must allow flexibility for different compliance requirements within various AWS accounts. The solution also needs to integrate with the existing on-premises Active Directory Federation Services (AD FS) server.
Which solution meets these requirements with the LEAST amount of operational overhead?
Kevin Campbell
9 days agoNancy Anderson
23 days agoThomas Reed
1 month agoCharles Davis
2 months agoCharles Clark
2 months agoCrystal Bailey
3 months agoHeather Smith
2 months agoHarold Hernandez
2 months agoWilliam Johnson
3 months agoRonald Robinson
2 months agoJustin Johnson
2 months agoEmmanuel
3 months agoGabriele
3 months agoMerissa
4 months agoNadine
4 months agoTawna
4 months agoRozella
4 months agoDesirae
5 months agoLeila
5 months agoJaime
5 months agoJennifer
5 months agoHortencia
6 months agoMalcom
6 months agoJess
6 months agoBilly
6 months agoDenny
7 months agoStanford
7 months agoRonna
7 months agoCherrie
7 months agoVallie
8 months agoAlesia
8 months agoAndra
8 months agoLorriane
8 months agoThea
9 months agoYesenia
9 months agoEun
9 months agoLyla
9 months agoBobbye
10 months agoBulah
10 months agoAsha
10 months agoRonna
10 months agoSommer
10 months agoMaxima
10 months agoJoanna
1 year agoErnest
1 year agoErnie
1 year agoJenelle
1 year agoChana
1 year agoDarci
1 year agoGolda
1 year agoYoulanda
1 year agoDexter
1 year agoAlva
1 year agoMing
1 year agoNu
1 year agoJustine
1 year agoMila
1 year agoAnnabelle
1 year agoWai
1 year agoMauricio
1 year agoGiuseppe
1 year agoTu
2 years agoEdelmira
2 years agoGilma
2 years agoOlive
2 years agoGianna
2 years agoKris
2 years agoCyril
2 years agoRima
2 years agoCyril
2 years agoMarylou
2 years agoJoye
2 years agoMaryann
2 years agoNelida
2 years agoMargarett
2 years agoAvery
2 years agoVi
2 years agoLashawn
2 years agoBette
2 years agoTammi
2 years agoTonette
2 years agoReuben
2 years agoNorah
2 years agoBrinda
2 years agoJesus
2 years agoLizbeth
2 years agoKassandra
2 years agoDella
2 years agoCarli
2 years agoAleta
2 years agoLeonora
2 years agoMelynda
2 years ago