Quick Notes
Recap developer associate:
Exam DCA-C01 – Quick Notes – Mostly topics are similar – which acts as refresher & Additional Topics Quick references are below
Services and use case:
- Lambda:
- AWS Lambda Managed Instances – A new compute mode that allows you to run Lambda functions on specific Amazon EC2 instances (including GPUs and Graviton4) that AWS fully manages. It bridges the gap between serverless simplicity and EC2 hardware control.
- Lambda Function URL
- You don’t need an intermediary service such as Amazon API Gateway to directly invoke your function, which was required in the past. Just send an HTTP request to the unique URL of your Lambda function to get started.
- Lambda@Edge
- You can use Lambda functions to change CloudFront requests and responses at the following points:
- After CloudFront receives a request from a viewer (viewer request)
- Before CloudFront forwards the request to the origin (origin request)
- After CloudFront receives the response from the origin (origin response)
- Before CloudFront forwards the response to the viewer (viewer response)
- You can use Lambda functions to change CloudFront requests and responses at the following points:
- AWS Lambda SnapStart
- You can use the Lambda Snap-start for Java feature to decrease the cold start time required without provisioning additional resources. This also removes the burden of implementing complex performance optimisations for your Java application.
- Lambda minimises cold starts using Provisioned Concurrency for consistent (comparatively costly & 2 digit ms speed) latency and Snap-start (for Java, Python, and .NET) for faster initialisation (free/low cost in sub secs speed – unpredictable workload).
- AWS Lambda Pricing
- You are charged based on the total number of requests for your functions and the duration, the time it takes for your code to execute.
- Lambda charges are based on:
- Number of requests
- Compute duration, billed in 1 ms increments
- Memory configuration and duration
- Free tier:
- 1 million free requests per month
- 400,000 GB-seconds of compute per month
- Additional charges apply to:
- Provisioned concurrency
- Cloud watch logs etc
| Sno | Service | Use case |
|---|---|---|
| 1 | Amazon EventBridge(Amazon CloudWatch Events) | is a serverless event bus that makes it easy to connect applications together |
| 2 | AWS Artifact | is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA) |
| Amazon Macie | is an ML-powered security service that helps you prevent data loss by automatically discovering, classifying, and protecting sensitive data stored in Amazon S3. Amazon Macie uses machine learning to recognize sensitive data such as personally identifiable information (PII) or intellectual property, assigns a business value, and provides visibility into where this data is stored and how it is being used in your organization. | |
Common Exam Scenarios for the SAA-C03 exam
| Scenario | Solution |
| Domain 1: Design Resilient Architectures | |
| Set up asynchronous data replication to another RDS DB instance hosted in another AWS Region | Create a Read Replica |
| A parallel file system for “hot” (frequently accessed) data | Amazon FSx For Lustre |
| Implement synchronous data replication across Availability Zones with automatic failover in Amazon RDS. | Enable Multi-AZ deployment in Amazon RDS. |
| Needs a storage service to host “cold” (infrequently accessed) data | Amazon S3 Glacier |
| Set up a relational database and a disaster recovery plan with an RPO of 1 second and RTO of less than 1 minute. | Use Amazon Aurora Global Database. |
| Monitor database metrics and send email notifications if a specific threshold has been breached. | Create an SNS topic and add the topic in the CloudWatch alarm. |
| Set up a DNS failover to a static website. | Use Route 53 with the failover option to a static S3 website bucket or CloudFront distribution. |
| Implement an automated backup for all the EBS Volumes. | Use Amazon Data Lifecycle Manager to automate the creation of EBS snapshots. |
| Monitor the available swap space of your EC2 instances | Install the CloudWatch agent and monitor the SwapUtilizationmetric. |
| Implement a 90-day backup retention policy on Amazon Aurora. | Use AWS Backup |
| Domain 2: Design High-Performing Architectures | |
| Implement a fanout messaging. | Create an SNS topic with a message filtering policy and configure multiple SQS queues to subscribe to the topic. |
| A database that has a read replication latency of less than 1 second. | Use Amazon Aurora with cross-region replicas. |
| A specific type of Elastic Load Balancer that uses UDP as the protocol for communication between clients and thousands of game servers around the world. | Use Network Load Balancer for TCP/UDP protocols. |
| Monitor the memory and disk space utilization of an EC2 instance. | Install Amazon CloudWatch agent on the instance. |
| Retrieve a subset of data from a large CSV file stored in the S3 bucket. | Perform an S3 Select operation based on the bucket’s name and object’s key. |
| Upload 1 TB file to an S3 bucket. | Use Amazon S3 multipart upload API to upload large objects in parts. |
| Improve the performance of the application by reducing the response times from milliseconds to microseconds. | Use Amazon DynamoDB Accelerator (DAX) |
| Retrieve the instance ID, public keys, and public IP address of an EC2 instance. | Access the URL: http://169.254.169.254/latest/meta-data/ using the EC2 instance. |
| Route the internet traffic to the resources based on the location of the user. | Use Route 53 Geolocation Routing policy. |
| A fully managed ETL (extract, transform, and load) service provided by Amazon Web Services. | AWS Glue |
| A fully managed, petabyte-scale data warehouse service. | Amazon Redshift |
| Domain 3: Design Secure Applications and Architectures | |
| Encrypt EBS volumes restored from the unencrypted EBS snapshots | Copy the snapshot and enable encryption with a new symmetric CMK while creating an EBS volume using the snapshot. |
| Limit the maximum number of requests from a single IP address. | Create a rate-based rule in AWS WAF and set the rate limit. |
| Grant the bucket owner full access to all uploaded objects in the S3 bucket. | Create a bucket policy that requires users to set the object’s ACL to bucket-owner-full-control. |
| Protect objects in the S3 bucket from accidental deletion or overwrite. | Enable versioning and MFA delete. |
| Access resources on both on-premises and AWS using on-premises credentials that are stored in Active Directory. | Set up SAML 2.0-Based Federation by using a Microsoft Active Directory Federation Service. |
| Secure the sensitive data stored in EBS volumes | Enable EBS Encryption |
| Ensure that the data-in-transit and data-at-rest of the Amazon S3 bucket is always encrypted | Enable Amazon S3 Server-Side or use Client-Side Encryption |
| Secu y5SL traffic over the same IP address. | Use AWS Certificate Manager to generate an SSL certificate. Associate the certificate to the CloudFront distribution and enable Server Name Indication (SNI). |
| Control the access for several S3 buckets by using a gateway endpoint to allow access to trusted buckets. | Create an endpoint policy for trusted S3 buckets. |
| Enforce strict compliance by tracking all the configuration changes made to any AWS services. | Set up a rule in AWS Config to identify compliant and non-compliant services. |
| Provide short-lived access tokens that act as temporary security credentials to allow access to AWS resources. | Use AWS Security Token Service |
| Encrypt and rotate all the database credentials, API keys, and other secrets on a regular basis. | Use AWS Secrets Manager and enable automatic rotation of credentials. |
| Domain 4: Design Cost-Optimized Architectures | |
| A cost-effective solution for over-provisioning of resources. | Configure a target tracking scaling in ASG. |
| The application data is stored in a tape backup solution. The backup data must be preserved for up to 10 years. | Use AWS Storage Gateway to backup the data directly to Amazon S3 Glacier Deep Archive. |
| Accelerate the transfer of historical records from on-premises to AWS over the Internet in a cost-effective manner. | Use AWS DataSync and select Amazon S3 Glacier Deep Archive as the destination. |
| Globally deliver the static contents and media files to customers around the world with low latency. | Store the files in Amazon S3 and create a CloudFront distribution. Select the S3 bucket as the origin. |
| An application must be hosted to two EC2 instances and should continuously run for three years. The CPU utilization of the EC2 instances is expected to be stable and predictable. | Deploy the application to a Reserved instance. |
| Implement a cost-effective solution for S3 objects that are accessed less frequently. | Create an Amazon S3 lifecyle policy to move the objects to Amazon S3 Standard-IA. |
| Minimize the data transfer costs between two EC2 instances. | Deploy the EC2 instances in the same Region. |
| Import the SSL/TLS certificate of the application. | Import the certificate into AWS Certificate Manager or upload it to AWS IAM. |
Whitepapers –
- AWS Well-Architected Framework
- An Overview of the AWS Cloud Adoption Framework
- Cost Optimization Pillar – AWS Well-Architected Framework
- Disaster Recovery of On-Premises Applications to AWS
- Security Best Practices for Manufacturing OT
Exam SAA-C03 – Exams Question gist
Techglot 