AWS Certified Associate SAA-C03 Release Date

S3 Intelligent-Tiering is designed for data with unknown or changing access patterns. It automatically moves objects between frequent and infrequent access tiers as needed, with no retrieval fees for accessing data in any tier, and no performance impact. Minimal management overhead is required because AWS manages all transitions automatically. This class is cost-optimized and meets all requirements listed.

AWS Documentation Extract:

" S3 Intelligent-Tiering is the only storage class that automatically moves data between frequent and infrequent access tiers when access patterns change, with no retrieval charges and no impact on performance. It is designed to optimize costs automatically when data access patterns are unpredictable. "

(Source: Amazon S3 documentation, Intelligent-Tiering storage class)

Other options:

B: Storage class analysis only provides recommendations, not actual storage tiering.

C & D: S3 Standard-IA and S3 One Zone-IA both have retrieval fees and may impact retrieval time and data durability.

The correct security-group design is to allow inbound database access from the EC2 instances’ security group rather than from individual IP addresses. AWS security groups can reference another security group as the source, which is the scalable and recommended approach for application-to-database communication in dynamic environments such as Auto Scaling groups. That way, newly launched instances automatically inherit access without requiring IP-based rule updates. Option A is brittle because private IPs change as instances scale. Option C is not how security-group rules are defined, and option D reverses the traffic direction. Therefore, allowing the database security group to accept traffic from the web-servers security group is the right architecture.

============

IAM Access Analyzeris the correct service because AWS documents that it helps identify and reviewunused accessfor IAM users and roles across AWS accounts and organizations. It can generate findings that show where permissions are broader than necessary and can recommend narrower policies when applicable. Network Access Analyzer focuses on network reachability, not IAM over-permission. CloudWatch alarms on user activity do not analyze granted permissions, and Amazon Inspector is not the service for IAM permission-rightsizing. Since the company wants the least administrative overhead across multiple accounts managed with AWS Organizations, IAM Access Analyzer is the AWS-native service purpose-built for this kind of access review. (AWS Documentation)

============

AWS Fargate with Amazon ECS is a serverless, fully managed compute engine for containers. Fargate eliminates the need to provision or manage servers, and is ideal for periodic, long-running batch jobs. You only pay for the resources consumed during job execution, making it cost-effective for jobs that run infrequently. Lambda is not suitable because the maximum execution time is 15 minutes, but the job can take up to 2 hours.

AWS Documentation Extract:

“AWS Fargate lets you run containers without managing servers or clusters. Fargate is ideal for batch jobs, event-driven processing, and scheduled tasks that require hours of compute.”

(Source: AWS Fargate documentation)

A: Reserved Instances are cost-inefficient for infrequent workloads and require server management.

B: Lambda has a hard limit of 15 minutes per execution, insufficient for this job.

D: ECS on EC2 requires you to manage and provision EC2 instances, increasing cost and management overhead.