AWS Certified Associate SOA-C02 Full Course Free

To automate the execution of a Python script every night efficiently:

Convert Python Script to Lambda:

Create an AWS Lambda function and upload the Python script.

Ensure the function has the necessary IAM permissions to perform the required maintenance tasks.

To maintain a documented trail of any changes made to the security groups and receive notifications, AWS Config is the best solution.

AWS Config:

AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

You can set up AWS Config to record changes to your security groups.

Setting Up AWS Config:

Open the AWS Config console and choose "Set up AWS Config."

Select the resource types you want to record (in this case, security groups).

Specify an Amazon S3 bucket to store configuration snapshots and history files.

Notifications:

Create an Amazon SNS topic for notifications about configuration changes.

Subscribe the SysOps administrator's email address to the SNS topic.

AWS Config

Setting Up AWS Config

To host a static website on Amazon S3, the SysOps administrator needs to configure the bucket for public access and set up the static website hosting. Here's how to complete this process:

Turn off "Block all public access": Amazon S3 buckets have "Block all public access" settings enabled by default for security. Since the webpage needs to be accessible publicly, this setting must be disabled. This step is crucial to allow public read access to the web content.

Set a bucket policy: After disabling "Block all public access," set a bucket policy that explicitly allows public read access to the S3 bucket. This policy should allow the s3:GetObject action for everyone, which can be set by specifying "Principal": "*". This policy ensures that anyone can view the webpage but does not grant permissions to modify or delete the content.

Create an index.html document and configure static website hosting: The next step is to create an index.html file, which will serve as the entry point of the website. After creating this file, upload it to the bucket. Then, configure the bucket for static website hosting through the S3 management console. This setting enables the S3 bucket to serve the webpage directly from the index.html file.

Combining these actions, the S3 bucket will be properly configured to host and serve the static website with minimal operational overhead and maximum accessibility.

Amazon S3 Cross-Region Replication (CRR) is a feature that automatically replicates objects across AWS regions. When CRR is configured, certain aspects are replicated by default, and some are not. Here are the details:

Objects in the source S3 bucket for which the bucket owner does not have permissions: CRR does not replicate objects for which the bucket owner does not have permissions.

Objects that are stored in S3 Glacier: Objects in the S3 Glacier storage class are not replicated by CRR.

Objects that existed before replication was configured: Only objects created or modified after the replication configuration will be replicated. Objects that existed before the configuration are not replicated by default.

Object metadata: CRR replicates the object metadata along with the object to ensure that the replica in the destination bucket is as accurate as possible.

Amazon S3 Cross-Region Replication

Replication Configuration Examples