AWS Certified Associate SOA-C02 Full Course Free

To effectively use Amazon CloudFront as a content delivery network for an application using an Application Load Balancer as the origin, several configuration steps need to be correctly implemented:

DNS Configuration: Ensure that the DNS records for the domain serving the content point to the CloudFront distribution's DNS name rather than directly to the ALB. If the DNS still points to the ALB, users' requests will bypass CloudFront, leading directly to the ALB and maintaining the existing load on your web servers.

TTL Settings: The Time to Live (TTL) settings in the CloudFront distribution dictate how long the content is cached in CloudFront edge locations before CloudFront fetches a fresh copy from the origin. If the TTL values are set to 0, it means that CloudFront does not cache the content at all, resulting in each user request being forwarded to the ALB, which does not reduce the load.

AWS Documentation Reference:For more information on DNS and TTL configurations for CloudFront, you can refer to the following AWS documentation:

Configuring DNS

CloudFront TTL Settings.

 Objective:

Publish VPC flow logs to Amazon CloudWatch Logs.

 Root Cause:

VPC flow logs require an IAM role with permissions to create log groups, log streams, and write logs to CloudWatch Logs.

If the logs:CreateLogGroup permission is missing, the flow log cannot create the required log group, and logs will not appear in CloudWatch.

 Solution Implementation:

Step 1: Verify the IAM role attached to the VPC flow logs.

Step 2: Add the following permissions to the IAM policy:

logs:CreateLogGroup

logs:CreateLogStream

logs:PutLogEvents

Step 3: Update the IAM role policy and retry creating flow logs.

 AWS References:

VPC Flow Logs Permissions:Permissions for VPC Flow Logs

 Why Other Options Are Incorrect:

Option B: logs:CreateExportTask is for exporting logs from CloudWatch to S3, not for creating log groups.

Option C: IPv6 addresses do not impact the publishing of flow logs to CloudWatch Logs.

Option D: VPC peering does not block flow log functionality.

To delete the AWS CloudFormation stack without deleting the DynamoDB table, you need to apply a deletion policy to the DynamoDB resource. The Retain deletion policy ensures that the specified resource is not deleted when the stack is deleted. Instead, it is retained.

Steps:

Modify the CloudFormation Template:

Add a deletion policy to the DynamoDB table resource.

json

Copy code

{

"Resources": {

"MyDynamoDBTable": {

"Type": "AWS::DynamoDB::Table",

"DeletionPolicy": "Retain",

}

}

}

The presigned URL expiration is the most common reason for access issues after some time. Additionally, if the SysOps administrator’s access key (used to generate the presigned URL) is invalid, the URL will no longer be usable. Block Public Access or ACL settings are irrelevant to presigned URLs.