AWS Certified Associate SOA-C02 Reddit Questions

To meet the requirement of using only IPv6 for all EC2 instances while allowing outbound internet access and preventing inbound internet access, an egress-only internet gateway is the correct solution. An egress-only internet gateway allows outbound communication over IPv6 and blocks inbound communication, ensuring that the instances can access the internet but are not directly accessible from the internet.

Create an Egress-Only Internet Gateway:

Open the Amazon VPC console at Amazon VPC Console.

In the navigation pane, choose Egress-only internet gateways.

Choose Create egress-only internet gateway, and then attach it to your VPC.

Create a Custom Route Table:

In the VPC console, navigate to Route Tables.

Create a new route table or select an existing one.

Add a route with the destination set to ::/0 (which represents all IPv6 addresses) and the target set to the egress-only internet gateway.

Attach the Route Table to IPv6-Only Subnets:

Associate the route table with the IPv6-only subnets in your VPC.

This configuration ensures that your IPv6-only EC2 instances can access the internet while being protected from inbound internet traffic.

Egress-Only Internet Gateways

IPv6 Addresses

Objective:

Provision Spot Instances with the highest availability while using a wide range of instance types.

Capacity Optimized Strategy:

The capacity optimized strategy ensures that Spot Instances are launched from the pools with the highest available capacity at the time of the request.

This approach minimizes the likelihood of interruptions and increases the chances of launching the desired capacity.

Steps to Implement:

In the Auto Scaling group configuration, set the Spot Allocation Strategy to Capacity Optimized.

Define multiple instance types in the launch template to allow flexibility.

AWS References:

Spot Allocation Strategies:Spot Instance Allocation Strategies

Capacity Optimized Details:Capacity Optimized Spot Instances

Why Other Options Are Incorrect:

Option A: Simply launching up to maximum capacity does not address availability concerns.

Option B: The diversified strategy spreads instances across Spot pools but does not prioritize capacity.

Option D: Spot Instance Advisor provides recommendations but is not a direct allocation strategy.

A CloudFormation stack in the DELETE_FAILED state typically indicates that some resources could not be deleted. One common reason is that S3 buckets in the stack still contain objects.

Steps:

Identify the Failed Resources:

Open the AWS CloudFormation console.

Select the stack in the DELETE_FAILED state.

Check the "Events" tab to identify the resource(s) that caused the failure.

Delete S3 Objects:

Open the Amazon S3 console.

Navigate to the bucket(s) listed in the CloudFormation events.

Delete all objects in the bucket. You can use the S3 console, AWS CLI, or an S3 batch operation to delete the objects.

Retry Stack Deletion:

After clearing the S3 bucket(s), go back to the CloudFormation console.

Select the stack and choose "Delete" to retry the deletion process.

Step-by-Step Explanation:

Understand the Problem:

Manage a database password securely and rotate it every 90 days.

Analyze the Requirements:

Ensure secure management and automatic rotation of the database password.

Minimize manual intervention and risk of exposing the password.

Evaluate the Options:

Option A: Use the AWS SecretsManager Secret resource with the GenerateSecretString property.

Secrets Manager can automatically generate a strong password.

The RotationSchedule resource defines a rotation schedule to rotate the password every 90 days.

Option B: Use the AWS SecretsManager Secret resource with the SecretString property.

Requires accepting a password as a CloudFormation parameter and does not automate password generation.

Option C: Use the AWS SSM Parameter resource.

AWS Systems Manager Parameter Store can store secure strings, but it does not support automatic rotation.

Option D: Use the AWS SSM Parameter resource without secure string.

This option does not offer the security of Secrets Manager and does not support automatic rotation.

Select the Best Solution:

Option A: Using AWS Secrets Manager with the GenerateSecretString property and RotationSchedule resource ensures secure management and automatic rotation of the database password.

AWS Secrets Manager

Rotate AWS Secrets Manager Secrets

AWS Secrets Manager provides secure storage, automatic rotation, and seamless integration with applications for accessing secrets.