AWS Certified Associate SOA-C02 Syllabus Exam Questions Answers

To ensure all EC2 instances have the required tags and terminate any noncompliant instances, AWS Config can be used to check the compliance, and AWS Systems Manager Automation can be invoked to take action on noncompliant instances.

Create AWS Config Rule:

Open the AWS Config console at AWS Config Console.

Create a new rule to check for the required tags on EC2 instances. Use the managed rule required-tags.

Create AWS Systems Manager Automation Document:

Open the AWS Systems Manager console at AWS Systems Manager Console.

Create an Automation document to terminate noncompliant instances.

Link AWS Config Rule to Automation:

In the AWS Config console, configure the rule to invoke the Systems Manager Automation document if an instance is found to be noncompliant.

AWS Config Rules

AWS Systems Manager Automation

AWS Config Managed Rules

"You can add tags to resources when you create the resource. You can use the resource's service console or API to add, change, or remove those tags one resource at a time. To add tags to—or edit or delete tags of—multiple resources at once, use Tag Editor. With Tag Editor, you search for the resources that you want to tag, and then manage tags for the resources in your search results."

This solution is operationally efficient and leverages AWS services to provide notifications when the Lambda function is not invoked, indicating that the file did not arrive.

Steps:

Create a CloudWatch Alarm:

Open the Amazon CloudWatch console.

In the navigation pane, choose "Alarms" and then "Create Alarm".

Select Lambda Metrics:

Choose "Select metric" and then navigate to "AWS Lambda" metrics.

Select the Lambda function that processes the S3 files.

Choose the "Invocations" metric.

Configure the Alarm:

Set the period to 1 hour.

Define the threshold condition to trigger when the Invocations metric is zero.

Under "Additional configuration", configure the alarm to treat missing data as "breaching".

Set Alarm Actions:

Configure the alarm action to send a notification to an Amazon SNS topic.

Create an SNS topic if one does not exist, and subscribe the application team to this topic.

Testing and Verification:

Ensure that the alarm triggers correctly by simulating a missing file scenario and confirming that the notification is sent to the SNS topic.

This approach uses CloudWatch to monitor the invocation frequency of the Lambda function, ensuring that the application team is notified whenever the expected file does not arrive within the specified timeframe.

Split-tunnel routing allows you to specify that only the traffic destined for your VPC is routed through the VPN tunnel. All other internet traffic is routed through the user’s local network.

Steps:

Open the Client VPN Console:

Sign in to the AWS Management Console.

Open the Amazon VPC console.

Modify the Client VPN Endpoint:

Select the Client VPN endpoint.

Choose "Modify Client VPN endpoint".

Enable the "Split-tunnel" option.

Update Route Table:

Ensure that the route table associated with the Client VPN endpoint routes traffic destined for the VPC IP range to the appropriate target (e.g., VPC subnet).

This configuration ensures that only traffic destined for resources in the VPC is sent over the VPN tunnel, while other traffic uses the user’s local internet connection.