Passed Exam Today SOA-C02

To ensure CloudTrail is re-enabled immediately if it is disabled, you can use AWS Config with an automatic remediation action.

Create AWS Config Rule:

Configure an AWS Config rule that triggers when there are changes to the CloudTrail configuration.

Increasing the amount of memory for the Lambda function will help to improve the performance of the function. This is because the Lambda function is CPU-intensive and increasing the memory will give it access to more CPU resources and help it run faster. The other options (activating hyperthreading in the CPU launch options for the Lambda function, turning off the AWS managed encryption, and loading the required code into a custom layer) will not help to improve the performance of the Lambda function and are not the correct solutions for this issue.

Content-MD5 Header:

The Content-MD5 header provides an MD5 checksum of the object being uploaded. Amazon S3 uses this checksum to verify the integrity of the object.

Steps:

When uploading an object to S3, calculate the MD5 checksum of the object.

Include the Content-MD5 header with the base64-encoded MD5 checksum value in the upload request.

This ensures that S3 can detect if the object is corrupted during the upload process.

PUT Object - Amazon Simple Storage Service

HTTP 502 errors from CloudFront can occur because of the following reasons:

There's an SSL negotiation failure because the origin is using SSL/TLS protocols and ciphers that aren't supported by CloudFront.

There's an SSL negotiation failure because the SSL certificate on the origin is expired or invalid, or because the certificate chain is invalid.

There's a host header mismatch in the SSL negotiation between your CloudFront distribution and the custom origin.

The custom origin isn't responding on the ports specified in the origin settings of the CloudFront distribution.

The custom origin is ending the connection to CloudFront too quickly.