Amazon DVA-C02 Practice Test - Questions Answers, Page 17

TTL for Automatic Deletion:DynamoDB's Time-to-Live effortlessly deletes expired items without manual intervention.

DynamoDB Stream:Captures changes to the table, including deletions of expired items, triggering downstream actions.

Lambda for Processing:A Lambda function connected to the stream provides custom logic for handling the deleted items.

Code Efficiency:This solution leverages native DynamoDB features and stream-based processing, minimizing the need for custom code.

DynamoDB TTL Documentation:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html

DynamoDB Streams Documentation:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html

CloudFormation and Dynamic

Reference:TheDefinitionSubstitutionsproperty in CloudFormation allows you to pass values into Step Functions state machines at runtime.

Cost-Effectiveness:This solution is cost-effective as it leverages CloudFormation's built-in capabilities, avoiding the need for additional services like Secrets Manager or AppConfig.

AWS Step Functions State Machine:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-stepfunctions-statemachine.html

CloudFormation DefinitionSubstitutions:https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-stepfunctions/issues/14

Tracing Distributed Systems:AWS X-Ray is designed to trace requests across services, helping identify bottlenecks in distributed applications like this one.

No Code Changes:Enabling X-Ray tracing often requires minimal code changes, meeting the requirement.

Identifying Bottlenecks: Analyzing X-Ray traces and logs will reveal latency in communications between different AWS services, leading to the high duration time.

AWS X-Ray:https://aws.amazon.com/xray/

X-Ray and Lambda:https://docs.aws.amazon.com/xray/latest/devguide/xray-services-lambda.html

IAM Roles for EC2: IAM roles are the recommended way to provide AWS credentials to applications running on EC2 instances. Here's how this works:

You create an IAM role with the necessary permissions to access the target S3 bucket.

You create an instance profile and associate the IAM role with this profile.

When launching the EC2 instance, you attach this instance profile.

Temporary Security Credentials: When the application on the EC2 instance needs to access S3, it doesn't directly use access keys. Instead, the AWS SDK running on the instance retrieves temporary security credentials associated with the role. These are rotated automatically by AWS.

IAM Roles for Amazon EC2:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

Temporary Security Credentials:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

Centralized Logging Benefits: Centralized logging is essential for operational visibility in scalable systems, especially those using multiple EC2 instances like our e-commerce website. CloudWatch provides this capability, along with other monitoring features.

CloudWatch Agent: This is the best way to send custom application logs from EC2 instances to CloudWatch. Here's the process:

Install the CloudWatch agent on each EC2 instance.

Configure the agent with a configuration file, specifying:

Which log files to collect.

The format in which to send logs to CloudWatch (e.g., JSON).

The specific CloudWatch Logs log group and log stream for these logs.

Viewing and Analyzing Logs: Once the agent is pushing logs, use the CloudWatch Logs console or API:

View and search the logs across all instances.

Set up alarms based on log events.

Use CloudWatch Logs Insights for sophisticated queries and analysis.

Amazon CloudWatch Logs:https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

Unified CloudWatch Agent:https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html

CloudWatch Logs Insights:https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

AWS Secrets Manager is a service that allows you to store and manage secrets, such as database credentials, API keys, and passwords, in a secure and centralized way.It also provides features such as automatic secret rotation, auditing, and monitoring1. By using AWS Secrets Manager, you can avoid hardcoding credentials in your code, which is a bad security practice and makes it difficult to update them.You can also replicate your secrets to another Region, which is useful for disaster recovery purposes2. To access your secrets from your application, you can use the ARN of the secret, which is a unique identifier that includes the Region name.This way, your application can use the appropriate secret based on the Region where it is deployed3.

AWS Secrets Manager

Replicating and sharing secrets

Using your own encryption keys

Understand the Problem: The existing DynamoDB table has email_address as the partition key. Searching by customer_type requires a different data access pattern. We need an efficient way to query for partial matches on email_address based on customer_type.

Why Global Secondary Index (GSI):

GSIs allow you to define a different partition key and sort key from the main table, enabling new query patterns.

In this case, havingcustomer_typeas the GSI's partition key lets you group all emails with the same customer type together.

Usingemail_addressas the sort key allows ordering within each customer type, facilitating the partial matching.

Querying the GSI:

You'll perform a query operation on the GSI, not the original table.

Use thebegins_withkey condition expression on the GSI's sort key (email_address) to find partial matches as the user types in thecustomer_typefield.

DynamoDB Global Secondary Indexes:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html

DynamoDB Query Operation:[invalid URL removed]

Amazon S3 Glacier Instant Retrieval is an archive storage class that delivers the lowest-cost storage for long-lived data that is rarely accessed and requires retrieval in milliseconds. With S3 Glacier Instant Retrieval, you can save up to 68% on storage costs compared to using the S3 Standard-Infrequent Access (S3 Standard-IA) storage class, when your data is accessed once per quarter. https://aws.amazon.com/s3/storage-classes/glacier/instant-retrieval/

Understanding Storage Requirements:

Files are large and infrequently accessed, but need to be available within minutes when requested in the first year.

Long-term (7-year) retention is required.

Cost-effectiveness is a top priority.

Why S3 Glacier Instant Retrieval:

Matches the retrieval requirements (access within minutes).

More cost-effective than S3 Standard for infrequently accessed data.

Simpler to use than traditional Glacier where retrievals take hours.

Why S3 Glacier Deep Archive:

Most cost-effective S3 storage class for long term archival.

Meets the 7-year retention requirement.

S3 Lifecycle Policy:

Automate the transition from Glacier Instant Retrieval to Glacier Deep Archive after one year.

Optimize costs by matching storage classes to access patterns.

Amazon S3 Storage Classes:https://aws.amazon.com/s3/storage-classes/

S3 Glacier Instant Retrieval:[invalid URL removed]

S3 Glacier Deep Archive:[invalid URL removed]

S3 Lifecycle Policies:https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html

CloudFormation and Lambda Environment Variables:

CloudFormation is an excellent tool to manage infrastructure as code, including the log group resource.

Lambda functions can access environment variables at runtime, making them a suitable way to pass configuration information like the log group ARN.

CloudFormation Template Modification:

In your CloudFormation template, define the log group resource.

In the Lambda function resource, add anEnvironmentsection:

YAML

Environment:

Variables:

LOG_GROUP_ARN: !Ref LogGroupResourceName

Use codewith caution.

content_copy

The!Refintrinsic function retrieves the log group's ARN, which CloudFormation generates during stack creation.

Using the ARN in Your Lambda Function:

Within your Lambda code, access theLOG_GROUP_ARNenvironment variable.

Configure your logging library (e.g., Python'sloggingmodule) to send logs to the specified log group.

AWS Lambda Environment Variables:https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html

CloudFormation !Ref Intrinsic Function:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html