Amazon SOA-C02 Practice Test - Questions Answers, Page 30

The requirement is to monitor and notify whenever a non-production EC2 instance is started during the night. Amazon EventBridge offers a robust solution by triggering workflows in response to events.

Setting up Amazon EventBridge: Create an EventBridge rule that listens for the 'EC2 Instance State-change Notification' event. Configure the rule to trigger only when instances transition to the 'running' state.

Lambda Function: Attach a Lambda function as the target of the EventBridge rule. This function will execute when an EC2 instance starts. Inside the Lambda function, implement logic to check the current time and confirm it is during the night hours. Additionally, the function will check the instance's tags to verify if it's labeled as 'non-production'.

Notification via Amazon SNS: If the conditions are met (non-production and nighttime), the Lambda function publishes a message to an Amazon SNS topic specifically set up for this alert. The IT manager is subscribed to this topic, enabling them to receive an email notification almost instantaneously when the event occurs.

This solution is operationally efficient as it leverages serverless components that are inherently scalable and cost-effective, providing real-time monitoring and notifications without the need for continuous polling or complex infrastructure.

To host a static website on Amazon S3, the SysOps administrator needs to configure the bucket for public access and set up the static website hosting. Here's how to complete this process:

Turn off 'Block all public access': Amazon S3 buckets have 'Block all public access' settings enabled by default for security. Since the webpage needs to be accessible publicly, this setting must be disabled. This step is crucial to allow public read access to the web content.

Set a bucket policy: After disabling 'Block all public access,' set a bucket policy that explicitly allows public read access to the S3 bucket. This policy should allow the s3:GetObject action for everyone, which can be set by specifying 'Principal': '*'. This policy ensures that anyone can view the webpage but does not grant permissions to modify or delete the content.

Create an index.html document and configure static website hosting: The next step is to create an index.html file, which will serve as the entry point of the website. After creating this file, upload it to the bucket. Then, configure the bucket for static website hosting through the S3 management console. This setting enables the S3 bucket to serve the webpage directly from the index.html file.

Combining these actions, the S3 bucket will be properly configured to host and serve the static website with minimal operational overhead and maximum accessibility.

The simplest and most efficient solution to ensure that EC2 instances are restarted when CPU utilization exceeds 80% is to use Amazon CloudWatch alarms:

Create a CloudWatch Alarm: Navigate to the CloudWatch dashboard in the AWS Management Console and create a new alarm. Set the alarm to monitor the CPU utilization metric of the EC2 instances.

Set the Alarm Condition: Configure the alarm to trigger when the CPU utilization exceeds 80%. You can specify this threshold in the alarm settings.

Configure Alarm Actions: In the actions settings of the alarm, select the option to reboot the instance. This action ensures that the instance is automatically restarted whenever the alarm condition is met, without the need for manual intervention or additional scripts.

This method leverages AWS's native capabilities, minimizing operational overhead and eliminating the need for external tools or custom scripts.

When using the RequestCountPerTarget metric for scaling in an Auto Scaling group, the behavior of instance scaling follows specific rules set by Auto Scaling policies and cooldown periods:

Scaling Trigger: The Auto Scaling group triggers a scaling action whenever the RequestCountPerTarget exceeds the predefined limit set in the scaling policy.

Cooldown Period: After launching an EC2 instance due to a scaling action, the Auto Scaling group enters a cooldown period. During this period, despite further breaches of the threshold, no additional instances will be launched. This is designed to give the newly launched instance time to start and begin handling traffic, preventing the Auto Scaling group from launching too many instances too quickly.

This mechanism helps maintain efficient use of resources by adapting to changes in load while avoiding rapid, unnecessary scaling actions.

To optimize the cost of a computing environment consisting of control nodes that are always on and task nodes that operate for a limited number of hours each day, consider the following strategies:

Purchase EC2 Instance Savings Plans for the Control Nodes: Since the control nodes are required to be operational 24/7, purchasing EC2 Instance Savings Plans is a cost-effective choice. These plans provide a lower price compared to on-demand instances, in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a one or three-year period.

Use Spot Instances for the Task Nodes: Given that task nodes are used for a shorter duration (4 hours a day) and presumably can tolerate interruptions, using Spot Instances can significantly reduce costs. Spot Instances offer unused EC2 capacity at a fraction of the regular price, which can lead to substantial cost savings. Additionally, configure the system to fall back to On-Demand Instances during periods when Spot Instances are not available to ensure availability.

This combination leverages cost savings for continuous use and flexible, lower-cost options for intermittent use, optimizing overall operational costs efficiently.

The issues experienced by users with legacy browsers typically stem from the SSL/TLS ciphers that are supported or enforced by the ALB. Modern security policies may exclude older ciphers that are necessary for compatibility with older browsers. Here's how to resolve it:

Access the ALB Settings: Go to the AWS Management Console, navigate to the ALB settings, and locate the SSL negotiation configurations.

Modify Security Policy: Update the SSL/TLS security policy on the ALB to include ciphers that are compatible with legacy browsers. AWS provides predefined security policies, and some of these policies are designed to support older ciphers while still maintaining a level of security that complies with general best practices.

Apply Changes: Once the security policy is updated, the ALB will start using this new configuration, which should resolve compatibility issues with legacy browsers without needing to replace the SSL certificate or alter the infrastructure.

This solution maintains the operational efficiency of the setup and avoids the need for additional resources like a second ALB or new certificates.

To automate the initialization of additional EBS volumes on Windows EC2 instances, the most effective approach is to integrate initialization scripts within the instance so that they execute upon startup:

Configure Initialization Script: Use a Windows PowerShell script (InitializeDisks.ps1) to initialize and format the additional EBS volumes. The script can assign drive letters based on configurations specified in DriveLetterMappingConfig.json.

Automate at Launch: Ensure that the PowerShell script runs automatically upon instance startup. This can be configured through Windows Task Scheduler or by setting it up in the startup folder.

Create a Custom AMI: Once the instance is configured with the script and successfully initializes the disks on startup, create a new AMI from this setup. This AMI can then be used to launch new instances that will automatically initialize their additional EBS volumes with no manual intervention required.

This method leverages native Windows tools and AWS capabilities to automate EBS volume initialization, enhancing operational efficiency without additional external dependencies.