00:00

QUESTION 56

An application uses an Amazon EC2 Auto Scaling group. A developer notices that EC2 instances are taking a long time to become available during scale-out events. The UserData script is taking a long time to run.
The developer must implement a solution to decrease the time that elapses before an EC2 instance becomes available. The solution must make the most recent version of the application available at all times and must apply all available security updates. The solution also must minimize the number of images that are created. The images must be validated.
Which combination of steps should the developer take to meet these requirements? (Choose two.)

Correct Answer: BE
AWS CloudFormation is a service that enables developers to model and provision AWS resources using templates. The developer can use the following steps to avoid accidental database deletion in the future:
✑ Set up AWS CodeDeploy to deploy the most recent version of the application at
runtime. This will ensure that the application code is always up to date and does not depend on the AMI.
✑ Remove any commands that perform operating system patching from the
UserData script. This will reduce the time that the UserData script takes to run and speed up the instance launch process.
References:
✑ [What Is AWS CloudFormation? - AWS CloudFormation]
✑ [What Is AWS CodeDeploy? - AWS CodeDeploy]
✑ [Running Commands on Your Linux Instance at Launch - Amazon Elastic Compute Cloud]
AWS-Certified-Developer-Associate dumps exhibit

QUESTION 57

A developer has code that is stored in an Amazon S3 bucket. The code must be deployed as an AWS Lambda function across multiple accounts in the same AWS Region as the S3 bucket an AWS CloudPormation template that runs for each account will deploy the Lambda function.
What is the MOST secure way to allow CloudFormaton to access the Lambda Code in the S3 bucket?
Solution:
This solution allows the CloudFormation service role to access the S3 bucket from any account, as long as it has the S3 GetObject permission. The bucket policy grants access to any principal with the GetObject permission, which is the least privilege needed to deploy the Lambda code. This is more secure than granting ListBucket permission, which is not required for deploying Lambda code, or using a service-based link, which is not supported for Lambda functions.
Reference: AWS CloudFormation Service Role, Using AWS Lambda with Amazon S3

Does this meet the goal?

Correct Answer: A