- (Exam Topic 3)
A financial services company runs a complex, multi-tier application on Amazon EC2 instances and AWS Lambda functions. The application stores temporary data in Amazon S3. The S3 objects are valid for only 45 minutes and are deleted after 24 hours.
The company deploys each version of the application by launching an AWS CloudFormation stack. The stack creates all resources that are required to run the application. When the company deploys and validates a new application version, the company deletes the CloudFormation stack of the old version.
The company recently tried to delete the CloudFormation stack of an old application version, but the operation failed. An analysis shows that CloudFormation failed to delete an existing S3 bucket. A solutions architect needs to resolve this issue without making major changes to the application's architecture.
Which solution meets these requirements?

1. A. Implement a Lambda function that deletes all files from a given S3 bucke
2. B. Integrate this Lambda function as a custom resource into the CloudFormation stac
3. C. Ensure that the custom resource has a DependsOn attribute that points to the S3 bucket's resource.
4. D. Modify the CloudFormation template to provision an Amazon Elastic File System (Amazon EFS) file system to store the temporary files there instead of in Amazon S3. Configure the Lambda functions to run in the same VPC as the file syste
5. E. Mount the file system to the EC2 instances and Lambda functions.
6. F. Modify the CloudFormation stack to create an S3 Lifecycle rule that expires all objects 45 minutes after creatio
7. G. Add a DependsOn attribute that points to the S3 bucket's resource.
8. H. Modify the CloudFormation stack to attach a DeletionPolicy attribute with a value of Delete to the S3 bucket.

Correct Answer: D
This option allows the solutions architect to use a DeletionPolicy attribute to specify how AWS CloudFormation handles the deletion of an S3 bucket when the stack is deleted1. By setting the value of Delete, the solutions architect can instruct CloudFormation to delete the bucket and all of its contents1. This option does not require any major changes to the application’s architecture or any additional resources.
References:
Deletion policies

- (Exam Topic 1)
A company built an application based on AWS Lambda deployed in an AWS CloudFormation stack. The last production release of the web application introduced an issue that resulted in an outage lasting several minutes. A solutions architect must adjust the deployment process to support a canary release.
Which solution will meet these requirements?

1. A. Create an alias for every new deployed version of the Lambda functio
2. B. Use the AWS CLI update-alias command with the routing-config parameter to distribute the load.
3. C. Deploy the application into a new CloudFormation stac
4. D. Use an Amazon Route 53 weighted routing policy to distribute the load.
5. E. Create a version for every new deployed Lambda functio
6. F. Use the AWS CLIupdate-function-configuration command with the routing-config parameter to distribute the load.
7. G. Configure AWS CodeDeploy and use CodeDeployDefault.OneAtATime in the Deployment configuration to distribute the load.

Correct Answer: A
https://aws.amazon.com/blogs/compute/implementing-canary-deployments-of-aws-lambda-functions-with-alias- https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html

- (Exam Topic 2)
A company is running a web application in a VPC. The web application runs on a group of Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is using AWS WAF.
An external customer needs to connect to the web application. The company must provide IP addresses to all external customers.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Replace the ALB with a Network Load Balancer (NLB). Assign an Elastic IP address to the NLB.
2. B. Allocate an Elastic IP addres
3. C. Assign the Elastic IP address to the ALProvide the Elastic IP address to the customer.
4. D. Create an AWS Global Accelerator standard accelerato
5. E. Specify the ALB as the accelerator's endpoint.Provide the accelerator's IP addresses to the customer.
6. F. Configure an Amazon CloudFront distributio
7. G. Set the ALB as the origi
8. H. Ping the distribution's DNS name to determine the distribution's public IP addres
9. I. Provide the IP address to the customer.

Correct Answer: C
https://docs.aws.amazon.com/global-accelerator/latest/dg/about-accelerators.alb-accelerator.html Option A is wrong. AWS WAF does not support associating with NLB.
https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html Option B is wrong. An ALB does not support an Elastic IP address. https://aws.amazon.com/elasticloadbalancing/features/

- (Exam Topic 1)
A company is developing a new serverless API by using Amazon API Gateway and AWS Lambda. The company integrated the Lambda functions with API Gateway to use several shared libraries and custom classes.
A solutions architect needs to simplify the deployment of the solution and optimize for code reuse. Which solution will meet these requirements?

1. A. Deploy the shared libraries and custom classes into a Docker imag
2. B. Store the image in an S3 bucket.Create a Lambda layer that uses the Docker image as the sourc
3. C. Deploy the API's Lambda functions as Zip package
4. D. Configure the packages to use the Lambda layer.
5. E. Deploy the shared libraries and custom classes to a Docker imag
6. F. Upload the image to Amazon Elastic Container Registry (Amazon ECR). Create a Lambda layer that uses the Docker image as the sourc
7. G. Deploy the API's Lambda functions as Zip package
8. H. Configure the packages to use the Lambda layer.
9. I. Deploy the shared libraries and custom classes to a Docker container in Amazon Elastic Container Service (Amazon ECS) by using the AWS Fargate launch typ
10. J. Deploy the API's Lambda functions as Zip package
11. K. Configure the packages to use the deployed container as a Lambda layer.
12. L. Deploy the shared libraries, custom classes, and code for the API's Lambda functions to a Docker imag
13. M. Upload the image to Amazon Elastic Container Registry (Amazon ECR). Configure the API's Lambda functions to use the Docker image as the deployment package.

Correct Answer: B
Deploying the shared libraries and custom classes to a Docker image and uploading the image to Amazon Elastic Container Registry (Amazon ECR) and creating a Lambda layer that uses the Docker image as the source. Then, deploying the API's Lambda functions as Zip packages and configuring the packages to use the Lambda layer would meet the requirements for simplifying the deployment and optimizing for code reuse.
A Lambda layer is a distribution mechanism for libraries, custom runtimes, and other function dependencies. It allows you to manage your in-development function code separately from your dependencies, this way you can easily update your dependencies without having to update your entire function code.
By deploying the shared libraries and custom classes to a Docker image and uploading the image to Amazon Elastic Container Registry (ECR), it makes it easy to manage and version the dependencies. This way, the company can use the same version of the dependencies across different Lambda functions.
By creating a Lambda layer that uses the Docker image as the source, the company can configure the API's Lambda functions to use the layer, reducing the need to include the dependencies in each function package, and making it easy to update the dependencies across all functions at once.
Reference:
AWS Lambda Layers documentation: https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html
AWS Elastic Container Registry (ECR) documentation: https://aws.amazon.com/ecr/ Building Lambda Layers with Docker documentation:
https://aws.amazon.com/blogs/compute/building-lambda-layers-with-docker/

- (Exam Topic 2)
A company has multiple business units that each have separate accounts on AWS. Each business unit manages its own network with several VPCs that have CIDR ranges that overlap. The company’s marketing team has created a new internal application and wants to make the application accessible to all the other business units. The solution must use private IP addresses only.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Instruct each business unit to add a unique secondary CIDR range to the business unit's VP
2. B. Peer the VPCs and use a private NAT gateway in the secondary range to route traffic to the marketing team.
3. C. Create an Amazon EC2 instance to serve as a virtual appliance in the marketing account's VP
4. D. Create an AWS Site-to-Site VPN connection between the marketing team and each business unit's VP
5. E. Perform NAT where necessary.
6. F. Create an AWS PrivateLink endpoint service to share the marketing applicatio
7. G. Grant permission to specific AWS accounts to connect to the servic
8. H. Create interface VPC endpoints in other accounts to access the application by using private IP addresses.
9. I. Create a Network Load Balancer (NLB) in front of the marketing application in a private subne
10. J. Create an API Gateway AP
11. K. Use the Amazon API Gateway private integration to connect the API to the NL
12. L. Activate IAM authorization for the AP
13. M. Grant access to the accounts of the other business units.

Correct Answer: C
With AWS PrivateLink, the marketing team can create an endpoint service to share their internal application with other accounts securely using private IP addresses. They can grant permission to specific AWS accounts to connect to the service and create interface VPC endpoints in the other accounts to access the application by using private IP addresses. This option does not require any changes to the network of the other business units, and it does not require peering or NATing. This solution is both scalable and secure.
https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-range