Design for Organizational Complexity Flashcards
How to add accounts from another AWS Organization to your existing Security Hub?
Send invites from a Security Hub administrator account
Tool to transport VPC flow logs to Amazon OpenSearch
Amazon Kinesis Firehose
Infrastructure as code when you want to allow users to use the templates without granting them direct permissions to create resources
AWS Proton
Tool to generate daily cost and usage reports for an Organization that are saved to S3
AWS Cost and Usage Reports
Which tool to set up a WordPress site for someone with zero AWS experience
Lightsail
To Handle private DNS for multiple VPCs in S3, do you
A. Create a Private Hosted Zone for each VPC and configure replication between them.
B. Create a single Private Hosted Zone and associate each VPC with it as you create them.
B. Create a single Private Hosted Zone and associate each VPC with it as you create them.
How to trigger events when someone deploys an AWS Service Catalog product?
Amazon CloudWatch to monitor Service Catalog and trigger a Lambda or Step Function.
You currently have Route53 configured to route www.example.com to an ELB. How would you also allow users to use example.com
Create an alias record that routes example.com to the ELB.
What tool for an automated lift-and-shift solution to migrate a wide variety of servers and OSs?
AWS Application Migration Service
How to handle single sign on for on-prem Active Directory
AWS SSO
How to enable your Direct Connect to access VPCs in other regions.
Set up a private virtual interface for your Direct Connect connection to a Direct Connect gateway and associate the Direct Connect gateway with the virtual private gateway of the VPC.
How to have Route 53 use an on-premises DNS resolver
In the Route 53 Resolver:
- Create an outbound endpoint.
- Define rules to specify which DNS queries are to be forwarded to the on-premises DNS resolver
How to have RDS instance storage adapt to additional storage requirements without manual intervention?
Enable Storage autoscaling
What service to transfer files over FTP?
AWS Transfer Family
Tool for log analytics
Amazon OpenSearch
CloudWatch metric to determine available storage for an RDS instance
FreeStorageSpace
Recommended way to share Lake Formation database tables across accounts
Lake Formation tag-based access control (LF-TBAC)
Solution to redirect users to different sites based on device type.
Use a Lambda@Edge function with Cloudfront
Tool to require all accounts in an Organization to back up all DynamoDB tables weekly?
AWS Backup to define policies and AWS Organizations to enable them.
Which tool to establish relationships with on-prem Active Directory directories
AWS Directory Service for Microsoft Active Directory
How do you implement multiple statement elements for a Service Control Policy?
Combine then into one statement element with an object array.
How to integrate VPCs on newly acquired accounts into a hub-and-spoke network architecture
Initiate a peering attachment between the hub gateway and all new VPCs. Setup routes on the spoke VPCs to direct traffic .
Does Lambda@Edge guarantee the persistence of global variables?
No
CloudWatch metric to determine available storage for an Aurora DB
FreeLocalStorage
