A developer is migrating a containerized application from an on-premises environment to an Amazon ECS cluster. In the on-premises environment, the container uses a Docker file to store the application. Service dependency configurations such as databases, caches, and storage volumes are stored in a docker-compose.yml file. Both files are located at the top level of the code base that the developer needs to containerize. When the developer deploys the code to Amazon ECS, the instructions from the Docker file are carried out. However, none of the configurations from dockercompose. yml are applied. The developer needs to resolve the error and ensure the configurations are applied.
A. Store the file path for the docker-compose.yml file as a Docker label. Add the label to
the ECS cluster's container details.
B. Add the details from the docker-compose.yml file to an ECS task definition. Associate the task with the ECS cluster.
C. Create a namespace in the ECS cluster. Associate the docker-compose.yml file to the namespace.
D. Update the service type of the ECS cluster to REPLICA, and redeploy the stack.
A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: user_id, user_name, user_score, and user_rank. The users are allowed to update their names only. A user is authenticated by web identity federation. Which set of conditions should be added in the policy attached to the role for the dynamodb:PutItem API call?
A.
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:LeadingKeys": ["${www.amazon.com:user_id}"],
"dynamodb:Attributes": ["user_name"]
}
}
B. "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${www.amazon.com:user_name}"], "dynamodb:Attributes": ["user_id"] } }
C. "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${www.amazon.com:user_id}"], "dynamodb:Attributes": ["user_name", "user_id"] } }
D. "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${www.amazon.com:user_name}"], "dynamodb:Attributes": ["username", "userid"] } }
A developer has deployed an AWS Lambda function that is subscribed to an Amazon Simple Notification Service {Amazon SNS) topic. The developer must implement a solution to add a record of each Lambda function invocation to an Amazon Simple Queue Service {Amazon SQS) queue. Which solution will meet this requirement?
A. Configure the SQS queue as a dead-letter queue for the Lambda function.
B. Create code that uses the AWS SDK to call the SQS SendMessage operation to add the invocation details to the SQS queue. Add the code to the end of the Lambda function.
C. Add two asynchronous invocation destinations to the Lambda function: one destination for successful invocations and one destination for failed invocations. Configure the SQS queue as the destination for each type. Create an Amazon CloudWatch alarm based on the DestinationDeliveryFailures metric to catch any message that cannot be delivered.
D. Add a single asynchronous invocation destination to the Lambda function to capture successful invocations. Configure the SQS queue as the destination. Create an Amazon CloudWatch alarm based on the DestinationDeliveryFailures metric to catch any message that cannot be delivered.
A developer is creating a stock trading application. The developer needs a solution to send text messages to application users to confirmation when a trade has been completed. The solution must deliver messages in the order a user makes stock trades. The solution must not send duplicate messages. Which solution will meet these requirements?
A. Configure the application to publish messages to an Amazon Data Firehose delivery
stream. Configure the delivery stream to have a destination of each user's mobile phone
number that is passed in the trade confirmation message.
B. Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Use the SendMessageln API call to send the trade confirmation messages to the queue. Use the SendMessageOut API to send the messages to users by using the information provided in the trade confirmation message.
C. Configure a pipe in Amazon EventBridge Pipes. Connect the application to the pipe as a source. Configure the pipe to use each user's mobile phone number as a target. Configure the pipe to send incoming events to the users.
D. Create an Amazon Simple Notification Service (SNS) FIFO topic. Configure the application to use the AWS SDK to publish notifications to the SNS topic to send SMS messages to the users.
A developer is building an application that stores objects in an Amazon S3 bucket. The bucket does not have versioning enabled. The objects are accessed rarely after 1 week. However, the objects must be immediately available at all times. The developer wants to optimize storage costs for the S3 bucket. Which solution will meet this requirement?
A. Create an S3 Lifecycle rule to expire objects after 7 days.
B. Create an S3 Lifecycle rule to transition objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days.
C. Create an S3 Lifecycle rule to transition objects to S3 Glacier Flexible Retrieval after 7 days.
D. Create an S3 Lifecycle rule to delete objects that have delete markers.
A social media company is designing a platform that allows users to upload data, which is stored in Amazon S3. Users can upload data encrypted with a public key. The company wants to ensure that only the company can decrypt the uploaded content using an asymmetric encryption key. The data must always be encrypted in transit and at rest. Options:
A. Use server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt the
data.
B. Use server-side encryption with customer-provided encryption keys (SSE-C) to encrypt the data.
C. Use client-side encryption with a data key to encrypt the data.
D. Use client-side encryption with a customer-managed encryption key to encrypt the data.
A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses 1AM permissions to restrict access to the S3 bucket. The customers can access only their own files. Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3. Which solution will meet these requirements?
A. Add a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport
condition is equal to false.
B. Add a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal to public-read.
C. Add an 1AM policy to the 1AM users to enforce the usage of the AWS SDK.
D. Add an 1AM policy to the 1AM users that allows S3 actions when the s3:x-amz-acl condition is equal to bucket-owner-read.
A company is developing an application that will be accessed through the Amazon API Gateway REST API. Registered users should be the only ones who can access certain resources of this API. The token being used should expire automatically and needs to be refreshed periodically. How can a developer meet these requirements?
A. Create an Amazon Cognito identity pool, configure the Amazon Cognito Authorizer in
API Gateway, and use the temporary credentials generated by the identity pool.
B. Create and maintain a database record for each user with a corresponding token and use an AWS Lambda authorizer in API Gateway.
C. Create an Amazon Cognito user pool, configure the Cognito Authorizer in API Gateway, and use the identity or access token.
D. Create an 1AM user for each API user, attach an invoke permissions policy to the API. and use an I AM authorizer in API Gateway.
A company has a serverless application that uses Amazon API Gateway backed by AWS Lambda proxy integration. The company is developing several backend APIs. The company needs a landing page to provide an overview of navigation to the APIs. A developer creates a new /LandingPage resource and a new GET method that uses mock integration. What should the developer do next to meet these requirements?
A. Configure the integration request mapping template with Content-Type of text/html and
statusCode of 200. Configure the integration response mapping template with Content-
Type of application/json. In the integration response mapping template, include the
LandingPage HTML code that references the APIs.
B. Configure the Integration request mapping template with Content-Type of application/json. In the integration request mapping template, include the LandingPage HMTL code that references the APIs. Configure the integration response mapping template with Content-Type of text/html and statusCode of 200.
C. Configure the integration request mapping template with Content-Type of application/json and statusCode of 200. Configure the integration response mapping template with Content-Type of text/html. In the integration response mapping template, include the LandingPage HTML code that references the APIs.
D. Configure the integration request mapping template with Content-Type of text/html. In the integration request mapping template, include the LandingPage HTML code that references the APIs. Configure the integration response mapping template with Content- Type of application/json and statusCode of 200.
A developer previously deployed an AWS Lambda function as a .zip package. The developer needs to deploy the Lambda function as a container.
A. Create an Amazon ECR repository in the same AWS Region as the Lambda function.
Package the Lambda function into a container image. Build the image and upload it to the
Amazon ECR repository. Update the existing Lambda function configuration to specify the
repository URI and container image tag.
B. Create an AWS SAM template that defines the Lambda function and its resources as code. Include a container image in the template, and store the container image in an Amazon S3 bucket. Deploy the AWS SAM template. Specify the S3 bucket URI.
C. Create an AWS CloudFormation template that defines the Lambda function and its resources as code. Include a container image in the template, and store the image in an Amazon S3 bucket. Deploy the CloudFormation template. Specify the S3 bucket URI.
D. Create an Amazon ECR repository in the same AWS Region as the Lambda function. Build the image and upload it to the Amazon ECR repository. Update the existing Lambda function to use the new image by specifying the repository URI.