Compute Flashcards

Question

A company wants to use Amazon Elastic Container Service (Amazon ECS) to run its containerized application in a hybrid environment. The company needs to ensure that the application can scale across both on-premises and AWS environments. It also requires a load balancer to handle HTTP traffic for the new containers that will run in the AWS Cloud. **Which combination of actions will meet these requirements?** (Select TWO.) 1. Set up an ECS cluster that uses the AWS Fargate launch type for the cloud application containers. Use an Amazon ECS Anywhere external launch type for the on-premises application containers. 2. Set up an Application Load Balancer for cloud ECS services. 3. Set up a Network Load Balancer for cloud ECS services. 4. Set up an ECS cluster that uses the AWS Fargate launch type. Use Fargate for the cloud application containers and the on-premises application containers. 5. Set up an ECS cluster that uses the Amazon EC2 launch type for the cloud application containers. Use Amazon ECS Anywhere with an AWS Fargate launch type for the on-premises application containers.

Answer 1

**1.** Set up an ECS cluster that uses the AWS Fargate launch type for the cloud application containers. Use an Amazon ECS Anywhere external launch type for the on-premises application containers. **2.** Set up an Application Load Balancer for cloud ECS services. ## Footnote This meets the requirement of a hybrid environment by running containers in AWS Fargate for cloud workloads and Amazon ECS Anywhere for on-premises workloads. ECS Anywhere enables on-premises servers to join ECS clusters. This is the appropriate load balancer for handling HTTP traffic, ensuring proper routing and scalability for the cloud-based application containers. * A Network Load Balancer is primarily used for TCP or UDP traffic, not HTTP traffic. * Fargate cannot be used to run containers in an on-premises environment. * ECS Anywhere uses external instances, not AWS Fargate, for on-premises environments. **Reference:** [Amazon ECS clusters for the external launch type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-anywhere.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ecs-and-eks/).

Answer 2

**3.** Use AWS Batch to deploy a multi-node parallel job ## Footnote AWS Batch Multi-node parallel jobs enable you to run single jobs that span multiple Amazon EC2 instances. With AWS Batch multi-node parallel jobs, you can run large-scale, tightly coupled, high performance computing applications and distributed GPU model training without the need to launch, configure, and manage Amazon EC2 resources directly. An AWS Batch multi-node parallel job is compatible with any framework that supports IP-based, internode communication, such as Apache MXNet, TensorFlow, Caffe2, or Message Passing Interface (MPI). This is the most efficient approach to deploy the resources required and supports the application requirements most effectively. * This is not the best solution for a tightly-coupled HPC workload with specific requirements such as MPI support. * This would deploy a cluster placement group but not manage it. AWS Batch is a better fit for large scale workloads such as this. * You can certainly provision and manage EC2 instances with Elastic Beanstalk but this scenario is for a specific workload that requires MPI support and managing a HPC deployment across a large number of nodes. AWS Batch is more suitable. **References:** * [High Performance Computing Lens](https://d1.awsstatic.com/whitepapers/architecture/AWS-HPC-Lens.pdf) * [Multi-node parallel jobs](https://docs.aws.amazon.com/batch/latest/userguide/multi-node-parallel-jobs.html)

Answer 3

**3.** Store the images in Amazon S3, behind a CloudFront distribution. Use S3 Object Lambda to transform and process the images whenever a GET request is initiated on an object. ## Footnote With S3 Object Lambda you can add your own code to S3 GET requests to modify and process data as it is returned to an application. For the first time, you can use custom code to modify the data returned by standard S3 GET requests to filter rows, dynamically resize images, redact confidential data, and much more. Powered by AWS Lambda functions, your code runs on infrastructure that is fully managed by AWS, eliminating the need to create and store derivative copies of your data or to run expensive proxies, all with no changes required to your applications. * DynamoDB is not as well designed for Write Once Read Many workloads and adding a Lambda function to the DynamoDB table takes more manual provisioning of resources than using S3 Object Lambda. * This would work; however it is easier to use S3 Object Lambda as this manages the Lambda function for you. * DynamoDB is not as well designed for Write Once Read Many workloads and adding a Lambda function to the DynamoDB table takes more manual provisioning of resources than using S3 Object Lambda. **Reference:** [Amazon S3 Object Lambda](https://aws.amazon.com/s3/features/object-lambda/) Save time with our [AWS cheat sheets](https://digitalcloud.training/aws-lambda/).

Answer 4

**1.** Use capacity reservations with savings plans ## Footnote On-Demand Capacity Reservations enable you to reserve compute capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. By creating Capacity Reservations, you ensure that you always have access to EC2 capacity when you need it, for as long as you need it. When used in combination with savings plans, you can also gain the advantages of cost reduction. * You can mix spot and on-demand in an auto scaling group. However, there’s a risk the spot price may not be good, and this is a regular, predictable increase in traffic. * This would add more cost all the time rather than catering for the temporary increases in traffic. * This is not a way to save cost as dedicated hosts are much more expensive than shared hosts. **Reference:** [Differences between Capacity Reservations, Reserved Instances, and Savings Plans](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html#capacity-reservations-differences) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ec2/).

Answer 5

**2.** Hibernate the instance outside business hours. Start the instance again when required. ## Footnote When you hibernate an instance, Amazon EC2 signals the operating system to perform hibernation (suspend-to-disk). Hibernation saves the contents from the instance memory (RAM) to your Amazon Elastic Block Store (Amazon EBS) root volume. Amazon EC2 persists the instance's EBS root volume and any attached EBS data volumes. When you start your instance: * The EBS root volume is restored to its previous state * The RAM contents are reloaded * The processes that were previously running on the instance are resumed * Previously attached data volumes are reattached and the instance retains its instance ID * When an instance is stopped the operating system is shut down and the contents of memory will be lost. * Auto Scaling scales does not scale up and down, it scales in by terminating instances and out by launching instances. When scaling out new instances are launched and no state will be available from terminated instances. * You cannot recover terminated instances, you can recover instances that have become impaired in some circumstances. **Reference:** [Hibernate your Amazon EC2 instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) Save time with our [AWS cheat sheets](* https://digitalcloud.training/amazon-ec2/).

Answer 6

**3.** On-demand capacity reservations for the development environment **4.** Use Reserved instances for the production environment ## Footnote Capacity reservations have no commitment and can be created and canceled as needed. This is ideal for the development environment as it will ensure the capacity is available. There is no price advantage but none of the other options provide a price advantage whilst also ensuring capacity is available Reserved instances are a good choice for workloads that run continuously. This is a good option for the production environment. * Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. Spot instances are not suitable for the development environment as important work may be interrupted. * They require a long-term commitment which is not ideal for a development environment. * There is no long-term commitment required when you purchase On-Demand Instances. However, you do not get any discount and therefore this is the most expensive option. **References:** * [Amazon EC2 billing and purchasing options](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instance-purchasing-options.html) * [Reserve compute capacity with EC2 On-Demand Capacity Reservations](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ec2/).

Answer 7

**3.** On-Demand Instances ## Footnote Each EC2 instance runs for 5 hours a day for 5 days per quarter or 20 days per year. This is time duration is insufficient to warrant reserved instances as these require a commitment of a minimum of 1 year and the discounts would not outweigh the costs of having the reservations unused for a large percentage of time. In this case, there are no options presented that can reduce the cost and therefore on-demand instances should be used. * Reserved instances are good for continuously running workloads that run for a period of 1 or 3 years. * Spot instances may be interrupted, and this is not acceptable. Note that Spot Block is deprecated and unavailable to new customers. * These do not provide any cost advantages and will be more expensive. **Reference:** [Amazon EC2 Pricing](https://aws.amazon.com/ec2/pricing/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ec2/).

Answer 8

**3.** Configure a Network Load Balancer in front of the EC2 instances **5.** Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically ## Footnote The solutions architect must enable high availability for the architecture and ensure it is cost-effective. To enable high availability an Amazon EC2 Auto Scaling group should be created to add and remove instances across multiple availability zones. In order to distribute the traffic to the instances the architecture should use a Network Load Balancer which operates at Layer 4. This architecture will also be cost-effective as the Auto Scaling group will ensure the right number of instances are running based on demand. * This is not the most cost-effective option. Auto Scaling should be used to maintain the right number of active instances. * This is not highly available as it’s a single AZ. * An ALB operates at Layer 7 rather than Layer 4. **Reference:** [Auto Scaling Load Balancer](https://docsaws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) Save time with our AWS cheat sheets: * [Amazon EC2](https://digitalcloud.training/amazon-ec2/) * [AWS Elastic Load Balancing (AWS ELB)](https://digitalcloud.training/aws-elastic-load-balancing-aws-elb/)

Answer 9

**2.** Launch a new EC2 instance from an Amazon Machine Image (AMI) in the second Region **4.** Copy an Amazon Machine Image (AMI) of an EC2 instance and specify the second Region for the destination ## Footnote You can copy an Amazon Machine Image (AMI) within or across AWS Regions using the AWS Management Console, the AWS Command Line Interface or SDKs, or the Amazon EC2 API, all of which support the CopyImage action. Using the copied AMI the solutions architect would then be able to launch an instance from the same EBS volume in the second Region. Note: the AMIs are stored on Amazon S3, however you cannot view them in the S3 management console or work with them programmatically using the S3 API. * You cannot copy EBS volumes directly from EBS to Amazon S3. * You cannot create an EBS volume directly from Amazon S3. * You cannot create an EBS volume directly from Amazon S3. **Reference:** [Copy an Amazon EC2 AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ebs/).

Answer 10

**3.** Configure an Application Load Balancer in front of an Auto Scaling group to deploy instances to multiple Availability Zones ## Footnote The Amazon EC2-based application must be highly available and elastically scalable. Auto Scaling can provide the elasticity by dynamically launching and terminating instances based on demand. This can take place across availability zones for high availability. Incoming connections can be distributed to the instances by using an Application Load Balancer (ALB). * API gateway is not used for load balancing connections to Amazon EC2 instances. * You cannot launch instances in multiple Regions from a single Auto Scaling group. **References:** * [What is Amazon EC2 Auto Scaling?](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html) * [Elastic Load Balancing](https://aws.amazon.com/elasticloadbalancing/) Save time with our AWS cheat sheets: * [Amazon EC2 Auto Scaling](https://digitalcloud.training/amazon-ec2-auto-scaling/) * [AWS Elastic Load Balancing (AWS ELB)](https://digitalcloud.training/aws-elastic-load-balancing-aws-elb/)

Answer 11

**2.** Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs **5.** Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment ## Footnote To add high availability to this architecture both the web tier and database tier require changes. For the web tier an Auto Scaling group across multiple AZs with an ALB will ensure there are always instances running and traffic is being distributed to them. The database tier should be migrated from the EC2 instances to Amazon RDS to take advantage of a managed database with Multi-AZ functionality. This will ensure that if there is an issue preventing access to the primary database a secondary database can take over. * This would not add high availability. * The existing servers are in a single subnet. For HA we need to instances in multiple subnets. * We also need HA for the database layer. **References:** * [Use Elastic Load Balancing to distribute incoming application traffic in your Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html) * [Amazon RDS Multi-AZ](https://aws.amazon.com/rds/features/multi-az/) Save time with our AWS cheat sheets: * [AWS Elastic Load Balancing (AWS ELB)](https://digitalcloud.training/aws-elastic-load-balancing-aws-elb/) * [Amazon EC2 Auto Scaling](https://digitalcloud.training/amazon-ec2-auto-scaling/) * [Amazon RDS](https://digitalcloud.training/amazon-rds/)

Answer 12

**3.** Elastic Fabric Adapter (EFA) ## Footnote An Elastic Fabric Adapter is an AWS Elastic Network Adapter (ENA) with added capabilities. The EFA lets you apply the scale, flexibility, and elasticity of the AWS Cloud to tightly-coupled HPC apps. It is ideal for tightly coupled app as it uses the Message Passing Interface (MPI). * The ENI is a basic type of adapter and is not the best choice for this use case. * The ENA, which provides Enhanced Networking, does provide high bandwidth and low inter-instance latency but it does not support the features for a tightly-coupled app that the EFA does. * An Elastic IP address is just a static public IP address, it is not a type of network adapter. **Reference:** [Elastic Fabric Adapter (EFA) for Tightly-Coupled HPC Workloads](https://aws.amazon.com/blogs/aws/now-available-elastic-fabric-adapter-efa-for-tightly-coupled-hpc-workloads/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ec2/).

Answer 13

**2.** Create an IAM policy with permissions to DynamoDB and assign It to a task using the taskRoleArn parameter ## Footnote To specify permissions for a specific task on Amazon ECS you should use IAM Roles for Tasks. The permissions policy can be applied to tasks when creating the task definition, or by using an IAM task role override using the AWS CLI or SDKs. The taskRoleArn parameter is used to specify the policy. * You should not apply the permissions to the container instance as they will then apply to all tasks running on the instance as well as the instance itself. * Though you will need a security group to allow outbound connections to DynamoDB, the question is asking how to assign permissions to write data to DynamoDB and a security group cannot provide those permissions. * The AmazonECSTaskExecutionRolePolicy policy is the Task Execution IAM Role. This is used by the container agent to be able to pull container images, write log file etc. **Reference:** [Amazon ECS task IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ecs-and-eks/).

Answer 14

**2.** Use AWS Lambda to manipulate the original images to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin ## Footnote All solutions presented are highly available. The key requirement that must be satisfied is that the solution should be cost-effective and you must choose the most cost-effective option. Therefore, it’s best to eliminate services such as Amazon EC2 and ELB as these require ongoing costs even when they’re not used. Instead, a fully serverless solution should be used. AWS Lambda, Amazon S3 and CloudFront are the best services to use for these requirements. * This is not the most cost-effective option as the ELB and EC2 instances will incur costs even when not used. * This is not the most cost-effective option as the ELB will incur costs even when not used. Also, Amazon DynamoDB will incur RCU/WCUs when running and is not the best choice for storing images. * This is not the most cost-effective option as the EC2 instances will incur costs even when not used. **Reference:** [Serverless on AWS](https://aws.amazon.com/serverless/) Save time with our AWS cheat sheets: * [Amazon S3 and Glacier](https://digitalcloud.training/amazon-s3-and-glacier/) * [AWS Lambda](https://digitalcloud.training/aws-lambda/) * [Amazon CloudFront](https://digitalcloud.training/amazon-cloudfront/)

Answer 15

**2.** Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group. ## Footnote Since by using EC2 Spot Instances, customers can access additional compute capacity between 70%-90% off On-Demand Instance pricing, we can directly eliminate two options utilizing on demand instances. Among the two options with spot instances, since the application is stateless, the better idea is to have a containerized approach and utilize EKS to reduce operational overhead. * As mentioned above, EKS gives you more options towards application fleet orchestration which makes it a better choice. * As compared to spot instances, on demand instances are costlier and for end of day processing where failures can be re-triggered and are acceptable, spot instances are a better choice. * As compared to spot instances, on demand instances are more expensive and for end of day processing where failures can be re-triggered and are acceptable, spot instances are a better choice. **Reference:** [Best practices for handling EC2 Spot Instance interruptions](https://aws.amazon.com/blogs/compute/best-practices-for-handling-ec2-spot-instance-interruptions/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ecs-and-eks/).

Answer 16

**1.** Use an encrypted Amazon EBS volume and use Data Lifecycle Manager to automate snapshots ## Footnote For block storage the Solutions Architect should use either Amazon EBS or EC2 instance store. However, the instance store is non-persistent so EBS must be used. With EBS you can encrypt your volume and automate volume-level backups using snapshots that are run by Data Lifecycle Manager. * EFS is not block storage, it is a file-level storage service. * Amazon S3 is an object-based storage system not a block-based storage system. * The EC2 instance store is a non-persistent volume. **Reference:** [Amazon EBS volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ebs/).

Answer 17

**4.** Set up VPC endpoints for Amazon EKS and ECR to enable nodes to communicate with the control plane. ## Footnote When the EKS control plane is configured with private access, and the nodes are in a private subnet, you need to create VPC endpoints for Amazon EKS and ECR. This allows the nodes to communicate with the EKS control plane and pull container images from ECR. * IAM roles are crucial for setting up permissions, but simply modifying the associated IAM role would not solve the issue of nodes not being able to connect to the control plane. * VPC peering is not the recommended way to allow nodes in a private subnet to access the EKS control plane. This approach might also incur additional operational overhead. * Moving the nodes to public subnets contradicts the original requirement of having the data plane in private subnets. Additionally, this approach might introduce unnecessary security risks. **Reference:** [Deploy private clusters with limited internet access](https://docs.aws.amazon.com/eks/latest/userguide/private-clusters.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ecs-and-eks/).

Answer 18

**1.** Implement an AWS Lambda function to fetch player information from Amazon DynamoDB. Establish an Amazon API Gateway endpoint to handle RESTful API calls, directing them to the Lambda function. **3.** Use AWS Cognito User Pools to handle user authentication. **5.** Leverage AWS Amplify to serve the frontend game interface with HTML, CSS, and JS. Use the integrated Amazon CloudFront configuration for distribution. ## Footnote AWS Lambda is a cost-effective solution for unpredictable traffic patterns due to its pay-per-use pricing model. DynamoDB is also a cost-effective and highly scalable solution for storing user data. The API Gateway provides a HTTP-based endpoint that can be used to expose the Lambda function. AWS Cognito User Pools provide user directory features including sign-up and sign-in services, which are suitable for managing game user authentication. AWS Amplify simplifies the process of hosting web applications with automated deployment processes. It also integrates with CloudFront, providing a global content delivery network to efficiently serve the game interface. * Using Amazon ECS might be an overkill for this scenario and might not be as cost-effective compared to Lambda and DynamoDB, especially for unpredictable and possibly idle traffic. * Cognito Identity Pools are used for granting access to AWS resources rather than handling user authentication. * While you could host a static website on S3 and use CloudFront for distribution, AWS Amplify can provide additional capabilities tailored to modern web applications. Furthermore, Amplify's automated deployment processes can provide a more streamlined and efficient approach to managing the game's frontend compared to managing separate S3 and CloudFront configurations. **References:** * [Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) * [Fullstack TypeScript. Frontend DX for AWS.](https://aws.amazon.com/amplify/) Save time with our AWS cheat sheets: * [AWS Lambda](https://digitalcloud.training/aws-lambda/) * [Amazon ECS and EKS](https://digitalcloud.training/amazon-ecs-and-eks/)

Answer 19

**3.** Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon EFS and mount a target on each instance ## Footnote To increase the resiliency of the application the solutions architect can use Auto Scaling groups to launch and terminate instances across multiple availability zones based on demand. An application load balancer (ALB) can be used to direct traffic to the web application running on the EC2 instances. Lastly, the Amazon Elastic File System (EFS) can assist with increasing the resilience of the application by providing a shared file system that can be mounted by multiple EC2 instances from multiple availability zones. * The EBS volumes are single points of failure which are not shared with other instances. * Instance stores are ephemeral data stores which means data is lost when powered down. Also, instance stores cannot be shared between instances. * There are data retrieval charges associated with this S3 tier. It is not a suitable storage tier for application files. **Reference:** [Amazon Elastic File System Documentation](https://docs.aws.amazon.com/efs/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-efs/).

Answer 20

**3.** Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period ## Footnote Though this sounds like a good use case for scheduled actions, both answers using scheduled actions will have 20 instances running regardless of actual demand. A better option to be more cost effective is to use a target tracking action that triggers at a lower CPU threshold. With this solution the scaling will occur before the CPU utilization gets to a point where performance is affected. This will result in resolving the performance issues whilst minimizing costs. Using a reduced cooldown period will also more quickly terminate unneeded instances, further reducing costs. * This is not the most cost-effective option. Note you can choose min, max, or desired for a scheduled action. * This is not the most cost-effective option. Note you can choose min, max, or desired for a scheduled action. * AWS recommend you use target tracking in place of step scaling for most use cases. **Reference:** [Target tracking scaling policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ec2-auto-scaling/).

Answer 21

**2.** AWS Lambda functions ## Footnote AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. Lambda has a maximum execution time of 900 seconds and memory can be allocated up to 3008 MB. Therefore, the most cost-effective solution will be AWS Lambda. * Fargate runs Docker containers and is serverless. However, you do pay for the running time of the tasks so it will not be as cost-effective. * EC2 instances must run continually waiting for jobs to process so even with spot this would be less cost-effective (and subject to termination). * This services also relies on Amazon EC2 instances so would not be as cost-effective. **Reference:** [AWS Lambda](https://aws.amazon.com/lambda/) Save time with our [AWS cheat sheets](https://digitalcloud.training/aws-lambda/).

Answer 22

**4.** Create a NAT gateway in the public subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway ## Footnote The only solution presented that actually works is to create a NAT gateway in the public subnet of each AZ. They must be created in the public subnet as they gain public IP addresses and use an internet gateway for internet access. The route tables in the private subnets must then be configured with a route to the NAT gateway and then the EC2 instances will be able to access the internet (subject to security group configuration). * You do not attach NAT gateways to VPCs, you add them to public subnets. * You cannot add a route to an internet gateway to a private subnet route table (private EC2 instances don’t even have public IP addresses). * You do not create NAT instances in private subnets, they must be created in public subnets. **Reference:** [NAT gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-vpc/).

Answer 23

**2.** Create AMIs of the instances and copy them to another Region **4.** Launch instances in the second Region from the AMIs ## Footnote You can create AMIs of the EC2 instances and then copy them across Regions. This provides a point-in-time copy of the state of the EC2 instance in the remote Region. Once you’ve created AMIs of EC2 instances and copied them to the second Region, you can then launch the EC2 instances from the AMIs in that Region. This is a good DR strategy as you have moved stateful EC2 instances to another Region. * Though snapshots (and EBS-backed AMIs) are stored on Amazon S3, you cannot actually access them using the S3 API. You must use the EC2 API. * You cannot enable “cross-region snapshots” as this is not a feature that currently exists. * You cannot work with snapshots using Amazon S3 at all including leveraging the cross-region replication feature. **Reference:** [EBS Snapshot Copy (Between Regions)](https://aws.amazon.com/blogs/aws/ebs-snapshot-copy/) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ec2/).

Answer 24

**2.** Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs **5.** Create new private subnets in the same VPC but in a different AZ. Migrate the database to an Amazon RDS multi-AZ deployment ## Footnote The Solutions Architect can use Auto Scaling group across multiple AZs with an ALB in front to create an elastic and highly available architecture. Then, migrate the database to an Amazon RDS multi-AZ deployment to create HA for the database tier. This results in a fully redundant architecture that can withstand the failure of an availability zone. * If subnets share the same AZ they are not suitable for splitting your tier across them for HA as the failure of a an AZ will take out both subnets. * The instances are in a single AZ so the Solutions Architect should create a new auto scaling group and launch instances across multiple AZs. * A database in a single AZ will not be highly available. **References:** * [What is Amazon EC2?](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-increase-availability.html) * [Configuring and managing a Multi-AZ deployment for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html) Save time with our AWS cheat sheets: * [Amazon EC2](https://digitalcloud.training/amazon-ec2/) * [Amazon RDS](https://digitalcloud.training/amazon-rds/)

Answer 25

**2.** Implement the application as an AWS Lambda function configured with 1.5 GB of memory. Use Amazon EventBridge to schedule the function to run every 15 minutes. ## Footnote This is the most cost-effective solution. AWS Lambda is designed for running code in response to events or on a schedule, and you only pay for the compute time that you consume. Configuring the function with 1.5GB memory would ensure the function has enough resources, and using Amazon EventBridge for scheduling would enable running the function every 15 minutes. * This is not the most cost-effective solution. Even though AWS App2Container (A2C) would help in containerizing the application and AWS Fargate would abstract the need to manage underlying EC2 instances, it is still an overkill for an application that runs for short durations intermittently. It would still result in paying for unused compute resources. * AWS App2Container (A2C) is used to help containerize applications, but this does not optimize for cost because it requires running an EC2 instance continuously and stopping the instance when not in use can be complex and might not be timely, resulting in potential unnecessary costs. * This solution involves significant manual intervention and managing EC2 instances. While it can work, it's not an optimized way, especially in terms of cost and operation overhead. It does not take advantage of the pay-per-use model and automatic scaling provided by AWS Lambda. **Reference:** [Tutorial: Create an EventBridge scheduled rule for AWS Lambda functions](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-run-lambda-schedule.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-cloudwatch/).

Answer 26

**4.** Establish the application layer in the new region. Use Amazon Aurora Global Database for deploying the database in the primary and new regions. Apply Amazon Route 53 health checks with a failover routing policy to the new region. Promote the secondary to primary as needed. ## Footnote This solution involves creating an application layer in the new region and using Amazon Aurora Global Database, which supports replicating your databases across multiple regions with minimal impact on performance. This configuration can enhance disaster recovery capabilities and can reduce the impact of planned maintenance. Amazon Route 53 health checks with a failover routing policy can automatically route traffic to the new region in the event of a failure in the primary region, thereby ensuring high availability. With an Aurora global database, there are two different approaches to failover depending on the scenario. You can use manual unplanned failover (detach and promote) or managed planned failover. * This solution involves creating a Read Replica in the new region, which would indeed allow for the promotion of the Read Replica to a primary instance if necessary. However, this process isn't instantaneous and could lead to service interruption, which is not what the question asked for. Aurora Global Database provides a lower RTO/RPO. * AWS Database Migration Service (AWS DMS) is primarily used for migrating databases to AWS from on-premises environments or for replicating databases for data warehousing and other use cases. It isn't as suitable for ongoing high-availability or failover scenarios as Amazon Aurora Global Database, which is specifically designed for these situations. * It is not possible to expand an Auto Scaling group across multiple Regions. ASGs operate within a Region only. **References:** * [Using Amazon Aurora Global Database](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html) * [Recovering an Amazon Aurora global database from an unplanned outage](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-disaster-recovery.html#aurora-global-database-failover) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-aurora/).

Answer 27

**4.** AWS AppSync with multiple data sources and resolvers. ## Footnote AWS AppSync simplifies application development by letting you create a flexible API to securely access, manipulate, and combine data from one or more data sources. AppSync is a managed service that uses GraphQL to make it easy for applications to get exactly the data they need, including from multiple DynamoDB tables. AWS AppSync is designed for real-time and offline data access which makes it an ideal solution for this scenario. * AWS Step Functions make it easy to coordinate the components of distributed applications and microservices using visual workflows. However, while you could theoretically build a flow to retrieve data from multiple tables, it's not the most efficient solution as it introduces additional complexity and potential latency. * While you can use AWS Lambda to execute code in response to triggers like changes to data in an Amazon S3 bucket, this doesn't directly allow the application to retrieve data from multiple DynamoDB tables. This approach would also involve unnecessary data transfers and added latency. * AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load your data for analytics. However, AWS Glue isn't meant for real-time data retrieval in an application. Using it for real-time data retrieval would likely be overcomplicated and inefficient. **Reference:** [AWS AppSync features](https://aws.amazon.com/appsync/product-details/)

Answer 28

**2.** Utilize the Kubernetes Metrics Server to enable horizontal pod autoscaling based on resource utilization. **3.** Employ the Kubernetes Cluster Autoscaler for dynamically managing the quantity of nodes in the EKS cluster. ## Footnote The Metrics Server collects resource metrics like CPU and memory usage from each node and its pods and provides these metrics to the Kubernetes API server for use by the Horizontal Pod Autoscaler, which automatically scales the number of pods in a deployment, replication controller, replica set, or stateful set based on observed CPU utilization. The Kubernetes Cluster Autoscaler automatically adjusts the size of the Kubernetes cluster when there are pods that failed to run in the cluster due to insufficient resources or when there are nodes in the cluster that have been underutilized for an extended period and their pods can be placed on other existing nodes. * The Vertical Pod Autoscaler adjusts the resources of the pods and not the number of pods or nodes, which won't directly help with scaling according to traffic patterns. * Amazon SQS is a message queuing service, and while it can be used to manage workloads by decoupling microservices, it doesn't directly help with autoscaling an EKS cluster based on traffic patterns. * AWS X-Ray provides insights into the behavior of your applications, but it doesn't directly help with autoscaling an EKS cluster. **References:** * [Resource metrics pipeline](https://kubernetes.io/docs/tasks/debug/debug-cluster/resource-metrics-pipeline/#metrics-server) * [Scale cluster compute with Karpenter and Cluster Autoscaler](https://docs.aws.amazon.com/eks/latest/userguide/autoscaling.html) Save time with our [AWS cheat sheets](https://digitalcloud.training/amazon-ecs-and-eks/).

Compute Flashcards

Evaluate and choose appropriate compute services to meet workload demands with performance and cost efficiency. (52 cards)