A video production company is planning to move some of its workloads to the AWS Cloud. The company will require around 5 TB of storage for video processing with the maximum possible I/O performance. They also require over 400 TB of extremely durable storage for storing video files and 800 TB of storage for long-term archival.
Which combinations of services should a Solutions Architect use to meet these requirements?
- Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage.
- Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage.
- Amazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage.
- Amazon EBS for maximum performance, Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage.
1. Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage.
The best I/O performance can be achieved by using instance store volumes for the video processing. This is safe to use for use cases where the data can be recreated from the source files so this is a good use case.
For storing data durably Amazon S3 is a good fit as it provides 99.999999999% of durability. For archival the video files can then be moved to Amazon S3 Glacier which is a low cost storage option that is ideal for long-term archival.
- EBS is not going to provide as much I/O performance as an instance store volume so is not the best choice for this use case.
- EFS does not provide as much durability as Amazon S3 and will not be as cost-effective.
- EBS and EFS are not the best choices here as described above.
References:
Save time with our AWS cheat sheets.
A company runs a dynamic website that is hosted on an on-premises server in the United States. The company is expanding to Europe and is investigating how they can optimize the performance of the website for European users. The website’s backed must remain in the United States. The company requires a solution that can be implemented within a few days.
What should a Solutions Architect recommend?
- Use Amazon CloudFront with Lambda@Edge to direct traffic to an on-premises origin.
- Launch an Amazon EC2 instance in an AWS Region in the United States and migrate the website to it.
- Migrate the website to Amazon S3. Use cross-Region replication between Regions and a latency-based Route 53 policy.
- Use Amazon CloudFront with a custom origin pointing to the on-premises servers.
4. Use Amazon CloudFront with a custom origin pointing to the on-premises servers.
A custom origin can point to an on-premises server and CloudFront is able to cache content for dynamic websites. CloudFront can provide performance optimizations for custom origins even if they are running on on-premises servers. These include persistent TCP connections to the origin, SSL enhancements such as Session tickets and OCSP stapling.
Additionally, connections are routed from the nearest Edge Location to the user across the AWS global network. If the on-premises server is connected via a Direct Connect (DX) link this can further improve performance.
- Lambda@Edge is not used to direct traffic to on-premises origins.
- This would not necessarily improve performance for European users.
- You cannot host dynamic websites on Amazon S3 (static only).
Reference:
Amazon CloudFront Dynamic Content Delivery
Save time with our AWS cheat sheets.
A company runs an application in a factory that has a small rack of physical compute resources. The application stores data on a network attached storage (NAS) device using the NFS protocol. The company requires a daily offsite backup of the application data.
Which solution can a Solutions Architect recommend to meet this requirement?
- Use an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3.
- Use an AWS Storage Gateway volume gateway with stored volumes on premises to replicate the data to Amazon S3.
- Use an AWS Storage Gateway volume gateway with cached volumes on premises to replicate the data to Amazon S3.
- Create an IPSec VPN to AWS and configure the application to mount the Amazon EFS file system. Run a copy job to backup the data to EFS.
1. Use an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3.
The AWS Storage Gateway Hardware Appliance is a physical, standalone, validated server configuration for on-premises deployments. It comes pre-loaded with Storage Gateway software, and provides all the required CPU, memory, network, and SSD cache resources for creating and configuring File Gateway, Volume Gateway, or Tape Gateway.
A file gateway is the correct type of appliance to use for this use case as it is suitable for mounting via the NFS and SMB protocols.
- Volume gateways are used for block-based storage and this solution requires NFS (file-based storage).
- Volume gateways are used for block-based storage and this solution requires NFS (file-based storage).
- It would be better to use a Storage Gateway which will automatically take care of synchronizing a copy of the data to AWS.
Reference:
AWS Storage Gateway | Amazon Web Services
Save time with our AWS cheat sheets.
A company is deploying a fleet of Amazon EC2 instances running Linux across multiple Availability Zones within an AWS Region. The application requires a data storage solution that can be accessed by all of the EC2 instances simultaneously. The solution must be highly scalable and easy to implement. The storage must be mounted using the NFS protocol.
Which solution meets these requirements?
- Create an Amazon S3 bucket and create an S3 gateway endpoint to allow access to the file system using the NFS protocol.
- Create an Amazon EFS file system with mount targets in each Availability Zone. Configure the application instances to mount the file system.
- Create an Amazon EBS volume and use EBS Multi-Attach to mount the volume to all EC2 instances across each Availability Zone.
- Create an Amazon RDS database and store the data in a BLOB format. Point the application instances to the RDS endpoint
2. Create an Amazon EFS file system with mount targets in each Availability Zone. Configure the application instances to mount the file system.
Amazon EFS provides scalable file storage for use with Amazon EC2. You can use an EFS file system as a common data source for workloads and applications running on multiple instances. The EC2 instances can run in multiple AZs within a Region and the NFS protocol is used to mount the file system.
With EFS you can create mount targets in each AZ for lower latency. The application instances in each AZ will mount the file system using the local mount target.
- You cannot use NFS with S3 or with gateway endpoints.
- You cannot use Amazon EBS Multi-Attach across multiple AZs.
- This is not a suitable storage solution for a file system that is mounted over NFS.
Reference:
Use Amazon EFS with Amazon EC2 Linux instances - Amazon Elastic Compute Cloud
Save time with our AWS cheat sheets.
A scientific research institute stores experimental datasets in AWS. Some datasets are accessed daily for analysis, while others remain unused for weeks or months. The datasets are large and must be highly durable, but the institute wants to reduce costs without compromising availability for frequently accessed data.
The institute needs a cost-effective storage solution that adapts to these varying access patterns and ensures the highest durability.
Which storage solution meets these requirements?
- Use Amazon S3 Intelligent-Tiering to automatically adjust storage costs based on the frequency of data access while maintaining high durability.
- Use Amazon EFS with lifecycle policies to move infrequently accessed files to lower-cost storage tiers.
- Use Amazon S3 Glacier Instant Retrieval for all datasets to achieve high durability with low-cost storage for infrequent access.
- Use Amazon FSx for Lustre integrated with Amazon S3 to offload unused datasets and retrieve them as needed for analysis.
1. Use Amazon S3 Intelligent-Tiering to automatically adjust storage costs based on the frequency of data access while maintaining high durability.
S3 Intelligent-Tiering dynamically transitions objects between storage tiers, optimizing costs for infrequent access while retaining the high durability and availability required for datasets.
- Amazon EFS is optimized for file-based workloads and does not provide the same cost optimization or scalability for object storage as S3 Intelligent-Tiering.
- S3 Glacier Instant Retrieval is optimized for archival storage, not for datasets that are frequently accessed. The latency and cost of retrieval make it unsuitable for daily analysis.
- FSx for Lustre is designed for high-performance computing and workloads requiring fast processing speeds. It introduces unnecessary complexity and cost for general storage needs.
References:
Save time with our AWS cheat sheets.
A global manufacturing company uses AWS Outposts servers to manage IoT workloads in its factories across multiple continents. The company regularly updates factory IoT software, consisting of 50 files, from a central Amazon S3 bucket in the us-east-1 Region. Factories report significant delays when downloading and applying the updates, causing downtime. The company needs to minimize the latency for distributing software updates globally while reducing operational overhead.
Which solution will meet this requirement with the LEAST operational overhead?
- Create an Amazon S3 bucket in the us-east-1 Region. Configure Amazon S3 Transfer Acceleration for the bucket. Use the S3 Transfer Acceleration endpoint for faster downloads.
- Create an Amazon S3 bucket in the us-east-1 Region. Set up an Amazon CloudFront distribution with the S3 bucket as the origin. Use signed URLs to download the software updates.
- Create an Amazon S3 bucket in the us-east-1 Region. Deploy AWS Outposts servers at the factories as S3 endpoints. Configure the servers to cache the updates locally.
- Create Amazon S3 buckets in multiple Regions. Configure S3 Cross-Region Replication (CRR) between the buckets. Deploy updates from the nearest bucket to each factory location.
2. Create an Amazon S3 bucket in the us-east-1 Region. Set up an Amazon CloudFront distribution with the S3 bucket as the origin. Use signed URLs to download the software updates.
CloudFront caches the software updates at edge locations around the world, significantly reducing latency. Signed URLs ensure secure access, and the solution requires minimal operational overhead.
- Transfer Acceleration optimizes file transfers only when data is uploaded or downloaded from a single bucket, which may not provide consistent latency improvements for global locations.
- Configuring Outposts servers as S3 endpoints increases operational complexity and cost. CloudFront is a simpler and more efficient solution for this use case.
- Managing multiple buckets and configuring CRR requires additional effort and increases complexity compared to using a single bucket with CloudFront.
References:
- What is Amazon CloudFront?
- Configuring fast, secure file transfers using Amazon S3 Transfer Acceleration
Save time with our AWS cheat sheets:
An application upgrade caused some issues with stability. The application owner enabled logging and has generated a 5 GB log file in an Amazon S3 bucket. The log file must be securely shared with the application vendor to troubleshoot the issues.
What is the MOST secure way to share the log file?
- Create access keys using an administrative account and share the access key ID and secret access key with the vendor.
- Enable default encryption for the bucket and public access. Provide the S3 URL of the file to the vendor.
- Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi-factor authentication.
- Generate a presigned URL and ask the vendor to download the log file before the URL expires.
4. Generate a presigned URL and ask the vendor to download the log file before the URL expires.
A presigned URL gives you access to the object identified in the URL. When you create a presigned URL, you must provide your security credentials and then specify a bucket name, an object key, an HTTP method (PUT for uploading objects), and an expiration date and time. The presigned URLs are valid only for the specified duration. That is, you must start the action before the expiration date and time.
- This is the most secure way to provide the vendor with time-limited access to the log file in the S3 bucket.
- This is less secure as you have to create an account to access AWS and then ensure you lock down the account appropriately.
- This is extremely insecure as the access keys will provide administrative permissions to AWS and should never be shared.
Encryption does not assist here as the bucket would be public and anyone could access it.
Reference:
Sharing objects with presigned URLs
Save time with our AWS cheat sheets.
Objects uploaded to Amazon S3 are initially accessed frequently for a period of 30 days. Then, objects are infrequently accessed for up to 90 days. After that, the objects are no longer needed.
How should lifecycle management be configured?
- Transition to STANDARD_IA after 30 days. After 90 days transition to GLACIER
- Transition to STANDARD_IA after 30 days. After 90 days transition to ONEZONE_IA
- Transition to ONEZONE_IA after 30 days. After 90 days expire the objects
- Transition to REDUCED_REDUNDANCY after 30 days. After 90 days expire the objects
3. Transition to ONEZONE_IA after 30 days. After 90 days expire the objects
In this scenario we need to keep the objects in the STANDARD storage class for 30 days as the objects are being frequently accessed. We can configure a lifecycle action that then transitions the objects to INTELLIGENT_TIERING, STANDARD_IA, or ONEZONE_IA. After that we don’t need the objects so they can be expired.
All other options do not meet the stated requirements or are not supported lifecycle transitions. For example:
* You cannot transition to REDUCED_REDUNDANCY from any storage class.
* Transitioning from STANDARD_IA to ONEZONE_IA is possible but we do not want to keep the objects so it incurs unnecessary costs.
* Transitioning to GLACIER is possible but again incurs unnecessary costs.
Reference:
Transitioning objects using Amazon S3 Lifecycle
Save time with our AWS cheat sheets.
A medical research institution generates large volumes of patient imaging data daily. These images are initially stored on on-premises block storage systems connected to medical devices. Due to limited local storage capacity, the institution needs to offload data to the cloud. The data must remain accessible to on-premises analysis applications with low latency for frequently accessed images. The institution requires a storage solution that integrates with its existing setup and minimizes operational management.
Which solution will meet these requirements with the MOST operational efficiency?
- Use AWS Storage Gateway Volume Gateway in cached mode. Configure cached volumes as iSCSI targets to store the primary dataset in AWS and cache frequently accessed imaging data locally.
- Use Amazon S3 File Gateway to offload patient images to Amazon S3. Mount the file gateway to the on-premises analysis servers using NFS or SMB for direct access to the images.
- Use AWS Snowball Edge to transfer imaging data to Amazon S3. Set up periodic data migrations to AWS to manage storage demands. Retrieve data on demand from S3 using Amazon S3 Transfer Acceleration.
- Use AWS Storage Gateway Tape Gateway to store virtual tapes in Amazon S3 Glacier Instant Retrieval. Retrieve data from the tape gateway as needed for analysis.
1. Use AWS Storage Gateway Volume Gateway in cached mode. Configure cached volumes as iSCSI targets to store the primary dataset in AWS and cache frequently accessed imaging data locally.
The cached mode stores the main dataset in AWS while caching frequently accessed data locally, ensuring low-latency access to imaging data for on-premises applications. It also addresses the storage limitations of the institution’s local environment.
- S3 File Gateway is designed for file-based workloads rather than block storage. Medical imaging applications often require block-level access, making Volume Gateway a more appropriate choice.
- Snowball Edge is a data transfer solution, not a continuously available storage gateway. This approach does not meet the requirement for frequent, low-latency access to imaging data.
- Tape Gateway is designed for backup and archival purposes rather than frequently accessed data. Retrieving imaging data from virtual tapes introduces latency and does not meet the institution’s low-latency requirements.
Reference:
AWS Storage Gateway Documentation
Save time with our AWS cheat sheets.
A data analytics company is testing a Python-based application that processes customer data on an Amazon EC2 Linux instance. A single 1 TB Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp3) volume is currently attached to the EC2 instance for data storage.
The company plans to deploy the application across multiple EC2 instances in an Auto Scaling group. All instances must access the same data that is currently stored on the EBS volume. The company needs a highly available and cost-effective solution that minimizes changes to the application code.
Which solution will meet these requirements?
- Configure an Amazon FSx for Lustre file system. Integrate the file system with Amazon S3 and mount it on each EC2 instance for shared access.
- Use Amazon Elastic File System (Amazon EFS) and configure it in General Purpose performance mode. Mount the EFS file system on all EC2 instances.
- Create an EC2 instance to act as an NFS server. Attach the EBS volume to this instance and share the volume with other EC2 instances in the Auto Scaling group.
- Provision Amazon S3 and use the S3 REST API to allow all EC2 instances to upload and download data from the S3 bucket.
2. Use Amazon Elastic File System (Amazon EFS) and configure it in General Purpose performance mode. Mount the EFS file system on all EC2 instances.
Amazon EFS is a highly available, scalable, and resilient shared storage solution. It allows multiple EC2 instances to access the same data concurrently without requiring changes to the application code. General Purpose performance mode ensures low latency for shared access workloads.
- FSx for Lustre is designed for high-performance computing and temporary storage for large-scale workloads. It does not provide the same level of availability and resilience for long-term storage as Amazon EFS.
- Using a single EC2 instance as an NFS server introduces a single point of failure, which reduces availability. EFS provides a more resilient and scalable solution.
- Amazon S3 is an object storage service, not a file system. It requires significant changes to the application to handle S3 API calls, which increases operational complexity.
References:
Save time with our AWS cheat sheets.
A pharmaceutical company is migrating its legacy inventory management system to AWS. The system runs on Microsoft Windows Server and uses shared block storage for data consistency and failover. The company requires a highly available solution that supports active-passive clustering across multiple Availability Zones. The storage solution must minimize operational overhead while ensuring low-latency access to data.
Which solution will meet these requirements with the LEAST implementation effort?
- Deploy Amazon FSx for Windows File Server in Multi-AZ mode. Configure a Windows Server failover cluster across two Amazon EC2 instances in different Availability Zones, using FSx for Windows File Server as the shared storage.
- Deploy the inventory application on Amazon EC2 instances in two Availability Zones with an active-passive setup. Use Amazon S3 with the S3 File Gateway to provide shared storage for the application data.
- Use AWS Storage Gateway with cached volumes to provide block storage. Deploy the application on a Windows Server cluster spanning two Availability Zones, using Storage Gateway to store and access shared data.
- Deploy the inventory application on Amazon EC2 instances in two Availability Zones with an active-passive configuration. Use Amazon Elastic File System (Amazon EFS) in Standard mode to store and share application data across the two instances.
1. Deploy Amazon FSx for Windows File Server in Multi-AZ mode. Configure a Windows Server failover cluster across two Amazon EC2 instances in different Availability Zones, using FSx for Windows File Server as the shared storage.
FSx for Windows File Server provides fully managed, highly available shared storage designed specifically for Windows-based workloads. It integrates seamlessly with Windows failover clusters, minimizing operational complexity.
- S3 File Gateway provides object storage through file-based interfaces (e.g., NFS), which is not compatible with Windows failover clustering or block-level storage requirements.
- AWS Storage Gateway is not designed for high-availability block storage in AWS-native workloads. It is intended for hybrid environments and adds operational complexity compared to FSx for Windows File Server.
- Amazon EFS is a shared file system, not a block storage solution. It is better suited for Linux-based workloads and does not support the block-level requirements of Windows failover clusters.
References:
Save time with our AWS cheat sheets.
A company is using AWS DataSync to migrate millions of files from an on-premises system to AWS. The files are 10 KB in size on average. The company wants to use Amazon S3 for file storage. For the first year after the migration, the files will be accessed once or twice and must be immediately available. After 1 year, the files must be archived for at least 7 years.
Which solution will meet these requirements MOST cost-effectively?
- Use an archive tool to group the files into large objects. Use DataSync to migrate the objects. Store the objects in S3 Glacier Instant Retrieval for the first year. Use a lifecycle configuration to transition the files to S3 Glacier Deep Archive after 1 year with a retention period of 7 years.
- Use an archive tool to group the files into large objects. Use DataSync to copy the objects to S3 Standard-Infrequent Access (S3 Standard-IA). Use a lifecycle configuration to transition the files to S3 Glacier Instant Retrieval after 1 year with a retention period of 7 years.
- Configure the destination storage class for the files as S3 Glacier Instant Retrieval. Use a lifecycle policy to transition the files to S3 Glacier Flexible Retrieval after 1 year with a retention period of 7 years.
- Configure a DataSync task to transfer the files to S3 Standard-Infrequent Access (S3 Standard-IA). Use a lifecycle configuration to transition the files to S3 Deep Archive after 1 year with a retention period of 7 years.
4. Configure a DataSync task to transfer the files to S3 Standard-Infrequent Access (S3 Standard-IA). Use a lifecycle configuration to transition the files to S3 Deep Archive after 1 year with a retention period of 7 years.
S3 Standard-IA is cost-effective for infrequently accessed data. After 1 year, transitioning to S3 Deep Archive is the most cost-effective choice for long-term storage with infrequent access requirements.
- Grouping files into large objects increases operational overhead, and S3 Glacier Instant Retrieval is more expensive than S3 Standard-IA for the initial storage.
- Transitioning files to S3 Glacier Instant Retrieval is unnecessary and less cost-effective compared to S3 Deep Archive.
- S3 Glacier Instant Retrieval is not needed for the first year. S3 Standard-IA provides a more cost-effective solution for the use case.
References:
Save time with our AWS cheat sheets.
A company operates a self-managed Microsoft SQL Server database hosted on Amazon EC2 instances with Amazon Elastic Block Store (Amazon EBS) volumes. The company uses daily EBS snapshots for backup. Recently, an issue arose when a snapshot cleanup script unintentionally deleted all the snapshots. The solutions architect must design a solution to prevent accidental deletions while avoiding indefinite retention of EBS snapshots.
Which solution will meet these requirements with the LEAST development effort?
- Change the IAM policy to deny deletion of EBS snapshots to all users.
- Implement a cross-region copy for EBS snapshots daily and set a retention policy for the snapshots in the target region.
- Use Amazon Data Lifecycle Manager to create EBS snapshots with automated retention rules.
- Apply an EBS snapshot retention rule in Recycle Bin to retain snapshots for 7 days before permanent deletion.
4. Apply an EBS snapshot retention rule in Recycle Bin to retain snapshots for 7 days before permanent deletion.
Recycle Bin provides a simple way to recover snapshots deleted by mistake. By configuring a retention rule, snapshots are stored securely for the defined duration, preventing accidental deletions without requiring custom development.
- It would prevent legitimate deletions of expired snapshots, which could lead to increased storage costs and operational inefficiencies.
- Cross-region replication increases cost and complexity. It is unnecessary for this use case when the Recycle Bin can address the issue.
- Data Lifecycle Manager can manage retention but cannot prevent accidental deletions without Recycle Bin as a backup layer.
References:
Save time with our AWS cheat sheets.
A company runs its critical storage application in the AWS Cloud. The application uses Amazon S3 in two AWS Regions. The company wants the application to send remote user data to the nearest S3 bucket with no public network congestion. The company also wants the application to fail over with the least amount of management of Amazon S3.
Which solution will meet these requirements?
- Implement an active-active design between the two Regions. Configure the application to use the regional S3 endpoints closest to the user.
- Use an active-passive configuration with S3 Multi-Region Access Points. Create a global endpoint for each of the Regions.
- Send user data to the regional S3 endpoints closest to the user. Configure an S3 cross-account replication rule to keep the S3 buckets synchronized.
- Set up Amazon S3 to use Multi-Region Access Points in an active-active configuration with a single global endpoint. Configure S3 Cros.s-Region Replication
4. Set up Amazon S3 to use Multi-Region Access Points in an active-active configuration with a single global endpoint. Configure S3 Cros.s-Region Replication
S3 Multi-Region Access Points allow the application to route user requests automatically to the nearest S3 bucket based on network conditions and proximity, minimizing latency and avoiding public network congestion. It also provides failover capabilities with minimal management effort.
- This solution requires the application to manage the routing and failover logic, increasing operational overhead.
- Active-passive configurations introduce delays in failover and require more manual intervention.
- This approach does not optimize routing and requires manual failover, which increases management overhead.
References:
Save time with our AWS cheat sheets.
A company requires a fully managed replacement for an on-premises storage service. The company’s employees often work remotely from various locations. The solution should also be easily accessible to systems connected to the on-premises environment.
Which solution meets these requirements?
- Use AWS Transfer Acceleration to replicate files to Amazon S3 and enable public access.
- Use Amazon FSx to create an SMB file share. Connect remote clients to the file share over a client VPN.
- Use AWS DataSync to synchronize data between the on-premises service and Amazon S3.
- Use AWS Storage Gateway to create a volume gateway to store and transfer files to Amazon S3.
2. Use Amazon FSx to create an SMB file share. Connect remote clients to the file share over a client VPN.
Amazon FSx for Windows File Server (Amazon FSx) is a fully managed, highly available, and scalable file storage solution built on Windows Server that uses the Server Message Block (SMB) protocol. It allows for Microsoft Active Directory integration, data deduplication, and fully managed backups, among other critical enterprise features.
An Amazon FSx file system can be created to host the file shares. Clients can then be connected to an AWS Client VPN endpoint and gateway to enable remote access. The protocol used in this solution will be SMB.
- This is simply a way of improving upload speeds to S3, it is not suitable for enabling internal and external access to a file system.
- The on-premises solution is to be replaced so this is not a satisfactory solution. Also, DataSync syncs one way, it is not bidirectional.
- Storage Gateway volume gateways are mounted using block-based protocols (iSCSI), so this would not be workable as block-based protocols cannot be used over long distances such as by the workers in remote locations.
Reference:
Accessing SMB file shares remotely with Amazon FSx for Windows File Server
Save time with our AWS cheat sheets.
A Solutions Architect has been tasked with migrating 30 TB of data from an on-premises data center within 20 days. The company has an internet connection that is limited to 25 Mbps and the data transfer cannot use more than 50% of the connection speed.
What should a Solutions Architect do to meet these requirements?
- Use AWS DataSync.
- Use AWS Storage Gateway.
- Use AWS Snowball.
- Use a site-to-site VPN.
3. Use AWS Snowball.
This is a simple case of working out roughly how long it will take to migrate the data using the 12.5 Mbps of bandwidth that is available for transfer and seeing which options are feasible. Transferring 30 TB of data across a 25 Mbps connection could take upwards of 200 days.
Therefore, we know that using the Internet connection will not meet the requirements and we can rule out any solution that will use the internet (all options except for Snowball). AWS Snowball is a physical device that is shipped to your office or data center. You can then load data onto it and ship it back to AWS where the data is uploaded to Amazon S3.
Snowball is the only solution that will achieve the data migration requirements within the 20-day period.
This uses the internet which will not meet the 20-day deadline.
Reference:
AWS Snowball
Save time with our AWS cheat sheets.
A Solutions Architect works for a company looking to centralize its Machine Learning Operations. Currently they have a large amount of existing cloud storage to store their operational data which is used for machine learning analysis. There is some data which exists within an Amazon RDS MySQL database, and they need a solution which can easily retrieve data from the database.
Which service can be used to build a centralized data repository to be used for Machine Learning purposes?
- Amazon S3
- AWS Lake Formation
- Amazon Quantum Ledger Database (QLDB)
- Amazon Neptune
2. AWS Lake Formation
AWS Lake Formation is a service that makes it easy to set up a secure data lake in days. A data lake is a centralized, curated, and secured repository that stores all your data, both in its original form and prepared for analysis. With AWS Lake Formation, you can import data from MySQL, PostgreSQL, SQL Server, MariaDB, and Oracle databases running in Amazon Relational Database Service (RDS) or hosted in Amazon Elastic Compute Cloud (EC2). Both bulk and incremental data loading are supported.
- Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. It is not however suitable for directly retrieving data from MySQL on RDS and using the data for a Machine learning use case.
- Amazon Quantum Ledger Database (QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log. It is not suitable for directly retrieving data from MySQL on RDS and using the data for a Machine learning use case.
- Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications. It is not suitable for directly retrieving data from MySQL on RDS and using the data for a Machine learning use case.
Reference:
AWS Lake Formation Features
Save time with our AWS cheat sheets.
A Financial Services company currently stores data in Amazon S3. Each bucket contains items which have different access patterns. The Chief Financial officer of the organization wants to reduce costs, as they have noticed a sharp increase in their S3 bill. The Chief Financial Officer wants to reduce the S3 spend as quickly as possible.
What is the quickest way to reduce the S3 spend with the LEAST operational overhead?
- Automate the move of your S3 objects to the best storage class with AWS Trusted Advisor.
- Create a Lambda function to scan your S3 buckets, check which objects are stored in the appropriate buckets, and move them there.
- Transition the objects to the appropriate storage class by using an S3 Lifecycle configuration.
- Place all objects in S3 Glacier Instant Retrieval.
3. Transition the objects to the appropriate storage class by using an S3 Lifecycle configuration.
- An S3 Lifecycle configuration is a set of rules that define actions that Amazon S3 applies to a group of objects. There are two types of actions:
- Transition actions – These actions define when objects transition to another storage class. For example, you might choose to transition objects to the S3 Standard-IA storage class 30 days after creating them, or archive objects to the S3 Glacier Flexible Retrieval storage class one year after creating them. For more information, see Using Amazon S3 storage classes.
- Expiration actions – These actions define when objects expire. Amazon S3 deletes expired objects on your behalf.
- Trusted Advisor does not automatically transfer objects into the most appropriate buckets. You can use Trusted Advisor to review cost optimization options, and check for public access to your buckets but you cannot automatically transition objects.
- You could perhaps build a Lambda function to do this, however the easiest way to do this would be to use an S3 Lifecycle configuration.
- It states in the question that each bucket contains items which have different access patterns, therefore S3 Glacier is not a suitable use case.
Reference:
Managing the lifecycle of objects
Save time with our AWS cheat sheets.
A financial services company runs a credit evaluation system in a private subnet behind an Application Load Balancer (ALB) in a VPC. The VPC includes a NAT gateway and an internet gateway. The system analyzes customer credit data and uploads the results to Amazon S3 for reporting.
The company has strict regulatory requirements stating that all data traffic must remain within AWS’s private network and must not traverse the public internet. Additionally, the company wants to implement a cost-effective solution while ensuring compliance.
Which solution will meet these requirements MOST cost-effectively?
- Configure an S3 interface endpoint. Attach a security group to the endpoint that allows the application to send traffic to Amazon S3 securely.
- Configure an S3 gateway endpoint. Update the route table of the private subnet to direct S3 traffic through the endpoint.
- Enable S3 Transfer Acceleration for faster uploads and downloads while restricting access to trusted IP addresses.
- Create a VPN connection between the VPC and Amazon S3 to ensure secure communication without public internet traffic.
2. Configure an S3 gateway endpoint. Update the route table of the private subnet to direct S3 traffic through the endpoint.
S3 gateway endpoint enables private and secure communication between the VPC and Amazon S3, ensuring no traffic leaves the AWS network. It is also a cost-effective solution because gateway endpoints do not require additional infrastructure like NAT gateways.
- S3 interface endpoints are designed for use cases involving VPC security group control but are typically more expensive than gateway endpoints. Gateway endpoints are purpose-built for S3 and DynamoDB, offering a simpler and more cost-effective solution.
- S3 Transfer Acceleration is designed to improve performance for global uploads and downloads but does not ensure that traffic avoids the public internet. This does not meet the regulatory requirement of keeping traffic private.
- Amazon S3 does not support direct VPN connections. Gateway endpoints are the proper mechanism for secure, private communication with S3.
References:
Save time with our AWS cheat sheets.
A scientific research organization runs an on-premises simulation application that processes large datasets. The organization has migrated all simulation data to Amazon S3 to reduce costs. The simulation application requires low-latency storage access for seamless performance during processing tasks.
The organization needs to design a storage solution that minimizes costs while maintaining the performance requirements of the application.
Which storage solution will meet these requirements in the MOST cost-effective way?
- Use Amazon S3 File Gateway to provide low-latency storage for the on-premises application. The File Gateway will cache frequently accessed data locally.
- Use AWS DataSync to copy frequently accessed data from Amazon S3 to an on-premises storage system. Configure the application to use the local storage for low-latency access.
- Copy the data from Amazon S3 to Amazon FSx for Lustre. Use an Amazon FSx File Gateway to provide low-latency access for the on-premises application.
- Deploy a high-speed internet connection and configure the on-premises application to access the data directly from Amazon S3 using the S3 API for storage operations.
1. Use Amazon S3 File Gateway to provide low-latency storage for the on-premises application. The File Gateway will cache frequently accessed data locally.
S3 File Gateway provides a seamless and cost-effective way to access data stored in Amazon S3. It locally caches frequently accessed data, reducing latency while still leveraging the cost benefits of S3 storage.
- DataSync is designed for batch data transfer and is not suitable for providing continuous, low-latency access to S3 data. It introduces additional complexity and costs for managing on-premises storage systems.
- FSx for Lustre is optimized for high-performance workloads but is more expensive and introduces unnecessary complexity compared to S3 File Gateway. Additionally, copying all data to FSx increases storage costs.
- Accessing data directly from S3 over the internet does not meet the low-latency requirements for the application. While cost-effective, it will degrade performance for latency-sensitive workloads.
References:
Save time with our AWS cheat sheets.
A research organization is planning to migrate its simulation analysis platform to AWS. The platform stores simulation results and logs on an on-premises NFS server. The platform’s codebase is legacy and cannot be modified to use any protocol other than NFS to store and retrieve data. The organization needs a storage solution on AWS that supports NFS and is highly available and scalable.
Which storage solution should a solutions architect recommend for use after the migration?
- Use AWS Storage Gateway File Gateway to provide an NFS interface backed by Amazon S3 for storing and retrieving data.
- Use Amazon Elastic File System (Amazon EFS) to provide an NFS-compatible shared file system that integrates with AWS services.
- Use Amazon Elastic Block Store (Amazon EBS) volumes attached to each EC2 instance for storage. Use NFS software on the EC2 instances to create a shared file system.
- Use Amazon FSx for Windows File Server to create a shared file system for data storage and access through the SMB protocol.
2. Use Amazon Elastic File System (Amazon EFS) to provide an NFS-compatible shared file system that integrates with AWS services.
Amazon EFS is a fully managed, scalable, and highly available file storage service that supports NFS. It is designed to work seamlessly with applications requiring NFS without additional setup or modifications.
- File Gateway is typically used to integrate on-premises environments with AWS. It is not as suitable for applications entirely migrated to AWS, especially when a native NFS solution like EFS is available.
- Using EBS requires additional configuration and management to implement an NFS-based shared file system. EFS provides a simpler, fully managed solution.
- FSx for Windows File Server supports the SMB protocol, not NFS. The application explicitly requires NFS, making FSx for Windows File Server unsuitable.
References:
Save time with our AWS cheat sheets.
A company has on-premises file servers that include both Windows SMB and Linux NFS protocols. The company plans to migrate to AWS and consolidate these file servers into a managed cloud solution. The chosen solution must support both NFS and SMB access, provide protocol sharing, and offer redundancy at the Availability Zone level.
Which solution will meet these requirements?
- Use Amazon FSx for NetApp ONTAP to consolidate storage and enable multi-protocol access for both SMB and NFS.
- Deploy Amazon FSx for Windows File Server for SMB access and Amazon FSx for OpenZFS for NFS access.
- Use Amazon S3 for storage and deploy an Amazon S3 File Gateway for on-premises access to both SMB and NFS clients.
- Create two Amazon EC2 instances with locally attached storage: one instance for SMB access and the other instance for NFS access.
1. Use Amazon FSx for NetApp ONTAP to consolidate storage and enable multi-protocol access for both SMB and NFS.
Amazon FSx for NetApp ONTAP supports both SMB and NFS protocols with multi-protocol sharing and redundancy across Availability Zones.
- This approach separates SMB and NFS access, does not provide protocol sharing, and introduces additional complexity.
- Amazon S3 File Gateway does not natively support SMB or NFS protocols for simultaneous access.
- This solution is not a managed service, lacks redundancy at the Availability Zone level, and increases operational overhead.
References:
Save time with our AWS cheat sheets.
A company needs to implement a new data retention policy for regulatory compliance. As part of this policy, sensitive documents that are stored in an Amazon S3 bucket must be protected from deletion or modification for a fixed period of time.
Which solution will meet these requirements?
- Activate S3 Object Lock in compliance mode on the bucket. Configure a WORM (Write Once, Read Many) policy.
- Enable S3 Object Lock on the required objects and set compliance mode.
- Create an Amazon S3 bucket with versioning enabled. Use a lifecycle rule to automatically delete older versions after the retention period.
- Use AWS Backup to create immutable backups of the S3 objects and enforce a retention policy.
2. Enable S3 Object Lock on the required objects and set compliance mode.
Compliance mode ensures that no user, including the root user, can delete or modify objects during the retention period, making it suitable for regulatory requirements.
- S3 Object Lock applies to specific objects, not the entire bucket, and there is no WORM-specific configuration required beyond compliance mode.
- Versioning and lifecycle policies do not provide protection against modification or deletion during the retention period.
- AWS Backup does not integrate directly with S3 Object Lock to meet regulatory compliance needs for immutability.
References:
Save time with our AWS cheat sheets.
A company recently performed a lift and shift migration of its on-premises Oracle database workload to run on an Amazon EC2 memory-optimized Linux instance. The EC2 Linux instance uses a 1 TB Provisioned IOPS SSD (io1) EBS volume with 64,000 IOPS. The database storage performance after the migration is slower than the performance of the on-premises database.
Which solution will improve storage performance?
- Add more Provisioned IOPS SSD (io1) EBS volumes. Use OS commands to create a Logical Volume Management (LVM) stripe.
- Increase the Provisioned IOPS SSD (io1) EBS volume to more than 64,000 IOPS.
- Increase the size of the Provisioned IOPS SSD (io1) EBS volume to 2 TB.
- Change the EC2 Linux instance to a storage-optimized instance type. Do not change the Provisioned IOPS SSD (io1) EBS volume.
1. Add more Provisioned IOPS SSD (io1) EBS volumes. Use OS commands to create a Logical Volume Management (LVM) stripe.
Creating a striped volume using multiple io1 EBS volumes allows you to aggregate performance and exceed the performance limits of a single volume, resulting in better storage performance.
- 64,000 IOPS is the maximum performance for a single io1 volume attached to an EC2 instance. Increasing the IOPS would not be effective.
- The volume size does not directly affect the IOPS beyond the already configured value of 64,000 IOPS.
- Changing the instance type does not address the bottleneck at the EBS volume level.
References:
Save time with our AWS cheat sheets.
