Master AWS Certifications with Confidence

Database management

Application architecture

Identity and access management

Incident management

Cost optimization

AWS WAF

AWS Shield

Network ACLs

Security groups

Attach the AdministratorAccess policy to the IAM group in the development account.

Add the development account as a principal in the trust policy of the role in the production account.

Enable public access to the DynamoDB table in the production account.

Create IAM users in the production account for each developer.

Create an Amazon FSx for Lustre file system.

Create an Amazon Elastic File System (Amazon EFS) file system.

Create an Amazon S3 bucket to receive the data.

Manually use an operating system copy command to transfer the data to AWS.

Deploy an AWS DataSync agent on-premises and configure a DataSync task to transfer data to AWS.

Create an AWS Config rule in each account to detect S3 buckets missing the Department tag.

Implement an SCP at the organization level to block creation of S3 buckets without the Department tag.

Use Amazon Inspector to scan all S3 buckets for missing Department tags.

Apply an IAM policy in each account to deny s3:CreateBucket requests without the Department tag.

Set up an AWS Config aggregator to compile a centralized report of non-compliant S3 buckets across the organization.

Use AWS Security Hub to aggregate findings about S3 buckets lacking the Department tag.

Implement an internal Network Load Balancer (NLB) linked to a target group pointing to the Lambda functions. Use the NLB's DNS name for API calls from the VPC.

Delete the current API's public DNS record. Create a private hosted zone in Route 53 with a new CNAME record pointing to the API. Update the API Gateway configuration to use this CNAME. Access the API via the new DNS record from the VPC.

Change the API endpoint type to private in API Gateway. Establish an interface VPC endpoint in the VPC. Apply a resource policy to the API restricting access to the VPC endpoint. Use the VPC endpoint to invoke the API from within the VPC.

Migrate the Lambda functions to run within the VPC. Set up an EC2 instance with Nginx as a reverse proxy. Configure the Nginx server to forward requests to the Lambda functions. Use the EC2 instance's private DNS to access the API internally.

Use AWS Config to enable S3 bucket encryption checks. Create a rule to detect unencrypted objects. Set up Amazon SNS to notify when the rule is non-compliant.

Enable Amazon Macie for the S3 bucket. Configure a classification job to identify unencrypted sensitive files. Use Amazon EventBridge to trigger notifications when Macie findings are generated.

Deploy AWS CloudTrail to monitor S3 API activity. Create a Lambda function to analyze logs for unencrypted uploads. Configure the function to send alerts via SNS when issues are found.

Set up Amazon GuardDuty to monitor the S3 bucket. Configure GuardDuty to detect unencrypted objects and integrate with Lambda to send notifications via SES.

Publish a new Lambda version and assign a weighted routing policy directly to the version.

Create an alias for the Lambda function and configure a weighted routing policy for the updated version.

Deploy an Application Load Balancer with weighted target groups pointing to the original and updated Lambda functions.

Use a Network Load Balancer with weighted target groups to route traffic between the original and updated Lambda functions.