Master AWS Certifications with Confidence

Spot Instances

On-Demand Instances

Savings Plans

Dedicated Hosts

AWS Lambda

AWS Organizations

AWS CloudFormation

Amazon RDS

A Network Load Balancer with an associated Elastic IP address.

An Application Load Balancer with an associated Elastic IP address.

An A record in an Amazon Route 53 hosted zone pointing to an Elastic IP address.

An EC2 instance with a public IP address running as a proxy in front of the load balancer.

Deploy an AWS Network Firewall and configure a stateful rule group with domain allow lists for the approved API endpoints.

Use AWS Shield Advanced with a web ACL to allow traffic to the API endpoints and protect against DDoS attacks.

Update the security group outbound rules to permit HTTPS traffic only to the IP addresses of the API endpoints.

Implement a NAT Gateway in the public subnet and use prefix lists in the route table to restrict outbound traffic.

Create a Direct Connect gateway in the central account. In each account, create a virtual private gateway and associate it with the Direct Connect gateway via an association proposal.

Set up a Direct Connect gateway and transit gateway in the central account. Link them using a transit VIF.

Deploy an internet gateway in each VPC and update route tables to direct internet traffic through it.

Use AWS Resource Access Manager to share the transit gateway with other accounts. Attach all VPCs to the shared transit gateway.

Establish VPC peering connections between all VPCs.

Configure VPC route tables to send default traffic to the transit gateway. Set up on-premises NAT gateways to handle internet traffic.

Use Amazon CloudFront with Amazon S3 for web hosting, Amazon API Gateway for order APIs, Amazon Kinesis Data Streams for order queuing, AWS Lambda for business logic, and Amazon DynamoDB for retaining failed orders.

Use Amazon S3 for web hosting with AWS AppSync for order APIs. Use Amazon Simple Queue Service (Amazon SQS) for order queuing. Use AWS Lambda for business logic with an Amazon SQS dead-letter queue for retaining failed orders.

Use AWS Elastic Beanstalk for web hosting with Amazon RDS for order APIs. Use Amazon Simple Notification Service (Amazon SNS) for order queuing. Use Amazon EC2 for business logic with Amazon S3 Glacier for retaining failed orders.

Use Amazon Lightsail for web hosting with Amazon API Gateway for order APIs. Use Amazon MQ for order queuing. Use AWS Step Functions for business logic with Amazon OpenSearch Service for retaining failed orders.

Create a Lambda environment variable to store the API Gateway URL. Use the standard method for the programming language to retrieve the variable.

Store the API Gateway URL in a file. Store the file in the /tmp folder. Use the SDK for the programming language to retrieve the URL.

Create a file to store the API Gateway URL. Zip the file and upload it to the Lambda layer. Use the SDK for the programming language to retrieve the URL.

Create a global variable that is outside the handler in the Lambda function to store the API Gateway URL.

Use the default AWS Key Management Service (AWS KMS) key for Amazon S3 in the Lambda function code.

Use an S3 managed key and call the GenerateDataKey API to encrypt the file.

Invoke the GenerateDataKey API, encrypt the file with the data key in the Lambda function code, and include the encrypted data key.

Use an AWS Key Management Service (AWS KMS) customer managed key for Amazon S3 in the Lambda function code.