Master AWS Certifications with Confidence

Which AWS service provides the capability to centrally manage and govern multiple AWS accounts, including creating new accounts, organizing them into hierarchical groups, and enforcing consistent policies across all accounts?

A mining company operates several remote sites with no reliable internet access. They need to gather large volumes of geological data on-site and upload it to the AWS Cloud once they return to their headquarters. Which AWS service is most suitable for this use case?

A company operates its databases on Amazon RDS for MySQL. The company requires a secure method to manage the master user password by automatically rotating it every 45 days. Which solution meets these requirements with the LEAST operational overhead?

A company operates a high-availability data analytics application on Amazon EC2 instances within a single VPC. The instances are distributed across multiple subnets in different Availability Zones. These EC2 instances do not communicate with each other but frequently retrieve data from and store results in Amazon DynamoDB via a single NAT gateway. The company is seeking to minimize data transfer costs associated with this setup.

What is the MOST cost-effective solution to reduce Regional data transfer charges?

A company operates a data processing pipeline using an AWS Lambda function. The function configures batch size and timeout settings through environment variables. The company frequently updates these variables to optimize performance. After validating new settings, they publish a new Lambda version and update their application to invoke the new version's ARN. This process causes application downtime during updates.

A solutions architect must streamline this process to eliminate downtime with minimal operational overhead.

Which solution meets these requirements?

A company is using AWS Organizations to restrict its developers to only use Amazon RDS, AWS Lambda, and AWS CloudFormation. The developers' account is placed in a separate organizational unit (OU). The solutions architect has applied the following SCP to the developers' OU:

json<br>{<br> "Version": "2012-10-17",<br> "Statement": [<br> {<br> "Sid": "AllowRDS",<br> "Effect": "Allow",<br> "Action": "rds:*",<br> "Resource": "*"<br> },<br> {<br> "Sid": "AllowLambda",<br> "Effect": "Allow",<br> "Action": "lambda:*",<br> "Resource": "*"<br> },<br> {<br> "Sid": "AllowCloudFormation",<br> "Effect": "Allow",<br> "Action": "cloudformation:*",<br> "Resource": "*"<br> }<br> ]<br>}<br>

Despite this policy, IAM users in the developers' account can still access AWS services not listed in the SCP. What should the solutions architect do to enforce the restriction?

A. Add explicit deny statements for all AWS services except RDS, Lambda, and CloudFormation.
B. Detach the FullAWSAccess SCP from the developers' OU.
C. Update the FullAWSAccess SCP to explicitly deny all services not listed.
D. Include a wildcard deny statement at the end of the existing SCP.

A developer is configuring an Amazon EventBridge rule to trigger an AWS Lambda function whenever a new pull request is created or when an existing pull request's status changes (e.g., from open to closed). The Lambda function updates a monitoring dashboard with pull request statistics. The developer uses AWS CodeCommit for source control.

Which EventBridge event pattern will correctly invoke the Lambda function under these conditions?

A developer manages an Amazon API Gateway HTTP API used by a mobile application with AWS IAM authorization. A new API version introduces breaking changes and additional endpoints. The developer needs to allow internal testers to access the new version without impacting the existing mobile users. Which solution meets these requirements with the LEAST operational overhead?