Master AWS Certifications with Confidence

AWS Key Management Service (KMS)

IAM roles

AWS Security Token Service (AWS STS)

Amazon S3 bucket policies

Managing encryption of data within the database

Ensuring physical security of the underlying infrastructure

Applying user-defined access policies to the database

Configuring database connection timeout settings

Create an Amazon EventBridge rule to detect KMS DeleteKey events. Configure an AWS Config remediation rule to block key deletion. Link the EventBridge rule to the AWS Config remediation. Create an SNS topic to notify administrators when a deletion attempt occurs.

Develop an AWS Lambda function to intercept and block KMS key deletion requests. Configure an Amazon EventBridge rule to trigger the Lambda function on DeleteKey events. Set up an SNS topic to send notifications to administrators when the Lambda function is invoked.

Create an Amazon EventBridge rule to detect KMS DeleteKey events. Configure the rule to trigger an AWS Systems Manager Automation runbook that cancels the deletion. Link the EventBridge rule to an SNS topic to notify administrators of the attempt.

Enable AWS CloudTrail logging for KMS API activity. Create a CloudWatch metric filter to detect DeleteKey events in the logs. Configure a CloudWatch alarm linked to an SNS topic to alert administrators when a deletion attempt is logged.

Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.

Allow all outbound traffic to 0.0.0.0/0 for port 8443.

Allow HTTPS outbound traffic to the EC2 instances for port 8443.

Allow HTTPS inbound traffic from the EC2 instances for port 8443.

Allow HTTPS outbound traffic to the EC2 instances for the health check on port 9443.

Allow HTTPS inbound traffic from the EC2 instances for the health check on port 9443.

Stream the data to an Amazon Kinesis Data Firehose delivery stream. Use AWS Step Functions to process and analyze the data from Kinesis Data Firehose. Send alerts using Amazon Simple Notification Service (Amazon SNS).

Stream the data to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster. Configure an Amazon EventBridge trigger to invoke an AWS Lambda function for data analysis. Use Amazon Simple Email Service (Amazon SES) for notifications.

Stream the data to an Amazon Kinesis data stream. Use an AWS Lambda function to process the stream and analyze data in real time. Notify the team using Amazon Simple Notification Service (Amazon SNS).

Stream the data into an Amazon Kinesis Data Analytics application. Deploy a containerized service on AWS Fargate to analyze the data. Utilize Amazon Simple Email Service (Amazon SES) for alerts.

Create a Direct Connect gateway in the central account. In each account, create a virtual private gateway and associate it with the Direct Connect gateway via an association proposal.

Set up a Direct Connect gateway and transit gateway in the central account. Link them using a transit VIF.

Deploy an internet gateway in each VPC and update route tables to direct internet traffic through it.

Use AWS Resource Access Manager to share the transit gateway with other accounts. Attach all VPCs to the shared transit gateway.

Establish VPC peering connections between all VPCs.

Configure VPC route tables to send default traffic to the transit gateway. Set up on-premises NAT gateways to handle internet traffic.

Use IAM database authentication for RDS PostgreSQL to enable secure database connections for all Lambda functions.

Store the credentials in an encrypted Amazon ElastiCache cluster and retrieve them during Lambda execution.

Store the credentials in AWS Systems Manager Parameter Store as a secure string parameter.

Use Lambda environment variables encrypted with a customer-managed AWS Key Management Service (AWS KMS) key.

Implement signed URLs for content access.

Set the origin protocol policy to Match Viewer.

Enable field-level encryption for sensitive data.

Configure the distribution to compress content.

Enforce HTTPS by redirecting HTTP traffic to HTTPS.