A company is using AWS CloudFormation as its deployment tool for all applications. It stages all application binaries and templates within Amazon S3 buckets with versioning enabled. Developers have access to an Amazon EC2 instance that hosts the integrated development environment (IDE). The developers download the application binaries from Amazon S3 to the EC2 instance, make changes, and upload the binaries to an S3 bucket after running the unit tests locally. The developers want to improve the existing deployment mechanism and implement CI/CD using AWS CodePipeline. The developers have the following requirements: * Use AWS CodeCommit for source control. * Automate unit te...

Key Requirements and Analysis: The company is looking to improve its existing deployment mechanism by adopting a Continuous Integration/Continuous Delivery (CI/CD) solution using AWS services. The key requirements are: - Source control using AWS CodeCommit: CodeCommit will be used to store source code. - Automate unit testing and security scanning: This requires running automated tests and scans on the application binaries. - Alert developers on test failures: Alerts need to be sent to developers if unit tests fail. - Turn application features on and off dynamically: This requires flexibility in deployment, such as toggling features during the CI/CD pipeline. - Lead developer approval before deployment: A manual approval process is needed before deploying the application. Solution Breakdown: Option A: Use AWS CodeBuild to run unit tests and security scans. Use an Amazon EventBridge rule to send Amazon SNS alerts to the developers when unit tests fail. Write AWS Cloud Development Kit (AWS CDK) constructs for different solution features, and use a manifest file to turn features on and off in the AWS CDK application. Use a manual approval stage in the pipeline to allow the lead developer to approve applications. - CodeBuild is a fully managed build service and is well-suited for automating unit testing and security scanning. - Amazon EventBridge can be used to monitor events (e.g., unit test failures) and send notifications via Amazon SNS to alert the developers. - AWS CDK (Cloud Development Kit) provides flexibility for feature toggling, allowing developers to define resources programmatically and manage deployment features dynamically via manifests or feature flags. - Manual approval can be implemented within the pipeline using a manual approval step in AWS CodePipeline. - Selection Justification: This option meets all the requirements. CodeBuild handles testing and security scanning, EventBridge/SNS handles alerts, AWS CDK allows for feature toggling, and the manual approval process satisfies the lead developer's requirement for application deployment approval. Option B: Use AWS Lambda to run unit tests and security scans. Use Lambda in a subsequent stage in the pipeline to send Amazon SNS alerts to the developers when unit tests fail. Write AWS Amplify plugins for different solution features and utilize user prompts to turn features on and off. Use Amazon SES in the pipeline to allow the lead developer to approve applications. - Lambda is often used for event-driven tasks but may not be the best fit for running complex unit tests and security scans, as it may lack the flexibility and environment needed for such tasks. - AWS Amplify is more suitable for frontend applications, and using it to handle backend feature toggling is less optimal. - Amazon SES (Simpl...

Author: Ryan · Last updated May 13, 2026

A global ecommerce company has many data centers around the world. With the growth of its stored data, the company needs to set up a solution to provide scalable storage for legacy on-premises file applications. The company must be able to take point-in-time copies of volumes by using AWS Backup and must retain low-latency access to frequently accessed data. The company also needs to have storage volumes th...

Key Requirements Analysis: The company needs a solution that: 1. Provides scalable storage for legacy on-premises file applications. 2. Allows for point-in-time copies of volumes using AWS Backup. 3. Retains low-latency access to frequently accessed data. 4. Allows storage volumes to be mounted as iSCSI devices from on-premises application servers. Option Breakdown: A) Provision an AWS Storage Gateway tape gateway. Configure the tape gateway to store data in an Amazon S3 bucket. Deploy AWS Backup to take point-in-time copies of the volumes. - Tape Gateway is designed primarily for backup and archiving purposes, using virtual tape libraries to store data in Amazon S3 or Glacier. This solution is more suited for data backup rather than providing low-latency access to frequently accessed data. It doesn't support iSCSI volumes. - Rejection Reason: Tape Gateway does not meet the requirement for low-latency access to frequently accessed data, and it doesn’t support mounting volumes as iSCSI devices. B) Provision an Amazon FSx File Gateway and an Amazon S3 File Gateway. Deploy AWS Backup to take point-in-time copies of the data. - Amazon FSx File Gateway and Amazon S3 File Gateway are used for integrating on-premises environments with Amazon FSx or Amazon S3, respectively. FSx provides Windows file system support, while S3 File Gateway allows access to Amazon S3 as a file system. However, FSx File Gateway isn't designed for iSCSI support directly, which is a requirement. - Rejection Reason: While these gateways provide file storage integrati...

Author: Layla · Last updated May 13, 2026

A company has an application that uses AWS Key Management Service (AWS KMS) to encrypt and decrypt data. The application stores data in an Amazon S3 bucket in an AWS Region. Company security policies require the data to be encrypted before the data is placed into the S3 bucket. The application must decrypt the data when the application reads files from the S3 bucket. The company replicates the S3 bucket to other Regions. A solutions architect must design a ...

Key Requirements: - Data Encryption: Data must be encrypted before being placed into an S3 bucket. - Decryption: The application must be able to decrypt the data when reading files from the S3 bucket. - Multi-Region Support: The data in the S3 bucket is replicated across Regions, and the application must be able to use the same key to decrypt the data across these Regions. Solution Breakdown: A) Create a KMS multi-Region primary key. Use the KMS multi-Region primary key to create a KMS multi-Region replica key in each additional Region where the application is running. Update the application code to use the specific replica key in each Region. - Explanation: AWS Key Management Service (KMS) supports multi-Region keys, which allow you to create a primary KMS key in one Region and then create replica keys in other Regions. These replica keys are automatically synchronized and can be used in other Regions to decrypt the data that was encrypted with the primary key. - The solution allows the application to use the same key (via the primary key and its replicas) in all Regions, ensuring that data can be decrypted consistently across all Regions. - Selection Justification: This solution perfectly fits the requirement of using the same key across multiple Regions for ...

Author: Zara · Last updated May 13, 2026

A company hosts an application that uses several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). During the initial startup of the EC2 instances, the EC2 instances run user data scripts to download critical content for the application from an Amazon S3 bucket. The EC2 instances are launching correctly. However, after a period of time, the EC2 instances are terminated with the following error message: 'An instance was taken out of service in response to an ELB system health check failure.' EC2 instances continue to launch and be terminated because of Auto Scaling events in an endless loop. The only r...

In this situation, the issue seems to stem from the EC2 instances failing the health check due to the time it takes to download the large amount of critical content from the S3 bucket. The instances may not be ready to serve traffic when the ALB performs its health check, leading to the instances being marked as unhealthy and terminated. The Auto Scaling group then launches new instances, and the cycle repeats. Let's go through the options and determine the best solution. A) Increase the size of the EC2 instances Increasing the size of the EC2 instances could provide more CPU and memory resources, potentially allowing the user data scripts to complete faster. However, this solution doesn't directly address the core issue. The problem is the time it takes to download the large content from S3, which might still cause the instances to fail the health check if they are not ready in time. Increasing instance size doesn't guarantee that the instances will pass the health check and might not be the most efficient approach to address the problem. Rejected: It doesn't directly solve the issue of the health check failing due to time constraints. B) Increase the health check timeout for the ALB The ALB health check timeout defines how long the ALB waits for a response from the EC2 instances before marking them as unhealthy. If the user data script takes longer than the default timeout, it might cause the health check to fail prematurely. Increasing the health check timeout would allow more time for the EC2 instances to become healthy. However, adjusting the timeout of the health check might just delay the issue, and if the EC2 instances are still not fully ready to serve traffic, the problem could persist. The health check could still fail after the increased timeout, and the instances would still be terminated. Rejected: This only delays the issue and doesn't address the root cause, which is the instance not being fully ready in tim...

Author: Maya · Last updated May 13, 2026

A company needs to move some on-premises Oracle databases to AWS. The company has chosen to keep some of the databases on premises for business compliance reasons. The on-premises databases contain spatial data and run cron jobs for maintenance. The company needs to connect to t...

Key Requirements: 1. The company needs to keep some databases on-premises due to business compliance reasons. 2. The on-premises Oracle databases contain spatial data and run cron jobs for maintenance. 3. The company needs to connect to the on-premises systems directly from AWS to query data as a foreign table. Let's examine each option based on the key requirements: A) Create Amazon DynamoDB global tables with auto-scaling enabled. - Why it's rejected: - DynamoDB does not natively support spatial data types like Oracle. Spatial data in Oracle requires specific handling and indexing that DynamoDB cannot provide out of the box. - The solution also involves complex steps like moving data to S3, querying with Athena, and using Lambda for cron jobs, which is cumbersome and doesn't fully support Oracle-specific functionalities (such as spatial data and cron jobs). - Foreign table support: DynamoDB is not designed to support foreign tables in a relational database context, so using it to connect on-premises Oracle databases for querying as a foreign table would not be feasible. B) Create an Amazon RDS for Microsoft SQL Server DB instance. - Why it's rejected: - The company is moving Oracle databases, not Microsoft SQL Server. Using RDS for SQL Server requires conversion of the Oracle schema, which is unnecessary and could introduce significant complexity. - While AWS Schema Conversion Tool (SCT) can convert some schema elements, SQL Server does not natively support spatial data types the way Oracle does. Moving spatial data to Amazon Redshift (which is not an ideal fit for this type of data) further complicates the solution. - Foreign table support: Using AWS Glue for foreign table support isn't suitable for querying Oracle databases directly from AWS, especially when spatial data and cron jobs are involved. C) Launch Amazon EC2 instances to host the Oracle databases. - Why it's rejected: - While launching EC2 instances to host Oracle databases is possibl...

Author: Layla · Last updated May 13, 2026

Accompany runs an application on Amazon EC2 and AWS Lambda. The application stores temporary data in Amazon S3. The S3 objects are deleted after 24 hours. The company deploys new versions of the application by launching AWS CloudFormation stacks. The stacks create the required resources. After validating a new version, the company deletes the old stack. The deletion of an old dev...

Key Requirements: 1. The application stores temporary data in Amazon S3, and the S3 objects are deleted after 24 hours. 2. The company deploys new versions of the application using AWS CloudFormation stacks. 3. The deletion of an old development stack failed recently. 4. The goal is to resolve this issue without making major changes to the architecture. Let's evaluate the options: A) Create a Lambda function to delete objects from an S3 bucket. Add the Lambda function as a custom resource in the CloudFormation stack with a DependsOn attribute that points to the S3 bucket resource. - Why this could work: - Custom Lambda resource: You can create a Lambda function to clean up the S3 bucket by deleting the temporary objects before CloudFormation deletes the S3 bucket itself. By using the `DependsOn` attribute, you can ensure that the S3 bucket resource is deleted only after the Lambda function has successfully cleaned up the objects in the bucket. - No architecture change: This approach does not require significant changes to the architecture, just the addition of a Lambda function and a custom resource in the CloudFormation template. - Directly solves the issue: This addresses the failure in deleting the stack by ensuring the S3 objects are removed first, preventing the bucket from failing to delete due to non-empty content. - Why this is the best choice: - It directly addresses the failure of stack deletion without altering the application’s architecture. - Using a Lambda function to clean up temporary S3 objects ensures that CloudFormation can successfully delete the stack and its resources. Selected: This option provides an effective solution while maintaining the current architecture without requiring significant changes. B) Modify the CloudFormation stack to attach a DeletionPolicy attribute with a value of Delete to the S3 bucket. - Why it's rejected: - The `DeletionPolicy` attribute with the `Delete` value tells CloudFormation to delete the S3 bucket when the stack is deleted. However, the issue is not with the bucket itself, but with the objects inside the bucket. If there are still objects in th...

Author: Nia · Last updated May 13, 2026

A company has an application that stores user-uploaded videos in an Amazon S3 bucket that uses S3 Standard storage. Users access the videos frequently in the first 180 days after the videos are uploaded. Access after 180 days is rare. Named users and anonymous users access the videos. Most of the videos are more than 100 MB in size. Users often have poor internet connectivity when they upload videos, resulting in failed uploads. The compan...

Key Requirements: 1. Frequent access: Users access the videos frequently in the first 180 days after upload. 2. Rare access: After 180 days, access to the videos is rare. 3. Multipart uploads: The company uses multipart uploads for videos, but users often have poor internet connectivity, leading to failed uploads. 4. Large file sizes: Most videos are more than 100 MB. 5. S3 cost optimization: The company needs to optimize S3 costs for the videos. Let's evaluate the options: A) Configure the S3 bucket to be a Requester Pays bucket. - Why it's rejected: - Requester Pays buckets shift the cost of data requests to the requester instead of the bucket owner. While this can be useful in some cases (e.g., if the requester is an external party), in this context, it does not directly optimize costs for the company. Since both named users and anonymous users are accessing the videos, making the bucket requester-pays would likely increase the costs for the users. - Additionally, this does not address the primary concern, which is optimizing storage costs based on access patterns and the need to handle failed uploads due to poor connectivity. Rejected: This doesn't solve the primary cost optimization problem and might increase user costs, especially for anonymous users. B) Use S3 Transfer Acceleration to upload the videos to the S3 bucket. - Why it's rejected: - S3 Transfer Acceleration speeds up uploads by using Amazon CloudFront’s edge locations. While this could help with failed uploads due to poor internet connectivity, it comes with an additional cost. - The company is primarily concerned with storage cost optimization, and Transfer Acceleration does not significantly contribute to reducing storage costs. The focus should be on managing storage lifecycle and reducing costs for infrequently accessed data. Rejected: While it could improve upload reliability, it does not address cost optimization for storage, and it adds unnecessary expenses. C) Create an S3 Lifecycle configuration to expire incomplete multipart uploads 7 days after initiation. - Why this is selected: - Incomplete multipart uploads can result in unused storage and unnecessary costs....

Author: William · Last updated May 13, 2026

A company runs an ecommerce web application on AWS. The web application is hosted as a static website on Amazon S3 with Amazon CloudFront for content delivery. An Amazon API Gateway API invokes AWS Lambda functions to handle user requests and order processing for the web application The Lambda functions store data in an Amazon ROS for MySQL DB cluster that uses On-Demand instances. The DB cluster usage has been consistent in the past 12 months. Recently, the website has experienced SQL injection and web exploit attempts. Customers also report that order processing time has increased during periods of peak usage. During these periods, the Lambda functions often hav...

Option A: Configure the Lambda functions to have an increased timeout value during peak periods. Use RDS Reserved Instances for the database. Use CloudFront and subscribe to AWS Shield Advanced to protect against the SQL injection and web exploit attempts. Reasoning: - Increased Lambda timeout: While increasing the timeout value for Lambda can help handle longer-running requests during peak periods, it does not address the underlying cold start issue, which is the root cause of performance degradation during peak times. - RDS Reserved Instances: Reserved Instances are good for predictable workloads with steady usage, but since the database usage has been consistent for the past 12 months, it's more cost-effective to consider Amazon Aurora or Aurora Serverless for scalability and cost optimization. - AWS Shield Advanced: AWS Shield Advanced provides protection against DDoS attacks but does not directly address SQL injection or web exploits. For protecting against SQL injection, you would typically use AWS WAF (Web Application Firewall), which is specifically designed to protect against web exploits and attacks like SQL injection. Why it’s rejected: - This option does not fully address the scaling or performance issues related to Lambda cold starts during peak times. - Reserved Instances are cost-effective for predictable workloads but not ideal for dynamic scaling like Aurora Serverless. - AWS WAF would be a more relevant solution for protection against SQL injection and web exploits, not AWS Shield Advanced. Option B: Increase the memory of the Lambda functions. Transition to Amazon Redshift for the database. Integrate Amazon Inspector with CloudFront to protect against the SQL injection and web exploit attempts. Reasoning: - Increasing Lambda memory: Increasing the memory for Lambda functions can reduce cold start latency by providing more resources, but it does not address scalability or concurrency issues effectively. Additionally, this might not directly resolve cold starts during peak traffic. - Amazon Redshift: Redshift is a data warehouse solution optimized for analytical workloads, not for transactional databases. Using Redshift would be unsuitable for handling typical ecommerce transactional workloads, such as those needed for order processing. - Amazon Inspector: Amazon Inspector is a security assessment tool but does not specifically offer protection against web exploits like SQL injection. For web application security, AWS WAF is more appropriate. Why it’s rejected: - Redshift is not appropriate for transactional database use cases like an ecommerce application. It is better suited for analytical processing. - AWS WAF would be a better tool for protecting against SQL injection and web exploits, not Amazon Inspector. Option C: Use Lambda functions with provisioned concurrency for co...

Author: Lucas · Last updated May 13, 2026

A company runs a web application on a single Amazon EC2 instance. End users experience slow application performance during times of peak usage, when CPU utilization is consistently more than 95%. A user data script installs required custom packages on the EC2 instance. The process of launching the instance takes several minutes. The company is creating an Auto Scaling group that has mixed instance groups, varied CPUs, and a maximum capacity limit. The Auto Scaling group will...

To address the performance and latency issue during peak usage times and ensure that new instances are launched quickly with the required configurations, let's evaluate each option based on the requirements: Key Requirements: 1. Decrease application latency when new instances are launched. 2. Fast instance provisioning to minimize the wait time for instances to become fully operational. 3. User data script installation must happen during instance initialization but in a way that doesn’t delay performance significantly. 4. Auto Scaling needs to ensure the EC2 instances can scale up quickly during peak load. --- Option A: Use a predictive scaling policy. Use an instance maintenance policy to run the user data script. Set the default instance warmup time to 0 seconds. - Predictive scaling is designed for predicting future demand based on historical usage patterns, allowing instances to be launched before they are actually needed. However, since the current issue seems to be an immediate need for scaling during peak times (with CPU utilization over 95%), predictive scaling may not react fast enough to handle sudden surges in demand. - Instance maintenance policy refers to configuring maintenance activities (like user data scripts) that will run during instance maintenance, but it doesn't guarantee fast scaling. - Warmup time set to 0 seconds could cause an issue because instances may be considered ready before they are fully configured and operational. Why it's rejected: Predictive scaling is typically more useful for forecasting based on trends, and the immediate latency requirement needs something more responsive, which makes this option less ideal for handling spikes quickly. --- Option B: Use a dynamic scaling policy. Use lifecycle hooks to run the user data script. Set the default instance warmup time to 0 seconds. - Dynamic scaling policy responds to immediate changes in load, such as high CPU usage. This will allow Auto Scaling to scale up or down based on current demand, which is ideal for situations where there are sudden spikes in usage. - Lifecycle hooks allow for running actions like the user data script when instances are launched or terminated, ensuring that the necessary packages are installed before the instance is considered fully ready. - Warmup time set to 0 seconds may cause the instance to be marked as available before it is fully ready if the user data script takes ti...

Author: Noah · Last updated May 13, 2026

A company needs to migrate its on-premises database fleet to Amazon RDS. The company is currently using a mixture of Microsoft SQL Server, MySQL, and Oracle databases. Some of the databases have custom schemas and stored pr...

To migrate a fleet of on-premises databases to Amazon RDS (involving Microsoft SQL Server, MySQL, and Oracle), it's essential to focus on analyzing the source databases for compatibility and migrating the actual data. Here's a breakdown of the best options: Key Requirements: 1. Analyze source databases for compatibility issues and necessary changes. 2. Migrate data and schemas with minimal downtime. 3. Handle stored procedures and custom schemas correctly. --- Option A: Use Migration Evaluator Quick Insights to analyze the source databases and to identify the stored procedures that need to be migrated. - Migration Evaluator is a tool focused on assessing and planning cloud migrations for workloads. It helps evaluate existing infrastructure and provides cost analysis but does not specifically analyze database schemas or stored procedures. - While it can provide insights into costs, it doesn't offer detailed analysis of database-specific components like stored procedures or schemas. Why it's rejected: This tool is more suitable for overall infrastructure migration and cost analysis, not for analyzing and migrating databases, schemas, and stored procedures. --- Option B: Use AWS Application Migration Service to analyze the source databases and to identify the stored procedures that need to be migrated. - AWS Application Migration Service is typically used for migrating entire applications (including servers and OS) and works well with lift-and-shift scenarios. It is not specialized for database schema analysis or migration tasks. - This service doesn’t focus on analyzing and migrating database schemas or custom components like stored procedures. Why it's rejected: This service is geared toward application migration, not database-specific tasks like migrating schemas or stored procedures. --- Option C: Use the AWS Schema Conversion Tool (AWS SCT) to analyze the source databases for changes that ...

Author: Liam · Last updated May 13, 2026

A company is migrating its blog platform to AWS. The company's on-premises servers connect to AWS through an AWS Site-to-Site VPN connection. The blog content is updated several times a day by multiple authors and is served from a file share on a network-attached storage (NAS) server. The company needs to migrate the blog platform without delaying the content updates. The company has deployed Amazon EC2 instances across multiple Availability Zones to run the blog platform behind an Appli...

To meet the company's requirements for migrating the blog platform and moving 200 TB of archival data, let's evaluate each option in terms of both the content updates and the data migration needs. Key Requirements: 1. Non-delayed content updates for the blog platform. 2. Migration of 200 TB of archival data from on-premises servers to Amazon S3 as quickly as possible. 3. The blog content is served from a file share (currently a NAS server) and needs to be migrated to AWS while ensuring continuous content updates. --- Option A: Create a weekly cron job in Amazon EventBridge. Use the cron job to invoke an AWS Lambda function to update the EC2 instances from the NAS server. - AWS Lambda is a serverless compute service. However, Lambda has limitations on execution time (maximum of 15 minutes per invocation) and is not ideal for tasks requiring ongoing synchronization between the NAS and EC2 instances. - Using a cron job in EventBridge would invoke Lambda periodically, but this approach isn’t efficient for continuous, large-scale updates, and it would likely be too slow and cumbersome for real-time content updates. Why it's rejected: AWS Lambda isn't ideal for handling continuous, large file updates, and this approach would create a delay in content updates, which is a critical requirement for this use case. --- Option B: Configure an Amazon Elastic Block Store (Amazon EBS) Multi-Attach volume for the EC2 instances to share for content access. Write code to synchronize the EBS volume with the NAS server weekly. - Amazon EBS Multi-Attach allows multiple EC2 instances to attach to a single EBS volume. However, EBS volumes are designed for block storage and are not ideal for file-based workloads like the blog content being shared. - Writing code to synchronize data weekly would introduce delays in content updates, which is against the requirement for frequent updates to the blog content. Why it's rejected: EBS is not suitable for file-sharing workloads like the blog's content. It also introduces delays with the synchronization process, which isn’t ideal for frequent content updates. --- Option C: Mount an Amazon Elastic File System (Amazon EFS) file system to the on-premises servers to act as the NAS server. Copy t...

Author: Liam123 · Last updated May 13, 2026

A company plans to migrate a legacy on-premises application to AWS. The application is a Java web application that runs on Apache Tomcat with a PostgreSQL database. The company does not have access to the source code but can deploy the application Java Archive (JAR) files. The application has...

To meet the company's requirements for migrating a legacy Java web application with minimal operational overhead, let's analyze the available options based on key factors such as ease of deployment, scalability, and minimal operational complexity. Key Requirements: 1. Migrate a legacy Java web application without access to the source code. 2. Increase scalability for end-of-month traffic spikes. 3. Minimize operational overhead during the migration and ongoing operation. --- Option A: Launch Amazon EC2 instances in multiple Availability Zones. Deploy Tomcat and PostgreSQL to all the instances by using Amazon Elastic File System (Amazon EFS) mount points. Use AWS Step Functions to deploy additional EC2 instances to scale for increased traffic. - Amazon EC2 instances would need to be managed manually, and although it provides flexibility, this approach introduces significant operational overhead in terms of scaling, patching, and maintaining the instances. - EFS would help with shared storage for PostgreSQL and Tomcat, but the complexity of manually managing the scaling of EC2 instances using AWS Step Functions for traffic spikes adds extra management overhead. - This solution could become cumbersome to manage due to the need to handle instance scaling and orchestration manually. Why it's rejected: This option requires significant management of EC2 instances and scaling, which increases operational complexity. The company is looking for the least operational overhead, and this approach is not the most efficient. --- Option B: Provision Amazon Elastic Kubernetes Service (Amazon EKS) in an Auto Scaling group across multiple AWS Regions. Deploy Tomcat and PostgreSQL in the container images. Use a Network Load Balancer to scale for increased traffic. - EKS offers scalability, but it requires containerizing the application, which is a complex task that the company cannot perform because they do not have access to the source code. - PostgreSQL would need to be containerized as well, which introduces additional complexity and overhead. Kubernetes itself, while scalable, requires managing clusters, node groups, and monitoring, which increases the operational burden. - Managing auto scaling and cross-region deployment adds another layer of complexity that is unnecessary given the company’s goal of reducing operational overhead. Why it's rejected: This option requires containerization of both th...

Author: Liam · Last updated May 13, 2026

A company is migrating its on-premises IoT platform to AWS. The platform consists of the following components: * A MongoDB cluster as a data store for all collected and processed IoT data. * An application that uses Message Queuing Telemetry Transport (MQTT) to connect to IoT devices every 5 minutes to collect data. * An application that runs jobs periodically to generate reports from the IoT data. The jobs take 120-600 seconds to finish running. * A web application that runs on a web server. End users use the web application to generate reports that are accessible ...

To migrate the company's IoT platform to AWS with minimal operational overhead, it's essential to select solutions that provide scalability, reliability, and ease of management. Here's a detailed evaluation of each option based on the given requirements: Key Requirements: 1. Reduce operational overhead while migrating the platform. 2. Maintain performance in terms of data processing, report generation, and web application accessibility. 3. Efficiently handle IoT data ingestion, storage, and periodic report generation. --- Option A: Create AWS Step Functions state machines with AWS Lambda tasks to prepare the reports and to write the reports to Amazon S3. Configure an Amazon CloudFront distribution that has an S3 origin to serve the reports. - AWS Step Functions would orchestrate the report generation process, delegating tasks to AWS Lambda, which reduces the need for manual management of report preparation. - S3 is a good choice for storing reports, and CloudFront would enable low-latency access to the reports for the public. - This option fits well with the serverless architecture, minimizing operational overhead, as AWS manages the infrastructure for Lambda, Step Functions, and S3. Why it's selected: This approach leverages managed services that abstract away much of the operational complexity while still ensuring performance and scalability for report generation and public access. --- Option B: Create an AWS Lambda function. Program the Lambda function to connect to the IoT devices, process the data, and write the data to the data store. Configure a Lambda layer to temporarily store messages for processing. - AWS Lambda is ideal for short-lived, event-driven tasks, but connecting directly to IoT devices via MQTT every 5 minutes may not be the most efficient approach, especially for handling continuous or high-frequency data streams. Lambda is better suited for processing events rather than managing constant connections. - Lambda layers can store temporary data, but there are potential challenges when handling real-time data collection with the frequency specified (every 5 minutes). Why it's rejected: While Lambda could be useful for processing, it's not the most suitable for connecting directly to IoT devices and continuously receiving data. The frequent connections and data streams are better suited for other services like AWS IoT Core. --- Option C: Configure an Amazon Elastic Kubernetes Service (Amazon EKS) cluster with Amazon EC2 instances to prepare the reports. Create an ingress controller on the EKS cluster to serve the reports. - Amazon EKS involves managing a Kubernetes cluster, which adds compl...

Author: Lucas · Last updated May 13, 2026

A company creates an Amazon API Gateway API and shares the API with an external development team. The API uses AWS Lambda functions and is deployed to a stage that is named Production. The external development team is the sole consumer of the API. The API experiences sudden increases of usage at specific times, leading to concerns about increased costs...

To meet the requirements of limiting cost and usage while minimizing rework on the Lambda functions, the most cost-effective solution involves controlling the API usage through API Gateway and setting limits that directly address the increased traffic concern. Option Analysis: A) Configure the API to send requests to Amazon Simple Queue Service (Amazon SQS) queues instead of directly to the Lambda functions. Update the Lambda functions to consume messages from the queues and to process the requests. Set up the queues to invoke the Lambda functions when new messages arrive. - This option introduces additional complexity by requiring a complete rework of the Lambda functions to consume from SQS. It also introduces the overhead of managing SQS queues and may cause delays in processing, which may not be ideal in real-time scenarios. - Cost may increase due to the additional SQS charges and processing overhead. - Not the most cost-effective solution as it involves a significant change in how the Lambda functions work. B) Configure provisioned concurrency for each Lambda function. Use AWS Application Auto Scaling to register the Lambda functions as targets. Set up scaling schedules to increase and decrease capacity to match changes in API usage. - This approach allows for pre-provisioning Lambda capacity, which can be expensive, especially when scaling is not aligned with demand. Provisioned concurrency can incur higher costs, particularly when there are sudden, unpredictable spikes in usage. - This is not a cost-effective solution because it involves paying for reserved capacity even when the demand is low, which does not align well with the goal of limiting costs. C) Create an API Gateway API key and an AWS WAF Regional web ACL. Associate the web ...

Author: Isabella1 · Last updated May 13, 2026

An entertainment company hosts a ticketing service on a fleet of Linux Amazon EC2 instances that are in an Auto Scaling group. The ticketing service uses a pricing file. The pricing file is stored in an Amazon S3 bucket that has S3 Standard storage. A central pricing solution that is hosted by a third party updates the pricing file. The pricing file is updated every 1-15 minutes and has several thousand line items. The pricing file is downloaded to each EC2 instance when t...

Option A: Create an AWS Lambda function to update an Amazon DynamoDB table with new prices each time the pricing file is updated. Update the ticketing service to use DynamoDB to look up pricing. Reasoning: - DynamoDB is a fast, scalable NoSQL database that can efficiently handle frequent price updates. Each time the pricing file is updated, the Lambda function would update the DynamoDB table, ensuring that the pricing data is always up to date. - By using DynamoDB, the ticketing service can directly query the latest pricing information with low latency and minimal overhead. DynamoDB also offers on-demand scalability, which means it can efficiently handle the thousands of line items that need to be updated without requiring manual intervention. - This solution is highly cost-effective because DynamoDB offers pay-per-use pricing and would not incur unnecessary costs for storage or access like other services. Why it’s selected: - This solution minimizes complexity by centralizing the pricing data in a database that the EC2 instances can query at any time. The pricing information is always up to date, reducing the risk of using outdated data. Why it’s rejected: - Cost-effectiveness: DynamoDB provides a more cost-efficient and scalable solution compared to alternatives like EFS or EBS, especially when considering the frequency of updates and the need to scale automatically. - This option offers the best balance between scalability, performance, and simplicity. Option B: Create an AWS Lambda function to update an Amazon Elastic File System (Amazon EFS) file share with the pricing file each time the file is updated. Update the ticketing service to use Amazon EFS to access the pricing file. Reasoning: - Amazon EFS is a managed network file system that allows multiple EC2 instances to access a shared file system. While this can provide centralized access to the pricing file, EFS is a file-based storage solution, not optimized for frequent updates or quick lookups of structured data like pricing. - The ticketing service would need to read the file each time it needs to retrieve pricing data, which could introduce delays and higher I/O costs due to the nature of file systems and frequent updates. - EFS costs can increase based on storage and throughput, especially when used with frequent updates, making it more expensive than a more efficient solution like DynamoDB. Why it’s rejected: - EFS is not as well-suited for frequent updates and queries for specific data (like pricing), and the performance may not be as optimal as using a database solution. - The overall solution would also be more complex and potentially more expensive due to the overhead of managing the file system and file access patterns....

Author: Julian · Last updated May 13, 2026

A company has an application that uses Amazon EC2 instances in an Auto Scaling group. The quality assurance (QA) department needs to launch a large number of short-lived environments to test the application. The application environments are currently launched by the manager of the department using an AWS CloudFormation template. To launch the stack, the manager uses a role with permission to use CloudFormation, EC2, and Auto ...

In this scenario, the company wants to allow testers in the QA department to launch their own short-lived environments without granting them broad permissions. The solution must enable testers to launch environments using a CloudFormation template, but restrict their permissions to only what is necessary for the specific template and the resources it creates. Option A: Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to assume the manager’s role and add a policy that restricts the permissions to the template and the resources it creates. Train users to launch the template from the CloudFormation console. - Pros: - Users can launch the CloudFormation template without being granted broad permissions. - The manager’s role can be restricted to allow only specific actions on the resources created by the template. - Cons: - Allowing users to assume the manager’s role introduces some risk, as it could potentially allow them to perform unintended actions. - Managing the permissions could become complicated if the role and policies need to be tightly scoped to each specific resource created by CloudFormation. - Additional training is required to ensure users launch the template correctly from the CloudFormation console. Best Fit: This option can work but introduces complexity in managing permissions and training. The risk associated with allowing users to assume the manager's role makes it a less secure and maintainable solution. Option B: Create an AWS Service Catalog product from the environment template. Add a launch constraint to the product with the existing role. Give users in the QA department permission to use AWS Service Catalog APIs only. Train users to launch the template from the AWS Service Catalog console. - Pros: - AWS Service Catalog allows fine-grained control over what users can launch, and permissions can be restricted to only the specific CloudFormation templates users are allowed to use. - By using the launch constraint with the existing role, you can limit what actions the users can perform while they use the Service Catalog product. - The solution centralizes the process, and users don’t need to worry about managing the CloudFormation template directly. - Cons: - It introduces the need to set up and maintain AWS Service Catalog, which may require more overhead and additional resources. - Users must be trained on how to use the Service Catalog console. Best Fit: This option is well-suited to the scenario because it enables the company to provide a controlled way for testers to launch CloudFormation stacks while ensuring proper permissions. However, setting up AWS Service Catalog adds some complexity and may not be necessary if the goal is simply to allow users to launch CloudFormation templates. Option C: Upload the AWS CloudFormation template to Amazon S3. Give users in the QA dep...

Author: Zara · Last updated May 13, 2026

A company is using a single AWS Region for its ecommerce website. The website includes a web application that runs on several Amazon EC2 instances behind an Application Load Balancer (ALB). The website also includes an Amazon DynamoDB table. A custom domain name in Amazon Route 53 is linked to the ALB. The company created an SSL/TLS certificate in AWS Certificate Manager (ACM) and attached the certificate to the ALB. The company is not using a content delivery network as part of its design. The company wants to replicate its entire application stack in a second Region to provide disaster recovery, plan for future growth...

To meet the company's goals of disaster recovery, planning for future growth, and improving access time to users, we need a solution that allows for easy replication of the application stack in a second Region while minimizing administrative overhead. Here’s a breakdown of each option and which ones are best suited for this scenario: A) Create an AWS CloudFormation template for the current infrastructure design. Use parameters for important system values, including Region. Use the CloudFormation template to create the new infrastructure in the second Region. - Pros: - CloudFormation allows for automation and repeatable deployments, which is essential for minimizing administrative overhead and ensuring consistency between regions. - Parameters allow for flexibility (e.g., specifying Region) when deploying the stack in the second Region. - Cons: - Requires some upfront work to create the CloudFormation template, but this is a good investment for disaster recovery and future scalability. Best Fit: This is the best option to replicate the infrastructure across regions, as it ensures that the setup is consistent and scalable. It minimizes manual intervention and allows easy updates in the future. B) Use the AWS Management Console to document the existing infrastructure design in the first Region and to create the new infrastructure in the second Region. - Pros: - This option may seem like an easy path, but it relies on manual steps for replication, which introduces potential for inconsistency, error, and higher administrative overhead. - Cons: - This method doesn't scale well and is prone to human error. It also increases the potential for configuration drift, which can make future updates and management difficult. Best Fit: This is not an ideal approach because it involves a manual process that introduces inconsistency and additional overhead. C) Update the Route 53 hosted zone record for the application to use weighted routing. Send 50% of the traffic to the ALB in each Region. - Pros: - Weighted routing can distribute traffic evenly or in specific proportions across multiple regions. This can be useful for distributing traffic as part of the disaster recovery setup. - Cons: - Weighted routing is not ideal for disaster recovery because it doesn’t account for latency or failover. Traffic may be sent to regions even if they are experiencing issues, which could degrade the user experience. Best Fit: This option isn't ideal for disaster recovery since it doesn’t consider latency or automatically handle failover. Latency-based routing is a better option. D) Update the Route 53 hosted zone record for the application to use latency-based routing. Send traffic to the AL...

Author: Lucas Carter · Last updated May 13, 2026

A company wants to create a single Amazon S3 bucket for its data scientists to store work-related documents. The company uses AWS IAM Identity Center to authenticate all users. A group for the data scientists was created. The company wants to give the data scientists access to only their own work. The company also wants to c...

To meet the requirements of restricting data scientists to access only their own documents in an S3 bucket, while also generating monthly reports of accessed documents, we need to focus on fine-grained access control for the S3 bucket and logging document access efficiently. Step-by-Step Breakdown of Options: Option A: Create a custom IAM Identity Center permission set to grant the data scientists access to an S3 bucket prefix that matches their username tag. Use a policy to limit access to paths with the ${aws:PrincipalTag/userName}/ condition. - Pros: - This is a robust method to ensure that each data scientist can only access their own documents. The policy restricts access to the S3 paths that match the user's identity by using IAM Principal Tags. This ensures that data scientists can only access folders or files corresponding to their usernames. - Fine-grained access control is possible using conditions in IAM policies based on tags, making it very specific and secure. - Cons: - Requires tagging each user appropriately with their username and maintaining these tags to ensure they match the intended access path. - IAM Identity Center integration is necessary, which might require extra setup, but this is standard in AWS environments that leverage IAM Identity Center. Best Fit: This option is perfect because it ensures that each data scientist only has access to their respective documents, addressing the first requirement. Option B: Create an IAM Identity Center role for the data scientists group that has Amazon S3 read access and write access. Add an S3 bucket policy that allows access to the IAM Identity Center role. - Pros: - This approach sets up the basic access control for the group as a whole, ensuring that the data scientists group can access the S3 bucket. - Cons: - This does not provide fine-grained access to restrict users to their own data. The data scientists group as a whole would have access to all documents in the bucket, violating the requirement of restricting access to only individual users' documents. - A group-wide access policy is not the most secure or ideal solution in this scenario. Best Fit: While this approach provides general access to the S3 bucket, it does not meet the requirement for restricting each user to their own documents. This option does not satisfy the access control requirement. Option C: Configure AWS CloudTrail to log S3 data events and deliver the logs to an S3 bucket. Use Amazon Athena to run queries on the CloudTrail logs in Amazon S3 and generate reports. - Pros: - AWS CloudTrail can log detailed events about S3 object access, such as who accessed a document and when. By storing these logs in an S3 bucket, you can u...

Author: Joseph · Last updated May 13, 2026

A company hosts a data-processing application on Amazon EC2 instances. The application polls an Amazon Elastic File System (Amazon EFS) file system for newly uploaded files. When a new file is detected, the application extracts data from the file and runs logic to select a Docker container image to process the file. The application starts the appropriate container image and passes the file location as a parameter. The data processing that the container performs can take up to 2 hours. When the processing is complete, the code that ...

Let's analyze each option based on the requirements: Option A: ECS with Fargate Tasks and EventBridge Rule - Description: This option proposes an ECS cluster with Fargate tasks, and using EventBridge to trigger the task when a file is added to EFS. - Analysis: - ECS with Fargate can easily run Docker containers without managing EC2 instances, meeting the requirement of eliminating EC2 instances. - However, EventBridge cannot directly trigger tasks based on EFS events, as EFS doesn’t have native integration with EventBridge for file uploads. EventBridge is better suited to event-driven architectures with services like S3 or SNS. - Therefore, this approach is not directly feasible, as there would need to be another intermediary service to detect the file upload, which complicates the architecture. Option B: ECS with Fargate and EFS Event Notification - Description: This suggests ECS with Fargate tasks, but now using EFS event notifications to trigger a Fargate service when files are added. - Analysis: - EFS event notifications are not a native feature for triggering tasks or services. EFS doesn't have a built-in notification system like S3 does. While you could potentially write a custom monitoring solution to detect changes to the EFS file system, this would involve a lot of overhead. - This option is not feasible because of the absence of direct integration between EFS and ECS services for event-based triggers. Option C: ECS with Fargate, Lambda, and S3 Storage - Description: The solution involves using ECS with Fargate for processing, Lambda for container selection logic, and switching from EFS to S3 for file storage, with S3 event notifications triggering t...

Author: Kai · Last updated May 13, 2026

A media company has a 30-T8 repository of digital news videos. These videos are stored on tape in an on-premises tape library and referenced by a Media Asset Management (MAM) system. The company wants to enrich the metadata for these videos in an automated fashion and put them into a searchable catalog by using a MAM feature. The company must be able to search based on information in the video, such as objects, scenery items, or people's faces. A catalog is available that contains faces of people who have appeared in the videos that include an image of each person. The company would like to migrate these videos to AWS. The company has a high-spee...

Let's break down each option based on the company’s needs and requirements: Key Requirements: - Automated enrichment of metadata for videos. - Searchable catalog with information like faces, objects, and scenery. - MAM solution integration. - Migration of videos to AWS with minimal disruption. - Use of Direct Connect for fast data transfer. - Minimal ongoing management overhead. --- Option A: AWS Storage Gateway (File Gateway), Rekognition, and Lambda - Description: This option involves using a File Gateway to move video files to Amazon S3, where Rekognition processes them and extracts metadata. Lambda is used to manage interactions between Rekognition and the MAM system. - Analysis: - File Gateway provides seamless integration with on-premises file systems. It can directly interface with Amazon S3 and allows the MAM solution to continue functioning with minimal disruption. - Rekognition can process videos for facial recognition, objects, and scenes. - Lambda can be used to automate the process of extracting metadata and sending it to the MAM solution. - Pros: - Minimal disruption: The MAM solution continues to interact with files via the File Gateway. - Managed service: AWS handles much of the scaling and management of storage and Rekognition. - Cons: - The system relies on custom development (Lambda function), which introduces some complexity. - Not as direct a video processing pipeline as some other options. Option B: AWS Storage Gateway (Tape Gateway), Rekognition, and Lambda - Description: This option uses the Tape Gateway to migrate the video data from on-premises tape storage to AWS, with Rekognition used for processing. - Analysis: - Tape Gateway is primarily designed for backup and archival use cases rather than for regular video processing. - While the gateway can handle the tape migration, it is not designed for rapid or direct access to video content, as it is optimized for backups, making it slower for real-time or frequent processing. - Rekognition would still be used for metadata extraction, but the tape gateway isn't ideal for high-speed, real-time video processing, leading to higher overhead in video retrieval and processing. - Cons: Slower than the File Gateway and may introduce additional management overhead due to the nature of tape-based storage. Option C: Kinesis Video Streams, Rekognition, and Lambda ...

Author: Ahmed97 · Last updated May 13, 2026

A company needs to optimize the cost of an AWS environment that contains multiple accounts in an organization in AWS Organizations. The company conducted cost optimization activities 3 years ago and purchased Amazon EC2 Standard Reserved Instances that recently expired. The company needs EC2 instances for 3 more years...

Let's analyze each option based on the company's goals: optimizing costs for AWS services while considering the current and future needs for EC2 instances and the new serverless workload. Key Factors: - Cost savings: The company wants to reduce its EC2 instance and overall compute costs for the next 3 years. - Serverless workload: The company has recently deployed a serverless workload, which should be considered when purchasing any savings plans. - Multiple AWS accounts: The company operates multiple accounts in AWS Organizations, which means the solution needs to consider costs across these accounts. - Reserved Instances: EC2 Standard Reserved Instances previously expired, and the company needs EC2 instances for the next 3 years. --- Option A: Purchase EC2 Standard Reserved Instances and Compute Savings Plan (All Upfront) - Description: Purchase 3-year EC2 Standard Reserved Instances (RIs) with All Upfront payment and a 3-year Compute Savings Plan (SP) with All Upfront payment in the management account. - Analysis: - EC2 RIs: Standard Reserved Instances offer significant cost savings (up to 72%) compared to On-Demand instances. However, they are limited to specific instance types, regions, and operating systems. - Compute Savings Plan: This plan provides flexibility for any compute usage across EC2, Lambda, and Fargate, so it can cover any additional compute costs that arise outside of the EC2 RIs. - All Upfront: Paying All Upfront provides the highest savings, but it requires significant initial capital outlay. - Pros: - Significant savings with RIs and Compute Savings Plans. - The Compute Savings Plan covers additional compute costs for serverless workloads and other instances. - Cons: - The combination of RIs and Savings Plans may create overlapping coverage, especially if compute needs are not predictable. - All Upfront requires a significant initial investment, which may not be ideal for all companies. - EC2 RIs lock the company into specific instance types and regions, reducing flexibility. Option B: Purchase a 1-year Compute Savings Plan (No Upfront) in Each Member Account - Description: Purchase 1-year Compute Savings Plans (No Upfront) in each member account and use the Savings Plans recommendations in the AWS Cost Management console. - Analysis: - 1-Year Compute Savings Plans: These plans provide savings compared to On-Demand pricing, but they have less cost savings than a 3-year commitment. - No Upfront: While this reduces the initial payment, it results in lower savings compared to All Upfront options. - Pros: - Flexibility with No Upfront payment. - Can be deployed across multiple accounts in AWS Organizations. - Cons: - The shorter commitment (1 year) results in less cost savings compared to a 3-year plan. - The Savings Plans recommendations are helpful, but there is still less potential for optimizing long...

Author: Sara · Last updated May 13, 2026

A company operates a static content distribution platform that serves customers globally. The customers consume content from their own AWS accounts. The company serves its content from an Amazon S3 bucket. The company uploads the content from its on-premises environment to the S3 bucket by using an S3 File Gateway. The company wants to improve the platform's performance and reliability by serving content from the AWS Region that is geographically closest to customers. The company m...

To meet the company's goal of improving performance and reliability by serving content from the closest AWS Region and ensuring minimal latency, while also avoiding public internet exposure, we need to focus on the most efficient and low-latency options that align with these requirements. Let's break down the options based on these factors: Key Requirements: - Serve content from the closest AWS Region to customers for performance. - Minimize latency when routing the on-premises data to Amazon S3. - Avoid public internet exposure in the process. - Minimal operational overhead. --- Option A: Implement S3 Multi-Region Access Points - Description: S3 Multi-Region Access Points enable customers to access content stored in multiple S3 buckets across different AWS Regions through a single global endpoint. AWS will automatically route requests to the closest AWS Region based on the location of the client. - Analysis: - Improves performance: This option automatically routes requests to the S3 bucket in the region closest to the client, ensuring lower latency. - Minimal operational overhead: S3 Multi-Region Access Points abstract away the complexity of managing individual region-specific S3 endpoints and replication. - No public internet exposure: The content is served securely, and AWS handles the routing of traffic. - Ideal use case: This option is highly suited for improving content delivery performance to global customers without managing complex routing or multiple S3 buckets. - Selected for: Simplifying access and improving performance while minimizing latency for customers across the globe. Option B: Use S3 Cross-Region Replication (CRR) to Copy Content to Different Regions - Description: S3 Cross-Region Replication (CRR) automatically replicates objects in an S3 bucket to another S3 bucket in a different AWS Region. - Analysis: - Improves availability and performance by having content replicated in multiple regions. - However, it does not offer direct, automatic routing of requests to the closest S3 bucket based on client location. Instead, it merely copies data to other regions. - Operational overhead: Requires managing multiple S3 buckets, replication rules, and possibly additional services to route traffic. - Not optimal: While CRR helps with replication, it doesn't optimize request routing or provide minimal latency routing. - Rejection reason: Although CRR can be useful for redundancy, it doesn't fully meet the performance and routing needs of the company. Option C: Create an AWS Lambda Function that Tracks the Routing of Clients to Regions - Description: Implement a custom AWS Lambda function to track and manage the routing of clients to different regions based on their location. - Analysis: - Highly manual: This would require significant custom development, managing Lambda functions to route traffic dynamically, a...

Author: Zain · Last updated May 13, 2026

A company is migrating its data center to the AWS Cloud and needs to complete the migration as quickly as possible. The company has many applications that are running on hundreds of VMware VMs in the data center. Each VM is configured with a shared Windows folder that contains common shared files. The file share is larger than 100 GB in size. The company's compliance team requires a change request to be fled and approved for every software installation and modification to each V...

Option A: Use VM Import/Export to create images of each VM. Use AWS Application Migration Service to manage and view the images. Copy the Windows file share data to an Amazon Elastic File System (Amazon EFS) file system. After migration, remap the file share to the EFS file system. Reasoning: - VM Import/Export allows you to create Amazon Machine Images (AMIs) from your on-premises VMware VMs. These can then be used to quickly launch EC2 instances on AWS, reducing migration time. - AWS Application Migration Service can then be used to track and manage the migration process. - Amazon EFS provides a scalable, cloud-native file system that works well for shared file storage. However, since the company's compliance team needs to approve changes to the VMs, transitioning from a local file share to EFS may still involve significant manual work in remapping file paths, and EFS is generally better for Linux workloads, not Windows. - EFS does not support the full set of Windows file system features (like NTFS), which could create issues for Windows-based applications that rely on specific Windows file system features. Why it's rejected: - EFS is not an ideal fit for Windows workloads due to potential compatibility issues. - While VM Import/Export and Application Migration Service can speed up the VM migration process, the overall workflow with EFS may still require significant manual reconfiguration and does not fully support Windows-specific file-sharing needs. Option B: Deploy the AWS Application Discovery Service agentless appliance to VMware vCenter. Review the portfolio of discovered VMs in AWS Migration Hub. Reasoning: - AWS Application Discovery Service helps in discovering the applications running in the on-premises environment and provides insights into dependencies and performance data. - The Application Discovery Service agentless appliance collects metadata about your virtual machines but does not perform the actual migration. It’s more of a planning and assessment tool. Why it's rejected: - While useful for assessing and planning the migration, this option does not directly address the actual migration of VMs or the file share. It does not help in completing the migration as quickly as possible, nor does it solve the need to transfer and remap the file share data, which is crucial in this scenario. Option C: Deploy the AWS Application Migration Service agentless appliance to VMware vCenter. Copy the Windows file share data to a new Amazon FSx for Windows File Server file system. After migration, remap the file share on each VM to the FSx for Windows File Server file system. Reasoning: - AWS Application Migration Service is a great tool for lifting and shifting VMware VMs to AWS with minimal changes to the VMs. - Amazon FSx for Windows File Server is specifically designed to pr...

Author: Emily · Last updated May 13, 2026

A company has multiple AWS accounts that are in an organization in AWS Organizations. The company needs to store AWS account activity and query the data from a centra...

To meet the company's requirements of storing AWS account activity and querying the data from a central location using SQL, we need to evaluate each of the provided options carefully. The key factors for the decision include: 1. Centralized Data Access: The solution should allow for querying account activity from a central location rather than having to query each individual account separately. 2. SQL Query Capability: The solution must support querying the data using SQL-like capabilities, which means tools that support structured querying (such as SQL queries) are preferred. 3. Scalability: The solution should be scalable across multiple AWS accounts without needing complex manual configuration or management for each account. Let’s evaluate the options: Option A: Create an AWS CloudTrail trail in each account and configure CloudWatch cross-account observability. - Pros: CloudWatch Logs Insights allows for querying data using SQL-like queries. It can be set up for each account with cross-account observability to aggregate data from multiple accounts. - Cons: The setup involves creating a trail in each account and configuring cross-account observability, which can become cumbersome to manage as the number of accounts increases. It's not a fully centralized solution, and the querying may not be as straightforward as using a centralized data store. - Scenario: This could be used if the organization needs granular control over each account's CloudTrail logs and doesn't mind handling the configuration for each account. - Rejection Reason: Although CloudWatch Logs Insights can query data with SQL-like syntax, the complexity of managing CloudTrail trails across multiple accounts and the fact that data is spread across multiple CloudWatch Logs makes it less ideal for a centralized query solution. Option B: Use a delegated administrator account to create an AWS CloudTrail Lake data store for all accounts. - Pros: CloudTrail Lake is designed for centralized log storage and analysis. It supports SQL-like queries, allowing you to easily query data from all accounts in one place. The use of a delegated administrator simplifies the management of the data store for all accounts in the organization. - Cons: None significant in the context of centralized query capabilities. - Sce...

Author: Liam123 · Last updated May 13, 2026

A company is using AWS to develop and manage its production web application. The application includes an Amazon API Gateway HTTP API that invokes an AWS Lambda function. The Lambda function processes and then stores data in a database. The company wants to implement user authorization for the web application in an integrated way. The company alre...

To implement user authorization for a web application integrated with a third-party identity provider (IDP) issuing OAuth tokens, we need to ensure the solution meets the following requirements: 1. Seamless integration with the third-party identity provider: Since the company is already using a third-party identity provider, the solution should work with OAuth tokens from that provider. 2. API Gateway authorization: The solution should involve integrating user authorization in the API Gateway to ensure only authorized users can invoke the Lambda function. 3. Security and token validation: The method must securely validate OAuth tokens and ensure the integrity of the authorization process without additional complexity. Let’s evaluate each option based on these criteria: Option A: Integrate the third-party identity provider with API Gateway using a Lambda authorizer. - Pros: - The solution allows integration with a third-party identity provider via OAuth tokens, which is already in use by the company. - A Lambda authorizer can validate the tokens from the identity provider, ensuring that only authorized users can access the API. - The API Gateway Lambda authorizer allows flexibility, letting you use custom logic to validate and decode the tokens. - It supports seamless token validation using the Authorization header from the web application. - Cons: - The Lambda authorizer requires writing some custom logic to decode and validate the OAuth tokens, which could add some complexity. - The approach may not be as integrated with AWS services compared to using IAM or other managed solutions. - Scenario: This is a good fit when you have a third-party identity provider and want flexible control over token validation, but it requires some custom configuration. Option B: Integrate the third-party identity provider with AWS Directory Service and use it as an API Gateway authorizer. - Pros: Directory Service can authenticate users and provide integration with Active Directory environments, and the SAML 2.0 identity provider could potentially work with the company’s third-party IDP. - Cons: This is more suited for environments where you are using Active Directory and SAML-based authentication. It introduces an unnecessary layer of complexity because AWS Directory Service is typically used in Microsoft Active Directory scenarios. The OAuth tokens from a third-party identity provider are not directly handled here, making this approach unnecessary for the company’s use case. - Scenario: This could be used if the company is already using AWS Directory Service with an AD-based identity management system, but it...

Author: Elizabeth · Last updated May 13, 2026

A company has deployed applications to thousands of Amazon EC2 instances in an AWS account. A security audit discovers that several unencrypted Amazon Elastic Block Store (Amazon EBS) volumes are attached to the EC2 instances. The company's security policy requires the EBS volumes to be encrypted. The company needs to implement an automated solution to encr...

To address the requirement of ensuring that Amazon Elastic Block Store (EBS) volumes are encrypted and preventing the creation of unencrypted EBS volumes, the solution needs to meet the following goals: 1. Automate the encryption of existing unencrypted EBS volumes: The solution should be able to identify unencrypted EBS volumes and automate their encryption. 2. Prevent the creation of unencrypted EBS volumes: There needs to be a mechanism to prevent users from creating new unencrypted volumes. Let’s evaluate the options based on these criteria: Option A: Configure the AWS Config managed rule that identifies unencrypted EBS volumes, configure automatic remediation, and create a KMS key policy to deny the creation of unencrypted EBS volumes. - Pros: - AWS Config can track and identify unencrypted EBS volumes automatically. - Automatic remediation with an AWS Systems Manager Automation runbook could be used to create a new encrypted volume. - KMS Key Policy: The key policy can deny the creation of unencrypted EBS volumes by using the `kms:Encrypt` action, ensuring all volumes are encrypted using KMS. - Cons: - The use of KMS policies to deny the creation of unencrypted volumes may require a careful configuration to ensure that all new volumes are encrypted. This can add complexity compared to the next solution. - The manual nature of associating KMS policies with all relevant roles and users could result in configuration drift or misconfigurations. - Scenario: This is useful when you already have an established encryption strategy with KMS and want to apply more granular control over unencrypted volume creation. Option B: Use AWS Systems Manager Fleet Manager to list unencrypted EBS volumes, create a Systems Manager Automation runbook, and use an SCP to deny the creation of unencrypted EBS volumes. - Pros: - SCP (Service Control Policy) can be used to prevent the creation of unencrypted EBS volumes across an AWS Organization by denying certain actions in the account. - Systems Manager Automation runbook can be used to handle remediation and create encrypted volumes. - Cons: - Fleet Manager provides operational visibility and management of EC2 instances, but it is not directly involved in enforcing encryption policies for EBS volumes. It does not directly help in automating the encryption process. - The solution requires a mix of tools that might complicate the setup for encryption enforcement. - Scenario: This could work in environments where the company has ...

Author: Ava · Last updated May 13, 2026

A company is running a large containerized workload in the AWS Cloud. The workload consists of approximately 100 different services. The company uses Amazon Elastic Container Service (Amazon ECS) to orchestrate the workload. Recently the company's development team started using AWS Fargate instead of Amazon EC2 instances in the ECS cluster. In the past, the workload has come close to running the maximum number of EC2 instances that are available in the account. The company is worried that the workload could reach the maximum number of EC...

To address the requirement of notifying the development team when Fargate reaches 80% of the maximum number of tasks, the solution should focus on monitoring the number of ECS Fargate tasks and sending notifications based on thresholds. Let's break down the options and evaluate them based on these key factors: Key Requirements: 1. Monitoring ECS Fargate tasks: The solution must track the number of running ECS Fargate tasks. 2. Threshold Alerting: The development team must be notified when Fargate tasks reach 80% of the maximum allowed limit. 3. Notification Mechanism: The solution should be able to send notifications, likely using Amazon SNS or another similar service. Option A: Use Amazon CloudWatch to monitor the Sample Count statistic for each service in the ECS cluster. Set an alarm for when the math expression sample count/SERVICE_QUOTA(service)100 is greater than 80. Notify the development team by using Amazon Simple Notification Service (SNS). - Pros: - Amazon CloudWatch can track ECS metrics and set alarms when thresholds are breached. - SNS can be used to notify the development team. - Cons: - Service Quota is not a direct CloudWatch metric for ECS tasks; the "Sample Count" statistic for each service doesn't relate to the number of running tasks or the service quota directly. This would require a more customized approach to track the service quota and match it with the number of tasks running. - Misuse of "Sample Count": This is not directly relevant to monitoring ECS Fargate tasks. CloudWatch metrics for ECS services do not directly include a "Sample Count" for service quotas in this context. - Scenario: While CloudWatch is ideal for monitoring and alarms, this approach would be more complex and potentially inaccurate because the service quota metric doesn't align well with ECS tasks. Option B: Use Amazon CloudWatch to monitor service quotas that are published under the AWS/Usage metric namespace. Set an alarm for when the math expression metric/SERVICE_QUOTA(metric)100 is greater than 80. Notify the development team by using Amazon SNS. - Pros: - Service Quotas are published in the AWS/Usage namespace, which is good for monitoring resource limits across AWS services. - SNS notifications can be set up based on CloudWatch alarms. - Cons: - CloudWatch service quotas are for overall AWS usage limits, not specifically for ECS tasks or Fargate services. The service quotas metric won't directly relate to the number of running ECS Fargate tasks, which means this method might not provide the precise monitoring needed. - ECS Fargate Task Monitoring: This is not the right way to track ECS task...

Author: Zara1234 · Last updated May 13, 2026

A company has several AWS Lambda functions written in Python. The functions are deployed with the .zip package deployment type. The functions use a Lambda layer that contains common libraries and packages in a .zip file. The Lambda .zip packages and Lambda layer .zip file are stored in an Amazon S3 bucket. The company must implement automatic scanning of the Lambda functions and the Lambda layer to identify CVEs. A subset of the Lambda functions must receive automated code scans to detect po...

To address the requirements of automatic scanning of AWS Lambda functions and Lambda layers for CVEs and vulnerabilities, we need to consider actions that ensure both CVE scanning and selective vulnerability scanning for data leaks and other vulnerabilities. Let’s break down the options: Key Requirements: 1. CVE Scanning: The Lambda functions and Lambda layer must be scanned for Common Vulnerabilities and Exposures (CVEs). 2. Selective Scanning: Not all Lambda functions need code scanning, so only a subset of them should receive automated code scans. 3. Use of Amazon Inspector: The solution should involve Amazon Inspector for vulnerability scanning. Option Analysis: Option A: Activate Amazon Inspector. Start automated CVE scans. - Pros: - Amazon Inspector is a service designed to automatically scan for vulnerabilities in your AWS resources, including Lambda functions and containers. - CVE scanning is a core feature of Amazon Inspector, and it automatically scans for known vulnerabilities in the deployed code. - Cons: - This option alone doesn't address the requirement to perform code scans selectively on only certain Lambda functions. It needs further configuration to filter which Lambda functions are scanned. - Scenario: This is a valid step, but it requires additional configuration to selectively scan certain functions. Option B: Activate Lambda standard scanning and Lambda code scanning in Amazon Inspector. - Pros: - Amazon Inspector can be configured to perform both standard vulnerability scanning (for CVEs) and code scanning (for data leaks and other vulnerabilities). - This directly addresses both parts of the requirement: CVE scanning for Lambda functions and code scans for potential data leaks. - Cons: - If all Lambda functions are included in the scans, this would not meet the requirement of scanning only a subset of the Lambda functions. - Scenario: This option aligns with the need to scan Lambda functions for vulnerabilities, but further configuration is needed to exclude certain functions from code scans. Option C: Enable Amazon GuardDuty. Enable the Lambda Protection feature in GuardDuty. - Pros: - GuardDuty is a threat detection service that can monitor for unusual activities in your AWS environment, including Lambda functions. - The Lambda Protection feature in GuardDuty can help detect threats and anomalies related to Lambda functions. - Cons: - GuardDuty focuses on detecting threats and unusual activities, not on performing CVE scans or code scans for data leaks. It is not a tool designed specifically for scanning code vulnerabilities (such as CVEs or data leaks). - Scenario: This is useful for general security monitoring but doesn’t directly address CVE scanning or the selective scanning of Lambda code. Option D: Enable scanning in the Monitor settings of the Lambda f...

Author: Kunal · Last updated May 13, 2026

A company is changing the way that it handles patching of Amazon EC2 instances in its application account. The company currently patches instances over the internet by using a NAT gateway in a VPC in the application account. The company has EC2 instances set up as a patch source repository in a dedicated private VPC in a core account. The company wants to use AWS Systems Manager Patch Manager and the patch source repository in the core account to patch the EC2 instances in the application account. The company must prevent all EC2 instances in the application account from accessing the internet. The EC2 instances i...

Let's analyze the options step-by-step to see which one meets the company's requirements. Requirements: - Prevent all EC2 instances in the application account from accessing the internet. - EC2 instances in the application account need to access Amazon S3 (for application data). - EC2 instances need connectivity to Systems Manager (for patching). - EC2 instances need connectivity to the patch source repository in the core account (where patching is managed). The goal is to set up an environment where internet access is blocked for EC2 instances in the application account but allow specific access to necessary services (Amazon S3, Systems Manager, and the patch source repository) using private connections and routing. Option Analysis: A) Create a network ACL that blocks outbound traffic on port 80. Associate the network ACL with all subnets in the application account. In the application account and the core account, deploy one EC2 instance that runs a custom VPN server. Create a VPN tunnel to access the private VPC. Update the route table in the application account. - Why it's not ideal: - Custom VPN tunnel: This solution introduces complexity with the need to deploy EC2 instances to act as VPN servers. This requires manual maintenance and management, which increases operational overhead. - Blocked outbound traffic on port 80: While it blocks internet access, this does not fully prevent outbound access (e.g., for other services like Systems Manager, S3, or the patch source repository). Additional network controls would be needed. - Manual intervention: Deploying EC2 instances as VPN servers and configuring routes manually makes this solution less scalable and more complex compared to alternatives that are fully managed and automated by AWS. B) Create private VIFs for Systems Manager and Amazon S3. Delete the NAT gateway from the VPC in the application account. Create a transit gateway to access the patch source repository EC2 instances in the core account. Update the route table in the core account. - Why it's not ideal: - Private VIFs: Private Virtual Interfaces (VIFs) are typically used for dedicated connections over AWS Direct Connect. This option would require setting up Direct Connect, which is more suitable for high-bandwidth, low-latency connections, often used for on-premises connectivity, not necessarily for systems within the AWS cloud unless the company has specific needs for Direct Connect. - Transit Gateway: While this is a good solution for connecting multiple VPCs, it's not a direct fit for the requirements of usi...

Author: Ryan · Last updated May 13, 2026

A company in the United States (US) has acquired a company in Europe. Both companies use the AWS Cloud. The US company has built a new application with a microservices architecture. The US company is hosting the application across five VPCs in the us-east-2 Region. The application must be able to access resources in one VPC in the eu-west-1 Region. However, the application must not be able to access any other VPCs. The VPCs in both R...

To determine the most cost-effective solution for this scenario, let's analyze each option carefully based on the following criteria: - Cost-effectiveness: Minimizing infrastructure setup and complexity while meeting the requirement. - Traffic routing: Ensuring the application in the US can access only the specific VPC in Europe (eu-west-1), and no other VPCs. - Scalability: How well the solution scales as the application grows or as additional VPCs are added. - Maintenance and complexity: Solutions should minimize manual configuration and be easy to maintain in the long run. Option Analysis: A) Create one transit gateway in eu-west-1. Attach the VPCs in us-east-2 and the VPC in eu-west-1 to the transit gateway. Create the necessary route entries in each VPC so that the traffic is routed through the transit gateway. - Why it's not ideal: - Limited granularity: A single transit gateway will handle traffic between all the VPCs, which could potentially lead to routing all traffic between regions. This does not meet the requirement of isolating the US application VPC from other VPCs in the EU region. - Cost: A transit gateway typically incurs costs based on the number of attachments and data transfer, so using a single gateway in this way might incur more cost and complexity than necessary. - Overkill for isolation: Since only one VPC in the EU needs to be accessed, this is a somewhat excessive solution, especially if more specific routing control is needed. B) Create one transit gateway in each Region. Attach the involved subnets to the regional transit gateway. Create the necessary route entries in the associated route tables for each subnet so that the traffic is routed through the regional transit gateway. Peer the two transit gateways. - Why it's not ideal: - Higher cost: This solution involves creating two separate transit gateways, which means additional costs for each gateway in both regions. Peering between the gateways further increases complexity and cost. - Excessive infrastructure: Having a transit gateway in each region, with peering between them, is over-engineered for the requirement, as it involves unnecessary infrastructure that can be avoided. - Complexity: Managing multiple transit gateways and peering connections can be complicated and ha...

Author: James · Last updated May 13, 2026

A travel company built a web application that uses Amazon Simple Email Service (Amazon SES) to send email notifications to users. The company needs to enable logging to help troubleshoot email delivery issues. The company also needs the ability to do searches that are based on recipient, sub...

Let's break down the options based on the company's requirements: enabling logging to troubleshoot email delivery issues, and having the ability to search logs by recipient, subject, and time sent. Key Requirements: 1. Email delivery logging: The company needs to log email sending details to troubleshoot delivery issues. 2. Searchability: The company wants to search logs based on recipient, subject, and time sent. Now, let's evaluate the options: Option A) Create an Amazon SES configuration set with Amazon Kinesis Data Firehose as the destination. Choose to send logs to an Amazon S3 bucket. - Why this is a good option: - SES configuration set: You can configure SES to send logs such as delivery status, bounce, complaints, etc., through a configuration set. - Firehose to S3: Using Amazon Kinesis Data Firehose allows you to stream SES event logs directly to an S3 bucket. This is useful because S3 provides durable storage and allows for efficient querying later. - Querying with Athena: Once the logs are stored in S3, you can use Amazon Athena to query the logs based on recipient, subject, and time sent, making this solution both effective and scalable. - Why this is a preferred choice: - Full logging with searchability: S3 is an ideal location to store large amounts of log data, and Athena allows for easy querying of structured data within S3. - Cost-effective: Kinesis Firehose integrates with S3, and storing data in S3 and querying it using Athena is typically more cost-effective than storing it in other services like CloudWatch. Option B) Enable AWS CloudTrail logging. Specify an Amazon S3 bucket as the destination for the logs. - Why it's not ideal: - CloudTrail focus: AWS CloudTrail is designed to log AWS API calls and actions taken in the AWS environment (e.g., creating, updating, and deleting resources). While it can track high-level actions like SES service interactions, it will not provide granular email sending logs like delivery status or bounce notifications. - Missing detailed email log data: CloudTrail won’t log email delivery events like recipient, subject, or time sent, which is the core need in this scenario. - Why it's rejected: - CloudTrail does not fulfill the specific logging needs for email delivery status and related event details. Option C) Use Amazon Athena to query the logs in the Amazon S3 bucket for recipient, subject, and time sent. ...

Author: Isabella · Last updated May 13, 2026

A company migrated to AWS and uses AWS Business Support. The company wants to monitor the cost-effectiveness of Amazon EC2 instances across AWS accounts. The EC2 instances have tags for department, business unit, and environment. Development EC2 instances have high cost but low utilization. The company needs to detect and stop any underutilized development EC2 instances. Instances are underutilized if they had 10% or ...

Option A: Configure Amazon CloudWatch dashboards to monitor EC2 instance utilization based on tags for department, business unit, and environment. Create an Amazon EventBridge rule that invokes an AWS Lambda function to stop underutilized development EC2 instances. Reasoning: - Amazon CloudWatch can be used to monitor EC2 instance utilization and set up custom metrics to track CPU utilization and network I/O. - CloudWatch dashboards would provide a visual representation of the instance metrics, but manually monitoring these metrics can become inefficient. - EventBridge can trigger an action based on predefined conditions, such as the low utilization threshold defined (10% CPU utilization and 5 MB network I/O). This would trigger an AWS Lambda function to stop the underutilized instances. - While this approach is technically feasible, it requires continuous monitoring and manual management of the CloudWatch dashboards, which can introduce unnecessary overhead in terms of maintenance. Why it’s rejected: - Setting up CloudWatch dashboards and continuously monitoring them requires more operational effort compared to an automated approach. It would require additional management and alerting mechanisms. Option B: Configure AWS Systems Manager to track EC2 instance utilization and report underutilized instances to Amazon CloudWatch. Filter the CloudWatch data by tags for department, business unit, and environment. Create an Amazon EventBridge rule that invokes an AWS Lambda function to stop underutilized development EC2 instances. Reasoning: - AWS Systems Manager provides monitoring capabilities for EC2 instances and could be configured to track utilization, but it requires configuring detailed reporting to CloudWatch, which could be complex. - EventBridge would trigger the Lambda function based on data from CloudWatch. - While AWS Systems Manager offers centralized management for EC2 instances, it introduces additional overhead because you need to configure the Systems Manager for monitoring, set up CloudWatch, and maintain the filtering rules. Why it’s rejected: - AWS Systems Manager adds complexity, requiring extra setup for monitoring and reporting. It could be overkill when compared to other simpler options that directly leverage CloudWatch and EventBridge. Option C: Create an Amazon EventBridge rule to detect low utilization of EC2 instances reported by AWS Trusted Advisor. Configure the rule to invoke an AWS Lambda function that filters the data by tags for department, business unit, and env...

Author: Siddharth · Last updated May 13, 2026

A company is hosting an application on AWS for a project that will run for the next 3 years. The application consists of 20 Amazon EC2 On-Demand Instances that are registered in a target group for a Network Load Balancer (NLB). The instances are spread across two Availability Zones. The application is stateless and runs 24 hours a day, 7 days a week. The company receives reports from users who are experiencing slow responses from the application. Performance metrics show that the instances are at 10% CPU utilization during normal application use. However, the CPU utiliz...

To address the problem of slow response times caused by high CPU utilization during busy times, we need to select a solution that ensures performance scalability while being cost-effective. Let’s break down the available options to find the best solution based on the following criteria: Key Requirements: - Scalability: The solution needs to scale the application’s capacity dynamically based on load (i.e., handling the increased CPU usage during peak times). - Cost-effectiveness: We need to balance cost with the need for additional compute power. The company needs a solution that minimizes cost while resolving performance issues. - Stability: The solution should ensure consistent performance without risking downtime or bottlenecks. Now, let’s analyze each option. Option A) Create an Auto Scaling group. Attach the Auto Scaling group to the target group of the NLB. Set the minimum capacity to 20 and the desired capacity to 28. Purchase Reserved Instances for 20 instances. - Why it's not ideal: - Overprovisioning: Setting the minimum capacity to 20 and the desired capacity to 28 means the company is committing to maintain 28 instances, even during off-peak times, leading to higher costs than necessary when CPU utilization is low. - Reserved Instances: Purchasing Reserved Instances for 20 instances locks the company into paying for 20 instances at all times, regardless of usage. This could be cost-inefficient given the stateless nature of the application, as usage is not consistent throughout the day. - Why it’s rejected: - Overprovisioning the instances and purchasing Reserved Instances for the entire duration does not match the need to scale dynamically during peak times and avoid paying for excess capacity during off-peak times. Option B) Create a Spot Fleet that has a request type of "request". Set the TotalTargetCapacity parameter to 20. Set the DefaultTargetCapacityType parameter to On-Demand. Specify the NLB when creating the Spot Fleet. - Why it's not ideal: - Spot Fleet with On-Demand Instances: Spot Instances are cheaper than On-Demand, but they can be terminated with little notice, which can create instability during peak demand times. This would be problematic for an application that is running 24/7 and needs stability during busy times. - Not the most cost-effective: Although Spot Instances are cheaper, mixing them with On-Demand instances does not fully leverage cost-effective scaling while ensuring the application has enough capacity at critical times. Additionally, having both Spot and On-Demand instances could result in higher complexity and cost without significantly improving performance. - Why it’s rejected: - Spot Instances are not guaranteed to be available and could be interrupted, which can lead to i...

Author: Lucas Carter · Last updated May 13, 2026

Accompany is building an application to collect and transmit sensor data from a factory. The application will use AWS IoT Core to send data from hundreds of devices to an Amazon S3 data lake. The company must enrich the data before loading the data into Amazon S3. The application will transmit the sensor data every 5 seconds. New sensor data must be available in Amazon S3 less than 30 minutes after t...

To determine the most cost-effective solution that meets the requirements of collecting and transmitting sensor data to Amazon S3 with data enrichment, let's break down the provided options based on the following key factors: 1. Cost Efficiency: Since hundreds of devices are involved and the data is being ingested every 5 seconds, cost is a critical consideration. Solutions involving services that charge per usage, such as Kinesis and Lambda invocations, could become expensive if not carefully optimized. 2. Latency Requirements: The data must be available in Amazon S3 within 30 minutes, so the solution should process and move the data efficiently without introducing unnecessary delays. 3. Data Enrichment: The sensor data must be enriched before being written to Amazon S3, which requires a mechanism for processing the data. Analysis of Each Option: A) AWS IoT Core, Lambda, and S3 - How it works: - AWS IoT Core ingests the sensor data. - An AWS Lambda function enriches the data and writes it to Amazon S3. - AWS IoT rules invoke the Lambda function to process the data. - Pros: - Simple and direct flow, no complex intermediate services. - Scalable and serverless solution with Lambda, automatically adjusting for traffic. - Lambda is billed per invocation and execution time, which could be cost-effective for this use case, assuming data volumes are not excessively high. - Cons: - Lambda has execution time and memory limits. If processing the data is complex and time-consuming, this could become a bottleneck. - May require optimization for handling high-frequency data (every 5 seconds). B) AWS IoT Core, Kinesis Data Firehose, Lambda, and S3 - How it works: - AWS IoT Core ingests the sensor data into Kinesis Data Firehose. - Kinesis Data Firehose buffers the data and invokes a Lambda function for enrichment. - The enriched data is then delivered to Amazon S3. - Pros: - Kinesis Data Firehose handles data buffering and delivery efficiently, with less concern about data loss. - Lambda can enrich the data before final storage in S3. - The buffering interval (900 seconds) allows for aggregation of data and processing in larger batches. - Cons: - This option introduces additional complexity with the need to configure Kinesis Data Firehose. - The buffering interval introduces a delay in the delivery of the data, making it potentially harder to meet t...

Author: Liam · Last updated May 13, 2026

A company is collecting data from a large set of IoT devices. The data is stored in an Amazon S3 data lake. Data scientists perform analytics on Amazon EC2 instances that run in two public subnets in a VPC in a separate AWS account. The data scientists need access to the data lake from the EC2 instances. The EC2 instances already have an assigned role with permissions to access Amazon S3. According to company pol...

To meet the requirements of allowing only authorized networks to access the IoT data stored in Amazon S3 while ensuring that the EC2 instances in a separate VPC have access, the following steps should be considered: Step-by-Step Analysis: A) Create a gateway VPC endpoint for Amazon S3 in the data scientists' VPC. - Explanation: A VPC endpoint for Amazon S3 (specifically a gateway VPC endpoint) enables private connectivity from a VPC to Amazon S3 without the need for an internet gateway, NAT device, VPN, or AWS Direct Connect connection. This approach ensures that traffic between the EC2 instances and Amazon S3 stays within the AWS network, preventing unauthorized public access. - Pros: - Security: Ensures that data access to S3 is done privately, not over the internet. - Complies with company policy: By routing S3 traffic through a private VPC endpoint, it meets the requirement of restricting access to authorized networks. - Cost-effective: Gateway endpoints for S3 are free, which reduces infrastructure costs. - Cons: Requires configuration in the VPC route tables to direct traffic to the VPC endpoint. B) Create an S3 access point in the data scientists' AWS account for the data lake. - Explanation: S3 Access Points provide a way to simplify managing access to S3 buckets, especially for applications that require different permissions or network access. However, creating an access point in the data scientists' AWS account does not directly address the network restrictions, as access points can be used to configure access for specific clients or roles but don't restrict network access in isolation. - Why it's not selected: This option doesn’t directly address the network-level control that is needed according to company policies (i.e., only authorized networks should access the IoT data). It’s more of a permissions tool within an account, rather than controlling access based on network source. C) Update the EC2 instance role. Add a policy with a condition that allows the s3:GetObject action when the value for the s3:DataAccessPointArn condition key is a valid access point ARN. - Explanation: This option allows fine-grained access control by adding a condition to the EC2 instance’s role, restricting the instances to only use a specific S3 Access Point. This could be useful if you need additional control over acc...

Author: Akash · Last updated May 13, 2026

A company wants to migrate its website to AWS. The website uses containers that are deployed in an on-premises, self-managed Kubernetes cluster. All data for the website is stored in an on-premises PostgreSQL database. The company has decided to migrate the on-premises Kubernetes cluster to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The EKS cluster will use EKS managed node groups with a static number of nodes. The company will also migrate the on-premises database to an ...

Let's analyze the provided options to determine the best solution for estimating the total cost of ownership (TCO) before migrating the workload to AWS. A) Request access to Migration Evaluator. Run the Migration Evaluator Collector and import the data. Configure a scenario. Export a Quick Insights report from Migration Evaluator. - Explanation: Migration Evaluator is a tool designed to help organizations estimate the cost of migrating workloads to AWS. It collects data from your on-premises environment, analyzes it, and generates a TCO report, which includes both the current on-premises infrastructure and the projected cost of running the workloads on AWS (e.g., EKS, RDS). The report will also provide recommendations based on AWS services. - Pros: - Specifically designed for TCO estimation: It is tailored to help companies understand the financial impact of migration, including both infrastructure and operational costs. - Comprehensive insight: It provides a detailed and accurate estimation based on your specific infrastructure, including both containerized workloads and databases. - Why it's selected: This solution is the most straightforward and suitable for TCO estimation, as it’s specifically designed for migration planning and TCO calculations. It will provide the information the company needs for both the Kubernetes migration and the database migration to Amazon RDS. B) Launch AWS Database Migration Service (AWS DMS) for the on-premises database. Generate an assessment report. Create an estimate in AWS Pricing Calculator for the costs of the EKS migration. - Explanation: AWS DMS is primarily used to migrate databases from on-premises to AWS. While it is a useful tool for moving data, it doesn't provide TCO insights or calculations for the entire migration. AWS Pricing Calculator can estimate the cost of EKS migration but doesn’t integrate with DMS for a comprehensive migration cost estimate. - Why it's rejected: This solution only addresses the database migration part (via DMS) and does not offer a complete TCO calculation for the entire workload (which includes EKS and database components). It requires manual cost calculation for EKS, and DMS is more...

Author: Ava · Last updated May 13, 2026

An events company runs a ticketing platform on AWS. The company's customers configure and schedule their events on the platform. The events result in large increases of traffic to the platform. The company knows the date and time of each customer's events. The company runs the platform on an Amazon Elastic Container Service (Amazon ECS) cluster. The ECS cluster consists of Amazon EC2 On-Demand Instances that are in an Auto Scaling group. The Auto Scaling group uses a predictive scaling policy. The ECS cluster makes frequent requests to an Amazon S3 bucket to download ticket assets. The ECS cluster and the S3 bucket are in the same AWS Region a...

To optimize the cost of the platform without decreasing availability, the solution needs to address both the cost of data transfer and the infrastructure scaling for peak event times. Let's analyze each option: A) Create a gateway VPC endpoint for the S3 bucket. - Why selected: - A VPC endpoint for S3 ensures that the data transfer between the ECS cluster and the S3 bucket remains within the AWS network, avoiding the cost of data transfer through a NAT gateway. - This would significantly reduce data transfer costs between ECS and S3, as traffic between the two would no longer need to go through the public internet, which incurs extra cost. - Since the ECS cluster and S3 bucket are in the same region and account, this solution is cost-effective and improves performance. - Why others are rejected: - NAT gateways are costly because they incur charges for both data processing and data transfer. By eliminating the need for the NAT gateway, this solution reduces costs effectively. B) Add another ECS capacity provider that uses an Auto Scaling group of Spot Instances. Configure the new capacity provider strategy to have the same weight as the existing capacity provider strategy. - Why selected: - Spot Instances can provide a significant cost reduction (up to 90% savings) compared to On-Demand instances, especially during predictable traffic spikes. - The existing ECS Auto Scaling group already uses On-Demand instances, but adding a capacity provider with Spot Instances allows the ECS cluster to scale more cost-effectively during peak event times without compromising availability. - The weight configuration allows the platform to decide how much of the scaling load should be handled by Spot Instances, making this a flexible and cost-effective scaling strategy. - Why others are rejected: - Spot Instances could be interrupted, but by adjusting the capacity provider strategy,...

Author: Isabella · Last updated May 13, 2026

An ML engineer is developing a classification model. The ML engineer needs to use custom libraries in processing jobs, training jobs, and pipelines in Amazon SageMaker. Which s...

Correct answer: B — Build a custom Docker container and use it across SageMaker jobs and pipelines --- Key requirement The ML engineer must: Use custom libraries Across processing jobs, training jobs, and SageMaker pipelines With the least implementation effort In a scalable, repeatable, and supported way on AWS --- ✅ Why Option B is the best choice Option B: Build a custom Docker container, push it to Amazon ECR, and use it in SageMaker jobs and pipelines. Key factors supporting this choice 1. Single implementation, reusable everywhere One container image can be used consistently for: Processing jobs Training jobs Pipeline steps No repeated setup or installation logic per job 2. Native SageMaker support SageMaker is designed to work with custom containers Works seamlessly with: `Estimator` `Processor` `Pipeline` steps Fully supported and recommended by AWS 3. Reproducibility and consistency Libraries and versions are baked into the image Eliminates “it works on one job but not another” issues 4. Lowest long-term effort Initial container build is a one-time task No runtime installs, no bootstrap scripts, no manual intervention 5. Production-ready Best practice for enterprise ML workloads Easier CI/CD, versioning, and rollback via ECR image tags --- ...

Author: Zara1234 · Last updated May 7, 2026

An ML engineer is deploying a trained model to an Amazon SageMaker endpoint. The ML engineer needs to receive alerts when data quality issues occ...

The requirement is to receive alerts when data quality issues occur in production for a deployed SageMaker endpoint. That means the solution must (1) continuously monitor live inference data and (2) detect data quality problems such as schema violations, missing values, or feature distribution drift, and (3) trigger alerts. Let’s evaluate each option against those key factors. --- Option A Configure an Amazon CloudWatch metric alarm and a corresponding action to send an Amazon SNS notification. Why it’s rejected CloudWatch alarms do not natively detect data quality issues. This option only defines alerting, not monitoring. You would still need a service that produces data-quality metrics. Without Model Monitor or another data analysis job, there are no data quality metrics to alarm on. When this option is useful Monitoring infrastructure-level metrics (CPU, memory, latency, error rates). Alerting on custom metrics that already exist. ❌ Not sufficient by itself for data quality monitoring. --- Option B Integrate the SageMaker endpoint with a SageMaker Clarify processing job. Configure a CloudWatch alarm to provide alerts. Why it’s rejected SageMaker Clarify is designed for: Bias detection Feature attribution (SHAP values) Explainability It is not intended for continuous data quality monitoring of production traffic. Clarify jobs are typically run offline or periodically, not as real-time endpoint monitors. When this option is useful Auditing model bias or explainability during training or post-deployment analysis. Compliance and fairness assessments. ❌...

Author: Mia · Last updated May 7, 2026

A company needs to use Amazon SageMaker to train a model on more than 300 GB of data. The training data is composed of files that are 200 MB in size. The data is stored in Amazon S3 Standard storage and feeds a dashboard tool. ...

Most cost-effective SageMaker training ingestion mechanism The goal is to train a SageMaker model on >300 GB of data made up of ~200 MB files, already stored in Amazon S3 Standard, and that same data continues to feed a dashboard tool. Cost efficiency is the primary decision factor. --- Key factors to consider 1. Data location Data already resides in Amazon S3 Standard. No requirement stated to move or duplicate the dataset. 2. File size and access pattern Files are relatively large (200 MB), not millions of tiny files. Typical training workloads can stream data efficiently. 3. Cost sensitivity Extra storage layers (EFS, FSx, S3 Express One Zone) introduce additional ongoing costs. The dashboard already depends on the existing S3 data. 4. SageMaker capabilities Fast File mode allows SageMaker to stream data directly from S3 without copying it to attached storage, minimizing both startup time and storage cost. --- Option-by-option analysis A) Amazon Elastic File System (Amazon EFS) file system — Rejected Why not: Adds persistent file system costs (storage + throughput). Requires copying data from S3 to EFS. Not needed for large, sequential training reads. When EFS is appropriate: Multiple training jobs or applications need shared, low-latency access to the same files. Workloads require POSIX file system semantics across services. --- ...

Author: Isabella · Last updated May 7, 2026

A company has an ML model that is deployed to an Amazon SageMaker endpoint for real-time inference. The company needs to deploy a new model. The company must compare the new model's performance to the currently deployed model's performance before shifting ...

The requirement is to compare the performance of a new ML model against the currently deployed model before shifting all traffic, with the least operational effort, using Amazon SageMaker real-time inference. Let’s evaluate each option using key factors: Operational effort Native SageMaker support Traffic routing complexity Monitoring and evaluation suitability --- ✅ Correct Choice: Option C C) Deploy the new model as a shadow variant on the same endpoint as the current model. Route a portion of live traffic to the shadow model for evaluation. Why this option is selected This is the best and lowest-effort solution because: Key advantages Native SageMaker capability: SageMaker endpoints support multiple production variants, including shadow variants. No client-side changes required: Traffic routing is handled entirely by SageMaker. Same live traffic: The shadow model receives real production requests without affecting responses returned to users. Easy performance comparison: You can compare latency, errors, and prediction quality using CloudWatch metrics and logs. Safe evaluation: Shadow traffic does not impact end-user predictions. Minimal operational overhead: No additional infrastructure or custom routing logic is needed. When this option is ideal Real-time inference Need to evaluate a model under real traffic Want a safe, built-in, AWS-managed approach Want to minimize operational complexity --- ❌ Why the Other Options Are Rejected A) Deploy the new model to a separate endpoint. Manually split traffic between the two endpoints. Why it’s rejected...

Author: Mia · Last updated May 7, 2026

A company runs an ML model on Amazon SageMaker. The company uses an automatic process that makes API calls to create training jobs for the model. The company has new compliance rules that prohibit the collection of aggregated metadata from ...

Correct answer: A) Opt out of metadata tracking for any training job that is submitted. Why option A is correct Amazon SageMaker automatically collects aggregated metadata from training jobs (for example, job configuration, parameters, resource usage, and lineage) to support features like SageMaker Experiments, lineage tracking, and managed ML operations. AWS provides a built-in opt-out mechanism that allows customers to disable metadata collection for training jobs at submission time (or at the account level, depending on configuration). This directly addresses the compliance requirement: ✔ Prevents SageMaker from collecting aggregated metadata ✔ Works with automated API-based job creation ✔ Is explicitly designed for compliance and data governance scenarios This is the only option that directly controls SageMaker metadata collection behavior. --- Why the other options are incorrect B) Ensure that training jobs are running in a private subnet in a custom VPC Running training jobs in a VPC controls network access, not service-level telemetry. SageMaker still collects metadata internally, even when jobs run in private subnets. ❌ Does not prevent metadata collection ✔ Useful for network isolation and data exfiltration prevention, not compliance metadata controls W...

Author: Lucas · Last updated May 7, 2026

A company is exploring generative AI and wants to add a new product feature. An ML engineer is making API calls from existing Amazon EC2 instances to Amazon Bedrock. The EC2 instances are in a private subnet and must remain private during the implementation. The EC2 instances have an assigned security group that allows access to al...

Correct approach: Use AWS PrivateLink with an interface VPC endpoint (Option B). Let’s break this down using the key constraints and then evaluate each option. --- Key factors from the scenario 1. EC2 instances are in a private subnet They must remain private (no internet gateway, no public IPs). 2. EC2 instances need to call Amazon Bedrock APIs Amazon Bedrock is a managed AWS service accessed via AWS APIs. 3. Security group already allows traffic within the private subnet That does not automatically allow access to AWS managed services. 4. Best practice requirement Secure, private connectivity without exposing resources to the public internet. --- Option-by-option evaluation ❌ Option A: Modify the security group to allow inbound and outbound traffic to and from Amazon Bedrock Why it’s rejected: Security groups control traffic between network interfaces, not connectivity to AWS managed services by name. Amazon Bedrock does not have fixed IP ranges you can safely allow in a security group. Even with permissive outbound rules, the EC2 instances would still need: Internet access (via NAT Gateway), or A private endpoint When this option could work: Only if the service had fixed IPs and the EC2 instances had internet/NAT access — which violates the “must remain private” requirement. --- ✅ Option B: Use AWS PrivateLink to access Amazon Bedrock through an interface VPC endpoint Why this is the correct choice: AWS PrivateLink creates an interface VPC endpoint inside your VPC...

Author: Victoria · Last updated May 7, 2026

HOTSPOT - An ecommerce company is using Amazon SageMaker Clarify Foundation Model Evaluations (FMEval) to evaluate ML models. Select the correct model evaluation task from the following list for each ecommerce use case. Each model evaluation task should be sel...

Author: Siddharth · Last updated May 7, 2026

A company wants to launch a new internal generative AI interface to answer user questions. The interface will be based on a popular open source large language model (LLM). Which combination o...

Correct choices for least operational overhead (AWS): A and E Below is the reasoning, including why each selected option fits the requirement and why the others are rejected, with key operational factors considered. --- Key requirement Least operational overhead Internal generative AI Q&A interface Based on a popular open-source LLM Running on AWS Operational overhead mainly includes: Infrastructure provisioning and scaling Model deployment and updates Ongoing maintenance Amount of custom code required --- ✅ Option A: Use Amazon SageMaker JumpStart to deploy the LLM Why this is selected Fully managed model deployment: JumpStart provides prebuilt, optimized deployments of popular open-source LLMs (e.g., LLaMA, Falcon, Mistral). Minimal setup: No need to manage EC2 instances, GPU drivers, containers, or scaling logic. Built-in monitoring and scaling: Automatically handles endpoints, updates, and security integration. Fastest path to production: Ideal for internal tools where speed and simplicity matter. Key factors Lowest infrastructure management Native AWS security (IAM, VPC) No custom model hosting code When this option is best You want to deploy an LLM quickly You want AWS-managed scaling and patching You don’t want to manage GPUs directly --- ✅ Option E: Use Amazon Lex to create a UI to handle the user interaction Why this is selected Managed conversational interface: Lex is designed specifically for chat-style user interactions. No frontend infrastructure required: Comes with built-in chat UI integrations (web, Slack, Teams, etc.). Serverless and scalable: No servers, APIs, or WebSocket ...

Author: ShadowWolf101 · Last updated May 7, 2026

A company wants to build a real-time analytics application that uses streaming data from social media. An ML engineer must implement a solution that ingests and transforms 5 GB of data each minute. The solution also must load the data into a data st...

Correct solution: D) Use Amazon Kinesis Data Streams → Amazon Managed Service for Apache Flink → Amazon DynamoDB --- Key requirements to evaluate 1. Ingest 5 GB of data per minute (high-throughput, streaming). 2. Real-time analytics (low latency, continuous processing). 3. Transform streaming data. 4. Fast queries on the processed data store. --- Option D — Why it is selected Ingestion: Amazon Kinesis Data Streams Designed specifically for high-throughput, real-time streaming data. Can scale via shards to handle GBs per minute reliably. Provides ordered, durable, low-latency ingestion. Commonly used for social media, clickstreams, logs, and IoT data. Transformation: Amazon Managed Service for Apache Flink Purpose-built for real-time stream processing. Supports windowing, aggregations, filtering, enrichment, and event-time processing. Handles continuous data streams natively (unlike batch tools). Scales automatically with Kinesis throughput. Storage: Amazon DynamoDB Single-digit millisecond latency for reads and writes. Scales automatically to handle very high request rates. Ideal for real-time dashboards and analytics queries. Works well as a sink for streaming pipelines. Key factors satisfied ✔ Real-time ingestion ✔ High throughput (5 GB/min) ✔ Streaming transformations ✔ Fast, low-latency queries --- Why the other options are rejected --- Option A EventBridge + AWS Glue + ElastiCache (Memcached) Why ...

Author: Liam · Last updated May 7, 2026

A company stores training data as a .csv file in an Amazon S3 bucket. The company must encrypt the data and must control which applications have access to ...

Let's carefully analyze this AWS scenario. --- Scenario Recap Data: `.csv` file in Amazon S3. Requirements: 1. Encrypt the data. 2. Control which applications have access to the encryption key. Key points: Encryption key access must be controllable → AWS Key Management Service (KMS) is ideal for this. The solution should integrate with AWS Encryption CLI or other AWS services that can reference a key. --- Option Analysis A) Create a new SSH access key. Use the AWS Encryption CLI with a reference to the new access key to encrypt the file SSH keys are for secure shell access, not for encrypting data in S3. AWS Encryption CLI does not use SSH keys to encrypt files. ✅ Reject. --- B) Create a new API key by using the Amazon API Gateway CreateApiKey API operation. Use the AWS CLI with a reference to the new API key to encrypt the file API keys are for controlling access to APIs, not for encrypting data. AWS Encryption CLI cannot use API keys to encrypt data. ✅ Reject. --- C) Create a new IAM role. Attach a policy that allows the AWS Key Management Serv...

Author: RadiantJaguar56 · Last updated May 7, 2026

A company needs to perform feature engineering, aggregation, and data preparation. After the features are produced, the company must implement a solution on AWS to proces...

Let's carefully analyze each option for this AWS feature engineering and storage scenario. The key requirements are: 1. Feature engineering, aggregation, and data preparation → we need a service capable of transforming and processing data. 2. Store features efficiently for ML usage → the storage should be optimized for ML workflows. 3. Implement a solution on AWS → end-to-end AWS service integration. --- Option A: “Use Amazon SageMaker Feature Processing to process and ingest the data. Use SageMaker Feature Store to manage and store the features.” Pros / Suitability: SageMaker provides built-in feature processing for ML workflows. SageMaker Feature Store is specifically designed to store, retrieve, and manage ML features efficiently. Supports both online (low-latency) and offline (analytics) storage, which is perfect for aggregation and feature reuse. Scenario: Ideal when you want a fully integrated ML feature pipeline within SageMaker. ✅ Highly suitable. --- Option B: “Use Amazon SageMaker Model Monitor to automatically ingest and transform the data. Create an Amazon S3 bucket to store the features in JSON format.” Problems / Rejection reasoning: Model Monitor is designed to monitor models in production (like drift detection), not for initial feature processing or transformation. Storing features in S3 as JSON is possible, but it lacks ML-specific retrieval optimizations (no low-latency online access, no feature versioning). Scenario: Could only be used for storing raw data or monitoring models, not for feature engineering pipelines. ❌ Not suitable. --- Option C: “Use Amazon Managed Service for Apache Flink to transform the...

Author: Krishna · Last updated May 7, 2026

A company is developing a new online application to gather information from customers. An ML engineer has developed a new ML model that will determine a score for each customer. The model will use the score to determine which product to display to the customer. The ML engineer needs to minimize respons...

Let's carefully analyze this scenario step by step. Scenario: A company wants an online application to gather customer information. An ML model will generate a score per customer to decide which product to display. Critical requirement: Minimize response-time latency. We need to pick the best SageMaker deployment option for this. --- Option A: Batch Transform How it works: Batch Transform runs inference on large batches of data asynchronously. Use case: When you have offline, large-scale processing (e.g., scoring a dataset overnight). Latency: Not designed for low-latency, real-time requests; it can take minutes to hours. Conclusion: Rejected because this is an online, real-time scoring requirement. --- Option B: Real-Time Inference Endpoint How it works: Deploys a model as a persistent endpoint to handle synchronous requests in real-time. Use case: When you need low-latency responses (milliseconds to seconds). Pros: Minimizes response-time latency, suitable for online applications. Cons: Requires provisioning and paying for always-on infrastructure. Conclusion...

Author: William · Last updated May 7, 2026

A company is using Amazon EMR. The company has a large dataset in Amazon S3 that needs to be ingested into Amazon SageMaker Feature Store. The dataset contains historical data and real-time streaming data. The company must ensure that the Feature Store online store is updated with the most recent data as soon as the data becomes avai...

Let's carefully analyze the problem and each option step by step. The key requirements are: Key factors from the scenario: 1. The dataset contains both historical (batch) and real-time streaming data. 2. The Feature Store online store must reflect the most recent data immediately (real-time updates). 3. A complete offline store must exist for batch processing and historical data analysis. 4. Data is initially in Amazon S3 and processing uses Amazon EMR (so Spark processing is viable). Now let's evaluate each option. --- Option A: Use the PutRecord API in Feature Store Runtime to ingest all the data into the online store. The PutRecord API is designed for real-time ingestion into the online store. Pros: Can update online store immediately for streaming data. Cons: It does not handle the offline store. Historical batch data would not be stored for batch analysis. Scenario fit: Only suitable for real-time streaming data, not historical batch ingestion. ✅ Not fully suitable because the offline store requirement is missing. --- Option B: Use the PutRecord API in Feature Store Runtime to ingest all the data into the offline store. The PutRecord API cannot write directly to the offline store; offline store ingestion is usually done via batch ingestion. Even if we tried, the offline store only supports Amazon S3 writes via batch pipelines. S...

Author: Liam123 · Last updated May 7, 2026