DOP-C02 Exam Dumps - AWS Certified DevOps Engineer - Professional

The current design colocates the web tier, database, and cache on the same EC2 instances. This causes resource contention and makes it difficult to scale each layer independently. The correct solution is to separate these concerns into independently scalable managed services.

Option D uses an Application Load Balancer (ALB) in front of an Auto Scaling group for the web application. ALB is designed for HTTP/HTTPS traffic, supports path-based and host-based routing, and can spread load evenly across multiple instances and Availability Zones, eliminating the issue where one instance is overloaded.

The database is migrated to Amazon Aurora with Multi-AZ , which provides high availability, automated failover, and managed backups. Aurora offloads database management and ensures consistent performance.

For caching, Option D introduces Amazon ElastiCache for Redis , a managed in-memory cache that is purpose-built for low-latency reads, independent scaling, and high availability through replication and clustering.

Option A and C misuse NLB for HTTP traffic or for Redis exposure and introduce unnecessary complexity. Option B keeps Redis on EC2 (via NLB + ASG in a single AZ), which reduces availability and does not leverage managed caching.

Thus, Option D best separates tiers and improves performance and availability.

AWS CodeDeploy supports deployment of both Lambda functions and ECS services with native integration.

It provides deployment strategies such as canary deployments for Lambda and blue/green deployments for ECS, which minimize downtime and risk.

CodeDeploy automates the deployment process, which reduces manual effort and improves consistency.

AWS Systems Manager Parameter Store is a simple, managed solution for storing configuration data securely and at scale.

Option A uses CloudFormation stack updates with resource replacement, which can cause downtime and is less flexible for minimizing downtime compared to CodeDeploy’s deployment strategies.

Option C adds unnecessary orchestration complexity with Step Functions and cross-region deployments, increasing deployment effort.

Option D’s all-at-once deployments for Lambda and rolling updates for ECS do not minimize downtime as effectively as canary and blue/green strategies. Hence, option B meets the requirement with the least deployment effort and maximizes automation and availability.

Reference from AWS Official Documentation:

Deploying Lambda Functions with CodeDeploy: " AWS CodeDeploy supports canary and linear deployment strategies for AWS Lambda functions to reduce deployment risk. " (CodeDeploy Lambda Deployment)

Deploying ECS Services with CodeDeploy Blue/Green: " CodeDeploy supports blue/green deployments for ECS to minimize downtime during service updates. " (CodeDeploy ECS Blue/Green)

AWS Systems Manager Parameter Store: " Parameter Store provides secure, hierarchical storage for configuration data management. " (Systems Manager Parameter Store)

AWS CloudWatch Events can be used to monitor events across different AWS resources, and a CloudWatch Event Rule can be created to trigger an AWS Lambda function when a deployment issue is detected in the pipeline. The Lambda function can then evaluate the issue and send a notification to the appropriate stakeholders through an Amazon SNS topic. This approach allows for real-time notifications and faster resolution times.

To implement a more reliable deployment solution, a DevOps engineer should take the following actions:

Create a pipeline in AWS CodePipeline that uses the CodeCommit repository as a source provider. Configure pipeline stages that run the CodeBuild project in parallel to build and test the application. In the pipeline, pass the CodeBuild project output artifact to an AWS CodeDeploy action. This action will improve the deployment reliability by automating the entire process from code commit to deployment, reducing human errors and inconsistencies. By running the build and test stages in parallel, the pipeline can also speed up the delivery time and provide faster feedback. By using CodeDeploy as the deployment action, the pipeline can leverage the features of CodeDeploy, such as traffic shifting, health checks, rollback, and deployment configuration123

Create an AWS CodeDeploy application and a deployment group to deploy the packaged code to the EC2 instances. Configure the ALB for the deployment group. This action will improve the deployment reliability by using CodeDeploy to orchestrate the deployment across multiple EC2 instances behind an ALB. CodeDeploy can perform blue/green deployments or in-place deployments with traffic shifting, which can minimize downtime and reduce risks. CodeDeploy can also monitor the health of the instances during and after the deployment, and automatically roll back if any issues are detected. By configuring the ALB for the deployment group, CodeDeploy can register and deregister instances from the load balancer as needed, ensuring that only healthy instances receive traffic45

The other options are not correct because they do not improve the deployment reliability or follow best practices. Creating separate pipeline stages that run a CodeBuild project to build and then test the application is not a good option because it will increase the pipeline execution time and delay the feedback loop. Creating individual Lambda functions that use CodeDeploy instead of Systems Manager to run build, test, and deploy actions is not a valid option because it will add unnecessary complexity and cost to the solution. Lambda functions are not designed for long-running tasks such as building or deploying applications. Creating an Amazon S3 bucket and modifying the CodeBuild project to store the packages in the S3 bucket instead of in CodeArtifact is not a necessary option because it will not affect the deployment reliability. CodeArtifact is a secure, scalable, and cost-effective package management service that can store and share software packages for application development67

1: What is AWS CodePipeline? - AWS CodePipeline

2: Create a pipeline in AWS CodePipeline - AWS CodePipeline

3: Deploy an application with AWS CodeDeploy - AWS CodePipeline

4: What is AWS CodeDeploy? - AWS CodeDeploy

5: Configure an Application Load Balancer for your blue/green deployments - AWS CodeDeploy

6: What is AWS Lambda? - AWS Lambda

7: What is AWS CodeArtifact? - AWS CodeArtifact

ALB supports weighted target groups for traffic splitting between versions without DNS-level changes. By attaching multiple target groups (old & beta) to the same ALB listener rule with weights (90/10), partial traffic testing can occur seamlessly. This is the recommended least-change method per Application Load Balancer advanced request routing documentation.

Use cross-account EventBridge by configuring a rule in the source (automation) account to send events to the target accounts’ default event buses, and grant permissions on the target default event buses to accept events from the source account. This is the standard cross-account event routing model.

ï‚· Create an AWS Identity and Access Management Roles Anywhere trust anchor Create an IAM role that allows CodeArtifact actions and that has a trust relationship on the trust anchor. Update the on-premises CI/CD pipeline to assume the new IAM role and to publish the packages to CodeArtifact:

Roles Anywhere allows on-premises servers to assume IAM roles, making it easier to integrate on-premises environments with AWS services.

Steps:

Create a trust anchor in IAM.

Create an IAM role with permissions for CodeArtifact actions (e.g., publishing packages).

Update the CI/CD pipeline to assume this role using the trust anchor.

ï‚· Create a new Amazon S3 bucket. Generate a presigned URL that allows the PutObject request. Update the on-premises CI/CD pipeline to use the presigned URL to publish the packages from the on-premises location to the S3 bucket. Create an AWS Lambda function that runs when packages are created in the bucket through a put command Configure the Lambda function to publish the packages to CodeArtifact:

Using an S3 bucket as an intermediary, you can easily upload packages from on-premises systems.

Steps:

Create an S3 bucket.

Generate presigned URLs to allow the CI/CD pipeline to upload packages.

Configure an AWS Lambda function to trigger on S3 PUT events and publish the packages to CodeArtifact.

" You can use subscriptions to get access to a real-time feed of log events from CloudWatch Logs and have it delivered to other services such as an Amazon Kinesis stream, an Amazon Kinesis Data Firehose stream, or AWS Lambda for custom processing, analysis, or loading to other systems. When log events are sent to the receiving service, they are Base64 encoded and compressed with the gzip format. " See https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions.html