SAA-C03 Exam Dumps - AWS Certified Solutions Architect - Associate (SAA-C03)

EBS Elastic Volumes allow you to dynamically increase storage size, adjust performance, and change volume types without downtime, supporting operational efficiency and scalability for SaaS applications that need to allocate varying storage amounts to customers.

Migrating from EBS to S3 (Option A) is not suitable since S3 is object storage, not block storage, and does not support block-level I/O required by many applications. EFS (Option B) and FSx (Option C) are shared file systems, which might add unnecessary complexity and cost, especially if the application depends on block storage semantics.

Using Lambda to automate Elastic Volumes resizing provides cost efficiency by allocating resources on demand and reduces operational overhead, aligning with AWS operational excellence and cost optimization best practices.

Maintaining two NAT gateways for production ensures high availability. Reducing to one NAT gateway in non-production environments lowers cost while maintaining necessary connectivity. This approach is recommended by AWS for cost optimization in non-critical environments.

Reference Extract:

"For environments that do not require high availability, you can reduce costs by using a single NAT gateway and updating route tables accordingly."

Source: AWS Certified Solutions Architect – Official Study Guide, Cost Optimization and NAT Gateway section.

Option Bis the correct solution because:

AWS Security Token Service (STS)allows the web application to request temporary security credentials that grant access to AWS resources. These temporary credentials are secure and short-lived, reducing the risk of misuse.

Using STS and IAM roles ensures scalability by enabling the application to dynamically assume roles with the required permissions for each AWS service.

Option A:Assigning IAM roles directly to instances is less flexible and would grant the same permissions to all applications on the instance, which is not ideal for a multi-service web application.Option C:AWS IAM Identity Center is used for managing single sign-on (SSO) for workforce users and is not designed for granting programmatic access to web applications.Option D:Storing long-term access keys, even in AWS Systems Manager Parameter Store, is less secure and does not scale well compared to temporary credentials from STS.

AWS Documentation References:

AWS Security Token Service (STS)

IAM Roles for Temporary Credentials

A & B. GuardDuty:Designed for threat detection, not for identifying or classifying sensitive data in S3 buckets.

C. Macie with EventBridge + SNS:Automatically identifies sensitive data, triggers alerts, and uses SNS for immediate notification via email.

D. Macie with EventBridge + SQS:Introduces latency due to periodic polling and adds unnecessary complexity.

The requirements include:

Scalability: The solution must scale as video files are uploaded.

Long-running tasks: Processing tasks can take up to 30 minutes. AWS Lambda has a maximum execution time of 15 minutes, which rules out options that involve Lambda performing all the processing.

Serverless and event-driven architecture: Ensures cost-effectiveness and high availability.

Analysis of Options:

Option A:

AWS Lambda has a 15-minute timeout, which cannot support tasks that take up to 30 minutes.

EventBridge Scheduler is unnecessary for monitoring files when native event notifications are available.Not a valid choice.

Option B:

AWS Step Functions and AWS Fargate can handle long-running processes, but Amazon EFS is not the ideal storage for uploaded video files in a serverless architecture.

Processing tasks triggered by EFS events are not a common pattern and may introduce complexities.Not the best practice.

Option C:

Amazon S3 is used for storing uploaded files, which integrates natively with event-driven services like EventBridge and Step Functions.

Amazon S3 event notifications trigger a Step Functions workflow, which can orchestrate Fargate tasks to process large video files, meeting the scalability and execution time requirements.Correct choice.

Option D:

Similar to Option A, AWS Lambda cannot handle long-running processes due to its 15-minute timeout.

Invoking Lambda for processing directly is not feasible for tasks that take up to 30 minutes.Not a valid choice.

AWS References:

Amazon S3 Event Notifications:AWS Documentation - S3 Event Notifications

AWS Step Functions:AWS Documentation - Step Functions

AWS Fargate:AWS Documentation - Fargate

Comparison of Storage Services:AWS Storage Options

By leveragingAmazon S3,Step Functions, andFargate, this solution provides a scalable, efficient, and serverless approach to handling video processing tasks.

For steady, predictable EC2 usage with potential changes in instance families over time, AWS recommends Savings Plans. Compute Savings Plans “apply to any EC2 instance regardless of region, instance family, operating system, or tenancy,” and also apply to AWS Fargate and AWS Lambda, delivering the most flexibility over a multi-year horizon. A 3-year term provides the highest discount among Savings Plans for long-lived workloads. EC2 Instance Savings Plans are limited to a chosen instance family in a region; as needs evolve (e.g., size or family changes), discounts may not fully apply. Spot Instances are not appropriate for long, interruption-sensitive jobs because Spot capacity can be reclaimed with short notice. Therefore, a Compute Savings Plan (3-year) best matches cost optimization with flexibility for growth and changes.

Amazon RDS for MySQL supports read replicas that offload read-intensive workloads such as reporting, leaving the primary instance free for write operations.

“You can use Amazon RDS read replicas to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.”

— Working with Read Replicas

This is the recommended approach for minimizing performance impact on the primary DB instance.

The best practice for secure access control in AWS is to use IAM roles with least-privilege policies, granting only the permissions necessary to perform required tasks. Assigning roles individually ensures that developers cannot overstep their intended access boundaries.

Sharing credentials or using permanent access keys increases the risk of security breaches. Cognito is primarily intended for managing user access to applications, not AWS infrastructure. Thus, Option B best meets security and access control requirements.