SAP-C02 Exam Dumps - AWS Certified Solutions Architect - Professional

The Auto Scaling group can automatically launch and terminate EC2 instances based on the demand and health of the web application. The launch template can specify the configuration of the EC2 instances, such as the AMI, instance type, security group, and user data. The existing ALB can distribute the traffic to the EC2 instances in the Auto Scaling group. The existing EC2 instances can be attached to the Auto Scaling group without deleting them or the ALB. This option minimizes downtime and preserves the current setup of the web application. References: [What is Amazon EC2 Auto Scaling?], [Launch templates] , [Attach a load balancer to your Auto Scaling group], [Attach EC2 instances to your Auto Scaling group]

https://aws.amazon.com/blogs/compute/implementing-canary-deployments-of-aws-lambda-functions-with-alias-traffic-shifting/

https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html

The best solution is to stream the data to an Amazon Kinesis data stream and create an AWS Lambda function to consume the Kinesis data stream and to analyze the data. Amazon Kinesis is a web service that can collect, process, and analyze real-time streaming data from various sources, such as sensors. AWS Lambda is a serverless computing service that can run code in response to events, such as incoming data from a Kinesis data stream. By using AWS Lambda, the company can avoid provisioning or managing servers and scale automatically based on the demand. Amazon Simple Notification Service (Amazon SNS) is a web service that enables applications to send and receive notifications from the cloud. By using Amazon SNS, the company can notify the operations team immediately if any of the parameters fall out of acceptable ranges. This solution meets all the requirements of the company.

Creating the Template:

Start by creating a CloudFormation template that includes all the VPC resources. This template should accurately reflect the current state and configuration of the VPC.

Using the CloudFormation Console:

Open the AWS Management Console and navigate to CloudFormation.

Choose " Create stack " and then select " With existing resources (import resources) " .

Specifying the Template:

Upload the previously created template or specify the Amazon S3 URL where the template is stored.

Identifying the Resources:

On the " Identify resources " page, provide the identifiers for each VPC resource you wish to import. For example, for anAWS::EC2::VPCresource, use the VPC ID as the identifier.

Creating the Stack:

Complete the stack creation process by providing stack details and reviewing the changes. This will create a change set that includes the import operation.

Executing the Change Set:

Execute the change set to import the resources into the CloudFormation stack, making them managed by CloudFormation.

Verification and Drift Detection:

After the import is complete, run drift detection to ensure the actual configuration matches the template configuration.

This approach allows the company to manage their VPC and other resources via CloudFormation without the need to recreate resources, ensuring a smooth transition to automated infrastructure management.

References

Creating a stack from existing resources - AWS CloudFormation​(AWS Documentation)​.

Generating templates for existing resources - AWS CloudFormation​(AWS Documentation)​.

Bringing existing resources into CloudFormation management​(AWS Documentation)​.

https://aws.amazon.com/blogs/architecture/accelerating-your-migration-to-aws/ Build a business case with AWS Migration Evaluator The foundation for a successful migration starts with a defined business objective (for example, growth or new offerings). In order to enable the business drivers, the established business case must then be aligned to a technical capability (increased security and elasticity). AWS Migration Evaluator (formerly known as TSO Logic) can help you meet these objectives. To get started, you can choose to upload exports from third-party tools such as Configuration Management Database (CMDB) or install a collector agent to monitor. You will receive an assessment after data collection, which includes a projected cost estimate and savings of running your on-premises workloads in the AWS Cloud. This estimate will provide a summary of the projected costs to re-host on AWS based on usage patterns. It will show the breakdown of costs by infrastructure and software licenses. With this information, you can make the business case and plan next steps.

Option B is correct because AWS Organizations allows a company to create a new organization from a chosen payer account and define an organizational unit hierarchy. This way, the finance department can have a centralized method for payment but also maintain visibility into each group’s spending to allocate costs. The company can also invite the existing accounts to join the organization and create new accounts using Organizations, which simplifies the account management process.

Option D is correct because enabling all features of AWS Organizations and establishing appropriate service control policies (SCPs) that filter IAM permissions for sub-accounts allows the security team to have a centralized mechanism to control IAM usage in all the company’s accounts. SCPs are policies that specify the maximum permissions for an organization or organizational unit (OU), and they can be used to restrict access to certain services or actions across all accounts in an organization.

Option A is incorrect because using a collection of parameterized AWS CloudFormation templates defining common IAM permissions that are launched into each account requires more effort than using SCPs. Moreover, it does not provide a centralized mechanism to control IAM usage, as each account would have to launch the appropriate stacks to enforce the least privilege model.

Option C is incorrect because requiring each business unit to use its own AWS accounts does not provide a centralized method for payment or a centralized mechanism to control IAM usage. Tagging each AWS account appropriately and enabling Cost Explorer to administer chargebacks may help with cost allocation, but it is not as efficient as using AWS Organizations.

Option E is incorrect because consolidating all of the company’s AWS accounts into a single AWS account does not provide visibility into each group’s spending or a way to control IAM usage for different business units. Using tags for billing purposes and the IAM’s Access Advisor feature to enforce the least privilege model may help with cost optimization and security, but it is not as scalable or flexible as using AWS Organizations.

AWS Organizations

Service Control Policies

AWS CloudFormation

Cost Explorer

IAM Access Advisor

Configuring an S3 Lifecycle policy to expire incomplete multipart uploads after 7 days prevents storage of partially uploaded objects, avoiding unnecessary costs from failed uploads.

Additionally, implementing a lifecycle policy to transition objects to S3 Standard-IA after 180 days ensures older videos that are rarely accessed move to a lower-cost storage class, significantly reducing storage costs.

These measures are aligned with AWS cost optimization best practices for S3 data lifecycle management.