AWS Certified Associate Changed SOA-C02 Questions

To maintain a documented trail of any changes made to the security groups and receive notifications, AWS Config is the best solution.

AWS Config:

AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

You can set up AWS Config to record changes to your security groups.

Setting Up AWS Config:

Open the AWS Config console and choose "Set up AWS Config."

Select the resource types you want to record (in this case, security groups).

Specify an Amazon S3 bucket to store configuration snapshots and history files.

Notifications:

Create an Amazon SNS topic for notifications about configuration changes.

Subscribe the SysOps administrator's email address to the SNS topic.

References:

AWS Config

Setting Up AWS Config

To allow CloudFormation templates in all accounts within the organization to reference the latest AMI ID:

Parameter Store in Standard Tier: Storing the AMI ID in Systems Manager Parameter Store provides a central and easy-to-update source.

Enable Resource Sharing with Organizations: This allows the parameter to be shared across accounts in the organization.

Resource Share in AWS RAM: AWS Resource Access Manager (RAM) can be used to share the parameter with the entire organization, allowing other accounts to access the AMI ID.

Using the standard tier in Parameter Store is sufficient, and an EventBridge rule with Lambda for updating AMIs would add unnecessary complexity.

To resolve the issue of an AWS Lambda function unable to connect to a database that has been moved to a private subnet, the Lambda function needs to be connected to the same VPC as the database. This is done by configuring the Lambda function with VPC access. This involves specifying the VPC, subnets, and security groups for the Lambda function so that it can communicate with the database using its private endpoint. Option B is correct as it directly addresses the issue without compromising security. AWS documentation on configuring VPC access for Lambda provides guidance on this setup Configuring VPC Access for Lambda.

Increasing the amount of memory for the Lambda function will help to improve the performance of the function. This is because the Lambda function is CPU-intensive and increasing the memory will give it access to more CPU resources and help it run faster. The other options (activating hyperthreading in the CPU launch options for the Lambda function, turning off the AWS managed encryption, and loading the required code into a custom layer) will not help to improve the performance of the Lambda function and are not the correct solutions for this issue.

https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console