Amazon Web Services Updated SOA-C02 Exam Questions and Answers by asa

The issues experienced by users with legacy browsers typically stem from the SSL/TLS ciphers that are supported or enforced by the ALB. Modern security policies may exclude older ciphers that are necessary for compatibility with older browsers. Here’s how to resolve it:

Access the ALB Settings: Go to the AWS Management Console, navigate to the ALB settings, and locate the SSL negotiation configurations.

Modify Security Policy: Update the SSL/TLS security policy on the ALB to include ciphers that are compatible with legacy browsers. AWS provides predefined security policies, and some of these policies are designed to support older ciphers while still maintaining a level of security that complies with general best practices.

Apply Changes: Once the security policy is updated, the ALB will start using this new configuration, which should resolve compatibility issues with legacy browsers without needing to replace the SSL certificate or alter the infrastructure.

This solution maintains the operational efficiency of the setup and avoids the need for additional resources like a second ALB or new certificates.

The most operationally efficient solution to provide email notifications and insert a record into a database when a file is put into an S3 bucket is to use S3 event notifications that target an SNS topic with two subscriptions.

Set Up S3 Event Notification:

Open the S3 console and select the bucket.

Navigate to "Properties" -> "Event notifications" -> "Create event notification."

Configure the event to trigger on s3:ObjectCreated:*.

Create an SNS Topic:

Open the SNS console and create a new topic.

Set up two subscriptions for the SNS topic:

One subscription to send the email notification.

Another subscription to invoke an AWS Lambda function that inserts the record into the database.

Lambda Function for Database Insertion:

Create an AWS Lambda function to handle the database insertion.

Configure the function to trigger from the SNS topic.

References:

Configuring S3 Event Notifications

Amazon SNS Subscriptions

Invoking Lambda with SNS

For member accounts in AWS Organizations to receive notifications about estimated costs exceeding a predetermined amount, billing alerts must be enabled in the management/payer account.

Enable Billing Alerts in the Management Account:

Open the AWS Billing and Cost Management console at AWS Billing Console.

In the navigation pane, choose Billing preferences.

Under Billing preferences, ensure that Receive Billing Alerts is enabled.

Create a Budget and Set Up Notifications:

Open the AWS Budgets console at AWS Budgets Console.

Create a budget and configure it to monitor the estimated costs.

Set up notifications for when the budget thresholds are exceeded and specify the email addresses of the managers in the member accounts.

By enabling billing alerts in the management account, you allow member accounts to receive notifications about their estimated costs.

References:

Setting Up Alerts and Notifications

Creating an AWS Budget

To ensure all EC2 instances upload build artifacts through a single IP address:

A: Move all of the EC2 instances behind a NAT gateway. Provide the IP address of the NAT gateway to the third-party service for the allow list. A NAT gateway enables instances in a private subnet to connect to services outside AWS (such as a third-party service) but prevents the internet from initiating connections with those instances. Using a NAT gateway standardizes all outgoing traffic to use a single IP address. More information on NAT gateways can be found in AWS documentation NAT Gateways.