Amazon Web Services Updated SOA-C02 Exam Questions and Answers by michal

To track instance memory utilization and available disk space using Amazon CloudWatch, the SysOps administrator should install and configure the CloudWatch agent on all instances.

Install and Configure the CloudWatch Agent:

The CloudWatch agent can collect both system-level metrics (e.g., memory utilization, disk space) and application-level metrics and logs.

Install the CloudWatch agent on each EC2 instance and configure it to collect the necessary metrics.

Attach an IAM Role:

The EC2 instances need permissions to write logs and metrics to CloudWatch.

Attach an IAM role with the necessary permissions (e.g., CloudWatchAgentServerPolicy) to each EC2 instance.

After increasing the size of an Amazon EBS volume, the operating system must be configured to use the additional space. For a Windows instance, you need to extend the file system using disk management tools.

Open Disk Management:

Connect to your Windows EC2 instance using RDP.

Open the Disk Management tool by right-clicking the Start button and selecting Disk Management.

Extend the Volume:

Locate the EBS volume that was resized.

Right-click on the volume and select Extend Volume.

Follow the Extend Volume Wizard to allocate the newly available space to the file system.

Verify the New Size:

After extending the volume, verify that the file system reflects the increased storage capacity.

References:

Modifying the Size, IOPS, or Throughput of an EBS Volume

Extending a Windows File System After Resizing a Volume

To ensure that EC2 instances in private subnets can access the internet for software updates while complying with the security policy that requires instances to be in private subnets, you should use a NAT gateway. A NAT gateway allows instances in private subnets to initiate outbound traffic to the internet but prevents the internet from initiating connections to those instances.

Steps:

Create a NAT Gateway:

Open the Amazon VPC console.

In the navigation pane, choose "NAT Gateways".

Choose "Create NAT Gateway".

Select the public subnet where you want to create the NAT gateway.

Choose an Elastic IP address for the NAT gateway.

Choose "Create a NAT Gateway".

Update the Route Table for Private Subnets:

Open the Amazon VPC console.

In the navigation pane, choose "Route Tables".

Select the route table associated with your private subnets.

Choose the "Routes" tab and then "Edit routes".

Add a route with the destination 0.0.0.0/0 and the target as the NAT gateway ID.

Save the changes.

This setup ensures that instances in private subnets can access the internet via the NAT gateway in the public subnet.

References:

AWS NAT Gateway Documentation

VPC Route Tables

Understand the Problem:

The requirement is to delete the CloudFormation stack without deleting the DynamoDB table.

Analyze the Requirements:

Ensure the DynamoDB table is preserved when the CloudFormation stack is deleted.

Evaluate the Options:

Option A: Add a Retain deletion policy to the DynamoDB resource.

The Retain policy ensures that the DynamoDB table is not deleted when the stack is deleted.

Option B: Add a Snapshot deletion policy to the DynamoDB resource.

Snapshot policy is not applicable to DynamoDB tables and would not retain the table itself.

Option C: Enable termination protection on the CloudFormation stack.

Prevents stack deletion entirely but does not specifically protect the DynamoDB table.

Option D: Update the IAM policy with a Deny statement for dynamodb:DeleteTable.

Prevents deletion of the table but is not a CloudFormation stack-specific solution.

Select the Best Solution:

Option A: Adding a Retain deletion policy to the DynamoDB resource in the CloudFormation stack ensures the table is preserved when the stack is deleted.

References:

AWS CloudFormation Deletion Policy

Using the Retain deletion policy ensures that the DynamoDB table is not deleted when the CloudFormation stack is deleted, preserving critical data.