A company uses AWS WAF to protect its cloud infrastructure. A DevOps engineer needs to give an operations team the ability to analyze log messages from AWS WAR. The operations team needs to be able to create alarms for specific patterns in the log output.
Which solution will meet these requirements with the LEAST operational overhead?
Step 2: Creating CloudWatch Metric Filters CloudWatch metric filters can be used to search for specific patterns in log data. The operations team can create filters for certain log patterns and set up alarms based on these filters.
Action: Instruct the operations team to create CloudWatch metric filters to detect patterns in the WAF log output.
Why: Metric filters allow the team to trigger alarms based on specific patterns without needing to manually search through logs.
This corresponds to Option A: Create an Amazon CloudWatch Logs log group. Configure the appropriate AWS WAF web ACL to send log messages to the log group. Instruct the operations team to create CloudWatch metric filters.
A software team is using AWS CodePipeline to automate its Java application release pipeline The pipeline consists of a source stage, then a build stage, and then a deploy stage. Each stage contains a single action that has a runOrder value of 1.
The team wants to integrate unit tests into the existing release pipeline. The team needs a solution that deploys only the code changes that pass all unit tests.
Which solution will meet these requirements?
* Modify the Build Stage to Add a Test Action with a RunOrder Value of 2:
The build stage in AWS CodePipeline can have multiple actions. By adding a test action with a runOrder value of 2, the test action will execute after the initial build action completes.
* Use AWS CodeBuild as the Action Provider to Run Unit Tests:
AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages.
Using CodeBuild to run unit tests ensures that the tests are executed in a controlled environment and that only the code changes that pass the unit tests proceed to the deploy stage.
Example configuration in CodePipeline:
{
'name': 'BuildStage',
'actions': [
{
'name': 'Build',
'actionTypeId': {
'category': 'Build',
'owner': 'AWS',
'provider': 'CodeBuild',
'version': '1'
},
'runOrder': 1
},
{
'name': 'Test',
'actionTypeId': {
'category': 'Test',
'owner': 'AWS',
'provider': 'CodeBuild',
'version': '1'
},
'runOrder': 2
}
]
}
By integrating the unit tests into the build stage and ensuring they run after the build process, the pipeline guarantees that only code changes passing all unit tests are deployed.
A company has configured Amazon RDS storage autoscaling for its RDS DB instances. A DevOps team needs to visualize the autoscaling events on an Amazon CloudWatch dashboard. Which solution will meet this requirement?
This corresponds to Option A: Create an Amazon EventBridge rule that reacts to RDS storage autoscaling events from RDS events. Create an AWS Lambda function that publishes a CloudWatch custom metric. Configure the EventBridge rule to invoke the Lambda function. Visualize the custom metric by using the CloudWatch dashboard.
A company is using AWS CodeDeploy to automate software deployment. The deployment must meet these requirements:
* A number of instances must be available to serve traffic during the deployment Traffic must be balanced across those instances, and the instances must automatically heal in the event of failure.
* A new fleet of instances must be launched for deploying a new revision automatically, with no manual provisioning.
* Traffic must be rerouted to the new environment to half of the new instances at a time. The deployment should succeed if traffic is rerouted to at least half of the instances; otherwise, it should fail.
* Before routing traffic to the new fleet of instances, the temporary files generated during the deployment process must be deleted.
* At the end of a successful deployment, the original instances in the deployment group must be deleted immediately to reduce costs.
How can a DevOps engineer meet these requirements?
Step 2: Use an Application Load Balancer and Auto Scaling Group The Application Load Balancer (ALB) is essential to balance traffic across multiple instances, and Auto Scaling ensures the deployment scales automatically to meet demand.
Action: Associate the Auto Scaling group and Application Load Balancer target group with the deployment group.
Why: This configuration ensures that traffic is evenly distributed and that instances automatically scale based on traffic load.
Step 3: Use Custom Deployment Configuration The company requires that traffic be rerouted to at least half of the instances to succeed. AWS CodeDeploy allows you to configure custom deployment settings with specific thresholds for healthy hosts.
Action: Create a custom deployment configuration where 50% of the instances must be healthy.
Why: This ensures that the deployment continues only if at least 50% of the new instances are healthy.
Step 4: Clean Temporary Files Using Hooks Before routing traffic to the new environment, the temporary files generated during the deployment must be deleted. This can be achieved using the BeforeAllowTraffic hook in the appspec.yml file.
Action: Use the BeforeAllowTraffic lifecycle event hook to clean up temporary files before routing traffic to the new environment.
Why: This ensures that the environment is clean before the new instances start serving traffic.
Step 5: Terminate Original Instances After Deployment After a successful deployment, AWS CodeDeploy can automatically terminate the original instances (blue environment) to save costs.
Action: Instruct AWS CodeDeploy to terminate the original instances after the new instances are healthy.
Why: This helps in cost reduction by removing unused instances after the deployment.
This corresponds to Option C: Use an Application Load Balancer and a blue/green deployment. Associate the Auto Scaling group and the Application Load Balancer target group with the deployment group. Use the Automatically copy Auto Scaling group option, and use CodeDeployDefault.HalfAtATime as the deployment configuration. Instruct AWS CodeDeploy to terminate the original instances in the deployment group, and use the BeforeAllowTraffic hook within appspec.yml to delete the temporary files.
A company has deployed a new platform that runs on Amazon Elastic Kubernetes Service (Amazon EKS). The new platform hosts web applications that users frequently update. The application developers build the Docker images for the applications and deploy the Docker images manually to the platform.
The platform usage has increased to more than 500 users every day. Frequent updates, building the updated Docker images for the applications, and deploying the Docker images on the platform manually have all become difficult to manage.
The company needs to receive an Amazon Simple Notification Service (Amazon SNS) notification if Docker image scanning returns any HIGH or CRITICAL findings for operating system or programming language package vulnerabilities.
Which combination of steps will meet these requirements? (Select TWO.)
This corresponds to Option B: Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon EventBridge event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a step to the pipeline to initiate the AWS CodeBuild project.
* Step 2: Enabling Enhanced Scanning on Amazon ECR and Monitoring Vulnerabilities To scan for vulnerabilities in Docker images, Amazon ECR provides both basic and enhanced scanning options. Enhanced scanning offers deeper and more frequent scans, and integrates with Amazon EventBridge to send notifications based on findings.
Action: Turn on enhanced scanning for the Amazon ECR repository where the Docker images are stored. Use Amazon EventBridge to monitor image scan events and trigger an Amazon SNS notification if any HIGH or CRITICAL vulnerabilities are found.
Why: Enhanced scanning provides a detailed analysis of operating system and programming language package vulnerabilities, which can trigger notifications in real-time.
This corresponds to Option D: Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on enhanced scanning for the ECR repository. Create an Amazon EventBridge rule that monitors ECR image scan events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.
Sophia
6 days agoGeorgeanna
20 days agoIluminada
22 days agoMariann
1 months agoShelia
2 months agoHoney
2 months agoAshlyn
2 months agoKanisha
3 months agoMireya
3 months agoTyisha
3 months agoCasie
3 months agoCheryl
4 months agoLon
4 months agoEmeline
5 months agoElmer
5 months agoJustine
6 months agoJosefa
6 months agoVernice
6 months agoMilly
6 months agoCherilyn
6 months agoHerman
7 months ago