Exam 4 | Notion

You are working for a software as a service (SaaS) company as a solutions architect and help design solutions for the company's customers. One of the customers is a bank and has a requirement to whitelist a public IP when the bank is accessing external services across the internet.

Which architectural choice do you recommend to maintain high availability, support scaling-up to 10 instances and comply with the bank's requirements?

Use a Network Load Balancer with an Auto Scaling Group

Use an Application Load Balancer with an Auto Scaling Group

Use an Auto Scaling Group with Dynamic Elastic IPs attachment

Use a Classic Load Balancer with an Auto Scaling Group

La única que soporta un IP estática es el Network Load Balancer, el aplication load balancer tiene un Ip privada que se mapea con la ip pública del network interface para salir al exterior.

A company runs a popular dating website on the AWS Cloud. As a Solutions Architect, you've designed the architecture of the website to follow a serverless pattern on the AWS Cloud using Amazon API Gateway and AWS Lambda. The backend uses an Amazon RDS PostgreSQL database. Currently, the application uses a username and password combination to connect the AWS Lambda function to the Amazon RDS database.

You would like to improve the security at the authentication level by leveraging short-lived credentials. What will you choose? (Select two)

Attach an AWS Identity and Access Management (IAM) role to AWS Lambda

Restrict the Amazon RDS database security group to the AWS Lambda's security group

Use IAM authentication from AWS Lambda to Amazon RDS PostgreSQL

Deploy AWS Lambda in a VPC

Embed a credential rotation logic in the AWS Lambda, retrieving them from SSM

A ver básicamente lo que haces es crear un usuario para que Lambda pueda autntificarse dentro de la propia base RDS con el usuario IAM y luego le das el rol a lambda para que pueda conectarse.

You can authenticate to your database instance using AWS Identity and Access Management (IAM) database authentication. IAM database authentication works with MySQL and PostgreSQL. With this authentication method, you don't need to use a password when you connect to a database instance. Instead, you use an authentication token.