AWS SAP-C02教程2--存储资源

存储资源在架构设计中是一个少不了的环节，而在AWS中有不同类型的存储资源，对应会有不同用途不同价格，SAP考试中考察各种存储是少不了，以下是涉及到的存储

1 非结构化存储

非结构化存储大致可以分为3类：块存储、文件存储、对象存储。

1.1 Amazon EBS（块存储）

Amazon Elastic Block Store (Amazon EBS) 提供了块级存储卷以用于 EC2 实例。EBS 卷的行为类似于原始、未格式化的块储存设备。简单理解为挂载在服务器的磁盘上。
阿里云对标产品：块存储 EBS

1.1.1 基本限制

• 一个EBS块只能挂载在一台EC2实例上（io1/io2除外）
• 创建一个EBS需要指定对应的AZ，只能被该AZ中EC2使用
• 如果要将EBS内容复制到另外的AZ，只能通过Snapshot
• EBS的大小是可以调整的

1.1.2 类型

• 固态硬盘（SSD）类型
  
• 硬盘驱动器（HDD）类型
  

1.1.3 RAID 配置选项

如果 I/O 性能至关重要，请使用 RAID 0。如果对于高可用性，请使用RAID 1。

1.1.4 Snapshot

您可以通过拍摄时间点快照将 Amazon EBS 卷上的数据备份到 Amazon S3。快照属于增量 备份，这意味着仅保存设备上在最新快照之后更改的数据块。由于无需复制数据，这将最大限度缩短创建快照所需的时间和增加存储成本节省。

1.2 Local Instance store（块存储）

Local Instance store（实例存储）为您的实例提供临时性块级存储（也是一种块存储）。此存储位于已物理附加到主机的磁盘上。实例存储非常适合临时存储频繁更改的信息。
阿里云对标产品：ECS中本地存储*

• 优点
  1）提供很高的I/O
  2）非常适合于临时存储、缓存等
  3）实例重启后数据还在
• 缺点
  1）不能调整大小
  2）停止或终止实例，数据丢失
  3）备份需要手动操作

1.3 Amazon EFS（文件存储）

云文件存储是一种在云中存储数据的方法，允许服务器和应用程序通过共享文件系统访问数据。这种兼容性使得云文件存储非常适合依赖共享文件系统的工作负载，并且实现了无需更改代码的简单集成。
阿里云对标产品：文件存储 NAS或者文件存储 CPFS

1.3.1 特点

• 一般用于应用程序文件共享、数据共享
• 使用POSIX协议或NFS协议
• 可以使用安全组
• 需要挂载在一个VPC下面，在多个AZ中会为每个AZ创建一个ENI
• 具有很大的存储空间

例题：.You create an Amazon Elastic File System (EFS) file system and mount targets for the file system in your Virtual Private Cloud (VPC). Identify the initial permissions you can grant to the group root of your file system.
A. write-execute-modify
B.read-execute
C. read-write-modify
D.read-write
答案：B
答案解析：EFS默认对所有者具有读写执行权限，对组root的其它人只有读执行权限。因此选择B选项

1.3.2 类型

1.3.3 如何共享使用

• 其它VPC可以通过VPC peering
• On-premise可以通过Direct Connect或者VPN，但必须是通过IPv4（不能通过DNS）
• 通过这样就可以做到跨账号、跨本地的访问（此处考试中也会出现）

例题：A company has an application that runs as a ReplicaSet of multiple pods in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The EKS cluster has nodes in multiple Availability Zones. The application generates many small files that must be accessible across all running instances of the application. The company needs to back up the files and retain the backups for 1 year.
Which solution will meet these requirements while providing the FASTEST storage performance?
A. Create an Amazon Elastic File System (Amazon EFS) file system and a mount target for each subnet that contains nodes in the EKS cluster. Configure the ReplicaSet to mount the file system. Direct the application to store files in the file system. Configure AWS Backup to back up and retain copies of the data for 1 year.
B. Create an Amazon Elastic Block Store (Amazon EBS) volume. Enable the EBS Multi-Attach feature. Configure the ReplicaSet to mount the EBS volume. Direct the application to store files in the EBS volume. Configure AWS Backup to back up and retain copies of the data for 1 year.
C. Create an Amazon S3 bucket. Configure the ReplicaSet to mount the S3 bucket. Direct the application to store files in the S3 bucket. Configure S3 Versioning to retain copies of the data. Configure an S3 Lifecycle policy to delete objects after 1 year.
D. Configure the ReplicaSet to use the storage available on each of the running application pods to store the files locally. Use a third-party tool to back up the EKS cluster for 1 year.
答案：A
答案解析：题目要求给EKS集群提供一个小文件共享存储，可多可用区共享存储，且 FASTEST storage。在存储性能上EBS>EFS>S3；但是EBS不适合多可用区，因此只有EFS符合。D选项第三方存储可以排除掉，会增加过多维护成本。因此答案选择A选项。

1.4 Amazon FSx（文件存储）

1.4.1 基本概念

Amazon FSx for Windows File Server 提供完全托管式的 Windows 文件服务器，由完全原生的 Windows 文件系统提供支持。FSx for Windows File Server 的功能、性能和兼容性可轻松提升企业应用程序并将其转移到AWS Cloud。
一般是Windows的文件存储，建议采用FSx存储

例题：A company runs a content management application on a single Windows Amazon EC2 instance in a development environment. The application reads and writes static content to a 2 TB Amazon Elastic Block Store (Amazon EBS) volume that is attached to the instance as the root device. The company plans to deploy this application in production as a highly available and fault-tolerant solution that runs on at least three EC2 instances across multiple Availability Zones.
A solutions architect must design a solution that joins all the instances that run the application to an Active Directory domain. The solution also must implement Windows ACLs to control access to file contents. The application always must maintain exactly the same content on all running instances at any given point in time.
Which solution will meet these requirements with the LEAST management overhead?
A. Create an Amazon Elastic File System (Amazon EFS) file share. Create an Auto Scaling group that extends across three Availability Zones and maintains a minimum size of three instances. Implement a user data script to install the application, join the instance to the AD domain, and mount the EFS file share.
B. Create a new AMI from the current EC2 Instance that is running. Create an Amazon FSx for Lustre file system. Create an Auto Scaling group that extends across three Availability Zones and maintains a minimum size of three instances. Implement a user data script to join the instance to the AD domain and mount the FSx for Lustre file system.
C. Create an Amazon FSx for Windows File Server file system. Create an Auto Scaling group that extends across three Availability Zones and maintains a minimum size of three instances. Implement a user data script to install the application and mount the FSx for Windows File Server file system. Perform a seamless domain join to join the instance to the AD domain.
D. Create a new AMI from the current EC2 instance that is running. Create an Amazon Elastic File System (Amazon EFS) file system. Create an Auto Scaling group that extends across three Availability Zones and maintains a minimum size of three Instances. Perform a seamless domain join to join the instance to the AD domain.
答案：C
答案解析：EFS是基于Linux/Mac的，所以排除A选项和D选项；Lustre代表Linux集群，所以排除B选项。因此正确选项C Amazon FSx为Windows。

例题：A solutions architect is investigating an issue in which a company cannot establish new sessions in Amazon Workspaces. An initial analysis indicates that the issue involves user profiles. The Amazon Workspaces environment is configured to use Amazon FSx for Windows File Server as the profile share storage. The FSx for Windows File Server file system is configured with 10 TB of storage.
The solutions architect discovers that the file system has reached Its maximum capacity. The solutions architect must ensure that users can regain access. The solution also must prevent the problem from occurring again.
Which solution will meet these requirements?
A. Remove old user profiles to create space. Migrate the user profiles to an Amazon FSx for Lustre file system.
B. Increase capacity by using the update-file-system command. Implement an Amazon CloudWatch metric that monitors free space. Use Amazon EventBridge to invoke an AWS Lambda function to increase capacity as required.
C. Monitor the file system by using the FreeStorageCapacity metric in Amazon CloudWatch. Use AWS Step Functions to increase the capacity as required.
D. Remove old user profiles to create space. Create an additional FSx for Windows File Server file system. Update the user profile redirection for 50% of the users to use the new file system.
答案：B
答案解析：题目是硬盘已经满了，且希望以后不会发生同样的问题。那么首先FSx增加硬盘容量应该使用update-file-system命令，并通过CloudWatch +EventBridge+Lambda实现监控并自动增加容量。因此选项B选项

1.4.2 Amazon FSx for Lustre

FsX for Lustre 使启动和运行广受欢迎的高性能 Lustre 文件系统变得轻松且经济实惠。您可以使用 Lustre。开源 Lustre 文件系统专为需要快速存储的应用程序而设计，您希望存储空间与计算保持同步。Lustre 旨在解决快速、廉价地处理世界上不断增长的数据集的问题。它是一种广泛使用的文件系统，专为世界上最快的计算机而设计。它提供亚毫秒级延迟、高达数百 Gbps 的吞吐量和高达数百万的 IOPS。

• Amazon FSx 使您可以更轻松地将 Lustre 用于存储速度很重要的工作负载
• FsX for Lustre 符合 POSIX 标准

例题：A company is migrating a document processing workload to AWS. The company has updated many applications to natively use the Amazon S3 API to store, retrieve, and modify documents that a processing server generates at a rate of approximately 5 documents every second. After the document processing is finished, customers can download the documents directly from Amazon S3.
During the migration, the company discovered that it could not immediately update the processing server that generates many documents to support the S3 API. The server runs on Linux and requires fast local access to the files that the server generates and modifies. When the server finishes processing, the files must be available to the public for download within 30 minutes.
Which solution will meet these requirements with the LEAST amount of effort?
A. Migrate the application to an AWS Lambda function. Use the AWS SDK for Java to generate, modify, and access the files that the company stores directly in Amazon S3.
B. Set up an Amazon S3 File Gateway and configure a file share that is linked to the document store. Mount the file share on an Amazon EC2 instance by using NFS. When changes occur in Amazon S3, initiate a RefreshCache API call to update the S3 File Gateway.
C. Configure Amazon FSx for Lustre with an import and export policy. Link the new file system to an S3 bucket. Install the Lustre client and mount the document store to an Amazon EC2 instance by using NFS.
D. Configure AWS DataSync to connect to an Amazon EC2 instance. Configure a task to synchronize the generated files to and from Amazon S3.
答案：C
答案解析：FSx for Lustre文件系统也可以链接到Amazon Simple Storage Service (S3) bucket，允许您同时访问和处理来自高性能文件系统和S3 API的数据。因此选择C选项。

1.5 Amazon S3（对象存储）

Amazon Simple Storage Service（Amazon S3）是一种对象存储服务，提供行业领先的可扩展性、数据可用性、安全性和性能。各种规模和行业的客户都可以使用 Amazon S3 存储和保护任意数量的数据，用于数据湖、网站、移动应用程序、备份和恢复、归档、企业应用程序、IoT 设备和大数据分析。Amazon S3 提供了管理功能，使您可以优化、组织和配置对数据的访问，以满足您的特定业务、组织和合规性要求。
阿里云对标产品：对象存储OSS

1.5.1 基本概念

• 桶：存储桶是 Amazon S3 中用于存储对象的容器。您可以在存储桶中存储任意数量的对象，并且账户中最多可以有 100 个存储桶。
• 对象：数据元是 Amazon S3 中存储的基础实体。对象由对象数据和元数据组成。元数据是一组描述对象的名称-值对。这些对值包括一些默认元数据（如上次修改日期）和标准 HTTP 元数据（如 Content-Type）。您还可以在存储对象时指定自定义元数据。
• 键：对象密钥（或密钥名称）是指存储桶中对象的唯一标识符。存储桶内的每个对象都只能有一个键。存储桶、对象密钥和可选版本 ID 的组合（如果为存储桶启用了 S3 版本控制）唯一标识每个数据元。因此，您可以将 Amazon S3 看作“存储桶 + 键 + 版本”与对象本身之间的基本数据映射。
• 版本控制：您可以使用 S3 版本控制功能将对象的多个变量保留在同一存储桶中。使用 S3 版本控制功能，您可以保留、检索和恢复存储桶中的各个版本。

1.5.2 基础特性

• 适合存储静态数据（比如网站的静态图片等）
• 按需付费，用多少计多少
• 存储的是对象
• 是一个公共服务，必须要挂载在EC2上面
• 不适合很多小文件、动态内容、查询等场景
• 安全性：可加密、阻止公有访问、授权等

例题：A company has an application that generates reports and stores them in an Amazon bucket Amazon S3 bucket. When a user accesses their report, the application generates a signed URL to allow the user to download the report. The company’s security team has discovered that the files are public and that anyone can download them without authentication. The company has suspended the generation of new reports until the problem is resolved.
Which set of action will immediately remediate the security issue without impacting the application’s normal workflow?
A. Create an AWS Lambda function that applies all policy for users who are not authenticated. Create a scheduled event to invoke the Lambda function.
B. Review the AWS Trusted advisor bucket permissions check and implement the recommend actions.
C. Run a script that puts a Private ACL on all of the object in the bucket.
D. Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcis option to TRUE on the bucket.
答案：D
答案解析：参考：https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html

1.5.3 存储类型

其中记住以下几个关键点：

• Intelligent-Tier适合于有一定生命周期的数据

例题：An adventure company has launched a new feature on its mobile app. Users can use the feature to upload their hiking and rafting photos and videos anytime. The photos and videos are stored in Amazon S3 Standard storage in an S3 bucket and are served through Amazon CloudFront.
The company needs to optimize the cost of the storage. A solutions architect discovers that most of the uploaded photos and videos are accessed infrequently after 30 days. However, some of the uploaded photos and videos are accessed frequently after 30 days. The solutions architect needs to implement a solution that maintains millisecond retrieval availability of the photos and videos at the lowest possible cost.
Which solution will meet these requirements?
A. Configure S3 Intelligent-Tiering on the S3 bucket.
B. Configure an S3 Lifecycle policy to transition image objects and video objects from S3 Standard to S3 Glacier Deep Archive after 30 days.
C. Replace Amazon S3 with an Amazon Elastic File System (Amazon EFS) file system that is mounted on Amazon EC2 instances.
D. Add a Cache-Control: max-age header to the S3 image objects and S3 video objects. Set the header to 30 days.
答案：A
答案解析：题目要求节省成本，但是图片30天后较少访问。因此S3 Intelligent-Tiering根据访问模式的变化在两个访问层之间自动移动对象。访问频率高的对象存储在频繁访问层，访问频率低的对象存储在非频繁访问层。这允许在不需要人工干预的情况下进行成本优化。B选项S3 Glacier Deep Archive虽然更节省成本，但是S3 Glacier Deep Archive访问需要较长时间，因此不太符合web访问。因此答案选择A选项。

• Glacier用于存储不常用的数据，以节省成本

例题：A company is running an application in the AWS Cloud. The application collects and stores a large amount of unstructured data in an Amazon S3 bucket. The S3 bucket contains several terabytes of data and uses the S3 Standard storage class. The data increases in size by several gigabytes every day.
The company needs to query and analyze the data. The company does not access data that is more than 1 year old. However, the company must retain all the data indefinitely for compliance reasons.
Which solution will meet these requirements MOST cost-effectively?
A. Use S3 Select to query the data. Create an S3 Lifecycle policy to transition data that is more than 1 year old to S3 Glacier Deep Archive.
B. Use Amazon Redshift Spectrum to query the data. Create an S3 Lifecycle policy to transition data that is more than 1 year old to S3 Glacier Deep Archive.
C. Use an AWS Glue Data Catalog and Amazon Athena to query the data. Create an S3 Lifecycle policy to transition data that is more than 1 year old to S3 Glacier Deep Archive.
D. Use Amazon Redshift Spectrum to query the data. Create an S3 Lifecycle policy to transition data that is more than 1 year old to S3 Intelligent-Tiering.
答案：C
答案解析：题目关键词：query and analyze，1 year old，MOST cost-effectively。需要做S3的查询，并且1年后数据归档。首先Redshift和Athena 都可以做S3的数据查询和分析，但是对于1年后数据，更应该存入Glacier Deep Archive，这样更加节省成本，并且使用Lifecycle 自动归档。因此选择C选项

1.4.4 高级特性

• 跨区域/同区域复制

例题：A company’s solutions architect is reviewing a web application that runs on AWS. The application references static assets in an Amazon S3 bucket in the us-east-1 Region. The company needs resiliency across multiple AWS Regions. The company already has created an S3 bucket in a second Region.
Which solution will meet these requirements with the LEAST operational overhead?
A. Configure the application to write each object to both S3 buckets. Set up an Amazon Route 53 public hosted zone with a record set by using a weighted routing policy for each S3 bucket. Configure the application to reference the objects by using the Route 53 DNS name.
B. Create an AWS Lambda function to copy objects from the S3 bucket in us-east-1 to the S3 bucket in the second Region. Invoke the Lambda function each time an object is written to the S3 bucket in us-east-1. Set up an Amazon CloudFront distribution with an origin group that contains the two S3 buckets as origins.
C. Configure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second Region. Set up an Amazon CloudFront distribution with an origin group that contains the two S3 buckets as origins.
D. Configure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second Region. If Lawyer is required, update the application code to load S3 objects from the S3 bucket in the second Region.
答案：C
答案解析：题目要求S3做做多区域复制。S3具备多区域复制，因此A选项和B选项不需要多余的步骤，使用CloudFront 做故障转移，因此选择C选项。

例题：A solutions architect needs to copy data from an Amazon S3 bucket m an AWS account to a new S3 bucket in a new AWS account. The solutions architect must implement a solution that uses the AWS CLI.
Which combination of steps will successfully copy the data? (Choose three.)
A. Create a bucket policy to allow the source bucket to list its contents and to put objects and set object ACLs in the destination bucket. Attach the bucket policy to the destination bucket.
B. Create a bucket policy to allow a user in the destination account to list the source bucket’s contents and read the source bucket’s objects. Attach the bucket policy to the source bucket.
C. Create an IAM policy in the source account. Configure the policy to allow a user in the source account to list contents and get objects in the source bucket, and to list contents, put objects, and set object ACLs in the destination bucket. Attach the policy to the user.
D. Create an IAM policy in the destination account. Configure the policy to allow a user in the destination account to list contents and get objects in the source bucket, and to list contents, put objects, and set objectACLs in the destination bucket. Attach the policy to the user.
E. Run the aws s3 sync command as a user in the source account. Specify the source and destination buckets to copy the data.
F. Run the aws s3 sync command as a user in the destination account. Specify the source and destination buckets to copy the data.
答案：BDF
答案解析：跨账号S3的复制步骤。

• SSE-S3： Amazon S3 托管式密钥的服务器端加密（SSE-S3）作为 Amazon S3 中每个桶的基本加密级别。所有新对象都将自动加密，不会产生额外费用，也不会影响性能。

例题：A company has millions of objects in an Amazon S3 bucket. The objects are in the S3 Standard storage class. All the S3 objects are accessed frequently. The number of users and applications that access the objects is increasing rapidly. The objects are encrypted with server-side encryption with AWS KMS keys (SSE-KMS).
A solutions architect reviews the company’s monthly AWS invoice and notices that AWS KMS costs are increasing because of the high number of requests from Amazon S3. The solutions architect needs to optimize costs with minimal changes to the application.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create a new S3 bucket that has server-side encryption with customer-provided keys (SSE-C) as the encryption type. Copy the existing objects to the new S3 bucket. Specify SSE-C.
B. Create a new S3 bucket that has server-side encryption with Amazon S3 managed keys (SSE-S3) as the encryption type. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Specify SSE-S3.
C. Use AWS CloudHSM to store the encryption keys. Create a new S3 bucket. Use S3 Batch Operations to copy the existing objects to the new S3 bucket. Encrypt the objects by using the keys from CloudHSM.
D. Use the S3 Intelligent-Tiering storage class for the S3 bucket. Create an S3 Intelligent-Tiering archive configuration to transition objects that are not accessed for 90 days to S3 Glacier Deep Archive.
答案：B
答案解析：题目出现使用SSE-KMS加密导致费用过高。因此使用S3本身的加密SSE-S3是最合适的，因此选择B选项

• Event Notification（事件通知）：属于监控桶级别的通知（比如对象创建、对象删除等操作）
  
• 对象级的通知：通过CloudTrail实现对对象级的监控
  
• 版本控制：当没有启动版本时，同时写入对象2次，可能只会受到一个通知；启动version对于多并发会发多个通知。
• Multi-Part upload（分片上传）：当文件大小过大时，可以采用分片上传
• S3 Transfer Acceleration：用于异地上传，比如在亚洲上传文件到欧洲，使用Transfer Acceleration可以加速上传

例题：A video streaming company recently launched a mobile app for video sharing. The app uploads various files to an Amazon S3 bucket in the us-east-1 Region. The files range in size from 1 GB to 10 GB. Users who access the app from Australia have experienced uploads that take long periods of time. Sometimes the files fail to completely upload for these users. A solutions architect must improve the app’s performance for these uploads.
Which solutions will meet these requirements? (Choose two.)
A. Enable S3 Transfer Acceleration on the S3 bucket. Configure the app to use the Transfer Acceleration endpoint for uploads.
B. Configure an S3 bucket in each Region to receive the uploads. Use S3 Cross-Region Replication to copy the files to the distribution S3 bucket.
C. Set up Amazon Route 53 with latency-based routing to route the uploads to the nearest S3 bucket Region.
D. Configure the app to break the video files into chunks. Use a multipart upload to transfer files to Amazon S3.
E. Modify the app to add random prefixes to the files before uploading.
答案：AD
答案分析：题目要求解决S3其它区域上传速度并且文件大小在1-10GB。解决多区域上传使用Transfer Acceleration；大文件上传使用Multi-Part upload。因此选择AD

例题：A weather service provides high-resolution weather maps from a web application hosted on AWS in the eu-west-1 Region. The weather maps are updated frequently and stored in Amazon S3 along with static HTML content. The web application is fronted by Amazon CloudFront.
The company recently expanded to serve users in the us-east-1 Region, and these new users report that viewing their respective weather maps is slow from time to time.
Which combination of steps will resolve the us-east-1 performance issues? (Choose two.)
A. Configure the AWS Global Accelerator endpoint for the S3 bucket in eu-west-1. Configure endpoint groups for TCP ports 80 and 443 in us-east-1.
B. Create a new S3 bucket in us-east-1. Configure S3 cross-Region replication to synchronize from the S3 bucket in eu-west-1.
C. Use Lambda@Edge to modify requests from North America to use the S3 Transfer Acceleration endpoint in us-east-1.
D. Use Lambda@Edge to modify requests from North America to use the S3 bucket in us-east-1.
E. Configure the AWS Global Accelerator endpoint for us-east-1 as an origin on the CloudFront distribution. Use Lambda@Edge to modify requests from North America to use the new origin.
答案：BD
答案解析：题目主要是考察提升多区域的访问速度。参考：https://aws.amazon.com/cn/blogs/apn/using-amazon-cloudfront-with-multi-region-amazon-s3-origins/

例题：A company is building an electronic document management system in which users upload their documents. The application stack is entirely serverless and runs on AWS in the eu-central-1 Region. The system includes a web application that uses an Amazon CloudFront distribution for delivery with Amazon S3 as the origin.
The web application communicates with Amazon API Gateway Regional endpoints. The API Gateway APIs call AWS Lambda functions that store metadata in an
Amazon Aurora Serverless database and put the documents into an S3 bucket.
The company is growing steadily and has completed a proof of concept with its largest customer. The company must improve latency outside of Europe
Which combination of actions will meet these requirements? (Choose two.)
A. Enable S3 Transfer Acceleration on the S3 bucket. Ensure that the web application uses the Transfer Acceleration signed URLs.
B. Create an accelerator in AWS Global Accelerator. Attach the accelerator to the CloudFront distribution.
C. Change the API Gateway Regional endpoints to edge-optimized endpoints.
D. Provision the entire stack in two other locations that are spread across the world. Use global databases on the Aurora Serverless cluster.
E. Add an Amazon RDS proxy between the Lambda functions and the Aurora Serverless database.
答案：AC
答案解析：题目要求S3改善异地延迟问题。B选项Global Accelerator.被排除在外，因为它不能指向CloudFront；D选项太复杂；E选项RDS proxy更多是解决连接过多问题。

例题：A company provides auction services for artwork and has users across North America and Europe. The company hosts its application in Amazon EC2 instances in the us-east-1 Region. Artists upload photos of their work as large-size, high-resolution image files from their mobile phones to a centralized Amazon S3 bucket created in the us-east-1 Region. The users in Europe are reporting slow performance for their image uploads.
How can a solutions architect improve the performance of the image upload process?
A. Redeploy the application to use S3 multipart uploads.
B. Create an Amazon CloudFront distribution and point to the application as a custom origin.
C. Configure the buckets to use S3 Transfer Acceleration.
D. Create an Auto Scaling group for the EC2 instances and create a scaling policy.
答案：C
答案解析：题目要求S3能够跨区域提高上传速度。Transfer Acceleration用于异地上传加速，因此选择C选项

• 对象锁定：借助 S3 对象锁定，您可以使用一次写入，多次读取 (WORM) 模式存储对象。对象锁定可帮助防止在固定的时间段内或无限期地删除或覆盖对象。可以使用对象锁定来帮助您满足需要 WORM 存储的法规要求，或只是添加另一个保护层来防止对象被更改和删除。

例题：A financial company is building a system to generate monthly, immutable bank account statements for its users. Statements are stored in Amazon S3. Users should have immediate access to their monthly statements for up to 2 years. Some users access their statements frequently, whereas others rarely access their statements. The company’s security and compliance policy requires that the statements be retained for at least 7 years.
What is the MOST cost-effective solution to meet the company’s needs?
A. Create an S3 bucket with Object Lock disabled. Store statements in S3 Standard. Define an S3 Lifecycle policy to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days. Define another S3 Lifecycle policy to move the data to S3 Glacier Deep Archive after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
B. Create an S3 bucket with versioning enabled. Store statements in S3 Intelligent-Tiering. Use same-Region replication to replicate objects to a backup S3 bucket. Define an S3 Lifecycle policy for the backup S3 bucket to move the data to S3 Glacier. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
C. Create an S3 bucket with Object Lock enabled. Store statements in S3 Intelligent-Tiering. Enable compliance mode with a default retention period of 2 years. Define an S3 Lifecycle policy to move the data to S3 Glacier after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
D. Create an S3 bucket with versioning disabled. Store statements in S3 One Zone-Infrequent Access (S3 One Zone-IA). Define an S3 Lifecycle policy to move the data to S3 Glacier Deep Archive after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
答案：C
答案解析：题目要求存储不可变数据，且最经济实惠。那么首先使用Object Lock ，排除掉B选项和D选项。至于A选项和C选项不同之处在于使用Intelligent-Tiering，明显使用Intelligent-Tiering会更加经济实惠。因此选择C选项

• batch批处理：当需要复制的对象很多（百万、千万以上）时，可以使用大规模分批操作。

例题：A company consists or two separate business units. Each business unit has its own AWS account within a single organization in AWS Organizations. The business units regularly share sensitive documents with each other. To facilitate sharing, the company created an Amazon S3 bucket in each account and configured low-way replication between the S3 buckets. The S3 buckets have millions of objects.
Recently, a security audit identified that neither S3 bucket has encryption at rest enabled. Company policy requires that all documents must be stored with encryption at rest. The company wants to implement server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
What is the MOST operationally efficient solution that meets these requirements?
A. Turn on SSE-S3 on both S3 buckets. Use S3 Batch Operations to copy and encrypt the objects in the same location.
B. Create an AWS Key Management Service (AWS KMS) key in each account. Turn on server-side encryption with AWS KMS keys (SSE-KMS) on each S3 bucket by using the corresponding KMS key in that AWS account. Encrypt the existing objects by using an S3 copy command in the AWS CLI.
C. Turn on SSE-S3 on both S3 buckets. Encrypt the existing objects by using an S3 copy command in the AWS CLI.
D. Create an AWS Key Management Service, (AWS KMS) key in each account. Turn on server-side encryption with AWS KMS keys (SSE-KMS) on each S3 bucket by using the corresponding KMS key in that AWS account. Use S3 Batch Operations to copy the objects into the same location.
答案：A
答案解析：题目要求加密S3的对象，并且有 millions of objects。因此应该使用Batch Operation且启用SSE-S3。因此选择A选项。

• RTC：S3 Replication Time Control（S3 RTC）可以帮助您满足数据复制的合规性要求或业务要求，并提供对 Amazon S3 复制时间的可见性。S3 RTC 会在几秒钟内复制您上传到 Amazon S3 的大多数对象，并在 15 分钟内复制 99.99% 的对象。

例题：A scientific company needs to process text and image data from an Amazon S3 bucket. The data is collected from several radar stations during a live, time-critical phase of a deep space mission. The radar stations upload the data to the source S3 bucket. The data is prefixed by radar station identification number.
The company created a destination S3 bucket in a second account. Data must be copied from the source S3 bucket to the destination S3 bucket to meet a compliance objective. The replication occurs through the use of an S3 replication rule to cover all objects in the source S3 bucket.
One specific radar station is identified as having the most accurate data. Data replication at this radar station must be monitored for completion within 30 minutes after the radar station uploads the objects to the source S3 bucket.
What should a solutions architect do to meet these requirements?
A. Set up an AWS DataSync agent to replicate the prefixed data from the source S3 bucket to the destination S3 bucket. Select to use all available bandwidth on the task, and monitor the task to ensure that it is in the TRANSFERRING status. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an alert if this status changes.
B. In the second account, create another S3 bucket to receive data from the radar station with the most accurate data. Set up a new replication rule for this new S3 bucket to separate the replication from the other radar stations. Monitor the maximum replication time to the destination. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an alert when the time exceeds the desired threshold.
C. Enable Amazon S3 Transfer Acceleration on the source S3 bucket, and configure the radar station with the most accurate data to use the new endpoint. Monitor the S3 destination bucket’s TotalRequestLatency metric. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an alert if this status changes.
D. Create a new S3 replication rule on the source S3 bucket that filters for the keys that use the prefix of the radar station with the most accurate data. Enable S3 Replication Time Control (S3 RTC). Monitor the maximum replication time to the destination. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an alert when the time exceeds the desired threshold.
答案：D
答案解析：题目要求30分钟内能够复制数据到另外一个区域的S3存储桶中并处理完数据。参考：https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-time-control.html

• 日志管理（access logging）：详细地记录对桶提出的各种请求。对于许多应用程序而言，服务器访问日志很有用。例如，访问日志信息可能在安全和访问权限审核方面很有用。它还可以帮助您了解您的客户群并了解您的 Amazon S3 账单

例题：A company has a new security policy. The policy requires the company to log any event that retrieves data from Amazon S3 buckets. The company must save these audit logs in a dedicated S3 bucket.
The company created the audit logs S3 bucket in an AWS account that is designated for centralized logging. The S3 bucket has a bucket policy that allows write- only cross-account access.
A solutions architect must ensure that all S3 object-level access is being logged for current S3 buckets and future S3 buckets.
Which solution will meet these requirements?
A. Enable server access logging for all current S3 buckets. Use the audit logs S3 bucket as a destination for audit logs.
B. Enable replication between all current S3 buckets and the audit logs S3 bucket. Enable S3 Versioning in the audit logs S3 bucket.
C. Configure S3 Event Notifications for all current S3 buckets to invoke an AWS Lambda function every time objects are accessed. Store Lambda logs in the audit logs S3 bucket.
D. Enable AWS CloudTrail, and use the audit logs S3 bucket to store logs. Enable data event logging for S3 event sources, current S3 buckets, and future S3 buckets.
答案：D
答案解析：题目要求统一采集对S3存储桶的查询日志到统一账户下的一个S3存储桶。A选项只开启access logging，但无法传递到跨账号的S3存储桶；B选项S3 Versioning并不是用来做本题需求；C选项Event Notifications 只是桶级别的日志。因此选择D选项。

1.5.4 Access Points

S3 Access Points简化了在 S3 中存储数据的任何AWS服务或客户应用程序的数据访问。接入点是附加到桶的命名网络端点，您可以使用这些桶执行 S3 对象操作（如 GetObject 和 PutObject）。每个接入点都具有不同的权限和网络控制，S3 将它们应用于通过该接入点发出的任何请求。每个接入点强制实施自定义接入点策略，该策略与附加到底层桶的桶策略结合使用。您可以将任何接入点配置为仅接受来自 Virtual Private Cloud（VPC）的请求，以限制专用网络的 Amazon S3 数据访问。您还可以为每个接入点配置自定义阻止公有访问设置。

• 通过设置不同Access Points控制访问
  

例题：A company has a data lake in Amazon S3 that needs to be accessed by hundreds of applications across many AWS accounts. The company’s information security policy states that the S3 bucket must not be accessed over the public internet and that each application should have the minimum permissions necessary to function.
To meet these requirements, a solutions architect plans to use an S3 access point that is restricted to specific VPCs for each application.
Which combination of steps should the solutions architect take to implement this solution? (Choose two.)
A. Create an S3 access point for each application in the AWS account that owns the S3 bucket. Configure each access point to be accessible only from the application’s VPC. Update the bucket policy to require access from an access point
B. Create an interface endpoint for Amazon S3 in each application’s VPC. Configure the endpoint policy to allow access to an S3 access point. Create a VPC gateway attachment for the S3 endpoint
C. Create a gateway endpoint for Amazon S3 in each application’s VPC. Configure the endpoint policy to allow access to an S3 access point. Specify the route table that is used to access the access point.
D. Create an S3 access point for each application in each AWS account and attach the access points to the S3 bucket. Configure each access point to be accessible only from the application’s VPC. Update the bucket policy to require access from an access point.
E. Create a gateway endpoint for Amazon S3 in the data lake’s VPC. Attach an endpoint policy to allow access to the S3 bucket. Specify the route table that is used to access the bucket
答案：AC
答案解析：题目希望各个应用程序能够访问S3数据湖，并且每个VPC都能做到很好权限控制。那么采用access point是最好的方式，参考：https://aws.amazon.com/blogs/storage/managing-amazon-s3-access-with-vpc-endpoints-and-s3-access-points/

• 控制仅接受来自 VPC的请求
  

1.5.5 S3 Storage Lens

Amazon S3 Storage Lens 存储统计管理工具是一项云存储分析功能，您可以使用它在整个组织范围内了解对象存储的使用情况和活动。S3 Storage Lens 存储统计管理工具还分析指标以提供上下文建议，您可以使用这些建议来优化存储成本并应用最佳实践来保护数据。

• 这是S3预先配置的功能
• 直观显示整个账户的见解和趋势（注意：但考题中出现关于S3费用的未来趋势预测，一般就选择S3 Storage Lens 工具来实现）
• 显示多区域、多账号

例题：A company uses Amazon S3 to store files and images in a variety of storage classes. The company’s S3 costs have increased substantially during the past year. A solutions architect needs to review data trends for the past 12 months and identity the appropriate storage class for the objects. Which solution will meet these requirements?
A. Download AWS Cost and Usage Reports for the last 12 months of S3 usage. Review AWS Trusted Advisor recommendations for cost savings.
B. Use S3 storage class analysis. Import data trends into an Amazon QuickSight dashboard to analyze storage trends.
C. Use Amazon S3 Storage Lens. Upgrade the default dashboard to include advanced metrics for storage trends.
D. Use Access Analyzer for S3. Download the Access Analyzer for S3 report for the last 12 months. Import the .csv file to an Amazon QuickSight dashboard.
答案：C
答案解析：题目需要审查过去12个月数据趋势，并确定适当的存储类型。因此使用 S3 Storage Lens。选择C选项

1.5.6 经典架构

• 结合CloudFront静态文件访问
  

例题：A retail company is operating its ecommerce application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB).
The company uses an Amazon RDS DB instance as the database backend. Amazon CloudFront is configured with one origin that points to the ALB. Static content is cached. Amazon Route 53 is used to host all public zones.
After an update of the application, the ALB occasionally returns a 502 status code (Bad Gateway) error. The root cause is malformed HTTP headers that are returned to the ALB. The webpage returns successfully when a solutions architect reloads the webpage immediately after the error occurs.
While the company is working on the problem, the solutions architect needs to provide a custom error page instead of the standard ALB error page to visitors.
Which combination of steps will meet this requirement with the LEAST amount of operational overhead? (Choose two.)
A. Create an Amazon S3 bucket. Configure the S3 bucket to host a static webpage. Upload the custom error pages to Amazon S3.
B. Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Target FailedHealthChecks is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a publicly accessible web server.
C. Modify the existing Amazon Route 53 records by adding health checks. Configure a fallback target if the health check fails. Modify DNS records to point to a publicly accessible webpage.
D. Create an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Elb.InternalError is greater than 0. Configure the Lambda function to modify the forwarding rule at the ALB to point to a public accessible web server.
E. Add a custom error response by configuring a CloudFront custom error page. Modify DNS records to point to a publicly accessible web page.
答案：AE
答案解析：题目要求提供一个自定义的错误提示页面给客户的。错误提示页面是一个静态网页，而使用静态网页最好的方式就是CloudFront+S3，因此选择AE。

• 利用通知索引数据
  
• 动静分离架构
  

例题：A company used Amazon EC2 instances to deploy a web fleet to host a blog site. The EC2 instances are behind an Application Load Balancer (ALB) and are configured in an Auto Scaling group. The web application stores all blog content on an Amazon EFS volume, The company recently added a feature for bloggers to add video to their posts, attracting 10 times the previous user traffic, At peak times of day, users report buffering and timeout issues while attempting to reach the site or watch videos. Which is the MOST cost-efficient and scalable deployment that will resolve the issues for users?
A. Reconfigure Amazon EFS to enable maximum I/O.
B. Update the blog site to use instance store volumes for storage. Copy the site contents to the volumes at launch and to Amazon S3 at shutdown.
C. Configure an Amazon CloudFront distribution. Point the distribution to an S3 bucket, and migrate the videos fromEFS to Amazon S3.
D. Set up an Amazon CloudFront distribution for all suite contents, and point the distribution at the ALB.
答案：C
答案解析：题目关键词：video, 10 times, timeout 。出现性能问题，可能是EC2性能，可能是硬盘导致。A选项虽然提高了磁盘的性能，但是EC2的性能可能会成为瓶颈；B选项并非一个好的做法，且数据拷贝过来拷贝过去极端情况下容易丢失；D选项依旧存放在EC2中，没有解决问题。因此C选项最符合答案。

2 结构化存储

2.1 Amazon RDS（关系型数据库）

Amazon Relational Database Service (Amazon RDS) 是一项 Web 服务，让用户能够在 AWS Cloud 云中更轻松地设置、操作和扩展关系数据库。可为用户提供一个经济有效、容量可调的符合行业标准的关系数据库，并承担常见的数据库管理任务。
阿里云对标产品：RDS系列

2.1.1 基本特点

• 支持的引擎：
  MariaDB、Microsoft SQL Server、MySQL、Oracle、PostgreSQL

例题：A company needs to migrate its customer transactions database from on premises to AWS. The database resides on an Oracle DB instance that runs on a Linux server. According to a new security requirement, the company must rotate the database password each year.
Which solution will meet these requirements with the LEAST operational overhead?
A. Convert the database to Amazon DynamoDB by using the AWS Schema Conversion Tool (AWS SCT). Store the password in AWS Systems Manager Parameter Store. Create an Amazon CloudWatch alarm to invoke an AWS Lambda function for yearly passtard rotation.
B. Migrate the database to Amazon RDS for Oracle. Store the password in AWS Secrets Manager. Turn on automatic rotation. Configure a yearly rotation schedule.
C. Migrate the database to an Amazon EC2 instance. Use AWS Systems Manager Parameter Store to keep and rotate the connection string by using an AWS Lambda function on a yearly schedule.
D. Migrate the database to Amazon Neptune by using the AWS Schema Conversion Tool (AWS SCT). Create an Amazon CloudWatch alarm to invoke an AWS Lambda function for yearly password rotation.
答案：B
答案解析：希望将本地的Oracle数据库迁移到AWS，密钥自动轮转，并且LEAST operational overhead。A选项和D选项已经使用不同的数据库引擎，因此不考虑。C选项使用EC2部署数据库也是不建议，会增加操作成本和管理成本。因此选择RDS+Secrets Manager最合适。

• 支持的类型：
  通用型
  内存优化
  可突增性能
• 数据存储类型：
  通用型 SSD（也称为 gp2 和 gp3）、预调配 IOPS SSD（也称为 io1）和磁性存储（也称为标准存储）
• 运行于VPC下面
• 可自动化定时backup
• 可手动Snapshot，Snapshot可作为跨区域复制
• Amazon RDS Proxy：Amazon Relational database service (RDS)的完全托管数据库代理服务，它使应用程序更具可伸缩性、弹性和安全性。它允许应用程序汇集和共享到RDS数据库的连接，这有助于减少数据库连接开销，提高可伸缩性，并提供自动故障转移和高可用性。

例题：An application is using an Amazon RDS for MySQL Multi-AZ DB instance in the us-east-1 Region. After a failover test, the application lost the connections to the database and could not re-establish the connections. After a restart of the application, the application re-established the connections.
A solutions architect must implement a solution so that the application can re-establish connections to the database without requiring a restart.
Which solution will meet these requirements?
A. Create an Amazon Aurora MySQL Serverless v1 DB instance. Migrate the RDS DB instance to the Aurora Serverless v1 DB instance. Update the connection settings in the application to point to the Aurora reader endpoint.
B. Create an RDS proxy. Configure the existing RDS endpoint as a target. Update the connection settings in the application to point to the RDS proxy endpoint.
C. Create a two-node Amazon Aurora MySQL DB cluster. Migrate the RDS DB instance to the Aurora DB cluster. Create an RDS proxy. Configure the existing RDS endpoint as a target. Update the connection settings in the application to point to the RDS proxy endpoint.
D. Create an Amazon S3 bucket. Export the database to Amazon S3 by using AWS Database Migration Service (AWS DMS). Configure Amazon Athena to use the S3 bucket as a data store. Install the latest Open Database Connectivity (ODBC) driver for the application. Update the connection settings in the application to point to the Athena endpoint
答案：B
答案解析：题目要求处理数据库连接问题，而数据库连接一般采用Proxy。因此选择B选项。

2.1.2 多种架构

• 多可用区架构：在创建RDS时，选择可用性配置项目，则可以配置为多可用区架构
  
  多可用区架构如下：
  
  应用程序访问Master，不会访问Standby，出现故障时，自动切换。

例题：A company’s solutions architect is designing a disaster recovery (DR) solution for an application that runs on AWS. The application uses PostgreSQL 11.7 as its database. The company has an RPO of 30 seconds. The solutions architect must design a DR solution with the primary database in the us-east-1 Region and the failover database in the us-west-2 Region.
What should the solutions architect do to meet these requirements with minimum application change?
A. Migrate the database to Amazon RDS for PostgreSQL in us-east-1. Set up a read replica in us-west-2. Set the managed RPO for the RDS database to 30 seconds.
B. Migrate the database to Amazon RDS for PostgreSQL in us-east-1. Set up a standby replica in an Availability Zone in us-west-2. Set the managed RPO for the RDS database to 30 seconds.
C. Migrate the database to an Amazon Aurora PostgreSQL global database with the primary Region as us-east-1 and the secondary Region as us-west-2. Set the managed RPO for the Aurora database to 30 seconds.
D. Migrate the database to Amazon DynamoDB in us-east-1. Set up global tables with replica tables that are created in us-west-2.
答案：B
答案：题目希望PostgreSQL 做一个DR，且RPO在30秒。因此采用RDS多可用区主备模式。因此选择B选项。

• 多副本只读架构：在数据库控制台的实例上面，操作“ Create read replica (创建只读副本)”，可以创建不同AZ副本，甚至可以创建跨区域副本，可做故障转移，60-120秒。
  

例题：A retail company is hosting an ecommerce website on AWS across multiple AWS Regions. The company wants the website to be operational at all times for online purchases. The website stores data in an Amazon RDS for MySQL DB instance.
Which solution will provide the HIGHEST availability for the database?
A. Configure automated backups on Amazon RDS. In the case of disruption, promote an automated backup to be a standalone DB instance. Direct database traffic to the promoted DB instance. Create a replacement read replica that has the promoted DB instance as its source.
B. Configure global tables and read replicas on Amazon RDS. Activate the cross-Region scope. In the case of disruption, use AWS Lambda to copy the read replicas from one Region to another Region.
C. Configure global tables and automated backups on Amazon RDS. In the case of disruption, use AWS Lambda to copy the read replicas from one Region to another Region.
D. Configure read replicas on Amazon RDS. In the case of disruption, promote a cross-Region and read replica to be a standalone DB instance. Direct database traffic to the promoted DB instance. Create a replacement read replica that has the promoted DB instance as its source.
答案：D
答案解析：提供高可用。从选项上看，A和D都符合，但是A选项是一个冷备份，因此D选项更具有高可用性。

例题：A finance company is running its business-critical application on current-generation Linux EC2 instances.The application includes a self-managed MySOL database performing heavy l/0 operations. The application is working fine to handle a moderate amount of traffic during the month, However, it slows down during the final three days of each month due to month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to meet the increased demand, Which of the following actions would allow the database to handle the month-end load with the LEAST impact on performance’
A. Pre-warming Elastic Load Balancers, using a bigger instance type, changing all Amazon EBS volumes to GP2volumes.
B. Performing a one-time migration of the database cluster to Amazon RDS, and creating several additional readreplicas to handle the load during end of month
C. Using Amazon CloudWatch with AWS Lambda to change the type, size, or IOPS of Amazon EBS volumes in thecluster based on a specific CloudWatch metric.
D. Replacing all existing Amazon EBS volumes with new PIOPS volumes that have the maximum available storage sizeand I/0 per second by taking snapshots before the end of the month and reverting back afterwards.
答案：B
答案解析：题目关键词：self-managed MySOL，slows down，using Elastic Load Balancers and Auto Scaling。从题干上我们知道月末无法处理突发流量。使用了负载均衡和自动伸缩，说明瓶颈在数据库上。那么解决数据库IO问题，本文中使用自建MySQL不具备很好的扩展性，因此改用RDS增加读副本方式增加数据库的IO，因此选择B。

2.1.3 安全

• 可以使用KMS进行加密数据卷EBS或者snapshot
• 可以使用TDE加密数据（只适合MySQL和MS SQL）
• 可以使用SSL加密传输
• IAM权限只适合MySQL和PostgreSQL
• 支持CloudTrail

2.1.4 经典架构

• 跨区域高可用，且自动切换灾备架构
  

2.2 Amazon Aurora（关系型数据库）

Amazon Aurora (Aurora) 是一个与 MySQL 和 PostgreSQL 兼容的完全托管的关系数据库引擎。Aurora 包括一个高性能的存储子系统。已自定义其 MySQL 和 PostgreSQL 兼容数据库引擎以利用该快速分布式存储。基础存储会根据需要自动增长。Aurora 集群卷可增大到最大大小 128 tebibytes (TiB)。Aurora 还会自动执行和标准化数据库集群和复制，这通常是数据库配置和管理方面的最大问题。你简单理解它就是一个有AWS自动管理的关系型数据库。
阿里云对标产品：云原生数据库版
注意，Aurora是在RDS控制台中创建，如下图：

2.2.1 基本特性

• 高达128G存储，可跨多个AZ
• 可跨区域拷贝（可做故障转移，30秒内转移）

例题：A company is running an application in the AWS Cloud. The application runs on containers m an Amazon Elastic Container Service (Amazon ECS) cluster. The ECS tasks use the Fargate launch type. The application’s data is relational and is stored in Amazon Aurora MySQL. To meet regulatory requirements, the application must be able to recover to a separate AWS Region in the event of an application failure. In case of a failure, no data can be lost.
Which solution will meet these requirements with the LEAST amount of operational overhead?
A. Provision an Aurora Replica in a different Region.
B. Set up AWS DataSync for continuous replication of the data to a different Region.
C. Set up AWS Database Migration Service (AWS DMS) to perform a continuous replication of the data to a different Region.
D. Use Amazon Data Lifecycle Manager (Amazon DLM) to schedule a snapshot every 5 minutes.
答案：A
答案解析：需要将Aurora MySQL做一个灾备，并且运营开销最小化。B选项AWS DataSync可以复制数据，但它不是一个完全托管的服务，需要更多的配置和管理。C.选项AWS DMS是用于在数据库之间迁移数据，但它可能需要额外的配置和管理来持续实时复制数据。D选项Amazon DLM可以用于调度快照，但它不提供实时复制，可能无法满足故障时不丢失数据的要求。

• 与S3无缝对接
• Aurora Serverless能够自动伸缩，免去底层维护
  
• Babelfish for Aurora PostgreSQL：使用 Babelfish，最初为 SQL Server 构建的应用程序可以直接与 Aurora PostgreSQL 协作，与传统迁移相比，代码更改很少，而且无需更改数据库驱动程序。

例题：An online retail company is migrating its legacy on-premises .NET application to AWS. The application runs on load-balanced frontend web servers, load-balanced application servers, and a Microsoft SQL Server database.
The company wants to use AWS managed services where possible and does not want to rewrite the application. A solutions architect needs to implement a solution to resolve scaling issues and minimize licensing costs as the application scales.
Which solution will meet these requirements MOST cost-effectively?
A. Deploy Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer for the web tier and for the application tier. Use Amazon Aurora PostgreSQL with Babelfish turned on to replatform the SQL Server database.
B. Create images of all the servers by using AWS Database Migration Service (AWS DMS). Deploy Amazon EC2 instances that are based on the on-premises imports. Deploy the instances in an Auto Scaling group behind a Network Load Balancer for the web tier and for the application tier. Use Amazon DynamoDB as the database tier.
C. Containerize the web frontend tier and the application tier. Provision an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. Create an Auto Scaling group behind a Network Load Balancer for the web tier and for the application tier. Use Amazon RDS for SQL Server to host the database.
D. Separate the application functions into AWS Lambda functions. Use Amazon API Gateway for the web frontend tier and the application tier. Migrate the data to Amazon S3. Use Amazon Athena to query the data.
答案：A
答案解析：题目要求将一个前端+后端+Microsoft SQL Server database迁移到AWS上，并且MOST cost-effectively。其中SQL Server是关系型数据库，那么一般都会迁移到RDS，因此排除B选项和D选项。C选项采用EKS属于成本高的架构。因此选择A选项。

• 监控 Amazon Aurora 数据库集群中的事件、日志和流的不同方案

例题：A company uses an Amazon Aurora PostgreSQL DB cluster for applications in a single AWS Region. The company’s database team must monitor all data activity on all the databases.
Which solution will achieve this goal?
A. Set up an AWS Database Migration Service (AWS DMS) change data capture (CDC) task. Specify the Aurora DB cluster as the source. Specify Amazon Kinesis Data Firehose as the target. Use Kinesis Data Firehose to upload the data into an Amazon OpenSearch Service cluster for further analysis.
B. Start a database activity stream on the Aurora DB cluster to capture the activity stream in Amazon EventBridge. Define an AWS Lambda function as a target for EventBridge. Program the Lambda function to decrypt the messages from EventBridge and to publish all database activity to Amazon S3 for further analysis.
C. Start a database activity stream on the Aurora DB cluster to push the activity stream to an Amazon Kinesis data stream. Configure Amazon Kinesis Data Firehose to consume the Kinesis data stream and to deliver the data to Amazon S3 for further analysis.
D. Set up an AWS Database Migration Service (AWS DMS) change data capture (CDC) task. Specify the Aurora DB cluster as the source. Specify Amazon Kinesis Data Firehose as the target. Use Kinesis Data Firehose to upload the data into an Amazon Redshift cluster. Run queries on the Amazon Redshift data to determine database activities on the Aurora database.
答案：C
答案选择：参考：https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.Monitoring.html

2.2.2 Global Aurora

跨越多个 AWS 区域，可实现低延迟的全局读取，并可从可能影响整个 AWS 区域 的罕见停机事件中快速恢复。一个 Aurora 全局数据库在一个区域中有一个主数据库集群，在不同区域中最多有五个辅助数据库集群。RTO小于1分钟。（考试中经常出现在DR选项中）

例题：A fitness tracking company serves users around the world, with its primary markets in North America and Asia. The company needs to design an infrastructure for its read-heavy user authorization application with the following requirements:
– Be resilient to problems with the application in any Region.
– Write to a database in a single Region.
– Read from multiple Regions.
– Support resiliency across application tiers in each Region.
– Support the relational database semantics reflected in the application.
Which combination of steps should a solutions architect take? (Choose two.)
A. Use an Amazon Route 53 geoproximity routing policy combined with a multivalue answer routing policy.
B. Deploy web, application, and MySQL database servers to Amazon EC2 instance in each Region. Set up the application so that reads and writes are local to the Region. Create snapshots of the web, application, and database servers and store the snapshots in an Amazon S3 bucket in both Regions. Set up cross- Region replication for the database layer.
C. Use an Amazon Route 53 geolocation routing policy combined with a failover routing policy.
D. Set up web, application, and Amazon RDS for MySQL instances in each Region. Set up the application so that reads are local and writes are partitioned based on the user. Set up a Multi-AZ failover for the web, application, and database servers. Set up cross-Region replication for the database layer.
E. Set up active-active web and application servers in each Region. Deploy an Amazon Aurora global database with clusters in each Region. Set up the application to use the in-Region Aurora database endpoints. Create snapshots of the web application servers and store them in an Amazon S3 bucket in both Regions.
答案：CE
答案解析：题目希望数据库能够一主多备，主数据库不可用可以迅速恢复。首先恢复需要做故障转移，使用Route 53最好，因此C选项。使用Aurora global database可以实现题目的要求。因此CE。

例题：A company has deployed its database on an Amazon RDS for MySQL DB instance in the us-east-1 Region. The company needs to make its data available to customers in Europe. The customers in Europe must have access to the same data as customers in the United States (US) and will not tolerate high application latency or stale data. The customers in Europe and the customers in the US need to write to the database. Both groups of customers need to see updates from the other group in real time.
Which solution will meet these requirements?
A. Create an Amazon Aurora MySQL replica of the RDS for MySQL DB instance. Pause application writes to the RDS DB instance. Promote the Aurora Replica to a standalone DB cluster. Reconfigure the application to use the Aurora database and resume writes. Add eu-west-1 as a secondary Region to the 06 cluster. Enable write forwarding on the DB cluster. Deploy the application in eu-west-1. Configure the application to use the Aurora MySQL endpoint in eu- west-1.
B. Add a cross-Region replica in eu-west-1 for the RDS for MySQL DB instance. Configure the replica to replicate write queries back to the primary DB instance. Deploy the application in eu-west-1. Configure the application to use the RDS for MySQL endpoint in eu-west-1.
C. Copy the most recent snapshot from the RDS for MySQL DB instance to eu-west-1. Create a new RDS for MySQL DB instance in eu-west-1 from the snapshot. Configure MySQL logical replication from us-east-1 to eu-west-1. Enable write forwarding on the DB cluster. Deploy the application in eu-west-1. Configure the application to use the RDS for MySQL endpoint in eu-west-1.
D. Convert the RDS for MySQL DB instance to an Amazon Aurora MySQL DB cluster. Add eu-west-1 as a secondary Region to the DB cluster. Enable write forwarding on the DB cluster. Deploy the application in eu-west-1. Configure the application to use the Aurora MySQL endpoint in eu-west-1.
答案：D
答案解析：参考：https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-write-forwarding.html

例题：A company hosts a web application on AWS in the us-east-1 Region. The application servers are distributed across three Availability Zones behind an Application Load Balancer. The database is hosted in MySQL database on an Amazon EC2 instance. A solutions architect needs to design a cross-Region data recovery solution using AWS services with an RTO of less than 5 minutes and an RPO of less than 1 minute. The solutions architect is deploying application servers in us- west-2, and has configured Amazon Route 53 health checks and DNS failover to us-west-2.
Which additional step should the solutions architect take?
A. Migrate the database to an Amazon RDS for MySQL instance with a cross-Region read replica in us-west-2.
B. Migrate the database to an Amazon Aurora global database with the primary in us-east-1 and the secondary in us-west-2.
C. Migrate the database to an Amazon RDS for MySQL instance with a Multi-AZ deployment.
D. Create a MySQL standby database on an Amazon EC2 instance in us-west-2.
答案：B
答案解析：题目需要做一个数据库多区域DR解决方案（其它都已经做好了），并且RTO小于5分钟，RPO小于1分钟。A选项使用副本，但是副本并不能保证RPO为1分钟。C选项并没有变成多区域。D选项使用EC2部署更不可靠。因此使用global database ，选择B选项

2.2.3 RDS Proxy for Aurora

注意：当考试中出现说数据库连接过多或者故障转移时，这时候基本上要选择Proxy

例题：A company wants to migrate its data analytics environment from on premises to AWS. The environment consists of two simple Node.js applications. One of the applications collects sensor data and loads it into a MySQL database. The other application aggregates the data into reports. When the aggregation jobs run, some of the load jobs fail to run correctly.
The company must resolve the data loading issue. The company also needs the migration to occur without interruptions or changes for the company’s customers.
What should a solutions architect do to meet these requirements?
A. Set up an Amazon Aurora MySQL database as a replication target for the on-premises database. Create an Aurora Replica for the Aurora MySQL database, and move the aggregation jobs to run against the Aurora Replica. Set up collection endpoints as AWS Lambda functions behind a Network Load Balancer (NLB), and use Amazon RDS Proxy to write to the Aurora MySQL database. When the databases are synced, disable the replication job and restart the Aurora Replica as the primary instance. Point the collector DNS record to the NLB.
B. Set up an Amazon Aurora MySQL database. Use AWS Database Migration Service (AWS DMS) to perform continuous data replication from the on-premises database to Aurora. Move the aggregation jobs to run against the Aurora MySQL database. Set up collection endpoints behind an Application Load Balancer (ALB) as Amazon EC2 instances in an Auto Scaling group. When the databases are synced, point the collector DNS record to the ALB. Disable the AWS DMS sync task after the cutover from on premises to AWS.
C. Set up an Amazon Aurora MySQL database. Use AWS Database Migration Service (AWS DMS) to perform continuous data replication from the on-premises database to Aurora. Create an Aurora Replica for the Aurora MySQL database, and move the aggregation jobs to run against the Aurora Replica. Set up collection endpoints as AWS Lambda functions behind an Application Load Balancer (ALB), and use Amazon RDS Proxy to write to the Aurora MySQL database. When the databases are synced, point the collector DNS record to the ALB. Disable the AWS DMS sync task after the cutover from on premises to AWS.
D. Set up an Amazon Aurora MySQL database. Create an Aurora Replica for the Aurora MySQL database, and move the aggregation jobs to run against the Aurora Replica. Set up collection endpoints as an Amazon Kinesis data stream. Use Amazon Kinesis Data Firehose to replicate the data to the Aurora MySQL database. When the databases are synced, disable the replication job and restart the Aurora Replica as the primary instance. Point the collector DNS record to the Kinesis data stream.
答案：C
答案解析：题目主要是2个不同任务同时操作MySQL ，其中传感器加载MySQL会出现失败，解决思路应该是使用读取副本。A选项网络负载均衡器不支持lambda目标类型。应用程序负载平衡器是唯一支持lambda目标类型的负载平衡器；B选项这不会解决加载作业失败的问题；D选项不正确-Kinesis Firehose不能直接复制数据到Aurora；因此C选项正确-聚合作业和RDS代理的Aurora副本，以获得更好的RDS性能

例题：A solutions architect has developed a web application that uses an Amazon API Gateway Regional endpoint and an AWS Lambda function. The consumers of the web application are all close to the AWS Region where the application will be deployed. The Lambda function only queries an Amazon Aurora MySQL database. The solutions architect has configured the database to have three read replicas.
During testing, the application does not meet performance requirements. Under high load, the application opens a large number of database connections. The solutions architect must improve the application’s performance.
Which actions should the solutions architect take to meet these requirements? (Choose two.)
A. Use the cluster endpoint of the Aurora database.
B. Use RDS Proxy to set up a connection pool to the reader endpoint of the Aurora database.
C. Use the Lambda Provisioned Concurrency feature.
D. Move the code for opening the database connection in the Lambda function outside of the event handler.
E. Change the API Gateway endpoint to an edge-optimized endpoint.
答案：BD
答案分析：题目出现的问题是a large number of database connections。数据库连接过多的处理方式；B选项通过RDS Proxy；D选项将连接数据库移除Lambda就是为了防止高并发时导致连接过多。因此答案BD

例题：A company is running a critical application that uses an Amazon RDS for MySQL database to store data. The RDS DB instance is deployed in Multi-AZ mode.
A recent RDS database failover test caused a 40-second outage to the application. A solutions architect needs to design a solution to reduce the outage time to less than 20 seconds.
Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)
A. Use Amazon ElastiCache for Memcached in front of the database
B. Use Amazon ElastiCache for Redis in front of the database
C. Use RDS Proxy in front of the database.
D. Migrate the database to Amazon Aurora MySQL.
E. Create an Amazon Aurora Replica.
F. Create an RDS for MySQL read replica
答案：CDE
答案解析：RDS故障转移通常需要60-120秒，而Aurora故障转移在30秒内完成。ElastiCache用于做缓存减少延迟，而不是用于故障转移。因此选择CDE。

例题：A company runs a software-as-a-service (SaaS) application on AWS. The application consists of AWS Lambda functions and an Amazon RDS for MySQL Multi-AZ database. During market events, the application has a much higher workload than normal. Users notice slow response times during the peak periods because of many database connections. The company needs to improve the scalable performance and availability of the database.
Which solution meets these requirements?
A. Create an Amazon CloudWatch alarm action that triggers a Lambda function to add an Amazon RDS for MySQL read replica when resource utilization hits a threshold.
B. Migrate the database to Amazon Aurora, and add a read replica. Add a database connection pool outside of the Lambda handler function.
C. Migrate the database to Amazon Aurora, and add a read replica. Use Amazon Route 53 weighted records.
D. Migrate the database to Amazon Aurora, and add an Aurora Replica. Configure Amazon RDS Proxy to manage database connection pools.
答案：D
答案解析：题目希望解决数据库连接过多问题。因此使用RDS Proxy 是解决方案。

例题：A solutions architect needs to improve an application that is hosted in the AWS Cloud. The application uses an Amazon Aurora MySQL DB instance that is experiencing overloaded connections. Most of the application’s operations insert records into the database. The application currently stores credentials in a text-based configuration file.
The solutions architect needs to implement a solution so that the application can handle the current connection load. The solution must keep the credentials secure and must provide the ability to rotate the credentials automatically on a regular basis.
Which solution will meet these requirements?
A. Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connection credentials as a secret in AWS Secrets Manager.
B. Deploy an Amazon RDS Proxy layer in front of the DB instance. Store the connection credentials in AWS Systems Manager Parameter Store.
C. Create an Aurora Replica. Store the connection credentials as a secret in AWS Secrets Manager.
D. Create an Aurora Replica. Store the connection credentials in AWS Systems Manager Parameter Store.
答案：A
答案解析：题目要求处理Aurora MySQL的数据库连接过载，并且解决应用程序读取数据库凭证问题。首先解决数据库连接过载使用Proxy，因此排除C选项和D选项。数据库凭证需要自动轮询，因此使用Secrets Manager。因此选择A选项

2.3 Amazon DynamoDB（NoSQL-键值数据库）

在了解Amazon DynamoDB之前，可以了解一下什么是NoSQL数据库，其实是泛指非关系型数据库，它们牺牲行存储方式，具有关系型数据库不具备的某些特性，比如key-value、文档等不同类型的NoSQL。
Amazon DynamoDB 是一种全托管 NoSQL 数据库服务，提供快速而可预测的性能，能够实现无缝扩展。DynamoDB 可以免除操作和扩展分布式数据库的管理工作负担，因而无需担心硬件预置、设置和配置、复制、软件修补或集群扩展等问题。此外，DynamoDB 提供了加密静态，这可以消除在保护敏感数据时涉及的操作负担和复杂性。
DynamoDB 就是一个key-value的NoSQL数据库，其对应的是类似Cassandra，采用列式存储。
阿里云对标产品：表格存储 Tablestore

2.3.1 基本概念

• 表：类似于其他数据库系统，DynamoDB 将数据存储在表中。表 是数据的集合。
• 项目：每个表包含零个或更多个项目。项目 是一组属性，具有不同于所有其他项目的唯一标识。DynamoDB 中的项目在很多方面都类似于其他数据库系统中的行、记录或元组。在 DynamoDB中，对表中可存储的项目数没有限制。
• 属性：每个项目包含一个或多个属性。属性 是基础的数据元素，无需进一步分解。DynamoDB 中的属性在很多方面都类似于其他数据库系统中的字段或列。
• 主键：创建表时，除表名称外，您还必须指定表的主键。主键唯一标识表中的每个项目，因此，任意两个项目的主键都不相同。支持2种类型主键：
  1）分区键 – 由一个称为分区键的属性构成的简单主键。
  2）分区键和排序键 – 称为复合主键，此类型的键由两个属性组成。第一个属性是分区键，第二个属性是排序键。
• 本地二级索引：分区键和排序键可与基表中的这些键不同的索引。必须在创建时创建。
• 全局二级索引：分区键与基表相同但排序键不同的索引。

2.3.2 基本特性

• 与Cassandra类似，Cassandra可直接迁移到DynamoDB
• 每个对象最大400KB
• 容量方面支持：配置固定（WCU和RCU）或自动伸缩

例题：A company recently deployed an application on AWS. The application uses Amazon DynamoDB. The company measured the application load and configured the RCUs and WCUs on the DynamoDB table to match the expected peak load. The peak load occurs once a week for a 4-hour period and is double the average load. The application load is close to the average load for the rest of the week. The access pattern includes many more writes to the table than reads of the table.
A solutions architect needs to implement a solution to minimize the cost of the table.
Which solution will meet these requirements?
A. Use AWS Application Auto Scaling to increase capacity during the peak period. Purchase reserved RCUs and WCUs to match the average load.
B. Configure on-demand capacity mode for the table.
C. Configure DynamoDB Accelerator (DAX) in front of the table. Reduce the provisioned read capacity to match the new peak load on the table.
D. Configure DynamoDB Accelerator (DAX) in front of the table. Configure on-demand capacity mode for the table.
答案：A
答案解析：题目是平时稳定的流量，每周偶尔会出现某次流量高峰。reserved RCUs and WCUs适用固定流量，Auto Scaling模式适用于已知突发模式，2者配合。因此选择A选项

例题：A company operates quick-service restaurants. The restaurants follow a predictable model with high sales traffic for 4 hours daily. Sales traffic is lower outside of those peak hours.
The point of sale and management platform is deployed in the AWS Cloud and has a backend that is based on Amazon DynamoDB. The database table uses provisioned throughput mode with 100,000 RCUs and 80,000 WCUs to match known peak resource consumption.
The company wants to reduce its DynamoDB cost and minimize the operational overhead for the IT staff.
Which solution meets these requirements MOST cost-effectively?
A. Reduce the provisioned RCUs and WCUs.
B. Change the DynamoDB table to use on-demand capacity.
C. Enable Dynamo DB auto scaling for the table.
D. Purchase 1-year reserved capacity that is sufficient to cover the peak load for 4 hours each day.
答案：C
答案解析：题目使用DynamoDB数据库有不固定的流量峰值，需要采用MOST cost-effectively方式解决。A选项选择减少会导致流量高峰无法正常使用；B选项可以实现，但是成本相对于auto scaling高；D选项由于不是固定流量，购买预留容量反而会导致成本增加。因此选择C选项

• 自动备份
• TTL：可以指定行过期时间
• DynamoDB Stream：用于捕获 DynamoDB 表中的数据修改事件。有关这些事件的数据将以事件发生的顺序近乎实时地出现在流中
  
• Global Table：跨区域的表复制，同时还能多区域写入。具备很低的RTO，所以在考试中DR经常出现。
  

例题：A company is creating a sequel for a popular online game. A large number of users from all over the world will play the game within the first week after launch.
Currently, the game consists of the following components deployed in a single AWS Region:
– Amazon S3 bucket that stores game assets
– Amazon DynamoDB table that stores player scores
A solutions architect needs to design a multi-Region solution that will reduce latency, improve reliability, and require the least effort to implement.
What should the solutions architect do to meet these requirements?
A. Create an Amazon CloudFront distribution to serve assets from the S3 bucket. Configure S3 Cross-Region Replication. Create a new DynamoDB table in a new Region. Use the new table as a replica target for DynamoDB global tables.
B. Create an Amazon CloudFront distribution to serve assets from the S3 bucket. Configure S3 Same-Region Replication. Create a new DynamoDB table in a new Region. Configure asynchronous replication between the DynamoDB tables by using AWS Database Migration Service (AWS DMS) with change data capture (CDC).
C. Create another S3 bucket in a new Region, and configure S3 Cross-Region Replication between the buckets. Create an Amazon CloudFront distribution and configure origin failover with two origins accessing the S3 buckets in each Region. Configure DynamoDB global tables by enabling Amazon DynamoDB Streams, and add a replica table in a new Region.
D. Create another S3 bucket in the sine Region, and configure S3 Same-Region Replication between the buckets. Create an Amazon CloudFront distribution and configure origin failover with two origins accessing the S3 buckets. Create a new DynamoDB table in a new Region. Use the new table as a replica target for DynamoDB global tables.
答案：C
答案解析：A选项 enabling Amazon DynamoDB Streams是全局表的先决条件；B选项中DMS一般用于数据迁移，不做多区域冗余；D选项在同一区域无法做到多区域冗余；DynamoDB多区域最好的方式就是DynamoDB global tables。因此选择C。

• DynamoDB Accelerator（DAX）：是一项与 DynamoDB 兼容的缓存服务，可让您受益于针对要求苛刻的应用程序的极高内存中性能。关于DAX和ElasticCache之间的选择也是考试经常有的：
  1）DAX只是缓存查询对象，当你需要快速查询DynamoDB时，可以使用DAX
  2）ElasticCache不只缓存对象，可以缓存其它数据，更多是用于存储计算结果，当你需要做缓存中间集结果时，可以使用ElasticCache。

例题：A company owns a chain of travel agencies and is running an application in the AWS Cloud. Company employees use the application to search for information about travel destinations. Destination content is updated four times each year.
Two fixed Amazon EC2 instances serve the application. The company uses an Amazon Route 53 public hosted zone with a multivalue record of travel.example.com that returns the Elastic IP addresses for the EC2 instances. The application uses Amazon DynamoDB as its primary data store. The company uses a self-hosted Redis instance as a caching solution.
During content updates, the load on the EC2 instances and the caching solution increases drastically. This increased load has led to downtime on several occasions. A solutions architect must update the application so that the application is highly available and can handle the load that is generated by the content updates.
Which solution will meet these requirements?
A. Set up DynamoDB Accelerator (DAX) as in-memory cache. Update the application to use DAX. Create an Auto Scaling group for the EC2 instances. Create an Application Load Balancer (ALB). Set the Auto Scaling group as a target for the ALB. Update the Route 53 record to use a simple routing policy that targets the ALB’s DNS alias. Configure scheduled scaling for the EC2 instances before the content updates.
B. Set up Amazon ElastiCache for Redis. Update the application to use ElastiCache. Create an Auto Scaling group for the EC2 instances. Create an Amazon CloudFront distribution, and set the Auto Scaling group as an origin for the distribution. Update the Route 53 record to use a simple routing policy that targets the CloudFront distribution’s DNS alias. Manually scale up EC2 instances before the content updates.
C. Set up Amazon ElastiCache for Memcached. Update the application to use ElastiCache Create an Auto Scaling group for the EC2 instances. Create an Application Load Balancer (ALB). Set the Auto Scaling group as a target for the ALB. Update the Route 53 record to use a simple routing policy that targets the ALB’s DNS alias. Configure scheduled scaling for the application before the content updates.
D. Set up DynamoDB Accelerator (DAX) as in-memory cache. Update the application to use DAX. Create an Auto Scaling group for the EC2 instances. Create an Amazon CloudFront distribution, and set the Auto Scaling group as an origin for the distribution. Update the Route 53 record to use a simple routing policy that targets the CloudFront distribution’s DNS alias. Manually scale up EC2 instances before the content updates.
答案：A
答案解析：题目希望解决EC2和缓存的压力。从题目中可知缓存只是用来查询，并非一个中间集，所以选择DAX而不是ElastiCache，因此只有A选项和D选项符合。EC2的压力通过ASG+ALB缓解，因此选择A选项

例题：A company has a latency-sensitive trading platform that uses Amazon DynamoDB as a storage backend. The company configured the DynamoDB table to use on-demand capacity mode. A solutions architect needs to design a solution to improve the performance of the trading platform. The new solution must ensure high availability for the trading platform.
Which solution will meet these requirements with the LEAST latency?
A. Create a two-node DynamoDB Accelerator (DAX) cluster. Configure an application to read and write data by using DAX.
B. Create a three-node DynamoDB Accelerator (DAX) cluster. Configure an application to read data by using DAX and to write data directly to the DynamoDB table.
C. Create a three-node DynamoDB Accelerator (DAX) cluster. Configure an application to read data directly from the DynamoDB table and to write data by using DAX.
D. Create a single-node DynamoDB Accelerator (DAX) cluster. Configure an application to read data by using DAX and to write data directly to the DynamoDB table.
答案：B
答案解析：题目要求提升性能。采用3节点集群，DAX是缓存，因此读数据指向DAX，写数据指向DynamoDB 。因此选择B选项

例题：A financial services company loaded millions of historical stock trades into an Amazon DynamoDB table. The table uses on-demand capacity mode. Once each day at midnight, a few million new records are loaded into the table. Application read activity against the table happens in bursts throughout the day, and a limited set of keys are repeatedly looked up. The company needs to reduce costs associated with DynamoDB.
Which strategy should a solutions architect recommend to meet this requirement?
A. Deploy an Amazon ElastiCache cluster in front of the DynamoDB table.
B. Deploy DynamoDB Accelerator (DAX). Configure DynamoDB auto scaling. Purchase Savings Plans in Cost Explorer.
C. Use provisioned capacity mode. Purchase Savings Plans in Cost Explorer.
D. Deploy DynamoDB Accelerator (DAX). Use provisioned capacity mode. Configure DynamoDB auto scaling.
答案：D
答案解析：题目需要对DynamoDB 做出一些优化。首先是有高并发查询，但是查询重复性高，因此采用DAX做缓存，因此排除A选项和C选项。B选项中Savings Plans 并没有包括DynamoDB ，因此选择D选项。

2.3.3 经典架构

• 利用DynamoDB作为存储在S3的metadata存储
  

2.4 Amazon DocumentDB（NoSQL-文档数据库）

Amazon DocumentDB（兼容 MongoDB）是一项快速、可靠且完全托管的数据库服务。Amazon DocumentDB 可以轻松地在云中设置、操作和扩展兼容 MongoDB 的数据库。使用 Amazon DocumentDB，您可以运行与 MongoDB 相同的应用程序代码并使用与 MongoDB 相同的驱动程序和工具。
阿里云对标产品：云数据库 MongoDB 版

2.4.1 术语

文档数据库用于将半结构化数据存储为文档，而不是像关系数据库那样在多个表之间对数据进行规范化，每个表都有唯一的固定结构。因此不存在表、行之说，但是其概念还是可以对应到SQL，以下表就是术语对应。

2.4.2 基本特性

• 兼容目前开源的MongoDB
• 支持基于实例和弹性集群2种方式
• 弹性集群与RDS一样需要创建在某个VPC中，而基于实例则以实例所在的VPC
• 存储内容是一个JSON格式的文档（考试中如果碰到MongoDB迁移云上，基本上选择DocumentDB，但是如果强调是key-value的话，则选择DynamoDB）
• 有3-AZ可用区的高可用设计
• 自动缩放

2.5 Amazon OpenSearch Service （检索数据库）

在了解OpenSearch之前，可以先了解ElasticSearch，这是一个做全文检索的数据库。
Amazon OpenSearch Service 是一项托管服务，可让您在AWS云中轻松部署、操作和扩展 OpenSearch 集群。注意：早期AWS是有一款ElasticSearch产品，但是由于版权和协议问题，最终下架后退出OpenSearch产品。但OpenSearch对传统的 Elasticsearch OSS（最高 7.10，即该软件的最终开源版本）实现兼容，意味着如果你版本在7.10及以下，可以无缝迁移到AWS上。
阿里云对标产品：检索分析服务 Elasticsearch 版

2.5.1 基础特性

• 具有ElasticSearch的特性，其中如果出现JSON检索，使用OpenSearch最好
• 最大高达3TB数据
• 有集群版和serverless版本
• 提供Amazon OpenSearch Ingestion用于与其他组件集成
• UltraWarm：为在 Amazon OpenSearch 服务上存储大量只读数据提供了一种经济实惠的方式。标准数据节点使用“热”存储，其形式是连接到每个节点的实例存储或 Amazon EBS 卷。热存储为编制索引和搜索新数据提供尽可能快的性能。

例题：A company is using Amazon OpenSearch Service to analyze data. The company loads data into an OpenSearch Service cluster with 10 data nodes from an Amazon S3 bucket that uses S3 Standard storage. The data resides in the cluster for 1 month for read-only analysis. After 1 month, the company deletes the index that contains the data from the cluster. For compliance purposes, the company must retain a copy of all input data.
The company is concerned about ongoing costs and asks a solutions architect to recommend a new solution.
Which solution will meet these requirements MOST cost-effectively?
A. Replace all the data nodes with UltraWarm nodes to handle the expected capacity. Transition the input data from S3 Standard to S3 Glacier Deep Archive when the company loads the data into the cluster.
B. Reduce the number of data nodes in the cluster to 2 Add UltraWarm nodes to handle the expected capacity. Configure the indexes to transition to UltraWarm when OpenSearch Service ingests the data. Transition the input data to S3 Glacier Deep Archive after 1 month by using an S3 Lifecycle policy.
C. Reduce the number of data nodes in the cluster to 2. Add UltraWarm nodes to handle the expected capacity. Configure the indexes to transition to UltraWarm when OpenSearch Service ingests the data. Add cold storage nodes to the cluster Transition the indexes from UltraWarm to cold storage. Delete the input data from the S3 bucket after 1 month by using an S3 Lifecycle policy.
D. Reduce the number of data nodes in the cluster to 2. Add instance-backed data nodes to handle the expected capacity. Transition the input data from S3 Standard to S3 Glacier Deep Archive when the company loads the data into the cluster.
答案：B
答案解析：题目要求MOST cost-effectively解决方案。利用UltraWarm节省OpenSearch成本，同时S3使用Glacier Deep Archive 存储超过1个月的数据，这样的方案最经济，因此选择B选项

2.5.2 经典架构

• 数据导入检索数据库
  
• 日志归档并检索
  

2.6 Amazon CloudSearch（检索数据库）

Amazon CloudSearch是AWS最新推出一款准备替代OpenSearch的服务。你可以简单理解与OpenSearch具备同样的功能，底层原理也差不多，由AWS完全托管。其中如果出现JSON检索，使用CloudSearch最好

2.7 Amazon Timestream（时序数据库）

Amazon Timestream是一个快速，可扩展，完全管理，专用的时间序列数据库，可以轻松存储和分析每天数万亿的时间序列数据点。

2.7.1 基本特性

• serverless，专门处理和分析带时间标签（按照时间的顺序变化，即时间序列化）的数据
• 自动调整扩缩容，速度和费用远低于关系数据库，还支持SQL查询
• 使用场景：IoT、操作历史、实时分析等

2.7.2 典型架构

• 数据采集到数据分析
  

3 缓存数据库

3.1 Amazon ElastiCache

了解Amazon ElastiCache之前，可以先了解一下redis或者mencached缓存架构，这样有助于你了解ElastiCache。
Amazon ElastiCache 是一种 Web 服务，可让用户在云中轻松设置、管理和扩展分布式内存数据存储或缓存环境。它可以提供高性能、可扩展且具有成本效益的缓存解决方案。同时，它可以帮助消除与部署和管理分布式缓存环境相关的复杂性。
阿里云对标产品：云数据库 Redis 版

3.1.1 基本特性

• 作为一个缓存数据库，具有很高的性能和低延迟，考试中会与DynamoDB的DAX做比较，一般如果数据库使用DynamoDB那么直接使用DAX，如果做其他缓存（如session等），才考虑DynamoDB。
• 分为redis和mencached两个不同版本，不过考试基本不会考察之间的选择，但建议去了解redis或者mencached的不同
• 与RDS一样需要运行在一个VPC中，并且可跨AZ，并且是serverless。（考试中会考你高可用，一般选择Mutli-AZ）
• 安全性-使用TLS加密传输；
• 使用Redis AUTH 命令进行身份验证或者使用 IAM 进行身份验证

例题：A company is running an application that uses an Amazon ElastiCache for Redis cluster as a caching layer. A recent security audit revealed that the company has configured encryption at rest for ElastiCache. However, the company did not configure ElastiCache to use encryption in transit. Additionally, users can access the cache without authentication.
A solutions architect must make changes to require user authentication and to ensure that the company is using end-to-end encryption.
Which solution will meet these requirements?
A. Create an AUTH token. Store the token in AWS System Manager Parameter Store, as an encrypted parameter. Create a new cluster with AUTH, and configure encryption in transit. Update the application to retrieve the AUTH token from Parameter Store when necessary and to use the AUTH token for authentication.
B. Create an AUTH token. Store the token in AWS Secrets Manager. Configure the existing cluster to use the AUTH token, and configure encryption in transit. Update the application to retrieve the AUTH token from Secrets Manager when necessary and to use the AUTH token for authentication.
C. Create an SSL certificate. Store the certificate in AWS Secrets Manager. Create a new cluster, and configure encryption in transit. Update the application to retrieve the SSL certificate from Secrets Manager when necessary and to use the certificate for authentication.
D. Create an SSL certificate. Store the certificate in AWS Systems Manager Parameter Store, as an encrypted advanced parameter. Update the existing cluster to configure encryption in transit. Update the application to retrieve the SSL certificate from Parameter Store when necessary and to use the certificate for authentication.
答案：B
答案解析：题目要求用户需要做身份验证才能访问ElastiCache ，因此选择AUTH token，并且存储在Secrets Manager.更为安全。因此选择B选项

3.1.2 经典架构

• 作为RDS数据库的缓存
  

• session的存储
  

4 存储相关服务

这部分讲的不是非结构化、结构化和缓存的存储类型，但是与存储有一些紧密的关系，或者说一般都是为了存储而出现的服务。

4.1 AWS Transfer Family

Transfer Family 是一种安全的传输服务，使您能够将文件传入和传出 AWS 存储服务。Transfer Family支持通过以下协议传输数据：

• Secure Shell (SSH) 文件传输协议 (SFTP)：版本 3
• 安全文件传输协议 (FTPS)
• 文件传输协议 (FTP)
• 适用性声明 2 (AS2)
  （注意：如果出现FTP相关的内容，那么基本上与Transfer Family有关系）

例题：A finance company hosts a data lake in Amazon S3. The company receives financial data records over SFTP each night from several third parties. The company runs its own SFTP server on an Amazon EC2 instance in a public subnet of a VPC. After the files are uploaded, they are moved to the data lake by a cron job that runs on the same instance. The SFTP server is reachable on DNS sftp.example.com through the use of Amazon Route 53.
What should a solutions architect do to improve the reliability and scalability of the SFTP solution?
A. Move the EC2 instance into an Auto Scaling group. Place the EC2 instance behind an Application Load Balancer (ALB). Update the DNS record sftp.example.com in Route 53 to point to the ALB.
B. Migrate the SFTP server to AWS Transfer for SFTP. Update the DNS record sftp.example.com in Route 53 to point to the server endpoint hostname.
C. Migrate the SFTP server to a file gateway in AWS Storage Gateway. Update the DNS record sftp.example.com in Route 53 to point to the file gateway endpoint.
D. Place the EC2 instance behind a Network Load Balancer (NLB). Update the DNS record sftp.example.com in Route 53 to point to the NLB.
答案：B
答案解析：题目要求保证SFTP的高可靠和可扩展。A选项只能支持多可用区，不能支持跨区域；C选项Storage Gateway一般用于数据迁移或者数据共享；D选项明显不具备很好的可扩展性和可靠性。因此答案选择B。

例题：An international delivery company hosts a delivery management system on AWS. Drivers use the system to upload confirmation of delivery. Confirmation includes the recipient’s signature or a photo of the package with the recipient. The driver’s handheld device uploads signatures and photos through FTP to a single Amazon EC2 instance. Each handheld device saves a file in a directory based on the signed-in user, and the file name matches the delivery number. The EC2 instance then adds metadata to the file after querying a central database to pull delivery information. The file is then placed in Amazon S3 for archiving.
As the company expands, drivers report that the system is rejecting connections. The FTP server is having problems because of dropped connections and memory issues. In response to these problems, a system engineer schedules a cron task to reboot the EC2 instance every 30 minutes. The billing team reports that files are not always in the archive and that the central system is not always updated.
A solutions architect needs to design a solution that maximizes scalability to ensure that the archive always receives the files and that systems are always updated. The handheld devices cannot be modified, so the company cannot deploy a new application.
Which solution will meet these requirements?
A. Create an AMI of the existing EC2 instance. Create an Auto Scaling group of EC2 instances behind an Application Load Balancer. Configure the Auto Scaling group to have a minimum of three instances.
B. Use AWS Transfer Family to create an FTP server that places the files in Amazon Elastic File System (Amazon EFS). Mount the EFS volume to the existing EC2 instance. Point the EC2 instance to the new path for file processing.
C. Use AWS Transfer Family to create an FTP server that places the files in Amazon S3. Use an S3 event notification through Amazon Simple Notification Service (Amazon SNS) to invoke an AWS Lambda function. Configure the Lambda function to add the metadata and update the delivery system.
D. Update the handheld devices to place the files directly in Amazon S3. Use an S3 event notification through Amazon Simple Queue Service (Amazon SQS) to invoke an AWS Lambda function. Configure the Lambda function to add the metadata and update the delivery system.
答案：C
答案解析：题目中原先架构使用FTP+EC2上传和存储，但是遇到性能连接瓶颈。首先FTP在AWS中优先考虑使用AWS Transfer Family ，因此答案只有在B选项和C选项。而B选项依旧使用EC2并没有解决实际问题，因此选择C选项。

4.1.1 基本特性

• 支持FTP、FTPS、SFTP、AS2协议
• 能够将S3和EFS以FPT协议方式暴露出去
• 可扩展、高可用（支持multi-AZ）
• 基础多个权限验证服务（Microsoft AD、LDAP、Okta Cognito等）
• 使用场景：文件共享（特别是FTP服务器）

4.1.2 典型架构

• 第一个是通过public Endpoint暴露，但是IP经常变换只能使用DNS，且不能维护source IP list去禁止其它IP访问
• 第二种是通过private Endpoint暴露，再通过VPN使得本地服务中心可以访问，且还能维护source IP list去禁止其它IP访问
• 第三种是混合方案（VPC Endpoint with Internet-facing Access）：通过private Endpoint暴露，加上EIP，这样既能够使得本地服务中心安全访问，也可以控制source IP list去禁止其它IP访问
  （注意：考试中如果出现FTP，同时也出现只允许某些IP访问，那么基本上就是选择Transfer Family，且选择混合方案（VPC Endpoint with Internet-facing Access））

例题：A company is serving files to its customer through an SFTP server that is accessible over the Internet. The SFTP server is running on a single Amazon EC2 instance with an Elastic IP address attached. Customers connect to the SFTP server through its Elastic IP address and use SSH for authentication. The EC2 instance also has an attached security group that allows access from all customer IP addresses.
A solutions architect must implement a solution to improve availability, minimize the complexity of infrastructure management, and minimize the disruption to customers who access files. The solution must not change the way customers connect.
Which solution will meet these requirements?
A. Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting. Create an AWS Transfer Family server. Configure the Transfer Family server with a publicly accessible endpoint. Associate the SFTP Elastic IP address with the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to the S3 bucket.
B. Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting. Create an AWS Transfer Family server. Configure the Transfer Family server with a VPC-hosted, Internet-facing endpoint. Associate the SFTP Elastic IP address with the new endpoint. Attach the security group with customer IP addresses to the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to the S3 bucket.
C. Disassociate the Elastic IP address from the EC2 instance. Create a new Amazon Elastic File System (Amazon EFS) file system to be used for SFTP file hosting. Create an AWS Fargate task definition to run an SFTP server. Specify the EFS file system as a mount in the task definition. Create a Fargate service by using the task definition, and place a Network Load Balancer (NLB) in front of the service. When configuring the service, attach the security group with customer IP addresses to the tasks that run the SFTP server. Associate the Elastic IP address with the NLB. Sync all files from the SFTP server to the S3 bucket.
D. Disassociate the Elastic IP address from the EC2 instance. Create a multi-attach Amazon Elastic Block Store (Amazon EBS) volume to be used for SFTP file hosting. Create a Network Load Balancer (NLB) with the Elastic IP address attached. Create an Auto Scaling group with EC2 instances that run an SFTP server. Define in the Auto Scaling group that instances that are launched should attach the new multi-attach EBS volume. Configure the Auto Scaling group to automatically add instances behind the NLB. Configure the Auto Scaling group to use the security group that allows customer IP addresses for the EC2 instances that the Auto Scaling group launches. Sync all files from the SFTP server to the new multi-attach EBS volume.
答案：B
答案解析：题目希望提供一个SFTP服务，并且只允许某些IP客户端访问。SFTP使用Transfer Family ，使用访问采用private Endpoint暴露，再通过VPN使得本地服务中心可以访问，且还能维护source IP list去禁止其它IP访问。因此选择B选项

例题：A company needs to migrate an on-premises SFTP site to AWS. The SFTP site currently runs on a Linux VM. Uploaded files are made available to downstream applications through an NFS share. As part of the migration to AWS, a solutions architect must implement high availability. The solution must provide external vendors with a set of static public IP addresses that the vendors can allow. The company has set up an AWS Direct Connect connection between its on-premises data center and its VPC. Which solution will meet these requirements with the LEAST operational overhead?
A. Create an AWS Transfer Family server. Configure an internet-facing VPC endpoint for the Transfer Family server. Specify an Elastic IP address for each subnet. Configure the Transfer Family server to place files into an Amazon Elastic File System (Amazon EFS) file system that is deployed across multiple Availability Zones. Modify the configuration on the downstream applications that access the existing NFS share to mount the EFS endpoint instead.
B. Create an AWS Transfer Family server. Configure a publicly accessible endpoint for the Transfer Family server. Configure the Transfer Family server to place files into an Amazon Elastic File System (Amazon EFS) file system that is deployed across multiple Availability Zones. Modify the configuration on the downstream applications that access the existing NFS share to mount the EFS endpoint instead.
C. Use AWS Application Migration Service to migrate the existing Linux VM to an Amazon EC2 instance. Assign an Elastic IP address to the EC2 instance. Mount an Amazon Elastic File System (Amazon EFS) file system to the EC2 instance. Configure the SFTP server to place files in the EFS file system. Modify the configuration on the downstream applications that access the existing NFS share to mount the EFS endpoint instead.
D. Use AWS Application Migration Service to migrate the existing Linux VM to an AWS Transfer Family server. Configure a publicly accessible endpoint for the Transfer Family server. Configure the Transfer Family server to place files into an Amazon FSx for Lustre file system that is deployed across multiple Availability Zones. Modify the configuration on the downstream applications that access the existing NFS share to mount the FSx for Lustre endpoint instead.
答案：A
答案解析：题目要求搭建SFTP，并且只允许某些静态IP访问。SFTP使用Transfer Family ，使用访问采用private Endpoint暴露，再通过VPN使得本地服务中心可以访问，且还能维护source IP list去禁止其它IP访问。因此选择A选项

例题：A company operates an on-premises software-as-a-service (SaaS) solution that ingests several files daily. The company provides multiple public SFTP endpoints to its customers to facilitate the file transfers. The customers add the SFTP endpoint IP addresses to their firewall allow list for outbound traffic. Changes to the
SFTP endpoint IP addresses are not permitted.
The company wants to migrate the SaaS solution to AWS and decrease the operational overhead of the file transfer service.
Which solution meets these requirements?
A. Register the customer-owned block of IP addresses in the company’s AWS account. Create Elastic IP addresses from the address pool and assign them to an AWS Transfer for SFTP endpoint. Use AWS Transfer to store the files in Amazon S3.
B. Add a subnet containing the customer-owned block of IP addresses to a VPC. Create Elastic IP addresses from the address pool and assign them to an Application Load Balancer (ALB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the ALB. Store the files in attached Amazon Elastic Block Store (Amazon EBS) volumes.
C. Register the customer-owned block of IP addresses with Amazon Route 53. Create alias records in Route 53 that point to a Network Load Balancer (NLB). Launch EC2 instances hosting FTP services in an Auto Scaling group behind the NLB. Store the files in Amazon S3.
D. Register the customer-owned block of IP addresses in the company’s AWS account. Create Elastic IP addresses from the address pool and assign them to an Amazon S3 VPC endpoint. Enable SFTP support on the S3 bucket.
答案：A
答案解析：题目希望将原先文件服务迁移到AWS上，且要求提供固定IP组给客户端。参考：https://aws.amazon.com/premiumsupport/knowledge-center/sftp-enable-elastic-ip-addresses/

5 考试中存储解决方案

• 不同存储类型的实际使用场景

例题： A Solutions Architect is designing the data storage and retrieval architecture for a new application that a company will be launching soon, The application is designed to ingest millions of small records per minute from devices all around the world. Each record is less than 4 KB in size and needs to be stored in a durable location where it can be retrieved with low latency, The data is ephemeral and the company is required to store the data for 120 days only, after which the data can be deleted.The Solutions Architect calculates that, during the course of a year, the storage requirements would be about 10-15 TB. Which storage strategy is the MOST cost-effective and meets the design requirements?
A. Design the application to store each incoming record as a single .CSV file in an Amazon S3 bucket to allow for indexed retrieval. Configure a lifecycle policy to delete data older than 120 days.
B. Design the application to store each incoming record in an Amazon DynamoDB table properly configured for the scale.Configure the DynamoDB Time to Live (TTL) feature to delete records older than 120 days.
C. Design the application to store each incoming record in a single table in an Amazon RDS MySOL database. Run a nightly cron job that executes a query to delete any records older than 120 days.
D. Design the application to batch incoming records before writing them to an Amazon S3 bucket. Update the metadata for the object to contain the list of records in the batch and use the Amazon S3 metadata search feature to retrieve the data.Configure a lifecycle policy to delete the data after 120 days.
答案：B
答案解析：题目关键词：4 KB, retrieved , 120 days, the MOST cost-effective。A选项和D选项明显不适合。通过大概计算收费方式可以得知B选项比C选项更便宜

例题： A company has a web application that allows users to upload short videos. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for categorization. The website contains static content that has variable traffic with peaks in certain months. The architecture consists of Amazon EC2 instances running in an Auto Scaling group for the web application and EC2 instances running in an Auto Scaling group to process an Amazon SQS queue. The company wants to re- architect the application to reduce operational overhead using AWS managed services.where possible and remove dependencies on third-party software
Which solution meets these requirements?
A. Use Amazon ECS containers for the web application and Spot Instances for the Auto Scaling group that processes the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.
B. Store the uploaded videos in Amazon EFS and mount the file system to the EC2 instances for the web application.Process the SQS queue with an AWS Lambda function that calls the Amazon Rekognition API to categorize the videos
C. Host the web application in Amazon S3. Store the uploaded videos in Amazons S3. Use S3 event notifications to publish events to the SQS queue. Process the SQS queue with an AWS lambda function that calls the Amazon
Rekognition API to categorize the wideos.
D. Use AWS Elastic Beanstalk to launch EC2 instances in an Auto Scaling group for the web application and launch a worker environment to process the SQS gueue. Re ace the custom software with Amazon Rekognition to categorize the videos.
答案：C
答案解析：题目关键词：static content, categorization, third-party software。需要一个分类静态内容（视频）的应用，且移除第三方软件（也就是说最好完全使用AWS Service）。C选项是最符合的，其它选项或多或少会依赖于第三方软件（无论是web服务或者是存储挂载在EC2）以及运维开销比较麻烦。

例题：A company has an application that generates a weather forecast that is updated every 15 minutes with an output resolution of 1 billion unique positions, each approximately 20 bytes in size (20 Gigabytes per forecast). Every hour, the forecast data is globally accessed approximately 5 million times (1,400 requests per second), and up to 10 times more during weather events. The forecast data is overwritten every update. Users of the current weather forecast application expect responses to queries to be returned in less than two seconds for each request.
Which design meets the required request rate and response time?
A. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an Amazon API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Enable API caching on the API Gateway stage with a cache-control timeout set for 15 minutes.
B. Store forecast locations in an Amazon EFS volume. Create an Amazon CloudFront distribution that targets an Elastic Load Balancing group of an Auto Scaling fleet of Amazon EC2 instances that have mounted the Amazon EFS volume. Set the cache-control timeout for 15 minutes in the CloudFront distribution.
C. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Create an Amazon Lambda@Edge function that caches the data locally at edge locations for 15 minutes.
D. Store forecast locations in Amazon S3 as individual objects. Create an Amazon CloudFront distribution targeting an Elastic Load Balancing group of an Auto Scaling fleet of EC2 instances, querying the origin of the S3 object. Set the cache-control timeout for 15 minutes in the CloudFront distribution.
答案：D
答案解析：参考：https://aws.amazon.com/solutions/case-studies/the-weather-company/

例题：A company is refactoring an existing web service that provides read and write access to structured data. The service must respond to short but significant spikes in the system load. The service must be fault tolerant across multiple AWS Regions.
Which actions should be taken to meet these requirements?
A. Store the data in Amazon DocumentDB. Create a single global Amazon CloudFront distribution with a custom origin built on edge-optimized Amazon API Gateway and AWS Lambda. Assign the company’s domain as an alternate domain for the distribution, and configure Amazon Route 53 with an alias to the CloudFront distribution.
B. Store the data in replicated Amazon S3 buckets in two Regions. Create an Amazon CloudFront distribution in each Region, with custom origins built on Amazon API Gateway and AWS Lambda launched in each Region. Assign the company’s domain as an alternate domain for both distributions, and configure Amazon Route 53 with a failover routing policy between them.
C. Store the data in an Amazon DynamoDB global table in two Regions using on-demand capacity mode. In both Regions, run the web service as Amazon ECS Fargate tasks in an Auto Scaling ECS service behind an Application Load Balancer (ALB). In Amazon Route 53, configure an alias record in the company’s domain and a Route 53 latency-based routing policy with health checks to distribute traffic between the two ALBs.
D. Store the data in Amazon Aurora global databases. Add Auto Scaling replicas to both Regions. Run the web service on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer in each Region. Configure the instances to download the web service code in the user data. In Amazon Route 53, configure an alias record for the company’s domain and a multi-value routing policy
答案：C
答案解析：题目要求存储结构化数据，并且能够在多个区域有DR恢复能力。因此在存储结构化数据上面，首先排除A选项使用的DocumentDB。而B选项S3更适合静态数据。D选项的Aurora适合结构化数据，但是Aurora global databases支持一个master，所以其他区域不支持write。因此最佳答案应该是C选项。

例题：A company is building an image service on the web that will allow users to upload and search random photos. At peak usage, up to 10,000 users worldwide will upload their images. The service will then overlay text on the uploaded images, which will then be published on the company website.
Which design should a solutions architect implement?
A. Store the uploaded images in Amazon Elastic File System (Amazon EFS). Send application log information about each image to Amazon CloudWatch Logs. Create a fleet of Amazon EC2 instances that use CloudWatch Logs to determine which images need to be processed. Place processed images in another directory in Amazon EFS Enable Amazon CloudFront and configure the origin to be the one of the EC2 instances in the fleet.
B. Store the uploaded images in an Amazon S3 bucket and configure an S3 bucket event notification to send a message to Amazon Simple Notification Service (Amazon SNS). Create a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) to pull messages from Amazon SNS to process the images and place them in Amazon Elastic File System (Amazon EFS). Use Amazon CloudWatch metrics for the SNS message volume to scale out EC2 instances. Enable Amazon CloudFront and configure the origin to be the ALB in front of the EC2 instances.
C. Store the uploaded images in an Amazon S3 bucket and configure an S3 bucket event notification to send a message to the Amazon Simple Queue Service (Amazon SQS) queue. Create a fleet of Amazon EC2 instances to pull messages from the SQS queue to process the images and place them in another S3 bucket Use Amazon CloudWatch metrics for queue depth to scale out EC2 instances. Enable Amazon CloudFront and configure the origin to be the S3 bucket that contains the processed images.
D. Store the uploaded images on a shared Amazon Elastic Block Store (Amazon EBS) volume mounted to a fleet of Amazon EC2 Spot instances. Create an Amazon DynamoDB table that contains information about each uploaded image and whether it has been processed. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to scale out EC2 instances. Enable Amazon CloudFront and configure the origin to reference an Elastic Load Balancer in front of the fleet of EC2 instances.
答案：C
答案解析：题目要求设计一个能够上传和查询图片的应用，并且用户量在10,000以上。那么B选项ALB订阅SNS不支持。D选项使用Spot instance容易数据丢失。那么答案在A选项和C选项之间，A选项成本过高。因此选择C选项。

例题：A company has an on-premises Microsoft SQL Server database that writes a nightly 200 GB export to a local drive. The company wants to move the backups to more robust cloud storage on Amazon S3. The company has set up a 10 Gbps AWS Direct Connect connection between the on-premises data center and AWS.
Which solution meets these requirements MOST cost-effectively?
A. Create a new S3 bucket. Deploy an AWS Storage Gateway file gateway within the VPC that is connected to the Direct Connect connection. Create a new SMB file share. Write nightly database exports to the new SMB file share.
B. Create an Amazon FSx for Windows File Server Single-AZ file system within the VPC that is connected to the Direct Connect connection. Create a new SMB file share. Write nightly database exports to an SMB file share on the Amazon FSx file system. Enable nightly backups.
C. Create an Amazon FSx for Windows File Server Multi-AZ file system within the VPC that is connected to the Direct Connect connection. Create a new SMB file share. Write nightly database exports to an SMB file share on the Amazon FSx file system. Enable nightly backups.
D. Create a new S3 bucket. Deploy an AWS Storage Gateway volume gateway within the VPC that is connected to the Direct Connect connection. Create a new SMB file share. Write nightly database exports to the new SMB file share on the volume gateway, and automate copies of this data to an S3 bucket.
答案：A
答案解析：题目要求将本地数据存储到S3做备份。题目明确提到存入S3，B选项和C选项并没有看到转换为S3。D选项如果使用卷网关，我们必须将新卷附加到位于db的服务器上。因此答案为A选项。

6 结语

通过非结构化、结构化和缓存3个部分以及与存储紧密相关的服务介绍了AWS的存储情况，当然这些都SAP-C02考试里面涉及的。这就是AWS的全部或者SAP-C02考试的全部吗？当然不是，还有如EMR、Redshift、Athena等存储数据产品，但是这些更多是用于特殊功能，比如查询、机器学习等，所以在大数据那一章节再讲这些产品。另外还要关于一些数据迁移的工具比如Storage gateway、Snowball、AWS DMS等，也将在后续迁移云介绍。