ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 159 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 159
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company is using an organization in AWS Organizations to manage multiple AWS accounts. The company's development team wants to use AWS Lambda functions to meet resiliency requirements and is rewriting all applications to work with Lambda functions that are deployed in a VPC. The development team is using Amazon Elastic File System (Amazon EFS) as shared storage in Account A in the organization.

The company wants to continue to use Amazon EFS with Lambda. Company policy requires all serverless projects to be deployed in Account B.

A DevOps engineer needs to reconfigure an existing EFS file system to allow Lambda functions to access the data through an existing EFS access point.

Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)

  • A. Update the EFS file system policy to provide Account B with access to mount and write to the EFS file system in Account A.
  • B. Create SCPs to set permission guardrails with fine-grained control for Amazon EFS.
  • C. Create a new EFS file system in Account B. Use AWS Database Migration Service (AWS DMS) to keep data from Account A and Account B synchronized.
  • D. Update the Lambda execution roles with permission to access the VPC and the EFS file system. E. Create a VPC peering connection to connect Account A to Account B.
  • F. Configure the Lambda functions in Account B to assume an existing IAM role in Account A.
Show Suggested Answer Hide Answer
Suggested Answer: ADF 🗳️
by Oleg_gol at Jan. 15, 2023, 4:05 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bulti
Highly Voted 2 years, 3 months ago
AEF are the right answers. 1. Need to update the file system policy on EFS to allow mounting the file system into Account B. ## File System Policy $ cat file-system-policy.json { "Statement": [ { "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite" ], "Principal": { "AWS": "arn:aws:iam::<aws-account-id-A>:root" # Replace with AWS account ID of EKS cluster } } ] } 2. Need VPC peering between Account A and Account B as the pre-requisite 3. Need to assume cross-account IAM role to describe the mounts so that a specific mount can be chosen.
upvoted 8 times
vn_thanhtung
12 months ago
https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html why you need assume role ???
upvoted 1 times
...
...
auxwww
Most Recent 9 months, 4 weeks ago
Selected Answer: AD
https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem-cross-account.html#:~:text=For%20your%20Lambda%20function%20to,Elastic%20File%20System%20User%20Guide. A D E
upvoted 2 times
...
jyrajan69
1 year, 1 month ago
Why is there need for peering? We have one VPC, no mention of any addition, so is out, it's ADF
upvoted 1 times
...
Dgix
1 year, 6 months ago
ADE. Peering is needed. F is unnecessary.
upvoted 2 times
...
AndrewD1234
1 year, 9 months ago
At the time of writing this comment, there is no option E. Only A,B,C,D,F - E is missing. Sweet.
upvoted 2 times
...
easytoo
2 years ago
AEF is best
upvoted 1 times
...
bgc1
2 years, 2 months ago
AEF for me based on explanation here - https://aws.amazon.com/ru/blogs/storage/mount-amazon-efs-file-systems-cross-account-from-amazon-eks/
upvoted 2 times
...
Piccaso
2 years, 2 months ago
Selected Answer: BF
E is lacking in the "Chosen Answer" E and F are obviously correct. I prefer B to A because of the least privilege principle.
upvoted 2 times
...
DerekKey
2 years, 3 months ago
A E F Should be E instead of D: A Lambda function in one account can mount a file system in a different account. For this scenario, you configure VPC peering between the function VPC and the file system VPC. https://docs.aws.amazon.com/lambda/latest/dg/services-efs.html
upvoted 1 times
...
ozlaoliu
2 years, 3 months ago
Vote for AEF https://aws.amazon.com/premiumsupport/knowledge-center/access-efs-across-accounts/
upvoted 1 times
...
Bulti
2 years, 3 months ago
https://aws.amazon.com/blogs/storage/mount-amazon-efs-file-systems-cross-account-from-amazon-eks/
upvoted 2 times
...
saeidp
2 years, 3 months ago
Selected Answer: ADF
A D F for me
upvoted 2 times
saeidp
2 years, 3 months ago
ADE VPC peering is needed
upvoted 3 times
...
...
Dimidrol
2 years, 3 months ago
Selected Answer: ADF
A D F for me
upvoted 2 times
Dimidrol
2 years, 3 months ago
https://aws.amazon.com/ru/blogs/storage/mount-amazon-efs-file-systems-cross-account-from-amazon-eks/
upvoted 2 times
bgc1
2 years, 2 months ago
This link mentioned VPC peering requirement as well as need to assume role. AEF?
upvoted 1 times
...
...
...
Oleg_gol
2 years, 3 months ago
Selected Answer: ADF
i think ADF
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago