Tips for AWS Certified DevOps Engineer – Professional

• You can use AWS CodeDeploy with a deployment type configured to Blue/Green deployment configuration. To terminate the original fleet after two hours, change the deployment settings of the Blue/Green deployment. Set Original instances value to Terminate the original instances in the deployment group and choose a waiting period of X hours.
• Create an Amazon S3 bucket. Enable logging and provide an Amazon S3 bucket ARN as a WAF logging destination. Bucket names for AWS WAF logging must start with aws-waf-logs- and can end with any suffix you want.
• Utilize EC2 Image Builder to rebuild the custom AMI that includes the latest AWS Systems Manager Agent version. Set up the Auto Scaling group to attach the AmazonSSMManagedInstanceCore role to EC2 instances. Leverage Systems Manager Session Manager for centralized and automated login. Configure logging of session details to Amazon S3. Set up an S3 event notification for new file uploads to notify the security team via an Amazon Simple Notification Service (Amazon SNS) topic.
• You can use Scheduled scaling Auto Scaling policy, and create a scheduled action with AWS Lambda function as a scalable target.
• You can designate one of the AWS accounts in your organization as the administrator for Firewall Manager in AWS Organizations. Create an AWS Firewall Manager policy to attach AWS WAF web ACLs to any newly created ALBs and API Gateway APIs.
• In some cases, a Blue/Green deployment fails during the AllowTraffic lifecycle event, but the deployment logs do not indicate the cause for the failure. This failure is typically due to incorrectly configured health checks in Elastic Load Balancing for the Classic Load Balancer, Application Load Balancer, or Network Load Balancer used to manage traffic for the deployment group.
• Set up AWS Config in the AWS account that needs the security best practice implemented. You can use the managed rule required-tags to check if your resources have the tags that you specify.
• When you perform some operations using the AWS Management Console, Amazon S3 uses a multipart upload if the object is greater than 16 MB in size. In this case, the checksum is not a direct checksum of the full object, but rather a calculation based on the checksum values of each individual part.
• The custom resource provider processes the AWS CloudFormation request and returns a response of SUCCESS or FAILED to the pre-signed URL
• Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on attributes. In AWS, these attributes are called tags. You can attach tags to IAM resources, including IAM entities (users or roles), and to AWS resources. You can create a single ABAC policy or a small set of policies for your IAM principals. These ABAC policies can be designed to allow operations when the principal's tag matches the resource tag.
• When an update to a CloudFormation stack fails, AWS CloudFormation automatically initiates a rollback process to revert the stack to its previous known stable state. In certain cases, such as when there are dependencies on external resources, the rollback process might stall or encounter an error. To help recover from a failed stack update, you can use the ContinueUpdateRollback command.
• The cluster endpoint provides failover support for read/write connections to the DB cluster. If the current primary DB instance of a DB cluster fails, Aurora automatically fails over to a new primary DB instance. During a failover, the DB cluster continues to serve connection requests to the cluster endpoint from the new primary DB instance, with minimal interruption of service. This is the reason we need to change the application configuration to point to cluster endpoint and not to instance endpoint, in the current scenario.
• AWS CloudFormation does not support drift detection of custom resources.
• AWS Global Accelerator can be used in conjunction with the Amazon API Gateway to present Internet-facing API via static IP addresses to end users. This design addresses the need for static IP safe listing, however, it is not useful to reduce latency.
• Oftentimes, you may want to execute some code and actions before terminating an Amazon Elastic Compute Cloud (Amazon EC2) instance that is part of an Amazon EC2 Auto Scaling group. One way to execute code and actions before terminating an instance is to create a lifecycle hook that puts the instance in Terminating:Wait status. This allows you to perform any desired actions before immediately terminating the instance within the Auto Scaling group. The Terminating:Wait status can be monitored by an Amazon CloudWatch event, which triggers an AWS Systems Manager automation document to perform the action you want.
• With Amazon CloudWatch cross-account observability, you can monitor and troubleshoot applications that span multiple accounts within a Region. Seamlessly search, visualize, and analyze your metrics, logs, and traces in any of the linked accounts without account boundaries.
• Amazon EC2 Auto Scaling can temporarily exceed the specified maximum capacity of a group by a 10 percent margin (or by a margin of one instance, whichever is greater) during a rebalancing activity.
• When an Auto Scaling group with a mixed instances policy scales in, Amazon EC2 Auto Scaling will first identify which of the two types (Spot or On-Demand) should be terminated. This can temporarily cause a misbalance between the AZs.