Governance

Question 1

Config

Answer 1

Standardization: Anytime a “Rule” needs to be set up for an account, think about using config to check for compliance

Automate the Response: Config offers the ability to automatically remediate problems using Automation docs

Know What Changed: Config is the one-stop shop to see what changed. It will provide you w/ a history of all your architecture

Question 2

Authentication: User Management

Answer 2

Requires the right tool. Make sure you’re using AWS SSO for internal user management and Cognito for external

Question 3

Authentication: AD

Answer 3

Is a common topic that should make you think Directory Service. If it’s a lift and shift, pic managed MS AD.

If AD is staying on-prem select AD connector

Question 4

Authentication: Cross Account Role Access

Answer 4

Is always a better solution than creating unnecessary IAM creds. Also best for temp users / employees

Question 5

Cost Management

Answer 5

Tracking Costs: Use a combo of tags, cost explorer, & budgets

Get Ahead: of problems by creating proactive alets. When users get to the 80% threshold, tell someone via SNS

Automate the Response: Spending too much $? Shut something down. Always think about how you can remove the human interaction

Question 6

Trusted Advisor

Answer 6

Free to use, but you’ll need a business or Enterprise support plan to get the most useful checks

There are limits: It’s strictly an auditing tool, and it won’t sold the problem for you. This is a common exam trap

Automate the response: Use eventbridge to kick off a Lambda function to solve the problem for you