Neil Davis Practice Test 3 Flashcards
Enhanced VPC routing in Amazon Redshift
When you use Amazon Redshift enhanced VPC routing, Amazon Redshift forces all COPY and UNLOAD traffic between your cluster and your data repositories through your virtual private cloud (VPC) based on the Amazon VPC service.
When you use enhanced VPC routing to route traffic through your VPC, you can also use VPC flow logs to monitor COPY and UNLOAD traffic.
When you run a COPY or UNLOAD command on a cluster with enhanced VPC routing enabled, your VPC routes the traffic to the specified resource using the strictest, or most specific, network path available.
After creating your cluster, you can immediately run queries by using the query editor on the Amazon Redshift console. One of the limitations of the cluster query editor is that you cannot use the query editor with enhanced VPC routing. If enhanced VPC routing is turned on it could result in the error mentioned in the question. The resolution is to disable enhanced VPC routing.
There is no additional charge for using enhanced VPC routing
IAM Policy Evaluation Logic
- Deny Evaluation - Checks for Explicit Deny. If Yes will Deny.
- Organization SCP- Checks for member part of SCP if yes checks for allow. No allow will Implicit Deny.
- Resource-Based Policies- Checks for requested resource has a resource based policy.If yes, Checks for allow. If no Proceeds to the next. If allowed, final decision is made to permit.
- IAM permissions Boundaries. If yes, Checks for allow
- Session Policy - If yes checks for allow.
- Identity Based Policies - If non, Implicit Deny. If yes, checks for allow. If no allow, Implicit Deny.
Conditions of RDS Multi-AZ Failover
- An Availability Zone outage.
- The primary DB instance fails.
- The DB instance’s server type is changed.
- The operating system of the DB instance is undergoing software patching.
- A manual failover of the DB instance was initiated using Reboot with failover.
