Turning on the cross-account management feature in AWS Backup will enable managing and monitoring backups across multiple AWS accounts that belong to the same organization in AWS Organizations1. Creating a backup plan that specifies the frequency and retention requirements will enable taking snapshots every 6 hours and retaining them for 30 days2. Adding a tag to the DB instances will enable applying the backup plan by using tags2. Using AWS Backup to monitor the status of the backups will enable having a consolidated view of the health of the RDS snapshots1.

https://aws.amazon.com/blogs/database/amazon-dynamodb-auto-scaling-performance-and-cost-optimization-at-any-scale/ " As you can see, there are compelling reasons to use DynamoDB auto scaling with actively changing traffic. Auto scaling responds quickly and simplifies capacity management, which lowers costs by scaling your table’s provisioned capacity and reducing operational overhead. "

The company has migrated an application to EC2 and will deploy it in an additional Region. The usage is expected to be stable for 3 years, but parts of the application will be redesigned over the next 2 years to use AWS Lambda. Therefore, the company will gradually shift a portion of its compute usage from EC2 to Lambda.

Savings Plans are a flexible pricing model that provide lower prices in exchange for a commitment to a consistent amount of compute usage (measured in dollars per hour) for a 1- or 3-year term. There are two main types of Savings Plans:

• Compute Savings Plans: Apply to any EC2 instance usage regardless of Region, instance family, OS, tenancy, and also apply to AWS Fargate and AWS Lambda usage.

• EC2 Instance Savings Plans: Apply only to a specific instance family in a specific Region.

In this scenario, because there will be a gradual migration from EC2-based compute to Lambda-based compute, a plan that only applies to EC2 (EC2 Instance Savings Plan) risks underutilization as more usage moves to Lambda. Compute Savings Plans, by contrast, can cover EC2 now and Lambda later, maintaining high utilization of the commitment and maximizing effective discount.

Option A recommends evaluating Savings Plans recommendations each year in AWS Cost Management and purchasing a 1-year Compute Savings Plan based on those recommendations. The Cost Management tools and Cost Explorer provide Savings Plans recommendations based on actual usage patterns. Buying 1-year Compute Savings Plans and re-evaluating annually allows the company to adjust its committed spend each year as portions of the application move from EC2 to Lambda. This approach maximizes the chance that the Savings Plans coverage matches the actual combined EC2 and Lambda usage over time and avoids being locked into an EC2-only commitment that becomes increasingly underutilized.

Option B is not optimal because it recommends a 3-year EC2 Instance Savings Plan. That commitment applies only to specific EC2 instance families in a Region and does not apply to Lambda. As the company migrates portions of its workloads to Lambda, the EC2 Instance Savings Plan may become underutilized, reducing the effective discount and potentially increasing overall cost. Compute Optimizer also does not provide Savings Plans purchase recommendations; Savings Plans recommendations come from Cost Management and Cost Explorer.

Option C uses 1-year EC2 Instance Savings Plans and adjusts the commitment each year. While this gives some flexibility, EC2 Instance Savings Plans still do not apply to Lambda usage, so over time there is a risk of underutilizing the EC2 commitment as the Lambda portion grows. This does not maximize savings relative to Compute Savings Plans, which can cover both services.

Option D proposes a 3-year EC2 Instance Savings Plan and suggests decreasing the hourly commitment during the term as workloads move to Lambda. However, Savings Plans commitments cannot be decreased during the term. The company would remain obligated to the original 3-year commitment even if EC2 usage drops, leading to wasted commitment.

Therefore, purchasing 1-year Compute Savings Plans each year based on Savings Plans recommendations from AWS Cost Management (option A) is the best strategy to maximize cost savings while the company transitions part of the workload from EC2 to Lambda.

Evaluate Target Health Setting:

Ensure that the " Evaluate Target Health " setting is enabled for the latency alias resource record sets in Route 53. This setting helps Route 53 determine the health of the resources associated with the alias record and redirect traffic appropriately.

HTTP Health Checks:

Configure HTTP health checks for all weighted resource record sets. Health checks monitor the availability and performance of the web servers, allowing Route 53 to reroute traffic to healthy servers in case of a failure.

Verify that the health checks are correctly set up and associated with the resource record sets. This ensures that Route 53 can detect server failures and redirect traffic to the servers in the other Region.

By enabling the " Evaluate Target Health " setting and configuring HTTP health checks, Route 53 can effectively manage traffic during failover scenarios, ensuring high availability and reliability.

References

AWS Route 53 Documentation on Latency-Based Routing【50】.

AWS Architecture Blog on Cross-Account and Cross-Region Setup【49】.

Option C is correct because hosting the web application in Amazon S3, storing the uploaded videos in Amazon S3, and using S3 event notifications to publish events to the SQS queue reduces the operational overhead of managing EC2 instances and EBS volumes. Amazon S3 can serve static content such as HTML, CSS, JavaScript, and media files directly from S3 buckets. Amazon S3 can also trigger AWS Lambda functions through S3 event notifications when new objects are created or existing objects are updated or deleted. AWS Lambda can process the SQS queue with an AWS Lambda function that calls the Amazon Rekognition API to categorize thevideos. This solution eliminates the need for custom recognition software and third-party dependencies345

Set Up EventBridge Event Bus:

Step 1: Open the Amazon EventBridge console and create a custom event bus. This bus will be used to handle user deletion events.

Step 2: Name the event bus appropriately (e.g.,user-deletion-bus).

Post Events on User Deletion:

Step 1: Modify the central user service to post an event to the custom EventBridge event bus whenever a user is deleted.

Step 2: Ensure the event includes relevant details such as the user ID and any other necessary metadata.

Create EventBridge Rules for Microservices:

Step 1: For each microservice that needs to delete user data, create a new rule in EventBridge that triggers on the user deletion event.

Step 2: Define the event pattern to match the user deletion event. This pattern should include the event details posted by the central user service.

Invoke Microservice Logic:

Step 1: Configure the EventBridge rule to invoke a target, such as an AWS Lambda function, which contains the logic to delete the user data from the microservice ' s data store.

Step 2: Each microservice should have its Lambda function or equivalent logic to handle the deletion of user data upon receiving the event.

Using Amazon EventBridge ensures a scalable, reliable, and decoupled approach to handle the deletion of user data across multiple microservices. This setup allows each microservice to independently process user deletion events without direct dependencies on other services.

References

AWS EventBridge Documentation

DynamoDB Streams and AWS Lambda Triggers

Implementing the Transactional Outbox Pattern with EventBridge Pipes​(AWS Documentation)​​(Amazon Web Services, Inc.)​​(Amazon Web Services, Inc.)​​(AWS Documentation)​​(AWS Cloud Community)​.

This option will complete the migration to AWS in the least amount of time because it uses two AWS services that are designed to simplify and accelerate data transfers and migrations. AWS Application Migration Service (AWS MGN) is a highly automated lift-and-shift solution that helps you migrate applications from any source infrastructure that runs supported operating systems to AWS1. It replicates your source servers into your AWS account and automatically converts and launches them on AWS so you can quickly benefit from the cloud1. You can use AWS MGN to migrate your on-premises VMware VMs to AWS by configuring a connection to your VMware cluster and creating a replication job for the VMs2. This process will minimize the time-intensive, error-prone manual processes of exporting and importing VM images.

AWS DataSync is an online data movement and discovery service that simplifies and accelerates data migrations to AWS and helps you move data quicklyand securelybetween on-premises storage, edge locations, other cloud providers, and AWS Storage3. It can transfer data between Network File System (NFS) shares, Server Message Block (SMB) shares,Hadoop Distributed File Systems (HDFS), self-managed object storage, AWS Snowcone, Amazon Simple Storage Service (Amazon S3) buckets, Amazon Elastic File System (Amazon EFS) file systems, Amazon FSx for Windows File Server file systems, Amazon FSx for Lustre file systems, Amazon FSx for OpenZFS file systems, and Amazon FSx for NetApp ONTAP file systems3. You can use AWS DataSync to copy your on-premises NFS server data to an Amazon EFS file system over the Direct Connect connection4. This process will leverage the high bandwidth and low latency of Direct Connect and the encryption and data integrity validation of DataSync.

The company should use Amazon Aurora global database and Amazon DynamoDB global table to deploy the data tier components across two Regions. Amazon Aurora globaldatabase is a feature that allows a single Aurora database to span multiple AWS Regions, enabling low-latency global reads and fast recovery from Region-wide outages1. Amazon DynamoDB global table is a feature that allows a single DynamoDB table to span multiple AWS Regions, enabling low-latency global reads and writes and fast recovery from Region-wide outages2.

The current Redshift configuration uses eight ra3.4xlarge nodes with on-demand pricing and is paused outside an 8-hour daily window. The ingestion workload runs only 3 hours per day and has about 85% CPU utilization during ingestion, which indicates that the existing node size and count are adequate for performance. The main opportunity is cost optimization for a workload that is time-bound and does not require a continuously running provisioned cluster.

Amazon Redshift Serverless is designed for such intermittent or variable workloads. With Redshift Serverless, you configure compute capacity in terms of Redshift Processing Units (RPUs) and pay per use based on the RPU-hours consumed when queries and data ingestion jobs are actually running. When there is no activity, there is no compute charge. Redshift Serverless can also be created from an existing provisioned Redshift snapshot, allowing an easy migration path from a node-based cluster to a serverless endpoint without re-ingesting or manually moving data.

Option C creates a new Redshift Serverless endpoint with 64 RPUs from the most recent snapshot. This takes advantage of snapshots that already exist on the current cluster. The internal applications are then updated to read from the new serverless endpoint, and the existing cluster is deleted to stop incurring node-based charges. For a workload that runs only a few hours per day, moving to serverless compute is usually more cost-effective than maintaining a provisioned cluster, even if that cluster is paused outside the ingestion window, because serverless eliminates the need to manage cluster sizing and pausing and optimizes billing around actual usage.

Option A proposes staying on provisioned RA3 nodes and additionally purchasing 1-year Reserved Nodes. Reserved Nodes apply discount to node hours whether or not the cluster is paused or fully utilized, and they are designed to be cost-effective for steady, predictable, long-running workloads. For an 8-hour-per-day workload, especially with only 3 hours of intensive ingestion, Reserved Nodes are likely to be less cost-optimal than an on-demand, usage-based serverless model. Also, concurrency scaling is primarily for handling bursty query concurrency, not for cost reduction of a regular ingestion workload.

Option B replaces the existing eight ra3.4xlarge nodes with six ra3.16xlarge nodes and enables auto scaling. ra3.16xlarge provides significantly more capacity per node and is generally more expensive. The original workload already runs at acceptable utilization (about 85% during ingestion), so scaling up to larger nodes is not necessary for performance. Adding auto scaling on top of this likely increases costs and complexity without a clear benefit for a predictable, time-bound daily ingestion pattern.

Option D uses Redshift Spectrum and unloads data from the cluster to Amazon S3 for querying. Redshift Spectrum allows querying data stored in S3 using external tables from within a Redshift cluster, and is charged per amount of data scanned. However, the option still depends on maintaining a Redshift cluster and does not fundamentally optimize the compute cost of the ingestion workload. It also changes query patterns and data access architecture for the internal applications and may increase query cost if large volumes of S3 data are scanned by Spectrum.

Therefore, using Redshift Serverless created from the existing snapshot and paying only for compute usage during ingestion and queries, as described in option C, is the best way to optimize cost for this specific workload pattern.

AWS Global Accelerator is a networking service that helps you improve the availability and performance of the applications that you offer to your global users1. It provides static IP addresses that act as a fixed entry point to your applications and route user traffic to the optimal endpoint based on performance, health, and policies that you configure1. By creating a standard accelerator endpoint for the NLB in each additional Region, you can ensure that customers are automatically directed to the Region that is geographically closest to them2. You can also provide customers with the Global Accelerator IP address, which is anycast from AWS edge locations and does not change when you add or remove endpoints3.

What is AWS Global Accelerator?

Standard accelerator endpoints

AWS Global Accelerator IP addresses

A. In the production account, create a new IAM policy that allows read and write access to the S3 bucket. The policy grants the necessary permissions to access the assets in the production S3 bucket.

C. In the production account, create a role. Attach the new policy to the role. Define the development account as a trusted entity. By creating a role and attaching the policy, and then defining the development account as a trusted entity, the development account can assume the role and access the production S3 bucket with the read and write permissions.

E. In the development account, create a group that contains all the IAM users of the design team. Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role in the production account. The IAM policy attached to the group allows the design team members to assume the role created in the production account, thereby giving them access to the production S3 bucket.

Step 1: Create a role in the Production Account; create the role in the Production account and specify the Development account as a trusted entity. You also limit the role permissions to only read and write access to the productionapp bucket. Anyone granted permission to use the role can read and write to the productionapp bucket. Step 2: Grant access to the role Sign in as an administrator in the Development account and allow the AssumeRole action on the UpdateApp role in the Production account. So, recap, production account you create the policy for S3, and you set development account as a trusted entity. Then on the development account you allow the sts:assumeRole action on the role in production account.https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

it covers all the requirements mentioned in the question, it will allow collecting the detailed metrics, including process information and it provides a way to query and analyze the data using Amazon Athena.

https://docs.aws.amazon.com/appsync/latest/devguide/graphql-overview.html

AWS AppSync is a fully managed GraphQL service that allows applications to securely access, manipulate, and receive data as well as real-time updates from multiple data sources1. AWS AppSync supports GraphQL subscriptions to perform real-time operations and can push data to clients that choose to listen to specific events from the backend1. AWS AppSync uses WebSockets to establish and maintain a secure connection between the clients and the API endpoint2. Therefore, using AWS AppSync and leveraging WebSockets is a suitable design to reduce comment latency and improve user experience.

The best solution is to provision a new Amazon Elastic File System (Amazon EFS) file system that uses Max I/O performance mode and mount the EFS file system on each EC2 instance in the cluster. Amazon EFS is a fully managed, scalable, and elastic file storage service that supports the POSIX standard and can be accessed by multiple EC2 instances concurrently. Amazon EFS offers two performance modes: General Purpose and Max I/O. Max I/O mode is designed for highly parallelized workloads that can tolerate higher latencies than the General Purpose mode. Max I/O mode provides higher levels of aggregate throughput and operations per second, which are suitable for big data analytics applications. This solution meets all the requirements of the company. References: Amazon EFS Documentation, Amazon EFS performance modes