This article is part of the series which covers use-cases you might encounter as part of your Solution Architect journey both for exam success as well as in real life . I will list down some sample use cases and then the appropriate solution that can be applied to achieve this goal. Without further ado, here we go :
| USE-CASES/SCENARIOS | SOLUTION |
| To avoid accidental deletion of data from S3 bucket, what features/services can be enabled. | Enable versioning to keep historical versions of an object Enable Cross-Region Replication of objects. Enable MFA delete to require multi-factor authentication (MFA) when deleting an object version. Reference: |
| How to provide access to files stored in private S3 bucket temporarily | Create a Pre-Signed URL and provide access to your users |
| Restrict direct access to S3 bucket | Create a special CloudFront user called an Origin Access Identity (OAI) and associate it with your distribution.
Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there. Reference: |
| Block External Malicious IP addresses from accessing the company’s website (based on security logs review) | Configure AWS WAF to add an IP match condition to block the malicious IP address.
Reference: |
| On-Premises applications/users need to access data stored in AWS S3 via NFS or SMB | Use AWS Storage Gateway – File Mode and create Mount Points ( File Shares)
Reference: Amazon S3 File Gateway Overview – On-Premises Backup to the AWS Cloud |
| You need to protect data at-rest stored in S3 bucket using encryption keys provided by Customer | Use Server-Side Encryption with Customer-Provided Keys (SSE-C)
Reference: |
| Automate the creation, retention, and deletion of backups for the Amazon EBS volumes. |
Use the EBS Data Lifecycle Manager (DLM) to manage snapshots of the volumes
Reference: |
| How can you provide your mobile device users to access a gaming app using their existing social media accounts (i.e. Google,Facebook etc.) | Use Amazon Cognito Identity Pools
With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB. Identity pools support anonymous guest users, as well as federation through third-party IdPs. Reference: |
| How can you convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs |
Use Elastic Transcoder Service
Reference: |
Tariq Sheikh has been working in IT industry for 15 plus years He is a dual CCIEx26141 with Security,Collaboration and Data Center as his specialities as well as 4xAWS Certified . He is based in Dubai,UAE and his areas of expertise include Data Center technologies, Networking, Security and AWS solution architect
