A. Install and configure EC2 instance Connect on the fleet of EC2 instance

B. Remove all security group rules attached to EC2 instances that allow inbound TCP on port 22. Advise the engineers to remotely access the instances by using the EC2 Instance Connect CLI.

C. Update the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer's device

D. Install the Amazon CloudWatch agent on all EC2 instances and send operating system audit logs to CloudWatch Logs.

E. Update the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer's device

F. Enable AWS Config for EC2 security group resource change

G. Enable AWS Firewall Manager and apply a security group policy that automatically remediates changes to rules.

H. Create an IAM role with the Ama2onSSMManagedlnstanceCore managed policy attache

I. Attach the IAM role to all the EC2 instance

J. Remove all security group rules attached to the EC2

K. instances that allow inbound TCP on port 22. Have the engineers install the AWS Systems Manager Session Manager plugin for their devices and remotely access the instances by using the start-session API call from Systems Manager.

A. Provision an Application Load Balancer (ALB) in front of the game servers Create an Amazon CloudFront distribution that has no geographical restrictions Set the ALB as the origin Perform DNS lookups for the cloudfront net domain name Use the resulting IP addresses in the game's client application.

B. Provision game servers in each AWS Regio

C. Provision an Application Load Balancer in front of the game server

D. Create an Amazon Route 53 latency-based routing policy for the game's client application to use with DNS lookups

E. Provision game servers in each AWS Region Provision a Network Load Balancer (NLB) in front of the game servers Create an accelerator in AWS Global Accelerator, and configure endpoint groups in each Region Associate the NLBs with the corresponding Regional endpoint groups Point the game client's application to the Global Accelerator endpoints

F. Provision game servers in each AWS Region Provision a Network Load Balancer (NLB) in front of the game servers Create an Amazon CloudFront distribution that has no geographical restrictions Set the NLB as the origin Perform DNS lookups for the cloudfront net domain nam

G. Use the resulting IP addresses in the game's client application

A. Create an IP access control group rule with the list of public addresses from the branch offices Associate the IP access control group with the Workspaces directory

B. Use AWS Firewall Manager to create a web ACL rule with an IPSet with the list of public addresses from the branch office locations Associate the web ACL with the Workspaces directory

C. Use AWS Certificate Manager (ACM) to issue trusted device certificates to the machines deployed in the branch office locations Enable restricted access on the Workspaces directory

D. Create a custom Workspace image with Windows Firewall configured to restrict access to the public addresses of the branch offices Use the image to deploy the Workspaces.

A. Turn on Enhanced Monitoring for the DB instance Modify the corresponding parameter group to turn on query logging for all the slow queries Create Amazon CloudWatch alarms Set the alarms to appropriate thresholds that are based on performance metrics in CloudWatch

B. Turn on Enhanced Monitoring and Performance Insights for the DB instance Create Amazon CloudWatch alarms Set the alarms to appropriate thresholds that are based on performance metrics in CloudWatch

C. Turn on log exports to Amazon CloudWatch for the PostgreSQL logs on the DB instance Analyze the logs by using Amazon Elasticsearch Service (Amazon ES) and Kibana Create a dashboard in Kibana Configure alerts that are based on the metrics that are collected

D. Turn on Performance Insights for the DB instance Modify the corresponding parameter group to turn on query logging for all the slow queries Create Amazon CloudWatch alarms Set the alarms to appropriate thresholds that are based on performance metrics in CloudWatch

A. Configure AWS Backup to perform cross-Region backups of all servers every 5 minute

B. Reprovision the three tiers in the DR Region from the backups using AWS CloudFormation in the event of a disaster.

C. Maintain another running copy of the web and application server stack in the DR Region using AWS CloudFormation drill detectio

D. Configure cross-Region snapshots ol the DB instance to the DR Region every 5 minute

E. In the event of a disaster, restore the DB instance using the snapshot in the DR Region.

F. Use Amazon EC2 Image Builder to create and copy AMIs of the web and application server to both the primary and DR Region

G. Create a cross-Region read replica of the DB instance in the DR Regio

H. In the event of a disaster, promote the read replica to become the master and reprovision the servers with AWS CloudFormation using the AMIs.

I. Create AMts of the web and application servers in the DR Regio

J. Use scheduled AWS Glue jobs to synchronize the DB instance with another DB instance in the DR Regio

K. In the event of a disaster, switch to the DB instance in the DR Region and reprovision the servers with AWS CloudFormation using the AMIs.