Overview
Double Check Financial (DCF), a top-tier payroll company servicing the city of Cloudville, had an issue…
The payroll file containing hours worked for thousands of city workers, including police officers, fire fighters, and government employees hasn’t been delivered to the payroll processing servers. Twice a month, DCF processes $144.3 million dollars in paychecks. If this isn’t fixed, DCF will face significant consequences including fines from the city, contractual penalties, and possibly contract termination. This has to be fixed by 10pm tonight.
You work for DCF. You are the Senior Cloud Engineer, and also chair the Cloud Security Working Group. You were called in at 8pm, just before the 10pm cutoff for the next payroll run.
The DCF architecture on AWS consists of:
A TimeTracking Server (TTS) is used to calculate hours worked, time off, and other adjustments needed by the Payroll Processing System (PPS) to pay employees. TTS runs on Amazon Elastic Compute Cloud (EC2) and will deliver the payroll file to an Amazon S3 bucket for validation.
The Consistency Measurement Application (CMA) parses the payroll file delivered to the S3 bucket by the TTS. CMA uses a DCF proprietary algorithm to double check accuracy of the payroll file before sending to the PPS. CMA is a ServerLess application that runs on AWS Lambda.
CMA publishes a message to the Check Printing System (CPS) Amazon Simple Queue Service (SQS) queue once the payroll file has been double checked. CMA delivers the payroll file to the PPS. The PPS will then send out paystubs, initiate direct deposits and mail paychecks when it sees a validation message in the CPS SQS queue.
An Amazon Virtual Private Cloud where all connections must be isolated from the internet by using VPC endpoints to access relevant AWS services (e.g. Amazon S3, Amazon Simple Queue Service, Amazon CloudWatch). Also, the CMA Lambda function runs in a VPC.
Challenge Progress
Task Status Possible Points Clue Deduction Points Total Earned
Completed! 75 0 75
Completed! 75 0 75
Total Points Earned: 150
Task 1: Resolve EC2 Access to S3
Possible Points: 75 Clue Penalty: 0 Points Earned: 75
Enter answer here
Completed!
Background
Payroll Processing System (PPS) is not receiving the payroll file “Aggregate_Biweekly_Payroll.xls”. The TimeTracking Server (TTS) is the first step in delivering the payroll file. It delivers the file to an Amazon S3 bucket for validation.
Your Task
You’ll need to find out why the job to deliver the payroll file to S3 is failing by 10pm. As you troubleshoot, keeping an eye on messages in CloudWatch Logs is a key part of solving this task.
Inventory
TTS runs on Amazon EC2. The payroll file is stored on an Amazon S3 bucket.
Task Validation
When you have finished the challenge, you will find the answer in CloudWatch Logs.
In order to advance to Task 2, you must first complete Task 1.
Task 2: Resolve Lambda Access to S3
Possible Points: 75 Clue Penalty: 0 Points Earned: 75
Completed!
Background
Now that the payroll file “Aggregate_Biweekly_Payroll.xls” was successfully delivered to S3 by TTS. Next, the Consistency Measurement Application (CMA) parses the payroll file through its proprietary DoubleCheck validation algorithm, deletes the validated file from S3, and delivers the file to the payroll processing system (PPS). This process executes every 60 seconds.
You noticed that the CMA is generating errors when accessing S3. CMA system was just recently updated. It was working fine last week, however, over the weekend one of the developers decided to add a checksum system to improve system integrity. He merged and deployed a new branch of the CMA system that worked in his development environment, but is now failing in production. It’s 9pm and this needs to be fixed.
Your Task
You need to find out why CMA can’t access S3.
Inventory CMA is a ServerLess application that runs on AWS Lambda. The payroll file is stored on an Amazon S3 bucket.
Task Validation
The task validation function will execute every 60 seconds. It will automatically mark the challenge complete once you implement the solution, and the CMA validation process completes. In addition, you can always check your progress by press the “Check my progress” Button in the challenge details screen. Keep in mind this could take a couple minutes to register as complete.
anwser:Modify S3 access point permission