Contents
Cover
About the Author
Title Page
Copyright Page
Dedication
Contents at a Glance
Contents
Acknowledgments
Introduction
Objective Map
Chapter 1 Overview of Cloud Computing and Amazon Web Services
Overview of Cloud Computing
Advantages of Running Cloud Computing on AWS
Three Models of Cloud Computing
Three Cloud Computing Deployment Models
History of AWS
AWS Regions and Availability Zones
AWS Security and Compliance
AWS Products and Services
Compute
Networking
Security and Compliance
Storage and Content Delivery
Database
Analytics
Application Services
Developer Tools
Management Tools
Messaging
Migration
Artificial Intelligence
Internet of Things
Mobile Services
Chapter Review
Questions
Answers
Chapter 2 Storage on AWS
Amazon Simple Storage Service (S3)
Advantages of Amazon S3
Usage of Amazon S3 in Real Life
Amazon S3 Basic Concepts
Steps for Installing AWS Command Line Interface
Amazon S3 Data Consistency Model
Amazon S3 Performance Considerations
Reverse the Key Name String
Adding a Hex Hash Prefix to a Key Name
Encryption in Amazon S3
Amazon S3 Access Control
Access Policies
Bucket Policies
Access Control List
Amazon S3 Storage Class
Versioning of Objects in Amazon S3
Amazon S3 Object Lifecycle Management
Amazon S3 Cross-Region Replication
Static Web Site Hosting in Amazon S3
Amazon Glacier
Amazon Glacier Key Terminology
Accessing Amazon Glacier
Uploading Files to Amazon Glacier
Retrieving Files from Amazon Glacier
Amazon Elastic Block Store
Features of Amazon EBS
AWS Block Storage Offerings
Amazon Elastic File System
Using Amazon Elastic File System
Performance Mode of Amazon EFS
On-Premise Storage Integration with AWS
AWS Storage Gateway
AWS Snowball and AWS Snowball Edge
AWS Snowmobile
Chapter Review
Lab 2-1: Creating, Moving, and Deleting Objects in Amazon S3
Lab 2-2: Using Version Control in Amazon S3
Lab 2-3: Using the Bucket Policy Generator for Amazon S3
Questions
Answers
Chapter 3 Virtual Private Cloud
Amazon VPC Components and Terminology
Amazon VPC
Subnet
Route Table
Internet Gateway
Network Address Translation
Egress-Only Internet Gateway
Elastic Network Interface
Elastic IP Address
Security Group
Network Access Control List
Amazon VPC Peering
Amazon VPC Endpoint
DNS and VPC
DHCP Option Sets
Connecting to a VPC
VPC Flow Logs
Default VPC
Labs on VPC
Lab 3-1: Using the VPC Wizard
Lab 3-2: Creating a VPC with Public and Private Subnets
Lab 3-3: Exploring All the Options in a Virtual Private Cloud
Chapter Review
Questions
Answers
Chapter 4 Introduction to Amazon Elastic Compute Cloud
Benefits of Amazon EC2
Amazon EC2 Instance Types and Features
General Purpose (T2, M5, M4, and M3)
Compute Optimized (C5, C4, and C3)
Memory Optimized (X1e, X1, R4, and R3)
Storage Optimized (H1, I3, and D2)
Advanced Computing (P3, P2, G3, and F1)
Processor Features
Network Features
Storage Features
Steps for Using Amazon EC2
Pricing for Amazon EC2
On-Demand Instance
Reserved Instance
Spot Instance
Shared Tenancy, Dedicated Hosts, and Dedicated Instances
Shared Tenancy
Dedicated Host
Dedicated Instance
Instances and AMIs
Instance Root Volume
Obtaining an AMI
Virtualization in AMI
HVM AMI
PV AMI
Instance Life Cycle
Launch
Start and Stop
Reboot
Termination
Retirement
Connecting to an Instance
Security Group
Amazon Elastic Container Service
Lab 4-1: Using EC2
Creating a New Key Pair
Launching a Web Server Instance
Browsing the Web Server
Lab 4-2: Creating an EBS Instance and Attaching It to an EC2 Instance
Lab 4-3: Creating an EBS Instance and Mounting Across Two EC2 Instances in Different AZs
Chapter Review
Questions
Answers
Chapter 5 Identity and Access Management and Security on AWS
Authentication
Authorization
Auditing
Types of Security Credentials
Temporary Security Credentials
Users
Groups
Roles
IAM Hierarchy of Privileges
IAM Best Practices
Use the IAM User
Create a Strong Password Policy
Rotate Security Credentials Regularly
Enable MFA
Manage Permission with Groups
Grant the Least Privileges
Use IAM Roles
Use IAM Roles for Amazon EC2 Instances
Use IAM Policy Conditions for Extra Security
Enable AWS CloudTrail
AWS Compliance Program
Shared Responsibility Model
AWS Responsibility
Customer’s Responsibility
Lab 5-1: Creating IAM Users, Groups, and Roles
Managing IAM User Permissions and Credentials
IAM Roles for Amazon EC2
Chapter Review
Questions
Answers
Chapter 6 Auto Scaling
Benefits of Auto Scaling
Launch Configuration
Auto Scaling Groups
Simple Scaling
Simple Scaling with Steps
Target-Tracking Scaling Policies
Termination Policy
Elastic Load Balancing
How ELB Works
Types of Load Balancers
Load Balancer Key Concepts and Terminology
Health Check
Using Multiple AZs
Lab 6-1: Set Up Auto Scaling
Chapter Review
Questions
Answers
Chapter 7 Deploying and Monitoring Applications on AWS
AWS Lambda
Is AWS Lambda Really Serverless?
Understanding AWS Lambda
Amazon API Gateway
Benefits of Amazon API Gateway
Amazon Kinesis
Real-Time Application Scenarios
Differences Between Batch and Stream Processing
Amazon Kinesis Data Steams
Benefits of Amazon Kinesis Data Streams
Amazon Kinesis Data Firehose
Benefits of Amazon Kinesis Data Firehose
Amazon Kinesis Data Analytics
Benefits of Amazon Kinesis Data Analytics
Use Cases for Amazon Kinesis Data Analytics
Reference Architectures Using Serverless Services
Real-Time File Processing
Real-Time Stream Processing
Extract, Transformation, and Load (ETL) Processing
IoT Back Ends
Amazon CloudFront
Amazon CloudFront Key Concepts
Geo Restriction
Error Handling
Amazon Route 53
AWS Web Application Firewall
Amazon Simple Queue Service
Amazon Simple Notification Service
AWS Step Functions and Amazon Simple Workflow (SWF)
AWS Elastic Beanstalk
AWS OpsWorks
Amazon Cognito
Amazon Elastic MapReduce
AWS CloudFormation
Monitoring in AWS
Amazon CloudWatch
Metrics Collection and Tracking
Capture Real-Time Changes Using Amazon CloudWatch Events
Monitoring and Storing Logs
Set Alarms
View Graph and Statistics
AWS CloudTrail
AWS Config
Amazon VPC Flow Logs
AWS Trusted Advisor
AWS Organizations
Chapter Review
Questions
Answers
Chapter 8 Databases on AWS
Understanding Relational Databases
Understanding the Amazon Relational Database Service
Scenario 1: Hosting the Database in Your Data Center On-Premises
Scenario 2: Hosting the Database on Amazon EC2 Servers
Scenario 3: Hosting the Database Using Amazon RDS
Hosting a Database in Amazon EC2 vs. Amazon RDS
High Availability on Amazon RDS
Simplest Architecture: Single-AZ Deployment
High Availability: Multiple AZs
Scaling on Amazon RDS
Changing the Instance Type
Read Replica
Security on Amazon RDS
Amazon VPC and Amazon RDS
Backups, Restores, and Snapshots
Monitoring
Amazon Aurora
Amazon Redshift
Benefits of Amazon Redshift
Amazon Redshift Architecture
Sizing Amazon Redshift Clusters
Networking for Amazon Redshift
Encryption
Security
Back Up and Restore
Data Loading in Amazon Redshift
Data Distribution in Amazon Redshift
Amazon DynamoDB
Benefits of Amazon DynamoDB
Amazon DynamoDB Terminology
Global Secondary Index
Consistency Model
Global Table
Amazon DynamoDB Streams
Amazon DynamoDB Accelerator
Encryption and Security
Amazon ElastiCache
Lab 8-1: RDS: Creating an Amazon Aurora Database
Lab 8-2: Taking a Snapshot of a Database
Lab 8-3: Creating an Amazon Redshift Cluster
Lab 8-4: Creating an Amazon DynamoDB Table
Chapter Review
Questions
Answers
Chapter 9 AWS Well-Architected Framework and Best Practices
Operational Excellence
Prepare
Operate
Evolve
Security
Have a Strong Identity Foundation
Enable Traceability
Implement Security at All Layers
Secure the Data
Automate for Security
Plan for Security Events
Best Practices
Performance
Performance Efficiency
Reliability
Best Practices
Cost Optimization Pillar
Finding Cost-Effective Resources
Matching Supply with Demand
Being Aware of Expenditures
Optimizing Over Time
AWS Best Practices
Design for Failures
Build Security in Every Layer
Leverage Multiple Storage Options
Implement Elasticity
Think Parallel
Loosely Couple Your Architecture
There Are No Constraints in the AWS Cloud
Chapter Review
Questions
Answers
Appendix About the Digital Content
About the Total Tester
CD-ROM
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Technical Support
Glossary
Index
Guide
Cover
Title Page
AWS Certified Solutions Architect Associate All-in-One Exam Guide (Exam SAA-C01)
Page List
i
ii
iii
iv
v
vi
vii
viii
ix
x
xi
xii
xiii
xiv
xv
xvi
xvii
xviii
xix
xx
xxi
xxii
xxiii
xxiv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408