AWS Certified Solutions Architect Official Study Guide · Associate Exam by Baron, Joe -- Read -- Imperial Library of Trantor

Index

Certified Solutions Architect Official

Study Guide - Associate Exam

CONTENTS

List of Tables List of Illustrations

Acknowledgments About the Authors Foreword Introduction

What Does This Book Cover? Interactive Online Learning Environment and Test Bank Exam Objectives

Objective Map

Assessment Test Answers to Assessment Test Chapter 1 Introduction to AWS

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: What Is Cloud Computing?

Advantages of Cloud Computing

Variable vs. Capital Expense Economies of Scale Stop Guessing Capacity Increase Speed and Agility Focus on Business Differentiators Go Global in Minutes

Cloud Computing Deployment Models

AWS Fundamentals

Global Infrastructure Security and Compliance

Security Compliance

AWS Cloud Computing Platform

Accessing the Platform Compute and Networking Services

Amazon Elastic Compute Cloud (Amazon EC2) AWS Lambda Auto Scaling Elastic Load Balancing AWS Elastic Beanstalk Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon Route 53

Storage and Content Delivery

Amazon Simple Storage Service (Amazon S3) Amazon Glacier Amazon Elastic Block Store (Amazon EBS) AWS Storage Gateway Amazon CloudFront

Database Services

Amazon Relational Database Service (Amazon RDS) Amazon DynamoDB Amazon Redshift Amazon ElastiCache

Management Tools

Amazon CloudWatch AWS CloudFormation AWS CloudTrail AWS Config

Security and Identity

AWS Identity and Access Management (IAM) AWS Key Management Service (KMS) AWS Directory Service AWS Certificate Manager AWS Web Application Firewall (WAF)

Application Services

Amazon API Gateway Amazon Elastic Transcoder Amazon Simple Notification Service (Amazon SNS) Amazon Simple Email Service (Amazon SES) Amazon Simple Workflow Service (Amazon SWF) Amazon Simple Queue Service (Amazon SQS)

Summary Exam Essentials Review Questions

Chapter 2 Amazon Simple Storage Service (Amazon S3) and Amazon Glacier Storage

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Object Storage versus Traditional Block and File Storage Amazon Simple Storage Service (Amazon S3) Basics Buckets

AWS Regions Objects Keys Object URL Amazon S3 Operations REST Interface Durability and Availability Data Consistency Access Control Static Website Hosting

Amazon S3 Advanced Features

Prefixes and Delimiters Storage Classes Object Lifecycle Management Encryption

SSE-S3 (AWS-Managed Keys) SSE-KMS (AWS KMS Keys) SSE-C (Customer-Provided Keys) Client-Side Encryption

Versioning MFA Delete Pre-Signed URLs Multipart Upload Range GETs Cross-Region Replication Logging Event Notifications Best Practices, Patterns, and Performance

Amazon Glacier

Archives Vaults Vaults Locks Data Retrieval Amazon Glacier versus Amazon Simple Storage Service (Amazon S3)

Summary Exam Essentials Exercises

EXERCISE 2.1

Create an Amazon Simple Storage Service (Amazon S3) Bucket

EXERCISE 2.2

Upload, Make Public, Rename, and Delete Objects in Your Bucket

Upload an Object Open the Amazon S3 URL Make the Object Public Rename Object Delete the Object

EXERCISE 2.3

Enable Version Control

Enable Versioning Create Multiple Versions of an Object

EXERCISE 2.4

Delete an Object and Then Restore It Delete an Object Restore an Object

EXERCISE 2.5

Lifecycle Management

EXERCISE 2.6

Enable Static Hosting on Your Bucket

Review Questions

Chapter 3 Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS)

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Amazon Elastic Compute Cloud (Amazon EC2)

Compute Basics

Instance Types Amazon Machine Images (AMIs)

Securely Using an Instance

Addressing an Instance Initial Access Virtual Firewall Protection

The Lifecycle of Instances

Launching Managing Instances Monitoring Instances Modifying an Instance Termination Protection

Options

Pricing Options Tenancy Options Placement Groups

Instance Stores

Amazon Elastic Block Store (Amazon EBS)

Elastic Block Store Basics Types of Amazon EBS Volumes

Magnetic Volumes General-Purpose SSD Provisioned IOPS SSD Amazon EBS-Optimized Instances

Protecting Data

Backup/Recovery (Snapshots) Recovering Volumes Encryption Options

Summary Exam Essentials Exercises

EXERCISE 3.1

Launch and Connect to a Linux Instance

EXERCISE 3.2

Launch a Windows Instance with Bootstrapping

EXERCISE 3.3

Confirm That Instance Stores Are Lost When an Instance Is Stopped

EXERCISE 3.4

Launch a Spot Instance

EXERCISE 3.5

Access Metadata

EXERCISE 3.6

Create an Amazon EBS Volume and Show That It Remains After the Instance Is Terminated

EXERCISE 3.7

Take a Snapshot and Restore

EXERCISE 3.8

Launch an Encrypted Volume

EXERCISE 3.9

Detach a Boot Drive and Reattach to Another Instance

Review Questions

Chapter 4 Amazon Virtual Private Cloud (Amazon VPC)

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Amazon Virtual Private Cloud (Amazon VPC) Subnets Route Tables Internet Gateways Dynamic Host Configuration Protocol (DHCP) Option Sets Elastic IP Addresses (EIPs) Elastic Network Interfaces (ENIs) Endpoints Peering Security Groups Network Access Control Lists (ACLs) Network Address Translation (NAT) Instances and NAT Gateways

NAT Instance NAT Gateway

Virtual Private Gateways (VPGs), Customer Gateways (CGWs), and Virtual Private Networks (VPNs) Summary Exam Essentials Exercises

EXERCISE 4.1

Create a Custom Amazon VPC

EXERCISE 4.2

Create Two Subnets for Your Custom Amazon VPC

EXERCISE 4.3

Connect Your Custom Amazon VPC to the Internet and Establish Routing

EXERCISE 4.4

Launch an Amazon EC2 Instance and Test the Connection to the Internet

Review Questions

Chapter 5 Elastic Load Balancing, Amazon CloudWatch, and Auto Scaling

THE AWS CERTIFIED SOLUTIONS ARCHITECT EXAM TOPICS COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Elastic Load Balancing

Types of Load Balancers

Internet-Facing Load Balancers Internal Load Balancers HTTPS Load Balancers

Listeners Configuring Elastic Load Balancing

Idle Connection Timeout Cross-Zone Load Balancing Connection Draining Proxy Protocol Sticky Sessions Health Checks

Updates Behind an Elastic Load Balancing Load Balancer

Amazon CloudWatch

Read Alert

Auto Scaling

Embrace the Spike Auto Scaling Plans

Maintain Current Instance Levels Manual Scaling Scheduled Scaling Dynamic Scaling

Auto Scaling Components

Launch Configuration Auto Scaling Group

Spot On!

Scaling Policy

Rolling Out a Patch at Scale

Summary Exam Essentials Exercises

EXERCISE 5.1

Create an Elastic Load Balancing Load Balancer

EXERCISE 5.2

Use an Amazon CloudWatch Metric

EXERCISE 5.3

Create a Custom Amazon CloudWatch Metric

EXERCISE 5.4

Create a Launch Configuration and Auto Scaling Group

EXERCISE 5.5

Create a Scaling Policy

EXERCISE 5.6

Create a Web Application That Scales

Review Questions

Chapter 6 AWS Identity and Access Management (IAM)

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Principals

Root User IAM Users Roles/Temporary Security Tokens

Amazon EC2 Roles Cross-Account Access Federation

Authentication Authorization

Policies Associating Policies with Principals

Other Key Features

Multi-Factor Authentication (MFA) Rotating Keys Resolving Multiple Permissions

Summary Exam Essentials Exercises

EXERCISE 6.1

Create an IAM Group

EXERCISE 6.2

Create a Customized Sign-In Link and Password Policy

EXERCISE 6.3

Create an IAM User

EXERCISE 6.4

Create and Use an IAM Role

EXERCISE 6.5

Rotate Keys

EXERCISE 6.6

Set Up MFA

EXERCISE 6.7

Resolve Conflicting Permissions

Review Questions

Chapter 7 Databases and AWS

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Database Primer

Relational Databases Data Warehouses NoSQL Databases

Amazon Relational Database Service (Amazon RDS)

Database (DB) Instances Operational Benefits Database Engines

MySQL PostgreSQL MariaDB Oracle Microsoft SQL Server Licensing Amazon Aurora

Storage Options Backup and Recovery

Automated Backups Manual DB Snapshots

Recovery

High Availability with Multi-AZ Scaling Up and Out

Vertical Scalability Horizontal Scalability with Partitioning Horizontal Scalability with Read Replicas

Security

Amazon Redshift

Clusters and Nodes Table Design

Data Types Compression Encoding Distribution Strategy Sort Keys

Loading Data Querying Data Snapshots Security

Amazon DynamoDB

Data Model

Data Types Primary Key Provisioned Capacity Secondary Indexes

Writing and Reading Data

Writing Items Reading Items Eventual Consistency Batch Operations Searching Items

Scaling and Partitioning Security Amazon DynamoDB Streams

Summary Exam Essentials Exercises

EXERCISE 7.1

Create a MySQL Amazon RDS Instance

EXERCISE 7.2

Simulate a Failover from One AZ to Another

EXERCISE 7.3

Create a Read Replica

EXERCISE 7.4

Read and Write from a DynamoDB Table

EXERCISE 7.5

Launch a Redshift Cluster

Review Questions

Chapter 8 SQS, SWF, and SNS

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Amazon Simple Queue Service (Amazon SQS)

Message Lifecycle Delay Queues and Visibility Timeouts Separate Throughput from Latency Queue Operations, Unique IDs, and Metadata Queue and Message Identifiers Message Attributes Long Polling Dead Letter Queues Access Control Tradeoff Message Durability and Latency

Amazon Simple Workflow Service (Amazon SWF)

Workflows

Workflow Domains Workflow History

Actors Tasks Task Lists Long Polling Object Identifiers Workflow Execution Closure Lifecycle of a Workflow Execution

Amazon Simple Notification Service (Amazon SNS)

Common Amazon SNS Scenarios

Fanout Application and System Alerts Push Email and Text Messaging Mobile Push Notifications

Summary Exam Essentials Exercises

EXERCISE 8.1

Create an Amazon SNS Topic

EXERCISE 8.2

Create a Subscription to Your Topic

EXERCISE 8.3

Publish to a Topic

EXERCISE 8.4

Create Queue

EXERCISE 8.5

Subscribe Queue to SNS Topic

Review Questions

Chapter 9 Domain Name System (DNS) and Amazon Route 53

THE AWS CERTIFIED SOLUTIONS ARCHITECT EXAM TOPICS COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Domain Name System (DNS)

Domain Name System (DNS) Concepts

Top-Level Domains (TLDs) Domain Names IP Addresses Hosts Subdomains Fully Qualified Domain Name (FQDN) Name Servers Zone Files Top-Level Domain (TLD) Name Registrars

Steps Involved in Domain Name System (DNS) Resolution

Top-Level Domain (TLD) Servers Domain-Level Name Servers Resolving Name Servers More About Zone Files

Record Types

Start of Authority (SOA) Record A and AAAA Canonical Name (CNAME) Mail Exchange (MX) Name Server (NS) Pointer (PTR) Sender Policy Framework (SPF) Text (TXT) Service (SRV)

Amazon Route 53 Overview

Domain Registration Domain Name System (DNS) Service Hosted Zones Supported Record Types

Simple Weighted Latency-Based Failover Geolocation More on Health Checking

Amazon Route 53 Enables Resiliency

Summary Exam Essentials Exercises

EXERCISE 9.1

Create a New Zone

EXERCISE 9.2

Create Two Web Servers in Two Different Regions

Create an Amazon EC2 Instance Connect to Your Amazon EC2 Instance Create an Elastic Load Balancing Load Balancer Create These Resources in a Second Region

EXERCISE 9.3

Create an Alias A Record with a Simple Routing Policy

EXERCISE 9.4

Create a Weighted Routing Policy

EXERCISE 9.5

Create a Hosted Zone for Amazon Virtual Private Cloud (Amazon VPC)

Create a Private Hosted Zone Verify Amazon VPC Configuration Create Resource Record Sets Connect to Your Amazon EC2 Instance

Review Questions

Chapter 10 Amazon ElastiCache

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction In-Memory Caching Amazon ElastiCache

Data Access Patterns Cache Engines Nodes and Clusters Design for Failure Memcached Auto Discovery Using Auto Discovery Scaling Replication and Multi-AZ

Multi-AZ Replication Groups

Understand That Replication Is Asynchronous Backup and Recovery Backup Redis Clusters Access Control

Summary Exam Essentials Exercises

EXERCISE 10.1

Create an Amazon ElastiCache Cluster Running Memcached

EXERCISE 10.2

Expand the Size of a Memcached Cluster

EXERCISE 10.3

Create an Amazon ElastiCache Cluster and Redis Replication Group

Review Questions

Chapter 11 Additional Key Services

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM TOPICS OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Storage and Content Delivery

Amazon CloudFront

Overview Amazon CloudFront Basics Amazon CloudFront Advanced Features Use Cases

AWS Storage Gateway

Overview Use Cases

Security

AWS Directory Service

Overview Use Cases

AWS Key Management Service (KMS) and AWS CloudHSM

Overview Use Cases

AWS CloudTrail

Overview Use Cases

Analytics

Amazon Kinesis

Overview Use Cases

Amazon Elastic MapReduce (Amazon EMR)

Overview Use Cases

AWS Data Pipeline

Overview Use Cases

AWS Import/Export

Overview Use Cases

DevOps

AWS OpsWorks

Overview Use Cases

AWS CloudFormation

Overview Use Case

AWS Elastic Beanstalk

Overview Use Cases Key Features

AWS Trusted Advisor AWS Config

Overview Use Cases Key Features

Summary Exam Essentials Review Questions

Chapter 12 Security on AWS

THE AWS CERTIFIED SOLUTIONS ARCHITECT EXAM TOPICS COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Shared Responsibility Model AWS Compliance Program AWS Global Infrastructure Security

Physical and Environmental Security

Fire Detection and Suppression Power Climate and Temperature Management Storage Device Decommissioning

Business Continuity Management

Availability Incident Response Communication

Network Security

Secure Network Architecture Secure Access Points Transmission Protection

Network Monitoring and Protection

AWS Account Security Features

AWS Credentials Passwords AWS Multi-Factor Authentication (AWS MFA) Access Keys Key pairs X.509 Certificates AWS CloudTrail

AWS Cloud Service-Specific Security

Compute Services

Amazon Elastic Compute Cloud (Amazon EC2) Security

Networking

Elastic Load Balancing Security Amazon Virtual Private Cloud (Amazon VPC) Security Amazon CloudFront Security

Storage

Amazon Simple Storage Service (Amazon S3) Security Data Access Data Transfer Data Storage Access Logs Cross-Origin Resource Sharing (CORS) Amazon Glacier Security Data Transfer Data Retrieval Data Storage Data Access

AWS Storage Gateway Security

Data Transfer Data Storage

Database

Amazon DynamoDB Security Amazon Relational Database Service (Amazon RDS) Security Amazon Redshift Security Amazon ElastiCache Security

Application Services

Amazon Simple Queue Service (Amazon SQS) Security Amazon Simple Notification Service (Amazon SNS) Security

Analytics Services

Amazon Elastic MapReduce (Amazon EMR) Security Amazon Kinesis Security

Deployment and Management Services

AWS Identity and Access Management (IAM) Security

Mobile Services

Amazon Cognito Security

Applications

Amazon WorkSpaces Security

Summary

Security Model Account Level Security Service-Specific Security

Compute Networking Storage Database Application Services Analytics Deployment and Management Mobile Services Applications

Exam Essentials Exercises Review Questions

Chapter 13 AWS Risk and Compliance

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Overview of Compliance in AWS

Shared Responsibility Model Strong Compliance Governance

Evaluating and Integrating AWS Controls

AWS IT Control Information

Specific Control Definition General Control Standard Compliance

AWS Global Regions

AWS Risk and Compliance Program

Risk Management Control Environment Information Security

AWS Reports, Certifications, and Third-Party Attestations Summary Exam Essentials Review Questions

Chapter 14 Architecture Best Practices

THE AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING: Introduction Design for Failure and Nothing Fails Implement Elasticity

Scaling Vertically Scaling Horizontally

Stateless Applications Stateless Components Stateful Components

Deployment Automation

Automate Your Infrastructure Bootstrap Your Instances

Leverage Different Storage Options

One Size Does Not Fit All

Build Security in Every Layer

Best Practice Use AWS Features for Defense in Depth Offload Security Responsibility to AWS Reduce Privileged Access Best Practice Security as Code Real-Time Auditing

Think Parallel Loose Coupling Sets You Free

Best Practice Sample Loosely Coupled Architecture

Don’t Fear Constraints Summary Exam Essentials Exercises

EXERCISE 14.1

Create a Custom Amazon VPC

EXERCISE 14.2

Create an Internet Gateway for Your Custom Amazon VPC

EXERCISE 14.3

Update the Main Route Table for Your Custom Amazon VPC

EXERCISE 14.4

Create Public Subnets for Your Custom Amazon VPC

EXERCISE 14.5

Create a NAT Gateway for Your Custom Amazon VPC

EXERCISE 14.6

Create a Private Route Table for Your Custom Amazon VPC

EXERCISE 14.7

Create Private Subnets for Your Custom Amazon VPC

EXERCISE 14.8

Create Security Groups for Each Application Tier

EXERCISE 14.9

Create a MySQL Multi-AZ Amazon RDS Instance

EXERCISE 14.10

Create an Elastic Load Balancer (ELB)

EXERCISE 14.11

Create a Web Server Auto Scaling Group

EXERCISE 14.12

Create a Route 53 Hosted Zone

EXERCISE 14.13

Create an Alias A Record

EXERCISE 14.14

Test Your Configuration

Review Questions

Appendix A Answers to Review Questions

Chapter 1: Introduction to AWS Chapter 2: Amazon Simple Storage Service (Amazon S3) and Amazon Glacier Storage Chapter 3: Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS) Chapter 4: Amazon Virtual Private Cloud (Amazon VPC) Chapter 5: Elastic Load Balancing, Amazon CloudWatch, and Auto Scaling Chapter 6: AWS Identity and Access Management (IAM) Chapter 7: Databases and AWS Chapter 8: SQS, SWF, and SNS Chapter 9: Domain Name System (DNS) and Amazon Route 53 Chapter 10: Amazon ElastiCache Chapter 11: Additional Key Services Chapter 12: Security on AWS Chapter 13: AWS Risk and Compliance Chapter 14: Architecture Best Practices

Comprehensive Online Learning Environment WILEY END USER LICENSE AGREEMENT

← Prev
Back
Next →

← Prev
Back
Next →