Virtual, hands-on learning labs allow you to apply your technical skills in realistic environments. So Sybex has bundled AWS labs from XtremeLabs with our popular AWS Certified Solutions Architect Study Guide to give you the same experience working in these labs as you prepare for the Certified Solutions Architect Exam that you would face in a real-life application. These labs in addition to the book are a proven way to prepare for the certification and for work as an AWS Solutions Architect.
The AWS Certified Solutions Architect Study Guide: Associate (SAA-C01) Exam is your complete and fully updated resource to the AWS Solutions Architect - Associate certification. This invaluable Sybex study guide covers all relevant aspects of the AWS Solutions Architect job role, including mapping multi-tier architectures to AWS services, loose coupling and stateless systems, applying AWS security features, deploying and managing services, designing large scale distributed systems, and many more. Written by two AWS subject-matter experts, this self-study guide and reference provides all the tools and information necessary to master the exam, earn your certification, and gain insights into the job of an AWS Solutions Architect. Efficient and logical presentation of exam objectives allows for flexible study of topics, and powerful learning tools increase comprehension and retention of key exam elements. Practice questions, chapter reviews, and detailed examination of essential concepts fully prepare you for the AWS Solutions Architect – Associate certification.
The certification is highly valued in IT and cloud computing professionals. Now in a new edition - reflecting the latest changes, additions, and updates to the AWS Solutions Architect – Associate certification exam guide - this book is your complete, one-stop resource:
- Learn all the components of the AWS exam and know what to expect on exam day
- Review challenging exam topics and focus on the areas that need improvement
- Expand your AWS skillset and keep pace with current cloud computing technologies
- Readers will also have one year of free access to the Sybex interactive online learning environment and test bank, providing a suite of robust study tools including an assessment test, chapter tests, bonus practice exam, electronic flashcards, and a glossary of key terms.
The AWS Certified Solutions Architect Study Guide: Associate (SAA-C01) Exam enables you to validate your skills, increase your competitive advantage, and take the next step on your career path. Comprehensive and up-to-date content and superior study tools make this guide a must-have resource for those seeking AWS Solutions Architect – Associate certification.
And with this edition you also get XtremeLabs virtual labs that run from your browser. The registration code is included with the book and gives you 6 months unlimited access to XtremeLabs AWS Certified Solutions Architect Labs with 10 unique lab modules based on the book.
Table of Contents
Introduction xxv
Assessment Test xxxi
Part I The Core AWS Services 1
Chapter 1 Introduction to Cloud Computing and AWS 3
Cloud Computing and Virtualization 4
Cloud Computing Architecture 5
Cloud Computing Optimization 5
The AWS Cloud 6
AWS Platform Architecture 11
AWS Reliability and Compliance 13
The AWS Shared Responsibility Model 13
The AWS Service Level Agreement 14
Working with AWS 14
The AWS CLI 15
AWS SDKs 15
Technical Support and Online Resources 15
Support Plans 15
Other Support Resources 16
Summary 16
Exam Essentials 17
Exercise 17
Review Questions 18
Chapter 2 Amazon Elastic Compute Cloud and Amazon Elastic Block Store 21
Introduction 22
EC2 Instances 22
Provisioning Your Instance 23
Configuring Instance Behavior 28
Instance Pricing 28
Instance Lifecycle 29
Resource Tags 30
Service Limits 30
EC2 Storage Volumes 31
Elastic Block Store Volumes 31
Instance Store Volumes 33
Accessing Your EC2 Instance 33
Securing Your EC2 Instance 35
Security Groups 35
IAM Roles 36
NAT Devices 36
Key Pairs 37
Other EC2-Related Services 37
AWS Systems Manager 37
Placement Groups 37
AWS Elastic Beanstalk 37
Amazon Elastic Container Service and AWS Fargate 38
AWS Lambda 38
VM Import/Export 38
Elastic Load Balancing and Auto Scaling 38
AWS CLI Example 39
Summary 40
Exam Essentials 40
Review Questions 42
Chapter 3 Amazon Simple Storage Service and Amazon Glacier Storage 47
Introduction 48
S3 Service Architecture 49
Prefixes and Delimiters 49
Working with Large Objects 49
Encryption 50
Logging 51
S3 Durability and Availability 51
Durability 52
Availability 52
Eventually Consistent Data 53
S3 Object Lifecycle 53
Versioning 53
Lifecycle Management 54
Accessing S3 Objects 54
Access Control 55
Presigned URLs 56
Static Website Hosting 56
S3 and Glacier Select 57
Amazon Glacier 57
Storage Pricing 58
Other Storage-Related Services 59
Amazon Elastic File System 59
AWS Storage Gateway 59
AWS Snowball 59
AWS CLI Example 60
Summary 61
Exam Essentials 61
Review Questions 63
Chapter 4 Amazon Virtual Private Cloud 67
Introduction 68
VPC CIDR Blocks 68
Secondary CIDR Blocks 69
IPv6 CIDR Blocks 69
Subnets 70
Subnet CIDR Blocks 70
Availability Zones 71
IPv6 CIDR Blocks 72
Elastic Network Interfaces 72
Primary and Secondary Private IP Addresses 72
Attaching Elastic Network Interfaces 73
Internet Gateways 73
Route Tables 74
Routes 74
The Default Route 75
Security Groups 76
Inbound Rules 76
Outbound Rules 77
Sources and Destinations 78
Stateful Firewall 78
Default Security Group 78
Network Access Control Lists 79
Inbound Rules 79
Outbound Rules 80
Using Network Access Control Lists and Security Groups Together 81
Public IP Addresses 82
Elastic IP Addresses 82
Network Address Translation 83
Network Address Translation Devices 84
Configuring Route Tables to Use NAT Devices 85
NAT Gateway 86
NAT Instance 87
VPC Peering 87
Summary 88
Exam Essentials 89
Review Questions 91
Chapter 5 Databases 95
Introduction 96
Relational Databases 96
Columns and Attributes 96
Using Multiple Tables 97
Structured Query Language 98
Online Transaction Processing vs. Online Analytic Processing 99
Amazon Relational Database Service 99
Database Engines 100
Licensing Considerations 101
Database Option Groups 101
Database Instance Classes 102
Storage 103
Read Replicas 106
High Availability (Multi-AZ) 108
Backup and Recovery 109
Automated Snapshots 109
Maintenance Items 110
Amazon Redshift 110
Compute Nodes 110
Data Distribution Styles 111
Nonrelational (No-SQL) Databases 111
Storing Data 111
Querying Data 112
Types of Nonrelational Databases 112
DynamoDB 112
Partition and Hash Keys 113
Attributes and Items 113
Throughput Capacity 114
Reading Data 116
Summary 117
Exam Essentials 117
Review Questions 119
Chapter 6 Authentication and Authorization - AWS Identity and Access Management 123
Introduction 124
IAM Identities 125
IAM Policies 125
User and Root Accounts 126
Access Keys 129
Groups 130
Roles 131
Authentication Tools 131
Amazon Cognito 132
AWS Managed Microsoft AD 132
AWS Single Sign-On 132
AWS Key Management Service 133
AWS Secrets Manager 133
AWS CloudHSM 133
AWS CLI Example 134
Summary 135
Exam Essentials 136
Review Questions 137
Chapter 7 CloudTrail, CloudWatch, and AWS Config 141
Introduction 142
CloudTrail 143
Management Events 143
Data Events 144
Event History 144
Trails 144
Log File Integrity Validation 146
CloudWatch 147
CloudWatch Metrics 147
Graphing Metrics 149
Metric Math 150
CloudWatch Logs 152
Log Streams and Log Groups 153
Metric Filters 153
CloudWatch Agent 153
Sending CloudTrail Logs to CloudWatch Logs 154
CloudWatch Alarms 155
Data Point to Monitor 155
Threshold 155
Alarm States 156
Data Points to Alarm and Evaluation Period 156
Missing Data 157
Actions 157
AWS Config 158
The Configuration Recorder 159
Configuration Items 159
Configuration History 159
Configuration Snapshots 160
Monitoring Changes 161
Summary 162
Exam Essentials 162
Review Questions 164
Chapter 8 The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 169
Introduction 170
The Domain Name System 170
Namespaces 170
Name Servers 171
Domains and Domain Names 171
Domain Registration 172
Domain Layers 172
Fully Qualified Domain Names 172
Zones and Zone Files 173
Record Types 173
Alias Records 174
Amazon Route 53 174
Domain Registration 174
DNS Management 175
Availability Monitoring 176
Routing Policies 177
Traffic Flow 180
Amazon CloudFront 181
AWS CLI Example 182
Summary 183
Exam Essentials 183
Review Questions 185
Part II The Well-Architected Framework 189
Chapter 9 The Reliability Pillar 191
Introduction 192
Calculating Availability 192
Availability Differences in Traditional vs. Cloud-Native Applications 193
Know Your Limits 196
Increasing Availability 196
EC2 Auto Scaling 197
Launch Configurations 197
Launch Templates 197
Auto Scaling Groups 199
Auto Scaling Options 200
Data Backup and Recovery 204
S3 204
Elastic File System 205
Elastic Block Storage 205
Database Resiliency 205
Creating a Resilient Network 206
VPC Design Considerations 206
External Connectivity 207
Designing for Availability 207
Designing for 99 Percent Availability 208
Designing for 99.9 Percent Availability 209
Designing for 99.99 Percent Availability 210
Summary 211
Exam Essentials 211
Review Questions 213
Chapter 10 The Performance Efficiency Pillar 217
Introduction 218
Optimizing Performance for the Core AWS Services 218
Compute 219
Storage 223
Database 226
Network Optimization and Load Balancing 227
Infrastructure Automation 230
CloudFormation 230
Third-Party Automation Solutions 232
Continuous Integration and Continuous Deployment 232
Reviewing and Optimizing Infrastructure Configurations 234
Load Testing 235
Visualization 235
Optimizing Data Operations 236
Caching 237
Partitioning/Sharding 238
Compression 239
Summary 239
Exam Essentials 240
Review Questions 242
Chapter 11 The Security Pillar 247
Introduction 248
Identity and Access Management 248
Protecting AWS Credentials 248
Fine-Grained Authorization 249
Permissions Boundaries 251
Roles 252
Enforcing Service-Level Protection 258
Detective Controls 258
CloudTrail 258
CloudWatch Logs 259
Searching Logs with Athena 260
Auditing Resource Configurations with AWS Config 262
Amazon GuardDuty 264
Amazon Inspector 265
Protecting Network Boundaries 267
Network Access Control Lists and Security Groups 267
AWS Web Application Firewall 267
AWS Shield 268
Data Encryption 268
Data at Rest 268
Data in Transit 270
Summary 270
Exam Essentials 271
Review Questions 272
Chapter 12 The Cost Optimization Pillar 277
Introduction 278
Planning, Tracking, and Controlling Costs 278
AWS Budgets 279
Monitoring Tools 280
AWS Organizations 281
AWS Trusted Advisor 282
Online Calculator Tools 282
Cost-Optimizing Compute 284
Maximizing Server Density 284
EC2 Reserved Instances 285
EC2 Spot Instances 285
Auto Scaling 288
Elastic Block Store Lifecycle Manager 288
Summary 288
Exam Essentials 289
Review Questions 290
Chapter 13 The Operational Excellence Pillar 295
Introduction 296
CloudFormation 296
Creating Stacks 297
Deleting Stacks 298
Using Multiple Stacks 298
Stack Updates 301
Preventing Updates to Specific Resources 302
Overriding Stack Policies 303
CodeCommit 303
Creating a Repository 304
Repository Security 304
Interacting with a Repository Using Git 305
CodeDeploy 307
The CodeDeploy Agent 308
Deployments 308
Deployment Groups 308
Deployment Types 308
Deployment Configurations 309
Lifecycle Events 310
The Application Specification File 311
Triggers and Alarms 312
Rollbacks 312
CodePipeline 313
Continuous Integration 313
Continuous Delivery 313
Creating the Pipeline 314
Artifacts 315
AWS Systems Manager 316
Actions 316
Insights 318
Summary 320
Exam Essentials 320
Review Questions 322
Appendix Answers to Review Questions 327
Chapter 1: Introduction to Cloud Computing and AWS 328
Chapter 2: Amazon Elastic Compute Cloud and Amazon Elastic Block Store 329
Chapter 3: Amazon Simple Storage Service and Amazon Glacier Storage 331
Chapter 4: Amazon Virtual Private Cloud 332
Chapter 5: Databases 334
Chapter 6: Authentication and Authorization - AWS Identity and Access Management 336
Chapter 7: CloudTrail, CloudWatch, and AWS Config 338
Chapter 8: The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 340
Chapter 9: The Reliability Pillar 342
Chapter 10: The Performance Efficiency Pillar 344
Chapter 11: The Security Pillar 346
Chapter 12: The Cost Optimization Pillar 348
Chapter 13: The Operational Excellence Pillar 349
Index 353
