O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

AWS Certified Solutions Architect - Associate Guide

Book Description

Learn from the AWS subject-matter experts, apply real-world scenarios and clear the AWS Certified Solutions Architect –Associate exam

Key Features

  • Build highly reliable and scalable workloads on the AWS platform
  • Pass the exam in less time and with confidence
  • Get up and running with building and managing applications on the AWS platform

Book Description

Amazon Web Services (AWS) is currently the leader in the public cloud market. With an increasing global interest in leveraging cloud infrastructure, the AWS Cloud from Amazon offers a cutting-edge platform for architecting, building, and deploying web-scale cloud applications.

As more the rate of cloud platform adoption increases, so does the need for cloud certification. The AWS Certified Solution Architect – Associate Guide is your one-stop solution to gaining certification. Once you have grasped what AWS and its prerequisites are, you will get insights into different types of AWS services such as Amazon S3, EC2, VPC, SNS, and more to get you prepared with core Amazon services. You will then move on to understanding how to design and deploy highly scalable applications. Finally, you will study security concepts along with the AWS best practices and mock papers to test your knowledge.

By the end of this book, you will not only be fully prepared to pass the AWS Certified Solutions Architect – Associate exam but also capable of building secure and reliable applications.

What you will learn

  • Explore AWS terminology and identity and access management
  • Acquaint yourself with important cloud services and features in categories such as compute, network, storage, and databases
  • Define access control to secure AWS resources and set up efficient monitoring
  • Back up your database and ensure high availability by understanding all of the database-related services in the AWS Cloud
  • Integrate AWS with your applications to meet and exceed non-functional requirements
  • Build and deploy cost-effective and highly available applications

Who this book is for

The AWS Certified Solutions Architect –Associate Guide is for you if you are an IT professional or Solutions Architect wanting to pass the AWS Certified Solution Architect – Associate 2018 exam. This book is also for developers looking to start building scalable applications on AWS

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. AWS Certified Solutions Architect – Associate Guide
  3. Dedication
  4. Packt Upsell
    1. Why subscribe?
    2. Packt.com
  5. Contributors
    1. About the authors
    2. About the reviewer
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Conventions used
    4. Get in touch
      1. Reviews
  7. Introducing Amazon Web Services
    1. Technical requirements
    2. Minimizing complexity
    3. Conway's law
    4. Cloud computing
      1. Architecting for AWS
      2. Cloud design principles
    5. Cloud design patterns – CDP
    6. AWS Cloud Adoption Framework – AWS CAF
    7. AWS Well-Architected Framework – AWS WAF
    8. Shared security model
    9. Identity and Access Management
      1. User creation
      2. Designing an access structure
        1. Create an administration group
          1. Business case
      3. Inline policies
      4. IAM cross-account roles
    10. Summary
    11. Further reading
  8. AWS Global Infrastructure Overview
    1. Technical requirements
    2. Introducing AWS global infrastructure
      1. Becoming a service company
      2. Data centers
      3. 10,000-feet view
    3. Regions
      1. 100,000-feet view
      2. Latency
      3. Compliance
      4. Supported services
      5. Cost
      6. Connectivity
      7. Endpoint access
    4. Global CDN
      1. Amazon CloudFront
      2. Single region / multi-region patterns
      3. Rationale
      4. Active-active
      5. Active-passive
      6. Network-partitioning tolerance
      7. Complexity
      8. CloudFront
    5. Data replication and redundancy with managed services
      1. Exercise
      2. Replicating tags
      3. Replicating ACLs
      4. Distributed nature of S3
      5. Metadata replication
      6. Encryption replication
    6. Hosting a static website with S3 and CloudFront
    7. Summary
    8. Further reading
  9. Elasticity and Scalability Concepts
    1. Technical requirements
    2. Sources of failure
      1. The cause
    3. Dividing and conquering
      1. Serial configuration
      2. Parallel configuration
      3. Reactive and proactive scalability
        1. Horizontal scalability
        2. Vertical scalability
          1. Exercise
    4. Virtualization technologies
    5. LAMP installation
    6. Scaling the web server
    7. Resiliency
    8. EC2 persistence model
    9. Disaster recovery 
    10. Cascading deletion
    11. Bootstrapping
    12. Scaling the compute layer
      1. Proactive scalability
    13. Scaling a database server
    14. Summary
    15. Further reading
  10. Hybrid Cloud Architectures
    1. Effective migration to the cloud
    2. Extending your data center
      1. All in the cloud
        1. VPC
        2. Tenancy
        3. Sizing
        4. The default VPC
        5. Public traffic
        6. Private traffic
        7. Security groups
        8. Creating a security group
        9. Chaining security groups
        10. Bastion host
      2. Hybrid deployment
        1. Software VPNs
        2. Static hardware VPNs
        3. Dynamic hardware VPNs
        4. Direct Connect (DX)
    3. Storage gateway use cases
      1. Network filesystems with file gateways
      2. Block storage iSCSI with volume gateway – stored
      3. Block storage iSCSI with volume gateway – cached
      4. Virtual tape library iSCSI with a tape gateway
    4. The Database Migration Service
      1. Homogeneous migration
      2. The AWS Schema Conversion tool
      3. Heterogeneous migrations
    5. Summary
    6. Further reading
  11. Resilient Patterns
    1. Technical requirements
    2. Route 53
      1. Health checks
      2. Record types
    3. Summary
    4. Further reading
  12. Event Driven and Stateless Architectures
    1. Technical requirements
    2. Web application hosting
      1. Route 53
    3. Serverless application architecture
    4. Streaming data architecture
    5. Summary
    6. Further reading
  13. Integrating Application Services
    1. Technical requirements
    2. SQS as a reliable broker
      1. Asynchrony
      2. Creating a queue
      3. Security
      4. Durability
      5. Message delivery
      6. Message reception
      7. Messaging patterns
    3. Managing 1:N communications with SNS
      1. Subscriber
      2. Fanout
    4. Authenticating your web and mobile apps with Cognito
      1. Cognito user pools
      2. Federated identities
      3. API Gateway integration
        1. Request flow
    5. WebSockets in AWS
      1. AWS IoT
      2. AWS AppSync
    6. Web app demo
    7. Summary
    8. Further reading
  14. Disaster Recovery Strategies
    1. Technical requirements
    2. Availability metrics
      1. The business perspective
      2. Business impact analysis
        1. Recovery Time Objective (RTO)
        2. Recovery Point Objective (RPO)
        3. Availability monitoring
    3. Backup and restore
      1. Preparation phase
        1. In the case of a disaster
        2. Trade-offs
    4. Pilot light
      1. The preparation phase
        1. In the case of a disaster
        2. Trade-offs
    5. Warm standby
      1. The preparation phase
        1. In the case of a disaster
        2. Trade-offs
    6. Multi-site active-active
      1. The preparation phase
        1. In the case of a disaster
        2. Trade-offs
      2. Best practices
    7. Summary
    8. Further reading
  15. Storage Options
    1. Technical requirements
    2. Relational databases
      1. RDS
      2. Managed capabilities
        1. Instances
        2. Parameter groups
        3. Option groups
        4. Snapshots
        5. Events
        6. Multi-AZ
        7. Read replicas
        8. Caching
    3. Object storage
      1. Simple storage service
        1. Data organization
        2. Integrity
        3. Availability
        4. Cost dimensions
        5. Reducing cost
        6. Durability
          1. Maximum durability
          2. Limited durability
        7. Use cases
        8. Consistency
        9. Storage optimization
          1. Creating objects from the CLI
          2. Copy an existing object
          3. Using a lifecycle policy
    4. Lifecycle policies
      1. Archiving with Glacier
        1. Retrieval options
      2. Workflow
    5. NoSQL
      1. DynamoDB
        1. Control plane
      2. Managed capabilities
        1. Consistency
        2. Local secondary index
        3. Global secondary index
        4. DynamoDB Streams
        5. Global tables
    6. Summary
    7. Further reading
  16. Matching Supply and Demand
    1. Technical requirements
    2. Elastic Load Balancing
      1. Classic Load Balancer – CLB
      2. Network Load Balancer – NLB
      3. Application Load Balancer – ALB
        1. Creating an Application Load Balancer
    3. ELB attributes
      1. Stateless versus stateful
      2. Internet-facing versus internal-facing
      3. TCP passthrough
      4. Cross-zone load balancing
      5. Connection draining
    4. AWS Auto Scaling
      1. Alternate flow
        1. Create a launch configuration
      2. Auto Scaling groups
      3. Resiliency
    5. Summary
    6. Further reading
  17. Introducing Amazon Elastic MapReduce
    1. Technical requirements
    2. Clustering in AWS
      1. High performance computing
        1. CfnCluster
      2. Enhanced networking
        1. Jumbo frames
    3. Placement groups
      1. Creating a placement group
      2. Benchmarking
    4. Elastic MapReduce
      1. MapReduce
      2. Analyzing a public dataset
    5. Summary
    6. Further reading
  18. Web Scale Applications
    1. Technical requirements
    2. AWS Lambda
    3. Summary
    4. Further reading
  19. Understanding Access Control
    1. Technical requirements
    2. Authentication, authorization, and access control
      1. Authentication
      2. Authorization
      3. Access control
    3. Authenticating via access control methods
      1. Usernames and passwords
      2. Multi-factor authentication
      3. Programmatic access
      4. Key pairs
      5. IAM roles
      6. Cross-account roles
      7. Web identity and SAML federation
      8. Federation of access
      9. Web identity federation
      10. SAML 2.0 federation
    4. IAM authorization
      1. Users
      2. Groups
      3. Roles
      4. Identity-based policies
      5. Managed policies versus inline policies
        1. Writing policies from scratch by using a JSON policy editor
        2. Using the visual editor within IAM
        3. Copying an existing managed policy
      6. Inline policies
    5. Summary
    6. Further reading
  20. Encryption and Key Management
    1. Technical requirements
    2. An overview of encryption
      1. Symmetric key cryptography
      2. Asymmetric key cryptography
    3. EBS encryption
      1. Encrypting a new EBS volume
      2. Encrypting a new EBS volume during the launch of a new EC2 instance
      3. Encrypting an existing EBS volume
    4. Amazon S3 encryption
      1. Server-side encryption with S3 managed keys (SSE-S3)
      2. Server-side encryption with KMS managed keys (SSE-KMS)
      3. Server-side encryption with customer managed keys (SSE-C)
      4. Client-side encryption with KMS managed keys (CSE-KMS)
      5. Client-side encryption with KMS managed keys (CSE-C)
    5. RDS encryption
      1. How to enable encryption
      2. Steps to encrypt an existing database
    6. Key Management Service (KMS)
      1. So, what is KMS?
        1. Customer master keys
        2. Data encryption keys (DEK)
        3. Key policies
        4. Grants
      2. Key rotation
        1. Manual key rotation
    7. Summary
    8. Further reading
  21. An Overview of Security and Compliance Services
    1. Technical requirements
    2. AWS CloudTrail
    3. Amazon Inspector
      1. Installing the agent
      2. Assessment templates, runs, and findings
    4. AWS Trusted Advisor
      1. Yellow warning under service limits
      2. Red warning under service limits
    5. AWS Systems Manager
      1. Resource groups
        1. Creating a resource group
      2. Actions
      3. Insights
      4. Shared resource
    6. AWS Config
      1. Configuration item
      2. Configuration streams
      3. Configuration history
      4. Configuration snapshot
      5. Configuration recorder
      6. Config rules
      7. Resource relationship
      8. High-level process overview
    7. Summary
    8. Further reading
  22. AWS Security Best Practices
    1. Technical requirements
    2. Shared responsibility model
    3. Data protection
      1. Using encryption at rest for sensitive data
      2. Taking advantage of encryption features built into AWS services
      3. Using encryption in transit for sensitive data
      4. Protecting against unexpected data loss
        1. Using S3 MFA delete to prevent accidental deletion
        2. Using S3 lifecycle policies
        3. Implementing S3 versioning to protect against unintended actions
    4. Virtual Private Cloud
      1. Using security groups to control access at an instance level
      2. Using NACLs to control access at a subnet level
      3. Implementing the rule of least privilege
      4. Implementing layers in your VPC
      5. Creating Flow Logs to obtain deeper analysis of network traffic
    5. Identity and Access Management
      1. Avoid sharing identities
      2. Using MFA for privileged users
      3. Using roles
      4. Password policy
      5. Assigning permissions to groups instead of to individual users
      6. Rotating your access keys
      7. Assigning permissions according to the rule of least privilege
      8. Re-evaluating permissions and deleting accounts
      9. Do not use the root account as an operational user
    6. EC2 security
      1. Implementing a patching strategy
      2. Controlling access with security groups
      3. Encrypting sensitive data on persistent storage
      4. Harden the operating system
      5. Using Bastion hosts to connect to your EC2 instances
    7. Security services
    8. Summary
    9. Further reading
  23. Web Application Security
    1. Technical requirements
    2. AWS web application firewall
      1. Conditions
      2. Rules
      3. Web ACL
        1. Monitoring
    3. AWS Shield
      1. DDoS
      2. Shield plans
    4. AWS Firewall Manager
      1. Before using AWS Firewall Manager
      2. Amazon CloudFront security features
    5. Summary
    6. Further reading
  24. Cost Effective Resources
    1. Technical requirements
    2. Reserved Instances
      1. Standard Reserved Instances
      2. Convertible Reserved Instances
    3. Billing and cost management
      1. Billing alarms
      2. Service level alarms
      3. Billing reports
      4. Cost Explorer
      5. Reserved Instances recommendations
      6. QuickSight visualization
      7. Cost Allocation Tags
    4. AWS Organizations
    5. Summary
    6. Further reading
  25. Working with Infrastructure as Code
    1. Technical requirements
    2. AWS CloudFormation
      1. Template anatomy
        1. Resources
      2. Stack updates
      3. Deletion policy
      4. Outputs
      5. Template reusability
        1. Parameters
        2. Mappings
      6. Depends on
    3. Helper scripts
    4. Multi-tier web app
      1. Best practices
    5. Summary
    6. Further reading
  26. Automation with AWS
    1. Technical requirements
    2. Incident Response
      1. CloudWatch Logs Agent
      2. CloudWatch Metric Filters
    3. Summary
    4. Further reading
  27. Introduction to the DevOps practice in AWS
    1. Technical requirements
    2. CI / CD pipeline
    3. AWS CodeDeploy
      1. AppSpec file
    4. Summary
    5. Further reading
  28. Mock Test 1
  29. Mock Test 2
  30. Assessment
    1. Mock Test 1
    2. Mock Test 2
  31. Another Book You May Enjoy
    1. Leave a review - let other readers know what you think