Home Page Icon
Home Page
Table of Contents for
Contributors
Close
Contributors
by Stuart Scott, Gabriel Ramirez
AWS Certified Solutions Architect - Associate Guide
Title Page
Copyright and Credits
AWS Certified Solutions Architect – Associate Guide
Dedication
Packt Upsell
Why subscribe?
Packt.com
Contributors
About the authors
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Reviews
Introducing Amazon Web Services
Technical requirements
Minimizing complexity
Conway's law
Cloud computing
Architecting for AWS
Cloud design principles
Cloud design patterns – CDP
AWS Cloud Adoption Framework – AWS CAF
AWS Well-Architected Framework – AWS WAF
Shared security model
Identity and Access Management
User creation
Designing an access structure
Create an administration group
Business case
Inline policies
IAM cross-account roles
Summary
Further reading
AWS Global Infrastructure Overview
Technical requirements
Introducing AWS global infrastructure
Becoming a service company
Data centers
10,000-feet view
Regions
100,000-feet view
Latency
Compliance
Supported services
Cost
Connectivity
Endpoint access
Global CDN
Amazon CloudFront
Single region / multi-region patterns
Rationale
Active-active
Active-passive
Network-partitioning tolerance
Complexity
CloudFront
Data replication and redundancy with managed services
Exercise
Replicating tags
Replicating ACLs
Distributed nature of S3
Metadata replication
Encryption replication
Hosting a static website with S3 and CloudFront
Summary
Further reading
Elasticity and Scalability Concepts
Technical requirements
Sources of failure
The cause
Dividing and conquering
Serial configuration
Parallel configuration
Reactive and proactive scalability
Horizontal scalability
Vertical scalability
Exercise
Virtualization technologies
LAMP installation
Scaling the web server
Resiliency
EC2 persistence model
Disaster recovery 
Cascading deletion
Bootstrapping
Scaling the compute layer
Proactive scalability
Scaling a database server
Summary
Further reading
Hybrid Cloud Architectures
Effective migration to the cloud
Extending your data center
All in the cloud
VPC
Tenancy
Sizing
The default VPC
Public traffic
Private traffic
Security groups
Creating a security group
Chaining security groups
Bastion host
Hybrid deployment
Software VPNs
Static hardware VPNs
Dynamic hardware VPNs
Direct Connect (DX)
Storage gateway use cases
Network filesystems with file gateways
Block storage iSCSI with volume gateway – stored
Block storage iSCSI with volume gateway – cached
Virtual tape library iSCSI with a tape gateway
The Database Migration Service
Homogeneous migration
The AWS Schema Conversion tool
Heterogeneous migrations
Summary
Further reading
Resilient Patterns
Technical requirements
Route 53
Health checks
Record types
Summary
Further reading
Event Driven and Stateless Architectures
Technical requirements
Web application hosting
Route 53
Serverless application architecture
Streaming data architecture
Summary
Further reading
Integrating Application Services
Technical requirements
SQS as a reliable broker
Asynchrony
Creating a queue
Security
Durability
Message delivery
Message reception
Messaging patterns
Managing 1:N communications with SNS
Subscriber
Fanout
Authenticating your web and mobile apps with Cognito
Cognito user pools
Federated identities
API Gateway integration
Request flow
WebSockets in AWS
AWS IoT
AWS AppSync
Web app demo
Summary
Further reading
Disaster Recovery Strategies
Technical requirements
Availability metrics
The business perspective
Business impact analysis
Recovery Time Objective (RTO)
Recovery Point Objective (RPO)
Availability monitoring
Backup and restore
Preparation phase
In the case of a disaster
Trade-offs
Pilot light
The preparation phase
In the case of a disaster
Trade-offs
Warm standby
The preparation phase
In the case of a disaster
Trade-offs
Multi-site active-active
The preparation phase
In the case of a disaster
Trade-offs
Best practices
Summary
Further reading
Storage Options
Technical requirements
Relational databases
RDS
Managed capabilities
Instances
Parameter groups
Option groups
Snapshots
Events
Multi-AZ
Read replicas
Caching
Object storage
Simple storage service
Data organization
Integrity
Availability
Cost dimensions
Reducing cost
Durability
Maximum durability
Limited durability
Use cases
Consistency
Storage optimization
Creating objects from the CLI
Copy an existing object
Using a lifecycle policy
Lifecycle policies
Archiving with Glacier
Retrieval options
Workflow
NoSQL
DynamoDB
Control plane
Managed capabilities
Consistency
Local secondary index
Global secondary index
DynamoDB Streams
Global tables
Summary
Further reading
Matching Supply and Demand
Technical requirements
Elastic Load Balancing
Classic Load Balancer – CLB
Network Load Balancer – NLB
Application Load Balancer – ALB
Creating an Application Load Balancer
ELB attributes
Stateless versus stateful
Internet-facing versus internal-facing
TCP passthrough
Cross-zone load balancing
Connection draining
AWS Auto Scaling
Alternate flow
Create a launch configuration
Auto Scaling groups
Resiliency
Summary
Further reading
Introducing Amazon Elastic MapReduce
Technical requirements
Clustering in AWS
High performance computing
CfnCluster
Enhanced networking
Jumbo frames
Placement groups
Creating a placement group
Benchmarking
Elastic MapReduce
MapReduce
Analyzing a public dataset
Summary
Further reading
Web Scale Applications
Technical requirements
AWS Lambda
Summary
Further reading
Understanding Access Control
Technical requirements
Authentication, authorization, and access control
Authentication
Authorization
Access control
Authenticating via access control methods
Usernames and passwords
Multi-factor authentication
Programmatic access
Key pairs
IAM roles
Cross-account roles
Web identity and SAML federation
Federation of access
Web identity federation
SAML 2.0 federation
IAM authorization
Users
Groups
Roles
Identity-based policies
Managed policies versus inline policies
Writing policies from scratch by using a JSON policy editor
Using the visual editor within IAM
Copying an existing managed policy
Inline policies
Summary
Further reading
Encryption and Key Management
Technical requirements
An overview of encryption
Symmetric key cryptography
Asymmetric key cryptography
EBS encryption
Encrypting a new EBS volume
Encrypting a new EBS volume during the launch of a new EC2 instance
Encrypting an existing EBS volume
Amazon S3 encryption
Server-side encryption with S3 managed keys (SSE-S3)
Server-side encryption with KMS managed keys (SSE-KMS)
Server-side encryption with customer managed keys (SSE-C)
Client-side encryption with KMS managed keys (CSE-KMS)
Client-side encryption with KMS managed keys (CSE-C)
RDS encryption
How to enable encryption
Steps to encrypt an existing database
Key Management Service (KMS)
So, what is KMS?
Customer master keys
Data encryption keys (DEK)
Key policies
Grants
Key rotation
Manual key rotation
Summary
Further reading
An Overview of Security and Compliance Services
Technical requirements
AWS CloudTrail
Amazon Inspector
Installing the agent
Assessment templates, runs, and findings
AWS Trusted Advisor
Yellow warning under service limits
Red warning under service limits
AWS Systems Manager
Resource groups
Creating a resource group
Actions
Insights
Shared resource
AWS Config
Configuration item
Configuration streams
Configuration history
Configuration snapshot
Configuration recorder
Config rules
Resource relationship
High-level process overview
Summary
Further reading
AWS Security Best Practices
Technical requirements
Shared responsibility model
Data protection
Using encryption at rest for sensitive data
Taking advantage of encryption features built into AWS services
Using encryption in transit for sensitive data
Protecting against unexpected data loss
Using S3 MFA delete to prevent accidental deletion
Using S3 lifecycle policies
Implementing S3 versioning to protect against unintended actions
Virtual Private Cloud
Using security groups to control access at an instance level
Using NACLs to control access at a subnet level
Implementing the rule of least privilege
Implementing layers in your VPC
Creating Flow Logs to obtain deeper analysis of network traffic
Identity and Access Management
Avoid sharing identities
Using MFA for privileged users
Using roles
Password policy
Assigning permissions to groups instead of to individual users
Rotating your access keys
Assigning permissions according to the rule of least privilege
Re-evaluating permissions and deleting accounts
Do not use the root account as an operational user
EC2 security
Implementing a patching strategy
Controlling access with security groups
Encrypting sensitive data on persistent storage
Harden the operating system
Using Bastion hosts to connect to your EC2 instances
Security services
Summary
Further reading
Web Application Security
Technical requirements
AWS web application firewall
Conditions
Rules
Web ACL
Monitoring
AWS Shield
DDoS
Shield plans
AWS Firewall Manager
Before using AWS Firewall Manager
Amazon CloudFront security features
Summary
Further reading
Cost Effective Resources
Technical requirements
Reserved Instances
Standard Reserved Instances
Convertible Reserved Instances
Billing and cost management
Billing alarms
Service level alarms
Billing reports
Cost Explorer
Reserved Instances recommendations
QuickSight visualization
Cost Allocation Tags
AWS Organizations
Summary
Further reading
Working with Infrastructure as Code
Technical requirements
AWS CloudFormation
Template anatomy
Resources
Stack updates
Deletion policy
Outputs
Template reusability
Parameters
Mappings
Depends on
Helper scripts
Multi-tier web app
Best practices
Summary
Further reading
Automation with AWS
Technical requirements
Incident Response
CloudWatch Logs Agent
CloudWatch Metric Filters
Summary
Further reading
Introduction to the DevOps practice in AWS
Technical requirements
CI / CD pipeline
AWS CodeDeploy
AppSpec file
Summary
Further reading
Mock Test 1
Mock Test 2
Assessment
Mock Test 1
Mock Test 2
Another Book You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Packt.com
Next
Next Chapter
About the authors
Contributors
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset