Оглавление
David Higby Clinton. AWS Certified Solutions Architect Study Guide
Table of Contents
List of Tables
List of Illustrations
Guide
Pages
AWS Certified Solutions Architect Study Guide. Associate (SAA-C02) Exam
Acknowledgments
About the Authors
Table of Exercises
Introduction
Part I, “The Core AWS Services”
Part II, “The Well‐Architected Framework”
What Does This Book Cover?
Interactive Online Learning Environment and Test Bank
Exam Objectives
Objective Map
Assessment Test
Answers to Assessment Test
Chapter 1 Introduction to Cloud Computing and AWS
Cloud Computing and Virtualization
Cloud Computing Architecture
Cloud Computing Optimization
Scalability
Elasticity
Cost Management
The AWS Cloud
AWS Platform Architecture
AWS Reliability and Compliance
The AWS Shared Responsibility Model
The AWS Service Level Agreement
Working with AWS
The AWS CLI
AWS SDKs
Technical Support and Online Resources
Support Plans
Other Support Resources
Summary
Exam Essentials
EXERCISE 1.1. Use the AWS CLI
Review Questions
Chapter 2 Amazon Elastic Compute Cloud and Amazon Elastic Block Store
Introduction
EC2 Instances
Provisioning Your Instance
EC2 Amazon Machine Images
An Important Note About Billing
Instance Types
Configuring an Environment for Your Instance
AWS Regions
VPCs
Tenancy
EXERCISE 2.1. Launch an EC2 Linux Instance and Log in Using SSH
EXERCISE 2.2. Assess the Free Capacity of a Running Instance and Change Its Instance Type
Configuring Instance Behavior
Placement Groups
Instance Pricing
EXERCISE 2.3. Assess Which Pricing Model Will Best Meet the Needs of a Deployment
Instance Lifecycle
Resource Tags
Service Limits
EC2 Storage Volumes
Elastic Block Store Volumes
EBS‐Provisioned IOPS SSD
EBS General‐Purpose SSD
Throughput‐Optimized HDD
Cold HDD
EBS Volume Features
EXERCISE 2.4. Create and Launch an AMI Based on an Existing Instance Storage Volume
Instance Store Volumes
Accessing Your EC2 Instance
Securing Your EC2 Instance
Security Groups
IAM Roles
NAT Devices
Key Pairs
EC2 Auto Scaling
Launch Configurations
Launch Templates
EXERCISE 2.5. Create a Launch Template
Auto Scaling Groups
Specifying an Application Load Balancer Target Group
Health Checks Against Application Instances
Auto Scaling Options
Manual Scaling
Dynamic Scaling Policies
Simple Scaling Policies
Step Scaling Policies
Target Tracking Policies
Scheduled Actions
AWS Systems Manager
Actions
Automation
Run Command
Session Manager
Patch Manager
State Manager
Insights
Built‐in Insights
Inventory Manager
Compliance
AWS CLI Example
EXERCISE 2.6. Install the AWS CLI and Use It to Launch an EC2 Instance
EXERCISE 2.7. Clean Up Unused EC2 Resources
Summary
Exam Essentials
Review Questions
Chapter 3 AWS Storage
Introduction
S3 Service Architecture
Prefixes and Delimiters
Working with Large Objects
EXERCISE 3.1. Create a New S3 Bucket and Upload a File
Encryption
Server‐Side Encryption
Client‐Side Encryption
Logging
S3 Durability and Availability
Durability
Availability
Eventually Consistent Data
S3 Object Lifecycle
Versioning
Lifecycle Management
EXERCISE 3.2. Enable Versioning and Lifecycle Management for an S3 Bucket
Accessing S3 Objects
Access Control
Presigned URLs
EXERCISE 3.3. Generate and Use a Presigned URL
Static Website Hosting
EXERCISE 3.4. Enable Static Website Hosting for an S3 Bucket
Amazon S3 Glacier
Storage Pricing
EXERCISE 3.5. Calculate the Total Lifecycle Costs for Your Data
Other Storage‐Related Services
Amazon Elastic File System
Amazon FSx
AWS Storage Gateway
AWS Snowball
AWS DataSync
AWS CLI Example
Summary
Exam Essentials
Review Questions
Chapter 4 Amazon Virtual Private Cloud
Introduction
VPC CIDR Blocks
Secondary CIDR Blocks
IPv6 CIDR Blocks
EXERCISE 4.1. Create a New VPC
Subnets
Subnet CIDR Blocks
Availability Zones
EXERCISE 4.2. Create a New Subnet
IPv6 CIDR Blocks
Elastic Network Interfaces
Primary and Secondary Private IP Addresses
Attaching Elastic Network Interfaces
EXERCISE 4.3. Create and Attach a Primary ENI
Enhanced Networking
Internet Gateways
Route Tables
Routes
The Default Route
EXERCISE 4.4. Create an Internet Gateway and Default Route
Security Groups
Inbound Rules
Outbound Rules
Sources and Destinations
Stateful Firewall
Default Security Group
EXERCISE 4.5. Create a Custom Security Group
Network Access Control Lists
Inbound Rules
EXERCISE 4.6. Create an Inbound Rule to Allow Remote Access from Any IP Address
Outbound Rules
Using Network Access Control Lists and Security Groups Together
Public IP Addresses
Elastic IP Addresses
EXERCISE 4.7. Allocate and Use an Elastic IP Address
AWS Global Accelerator
Network Address Translation
Network Address Translation Devices
Configuring Route Tables to Use NAT Devices
NAT Gateway
NAT Instance
VPC Peering
Hybrid Cloud Networking
Virtual Private Networks
AWS Transit Gateway
Transit Gateway Route Table
Centralized Router
Isolated VPCs
Isolated VPCs with Shared Services
EXERCISE 4.8. Create a Transit Gateway
Transit Gateway Peering
Multicast
Blackhole Routes
EXERCISE 4.9. Create a Blackhole Route
AWS Direct Connect
Dedicated
Hosted
Direct Connect Gateways
Virtual Interfaces
High‐Performance Computing
Elastic Fabric Adapter
AWS ParallelCluster
Summary
Exam Essentials
Review Questions
Chapter 5 Database Services
Introduction
Relational Databases
Columns and Attributes
Using Multiple Tables
Structured Query Language
Querying Data
Storing Data
Online Transaction Processing vs. Online Analytic Processing
OLTP
OLAP
Amazon Relational Database Service
Database Engines
Licensing Considerations
Database Option Groups
Database Instance Classes
Standard
Memory Optimized
Burstable Performance
Storage
Understanding Input/Output Operations Per Second
General‐Purpose SSD
EXERCISE 5.1. Create an RDS Database Instance
Provisioned IOPS SSD (io1)
Throughput‐Optimized HDD (st1)
Cold HDD (sc1)
Magnetic Storage (Standard)
Read Replicas
Scaling Vertically
Scaling Horizontally
EXERCISE 5.2. Create a Read Replica
EXERCISE 5.3. Promote the Read Replica to a Master
High Availability (Multi‐AZ)
Multi‐AZ with Oracle, PostgreSQL, MariaDB, MySQL, and Microsoft SQL Server
Multi‐AZ with Amazon Aurora
Single‐Master
Multi‐Master
Backup and Recovery
Automated Snapshots
Maintenance Items
Amazon Redshift
Compute Nodes
Data Distribution Styles
Redshift Spectrum
AWS Database Migration Service
Nonrelational (NoSQL) Databases
Storing Data
Querying Data
Types of Nonrelational Databases
DynamoDB
Partition and Hash Keys
Attributes and Items
Throughput Capacity
EXERCISE 5.4. Create a Table in DynamoDB Using Provisioned Mode
Auto Scaling
Reserved Capacity
Reading Data
Secondary Indexes
Global Secondary Index
Local Secondary Index
Global Tables
Backups
Summary
Exam Essentials
Review Questions
Chapter 6 Authentication and Authorization—AWS Identity and Access Management
Introduction
IAM Identities
IAM Policies
User and Root Accounts
EXERCISE 6.1. Lock Down the Root User
EXERCISE 6.2. Assign and Implement an IAM Policy
Access Keys
Deactivating Unused Keys
Key Rotation
EXERCISE 6.3. Create, Use, and Delete an AWS Access Key
Groups
EXERCISE 6.4. Create and Configure an IAM Group
Roles
Authentication Tools
Amazon Cognito
AWS Managed Microsoft AD
AWS Single Sign‐On
AWS Key Management Service
AWS Secrets Manager
AWS CloudHSM
AWS CLI Example
Summary
Exam Essentials
Review Questions
Chapter 7 CloudTrail, CloudWatch, and AWS Config
Introduction
CloudTrail
Management Events
Data Events
Event History
Trails
Creating a Trail
Logging Management and Data Events
EXERCISE 7.1. Create a Trail
Log File Integrity Validation
CloudWatch
CloudWatch Metrics
Basic and Detailed Monitoring
Regular and High‐Resolution Metrics
Expiration
Graphing Metrics
Metric Math
EXERCISE 7.2. Create a Graph Using Metric Math
CloudWatch Logs
Log Streams and Log Groups
Metric Filters
CloudWatch Agent
Sending CloudTrail Logs to CloudWatch Logs
EXERCISE 7.3. Deliver CloudTrail Logs to CloudWatch Logs
CloudWatch Alarms
Data Point to Monitor
Threshold
Alarm States
Data Points to Alarm and Evaluation Period
Missing Data
Actions
Amazon EventBridge
Event Buses
Rules and Targets
AWS Config
The Configuration Recorder
Configuration Items
Configuration History
Configuration Snapshots
Monitoring Changes
Starting and Stopping the Configuration Recorder
Recording Software Inventory
Managed and Custom Rules
Summary
Exam Essentials
Review Questions
Chapter 8 The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront
Introduction
The Domain Name System
Namespaces
Name Servers
Domains and Domain Names
Domain Registration
Domain Layers
Fully Qualified Domain Names
Zones and Zone Files
Record Types
Alias Records
Amazon Route 53
Domain Registration
DNS Management
EXERCISE 8.1. Create a Hosted Zone on Route 53 for an EC2 Web Server
Availability Monitoring
EXERCISE 8.2. Set Up a Health Check
Routing Policies
Weighted Routing
Latency Routing
Failover Routing
Geolocation Routing
Multivalue Answer Routing
EXERCISE 8.3. Configure a Route 53 Routing Policy
Traffic Flow
Route 53 Resolver
Amazon CloudFront
EXERCISE 8.4. Create a CloudFront Distribution for Your S3‐Based Static Website
AWS CLI Example
Summary
Exam Essentials
Review Questions
Chapter 9 Simple Queue Service and Kinesis
Introduction
Simple Queue Service
Queues
Visibility Timeout
Retention Period
Delay Queues and Message Timers
Queue Types
Standard Queues
First‐In, First‐Out (FIFO) Queues
Polling
Dead‐Letter Queues
Kinesis
Kinesis Video Streams
Kinesis Data Streams
Kinesis Data Firehose
Kinesis Data Firehose vs. Kinesis Data Streams
Summary
Exam Essentials
Review Questions
Chapter 10 The Reliability Pillar
Introduction
Calculating Availability
Availability Differences in Traditional vs. Cloud‐Native Applications
Traditional Applications
Cloud‐Native Applications
Building Serverless Applications with Lambda
Know Your Limits
Increasing Availability
EC2 Auto Scaling
Launch Configurations
Launch Templates
EXERCISE 10.1. Create a Launch Template
Auto Scaling Groups
Specifying an Application Load Balancer Target Group
Health Checks Against Application Instances
Auto Scaling Options
Manual Scaling
Dynamic Scaling Policies
Simple Scaling Policies
Step Scaling Policies
Target Tracking Policies
Scheduled Actions
Data Backup and Recovery
S3
Elastic File System
Elastic Block Storage
Database Resiliency
Creating a Resilient Network
VPC Design Considerations
External Connectivity
Designing for Availability
Designing for 99 Percent Availability
Recovery Process
Availability Calculation
Designing for 99.9 Percent Availability
Recovery Process
Availability Calculation
Designing for 99.99 Percent Availability
Recovery Process
Availability Calculation
Summary
Exam Essentials
Review Questions
Chapter 11 The Performance Efficiency Pillar
Introduction
Optimizing Performance for the Core AWS Services
Compute
EC2 Instance Types
Auto Scaling
EXERCISE 11.1. Configure and Launch an Application Using Auto Scaling
Serverless Workloads
Storage
RAID‐Optimized EBS Volumes
S3 Cross‐Region Replication
EXERCISE 11.2. Sync Two S3 Buckets as Cross‐Region Replicas
Amazon S3 Transfer Acceleration
EXERCISE 11.3. Upload to an S3 Bucket Using Transfer Acceleration
CloudFront and S3 Origins
Database
Network Optimization and Load Balancing
EXERCISE 11.4. Create and Deploy an EC2 Load Balancer
Infrastructure Automation
CloudFormation
EXERCISE 11.5. Launch a Simple CloudFormation Template
Third‐Party Automation Solutions
AWS OpsWorks: Chef
AWS OpsWorks: Puppet
Reviewing and Optimizing Infrastructure Configurations
Load Testing
Visualization
EXERCISE 11.6. Create a CloudWatch Dashboard
Optimizing Data Operations
Caching
Amazon ElastiCache
Other Caching Solutions
Partitioning/Sharding
Compression
Summary
Exam Essentials
Review Questions
Chapter 12 The Security Pillar
Introduction
Identity and Access Management
Protecting AWS Credentials
Fine‐Grained Authorization
AWS Managed Policies
Customer‐Managed Policies
Inline Policies
Permissions Boundaries
EXERCISE 12.1. Create a Limited Administrative User
Roles
Instance Profiles
Assuming a Role
EXERCISE 12.2. Create and Assume a Role as an IAM User
Enforcing Service‐Level Protection
Detective Controls
CloudTrail
CloudWatch Logs
EXERCISE 12.3. Configure VPC Flow Logging
Searching Logs with Athena
Auditing Resource Configurations with AWS Config
Amazon GuardDuty
Amazon Inspector
Amazon Detective
Security Hub
Protecting Network Boundaries
Network Access Control Lists and Security Groups
AWS Web Application Firewall
AWS Shield
Data Encryption
Data at Rest
S3
Elastic Block Store
EXERCISE 12.4. Encrypt an EBS Volume
Elastic File System
Data in Transit
Macie
Summary
Exam Essentials
Review Questions
Chapter 13 The Cost Optimization Pillar
Introduction
Planning, Tracking, and Controlling Costs
AWS Budgets
EXERCISE 13.1. Create an AWS Budget to Send an Alert
Monitoring Tools
Cost Explorer
AWS Cost and Usage Reports
AWS Organizations
AWS Trusted Advisor
Online Calculator Tools
Simple Monthly Calculator
EXERCISE 13.2. Build Your Own Stack in Simple Monthly Calculator
AWS Total Cost of Ownership Calculator
Cost‐Optimizing Compute
Maximizing Server Density
EC2 Reserved Instances
Using Traditional Reserved Instances
Using Savings Plans
EC2 Spot Instances
EXERCISE 13.3. Request a Spot Fleet Using the AWS CLI
Auto Scaling
Elastic Block Store Lifecycle Manager
Summary
Exam Essentials
Review Questions
Chapter 14 The Operational Excellence Pillar
Introduction
CloudFormation
Creating Stacks
Deleting Stacks
Using Multiple Stacks
Nesting Stacks
EXERCISE 14.1. Create a Nested Stack
Exporting Stack Output Values
Stack Updates
Direct Update
Change Set
Update Behavior
Preventing Updates to Specific Resources
Overriding Stack Policies
CodeCommit
Creating a Repository
Repository Security
Interacting with a Repository Using Git
EXERCISE 14.2. Create and Interact with a CodeCommit Repository
CodeDeploy
The CodeDeploy Agent
Deployments
Deployment Groups
Deployment Types
In‐Place Deployment
Blue/Green Deployment
Deployment Configurations
OneAtATime
HalfAtATime
AllAtOnce
Custom Deployment Configurations
Lifecycle Events
The Application Specification File
Triggers and Alarms
Rollbacks
CodePipeline
Continuous Integration
Continuous Delivery
Creating the Pipeline
Source
Build
Test
Approval
Deploy
Invoke
Artifacts
AWS Systems Manager
Actions
Automation
Run Command
Session Manager
Patch Manager
State Manager
Insights
Built‐In Insights
Inventory Manager
Compliance
AWS Landing Zone
Summary
Exam Essentials
Review Questions
Appendix Answers to Review Questions
Chapter 1: Introduction to Cloud Computing and AWS
Chapter 2: Amazon Elastic Compute Cloud and Amazon Elastic Block Store
Chapter 3: AWS Storage
Chapter 4: Amazon Virtual Private Cloud
Chapter 5: Database Services
Chapter 6: Authentication and Authorization—AWS Identity and Access Management
Chapter 7: CloudTrail, CloudWatch, and AWS Config
Chapter 8: The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront
Chapter 9: Simple Queue Service and Kinesis
Chapter 10: The Reliability Pillar
Chapter 11: The Performance Efficiency Pillar
Chapter 12: The Security Pillar
Chapter 13: The Cost Optimization Pillar
Chapter 14: The Operational Excellence Pillar
Index. A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z
Online Test Bank
Register and Access the Online Test Bank
WILEY END USER LICENSE AGREEMENT
