+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

AWS Certified Solutions Architect Study Guide with Online Labs. Associate SAA-C02 Exam. Edition No. 3

  • Book

  • 464 Pages
  • May 2021
  • John Wiley and Sons Ltd
  • ID: 5840837

Virtual, hands-on learning labs allow you to apply your technical skills in realistic environments. So Sybex has bundled AWS labs from XtremeLabs with our popular AWS Certified Solutions Architect Study Guide to give you the same experience working in these labs as you prepare for the Certified Solutions Architect Exam that you would face in a real-life application. These labs in addition to the book are a proven way to prepare for the certification and for work as an AWS Solutions Architect.

This is your opportunity to take the next step in your career by expanding and validating your skills on the AWS Cloud.  AWS has been the frontrunner in cloud computing products and services, and the UPDATED AWS Certified Solutions Architect Study Guide, Third Edition, for the Associate SAA-C02 Exam will get you fully prepared. This study guide covers exam concepts, and provides key review of exam topics, including:

  • Designing resilient architectures
  • Designing high-performing architectures
  • Designing secure applications and architectures
  • Designing cost-optimized architectures

 

If you are looking to take the AWS Certified Solutions Architect Associate exam, this guide is what you need for comprehensive content and robust study tools that will help you gain the edge on exam day and throughout your career. 

Readers will have access to Sybex's superior online interactive learning environment and test bank, including hundreds of test questions, practice exams, electronic flashcards, and a glossary of key terms. And included with this version of the book, XtremeLabs virtual labs that run from your browser. The registration code is included with the book and gives you 6 months of unlimited access to XtremeLabs AWS Certified Solutions Architect Labs with 12 unique lab modules based on the book.
If you are unable to register your lab PIN code, please contact Wiley customer support for a replacement PIN code.

Table of Contents

Introduction xxi

Assessment Test xxvii

Part I The Core AWS Services 1

Chapter 1 Introduction to Cloud Computing and AWS 3

Cloud Computing and Virtualization 4

Cloud Computing Architecture 4

Cloud Computing Optimization 5

The AWS Cloud 6

AWS Platform Architecture 10

AWS Reliability and Compliance 12

The AWS Shared Responsibility Model 12

The AWS Service Level Agreement 13

Working with AWS 13

The AWS CLI 14

AWS SDKs 14

Technical Support and Online Resources 14

Support Plans 14

Other Support Resources 15

Summary 15

Exam Essentials 16

Review Questions 17

Chapter 2 Amazon Elastic Compute Cloud and Amazon Elastic Block Store 21

Introduction 22

EC2 Instances 22

Provisioning Your Instance 23

Configuring Instance Behavior 28

Placement Groups 28

Instance Pricing 29

Instance Lifecycle 30

Resource Tags 30

Service Limits 31

EC2 Storage Volumes 32

Elastic Block Store Volumes 32

Instance Store Volumes 34

Accessing Your EC2 Instance 35

Securing Your EC2 Instance 36

Security Groups 36

IAM Roles 37

NAT Devices 37

Key Pairs 38

EC2 Auto Scaling 38

Launch Configurations 39

Launch Templates 39

Auto Scaling Groups 40

Auto Scaling Options 42

AWS Systems Manager 46

Actions 47

Insights 49

AWS CLI Example 51

Summary 52

Exam Essentials 53

Review Questions 54

Chapter 3 AWS Storage 59

Introduction 60

S3 Service Architecture 61

Prefixes and Delimiters 61

Working with Large Objects 61

Encryption 62

Logging 63

S3 Durability and Availability 64

Durability 64

Availability 65

Eventually Consistent Data 65

S3 Object Lifecycle 66

Versioning 66

Lifecycle Management 66

Accessing S3 Objects 67

Access Control 67

Presigned URLs 69

Static Website Hosting 69

Amazon S3 Glacier 71

Storage Pricing 72

Other Storage-Related Services 73

Amazon Elastic File System 73

Amazon FSx 73

AWS Storage Gateway 73

AWS Snowball 74

AWS DataSync 74

AWS CLI Example 75

Summary 76

Exam Essentials 77

Review Questions 78

Chapter 4 Amazon Virtual Private Cloud 83

Introduction 84

VPC CIDR Blocks 84

Secondary CIDR Blocks 85

IPv6 CIDR Blocks 85

Subnets 87

Subnet CIDR Blocks 87

Availability Zones 88

IPv6 CIDR Blocks 91

Elastic Network Interfaces 91

Primary and Secondary Private IP Addresses 91

Attaching Elastic Network Interfaces 91

Enhanced Networking 93

Internet Gateways 93

Route Tables 94

Routes 94

The Default Route 95

Security Groups 98

Inbound Rules 98

Outbound Rules 99

Sources and Destinations 99

Stateful Firewall 99

Default Security Group 100

Network Access Control Lists 101

Inbound Rules 102

Outbound Rules 105

Using Network Access Control Lists and Security Groups Together 106

Public IP Addresses 106

Elastic IP Addresses 107

AWS Global Accelerator 109

Network Address Translation 109

Network Address Translation Devices 110

Configuring Route Tables to Use NAT Devices 112

NAT Gateway 113

NAT Instance 113

VPC Peering 114

Hybrid Cloud Networking 115

Virtual Private Networks 115

AWS Transit Gateway 115

AWS Direct Connect 123

High-Performance Computing 125

Elastic Fabric Adapter 125

AWS ParallelCluster 126

Summary 126

Exam Essentials 127

Review Questions 129

Chapter 5 Database Services 133

Introduction 134

Relational Databases 134

Columns and Attributes 135

Using Multiple Tables 135

Structured Query Language 137

Online Transaction Processing vs. Online Analytic Processing 137

Amazon Relational Database Service 138

Database Engines 138

Licensing Considerations 139

Database Option Groups 140

Database Instance Classes 140

Storage 141

Read Replicas 145

High Availability (Multi-AZ) 146

Single-Master 147

Multi-Master 147

Backup and Recovery 148

Automated Snapshots 148

Maintenance Items 149

Amazon Redshift 149

Compute Nodes 149

Data Distribution Styles 150

Redshift Spectrum 150

AWS Database Migration Service 150

Nonrelational (NoSQL) Databases 151

Storing Data 151

Querying Data 152

Types of Nonrelational Databases 152

DynamoDB 153

Partition and Hash Keys 153

Attributes and Items 154

Throughput Capacity 155

Reading Data 157

Global Tables 158

Backups 158

Summary 158

Exam Essentials 159

Review Questions 161

Chapter 6 Authentication and Authorization - AWS Identity and Access Management 165

Introduction 166

IAM Identities 166

IAM Policies 167

User and Root Accounts 168

Access Keys 170

Groups 172

Roles 173

Authentication Tools 173

Amazon Cognito 174

AWS Managed Microsoft AD 174

AWS Single Sign-On 174

AWS Key Management Service 175

AWS Secrets Manager 175

AWS CloudHSM 175

AWS CLI Example 176

Summary 177

Exam Essentials 177

Review Questions 179

Chapter 7 CloudTrail, CloudWatch, and AWS Config 183

Introduction 184

CloudTrail 185

Management Events 185

Data Events 186

Event History 186

Trails 186

Log File Integrity Validation 189

CloudWatch 189

CloudWatch Metrics 190

Graphing Metrics 192

Metric Math 194

CloudWatch Logs 195

CloudWatch Alarms 198

Amazon EventBridge 201

AWS Config 202

The Configuration Recorder 203

Configuration Items 203

Configuration History 203

Configuration Snapshots 203

Monitoring Changes 204

Summary 206

Exam Essentials 206

Review Questions 207

Chapter 8 The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 211

Introduction 212

The Domain Name System 212

Namespaces 212

Name Servers 213

Domains and Domain Names 213

Domain Registration 214

Domain Layers 214

Fully Qualified Domain Names 214

Zones and Zone Files 215

Record Types 215

Alias Records 216

Amazon Route 53 216

Domain Registration 217

DNS Management 217

Availability Monitoring 219

Routing Policies 220

Traffic Flow 222

Route 53 Resolver 223

Amazon CloudFront 223

AWS CLI Example 225

Summary 226

Exam Essentials 226

Review Questions 228

Chapter 9 Simple Queue Service and Kinesis 233

Introduction 234

Simple Queue Service 234

Queues 234

Queue Types 235

Polling 236

Dead-Letter Queues 237

Kinesis 237

Kinesis Video Streams 237

Kinesis Data Streams 238

Kinesis Data Firehose 239

Kinesis Data Firehose vs. Kinesis Data Streams 239

Summary 240

Exam Essentials 240

Review Questions 241

Part II The Well-Architected Framework 245

Chapter 10 The Reliability Pillar 247

Introduction 248

Calculating Availability 248

Availability Differences in Traditional vs.

Cloud-Native Applications 249

Know Your Limits 252

Increasing Availability 252

EC2 Auto Scaling 253

Launch Configurations 253

Launch Templates 254

Auto Scaling Groups 255

Auto Scaling Options 256

Data Backup and Recovery 261

S3 261

Elastic File System 261

Elastic Block Storage 261

Database Resiliency 262

Creating a Resilient Network 263

VPC Design Considerations 263

External Connectivity 263

Designing for Availability 264

Designing for 99 Percent Availability 264

Designing for 99.9 Percent Availability 265

Designing for 99.99 Percent Availability 266

Summary 267

Exam Essentials 268

Review Questions 269

Chapter 11 The Performance Efficiency Pillar 273

Introduction 274

Optimizing Performance for the Core AWS Services 274

Compute 275

Storage 279

Database 282

Network Optimization and Load Balancing 284

Infrastructure Automation 286

CloudFormation 286

Third-Party Automation Solutions 288

Reviewing and Optimizing Infrastructure Configurations 289

Load Testing 289

Visualization 290

Optimizing Data Operations 291

Caching 291

Partitioning/Sharding 293

Compression 294

Summary 294

Exam Essentials 295

Review Questions 297

Chapter 12 The Security Pillar 301

Introduction 302

Identity and Access Management 302

Protecting AWS Credentials 303

Fine-Grained Authorization 303

Permissions Boundaries 305

Roles 306

Enforcing Service-Level Protection 313

Detective Controls 313

CloudTrail 313

CloudWatch Logs 314

Searching Logs with Athena 315

Auditing Resource Configurations with AWS Config 317

Amazon GuardDuty 318

Amazon Inspector 321

Amazon Detective 322

Security Hub 323

Protecting Network Boundaries 323

Network Access Control Lists and Security Groups 323

AWS Web Application Firewall 323

AWS Shield 324

Data Encryption 324

Data at Rest 325

Data in Transit 326

Macie 327

Summary 327

Exam Essentials 328

Review Questions 329

Chapter 13 The Cost Optimization Pillar 335

Introduction 336

Planning, Tracking, and Controlling Costs 336

AWS Budgets 337

Monitoring Tools 338

AWS Organizations 339

AWS Trusted Advisor 340

Online Calculator Tools 340

Cost-Optimizing Compute 342

Maximizing Server Density 343

EC2 Reserved Instances 343

EC2 Spot Instances 344

Auto Scaling 347

Elastic Block Store Lifecycle Manager 347

Summary 347

Exam Essentials 348

Review Questions 349

Chapter 14 The Operational Excellence Pillar 353

Introduction 354

CloudFormation 354

Creating Stacks 355

Deleting Stacks 356

Using Multiple Stacks 356

Stack Updates 359

Preventing Updates to Specific Resources 360

Overriding Stack Policies 361

CodeCommit 361

Creating a Repository 362

Repository Security 362

Interacting with a Repository Using Git 363

CodeDeploy 365

The CodeDeploy Agent 366

Deployments 366

Deployment Groups 366

Deployment Types 366

Deployment Configurations 367

Lifecycle Events 368

The Application Specification File 369

Triggers and Alarms 370

Rollbacks 370

CodePipeline 371

Continuous Integration 371

Continuous Delivery 371

Creating the Pipeline 372

Artifacts 373

AWS Systems Manager 374

Actions 374

Insights 377

AWS Landing Zone 378

Summary 379

Exam Essentials 379

Review Questions 381

Appendix Answers to Review Questions 385

Chapter 1: Introduction to Cloud Computing and AWS 386

Chapter 2: Amazon Elastic Compute Cloud and Amazon Elastic Block Store 387

Chapter 3: AWS Storage 389

Chapter 4: Amazon Virtual Private Cloud 391

Chapter 5: Database Services 393

Chapter 6: Authentication and Authorization - AWS Identity and Access Management 395

Chapter 7: CloudTrail, CloudWatch, and AWS Config 397

Chapter 8: The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 399

Chapter 9: Simple Queue Service and Kinesis 401

Chapter 10: The Reliability Pillar 403

Chapter 11: The Performance Efficiency Pillar 405

Chapter 12: The Security Pillar 407

Chapter 13: The Cost Optimization Pillar 409

Chapter 14: The Operational Excellence Pillar 411

Index 415

Authors

Ben Piper David Clinton