Virtual, hands-on learning labs allow you to apply your technical skills in realistic environments. So Sybex has bundled AWS labs from XtremeLabs with our popular AWS Certified Solutions Architect Study Guide to give you the same experience working in these labs as you prepare for the Certified Solutions Architect Exam that you would face in a real-life application. These labs in addition to the book are a proven way to prepare for the certification and for work as an AWS Solutions Architect.
This is your opportunity to take the next step in your career by expanding and validating your skills on the AWS Cloud. AWS has been the frontrunner in cloud computing products and services, and the UPDATED AWS Certified Solutions Architect Study Guide, Third Edition, for the Associate SAA-C02 Exam will get you fully prepared. This study guide covers exam concepts, and provides key review of exam topics, including:
- Designing resilient architectures
- Designing high-performing architectures
- Designing secure applications and architectures
- Designing cost-optimized architectures
If you are looking to take the AWS Certified Solutions Architect Associate exam, this guide is what you need for comprehensive content and robust study tools that will help you gain the edge on exam day and throughout your career.
Readers will have access to Sybex's superior online interactive learning environment and test bank, including hundreds of test questions, practice exams, electronic flashcards, and a glossary of key terms. And included with this version of the book, XtremeLabs virtual labs that run from your browser. The registration code is included with the book and gives you 6 months of unlimited access to XtremeLabs AWS Certified Solutions Architect Labs with 12 unique lab modules based on the book.If you are unable to register your lab PIN code, please contact Wiley customer support for a replacement PIN code.
Table of Contents
Introduction xxi
Assessment Test xxvii
Part I The Core AWS Services 1
Chapter 1 Introduction to Cloud Computing and AWS 3
Cloud Computing and Virtualization 4
Cloud Computing Architecture 4
Cloud Computing Optimization 5
The AWS Cloud 6
AWS Platform Architecture 10
AWS Reliability and Compliance 12
The AWS Shared Responsibility Model 12
The AWS Service Level Agreement 13
Working with AWS 13
The AWS CLI 14
AWS SDKs 14
Technical Support and Online Resources 14
Support Plans 14
Other Support Resources 15
Summary 15
Exam Essentials 16
Review Questions 17
Chapter 2 Amazon Elastic Compute Cloud and Amazon Elastic Block Store 21
Introduction 22
EC2 Instances 22
Provisioning Your Instance 23
Configuring Instance Behavior 28
Placement Groups 28
Instance Pricing 29
Instance Lifecycle 30
Resource Tags 30
Service Limits 31
EC2 Storage Volumes 32
Elastic Block Store Volumes 32
Instance Store Volumes 34
Accessing Your EC2 Instance 35
Securing Your EC2 Instance 36
Security Groups 36
IAM Roles 37
NAT Devices 37
Key Pairs 38
EC2 Auto Scaling 38
Launch Configurations 39
Launch Templates 39
Auto Scaling Groups 40
Auto Scaling Options 42
AWS Systems Manager 46
Actions 47
Insights 49
AWS CLI Example 51
Summary 52
Exam Essentials 53
Review Questions 54
Chapter 3 AWS Storage 59
Introduction 60
S3 Service Architecture 61
Prefixes and Delimiters 61
Working with Large Objects 61
Encryption 62
Logging 63
S3 Durability and Availability 64
Durability 64
Availability 65
Eventually Consistent Data 65
S3 Object Lifecycle 66
Versioning 66
Lifecycle Management 66
Accessing S3 Objects 67
Access Control 67
Presigned URLs 69
Static Website Hosting 69
Amazon S3 Glacier 71
Storage Pricing 72
Other Storage-Related Services 73
Amazon Elastic File System 73
Amazon FSx 73
AWS Storage Gateway 73
AWS Snowball 74
AWS DataSync 74
AWS CLI Example 75
Summary 76
Exam Essentials 77
Review Questions 78
Chapter 4 Amazon Virtual Private Cloud 83
Introduction 84
VPC CIDR Blocks 84
Secondary CIDR Blocks 85
IPv6 CIDR Blocks 85
Subnets 87
Subnet CIDR Blocks 87
Availability Zones 88
IPv6 CIDR Blocks 91
Elastic Network Interfaces 91
Primary and Secondary Private IP Addresses 91
Attaching Elastic Network Interfaces 91
Enhanced Networking 93
Internet Gateways 93
Route Tables 94
Routes 94
The Default Route 95
Security Groups 98
Inbound Rules 98
Outbound Rules 99
Sources and Destinations 99
Stateful Firewall 99
Default Security Group 100
Network Access Control Lists 101
Inbound Rules 102
Outbound Rules 105
Using Network Access Control Lists and Security Groups Together 106
Public IP Addresses 106
Elastic IP Addresses 107
AWS Global Accelerator 109
Network Address Translation 109
Network Address Translation Devices 110
Configuring Route Tables to Use NAT Devices 112
NAT Gateway 113
NAT Instance 113
VPC Peering 114
Hybrid Cloud Networking 115
Virtual Private Networks 115
AWS Transit Gateway 115
AWS Direct Connect 123
High-Performance Computing 125
Elastic Fabric Adapter 125
AWS ParallelCluster 126
Summary 126
Exam Essentials 127
Review Questions 129
Chapter 5 Database Services 133
Introduction 134
Relational Databases 134
Columns and Attributes 135
Using Multiple Tables 135
Structured Query Language 137
Online Transaction Processing vs. Online Analytic Processing 137
Amazon Relational Database Service 138
Database Engines 138
Licensing Considerations 139
Database Option Groups 140
Database Instance Classes 140
Storage 141
Read Replicas 145
High Availability (Multi-AZ) 146
Single-Master 147
Multi-Master 147
Backup and Recovery 148
Automated Snapshots 148
Maintenance Items 149
Amazon Redshift 149
Compute Nodes 149
Data Distribution Styles 150
Redshift Spectrum 150
AWS Database Migration Service 150
Nonrelational (NoSQL) Databases 151
Storing Data 151
Querying Data 152
Types of Nonrelational Databases 152
DynamoDB 153
Partition and Hash Keys 153
Attributes and Items 154
Throughput Capacity 155
Reading Data 157
Global Tables 158
Backups 158
Summary 158
Exam Essentials 159
Review Questions 161
Chapter 6 Authentication and Authorization - AWS Identity and Access Management 165
Introduction 166
IAM Identities 166
IAM Policies 167
User and Root Accounts 168
Access Keys 170
Groups 172
Roles 173
Authentication Tools 173
Amazon Cognito 174
AWS Managed Microsoft AD 174
AWS Single Sign-On 174
AWS Key Management Service 175
AWS Secrets Manager 175
AWS CloudHSM 175
AWS CLI Example 176
Summary 177
Exam Essentials 177
Review Questions 179
Chapter 7 CloudTrail, CloudWatch, and AWS Config 183
Introduction 184
CloudTrail 185
Management Events 185
Data Events 186
Event History 186
Trails 186
Log File Integrity Validation 189
CloudWatch 189
CloudWatch Metrics 190
Graphing Metrics 192
Metric Math 194
CloudWatch Logs 195
CloudWatch Alarms 198
Amazon EventBridge 201
AWS Config 202
The Configuration Recorder 203
Configuration Items 203
Configuration History 203
Configuration Snapshots 203
Monitoring Changes 204
Summary 206
Exam Essentials 206
Review Questions 207
Chapter 8 The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 211
Introduction 212
The Domain Name System 212
Namespaces 212
Name Servers 213
Domains and Domain Names 213
Domain Registration 214
Domain Layers 214
Fully Qualified Domain Names 214
Zones and Zone Files 215
Record Types 215
Alias Records 216
Amazon Route 53 216
Domain Registration 217
DNS Management 217
Availability Monitoring 219
Routing Policies 220
Traffic Flow 222
Route 53 Resolver 223
Amazon CloudFront 223
AWS CLI Example 225
Summary 226
Exam Essentials 226
Review Questions 228
Chapter 9 Simple Queue Service and Kinesis 233
Introduction 234
Simple Queue Service 234
Queues 234
Queue Types 235
Polling 236
Dead-Letter Queues 237
Kinesis 237
Kinesis Video Streams 237
Kinesis Data Streams 238
Kinesis Data Firehose 239
Kinesis Data Firehose vs. Kinesis Data Streams 239
Summary 240
Exam Essentials 240
Review Questions 241
Part II The Well-Architected Framework 245
Chapter 10 The Reliability Pillar 247
Introduction 248
Calculating Availability 248
Availability Differences in Traditional vs.
Cloud-Native Applications 249
Know Your Limits 252
Increasing Availability 252
EC2 Auto Scaling 253
Launch Configurations 253
Launch Templates 254
Auto Scaling Groups 255
Auto Scaling Options 256
Data Backup and Recovery 261
S3 261
Elastic File System 261
Elastic Block Storage 261
Database Resiliency 262
Creating a Resilient Network 263
VPC Design Considerations 263
External Connectivity 263
Designing for Availability 264
Designing for 99 Percent Availability 264
Designing for 99.9 Percent Availability 265
Designing for 99.99 Percent Availability 266
Summary 267
Exam Essentials 268
Review Questions 269
Chapter 11 The Performance Efficiency Pillar 273
Introduction 274
Optimizing Performance for the Core AWS Services 274
Compute 275
Storage 279
Database 282
Network Optimization and Load Balancing 284
Infrastructure Automation 286
CloudFormation 286
Third-Party Automation Solutions 288
Reviewing and Optimizing Infrastructure Configurations 289
Load Testing 289
Visualization 290
Optimizing Data Operations 291
Caching 291
Partitioning/Sharding 293
Compression 294
Summary 294
Exam Essentials 295
Review Questions 297
Chapter 12 The Security Pillar 301
Introduction 302
Identity and Access Management 302
Protecting AWS Credentials 303
Fine-Grained Authorization 303
Permissions Boundaries 305
Roles 306
Enforcing Service-Level Protection 313
Detective Controls 313
CloudTrail 313
CloudWatch Logs 314
Searching Logs with Athena 315
Auditing Resource Configurations with AWS Config 317
Amazon GuardDuty 318
Amazon Inspector 321
Amazon Detective 322
Security Hub 323
Protecting Network Boundaries 323
Network Access Control Lists and Security Groups 323
AWS Web Application Firewall 323
AWS Shield 324
Data Encryption 324
Data at Rest 325
Data in Transit 326
Macie 327
Summary 327
Exam Essentials 328
Review Questions 329
Chapter 13 The Cost Optimization Pillar 335
Introduction 336
Planning, Tracking, and Controlling Costs 336
AWS Budgets 337
Monitoring Tools 338
AWS Organizations 339
AWS Trusted Advisor 340
Online Calculator Tools 340
Cost-Optimizing Compute 342
Maximizing Server Density 343
EC2 Reserved Instances 343
EC2 Spot Instances 344
Auto Scaling 347
Elastic Block Store Lifecycle Manager 347
Summary 347
Exam Essentials 348
Review Questions 349
Chapter 14 The Operational Excellence Pillar 353
Introduction 354
CloudFormation 354
Creating Stacks 355
Deleting Stacks 356
Using Multiple Stacks 356
Stack Updates 359
Preventing Updates to Specific Resources 360
Overriding Stack Policies 361
CodeCommit 361
Creating a Repository 362
Repository Security 362
Interacting with a Repository Using Git 363
CodeDeploy 365
The CodeDeploy Agent 366
Deployments 366
Deployment Groups 366
Deployment Types 366
Deployment Configurations 367
Lifecycle Events 368
The Application Specification File 369
Triggers and Alarms 370
Rollbacks 370
CodePipeline 371
Continuous Integration 371
Continuous Delivery 371
Creating the Pipeline 372
Artifacts 373
AWS Systems Manager 374
Actions 374
Insights 377
AWS Landing Zone 378
Summary 379
Exam Essentials 379
Review Questions 381
Appendix Answers to Review Questions 385
Chapter 1: Introduction to Cloud Computing and AWS 386
Chapter 2: Amazon Elastic Compute Cloud and Amazon Elastic Block Store 387
Chapter 3: AWS Storage 389
Chapter 4: Amazon Virtual Private Cloud 391
Chapter 5: Database Services 393
Chapter 6: Authentication and Authorization - AWS Identity and Access Management 395
Chapter 7: CloudTrail, CloudWatch, and AWS Config 397
Chapter 8: The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 399
Chapter 9: Simple Queue Service and Kinesis 401
Chapter 10: The Reliability Pillar 403
Chapter 11: The Performance Efficiency Pillar 405
Chapter 12: The Security Pillar 407
Chapter 13: The Cost Optimization Pillar 409
Chapter 14: The Operational Excellence Pillar 411
Index 415