Master Amazon Web Services solution delivery and efficiently prepare for the AWS Certified SAA-C03 Exam with this all-in-one study guide
The AWS Certified Solutions Architect Study Guide: Associate (SAA-C03) Exam, 4th Edition comprehensively and effectively prepares you for the challenging SAA-C03 Exam. This Study Guide contains efficient and accurate study tools that will help you succeed on the exam. It offers access to the Sybex online learning environment and test bank, containing hundreds of test questions, bonus practice exams, a glossary of key terms, and electronic flashcards. This one year free access is supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions.
In this complete and authoritative exam prep blueprint, Ben Piper and David Clinton show you how to:
- Design resilient AWS architectures
- Create high-performing solutions
- Craft secure applications and architectures
- Design inexpensive and cost-optimized architectures
An essential resource for anyone trying to start a new career as an Amazon Web Services cloud solutions architect, the AWS Certified Solutions Architect Study Guide: Associate (SAA-C03) Exam, 4th Edition will also prove invaluable to currently practicing AWS professionals looking to brush up on the fundamentals of their work.
Table of Contents
Introduction xxv
Assessment Test xxxi
Answers to Assessment Test xxxvii
Part I The Core AWS Services 1
Chapter 1 Introduction to Cloud Computing and AWS 3
Cloud Computing and Virtualization 4
Cloud Computing Architecture 4
Cloud Computing Optimization 5
The AWS Cloud 6
AWS Platform Architecture 10
AWS Reliability and Compliance 13
The AWS Shared Responsibility Model 13
The AWS Service Level Agreement 14
Working with AWS 14
AWS Organizations 14
AWS Control Tower 15
AWS Service Catalog 15
AWS License Manager 16
AWS Artifact 16
The AWS CLI 16
AWS SDKs 17
Technical Support and Online Resources 17
Support Plans 17
Other Support Resources 18
Migrating Existing Resources to AWS 18
AWS Migration Hub 19
AWS Application Migration Service 19
AWS Database Migration Service 19
AWS Application Discovery Service 20
Summary 20
Exam Essentials 21
Review Questions 22
Chapter 2 Compute Services 25
Introduction 26
EC2 Instances 27
Provisioning Your Instance 27
Configuring Instance Behavior 32
Placement Groups 33
Instance Pricing 33
Instance Life Cycle 34
Resource Tags 35
Service Limits 36
EC2 Storage Volumes 36
Elastic Block Store Volumes 36
Instance Store Volumes 38
Accessing Your EC2 Instance 39
Securing Your EC2 Instance 41
Security Groups 41
IAM Roles 41
NAT Devices 42
Key Pairs 42
EC2 Auto Scaling 43
Launch Configurations 43
Launch Templates 43
Auto Scaling Groups 45
Auto Scaling Options 46
AWS Systems Manager 49
Actions 50
Insights 52
AWS Systems Manager Inventory 53
Running Containers 54
Amazon Elastic Container Service 54
Amazon Elastic Kubernetes Service 55
Other Container- Oriented Services 55
AWS CLI Example 56
Summary 57
Exam Essentials 58
Review Questions 60
Chapter 3 AWS Storage 67
Introduction 68
S3 Service Architecture 69
Prefixes and Delimiters 69
Working with Large Objects 69
Encryption 71
Logging 71
S3 Durability and Availability 72
Durability 72
Availability 73
Eventually Consistent Data 73
S3 Object Life Cycle 74
Versioning 74
Life Cycle Management 74
Accessing S3 Objects 75
Access Control 75
Presigned URLs 77
Static Website Hosting 77
Amazon S3 Glacier 79
Storage Pricing 80
Other Storage- Related Services 81
Amazon Elastic File System 81
Amazon FSx 81
AWS Storage Gateway 81
AWS Snow Family 82
AWS DataSync 82
AWS CLI Example 83
Summary 84
Exam Essentials 85
Review Questions 86
Chapter 4 Amazon Virtual Private Cloud (VPC) 91
Introduction 92
VPC CIDR Blocks 92
Secondary CIDR Blocks 93
IPv6 CIDR Blocks 93
Subnets 95
Subnet CIDR Blocks 96
Availability Zones 97
IPv6 CIDR Blocks 99
Elastic Network Interfaces 99
Primary and Secondary Private IP Addresses 100
Attaching Elastic Network Interfaces 100
Enhanced Networking 101
Internet Gateways 102
Route Tables 102
Routes 103
The Default Route 104
Security Groups 106
Inbound Rules 106
Outbound Rules 107
Sources and Destinations 108
Stateful Firewall 108
Default Security Group 109
Network Access Control Lists 110
Inbound Rules 110
Outbound Rules 113
Using Network Access Control Lists and Security Groups Together 114
AWS Network Firewall 115
Public IP Addresses 115
Elastic IP Addresses 116
AWS Global Accelerator 118
Network Address Translation 119
Network Address Translation Devices 120
Configuring Route Tables to Use NAT Devices 121
NAT Gateway 121
NAT Instance 122
AWS PrivateLink 123
VPC Peering 123
Hybrid Cloud Networking 124
AWS Site-to-Site VPN 125
AWS Transit Gateway 125
AWS Direct Connect 133
High-Performance Computing 134
Elastic Fabric Adapter 135
AWS ParallelCluster 136
Summary 136
Exam Essentials 137
Review Questions 138
Chapter 5 Database Services 143
Introduction 144
Relational Databases 144
Columns and Attributes 144
Using Multiple Tables 145
Structured Query Language 146
Online Transaction Processing vs. Online Analytic Processing 147
Amazon Relational Database Service 148
Database Engines 148
Licensing Considerations 149
Database Option Groups 150
Database Instance Classes 150
Storage 151
Read Replicas 154
High Availability (Multi- AZ) 155
Single- Master 156
Multi- Master 157
Backup and Recovery 157
Automated Snapshots 157
Maintenance Items 158
Amazon RDS Proxy 158
Amazon Redshift 159
Compute Nodes 159
Data Distribution Styles 159
Redshift Spectrum 160
AWS Database Migration Service 160
Nonrelational (NoSQL) Databases 161
Storing Data 161
Querying Data 161
Types of Nonrelational Databases 162
DynamoDB 162
Partition and Hash Keys 163
Attributes and Items 164
Throughput Capacity 165
Reading Data 167
Global Tables 168
Backups 168
Summary 168
Exam Essentials 169
Review Questions 170
Chapter 6 Authentication and Authorization - AWS Identity and Access Management 175
Introduction 176
IAM Identities 176
IAM Policies 177
User and Root Accounts 178
Access Keys 180
Groups 181
Roles 182
Authentication Tools 183
Amazon Cognito 183
AWS Managed Microsoft AD 183
AWS Single Sign-On 184
AWS Key Management Service 184
AWS Secrets Manager 184
AWS CloudHSM 185
AWS Resource Access Manager (AWS RAM) 185
AWS CLI Example 185
Summary 187
Exam Essentials 187
Review Questions 189
Chapter 7 CloudTrail, CloudWatch, and AWS Config 193
Introduction 194
CloudTrail 195
Management Events 195
Data Events 196
Event History 196
Trails 196
Log File Integrity Validation 198
CloudWatch 199
CloudWatch Metrics 200
Graphing Metrics 201
Metric Math 203
CloudWatch Logs 205
CloudWatch Alarms 208
Amazon EventBridge 211
AWS Config 212
The Configuration Recorder 213
Configuration Items 213
Configuration History 213
Configuration Snapshots 213
Monitoring Changes 214
Summary 216
Exam Essentials 216
Review Questions 218
Chapter 8 The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 223
Introduction 224
The Domain Name System 224
Namespaces 225
Name Servers 225
Domains and Domain Names 226
Domain Registration 226
Domain Layers 226
Fully Qualified Domain Names 227
Zones and Zone Files 227
Record Types 227
Alias Records 228
Amazon Route 53 228
Domain Registration 229
DNS Management 229
Availability Monitoring 231
Routing Policies 232
Traffic Flow 234
Route 53 Resolver 234
Amazon CloudFront 235
AWS CLI Example 237
Summary 238
Exam Essentials 238
Review Questions 239
Chapter 9 Data Ingestion, Transformation, and Analytics 243
Introduction 244
AWS Lake Formation 244
Ingestion 245
Transformation 245
Analytics 245
AWS Transfer Family 246
Kinesis 246
Kinesis Video Streams 246
Kinesis Data Streams 247
Kinesis Data Firehose 248
Kinesis Data Firehose vs. Kinesis Data Streams 248
Summary 249
Exam Essentials 249
Review Questions 250
Part II Architecting for Requirements 255
Chapter 10 Resilient Architectures 257
Introduction 258
Calculating Availability 258
Availability Differences in Traditional vs. Cloud-Native Applications 259
Know Your Limits 262
Increasing Availability 262
EC2 Auto Scaling 263
Launch Configurations 263
Launch Templates 263
Auto Scaling Groups 265
Auto Scaling Options 266
Data Backup and Recovery 270
S 3 270
Elastic File System 271
Elastic Block Storage 271
Database Resiliency 271
Creating a Resilient Network 272
VPC Design Considerations 272
External Connectivity 273
Simple Queue Service 273
Queues 274
Queue Types 275
Polling 276
Dead- Letter Queues 276
Designing for Availability 276
Designing for 99 Percent Availability 277
Designing for 99.9 Percent Availability 278
Designing for 99.99 Percent Availability 279
Summary 280
Exam Essentials 281
Review Questions 282
Chapter 11 High-Performing Architectures 289
Introduction 290
Optimizing Performance for the Core AWS Services 290
Compute 291
Storage 295
Database 298
Network Optimization and Load Balancing 299
Infrastructure Automation 302
CloudFormation 302
Third- Party Automation Solutions 309
Reviewing and Optimizing Infrastructure Configurations 310
AWS Well-Architected Tool 311
Load Testing 311
Visualization 312
Optimizing Data Operations 313
Caching 313
Partitioning/Sharding 315
Compression 315
Summary 316
Exam Essentials 316
Review Questions 318
Chapter 12 Secure Architectures 323
Introduction 324
Identity and Access Management 324
Protecting AWS Credentials 325
Fine- Grained Authorization 325
Permissions Boundaries 327
Roles 328
Enforcing Service-Level Protection 334
Detective Controls 335
CloudTrail 335
CloudWatch Logs 335
Searching Logs with Athena 336
Auditing Resource Configurations with AWS Config 338
Amazon GuardDuty 339
Amazon Inspector 342
Amazon Detective 343
Security Hub 344
Amazon Fraud Detector 344
AWS Audit Manager 344
Protecting Network Boundaries 344
Network Access Control Lists and Security Groups 345
AWS Web Application Firewall 345
AWS Shield 345
AWS Firewall Manager 346
Data Encryption 346
Data at Rest 346
Data in Transit 348
Macie 349
Summary 349
Exam Essentials 350
Review Questions 351
Chapter 13 Cost-Optimized Architectures 357
Introduction 358
Planning, Tracking, and Controlling Costs 358
AWS Budgets 359
Monitoring Tools 360
AWS Trusted Advisor 361
Online Calculator Tools 362
Cost-Optimizing Compute 363
Maximizing Server Density 364
EC2 Reserved Instances 364
EC2 Spot Instances 365
Auto Scaling 368
Elastic Block Store Lifecycle Manager 368
Summary 368
Exam Essentials 369
Review Questions 370
Appendix A Answers to Review Questions 375
Chapter 1: Introduction to Cloud Computing and AWS 376
Chapter 2: Compute Services 377
Chapter 3: AWS Storage 380
Chapter 4: Amazon Virtual Private Cloud (VPC) 381
Chapter 5: Database Services 383
Chapter 6: Authentication and Authorization - AWS Identity and Access Management 386
Chapter 7: CloudTrail, CloudWatch, and AWS Config 388
Chapter 8: The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 390
Chapter 9: Data Ingestion, Transformation, and Analytics 392
Chapter 10: Resilient Architectures 393
Chapter 11: High-Performing Architectures 397
Chapter 12: Secure Architectures 399
Chapter 13: Cost-Optimized Architectures 401
Appendix B Additional Services 405
Deployment Tools 406
AWS Amplify 406
AWS Serverless Application Repository 406
AWS Proton 407
Developer Tools 407
Amazon API Gateway 407
AWS Device Farm 407
AWS Step Functions 407
Infrastructure Tools 408
AWS Outposts 408
AWS Wavelength 408
VMware Cloud on AWS 408
Connectivity Tools 409
Amazon Pinpoint 409
AWS Transfer Family 409
AWS AppSync 409
Database Tools 410
Amazon DocumentDB (with MongoDB Compatibility) 410
Amazon Keyspaces (for Apache Cassandra) 410
Amazon Quantum Ledger Database (QLDB) 410
Data Streaming Tools 410
Amazon Managed Streaming for Apache Kafka (MSK) 410
Amazon MQ 411
AWS Data Exchange 411
Amazon Timestream 411
AWS Data Pipeline 411
Amazon AppFlow 411
Machine Learning and Artificial Intelligence 412
Amazon Comprehend 412
Amazon Forecast 412
Amazon Lex 412
Amazon Polly 412
Amazon Rekognition 413
Amazon Textract 413
Amazon Transcribe 413
Amazon Translate 413
Other Tools 413
AWS Batch 413
AWS X-Ray 414
Amazon Kendra 414
Amazon OpenSearch Service (Amazon Elasticsearch Service) 414
Amazon Managed Grafana 414
Amazon Managed Service for Prometheus 415
Index 417