+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

AWS Certified Solutions Architect Study Guide with 900 Practice Test Questions. Associate (SAA-C03) Exam. Edition No. 4. Sybex Study Guide

  • Book

  • 480 Pages
  • September 2022
  • John Wiley and Sons Ltd
  • ID: 5841665

Master Amazon Web Services solution delivery and efficiently prepare for the AWS Certified SAA-C03 Exam with this all-in-one study guide

The AWS Certified Solutions Architect Study Guide: Associate (SAA-C03) Exam, 4th Edition comprehensively and effectively prepares you for the challenging SAA-C03 Exam. This Study Guide contains efficient and accurate study tools that will help you succeed on the exam. It offers access to the Sybex online learning environment and test bank, containing hundreds of test questions, bonus practice exams, a glossary of key terms, and electronic flashcards. This one year free access is supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions.

In this complete and authoritative exam prep blueprint, Ben Piper and David Clinton show you how to:

  • Design resilient AWS architectures
  • Create high-performing solutions
  • Craft secure applications and architectures
  • Design inexpensive and cost-optimized architectures

An essential resource for anyone trying to start a new career as an Amazon Web Services cloud solutions architect, the AWS Certified Solutions Architect Study Guide: Associate (SAA-C03) Exam, 4th Edition will also prove invaluable to currently practicing AWS professionals looking to brush up on the fundamentals of their work.

Table of Contents

Introduction xxv

Assessment Test xxxi

Answers to Assessment Test xxxvii

Part I The Core AWS Services 1

Chapter 1 Introduction to Cloud Computing and AWS 3

Cloud Computing and Virtualization 4

Cloud Computing Architecture 4

Cloud Computing Optimization 5

The AWS Cloud 6

AWS Platform Architecture 10

AWS Reliability and Compliance 13

The AWS Shared Responsibility Model 13

The AWS Service Level Agreement 14

Working with AWS 14

AWS Organizations 14

AWS Control Tower 15

AWS Service Catalog 15

AWS License Manager 16

AWS Artifact 16

The AWS CLI 16

AWS SDKs 17

Technical Support and Online Resources 17

Support Plans 17

Other Support Resources 18

Migrating Existing Resources to AWS 18

AWS Migration Hub 19

AWS Application Migration Service 19

AWS Database Migration Service 19

AWS Application Discovery Service 20

Summary 20

Exam Essentials 21

Review Questions 22

Chapter 2 Compute Services 25

Introduction 26

EC2 Instances 27

Provisioning Your Instance 27

Configuring Instance Behavior 32

Placement Groups 33

Instance Pricing 33

Instance Life Cycle 34

Resource Tags 35

Service Limits 36

EC2 Storage Volumes 36

Elastic Block Store Volumes 36

Instance Store Volumes 38

Accessing Your EC2 Instance 39

Securing Your EC2 Instance 41

Security Groups 41

IAM Roles 41

NAT Devices 42

Key Pairs 42

EC2 Auto Scaling 43

Launch Configurations 43

Launch Templates 43

Auto Scaling Groups 45

Auto Scaling Options 46

AWS Systems Manager 49

Actions 50

Insights 52

AWS Systems Manager Inventory 53

Running Containers 54

Amazon Elastic Container Service 54

Amazon Elastic Kubernetes Service 55

Other Container- Oriented Services 55

AWS CLI Example 56

Summary 57

Exam Essentials 58

Review Questions 60

Chapter 3 AWS Storage 67

Introduction 68

S3 Service Architecture 69

Prefixes and Delimiters 69

Working with Large Objects 69

Encryption 71

Logging 71

S3 Durability and Availability 72

Durability 72

Availability 73

Eventually Consistent Data 73

S3 Object Life Cycle 74

Versioning 74

Life Cycle Management 74

Accessing S3 Objects 75

Access Control 75

Presigned URLs 77

Static Website Hosting 77

Amazon S3 Glacier 79

Storage Pricing 80

Other Storage- Related Services 81

Amazon Elastic File System 81

Amazon FSx 81

AWS Storage Gateway 81

AWS Snow Family 82

AWS DataSync 82

AWS CLI Example 83

Summary 84

Exam Essentials 85

Review Questions 86

Chapter 4 Amazon Virtual Private Cloud (VPC) 91

Introduction 92

VPC CIDR Blocks 92

Secondary CIDR Blocks 93

IPv6 CIDR Blocks 93

Subnets 95

Subnet CIDR Blocks 96

Availability Zones 97

IPv6 CIDR Blocks 99

Elastic Network Interfaces 99

Primary and Secondary Private IP Addresses 100

Attaching Elastic Network Interfaces 100

Enhanced Networking 101

Internet Gateways 102

Route Tables 102

Routes 103

The Default Route 104

Security Groups 106

Inbound Rules 106

Outbound Rules 107

Sources and Destinations 108

Stateful Firewall 108

Default Security Group 109

Network Access Control Lists 110

Inbound Rules 110

Outbound Rules 113

Using Network Access Control Lists and Security Groups Together 114

AWS Network Firewall 115

Public IP Addresses 115

Elastic IP Addresses 116

AWS Global Accelerator 118

Network Address Translation 119

Network Address Translation Devices 120

Configuring Route Tables to Use NAT Devices 121

NAT Gateway 121

NAT Instance 122

AWS PrivateLink 123

VPC Peering 123

Hybrid Cloud Networking 124

AWS Site-to-Site VPN 125

AWS Transit Gateway 125

AWS Direct Connect 133

High-Performance Computing 134

Elastic Fabric Adapter 135

AWS ParallelCluster 136

Summary 136

Exam Essentials 137

Review Questions 138

Chapter 5 Database Services 143

Introduction 144

Relational Databases 144

Columns and Attributes 144

Using Multiple Tables 145

Structured Query Language 146

Online Transaction Processing vs. Online Analytic Processing 147

Amazon Relational Database Service 148

Database Engines 148

Licensing Considerations 149

Database Option Groups 150

Database Instance Classes 150

Storage 151

Read Replicas 154

High Availability (Multi- AZ) 155

Single- Master 156

Multi- Master 157

Backup and Recovery 157

Automated Snapshots 157

Maintenance Items 158

Amazon RDS Proxy 158

Amazon Redshift 159

Compute Nodes 159

Data Distribution Styles 159

Redshift Spectrum 160

AWS Database Migration Service 160

Nonrelational (NoSQL) Databases 161

Storing Data 161

Querying Data 161

Types of Nonrelational Databases 162

DynamoDB 162

Partition and Hash Keys 163

Attributes and Items 164

Throughput Capacity 165

Reading Data 167

Global Tables 168

Backups 168

Summary 168

Exam Essentials 169

Review Questions 170

Chapter 6 Authentication and Authorization - AWS Identity and Access Management 175

Introduction 176

IAM Identities 176

IAM Policies 177

User and Root Accounts 178

Access Keys 180

Groups 181

Roles 182

Authentication Tools 183

Amazon Cognito 183

AWS Managed Microsoft AD 183

AWS Single Sign-On 184

AWS Key Management Service 184

AWS Secrets Manager 184

AWS CloudHSM 185

AWS Resource Access Manager (AWS RAM) 185

AWS CLI Example 185

Summary 187

Exam Essentials 187

Review Questions 189

Chapter 7 CloudTrail, CloudWatch, and AWS Config 193

Introduction 194

CloudTrail 195

Management Events 195

Data Events 196

Event History 196

Trails 196

Log File Integrity Validation 198

CloudWatch 199

CloudWatch Metrics 200

Graphing Metrics 201

Metric Math 203

CloudWatch Logs 205

CloudWatch Alarms 208

Amazon EventBridge 211

AWS Config 212

The Configuration Recorder 213

Configuration Items 213

Configuration History 213

Configuration Snapshots 213

Monitoring Changes 214

Summary 216

Exam Essentials 216

Review Questions 218

Chapter 8 The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 223

Introduction 224

The Domain Name System 224

Namespaces 225

Name Servers 225

Domains and Domain Names 226

Domain Registration 226

Domain Layers 226

Fully Qualified Domain Names 227

Zones and Zone Files 227

Record Types 227

Alias Records 228

Amazon Route 53 228

Domain Registration 229

DNS Management 229

Availability Monitoring 231

Routing Policies 232

Traffic Flow 234

Route 53 Resolver 234

Amazon CloudFront 235

AWS CLI Example 237

Summary 238

Exam Essentials 238

Review Questions 239

Chapter 9 Data Ingestion, Transformation, and Analytics 243

Introduction 244

AWS Lake Formation 244

Ingestion 245

Transformation 245

Analytics 245

AWS Transfer Family 246

Kinesis 246

Kinesis Video Streams 246

Kinesis Data Streams 247

Kinesis Data Firehose 248

Kinesis Data Firehose vs. Kinesis Data Streams 248

Summary 249

Exam Essentials 249

Review Questions 250

Part II Architecting for Requirements 255

Chapter 10 Resilient Architectures 257

Introduction 258

Calculating Availability 258

Availability Differences in Traditional vs. Cloud-Native Applications 259

Know Your Limits 262

Increasing Availability 262

EC2 Auto Scaling 263

Launch Configurations 263

Launch Templates 263

Auto Scaling Groups 265

Auto Scaling Options 266

Data Backup and Recovery 270

S 3 270

Elastic File System 271

Elastic Block Storage 271

Database Resiliency 271

Creating a Resilient Network 272

VPC Design Considerations 272

External Connectivity 273

Simple Queue Service 273

Queues 274

Queue Types 275

Polling 276

Dead- Letter Queues 276

Designing for Availability 276

Designing for 99 Percent Availability 277

Designing for 99.9 Percent Availability 278

Designing for 99.99 Percent Availability 279

Summary 280

Exam Essentials 281

Review Questions 282

Chapter 11 High-Performing Architectures 289

Introduction 290

Optimizing Performance for the Core AWS Services 290

Compute 291

Storage 295

Database 298

Network Optimization and Load Balancing 299

Infrastructure Automation 302

CloudFormation 302

Third- Party Automation Solutions 309

Reviewing and Optimizing Infrastructure Configurations 310

AWS Well-Architected Tool 311

Load Testing 311

Visualization 312

Optimizing Data Operations 313

Caching 313

Partitioning/Sharding 315

Compression 315

Summary 316

Exam Essentials 316

Review Questions 318

Chapter 12 Secure Architectures 323

Introduction 324

Identity and Access Management 324

Protecting AWS Credentials 325

Fine- Grained Authorization 325

Permissions Boundaries 327

Roles 328

Enforcing Service-Level Protection 334

Detective Controls 335

CloudTrail 335

CloudWatch Logs 335

Searching Logs with Athena 336

Auditing Resource Configurations with AWS Config 338

Amazon GuardDuty 339

Amazon Inspector 342

Amazon Detective 343

Security Hub 344

Amazon Fraud Detector 344

AWS Audit Manager 344

Protecting Network Boundaries 344

Network Access Control Lists and Security Groups 345

AWS Web Application Firewall 345

AWS Shield 345

AWS Firewall Manager 346

Data Encryption 346

Data at Rest 346

Data in Transit 348

Macie 349

Summary 349

Exam Essentials 350

Review Questions 351

Chapter 13 Cost-Optimized Architectures 357

Introduction 358

Planning, Tracking, and Controlling Costs 358

AWS Budgets 359

Monitoring Tools 360

AWS Trusted Advisor 361

Online Calculator Tools 362

Cost-Optimizing Compute 363

Maximizing Server Density 364

EC2 Reserved Instances 364

EC2 Spot Instances 365

Auto Scaling 368

Elastic Block Store Lifecycle Manager 368

Summary 368

Exam Essentials 369

Review Questions 370

Appendix A Answers to Review Questions 375

Chapter 1: Introduction to Cloud Computing and AWS 376

Chapter 2: Compute Services 377

Chapter 3: AWS Storage 380

Chapter 4: Amazon Virtual Private Cloud (VPC) 381

Chapter 5: Database Services 383

Chapter 6: Authentication and Authorization - AWS Identity and Access Management 386

Chapter 7: CloudTrail, CloudWatch, and AWS Config 388

Chapter 8: The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 390

Chapter 9: Data Ingestion, Transformation, and Analytics 392

Chapter 10: Resilient Architectures 393

Chapter 11: High-Performing Architectures 397

Chapter 12: Secure Architectures 399

Chapter 13: Cost-Optimized Architectures 401

Appendix B Additional Services 405

Deployment Tools 406

AWS Amplify 406

AWS Serverless Application Repository 406

AWS Proton 407

Developer Tools 407

Amazon API Gateway 407

AWS Device Farm 407

AWS Step Functions 407

Infrastructure Tools 408

AWS Outposts 408

AWS Wavelength 408

VMware Cloud on AWS 408

Connectivity Tools 409

Amazon Pinpoint 409

AWS Transfer Family 409

AWS AppSync 409

Database Tools 410

Amazon DocumentDB (with MongoDB Compatibility) 410

Amazon Keyspaces (for Apache Cassandra) 410

Amazon Quantum Ledger Database (QLDB) 410

Data Streaming Tools 410

Amazon Managed Streaming for Apache Kafka (MSK) 410

Amazon MQ 411

AWS Data Exchange 411

Amazon Timestream 411

AWS Data Pipeline 411

Amazon AppFlow 411

Machine Learning and Artificial Intelligence 412

Amazon Comprehend 412

Amazon Forecast 412

Amazon Lex 412

Amazon Polly 412

Amazon Rekognition 413

Amazon Textract 413

Amazon Transcribe 413

Amazon Translate 413

Other Tools 413

AWS Batch 413

AWS X-Ray 414

Amazon Kendra 414

Amazon OpenSearch Service (Amazon Elasticsearch Service) 414

Amazon Managed Grafana 414

Amazon Managed Service for Prometheus 415

Index 417

Authors

Ben Piper David Clinton