Amazon Web Services

Amazon Web Services

AWS Certified Solutions Architect :

Introduction

 The History of AWS

 AWS Cloud Services Overview

 Sign up for AWS

AWS Storage Services

 S3 Storage

 Create an S3 Bucket

 S3 Pricing Tiers

 S3 Security and Encryption

 S3 Versioning

 Lifecycle Management with S3

 S3 Object Lock and Glacier Vault Lock

 S3 Performance

 AWS Organizations and Consolidated Billing

 Sharing S3 Buckets Across Accounts

 Cross-Region Replication

 S3 Transfer Acceleration

 AWS DataSync

 CloudFront

 Create a CloudFront Distribution

 CloudFront Signed URLs and Cookies

 Snowball

 Storage Gateway

EC2 Elastic Compute Cloud

 Security Groups

 EBS

 EBS Volumes and Snapshots -

 AMI Types (EBS vs. Instance Store)

 ENI vs. ENA vs. EFA

 Encrypted Root Device Volumes and Snapshots

 Spot Instances and Spot Fleets

 EC2 Hibernate

 CloudWatch

 CloudWatch

 AWS Command Line (CLI)

 Identity and Access Management Roles

 Using Bootstrap Scripts

 Instance Metadata

 EFS

 Amazon FSx for Windows and Amazon FSx for Lustre

 EC2 Placement Groups

 HPC on AWS

 AWS WAF

Advanced IAM

 AWS Directory Service

 IAM Policies

 Resource Access Manager (RAM)

 AWS Single Sign-On

VPC Overview

 VPC Concepts

 Subnets

 Address space

 Internet Gateway

 Route Table

 NAT Instances and NAT Gateways

 Network Access Control Lists vs. Security Groups - Demo

 Custom VPCs and ELBs

 VPC Flow Logs

 AWS Direct Connect

 Setting Up Direct Connect

 Global Accelerator

 VPC Endpoints

 AWS PrivateLink

 AWS Transit Gateway

 AWS VPN CloudHub

 AWS Network Costs

AWS Route 53

 DNS

 Register a Domain Name

 Route 53 Routing Policies Available on AWS

 Route 53: Simple Routing Policy

 Route 53: Weighted Routing Policy

 Route 53: Latency-Based Policy

 Route 53: Failover Routing Policy

 Route 53: Geolocation Routing Policy

 Route 53: Geoproximity Routing Policy (Traffic Flow Only)

 Route 53: Multivalue Answer Policy

HA Architecture

 Elastic Load Balancer

 Load Balancers and Health Checks

 Advanced Load Balancer Theory

 Auto Scaling

 Launch Configurations and Auto Scaling Groups

 Elastic Beanstalk

 High Availability with Bastion Host

 On-Premises Strategies with AWS

Databases

 RDS Instance - Demo

 RDS: Backups, Multi-AZ, and Read Replicas

 DynamoDB

 Advanced DynamoDB

 Redshift

 Aurora

 Elasticache

 Database Migration Service (DMS)

 Caching Strategies on AWS

 EMR Overview

AWS Architect Topics :

Domain 1.0:

Designing highly available, cost-efficient, fault-tolerant, scalable systems 1.1 Identify and recognize cloud architecture

considerations, such as fundamental components and effective designs.

Content may include the following:

 How to design cloud services

 Planning and design

 Monitoring and logging

 Familiarity with: o Best practices for AWS architecture o Developing to client specifications, including pricing/cost

(e.g., on Demand vs. Reserved vs. Spot; RTO and RPO DR Design) o Architectural trade-off decisions (e.g., high

availability vs. cost, Amazon Relational Database Service (RDS) vs. installing your own database on Amazon Elastic

Compute Cloud (EC2)) o Hybrid IT architectures (e.g., Direct Connect, Storage Gateway, VPC, Directory Services) o

Elasticity and scalability (e.g., Auto Scaling, SQS, ELB, Cloud Front)

Domain 2.0:

Implementation/Deployment 2.1 Identify the appropriate techniques and methods using Amazon EC2, Amazon S3,

AWS Elastic Beanstalk, AWS Cloud Formation, AWS OpsWorks, Amazon Virtual Private Cloud (VPC), and AWS Identity

and Access Management (IAM) to code and implement a cloud solution.

Content may include the following:

 Configure an Amazon Machine Image (AMI)

 Operate and extend service management in a hybrid IT architecture

 Configure services to support compliance requirements in the cloud

 Launch instances across the AWS global infrastructure

 Configure IAM policies and best practices

Domain 3.0:

Data Security 3.1

Recognize and implement secure practices for optimum cloud deployment and maintenance. Content may include the following:

 AWS shared responsibility model

 AWS platform compliance

 AWS security attributes (customer workloads down to physical layer)

 AWS administration and security services

 AWS Identity and Access Management (IAM)

 Amazon Virtual Private Cloud (VPC)

 AWS CloudTrail

 Ingress vs. egress filtering, and which AWS services and features fit

 “Core” Amazon EC2 and S3 security feature sets

 Incorporating common conventional security products (Firewall, VPN)

 Design patterns

 DoS mitigation

 Encryption solutions (e.g., key services)

 Complex access controls (building sophisticated security groups, ACLs, etc.)

 Amazon CloudWatch for the security architect

 Trusted Advisor

 CloudWatch

Recognize critical disaster recovery techniques and their implementation. Content may include the following:

 Disaster recovery of Recovery time objective

 Recovery point objective

 Amazon Elastic Block Store

 AWS Import/Export

 AWS Storage Gateway

 Amazon Route53

 Validation of data recovery method

Domain 4.0:

Troubleshooting Content may include the following:

 General troubleshooting information and questions