AWS Certified Solution Architect Associate – Study Guide (V 3.0) · 2018-10-22 · AWS Certified Solution Architect Associate (Feb 2018) Exam Study Guide Premraj Jeyaprakash [email protected]

AWS Certified Solution Architect Associate (Feb 2018) Exam Study Guide

Premraj Jeyaprakash [email protected]

Our free study guide for the AWS Certified Solution Architect Associate will help guide you through the study process for your certification test. The test is changing all the time, but our study guides will give you a rough framework within which to study. At least you’ll know where to start!

AWS Certified Solution Architect Associate – Study Guide (V 3.0)

Signup: signup.awspro.academy for Exam Tips and Sample Questions Page 1

Identity and Access Management AWS Identity and Access Management (IAM) allows you to control and manage access to AWS services and resources for your Users and Groups. In addition to Users and Groups, you can create and manage roles and policy documents. Expect between 5 to 7 Questions.

Account Management:

• Managing the credentials for your AWS account • Password Policy and Multi Factor Authentication (MFA)

IAM Users and Group:

• Fundamental of IAM and AWS account management

• AWS Root Account vs IAM user account • Default Permissions for a new user • IAM login credentials vs Access Keys • Access keys creation and maintenance

• Resource Creators Do Not Automatically Have Permissions

Policy Document: Highly asked exam topic, Expect between 1 to 3 Questions.

• Elements of policy document (Effect, Action, Resource and Principal)

• Difference between AWS Managed, and Customer Managed policies • Policy types: Identity based, Resource based and Access control lists • JSON structure in the policy document

• Policy Evaluation Logic

Roles: Highly asked exam topic, Expect between 2 to 4 Questions.

• Creation of a role • Relationship with policy document • Difference between trust and permission policies

• Three types of roles: Service Roles, Cross Account Access and Identity Provider Access • Provide access for an IAM user in one AWS account to resources in another account

• Provide access to IAM users in AWS accounts owned by third parties



• Provide access for services offered by AWS to AWS resources

• Provide access for externally authenticated users (Web and SAML identity federation)

Simple Storage Services (S3)

Amazon Simple Storage Service (Amazon S3), provides secure, durable, highly-scalable object based storage. Expect between 3 to 6 Questions.

Storage Tiers and Classes:

• Use cases for Standard S3, S3-IA, RRS and Glacier • Size limitations, availability and durability numbers

• Read after Write and Eventual Consistency models • Static website hosting • Rules for bucket naming • virtual-hosted–style vs path-style

Access Control: • Difference between bucket and user polices • Use cases for bucket and user polices • Granting Cross-Account Permissions to Upload Objects • Usage of access control lists (ACLs) • Endpoints for Amazon S3 • Cross-Origin Resource Sharing (CORS) • S3 Server Access Logging

Versioning and Lifecycle Management:

• Overview of Lifecycle Management • Protecting an object from accidental deletion using versioning and MFA • Object size and transition duration limitations • Cross region Replication

Encryption: Highly asked exam topic.

• Difference between client vs server side encryption

• Three server side or encryption at rest options



Optimization:

• Naming of S3 keys

• Request Rate and Performance Issues

Other Storage and Content Delivery Services ( Non S3) CloudFront: It is a global content delivery network (CDN) service. It integrates with other

Amazon Web Services products. Expect 1 or 2 Questions.

• CloudFront use cases from different Origin Types • Difference between web and RTMP distribution • Geo Restriction features • Time To Live (TTL) • Using Signed URL (Highly asked exam topic) • Route 53 integration (zone apex record)

Import and Export: Snowball is a petabyte-scale data transfer device used to import/export data from/to amazon cloud.

• Snowball use cases (against direct connect or internet) • Difference between snowball and Import/Export Disk • Limitation on amount of data transfer • Availability of Import/Export with different storage types

Storage Gateway: It is a service connecting an on-premises software appliance with AWS’s

storage infrastructure. Expect 1 or 2 Questions.

• File Gateway

• S3 support

• Protocols support

• AD integration

• Volume Gateway

• Size

• Protocols Support



• Cached and stored mode

• Creating and managing snapshots

• Tape Gateway (Size, Limitations)

• Storage interfaces supported for each type

Elastic File System: Amazon EFS file systems can automatically scale from gigabytes to

petabytes, and allows thousands of Amazon EC2 instances to access at the same time. Highly asked exam topic, Expect between 2 to 3 Questions.

• Use cases and advantages

• EFS vs EBS

• Performance and throughput modes

• Encryption and Security

• Cross region support (VPC Peering) Amazon Elastic Compute Cloud (Amazon EC2) It is a web service that provides resizable compute capacity in the cloud. It is the backbone of AWS. Expect between 7 to 10 Questions.

EC2 Instance Types:

• Use cases of each instance type • Current generation models of instance types • Support of Virtualization Type, Enhanced Networking, EBS Opt and High I/O • Instance purchase options • Standard vs convertible reserved instance • Spot vs Reserved instance • Moving from one instance type to another • Limitations of migrating instances between regions • Termination Protection • Instance store vs EBS backed instances (Highly asked exam topic) • Status of data when EC2 instance restarts or terminates



EBS Volume Types:

• SSD vs HDD

• Pros and Cons of General Purpose, Provisioned IOPS and Magnetic Standard.

• Performance and Availability Numbers • RAID setup (0,1,5 and 10) for EBS and limitations of each RAID type • Possibility of attaching the same EBS volume to multiple EC2 Instances • Encryption of EBS volumes

EBS Snapshots:

• Creating and sharing snapshots between regions • Status of EC2 instance during snapshot creation • Volume vs Snapshot • Encryption of Snapshots and its impact on sharing • Application consistent snapshot when using RAID

Security Groups and IAM Role: Highly asked exam topic

• Usage of security group and IAM role with EC2 • Using role vs access key to connect EC2 to other AWS services • Possibility of changing security group and IAM role after instance launch • Default security group inbound/outbound rules, and various ports used • Impact of Security Group’s Stateful nature • Requirements for SSH, HTTP/HTTPS and Database connections

Amazon Machine Image:

• Types of AMIs • Creating and sharing AMIs between regions • Access controls for AMIs

Elastic Load Balancer:

• Application vs Classic load balancers



• Cross Zone load balancing • Pricing and Load Balancer Capacity Unit

• Configure ELB with Health Check • Use of DNS address vs Static IP • HTTPS termination and SSL Certificate usage • Associate load balancer with an auto scaling groups • Healthy and Unhealthy thresholds

Launch configuration and Auto scaling:

• Launch configuration parameters • Auto scaling with multi AZs • Scaling Options • Three types of auto scaling policies: simple, step and scheduled • Warmup and cool down period • Instance termination • Integration with CloudWatch and SNS

Others:

• Use Case for Placement Groups • Obtaining instance Meta-Data from EC2 Instance • Number of EC2 instances per account or region

Amazon Route 53(DNS) It is a highly available and scalable cloud Domain Name System (DNS) web service. Record Types:

• Different types of DNS record types support including A,CNAME and ALIAS • Difference between A and CNAME records • Use case for ALIAS record (Highly asked exam topic) and Zone Apex Record • Cost association with record types • Alias record integration with other AWS services mainly ELB, S3 and Cloud Front • Policy Records



• Number of Domains per Account

Routing Policies:

• Simple, Weighted, Latency, Failover and Geolocation routing policies and use cases • Difference between routing policies

DNS Failover:

• DNS failover components • Associating ELB and Health Check with failover scenarios • Multi region failover support

Amazon Relational Database Service (Amazon RDS) It is a managed service to set up, operate, and scale a relational database in the AWS cloud.

RDS Basics:

• 6 different database technologies and database engines RDS supports. • Multi AZ deployment • RDS Maintenance window and activities performed • Impact of Multi AZ on Maintenance activities

• DB Subnet Groups • Replication Multi AZ failover with Primary and Standby • Use cases for Read Replica and limitations • RDS console and available metrics • BYOL and license included model

Backup and Snapshots:

• Creating automated backup and Database Snapshots • Retention period and restore process • Backup storage cost • Availability of DBs during backup • Deletion process of automated backup and DB snapshots

Encryption:



• Support of encryption at rest • Integration with Key Management Service(KMS) • Hardware Security Module (HSM) support for Oracle and SQL server

RDS in VPC:

• RDS setup in VPC • Usage of VPC security groups for RDS

Other Data Services

Redshift: • OLAP vs OLTP • Cluster Management including leader and compute nodes • Single vs Multi node • Overview of columnar data storage, data compression and MPP • Encryption using KMS and HSM • Availability of Redshift, Single AZ deployment and Redshift Spectrum

ElasticCache: • Overview and two engine types used • Basic of Memcached vs Redis • Use cases for elastic cache

Amazon Virtual Private Cloud (Amazon VPC)

It is a logically isolated section of the Amazon Web Services (AWS) cloud function as your own data center.

VPC Basics:

• Default vs Custom VPC • Private and Public subnet creation with valid CIDR block • Create and Assign Internet Gateway • Routing tables for private and public subnets • Launching instances inside VPC



• Behavior of Public and Private IPs • Use cases of Elastic IP • Requirements for EC2 instance to connect with Internet • No of allowed VPCs, IGW and EIPs per region • Use cases for Elastic Network Interface

NAT:

• Use case for NAT instance or Gateway • Configure NAT instance with right security group configurations • Use of Source/Destination Check Option with NAT instance • NAT instance vs Gateway • Routing table configuration for NAT instance or Gateway • Placement of NAT instance or Gateway • Performance limitations of NAT instance and Gateway

Network Access Control List:

• Security groups vs Network Access Control List • Stateful vs Stateless rules • Rules evaluation order • Default rules • Association with Subnet

VPC Peering:

• Limitation of peering in the context of region • Cross account Peering • IP address range impacts on peering • Transitive peering

VPN Connection • Setting up hardware VPN

• Components of VPN • Customer and Private Gateways • Failover scenarios



• Static vs Dynamic routed VPN • Pricing for VPN connections

Direct Connect:

• Direct connect use cases and advantages. • Pricing and consolidated billing • Connection speeds • Failover scenarios • Direct Connect vs VPN • Connecting Virtual Interfaces of VPC

Application Services

AWS provides a variety of managed services to use with your applications.

Simple Queue Service: • Overview of SQS queue with use case of decoupling an application • Size of SQS message and billing method • Integration with Lambda and Auto Scale

• Support of Message Ordering, FIFO Queues • “At least once delivery” concept, building idempotent applications • Message Visibility Timeout • Long poll vs short poll

• Retention period of SQS messages • Concept of “Pull” or clients to “Poll” • SQS vs SNS, SQS vs Kinesis Streams

• Limits and Restrictions

Simple Workflow Service:

• Overview of SWS with use cases • Definition of Domains, Workflow, Tasks, Workers, Deciders and Starters • SWS interaction with Humans • Retention period • Difference between SQS and SWS



Simple Notification Service:

• Overview of SNS with use cases • Supported protocols • Concept of “Push” • SNS Message format • Size of SNS message and Pricing Model • Difference between SQS and SNS

AD Integration:

• Steps Involved in AD Federation Service integration with AWS console • AssumeRolewithSAML API usage • Overview of Simple AD and AD Connector • Use cases for all three features

Serverless Computing

Serverless computing allows you to build and run applications and services without thinking about servers. Serverless applications don't require you to provision, scale, and manage any servers.

Lambda: • Overview of Lambda and use cases

• Poll vs Push based event sources • VPC specific configurations, “no VPC” mode • Versioning of Lambda functions, Alias and ARNs

• Input parameters, Receive Message API for batch processing • IAM roles needed • Cross account access (users and services) • Integration with RDS, inside and outside of VPC

• Integration with SQS, Usage of DLQ • Integration with Kinesis streams • Integration with CloudWatch, Roles and Permission needed

• Integration with CloudFront, Lambda@Edge • Environment variables and encryption • Limitations including allowed resource allocations and maximum execution time



API Gateway: • Overview of API gateway and use cases

• Account, Stage and Method level throttling • Caching of API Gateway • API method integration types • API Access control using the API Gateway

• VPC Links • Integration with CloudWatch and CloudTrail

DynamoDB:

• DB format and types of data stored • Consistency models for read • Overview of pricing • Scaling advantage against RDS • Read and write capacity units

ECS:

Amazon ECS is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS.

• ECS Service Definition, Task Definition • IAM Permissions (Instance role) • ECS agent installation and configuration

• ECS Endpoint and NAT Usage • Port Mapping including Dynamic and ALB configuration • Account, Stage and Method level throttling • ECS Optimized AMI

Kinesis:

Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.



• Amazon Kinesis Basics and Use Cases • Amazon Kinesis Streams vs SQS

• Limitations, and Throughput management • Kinesis streams producers (KPL) and consumers (KCL) • Firehose Basics including supported destination

• Data Transformation, Data Delivery • Kinesis Agent • Firehose vs Streams

• Kinesis Data Analytics Basics • Authoring application code and configure destinations

Miscellaneous Topics Basic understanding of:

• CloudTrail • CloudWatch • Data Migration Service • Aurora • Elastic Transcoder • CloudFormation • Opsworks • Consolidated Billing • Resource Groups and Tags

AWS Cloud Computing Whitepapers (aws.amazon.com/whitepapers) • Overview of Amazon Web Services

• AWS Well-Architected Framework

• Architecting for the Cloud: AWS Best Practices

• AWS Risk & Compliance Whitepaper

• Storage Options in the Cloud

• AWS Security Best Practices



Documents

AWS Certified Solution Architect Associate – Study Guide (V 3.0) · 2018-10-22 · AWS Certified Solution Architect Associate (Feb 2018) Exam Study Guide Premraj Jeyaprakash [email protected]