Introduction xxi Assessment Test xxvii Part I The Core AWS Services 1 Chapter 1 Introduction to Cloud Computing and AWS 3 Cloud Computing and Virtualization 4 Cloud Computing Architecture 4 Cloud Computing Optimization 5 The AWS Cloud 6 AWS Platform Architecture 10 AWS Reliability and Compliance 12 The AWS Shared Responsibility Model 12 The AWS Service Level Agreement 13 Working with AWS 13 The AWS CLI 14 AWS SDKs 14 Technical Support and Online Resources 14 Support Plans 14 Other Support Resources 15 Summary 15 Exam Essentials 16 Review Questions 17 Chapter 2 Amazon Elastic Compute Cloud and Amazon Elastic Block Store 21 Introduction 22 EC2 Instances 22 Provisioning Your Instance 23 Configuring Instance Behavior 28 Placement Groups 28 Instance Pricing 29 Instance Lifecycle 30 Resource Tags 30 Service Limits 31 EC2 Storage Volumes 32 Elastic Block Store Volumes 32 Instance Store Volumes 34 Accessing Your EC2 Instance 35 Securing Your EC2 Instance 36 Security Groups 36 IAM Roles 37 NAT Devices 37 Key Pairs 38 EC2 Auto Scaling 38 Launch Configurations 39 Launch Templates 39 Auto Scaling Groups 40 Auto Scaling Options 42 AWS Systems Manager 46 Actions 47 Insights 49 AWS CLI Example 51 Summary 52 Exam Essentials 53 Review Questions 54 Chapter 3 AWS Storage 59 Introduction 60 S3 Service Architecture 61 Prefixes and Delimiters 61 Working with Large Objects 61 Encryption 62 Logging 63 S3 Durability and Availability 64 Durability 64 Availability 65 Eventually Consistent Data 65 S3 Object Lifecycle 66 Versioning 66 Lifecycle Management 66 Accessing S3 Objects 67 Access Control 67 Presigned URLs 69 Static Website Hosting 69 Amazon S3 Glacier 71 Storage Pricing 72 Other Storage-Related Services 73 Amazon Elastic File System 73 Amazon FSx 73 AWS Storage Gateway 73 AWS Snowball 74 AWS DataSync 74 AWS CLI Example 75 Summary 76 Exam Essentials 77 Review Questions 78 Chapter 4 Amazon Virtual Private Cloud 83 Introduction 84 VPC CIDR Blocks 84 Secondary CIDR Blocks 85 IPv6 CIDR Blocks 85 Subnets 87 Subnet CIDR Blocks 87 Availability Zones 88 IPv6 CIDR Blocks 91 Elastic Network Interfaces 91 Primary and Secondary Private IP Addresses 91 Attaching Elastic Network Interfaces 91 Enhanced Networking 93 Internet Gateways 93 Route Tables 94 Routes 94 The Default Route 95 Security Groups 98 Inbound Rules 98 Outbound Rules 99 Sources and Destinations 99 Stateful Firewall 99 Default Security Group 100 Network Access Control Lists 101 Inbound Rules 102 Outbound Rules 105 Using Network Access Control Lists and Security Groups Together 106 Public IP Addresses 106 Elastic IP Addresses 107 AWS Global Accelerator 109 Network Address Translation 109 Network Address Translation Devices 110 Configuring Route Tables to Use NAT Devices 112 NAT Gateway 113 NAT Instance 113 VPC Peering 114 Hybrid Cloud Networking 115 Virtual Private Networks 115 AWS Transit Gateway 115 AWS Direct Connect 123 High-Performance Computing 125 Elastic Fabric Adapter 125 AWS ParallelCluster 126 Summary 126 Exam Essentials 127 Review Questions 129 Chapter 5 Database Services 133 Introduction 134 Relational Databases 134 Columns and Attributes 135 Using Multiple Tables 135 Structured Query Language 137 Online Transaction Processing vs. Online Analytic Processing 137 Amazon Relational Database Service 138 Database Engines 138 Licensing Considerations 139 Database Option Groups 140 Database Instance Classes 140 Storage 141 Read Replicas 145 High Availability (Multi-AZ) 146 Single-Master 147 Multi-Master 147 Backup and Recovery 148 Automated Snapshots 148 Maintenance Items 149 Amazon Redshift 149 Compute Nodes 149 Data Distribution Styles 150 Redshift Spectrum 150 AWS Database Migration Service 150 Nonrelational (NoSQL) Databases 151 Storing Data 151 Querying Data 152 Types of Nonrelational Databases 152 DynamoDB 153 Partition and Hash Keys 153 Attributes and Items 154 Throughput Capacity 155 Reading Data 157 Global Tables 158 Backups 158 Summary 158 Exam Essentials 159 Review Questions 161 Chapter 6 Authentication and Authorization--AWS Identity and Access Management 165 Introduction 166 IAM Identities 166 IAM Policies 167 User and Root Accounts 168 Access Keys 170 Groups 172 Roles 173 Authentication Tools 173 Amazon Cognito 174 AWS Managed Microsoft AD 174 AWS Single Sign-On 174 AWS Key Management Service 175 AWS Secrets Manager 175 AWS CloudHSM 175 AWS CLI Example 176 Summary 177 Exam Essentials 177 Review Questions 179 Chapter 7 CloudTrail, CloudWatch, and AWS Config 183 Introduction 184 CloudTrail 185 Management Events 185 Data Events 186 Event History 186 Trails 186 Log File Integrity Validation 189 CloudWatch 189 CloudWatch Metrics 190 Graphing Metrics 192 Metric Math 194 CloudWatch Logs 195 CloudWatch Alarms 198 Amazon EventBridge 201 AWS Config 202 The Configuration Recorder 203 Configuration Items 203 Configuration History 203 Configuration Snapshots 203 Monitoring Changes 204 Summary 206 Exam Essentials 206 Review Questions 207 Chapter 8 The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 211 Introduction 212 The Domain Name System 212 Namespaces 212 Name Servers 213 Domains and Domain Names 213 Domain Registration 214 Domain Layers 214 Fully Qualified Domain Names 214 Zones and Zone Files 215 Record Types 215 Alias Records 216 Amazon Route 53 216 Domain Registration 217 DNS Management 217 Availability Monitoring 219 Routing Policies 220 Traffic Flow 222 Route 53 Resolver 223 Amazon CloudFront 223 AWS CLI Example 225 Summary 226 Exam Essentials 226 Review Questions 228 Chapter 9 Simple Queue Service and Kinesis 233 Introduction 234 Simple Queue Service 234 Queues 234 Queue Types 235 Polling 236 Dead-Letter Queues 237 Kinesis 237 Kinesis Video Streams 237 Kinesis Data Streams 238 Kinesis Data Firehose 239 Kinesis Data Firehose vs. Kinesis Data Streams 239 Summary 240 Exam Essentials 240 Review Questions 241 Part II The Well-Architected Framework 245 Chapter 10 The Reliability Pillar 247 Introduction 248 Calculating Availability 248 Availability Differences in Traditional vs. Cloud-Native Applications 249 Know Your Limits 252 Increasing Availability 252 EC2 Auto Scaling 253 Launch Configurations 253 Launch Templates 254 Auto Scaling Groups 255 Auto Scaling Options 256 Data Backup and Recovery 261 S3 261 Elastic File System 261 Elastic Block Storage 261 Database Resiliency 262 Creating a Resilient Network 263 VPC Design Considerations 263 External Connectivity 263 Designing for Availability 264 Designing for 99 Percent Availability 264 Designing for 99.9 Percent Availability 265 Designing for 99.99 Percent Availability 266 Summary 267 Exam Essentials 268 Review Questions 269 Chapter 11 The Performance Efficiency Pillar 273 Introduction 274 Optimizing Performance for the Core AWS Services 274 Compute 275 Storage 279 Database 282 Network Optimization and Load Balancing 284 Infrastructure Automation 286 CloudFormation 286 Third-Party Automation Solutions 288 Reviewing and Optimizing Infrastructure Configurations 289 Load Testing 289 Visualization 290 Optimizing Data Operations 291 Caching 291 Partitioning/Sharding 293 Compression 294 Summary 294 Exam Essentials 295 Review Questions 297 Chapter 12 The Security Pillar 301 Introduction 302 Identity and Access Management 302 Protecting AWS Credentials 303 Fine-Grained Authorization 303 Permissions Boundaries 305 Roles 306 Enforcing Service-Level Protection 313 Detective Controls 313 CloudTrail 313 CloudWatch Logs 314 Searching Logs with Athena 315 Auditing Resource Configurations with AWS Config 317 Amazon GuardDuty 318 Amazon Inspector 321 Amazon Detective 322 Security Hub 323 Protecting Network Boundaries 323 Network Access Control Lists.
AWS Certified Solutions Architect Study Guide : Associate SAA-C02 Exam