Introduction xxv Assessment Test xxxi Answers to Assessment Test xxxvii Part I The Core AWS Services 1 Chapter 1 Introduction to Cloud Computing and AWS 3 Cloud Computing and Virtualization 4 Cloud Computing Architecture 4 Cloud Computing Optimization 5 The AWS Cloud 6 AWS Platform Architecture 10 AWS Reliability and Compliance 13 The AWS Shared Responsibility Model 13 The AWS Service Level Agreement 14 Working with AWS 14 AWS Organizations 14 AWS Control Tower 15 AWS Service Catalog 15 AWS License Manager 16 AWS Artifact 16 The AWS cli 16 AWS SDKs 17 Technical Support and Online Resources 17 Support Plans 17 Other Support Resources 18 Migrating Existing Resources to AWS 18 AWS Migration Hub 19 AWS Application Migration Service 19 AWS Database Migration Service 19 AWS Application Discovery Service 20 Summary 20 Exam Essentials 21 Review Questions 22 Chapter 2 Compute Services 25 Introduction 26 EC2 Instances 27 Provisioning Your Instance 27 Configuring Instance Behavior 32 Placement Groups 33 Instance Pricing 33 Instance Life Cycle 34 Resource Tags 35 Service Limits 36 EC2 Storage Volumes 36 Elastic Block Store Volumes 36 Instance Store Volumes 38 Accessing Your EC2 Instance 39 Securing Your EC2 Instance 41 Security Groups 41 IAM Roles 41 NAT Devices 42 Key Pairs 42 EC2 Auto Scaling 43 Launch Configurations 43 Launch Templates 43 Auto Scaling Groups 45 Auto Scaling Options 46 AWS Systems Manager 49 Actions 50 Insights 52 AWS Systems Manager Inventory 53 Running Containers 54 Amazon Elastic Container Service 54 Amazon Elastic Kubernetes Service 55 Other Container- Oriented Services 55 AWS CLI Example 56 Summary 57 Exam Essentials 58 Review Questions 60 Chapter 3 AWS Storage 67 Introduction 68 S3 Service Architecture 69 Prefixes and Delimiters 69 Working with Large Objects 69 Encryption 71 Logging 71 S3 Durability and Availability 72 Durability 72 Availability 73 Eventually Consistent Data 73 S3 Object Life Cycle 74 Versioning 74 Life Cycle Management 74 Accessing S3 Objects 75 Access Control 75 Presigned URLs 77 Static Website Hosting 77 Amazon S3 Glacier 79 Storage Pricing 80 Other Storage- Related Services 81 Amazon Elastic File System 81 Amazon FSx 81 AWS Storage Gateway 81 AWS Snow Family 82 AWS DataSync 82 AWS CLI Example 83 Summary 84 Exam Essentials 85 Review Questions 86 Chapter 4 Amazon Virtual Private Cloud (VPC) 91 Introduction 92 VPC CIDR Blocks 92 Secondary CIDR Blocks 93 IPv6 CIDR Blocks 93 Subnets 95 Subnet CIDR Blocks 96 Availability Zones 97 IPv6 CIDR Blocks 99 Elastic Network Interfaces 99 Primary and Secondary Private IP Addresses 100 Attaching Elastic Network Interfaces 100 Enhanced Networking 101 Internet Gateways 102 Route Tables 102 Routes 103 The Default Route 104 Security Groups 106 Inbound Rules 106 Outbound Rules 107 Sources and Destinations 108 Stateful Firewall 108 Default Security Group 109 Network Access Control Lists 110 Inbound Rules 110 Outbound Rules 113 Using Network Access Control Lists and Security Groups Together 114 AWS Network Firewall 115 Public IP Addresses 115 Elastic IP Addresses 116 AWS Global Accelerator 118 Network Address Translation 119 Network Address Translation Devices 120 Configuring Route Tables to Use NAT Devices 121 NAT Gateway 121 NAT Instance 122 AWS PrivateLink 123 VPC Peering 123 Hybrid Cloud Networking 124 AWS Site- to- Site VPN 125 AWS Transit Gateway 125 AWS Direct Connect 133 High- Performance Computing 134 Elastic Fabric Adapter 135 AWS ParallelCluster 136 Summary 136 Exam Essentials 137 Review Questions 138 Chapter 5 Database Services 143 Introduction 144 Relational Databases 144 Columns and Attributes 144 Using Multiple Tables 145 Structured Query Language 146 Online Transaction Processing vs. Online Analytic Processing 147 Amazon Relational Database Service 148 Database Engines 148 Licensing Considerations 149 Database Option Groups 150 Database Instance Classes 150 Storage 151 Read Replicas 154 High Availability (Multi- AZ) 155 Single- Master 156 Multi- Master 157 Backup and Recovery 157 Automated Snapshots 157 Maintenance Items 158 Amazon RDS Proxy 158 Amazon Redshift 159 Compute Nodes 159 Data Distribution Styles 159 Chapter 6 Redshift Spectrum 160 AWS Database Migration Service 160 Nonrelational (NoSQL) Databases 161 Storing Data 161 Querying Data 161 Types of Nonrelational Databases 162 DynamoDB 162 Partition and Hash Keys 163 Attributes and Items 164 Throughput Capacity 165 Reading Data 167 Global Tables 168 Backups 168 Summary 168 Exam Essentials 169 Review Questions 170 Authentication and Authorization-- AWS Identity and Access Management 175 Introduction 176 IAM Identities 176 IAM Policies 177 User and Root Accounts 178 Access Keys 180 Groups 181 Roles 182 Authentication Tools 183 Amazon Cognito 183 AWS Managed Microsoft AD 183 AWS Single Sign- On 184 AWS Key Management Service 184 AWS Secrets Manager 184 AWS CloudHSM 185 AWS Resource Access Manager (AWS RAM) 185 AWS CLI Example 185 Summary 187 Exam Essentials 187 Review Questions 189 Chapter 7 CloudTrail, CloudWatch, and AWS Config 193 Introduction 194 CloudTrail 195 Management Events 195 Data Events 196 Event History 196 Chapter 8 Trails 196 Log File Integrity Validation 198 CloudWatch 199 CloudWatch Metrics 200 Graphing Metrics 201 Metric Math 203 CloudWatch Logs 205 CloudWatch Alarms 208 Amazon EventBridge 211 AWS Config 212 The Configuration Recorder 213 Configuration Items 213 Configuration History 213 Configuration Snapshots 213 Monitoring Changes 214 Summary 216 Exam Essentials 216 Review Questions 218 The Domain Name System and Network Routing: Amazon Route 53 and Amazon CloudFront 223 Introduction 224 The Domain Name System 224 Namespaces 225 Name Servers 225 Domains and Domain Names 226 Domain Registration 226 Domain Layers 226 Fully Qualified Domain Names 227 Zones and Zone Files 227 Record Types 227 Alias Records 228 Amazon Route 53 228 Domain Registration 229 DNS Management 229 Availability Monitoring 231 Routing Policies 232 Traffic Flow 234 Route 53 Resolver 234 Amazon CloudFront 235 AWS CLI Example 237 Summary 238 Exam Essentials 238 Review Questions 239 Chapter 9 Data Ingestion, Transformation, and Analytics 243 Introduction 244 AWS Lake Formation 244 Ingestion 245 Transformation 245 Analytics 245 AWS Transfer Family 246 Kinesis 246 Kinesis Video Streams 246 Kinesis Data Streams 247 Kinesis Data Firehose 248 Kinesis Data Firehose vs. Kinesis Data Streams 248 Summary 249 Exam Essentials 249 Review Questions 250 Part II Architecting for Requirements 255 Chapter 10 Resilient Architectures 257 Introduction 258 Calculating Availability 258 Availability Differences in Traditional vs. Cloud- Native Applications 259 Know Your Limits 262 Increasing Availability 262 EC2 Auto Scaling 263 Launch Configurations 263 Launch Templates 263 Auto Scaling Groups 265 Auto Scaling Options 266 Data Backup and Recovery 270 S 3 270 Elastic File System 271 Elastic Block Storage 271 Database Resiliency 271 Creating a Resilient Network 272 VPC Design Considerations 272 External Connectivity 273 Simple Queue Service 273 Queues 274 Queue Types 275 Polling 276 Dead- Letter Queues 276 Designing for Availability 276 Designing for 99 Percent Availability 277 Designing for 99.9 Percent Availability 278 Designing for 99.99 Percent Availability 279 Summary 280 Exam Essentials 281 Review Questions 282 Chapter 11 High- Performing Architectures 289 Introduction 290 Optimizing Performance for the Core AWS Services 290 Compute 291 Storage 295 Database 298 Network Optimization and Load Balancing 299 Infrastructure Automation 302 CloudFormation 302 Third- Party Automation Solutions 309 Reviewing and Optimizing Infrastructure Configurations.