Introduction xxx Chapter 1 Understanding the Foundations of AWS Architecture 3 Essential Characteristics of AWS Cloud Computing 6 AWS Cloud Computing and NIST 8 On-Demand Self-Service 9 Broad Network Access 10 Resource Pooling 10 Rapid Elasticity 11 Measured Service 12 Moving to AWS 13 Infrastructure as a Service (IaaS) 14 Platform as a Service (PaaS) 17 Operational Benefits of AWS 19 Cloud Provider Responsibilities 20 Security at AWS 21 Network Security at AWS 22 Application Security at AWS 23 Migrating Applications 24 Applications That Can Be Moved to AWS and Hosted on an EC2 Instance with No Changes 26 Applications with Many Local Dependencies That Cause Problems When Being Moved to the Cloud 27 Replacing an Existing Application with a SaaS Application Hosted by a Public Cloud Provider 28 Applications That Should Remain On Premises and Eventually Be Deprecated 28 The AWS Well-Architected Framework 28 The Well-Architected Tool 30 AWS Services Cheat Sheet 31 In Conclusion 36 Chapter 2 The AWS Well-Architected Framework 39 "Do I Know This Already?" 40 Foundation Topics 42 The Well-Architected Framework 42 Operational Excellence Pillar 44 Security Pillar 45 Reliability Pillar 47 Performance Efficiency Pillar 49 Cost Optimization Pillar 51 Sustainability Pillar 51 Designing a Workload SLA 52 Reliability and Performance Are Linked 54 Disaster Recovery 54 Placing Cloud Services 55 Deployment Methodologies 60 Factor 1: Use One Codebase That Is Tracked with Version Control to Allow Many Deployments 63 Factor 2: Explicitly Declare and Isolate Dependencies 65 Factor 3: Store Configuration in the Environment 66 Factor 4: Treat Backing Services as Attached Resources 66 Factor 5: Separate Build and Run Stages 67 Factor 6: Execute an App as One or More Stateless Processes 67 Factor 7: Export Services via Port Binding 69 Factor 8: Scale Out via the Process Model 69 Factor 9: Maximize Robustness with Fast Startup and Graceful Shutdown 69 Factor 10: Keep Development, Staging, and Production as Similar as Possible 70 Factor 11: Treat Logs as Event Streams 70 Factor 12: Run Admin/Management Tasks as One-Off Processes 71 Exam Preparation Tasks 71 Review All Key Topics 71 Define Key Terms 72 Q&A 72 Chapter 3 Designing Secure Access to AWS Resources 75 "Do I Know This Already?" 75 Foundation Topics 79 Identity and Access Management (IAM) 79 IAM Policy Definitions 81 IAM Authentication 82 Requesting Access to AWS Resources 84 The Authorization Process 85 Actions 87 IAM Users and Groups 88 The Root User 88 The IAM User 90 IAM Groups 94 Signing In as an IAM User 94 IAM Account Details 95 Creating a Password Policy 96 Rotating Access Keys 97 Using Multi-Factor Authentication 99 Creating IAM Policies 99 IAM Policy Types 100 IAM Policy Creation 105 IAM Roles 118 When to Use IAM Roles 119 AWS Security Token Service 126 IAM Best Practices 128 IAM Security Tools 130 IAM Cheat Sheet 132 AWS Identity Center 132 AWS Organizations 134 AWS Organizations Cheat Sheet 136 AWS Resource Access Manager 136 AWS Control Tower 138 Exam Preparation Tasks 140 Review All Key Topics 140 Define Key Terms 141 Q&A 142 Chapter 4 Designing Secure Workloads and Applications 145 "Do I Know This Already?" 145 Foundation Topics 149 Securing Network Infrastructure 149 Networking Services Located at Edge Locations 150 VPC Networking Services for Securing Workloads 154 Network ACL Cheat Sheet 169 VPC Flow Logs 172 NAT Services 174 Amazon Cognito 176 User Pool 177 Federated Identity Provider 179 External Connections 180 Virtual Private Gateway 181 Customer Gateway 182 AWS Managed VPN Connection Options 183 Understanding Route Propagation 184 AWS Direct Connect 185 AWS Direct Connect Cheat Sheet 187 Amazon GuardDuty 187 Amazon GuardDuty Cheat Sheet 189 Amazon Macie 189 Amazon Macie Cheat Sheet 190 Security Services for Securing Workloads 191 AWS CloudTrail 191 AWS Secrets Manager 194 Amazon Inspector 195 AWS Trusted Advisor 196 AWS Config 198 Exam Preparation Tasks 199 Review All Key Topics 199 Define Key Terms 200 Q&A 201 Chapter 5 Determining Appropriate Data Security Controls 203 "Do I Know This Already?" 204 Foundation Topics 207 Data Access and Governance 207 Data Retention and Classification 207 Infrastructure Security 209 IAM Controls 210 Detective Controls 210 Amazon EBS Encryption 212 Amazon S3 Bucket Security 216 S3 Storage at Rest 220 Amazon S3 Object Lock Policies 221 Legal Hold 222 Amazon S3 Glacier Storage at Rest 222 Data Backup and Replication 223 AWS Key Management Service 224 Envelope Encryption 225 AWS KMS Cheat Sheet 226 AWS CloudHSM 227 AWS Certificate Manager 227 Encryption in Transit 228 Exam Preparation Tasks 229 Review All Key Topics 229 Define Key Terms 230 Q&A 230 Chapter 6 Designing Resilient Architecture 233 "Do I Know This Already?" 233 Foundation Topics 237 Scalable and Resilient Architecture 237 Scalable Delivery from Edge Locations 238 Stateful Versus Stateless Application Design 239 Changing User State Location 241 User Session Management 243 Container Orchestration 244 Migrating Applications to Containers 246 Resilient Storage Options 246 Application Integration Services 247 Amazon Simple Notification Service 248 Amazon Simple Queue Service 250 AWS Step Functions 254 Amazon EventBridge 256 Amazon API Gateway 258 API Gateway Cheat Sheet 261 Building a Serverless Web App 262 Automating AWS Infrastructure 266 AWS CloudFormation 268 AWS Service Catalog 277 AWS Elastic Beanstalk 279 Updating Elastic Beanstalk Applications 282 Exam Preparation Tasks 284 Review All Key Topics 284 Define Key Terms 285 Q&A 285 Chapter 7 Designing Highly Available and Fault-Tolerant Architecture 287 "Do I Know This Already?" 289 Foundation Topics 293 High Availability and Fault Tolerance 293 High Availability in the Cloud 294 Reliability 295 AWS Regions and Availability Zones 296 Availability Zones 300 AWS Services Use Cases 308 Choosing an AWS Region 310 Compliance Rules 311 Latency Concerns 319 Services Offered in Each AWS Region 320 Calculating Costs 321 Distributed Design Patterns 321 Designing for High Availability and Fault Tolerance 322 Removing Single Points of Failure 325 Immutable Infrastructure 327 Storage Options and Characteristics 329 Failover Strategies 330 Backup and Restore 332 Pilot Light 333 Warm Standby 337 Multi-Region Scenarios 339 Single and Multi-Region Recovery Cheat Sheet 343 Disaster Recovery Cheat Sheet 344 AWS Service Quotas 345 AWS Service Quotas Cheat Sheet 347 Amazon Route 53 348 Route 53 Health Checks 349 Route 53 Routing Policies 350 Route 53 Traffic Flow Policies 351 Alias Records 352 Route 53 Resolver 352 Exam Preparation Tasks 354 Review All Key Topics 354 Define Key Terms 355 Q&A 355 Chapter 8 High-Performing and Scalable Storage Solutions 357 "Do I Know This Already?" 358 Foundation Topics 362 AWS Storage Options 362 Workload Storage Requirements 363 Amazon Elastic Block Store 365 EBS Volume Types 367 General Purpose SSD (gp2/gp3) 369 Elastic EBS Volumes 370 Attaching an EBS Volume 371 Amazon EBS Cheat Sheet 372 EBS Snapshots 373 Local EC2 Instance Storage Volumes 377 Amazon Elastic File System 379 EFS Performance Modes 380 EFS Throughput Modes 381 EFS Security 382 EFS Storage Classes 382 EFS Lifecycle Management 383 Amazon EFS Cheat Sheet 383 AWS DataSync 384 Amazon FSx for Windows File Server 386 Amazon FSx for Windows File Server Cheat Sheet 388 Amazon Simple Storage Service 388 Amazon S3 Bucket Concepts 390 Amazon S3 Data Consistency 393 Amazon S3 Storage Classes 394 Amazon S3 Management 396 S3 Bucket Versioning 400 Amazon S3 Access Points 401 Multi-Region Access Points 402 Preselected URLs for S3 Objects 403 S3 Cheat Sheet 403 Amazon S3 Glacier 404 Vaults and Archives 405 S3 Glacier Retrieval Policies 405 S3 Glacier Deep Archive 406 Amazon S3 Glacier Cheat Sheet 406 AWS Data Lake 407 AWS Lake Formation 409 Structured and Unstructured Data 411 Analytical Tools and Datasets 412 AWS Glue 413 Analytic Services 415 Amazon Kinesis Data Streams 417 Exam Preparation Tasks 418 Review All Key Topics 418 Define Key Terms 419 Q&A 419 Chapter 9 Designing High-Performing and Elastic Compute Solutions 421 "Do I Know This Already?" 421 Foundation Topics 425 AWS Compute Services 425 AWS EC2 Instances 427 Amazon Machine Images 429 AWS Lambda 436 AWS Lambda Integration 438 AWS Lambda Cheat Sheet 441 Amazon Containe.