AWS Certified Solutions Architect 2020 — Study Notes — Part 1

Compute

AWS EC2

  • On Demand
  • Reserved
  • Spot
  • Dedicated Hosts

Amazon EC2 Auto Scaling

  1. Amazon EC2 Auto Scaling helps in automatically scaling the Amazon EC2 instances up and down as per the policies you define.

AWS Lambda

  1. AWS Lambda enables you to run code without provisioning or managing any servers or infrastructure.
  2. You can also run code in response to event triggers such as Amazon S3 uploads, Amazon DynamoDB updates, Amazon Kinesis streams, Amazon API Gateway requests, and so on.
  3. The pricing for using AWS Lambda is simple. You pay only for the compute time when the code is getting executed; there is no charge when the code is not running.

Amazon EC2 Container Service

  1. There are no separate charges for Amazon ECS; you pay only for the AWS resources used such as Amazon EC2 instances, Amazon Elastic Block Storage (EBS) volumes, and so on.

Amazon Lightsail

  1. Amazon’s Website Hosting Service (Virtual Private Service).
  2. Small Scale deployment

AWS Elastic Beanstalk

  1. AWS Elastic Beanstalk lets you run and manage web applications without worrying about the underlying infrastructure.
  2. AWS Elastic Beanstalk automatically handles deployment, load balancing, autoscaling, and application health monitoring. At the same time, you have full control over the AWS resource; you can access the underlying resources at any time using the console

Security Groups

  1. A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance.
  2. Security groups act at the instance level.
  3. Security groups are stateful.
  4. Evaluate all rules before deciding whether to allow traffic

NETWORKING

Amazon Virtual Private Cloud

  1. A VPC spans all of the Availability Zones in the Region.
  2. After creating a VPC, you can add one or more subnets in each Availability Zone.
  3. If you have multiple Amazon VPCs, you can connect them as well using Amazon VPC peering.
  4. Route Tables control traffic between subnets.
  5. It must be noted that a subnet is tied to only one availability zone. Of course, within an AZ you can have multiple subnets.
  6. /16 is the largest VPC, and smallest is /28.
  7. AWS uses 5 IP addresses per subnet.
  8. VPC Flowlogs — VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. VPC Flow Logs can be created at the VPC, subnet, and network interface levels.
  9. Elastic IP Address — An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is a public IPv4 address, which is reachable from the internet.
  10. Bastion or Jump Boxes — A Bastion host allows you to securely administer (via SSH or RDP) an EC2 instance located in a private subnet. Don’t confuse Bastions and NATs, which allow outside traffic to reach an instance in a private subnet.
  11. VPC Endpoint — A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. There are two types of VPC endpoints: interface endpoints and gateway endpoints.
  12. An interface endpoint is an elastic network interface with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service.
  13. A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. The following AWS services are supported: Amazon S3 and DynamoDB
  • When we create a new security group, all outbound traffic is allowed by default.
  • Security Groups operate at the instance level, they support “allow” rules only, and they evaluate all rules before deciding whether to allow traffic.

ROUTE TABLE

  1. You can associate multiple subnets with the same route table.
  2. When you create a VPC, Amazon VPC automatically creates the main route table.

INTERNET GATEWAY

  1. It must be noted that an IG is a horizontally scaled, redundant, and highly available component in VPC.

NETWORK ADDRESS TRANSLATION

  1. Using a NAT device, you can enable any instance in a private subnet to connect to the Internet
  2. There are two types of NAT devices available within AWS. NAT instances and NAT Gateway

Network ACLs

  1. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
  2. Is stateless: Return traffic must be explicitly allowed by rules.
  3. We process rules in number order when deciding whether to allow traffic

Amazon Route 53

  1. Simple routing policy
  2. Failover routing policy
  3. Geolocation routing policy
  4. Geoproximity routing policy
  5. Latency routing policy
  6. Multivalue answer routing policy
  7. Weighted routing policy

ELB

  1. Elastic Load Balancing supports three types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers.
  2. You configure your load balancer to accept incoming traffic by specifying one or more listeners.

AWS Direct Connect

  1. Using AWS Direct Connect, you can establish private, dedicated network connectivity from your data center to AWS.

SECURITY AND COMPLIANCE

AWS Identity and Access Management

  1. AWS Identity and Access Management (IAM) is used to create users, groups, and roles.

AWS Certificate Manager

Amazon Inspector

STORAGE AND CONTENT DELIVERY

Amazon Simple Shared Storage (S3)

  1. 99.999999999 percent durability
  2. Object Storage
  3. 100 buckets per account
  4. You can store unlimited amount of data but each file size can’t exceed 5TB.
  5. It is a regional service; that is, content is automatically replicated within a region for durability.
  6. Amazon S3 supports multipart uploads
  7. Amazon S3 is designed to provide 99.99 percent availability.
  8. For DR Using cross-region replication, you can automatically replicate each S3 object to a different bucket in a different region.
  9. Two type of consistency — read-after-write consistency/Eventual Consistency.
  10. Access Control — Access Policies / Bucket Policies / ACL
  11. lifecycle management — Transition action/Expiration Action
  12. Storage Class :-
  1. Object Storage
  2. expedited (1–5 mins), standard (hours), and bulk retrievals(day).
  3. To upload a file in Glacier first, you need to create a vault

Elastic File System (EFS)

  1. File Storage service that can be shared between EC2 instances
  2. Support NFS v4
  3. Data is stored across multiple AZ’s
  4. Read after write consistency
  5. EFS Storage Classes — Infrequent Access and Standard

Elastic Block Storage (EBS)

  1. Block Storage 3 TYPES (Amazon EC2 instance store , Amazon EBS SSD-backed volume, Amazon EBS HDD-backed volume)
  2. Amazon EBS replication is stored within the same availability zone, not across multiple zones.
  3. EBS Instance Store (Ephemeral Store)
  4. A persistent storage (means the storage is independent outside the life span of an EC2 instance)
  5. EBS, EFS, and FSx are all storage services base on Block storage
  6. Snapshot goes to S3
  7. AMI’s can be created from both Snapshot and Volumes
  8. EC2 — Take Snapshot — Create AMI (Amazon Machine Images)from Snapshot — Use AMI to Launch Instance

AWS Storage Gateway

  1. AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.
  2. The service provides three different types of gateways — Tape Gateway, File Gateway, and Volume Gateway
  3. The file gateway enables you to store and retrieve objects in Amazon S3 using file protocols, such as NFS. Objects written through file gateway can be directly accessed in S3.
  4. The tape gateway provides your backup application with an iSCSI virtual tape library (VTL) interface, consisting of a virtual media changer, virtual tape drives, and virtual tapes. Virtual tape data is stored in Amazon S3 or can be archived to Amazon S3 Glacier
  5. The volume gateway provides block storage to your applications using the iSCSI protocol. Data on the volumes is stored in Amazon S3. To access your iSCSI volumes in AWS, you can take EBS snapshots which can be used to create EBS volumes.
Storage Gateway Creation
Image from AWS

Import/Export Options (Snowball)

  1. Import-Export Disk’s
  2. Puts data in S3 (and pulls from it if we want data exported out of AWS)
  3. Snowballs come with two storage sizes: 50TB and 80TB
  4. Snowball Edge is up to 100 TB and also has on-device compute capability. For example, the suitcase can run code to pull data in and store it.
  5. Snowmobile is a truck, Exabyte scale data transfer. 100 PB storage limit.

Amazon CloudFront

  1. Amazon CloudFront is the global content delivery network (CDN) service of AWS.
  2. Amazon CloudFront provides advanced CDN features such as SSL support, geographic restriction, and private content.

--

--

--

In quest of understanding How Systems Work !

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Continuous Integration: A Merge Story

Learning Python for Becoming Remote Worker (Web Scrapping) — Day 2: Installing IDE — VSCODE

Pwning 3CX Phone Management Backends from the Internet

Oracle Fusion Procurement Online Training

Process Mining in Application Maintenance and Support — Part 1

Charge Your Mac Automatically Only When Is Needed

Tracking Energy Use Takes Energy

November 2017: GitHub Development Winners

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Arun Kumar Singh

Arun Kumar Singh

In quest of understanding How Systems Work !

More from Medium

What Is Cloud Test Automation?

Kondukto AWS DevOps Transformation

How to write code on Mac or Linux but test on Windows with hot-reloading

Beginners Guide to Terraform