You are on page 1of 21

AWS Certified Solution Architect

Exam Blue Print


Designing highly available, cost efficient, fault tolerant, scalable systems 60%
Implementing/Deploying
- 10%
Data Security
- 20%
Troubleshooting
- 10%
Hands-on experience using compute, networking, storage and database AWS
services
Experience architecting large scale distributed systems.
A good understanding of elasticity and scalability concepts.
Understanding network technologies as they relate to AWS
A good understanding of the security features and tools that AWS provides and how
they relate to traditional services.
A sound understanding of how to interact with AWS SDK, API, CLI and AWS cloud
formation
Generic Knowledge on:
1. Understanding multi-tier architectures, such as Apache, nginx, IIS, caching,
application servers and load balancers.
2. RDBMS MySQL, Oracle, SQL, NoSQL ( running MangoDB, native DB solutions
from AWS)
3. Knowledge of Message queueing and Enterprise Service Bus
4. Familiarity with loose coupling and stateless systems.
5. Understanding of different consistency models in distributed systems.
6. Experience with CDN and performance concepts
7. Network experience with routing tables, ACLs, firewalls, NAT, HTTP, DNS, IP
and OSI networks.
8. Knowledge of restful web services XML and JSON
9. Familiarity with Software life cycle
10.SSH, public key, access credentials, and X.509 certificates.
Items required to
1.
2.
3.
4.
5.
6.

Create a new account on AWS


EC2 750 hrs/month, gives Linux or RHEL or SLES t2.micro instance usage.
S3 5GB/ 20000 Get requests and 2000 put requests
Lambada 1M free requests per month
AWS key management service 20000 requests / month
DynamoDB 25GB of storage/25-units of write capacity, 25-untis of read
capacity
7. Cloudfront 50GB of data transfer out
8. RDS 750 hours of DB instance usage/month, 20GB data storage, 20GB for
backups, 10 mil I/Os
9. SSH terminal
10.Domain name (optional)

Chris
2007
2012
2013

Pinkman and Benjamin Black, SQS 2004, AWS -2006.


180K developers on the platform
First re-invent in LA.
Certifications launched

Concepts and Components

DEPLOYMENT AND MANAGEMENT


ANALYTIC
S
COMPUT
E

APPLICATION SERVICES
STORAGE
NETWORKING

DATABASE
S

AWS GLOBAL INFRASTRUCTURE


AWS GLOBAL Infrastructure:
12 Geographical Regions + 3 in planning
Availability Zones are the data centers
Each region consists of 2 or more availability zones or data centers.
E.g Ireland is the region and consists of 3 availability zones
52 edge locations. Edge locations are CDN (cloud Front) end points. The edge
locations are used by the cloud front to cache the files, nearest to the user.

AWS Networking:
Route 53 Amazons DNS Service, used for hosting the domain name. Use
Acloud.guru
Direct connect Allows you to connect to the virtual private cloud is located.
MPLS networks ( dedicated private cloud to Amazon)
Virtual Private Cloud - Amazons EC2 instances.
Compute:
4 key services
EC2 = Elastic Cloud Compute, Any flavor of Linux (CentOS, Red hat,
Ubuntu and, Open SUSE, even Amazons own flavor of linux), windows
2008, 2012, 2012R2. Even can purchase pre-built OSs for cloud from
AWS Market-Place.

Auto-scaling = famous aspects of the AWS, allows to expand the


machines, which allow the load. Auto-scaling allows to set pre-defined
alarms, like CPU utilization or disk I/O, add another 2 VMs, if my CPU
hits 80% and wait for 5 minutes, before doing that scaling again.

Elastic Load Balancing basically acts as a load balancer to your web


servers to your applications, servers, route 53 to point elastic load
balancer and the elastic load balancer will then diversify the load to
the EC2 instances. The Elastic load balancer also has health check
mechanisms, so that it can check whether, an EC2 instance is alive
and if not move it away from the pool

Workspaces

It is a VDI platform, which allows you to do virtual desktop on the cloud


and use thin clients to access them.
Storage

AWS S3 service, been since inception of AWS


File based storage or Object based storage.
Allows you to store files in the cloud. Files can be any size, from 1 Byte up to
5 TB.

Glacier Service:

It is an archiving service
Archive data in the cloud
Takes about 3 to 5 hours to access from Glacier

EBS Elastic Block Storage

Allows you to have persistent storage in the cloud

Block level, so many file system types can be stored, such as


Windows, Linux
Most commonly the EBS volumes are mounted to the EC2 instance
Flexible, can choose from Magnetic to SSD
SSD for general purpose and SSD for higher IOPS
Storage Gateway

Connects an on premise software appliance with cloud based storage


to provide seamless and secure integration, between a companys on
premise IT equipment and the cloud based storage infrastructure.
Scalable and cost efficient storage
Backups to cloud S3
or Glacier

Import/Export

Send your physical drive sent using the Import/Export system via
courier to AWS and then upload the data. Accelerates moving large
amounts of data in and out of the AWS, using portable storage devices
for movement.
Uses internal Amazons network for moving the data and by-passes the
internet.

RDBMS/RDS (Relational Database Service) on AWS:


Relational DB vs Non-relational DB = SQL vs NoSQL
RDS consists of 5 elements:
SQL server by MS
Oracle
POSTGRESql
MySQL
Amazons own RDS called Aurora (completely MySQL DB, designed to run
specifically on the AWS platform

NoSQL = DynamoDB

Elastic Cache, offers an in built caching service

Analytics
Redshift and its features:

Fast
Fully managed
Petabyte scale Datawarehousing solution
Simple
Cost-effective
Analyze your data using existing business intelligence tools.
Designed from the Infrastructure layer upwards
Maximize Performance
Minimize Costs

Kinesis and its features:

Real time processing of streaming data at massive scale


Data can change rapidly in TBs, from different sources, click streams,
financial transactions, social media streams, IT logs and location tracking
events to generate real time information for dashboards
With Amazon Kinesis content library, you can build Amazon Kinesis real time
data dashboards, implement dynamic pricing and many more.
Data from Kinesis can be moved to S3, Red shift, elastic map reduce and
lambda.
EMR - Elastic Map reduce and its features:

Web service that quickly and efficiently, process vast amounts of data
Uses Dupe, a open source framework, which permits the data to be shared
across a cluster of Amazon EC2 server for processing.
Other distributed frameworks such as SPARK and PRESTO can be run too.
Used in large applications, including log analysis, data warehousing, data
logging, e-learning, scientific simulation and bio-informatics.
Customers launch millions of Elastic Map Reducer clusters each year
Application Services
SQS Simple Queue Service, used for decoupling

Fast
Reliable
Scalable
Fully managed messaging queuing service
Cost-effective and simple solutions
Can send any volume of data at required throughput, without losing
messages required

SWF Simple Workflow

Helps developers to build, run and scale back ground jobs in parallel or
sequential step
Fully managed state tracker and task coordinator in the cloud.
Task can be carried out by application or human workers

SNS Simple Notification Service

Fast
Flexible
Fully manageable messaging service
Simple and cost effective notification push solution to mobile devices
( Android and IOS), Internet connected smart devices and distributed systems
Can also deliver via text message or email to SQS.

SES Simple Email Service

Cost effective
Outbound only email service
Transactional Emails and marketing messages
Pay-per-use
Real time access to your sending statistics
Bounces, complaints and deliveries to fine tune the system

Elastic Transcoder

Highly Scalable, Cost effective


Easy to use coder, that converts the files from one format to the delivered
device format
Cloud Search

Custom search solution for your website or application


Deployment and Management
Opsworks

Allows easy operation of all applications shapes and sizes


Has predefined templates for the specific tasks such as databases and
applications
Automation to scale your application, based on time or load
Dynamic configuration to orchestrate changes as your environment scales

IAM Identity Access Management

Securely control access to AWS services and resources for your users
Using IAM, you can create and manage, users and groups permission to allow
or deny the access to the AWS users
CloudWatch

Cloud resources and hosted application monitoring service


Collect and Track matrix
Collect and monitor log files
Set Alarms
Can monitor resources such as EC2, Dynamo DB, RDS DB, as-well-a custom
DB
Log files that the application generates
Gain System wide visibility
Resource utilization
Application performance
Operational health

Elastic Bean Stalk

Easy to use service for developing and scaling web applications developed
with Java, .net, PHP, JS, Python, Ruby and Docker.
Other services such as Apache, EngineX, Passenger, IAS
Simply upload the code and Elastic bean stalk will handle the deployment
from Capacity management, load balancing, Application health and
monitoring
At the same time have full control over AWS resources and access the
underlying resources anytime

Cloudtrail:

Auditing and logging service used by


Web service that records, API calls and delivers the log files
History of AWS API calls for your account, including the calls made via the
AWS management console, SW development Kits, CLI tools and High level
AWS services, such as AWS cloud formation
Enables security analysis, resource tracking and compliance auditing
Data Pipeline

Web service that reliably move data between different AWS compute and
storage services
As well as on premise data sources at specified interval
Can access the data where it is stored, transformed and scaled and efficiently
transfer the data to AWS services such as S3, RDS, Dynamo DB, Elastic Map
Reduce
Cloud Formation

Gives the developers and system administrators ease of creating and


managing a collection of related AWS resources, provisioning and updating
them in a orderly and predictable fashion
Sample templates are available, to describe the AWS resources any
associated dependencies or runtime parameters required to run your
application
You dont need to specify the order for provisioning the services or the
subtleties of dependencies work
After the AWS resources are deployed, they can be modified in a controlled
and predictable way and effective in controlling the versions of your
infrastructure, the same way you do with your SW

Identity Access Management


IAM allows you to manage users and their level of access to the AWS Console
Centralized control of AWS account
Can integrate with current AD settings allowing a SSO
Fine grained access to the AWS resources
Access available on User/Group/Role level
Multifactor Authentication
Provides temporary access for user/devices and services where necessary
Setup and maintain your own password rotation policy
User
Actual end users
Group
A collection of users under one set of permissions
Roles
Similar to group, but, can be assigned to both AWS users and resources
(like EC2)
EC2 instances can have the credentials stored on them, however it is a
risk and difficult to manage. Roles resolve this issue.
Roles and Policy Templates:

Each roles has a policy template


Administrator Access which gives full access to AWS services and
resources
Power user access which gives full access except management of users
and groups
Read only access, which gives the user only read only permissions to
the user
More granular access, depending on the access required for the user,
such as S3 access
MFA Multi-Factor Authentication

EC2 Instances
Elastic Cloud Compute
Can create re-sizeable compute capacity in the cloud.
Reduces the time required to obtain and boot new server instances to
minutes.
Allows scalability of the capacity up and down, as the computing
requirements change.
Changes the economics of the computing by allowing to pay only for the
usage
Provides the developers to build failure resilient applications and isolate them
from common failure scenarios.
Fixed rate per hour
On demand
For users that want the low cost and flexibility of EC2, without any
upfront payment or long term commitment
Applications for short-term, spiky or unpredictable workloads that
cannot be interrupted
Applications being developed or tested for the time on EC2
Types:

General Purpose
o Compute Optimized Compute Intensive Applications
o Memory Optimized Database and Memory Cache Applications
o GPU Instances High Performance Parallel computing
o Storage Optimized Storage Optimized and Parallel computing
Reserved
Capacity reservation, with significant discount on the hourly charge for
an instance in 1 or 3 year terms
Application with steady state or usage
Application that require reserved capacity
Spot
Bid for the amount you want to pay for the instance capacity, even
greater savings.
Applications that have flexible start and end times
Applications those are only feasible at very low compute prices
Users with urgent computing needs for large amounts of additional
capacity
Local Instance storage Vs EBS
Local Instance storage, is the storage presented to the Instance is
initialized and stays put as long as the Instance is alive
EBS Backed Volume life is the storage independent of the Instance and
can be used later, even if the Instance is terminated.
EXAM: EBS instances cannot be mounted to different EC2 instances
General Purpose SSD:
Designed for 99.9%availablity
Ratio of 3 IOPS per GB, offer single digit millisecond latencies
and also have the ability to burst up to 3000 IOPS for short
periods
Provisioned IOPS SSD:
Designed for I/O intensive applications such as large relational
DBS and Non-relational DBs
Magnetic
Lowest cost/GB
of all EBS Volumes. Least accessed
workloads are put here.