- Introduction to Amazon Web Services (AWS)
- Identity Access Management (IAM)
- IAM Policy
- IAM Authentication
- Elastic Compute Cloud (EC2)
- Elastic Block Storage (EBS)
- Elastic Load Balancer (ELB)
- Auto Scaling Groups and Launch Configurations
- Elastic File System (EFS)
- Elastic Beanstack
- DNS and Route 53
- Elastic Container Service (ECS)
- Storage Gateway
- Virtual Private Clouds (VPC)
- Network Access Control Lists (NACL)
- Security Groups (VPC SG)
- Network Address Translation (NAT) Instances, NAT Gateways, Egress only Internet Gateways and Bastion Hosts
- Simple Storage Service (S3)
- Cloud Watch
- Cloudtrail Logs
- CloudFront CDN
- Cloud Formation
- Relational Database Service (RDS)
- DynamoDB NoSQL key value and document database
- Redshift
- Amazon Aurora RDS
- Elasticache
- AWS Simple Notification Service (SNS)
- Simple Queue Service (SQS)
- Simple Workflow Service (SWF)
- Elastic Transcoder
- API Gateway
- AWS Kinesis
- Security on AWS
- Overview of Security Processes – Summary of the Whitepaper
- Lambda
- Additional Topics
- AWS Well-Architected framework (February 2018 CSAA Exam)
- Architecting for the AWS Cloud – Best Practices
- AWS CSAA – Released February 2018 Exam Questions
- My day at the AWS CSAA (Released February 2018) certification exam
AWS Well-Architected framework (February 2018 CSAA Exam)
The Well-Architected framework has been developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. This framework provides a consistent approach for customers and partners to evaluate architectures, and provides guidance to help implement designs that will scale with your application needs over time. Following are the five pillars of well architected framework.
- Resilient Architecture Pillar (FARMD)
- Fault tolerant: Multi AZ RDS, Route 53 failover policies, ELB health checks
- High Availability by spreading across Availability Zones (Using ELB with health checks, Route 53 failover routing etc)
- Resilient/reliable storage (S3 is inherently reliable. Use multi AZ deployment in RDS for Disaster Recovery)
- Multi tier architecture (ELB/CloudFront tier, web/app tier, data tier)
- Decouple system components to avoid single point of failure (use SQS/SWF)
- High performant architecture Pillar (SECRI)
- Scalability: Scaling up/down by using proper instance types with desired amount of cpu/memory
- Elasticity: Scaling out/in with increase/decrease number of instances, load balancing and auto scaling features
- Cacheing (Elasticache, Aurora Cache, Cloud Front with edge locations, S3 transfer acceleration)
- Read replicas: High performance DB tier
- IOPS: High performance storage (Provisioned IOPS EBS or standard burstable EBS )
- Security Pillar
- WAF, VPC ACLs, Security Groups
- Bastion hosts for accessing EC2s in private subnets thru SSH/RDS
- NAT gateway/instances for downloading patches from internet for EC2 instances inside private subnets
- Principal centric security (IAM policies)
- Resource centric security (Bucket policies, origin access identities)
- Encryption in flight and at rest
- Key rotation, MFA, EC2 instance profiles with IAM roles, STS
- Cost effective design Pillar
- Application tier (spot instances, scaling down, scheduled stop/start)
- Storage tier
- Using appropriate storage types eg: Glacier vs S3 RR vs S3.
- Using standard HDD as opposed to SSD for web tier for small and medium businesses
- Deleting unused/unnecessary snapshots, AMIs, S3 objects/buckets
- Reduce RDS automatic daily backups
- Data transfer
- Using VPC endpoints for S3 access to reduce data transfer costs
- Transfer using private ips within a AZ for getting local transfer rates
- Data/service request costs
- S3 or API gateway requests are measured and billed
- Using cloud front in front of S3 to reduce S3 requests
- Use long polling SQS
- Operational Excellence Pillar
- Perform operations as code using cloud formation etc
- define your entire workload (applications, infrastructure, etc.) as code and update it with code.
- You can script your operations procedures and automate their execution by triggering them in response to events.
- By performing operations as code, you limit human error and enable consistent responses to events. Also repeatable.
- Annotated documentation
- you can automate the creation of annotated documentation after every build (or automatically annotate hand-crafted documentation).
- Annotated documentation can be used by humans and systems.
- Use annotations as an input to your operations code. Example: Tagging all development EC2’s with simple tag different from production EC2’s
- Make frequent, small, reversible changes:
- Refine operations procedures frequently:
- As you use operations procedures, look for opportunities to improve them.
- As you evolve your workload, evolve your procedures appropriately.
- Anticipate failure
- Perform “pre-mortem” exercises to identify potential sources of failure so that they can be removed or mitigated.
- Test your failure scenarios and validate your understanding of their
impact. - Test your response procedures to ensure they are effective and that teams are familiar with their execution.
- Learn from all operational failures and Share what is learned across teams and through the entire organization.
- Use AWS Support
- AWS Cloud Compliance enables you to understand the robust
controls in place at AWS to maintain security and data protection in the cloud. - AWS Trusted Advisor provides real-time guidance to help you
provision your resources following AWS best practices. - Business Support provides access to the full set of Trusted Advisor
checks and guidance for following AWS best practices. - Enterprise Support customers also receive support from Technical
Account Managers (TAMs)
- AWS Cloud Compliance enables you to understand the robust
- Perform operations as code using cloud formation etc