AWS Certified Solutions Architect Study Guide: Associate (SAA-C03) Exam, 4th Edition (2022)
AWS Certified Solutions Architect Study Guide: Associate (SAA-C03) Exam, 4th Edition (2022) helps you master complex topics with simplified explanations.
Michael Davis
Contributor
4.4
60
about 2 months ago
Preview (31 of 477)
Sign in to access the full document!
AWS
Certified Solutions Architect
Study Guide
Associate (SAA-C03) Exam
Fourth Edition
Certified Solutions Architect
Study Guide
Associate (SAA-C03) Exam
Fourth Edition
Loading page 4...
Loading page 5...
AWS
Certified Solutions Architect
Study Guide
Associate (SAA-C03) Exam
Fourth Edition
Ben Piper
David Clinton
Certified Solutions Architect
Study Guide
Associate (SAA-C03) Exam
Fourth Edition
Ben Piper
David Clinton
Loading page 6...
Copyright © 2023 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada and the United Kingdom.
ISBN: 978-1-119- 98262-3
ISBN: 978-1-119- 98264-7 (ebk.)
ISBN: 978-1-119- 98263-0 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under
Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the
Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc.,
222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www
.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department,
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at
www.wiley.com/go/permission.
Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley
& Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written
permission. AWS is a registered trademark of Amazon Technologies, Inc. All other trademarks are the property
of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in
this book.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing
this book, they make no representations or warranties with respect to the accuracy or completeness of the contents
of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose.
No warranty may be created or extended by sales representatives or written sales materials. The advice and
strategies contained herein may not be suitable for your situation. You should consult with a professional where
appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared
between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any
loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or
other damages.
For general information on our other products and services or for technical support, please contact our Customer
Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax
(317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be
available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.
Library of Congress Control Number: 2022944334
Cover image: © Jeremy Woodhouse/Getty Images, Inc.
Cover design: Wiley
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada and the United Kingdom.
ISBN: 978-1-119- 98262-3
ISBN: 978-1-119- 98264-7 (ebk.)
ISBN: 978-1-119- 98263-0 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under
Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the
Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc.,
222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www
.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department,
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at
www.wiley.com/go/permission.
Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley
& Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written
permission. AWS is a registered trademark of Amazon Technologies, Inc. All other trademarks are the property
of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in
this book.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing
this book, they make no representations or warranties with respect to the accuracy or completeness of the contents
of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose.
No warranty may be created or extended by sales representatives or written sales materials. The advice and
strategies contained herein may not be suitable for your situation. You should consult with a professional where
appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared
between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any
loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or
other damages.
For general information on our other products and services or for technical support, please contact our Customer
Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax
(317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be
available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.
Library of Congress Control Number: 2022944334
Cover image: © Jeremy Woodhouse/Getty Images, Inc.
Cover design: Wiley
Loading page 7...
Acknowledgments
We would like to thank the following people who helped us create AWS Certified Solutions
Architect Study Guide: Associate SAA-C03 Exam, Fourth Edition.
First, a special thanks to our friends at Wiley. Kenyon Brown, senior acquisitions editor,
got the ball rolling on this project and pushed to get this book published quickly. His experi-
ence and guidance throughout the project was critical. Kim Wimpsett, project editor, helped
push this book forward by keeping us accountable to our deadlines. Her edits made many of
the technical parts of this book more readable.
Doug Holland reviewed the chapters and questions for technical accuracy. Not only
did his comments and suggestions make this book more accurate, he also provided addi-
tional ideas for the chapter review questions to make them more challenging and relevant to
the exam.
Lastly, the authors would like to thank each other!
We would like to thank the following people who helped us create AWS Certified Solutions
Architect Study Guide: Associate SAA-C03 Exam, Fourth Edition.
First, a special thanks to our friends at Wiley. Kenyon Brown, senior acquisitions editor,
got the ball rolling on this project and pushed to get this book published quickly. His experi-
ence and guidance throughout the project was critical. Kim Wimpsett, project editor, helped
push this book forward by keeping us accountable to our deadlines. Her edits made many of
the technical parts of this book more readable.
Doug Holland reviewed the chapters and questions for technical accuracy. Not only
did his comments and suggestions make this book more accurate, he also provided addi-
tional ideas for the chapter review questions to make them more challenging and relevant to
the exam.
Lastly, the authors would like to thank each other!
Loading page 8...
Loading page 9...
About the Authors
Ben Piper is a networking and cloud consultant who has authored multiple books, including
the AWS Certified Cloud Practitioner Study Guide: Foundational CLF-C01 Exam (Sybex,
2019) and Learn Cisco Network Administration in a Month of Lunches (Manning, 2017).
You can contact Ben by visiting his website: benpiper.com.
David Clinton is a Linux server admin and AWS solutions architect who has worked with
IT infrastructure in both academic and enterprise environments. He has authored books—
including (with Ben Piper) the AWS Certified Cloud Practitioner Study Guide: Foundational
CLF-C01 Exam (Sybex, 2019), The Ubuntu Linux Bible (with Chris Nagos; Wiley, 2020),
and Teach Yourself Data Analytics in 30 Days (Bootstrap IT, 2021).
In a “previous life,” David spent 20 years as a high school teacher. He currently lives
in Toronto, Canada, with his wife and family and can be reached through his website:
bootstrap-it.com.
Ben Piper is a networking and cloud consultant who has authored multiple books, including
the AWS Certified Cloud Practitioner Study Guide: Foundational CLF-C01 Exam (Sybex,
2019) and Learn Cisco Network Administration in a Month of Lunches (Manning, 2017).
You can contact Ben by visiting his website: benpiper.com.
David Clinton is a Linux server admin and AWS solutions architect who has worked with
IT infrastructure in both academic and enterprise environments. He has authored books—
including (with Ben Piper) the AWS Certified Cloud Practitioner Study Guide: Foundational
CLF-C01 Exam (Sybex, 2019), The Ubuntu Linux Bible (with Chris Nagos; Wiley, 2020),
and Teach Yourself Data Analytics in 30 Days (Bootstrap IT, 2021).
In a “previous life,” David spent 20 years as a high school teacher. He currently lives
in Toronto, Canada, with his wife and family and can be reached through his website:
bootstrap-it.com.
Loading page 10...
Loading page 11...
About the Technical Editor
Doug Holland is a Cloud Solutions Architect based in Northern California with over 20
years of industry experience. He holds a master’s degree in software engineering from
Oxford University and has been recognized for his technical leadership as a Microsoft MVP
and Intel Black Belt Developer.
Doug Holland is a Cloud Solutions Architect based in Northern California with over 20
years of industry experience. He holds a master’s degree in software engineering from
Oxford University and has been recognized for his technical leadership as a Microsoft MVP
and Intel Black Belt Developer.
Loading page 12...
Loading page 13...
Contents at a Glance
Introduction xxv
Assessment Test xxxi
Answers to Assessment Test xxxvii
Part I The Core AWS Services 1
Chapter 1 Introduction to Cloud Computing and AWS 3
Chapter 2 Compute Services 25
Chapter 3 AWS Storage 67
Chapter 4 Amazon Virtual Private Cloud (VPC) 91
Chapter 5 Database Services 143
Chapter 6 Authentication and Authorization—AWS
Identity and Access Management 175
Chapter 7 CloudTrail, CloudWatch, and AWS Config 193
Chapter 8 The Domain Name System and Network Routing:
Amazon Route 53 and Amazon CloudFront 223
Chapter 9 Data Ingestion, Transformation, and Analytics 243
Part II Architecting for Requirements 255
Chapter 10 Resilient Architectures 257
Chapter 11 High-Performing Architectures 289
Chapter 12 Secure Architectures 323
Chapter 13 Cost-Optimized Architectures 357
Appendix A Answers to Review Questions 375
Appendix B Additional Services 405
Index 417
Introduction xxv
Assessment Test xxxi
Answers to Assessment Test xxxvii
Part I The Core AWS Services 1
Chapter 1 Introduction to Cloud Computing and AWS 3
Chapter 2 Compute Services 25
Chapter 3 AWS Storage 67
Chapter 4 Amazon Virtual Private Cloud (VPC) 91
Chapter 5 Database Services 143
Chapter 6 Authentication and Authorization—AWS
Identity and Access Management 175
Chapter 7 CloudTrail, CloudWatch, and AWS Config 193
Chapter 8 The Domain Name System and Network Routing:
Amazon Route 53 and Amazon CloudFront 223
Chapter 9 Data Ingestion, Transformation, and Analytics 243
Part II Architecting for Requirements 255
Chapter 10 Resilient Architectures 257
Chapter 11 High-Performing Architectures 289
Chapter 12 Secure Architectures 323
Chapter 13 Cost-Optimized Architectures 357
Appendix A Answers to Review Questions 375
Appendix B Additional Services 405
Index 417
Loading page 14...
Loading page 15...
Contents
Introduction xxv
Assessment Test xxxi
Answers to Assessment Test xxxvii
Part I The Core AWS Services 1
Chapter 1 Introduction to Cloud Computing and AWS 3
Cloud Computing and Virtualization 4
Cloud Computing Architecture 4
Cloud Computing Optimization 5
The AWS Cloud 6
AWS Platform Architecture 10
AWS Reliability and Compliance 13
The AWS Shared Responsibility Model 13
The AWS Service Level Agreement 14
Working with AWS 14
AWS Organizations 14
AWS Control Tower 15
AWS Service Catalog 15
AWS License Manager 16
AWS Artifact 16
The AWS CLI 16
AWS SDKs 17
Technical Support and Online Resources 17
Support Plans 17
Other Support Resources 18
Migrating Existing Resources to AWS 18
AWS Migration Hub 19
AWS Application Migration Service 19
AWS Database Migration Service 19
AWS Application Discovery Service 20
Summary 20
Exam Essentials 21
Review Questions 22
Chapter 2 Compute Services 25
Introduction 26
EC2 Instances 27
Provisioning Your Instance 27
Configuring Instance Behavior 32
Placement Groups 33
Instance Pricing 33
Introduction xxv
Assessment Test xxxi
Answers to Assessment Test xxxvii
Part I The Core AWS Services 1
Chapter 1 Introduction to Cloud Computing and AWS 3
Cloud Computing and Virtualization 4
Cloud Computing Architecture 4
Cloud Computing Optimization 5
The AWS Cloud 6
AWS Platform Architecture 10
AWS Reliability and Compliance 13
The AWS Shared Responsibility Model 13
The AWS Service Level Agreement 14
Working with AWS 14
AWS Organizations 14
AWS Control Tower 15
AWS Service Catalog 15
AWS License Manager 16
AWS Artifact 16
The AWS CLI 16
AWS SDKs 17
Technical Support and Online Resources 17
Support Plans 17
Other Support Resources 18
Migrating Existing Resources to AWS 18
AWS Migration Hub 19
AWS Application Migration Service 19
AWS Database Migration Service 19
AWS Application Discovery Service 20
Summary 20
Exam Essentials 21
Review Questions 22
Chapter 2 Compute Services 25
Introduction 26
EC2 Instances 27
Provisioning Your Instance 27
Configuring Instance Behavior 32
Placement Groups 33
Instance Pricing 33
Loading page 16...
xiv Contents
Instance Life Cycle 34
Resource Tags 35
Service Limits 36
EC2 Storage Volumes 36
Elastic Block Store Volumes 36
Instance Store Volumes 38
Accessing Your EC2 Instance 39
Securing Your EC2 Instance 41
Security Groups 41
IAM Roles 41
NAT Devices 42
Key Pairs 42
EC2 Auto Scaling 43
Launch Configurations 43
Launch Templates 43
Auto Scaling Groups 45
Auto Scaling Options 46
AWS Systems Manager 49
Actions 50
Insights 52
AWS Systems Manager Inventory 53
Running Containers 54
Amazon Elastic Container Service 54
Amazon Elastic Kubernetes Service 55
Other Container-Oriented Services 55
AWS CLI Example 56
Summary 57
Exam Essentials 58
Review Questions 60
Chapter 3 AWS Storage 67
Introduction 68
S3 Service Architecture 69
Prefixes and Delimiters 69
Working with Large Objects 69
Encryption 71
Logging 71
S3 Durability and Availability 72
Durability 72
Availability 73
Eventually Consistent Data 73
S3 Object Life Cycle 74
Versioning 74
Life Cycle Management 74
Instance Life Cycle 34
Resource Tags 35
Service Limits 36
EC2 Storage Volumes 36
Elastic Block Store Volumes 36
Instance Store Volumes 38
Accessing Your EC2 Instance 39
Securing Your EC2 Instance 41
Security Groups 41
IAM Roles 41
NAT Devices 42
Key Pairs 42
EC2 Auto Scaling 43
Launch Configurations 43
Launch Templates 43
Auto Scaling Groups 45
Auto Scaling Options 46
AWS Systems Manager 49
Actions 50
Insights 52
AWS Systems Manager Inventory 53
Running Containers 54
Amazon Elastic Container Service 54
Amazon Elastic Kubernetes Service 55
Other Container-Oriented Services 55
AWS CLI Example 56
Summary 57
Exam Essentials 58
Review Questions 60
Chapter 3 AWS Storage 67
Introduction 68
S3 Service Architecture 69
Prefixes and Delimiters 69
Working with Large Objects 69
Encryption 71
Logging 71
S3 Durability and Availability 72
Durability 72
Availability 73
Eventually Consistent Data 73
S3 Object Life Cycle 74
Versioning 74
Life Cycle Management 74
Loading page 17...
Contents xv
Accessing S3 Objects 75
Access Control 75
Presigned URLs 77
Static Website Hosting 77
Amazon S3 Glacier 79
Storage Pricing 80
Other Storage-Related Services 81
Amazon Elastic File System 81
Amazon FSx 81
AWS Storage Gateway 81
AWS Snow Family 82
AWS DataSync 82
AWS CLI Example 83
Summary 84
Exam Essentials 85
Review Questions 86
Chapter 4 Amazon Virtual Private Cloud (VPC) 91
Introduction 92
VPC CIDR Blocks 92
Secondary CIDR Blocks 93
IPv6 CIDR Blocks 93
Subnets 95
Subnet CIDR Blocks 96
Availability Zones 97
IPv6 CIDR Blocks 99
Elastic Network Interfaces 99
Primary and Secondary Private IP Addresses 100
Attaching Elastic Network Interfaces 100
Enhanced Networking 101
Internet Gateways 102
Route Tables 102
Routes 103
The Default Route 104
Security Groups 106
Inbound Rules 106
Outbound Rules 107
Sources and Destinations 108
Stateful Firewall 108
Default Security Group 109
Network Access Control Lists 110
Inbound Rules 110
Outbound Rules 113
Using Network Access Control Lists and Security
Groups Together 114
Accessing S3 Objects 75
Access Control 75
Presigned URLs 77
Static Website Hosting 77
Amazon S3 Glacier 79
Storage Pricing 80
Other Storage-Related Services 81
Amazon Elastic File System 81
Amazon FSx 81
AWS Storage Gateway 81
AWS Snow Family 82
AWS DataSync 82
AWS CLI Example 83
Summary 84
Exam Essentials 85
Review Questions 86
Chapter 4 Amazon Virtual Private Cloud (VPC) 91
Introduction 92
VPC CIDR Blocks 92
Secondary CIDR Blocks 93
IPv6 CIDR Blocks 93
Subnets 95
Subnet CIDR Blocks 96
Availability Zones 97
IPv6 CIDR Blocks 99
Elastic Network Interfaces 99
Primary and Secondary Private IP Addresses 100
Attaching Elastic Network Interfaces 100
Enhanced Networking 101
Internet Gateways 102
Route Tables 102
Routes 103
The Default Route 104
Security Groups 106
Inbound Rules 106
Outbound Rules 107
Sources and Destinations 108
Stateful Firewall 108
Default Security Group 109
Network Access Control Lists 110
Inbound Rules 110
Outbound Rules 113
Using Network Access Control Lists and Security
Groups Together 114
Loading page 18...
xvi Contents
AWS Network Firewall 115
Public IP Addresses 115
Elastic IP Addresses 116
AWS Global Accelerator 118
Network Address Translation 119
Network Address Translation Devices 120
Configuring Route Tables to Use NAT Devices 121
NAT Gateway 121
NAT Instance 122
AWS PrivateLink 123
VPC Peering 123
Hybrid Cloud Networking 124
AWS Site-to-Site VPN 125
AWS Transit Gateway 125
AWS Direct Connect 133
High-Performance Computing 134
Elastic Fabric Adapter 135
AWS ParallelCluster 136
Summary 136
Exam Essentials 137
Review Questions 138
Chapter 5 Database Services 143
Introduction 144
Relational Databases 144
Columns and Attributes 144
Using Multiple Tables 145
Structured Query Language 146
Online Transaction Processing vs. Online Analytic
Processing 147
Amazon Relational Database Service 148
Database Engines 148
Licensing Considerations 149
Database Option Groups 150
Database Instance Classes 150
Storage 151
Read Replicas 154
High Availability (Multi-AZ) 155
Single-Master 156
Multi-Master 157
Backup and Recovery 157
Automated Snapshots 157
Maintenance Items 158
Amazon RDS Proxy 158
Amazon Redshift 159
Compute Nodes 159
Data Distribution Styles 159
AWS Network Firewall 115
Public IP Addresses 115
Elastic IP Addresses 116
AWS Global Accelerator 118
Network Address Translation 119
Network Address Translation Devices 120
Configuring Route Tables to Use NAT Devices 121
NAT Gateway 121
NAT Instance 122
AWS PrivateLink 123
VPC Peering 123
Hybrid Cloud Networking 124
AWS Site-to-Site VPN 125
AWS Transit Gateway 125
AWS Direct Connect 133
High-Performance Computing 134
Elastic Fabric Adapter 135
AWS ParallelCluster 136
Summary 136
Exam Essentials 137
Review Questions 138
Chapter 5 Database Services 143
Introduction 144
Relational Databases 144
Columns and Attributes 144
Using Multiple Tables 145
Structured Query Language 146
Online Transaction Processing vs. Online Analytic
Processing 147
Amazon Relational Database Service 148
Database Engines 148
Licensing Considerations 149
Database Option Groups 150
Database Instance Classes 150
Storage 151
Read Replicas 154
High Availability (Multi-AZ) 155
Single-Master 156
Multi-Master 157
Backup and Recovery 157
Automated Snapshots 157
Maintenance Items 158
Amazon RDS Proxy 158
Amazon Redshift 159
Compute Nodes 159
Data Distribution Styles 159
Loading page 19...
Contents xvii
Redshift Spectrum 160
AWS Database Migration Service 160
Nonrelational (NoSQL) Databases 161
Storing Data 161
Querying Data 161
Types of Nonrelational Databases 162
DynamoDB 162
Partition and Hash Keys 163
Attributes and Items 164
Throughput Capacity 165
Reading Data 167
Global Tables 168
Backups 168
Summary 168
Exam Essentials 169
Review Questions 170
Chapter 6 Authentication and Authorization—AWS
Identity and Access Management 175
Introduction 176
IAM Identities 176
IAM Policies 177
User and Root Accounts 178
Access Keys 180
Groups 181
Roles 182
Authentication Tools 183
Amazon Cognito 183
AWS Managed Microsoft AD 183
AWS Single Sign-On 184
AWS Key Management Service 184
AWS Secrets Manager 184
AWS CloudHSM 185
AWS Resource Access Manager (AWS RAM) 185
AWS CLI Example 185
Summary 187
Exam Essentials 187
Review Questions 189
Chapter 7 CloudTrail, CloudWatch, and AWS Config 193
Introduction 194
CloudTrail 195
Management Events 195
Data Events 196
Event History 196
Redshift Spectrum 160
AWS Database Migration Service 160
Nonrelational (NoSQL) Databases 161
Storing Data 161
Querying Data 161
Types of Nonrelational Databases 162
DynamoDB 162
Partition and Hash Keys 163
Attributes and Items 164
Throughput Capacity 165
Reading Data 167
Global Tables 168
Backups 168
Summary 168
Exam Essentials 169
Review Questions 170
Chapter 6 Authentication and Authorization—AWS
Identity and Access Management 175
Introduction 176
IAM Identities 176
IAM Policies 177
User and Root Accounts 178
Access Keys 180
Groups 181
Roles 182
Authentication Tools 183
Amazon Cognito 183
AWS Managed Microsoft AD 183
AWS Single Sign-On 184
AWS Key Management Service 184
AWS Secrets Manager 184
AWS CloudHSM 185
AWS Resource Access Manager (AWS RAM) 185
AWS CLI Example 185
Summary 187
Exam Essentials 187
Review Questions 189
Chapter 7 CloudTrail, CloudWatch, and AWS Config 193
Introduction 194
CloudTrail 195
Management Events 195
Data Events 196
Event History 196
Loading page 20...
xviii Contents
Trails 196
Log File Integrity Validation 198
CloudWatch 199
CloudWatch Metrics 200
Graphing Metrics 201
Metric Math 203
CloudWatch Logs 205
CloudWatch Alarms 208
Amazon EventBridge 211
AWS Config 212
The Configuration Recorder 213
Configuration Items 213
Configuration History 213
Configuration Snapshots 213
Monitoring Changes 214
Summary 216
Exam Essentials 216
Review Questions 218
Chapter 8 The Domain Name System and Network Routing:
Amazon Route 53 and Amazon CloudFront 223
Introduction 224
The Domain Name System 224
Namespaces 225
Name Servers 225
Domains and Domain Names 226
Domain Registration 226
Domain Layers 226
Fully Qualified Domain Names 227
Zones and Zone Files 227
Record Types 227
Alias Records 228
Amazon Route 53 228
Domain Registration 229
DNS Management 229
Availability Monitoring 231
Routing Policies 232
Traffic Flow 234
Route 53 Resolver 234
Amazon CloudFront 235
AWS CLI Example 237
Summary 238
Exam Essentials 238
Review Questions 239
Trails 196
Log File Integrity Validation 198
CloudWatch 199
CloudWatch Metrics 200
Graphing Metrics 201
Metric Math 203
CloudWatch Logs 205
CloudWatch Alarms 208
Amazon EventBridge 211
AWS Config 212
The Configuration Recorder 213
Configuration Items 213
Configuration History 213
Configuration Snapshots 213
Monitoring Changes 214
Summary 216
Exam Essentials 216
Review Questions 218
Chapter 8 The Domain Name System and Network Routing:
Amazon Route 53 and Amazon CloudFront 223
Introduction 224
The Domain Name System 224
Namespaces 225
Name Servers 225
Domains and Domain Names 226
Domain Registration 226
Domain Layers 226
Fully Qualified Domain Names 227
Zones and Zone Files 227
Record Types 227
Alias Records 228
Amazon Route 53 228
Domain Registration 229
DNS Management 229
Availability Monitoring 231
Routing Policies 232
Traffic Flow 234
Route 53 Resolver 234
Amazon CloudFront 235
AWS CLI Example 237
Summary 238
Exam Essentials 238
Review Questions 239
Loading page 21...
Contents xix
Chapter 9 Data Ingestion, Transformation, and Analytics 243
Introduction 244
AWS Lake Formation 244
Ingestion 245
Transformation 245
Analytics 245
AWS Transfer Family 246
Kinesis 246
Kinesis Video Streams 246
Kinesis Data Streams 247
Kinesis Data Firehose 248
Kinesis Data Firehose vs. Kinesis Data Streams 248
Summary 249
Exam Essentials 249
Review Questions 250
Part II Architecting for Requirements 255
Chapter 10 Resilient Architectures 257
Introduction 258
Calculating Availability 258
Availability Differences in Traditional vs.
Cloud-Native Applications 259
Know Your Limits 262
Increasing Availability 262
EC2 Auto Scaling 263
Launch Configurations 263
Launch Templates 263
Auto Scaling Groups 265
Auto Scaling Options 266
Data Backup and Recovery 270
S3 270
Elastic File System 271
Elastic Block Storage 271
Database Resiliency 271
Creating a Resilient Network 272
VPC Design Considerations 272
External Connectivity 273
Simple Queue Service 273
Queues 274
Queue Types 275
Polling 276
Dead-Letter Queues 276
Designing for Availability 276
Designing for 99 Percent Availability 277
Chapter 9 Data Ingestion, Transformation, and Analytics 243
Introduction 244
AWS Lake Formation 244
Ingestion 245
Transformation 245
Analytics 245
AWS Transfer Family 246
Kinesis 246
Kinesis Video Streams 246
Kinesis Data Streams 247
Kinesis Data Firehose 248
Kinesis Data Firehose vs. Kinesis Data Streams 248
Summary 249
Exam Essentials 249
Review Questions 250
Part II Architecting for Requirements 255
Chapter 10 Resilient Architectures 257
Introduction 258
Calculating Availability 258
Availability Differences in Traditional vs.
Cloud-Native Applications 259
Know Your Limits 262
Increasing Availability 262
EC2 Auto Scaling 263
Launch Configurations 263
Launch Templates 263
Auto Scaling Groups 265
Auto Scaling Options 266
Data Backup and Recovery 270
S3 270
Elastic File System 271
Elastic Block Storage 271
Database Resiliency 271
Creating a Resilient Network 272
VPC Design Considerations 272
External Connectivity 273
Simple Queue Service 273
Queues 274
Queue Types 275
Polling 276
Dead-Letter Queues 276
Designing for Availability 276
Designing for 99 Percent Availability 277
Loading page 22...
xx Contents
Designing for 99.9 Percent Availability 278
Designing for 99.99 Percent Availability 279
Summary 280
Exam Essentials 281
Review Questions 282
Chapter 11 High-Performing Architectures 289
Introduction 290
Optimizing Performance for the Core AWS Services 290
Compute 291
Storage 295
Database 298
Network Optimization and Load Balancing 299
Infrastructure Automation 302
CloudFormation 302
Third-Party Automation Solutions 309
Reviewing and Optimizing Infrastructure Configurations 310
AWS Well-Architected Tool 311
Load Testing 311
Visualization 312
Optimizing Data Operations 313
Caching 313
Partitioning/Sharding 315
Compression 315
Summary 316
Exam Essentials 316
Review Questions 318
Chapter 12 Secure Architectures 323
Introduction 324
Identity and Access Management 324
Protecting AWS Credentials 325
Fine-Grained Authorization 325
Permissions Boundaries 327
Roles 328
Enforcing Service-Level Protection 334
Detective Controls 335
CloudTrail 335
CloudWatch Logs 335
Searching Logs with Athena 336
Auditing Resource Configurations with AWS Config 338
Amazon GuardDuty 339
Amazon Inspector 342
Amazon Detective 343
Security Hub 344
Amazon Fraud Detector 344
AWS Audit Manager 344
Designing for 99.9 Percent Availability 278
Designing for 99.99 Percent Availability 279
Summary 280
Exam Essentials 281
Review Questions 282
Chapter 11 High-Performing Architectures 289
Introduction 290
Optimizing Performance for the Core AWS Services 290
Compute 291
Storage 295
Database 298
Network Optimization and Load Balancing 299
Infrastructure Automation 302
CloudFormation 302
Third-Party Automation Solutions 309
Reviewing and Optimizing Infrastructure Configurations 310
AWS Well-Architected Tool 311
Load Testing 311
Visualization 312
Optimizing Data Operations 313
Caching 313
Partitioning/Sharding 315
Compression 315
Summary 316
Exam Essentials 316
Review Questions 318
Chapter 12 Secure Architectures 323
Introduction 324
Identity and Access Management 324
Protecting AWS Credentials 325
Fine-Grained Authorization 325
Permissions Boundaries 327
Roles 328
Enforcing Service-Level Protection 334
Detective Controls 335
CloudTrail 335
CloudWatch Logs 335
Searching Logs with Athena 336
Auditing Resource Configurations with AWS Config 338
Amazon GuardDuty 339
Amazon Inspector 342
Amazon Detective 343
Security Hub 344
Amazon Fraud Detector 344
AWS Audit Manager 344
Loading page 23...
Contents xxi
Protecting Network Boundaries 344
Network Access Control Lists and Security Groups 345
AWS Web Application Firewall 345
AWS Shield 345
AWS Firewall Manager 346
Data Encryption 346
Data at Rest 346
Data in Transit 348
Macie 349
Summary 349
Exam Essentials 350
Review Questions 351
Chapter 13 Cost-Optimized Architectures 357
Introduction 358
Planning, Tracking, and Controlling Costs 358
AWS Budgets 359
Monitoring Tools 360
AWS Trusted Advisor 361
Online Calculator Tools 362
Cost-Optimizing Compute 363
Maximizing Server Density 364
EC2 Reserved Instances 364
EC2 Spot Instances 365
Auto Scaling 368
Elastic Block Store Lifecycle Manager 368
Summary 368
Exam Essentials 369
Review Questions 370
Appendix A Answers to Review Questions 375
Chapter 1: Introduction to Cloud Computing and AWS 376
Chapter 2: Compute Services 377
Chapter 3: AWS Storage 380
Chapter 4: Amazon Virtual Private Cloud (VPC) 381
Chapter 5: Database Services 383
Chapter 6: Authentication and Authorization— AWS
Identity and Access Management 386
Chapter 7: CloudTrail, CloudWatch, and AWS Config 388
Chapter 8: The Domain Name System and Network
Routing: Amazon Route 53 and Amazon CloudFront 390
Chapter 9: Data Ingestion, Transformation, and Analytics 392
Chapter 10: Resilient Architectures 393
Chapter11: High- Performing Architectures 397
Chapter 12: Secure Architectures 399
Chapter13: Cost- Optimized Architectures 401
Protecting Network Boundaries 344
Network Access Control Lists and Security Groups 345
AWS Web Application Firewall 345
AWS Shield 345
AWS Firewall Manager 346
Data Encryption 346
Data at Rest 346
Data in Transit 348
Macie 349
Summary 349
Exam Essentials 350
Review Questions 351
Chapter 13 Cost-Optimized Architectures 357
Introduction 358
Planning, Tracking, and Controlling Costs 358
AWS Budgets 359
Monitoring Tools 360
AWS Trusted Advisor 361
Online Calculator Tools 362
Cost-Optimizing Compute 363
Maximizing Server Density 364
EC2 Reserved Instances 364
EC2 Spot Instances 365
Auto Scaling 368
Elastic Block Store Lifecycle Manager 368
Summary 368
Exam Essentials 369
Review Questions 370
Appendix A Answers to Review Questions 375
Chapter 1: Introduction to Cloud Computing and AWS 376
Chapter 2: Compute Services 377
Chapter 3: AWS Storage 380
Chapter 4: Amazon Virtual Private Cloud (VPC) 381
Chapter 5: Database Services 383
Chapter 6: Authentication and Authorization— AWS
Identity and Access Management 386
Chapter 7: CloudTrail, CloudWatch, and AWS Config 388
Chapter 8: The Domain Name System and Network
Routing: Amazon Route 53 and Amazon CloudFront 390
Chapter 9: Data Ingestion, Transformation, and Analytics 392
Chapter 10: Resilient Architectures 393
Chapter11: High- Performing Architectures 397
Chapter 12: Secure Architectures 399
Chapter13: Cost- Optimized Architectures 401
Loading page 24...
xxii Contents
Appendix B Additional Services 405
Deployment Tools 406
AWS Amplify 406
AWS Serverless Application Repository 406
AWS Proton 407
Developer Tools 407
Amazon API Gateway 407
AWS Device Farm 407
AWS Step Functions 407
Infrastructure Tools 408
AWS Outposts 408
AWS Wavelength 408
VMware Cloud on AWS 408
Connectivity Tools 409
Amazon Pinpoint 409
AWS Transfer Family 409
AWS AppSync 409
Database Tools 410
Amazon DocumentDB (with MongoDB Compatibility) 410
Amazon Keyspaces (for Apache Cassandra) 410
Amazon Quantum Ledger Database (QLDB) 410
Data Streaming Tools 410
Amazon Managed Streaming for Apache Kafka (MSK) 410
Amazon MQ 411
AWS Data Exchange 411
Amazon Timestream 411
AWS Data Pipeline 411
Amazon AppFlow 411
Machine Learning and Artificial Intelligence 412
Amazon Comprehend 412
Amazon Forecast 412
Amazon Lex 412
Amazon Polly 412
Amazon Rekognition 413
Amazon Textract 413
Amazon Transcribe 413
Amazon Translate 413
Other Tools 413
AWS Batch 413
AWS X-Ray 414
Amazon Kendra 414
Amazon OpenSearch Service (Amazon Elasticsearch
Service) 414
Amazon Managed Grafana 414
Amazon Managed Service for Prometheus 415
Index 417
Appendix B Additional Services 405
Deployment Tools 406
AWS Amplify 406
AWS Serverless Application Repository 406
AWS Proton 407
Developer Tools 407
Amazon API Gateway 407
AWS Device Farm 407
AWS Step Functions 407
Infrastructure Tools 408
AWS Outposts 408
AWS Wavelength 408
VMware Cloud on AWS 408
Connectivity Tools 409
Amazon Pinpoint 409
AWS Transfer Family 409
AWS AppSync 409
Database Tools 410
Amazon DocumentDB (with MongoDB Compatibility) 410
Amazon Keyspaces (for Apache Cassandra) 410
Amazon Quantum Ledger Database (QLDB) 410
Data Streaming Tools 410
Amazon Managed Streaming for Apache Kafka (MSK) 410
Amazon MQ 411
AWS Data Exchange 411
Amazon Timestream 411
AWS Data Pipeline 411
Amazon AppFlow 411
Machine Learning and Artificial Intelligence 412
Amazon Comprehend 412
Amazon Forecast 412
Amazon Lex 412
Amazon Polly 412
Amazon Rekognition 413
Amazon Textract 413
Amazon Transcribe 413
Amazon Translate 413
Other Tools 413
AWS Batch 413
AWS X-Ray 414
Amazon Kendra 414
Amazon OpenSearch Service (Amazon Elasticsearch
Service) 414
Amazon Managed Grafana 414
Amazon Managed Service for Prometheus 415
Index 417
Loading page 25...
Table of Exercises
Exercise 1.1 Use the AWS CLI 17
Exercise 2.1 Launch an EC2 Linux Instance and Log In Using SSH 31
Exercise 2.2 Assess the Free Capacity of a Running Instance and Change Its
Instance Type 32
Exercise 2.3 Assess Which Pricing Model Will Best Meet the Needs of a Deployment 34
Exercise 2.4 Create and Launch an AMI Based on an Existing Instance Storage
Volume 38
Exercise 2.5 Create a Launch Template 44
Exercise 2.6 Install the AWS CLI and Use It to Launch an EC2 Instance 56
Exercise 2.7 Clean Up Unused EC2 Resources 57
Exercise 3.1 Create a New S3 Bucket and Upload a File 70
Exercise 3.2 Enable Versioning and Life Cycle Management for an S3 Bucket 75
Exercise 3.3 Generate and Use a Presigned URL 77
Exercise 3.4 Enable Static Website Hosting for an S3 Bucket 78
Exercise 3.5 Calculate the Total Life Cycle Costs for Your Data 80
Exercise 4.1 Create a New VPC 94
Exercise 4.2 Create a New Subnet 98
Exercise 4.3 Create and Attach a Primary ENI 100
Exercise 4.4 Create an Internet Gateway and Default Route 104
Exercise 4.5 Create a Custom Security Group 109
Exercise 4.6 Create an Inbound Rule to Allow Remote Access from Any IP Address 112
Exercise 4.7 Allocate and Use an Elastic IP Address 116
Exercise 4.8 Create a Transit Gateway 127
Exercise 4.9 Create a Blackhole Route 132
Exercise 5.1 Create an RDS Database Instance 153
Exercise 5.2 Create a Read Replica 155
Exercise 5.3 Promote the Read Replica to a Master 155
Exercise 5.4 Create a Table in DynamoDB Using Provisioned Mode 166
Exercise 6.1 Lock Down the Root User 178
Exercise 6.2 Assign and Implement an IAM Policy 179
Exercise 6.3 Create, Use, and Delete an AWS Access Key 181
Exercise 6.4 Create and Configure an IAM Group 182
Exercise 7.1 Create a Trail 197
Exercise 1.1 Use the AWS CLI 17
Exercise 2.1 Launch an EC2 Linux Instance and Log In Using SSH 31
Exercise 2.2 Assess the Free Capacity of a Running Instance and Change Its
Instance Type 32
Exercise 2.3 Assess Which Pricing Model Will Best Meet the Needs of a Deployment 34
Exercise 2.4 Create and Launch an AMI Based on an Existing Instance Storage
Volume 38
Exercise 2.5 Create a Launch Template 44
Exercise 2.6 Install the AWS CLI and Use It to Launch an EC2 Instance 56
Exercise 2.7 Clean Up Unused EC2 Resources 57
Exercise 3.1 Create a New S3 Bucket and Upload a File 70
Exercise 3.2 Enable Versioning and Life Cycle Management for an S3 Bucket 75
Exercise 3.3 Generate and Use a Presigned URL 77
Exercise 3.4 Enable Static Website Hosting for an S3 Bucket 78
Exercise 3.5 Calculate the Total Life Cycle Costs for Your Data 80
Exercise 4.1 Create a New VPC 94
Exercise 4.2 Create a New Subnet 98
Exercise 4.3 Create and Attach a Primary ENI 100
Exercise 4.4 Create an Internet Gateway and Default Route 104
Exercise 4.5 Create a Custom Security Group 109
Exercise 4.6 Create an Inbound Rule to Allow Remote Access from Any IP Address 112
Exercise 4.7 Allocate and Use an Elastic IP Address 116
Exercise 4.8 Create a Transit Gateway 127
Exercise 4.9 Create a Blackhole Route 132
Exercise 5.1 Create an RDS Database Instance 153
Exercise 5.2 Create a Read Replica 155
Exercise 5.3 Promote the Read Replica to a Master 155
Exercise 5.4 Create a Table in DynamoDB Using Provisioned Mode 166
Exercise 6.1 Lock Down the Root User 178
Exercise 6.2 Assign and Implement an IAM Policy 179
Exercise 6.3 Create, Use, and Delete an AWS Access Key 181
Exercise 6.4 Create and Configure an IAM Group 182
Exercise 7.1 Create a Trail 197
Loading page 26...
xxiv Table of Exercises
Exercise 7.2 Create a Graph Using Metric Math 204
Exercise 7.3 Deliver CloudTrail Logs to CloudWatch Logs 207
Exercise 8.1 Create a Hosted Zone on Route 53 for an EC2 Web Server 230
Exercise 8.2 Set Up a Health Check 231
Exercise 8.3 Configure a Route 53 Routing Policy 233
Exercise 8.4 Create a CloudFront Distribution for Your S3-Based Static Website 236
Exercise 10.1 Create a Launch Template 264
Exercise 11.1 Configure and Launch an Application Using Auto Scaling 293
Exercise 11.2 Sync Two S3 Buckets as Cross-Region Replicas 296
Exercise 11.3 Upload to an S3 Bucket Using Transfer Acceleration 297
Exercise 11.4 Create and Deploy an EC2 Load Balancer 301
Exercise 11.5 Create a Nested Stack 305
Exercise 11.6 Create a CloudWatch Dashboard 312
Exercise 12.1 Create a Limited Administrative User 327
Exercise 12.2 Create and Assume a Role as an IAM User 333
Exercise 12.3 Configure VPC Flow Logging 336
Exercise 12.4 Encrypt an EBS Volume 347
Exercise 13.1 Create an AWS Budget to Send an Alert 360
Exercise 13.2 Build Your Own Stack in Simple Monthly Calculator 363
Exercise 13.3 Request a Spot Fleet Using the AWS CLI 366
Exercise 7.2 Create a Graph Using Metric Math 204
Exercise 7.3 Deliver CloudTrail Logs to CloudWatch Logs 207
Exercise 8.1 Create a Hosted Zone on Route 53 for an EC2 Web Server 230
Exercise 8.2 Set Up a Health Check 231
Exercise 8.3 Configure a Route 53 Routing Policy 233
Exercise 8.4 Create a CloudFront Distribution for Your S3-Based Static Website 236
Exercise 10.1 Create a Launch Template 264
Exercise 11.1 Configure and Launch an Application Using Auto Scaling 293
Exercise 11.2 Sync Two S3 Buckets as Cross-Region Replicas 296
Exercise 11.3 Upload to an S3 Bucket Using Transfer Acceleration 297
Exercise 11.4 Create and Deploy an EC2 Load Balancer 301
Exercise 11.5 Create a Nested Stack 305
Exercise 11.6 Create a CloudWatch Dashboard 312
Exercise 12.1 Create a Limited Administrative User 327
Exercise 12.2 Create and Assume a Role as an IAM User 333
Exercise 12.3 Configure VPC Flow Logging 336
Exercise 12.4 Encrypt an EBS Volume 347
Exercise 13.1 Create an AWS Budget to Send an Alert 360
Exercise 13.2 Build Your Own Stack in Simple Monthly Calculator 363
Exercise 13.3 Request a Spot Fleet Using the AWS CLI 366
Loading page 27...
Introduction
Studying for any certification always involves deciding how much of your studying should
be practical hands-on experience and how much should be simply memorizing facts and fig-
ures. Between the two of us, we’ve taken dozens of IT certification exams, so we know how
important it is to use your study time wisely. We’ve designed this book to help you discover
your strengths and weaknesses on the AWS platform so that you can focus your efforts prop-
erly. Whether you’ve been working with AWS for a long time or whether you’re relatively
new to it, we encourage you to carefully read this book from cover to cover.
Passing the AWS Certified Solutions Architect – Associate exam requires understanding
the components and operation of the core AWS services as well as how those services
interact with each other. Read through the official documentation for the various AWS ser-
vices. Amazon offers HTML, PDF, and Kindle documentation for many of them. Use this
book as a guide to help you identify your strengths and weaknesses so that you can focus
your study efforts properly.
You should have at least six months of hands-on experience with AWS before taking the
AWS Certified Solutions Architect – Associate exam. If you’re relatively new to AWS, we
strongly recommend our own AWS Certified Cloud Practitioner Study Guide: CLF-C01
Exam (Author Sybex, 2019) as a primer.
Even though this book is designed specifically for the AWS Certified Solutions Architect –
Associate exam, some of your fellow readers have found it useful for preparing for the
SysOps Administrator and DevOps Engineer exams.
Hands-on experience is crucial for exam success. Each chapter in this study guide con-
tains hands-on exercises that you should strive to complete during or immediately after you
read the chapter. It’s vital to understand that the exercises don’t cover every possible sce-
nario for every AWS service. In fact, it’s quite the opposite. The exercises provide you with
a foundation to build on. Use them as your starting point, but don’t be afraid to venture
out on your own. Feel free to modify them to match the variables and scenarios you might
encounter in your own organization. Keep in mind that some of the exercises and figures
use the AWS Web Console, which is in constant flux. As such, screenshots and step-by-step
details of exercises may change. Use these eventualities as excuses to dig into the AWS online
documentation and browse around the Web Console on your own. Also remember that
although you can complete many of the exercises within the bounds of the AWS Free Tier,
getting enough practice to pass the exam will likely require you to spend some money. But
it’s money well spent, as getting certified is an investment in your career and your future.
Each chapter contains review questions to thoroughly test your understanding of the
services and concepts covered in that chapter. They also test your ability to integrate the
concepts with information from preceding chapters. Although the difficulty of the ques-
tions varies, rest assured that they are not “fluff.” We’ve designed the questions to help you
realistically gauge your understanding and readiness for the exam. Avoid the temptation to
rush through the questions to just get to the answers. Once you complete the assessment in
each chapter, referring to the answer key will give you not only the correct answers but a
Studying for any certification always involves deciding how much of your studying should
be practical hands-on experience and how much should be simply memorizing facts and fig-
ures. Between the two of us, we’ve taken dozens of IT certification exams, so we know how
important it is to use your study time wisely. We’ve designed this book to help you discover
your strengths and weaknesses on the AWS platform so that you can focus your efforts prop-
erly. Whether you’ve been working with AWS for a long time or whether you’re relatively
new to it, we encourage you to carefully read this book from cover to cover.
Passing the AWS Certified Solutions Architect – Associate exam requires understanding
the components and operation of the core AWS services as well as how those services
interact with each other. Read through the official documentation for the various AWS ser-
vices. Amazon offers HTML, PDF, and Kindle documentation for many of them. Use this
book as a guide to help you identify your strengths and weaknesses so that you can focus
your study efforts properly.
You should have at least six months of hands-on experience with AWS before taking the
AWS Certified Solutions Architect – Associate exam. If you’re relatively new to AWS, we
strongly recommend our own AWS Certified Cloud Practitioner Study Guide: CLF-C01
Exam (Author Sybex, 2019) as a primer.
Even though this book is designed specifically for the AWS Certified Solutions Architect –
Associate exam, some of your fellow readers have found it useful for preparing for the
SysOps Administrator and DevOps Engineer exams.
Hands-on experience is crucial for exam success. Each chapter in this study guide con-
tains hands-on exercises that you should strive to complete during or immediately after you
read the chapter. It’s vital to understand that the exercises don’t cover every possible sce-
nario for every AWS service. In fact, it’s quite the opposite. The exercises provide you with
a foundation to build on. Use them as your starting point, but don’t be afraid to venture
out on your own. Feel free to modify them to match the variables and scenarios you might
encounter in your own organization. Keep in mind that some of the exercises and figures
use the AWS Web Console, which is in constant flux. As such, screenshots and step-by-step
details of exercises may change. Use these eventualities as excuses to dig into the AWS online
documentation and browse around the Web Console on your own. Also remember that
although you can complete many of the exercises within the bounds of the AWS Free Tier,
getting enough practice to pass the exam will likely require you to spend some money. But
it’s money well spent, as getting certified is an investment in your career and your future.
Each chapter contains review questions to thoroughly test your understanding of the
services and concepts covered in that chapter. They also test your ability to integrate the
concepts with information from preceding chapters. Although the difficulty of the ques-
tions varies, rest assured that they are not “fluff.” We’ve designed the questions to help you
realistically gauge your understanding and readiness for the exam. Avoid the temptation to
rush through the questions to just get to the answers. Once you complete the assessment in
each chapter, referring to the answer key will give you not only the correct answers but a
Loading page 28...
xxvi Introduction
detailed explanation as to why they’re correct. It will also explain why the other answers are
incorrect.
The book also contains a self-assessment exam with 39 questions, two practice exams
with 50 questions each to help you gauge your readiness to take the exam, and flashcards to
help you learn and retain key facts needed to prepare for the exam.
This AWS Certified Solutions Architect Study Guide: Associate SAA-C03 Exam,
Fourth Edition is divided into two parts: “The Core AWS Services” and “Architecting for
Requirements.”
Part I, “The Core AWS Services”
The first part of the book dives deep into each of the core AWS services. These services
include ones you probably already have at least a passing familiarity with: Elastic Compute
Cloud (EC2), virtual private cloud (VPC), Identity and Access Management (IAM), Route
53, and Simple Storage Service (S3), to name just a few.
Some AWS services seem to serve similar or even nearly identical purposes. You’ll learn
about the subtle but important differences between seemingly similar services and, most
importantly, when to use each.
Part II, “Architecting for Requirements”
The second part of the book is a set of best practices and principles aimed at helping you
design, implement, and operate systems in the cloud. Part II focuses on the following four
pillars of good design:
■ Resilient architectures
■ High-performing architectures
■ Secure architectures
■ Cost-optimized architectures
Each chapter of Part II revisits the core AWS services in light of a different pillar. Also,
because not every AWS service is large enough to warrant its own chapter, Part II simulta-
neously introduces other services that, although less well known, may still show up on the
exam. Appendix B, “Additional Services,” contains brief descriptions of many smaller ser-
vices that don’t fit easily elsewhere in the book.
Achieving the right balance among these pillars is a key skill you need to develop as
a solutions architect. Prior to beginning Part II, we encourage you to peruse the Well-
Architected Framework white paper, which is available for download at https://docs
.aws.amazon.com/wellarchitected/latest/framework/welcome.html.
detailed explanation as to why they’re correct. It will also explain why the other answers are
incorrect.
The book also contains a self-assessment exam with 39 questions, two practice exams
with 50 questions each to help you gauge your readiness to take the exam, and flashcards to
help you learn and retain key facts needed to prepare for the exam.
This AWS Certified Solutions Architect Study Guide: Associate SAA-C03 Exam,
Fourth Edition is divided into two parts: “The Core AWS Services” and “Architecting for
Requirements.”
Part I, “The Core AWS Services”
The first part of the book dives deep into each of the core AWS services. These services
include ones you probably already have at least a passing familiarity with: Elastic Compute
Cloud (EC2), virtual private cloud (VPC), Identity and Access Management (IAM), Route
53, and Simple Storage Service (S3), to name just a few.
Some AWS services seem to serve similar or even nearly identical purposes. You’ll learn
about the subtle but important differences between seemingly similar services and, most
importantly, when to use each.
Part II, “Architecting for Requirements”
The second part of the book is a set of best practices and principles aimed at helping you
design, implement, and operate systems in the cloud. Part II focuses on the following four
pillars of good design:
■ Resilient architectures
■ High-performing architectures
■ Secure architectures
■ Cost-optimized architectures
Each chapter of Part II revisits the core AWS services in light of a different pillar. Also,
because not every AWS service is large enough to warrant its own chapter, Part II simulta-
neously introduces other services that, although less well known, may still show up on the
exam. Appendix B, “Additional Services,” contains brief descriptions of many smaller ser-
vices that don’t fit easily elsewhere in the book.
Achieving the right balance among these pillars is a key skill you need to develop as
a solutions architect. Prior to beginning Part II, we encourage you to peruse the Well-
Architected Framework white paper, which is available for download at https://docs
.aws.amazon.com/wellarchitected/latest/framework/welcome.html.
Loading page 29...
Introduction xxvii
What Does This Book Cover?
This book covers topics you need to know to prepare for the Amazon Web Services (AWS)
Certified Solutions Architect – Associate exam:
Chapter 1: Introduction to Cloud Computing and AWS This chapter provides an over-
view of the AWS Cloud computing platform and its core services and concepts.
Chapter 2: Compute Services This chapter covers EC2 instances—the virtual machines
that you can use to run Linux and Windows workloads on AWS. It also covers the
Elastic Block Store service that EC2 instances depend on for persistent data storage.
Chapter 3: AWS Storage In this chapter, you’ll learn about Simple Storage Service (S3)
and Glacier, which provide unlimited data storage and retrieval for AWS services, your
applications, and the Internet. You’ll also discover the Snowball family of physical appli-
ances you can use to transfer very large volumes of data to and from your AWS account.
Chapter 4: Amazon Virtual Private Cloud (VPC) This chapter explains Amazon Virtual
Private Cloud (Amazon VPC), a virtual network that contains network resources for
AWS services.
Chapter 5: Database Services In this chapter, you will learn about some different
managed database services offered by AWS, including Relational Database Service
(RDS), DynamoDB, and Redshift.
Chapter 6: Authentication and Authorization—AWS Identity and Access Management
This chapter covers AWS Identity and Access Management (IAM), which provides the
primary means for protecting the AWS resources in your account.
Chapter 7: CloudTrail, CloudWatch, and AWS Config In this chapter, you’ll learn how
to log, monitor, and audit your AWS resources.
Chapter 8: The Domain Name System and Network Routing: Amazon Route 53 and
Amazon CloudFront This chapter focuses on the Domain Name System (DNS) and
Route 53, the service that provides public and private DNS hosting for both internal
AWS resources and the Internet. It also covers CloudFront, Amazon’s global content
delivery network.
Chapter 9: Data Ingestion, Transformation, and Analytics Data comes in many shapes
and sizes, and the more data you have, the more unwieldy it becomes. This chapter
explains how AWS can help you ingest, transform, and analyze data at scale.
Chapter 10: Resilient Architectures This chapter will show you how to architect and
integrate AWS services to achieve a high level of reliability for your applications. You’ll
learn how to plan around and recover from inevitable outages to keep your systems up
and running. You’ll also learn how Simple Queue Service (SQS) fits into the picture.
What Does This Book Cover?
This book covers topics you need to know to prepare for the Amazon Web Services (AWS)
Certified Solutions Architect – Associate exam:
Chapter 1: Introduction to Cloud Computing and AWS This chapter provides an over-
view of the AWS Cloud computing platform and its core services and concepts.
Chapter 2: Compute Services This chapter covers EC2 instances—the virtual machines
that you can use to run Linux and Windows workloads on AWS. It also covers the
Elastic Block Store service that EC2 instances depend on for persistent data storage.
Chapter 3: AWS Storage In this chapter, you’ll learn about Simple Storage Service (S3)
and Glacier, which provide unlimited data storage and retrieval for AWS services, your
applications, and the Internet. You’ll also discover the Snowball family of physical appli-
ances you can use to transfer very large volumes of data to and from your AWS account.
Chapter 4: Amazon Virtual Private Cloud (VPC) This chapter explains Amazon Virtual
Private Cloud (Amazon VPC), a virtual network that contains network resources for
AWS services.
Chapter 5: Database Services In this chapter, you will learn about some different
managed database services offered by AWS, including Relational Database Service
(RDS), DynamoDB, and Redshift.
Chapter 6: Authentication and Authorization—AWS Identity and Access Management
This chapter covers AWS Identity and Access Management (IAM), which provides the
primary means for protecting the AWS resources in your account.
Chapter 7: CloudTrail, CloudWatch, and AWS Config In this chapter, you’ll learn how
to log, monitor, and audit your AWS resources.
Chapter 8: The Domain Name System and Network Routing: Amazon Route 53 and
Amazon CloudFront This chapter focuses on the Domain Name System (DNS) and
Route 53, the service that provides public and private DNS hosting for both internal
AWS resources and the Internet. It also covers CloudFront, Amazon’s global content
delivery network.
Chapter 9: Data Ingestion, Transformation, and Analytics Data comes in many shapes
and sizes, and the more data you have, the more unwieldy it becomes. This chapter
explains how AWS can help you ingest, transform, and analyze data at scale.
Chapter 10: Resilient Architectures This chapter will show you how to architect and
integrate AWS services to achieve a high level of reliability for your applications. You’ll
learn how to plan around and recover from inevitable outages to keep your systems up
and running. You’ll also learn how Simple Queue Service (SQS) fits into the picture.
Loading page 30...
xxviii Introduction
Chapter 11: High- Performing Architectures This chapter covers how to build highly
performing systems and use the AWS elastic infrastructure to rapidly scale up and out to
meet peak demand.
Chapter 12: Secure Architectures In this chapter, you’ll learn how to use encryption and
security controls to protect the confidentiality, integrity, and availability of your data
and systems on AWS. You’ll also learn about the various security services such as
GuardDuty, Inspector, Shield, and Web Application Firewall.
Chapter 13: Cost- Optimized Architectures This chapter will show you how to estimate
and control your costs in the cloud.
Interactive Online Learning
Environment and Test Bank
The authors have worked hard to provide some really great tools to help you with your
certification process. The interactive online learning environment that accompanies the
AWS Certified Solutions Architect Study Guide: Associate SAA-C03 Exam, Fourth Edition
provides a test bank with study tools to help you prepare for the certification exam—and
increase your chances of passing it the first time! The test bank includes the following:
Sample Tests We’ve included many knowledge-testing questions, including the
assessment test at the end of this Introduction and the chapter tests that include the
review questions at the end of each chapter. In addition, there are five practice exams
with 50 questions each. Use these questions to test your knowledge of the study guide
material. The online test bank runs on multiple devices.
Flashcards The online text banks include 100 flashcards specifically written to hit you
hard, so don’t get discouraged if you don’t ace your way through them at first. They’re
there to ensure that you’re really ready for the exam. And no worries—armed with the
review questions, practice exams, and flashcards, you’ll be more than prepared when
exam day comes. Questions are provided in digital flashcard format (a question fol-
lowed by a single correct answer). You can use the flashcards to reinforce your learning
and provide last-minute test prep before the exam.
Resources You’ll find some AWS CLI and other code examples from the book for you
to cut and paste for use in your own environment. A glossary of key terms from this
book is also available as a fully searchable PDF.
Chapter 11: High- Performing Architectures This chapter covers how to build highly
performing systems and use the AWS elastic infrastructure to rapidly scale up and out to
meet peak demand.
Chapter 12: Secure Architectures In this chapter, you’ll learn how to use encryption and
security controls to protect the confidentiality, integrity, and availability of your data
and systems on AWS. You’ll also learn about the various security services such as
GuardDuty, Inspector, Shield, and Web Application Firewall.
Chapter 13: Cost- Optimized Architectures This chapter will show you how to estimate
and control your costs in the cloud.
Interactive Online Learning
Environment and Test Bank
The authors have worked hard to provide some really great tools to help you with your
certification process. The interactive online learning environment that accompanies the
AWS Certified Solutions Architect Study Guide: Associate SAA-C03 Exam, Fourth Edition
provides a test bank with study tools to help you prepare for the certification exam—and
increase your chances of passing it the first time! The test bank includes the following:
Sample Tests We’ve included many knowledge-testing questions, including the
assessment test at the end of this Introduction and the chapter tests that include the
review questions at the end of each chapter. In addition, there are five practice exams
with 50 questions each. Use these questions to test your knowledge of the study guide
material. The online test bank runs on multiple devices.
Flashcards The online text banks include 100 flashcards specifically written to hit you
hard, so don’t get discouraged if you don’t ace your way through them at first. They’re
there to ensure that you’re really ready for the exam. And no worries—armed with the
review questions, practice exams, and flashcards, you’ll be more than prepared when
exam day comes. Questions are provided in digital flashcard format (a question fol-
lowed by a single correct answer). You can use the flashcards to reinforce your learning
and provide last-minute test prep before the exam.
Resources You’ll find some AWS CLI and other code examples from the book for you
to cut and paste for use in your own environment. A glossary of key terms from this
book is also available as a fully searchable PDF.
Loading page 31...
28 more pages available. Scroll down to load them.
Preview Mode
Sign in to access the full document!
100%
Study Now!
XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
AI Assistant
Document Details
Subject
AWS Certification