Study Guide
AWS Certified Solutions Architect Associate
Created By: Carol Valencia, Teaching Assistant
Module 1: Introduction
Lesson 1.1: Introduction
Skills Learned From This Lesson: Learn Prerequisites, Overview AWS, Material to Exam
preparation
● AWS Services: IAM, EC2, EBS
● Exam preparation: aws whitepapers, aws articles
● The AWS certified Cloud practitioner help us to introduce the AWS basics
● Overview the cloud solutions
● Target Audience of this course
● Instructor resources https://nicolasmoy.com/
Lesson 1.2: Exam Roadmap
Skills Learned From This Lesson: exam path, cloud architecture, overview AWS services
● Certifications path overview: https://aws.amazon.com/en/certification/
● Solution architect for architectural purpose in design software using cloud
● Learn about the pricing model in the AWS
● Try to gain experience solving problems and implementing Solutions using AWS
○ Understand networking, databases and systems will be a good experience.
● Certification content:
○ https://aws.amazon.com/pt/certification/certified-solutions-architect-associate/
○ https://d1.awsstatic.com/training-and-certification/docs-sa-assoc/AWS_Certified_
Solutions_Architect_Associate-Exam_Guide_EN_1.8.pdf
● Understand the concepts in high available and security architecture. Review the AWS
documentation.
● Read and understand the terminology of white papers.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
● Exam score of 720 or higher to pass the exam.
● Read the documentation of exam preparation
● Read the FAQ
● Read the white documentation
Lesson 1.3: Global Infrastructure
Skills Learned From This Lesson: Availability Zone, Amazon network, Region, Edge Location
● In June 2019:
○ 21 Regions
○ 66 Availability Zones forming the Amazon network.
○ Users access in order to add redundancy and reliability
○ Global infrastructure: https://aws.amazon.com/pt/about-aws/global-infrastructure/
● Availability Zone
○ Datacenter: buildings full of servers, storage arrays, networking hardware, etc
○ Have 2 or more several data centers to form a unique AZ
● Region: Geographical area: 2 or more AZ
● Edge location
○ Caching content.
○ Cloudfront is an example of edge location and is part of CDN
○ Over 150 edge locations, more than regions.
Lesson 1.4: Basics and Advantages to Cloud Computing
Skills Learned From This Lesson: Cloud computing, price of cloud computing, scale process of
cloud computing
● Cloud Computing:
○ CPU, storage, database, and other IT.
○ Services in pay-as-you-go that are available through the internet.
○ Scaled the capacity in seconds
● With cloud computing: Trade Capital Expense for Variable Expense
○ Example of an expensive data center before the company used it.
○ In the cloud you pay only for the resources you need, and scale up or down.
○ Benefit of getting a better price.
● With cloud computing, you have the exact resources that you need
○ You can automate the infrastructure process.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
○ Gain speed and agility build your infrastructure against weeks of build your own
datacenter.
○ Stop spending money on maintaining Data Centers.
● With cloud computing, you have high availability,
○ Data servers in all parts of the world.
○ Develops a Global infrastructure in seconds.
Lesson 1.5: Cloud Models and Deployments
Skills Learned From This Lesson: types of cloud computing, IaaS, PaaS, SaaS, Types of cloud
computing Deployments
● Types of cloud computing: IaaS, PaaS, SaaA
● Infrastructure as a Service (IaaS)
○ Manage the servers: physical or virtual, also de operating systems: patching,
updated, etc.
○ Security contracts to share the responsibility.
● Platform as a Service (PaaS)
○ Manage the applications
○ The provider is responsible for the hardware, operating systems, security,
updates, maintenance. Etc
○ Ideal for developers
● Software as a Service (SaaS)
○ Manage the data
○ The provider is responsible for the servers and applications.
○ Example dropbox
● Types of cloud computing Deployments: Public Cloud, Hybrid Cloud, Private Cloud.
○ Private cloud
■ AWs, GCP, Azure
○ Hybrid cloud:
■ Mixed between Public and Private
○ Private cloud
■ You managed cloud. For example with VMware or Openstack
Module 2: AWS IAM and S3
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
Lesson 2.1: Creating and AWS Account
Skills Learned From This Lesson: create account in AWS, aws account plans, aws console
● Use the basic plan in the support plan to personal use.
● Create an account in the AWS
Lesson 2.2: Introduction to IAM
Skills Learned From This Lesson: IAM, users, groups, policies, roles
● Manage users and their level of permissions in the AWS.
● Featured of IAM
○ Shared access to aws accounts
○ Identity federation
○ Multi-factor authentication
○ Set password rotation policies
○ Support PCI DSS Compliance
● Users, Groups, Policies and Roles: Key terms for IAM
Lesson 2.3: Getting Started with IAM
Skills Learned From This Lesson: IAM, users, groups, policies, roles, security settings
● Security identity and compliance: IAM in the aws console.
● Activate MFA for good practices in security.
● Manage users, and create a new user with programmatic access.
● Use group like AdministratorPermissions.
● Use tags to created labels and descriptions.
● Setting the Password Policy
Lesson 2.4: Setting up a Billing Alarm
Skills Learned From This Lesson: AWS billing, cloudwatch, alerts, metrics, notifications
● Go to my billing dashboard
○ Receive billing address
● Go to cloudwatch and create alert using billing metrics and notifications.
Lesson 2.5: Getting Started with S3
3 Storage Classes, S3 features
Skills Learned From This Lesson: S3 overview, S
● Simple Storage Service
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4
○ Highly scalable object storage
○ Object-based
○ Universal namespace. Bucker name is globally unique
● We can use the aws cli, aws console or API to access to S3 service.
● Storage details
○ File can be 0 bytes to 5 TB
○ Unlimited storage
○ Files are stored in Buckets
○ Upload to S3 will issue an HTTP 200 code indicating successful upload.
● S3 objects: objects ad a files
○ Key: file name of the object
○ Value: the data that makes up the file
○ Version ID: versioning the file
○ Metadata: Data about the data stored in the file
● Data consistency for S3
○ Propagation of the updates across the global servers.
○ Read after write consistency for PUTS of new objects (files).
○ Eventual consistency for overwrite PUTS and deletes.
● S3 Guarantees
○ Build for 99.99% S3 platform availability
○ AWS guarantees 99.9% availability
○ AWS guarantees 99.999999999% durability for information stored in S3 (11 x 9s
).
● S3 Features
○ Tiered storage
○ Lifecycle management
○ Versioning
○ Encryption
○ MFA delete
○ Secure the data using Access Control Lists (ACL) and Buckets Policies
● S3 Storage Classes
○ S3 Standard
■ 99.99% availability
■ (11x9s) Durability
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
5
■ Stored redundantly across multiple facilities
○ S3 infrequently accessed
■ Allows for rapid access
■ Lower fee than s3 standard
■ Charged a retrieval fee
○ S3 One Zone IA
■ Infrequently access and stored in one zone to save on costs
○ S3 Intelligent Tiering
■ Optimizes costs by automatically moving the data to the most
cost-effective access tier
■ No impact on performance of operational overhead
○ S3 Glacier
■ Secure, durable, low-cost storage for data archiving
○ S3 Glacier Deep Archive
■ Lowest cost S3 storage option
■ Retrieval times of 12 hours
● S3 storage comparison. https://aws.amazon.com/s3/storage-classes/
Lesson 2.6: S3 Lab
Skills Learned From This Lesson: bucket, bucket properties, S3 delete actions
● Aws console: s3
● Create new bucket: name, region, versioning, tag, object-level logging, encryption.
● By default block all public access.
● Read after rights consistency.
● Delete actions will take time to propagate.
● S3 properties in the console
○ Static website hosting
○ Versioning
○ Server access logging
● S3 AWS resources
Lesson 2.7: Cloudfront Overview
Skills Learned From This Lesson: CDN, cloudfront, edge location
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
6
● Content delivery network (CDN) managed by AWS: a system of distributed servers that
deliver data to users in geographic locations.
○ Edge location: location where the content will be cached.
○ Origin: the originate of the files to be cached.
○ The edge location CDN will distribute these files to the location choice: S3
bucket, EC2, ELB or Route53.
● Website, multimedia are classic examples of cloudfront use.
Module 3: EC2
Lesson 3.1: Getting Started With EC2 and EBS
Skills Learned From This Lesson: EC2, EBS, EC2 pricing models, EC2 types, EBS types
● EC2 - elastic compute cloud
○ Virtual server in the cloud.
○ Easily scale the resource capacity (up or down).
● EC2 Pricing Models
○ On Demand: Fixed rate by the hour
○ Reserved: Contract bases for 1 year or 3 year terms, a steep discount.
○ Spot: pick the price during bidding.
○ Dedicated Hosts: Util for regulated data, reduce costs using your existing server
software licenses.
● EC2 On Demand
○ Standard EC2 pricing option
○ No up front costs or long term commitments
○ Good for apps with short term, spiky, etc.
● EC2 Reserved
○ Applications with predictable needs
○ Reserved Pricing Types
● EC2 Spot
○ Applications that have flexible start and end times
○ Low compute prices
● EC2 Dedicated Hosts
○ Regulatory requirement (applications that shouldn’t be hosted in multi-tenant
environment)
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
7
○ Can be purchased on-demand or at a reserved rate
● EC2 Instance Types: F1, I3, G3, H1, T2, M4, M5, C5, P3, X1
● EBS - Elastic Block Store
○ Storage volumes placed in specific AZs to replicate and protect the data from
failure
○ SSD
■ General purpose SSD (GP2)
■ Provisioned IOPS SSD (IO1)
○ Magnetic
■ HDD (ST1)
■ Cold HDD (SC1)
■ Magnetic
Lesson 3.2: EC2 Lab
Skills Learned From This Lesson: launch EC2, AMI, security groups, key pairs
● AWS console Launch EC2 instance: AMI instance
● CPU resource and Type storage
● Choose EC2 pricing model
● Create the security group
● Create key pair
Lesson 3.3: Basics of EBS Volumes
Skills Learned From This Lesson: EBS, EBS types, EC2
● EBS - Elastic Block Store
○ Block level storage volumes for use with EC2 instances
○ Block device like a hard drive
○ Mount the volumes as devices in the instances
○ An instance could have multiples volumes
● EBS types (5)
○ SSD
■ General purpose SSD (GP2)
■ Provisioned IOPS SSD (IO1)
○ Magnetic
■ Throughput Optimized HDD (ST1)
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
8
■ Cold HDD (SC1)
■ Magnetic (Legacy)
● EBS Features details in https://aws.amazon.com/ebs/features/?nc=sn&loc=1
Lesson 3.4: Introduction to Serverless
Skills Learned From This Lesson: Serverless, Lambda, event-driven architecture
● Lambda
○ Upload and run your code without managing servers
○ Pay only for the compute time you consume
○ Lambda is responsible for scale and high availability
○ You can configure to trigger from other AWS services
○ Lambda is event-driven compute service, lambda runs the code in response to
events.
○ Serverless event-driven architecture
● Lambda facts
○ Very cheap to use ($0.20 per 1 million requests)
○ Alexa skills run on lambda
○ Continuous scaling
Module 4: Databases
Lesson 4.1: Introduction to RDS
Skills Learned From This Lesson: Databases, RDS, Multi-AZ, Replicas, AWS database types
● RDS - Relational Database Service
○ Sql Server, Oracle, MySQL, PostgreSQL, Aurora, MariaDB
○ Relational Database: Tables, Rows and Columns to organize the data
● RDS - Multi-AZ
○ Failover to backup DB in the event the primary DB fails
○ Secondary DBs are in another AZ
● RDS - Read Replicas
○ For performance by sharing request to database
○ There is no automatic failover
● AWS DynamoDB (Non-Relational Database)
○ Non-Relational Database: Documents in the form of Json
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
9
○ More scalability and performs differently
● AWS RedShift - OLTP
○ OLTP - Online Transaction Processing
○ Aggregation from multiple databases
○ Perform intense queries across multiple databases
○ Provide valuable business information with advanced queries
● AWS Elasticache
○ Web service that performs in-memory cache in the cloud
○ Improve the performance of web apps by caching
○ Two open source caching engines
■ MemcacheD
■ Redis
Lesson 4.2: RDS Lab
Skills Learned From This Lesson: Databases, RDS, RDS networking, RDS security groups,
snapshot, backup, restore
● Aws console: Database: RDS
● Create database and use the easy configuration
● Networking, security groups, replications details
● Monitoring the database
● Take a DB Snapshot
● Automated backups and restore
Module 5: VPC’s
Lesson 5.1: Getting Started With VPC’s
Skills Learned From This Lesson: VPC, CIDR, subnets, route tables
● VPC - Virtual Private Cloud
○ AWS service that create a virtual network in AWS cloud
○ In the VPC, you can deploy EC2 instances
○ This virtual network are customizable:
■ Public-facing networks
■ Private networks
● VPC overview
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
10
○ The VPC is in a region for example us-east-1
○ The VPC has an CIDR: 10.0.0.0/24
○ The VPC has subnets in the range of the CIDR
○ The VPC endpoint network interface
○ The VPC has EC2 instances
○ The VPC has route tables between subnets
○ The internet gateway is attached to the VPC, for access to the internet
○ The subnet could configure rules know as NACL (Network Access Control Lists)
● Default VPC vs Custom VPC
○ The default VPC is created by default by the AWS
○ In the default VPC all subnets have route out to the internet
○ In the default VPC each EC2 instance has both public and private IP addresses
○ In the custom VPC is created by the user customized
● VPC Peering
○ Allows to connect multiple VPCs together through direct network route using
private IP address
○ You can peer VPCs with another AWS account’s VPC
○ No transitive peering.
■ For example VPC A can peer to VPC B, but you cannot peer VPC B to
VPC C as a diagram in the slide.
Lesson 5.2: VPC Lab
Skills Learned From This Lesson: VPC, CIDR, subnets, route tables
● AWS dashboard: VPC service
● Choose the region to create the VPC
● Create a new VPC
○ CIDR
○ Tenancy default
● Subnet
○ Private subnet
○ Public subnet
● Route tables
● Network ACL
● Elastic IPs
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
11
● Internet Gateway
Lesson 5.3: What are Bastion Hosts
Skills Learned From This Lesson: bastion hosts, DMZ, subnets, security
● Bastion Hosts
○ It is a computer in a network in a demilitarized zone (DMZ) and usually involves
access from untrusted networks or computers
○ It is the main access to the others subnets
○ Configured to withstand attacks
○ General hosts a single application for example a proxy server
○ The VPN through the bastion host the users will connect to the VPC
Lesson 5.4: What is Direct Connect?
Skills Learned From This Lesson: Direct connect, vpc, networking
● Direct Connect
○ Dedicated network connection service that allows you to connect your
on-premise network to AWS
○ Increase bandwidth throughput
○ Provide more consistent network experience
○ Normally using with private VPC
Module 6: Wrapping Up
Lesson 6.1: Scheduling your Exam
Skills Learned From This Lesson: scheduling exam, exam types, location centers to the exam
● Go to aws training certifications
● Schedule the exam
● AWS Certified Solution Architect - Associate
● Choose the location
● Select the exam language
● $150 the exam price
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
12
