Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- AWS CSA SAA-C02 Certification Track Study Group
- AWS Certified Solutions Architect Associate Certification Track
- Hi and welcome to this study group! We will be covering the essentials you need to ACE your certification, but also to use in the real world.
- Each week, we will cover a new lesson. We will make our way through the AWS Certified Solutions Architect Associate certification track which consists of 6 courses, and we will start off with the first course, Designing Resilient Architectures, and cover AWS Fundamentals.
- Each week, you will receive an overview of the lesson for the course with questions to answer to help solidify what was covered in the lesson video. We can then discuss your answers.
- And BONUS: Designs/Builds
- As we make our way through this certification track, we will also be designing and building architectures to help you get that real-world experience as a Solutions Architect. So look for these in the weeks to come!
- Upcoming designs and builds: serverless architectures, migration, applications with external identities (hint), hybrid networking, DNS,and more.
- Remember I am here to help you, so please reach out anytime with questions or any help needed.
- Comment
- YouTube - AWSJulie
- LinkedIn
- Designing Resilient Architectures (first course)
- AWS Fundamentals
- Week #1: Cloud Computing
- Specific lesson: Understanding Cloud Computing
- What is AWS? What is Cloud Computing?
- Let’s start off with what is AWS?
- Aws says that “cloud computing with AWS provides the most comprehensive cloud platform with over 165 fully featured services from data centers all over the world.
- So, AWS provides us a way to power our infrastructure while becoming more agile and also lowering our costs. So that is awesome!!!
- But what is Cloud Computing? Well, if you ask around or google what is cloud computing, you will find multiple different answers, but cloud computing basically means that you have to meet certain criteria.
- And there again are a lot of great definitions, some simple and some complicated, but in the lesson video we break it down. I choose to highlight the National Institute of standards and technology for this lesson.
- #1 What is the first criteria of Cloud Computing?
- #2 What is the second criteria of Cloud Computing?
- #3 What is the third criteria of Cloud Computing?
- #4 What is the fourth criteria of Cloud Computing?
- #5 What is the fifth criteria of Cloud Computing?
- And the biggest cost optimization benefit is that we only pay for what we use with AWS cloud computing. So how does AWS do this?
- #6 What is the AWS Global Infrastructure?
- #7 What is the difference between global resilient, region resilient, and availability zone resilient services?
- #8 What is a region?
- #9 What is an availability zone?
- #10 What is an edge location?
- And then on top of this AWS Global Infrastructure, we have high level AWS services.
- #11 Can you name some AWS high level services? Name 5.
- In the next studygroup, we will take a deeper dive and talk more about high-level services, but focus on the AWS Shared Responsibility Model and the AWS Well-Architected Framework.
- Week #2: Shared Responsibility
- Specific lesson: Overview of the Shared Responsibility Model and the AWS Well-Architected Framework:
- Let’s start off with what is the Shared Responsibility Model?
- Well, it is how AWS provides clarity around which areas of system security are theirs and which are owned by us.
- #1 What is AWS’ responsible for?
- #2 What are we responsible for?
- What is the AWS Well-Architected Framework? https://aws.amazon.com/architecture/well-architected/
- Well, it is one of my favorites, but it is AWS’ best strategies for architecting systems. So if you are dealing with imposter syndrome or if you want to be an amazing solutions architect, you must get familiar with the AWS Well-Architected Framework (and bonus, it was recently updated).
- #3 What are the AWS Well-Architected Framework’s principles?
- #4 What are the five pillars of the AWS Well-Architected Framework?
- AWS also provides a tool along with the best practices to help us too and this tool will review our workloads and compare our workloads to the latest AWS best practices for architectural design (do you remember which tool that is?) and those best practices for architectural design comes directly from the AWS Well-Architected Framework!
- You may be asking Julie, why is this important, why are we discussing cloud computing, the shared responsibility model and the well-architected framework; well, the reason is that both give you a good solid basis for understanding AWS, and it will benefit you to take the time to learn and understand these concepts going into your exam.
- In the next studygroup, we will take a deeper dive into the AWS Well-Architected Framework’s Cost Optimization Pillar.
- Design/Build #1: Shared Responsibility Model
- Can you sketch out the shared responsibility model? Click here for help!
- Design/Build #2: AWS Well-Architected Framework
- Design a basic web application using the AWS Well-Architected Framework. Do the best you can, you can sketch it on paper, use powerpoint, etc. but do your best and be proud of where you start! We all start somewhere, but what matters most is that we are actively working on improving!!
- We will circle back to this at the end of the study group and compare your finished design to your initial design.
- For hints check out this lab (this lab may be too much for you right now, but at the end of our study group, this lab will be easy).
- Week #3: Cost Optimization
- Specific lesson: Exploring Cost Optimization
- AWS has recently added more cost optimization to the AWS certification exams; so not only is cost optimization important for the exam, but it is crucial for the real world.
- So, what is cost optimization? Well, cost optimization is the ability to run systems that deliver business value at the lowest price point.
- #1 What are some of the ways that AWS provides cost optimization?
- #2 What are some of the cost effective resources that AWS provides?
- #3 What does AWS offer to help us match our supply to our demand?
- #4 What are the five pillars of Cost Optimization?
- So as solutions architect, we have to understand and implement the cost optimization 5 pillars and best practices throughout our infrastructure. You will see a huge change in your organization when your operations teams and your finance teams are working towards the same goals.
- In the next studygroup, we will take a deeper dive into AWS design and talk about high availability, fault tolerance, and disaster recovery.
- Design/Build #3: Cost Optimize Your Environment
- If you have an AWS account or if you are currently working for an organization, see if you can come up with ways to add cost optimization to that AWS account. Or bonus, maybe you can add cost optimization to your organization by migrating partial or full workloads to AWS. And we can discuss this in our #studygroup channel to see what everyone is doing. Plus we can come back to this design at the end of this certification track and study group.
- Week #4: High Availability and Fault Tolerance
- Specific lesson: AWS Reliability
- Three essential concepts to understand with AWS fundamentals are high availability, fault tolerance, and disaster recovery. And a great place to learn and dive deeper is in the AWS Well-Architected Framework.
- #1 What is high availability?
- #2 What is fault tolerance?
- #3 What is disaster recovery?
- #4 What is the difference between highly available and fault tolerance versus disaster recovery? (hint: operating through disaster and event of a disaster)
- So as solutions architect, we have to understand the concepts and how AWS services can help you build highly available and fault tolerant systems. But we also have to have a plan in place for when or if that disaster occurs. We have to recover our systems efficiently and fast!
- In the next studygroup, we will take a deeper dive into elasticity and scaling.
- Design/Build #4: Design a HA and FT Architecture
- Design a highly available and fault tolerant architecture.
- Design/Build #5: Design a Disaster Recovery Playbook
- Design an architecture for disaster recovery.
- Week #5: Scaling and Elasticity
- Specific lesson: Exploring AWS Performance Efficiency
- In this lesson we will be exploring elasticity along with horizontal and vertical scaling.
- #1 What is scaling?
- #2 What is vertical scaling?
- #3 What is horizontal scaling?
- #4 What is an example of vertical scaling?
- #5 What is an example of horizontal scaling?
- #6 What is elasticity?
- #7 What are some tips you learned to help remember the difference between vertical and horizontal scaling?
- So as solutions architect, an important topic to know and understand is how to use elasticity along with vertical and horizontal scaling. Why? Because our demand is very rarely linear, so we have to understand how using elasticity allows our capacity to increase and decrease and meet that ever changing demand.
- #8 Bonus: what can you use in AWS to help your systems to scale out our systems to match the capacity to the demand?
- In the next studygroup, we will take a deeper dive into what is public, private, multi, and hybrid cloud and environments.
- Design/Build #6: Design a highly available simple web application
- (Hint)
- Week #6: Public, Private, Multi, and Hybrid Cloud
- Specific lesson: Understanding Public, Private, Multi, and Hybrid Cloud
- In this lesson we will be exploring public cloud, private cloud, multi cloud, and hybrid cloud and specifically what are the differences. Remember in week 1, we talked about what is aws and what is cloud computing, but we also need to understand the different types of cloud.
- #1 What is public cloud?
- #2 What is private cloud?
- #3 What is multi cloud?
- #4 What is hybrid cloud?
- #5 What is a hybrid environment?
- So as solutions architect, it is important to be able to distinguish between the different types of cloud to be able to architect your environment.
- In the next studygroup, we will take a deeper dive into public and private AWS services.
- Design/Build #7: Draw designs for public, private, multi, and hybrid cloud.
- Week #7: Public and Private Services
- Specific lesson: AWS Public and Private Services
- In this lesson we will look at the architecture for public and private AWS services.
- #1 What is an AWS public service?
- #2 What is an AWS private service?
- So as solutions architect, it is important to be able to distinguish between AWS services that are public and private because it will affect your designs/connectivity; for example, how do you give access to a specific AWS service.
- In the next studygroup, we will take a deeper dive into the AWS VPC and AWS infrastructure.
- Design/Build #8: Draw the connectivity needed for a user to access S3 and the same user access to an EC2 instance inside your VPC. Hint: which connection will use the public internet?
- Week #8: VPC
- Specific lesson: AWS VPC and AWS Infrastructure
- In this lesson we will cover a high-level overview of VPCs. For your certification exam , you really need to understand VPCs and know how to build them.
- #1 What is a VPC?
- #2 What are the layers of security you have with a VPC?
- #3 What is an Internet Gateway?
- #4 What is a Security Group?
- #5 What is a NACL?
- #6 What is a subnet?
- #7 What is a default VPC?
- #8 What is a custom VPC?
- #9 What is a peering connection?
- #10 What is transitive peering?
- #11 Bonus: What can you use to configure transitive peering?
- So as solutions architect, it is important to be able to build a VPC with the proper configuration and security in place.
- In the next studygroup, we will dive deeper into AWS Organizations and dive into AWS accounts.
- Design/Build #9: In your own AWS account or in our hands on labs, can you build a custom VPC and configure the needed parts. (Hint)
- AWS Accounts
- Week #9: AWS Accounts
- Specific lesson: Understanding AWS Accounts
- In this lesson we will dive deeper into AWS accounts because AWS accounts may seem very basic, but what accounts are and how they work is crucial to understand as a solutions architect.
- #1 What is an AWS account? (hint: 4 things an AWS account does is mentioned towards the end of this lesson)
- #2 What is the user called when you create your AWS account?
- #3 What are the best practices to follow for the account root user?
- #4 When you create an AWS account, who does that account belong to?
- #5 What permissions are automatic for all users you add to your AWS account?
- #7 How are AWS services billed?
- In the next studygroup, we will dive deeper and talk about creating an AWS account.
- Week #10: AWS Account
- Specific lesson: Creating an AWS Account
- In this lesson we will walk through creating an AWS account.
- #1 What is the AWS Free Tier?
- #2 What do you need to create an AWS account?
- #3 What are the AWS Support Plans?
- In the next studygroup, we will dive deeper and talk about securing our AWS account.
- Design/Build #10: Create your own AWS account
- Week #11: Secure AWS Accounts
- Specific lesson: Securing Your AWS Account
- In this lesson we will learn how to secure our AWS account.
- #1 What permissions does the account root user have?
- #2 What is Multi-Factor Authentication?
- #3 What is an OTP?
- #4 What best practice should you also complete to make it easier for AWS to contact you with any issues?
- In the next studygroup, we will dive deeper and create a billing alarm for our AWS account.
- Design/Build #11: Set up MFA on your AWS account
- Week #12: AWS Free Tier
- Specific lesson: AWS Free Tier and Creating a Billing Alarm
- In this lesson we will walk through how to create a billing alarm to make sure you stay within your budget and also talk about the AWS Free Tier.
- #1 How are AWS services billed? (hint: multiple ways)
- #2 What is the AWS Free Tier?
- #3 What is CloudWatch?
- #4 What is a CloudWatch alarm?
- In the next studygroup, we will dive deep and talk about IAM.
- Design/Build #12: Set up a billing alert in your AWS account.
- Week #13: IAM
- Specific lesson: Identity and Access Management (IAM) Overview
- In this lesson we will cover a high level overview of IAM, IAM users, IAM groups, IAM roles, and IAM policies.
- #1 Can you adjust the permissions of the account root user?
- #2 What is IAM?
- #3 What is the principle of least privilege?
- #4 What does IAM allow us to create?
- #5 What is an IAM user?
- #6 What is an IAM group?
- #7 What is an IAM role?
- #8 What is an IAM policy?
- #9 What is different about an IAM policy compared to the others?
- #10 What is the IAM limit for the number of IAM users per AWS account?
- In the next studygroup, we will dive deep talk about IAM users and create an additional IAM user for our AWS account.
- Design/Build #13: In your AWS account, review the permission for your users? If you do not have other users, think of different scenarios and designs and what permissions would be needed. Are you following the principle of least privilege?
- Week #14: IAM Users
- Specific lesson: Creating IAM Users
- In this lesson we will create an admin IAM user which is best practice; it is not best practice to use your account root user.
- #1 What is an IAM user
- #2 What are long term credentials?
- #3 What can an IAM user be? (hint: people, ap……)
- #4 What can you use for your IAM user to easily remember the login URL?
- #5 What are the two types of AWS access for an IAM user?
- #6 What is programmatic access?
- #7 What is the AWS management console access?
- #8 What permissions does your new IAM user have by default?
- #9 What is the IAM limit for the number of IAM users per AWS account?
- In the next studygroup, we will dive deep talk about IAM policies and learn how AWS handles the security of their users and resources.
- Design/Build #14: Create your naming structure for your IAM users.
- Design/Build #15: Add MFA to your new IAM user.
- Week #15: IAM Policies
- Specific lesson: Creating IAM Policies
- In this lesson we will learn about IAM policies and how AWS handles the security of their users and resources.
- #1 What are identities in AWS?
- #2 What is an IAM policy?
- #3 What is a statement ID?
- #4 What is a policy action?
- #5 What is the resource part of a policy?
- #6 What is an AWS ARN?
- #7 A resource policy is a policy on a resource that can reference IAM users and IAM ___ using the ARN.
- #8 What is an explicit deny?
- #9 What is an explicit allow?
- #10 What is an explicit deny?
- #11 What is an AWS Managed Policy?
- #12 What is an Inline Policy?
- #13 What is a Customer Managed Policy?
- In the next studygroup, we will dive deep and talk about IAM groups.
- Design/Build #16: Can you add a policy to your IAM user?
- Design/Build #17: Look at policies and see if you can read the policy and decide what permissions are being given. (Github with more policy)
- {
- "Version":"2012-10-17",
- "Statement":[{
- "Sid":"PublicReadGetObject",
- "Effect":"Allow",
- "Principal": "*",
- "Action":["s3:GetObject"],
- "Resource":["arn:aws:s3:::scubasyndrome/*"
- ]
- }
- ]
- }
- Week #16: IAM Groups
- Specific lesson: IAM Groups
- In this lesson we will create an IAM group and see how you can use groups to organize large sets of IAM users.
- #1 What is an IAM Group?
- #2 What credentials do IAM groups have?
- #3 Can you log into an IAM group?
- #4 How many groups can an IAM user be a member of?
- #5 How many IAM users can be in an IAM group?
- #6 What is the soft limit of IAM groups per AWS account?
- #7 Is an IAM group considered to be a true identity in AWS?
- In the next studygroup, we will dive deep and talk about IAM roles.
- Design/Build #18: Create an IAM group for your IAM users.
- Week #17: IAM Roles
- Specific lesson: IAM Roles
- In this lesson we will learn what are IAM roles, how they work, and how to use roles in your AWS account.
- #1 What is an IAM role?
- #2 What is the difference between an IAM user and an IAM role?
- #3 What are the two types of policies that an IAM role has?
- #4 What is a trust policy?
- #5 What is a permission policy?
- #6 What is STS?
- #7 What can trust policies reference?
- #8 What are use cases for IAM roles?
- #9 IAM roles can be used when you want to re-use your existing identities from your on-premise and access AWS resources, what is the process that allows this?
- In the next studygroup, we will dive deep and talk about AWS Organizations.
- Design/Build #19: Dive deep and make sure you understand how roles work, when you would use roles, and understand both policies that roles use.
- Week #18: AWS Organizations
- Specific lesson: AWS Organizations
- In this lesson we will learn what is an AWS Organization, what will it help solve, and how AWS ORganizations work.
- #1 What is an AWS Organization?
- #2 What does an AWS Organization provide for your AWS environment?
- #3 What are Organizational Units?
- #4 What benefits of an AWS Organization?
- #5 What are Service Control Policies?
- In the next studygroup, we will create an AWS Organizations.
- Design/Build #20: Draw a design to incorporate AWS Organization to share resources for added cost savings.
- Week #19: AWS Organization
- Specific lesson: Creating an AWS Organization
- In this lesson we will walk through creating an AWS Organization, invite an AWS account to join our new AWS organization, and then create a new AWS account to join the AWS Organization as well.
- #1 What an AWS master account?
- #2 What is an AWS member account?
- #3 What is SCP (Service Control Policy)?
- #3 What are the two main ways that SCPs are used?
- #4 What benefits of an SCP?
- In the next studygroup, we will cover IAM access keys.
- Design/Build #21: Create an AWS Organization for your AWS account and invite a new AWS account to join.
- Week #20: IAM Access Keys
- Specific lesson: Understanding IAM Access Keys
- In this lesson we will learn about IAM access keys, so far, we have only been dealing with accessing our resources from the AWS Management Console, but we can also access our resources using the CLI, APIs, & SDKs.
- #1 What do we use to authenticate with the AWS Management Console?
- #2 What do we use to authenticate with the CLI?
- #3 Are access keys considered long term credentials?
- #3 How many sets of access keys can an IAM user have?
- #4 What is an access key made up of?
- #5 What identities in AWS use access keys?
- In the next studygroup, we will start the last section of this course, Designing Resilient Architectures, and cover AWS Core Services, starting with EC2.
- Design/Build #22: Create an IAM user and give them programmatic access along with console access, and explore access keys a bit deeper.
- AWS Core Services
- Week #21: EC2
- Specific lesson: EC2 Overview
- Hi and welcome to a new section, AWS Core Services, where we will do a high level overview of AWS core services you will most likely see on your exam and we are starting off with EC2.
- In this lesson we will learn about EC2 and virtualization.
- #1 What is Virtualization?
- #2 What are types of virtualization?
- #3 What options do we have for our EC2 hosts?
- #3 What is the default EC2 host in AWS?
- #4 What is Instance Store?
- #5 What is an ENI?
- #6 What is EBS?
- #7 Exam tip: know the behavior of EC2 instances!
- In the next studygroup, we will cover another AWS Core Service, S3.
- Design/Build #23: Draw an example of where an EC2 host sits in relation to an EC2 instance in a VPC including AZ, Instance Store, an EBS volume, and an ENI.
- Week #22: S3
- Specific lesson: S3 Overview
- In this lesson we will learn about S3.
- #1 Is S3 a global service?
- #2 Is S3 a public or private service?
- #3 What is an S3 bucket?
- #3 Why does an S3 bucket need a globally unique name?
- #4 S3 is an ______ storage system.
- #5 What are the two consistency models for S3?
- In the next studygroup, we will cover another AWS Core Service, CloudWatch.
- Design/Build #24: Create an S3 bucket.
- Week #23: CloudWatch
- Specific lesson: Introduction to CloudWatch
- In this lesson we will learn about CloudWatch.
- #1 What is CloudWatch?
- #2 What is a CloudWatch metric?
- #3 Does CloudWatch collect metrics in AWS automatically?
- #3 When do you need a CloudWatch agent?
- #4 What is a CloudWatch event?
- In the next studygroup, we will cover another AWS Core Service, CloudTrail.
- Week #24: CloudTrail
- Specific lesson: CloudTrail Overview
- In this lesson we will learn about CloudTrail.
- #1 What is CloudTrail?
- #2 What is a CloudTrail event?
- #3 What are the two types of CloudTrail events?
- #3 What is a CloudTrail Management Event?
- #4 What is a CloudTrail Data Event?
- #5 Does CloudTrail log in real-time?
- #6 What does CloudTrail log by default?
- #7 Where can you store CloudTrail logs?
- #8 Does CloudTrail log global events by default?
- In the next studygroup, we will cover another AWS Core Service, CloudFormation.
- Week #25: CloudFormation
- Specific lesson: CloudFormation Overview
- In this lesson we will learn about CloudFormation.
- #1 What is CloudFormation?
- #2 What is a CloudFormation template?
- #3 What is mandatory in a CloudFormation template?
- #3 Know what each part of a CloudFormation template is and what it does? (hint: Description, Parameters, Mapping, Conditions, etc.)
- In the next studygroup, we will cover another AWS Core Service, Route 53.
- Design/Build #25: Check out a few CF templates.
- Week #26: Route 53
- Specific lesson: Route 53 Overview
- In this lesson we will learn about Route 53.
- #1 What is Route 53?
- #2 IS Route 53 a global service?
- #3 What is DNS?
- #4 What is a DNS Resolver?
- #5 What is DNS root?
- #6 What is a name server?
- #7 What is a top level domain?
- #8 What is a zone file?
- #9 What is an A Record?
- #10 What is a CNAME Record?
- #11 What is an Alias Record?
- #12 Can you map a CNAME to a naked domain?
- #13 What is a Host?
- #14 What is a FQDN?
- #15 What are the two main functions of Route 53?
- #16 What is a Hosted Zone?
- In the next studygroup, we will cover another AWS Core Service, AWS Databases.
- Design/Build #26: In your own AWS account take a moment to explore Route 53.
- Week #27: AWS Databases
- Specific lesson: Overview of AWS Databases
- In this lesson we will learn about AWS Databases.
- #1 What is RDS?
- #2 What is a relational database?
- #3 What is SQL?
- #4 What is a non-relational database?
- #5 What are the two features of RDS?
- #6 What is DynamoDB?
- #7 What is DAX?
- #8 What are the two caches for DAX?
- #9 What is DAX designed for?
- #10 What is Redshift?
- #11 What is OLTP?
- #12 What is OLAP?
- #13 What is Elasticache?
- #14 What are Elasticache’s two popular caching engines?
- #15 What are use cases for Elasticache?
- #16 What are use cases for RDS?
- #17 What are use cases for DynamoDB?
- #18 What are use cases for Redshift?
- And this wraps up the first course, Designing Resilient Architectures. In the next studygroup, we will start a new course, Networking and Compute.
- Design/Build #27: In your own AWS account take a moment to explore the different AWS databases that are available.
- Networking and Compute (second course)
- Week #28: Default VPC
- Specific lesson: Understanding the Default VPC Structure
- In this lesson we will learn about the default VPC in AWS.
- #1 What is a VPC?
- #2 Is a VPC a regional service?
- #3 What is a default VPC?
- #4 What are the default permissions for the default VPC?
- #5 What is a custom VPC?
- #6 What is the VPC IPv6 CIDR range?
- #7 What is the IPv6 subnet CIDR range?
- #8 What is the local route used for in your VPC?
- In the next studygroup, we will cover an overview of networking.
- Design/Build #28: In your own AWS account explore your default VPC. What are the default NACLs? What are the default security groups?
- Week #29: Networking
- Specific lesson: Networking Overview
- In this lesson we will cover a high level overview of networking.
- #1 What is a IP?
- #2 What are the two internet protocols?
- #3 What is NAT?
- #4 What is CIDR?
- #5 What is a subnet?
- #6 What is 0.0.0.0/0?
- #7 What is a /32?
- #8 What is IPv6 and why was it created?
- #9 What is ::/0?
- In the next studygroup, we will cover subnets.
- Design/Build #28: Check out these links for a deeper dive!
- https://www.iana.org/numbers
- Private Addresses RFC1918 https://tools.ietf.org/html/rfc1918
- https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
- Prefixes : https://www.ripe.net/about-us/press-centre/understanding-ip-addressing
- Week #30: Subnets
- Specific lesson: Designing Subnets
- In this lesson we will cover subnets and subnetting.
- #1 What is a Subnet?
- #2 Are subnets an availability resilient services?
- #3 One subnet = ____ AZ
- #4 AZs can have ___ or more subnets
- #5 What is the IPv6 CIDR range?
- #6 What is the IPv6 subnet CIDR range?
- #7 How do subnets communicate?
- #8 What are the reserved IP addresses for each subnet?
- #9 If you have 16 IP addresses for your subnet, how many IP addresses are available to use?
- #10 What is a DHCP Option Set?
- #11 How can you edit the DHCP Option Set?
- In the next studygroup, we will cover routing and internet gateways.
- Design/Build #29: Design your VPC CIDR and subnet CIDR for the custom VPC we are building soon.
- Week #31: Routing and Internet Gateway
- Specific lesson: Routing Overview and Adding an Internet Gateway
- In this lesson we will cover routing in AWS.
- #1 What is a VPC router?
- #2 What is the router’s IP address?
- #3 How many route tables can a subnet have?
- #4 Do you have to associate your route table to your subnets?
- #5 What is an Internet Gateway?
- #6 Is the Internet Gateway a regionally resilient service?
- #7 Where does an Internet Gateway sit?
- #8 How many internet gateways can you have for a VPC?
- #9 What is static NAT?
- In the next studygroup, we will cover NACLs (network access control lists).
- Design/Build #30: In your AWS account, look at your default VPC check out the Internet Gateway and the Default Route Table. Design your route table/s and Internet Gateway for your custom VPC that we are building soon.
- Week #32: NACLs
- Specific lesson: Creating Network Access Control Lists (NACLs)
- In this lesson we will cover NACLs.
- #1 What is a NACL?
- #2 What are NACLs attached to?
- #3 What does it mean when they say NACLs are stateless?
- #4 How does AWS process your NACL rules?
- #5 Can NACLs explicitly allow or deny specific IP addresses?
- #6 What happens when a NACL rule is matched?
- #7 How many NACLs are associated with a subnet?
- #8 Can NACLs support rules for AWS services?
- #9 What are the default NACLs?
- In the next studygroup, we will cover security groups.
- Design/Build #31: In your AWS account, design the needed NACLs and do not forget to associate them with the correct subnet/s for the custom VPC we will build soon.
- Week #33: Security Groups
- Specific lesson: Creating Security Groups
- In this lesson we will cover security groups.
- #1 What is a security group?
- #2 What are security groups attached to?
- #3 What does it mean when they say security groups are stateful?
- #4 What are the default security group rules?
- #5 How are security group rules processed?
- #6 What happens when a security group rule is matched?
- #7 Can security groups support rules for AWS services?
- #8 How does the security group implicit deny work?
- In the next studygroup, we will build a custom VPC.
- Design/Build #32: In your AWS account, design the needed security groups for the custom VPC we will build next.
- Week #34: Custom VPC
- Specific lesson: Building a Custom VPC part 1 and Building a Custom VPC part 2
- In this lesson we will build a custom VPC.
- #1 Is a custom VPC a regionally resilient service?
- #2 What is the default tenancy?
- #3 What is dedicated tenancy?
- #4 Custom VPCs have fully provisioned DNS, what network address is used for DNS?
- #5 Why would you choose to enableDNSHostNames?
- #6 Why would you choose to enableDNSSupport in your VPC?
- In the next studygroup, we will cover Bastion Hosts.
- Design/Build #33: Build and configure your custom VPC.
- Week #35: Bastion Hosts
- Specific lesson: What are Bastion Hosts?
- In this lesson we will talk about Bastion Hosts briefly and dive deeper in our EC2 section.
- #1 What is a Bastion Host?
- #2 Where does a Bastion Host sit inside your VPC?
- #3 What security group rule is usually needed for a Bastion Host?
- In the next studygroup, we will cover NAT Gateways.
- Design/Build #34: Launch a Bastion Host in your custom VPC with the appropriate security group rule/s.
- Week #36: NAT Gateway
- Specific lesson: Creating a NAT Gateway and Egress-Only Gateway part 1 and Creating a NAT Gateway and Egress-Only Gateway part 2
- In this lesson we will talk about NAT Gateways and Egress-Only Gateways.
- #1 What is NAT?
- #2 What two ways in AWS can you use NAT?
- #3 What is a NAT Gateway?
- #4 What do you need to update once you create a NAT Gateway?
- #5 Where does a NAT Gateway sit inside your VPC?
- #6 Are NAT Gateways an Availability Zone resilience service?
- #7 Are NAT Gateways required for IPv4 and IPv6?
- #8 What is an EIP?
- #9 What is an Egress-Only Gateway?
- #10 Are Egress-Only Gateways required for IPv4 and IPv6?
- In the next studygroup, we will cover VPC Peering.
- Design/Build #35: Create a NAT Gateway and an Egress-Only Gateway for your custom VPC.
- Week #37: VPC Peering
- Specific lesson: Adding VPC Peering to our custom VPC
- In this lesson we will add VPC peering to our custom VPC.
- #1 What is VPC Peering?
- #2 What are use cases for VPC Peering?
- #3 How many VPCs can be peered together with one peering connection?
- #4 What do you need to update once you create a peering connection?
- #5 What should you also update to allow communication through the peering connection?
- #6 What controls access through your peering connection?
- #7 Does VPC Peering allow transitive routing?
- #8 What can you use to set up transitive routing?
- In the next studygroup, we will cover VPC Endpoints.
- Design/Build #36: Create a peering connection in your AWS account.
- Week #38: VPC Endpoints
- Specific lesson: VPC Endpoints Overview
- In this lesson we cover VPC endpoints.
- #1 What is a VPC Endpoint?
- #2 What are the two types of VPC Endpoints?
- #3 What is a Gateway Endpoint?
- #4 What is an Interface Endpoint?
- #5 Can Gateway Endpoints be restricted?
- #6 Does a Gateway Endpoint use DNS or a route table?
- #7 Does an Interface Endpoint use DNS or a route table?
- #8 What VPC PrivateLink?
- In the next studygroup, we will cover VPC cost optimization.
- Design/Build #37: Create a VPC Endpoint for your custom VPC.
- Week #39: Networking and VPC Cost Optimization
- Specific lesson: Adding Networking and VPC Cost Optimization
- In this lesson we cover cost optimization for your VPC.
- #1 Why do your EIPs need to be attached?
- #2 What should you monitor your data transfer?
- #3 What measures should you have in place to monitor and measure your usage and costs?
- In the next studygroup, we will start a new section, EC2.
- Design/Build #38: Can you add a few cost optimization recommendations to your AWS account?
- Week #40: Virtualization
- Specific lesson: Understanding Virtualization
- In this lesson we cover virtualization, what is EC2, and what does it provide. This is a review from our Designing Resilient Architectures course and the EC2 lesson under AWS Core Services.
- #1 What is virtualization?
- #2 What is EC2?
- #3 What is an EC2 host?
- In the next studygroup, we will cover EC2 instances.
- Design/Build #39: Can you add anything to your design from Design/Build #23?
- Week #41: EC2 Instances Overview
- Specific lesson: EC2 Instances Overview
- In this lesson we learn about the different types of EC2 instances and cover use cases and scenarios for which instance type would be the best fit.
- #1 What do you get when you launch an EC2 instance? (hint: storage, ….)
- #2 What are resource rations?
- #3 What are additional features and capabilities you get with different instance types?
- #4 What are the 5 instance categories?
- #5 Are AMIs regional?
- #6 What is AMI baking?
- In the next studygroup, we will cover EC2 storage.
- Design/Build #40: Launch an EC2 instance that you need, remember you can figure this out by knowing your account structure, your design, your workload, etc.
- Week #42: Understanding EC2 Storage
- Specific lesson: Understanding EC2 Storage
- In this lesson we learn about EC2 storage.
- #1 What is Instance Store?
- #2 ______ is a type of storage that is really fast.
- #3 What is EBS?
- #4 Can you boot off an EBS volume?
- #5 What is file storage?
- #6 What is object storage?
- #7 Exam tip: know the differences between the storage types and their performance.
- In the next studygroup, we will dive deeper into EBS.
- Design/Build #41: Did you choose enough storage for the instance you just launched?
- Week #43: EBS Volumes and Snapshots
- Specific lesson: EBS Volumes and Snapshots
- In this lesson we will take a deeper dive into EBS volumes and snapshots.
- #1 What does EBS provide for our EC2 instances?
- #2 What are the two physical storage types for EBS?
- #3 What are the 4 types of EBS volumes?
- #4 What is a snapshot?
- #5 If you restore an EBS volume from a snapshot, does it take time to initialize?
- #6 What is FSR?
- #7 By default does an EBS volume have encryption?
- #8 EBS volumes are a _____ resilient service.
- #9 EBS volumes are highly available bc data is replicated inside the ______.
- In the next studygroup, we will dive deeper into EC2 Instance Store.
- Design/Build #42: Check your AWS account design and see if you have added an EBS volume; if not, where would that volume sit?
- Week #44: EC2 Instance Store
- Specific lesson: EC2 Instance Store Overview
- In this lesson we will take a deeper dive into EC2 Instance Store.
- #1 What is Instance Store storage? (hint: direct or local)
- #2 What happens to your instance store storage if your EC2 instance moves to a new EC2 host?
- #3 What is the biggest benefit of instance store storage?
- #4 What is a scenario when you would choose an EBS volume over Instance Store?
- #5 What is a scenario when you would choose Instance Store over an EBS volume?
- In the next studygroup, we will dive deeper into EFS.
- Design/Build #43: Understand when to choose instance store vs. EBS volumes for different scenarios.
- Week #45: EFS
- Specific lesson: Elastic File System Overview
- In this lesson we will take a dive into EFS.
- #1 What is EFS?
- #2 Is EFS for Windows and Linux?
- #3 What are the two performance modes of EFS?
- #4 What are the two throughput modes?
- #5 Does EFS have lifecycle policies to help with cost optimization?
- In the next studygroup, we will dive deeper into EC2 Instances Metadata and Bootstrap Scripts.
- Week #46: EC2 Instances Metadata and Bootstrap Scripts
- Specific lesson: Using EC2 Instance Metadata and Bootstrap Scripts
- In this lesson we will take a dive into AMIs, metadata and bootstrap scripts.
- #1 What is bootstrapping?
- #2 What is http://169.254.169.254/latest/user-data?
- #3 What is metadata?
- #4 What is user data?
- #5 Should you add credentials to your user data?
- In the next studygroup, we will dive deeper into ENIs, IP addresses, and DNS and how they relate to our EC2 instances.
- Design/Build #44:
- Week #47: EC2 Instances and Network Interfaces, IP Addresses, and DNS
- Specific lesson: EC2 Instances, ENIs, IP Addresses, and DNS
- In this lesson we will take a dive into Elastic Network Interfaces (ENIs) and DNS.
- #1 What is an ENI?
- #2 How many ENIs does an EC2 instance start with?
- #3 Do you use a security group with an ENI??
- #3 Can you detach your EC2 instance’s primary ENI?
- #4 What is an EIP?
- #5 Where will your public DNS resolve to inside your VPC?
- #6 Where will the public DNS resolve to from anywhere else?
- In the next studygroup, we will jump into EC2 Auto Scaling.
- Design/Build #45: Create a new ENI and attach it to your EC2 instance and configure the security group.
- Week #48: EC2 Auto Scaling
- Specific lesson: EC2 Auto Scaling Overview and Creating an ASG
- In this lesson we will take a dive into EC2 Auto Scaling and create an Auto Scaling Group.
- #1 What is an Auto Scaling Group?
- #2 What does an ASG use to know what to provision?
- #3 What are the ASG’s three important numbers to remember?
- #3 What is a scaling policy?
- #4 What is schedule scaling?
- #5 What is dynamic scaling?
- #6 What are the three sub policies for dynamic scaling?
- #7 ____ and _____ offer more elasticity because the instances are not connecting to the servers but to the load balancer.
- #8 What does an ASG define?
- #9 What does a launch configuration define?
- #10 What is a big benefit of using launch templates?
- #11 What is predictive scaling?
- In the next studygroup, we will jump into EC2 Placement Groups.
- Design/Build #46: Create a launch template/configuration and ASG for your EC2 instane/s. You will need to refer to your workload, account structure and design to set your desired capacity, minimum capacity, and maximum capacity.
- Week #49: EC2 Placement Groups
- Specific lesson: How to use an EC2 Placement Group
- In this lesson we will take a dive into EC2 Placement Groups.
- #1 What is an EC2 Placement Group?
- #2 What is a Cluster Placement Group?
- #3 What is a Spread Placement Group?
- #3 What is a Partition Placement Group?
- #4 Why is it best practice to use the same instance type and to launch your instances at the same time with EC2 Placement Groups?
- In the next studygroup, we will use EC2 instances to launch a WordPress blog.
- Design/Build #47: Create an EC2 Placement Group.
- Week #50: Creating a WordPress site on EC2
- Specific lesson: Creating a WordPress site on EC2
- In this lesson we will walk through how to create a WordPress site on an EC2 instance; there are not many follow up questions but a great opportunity to build and get your hands dirty.
- In the next studygroup, we will dive into some cost optimization tips for EC2.
- Design/Build #48: Create a new WordPress site. If you are new to IT, then this can be a place to reference in your resume and store all of your projects and builds to showcase your experience.
- Week #51: EC2 Instance Billing and Cost Optimization
- Specific lesson: Adding Compute Cost Optimization
- In this lesson we will walk through cost optimization tips for EC2.
- #1 What are the 3 different pricing models for EC2 instances?
- #2 What is an On-Demand Instance?
- #3 What is a Spot Instance?
- #4 What is a Reserved Instance?
- #5 What is a Dedicated Host?
- #6 What is a Dedicated Instance?
- #7 What is a Scheduled Instance?
- In the next studygroup, we will start the last section for Networking and Compute and talk about the Elastic Container Service (ECS)..
- Design/Build #49: Check your account structure and design, are you using the correct instance type and pricing model? Could you use a combination of the pricing models for an added cost savings? Could you optimize your costs any further?
- Week #52: Containers and Docker
- Specific lesson: Understanding Containers
- In this lesson we will cover another form of compute which is containers. We will also understand what are containers and what benefits container computing provides.
- #1 What is the big difference between EC2 instances and containers?
- #2 What is a container?
- #3 What is a Docker image?
- #4 What is a Docker file?
- #5 What are Docker files used for?
- #6 Containers provide _________.
- In the next studygroup, we will cover ECS concepts.
- Week #53: ECS Concepts
- Specific lesson: Understanding ECS Concepts
- In this lesson we will cover ECS concepts needed for the exam.
- #1 What is ECS?
- #2 What are the two modes for ECS?
- #3 What does EKS allow us to do?
- #4 What is ECR?
- #5 What are ECS and Docker great for?
- #6 What is EC2 mode?
- #7 What is Fargate?
- #8 What is a cluster?
- #9 What is a container definition?
- #10 What is a task definition?
- #11 What is a task?
- #12 What is deployed into a cluster? (hint: tasks and _____)
- In the next studygroup, we will cover ECS clusters.
- Week #54: ECS Clusters
- Specific lesson: ECS Cluster Overview
- In this lesson we will cover ECS clusters needed for the exam.
- #1 When would you choose to use EC2 mode?
- #2 When would you choose to use Fargate?
- * Exam tip: know when you would choose both for different scenarios.
- In the next studygroup, we will start a new course, AWS Storage, Databases and Migration.
- AWS Storage, Databases, and Migration (third course)
- Week #55: S3 Storage Classes
- Specific lesson: Understanding S3 Storage Classes
- In this lesson we will dive into S3 and the different storage classes. We will also create a bucket, but we must understand the different S3 storage class options because each offers tradeoffs between price, durability, performance, and speed of access.
- #1 What is S3?
- #2 What are the S3 storage class options?
- #3 When we store an object in S3, how many AZs is your data replicated too? (hint: trick question)
- #4 What is a use case for S3 Standard Storage?
- #5 What is a use case for S3 Intelligent Tiering?
- #6 What is a use case for S3 Infrequent Access?
- #7 What is a use case for S3 Infrequent Access One Zone?
- #8 What is a use case for both Glacier and Glacier Deep Archive?
- In the next studygroup, we will cover adding security to our new S3 bucket.
- Design/Build #50: Create a new S3 bucket and choose the appropriate storage class for your needs.
- Week #56: S3 Security
- Specific lesson: Adding S3 Security, Bucket Policies, and ACLs
- In this lesson we will dive into how security works in S3.
- #1 Why is S3 private by default?
- #2 How can we grant permissions for our S3 buckets and objects?
- #3 What is a bucket policy?
- #4 What is a resource policy?
- #5 What is an identity policy?
- #6 What is the principal for a resource policy? (hint: can be multiple answers)
- #7 How many bucket policies can be attached to a S3 bucket?
- #8 How many statements can a bucket policy have?
- #9 What is an ACL?
- #10 What is the option of blocking all public access, and will this affect resource policies on the S3 bucket?
- In the next studygroup, we will cover S3 encryption.
- Design/Build #51: Set up the needed permissions and security for your S3 bucket.
- Week #57: S3 Encryption
- Specific lesson: Using S3 Encryption
- In this lesson we will dive into S3 encryption.
- #1 What type of encryption do we have for S3?
- #2 Are S3 buckets encrypted?
- #3 What level should you enable encryption?
- #4 What is encryption at rest?
- #5 What is encryption in transit?
- #6 What two methods of encryption do we have in S3?
- #7 What is client-side encryption?
- #8 What is server-side encryption?
- #9 What are the three choices we have for server-side encryption?
- In the next studygroup, we will cover S3 object versioning.
- Design/Build #52: Set up the needed encryption for your S3 bucket. Do you need it? Can you think of scenarios for when each type of encryption would be needed and also for the 3 choices for server-side?
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement