AWS Certified Solutions Architect - Associate exam-SAA-C03

Explore EC2, the elastic compute cloud service, the building block of AWS compute that replaces physical machines for hosting applications and enables cloud deployment.

Provision compute capacity on the cloud with Amazon EC2, eliminating physical server management and enabling on-demand, second-by-second pricing for scalable, rapid deployment.

Learn how to launch an Amazon EC2 instance by selecting an operating system, choosing an Amazon Machine Image, configuring instance type, attaching storage with Amazon Elastic Block Storage, and networking.

Explore the default VPC in AWS, its subnets and availability zones, and how an Internet gateway enables traffic to EC2 instances in a virtual private cloud.

Deploy an EC2 instance on Ubuntu 22.04 in London (EU West 2), create a .pem key, and launch a t2.micro with 8 GB root volume in default VPC, enabling SSH.

Discover how to connect to a Linux EC2 instance using SSH from Windows, convert PEM to private key, and use Putty, while understanding public/private IPs, security groups, and Linux usernames.

Connect to an EC2 Linux instance from Windows 11 using the built-in SSH client, fix pem file permissions, and connect via the public IP address or DNS name.

Connect securely from a macOS machine to an EC2 Linux instance using SSH, by using the Linux .pem file, terminal commands, and the SSH client prompt.

Install nginx on an Ubuntu EC2 instance by updating package index and running sudo apt-get install nginx. Open port 80 in security group to view the home page.

Launch a Windows EC2 instance with Windows Server 2022 on a t2.medium, using a key pair to fetch the password, with a public IP and HTTP rule.

Connect to a Windows EC2 instance using remote desktop protocol (RDP), download remote desktop file, decrypt the administrator password with your private key, and access the Windows server on AWS.

Deploy a web server on a Windows EC2 instance by installing the IIS web server role via server manager, then view the IIS home page using the public IP.

Explore deploying an EC2 instance in a VPC with subnets across availability zones, using Ubuntu 22.04 AMI, and configuring security groups, key pair, public IP, and internet gateway.

Explore Amazon EC2 spot instances to leverage unused capacity and save on-demand costs. Learn to request, launch spot instances or fleets, and maintain capacity amid interruptions.

Explore AWS savings plans, including compute savings plans and EC2 instance savings plans, to apply discounts to EC2, Fargate, and Lambda with one- or three-year commitments.

Reserve EC2 capacity in a region with capacity reservations, choosing instance type, platform, availability zone, for a specified time to guarantee launching capacity and control billing.

Explore data storage options for EC2, including EBS volumes and disks attached to web and database servers, and store user videos on dedicated storage.

Learn how to use EBS volumes with EC2 to add and attach root and additional volumes, mount file systems, and persist data across termination within the same availability zone.

Create and attach a new gp2 general purpose EBS volume to a running EC2 instance, then format, mount, and start writing data.

Create an AWS elastic file system with mount targets in each availability zone. Mount it from Linux instances using the EFS utilities and adjust security groups to allow access.

Explore how FSx for Lustre implements Lustre on AWS to support high performance computing workloads. Data sets distribute across multiple file servers with caches and underlying storage to improve performance.

discusses instance store volumes as temporary, locally attached block storage on the host, offering access for buffers and caches, with limitations: attach at launch and data is lost if stopped.

Create and manage a simple Amazon S3 workflow by creating a bucket, uploading files and folders, and exploring object properties such as URL, URI, last modified, and size.

Discover how to access S3 objects, generate object URLs, and enable public access via bucket policies, while understanding block public access settings and the risks of anonymous access.

Explore secure access patterns for S3 objects, prefer granular access within your AWS account, and introduce IAM concepts like policies and roles.

Enable object versioning in an S3 bucket to create versions with changes; you can't disable it—only suspend, and costs apply for storing versions, with delete markers protecting against unintended deletes.

Explore Amazon S3 storage classes and data durability across availability zones, including S3 standard, standard infrequent access, one zone infrequent access, and S3 Glacier instant, flexible, and deep archive retrieval.

Explore Amazon S3 storage classes, including standard, standard infrequent access, one zone infrequent access, and glacier variants, and compare storage vs retrieval costs, minimum storage durations, and restoration times.

Learn how lifecycle rules automate transitions from S3 standard to infrequent access or Glacier after 30 days, and expire objects, with rules scoped by prefix or bucket.

Explore the S3 storage classes, including standard, standard infrequent access, Glacier tiers, and intelligent-tiering, with emphasis on cost trade-offs and access patterns for backups and long-term storage.

Explore Amazon S3 replication to copy objects from a source bucket to destination buckets, including cross region and batch replication, with versioning and IAM roles enabling it.

Create a source bucket in Mumbai and a destination bucket in Singapore, enable versioning, and configure a cross-region replication rule with an IAM role to replicate new objects.

Compare when to use EBS, EFS, or S3 for storage. EBS provides block storage on EC2, EFS offers a shared file system, and S3 stores images and videos as objects.

Track and manage AWS costs using the billing dashboard, cost explorer, and budgets. Monitor free tier usage, forecast spending, and receive alerts to delete idle resources.

Learn how AWS cost anomaly detection uses your spending patterns to identify deviations, create a cost monitor, and set up email subscriptions to alert you when thresholds are exceeded.

Create an IAM user, grant console access, and understand authentication versus authorization in identity and access management for S3 resources and buckets.

Assign an AWS managed policy, such as Amazon S3 read-only access, to an IAM user to grant S3 bucket visibility and object viewing, demonstrated in the lab.

Define IAM policies to control permissions for users or resources such as S3 buckets, using JSON-based documents. Compare identity-based and resource-based policies, including managed, inline, and permission boundaries.

Explore the documentation of AWS IAM actions on resources and condition keys, review service action tables (including s3), and use the reference page to clarify any action doubts for policies.

Modify the IAM policy to start and stop EC2 instances using resource tags, enforcing that production instances remain protected while non-production ones are controlled with string not equals condition.

Create a minimal IAM policy to grant a user permission to launch an EC2 instance, including describing VPCs, listing images and instance types, and referencing existing key pairs.

Learn how deny statements in AWS IAM policies override allows, with a simple example blocking all EC2 actions in a region and preventing instance visibility.

Explore how IAM policies are evaluated, combining identity-based, resource-based, and service control policies. AWS considers allow and deny statements and a flowchart to grant or deny access.

Explore resource-based policies in AWS, focusing on bucket policies attached to S3 buckets, and identify which services support resource-based policies, noting EC2 lacks support.

Explore using the AWS CLI to authenticate with a root user access key, configure the CLI, describe EC2 instances, and list S3 buckets with start and stop options.

Install and configure the AWS CLI on macOS using the GUI installer and terminal, then provide access keys, set the region and output format, and verify by listing S3 buckets.

Learn to create an IAM policy and role, attach the policy, and enable a user to assume the role to access S3 bucket objects securely.

Explore how AWS service roles let an EC2 instance access S3 data without embedding credentials, by assigning an IAM role that enables the application to obtain tokens.

Install Python 3.11 universal installer on macOS, set up the AWS CLI user with full S3 access, install boto3, and run a Python program that lists S3 buckets.

Create and attach a service-linked EC2 role with S3 bucket access, enabling a Python boto3 script to list buckets on the instance, then run it and clean up.

Use IAM roles to grant temporary access to AWS resources like S3 buckets, avoiding permanent IAM users. Auditors assume the role via an IAM policy for secure, low-maintenance access.

Learn how multi-factor authentication strengthens AWS login for IAM and root users by requiring a one-time code from a virtual MFA device or security key, protecting privileged access.

Explore how to enable multi-factor authentication for IAM users and the root account, using MFA devices or authenticator apps, scanning a QR code and entering one-time passwords during login.

Enable versioning and MFA delete on an S3 bucket, authenticate with a root MFA device, use the AWS CLI to delete object versions with MFA codes, and disable MFA delete.

Learn IAM best practices to secure your AWS environment: avoid using the root account, enable MFA, create IAM users and roles, rotate access keys, and apply least permissions with conditions.

Set a custom password policy for your AWS account by editing the password policy under account settings in security credentials, and define password strength and requirements for IAM users.

Create an AWS organization with a management account and add existing accounts via invitations. Accept invitations to consolidate accounts and explore use case scenarios of AWS organizations.

Explore IAM Identity Center, the successor to AWS Single Sign-On, and learn how it simplifies cross-account access, supports third-party apps like Dropbox, and integrates with Azure AD or on-premises AD.

Enable IAM identity center, create a new AWS organization, and add users with emails and one-time passwords, assign groups, and access the portal to sign in and set a password.

Learn how to configure single sign-on for external apps using IAM Identity Center, including adding pre-integrated applications like Dropbox and following step-by-step setup instructions.

Explore the AWS Health Dashboard to monitor underlying infrastructure issues, view service history and event details, and use the AWS Health API for automated regional failover to protect workloads.

Explore the structure and benefits of IAM policies and bucket policies, and learn how to create and assign policies to AWS resources, essential for exam preparation.

Focus on understanding and creating IAM policies with practical labs and demos, preparing for the architect level exam by practicing cloud architectures and AWS services.

Explore the virtual private cloud as a logically isolated AWS network, learn about CIDR blocks, private IPv4 addresses, and how network masks define networks and hosts.

Explore how subnets inside a virtual private cloud segment workloads, assign cidr blocks, and separate public web servers from private databases, using route tables and internet gateways across availability zones.

Create a vpc named app vpc in the Mumbai region using the aws management console, assign an IPv4 cidr block, and explore the vpc dashboard and default vpc.

Create and configure subnets in an AWS VPC, establishing a public and a private subnet using CIDR blocks, availability zones, an internet gateway, and route tables.

Launch an EC2 instance in a VPC web subnet to run nginx, assign a public IP, and open http traffic via a security group and the internet gateway.

Explore security groups by configuring inbound rules for http on port 80 and SSH from your IP, and understand their stateful behavior with outbound rules enabling internet access.

Explore how a Nat gateway provides network address translation, letting private subnet instances reach the internet through a public subnet and an elastic IP, while inbound connections remain blocked.

Explore elastic IP addresses, a static public IP you assign to an EC2 instance to prevent changes when you stop or start, ensuring consistent domain mapping.

Explore the elastic network interface as the EC2 virtual network card, with a primary private IP from the subnet, optional secondary IPs, a public IP, and security groups.

Install the MySQL server on the dbm0 machine, check its status, and set the root password. Create database Aptb, then a table with course_id, course_name, rating, and insert three rows.

Install the MySQL client on the web VM, configure MySQL to listen on the private IP, grant app user privileges, and test connectivity to the DB VM on port 3306.

NAT instance uses an EC2 with a NAT-based AMI in a public subnet to translate private subnet traffic via route tables to the internet, contrasting with NAT gateway.

Explore gateway endpoints that let private subnets access S3 and DynamoDB without NAT, and learn lab steps installing AWS CLI and creating the gateway endpoint.

Install and configure the AWS CLI on linux, then set up an S3 gateway endpoint and update the VPC route table. Test S3 access via the gateway endpoint in ap-south-1.

Explore IP version six addressing, contrast 128-bit IPv6 with 32-bit IPv4 and NAT, and learn the 64-bit network and interface split to enable IPv6 in your VPC.

Learn how to implement VPC peering across regions, accept the request, update route tables with CIDR blocks, and validate private connectivity using curl to private and public IPs.

Enable IPv6 in your VPC by adding an IPv6 CIDR block, enabling auto-assign on subnets, and assigning IPv6 addresses to the EC2 instance for dual-stack operation.

Enable the egress-only gateway, a highly available AWS VPC resource for outbound IPv6 traffic while blocking inbound IPv6 connections to EC2 instances; for IPv4, use the NAT gateway.

Master AWS VPC basics: CIDR blocks, subnets, route tables, internet gateways, security groups, NAT gateways or instances, and network access control lists, plus VPC peering and gateway endpoints.

Explore AWS data services by examining two core offerings: Amazon Relational Database Service for managed relational databases and Amazon DynamoDB for NoSQL workloads.

Explore core concepts of high availability, fault tolerance, and scalability to guide the use of AWS data services and build a highly available, scalable application infrastructure.

Explore high availability on AWS by deploying multiple EC2 instances across availability zones, using elastic load balancing, and distributing traffic to keep a production web application and database resilient.

Explore scalability strategies for web applications on EC2 by resisting bottlenecks through scale-up and scale-out, distributing load across multiple machines, and balancing costs during peak and off-peak periods.

analyze disaster recovery by comparing active-active and active-passive setups for a multi-machine app and database in Mumbai, focusing on cost, business impact, and data replication to the secondary region.

Explore how on premises infrastructure hosts applications and databases in a dedicated data center with racks, power, cooling, and networking, and compare it to cloud options like AWS.

Explore Amazon Relational Database Service as a fully managed database platform that handles compute, backups, and patches, supporting MariaDB, Microsoft SQL Server, MySQL, Oracle, and PostgreSQL.

Launch a MySQL database instance in a VPC with DB subnet groups and public subnets, then connect from a laptop and a PHP web app.

Demonstrate creating a relational database in AWS, configure a VPC with two subnets, create a DB subnet group, choose MySQL under the free tier, and set backups, DNS, and security.

Enable multi-az deployment to create a standby replica in another availability zone. This setup provides automatic failover and continuous data replication for a resilient AWS database.

Explore automated backups for AWS RDS, with full backups, incremental changes, retention 1 to 35 days, and manual snapshots you can restore or clone to a new DB instance.

Learn how read replicas provide a separate, read-only database copy with asynchronous replication from the primary, enabling offload for reporting while the primary handles reads and writes.

Utilize the AWS RDS proxy to manage database connections, reuse idle connections, and reduce CPU and memory overhead across clients, even during failover.

Explore Amazon Aurora, a managed relational database engine compatible with MySQL and PostgreSQL, offering a cluster with a primary instance and six copies for high availability on AWS.

Compare provisioned capacity with Aurora serverless for hosting your database, and learn how on-demand auto scaling charges only for consumed resources with unpredictable workloads.

Explore Amazon Aurora global databases, using a primary cluster with read replicas to enable cross-region high availability and disaster recovery with regional secondary clusters that are read-only.

Amazon DynamoDB offers a fully managed NoSQL database with fast, predictable performance on AWS. Create tables and store data with key-value or document models, enjoying out-of-the-box scalability.

Explore how to create a DynamoDB table in a fully managed NoSQL service, define a partition key like rating ID, and add items using form or Json views.

Learn DynamoDB essentials: tables of items with attributes, partition keys and optional sort keys for primary or composite keys, and provisioned, auto scaling, or on-demand capacity.

Learn how to use Amazon DynamoDB time to live to automatically expire items based on an epoch timestamp. Enable TTL, add a TTL numeric attribute, and observe automatic item deletion.

Explore using a VPC endpoint for DynamoDB to enable private communication from EC2 instances in a private subnet, matching the VPC endpoint setup you already know for S3.

Learn to create on-demand backups for DynamoDB tables and use AWS Backup for long-term retention. The chapter covers point-in-time restores from 1 to 35 days and cross-region restoration to Singapore.

Use S3 to store images and store the image URL and name in DynamoDB. Embrace serverless, scalable, fully managed services for storing images and their metadata.

Explore how the AWS database migration service facilitates moving relational and NoSQL databases, using a replication instance, endpoints, and migration tasks for full loads and ongoing changes.

Build core concepts with deep dives into AWS services, then learn how other services deploy and interact within a VPC. Some topics receive notes aligned to the exam.

Explore amazon web services relational database services, including rds and aurora, with multi-az, read replicas, automated backups, and cross-region capabilities, plus nosql options like dynamodb and caching with elasticache.

Discover Amazon Route 53, a highly available domain name system that registers domains, routes internet traffic to resources, and checks resource health.

Route requests for cloud hub.com to the Apache web server on an EC2 instance by configuring DNS records with an external provider and routing via Route 53.

Map a domain to a public IP using Route 53 hosted zones and configure GoDaddy name servers to route DNS records such as A, CNAME, TXT, and state of authority.

Explore how the latency routing policy in Route 53 directs traffic to the endpoint with the lowest latency, demonstrated with Mumbai and Singapore instances.

Explore the geo location routing policy in Amazon Route 53, directing user requests to endpoints based on location, with Asia routing to Mumbai and Singapore demonstrated.

Discover how multivalue answer routing in Route 53 maps a domain to multiple machines' public IP addresses, returning all addresses to clients for simple load balancing by using multivalue records.

Learn how the AWS certificate manager creates, stores, and renews public and private certificates to secure transport layer security connections and verify site identity.

Request a certificate with AWS certificate manager, validate ownership via Route 53 DNS, and attach it to a CloudFront distribution to enable HTTPS for a wildcard cloud hub.com via CNAME.

Apply geographic restrictions in CloudFront to control access by country, using allow lists or block lists to permit or deny requests from specific locations.

Explore elastic load balancing in AWS to distribute traffic across EC2 instances, map your domain to the load balancer's IP, and route requests to healthy targets.

Explore the application load balancer, a layer seven AWS service that routes client requests via listeners to backend targets using path and host rules across multiple availability zones.

Learn to implement an application load balancer with path-based routing, create image and video target groups, configure health checks, listeners, and Route 53 alias records for seamless routing.

Learn how to enable sticky sessions on the application load balancer to achieve session affinity, keeping a user's requests on the same EC2 instance for faster, reliable app interactions.

Introduces the network load balancer that operates at layer four, establishing tcp connections to backend targets without inspecting application details, delivering low latency and high throughput.

Configure a network load balancer in front of two EC2 instances using a single TCP target group and health checks to route traffic to healthy targets, demonstrating high availability.

Route cross-VPC traffic through an intermediate security VPC with intrusion detection and prevention software using a gateway load balancer, then forward requests to the application layer.

Leverage the AWS Global Accelerator to improve latency for on-premises applications deployed across multiple regions, with Direct Connect and network load balancers routing to optimal endpoints.

Explore how Amazon EC2 auto scaling groups provision and scale instances to meet demand, lowering costs. Define min, max, and desired capacity, and use health checks to replace unhealthy instances.

Create a launch template for Ubuntu with a t2.micro instance and the existing security group, then set up an auto scaling group across subnets with min, desired, max capacities.

Explore how to implement dynamic and simple scaling policies in an AWS auto scaling group using CloudWatch alarms, CPU utilization thresholds, and SNS notifications.

Learn how to create schedule scaling actions for auto scaling groups in Amazon EC2, increasing capacity during defined intervals and reducing it afterward.

Enable automatic storage scaling for Amazon RDS to handle space deficits without manual intervention. Learn how the service detects low storage and scales RDS storage automatically.

Combine auto scaling groups with a network load balancer by deploying a web image with Apache and PHP, configuring target groups, health checks, and a 30% CPU target.

Explore aws direct connect as a dedicated, isp-provided link that bypasses the internet, offering private and public virtual interfaces to access a vpc and services like s3.

Architects design a highly available, scalable architecture by deploying multiple EC2 instances across subnets and availability zones, using auto scaling groups and elastic file system options.

Summarizes routing and traffic management with Route 53, health checks, and routing policies, and explains CloudFront delivery, various load balancers, EC2 auto scaling, and AWS network firewall and VPN connections.

Explore AWS monitoring and logging by examining CloudWatch metrics and logs for resource performance, and learn how CloudTrail tracks API activity across your applications.

Explore CloudWatch to monitor and log AWS resources in real time, view EC2 CPU, disk, and network metrics, graph them on dashboards, and configure alarms with SNS and CloudWatch Logs.

Configure CloudWatch alarm actions to manage EC2 instances by stopping, rebooting, or terminating when an alarm triggers, and validate behavior through AWS CLI state changes, notifications, and cleanup.

Install the CloudWatch agent on an EC2 instance to collect system metrics and send Apache access logs to CloudWatch Logs, then configure IAM roles and log groups to centralize data.

Capture IP traffic on EC2 network interfaces with VPC flow logs and publish to CloudWatch Logs, S3, or Kinesis, then review log groups and streams.

Learn how to enable S3 server access logging and configure a destination bucket for access logs to support security audits of bucket activity.

Explore AWS Lambda, a serverless compute service with managed infrastructure and pay-per-runtime pricing. See how to offload image processing from a user app to Lambda using an S3 bucket.

Create a Python AWS lambda function that lists all S3 buckets using Boto3 and deploy it. Attach an S3 read-only policy to execution role and use CloudWatch logs for debugging.

Explore how to configure S3 event notifications to invoke a Lambda function, process the event payload, and extract bucket name, object key, and size, with logs visible in CloudWatch.

Enable AWS Lambda outbound connectivity by attaching Lambda to a VPC, creating a network interface in a private DB subnet. Configure permissions and security groups to support access.

Explore how to enable inbound connectivity to AWS Lambda from private subnets by configuring an interface VPC endpoint, replacing a NAT gateway for Lambda calls.

Learn how to run AWS lambda at cloudfront edge locations to authorize users and modify responses, reducing latency for sites hosted on S3 with cognito authentication.

Explore AWS step functions, a serverless orchestration service that creates state machines for event-driven tasks, visualized with drag-and-drop design, and templates for data workflows such as ETL.

Learn how Amazon API Gateway sits between clients and APIs to secure, cache, version, and throttle access using HTTP methods and CloudFront.

Use the Amazon API Gateway to expose back-end APIs backed by two Lambda functions for posting and retrieving course details, stored in a DynamoDB table with ratings.

Set up a rest api in api gateway, connect get and post methods to Lambda with proxy integration, and persist course items in DynamoDB.

Learn how usage plans in Amazon API Gateway control access to API stages and methods, set request limits, and use API keys to authorize privileged clients such as premium customers.

Explore AWS Simple Notification Service (SNS): publish messages to a topic, subscribe via email or mobile endpoints, and use standard or FIFO topics with Lambda, SQS, and Kinesis Data Firehose.

install and run Visual Studio for MacOS, sign in with a Microsoft account, open a solution, and run a program using Simple Queue Service to send and receive messages.

This note explains fifo delivery logic for Amazon SQS, highlighting first in, first out ordering and the essential message group ID, with arrival order preserved.

Explore decoupling with SQS in a video processing workflow and scale an auto scaling group of EC2 instances using a custom CloudWatch metric based on queue size.

Explore a fan-out pattern using Amazon SNS to publish a message to a topic subscribed by multiple queues, enabling parallel video processing and caption generation.

Automate the start and stop of EC2 instances using Amazon EventBridge and AWS Lambda to reduce costs in a daytime-only test environment by scheduling shutdowns and restarts.

Explore how S3 event notifications trigger actions on object uploads, with default targets like AWS Lambda, SNS, and SQS, and how EventBridge enables additional targets.

Explore Amazon Pinpoint as a multi-channel engagement service that sends push notifications, in-app messages, and emails, tracks user interactions with metrics, and supports two-way SMS.

Explore how Docker containers package apps with their libraries, enabling isolated execution on EC2 host, preventing environment conflicts, and learn how to build images and run containers for AWS deployments.

Publish your docker image to Amazon Elastic Container Registry to securely store, tag, and push containers, enabling deployment across AWS with the AWS CLI.

Explore how Kubernetes and the Amazon Elastic Kubernetes service manage container deployments for microservices architectures, enabling independent services, API communication, data stores, and automatic recovery.

Create a cluster with an IAM role for the control plane and a node group; deploy containers via kubectl using a deployment YAML from the Elastic Container Registry.

Scale your Kubernetes workloads on Amazon Elastic Kubernetes service using horizontal pod scaler to increase pods for higher availability, and use cluster auto scale to resize EC2-based node pool.

Learn how AWS Elastic Beanstalk deploys apps with minimal infrastructure work, automatically provisioning EC2 instances, a load balancer, and auto scaling, while supporting PHP, Node.js, Python, and DynamoDB integration.