
We believe this is the best course currently available anywhere for helping you pass the AWS Solutions Architect Associate Certification Exam. This Part of the Course, the Course Overview is provided free for Registered Members This course has been put together with one sole purpose in mind, that being, to provide you with the necessary resources and knowledge to study and pass this exam. Nothing in this course is excess. Meaning any material in this course is there because it may appear on the exam. Other AWS courses may teach you how to use the console, how to use the CLI and other things but you will not find much of that here as it is not pertinent to passing this exam.
In this lecture we will go through the The AWS Certified Solutions Architect – Associate exam overview as it is defined on the AWS website and also the AWS exam Blueprint. You will then be shown what we believe to be a better blueprint for this exam as defined by Cloud Certification Training and this will be the basis for the outline of this course. We will also discuss the structure of our course and what we believe is the best way to approach it to get the best out of the course for you to successfully pass the AWS Certification Exam.
In this lecture we will discuss Public and Private IP Addresses in the VPC. AWS provides your instances in a VPC with IP addresses. Private IP addresses are not reachable over the Internet, and can be used for communication between the instances in your VPC. Public IP addresses are reachable over the Internet, and can be used for communication between your instances and the Internet, or with other AWS services that have public endpoints.
Exam Study Tip
Subnets come in two flavors, public and private. Here’s how they work:
In this lecture we discuss Security Groups and Network ACLs When you launch an instance in a VPC, you can associate one or more security groups that you've created. Each instance in your VPC could belong to a different set of security groups. If you don't specify a security group when you launch an instance, the instance automatically belongs to the default security group for the VPC. You can secure your VPC instances using only security groups. However, you can add network ACLs as a second layer of defense.
As you get started with Amazon VPC, you should understand the key concepts of this virtual network, and how it is similar to or different from your own networks. This section provides a brief description of the key concepts for Amazon VPC. In this Unit we discuss the key VPC concepts of Route tables, Internet gateways and NAT Instances.
Exam Study Tip
Instances that you launch into a private subnet in a virtual private cloud (VPC) can’t communicate with the Internet. You can optionally use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.
In this lecture I explain a new model that AWS now uses(and one took me a little while to fully understand) when launching an EC2 instance. The idea of launching an EC2 instance on a particular VPC subnet is effectively obsolete. A single EC2 instance can now be attached to two ENIs, each one on a distinct subnet. The ENI (not the instance) is now associated with a subnet and the consequencies of that are discussed in this lecture.
Exam Study Tip
Attaching multiple elastic network interfaces to an instance is useful when you want to:
In this lecture we discuss Elasticity and Scalability, Elastic Load Balancing and Auto Scaling. Auto Scaling is a web service designed to launch or terminate Amazon EC2 instances automatically based on user-defined policies, schedules, and health checks. Elastic Load Balancing automatically distributes your incoming application traffic across multiple Amazon EC2 instances. It detects unhealthy instances and reroutes traffic to healthy instances until the unhealthy instances have been restored. Elastic Load Balancing automatically scales its request handling capacity in response to incoming traffic.
Exam Study Tip
When one Availability Zone becomes unhealthy or unavailable, Auto Scaling launches new instances in an unaffected Availability Zone. When the unhealthy Availability Zone returns to a healthy state, Auto Scaling automatically redistributes the application instances evenly across all of the Availability Zones for your Auto Scaling group. Auto Scaling does this by attempting to launch new instances in the Availability Zone with the fewest instances. If the attempt fails, however, Auto Scaling attempts to launch in other Availability Zones until it succeeds. Auto Scaling cannot increase the size of an Instance if the the CPU utilization is above the threshold that has been set.
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region.
Exam Study Tip
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizeable computing capacity—literally, servers in Amazon's data centers—that you use to build and host your software systems. In this lecture we discuss Amazon EC2 and more specifically it's features surrounding Implementation and deployment.
Exam Study Tip
Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. Public–key cryptography uses a public key to encrypt a piece of data, such as a password, then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair.
In this lecture we discuss the intricacies of Amazon Simple Storage Service (Amazon S3) , which is storage for the Internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. You can accomplish these tasks using the simple and intuitive web interface of the AWS Management Console.
Exam Study Tip
Reduced Redundancy Storage (RRS) is an Amazon S3 storage option that enables customers to reduce their costs by storing noncritical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage. It provides a cost-effective, highly available solution for distributing or sharing content that is durably stored elsewhere, or for storing thumbnails, transcoded media, or other processed data that can be easily reproduced.
In this lecture we discuss the various deployment tools available on AWS and which of those are likely to appear on the AWS Solutions Architect Exam.
Exam Study Tip
A CloudFormation template is a JSON-formatted text file that describes your AWS infrastructure. Templates include several major sections.
Note: the Resources section is the only section that is actually required!
In this lecture we discuss Amazon Elastic Block Store (Amazon EBS) which provides persistent block level storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low-latency performance needed to run your workloads. With Amazon EBS, you can scale your usage up or down within minutes – all while paying a low price for only what you provision.
Exam Study Tip
An Amazon EBS volume is a durable, block-level storage device that you can attach to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for a database application. EBS volumes persist independently from the running life of an EC2 instance. After a volume is attached to an instance, you can use it like any other physical hard drive.
AWS Import/Export is a service that accelerates transferring large amounts of data into and out of AWS using physical storage appliances, bypassing the Internet. AWS Import/Export consists of AWS Import/Export Snowball (Snowball), which uses on demand, Amazon-provided secure storage appliances to physically transport terabytes to many petabytes of data, and AWS Import/Export Disk, which utilizes customer-provided portable devices to transfer smaller datasets. In this lecture we will discuss both AWS Import/Export and the new AWS Import/Export Snowball (Snowball).
Exam Study Tip
AWS Import/Export Disk was originally the only service offered by AWS for data transfer by mail. Disk supports transfers data directly onto and off of storage devices you own using the Amazon high-speed internal network.
The benefits of using Disk are as follows:
The limitations of using Disk are as follows:
In this lecture we discuss the Data Security surrounding the AWS Storage Gateway. The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. The service enables you to securely store data to the AWS cloud for scalable and cost-effective storage. The AWS Storage Gateway supports industry-standard storage protocols that work with your existing applications. It provides low-latency performance by maintaining frequently accessed data on-premises while encrypting and storing all of your data in Amazon Simple Storage Service (Amazon S3) or Amazon Glacier.
Exam Study Tip
The AWS Storage Gateway supports industry-standard storage protocols that work with your existing applications. It provides low-latency performance by maintaining frequently accessed data on-premises while encrypting and storing all of your data in Amazon Simple Storage Service (Amazon S3) or Amazon Glacier.
In this section we discuss Amazon Route 53 which is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
Exam Study Tip
Amazon Route 53 health checks monitor the health of your resources such as web servers and email servers. You can configure CloudWatch alarms for your health checks, so that you receive notification when a resource becomes unavailable. You can also configure Amazon Route 53 to route Internet traffic away from resources that are unavailable.
Exam Study Tips
When evaluating the security of a cloud solution, it is important for customers to understand and distinguish between: -Security measures that the cloud service provider (AWS) implements and operates – "security of the cloud" -Security measures that the customer implements and operates, related to the security of customer content and applications that make use of AWS services – "security in the cloud". In this lecture we discuss these differences.
In this lecture we discuss Data protection and Encryption which refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption.
Exam Study Tip
In this lecture we discuss the more complex areas of AWS access controls.
Exam Study Tip
In this lecture we discuss Amazon CloudWatch. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate.
Exam Study Tip
With CloudWatch Logs, you can monitor your logs, in near real time, for specific phrases, values or patterns. For example, you could set an alarm on the number of errors that occur in your system logs or view graphs of latency of web requests from your application logs. You can then view the original log data to see the source of the problem. Log data can be stored and accessed indefinitely in highly durable, low-cost storage so you don’t have to worry about filling up hard drives.
In this lecture we go over any Storage Options that we have not already discussed and specifically highlight Storage options that you may be quizzed on in the AWS Solutions Architect Exam.
Exam Study Tip
Amazon Glacier is a storage service optimized for infrequently used data, or “cold data.” The service provides durable and extremely low-cost storage with security features for data archiving and backup.
In this lecture we go through the various database options available in AWS and more importantly highlight the databases that may be in the AWS Solutions Architect Exam.
In this lecture we discuss Simple Workflow (SWF), Simple Queue Services (SQS), and Simple Notification Services (SNS)
Exam Study Tip
Both Amazon SWF and Amazon SQS can be used to develop distributed, decoupled applications. Amazon SWF provides an infrastructure that is designed for coordinating tasks when building highly scalable and auditable applications. Amazon SQS, on the other hand, provides a reliable, highly scalable, hosted queue for storing messages.
We have already discussed that Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. In this lecture however we highlight the more specific types of Instances available such as on demand, reserved and spot.
Exam Study Tip
You are charged the Spot market price (not your bid price) for as long as the Spot instance runs. If your Spot instance is interrupted because the Spot market price increases above your bid price, you will not be charged for the partial hour that your instance has run.
In this lecture we discuss Placement Groups. A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gbps network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.
Exam Study Tip
A placement group can’t span multiple Availability Zones.
In this Lecture we discuss AWS Direct Connect, AWS CloudTrail, AWS Directory Service and AWS CloudFront.
Exam Study Tip
CloudFront is a CDN capability that distributes S3 objects geographically. An OAI is sort of like a service account for a CloudFront distribution. Using an OAI you can restrict access to S3 content effectively preventing direct access to content in S3 but still allowing CloudFront access to distribute that data.
In our final lecture we go through a few general troubleshooting questions that you might see in the Exam.
Exam Study Tip
You need a broad understanding of all Services, especially VPC.
The AWS Solutions Architect Certification Course, is, I believe, the best online course currently available anywhere, for helping you pass the AWS Solutions Architect Certification Exam(Associate Level).
This course has been put together with one sole purpose in mind, that being to provide you with the necessary resources and knowledge to study and pass the AWS Certified Solutions Architect – Associate Level Exam. Nothing in this course is excess. Meaning any material in this course is there because it may appear in the exam. Other AWS courses may teach you how to use the console, how to use the CLI and other information, but you will not find much of that in this course as it is not pertinent to passing this exam.
Some of the unique features you will find in this course.