AWS Certified Solutions Architect – Associate Level

Course

Intro Video

Photo of Adrian Cantrill

Adrian Cantrill

Training Architect

Length

44:25:58

Difficulty

Intermediate

Videos

158

Hands-on Labs

12

Quizzes/Exams

15

Course Details

Welcome to Linux Academy's all-new AWS Certified Solutions Architect - Associate course. This course prepares you to take the AWS Solutions Architect - Associate certification exam, including 2019 updates. This course has been developed to provide you with the requisite knowledge to not only pass the AWS CSA certification exam but also gain the hands-on experience required to become a qualified AWS Solutions Architect working in a real-world environment.

As part of this course, you will make use of our unique interactive learning tool: The Orion Papers, which is a non-linear, visual, interactive guide designed to enhance your learning and understanding of AWS. This guide can be used independently of the video lessons but is meant to be supplemental and used in conjunction with the video lessons and hands-on labs.

Access the Orion Papers 2019: https://interactive.linuxacademy.com/diagrams/AWSCSA.html

Join the Linux Academy community Slack to chat, and make sure you join the #aws channel: https://slack.linuxacademy.com/

Syllabus

Introduction

Getting Started

Course Introduction

00:04:54

Lesson Description:

Welcome to the AWS Certified Solutions Architect - Associate level course. This is to prepare you to take the 2019 version of the AWS Solutions Architect Associate level certification. Linux Academy Community Slack Please join our community at http://slack.linuxacademy.com Author Social Media Please connect with me on LinkedIN and Twitter https://www.linkedin.com/in/adriancantrill/https://twitter.com/adriancantrill

About the Training Architect

00:01:29

Lesson Description:

In this lesson you can learn a little about the author of this course and your instructor - Adrian Cantrill. Author Social Media https://www.linkedin.com/in/adriancantrill/https://twitter.com/adriancantrill

Working as a Solutions Architect

00:05:29

Lesson Description:

Being a solutions architect is a rewarding career but one which requires a unique set of skills. In this video I step through some of the key elements of being an SA.

Creating an AWS Account, AWS Free Tier, Usage Tracking, and Billing Widget

00:19:14

Lesson Description:

An AWS Account is an essential part of learning AWS. There is no better way to gain experience of using AWS products and their architectures than actually using AWS. The linux academy platform includes access to AWS accounts as part of your subscription, but there are times when you will need your own account. This lesson steps through:- Creating an AWS AccountSetting up a billing alarmAdding Multi-factor Authentication (MFA) to the account root user If you do create an AWS account you are responsible for any charges which is why it's recomended that you always use the AWS Accounts provided as part of your linux academy subscription. Lesson Links http://aws.amazon.comhttps://aws.amazon.com/free/ (some services are always free, some have a free 12 month allocation) Multi-Factor Authentication Applications https://aws.amazon.com/iam/details/mfa/ https://itunes.apple.com/au/app/google-authenticator/id388497605?mt=8https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_AUhttps://1password.com/https://authy.com/

Community and Social

00:03:27

Lesson Description:

Connecting and taking part in the Linux Academy Community not only helps keep this course up to date, but also offers advantages to your studies. You gain access to over 15,000 students going through the same learning journey, exchanging ideas and tackling problems together. Links Linux Academy Community Slack Linux Academy LinkedIN Linux Academy Twitter Instructor LinkedIN Intructor Twitter

AWS and SA Fundamentals

Architecture 101

Access Management

00:05:11

Lesson Description:

In this video, we will begin our discussion of architecture fundamentals, starting with access management. We will talk about the key differences between authentication and authorization and go over several important terms related to these topics.

Shared Responsibility/Security Model

00:04:34

Lesson Description:

Amazon Web Services (AWS) is a complex and flexible cloud platform. The security of the AWS platform is partially managed by AWS, and some parts are the customer's responsibility. In this video, we will disuss this shared model of responsibility.

Service Models

00:09:02

Lesson Description:

Service models aren't terribly exciting, but they are an essential concept to understand when selecting products, features, and architectures to include within projects. Really understanding the differences between service models will set you apart from other solutions architects. This video introduces service models at a high level.

High Availability vs. Fault Tolerance

00:08:12

Lesson Description:

Knowing the difference between Fault Tolerance (FT) and High Availability (HA) can help you avoid costly and, in some cases, critical errors. In this video, we will go over the definitions of these two terms and how they differ from the content of solutions architecture.

RPO vs. RTO

00:06:12

Lesson Description:

In this lesson, we will go over two important disaster recovery concepts: Recovery Point Objective (RPO) and Recovery Time Objective (RTO). We will discuss the meaning of each term, the differences between the two concepts, and how to improve these metrics in a disaster recovery scenario.

Scaling

00:05:58

Lesson Description:

Implementing an effective scaling process in AWS is an essential skill for any solutions architect. This lesson introduces the differences between horizontal and vertical scaling.

Tiered Application Design

00:05:11

Lesson Description:

Designing tiered applications and understanding tiered architecture are both essential skills for an effective solutions architect. In this lesson, we will talk about why tiered design is important, focusing on the main functionality of each tier and how tiered design can improve scaling and performance.

Encryption

00:14:30

Lesson Description:

Encryption is a process used extensively in AWS. This lesson introduces the fundamentals of encryption and includes a short demonstration of basic encryption. The commands used in this lesson are: echo "Cats are Amazing" > hiddenmessage.txt gpg -c hiddenmessage.txt cat hiddenmessage.txt.gpg # this clears the cached password echo RELOADAGENT | gpg-connect-agent gpg -o output.txt hiddenmessage.txt.gpg rm hiddenmessage.txt.gpg rm output.txt gpg --gen-key gpg --armor --output pubkey.txt --export 'Adrian' gpg --armor --output privkey.asc --export-secret-keys 'Adrian' gpg --encrypt --recipient 'Adrian' hiddenmessage.txt gpg --output decrypted.txt --decrypt hiddenmessage.txt.gpg

Architecture Odds and Ends

00:10:29

Lesson Description:

In this lesson, we will wrap up our discussion of architecture by going over a few general architecture concepts covered in the AWS documentation and on the CSA exam. We will talk about the following topics: Cost-effective architectureSecure architectureApplication session stateUndifferentiated heavy lifting

Architecture 101

00:30:00

AWS Architecture 101

AWS Accounts

00:07:16

Lesson Description:

AWS accounts are more than just a way to log in and access AWS services — they are a crucial AWS feature that AWS solutions architects can use to implement secure and high-performance systems. In this video, we will talk about the capabilities of AWS accounts, including: AuthenticationAuthorizationBilling

AWS Physical and Networking Layer

00:14:08

Lesson Description:

AWS manages a high-performance, reliable, and cost-effective global infrastructure platform. In this lesson, we will discuss the different components of the AWS platform and how each of them is useful to the solutions architect. Lesson Links https://aws.amazon.com/about-aws/global-infrastructure/ https://www.infrastructure.aws/ https://docs.aws.amazon.com/general/latest/gr/rande.html

Well-Architected Framework

00:14:44

Lesson Description:

In this video, we will go over the principles of the Well-Architected Framework. For more on the AWS Well-Architected Framework., see: https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf

Elasticity

00:08:25

Lesson Description:

In this lesson, we will build on our earlier discussion of horizontal and vertical scaling by diving into elasticity (automated horizontal scaling).

AWS Architecture 101

00:30:00

AWS Product Fundamentals

Console Tour and Navigation

00:08:57

Lesson Description:

The AWS Console is the primary way we will access AWS services throughout this course. It has a number of important and time-saving features that are helpful to know. This video provides a quick walkthrough of those features.

Introduction to S3

00:16:29

Lesson Description:

Simple Storage Service, or S3, is an object storage product provided by AWS. It's one of the most widely-used and flexible AWS services. In this video, we will become familiar with the S3 service, as it is used by various other AWS services and throughout this course.

Introduction to CloudFormation

00:18:50

Lesson Description:

This lesson provides an introduction to CloudFormation, an automation product within AWS. CloudFormation allows a Solutions Architect to design and declare infrastructure in advance — creating a template that can be used to consistently deploy infrastructure in AWS. Lesson Files GitHub Lesson FilesCloudFormation TemplateCloudFormation Resource Reference

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

AWS Product Fundamentals

00:30:00

Identity and Access Control

IAM (Identity and Access Management)

IAM Essentials

00:14:34

Lesson Description:

Identity and Access Management, known as IAM, is one of the key services within AWS. It controls access to the AWS API endpoints that are used by the console UI, command line tools, and any applications wanting to utilize AWS. This lesson introduces the fundamental components of IAM at a high level. Note: S3 no longer supports bucket names with uppercase letters or underscores.

IAM Policies

00:15:37

Lesson Description:

IAM policies are JSON documents that either allow or deny access to combinations of actions and resources. This lesson walks through the architecture of a policy, looks at a few examples, and explains how they are used within AWS. Lesson Links Policy Evaluation Logic

IAM Users

00:16:07

Lesson Description:

IAM users are one identity provided by IAM. This lesson goes over the functionality provided by IAM users and talks about scenarios where IAM users should (and shouldn't) be used.

IAM Groups

00:08:44

Lesson Description:

IAM groups allow for large-scale management of IAM users. This way, policies can be applied to groups and impact collections of similar users. Lesson Links IAM Groups not real identities Note that a group is not truly an "identity" in IAM because it cannot be identified as a Principal in a permission policy. It is simply a way to attach policies to multiple users at one time.

IAM Access Keys

00:08:36

Lesson Description:

Access keys consist of access key IDs and secret access keys. Access keys are the long-term credentials used to authenticate to AWS for anything but the console UI. This lesson walks through the architecture and discusses some key exam-relevant points.

Securing Your Account — Creating an IAM User and Setting Up the CLI

00:15:15

Lesson Description:

This lesson walks through finishing up your secure AWS account configuration:: Adding an IAM userAdding MFA to that IAM userCreating an access key pairInstalling the CLI tools on Windows, Linux, and MacOS Windows Tools Install Visit: AWS Command Line Interface.Download and run the 64-Bit installer, accepting all defaults. Open the command prompt, and verify tools are installed using aws.Run aws configure and enter the access key ID and secret access key you noted down earlier in the lesson, with us-east-1 as the region and json as the default output format. Linux Install (Tested on CentOS) sudo yum install epel-release sudo yum install python-pip sudo pip install awscliRun aws configure and enter the access key ID and secret access key you noted down earlier in the lesson, with us-east-1 as the region and json as the default output format. MacOS /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" brew install awscliRun aws configure and enter the access key ID and secret access key you noted down earlier in the lesson, with us-east-1 as the region and json as the default output format. Testing aws s3 ls

IAM Roles

00:17:38

Lesson Description:

IAM roles are one of the more difficult identity types to understand in AWS. This lesson introduces the key architecture and prepares for upcoming lessons that demonstrate the role architecture.

IAM Essentials

00:30:00

Multi-Account Management and Organizations

AWS Organizations

00:14:29

Lesson Description:

AWS Organizations is useful for businesses that need to manage multiple accounts. It provides the following features: Consolidated billingService control policies (SCPs)Account creationSimplified role switching

Role Switching Between Accounts

00:16:35

Lesson Description:

This lesson provides an overview of two features related to AWS Organizations: role switching and service control policies (SCPs). Understanding how both work is a key skill for large AWS deployments and for the exam.

Multi-Account Management and Organizations

00:15:00

Compute

Server-Based Compute (EC2) Fundamentals

EC2 Architecture: Part 1

00:14:23

Lesson Description:

Over the next few videos, we will talk about EC2, an Infrastructure-as-a-Service (IaaS) product. EC2 is a core AWS product that provides virtual machines known as instances. EC2 is ideal for: Monolithic applicationsConsistent, long-running compute scenariosApplications that require full OS/runtime installationsServices, endpoints, and/or applications that require high availability Lesson Links EC2 Status Checks Instance States & Lifecycle Instance Hibernate

EC2 Architecture: Part 2

00:08:36

Lesson Description:

In this video, we will continue our discussion of EC2 architecture from where we left off in the previous lesson. Lesson Links EC2 Status Checks Instance States & Lifecycle Instance Hibernate

Instance Types and Sizes

00:16:09

Lesson Description:

Being able to select the correct family, type, and size of each instance is an essential skill for a solutions architect. In this lesson, we will talk about the different instance families, types, and sizes and how to decide between them. Lesson Links Instance Types Nitro Hypervisor

EC2 Storage Architecture: Part 1

00:11:03

Lesson Description:

In this 2-part lesson, we will explore EC storage architecture. Specifically, we will discuss instance store volumes and Elastic Block Store (EBS), the network-based block storage provider used by EC2. EBS provides a range of volume types with varying performance and use cases. Understanding how to use EBS volumes versus instance store volumes is essential for the exam and for real-world usage. Lesson Links Instance Store Volumes EBS Volume Types

EC2 Storage Architecture: Part 2

00:17:27

Lesson Description:

In this video, we will continue our discussion of EC2 storage architecture from where we left off in the previous lesson. Lesson Links Instance Store Volumes EBS Volume Types

EBS Snapshots

00:12:15

Lesson Description:

EBS volumes occupy a single Availability Zone (AZ), and while they do replicate within this AZ, this replication isn’t shared to other AZs. This makes EBS volumes vulnerable to AZ failure. EBS snapshots not only provide data backup capabilities but also enable you to move your data to other AZs and regions. In this lesson, we will explore EBS snapshots and how they can be useful to us as solutions architects. Lesson Links How Incremental Snapshots Work

Security Groups

00:17:40

Lesson Description:

Security groups are an essential part of the EC2 and VPC security toolset. They operate like a virtual firewall, controlling traffic originating from or destined for a network interface (or an instance). In this lesson, we will explore the capabilities of security groups, discuss their one key limitation, and learn what "stateful" means. Lesson Links User Data

Instance Metadata

00:06:57

Lesson Description:

Instance metadata can be used to access information about an instance from the instance. It allows applications running within EC2 to have visibility into their environment. In this lesson, we will discuss the key architecture considerations for using metadata. Lesson Links Instance Metadata

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:45:00

Server-Based Compute (EC2) Fundamentals

00:30:00

Server-Based Compute (EC2) Intermediate

AMI

00:15:05

Lesson Description:

AMIs (Amazon Machine Images) are used to launch instances in AWS. AWS supplies AMIs that cover most standard operating systems (Linux and Windows), and AMIs containing commercial software are available on the AWS Marketplace. Additionally, custom AMIs can be created by AWS customers and used directly or shared with other accounts. This lesson details AMI architecture and walks through creating one.

Bootstrap

00:08:18

Lesson Description:

Bootstrapping is the process of providing "build" directives to an EC2 instance. Bootstrapping in EC2 uses user data and can take in shell script-style commands or cloud-init directives. This lesson walks through both at a high level. Lesson Links cloud-init Documentation

Instance ENI, IP, and DNS: Part 1

00:08:25

Lesson Description:

EC2 instances can be configured with or without public IPv4/6 IP addressing. Based on this configuration, the instance has a selection of public and private IPs and DNS names. This lesson walks through how these addresses and names are assigned and how they behave at various parts of the instance lifecycle.

Instance ENI, IP, and DNS: Part 2

00:13:14

Lesson Description:

EC2 instances can be configured with or without public IPv4/6 IP addressing. Based on this configuration, the instance has a selection of public and private IPs and DNS names. This lesson walks through how these addresses and names are assigned and how they behave at various parts of the instance lifecycle. Additionally, the lesson looks at the architecture of Elastic IPs, which are the portable, static IPv4 addresses available within AWS VPCs.

Instance Roles

00:14:45

Lesson Description:

Instance roles are IAM roles that can be associated with EC2 instances using instance profiles. This lesson shows how instance roles work, in addition to exploring reasons why you would use instance roles in production situations.

Server-Based Compute (EC2) Intermediate

00:30:00

Server-Based Compute (EC2) Advanced

EBS Volume and Snapshot Encryption

00:11:49

Lesson Description:

EBS volume encryption adds encryption at rest and in transit to EC2 storage. This lesson walks through the architecture and explains some important real-world and exam concepts.

EBS Optimization, Enhanced Networking, and Placement Groups

00:15:26

Lesson Description:

In this lesson, we cover some networking and storage performance optimization options available within EC2: EBS optimizationEnhanced networkingCluster, partition, and spread placement groups

EC2 Billing Models: Part 1 - Spot and Spot Fleet

00:09:47

Lesson Description:

Spot instance and spot fleet are two highly effective ways of getting access to EC2-based compute with substantial discounts. Spot pricing doesn't always fit a given workload. This lesson looks at how spot works, as well as when (and when not) to use spot.

EC2 Billing Models: Part 2 - Reserved Instances

00:13:16

Lesson Description:

Reserved instances offer a great way to obtain consistently, long-running EC2-based compute with a significant discount. This lesson explores how reserved purchases work and what decisions should be made before purchase.

Dedicated Hosts

00:04:50

Lesson Description:

EC2 dedicated hosts are a feature of EC2, giving you complete control over physical instance placement and dedicated hardware free from other customer interaction. This lesson walks through the architecture, as well as how and when dedicated hosts are used.

Serverless Compute (Lambda)

What Are APIs and Microservices?

00:09:42

Lesson Description:

In this lesson, we take a look at the architecture involved with microservices, API, and API endpoints. Understanding these elements at a high level is essential for the Solutions Architect Associate exam.

Serverless and Event-Driven Architectures

00:16:43

Lesson Description:

Serverless and event-driven architecture are essential to grasp for production usage of AWS and the Solutions Architecture Associate exam. In this lesson, we look at what event-driven architecture is and how it differs from a polling-style architecture. Moving on, we look at the two components of serverless: Back-end as a Service (BaaS) and Function as a Service (FaaS). To finish up the lesson, we walk through a simple serverless architecture and discuss why it has no base running costs and scales with demand.

Lambda Essentials: Part 1

00:13:02

Lesson Description:

Lambda is an essential service in AWS. It's a Function-as-a-Service product that is a key part of event-driven and serverless architectures. This lesson walks through Lambda architecture in detail, both from a theoretical and practical perspective. The lesson looks at: FunctionsRuntimesRuntime environmentsCode uploadExecution rolesLoggingResourcesEvent structureTriggers Lesson Files GitHub Repository Files

Lambda Essentials: Part 2

00:13:28

Lesson Description:

Lambda is an essential service in AWS. It's a Function-as-a-Service product that is a key part of event-driven and serverless architectures. This lesson walks through Lambda architecture in detail, both from a theoretical and practical perspective. The lesson looks at: FunctionsRuntimesRuntime environmentsCode uploadExecution rolesLoggingResourcesEvent structureTriggers Lesson Files GitHub Repository Files Lesson Commands mkdir /tmp/lambdafunction cp lambda_function.py /tmp/lambdafunction cd /tmp/lambdafunction wget https://files.pythonhosted.org/packages/ae/2a/0a0ab2833e5270664fb5fae590717f867ac6319b124160c09f1d3291de28/Pillow-5.4.1-cp37-cp37m-manylinux1_x86_64.whl unzip Pillow-5.4.1-cp37-cp37m-manylinux1_x86_64.whl rm -rf Pillow-5.4.1.dist-info zip -r9 lambda.zip PIL lambda_function.py

API Gateway Essentials: Part 1

00:12:39

Lesson Description:

API Gateway is a massively important service in AWS, both for real-world usage and for the exam. It allows the creation, management, and optimization of highly scalable API endpoints. API Gateway is a key component of serverless architectures in AWS. In this two-part lesson, we explore the architecture using an example Calculator demo to illustrate the key service components. API Gateway can integrate with other AWS services, including Lambda, to provide API logic. Lesson Files GitHub Repo Files Lesson Links AWS Documentation - Calculator API API Performance

API Gateway Essentials: Part 2

00:09:42

Lesson Description:

API Gateway is a massively important service in AWS, both for real-world usage and for the exam. It allows the creation, management, and optimization of highly scalable API endpoints. API Gateway is a key component of serverless architectures in AWS. In this two-part lesson, we explore the architecture using an example Calculator demo to illustrate the key service components. API Gateway can integrate with other AWS services, including Lambda, to provide API logic. Lesson Files GitHub Repo Files Lesson Links AWS Documentation - Calculator API API PerformancePostman

Step Functions

00:14:44

Lesson Description:

Step Functions is a product that can act as the glue between microservices in AWS. It allows for the orchestration of Lambda functions, human interaction, and other AWS resources in a visual workflow way. It offers features similar to Simple Workflow Service (SWF) but does so without any long-running compute instances such as EC2. Lesson Files GitHub Repo Lesson Files

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:45:00

Container-Based Compute and Microservices

Docker Essentials

00:18:01

Lesson Description:

In this lesson, we'll begin our container compute review by taking a look at Docker. We will go over how containers work, discuss when and where you should consider using them. You'll explore the process of installing Docker while creating and running a container on an EC2. Lesson Resources Lesson Files on GitHub Lesson Links Container Cat Lesson Commands sudo amazon-linux-extras install docker sudo service docker start sudo usermod -a -G docker ec2-user sudo yum install git git clone https://github.com/linuxacademy/content-aws-csa2019.git cd content-aws-csa2019/lesson_files/03_compute/Topic5_Containers/Docker/ docker build -t containercat . docker images --filter reference=containercat docker run -t -i -p 80:80 containercat docker login --username YOUR_USER docker images docker tag IMAGEID YOUR_USER/containercat docker push YOUR_USER/containercat

ECS

00:12:21

Lesson Description:

Elastic Container Service (ECS) is a managed container solution available from AWS. It can operate in either EC2 mode, in which EC2 instances running as Docker hosts are visible in your account, or Fargate mode, in which AWS manages the container hosts. This lesson demonstrates how Fargate mode can be used to host the containercat container.

Networking

Networking Fundamentals

Introduction

00:02:00

Lesson Description:

This lesson walks through why the course is covering networking fundamentals. The subjects covered in this topic are beneficial to you in terms of getting a good exam pass mark and using AWS in production. This lesson explains why.

Seven-Layer OSI Model: Part 1

00:13:20

Lesson Description:

The OSI seven-layer networking model provides a good overview of how networking works at all levels of abstraction. Understanding this model, even at a high level, will help you understand detailed networking concepts covered throughout the course.

Seven-Layer OSI Model: Part 2

00:07:28

Lesson Description:

The OSI seven-layer networking model provides a good overview of how networking works at all levels of abstraction. Understanding this model, even at a high level, will help you understand detailed networking concepts covered throughout the course.

IP Addressing Basics

00:17:26

Lesson Description:

This lesson looks at a number of core IP Addressing fundamentals: IP Dotted-Decimal -> BinaryPrefixSubnet MaskIP ClassesSame Network Checks Lesson Links If you are interested in the details of subnetting - calculating and visualising subnets. Visual Subnet CalculatorRange Visualizer

Subnetting

00:08:23

Lesson Description:

Subnetting is the process of taking a CIDR range (public or private) and breaking it up into multiple smaller networks. This lesson introduces the concept and illustrates one method of subnetting. Lesson Links Subnet Mask Cheat Sheet – A Tutorial and Thorough Guide to Subnetting Subnet Mask Cheat Sheet Subnetting Calculator

IP Routing

00:13:04

Lesson Description:

IP routing is the process required to get a layer 3 packet from source to destination. It uses a series of layer 2 hops between routers to create a single layer 3 path. This lesson walks through the process for a few scenarios: Local network communicationKnown remote networkUnknown remote network

Firewalls

00:05:52

Lesson Description:

This lesson looks at general firewall architecture and where devices should be placed. We'll discover the advantages and disadvanges of firewall placement within different layers of the OSI model.

Proxy Servers

00:05:09

Lesson Description:

This lesson reviews the architecture of a proxy server at a high level with a specific focus on when you might use a proxy server over other AWS networking services. Certain exam questions reference proxy servers as a solution for delivering functionality that other AWS network services cannot.

Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC) and Subnets: Part 1

00:09:24

Lesson Description:

This lesson walks through VPC architecture: VPC regionVPC IPv4 CIDRVPC tenancyVPC subnets Future lessons in this topic build on this foundation, discussing other networking features of VPCs.

Virtual Private Cloud (VPC) and Subnets: Part 2

00:14:48

Lesson Description:

This lesson walks through virtual private cloud (VPC) architecture: VPC regionVPC IPv4 CIDRVPC tenancyVPC subnetsVPC HA Future lessons in this topic build on this foundation, discussing other networking features of VPCs.

Routing and Internet Gateway

00:17:00

Lesson Description:

This lesson discusses routing within a VPC, specifically looking at: Public and private subnetsInternet gatewaysRoute tablesLocal routesDefault routesAuto-assign public IPStatic Network Address Translation (SNAT) By the end of the lesson, you will know how to make services available within a public VPC subnet.

Bastion Host/JumpBox

00:09:51

Lesson Description:

A bastion host (also known as a JumpBox) provides a locked-down entry point to a secure or fully private VPC. It's a common feature of many AWS architectures and, as such, it's essential to understand for the exam and production usage.

NAT, NAT Instance, and NAT Gateway: Part 1

00:08:02

Lesson Description:

NAT (network address translation) is a process where the source or destination attributes of an IP packet are changed. Static NAT is the process of 1:1 translation where an internet gateway converts a private address to a public IP address. Dynamic NAT is a variation that allows many private IP addresses to get outgoing internet access using a smaller number of public IPs (generally one). Dynamic NAT is provided within AWS using a NAT gateway that allows private subnets in an AWS VPC to access the internet. This lesson walks through the NAT gateway architecture, including: NAT gateway core functionalityNAT gateway high availability Lesson Links SSH Agent Forwarding NAT Gateway and NAT Instance Comparison

NAT, NAT Instance, and NAT Gateway: Part 2

00:11:25

Lesson Description:

NAT (network address translation) is a process where the source or destination attributes of an IP packet are changed. Static NAT is the process of 1:1 translation where an internet gateway converts from a private address to a public IP address. Dynamic NAT is a variation that allows many private IP addresses to get outgoing internet access using a smaller number of public IPs (generally one). Dynamic NAT is provided within AWS using a NAT gateway that allows private subnets in an AWS VPC to access the internet. This lesson walks through the NAT gateway architecture including: NAT gateway core functionalityNAT gateway high availabilityRoute table configurationPublic IP addressing (EIP) Lesson Links SSH Agent Forwarding NAT Gateway and NAT Instance Comparison

Network ACLs

00:14:23

Lesson Description:

Network access control list (NACL) is a layer 4 filtering product within AWS VPCs that can be attached to a subnet. NACLs process data as it enters and leaves VPC subnets and authorizes traffic to be allowed or denied based on protocol/IP/CIDR and port range. This lesson walks through the architecture of a NACL and discusses the unique features it offers. We'll discuss the limitation of NACL versus security groups and other security entities. Lesson Links Ephemeral Ports in NACLs

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

Advanced VPC

VPC Peering: Part 1

00:09:43

Lesson Description:

VPC peering is a feature that allows isolated VPCs to be connected at layer 3. VPC peering uses a peering connection, which is a gateway object linking two VPCs. This lesson reviews the architecture, demonstrates how VPC peering is implemented, shows a number of key features and limitations from an exam perspective.

VPC Peering: Part 2

00:13:13

Lesson Description:

VPC peering is a feature that allows isolated VPCs to be connected at layer 3. VPC peering uses a peering connection, which is a gateway object linking two VPCs. This lesson reviews the architecture, demonstrates how VPC peering is implemented, and shows a number of key features and limitations from an exam perspective.

VPC Endpoints: Part 1

00:10:59

Lesson Description:

VPC endpoints provide access to public AWS services for resources that don't have public IP addressing or where a NAT gateway isn't deployed. There are two types of VPC endpoints: gateway endpoints (used for S3 and DynamoDB) and interface endpoints (used for most other AWS services). This lesson reviews the architecture, the important exam points, and demonstrates the implementation process for both endpoint types. Lesson Links VPC EndpointsAWS Service Endpoints

VPC Endpoints: Part 2

00:08:29

Lesson Description:

VPC endpoints provide access to public AWS services for resources that don't have public IP addressing or where a NAT gateway isn't deployed. There are two types of VPC endpoints: gateway endpoints (used for S3 and DynamoDB) and interface endpoints (used for most other AWS services). This lesson reviews the architecture, the important exam points, and demonstrates the implementation process for both endpoint types. Lesson Links VPC EndpointsAWS Service Endpoints

IPv6 within AWS

00:07:41

Lesson Description:

IPv6 is the next generation of IP available within AWS. It's not fully supported across all AWS services, and it isn't enabled by default. This lesson walks through the key steps in enabling IPv6 for VPC-based resources.

Egress-Only Gateway

00:04:21

Lesson Description:

Egress-only gateways provide outgoing-only (and response) access for an IPv6-enabled VPC resource. NAT gateways provide two functions for IPv4 resources: Sharing a single public IP address for private resourcesOutgoing-only access NAT as a process isn't needed for IPv6 because all addresses are public. Egress-only gateways provide this outgoing-only access that NAT gateways provide, without the incompatible elements of functionality.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

Global DNS (Route 53) Fundamentals

DNS 101

00:17:04

Lesson Description:

This lesson walks through the fundamentals of DNS, which plays a part in almost every modern application. Route 53 provides DNS functionality within AWS, and this lesson acts as a foundation for future lessons that require DNS knowledge. Lesson Links DNS Root Servers DNS Root Database

Domain Registration

00:06:32

Lesson Description:

This lesson walks through the process that occurs behind the scenes during domain registration. The lesson uses a real example and explains what Route 53 and domain operator process that occurs at each step.

Private vs. Public Hosted Zones

00:17:11

Lesson Description:

A DNS zone is a portion of the global DNS database that contains records and configuration for one or more domains. This lesson looks at public and private zones that are provided by Route 53. The lesson also demonstrates split zone DNS and evaluates when it should be used. Lesson Links Public Cats User Data Private Cats User Data

Record Set Types

00:08:43

Lesson Description:

This lesson provides a high-level summary of the different record types available within DNS and some Route 53-specific enhancements. Particularly, we look at: A recordsAAAA recordsCNAME recordsMX recordsNS recordsTXT recordsAlias record types

Health Checks

00:10:29

Lesson Description:

Route 53 provides health checks that allow endpoints to be evaluated based on user-definable criteria. Health checks are used for advanced Route 53 functionality, such as routing policies and failover.

Global DNS (Route 53) Advanced

Routing Policy: Simple

00:09:42

Lesson Description:

Routing policies within Route 53 define how the product handles incoming queries. The default type is simple, which allows the creation of a single record with a given name (e.g., www). For this record, one or more values can be provided — in the case of an A record, one or more IPv4 addresses. Lesson Links Lesson Files Web 1 User Data Web 2 User Data Web 3 User Data

Routing Policy: Failover

00:14:46

Lesson Description:

Failover routing policies are used in conjunction with Route 53 health checks to provide failover between a primary record and a secondary record. This lesson will demonstrate the theory and show the architecture working with a brief demo. Lesson Links Lesson Files

Routing Policy: Weighted

00:07:55

Lesson Description:

Weighted routing policies allow granular control over queries, allowing a certain percentage of queries to reach specific records. This lesson walks through the architecture and demonstrates how to configure it within Route 53.

Routing Policy: Latency

00:08:35

Lesson Description:

Within Route 53, a latency-based routing policy allows clients to be matched to resources with the lowest latency. This lesson walks through the architecture and methods to implement latency-based routing.

Routing Policy: Geolocation

00:10:15

Lesson Description:

This lesson covers geolocation routing, focusing on the scenarios where it will be used and the differences between it and latency-based routing.

Storage and Content Delivery

S3 Architecture and Features

Permissions

00:16:05

Lesson Description:

S3 permissions can be applied using identity policies, resource policies, and ACLs. This lesson introduces each and explains the basic implementation and architecture. Lesson Links How Do I Edit Public Access Settings for S3 Buckets?Controlling Access to S3 Resources

Transferring Data to S3

00:07:31

Lesson Description:

This lesson looks at single PUT upload and multipart upload, including when to use both.

Encryption

00:14:47

Lesson Description:

S3 is capable of encrypting objects — either allowing the customer to manage keys or providing an end-to-end solution. This lesson evaluates the options available for encryption: SSE-CSS3-S3SSE-KMS Additionally, the lesson reviews the default encryption setting for S3 buckets. Lesson Links Blog post on the bucket policy to control allowed encryption types

Static Websites and CORS

00:11:35

Lesson Description:

This lesson walks through the architecture of S3 static web hosting. Static web hosting is a great way to implement simple websites or provide static offloading for existing web servers. Lesson Links CORS Bucket Policy Sample { "Version":"2012-10-17", "Statement":[{ "Sid":"PublicReadGetObject", "Effect":"Allow", "Principal": "*", "Action":["s3:GetObject"], "Resource":["arn:aws:s3:::YOUR_BUCKET_NAME/*" ] } ] }

Object Versioning

00:06:42

Lesson Description:

Versioning is a feature allowing multiple versions of an object to exist in an S3 bucket. Versioning needs to be enabled at a bucket level, meaning every object is given an object ID. When objects are deleted, a version ID is added rather than actually deleting the object. This lesson details the architecture and features of versioning as well as MFA Delete. Lesson Links Deleting Object Versions Using MFA Delete

Presigned URLs

00:07:20

Lesson Description:

Presigned URLs allow access to objects on a temporary basis. They are created, and the bearer of the URL has the same level of authorization as the creator.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:00:00

S3 Performance and Resilience

Storage Tiers/Classes

00:11:45

Lesson Description:

Amazon S3 offers a range of storage classes designed for different use cases. These include S3 Standard for general-purpose storage of frequently accessed data; S3 Intelligent-Tiering for data with unknown or changing access patterns; S3 Standard-Infrequent Access (S3 Standard-IA) and S3 One Zone-Infrequent Access (S3 One Zone-IA) for long-lived but less frequently accessed data; and Amazon S3 Glacier (S3 Glacier) and Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive) for long-term archive and digital preservation. Lesson Links Amazon S3 Storage Classes

Lifecycle Policies and Intelligent-Tiering

00:08:27

Lesson Description:

S3 Intelligent-Tiering is a new Amazon S3 storage class designed for customers who want to optimize storage costs automatically when data access patterns change, without performance impact or operational overhead. Lifecycle policies allow objects or versions to be transitioned between storage classes or expired when no longer required.

Cross-Region Replication (CRR)

00:10:55

Lesson Description:

Cross-region replication is a S3 feature where a source and destination buckets in different regions. Replication happens to objects uploaded/modified after the configuration is enabled. CRR allows for modification of the storage class or permissions on the destination object and can support objects encrypted with SSE-S3 by default or SSE-KMS with additional configuration.

CloudFront

CloudFront Architecture: Part 1

00:09:07

Lesson Description:

CloudFront is an essential component for global applications. As a content delivery network, CloudFront is designed to ensure the efficient delivery of content from local edge locations distributed globally. This lesson will walk through the architecture of CloudFront and briefly show its implementation. Lesson Links CloudFront Documentation Bucket Policy { "Version":"2012-10-17", "Statement":[{ "Sid":"PublicReadGetObject", "Effect":"Allow", "Principal": "*", "Action":["s3:GetObject"], "Resource":["arn:aws:s3:::ac-globalcats/*" ] } ] }

CloudFront Architecture: Part 2

00:10:26

Lesson Description:

CloudFront is an essential component for global applications. As a content delivery network, CloudFront is designed to ensure the efficient delivery of content from local edge locations distributed globally. This lesson will walk through the architecture of CloudFront and briefly show its implementation. Lesson Links CloudFront Documentation

OAI

00:07:45

Lesson Description:

Origin access identities (OAI) allow restriction of an S3 bucket to accept connections only from CloudFront distributions. This lesson covers the architecture of OAIs as well as how they are configured from CloudFront and S3.

Network File Systems

EFS Fundamentals: Part 1

00:12:26

Lesson Description:

The Elastic File System (EFS) is an AWS-managed implementation of the Network File System (NFS). It's a popular shared strorage system that can be natively mounted as a file system within Linux instances. This lesson reviews the architecture of EFS and how it can be implemented within a VPC and beyond.

EFS Fundamentals: Part 2

00:11:39

Lesson Description:

The Elastic File System (EFS) is an AWS-managed implementation of the Network File System (NFS). It's a popular shared strorage system that can be natively mounted as a file system within Linux instances. This lesson reviews the architecture of EFS and how it can be implemented within a VPC and beyond.

Databases

Database Fundamentals

Database Models

00:15:30

Lesson Description:

This lesson covers a number of core database concepts, including: Database management systemsRelational databasesNon-relational databasesKey/value DBDocument DBColumn DBGraph DB Lesson Links Data Normalization NoSQL Database Engines

SQL — RDS

RDS Essentials: Part 1

00:16:05

Lesson Description:

Relational Database Service (RDS) provides databases as a service using the following engines: MySQLPostgreSQLMariaDBOracleMicrosoft SQL This set of lessons introduces the architecture fundamentals of RDS and demonstrates an example implementation. Here is the CloudFormation template for the lesson. Here are the commands used to install WordPress: sudo yum update -y sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 sudo yum install -y httpd sudo systemctl start httpd sudo systemctl enable httpd wget https://wordpress.org/latest.tar.gz tar -xzf latest.tar.gz cp wordpress/wp-config-sample.php wordpress/wp-config.php nano wordpress/wp-config.php sudo cp -r wordpress/* /var/www/html/ sudo chown -R apache /var/www sudo chgrp -R apache /var/www sudo chmod 2775 /var/www sudo find /var/www -type d -exec sudo chmod 2775 {} ; sudo find /var/www -type f -exec sudo chmod 0664 {} ; sudo systemctl restart httpd Lesson Links Working with DB Parameter Groups Working with Option Groups Amazon RDS for MySQL Pricing Identity and Access Management in Amazon RDS Limits for Amazon RDS Encrypting Amazon RDS Resources Connecting to Your Linux Instance from Windows Using PuTTY

RDS Essentials: Part 2

00:17:53

Lesson Description:

Relational Database Service (RDS) provides databases as a service using the following engines: MySQLPostgreSQLMariaDBOracleMicrosoft SQL This set of lessons introduces the architecture fundamentals of RDS and demonstrates an example implementation. Here is the CloudFormation template for the lesson. Here are the commands used to install WordPress: sudo yum update -y sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 sudo yum install -y httpd sudo systemctl start httpd sudo systemctl enable httpd wget https://wordpress.org/latest.tar.gz tar -xzf latest.tar.gz sudo cp -r wordpress/* /var/www/html/ cd /var/www/html/ sudo cp wordpress/wp-config-sample.php wordpress/wp-config.php nano wordpress/wp-config.php sudo chown -R apache /var/www sudo chgrp -R apache /var/www sudo chmod 2775 /var/www sudo find /var/www -type d -exec sudo chmod 2775 {} ; sudo find /var/www -type f -exec sudo chmod 0664 {} ; sudo systemctl restart httpd Lesson Links Working with DB Parameter Groups Working with Option Groups Amazon RDS for MySQL Pricing Identity and Access Management in Amazon RDS Limits for Amazon RDS Encrypting Amazon RDS Resources Connecting to Your Linux Instance from Windows Using PuTTY

RDS Backups and Restore

00:15:33

Lesson Description:

RDS supports manual snapshot-based backups as well as automatic point-in-time recovery-capable backups with a 1- to 35-day retention period. This lesson walks through the architecture, features, and limitations of both methods.

RDS Resiliency: Multi-AZ

00:10:27

Lesson Description:

This lesson looks at the Multi-AZ architecture of RDS — a way of adding high availability failover to a database.

RDS Read Replicas

00:13:01

Lesson Description:

RDS read replicas offer the ability to scale an RDS database from a read workload perspective and improve the ability to recover from serious failures either within the region or internationally. This lesson covers the architecture of read replicas and shows the process of implementing one. Lesson Links Amazon RDS Multi-AZ Deployments

SQL — Aurora

Aurora Essentials: Part 1

00:15:54

Lesson Description:

Aurora is a custom-designed relational database engine that forms part of RDS. Rather than an evolution, Aurora significantly replaces much of the traditional MySQL and PostgreSQL architecture in favor of cluster and shared storage architecture, which is more scalable and resilient with much higher performance. Lesson Links Connecting to Your Linux Instance from Windows Using PuTTYAmazon Aurora PricingUsing Amazon Aurora Auto Scaling with Aurora ReplicasBacktracking an Aurora DB ClusterMigrating an RDS MySQL Snapshot to AuroraTesting Amazon Aurora Using Fault Injection Queries

Aurora Essentials: Part 2

00:14:37

Lesson Description:

Aurora is a custom-designed relational database engine that forms part of RDS. Rather than an evolution, Aurora significantly replaces much of the traditional MySQL and PostgreSQL architecture in favor of cluster and shared storage architecture, which is more scalable and resilient with much higher performance. Lesson Links Connecting to Your Linux Instance from Windows Using PuTTYAmazon Aurora PricingUsing Amazon Aurora Auto Scaling with Aurora ReplicasBacktracking an Aurora DB ClusterMigrating an RDS MySQL Snapshot to AuroraTesting Amazon Aurora Using Fault Injection Queries

Parallel Queries and Aurora Global

00:07:33

Lesson Description:

This lesson reviews the architecture of two advanced Aurora features: global databases and parallel queries. Lesson Links Working with Parallel Query for Amazon Aurora MySQL

Aurora Serverless Essentials: Part 1

00:12:49

Lesson Description:

Aurora Serverless provides many of the same features Aurora provisioned does, but it abstracts farther away from the concept of database servers. With Aurora Serverless, you indicate your minimum and maxiumum load levels with Aurora Capacity Units, and the product scales based on the incoming load. Aurora Serverless is also able to scale down to zero, where the only cost is storage. Lesson Links Setting the Capacity of an Aurora Serverless DB Cluster

Aurora Serverless Essentials: Part 2

00:08:00

Lesson Description:

Aurora Serverless provides many of the same features Aurora provisioned does, but it abstracts farther away from the concept of database servers. With Aurora Serverless, you indicate your minimum and maxiumum load levels with Aurora Capacity Units, and the product scales based on the incoming load. Aurora Serverless is also able to scale down to zero, where the only cost is storage. Lesson Links Setting the Capacity of an Aurora Serverless DB Cluster

NoSQL

DynamoDB Essentials: Part 1 — Tables and Items

00:14:03

Lesson Description:

DynamoDB is a NoSQL web-scale public database delivered as a service by AWS. It uses the wide-column engine and can scale to nearly infinite performance levels if configured correctly. This lesson covers the product's high-level architecture, including: TablesKeysItems and attributesItem GETs and PUTs

DynamoDB Essentials: Part 2 — Query and Scan

00:09:10

Lesson Description:

DynamoDB is a NoSQL web-scale public database delivered as a service by AWS. It uses the wide-column engine and can scale to nearly infinite performance levels if configured correctly. This lesson covers the product's high-level architecture, including: Scan operationQuery operationFilters

DynamoDB Essentials: Part 3

00:09:07

Lesson Description:

DynamoDB is a NoSQL web-scale public database delivered as a service by AWS. It uses the wide-column engine and can scale to nearly infinite performance levels if configured correctly. This lesson covers the product's high-level architecture, including: Point-in-time recoveryBackupsEncryptionGlobal tablesMonitoring

DynamoDB Performance and Billing

00:16:41

Lesson Description:

DynamoDB has a number of capacity modes including: On-demandProvisionedProvisioned with Auto Scaling This lesson explains the performance architecture and demonstrates how to calculate the consumption of GET and PUT operations. Extra Reading How to Calculate Read and Write Capacity for DynamoDB

DynamoDB Streams and Triggers

00:08:51

Lesson Description:

DynamoDB Streams is a feature enabled on a per-table basis that creates a rolling 24-hour record of changes to items in a table. Streams can be configured with one of four views: Keys onlyNew imageOld imageNew and old images Lambda can be used to implement a scalable way to implement triggers by invoking whenever a new record is added to the stream.

DynamoDB Indexes: Part 1 — LSI

00:10:40

Lesson Description:

Local secondary indexes (LSIs) allow an alternative view of a table's data to be created, using the same partition key but with an alternative sort key. LSIs can be created only at the time of table creation, and there is currently a limit of five LSIs per table.

DynamoDB Indexes: Part 2 — GSI

00:07:23

Lesson Description:

Global secondary indexes (GSIs) allow data in a table to be presented using an alternative partition and sort key.GSIs can be used to support alternative data access patterns, allowing efficient use of query operations.

In-Memory Caching

DAX

00:05:38

Lesson Description:

DynamoDB Accelerator (DAX) is an in-memory cache specifically designed for DynamoDB. It supports caching eventually consistent reads for items and query results and reduces the latency from single-digit milliseconds to microseconds. DAX is ideal for latency-sensitive applications or for read-heavy workloads on consistent data sets.

ElastiCache

00:03:47

Lesson Description:

ElastiCache is an in-memory cache that provides the Memcached and Redis caching engines.

Hybrid and Scaling

Load Balancing and Auto Scaling

Load Balancing Fundamentals

00:10:00

Lesson Description:

Load balancing is an essential architecture to understand, as it allows systems to scale and tolerate individual instance failure. This lesson introduces load balancing as a concept and talks through some key features of Elastic Load Balancing.

Classic Load Balancers and Health Checks: Part 1

00:14:03

Lesson Description:

Classic Load Balancers (CLBs) are the oldest type of load balancers available within AWS. This lesson walks through the main load balancer functionality using CLB as an example and introduces the architecture of load balancer health checks. Lesson Files Course GitHub repo for Classic Load Balancers and Health Checks lesson

Classic Load Balancers and Health Checks: Part 2

00:07:16

Lesson Description:

Classic Load Balancers (CLBs) are the oldest type of load balancers available within AWS. This lesson walks through the main load balancer functionality using CLB as an example and introduces the architecture of load balancer health checks. Lesson Files Course GitHub repo for Classic Load Balancers and Health Checks Lesson

Classic Load Balancers and Health Checks: Part 3

00:08:27

Lesson Description:

Classic Load Balancers (CLBs) are the oldest type of load balancers available within AWS. This lesson walks through the main load balancer functionality using CLB as an example and introduces the architecture of load balancer health checks. Lesson Files Course GitHub repo for Classic Load Balancers and Health Checks lesson

Application Load Balancers: Part 1

00:10:31

Lesson Description:

Application Load Balancers (ALBs) are devices that operate at Layer 7 of the OSI network model — understanding the HTTP/S protocol. In addition, ALBs introduce a number of advanced features that result in a cost reduction, performance increase, and added flexibility. ALBs are, in most cases, the recommended load balancer to use for projects. Lesson Files Course GitHub repo for Classic Load Balancers and Health Checks lessonCourse GitHub repo for Application Load Balancers

Application Load Balancers: Part 2

00:12:54

Lesson Description:

Application Load Balancers (ALBs) are devices that operate at Layer 7 of the OSI network model — understanding the HTTP/S protocol. In addition, ALBs introduce a number of advanced features that result in a cost reduction, performance increase, and added flexibility. ALBs are, in most cases, the recomended load balancer to use for projects. Lesson Files Course GitHub repo for Classic Load Balancers and Health Checks lessonCourse GitHub repo for Application Load Balancers

Network Load Balancers

00:04:29

Lesson Description:

Network Load Balancers are a relatively new addition to the load balancing suite of products in AWS. They are designed for Layer 3 and 4 applcations where HTTP/S is not required. Network Load Balancers are capable of scaling to extreme levels of performance.

Launch Templates and Configurations

00:17:56

Lesson Description:

Launch configuration and launch templates define what configuration is used to launch EC2 instances, generally as part of an Auto Scaling group. This lesson walks through their features and differences. Lesson Files Bash script for Launch Templates and Configurations lesson

Auto Scaling Groups: Part 1

00:13:29

Lesson Description:

Auto Scaling groups allow EC2 instances to scale in a way that allows elasticity. When used in conjunction with load balancers and launch templates and configurations, it allows for a self-healing infrastructure that can also scale based on demand. Lesson Commands Installing Stress on Amazon Linux 2: sudo amazon-linux-extras install epel -y sudo yum install stress -y stress --cpu 2 --timeout 30000

Auto Scaling Groups: Part 2

00:16:55

Lesson Description:

Auto Scaling groups allow EC2 instances to scale in a way that allows elasticity. When used in conjunction with load balancers and launch templates and configurations, it allows for a self-healing infrastructure that can also scale based on demand. Lesson Commands Installing Stress on Amazon Linux 2: sudo amazon-linux-extras install epel -y sudo yum install stress -y stress --cpu 2 --timeout 30000

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

01:30:00

VPN and Direct Connect

VPC VPN (IPsec)

00:17:39

Lesson Description:

VPC VPN (also known as Hardware VPN) is a virtual network solution to connect a VPC to a non-AWS network, such as on-premises or data center. It is a highly available solution that can be configured to use either static or Border Gateway (BGW) routing. This lesson introduces the architecture and demonstrates how a VPC VPN is configured.

Direct Connect Architecture

00:10:54

Lesson Description:

Direct Connect (DX) is a high-speed, low-latency physical connection providing access to public and private AWS services from your business premises. This lesson details its high-level architecture and the key points required for the exam.

When to Pick Direct Connect vs. VPN

00:09:08

Lesson Description:

Deciding between Direct Connect or VPN connectivity is often a key part of any solutions design and is essential to understand for the exam. This lesson provides a few suggestions on how to choose between both technologies.

Snow*

Snowball, Snowball Edge, and Snowmobile

00:11:34

Lesson Description:

AWS Snowball, Snowball Edge, and Snowmobile are all products designed to allow huge data transfers in and out of AWS. This lesson reviews each, discussing the architecture as well as key differentiators, patterns, and anti-patterns.

Data and DB Migration

Storage Gateway 101

00:12:11

Lesson Description:

Storage Gateway is capable of running in three modes: File gatewayVolume gatewayTape gateway It is a virtual appliance used for data center extensions or migrations. This lesson walks through the architectural points relevant for the Solutions Architect - Associate exam.

Database Migration Service 101

00:05:57

Lesson Description:

The Database Migration Service (DMS) is a managed service capable of both data migration and schema conversion. This lesson briefly introduces the service and covers its important features.

Identity Federation and SSO

What Is Identity Federation?

00:15:15

Lesson Description:

Identity federation (IDF) is the process of allowing external identities to be used to indirectly access AWS services. This lesson covers the architecture of IDF using SAML 2.0 and web identities, and concludes with a brief demo using the Web Identity Federation Playground. Lesson Links AssumeRoleAssumeRoleWithSAMLAssumeRoleWithWebIdentity Identity Federation Lab will follow ASAP - Still under development

When to Use Identity Federation

00:07:05

Lesson Description:

Understanding when and why identity federation is required is important for the exam. This lesson provides a few hints on when architectures could and should use IDF. Identity Federation Lab will follow ASAP - Still under development

Application, Analytics, and Operations

Application Integration

Simple Notification Service (SNS)

00:11:42

Lesson Description:

Simple Notification Service (SNS) is a key part of AWS application integration products. It provides a pub/sub-based notification system, which supports a wide range of subscriber endpoint types.

Simple Queue Service (SQS): Part 1

00:12:39

Lesson Description:

Simple Queue Service (SQS) provides standard or FIFO queues as a service. It helps applications scale by allowing decoupling of application components and inter-process, -service, and -server messaging.

Simple Queue Service (SQS): Part 2

00:10:21

Lesson Description:

Simple Queue Service (SQS) provides standard or FIFO queues as a service. It helps applications scale by allowing decoupling of application components and inter-process, -service, and -server messaging. Lesson Commands aws sqs get-queue-attributes --queue-url https://URL --attribute-names All aws sqs send-message --queue-url https://URL --message-body "INSERTMESSAGE" aws sqs receive-message --wait-time-seconds 10 --max-number-of-messages 10 --queue-url https://URL aws sqs --region us-east-1 receive-message --wait-time-seconds 10 --max-number-of-messages 10 --queue-url https://URL aws sqs delete-message --queue-url https://URL --receipt-handle "INSERTHANDLE"

Elastic Transcoder

00:06:26

Lesson Description:

Elastic Transcoder is a service that performs "serverless" transcoding of media between formats. By default, it works using a manual job submission system but can be expected to operate in an event-driven way.

Analytics

Athena

00:10:41

Lesson Description:

Amazon Athena is a serverless query engine capable of reading a wide range of data formats from S3. Athena uses a schema-on-read approach to allow SQL-like queries against non-relational data.

Elastic MapReduce (EMR)

00:09:12

Lesson Description:

Elastic MapReduce is an AWS-managed implementation of the Apache Hadoop ecosystem of products. This lesson walks through the high-level architecture of the product.

Kinesis and Firehose

00:12:36

Lesson Description:

Kinesis and Kinesis Data Firehose are two essential pieces of any high-performance streaming architecture. This lesson walks through the architecture, integration options, and common use cases of both products.

Redshift

00:06:55

Lesson Description:

Redshift is a petabyte-scale data warehouse product available within AWS. It's capable of being used for ad-hoc warehousing/analytics or long-running deployments. This lesson walks through the use cases and differences between Athena, EMR, and OLTP databases.

Logging and Monitoring

CloudWatch

00:09:32

Lesson Description:

CloudWatch is one of the most important services available within AWS. It's responsible for metric collection, monitoring, and visualization for most AWS services and can be extended for on-premises infrastructure and custom applications. This lesson walks through the architecture of CloudWatch, including: MetricsData pointsRetentionNamespacesAlarms Lesson Links AWS Services That Publish CloudWatch MetricsCloudWatch Anomaly Detection

CloudWatch Logs

00:10:20

Lesson Description:

CloudWatch Logs forms part of the wider CloudWatch product and offers log ingestion, searching, management, and metric filter functionality. CloudWatch Logs is used by many AWS services for log storage and can be extended for custom applications and on-premises servers. This lesson walks through the product's architecture with a quick demo.

CloudTrail

00:14:30

Lesson Description:

CloudTrail is a critical product within AWS, as it provides full API/account activity logging accross all regions in an account and (optionally) all accounts within an AWS organization. In this lesson, we discuss CloudTrail's architecture and implement an example of trail logging management and data events.

VPC Flow Logs

00:12:14

Lesson Description:

VPC Flow Logs can be enabled on a VPC, subnet, or ENI level and monitor traffic metadata for any included interfaces. Flow logs monitor: Source and destination IP addressesSource and destination portsProtocolBytesStart and endALLOW or REJECT status This lesson walks through the flow log architecture and demonstrates how to integrate with CloudWatch Logs.

Operations

CloudWatch Events

00:14:50

Lesson Description:

This lesson introduces CloudWatch events, a service that supports the creation of event-driven responses in AWS. Lesson Links Course GitHub repo: File used in lesson

KMS Essentials: Part 1

00:12:16

Lesson Description:

The AWS Key Management Service (KMS) is a regional-based key management product, providing encryption, decryption, and re-encryption services. KMS supports many of the encryption features in other AWS products via its ability to generate data encryption keys. KMS is FIPS 140-2 Level 2 capable, with some features being validated for FIPS 140-2 Level 3. Lesson Commands Windows aws kms create-key --description "LA KMS DEMO CMK" aws kms create-alias --target-key-id XXX --alias-name "alias/lakmsdemo" --region us-east-1 echo "this is a secret message" topsecret.txt aws kms encrypt --key-id KEYID --plaintext file://topsecret.txt --output text --query CiphertextBlob aws kms encrypt --key-id KEYID --plaintext file://topsecret.txt --output text --query CiphertextBlob > topsecret.base64.encrypted certutil -decode topsecret.base64.encrypted topsecret.encrypted aws kms decrypt --ciphertext-blob fileb://topsecret.encrypted --output text --query Plaintext > topsecret.decrypted.base64 certutil topsecret.decrypted.base64 topsecret.decrypted aws kms generate-data-key --key-id KEYID --key-spec AES_256 --region us-east-1 Linux/MACOS aws kms create-key --description "LA KMS DEMO CMK" aws kms create-alias --target-key-id XXX --alias-name "alias/lakmsdemo" --region us-east-1 echo "this is a secret message" topsecret.txt aws kms encrypt --key-id KEYID --plaintext file://topsecret.txt --output text --query CiphertextBlob aws kms encrypt --key-id KEYID --plaintext file://topsecret.txt --output text --query CiphertextBlob | base64 --decode > topsecret.encrypted aws kms decrypt --ciphertext-blob fileb://topsecret.encrypted --output text --query Plaintext | base64 --decode aws kms generate-data-key --key-id KEYID --key-spec AES_256 --region us-east-1

KMS Essentials: Part 2

00:08:10

Lesson Description:

The AWS Key Management Service (KMS) is a regional-based key management product, providing encryption, decryption, and re-encryption services. KMS supports many of the encryption features in other AWS products via its ability to generate data encryption keys. KMS is FIPS 140-2 Level 2 capable, with some features being validated for FIPS 140-2 Level 3. Lesson Commands Windows aws kms create-key --description "LA KMS DEMO CMK" aws kms create-alias --target-key-id XXX --alias-name "alias/lakmsdemo" --region us-east-1 echo "this is a secret message" topsecret.txt aws kms encrypt --key-id KEYID --plaintext file://topsecret.txt --output text --query CiphertextBlob aws kms encrypt --key-id KEYID --plaintext file://topsecret.txt --output text --query CiphertextBlob > topsecret.base64.encrypted certutil -decode topsecret.base64.encrypted topsecret.encrypted aws kms decrypt --ciphertext-blob fileb://topsecret.encrypted --output text --query Plaintext > topsecret.decrypted.base64 certutil topsecret.decrypted.base64 topsecret.decrypted aws kms generate-data-key --key-id KEYID --key-spec AES_256 --region us-east-1 Linux/MACOS aws kms create-key --description "LA KMS DEMO CMK" aws kms create-alias --target-key-id XXX --alias-name "alias/lakmsdemo" --region us-east-1 echo "this is a secret message" topsecret.txt aws kms encrypt --key-id KEYID --plaintext file://topsecret.txt --output text --query CiphertextBlob aws kms encrypt --key-id KEYID --plaintext file://topsecret.txt --output text --query CiphertextBlob | base64 --decode > topsecret.encrypted aws kms decrypt --ciphertext-blob fileb://topsecret.encrypted --output text --query Plaintext | base64 --decode aws kms generate-data-key --key-id KEYID --key-spec AES_256 --region us-east-1

Deployment

Elastic Beanstalk

00:14:36

Lesson Description:

Elastic Beanstalk (EB) is a developer-focused product in AWS. It's a PaaS product that can provide infrastructure for EB-based applications running within AWS. This lesson walks through the architecture and common use cases.

OpsWorks

00:09:20

Lesson Description:

OpsWorks is an AWS implementation of the Chef infrastructure and configuration management platform. This lesson introduces the elements of the service that are important for the Solutions Architect - Associate exam. Lesson Links Extra reading on OpsWorks and Chef: AWS OpsWorks StacksChef Quick StartAbout Chef Cookbooks

Conclusion

The Exam