AWS Certified Solutions Architect – Associate Level
January 28th, 2019
Welcome to Linux Academy's all new AWS Certified Solutions Architect - Associate prep course. This course prepares you to take the AWS Solutions Artchitect Certification exam released February 2018. This course has been developed to provide you with the requisite knowledge to not only pass the AWS CSA certification exam but also gain the hands-on experience required to become a qualified AWS Solutions architect working in a real-world environment.
As part of this course, you will make use of our unique interactive learning tool - The Orion Papers. The Orion Papers is a non-linear, visual, interactive guide designed to enhance your learning and understanding of AWS. This guide can be used independently of the video lessons, but is meant to be supplemental and used in conjunction with the video lessons and hands-on labs.
Access the Orion Papers: https://interactive.linuxacademy.com/diagrams/TheOrionPapers.html
Join the Linux Academy community slack for chat here: https://slack.linuxacademy.com/ and join the #aws channel.
Welcome to the AWS Certified Solutions Architect - Associate level course. This is to prepare you to take the 2018 version of the AWS Solutions Architect Associate level certification. In this introduction video, we discuss the recommended prerequisites and ways to get the hands-on experience that AWS is looking for. As of October 11, 2018, AWS no longer requires you to hold an Associate or Foundational certification to sit for any Professional or Specialty certification exam.However, to ensure your success, we highly recommend you follow Linux Academy's suggested pre-requisites (for both our coursework and AWS exams). These prerequisite suggestions can be found in the "details'' section of the course syllabus.
About the Training Architect
This is a short video about me, your author, Wayde Gilchrist. Throughout this course, I will endeavor to impart wisdom from my years of experience using AWS.
Introduction to the Orion Papers
In this video, we introduce the Orion Papers; your interactive course manual and study guide. The link to the Orion Papers: https://interactive.linuxacademy.com/diagrams/TheOrionPapers.html
About the Exam
In this video, we talk about the exam itself: The format, logistics, and how the questions break down by domain. To schedule an exam, go to: https://www.aws.training/certification?src=arc-assoc
What is a Solutions Architect?
In this lesson, we will review what it means to be a solutions architect. We'll list the foundational areas of competence that every AWS solutions architect must have.
Introduction to the Well Architected Framework
In this lesson, we introduce the five pillars of the Well Architected Framework: Operational Excellence, Reliability, Security, Performance Efficiency, and Cost Optimization.
Course Features and Tools
We have already discussed the Orion Papers, which are the key feature of this course. However, there are numerous other features that available to you as part of this course, and they are all explained in this lesson.
AWS Free Tier: Usage Tracking and Billing Widget
This video gives you a walkthrough on how to use the AWS Free Tier Tracking and Billing Widget for you own AWS Account!
AWS Structure and Organization
AWS Account and Physical Organization
Exploring the AWS Account and Services Layer
This covers the organization of AWS from an account and services perspective and how it is represented in the Orion Papers.
Exploring the AWS Physical and Networking Layer
This covers the organization of AWS from a physical and networking perspective and how they are represented in the Orion Papers.
Essential CSA Terminology
In this lesson, we discuss key terminology that is required for the AWS exam, and that you will need to know to be an AWS Solutions Architect.
Shared Security Responsibility Model and Attributes
In this lesson, we discuss how security on AWS is a shared responsibility between AWS and you, the customer.
Interacting with AWS
Console Tour and Navigation: Settings and Account Management
In this lesson, we will take a look at how to navigate around the AWS console to find important items; such as account settings, AWS support, and AWS documentation.
IAM (Identity and Access Management)
This lesson is an introduction to IAM as an access management service; covering common uses of IAM and how it is structured.
This lesson covers the ins-and-outs of IAM permissions and policies. This is how you grant access to your AWS users to your AWS resources.
Exploring more of IAM, here we learn about IAM users, including how they are created and how policies are used to grant users access to AWS resources.
Moving from users to groups, here we explore how groups are used to manage the application of policies to IAM users.
IAM roles allow us to grant permissions to our services without using permanent credentials, which run the risk of compromise. IAM roles are preferred for cross-account access and applications running on EC2.
IAM API Keys
API Access Keys are used to grant access to AWS Services programmatically. IAM Users receive permanent access keys, while STS can provide keys with a shorter lifetime. For more on IAM Access Keys, see: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys For more on STS, see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
AWS offers easy ways to authenticate users outside of AWS using the Identity Federation. In this lesson, we will look at using Web Identities, SAML, and custom Identity Providers. For more on AWS Identity Federation, see: https://aws.amazon.com/identity/federation/
Many AWS Customers have multiple AWS accounts which can be difficult to control. AWS has a feature called AWS Organizations that allows you to group AWS Accounts into Organizational Units (OUs) and apply service control policies at the OU or account level, which restricts the use of specific AWS Service APIs.
QUIZ: AWS IAM Fundamentals for the Solutions Architect
Server-Based Compute Services
EC2 (Elastic Compute Cloud)
Welcome to the start of the EC2 section of the CSA course. This lesson will introduce you to the essentials topics for EC2 and outline what you will learn in this section.
EC2 AMIs and Virtualization
The first step when provisioning an on-demand EC2 instance is to choose the Amazon Machine Image (AMI). This lesson reviews what an AMI is and discusses its various components. Update: The EC2 hypervisor now uses the KVM hypervisor (instead of Xen)
EC2 Instance Types
In step two of the instance creation process, you need to select an appropriate instance type. This lesson reviews what an instance type is and what its components are. For the latest EC2 Instance Types, see: https://aws.amazon.com/ec2/instance-types/
Instance Details and Bootstrapping
In this lesson, we configure EC2 instance details such as networking options, IP addressing, and bootstrapping.
EC2 Storage Options
In this lesson, we explore EBS and Instance store options for your EC2 instance and the use cases for each. Update: Encrytion is possible for EBS Boot Volumes https://aws.amazon.com/blogs/security/create-encrypted-amazon-ebs-volumes-custom-encryption-keys-launch-amazon-ec2-instance-2/ EBS Volume Types include: General Purpose SSD (gp2), Provisioned IOPS SSD (io1), Throughput Optimized HDD (st1), Cold HDD (sc1), and legacy Magnetic. (You can see the 'instance storage' types when you add a second volume). For more on EC2 Volume Types, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html Note: The max value of GP2 IOPS is now 16,000 IOPS. https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-ebs-increases-performance-of-general-purpose-ssd-gp2-volumes/
Security Groups and Key Pairs
In this lesson, we'll create a security group and assign it to an EC2 instance. We'll then launch an instance and connect it with an SSH key pair. Note: Security Groups are stateful, so any allowed inbound traffic is allowed outbound by default.
Backups are an essential part of maintaining a durable application. This lesson will teach you about snapshots, which are an easy and scalable way to create backups of EBS volumes.
EC2 Placement Groups
In this lesson, we will learn about EC2 placement groups, including what they are, why they exist, and some important troubleshooting tips. For more on Placement Groups and additional types, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html Correctional note: Some Type T instances now support ENA.
EC2 Purchasing Options
EC2 is very versatile in that there are several different ways to purchase instances, all based on your needs. In this lesson, we review the three main EC2 purchasing options that you need to know. For the latest on EC2 Spot Pricing, see: https://aws.amazon.com/blogs/compute/new-amazon-ec2-spot-pricing/ https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html For more on the details of selling Reserved Instances, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html
Elastic File System (EFS)
In this lesson, we will learn the essentials of AWS Elastic File System (EFS), including what it is and its benefits. For more on EFS Performance, see: https://docs.aws.amazon.com/efs/latest/ug/performance.html EFS File Sync has now evolved into AWS DataSync, which works with both Amazon EFS and Amazon S3. For more on AWS DataSync, see: https://aws.amazon.com/datasync/ https://aws.amazon.com/datasync/getting-started/ https://aws.amazon.com/datasync/faqs/
QUIZ: AWS EC2 Fundamentals for the Solutions Architect
Virtual Private Cloud (VPC)
Introduction to AWS VPC Networking
This lesson covers a high-level introduction over the concept of Virtual Private Clouds, its essentials, and how it serves as the foundation for AWS networking. (Correction: at 8:57, 10.0.0.0.0 should be 10.0.0.0)
VPC Network Routing Basics
How does data travel in and out of the AWS VPC? If you have customers access your web application, what are all the components you need in place to make sure the traffic is routed properly? Well, hit that play button and learn all about AWS VPC routing. For basic information on NAT Gateways, see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-basics
VPC Security Basics
Security is something you always need to be thinking about when setting up your networking architecture. This lesson covers AWS's two core networking security features: network access control lists and security groups. Correction: "Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa)."* https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.htmlFor more on ephemeral ports and NACLs, see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#nacl-ephemeral-ports
QUIZ: AWS VPC Fundamentals for the Solutions Architect
Highly Available and Fault Tolerant VPC Networking
Elastic Load Balancing
AWS provides three types of Elastic Load Balancer services. In this lesson, we contrast their features and use cases. Note: AWS ELB now supports SSL Termination. https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination/
Serving Traffic To and From Private Subnets
In this lesson, we introduce the use and purpose of a Bastion Host and NAT Gateway. Both are key elements in creating a more secure architecture.
Sometimes our instances in a VPC need to communicate with services with public endpoints, such as S3 and DynamoDB. In this lesson, we learn how to create VPC endpoints for these services so that our data does not go over a public network. For more on VPC Endpoints, see: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html
Autoscaling is one of the compelling reasons to migrate to the cloud. In this lesson, we will show how to configure your environment to automatically scale. AWS now offers Autoscaling Groups with Multiple Instance Types. This will allow you to have full control over the instances that you can use in your group, as well as mix On-Demand and Spot instances. For more information on Autoscaling with Multiple Instances, click the link here : https://aws.amazon.com/blogs/aws/new-ec2-auto-scaling-groups-with-multiple-instance-types-purchase-options/
Making your Applications Stateless
A stateful application can limit the effectiveness of autoscaling and load distribution. It can also cause problems for your users if instances are terminated. In this lesson, we discuss how to make your applications stateless.
High Availability versus Fault Tolerance
You should always architect for High Availability, which means launching resources in multiple AZs. However, a special case of High Availability is Fault Tolerance, which requires additional resources.
QUIZ: High Availability on AWS for the Solutions Architect
DNS, CDN, and Failover Networking
Route 53 Essentials
In this lesson, we introduce AWS's DNS service, Route 53, which has some special features for AWS workloads.
Route 53 DNS Failover
In this lesson, we review the process for configuring Route 53 for DNS failover to an S3 bucket.
In this lesson, we cover the benefits of AWS's content delivery network, CloudFront, as well as its security and performance considerations. For information on RTMP Distributions in CloudFront, see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-rtmp.html
QUIZ: AWS Route 53 and CloudFront Concepts for the Solutions Architect
In this lesson, we cover some basic database terminology in addition to the differences between SQL and NoSQL databases. We also introduce several managed database services from AWS. For details on the new DocumentDB database service, see: https://aws.amazon.com/documentdb/
RDS (Relational Database Service)
RDS is a popular managed service option for launching relational databases on AWS. In this lesson, we discuss the features and advantages of RDS and also discuss AWS's own database engine, Aurora.
In this lesson, we describe the Document NoSQL service, DynamoDB, and show how to create and populate a simple table.
In this lesson, we introduce AWS's graph database service, Neptune, and present a social network as an example use case.
In this lesson, we introduce ElastiCache, a managed service for deploying and operating Memcached and Redis clusters. Note: at 4:13, HIPPA should be spelled HIPAA
In this lesson, we discuss the managed data warehouse service Redshift and its features and services. We also introduce Redshift Spectrum, which allows you to query exabytes of data in an S3 bucket.
QUIZ: Databases on AWS for the Solutions Architect
S3 (Simple Storage Service)
Simple Storage Service (S3) is a form of Internet object storage that can be used for backups, documents, streaming, and complete static websites. In this video, we present a high-level overview of some key features of S3 such as its very high durability. For S3 FAQs, see: https://aws.amazon.com/s3/faqs/?nc=sn&loc=6 For S3 Features, see: https://aws.amazon.com/s3/features/ For more on the latest Storage Classes, see: https://aws.amazon.com/s3/storage-classes/?nc=sn&loc=3
In this lesson, we discuss the features and properties of buckets, objects, and folders in S3. Amazon S3 now has a new Intelligent Tiering Storage Class: This storage class will automatically store objects between two access tiers (FREQUENT ACCESS and INFREQUENT ACCESS) based on how you access these objects. Check out the new Storage Class here: https://aws.amazon.com/about-aws/whats-new/2018/11/s3-intelligent-tiering/
In this lesson, we discuss key S3 features including: Versioning Storage Classes Lifecycle Policies Event Notifications Permissions
Website Hosting with S3
In this lesson, we show how to setup S3 to host a static website and to use S3 to serve content that can be executed by a different domain. (Correction: CORS is not intended to stop XSS).
In this lesson, we discuss the features of Amazon Glacier and how to use it for archival storage.
Transferring Data into S3
In this lesson, we talk about several options for transferring data into S3 buckets including: Single PUT operation Multipart Upload S3 Transfer Acceleration Snowball, Snowball Edge Snowmobile Storage Gateway Small video correction: 100 TB over a 1 Gbps line would take 9.259 days to complete. For more on AWS Storage Gateway, see: https://aws.amazon.com/storagegateway/faqs/ For more on AWS Snowball, see: https://aws.amazon.com/snowball/faqs/ For more on AWS Snowball Edge, see: https://aws.amazon.com/snowball-edge/faqs/
QUIZ: Amazon Storage Service Concepts for the Solutions Architect
Hybrid Environments & VPC Peering
Virtual Private Network (VPN)
In this lesson, we discuss the concept of a Virtual Private Network (VPN) and the various components required to make a VPN connection work.
AWS Direct Connect
This lesson focuses on AWS Direct Connect, including its components and benefits.
This lesson introduces the concept of VPC peering and demonstrates the steps for peering two VPCs.
QUIZ: AWS Hybrid Environments for the Solutions Architect
Application and Messaging Services
SNS (Simple Notification Service)
In this lesson, we cover how to use the Simple Notification Service by creating a topic, adding subscribers, and adding a message to the topic.
SQS (Simple Queue Service)
In this lesson, we focus on Simple Queue Service (SQS) and how it can be used to loosely couple application components to make the overall application more fault tolerant.
Amazon MQ Essentials
In this lesson, we discuss Amazon MQ; a managed message broker on AWS that uses opensource APIs and protocols. We demonstrate creating a broker and using the ActiveMQ console.
SWF (Simple Work Flow)
In this lesson, we talk about Simple Workflow (SWF); a service that you can use to orchestrate the components of your application. We describe some use cases for SWF and what you have to do to set up a workflow that is orchestrated by SWF.
API Gateway Essentials
In this lesson, we discuss API Gateway, a service that allows you to front backend API services.
Application Services Quiz
QUIZ: AWS Application Services for the Solutions Architect
Service Oriented Architectures
Introduction to Service Oriented and Serverless Architectures
In this lesson, we discuss breaking up monolithic applications into microservices and how that can help migrate applications to a serverless approach.
In this lesson, we talk about the serverless compute service, Lambda, which can be used for executing simple functions and microservices. NOTE: Lambda now can run functions for up to 15 minutes. For more on Lambda, see: https://aws.amazon.com/lambda/getting-started/ For current Lambda limits, see: https://docs.aws.amazon.com/lambda/latest/dg/limits.html For current Lambda pricing, see: https://aws.amazon.com/lambda/pricing/
QUIZ: Serverless Architectures on AWS for the Solutions Architect
CloudWatch & CloudTrail
In this lesson, we discuss CloudWatch, including Metrics, Alarms, Logs, and Events. For useful CloudWatch ELB Metrics information, see: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html
In this lesson, we discuss CloudTrail and how to enable it to record activity in your AWS account.
Network Flow Logs
VPC Flow Logs and Access Logs
In this lesson, we show how to see the visibility of your network traffic. We discuss VPC Flow Logs, ELB Access Logs, CloudFront Logs, and S3 Access Logs.
QUIZ: Monitoring on AWS for the Solutions Architect
In this lesson, we describe and demonstrate CloudFormation, which is used to create our infrastructure and deploy our applications as code.
Elastic Container Service (ECS) Essentials
In this lesson, we discuss using ECS to orchestrate and manage Docker containers running on AWS. For more information ECS and Service Load Balancing, see https://aws.amazon.com/ecs/faqs/: https://docs.aws.amazon.com/AmazonECS/latest/userguide/service-load-balancing.html
Elastic Beanstalk Essentials
In this lesson, we discuss Elastic Beanstalk; the easiest way to deploy, manage, and monitor a web application on AWS.
In this lesson, we discuss Kinesis, a service for ingesting and processing big data in near real time. Note: For the latest stream and shard limits, see: https://docs.aws.amazon.com/streams/latest/dev/service-sizes-and-limits.html
In this lesson, we introduce big data processing using Elastic Map Reduce, AWS's managed service for running Hadoop/Spark clusters.
AWS Well Architected Framework
Operational Excellence Pillar
Best Practices and Key Services for Operational Excellence
In this video, we discuss some of the key points of the Operational Excellence pillar, including the key services and best practices.
Design Principles and Key Services for Reliability
In this lesson, we cover important design elements for your architecture to assure high reliability. One of the key services featured is Trusted Advisor.
Encryption Key Management on AWS
In this lesson, we discuss encryption on AWS and options for the management of encryption keys including AWS Key Management Service (KMS) and CloudHSM.
Disaster Recovery Design Patterns
In this lesson, we cover four common patterns for cross-region disaster recovery: Backup and RestorePilot LightLow Capacity StandbyMulti-Site Active-Active
Design Principles and Key Services for Security
In this lesson, we review security on AWS in the context of the Security Pillar. Some security specific services we discuss are: Amazon MacieAWS Guard DutyAWS ShieldAWS WAFAmazon Inspector
Performance Efficiency Pillar
Design Principles and Key Services for Performance Efficiency
In this lesson, we focus on making the most efficient architectures through proper selection, evaluation, on-going optimizations, and tradeoff decisions.
Cost Optimization Pillar
Design Principles and Best Practices for Cost Optimization
In this lesson, we focus on the Cost Optimization pillar of the Well Architected Framework. We demonstrate cost optimization tools such as Cost Explorer, Budgets, and Trusted Advisor.
How to Prepare for the Exam
In this lesson, we recap the key points and items you need for your final exam preparation.
What's Next After Certification?
Congratulations on completing the course! In this video, we discuss some options for your next steps.
How to get recognized for your certification.
AWS Certified Solutions Architect - Associate
Share and Connect with Us!
Community and LinkedIn
Now that you have completed the course and passed the exam, share your success in our community and connect with us on LinkedIn.