Materials & Resources aimed at acquiring the AWS Certified Solutions Architect Associate from an examination point of view. Work in Progress.
- 130 minutes in length
- 60 Questions (Subject to change)
- Multiple choice
- Results are between 100 - 1000 with a passing score of 720
- Validity of qualification is 2 years
- Scenario based questions
- MCQ
- MAQ
- Exam registration fee is 150 USD
- Practice exam registration is 20 USD
The ability to try out new ideas and experiment without upfront commitment makes public cloud very powerful.
A Virtual Private Cloud(VPC) is a virtual network dedicated to a single AWS account. It is logically isolated from other virtual networks in the AWS cloud, providing compute resources with security and robust networking functionality.
Amazon CloudFront is a content delivery network offered by Amazon Web Services. Content delivery networks provide a globally-distributed network of proxy servers which cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content.
AWS Lambda is an event-driven, serverless computing platform provided by Amazon as a part of the Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code.
Amazon Relational Database Service (or Amazon RDS) is a distributed relational database service by Amazon Web Services (AWS). It is a web service running "in the cloud" designed to simplify the setup, operation, and scaling of a relational database for use in applications. Administration processes like patching the database software, backing up databases and enabling point-in-time recovery are managed automatically
Edge locations are endpoints for AWS which are used for caching content. Typically, this consist of CloudFront, Amazon’s Content Delivery Network (CDN)
An Availability zone is one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities.
A Region is a physical geographical location in the world which consists of two or more Availability zones (AZ’s).
The number of Edge Locations > Number of Availability Zones > The number of Regions.
IAM allows you manage users and their level of access to their AWS console.
- IAM is universal. It does not apply to all regions at this time.
- The "root account" is simply the account created when you first setup your AWS account. It has complete Admin access
- New users have NO permissions when first created
- New users are assigned Access Key ID & Secret Access Keys when first created.
- These are not the same as a password. You cannot use the Access key ID & Secret Access key to Login into the console. You can use this to access AWS via the APIs and Command Line, however.
- You only get to view these once. If you lose the, you have to regenerate them. So, save them in a secure location.
- Centralized access to your AWS account
- Shared access to AWS account.
- Granular Permissions.
- Has Identity federation (Active directory, can connect with social media like Facebook, LinkedIn)
- Multi Factor Authentication (MFA)
- Provide temporary access to various users/devices and services where necessary.
- Allows you to set up a password rotation policy.
- Integrates with many different AWS services.
- Supports PCI DSS Compliance
What is PCI DSS Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
End users such as people, employees of organizations etc.
A collection of users. Each users of a group will inherit the permissions of the group.
Policies are made up of Policy documents which are in JSON format and give permissions to what a User/Group/Role can do.
Roles can be created to be assigned to AWS resources.
S3 provides developers and IT teams with secure, durable, highly scalable object storage. Amazons S3 is easy to use, with a simple web services interface to store and retrieve any amount of data from anywhere on the web.
- S3 is safe place to store your files
- It is Object-based storage
- The data is spread across multiple devices and facilities
- S3 is Object based - i.e. allows you to upload files
- Files can be from 0 bytes to 5 TB.
- There is unlimited storage.
- Files are stored in Buckets.
- S3 is a universal namespace -i.e. names must be unique globally.
- Not suitable to install an operating system on.
- When you upload a file to S3, you will receive a HTTP 200 code if the upload was successful.
- You can turn on MFA Delete
By default, all newly created buckets are PRIVATE. You can setup access control to your buckets using:
- Bucket Policies
- Access Control Lists
S3 buckets can be configured to create access logs which log all requests made to S3 bucket. This can be sent to another bucket and even another bucket in another account.
S3 is Object based. Think of Objects just as files consisting of:
- Key (This is simply the name of the Object)
- Value (This is simply the data and is made up of a sequence of bytes)
- Version ID (Important for versioning)
- Metadata (Data about data you are storing)
- Sub resources
- Access Control Lists
- Torrent
- Read after Write consistency for PUTS of new Objects
If you write a new file and read it immediately afterwards, you will be able to view that data.
- Eventual Consistency for overview PUTS and DELETES (can take some time to propagate)
If you update AN EXISTING FILE or delete a file and read it immediately, you may get the older version, or you may not. Basically, changes to objects can take a little bit of time to reflect.
- 99.99% availability for S3 platform
- Amazon Guarantee 99.9% availability.
- Amazon guarantees 99.999999999 durability for S3 information (Remember 11 x 9s)
- Tiered Storage Available
- Lifecycle Management
- Versioning
- Encryption
- MFA Delete
- Secure your data using Access Control Lists and Bucket Policies
There are 6 types of Storage Classes.
99.99% availability. 99.999999999% durability, stored redundantly across multiple devices in multiple facilities, and is designed to sustain the loss of 2 facilities concurrently.
For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee.
For where you want a lower cost option for infrequently accessed data, but do not require the multiple Availability Zone data resilience.
Designed to optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead.
S3 Glacier is a secure, durable, and low cost storage class for data archiving. you can reliably store any amount of data at costs that are competitive with or cheaper than on premises solutions. Retrieval times configurable from minutes to hours.
S3 Glacier Deep Archive is Amazon S3's lowest cost storage class where a retrieval time of 12 hours is acceptable.
| S3 Standard | S3 Intelligent-Tiering | S3 - IA | S3 One Zone - IA | S3 Glacier | S3 Glacier Deep Archive | |
|---|---|---|---|---|---|---|
| Designed for durability | 99.999999999% (11 9's) | 99.999999999% (11 9's) | 99.999999999% (11 9's) | 99.999999999% (11 9's) | 99.999999999% (11 9's) | 99.999999999% (11 9's) |
| Designed for Availability | 99.99% | 99.99% | 99.99% | 99.5% | N/A | N/A |
| Availability SLA | 99.9% | 99% | 99% | 99% | N/A | N/A |
| Availability Zones | >=3 | >=3 | >=3 | 1 | >=3 | >=3 |
| Minimum capacity charge per object | N/A | N/A | 128KB | 128KB | 40KB | 40KB |
| Minimum storage duration charge | N/A | 30 days | 30 days | 30 days | 90 days | 180 days |
| Retrieval fee | N/A | N/A | per GB retrieved | per GB retrieved | per GB retrieved | per GB retrieved |
| First byte latency | milliseconds | milliseconds | milliseconds | milliseconds | select minutes or hours | select hours |
| Pricing for all storage / GB | $0.023 | $0.0125 | $0.0125 | $0.0100 | $0.004 | $0.00099 |
Costwise
S3 Standard > S3 - IA | S3 Intelligent-Tiering > S3 One Zone - IA > S3 Glacier > S3 Glacier Deep Archive
- Storage
- Requests
- Storage Management Pricing
- Data Transfer Pricing
- Transfer Acceleration
Amazon S3 Transfer Acceleration enables fast, easy and secure transfers of files over long distances between your end users and an S3 bucket.
Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
- Cross Region Replication Pricing
- Encryption in Transit is achieved by
- SSL/TLS
- Encryption At Rest (Server Side) is achieved by
- S3 Managed Keys - SSE-S3
- AWS Key Management Service, Managed Keys - SSE-KMS
- Server Side Encryption With Customer Provided Keys - SSE-C
- Client Side Encryption
- Stores all version of an object (including all writes and even if you delete an object)
- Great backup tool.
- Once enabled, Versioning cannot be disabled, only suspended.
- Integrates with Lifecycle rules.
- Versioning's MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.