AWS Solutions Architect Certification
Colin Kang
Before we start : What we learn from AWS
• Architecture
• Service Design
• Service Pros/Cons
• Terminology
• Invisible Hardware
• Software/hardware integration
• Trade off
• Design Thinking
AWS Benefits
• Easy to Use : What is mean by easy? API ? CLI ? SDK? Console?
• Design Principle : Consistency, Reasonable
• SRP : Single Responsibility Principle : GSSD : Gather for Same, Separate for Different
• Flexible : Composite, Loose Coupled, various work-around
• Cost-Effective : On-Demand/Option
• Reliable : Availability/Backup/Recovery/Managed
• Scalable and high-performance : Autoscale
• Secure : enterprise-level proof : Network
https://en.wikipedia.org/wiki/Single-responsibility_principle
Scalability
• Scale Up/Down : Vertical Limit
• Scale Out/In : Horizental Expansion • CAP theorem : Consistency/Availability/Partition Tolerence
• Shared Everything
• Expensive, High Performance
• Clusterware
• Shared Nothing
• Easy to implement, hard to shard
https://en.wikipedia.org/wiki/CAP_theorem
https://www.geeksforgeeks.org/difference-between-shared-nothing-architecture-and-shared-disk-architecture/
Virtualization
• Emulation/Simulation
• Emulator : Game
• Flight Simulator
• Emulation/Virtualization
• Virtual Memory
• Java Virtual Machine : Emulator : Interpreter
• Virtual Hardware : Virtual Machine : Image
• Bare Metal/Hypervisor/Hosting
• Hypervisor
• Virtual Machine Supervisor
• KVM/Xen/MS Hyper-V
• Full Virtualization / Para-virtualization • Container : Later
https://www.baeldung.com/cs/simulation-vs-emulation
https://velog.io/@skynet/가상화-입문-에뮬레이션-가상머신-컨테이너
Disruptive Technology
• Human cost > Hardware cost
• More cost effective than optimization
• Speed > Cost
• Winner takes it all
• Immutable
• Shared Nothing Win
Cloud Computing
• IaaS, Paas, Saas
• Public, Hybrid, On-premises(private, IDC)
SHAPE \* MERGEFORMAT
https://www.redhat.com/en/topics/cloud-computing/iaas-vs-paas-vs-saas
https://www.researchgate.net/figure/Comparison-among-Public-Private-Hybrid-and-Community-Cloud_tbl1_270958592
Security
• Network Isolation
• VPC
• NAT
• Whitelist model
• VPN
• AAA/IDM/IAM
• Role/Priviliges
• Security Group
• AWS Organizations
AWS Services
| Network | VPC, Route53, ELB, DX, .. |
| Storage | S3, EBS, EFS, FSX, Glacier, Snowball, .. |
| Compute | EC2, Autoscaling, Lambda, ECS, EKS, Beantalk, .. |
| Database | RDS, DynamoDB, Redshift, Elasticache, Aurora .. |
| Messaging | SNS, SQS, SES, .. |
| Analytic | Athena, EMR, Elasticsearch, Cloudsearch, Kinesis, .. |
| Security | IDM, Inspector, CM, DS, WAF, Shield |
| AI | Lex, Polly, Recognition, ML |
| Mobile | Cognito, MobileHub, DeviceFarm, .. |
| Private | AWS Outposts |
| Manage | CloudFormation, Cloudwatch, Cloudtrail, OptsWorks, .. |
| Develop | CodeCommit, CodePipeline, CodeBuild, CodeDeploy, .. |
https://colinkang.tistory.com/89
AWS Region / Service Type
• Global/Region/AZ/VPC
• Total Region : 29 ( 2023 Jan)
• Seoul Region (launched 2016) : 4 AZ
| ServiceType | Network | Compute | Storage | Database | Gateway | Security |
| AZ | Subnet, ENI | EC2 instance | EBS volume | |||
| Region | VPC, EIP, ELB, ASG | ECS, EKS | ESB snapshot | RDS, DynamoDB | TransitGW, StorageGW | SecurityGro up, IDM, EC2 Keypair |
| Global | Route53, CloudFront, DX |
S3(data region) | DynamoDB Global Table | User, WAF | ||
https://aws.amazon.com/ko/blogs/korea/now-open-fourth-availability-zone-in-the-aws-asia-pacific-seoul-region/ https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
Service Endpoint
• the URL of the entry point for an AWS web service
• Regional Endpoint • protocol://service-code.region-code.amazonaws.com
• Dynamo US West Region Service Endpoint • https://dynamodb.us-west-2.amazonaws.com
• Single Global Endpoint • organizations.us-east-1.amazonaws.com
• FIPS endpoint
• US Federal Information Standard : eg, encryption
• https://appstream2-fips.us-west-2.amazonaws.com
• Dual stack endpoint • HTTP / HTTPS
https://docs.aws.amazon.com/general/latest/gr/rande.html
ARNs
• Amazon Resource Names
• Use API/CLI/SDK call
• Format
• arn:partition:service:region:account-id:resource-type/resource-id
• arn:partition:service:region:account-id:resource-type:resource-id
• Example
• arn:aws:s3:::bucket_name/key_name
• arn:aws:s3:::examplebucket/developers/design_info.doc
• arn:aws:s3:::examplebucket/*
• arn:aws:s3:::*
• arn:aws:s3:::example?bucket/*
https://docs.aws.amazon.com/ko_kr/general/latest/gr/aws-arns-and-namespaces.html https://colinkang.tistory.com/93
CLI
• Command Line Interface
• Example
• aws s3 cp /tmp/sample.txt s3://mybucket
•
aws help • aws shell
https://docs.aws.amazon.com/ko_kr/general/latest/gr/aws-arns-and-namespaces.html https://colinkang.tistory.com/93
AWS Shared Responsibility Model
https://aws.amazon.com/ko/compliance/shared-responsibility-model/
AWS Support Plan
• Type
• Basic
• Developer
• Business
• Enterprise On-Ramp
• Enterprise
• Support Query
• Bug
• Incident
• Config error
https://aws.amazon.com/premiumsupport/plans/
QnA
• Scale in이 Elastic관점에서무엇이다른가요?
• VPC, VPN 의 다른점
• AWS 가 해킹된사례가 있나요?
• 데이터를 global service에올려도되나요?
• EBS 블록이 AZ 존서비스인가요?
• Aurora vs instance + mysql 가어떤점이다른가요?
'AWS > AWS Ceritified Solutions Architect' 카테고리의 다른 글
| 04. Storage (0) | 2023.07.21 |
|---|---|
| 03. EC2 and EBS (0) | 2023.07.08 |
| 02. AWS Services (0) | 2023.07.08 |
| AWS 가 더 좋은 서비스인 이유 (0) | 2023.01.30 |
| AWS Public Documentations (0) | 2023.01.30 |