AWS Solutions Architect

    Colin Kang

EC2 Launch

•    AMI : OS / architecture (x86/Arm)

•    Instance Type : t2.micro ( 1vcpu/1GB ) – x2iden.32xlarge (

128vcpu/4098GB)

•    Keypair

•    Network : VPC/subnet/securitygroup

•    Storage : root + new

•    Advanced

•    IAM/PlacementGroup/Tenancy (shared/dedicated)/Tag

https://docs.aws.amazon.com/efs/latest/ug/gs-step-one-create-ec2-resources.html/

EC2 Launch with Template

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html/

EC2 AMI

Amazon Machine Image

•    Quick Start AMI : Linux/Mac..

•    Marketplace AMI

•    Vendor provide

•    Community AMI

•    Private AMI

•    User defined

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

EC2 Instance ( vcpu/mem/bandwidh

•    Geneal Purpose : T3, T2, T5, M6, M5, M4, M3

•    Compute Optimize : C5, C4, C3

•    Memory Optimze : X1e, X1, R4, R3

•    Accelerated Computing : GPU : P3, P2, G3, F1

•    Storage Optimized : H1, I3, D2

•    HPC Optimized : High Performance Compuing : Hpc6id, Hpc6a

https://aws.amazon.com/ec2/instance-types/

Network

VPC : • Isolated Network

•    Subnet :

•    VPC sub network

https://en.wikipedia.org/wiki/CAP_theorem

https://www.geeksforgeeks.org/difference-between-shared-nothing-architecture-and-shared-disk-architecture/

PlacementGroup

•    Default : distributed

•    Placement group : interdependent instances

•    Cluster : packs instances close together inside an Availability Zone

•    Partition : spreads one partition do not share the underlying hardware, eg Hadoop

•    Spread : strictly places distinct underlying hardward

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

Storage

EBS volume : SSD, HDD / IOPS

•     Attach multiple EBS storage volume

•     snapshot

•     Instance Store Volume :

•     Ephemeral

•     Speed : Instance Store Volume > EBS

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Storage.html/

Security

VPC ACL

•    SecurityGroup

•    IAM role

•    Keypare

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security.html https://aws.amazon.com/blogs/security/category/compute/amazon-ec2/page/2/

https://aws.amazon.com/blogs/security/how-to-help-prepare-for-ddos-attacks-by-reducing-your-attack-surface/

Auto Scale

Launch Configuration

•    Launch Template

https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html

AWS Solutions Architect Certification

    Colin Kang

AWS Products and Services

https://www.cloudz.co.kr/services/multi-cloud-partners/aws/

Compute

•     EC2 : Elastic Compute Cloud, AMI, Virtualized Machine, VCPU/Mem

•     EC2 Auto Scaling : High Available Architecture, Elastic On-demand, LaunchTemplate, UserData(script)

•     Lambda : run code, function or application, event triggering

•     ECS : EC2 Container Service : Docker Service, ELB, EBS integrated

•     Beanstalk : run web app, provisioning manage

•     Lightsail : VPS : os + app( wordpress, node.js ): storage, network,

computing, dns, ssd, data send, static IP, all in one

•     Batch : serverless batch execute based on docker container image

•     AWS Outpost : on-premises, fully managed and suppored,

https://velog.io/@koo8624/AWS-%EB%B0%B1%EC%84%9C-Computing-Lightsail-Batch-Beanstalk-Lambda

Network & Content Delivery

•      VPC : Virtual Private Cloud

•      Subnet : CIDR

•      Route Table

•      NAT Gateway

•      VPC endpoint

•      VPC Peering

•      Transit Gateway

•      Site to Site VPN

•      Direct Connect : direct secured line network

•      Route 53 : DNS

•      ELB : Elastic Load Balancing : L4, L7

•      EIP : Elastic IP

•      Cloudfront : CDN

Security, Identity, & Compliance

•      IAM : Identity and Access Management

•      Inspector : find vulnerability

•     

Cetificate Manager : manage ssl/tsl certification

•      Directory Service : LDAP, Active Directory

•      WAF : Web Application Firewall : filter web traffic

•      Shield : Ddos protection

•      Cognito : identity management

•      Detective : investigate potential risk

•      Guardduty : threat detection

•      Inspector : vulunarity

•      Macie : sensitive data

•      Cloud HSM : hardware security module

•      Key Management Service

https://julie-tech.tistory.com/125

https://aws.amazon.com/blogs/aws/aws-heroes-putting-aws-security-services-to-work-for-you/

Storage

•    S3 : Simple Shared Storage, eleven nine

•    Glacier : tape backup

•    EBS : Elastic Block Store : for EC2, magnetic or SSD

•    EFS : Elastic File System : NAS

•    Storage Gateway

•    Snowball : import/export service petabytes

•    FSx : fully managed 3p file system : feature rich, high performance

•    Netapp/ZFS/WindowsFS/Lustre

Database

•    RDS : mysql, Oracle, SQL, PostgreSQL, MariaDB : managed

•    Dynamo : NoSQL

•    Redshift : DW : Columnar

•    ElastiCache : Redis, Memcached

•    Aurora : Mysql, PostgreSQL

•    Snowball : import/export service / petabytes

Analytic

•    Athena : serverles SQL – S3

•    EMR : Hadoop, Spark • Elasticsearch :

•    CloudSearch : domain search

•    Data Pipeline : orchestration data pipeline ( N/A Seoul Region)

•    Kinesis : realtime streaming data

•    QuickSight : business analytic

Application

•    API Gateway

•    Step Functions

•    Simple Workflow Service

•    Elastic Transcoder : media transcoding

Developer

•    Code Commit

•    Code Pipeline

•    Code Build

•    Code Deploy

Management

•    CloudFormation : manage resource with templates • Alb target group

•    Service Catalog

•    CloudWatch : monitor resource and application

•    Config : track resource inventory

•    CloudTrail : track user activity and api usage

Messaging

•    SNS : Simple Notification Service : pub/sub

•    SES : Simple Email Service :

•    SQS : Simple Queue Service : queue

Migration

•    Application Discovery Service

•    Database Migration Service

•    Snowball

•    Server Migration

Artificial Intelligence

•    Lex : voice and text chatbot

•    Polly : turn text into speech

•    Rekognition : search and analyze image

•    Machine Learning : N/A

•    Segemaker : build/train/deploy machine learning model

Internet of Things

•    IoT Core : device connect

•    IoT Greengrass : run code on devices

•    IoT Event : detect event from devices

References

•    https://julie-tech.tistory.com/128

•    https://www.examtopics.com/exams/amazon/aws-certifiedsolutions-architect-associate-saa-c03/

AWS Solutions Architect Certification

   Colin Kang

Before we start : What we learn from AWS

•    Architecture

•    Service Design

•    Service Pros/Cons

•    Terminology

•    Invisible Hardware

•    Software/hardware integration

•    Trade off

•    Design Thinking

AWS Benefits

•    Easy to Use : What is mean by easy? API ? CLI ? SDK? Console?

•    Design Principle : Consistency, Reasonable

•    SRP : Single Responsibility Principle : GSSD : Gather for Same, Separate for Different

•    Flexible : Composite, Loose Coupled, various work-around

•    Cost-Effective : On-Demand/Option

•    Reliable : Availability/Backup/Recovery/Managed

•    Scalable and high-performance : Autoscale

•    Secure : enterprise-level proof : Network

https://en.wikipedia.org/wiki/Single-responsibility_principle

Scalability

•    Scale Up/Down : Vertical Limit

•    Scale Out/In : Horizental Expansion • CAP theorem : Consistency/Availability/Partition Tolerence

•    Shared Everything

•    Expensive, High Performance

•    Clusterware

•    Shared Nothing

•    Easy to implement, hard to shard

https://en.wikipedia.org/wiki/CAP_theorem

https://www.geeksforgeeks.org/difference-between-shared-nothing-architecture-and-shared-disk-architecture/

Virtualization

•     Emulation/Simulation

•     Emulator : Game

•     Flight Simulator

•     Emulation/Virtualization

•     Virtual Memory

•     Java Virtual Machine : Emulator : Interpreter

•     Virtual Hardware : Virtual Machine : Image

•     Bare Metal/Hypervisor/Hosting

•     Hypervisor

•     Virtual Machine Supervisor

•     KVM/Xen/MS Hyper-V

•     Full Virtualization / Para-virtualization • Container : Later

https://www.baeldung.com/cs/simulation-vs-emulation

https://velog.io/@skynet/가상화-입문-에뮬레이션-가상머신-컨테이너

Disruptive Technology

•    Human cost > Hardware cost

•    More cost effective than optimization

•    Speed > Cost

•    Winner takes it all

•    Immutable

•    Shared Nothing Win

Cloud Computing

• IaaS, Paas, Saas     

• Public, Hybrid, On-premises(private, IDC)

 SHAPE  \* MERGEFORMAT

https://www.redhat.com/en/topics/cloud-computing/iaas-vs-paas-vs-saas

https://www.researchgate.net/figure/Comparison-among-Public-Private-Hybrid-and-Community-Cloud_tbl1_270958592

Security

•    Network Isolation

•    VPC

•    NAT

•    Whitelist model

•    VPN

•    AAA/IDM/IAM

•    Role/Priviliges

•    Security Group

•    AWS Organizations

AWS Services

https://colinkang.tistory.com/89

AWS Region / Service Type

•     Global/Region/AZ/VPC

•     Total Region :  29 ( 2023 Jan)

•     Seoul Region (launched 2016) : 4 AZ

https://aws.amazon.com/ko/blogs/korea/now-open-fourth-availability-zone-in-the-aws-asia-pacific-seoul-region/ https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

Service Endpoint

•     the URL of the entry point for an AWS web service

•     Regional Endpoint • protocol://service-code.region-code.amazonaws.com

•     Dynamo US West Region Service Endpoint • https://dynamodb.us-west-2.amazonaws.com

•     Single Global Endpoint • organizations.us-east-1.amazonaws.com

•     FIPS endpoint

•     US Federal Information Standard : eg, encryption

•     https://appstream2-fips.us-west-2.amazonaws.com

•     Dual stack endpoint • HTTP / HTTPS

https://docs.aws.amazon.com/general/latest/gr/rande.html

ARNs

•     Amazon Resource Names

•     Use API/CLI/SDK call

•     Format

•     arn:partition:service:region:account-id:resource-type/resource-id

•     arn:partition:service:region:account-id:resource-type:resource-id

•     Example

•     arn:aws:s3:::bucket_name/key_name

•     arn:aws:s3:::examplebucket/developers/design_info.doc

•     arn:aws:s3:::examplebucket/*

•     arn:aws:s3:::*

•     arn:aws:s3:::example?bucket/*

https://docs.aws.amazon.com/ko_kr/general/latest/gr/aws-arns-and-namespaces.html https://colinkang.tistory.com/93

CLI

•    Command Line Interface

•    Example

•    aws s3 cp /tmp/sample.txt s3://mybucket

•   

aws help • aws shell

https://docs.aws.amazon.com/ko_kr/general/latest/gr/aws-arns-and-namespaces.html https://colinkang.tistory.com/93