AWS Solutions Architect

    Colin Kang

EC2 Launch

•    AMI : OS / architecture (x86/Arm)

•    Instance Type : t2.micro ( 1vcpu/1GB ) – x2iden.32xlarge (

128vcpu/4098GB)

•    Keypair

•    Network : VPC/subnet/securitygroup

•    Storage : root + new

•    Advanced

•    IAM/PlacementGroup/Tenancy (shared/dedicated)/Tag

https://docs.aws.amazon.com/efs/latest/ug/gs-step-one-create-ec2-resources.html/

EC2 Launch with Template

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html/

EC2 AMI

Amazon Machine Image

•    Quick Start AMI : Linux/Mac..

•    Marketplace AMI

•    Vendor provide

•    Community AMI

•    Private AMI

•    User defined

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html

EC2 Instance ( vcpu/mem/bandwidh

•    Geneal Purpose : T3, T2, T5, M6, M5, M4, M3

•    Compute Optimize : C5, C4, C3

•    Memory Optimze : X1e, X1, R4, R3

•    Accelerated Computing : GPU : P3, P2, G3, F1

•    Storage Optimized : H1, I3, D2

•    HPC Optimized : High Performance Compuing : Hpc6id, Hpc6a

https://aws.amazon.com/ec2/instance-types/

Network

VPC : • Isolated Network

•    Subnet :

•    VPC sub network

https://en.wikipedia.org/wiki/CAP_theorem

https://www.geeksforgeeks.org/difference-between-shared-nothing-architecture-and-shared-disk-architecture/

PlacementGroup

•    Default : distributed

•    Placement group : interdependent instances

•    Cluster : packs instances close together inside an Availability Zone

•    Partition : spreads one partition do not share the underlying hardware, eg Hadoop

•    Spread : strictly places distinct underlying hardward

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

Storage

EBS volume : SSD, HDD / IOPS

•     Attach multiple EBS storage volume

•     snapshot

•     Instance Store Volume :

•     Ephemeral

•     Speed : Instance Store Volume > EBS

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Storage.html/

Security

VPC ACL

•    SecurityGroup

•    IAM role

•    Keypare

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security.html https://aws.amazon.com/blogs/security/category/compute/amazon-ec2/page/2/

https://aws.amazon.com/blogs/security/how-to-help-prepare-for-ddos-attacks-by-reducing-your-attack-surface/

Auto Scale

Launch Configuration

•    Launch Template

https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html

AWS Solutions Architect Certification

    Colin Kang

AWS Products and Services

https://www.cloudz.co.kr/services/multi-cloud-partners/aws/

Compute

•     EC2 : Elastic Compute Cloud, AMI, Virtualized Machine, VCPU/Mem

•     EC2 Auto Scaling : High Available Architecture, Elastic On-demand, LaunchTemplate, UserData(script)

•     Lambda : run code, function or application, event triggering

•     ECS : EC2 Container Service : Docker Service, ELB, EBS integrated

•     Beanstalk : run web app, provisioning manage

•     Lightsail : VPS : os + app( wordpress, node.js ): storage, network,

computing, dns, ssd, data send, static IP, all in one

•     Batch : serverless batch execute based on docker container image

•     AWS Outpost : on-premises, fully managed and suppored,

https://velog.io/@koo8624/AWS-%EB%B0%B1%EC%84%9C-Computing-Lightsail-Batch-Beanstalk-Lambda

Network & Content Delivery

•      VPC : Virtual Private Cloud

•      Subnet : CIDR

•      Route Table

•      NAT Gateway

•      VPC endpoint

•      VPC Peering

•      Transit Gateway

•      Site to Site VPN

•      Direct Connect : direct secured line network

•      Route 53 : DNS

•      ELB : Elastic Load Balancing : L4, L7

•      EIP : Elastic IP

•      Cloudfront : CDN

Security, Identity, & Compliance

•      IAM : Identity and Access Management

•      Inspector : find vulnerability

•     

Cetificate Manager : manage ssl/tsl certification

•      Directory Service : LDAP, Active Directory

•      WAF : Web Application Firewall : filter web traffic

•      Shield : Ddos protection

•      Cognito : identity management

•      Detective : investigate potential risk

•      Guardduty : threat detection

•      Inspector : vulunarity

•      Macie : sensitive data

•      Cloud HSM : hardware security module

•      Key Management Service

https://julie-tech.tistory.com/125

https://aws.amazon.com/blogs/aws/aws-heroes-putting-aws-security-services-to-work-for-you/

Storage

•    S3 : Simple Shared Storage, eleven nine

•    Glacier : tape backup

•    EBS : Elastic Block Store : for EC2, magnetic or SSD

•    EFS : Elastic File System : NAS

•    Storage Gateway

•    Snowball : import/export service petabytes

•    FSx : fully managed 3p file system : feature rich, high performance

•    Netapp/ZFS/WindowsFS/Lustre

Database

•    RDS : mysql, Oracle, SQL, PostgreSQL, MariaDB : managed

•    Dynamo : NoSQL

•    Redshift : DW : Columnar

•    ElastiCache : Redis, Memcached

•    Aurora : Mysql, PostgreSQL

•    Snowball : import/export service / petabytes

Analytic

•    Athena : serverles SQL – S3

•    EMR : Hadoop, Spark • Elasticsearch :

•    CloudSearch : domain search

•    Data Pipeline : orchestration data pipeline ( N/A Seoul Region)

•    Kinesis : realtime streaming data

•    QuickSight : business analytic

Application

•    API Gateway

•    Step Functions

•    Simple Workflow Service

•    Elastic Transcoder : media transcoding

Developer

•    Code Commit

•    Code Pipeline

•    Code Build

•    Code Deploy

Management

•    CloudFormation : manage resource with templates • Alb target group

•    Service Catalog

•    CloudWatch : monitor resource and application

•    Config : track resource inventory

•    CloudTrail : track user activity and api usage

Messaging

•    SNS : Simple Notification Service : pub/sub

•    SES : Simple Email Service :

•    SQS : Simple Queue Service : queue

Migration

•    Application Discovery Service

•    Database Migration Service

•    Snowball

•    Server Migration

Artificial Intelligence

•    Lex : voice and text chatbot

•    Polly : turn text into speech

•    Rekognition : search and analyze image

•    Machine Learning : N/A

•    Segemaker : build/train/deploy machine learning model

Internet of Things

•    IoT Core : device connect

•    IoT Greengrass : run code on devices

•    IoT Event : detect event from devices

References

•    https://julie-tech.tistory.com/128

•    https://www.examtopics.com/exams/amazon/aws-certifiedsolutions-architect-associate-saa-c03/