AWS Certification Guide

60% - Designing highly available, cost-efficient, fault-tolerant, scalable systems

1. Security 
2. Reliability 
3. Performance Efficiency 
4. Cost Optimization 
5. Operational Excellence

Security

  • Apply security at all layers 
  • Enable trace-ability 
  • Implement a principle of least privilege: 
  • Focus on securing your system 
  • Automate security best practices

Identity and Access Management:


  1. users, groups, services, and roles/resp. 
  2. protecting AWS root account credentials
  3. Roles/Responsibilities of system users to control human access to the AWS Management Console and API
  4. Limiting automated access to AWS resources like Scripts/Third party 
  5. AWS Identity and Access Management (IAM)
  6. Multi-factor authentication (MFA)
  7. Security Assertion Markup Language
  8. Okta
  9. Ping
  10. AWS Security Token Service

Detective controls: 

Capturing and analyzing logs into log processing system like CloudWatch Logs, Splunk, Papertrail. AWS CloudTrail, AWS Config, Amazon CloudWatch

Infrastructure protection: 

Enforcing network and host-level boundary protection, Leveraging AWS service level security, Protecting Integrity of OS ie immutable AMI. Amazon Virtual Private Cloud (VPC)
Data protection: 
Classifying your data, encrypting/protecting data/managing keys/ data in transit. Elastic Load Balancing, Amazon Elastic Block Store (EBS), Amazon Simple Storage Service (S3), and Amazon Relational Database Service (RDS), AWS Key Management Service (KMS), AWS CloudHSM

Incident response: 

Authorization to incident response team. Amazon CloudFormation

Reliability


Performance Efficiency

NoSQL databases
media transcoding, and machine learning

data access patterns



Compute Unified Device Architecture
General-Purpose computing on Graphics Processing Units

 running read replicas

Operational Excellence



Cost Optimization






10% - Implementation/Deployment


Amazon EC2, Amazon S3, AWS Elastic Beanstalk, AWS CloudFormation, AWS OpsWorks, Amazon Virtual Private Cloud (VPC), and AWS Identity and Access Management (IAM) to code and implement a cloud solution.
Content may include the following:
       Configure an Amazon Machine Image (AMI)
       Operate and extend service management in a hybrid IT architecture
       Configure services to support compliance requirements in the cloud
       Launch instances across the AWS global infrastructure
       Configure IAM policies and best practices

20% - Data Security


       AWS shared responsibility model
       AWS platform compliance
       AWS security attributes (customer workloads down to physical layer)
       AWS administration and security services
       AWS Identity and Access Management (IAM)
       Amazon Virtual Private Cloud (VPC)
       AWS CloudTrail
       Ingress vs. egress filtering, and which AWS services and features fit
       “Core” Amazon EC2 and S3 security feature sets
       Incorporating common conventional security products (Firewall, VPN)
       Design patterns
       DoS mitigation
       Encryption solutions (e.g., key services)
       Complex access controls (building sophisticated security groups, ACLs, etc.)
       Amazon CloudWatch for the security architect
       Trusted Advisor
       CloudWatch Logs


Recognize critical disaster recovery techniques and their implementation.
Disaster recovery
Recovery time objective
Recovery point objective
Amazon Elastic Block Store
AWS Import/Export
AWS Storage Gateway
Amazon Route53
Validation of data recovery method


10% - Troubleshooting


Strategies that help in event of failure
1. Automated Backup/Restore 
2. Process threads that resume on reboot, and State of the system to re-sync by reloading messages from queues with Pre-configured and pre-optimized virtual images to support on launch/boot 
3. Avoiding in-memory sessions or stateful user context, move that to data stores. Like Maintain multiple Database slaves across Availability Zones and hot replication 
4. Whole Application should be impervious to reboots and re-launches
Consider before Design
1. Ensure Scalablity. If every component implements a service interface, responsible for its own scalability in all appropriate dimensions, then the overall system will have a scalable base. Proactive Cyclic Scaling that occurs at fixed interval (daily, weekly, monthly, quarterly) Proactive Event-based Scaling when expecting a big surge of traffic requests due to a scheduled event(new product launch, campaigns) Auto-scaling based on demand using Monitoring service, system can send triggers so that it scales up or down(utilization of servers/network i/o) 
2. For Manageability and High-availability, make sure that your components are loosely coupled, without having tight dependencies between each other. 
3. Implement Parallelization, Distributing the tasks on multiple machines, multithreading your requests and effective aggregation of results obtained in parallel
Secondary Consideration
1. Ensure Resilience. If any component fails (and failures happen all the time), the system should automatically alert, failover, and re-sync back to the "last known state" as if nothing failed 
2. Cost factor. The key is using on-demand resources and not pay for idle resource


Comments

  1. likitha6 November 2018 at 04:00

    Awesome post presented by you..your writing style is fabulous and keep update with your

    blogs AWS Online Course

    ReplyDelete

Post a Comment

Popular Posts