Refer: https://jayendrapatil.com/aws-certified-solutions-architect-associate-saa-c02-exam-learning-path/
Networking
-
Be sure to create VPC from scratch. This is mandatory.
-
Create VPC and understand whats an CIDR and addressing patterns
-
Create public and private subnets, configure proper routes, security groups, NACLs. (hint: Subnets are public or private depending on whether they can route traffic directly through Internet gateway)
-
Create Bastion for communication with instances
-
Create NAT Gateway or Instances for instances in private subnets to interact with internet
-
Create two tier architecture with application in public and database in private subnets
-
Create three tier architecture with web servers in public, application and database servers in private. (hint: focus on security group configuration with least privilege)
-
Make sure to understand how the communication happens between Internet, Public subnets, Private subnets, NAT, Bastion etc.
-
Understand difference between Security Groups and NACLs (hint: Security Groups are Stateful vs NACLs are stateless. Also only NACLs provide an ability to deny or block IPs)
-
Understand VPC endpoints and what services it can help interact (hint: VPC Endpoints routes traffic internally without Internet)
-
VPC Gateway Endpoints supports S3 and DynamoDB.
-
VPC Interface Endpoints OR Private Links supports others
-
Understand difference between NAT Gateway and NAT Instance (hint: NAT Gateway is AWS managed and is scalable and highly available)
-
Understand how NAT high availability can be achieved (hint: provision NAT in each AZ and route traffic from subnets within that AZ through that NAT Gateway)
-
Understand VPN and Direct Connect for on-premises to AWS connectivity
-
VPN provides quick connectivity, cost-effective, secure channel, however routes through internet and does not provide consistent throughput
-
Direct Connect provides consistent dedicated throughput without Internet, however requires time to setup and is not cost-effective
-
Understand Data Migration techniques
-
Choose Snowball vs Snowmobile vs Direct Connect vs VPN depending on the bandwidth available, data transfer needed, time available, encryption requirement, one-time or continuous requirement
-
Snowball, SnowMobile are for one-time data, cost-effective, quick and ideal for huge data transfer
-
Direct Connect, VPN are ideal for continuous or frequent data transfers
-
Understand CloudFront as CDN and the static and dynamic caching it provides, what can be its origin (hint: CloudFront can point to on-premises sources and its usecases with S3 to reduce load and cost)
-
Understand Route 53 for routing
-
Understand Route 53 health checks and failover routing
-
Understand Route 53 Routing Policies it provides and their use cases mainly for high availability (hint: focus on weighted, latency, geolocation, failover routing)
-
Be sure to cover ELB concepts in deep.
-
Understand differences between CLB vs ALB vs NLB
-
ALB is layer 7 while NLB is layer 4
-
ALB provides content based, host based, path based routing
-
ALB provides dynamic port mapping which allows same tasks to be hosted on ECS node
-
NLB provides low latency and ability to scale
-
NLB provides static IP address
Security
-
Understand IAM as a whole
-
Focus on IAM role (hint: can be used for EC2 application access and Cross-account access)
-
Understand IAM identity providers and federation and use cases
-
Understand MFA and how would implement two factor authentication for an application
-
Understand IAM Policies (hint: expect couple of questions with policies defined and you need to select correct statements)
-
Understand encryption services
-
KMS for key management and envelope encryption
-
Focus on S3 with SSE, SSE-C, SSE-KMS
-
Know SQS now provides SSE support
-
AWS WAF integrates with CloudFront to provide protection against Cross-site scripting (XSS) attacks. It also provide IP blocking and geo-protection.
-
AWS Shield integrates with CloudFront to provide protection against DDoS.
-
Refer Disaster Recovery whitepaper, be sure you know the different recovery types with impact on RTO/RPO.
Storage
-
Understand various storage options S3, EBS, Instance store, EFS, Glacier, FSx and what are the use cases and anti patterns for each
-
Instance Store
-
Understand Instance Store (hint: it is physically attached to the EC2 instance and provides the lowest latency and highest IOPS)
-
Elastic Block Storage – EBS
-
Understand various EBS volume types and their use cases in terms of IOPS and throughput. SSD for IOPS and HDD for throughput
-
Understand Burst performance and I/O credits to handle occasional peaks
-
Understand EBS Snapshots (hint: backups are automated, snapshots are manual)
-
Simple Storage Service – S3
-
Cover S3 in depth
-
Understand S3 storage classes with lifecycle policies
-
Understand the difference between SA Standard vs SA IA vs SA IA One Zone in terms of cost and durability
-
Understand S3 Data Protection (hint: S3 Client side encryption encrypts data before storing it in S3)
-
Understand S3 features including
-
S3 provides a cost effective static website hosting
-
S3 versioning provides protection against accidental overwrites and deletions
-
S3 Pre-Signed URLs for both upload and download provides access without needing AWS credentials
-
S3 CORS allows cross domain calls
-
S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
-
Understand Glacier as an archival storage with various retrieval patterns
-
Glacier Expedited retrieval now allows object retrieval within mins
-
Understand Storage gateway and its different types.
-
Cached Volume Gateway provides access to frequently accessed data, while using AWS as the actual storage
-
Stored Volume gateway uses AWS as a backup, while the data is being stored on-premises as well
-
File Gateway supports SMB protocol
-
Understand FSx easy and cost effective to launch and run popular file systems.
-
FSx provides two file systems to choose from: Amazon FSx for Windows File Server for business applications and Amazon FSx for Lustre for high-performance workloads.
-
Understand the difference between EBS vs S3 vs EFS
-
EFS provides shared volume across multiple EC2 instances, while EBS can be attached to a single volume within the same AZ.
-
Understand the difference between EBS vs Instance Store
-
Would recommend referring Storage Options whitepaper, although a bit dated 90% still holds right
Compute
-
Understand Elastic Cloud Compute – EC2
-
Understand Auto Scaling and ELB, how they work together to provide High Available and Scalable solution. (hint: Span both ELB and Auto Scaling across Multi-AZs to provide High Availability)
-
Understand EC2 Instance Purchase Types – Reserved, Scheduled Reserved, On-demand and Spot and their use cases
-
Choose Reserved Instances for continuous persistent load
-
Choose Scheduled Reserved Instances for load with fixed scheduled and time interval
-
Choose Spot instances for fault tolerant and Spiky loads
-
Reserved instances provides cost benefits for long terms requirements over On-demand instances
-
Spot instances provides cost benefits for temporary fault tolerant spiky load
-
Understand EC2 Placement Groups (hint: Cluster placement groups provide low latency and high throughput communication, while Spread placement group provides high availability)
-
Understand Lambda and serverless architecture, its features and use cases. (hint: Lambda integrated with API Gateway to provide a serverless, highly scalable, cost-effective architecture)
-
Understand ECS with its ability to deploy containers and micro services architecture.
-
ECS role for tasks can be provided through taskRoleArn
-
ALB provides dynamic port mapping to allow multiple same tasks on the same node
-
Know Elastic Beanstalk at a high level, what it provides and its ability to get an application running quickly.
Databases
-
Understand relational and NoSQLs data storage options which include RDS, DynamoDB, Aurora and their use cases
-
RDS
-
Understand RDS features – Read Replicas vs Multi-AZ
-
Read Replicas for scalability, Multi-AZ for High Availability
-
Multi-AZ are regional only
-
Read Replicas can span across regions and can be used for disaster recovery
-
Understand Automated Backups, underlying volume types
-
Aurora
-
Understand Aurora
-
provides multiple read replicas and replicates 6 copies of data across AZs
-
Understand Aurora Serverless provides a highly scalable cost-effective database solution
-
DynamoDB
-
Understand DynamoDB with its low latency performance, key-value store (hint: DynamoDB is not a relational database)
-
DynamoDB DAX provides caching for DynamoDB
-
Understand DynamoDB provisioned throughput for Read/Writes (It is more cover in Developer exam though.)
-
Know ElastiCache use cases, mainly for caching performance
Integration Tools
- Understand SQS as message queuing service and SNS as pub/sub notification service
- Understand SQS features like visibility, long poll vs short poll
- Focus on SQS as a decoupling service
- Understand SQS Standard vs SQS FIFO difference (hint: FIFO provides exactly once delivery both low throughput)
Analytics
- Know Redshift as a business intelligence tool
- Know Kinesis for real time data capture and analytics
- Atleast know what AWS Glue does, so you can eliminate the answer
Management Tools
- Understand CloudWatch monitoring to provide operational transparency
- Know which EC2 metrics it can track. Remember, it cannot track memory and disk space/swap utilization
- Understand CloudWatch is extendable with custom metrics
- Understand CloudTrail for Audit
- Have a basic understanding of CloudFormation, OpsWorks
网友评论