Published by Pearson IT Certification (August 17, 2023) © 2023
Mark WilkinsThis is the eBook version of the print title. Note that the eBook does not provide access to the practice test software that accompanies the print book.
Learn, prepare, and practice for AWS Certified Solutions Architect - Associate (SAA-C03) exam success with this Cert Guide from Pearson IT Certification, a leader in IT Certification.
- Master AWS Certified Solutions Architect - Associate (SAA-C03) exam topics
- Assess your knowledge with chapter-ending quizzes
- Review key concepts with exam preparation tasks
AWS Certified Solutions Architect - Associate (SAA-C03) Cert Guide from Pearson IT Certification prepares you to succeed on the exam by directly addressing the exam's official objectives as stated by Amazon. Leading Cloud expert Mark Wilkins shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
The book presents you with an organized test preparation routine using proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, this study guide helps you master all the topics on the AWS Certified Solutions Architect - Associate (SAA-C03) exam, including
- Secure Architectures: Secure access to AWS resources, secure workloads and applications, data security controls
- Resilient Architectures: Scalable and loosely coupled architectures, highly available and fault-tolerant architectures
- High-Performing Architectures: High-performing and scalable storage solutions; high-performing and elastic compute solutions; high-performing database solutions, scalable network architecture, data ingestion, and transformations solutions
- Cost-Optimized Architectures: Cost-optimized storage solutions, compute solutions, and database solutions; cost-effective network architectures
Introduction xxx
Chapter 1 Understanding the Foundations of AWS Architecture 3
Essential Characteristics of AWS Cloud Computing 6
AWS Cloud Computing and NIST 8
On-Demand Self-Service 9
Broad Network Access 10
Resource Pooling 10
Rapid Elasticity 11
Measured Service 12
Moving to AWS 13
Infrastructure as a Service (IaaS) 14
Platform as a Service (PaaS) 17
Operational Benefits of AWS 19
Cloud Provider Responsibilities 20
Security at AWS 21
Network Security at AWS 22
Application Security at AWS 23
Migrating Applications 24
Applications That Can Be Moved to AWS and Hosted on an EC2 Instance with No Changes 26
Applications with Many Local Dependencies That Cause Problems When Being Moved to the Cloud 27
Replacing an Existing Application with a SaaS Application Hosted by a Public Cloud Provider 28
Applications That Should Remain On Premises and Eventually Be Deprecated 28
The AWS Well-Architected Framework 28
The Well-Architected Tool 30
AWS Services Cheat Sheet 31
In Conclusion 36
Chapter 2 The AWS Well-Architected Framework 39
“Do I Know This Already?” 40
Foundation Topics 42
The Well-Architected Framework 42
Operational Excellence Pillar 44
Security Pillar 45
Reliability Pillar 47
Performance Efficiency Pillar 49
Cost Optimization Pillar 51
Sustainability Pillar 51
Designing a Workload SLA 52
Reliability and Performance Are Linked 54
Disaster Recovery 54
Placing Cloud Services 55
Deployment Methodologies 60
Factor 1: Use One Codebase That Is Tracked with Version Control to Allow Many Deployments 63
Factor 2: Explicitly Declare and Isolate Dependencies 65
Factor 3: Store Configuration in the Environment 66
Factor 4: Treat Backing Services as Attached Resources 66
Factor 5: Separate Build and Run Stages 67
Factor 6: Execute an App as One or More Stateless Processes 67
Factor 7: Export Services via Port Binding 69
Factor 8: Scale Out via the Process Model 69
Factor 9: Maximize Robustness with Fast Startup and Graceful Shutdown 69
Factor 10: Keep Development, Staging, and Production as Similar as Possible 70
Factor 11: Treat Logs as Event Streams 70
Factor 12: Run Admin/Management Tasks as One-Off Processes 71
Exam Preparation Tasks 71
Review All Key Topics 71
Define Key Terms 72
Q&A 72
Chapter 3 Designing Secure Access to AWS Resources 75
“Do I Know This Already?” 75
Foundation Topics 79
Identity and Access Management (IAM) 79
IAM Policy Definitions 81
IAM Authentication 82
Requesting Access to AWS Resources 84
The Authorization Process 85
Actions 87
IAM Users and Groups 88
The Root User 88
The IAM User 90
IAM Groups 94
Signing In as an IAM User 94
IAM Account Details 95
Creating a Password Policy 96
Rotating Access Keys 97
Using Multi-Factor Authentication 99
Creating IAM Policies 99
IAM Policy Types 100
IAM Policy Creation 105
IAM Roles 118
When to Use IAM Roles 119
AWS Security Token Service 126
IAM Best Practices 128
IAM Security Tools 130
IAM Cheat Sheet 132
AWS Identity Center 132
AWS Organizations 134
AWS Organizations Cheat Sheet 136
AWS Resource Access Manager 136
AWS Control Tower 138
Exam Preparation Tasks 140
Review All Key Topics 140
Define Key Terms 141
Q&A 142
Chapter 4 Designing Secure Workloads and Applications 145
“Do I Know This Already?” 145
Foundation Topics 149
Securing Network Infrastructure 149
Networking Services Located at Edge Locations 150
VPC Networking Services for Securing Workloads 154
Network ACL Cheat Sheet 169
VPC Flow Logs 172
NAT Services 174
Amazon Cognito 176
User Pool 177
Federated Identity Provider 179
External Connections 180
Virtual Private Gateway 181
Customer Gateway 182
AWS Managed VPN Connection Options 183
Understanding Route Propagation 184
AWS Direct Connect 185
AWS Direct Connect Cheat Sheet 187
Amazon GuardDuty 187
Amazon GuardDuty Cheat Sheet 189
Amazon Macie 189
Amazon Macie Cheat Sheet 190
Security Services for Securing Workloads 191
AWS CloudTrail 191
AWS Secrets Manager 194
Amazon Inspector 195
AWS Trusted Advisor 196
AWS Config 198
Exam Preparation Tasks 199
Review All Key Topics 199
Define Key Terms 200
Q&A 201
Chapter 5 Determining Appropriate Data Security Controls 203
“Do I Know This Already?” 204
Foundation Topics 207
Data Access and Governance 207
Data Retention and Classification 207
Infrastructure Security 209
IAM Controls 210
Detective Controls 210
Amazon EBS Encryption 212
Amazon S3 Bucket Security 216
S3 Storage at Rest 220
Amazon S3 Object Lock Policies 221
Legal Hold 222
Amazon S3 Glacier Storage at Rest 222
Data Backup and Replication 223
AWS Key Management Service 224
Envelope Encryption 225
AWS KMS Cheat Sheet 226
AWS CloudHSM 227
AWS Certificate Manager 227
Encryption in Transit 228
Exam Preparation Tasks 229
Review All Key Topics 229
Define Key Terms 230
Q&A 230
Chapter 6 Designing Resilient Architecture 233
“Do I Know This Already?” 233
Foundation Topics 237
Scalable and Resilient Architecture 237
Scalable Delivery from Edge Locations 238
Stateful Versus Stateless Application Design 239
Changing User State Location 241
User Session Management 243
Container Orchestration 244
Migrating Applications to Containers 246
Resilient Storage Options 246
Application Integration Services 247
Amazon Simple Notification Service 248
Amazon Simple Queue Service 250
AWS Step Functions 254
Amazon EventBridge 256
Amazon API Gateway 258
API Gateway Cheat Sheet 261
Building a Serverless Web App 262
Automating AWS Infrastructure 266
AWS CloudFormation 268
AWS Service Catalog 277
AWS Elastic Beanstalk 279
Updating Elastic Beanstalk Applications 282
Exam Preparation Tasks 284
Review All Key Topics 284
Define Key Terms 285
Q&A 285
Chapter 7 Designing Highly Available and Fault-Tolerant Architecture 287
“Do I Know This Already?” 289
Foundation Topics 293
High Availability and Fault Tolerance 293
High Availability in the Cloud 294
Reliability 295
AWS Regions and Availability Zones 296
Availability Zones 300
AWS Services Use Cases 308
Choosing an AWS Region 310
Compliance Rules 311
Latency Concerns 319
Services Offered in Each AWS Region 320
Calculating Costs 321
Distributed Design Patterns 321
Designing for High Availability and Fault Tolerance 322
Removing Single Points of Failure 325
Immutable Infrastructure 327
Storage Options and Characteristics 329
Failover Strategies 330
Backup and Restore 332
Pilot Light 333
Warm Standby 337
Multi-Region Scenarios 339
Single and Multi-Region Recovery Cheat Sheet 343
Disaster Recovery Cheat Sheet 344
AWS Service Quotas 345
AWS Service Quotas Cheat Sheet 347
Amazon Route 53 348
Route 53 Health Checks 349
Route 53 Routing Policies 350
Route 53 Traffic Flow Policies 351
Alias Records 352
Route 53 Resolver 352
Exam Preparation Tasks 354
Review All Key Topics 354
Define Key Terms 355
Q&A 355
Chapter 8 High-Performing and Scalable Storage Solutions 357
“Do I Know This Already?” 358
Foundation Topics 362
AWS Storage Options 362
Workload Storage Requirements 363
Amazon Elastic Block Store 365
EBS Volume Types 367
General Purpose SSD (gp2/gp3) 369
Elastic EBS Volumes 370
Attaching an EBS Volume 371
Amazon EBS Cheat Sheet 372
EBS Snapshots 373
Local EC2 Instance Storage Volumes 377
Amazon Elastic File System 379
EFS Performance Modes 380
EFS Throughput Modes 381
EFS Security 382
EFS Storage Classes 382
EFS Lifecycle Management 383
Amazon EFS Cheat Sheet 383
AWS DataSync 384
Amazon FSx for Windows File Server 386
Amazon FSx for Windows File Server Cheat Sheet 388
Amazon Simple Storage Service 388
Amazon S3 Bucket Concepts 390
Amazon S3 Data Consistency 393
Amazon S3 Storage Classes 394
Amazon S3 Management 396
S3 Bucket Versioning 400
Amazon S3 Access Points 401
Multi-Region Access Points 402
Preselected URLs for S3 Objects 403
S3 Cheat Sheet 403
Amazon S3 Glacier 404
Vaults and Archives 405
S3 Glacier Retrieval Policies 405
S3 Glacier Deep Archive 406
Amazon S3 Glacier Cheat Sheet 406
AWS Data Lake 407
AWS Lake Formation 409
Structured and Unstructured Data 411
Analytical Tools and Datasets 412
AWS Glue 413
Analytic Services 415
Amazon Kinesis Data Streams 417
Exam Preparation Tasks 418
Review All Key Topics 418
Define Key Terms 419
Q&A 419
Chapter 9 Designing High-Performing and Elastic Compute Solutions 421
“Do I Know This Already?” 421
Foundation Topics 425
AWS Compute Services 425
AWS EC2 Instances 427
Amazon Machine Images 429
AWS Lambda 436
AWS Lambda Integration 438
AWS Lambda Cheat Sheet 441
Amazon Container Services 441
Amazon Elastic Container Service 443
AWS ECS Task Definition Choices 443
Amazon Elastic Kubernetes Service 446
Monitoring with AWS CloudWatch 447
CloudWatch Basic Monitoring 448
CloudWatch Logs 449
Collecting Data with the CloudWatch Agent 451
Planning for Monitoring 452
Amazon CloudWatch Integration 453
Amazon CloudWatch Terminology 455
Creating a CloudWatch Alarm 459
Additional Alarm and Action Settings 460
Amazon CloudWatch Cheat Sheet 461
Auto Scaling Options at AWS 461
EC2 Auto Scaling 463
EC2 Auto Scaling Operation 463
Cooldown Period 471
Termination Policy 471
Lifecycle Hooks 472
EC2 Auto Scaling Cheat Sheet 473
AWS Auto Scaling 473
Exam Preparation Tasks 474
Review All Key Topics 474
Define Key Terms 475
Q&A 475
Chapter 10 Determining High-Performing Database Solutions 477
“Do I Know This Already?” 477
Foundation Topics 481
AWS Cloud Databases 481
Amazon Relational Database Service 481
Amazon RDS Database Instances 483
Database Instance Class Types 485
High-Availability Design for RDS 485
Multi-AZ RDS Deployments 488
Big-Picture RDS Installation Steps 488
Monitoring Database Performance 490
Best Practices for RDS 491
Amazon Relational Database Service Proxy 492
Amazon RDS Cheat Sheet 493
Amazon Aurora 493
Amazon Aurora Storage 496
Amazon Aurora Replication 498
Communicating with Amazon Aurora 499
Amazon Aurora Cheat Sheet 500
Amazon DynamoDB 501
Amazon DynamoDB Tables 503
Amazon DynamoDB Accelerator 511
Backup and Restoration 511
Amazon DynamoDB Cheat Sheet 512
Amazon ElastiCache 512
Amazon ElastiCache for Memcached 513
Amazon ElastiCache for Memcached Cheat Sheet 514
Amazon ElastiCache for Redis 514
Amazon ElastiCache for Redis Cheat Sheet 516
ElastiCache for Redis: Global Datastore 516
Amazon Redshift 517
Amazon Redshift Cheat Sheet 519
Exam Preparation Tasks 520
Review All Key Topics 520
Define Key Terms 521
Q&A 521
Chapter 11 High-Performing and Scalable Networking Architecture 523
“Do I Know This Already?” 523
Foundation Topics 527
Amazon CloudFront 527
How Amazon CloudFront Works 527
Regional Edge Caches 528
CloudFront Use Cases 529
HTTPS Access 529
Serving Private Content 530
CloudFront Origin Failover 532
Video-on-Demand and Live Streaming Support 533
Edge Functions 534
CloudFront Cheat Sheet 536
AWS Global Accelerator 536
Elastic Load Balancing Service 539
Application Load Balancer Features 540
Health Checks 548
Network Load Balancer 554
Multi-Region Failover 555
AWS VPC Networking 556
The Shared Security Model 557
AWS Networking Terminology 558
VPC Cheat Sheet 560
Creating a VPC 561
How Many VPCs Does Your Organization Need? 564
Subnets 570
Subnet Cheat Sheet 572
IP Address Types 573
Private IPv4 Addresses 573
Private IPv4 Address Summary 574
Public IPv4 Addresses 574
Inbound and Outbound Traffic Charges 578
Bring-Your-Own IP 579
IPv6 Addresses 580
VPC Flow Logs 581
Connectivity Options 583
VPC Peering 583
Establishing a Peering Connection 584
VPC Endpoints 585
Exam Preparation Tasks 590
Review All Key Topics 590
Define Key Terms 591
Q&A 587
Chapter 12 Designing Cost-Optimized Storage Solutions 593
“Do I Know This Already?” 593
Foundation Topics 597
Calculating AWS Costs 597
Cloud Service Costs 598
Tiered Pricing at AWS 599
Management Tool Pricing Example: AWS Config 600
Cost Management Tools 602
AWS Cost Explorer 604
AWS Budgets 607
AWS Cost and Usage Reports 609
Managing Costs Cheat Sheet 610
Tagging AWS Resources 611
Using Cost Allocation Tags 612
Storage Types and Costs 613
AWS Backup 618
Lifecycle Rules 619
AWS Backup Cheat Sheet 620
Data Transfer Costs 621
AWS Storage Gateway 625
AWS Storage Gateway Cheat Sheet 627
Exam Preparation Tasks 627
Review All Key Topics 628
Define Key Terms 628
Q&A 629
Chapter 13 Designing Cost-Effective Compute Solutions 631
“Do I Know This Already?” 631
Foundation Topics 633
EC2 Instance Types 633
What Is a vCPU? 634
EC2 Instance Choices 634
Dedicated Host 636
Dedicated Instances 638
Placement Groups 638
EC2 Instance Purchasing Options 638
EC2 Pricing—On-demand 640
On-demand Instance Service Quotas 641
Reserved Instances 644
Term Commitment 645
Payment Options 646
EC2 Reserved Instance Types 646
Scheduled Reserved EC2 Instances 646
Regional and Zonal Reserved Instances 647
Savings Plans 649
Spot Instances 650
Spot Fleet Optimization Strategies 653
Spot Capacity Pools 653
EC2 Pricing Cheat Sheet 655
Compute Tools and Utilities 655
Strategies for Optimizing Compute 656
Matching Compute Utilization with Requirements 659
Compute Scaling Strategies 661
Exam Preparation Tasks 662
Review All Key Topics 662
Define Key Terms 662
Q&A 663
Chapter 14 Designing Cost-Effective Database Solutions 665
“Do I Know This Already?” 665
Foundation Topics 668
Database Design Choices 668
RDS Deployments 668
NoSQL Deployments 675
Migrating Databases 680
Database Data Transfer Costs 681
Data Transfer Costs and RDS 682
Data Transfer Costs with DynamoDB 683
Data Transfer Costs with Amazon Redshift 685
Data Transfer Costs with DocumentDB 686
Data Transfer Costs Cheat Sheet 686
Database Retention Policies 687
Database Backup Policies Cheat Sheet 688
Exam Preparation Tasks 689
Review All Key Topics 690
Define Key Terms 690
Q&A 690
Chapter 15 Designing Cost-Effective Network Architectures 693
“Do I Know This Already?” 693
Foundation Topics 695
Networking Services and Connectivity Costs 695
Elastic Load Balancing Deployments 695
NAT Devices 696
AWS CloudFront 698
VPC Endpoints 701
Network Services from On-Premises Locations 703
Data Transfer Costs 706
Accessing AWS Services in the Same Region 707
Workload Components in the Same Region 709
Accessing AWS Services in Different Regions 710
Data Transfer at Edge Locations 713
Network Data Transfer 714
Public Versus Private Traffic Charges 714
Data Transfer Costs Cheat Sheet 716
Exam Preparation Tasks 717
Review All Key Topics 717
Define Key Terms 718
Q&A 718
Chapter 16 Final Preparation 721
Exam Information 721
Tips for Getting Ready for the Exam 724
Scheduling Your Exam 725
Tools for Final Preparation 726
Pearson Test Prep Practice Test Software and Questions on the Website 727
Updating Your Exams 729
Chapter-Ending Review Tools 730
Suggested Plan for Final Review/Study 730
Summary 731
Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 733
Appendix B AWS Certified Solutions Architect – Associate (SAA-C03) Cert Guide Exam Updates 749
Glossary of Key Terms 751
Online Elements:
Appendix C Study Planner
Glossary of Key Terms
9780137941582 TOC 4/6/2023