SAA Prep Workshop

Question Distribution

1. Designing resilient architectures

2. Defining solutions that meet performance criteria

3. Specifying secure applications and architectures

4. Designing cost-optimized architectures

5. Defining operationally excellent architectures

Overview

EC2 Instance Store

• Temporary supported volume

• Only specific EC2 instances

• Fixed capacity

• Disk type and capacity determined by EC2 instance type

• Application-level durability

• Fast I/O

Elastic Block Store (EBS)

• Various types

• Encryption

• Snapshots

• Provisioned capacity

• Independent lifecycle from EC2 instances

• Multiple volumes can be striped to create large volumes

image-20200309134828549

Answer: B

Amazon S3

• Object Storage

• Consistency

• Storage classes and durability - Standard, Standard-IA

• Encryption

  • Data at rest

  • Data in transit

• Versioning

• Access control

• Multi-part upload

• Internet / API access available

• Virtually unlimited capacity

• Regional availability

• Exceptional durability - 99.999999999% (nine elevens)

Amazon Glacier

• Data backup and archive storage

• Retrieval

• Encryption

• Regional availability

Decoupling from Component State

image-20200309135329574

• Load Balancer or SQS improves message delivery rate

Decoupling for Scalability

image-20200309135522472

Decoupling from Component ID

image-20200309135708110

image-20200309135953183

Answer: B, D

Fault Tolerance

: Everything can fail -> Preparation is needed!

image-20200309140033872

image-20200309140344479

Answer: C

• High availability requires multiple availability zones!

  • If single availability zone is mentioned, it's not the answer

• High availability doesn't need SLA (Service Level Agreement)

  • SLA: A service-level agreement (SLA) defines the level of service you expect from a vendor

image-20200309140439634

Answer: D

• Fault tolerance must have SLA

CloudFormation

• Declarative language for deploying AWS services

image-20200309140534063

image-20200309140757315

Answer: B

AWS Lambda

• Fully managed compute service that runs stateless code (Node.js, Python, etc.) in response to events or time-based intervals

• Can run code without managing infrastructure like Amazon EC2 instances and Auto Scaling groups

image-20200309141006364

Answer: C

image-20200309141202930

Answer: B

• RTO (Recovery Time Objective): Minimum time for disaster recovery

• RPO (Recovery Point Objective): Target recovery point

image-20200309141335170

Designing High-Performance Architecture

1. Design high-performance storage and databases

2. Improve performance by applying caching

3. Design solutions with elasticity and scalability - Auto Scaling, CloudWatch

image-20200309142239841

• Hard disks are not just low performance!

  • Optimized for throughput

• If SSD for general purpose => General Purpose

• If need fast per-volume max throughput/random data access => Provisioned IOPS

AWS S3 Bucket

image-20200309142747237

Amazon S3: Billing Model

image-20200309142831070

Amazon S3: Storage Classes

image-20200309143130329

• Data that needs to be stored long-term should be stored in Infrequent Access

S3 Lifecycle Policy

: Amazon S3 lifecycle policies allow you to change storage class/delete objects based on period after creation

image-20200309143358722

image-20200309143504975

Answer: D

• You can copy to multiple regions using cross-region replication

image-20200309143709015

Answer: A, C

When to Use Amazon RDS

image-20200309143810190

RDS Read Replicas

: Replicas for SELECT queries only

image-20200309144129531

DynamoDB: Provisioned Throughput Capacity

AWS's representative NoSQL

image-20200309144250727

Caching in CloudFront

image-20200309144742870

Comparison of Memcached and Redis

image-20200309144934818

image-20200309145317660

AWS CloudFront

image-20200309145420860

Scalable Design

image-20200309145459007

Auto Scaling

image-20200309145612245

CloudWatch Alarms that Trigger Auto Scaling

image-20200309145744500

image-20200309145821604

image-20200309145940096

Auto Scaling Components

image-20200309150011191

Traffic Distribution by Elastic Load Balancing (ELB)

image-20200309150747880

Answer: C

image-20200309151127936

Answer: B, E, F

image-20200309151309160

Answer: B, D

image-20200309151343847

AWS IAM

image-20200309152454364

Credentials Used in AWS

image-20200309152540848

image-20200309152900595

Answer: A, C, E

Computing/Network Architecture

image-20200309152949240

Virtual Private Cloud (VPC)

image-20200309153030216

How to Use Subnets

image-20200309153120772

Comparison of Security Groups and Network ACLs

image-20200309153402116

Security Groups

: Use security groups to control traffic sent to and from resources

image-20200309153602501

VPC Connections

image-20200309153745540

Outbound Traffic for Private Instances

ex 1)

image-20200309153856056

ex 2)

image-20200309153943668

• NAT Gateway is better for performance scalability

image-20200309154239509

Answer: A, C, E

• Option E is optional because Network ACLs always allow inbound access on port 80 unless separately modified...

  • But it's not wrong, so it's an answer!

Data at Rest

Data stored in S3 is private by default and requires AWS credentials to access

image-20200309154502649

image-20200309154523626

Key Management

image-20200309154613320

image-20200309154826811

image-20200309155010053

Answer: B, D, E

image-20200309155222445

Answer: B

image-20200309155306646

• Root user is the last resort

  • Creating access keys and security keys as root user is absolutely forbidden!

• Having applications perform role-based permissions through roles is good for security

Amazon EC2 Pricing

image-20200309160427703

• Elastic IP addresses : No cost when in use, but costs are incurred when holding onto IP addresses without using them

  • About $3 per IP address per month

EC2 Pricing Factors

• Instance family

• Tenancy

• Pricing options

EC2: Ways to Save Costs

image-20200309160800242

image-20200309161137491

Amazon EBS Pricing

image-20200309161333929

image-20200309161511103

Answer: A

image-20200309161549562

Caching Through CloudFront

image-20200309161734120

image-20200309161805190

Defining Operationally Excellent Architecture

image-20200309162004529

AWS Services Supporting Operational Excellence

image-20200309162236340

• AWS CloudTrail : Records who issued what commands when at the AWS API level

image-20200309162620668

Answer: C

image-20200309162909909

Answer: B

image-20200309162947164

Summary

image-20200309163259775

image-20200309163436032

Q&A

Question: So in the exam, should I assume that users preserve EBS volumes by default?

Answer: If there's a statement that "EBS volumes are deleted when EC2 terminates", it would be false. More precisely, currently when creating EC2 and allocating EBS, the root volume is set to be deleted by default, while volumes other than the root volume are set not to be deleted by default (you can specify this directly in this process).

Question: What is MFA?

Answer: It refers to multi-factor authentication. For example, when logging in, you use additional authentication like OTP in addition to passwords. AWS also enables MFA for double security. You can use soft tokens like Authy or physical tokens like Yubico.

Question: When is it appropriate to use NAT instance? Compared to NAT Gateway?

Answer: NAT Gateway has limitations such as not providing features like port forwarding. When customers need to directly control features that NAT Gateway doesn't provide, there may be a need to directly configure and use NAT instances. Or it could be used to configure custom security elements. NAT Gateway is a managed service provided by AWS with built-in scalability and durability, making it easy to configure and use.

Question: Are EC2 instance storage and EBS different?

Answer: Yes, instance storage is storage built into the host with volatile characteristics. Instance storage is provided or not provided depending on the instance type. The provided capacity is also determined by the instance type. Volatile means that data is not preserved when the instance is stopped and restarted. Despite this characteristic, it has the advantage of superior performance compared to EBS which is mounted and used through the network. In contrast, EBS can store data permanently.