# AWS-SAA(Solutions Architect Associate)
AWS Certified Solutions Architect Associate Code & Slides | Courses Datacumulus (opens new window)
# 【01】IAM
# IAM Security Tools
- Credentials Report
- Access Advisor
# Summary
# 【02】EC2
# EC2 Spot Instance Requests
# 【03】EC2 – Associate
# Private & Public IP
# Elastic IP
# Placement Groups
# Cluster
# Spread
# Partition
distributed application
# Elastic Network Interfaces(ENI)
# 【04】EC2 Storage
# Elastic Block Store(EBS)
- network drive
- locked to an AZ
- To move a volume across, you first need to snapshot it
- provisioned capacity (size in GBs, and IOPS)
IOPS (Input/Output Operations Per Second),即每秒进行读写(I/O)操作的次数
# EBS Snapshots
# EBS Volume Types
# EBS Multi-Attach
# EBS Encryption
# unencrypted EBS --> encrypted EBS
create a snapshot for the unencrypted EBS
- the snapshot will be unencrypted(any snapshot created for unencrypted EBS will be unencrypted)
copy the unencrypted snapshot to an encrypted snapshot(remember to choose)
use encrypted snapshot to create an EBS
- any EBS created from encrypted snapshot will be encrypted
# Amazon Machine Image(AMI)
- AMI are a customization of an EC2 instance
- AMI are built for a specific region (and can be copied across regions)
# EC2 Instance Store
- If you need a high-performance hardware disk, use EC2 Instance Store
- EC2 Instance Store lose their storage if they’re stopped (ephemeral)
- Backups and Replication are your responsibility
# Elastic File System(EFS)
# Performance
# Storage Classes
# EBS vs EFS
# 【05】Elastic Load Balancer(ELB)
# Health Checks
# Load Balancer Security Groups
# CLB
# ALB
# Hands On
steps:
- create two EC2 instances
- create one ALB
- security group for ALB
- target group(step1: two EC2 instances)
result:
Using the URL provided by ALB can access EC2 instance which is healthy.
more:
Only ALB can access EC2 instances - assign the security group for ALB to the security group' s inbound rules for EC2 instances
# NLB
# Target Groups
# GWLB
# Target Groups
# Sticky Sessions (Session Affinity)
NLB works without cookies
# Cookie Names
# Cross-Zone Load Balancing
# SSL / TLS
# Basics
# Server Name Indication
# ELB - SSL Certificates
# Connection Draining
# 【06】Auto Scaling Group(ASG)
ASG are free
# ASG / ASG with ELB
# Attributes
# Cloud Watch Alarms & Scaling
# Dynamic Scaling Policies
# Predictive Scaling
# recommended metrics
# Scaling Cooldowns
SQL ECTRON
https://sqlectron.github.io/
# 【07】Relational Database Service(RDS)
It’s a managed DB service for DB use SQL as a query language.
# Advantage
# Storage Auto Scaling
# Read Replicas
# read scalability
# use cases
# network cost
# Multi AZ
# Custom
# 【08】Aurora
# High Availability and Read Scaling
# Cluster
# Features
# Replicas - Auto Scaling
# Custom Endpoints
# Serverless
# Multi-Master
# Global Aurora
# Machine Learning
# Cloning
# Backups - RDS & Aurora
# Restore - RDS & Aurora
# Security - RDS & Aurora
# Proxy
# 【09】ElastiCache
# Solution Architecture
# DB Cache
# User Session Store
# Redis vs Memcached
# Security
# Patterns
# Redis Use Case
# 【*】List of Ports
# Important ports:
- FTP: 21
- SSH: 22
- SFTP: 22 (same as SSH)
- HTTP: 80
- HTTPS: 443
# RDS Databases ports:
- PostgreSQL: 5432
- MySQL: 3306
- Oracle RDS: 1521
- MSSQL Server: 1433
- MariaDB: 3306 (same as MySQL)
- Aurora: 5432 (if PostgreSQL compatible) or 3306 (if MySQL compatible)
# 【10】Route 53
# DNS
# Route 53 Introduction
# Records
# Types
# TTL
# Hosted Zones
# Alias
# CNAME vs Alias
# Alias Records Targets
# Health Checks
# an Endpoint
# Calculated
# Private
# Routing Policies
# Simple
# Weighted
# Latency
# Failover
# Geolocation
# Geoproximity
# IP-based
# Multi Value
# Domain Registrar vs DNS Service
# Hands on
sudo yum install -y bind-utils
nslook
dig
1
2
3
2
3
# 【11】Classic Solutions Architecture
# Section Introduction
# Stateless vs Stateful
无状态应用:Stateless Application 是指并不会在会话中保存下次会话中去要的客户端数据。 每一个会话都像首次执行一样,不会依赖之前的数据进行响应。
有状态的应用: Stateful Application 是指会在会话中保存客户端的数据,并在客户端下一次的请求中来使用那些数据。
# Stateless - WhatIsTheTime.Com
# 1 - start
# 2 - vertically
# 3 - horizontally
# 4 - horizontally
# 5 - horizontally - add / remove
# 6 - horizontally - ELB
# 7 - horizontally - ASG
# 8 - multi-AZ
# 9 - reserve
# summary
# Stateful - MyClothes.com
# start
This will cause a problem: user may need to re-login once clients send requests because traffic doesn't go through the same EC2 instance.
# stickiness
# user cookies
# server session
# DB
# read replicas
# lazy loading
# survive disasters
# security groups
# summary
# Stateful - MyWordPress.com
# EDS
# Aurora
# EBS
What if EC2 instances need to share file with each other?
# EFS
# summary
# Instantiating App
# typical architecture
# problems
# 【12】Elastic Beanstalk
# components
# supported platforms
# web server VS worker
# deployment modes
# 【13】S3
Buckets are defined at the region level
# Moving between classes
# Lifecycle Rules
# scenario 1
# scenario 2
# Storage Class Analysis
# Requester Pays
# Event Notifications
# IAM permissions
# EventBridge
# Baseline Performance
# Performance
# Byte-Range Fetches
# S3 Select & Glacier Select
# Batch Operations
# 【14】S3 Security
# Object Encryption
# Server-Side Encryption
# SSE-S3
# SSE-KMS
# Limitation
# SSE-C
# Client-Side Encryption
# Encryption in transit
# Policy - force encryption in transit
# Default vs Bucket Policies
# Cross-Origin Resource Sharing(CORS)
# S3 - CORS
# MFA Delete
# Access Logs
# warning
# Pre-Signed URLs
# Glacier Vault Lock
# Object Lock
# Access Points
# VPC Origin
# Object Lambda
# 【15】Global Infrastructure
# CloudFront
DDoS protection (because worldwide), integration with Shield, AWS Web Application Firewall
# Origins
# S3 as an Origin
# ALB / EC2 as an Origin
# Geo Restriction
# Pricing
# Cache Invalidations
# Unicast IP vs. Anycast IP
# AWS Global Accelerator
# Comparison
# CloudFront vs. S3 Cross Region Replication
# AWS Global Accelerator vs. CloudFront
# 【*】Quiz
# AMI
# ELB
# ASG
# RDS
# Aurora
# Route 53
# Health Checks
# S3
# S3 Select
