AWS Certified Solutions Architect –

Associate

Agend
a What is
What is Cloud Why
Cloud? Computi Cloud?
ng

Benefit
Cloud
s of
Models
Cloud

1
 AWS Certified Solutions Architect –
Associate

What is
Cloud?
 The term Cloud refers to a Network or Internet. Cloud is something
which is present on remote location and is accessible only through the
internet.

2
AWS Certified Solutions Architect –
Associate
Cloud
Internet

3
 AWS Certified Solutions Architect –
Associate

What is Cloud
Computing?
 Cloud Computing means storing and accessing data and programs over
the internet instead of your computer’s hardware. Cloud can provide
services over network i.e. on public network or on private network.

 With Cloud Computing, users can access Cloud resources from

anywhere in the world, you just need to have an internet connection.

 You can create, configure and customize applications online.

4
AWS Certified Solutions Architect –
CloudAssociate
Computing
Internet

5
6
 AWS Certified Solutions Architect –
Associate
Why Cloud Technology is
booming?
Traditional Datacentre

Space  Datacentre Deployment

H/W  HP, Dell, Sun etc
S/W  OS (Linux, Wintel)
OS  Licensing
Messaging  Mail Server
Database  MySQL, MariaDB etc
Application  Work press
Power Supply  Electricity
A.C.  To maintain the temperature
Switches  For Networking
Cabling  For Connectivity
Skill Set  To maintain the IT
Infrastructure

7
 AWS Certified Solutions Architect –
Associate

Models of Cloud
Computing
 There are certain services and models working behind and making the
Cloud Computing feasible and accessible to Cloud users.

 Deployment Models
 Service Models

8
 AWS Certified Solutions Architect –
Associate

Deployment
Models
 Deployment models define how your cloud is configured. It is
categorized into four types as shown below:

 Public
 Private
 Hybrid
 Community

9
 AWS Certified Solutions Architect –
Associate

Deployment
Models
 Public Cloud : All your resources and instances which you have
configured are accessible to public over the internet. It is less secure,
e.g. e-mail.

 Private Cloud : All your resources and services are only accessible to
your organization. It is more secure.

10
 AWS Certified Solutions Architect –
Associate

Deployment
Models
 Community Cloud : Your Instances and services are only accessible to
some group of organizations.

 Hybrid Cloud : It is basically a mixture of private and public cloud

resources.

11
 AWS Certified Solutions Architect –
Associate

Service
Models
 Service models are the reference models on which the cloud is based. It
can be categorized into three basic service models as shown below:

 Infrastructure as a Service (IaaS)

 Platform as a service (PaaS)
 Software as a service (SaaS)

12
AWS Certified Solutions Architect –
Associate

13
 AWS Certified Solutions Architect –
Associate

Service
Models
 Infrastructure as a Service (IaaS) is a form of Cloud Computing that
provides virtualized computing resources over the internet.

 IaaS provides access to fundamental resources such as Physical

Machines, Virtual Machines, Virtual Storages etc.

14
 AWS Certified Solutions Architect –
Associate

Service
Models
 Platform as a Service (PaaS) as the name suggests, it provides you computing
platforms which typically include Operating Systems, Database, Web Server etc.

 For Example, if you are a PHP Developer you don’t need to setup the entire system.

 Amazon Web Services (AWS) Elastic Beanstalk, Oracle Cloud Platform (OCP),Google
App Engine & Microsoft Azure

15
 AWS Certified Solutions Architect –
Associate

Service
Models
 Software as a Service (SaaS) allows to use software applications as a
service to end users.
 SaaS is a software delivery methodology that provides licensed multi
tenant access to software and its functions remotely as a web based
service.
 Example – Web-based Email, where you can send and receive email
without installing any software.

16
 AWS Certified Solutions Architect –
Associate

Benefits of
Cloud
 Pay per usage.
 No Hardware maintenance.
 No upfront fees.
 No Space required for deploying datacenters.
 No power electricity required.
 Flexibility
 Elasticity
 No need to worry about Licensing.
 Agility

17
 AWS Certified Solutions Architect –
Associate
AWS Free Tier
Account
 AWS Free Tier enables you to gain free, hands-on experience with the AWS
platform, products, and services.

 Amazon AWS offers 12 months free products and services.

 It will require Credit/Debit Card while doing signup in AWS Account.

 https://portal.aws.amazon.com/billing/signup

18
 AWS Certified Solutions Architect –
Associate
AWS Free Tier
Services
 Amazon EC2 - 750 Hours per month
 Amazon EBS - 30GB per month
 Amazon EFS – 5 GB per month
 Amazon RDS – 750 Hours per month
 Amazon S3 – 5GB of Standard Storage
 Amazon ELB – 750 Hours per month
 Amazon Directory Service – 1 month Free Service
 1 Elastic IP Free
 https://aws.amazon.com/free

19
 AWS Certified Solutions Architect –
Associate
AWS
Regions
 Amazon cloud computing resources are hosted in multiple locations world-
wide. These locations are composed of AWS Regions and Availability Zones.

 Each AWS Region is a separate geographic area. Each AWS Region has
multiple, isolated locations known as Availability Zones.

 Amazon RDS provides you the ability to place resources, such as instances, and data in
multiple locations. Resources aren't replicated across AWS Regions unless you do so
specifically.

20
 AWS Certified Solutions Architect –
Associate
Region and Availability Zone
Concepts
 Each Region is completely independent. Each Availability Zone is isolated, but the
Availability Zones in a Region are connected through low-latency links. The
following diagram illustrates the relationship between Regions and Availability
Zones.

21
 AWS Certified Solutions Architect –
Associate
Availability
 When youZones
launch an instance, you can select an Availability Zone or let
us choose one for you. If you distribute your instances across multiple
Availability Zones and one instance fails, you can design your
application so that an instance in another Availability Zone can handle
requests.

22
 AWS Certified Solutions Architect –
Associate
Region and Availability Zone
Concepts

23
24
 AWS Certified Solutions Architect –
Associate
Elastic Compute Cloud - EC2
 What is EC2?

 Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing

capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates
your need to invest in hardware up front, so you can develop and deploy
applications faster. You can use Amazon EC2 to launch as many or as few virtual
servers as you need, configure security and networking, and manage storage.

25
 AWS Certified Solutions Architect –
Associate
EC2 Pricing Models

• On-Demand
• Spot instances
• Reserved Instances
• Dedicated Hosts

26
 AWS Certified Solutions Architect –
Associate
EC2 Pricing Models
 On-Demand

 With On-Demand instances, you pay for compute capacity by per hour or per
second depending on which instances you run.

• On-Demand instances are recommended for:

 Users that prefer the low cost and flexibility of Amazon EC2 without any up-front
payment or long-term commitment
 Applications being developed or tested on Amazon EC2 for the first time

27
 AWS Certified Solutions Architect –
Associate
EC2 Pricing Models
 Spot instances

 Amazon EC2 Spot instances allow you to request spare Amazon EC2 computing
capacity for up to 90% off the On-Demand price.

• Spot instances are recommended for:

 Applications that have flexible start and end times

 Applications that are only feasible at very low compute prices

28
 AWS Certified Solutions Architect –
Associate
EC2 Pricing Models
 Reserved Instances

 Reserved Instances provide you with a significant discount (up to 75%)

compared to On-Demand instance pricing. In addition, when Reserved Instances
are assigned to a specific Availability Zone, they provide a capacity reservation,
giving you additional confidence in your ability to launch instances when you
need them.

29
 AWS Certified Solutions Architect –
Associate
EC2 Pricing Models
 Reserved Instances

• Reserved Instances are recommended for:

 Applications with steady state usage

 Applications that may require reserved capacity
 Customers that can commit to using EC2 over a 1- or 3-year term to reduce their
total computing costs

30
 AWS Certified Solutions Architect –
Associate
EC2 Pricing Models
 Dedicated Hosts

• A Dedicated Host is a physical EC2 server dedicated for your use. Dedicated
Hosts can help you reduce costs by allowing you to use your existing server-
bound software licenses, including Windows Server, SQL Server, and SUSE Linux
Enterprise Server (subject to your license terms), and can also help you meet
compliance requirements.

 Can be purchased On-Demand (hourly).

 Can be purchased as a Reservation for up to 70% off the On-Demand price.

31
 AWS Certified Solutions Architect –
Associate
Exam Tips
 Termination Protection is turned off by default, you can turn it on to protect
against accidental termination.

 When you terminate an instance, by default its root EBS volume will also delete.

 EBS Root Volumes can’t be encrypted, you can use some third-party software to
encrypt the root volume like bit locker etc. but additional volumes can be
encrypted.

32
 AWS Certified Solutions Architect –
Associate
Exam Tips
 By Default, all inbound traffic is blocked.

 All Outbound traffic is allowed.

 Changes to security group take effect immediately.

 You can attach multiple security groups to an EC2 Instance and one SG can be
assigned to multiple Instances as well.

33
 AWS Certified Solutions Architect –
Associate
Exam Tips
 Security Groups are STATEFUL.

 Inbound rules are automatically allowing the back out again.

 You can’t block specific IP addresses using SG, instead use Network Access
Control Lists.

 You can specify allow rules but not deny rules, By default SG deny everything.

34
 AWS Certified Solutions Architect –
Associate
EBS
 Amazon EBS is like a hard drive in the cloud that provides persistent block
storage volumes for use with Amazon EC2 instances.

 These volumes can be attached to your EC2 instances and allow you to create a
file system on top of these volumes, run a database, server or use them in any
other way you would use a block device.

What is a block storage volume?

 A block storage volume works similarly to a hard drive. You can store any type of
files on it or even install a whole Operating System on it.

35
 AWS Certified Solutions Architect –
Associate
EBS
EBS Volume Types

 1. General Purpose SSD (gp2)

 2. Provisioned IOPS SSD (io1)

 3. Throughput Optimized HDD (st1)

 4. Cold HDD (sc1)

 5. Magnetic (standard)

36
 AWS Certified Solutions Architect –
Associate
EBS
EBS Volume Types

 1. General Purpose SSD (gp2)

• This is the volume that EC2 chooses by default as the root volume of your instance. It
provides a balance of both price and performance, SSD stands for Solid State Drive
which is multiple times faster than HDD (Hard Disk Drive) for small input/output
operations.

• Use Cases – Root Volumes

• Volume Size – 1 GiB – 16 TiB

37
 AWS Certified Solutions Architect –
Associate
EBS
EBS Volume Types

 2. Provisioned IOPS SSD (io1)

• This is the fastest and most expensive EBS volume. They are designed for I/O intensive
applications.

• Use Cases – Databases

• Volume Size – 4 GiB – 16 TiB

38
 AWS Certified Solutions Architect –
Associate
EBS
EBS Volume Types

 3. Throughput Optimized HDD (st1)

• These are low-cost magnetic storage volumes which define performance in terms of
Throughput.

• These are designed for large, sequential workloads like Big Data, Data warehouses, and
log processing. You will probably use these volumes for your Hadoop cluster.

• Volume Size – 500 GiB – 16 TiB and and cannot be used as root volume for an EC2
instance.

39
 AWS Certified Solutions Architect –
Associate
EBS
EBS Volume Types

 4. Cold HDD (sc1)

• These are even cheaper magnetic storage than Throughput Optimized. They are
designed for large, sequential cold workloads like a file server.

• They are good for infrequently accessed workloads and provide throughput of up to 250
MB/s.

• Volume Size – 500 GiB – 16 TiB and they also cannot be used as root volumes.

40
 AWS Certified Solutions Architect –
Associate
EBS
EBS Volume Types

 5. Magnetic (standard)

• These are previous generation magnetic drives that are suited for workloads where data
is accessed infrequently.

• Their size can be up to 1 TiB and on average they provide a throughput of 100 MB/s.

• Volume Size – 1 GiB – 1 TiB

41
 AWS Certified Solutions Architect –
Associate
Amazon Machine Image
AMI (AMI)
 AWS AMI or Amazon Machine Image (AMI) is a way to launch a virtual machine in the
AWS cloud. In general, to launch a virtual machine we use the standard distribution of
the providers. But what if you want to launch several identical instances of virtual
machines.

 An Amazon Machine Image (AMI) is a special type of virtual appliance that is used to
create a virtual machine within the Amazon Elastic Compute Cloud ("EC2").

42
 AWS Certified Solutions Architect –
Associate
AWS Command Line
 The AWS Command Line Interface (CLI) is for managing your AWS services from a
terminal session on your own client, allowing you to control and configure multiple AWS
services

43
 AWS Certified Solutions Architect –
Associate
Increase the Size of a Root
Volume

44
 AWS Certified Solutions Architect –
Associate
EC2 Instance
Metadata
 Instance Metadata – It is the data that you can use to configure or manage the
instances.

 For Example – IPv4, IPv6 Addresses, Local IP, Public IP, Hostname, DNS, AMI-ID,
Instance-ID, Instance-Type, Security Groups, Keys etc

 To view the metadata, you need to login to the Instance.

 It is not an encrypted data, anyone who has access to the Instance can view that
machine’s Metadata.

45
 AWS Certified Solutions Architect –
Associate
EC2 Instance
Metadata
 To View an EC2 Instance Metadata

• curl http://169.254.169.254/latest/meta-data

• get http://169.254.169.254/latest/meta-data

46
 AWS Certified Solutions Architect –
Associate
EC2 Instance User
Data
 Instance user data is the data supplied by the user at the launch time of a
instance in the form of a script to be executed as a post installation of that
instance.

 User data is limited to 16KB.

 User data is not in an encrypted form, So make sure not to use for sensitive data
like passwords etc.

47
 AWS Certified Solutions Architect –
Associate
VM
Import/Export
 VM Import/Export enables you to easily import virtual machine images from your
existing environment to Amazon EC2 instances and export them back to your on-
premises environment. It supports Windows, Linux VM’s only

 VM Import/Export is available at no additional charge beyond standard usage charges

for Amazon EC2 and Amazon S3.

 You can migrate VMware, Microsoft, Xen Vms to the AWS Cloud and this is called VM
Import.

 You can also export them back to your on-premises environment, this is called VM
Export.

48
AWS Certified Solutions Architect –
Associate

49
 AWS Certified Solutions Architect –
Associate
VM
Import/Export
 Step 1. Shutdown your VM which you want to migrate into AWS EC2.

 Step 2. Select the VM (CentOS-VM), Go to File and Export to OVF.

 Step 3. Create a S3 Bucket and upload the VMWare disk file (.vmdk file).

 Step 4. Select a AMI which includes AWS command line tools (Amazon Linux AMI
2018.03.0 (HVM), SSD Volume Type) and launch a instance.

50
 AWS Certified Solutions Architect –
Associate
VM
Import/Export
 Step 5. Using IAM, Create a user having access type "Programmatic access" and add
permissions Administrator Access.

 Step 6. Login to Linux Instance using Programmatic access.

 Step 7. Create an IAM role named vmimport.

Login to https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-
import.html and follow the steps.

51
 AWS Certified Solutions Architect –
Associate
VM
Import/Export
 Step 8. # Set the metadata,
echo '[
{
"Description": "centosv7",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "'${bucket_name}'",
"S3Key": "'${vm_image_name}'"
}
}]
' > containers.json

52
 AWS Certified Solutions Architect –
Associate
VM
Import/Export
 Step 9. Begin VM Import

aws ec2 import-image --description "centosv7" --disk-containers "file://containers.json"

 Step 10. Check status of VM Import Jobs

aws ec2 describe-import-image-tasks --import-task-ids "import-ami-

XXXXXXXXXXXXXXXXXXXXX"

53
 AWS Certified Solutions Architect –
Associate
Identity Access
 What is IAM? Management
 AWS Identity and Access Management (IAM) is a web service that helps you
securely control access to AWS resources. You use IAM to control who is
authenticated (signed in) and authorized (has permissions) to use resources.

 IAM allows you to manage users and their level of access to the AWS Console.

 It is used to set users, permissions and roles. It allows you to grant access to the
different parts of the aws platform.

54
 AWS Certified Solutions Architect –
Associate
Identity Access
 Features of IAM; Management

 Centralized control of your AWS Account

 Shared Access to your AWS Account

 Granular Access

 Identity federation (including Active Directory, Facebook, Linkedin etc)

 Multi-factor Authentication (MFA)

55
 AWS Certified Solutions Architect –
Associate
Identity Access
Management
 Key Terminology for IAM:

 Users

 Groups

 Policies

 Roles

56
 AWS Certified Solutions Architect –
Associate
Identity Access
Exams Tips Management
 IAM is global, it does not apply to regions.

 When you first setup your AWS Account, the “root account” is created which is having full
access.

 New users have NO Permissions when first created.

 Its recommended to setup MFA Authentication on your root account.

 You can customize your own password rotation policies.

57
 AWS Certified Solutions Architect –
Associate
S3
 Amazon Simple Storage Service is storage for the Internet.

 S3 is a safe place to store your files and it is Object-based Storage.

 Amazon S3 has a simple web services interface that you can use to store and
retrieve any amount of data, at any time, from anywhere on the web.

58
 AWS Certified Solutions Architect –
Associate
S3
 Files can be from 0 bytes to 5 TB with unlimited storage.

 Files are stored in Buckets and Buckets are just like Folders.

 S3 bucket name is universal and must be unique globally.

 https://s3-ap-south-1.amazonaws.com/shikharabcd

59
 AWS Certified Solutions Architect –
Associate
AWS Storage : S3 vs
EBS
 Block Storage

 For Ex- 100 MB and Suppose block size is 1024k

 Object Storage

60
 AWS Certified Solutions Architect –
Associate
AWS Storage : S3 vs
EBS
 For very fast read/write operations then block level storage is the right option.

 If your files are getting mostly read operations and very less write operations,
then Object Storage is preferable.

61
 AWS Certified Solutions Architect –
Associate
AWS Storage : S3 vs
EBS
 S3 to be used for WORK operations (Write once Read many times).

 S3 is preferable where you need to dump the data and rarely write operations
are happening.

 S3 is not suitable for hosting OS or Database.

 EBS works best as server disks.

 Persistent and high performance in terms of read and write (EBS).

62
 AWS Certified Solutions Architect –
Associate
AWS Storage :
EFS
 AWS EFS is a shared, elastic file storage system that grows and shrinks as you
add and remove files.

 EFS is useful for SaaS applications and content management systems. You can
mount EFS onto several EC2 instances at the same time.

63
 AWS Certified Solutions Architect –
Associate
AWS Storage : S3 vs EBS
vs EFS

64
 AWS Certified Solutions Architect –
Associate
AWS Storage : S3 vs EBS
vs EFS

65
 AWS Certified Solutions Architect –
Associate
S3-Security & Encryption
 By default, all newly created buckets are private. You can control the access to
your buckets using:

 Bucket Policies
 Access Control Lists

 S3 buckets can be configured to create access logs which log all requests made
to the S3 bucket.

66
 AWS Certified Solutions Architect –
Associate
S3-Security & Encryption
Encryption

 Server Side is achieved by

• S3 Managed Keys – SSE-S3

• AWS Key Management Service, Managed Keys – SSE-KMS
• Server Side Encryption With Customer Provided Keys – SSE –C

 Client Side Encryption

67
 AWS Certified Solutions Architect –
Associate
S3-Versioning
Versioning

 Versioning is keeping multiple variants of an object in the same bucket.

 Backup Tool.
 You can use versioning to preserve, retrieve, and restore every version of every
object stored in your Amazon S3 bucket.
 Once versioning enabled, it can’t be disabled only suspended.
 It integrated with Lifecycle rules.

68
 AWS Certified Solutions Architect –
Associate
S3 Storage
Classes
S3 Standard

 Amazon S3 Standard is designed for high-usage, “hot” data storage and has the
following features:

 High capacity and low latency.

 Reliability at 99.999999999%
 Availability at 99.99%

69
 AWS Certified Solutions Architect –
Associate
S3 Storage
Classes
S3 Standard

 Standard storage is suitable for the following usage scenarios:

 Website hosting.
 Cloud applications and web-services.
 Mobile games and apps.
 Big data.
 Content distribution.

70
 AWS Certified Solutions Architect –
Associate
S3 Storage
Classes
Amazon S3 Standard Infrequent Access

 Amazon S3 IA is designed for the data which require less frequent access, but
with longer storage time than in case of Standard.

71
 AWS Certified Solutions Architect –
Associate
S3 Storage
Classes
Amazon S3 Standard Infrequent Access

 Amazon S3 IA differs from Standard in the following way:

 Availability at 99.9% level within a year (e.g., the probability of request error is a
little higher than in standard storage).
 You are charged for data retrieval.

 Minimum storage period is 30 days, and the minimum size of the object is 128
KB. The storage is recommended for long storage of files, disaster recovery data,
backup, outdated sync data.

72
 AWS Certified Solutions Architect –
Associate
S3 Storage
Classes
Amazon S3 One Zone - Infrequent Access

 In April 2018, Amazon Web Services has introduced yet another Amazon S3
storage class - Amazon S3 One-Zone Infrequent Access. It is 20% less expensive
than Amazon S3 Standard IA due to lesser availability - 99.5% level within a year.

73
 AWS Certified Solutions Architect –
Associate
S3 Storage
Classes
Amazon S3 Intelligent Tiering

 Amazon S3 Intelligent Tiering is and is not a storage class. If you put objects in
the S3 Intelligent-Tiering storage class, AWS will monitor and move your data on
a per-object level to the proper storage tier. If your object hasn’t been accessed
in 30 days, AWS will move it to the infrequent access storage tier. If the object is
then accessed after being moved to infrequent access, AWS will move it back to
the frequent access storage class for cheaper subsequent accesses.

 Thus, Amazon S3 Intelligent Tiering is a storage class that uses other storage
classes and moves data automatically between them.

74
 AWS Certified Solutions Architect –
Associate
S3 Storage
Classes
Amazon Glacier

 Amazon Glacier is a perfect solution for long storage and archiving of data which
don’t require instant access. The service allows storing large or small volumes of
data at low cost. At the same time, the retrieval process may take several hours.
Amazon Glacier differs from S3 Standard in the following way:

 Extremely low cost.

 Uninterrupted operation is not guaranteed by the Amazon S3 Service Level
Agreement.
 The minimum period of storage is 90 days.

75
 AWS Certified Solutions Architect –
Associate
S3 Storage
Classes
Amazon Glacier Deep Archive

 AWS has introduced Amazon Glacier Deep Archive, a further development of

Amazon Glacier storage. With price for storing 1GB/month starting at $0.00099,
it will be the cheapest storage solution on the market, once released in 2019.

 In Amazon Glacier Deep Archive you won't have an option for an expedited data
retrieval - the fastest retrieval time is up to 12 hours. The longest option - bulk
retrieval - will take up to 48 hours

76
77
AWS Certified Solutions Architect –
Associate

Lifecycle Management and

Glacier

78
 AWS Certified Solutions Architect –
Associate
Cross Region Replication
 Version must be enabled on both the Source & Destination buckets.

 Files in an existing bucket are not replicated automatically.

 All subsequent updated files will be replicated automatically.

 Delete markers are not replicated.

79
 AWS Certified Solutions Architect –
Associate
CloudFront
 What is CloudFront?

 Amazon CloudFront is a content delivery network (CDN) offered by Amazon Web

Services. Content delivery networks provide a globally-distributed network of
proxy servers which cache content, such as web videos or other bulky media,
more locally to consumers, thus improving access speed for downloading the
content.

80
AWS Certified Solutions Architect –
Associate

81
 AWS Certified Solutions Architect –
Associate
CloudFront
 Edge Location – This is the location where content will be cached. This is
separate to an AWS Region/AZ

 Origin – It is the origin of all the files that the CDN will distribute. Like EC2
Instance, S3 Bucket, Route53 etc

 Distribution – It the collection of edge collections which is given to the CDN

82
AWS Certified Solutions Architect –
Associate

83
 AWS Certified Solutions Architect –
Associate
CloudFront
 Two different types of distribution –

 Web Distribution – used for websites.

 RTMP – used for Media streaming.

84
 AWS Certified Solutions Architect –
Associate
CloudFront
 Exam Tips

 Edge Location
 Origin
 Distribution
 Web Distribution
 RTMP
 TTL – Objects are cached for the period of TTL only
 You will be charged, if you clear your cached objects.

85
 AWS Certified Solutions Architect –
Associate
Snowball
 AWS Snowball is a service that accelerates transferring large amounts of data
into and out of AWS using physical storage appliances, bypassing the internet.

 Snowball is a petabyte-scale data transport solution that uses devices designed

to be secure to transfer large amounts of data into and out of the AWS Cloud.

 Transferring data with Snowball is simple, fast, more secure, and can be as little
as one-fifth the cost of transferring data via high-speed Internet.

86
 AWS Certified Solutions Architect –
Associate
Snowball
 Using Snowball addresses common challenges with large-scale data transfers
including high network costs, long transfer times, and security concerns.

 Snowball is protected by AWS Key Management Service (AWS KMS)

which makes your data encrypted and secure.

 Snowball comes in either a 50TB or 80TB size.

87
 AWS Certified Solutions Architect –
Associate
Snowball
Edge
 What is Snowball Edge?

 AWS Snowball Edge is a 100TB data transfer device with on-board storage and
compute capabilities. You can use Snowball Edge to move large amounts of data
into and out of AWS

 The Snowball and the Snowball Edge are two different devices.

88
 AWS Certified Solutions Architect –
Associate
Snowball
 AWS Snowball Use Case Differences

89
 AWS Certified Solutions Architect –
Associate
AWS Route
53
 What is Route 53?

 AWS Route 53 is a domain name system. Domain name system translates

human-readable domain name such as www.amazon.com to machine-readable
IP address such as 50.52.212.90. Amazon Route 53 connects the request of
users to the system running in AWS. This system includes Amazon EC2
instances, Elastic Load Balancing load balancers, or Amazon S3 buckets.
Moreover, it can connect the user infrastructure outside of AWS. Amazon Route
53 is totally compatible with IPv6.

90
AWS Certified Solutions Architect –
Associate

91
 AWS Certified Solutions Architect –
Associate

Routing
Policies
 Simple Routing Policy
 Weighted Routing Policy
 Latency-based Routing Policy
 Failover Routing Policy
 Geolocation Routing Policy
 Geoproximity Routing Policy
 Multivalue Answer Routing Policy

92
 AWS Certified Solutions Architect –
Associate

Routing
Policies
Simple Routing Policy

 Use for a single resource that performs a given function for your
domain, for example, a web server that serves content for the
example.com website.

 You can only have one record with multiple IP Addresses.

93
 AWS Certified Solutions Architect –
Associate

Routing
Policies
 Simple Routing Policy

94
 AWS Certified Solutions Architect –
Associate

Routing
Policies
 Weighted Routing Policy

 You can route traffic to multiple resources in proportions that you

specify.

 For Example, you can set 20% of your traffic to go to ap-south-1b and
80% to some other region.

95
 AWS Certified Solutions Architect –
Associate

Routing
Policies
 Weighted Routing Policy

96
 AWS Certified Solutions Architect –
Associate

Routing
Policies
Latency-based Routing Policy

 Allow you to route your traffic based on the lowest network latency for
your end (i.e. which region will give them the fastest response time).

97
 AWS Certified Solutions Architect –
Associate

Routing
Policies
 Latency-based Routing Policy

98
 AWS Certified Solutions Architect –
Associate

Routing
Policies
Failover Routing Policy

 Failover routing lets you route traffic to a resource when the resource is healthy
or to a different resource when the first resource is unhealthy.

99
 AWS Certified Solutions Architect –
Associate

Routing
Policies
Geolocation Routing Policy

 This policy can be used when you want to route traffic based on the location of
your users.

100
 AWS Certified Solutions Architect –
Associate

Routing
Policies
 Geolocation Routing Policy

101
 AWS Certified Solutions Architect –
Associate

Routing
Policies
Geoproximity Routing Policy

 If you're using Route 53 traffic flow, you can now use geoproximity routing,
which lets you route traffic based on the physical distance between your users
and your resources. You can also route more or less traffic to each resource by
specifying a positive or negative bias.

102
 AWS Certified Solutions Architect –
Associate

Routing
Policies
Geoproximity Routing Policy

 When you create a traffic flow policy, you can specify either an AWS region (if
you're using AWS resources) or the latitude and longitude for each endpoint. For
example, suppose you have EC2 instances in the AWS US East (Ohio) region and
in the US West (Oregon) region. When a user in Los Angeles browses to your
website, geoproximity routing will route the DNS query to the EC2 instances in
the US West (Oregon) region because it's closer geographically. If you want a
larger portion of users in the middle of the United States to be routed to one
region, you can specify a positive bias for that region, a negative bias for the
other region, or both.

103
 AWS Certified Solutions Architect –
Associate

Routing
Policies
Multivalue Answer Routing Policy

 Multivalue answer routing lets you configure Amazon Route 53 to return multiple
values, such as IP addresses for your web servers, in response to DNS queries.
You can specify multiple values for almost any record, but multivalue answer
routing also lets you check the health of each resource, so Route 53 returns only
values for healthy resources.

 This is similar to simple routing policy however it allows you to put health checks
on each record set.

104
 AWS Certified Solutions Architect –
Associate

Exam Tips
DNS Types

 A Records
 NS Records
 SOA Records
 CNAMES
 MX Records
 PTR Records

105
 AWS Certified Solutions Architect –
Associate

Exam Tips
Various Route 53 Routing Polices

 Simple Routing Policy

 Weighted Routing Policy
 Latency-based Routing Policy
 Failover Routing Policy
 Geolocation Routing Policy
 Geoproximity Routing Policy
 Multivalue Answer Routing Policy

106
 AWS Certified Solutions Architect –
Associate

Exam Tips
Health Checks

 Health checks regularly check the health of the corresponding resources, and
Route 53 routes traffic only to the resources that health checks report as healthy.

 You can set health checks on individual records sets.

 You can set SNS notifications to alert you, if a health check is failed.

107
 AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

Balancer
Amazon ELB allows you to make your applications highly
available by using health checks and distributing traffic across
a number of instances.

AWS ELB helps to distribute the application traffic to various

different targets such as EC2 instances. The vacant targets
which are ready to collect the traffic are monitored by Amazon
ELB whether they are healthy or not and the traffic is sent to
the healthy one.

108
AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

Balancer

Website

Single t2-micro Instance

109
AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

Balancer

Website

Single m5-large Instance

110
 AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

Balancer
 It uses health checks to detect which instances are healthy
and directs traffic only across those instances.

111
 AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

Balancer
Types of Elastic Load Balancers

 1. Classic Load Balancer (CLB)

 This is the previous generation load balancer that was used for EC2-classic
instances.It operates on both the request level and the connection level. But it
doesn’t support features like host-based routing or path-based routing.

 Once configured, it distributes the load across all the registered instances
regardless of what is present on the servers. Hence, it can only be used to
distribute traffic to a single URL.

112
 AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

Balancer
 2. Application Load Balancer (ALB)

 This load balancer is specially designed for web applications with HTTP and
HTTPS traffic. There is a networking model called the OSI Model (Open
Systems Interconnection) that is used to explain how computer networks
work. This model has 7 layers and the top layer is the Application Layer.

 This load balancer works at this Application Layer, hence the name. It also
provides advanced routing features such as host-based and path-based
routing and also works with containers and microservices.

113
 AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

Balancer
 2. Application Load Balancer (ALB)

 Host-Based Routing

 Path-Based Routing

114
 AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

 3. Network Load Balancer
Balancer (NLB)

 This load balancer operates at the Network layer of the OSI model, hence the
name.

 Suppose your company’s website is running on four m4-xlarge instances and

you are using an ALB to distribute the traffic among them. Now your company
launched a new product today which got viral and your website starts to get
millions of requests per second. In this case, the ALB may not be able to
handle the sudden spike in traffic. This is where the NLB really shines. It has
the capability to handle a sudden spike in traffic since it works at the
connection level.

115
 AWS Certified Solutions Architect –
Associate

Amazon Elastic Load

Balancer
Path-Based Routing
Main Website

Web Server
01

ALB Blog

Web Server 02

116
 AWS Certified Solutions Architect –
Associate

AWS Auto
Scaling
 AWS Auto Scaling monitors your applications and automatically adjusts
capacity to maintain steady , predictable performance at the lowest
possible cost.

 You can use Auto Scaling to manage Amazon EC2 capacity

automatically, maintain the right number of instances for your
applications, operate a healthy group of instances and scale it
according to your needs.

117
AWS Certified Solutions Architect –
Associate

AWS Auto
Scaling

118
AWS Certified Solutions Architect –
Associate

AWS Auto
Scaling

119
AWS Certified Solutions Architect –
Associate

AWS Auto
Scaling

120
 AWS Certified Solutions Architect –
Associate

VPC
Overview
 What is VPC?

 Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically
isolated section of the AWS Cloud where you can launch AWS resources in a
virtual network that you define. You have complete control over your virtual
networking environment, including selection of your own IP address range,
creation of subnets, and configuration of route tables and network gateways.

121
 AWS Certified Solutions Architect –
VPC with One Private Subnet Associate

10.0.2.8
10.0.2.9
10.0.2.10

SG
Router

Private Subnet – 10.0.2.0/24

Virtual private
Gateway
vpc (myvpc) – 10.0.0.0/16

Region (ap-south-1)

122
 AWS Certified Solutions Architect –
VPC with One Public Subnet Associate

10.0.1.6
Elastic IP : 198.52.101.2 Internet Gateway

SG

Router
Public Subnet – 10.0.1.0/24

Virtual private
Gateway
vpc (myvpc) – 10.0.0.0/16

Region (ap-south-1)

123
 AWS Certified Solutions Architect –
Associate
VPC with Public & Private Subnets

Public Subnet – 10.0.1.0/24

SG
Internet Gateway

Private Subnet – 10.0.2.0/24

Router
SG

Virtual private
Gateway
vpc (myvpc) – 10.0.0.0/16

Region (ap-south-1)

124
 AWS Certified Solutions Architect –
Associate
VPC with Public & Private Subnets

10.0.1.6
Elastic IP : 198.52.101.2

SG
Internet Gateway
Public Subnet – 10.0.1.0/24

Router
SG

Virtual private
Private Subnet – 10.0.2.0/24 Gateway
vpc (myvpc) – 10.0.0.0/16

Region (ap-south-1)

125
VPC with Public & Private Subnets

SG
Internet Gateway

Public Subnet – 10.0.1.0/24

SG

Router
SG

Private Subnet – 10.0.2.0/24

vpc (myvpc) – 10.0.0.0/16

Region (ap-south-1)

126
VPC with Public & Private Subnets

Public Subnet – 10.0.1.0/24

SG
Internet Gateway

Private Subnet – 10.0.2.0/24

Router
SG

Virtual private
Gateway
vpc (myvpc) – 10.0.0.0/16

Region (ap-south-1)

127
 AWS Certified Solutions Architect –
Associate
VPC with Public & Private Subnets

Public Subnet – 10.0.1.0/24

SG
Internet Gateway

Private Subnet – 10.0.2.0/24

Router
SG

Virtual private
Gateway
vpc (myvpc) – 10.0.0.0/16

Region (ap-south-1)

128
 AWS Certified Solutions Architect –
Associate
VPC with Public & Private Subnets

Public Subnet – 10.0.1.0/24

SG
Internet Gateway

Private Subnet – 10.0.2.0/24

Router
SG

Virtual private
Gateway
vpc (myvpc) – 10.0.0.0/16

Region (ap-south-1)

129
 AWS Certified Solutions Architect –
Associate

VPC
 VPCOverview
Flow Logs

 VPC Flow logs is a feature that enables you to capture information about the
IP traffic going on and from network interfaces in your VPC.

 Flow log data is stored using Amazon CloudWatch logs. After you have
created a flow log, you view and retrieve its data in Amazon CloudWatch logs.

130
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual
network that you've defined. A VPC peering connection is a networking connection between
two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6
addresses.

 Instances in either VPC can communicate with each other as if they are within the same
network.

 You can create a VPC peering connection between your own VPCs, or with a VPC in another
AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering
connection).

131
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 A VPC peering connection helps you to facilitate the transfer of data. For example, if you have
more than one AWS account, you can peer the VPCs across those accounts to create a file
sharing network.

 You can also use a VPC peering connection to allow other VPCs to access resources you have in
one of your VPCs.

132
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 A VPC peering connection is a one to one relationship between two VPCs.
 You can create multiple VPC peering connections for each VPC that you own, but transitive
peering relationships are not supported.

133
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 Invalid VPC Peering Connection Configurations
VPC VPC
 Overlapping CIDR Blocks
A B

VPC VPC
A C

134
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 Invalid VPC Peering Connection Configurations
VPC VPC
 Transitive Peering
B C

VPC
A

135
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 Invalid VPC Peering Connection Configurations

 Edge to Edge Routing through a VPN Connection

136
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 Invalid VPC Peering Connection Configurations

 Edge to Edge Routing through a Internet Gateway

137
 AWS Certified Solutions Architect –
Associate

VPC
Lab Peering
Session

138
AWS Certified Solutions Architect –
Associate

139
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 Two VPCs Peered Together

 You have a VPC peering connection (pcx-11112222) between VPC A and VPC B, which are in
the same AWS account, and do not have overlapping CIDR blocks.

140
 AWS Certified Solutions Architect –
Associate

VPC
Peering
 One VPC Peered with Two VPCs

 You have a central VPC (VPC A), and you have a VPC peering connection between VPC A and
VPC B (pcx-12121212), and between VPC A and VPC C (pcx-23232323). The VPCs are in the
same AWS account, and do not have overlapping CIDR blocks.

141
 AWS Certified Solutions Architect –
Associate

Direct
Connect
 AWS Direct Connect permits to create a private network connection from your network to AWS
location.

 AWS Direct Connect bypasses the public Internet and establishes a secure, dedicated
connection from your infrastructure into AWS. AWS Services such as EC2, Amazon VPC,
Amazon S3, DynamoDB can be used with AWS Direct Connect.

 This dedicated connection occurs over a standard 1 GB or 10 GB Ethernet fiber-optic cable

with one end of the cable connected to your router and the other to an AWS Direct Connect
router.

142
 AWS Certified Solutions Architect –
Associate

Direct
Connect
 Features of Direct Connect
 Reduces bandwidth costs − The cost gets reduced in both ways, i.e. it transfers the data to
and from AWS directly. The data transferred over your dedicated connection is charged at
reduced AWS Direct Connect data transfer rate rather than Internet data transfer rates.

 Compatible with all AWS services − AWS Direct Connect is a network service, supports all the
AWS services that are accessible over the Internet, like Amazon S3, Amazon EC2, Amazon VPC,
etc.

 Private connectivity to Amazon VPC − AWS Direct Connect can be used to establish a private
virtual interface from our home-network to Amazon VPC directly with high bandwidth.

143
 AWS Certified Solutions Architect –
Associate

Direct
Connect
 Features of Direct Connect

 Elastic − AWS Direct Connect provides 1 Gbps and 10 Gbps connections, having provision to
make multiple connections as per requirement.

 Easy and simple − Easy to sign up on AWS Direct Connect using the AWS Management
Console. Using this console, all the connections and virtual interfaces can be managed.

144
 AWS Certified Solutions Architect –
Associate

Direct
Connect
 AWS Direct Connect simple pay as-you-go pricing and no minimum commitment means you
pay only for the network ports you use and the data you transfer out of the AWS Region over
the AWS Direct Connect Connection, which can greatly reduce your networking costs.

 https://aws.amazon.com/directconnect/pricing

145
 AWS Certified Solutions Architect –
Associate
Database
 Relationalsdatabase

 A relational database (RDB) is a collective set of multiple data

sets organized by tables, records and columns. RDBs establish
a well-defined relationship between database tables. They
have been in used since 70’s. Database, Table, Rows, Columns
(Field)

 A relational database is a type of database that stores and provides

access to data points that are related to one another.

146
 AWS Certified Solutions Architect –
Associate
Database
 Relationalsdatabase

 A relational database (RDB) is a collective set of multiple data

sets organized by tables, records and columns. RDBs establish
a well-defined relationship between database tables. They
have been in used since 70’s. Database, Table, Rows, Columns
(Field)

 A relational database is a type of database that stores and provides

access to data points that are related to one another.

147
 AWS Certified Solutions Architect –
Associate
Database
 Relationalsdatabase

 A relational database (RDB) is a collective set of multiple data

sets organized by tables, records and columns. RDBs establish
a well-defined relationship between database tables. They
have been in used since 70’s. Database, Table, Rows, Columns
(Field)

 A relational database is a type of database that stores and provides

access to data points that are related to one another.

148
 AWS Certified Solutions Architect –
Associate

Database
 Relationalsdatabase

149
 AWS Certified Solutions Architect –
Associate

Database
s
 Amazon Relational database Service (RDS)

 Amazon Relational Database Service (Amazon RDS) makes it easy to set

up, operate, and scale a relational database in the cloud. It provides
cost-efficient and resizable capacity while automating time-consuming
administration tasks such as hardware provisioning, database setup,
patching and backups.

 RDS is not a database, it’s a service that manages databases.

150
AWS Certified Solutions Architect –
Associate

151
 AWS Certified Solutions Architect –
Associate
Database
 Relationalsdatabase on AWS

 SQL Server
 Oracle
 MySQL Server
 PostgreSQL
 Aurora
 MariaDB

152
 AWS Certified Solutions Architect –
Associate
Database
 Relationalsdatabase key features:

 Multi-AZ – For Disaster Recovery

 Read Replicas – For Performance

153
 AWS Certified Solutions Architect –
Associate
Database
 Multi-AZ –s
For Disaster Recovery

 Amazon RDS provides high availability and failover support for DB

instances using Multi-AZ deployments. Amazon RDS uses several
different technologies to provide failover support. Multi-AZ
deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances
use Amazon's failover technology. SQL Server DB instances use SQL
Server Database Mirroring (DBM).

154
 AWS Certified Solutions Architect –
Associate
Database
 Multi-AZ –s
For Disaster Recovery

155
 AWS Certified Solutions Architect –
Associate
Database
sMulti-AZ deployment:
 Benefits of

 Replication to a standby replica is synchronous which is highly durable.

 When a problem is detected on the primary instance, it will automatically failover to
the standby in the following conditions:

o The primary DB instance fails

o An Availability Zone outage
o The DB instance server type is changed
o The operating system of the DB instance is undergoing software patching.
o A manual failover of the DB instance was initiated using Reboot with failover.

156
 AWS Certified Solutions Architect –
Associate
Database
savailable for the following databases
 Multi-AZ is

 SQL Server
 Oracle
 MySQL Server
 Postgre Server
 MariaDB

157
 AWS Certified Solutions Architect –
Associate
Database
s Replica?
 What is Read

 Read replicas allow you to have a read-only copy of your database.

 When you create a Read Replica, you first specify an existing DB

instance as the source. Then Amazon RDS takes a snapshot of the
source instance and creates a read-only instance from the snapshot.
You can use MySQL native asynchronous replication to keep Read
Replica up-to-date with the changes. The source DB must have
automatic backups enabled for setting up read replica.

158
 AWS Certified Solutions Architect –
Associate

Database
s

159
 AWS Certified Solutions Architect –
Associate

Database
s

160
 AWS Certified Solutions Architect –
Associate
Database
sRead Replica
 Benefits of

 Read Replica helps in decreasing load on the primary DB by serving read-only

traffic.

 A Read Replica can be manually promoted as a standalone database instance.

 You can create Read Replicas within AZ, Cross-AZ or Cross-Region.

 You can have up to five Read Replicas per master, each with own DNS endpoint.
Unlike a Multi-AZ standby replica, you can connect to each Read Replica and use
them for read scaling.

161
 AWS Certified Solutions Architect –
Associate
Database
s are available for the following databases
 Read Replicas

 MySQL Server
 Oracle
 Aurora
 Postgre Server
 MariaDB

162
 AWS Certified Solutions Architect –
Associate
AWS Lambda
 AWS Lambda is a compute service where you can upload your code and create a
lambda function.

 AWS Lambda lets you run the code without provisioning or managing servers.

 AWS is going to take care about operating systems, patching & scaling etc.

 AWS Lambda is a high availability serverless compute service.

 With AWS lambda, you just need to write the code and after that Lambda executes
your code when needed and scale automatically. Requests could be few per day to
thousands per day and all will handled by AWS only

163
 AWS Certified Solutions Architect –
Associate
AWS
Lambda
 You pay only for the compute time you consume and there will be no
charge when your code is not running.

 AWS Lambda Supports following languages

1) Node.js
2) Java
3) C#
4) Go
5) Python

164
 AWS Certified Solutions Architect –
Associate
AWS
Lambda
 AWS Lambda is not allowing us to login into compute instances and
customize it as per the requirement. All compute instances are
managing with AWS only.

 AWS Lambda functions can be triggered another lambda functions.

165
AWS Certified Solutions Architect –
Associate

166
 AWS Certified Solutions Architect –
Associate
AWS
Lambda
 AWS Lambda – Trigger

167
AWS Certified Solutions Architect –
Associate

168
 AWS Certified Solutions Architect –
Associate
AWS Lambda – Building
Blocks
 Lambda Function – It is compromised of your custom code.

 Event Source – An AWS Service, such as an Amazon S3, SNS or a custom

service that triggers your functions and executes its logic.

 Downstream resources – An AWS Service, such as DynamoDB tables or

Amazon S3 bucket that your lambda function calls once it is triggered.

 Log Stream – Lambda automatically monitors your functions invocations

and report metrics to cloudwatch.

169
 AWS Certified Solutions Architect –
Associate
AWS Lambda – Function
 You can specify the Configurations
amount of memory that you want to allocate to
your lambda function.

 Range of memory – 128MB to 3008MB and you can increase the memory
of your function but it increments in a chunk of 64 MB.

 You can specify a timeout to avoid your lambda functions to run

indefinitely. So when specified timeout reached, AWS Lambda service
terminates your lambda function.

 Maximum execution time of function is 300 Seconds and default is 3

seconds.

170
 AWS Certified Solutions Architect –
Associate
AWS Lambda –
Pricing
 Number of Requests – First 1 million requests are free and thereafter,
$0.20 per 1 million requests.

 Duration – Duration is calculated from the time your code begins

executing. The price depends upon the memory you allocated to your
function.

171
 AWS Certified Solutions Architect –
Associate
AWS Lambda – Supported Event
Sources

172
 AWS Certified Solutions Architect –
Associate
AWS
DynamoDB
 Amazon DynamoDB is a fast and flexible NoSql database service for all
applications that need consistent, single-digit millisecond latency at
any scale.

 It is a fully managed database that supports both document (JSON) and

key-value (alpha-numeric) data models.

 DynamoDB is extremely fast and delivers predictable performance with

seamless scalability.

 Use Cases: Mobile Apps, Web Apps, Ad-tech Apps, Gaming Apps, IoT.

173
 AWS Certified Solutions Architect –
Associate
DynamoDB -
Tables
 Amazon DynamoDB tables are schemaless, which means that neither
the attribute nor their data types need to be predefined beforehand.

174
 AWS Certified Solutions Architect –
Associate
DynamoDB – Durability &
 Amazon DynamoDB Performance
automatically replicates data across 3
geographically distinct data centers.

 It also partitions your DB over sufficient number of servers according to

your read/write capacity.

 Performs automatically failover in case of any failure.

 DynamoDB runs exclusively on SSD volumes which provides Low

latency, Predictable Performance, High I/O

175
 AWS Certified Solutions Architect –
Associate
DynamoDB – Durability &
Performance
 Eventually Consistent Reads (Default)

 Consistency across all copies of data is usually reached within a

second. Repeating a read after a short time should return the updated
data. (Best performance)

 Strongly Consistent Reads

 A strong consistent read returns a result that reflects all writes that
received a successful response prior to the read.

176
 AWS Certified Solutions Architect –
Associate
Redshift – Data Warehouse
Solution
 Amazon Redshift is a fast and powerful, fully managed,
petabyte-scale data warehouse service in the cloud.

 Customer can start small for just $0.25 per hour with no commitments
or upfront costs and scale to a petabyte or more for $1000 per terabyte
per year, less than a tenth of most other data warehousing solutions.

177
 AWS Certified Solutions Architect –
Associate
Redshift –
OLAP
 OLAP Transaction

178
 AWS Certified Solutions Architect –
Associate
Redshift –
Configuration
 No upfront commitment, you can start small and grow as
required.

 Single Node (160GB)

- You can start with a single, 160 GB, Redshift data warehouse.
 Multi-Node
- For a multi-node deployment (cluster), you need a leader node and
compute node.
- You can have up to 128 Compute Nodes in a cluster.

179
 AWS Certified Solutions Architect –
Associate
Redshift –
Performance
 Columnar Data Storage
- Amazon Redshift organizes the data by column, instead of storing
data as series of rows.

 Advanced Compression
- Columnar data stores can be compressed much more than raw-based
data stores

180
 AWS Certified Solutions Architect –
Associate
Redshift –
Performance
 Massively parallel processing (MPP)
- Amazon Redshift automatically distributes data and query load across
all nodes. Amazon Redshift makes it easy to add nodes to your data
warehouse and enables you to maintain fast query performance as your
data warehouse grows.

181
 AWS Certified Solutions Architect –
Associate
Redshift –
Security
 Encrypted in transit using SSL.

 Encrypted at rest using AES-256 encryption.

 By default, Redshift take care of key management.

 Manage your own key your HSM.

 AWS Key Management Service.

182
 AWS Certified Solutions Architect –
Associate
Redshift – Backup
Retention
 Amazon Redshift automatically patches and backup (snapshots) your
data warehouse, storing the backups for a user-defined Retention
period.

 By default, it keeps the data for 1 day (24 hours) but you can configure
it for 0-35 days.

 Automatic backup are stopped, if you choose the retention period 0.

183
 AWS Certified Solutions Architect –
Associate
Redshift –
 AmazonRestore
Redshift currently supports only one AZ (No Multi-AZ).

 You can restore from your backup to a new Redshift cluster in the same
or different AZ.

184
 AWS Certified Solutions Architect –
Associate
Redshift –
 Metrics Monitoring
for compute utilization, storage utilization and read/write traffic
to your Amazon Redshift data warehouse cluster and are available free
of charge via AWS CloudWatch.

185
 AWS Certified Solutions Architect –
Associate
Elasticac
he
 Amazon Elasticache is a web service that makes it easy to deploy,
operate, and scale an in-memory data store or cache in the cloud. The
service improves the performance of web applications by allowing you
to retrieve information from fast, managed, in-memory data stores,
instead of relying entirely on slower disk-based databases.

186
 AWS Certified Solutions Architect –
Associate
Elasticac
he

187
 AWS Certified Solutions Architect –
Associate
Elasticac
he
 The primary purpose of an in-memory key-value store is to provide
ultra-fast (sub-millisecond latency) and inexpensive access to
copies of data.

 It is an AWS fully managed web service.

 It improves the performance of web applications by allowing for the

retrieval of information from a fast, managed, in-memory system
(Instead of reading if from the DB Itself).

188
 AWS Certified Solutions Architect –
Associate
Elasticac
p
he
 It Supports two Caching Engines:

- Memcached ( Its not a data store, only cache)

- Redis ( It is fast NoSQL - can be used as database )

189
 AWS Certified Solutions Architect –
Associate
Elasticache -
Memcached
 Memcached is not persistent.

 It can’t be used for data store.

 It is ideally used as front-end for data stores (RDS, DynamoDB).

190
 AWS Certified Solutions Architect –
Associate
Elasticache -
Redis
 Redis is persistent.

 It can be used as a data store.

 Use cases
- Web
- Mobile Apps
- Gaming App
- Iot

191
AWS Certified Solutions Architect –
Associate

192
 AWS Certified Solutions Architect –
Associate
CloudFormati
on
 AWS CloudFormation is a service that helps you model and set up your Amazon Web Services
resources so that you can spend less time managing those resources and more time focusing
on your applications that run in AWS.

 You create a template that describes all the AWS resources that you want (like Amazon EC2
instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning
and configuring those resources for you.

 CloudFormation is a service that allows you to manage, configure and provision your AWS
infrastructure as a code.

 It supports YAML, JSON

193
 AWS Certified Solutions Architect –
Associate
Benefits of
CloudFormation
 Simplify Infrastructure Management.

 It takes less time and efforts compare with configuring the resources manually.

 It is free to use, only you have to pay for the resources usages like EC2, RDS etc.

 Quickly replicate your infrastructure.

 With Rollback option, you can rollback your entire resources if it is not created properly.

 All your resources will be deleted, if we delete the stack.

194
AWS Certified Solutions Architect –
Associate
Why AWS
CloudFormation?

195
 AWS Certified Solutions Architect –
Associate
How Does AWS CloudFormation
Works?

196
 AWS Certified Solutions Architect –
Associate
How Does AWS CloudFormation
Works?

197
 AWS Certified Solutions Architect –
Associate
Stac
k
 A Stack is a collection of AWS resources that you can manage as a single unit.

 All the resources in a stack are defined by the AWS CloudFormation template.

 A stack can be created to run a web application, such as web server, a database server etc

 All your resources will be deleted, if we delete the stack.

 With Rollback option, you can rollback your entire resources if it is not created properly.

198
 AWS Certified Solutions Architect –
Associate
Templat
e
 A template is a JSON or YAML file that contains configuration information about the AWS
resources you want to include in the stack.

199
 AWS Certified Solutions Architect –
Associate
CloudFormation
Designer
 You can use AWS CloudFormation Designer, to create your AWS templates.

 AWS CloudFormation Designer is a tool for visually creating and modifying

templates.

200
 AWS Certified Solutions Architect –
Associate
CloudFormation -
LAB

https://docs.aws.amazon.com/AWSCloudFormation/latest/
UserGuide/aws-template-resource-type-ref.html

201
 AWS Certified Solutions Architect –
Associate
Simple Notification Service
(SNS)
 Amazon Simple Notification Service (SNS) is a web service that makes it easy to
set up, operate and send notifications from the Cloud. It provides developers
with a highly scalable, flexible and cost-effective capability to push messages
from an application and immediately deliver them to subscribers or other
applications.

 Create a SNS Topic

 Create Subscription
 Update the SNS Policy
 Configure it on your desire AWS Resource like S3, ELB, Autoscaling, EC2 etc
 Verify the SNS.

202
 AWS Certified Solutions Architect –
Associate
Simple Notification Service
(SNS)
 How can I get customized email notifications when my EC2 instance changes
states?

 To receive email notifications when your EC2 instance changes states:

 Create an Amazon Simple Notification Service (Amazon SNS) topic. The SNS
topic will send messages to subscribing endpoints or clients.
 Create an Amazon CloudWatch event using the EC2 Instance State-change
Notification event type.

203
 AWS Certified Solutions Architect –
Associate
Simple Notification Service
(SNS)

204
 AWS Certified Solutions Architect –
Associate
Simple Queue Service
(SQS)
 Amazon SQS is a fast, reliable and fully managed web service that gives you
access to a message queue that can be used to store messages while waiting for
a computer to process them.

 Using SQS, you can send, store, and receive messages between software
components at any volume, without losing messages or requiring other services
to be available.

 A queue is a temporary repository for messages that are waiting to be

processed.

205
AWS Certified Solutions Architect –
Associate

206
 AWS Certified Solutions Architect –
Associate
Simple Queue Service
(SQS)
 There are two types of SQS queues:

 Standard Queues (Default)

 FIFO Queues

207
 AWS Certified Solutions Architect –
Associate
Simple Queue Service
(SQS)
 Standard Queues (Default)

208
 AWS Certified Solutions Architect –
Associate
Simple Queue Service
 FIFO Queues
(SQS)

209
 AWS Certified Solutions Architect –
Associate
Simple Queue Service
 SQS – Key Facts
(SQS)

210
AWS Certified Solutions Architect –
Associate

211
 AWS Certified Solutions Architect –
Associate
Simple Queue Service
 SQS – Key Facts
(SQS)

212
Please subscribe to my channel

https://www.youtube.com/c/
ShikharVerma82

213
Thank You

214
Thank You

215