Understand the structural components of AWS Cloud. Regions are countries or one part of a country where AWS has their physical data centers. The data centers themselves are the Availability Zones. Local Zones are limited service datacenters set up in areas with high demand for local availability of AWS services. Edge locations are part of a global content delivery network, making content available near to the consumer. Outposts are AWS private cloud setups for businesses at their own premises.
EC2 is Virtual Machine hosting option in AWS. ECS is for Containers, EKS is Kubernetes on AWS and Elastic Beanstalk is kind of a PaaS solution to host application codes for the platforms supported by it.
There are three types of storage in a typical datacenter, SAN, NAS and SMB. AWS has each type available as a service. SAN equivalent is EBS, NAS equivalent is EFS, and SMB equivalent is FSx. On top of it, AWS has the new age storage type called Object Storage in form of S3.
AWS storage can be presented to on-prem servers on familiar interfaces of file storage, block storage and Virtual Tape Library. The software system making this possible are called the storage gateways for File, Block and Tape respectively.
Creating your own network architecture in AWS is done using VPCs. Subnets allow one to define custom network IP ranges on AWS. VPN setups allow one to connect on-prem subnets with VPC subnets. Bastion Hosts allow remote users to login into a public instance having access to private network on AWS. VPC peering allows services within separate VPCs to be connected. VPC endpoints & PrivateLink allow components hosted inside VPC to connect to external services without going over the internet.
Public VM to access Private Network used to be called as NAT Instances. AWS then started providing a similar service called NAT gateway. For public network instances to connect to internet, Internet Gateway is added into the network. Transit Gatway helps in multiple VPC’s to be connected together
Instance level firewall is implemented as Security Groups whereas Network level firewall is implemented as Network Access Control Lists (NACL).
While normally, an instance loses a public IP if the instance is stopped and started subsequently, having an Elastic IP ensures that the instance continues to have the same public IP even after a stop/start. ENI is the virtual network interface on an instance, while ENA is the high speed version of it. EFA is an alternative to ENA, built for High Performance Computing (HPC).
Route 53 is AWS’s DNS service. CloudFront is AWS’s Content Delivery Network. Global Accelerator is AWS’s WAN being available to users to leverage than to connect to AWS services over internet. Direct Connect allows corporate network to be connected to a nearby Data Center which in turn is connected to AWS over WAN.
Application load balancer works on OSI Layer 7, Network Load Balancer works on OSI Layer 4. Classic Load Balancer works on both Layer 7 and Layer 4, but is considered to be predecessor of ALB, NLB. Gateway LB works at Layer 3 for AWS hosted virtual appliances. Autoscaling can be implemented with load balancers.
AWS provides managed database services where installing and maintaining database is taken care of by AWS while customer gets to use it. RDS provides traditional databases in this managed service. Aurora provides high performance custom databases compatible to PostGreSQL and MySQL. And redshift provides data warehousing capabilities.
AWS has NoSQL databases for unstructured data. DynamoDB is the high performance native NoSQL DB of AWS. DocumentDB is custom but mongodb compatible NoSQL DB service from AWS.
Some databases run in memory for better performance
Identity, Authentication and Authorization management
Security services for perimeter protection
Services that help one in tracking, audition, troubleshooting security issues
How to design HA/FT/DR in AWS
How to choose right services for performance oriented designs
How to implement security controls in AWS
How to design architecture as per AWS Cost Optimization Best Practices
Attempt a Mock Exam to prepare for actual certification
Sign up for trial
Trial access to LMS with self-paced videos, past class videos and study material