"Summary" Overview of AWS's (assistant) architect certification system

Speaker: Huang Tao AWS Advanced Technology lecturer
: MP4 full video download

1. Summary of Churyang

• AWS has a wide range of services and technologies, choosing the right direction for you, rather than learning everything
• AWS has an exceptionally rich learning resource, including videos, free documentation, online labs, community and expert courses (fees apply)
• AWS exams include assistant and expert, and are designed for architects, developers, and OPS
• Assistant Architect exams are designed for: design, implementation deployment, data security, troubleshooting and other 4 aspects of the assessment
• The AWS Architect Exam focuses on 7 "cloud design architectures" such as elasticity, minimum authorization, and so on, familiar with these very helpful questions (just like the liberal arts of the test car, there are rules to follow)
• More hands-on is very helpful to pass the exam, but also the mastery of the magic weapon
• Assistant Architect exam with 6 months of AWS Combat experience recommended for candidates
• Expert architect exam, recommended candidates have 2 years of practical experience

2. Overview of the 2.1 AWS Service list

2.2 need to determine their own positioning and direction

Consists of three dimensions:
-What industry
– (mobile?) Video? Internet? Enterprise? Financial? ）
-Solve what problem
– Mass distribution? Big Data? Hybrid network?
-which services to use
– Virtual Hosting? Virtual networks and security? Hadoop cluster? Data Warehouse?

2.3 The learning method is to race leveling (step-by-step practice, learning side by side)

1. First "watch a self-paced video"
2. Then listen to "online classroom"
3. Theory is almost there, start "hands-on Labs" (15 free Trials)
4. In-depth understanding of the need to "view documents in detail" suggests at least reading from the FAQ, which can be shortened for a long time
5. Take advantage of the "free AWS Package" to take note of your usual understanding and learning
6. And then perform advanced experiments
7. Need to understand the relationship between services, etc., "listen to instructor-led courses", you can high-level understanding of the service content
8. Take the certification exam

2.4 AWS Instructor Course classifications and levels

• People Category: Solutions, developers, system operators
• Course Categories: Entry level, basic level, advanced, special

3. AWS Certified Background Information 3.1 Types of authentication

• Assistant level
  – Assistant Architect
  – Assistant Developer
  – Assistant system administrator
• Expert level
  – Expert Architects
  – Expert development operation and maintenance

Certification has 5, if you want to participate in expert certification must first through the Assistant level certification, wherein the "Expert development operations (DEVOPS)" Certification by any (development or operation) of the assistant level certification can be

3.2 Gain after certification?

• to individual
  – Demonstrate the ability of individuals to design, deploy, and manage highly available, low-cost, secure applications on the AWS platform
  – Be respected and recognized at work or in the community
  – Certification can be placed on your resume with the AWS Certification badge integrated in LinkedIn
• To corporate Employers
  – Recognition of the use of services and tools on AWS
  – Customer acceptance, reducing the risk of AWS project implementation
  – Increase Customer Satisfaction

3.3 Re-authentication Mode

Because AWS services are being updated and therefore re-certified every two years (valid for 2 years), when you re-take the exam, the topic, the time will be less, and the certification fee is lower

3.4 Assistant Architect-certified knowledge areas

Four knowledge domains

1 design: Highly available, high-efficiency, low-fault-tolerant, scalable system
2 Implementation and deployment: Emphasizing deployment operational capabilities
3 Data security: Keep your data safe and secure when you deploy operations
4 Troubleshooting: You can quickly find and resolve problems when the system is having problems

Knowledge Weights
-Design: 60% of topics
-Implementation and Deployment: 10% of topics
-Data security: 20% of topics
-Troubleshooting: 10% of topics

PS: The exam will not be in accordance with the above sequence, the test will not indicate the classification of the exam topics

3.5 Certification Process

1. Need to register online to find a place close to home Examination (Test center)
2. To the scene need to carry ID card, prove oneself
   
   • No phone entry allowed
   • There must be a photo on the document.
3. Signed NDA to ensure that no questions are disclosed
4. Test Center computer Exam (80 minutes, 55 questions)
5. Know the score and whether to pass it immediately after the test (you will not see whether each question is correct)
6. After the passing of the results, certification, etc. will be sent to the email address

3.6 Examination Mechanism

• The Assistant-level exams focus on the mastery of single-service and small-scale portfolio services
• All topics are choice questions (multiple selection or single selection)
• Do not punish the wrong, so stay white meaningless, you can guess a
• 55 Questions
• You can label the subject of uncertainty, you can return to change the answer before you submit

3.7 Topic Examples

1. Single Choice

1. Multi-choice (will tell you how many answers)

1. Summary view answers and Mark (Mark)

4 7 design principles for the AWS Architecture 4.1 loose coupling

• Loose coupling is the foundation of fault-tolerant and automatic expansion of operation and maintenance, and the design should minimize the dependencies between modules, and will not be the obstacle of future application adjustment and development.

Loosely coupled mode conditions

• Do not mark (depend on) specific objects, and dependence on specific object coupling will be very high
  – Using a Load Balancer
  – Domain Name resolution
  – Elastic IP
  – Mates can be found dynamically to facilitate loose coupling and benefit from future expansion of the application
• Do not rely on the correct handling of other modules or timely processing
  – Use asynchronous processing as much as possible instead of synchronizing (SQS can help the user)

4.2 Module error when working with no problem

• Ask a question about a module, what happens to the application?
• In the design, the problem will have an impact on the module, to deal with, to establish automatic recovery

4.3 Achieving resiliency

• In the design, do not assume that the module is normal, always the same
  – can be combined with autoscaling, EIP and AZ for availability zones to meet
• Allow failed reboots of the module
  – No state design is better than state design
  – Use Elb, cloud monitoring to detect "instance" running status
• instances with boot parameters (for automatic configuration)
  – For example: Join user data to tell it what to do when it starts
• When you close an instance, save its configuration and personalization
  – for example, use DYNAMODB to save session information
• Elasticity will not waste money for a resource.

4.4 Security is the whole thing that needs to be considered at every level

• Infrastructure Layer
• Compute/Network Architecture layer
• Data layer
• Application Layer

4.5 Minimum Authorization principle

• Pay only the necessary permissions for the operator to complete the work
• All user actions must be authorized
• Three types of permissions to operate AWS
  – Master Account
  –iam Users
  – Licensing services (mainly developed apps)

5 design: Highly available, high-efficiency, fault-tolerant, scalable system

The goal of this section is to design a highly available, high-efficiency, low-cost, fault-tolerant, scalable system architecture
- High Availability
– Understand the high reliability of the AWS service itself (such as elastic load balancing)-because ELB can be deployed in multiple AZ
– Use these services to reduce the hassle of usability
- high efficiency (low cost)
– Understand your capacity needs and avoid excess distribution
– Take advantage of different pricing strategies, such as: Using Reserved instances
– Use AWS Managed services (such as SNS, SQS) as much as possible
- can be fault tolerant
– Understand the difference between HA and fault tolerance
– if HA is the result, then fault tolerance is an important strategy to ensure HA
–ha stressed that the system does not have problems, and fault tolerance is the system after the problem, try not to affect the business
- Scalability
– Need to know which services of AWS can be expanded on their own, such as SQS, ELB
– Understanding the Auto Scaling Group (AS)

Using the AWS 7 Architecture design principles: loose coupling, achieving resiliency

6 Implementation and Deployment design

This section of the design on the basis of finding the right tool to achieve

• Comparing the first part of "Design", the first chapter focuses on what to use, and the second section discusses how to use
• Major assessment of the AWS Cloud's core service catalog and core services, including:
• Computers and Networks
  –EC2, VPC
• Storage and content distribution
  –S3, Glacier
• Database related Categories
  –rds
• Deploy and manage services
  –cloudformation, CloudWatch, IAM
• Application Services
  –SQS, SNS

7 Data security

The basis for data security is the AWS shared security model model, which must be read
Data security includes 4 levels: infrastructure layer, compute/Network layer, data tier, application layer
-Infrastructure Layer
1. Basic hardware Security
2. Authorized access, process, etc.
-Compute/Network layer
1. Secure Network with VPC (protection, routing, network isolation, easy management)
2. Recognize the security groups and nacls and their differences

• Security groups are a little more than ACLs, and security groups can target other security groups, and ACLs can only be targeted at IP
• Security groups only allow unification, ACLs can be set to deny
• Security group has status! Important (as long as an inbound rule passes, the outbound can also be passed automatically), the ACL has no status (outbound, inbound rules must be specified separately)
• The work of the security group is the network card (instance), the ACL works on the subnet

2. Recognize 4 gateways, and their differences

   • A total of 4 gateways, supporting traffic in and out of the VPC
   • Internet Gatway: Access to the Internet
   • Virtual Private Gateway: responsible for VPN access
   • Direct connect: Responsible for enterprise direct-attached network access
   • VPC Peering: access to peering for VPC

   • Data layer

4. Data transfer Security
   – Security for entering and out of AWS
   AWS * Internal Transport security

   • accessing APIs via HTTPS
   • Link security
     – Access to the Web via SSL
     – VPN access via IP encryption
     – Use Direct Connect
     – Import and export using offline

5. Persist saving of

6. Data
   – Using EBS
   – using S3 access

   • access
     – Using IAM policies
     – Using bucket policy
     – access control columns Table
   • Temporary authorization
     – URL with signature
   • encryption
     – server-side encryption
     – Client encryption

   • application tier
     
     1. Main emphasis is on the shared risk model
     2. multiple types of authentication
     3. to users at the application layer of the security recommendations
        – Select an authentication mechanism (and not to authenticate)
        – with secure passwords and Strong security Policy
        – Protect your OS (such as opening a firewall)
        – Use strong roles to control permissions (RBAC)
     4. Identify the flags in the security that AWS and users share are, what AWS can control, those that can't, and what AWS is responsible for, Otherwise it is the user (for example: security group is responsible for the functionality of AWS-whether it takes effect, but how to use it is the user responsible-open all ports independently of AWS)

AWS can guarantee the	users need to protect the
Tools and Services	Operating system
Physical internal Process security	Application
Physical infrastructure	Security group
Network facilities	Virtualization Facilities
	OS Firewall
	Network rules
	Manage Account

8 Troubleshooting

The types of problems often include:
-Connectivity issues for EC2 instances
-Recover data on an EC2 instance or EBS volume
-Restrictions on service usage

8.1 Connectivity issues for EC2 instances

• There are often multiple reasons why you cannot connect
• An instance of an external VPC to an internal VPC
  – Add issues for gateways (Igw–internet gateways, vpg– virtual private gateways)
  – Routing rule setup issues for corporate network to VPC
  –VPC routing table problems across subnets
  – Issues with elastic IP and public IP
  –NACLS (Network access rules)
  – Security Groups
  –os-Level Firewalls

8.2 Recovering data on an EC2 instance or EBS volume

• Note that EBS or EC2 does not have any strong binding relationships
  –ebs can be detached from the old instance.
  – If necessary, do so as soon as possible
• Mount an EBS volume on a new, healthy instance
• The execution process can be for recovering a boot volume that is not working (boot volume)
  – Detach the root volume
  – Mount to other instances like data
  – Repair Files
  – Re-mount to the original instance to restart

8.3 Limitations on service usage

• AWS has many soft limits
  – for example, when AWS was initialized, each type of EBS instance starts up to 20
• There are also some hard limits such as
  – A maximum of 100 S3 buckets per account
  – ......
• Other services limit the current service
  – for example, a new EC2 instance could not be started because the EBS volume is up to the limit
  –trusted Advisor This tool can give you some restrictions based on service level (from free trial, to commercial trial, and enterprise trial recommendations)
• Common soft limits
  

• The public limit
  – Create up to 20 instances per user, or fewer instance types
  – Up to 5 elastic IPs per region
  – Maximum of 100 security groups per VPC
  – Up to 20 load balancing
  – Up to 20 auto scaling groups
  – 5,000 EBS volumes, 10,000 snapshots, 4w IOPS and a total of 20TB disks
  – ... More, you need to apply.
  
• You don't have to remember the limit
  – Know the limits and keep the sensitivity of the numbers just fine
  – Eliminate soft-limit related issues when you encounter problems in the future

9. The main objectives of the summary 9.1 certification are:

• Confirm that the architect can collect the requirements and use best practices to build the system in AWS
• Is it possible to give guidance for the entire life cycle of an application

9.2 Expect an architect (assistant or expert level) to prepare before the exam:

• Deep mastery of at least 1 high-level languages (C,c++,java, etc.)
• Three white papers on AWS
  AWS * Overview
  AWS * Security Process
  AWS * Risk and response
  – Storage options in the cloud
  Architecture Best Practices for AWS *
• Experience using AWS components to deploy hybrid systems according to customer needs
• Use the AWS Architecture Center site for more information

9.3 Recommendations in the field of experience

• Assistant Architect
  – At least 6 months of hands-on experience in managing production systems in AWS
  – Learn basic AWS Courses
• Expert architect
  – At least 2 years of hands-on experience in managing multiple different types of complex production systems in AWS (multiple services, dynamic scaling, high availability, refactoring, or fault tolerance)
  – Ability to perform builds in AWS, advanced conceptual capabilities of the architecture

9.4 Related Resources

• Resource address for Certified learning

-You can practice on your own, you need to pay for mock exams

• Then go online and sign up for the exam.
  

"Summary" Overview of AWS's (assistant) architect certification system