SAP-C01 AWS Certified Solutions Architect - Professional scrap book

Notes whilst preparing for a certification

Published: Wednesday, Feb 26, 2020 Last modified: Monday, Feb 10, 2025

Design for Organizational Complexity

Acronyms:

DX
VIFs

Sub-domain: cross-account authentication and access strategies

Active directory options

Gateway differences

Sub-domain: Networks

VPN connection types

Sub-domain: multi-account AWS environments

SCPs

New solutions

Sub-domain: security requirements and controls

SWF takes an awful lot of code to make it work well.

Sub-domain: deployment strategies for business requirements

Migration planning

Plan
- Discover
  - Assessment and profiling
  - Data requirements and classification
  - Prioritization
  - Business logic and infrastructure dependencies
- Design
  - Detailed migration plan
  - Estimate effort
  - Security and risk assessment
Build
- Transform
  - Network topology
  - Migrate
  - Deploy
  - Validate
- Transition
  - Pilot testing
  - Transition to support
  - Release management
  - Cutover and decommission
Run
- Operate
  - Staff training
  - Monitoring
  - Incident management
  - Provisioning
- Optimise
  - Monitoring-driven optimization
  - Continuous integration and continuous deployment
  - Well-Architected Framework

Cost control

Enforce tags with AWS Config.

Termination protection does not work for Auto scaling groups
Instance protection does work

Improving Architectures

Sub-domain: troubleshooting solution architectures

Sub-domain: operational excellence

Two way doors (reversible changes) as opposed to more risky one way doors
Implement CloudFormation aka IaC

Sub-domain: improve reliability

Instance auto recovery
Use Multi-AZ services: S3/DynamoDB automatically Multi-AZ
AWS EBS Snapshots minimize Recovery Point Objective
Use RI for critical systems
DLP with CloudTrail

Sub-domain: improving performance

Memcached is single AZ
Redis Lazy loading versus Write through

Sub-domain: improving security

NACLs are stateless and accomodate DENY rules unlike Security groups

Sub-domain: improving deployment

Cloud Formation - consider Deletion policy attribute, be wary of downtime. Retain for S3, Snapshot (default) for RDS/EBS etc
Code deploy - Must remove underlying instances
Elastic Beanstalk - can do it all
OpsWorks - Chef can handle minimal downtime
AWS ECS

Who is Mike? @BlaineSundrud https://t.co/t5t0DhZUCb AWS instructor explains the "security onion" ... I think 😂
— Kai Hendry (@kaihendry) February 28, 2020

Active-Active versus Active-Passive Failover

Backup/Restore, Pilot light, Warm standby, to Hot standby

The common cloud data migration challenge

Number of days = (Total Bytes)/(Megabits per second * 125 * 1000 * Network Utilization * 60 seconds * 60 minutes * 24 hours)