SAP-C01 AWS Certified Solutions Architect - Professional scrap book
Notes whilst preparing for a certification
Published: Wednesday, Feb 26, 2020 Last modified: Friday, Jul 26, 2024
Design for Organizational Complexity
Acronyms:
- DX
- VIFs
Sub-domain: cross-account authentication and access strategies
Active directory options
![](https://s.natalian.org/2020-02-26/ad-options.jpg)
Gateway differences
![](https://s.natalian.org/2020-02-26/gateway.jpg)
Sub-domain: Networks
VPN connection types
![](https://s.natalian.org/2020-02-26/networks.jpg)
Sub-domain: multi-account AWS environments
![](https://s.natalian.org/2020-02-26/multi-account-strategy.jpg)
![](https://s.natalian.org/2020-02-26/root-account-no-cloudtrail.jpg)
New solutions
Sub-domain: security requirements and controls
![](https://s.natalian.org/2020-02-26/kinesis-order.jpg)
![](https://s.natalian.org/2020-02-26/kinesis-types.jpg)
![](https://s.natalian.org/2020-02-26/read-replicas.jpg)
![](https://s.natalian.org/2020-02-26/elastiCache.jpg)
![](https://s.natalian.org/2020-02-26/dynamodb-global-tables.jpg)
SWF takes an awful lot of code to make it work well.
![](https://s.natalian.org/2020-02-26/iam-access-controls.jpg)
![](https://s.natalian.org/2020-02-26/seperate-security-account.jpg)
![](https://s.natalian.org/2020-02-26/user-vs-identity-pools.png)
Sub-domain: deployment strategies for business requirements
![](https://s.natalian.org/2020-02-26/deployment-mechanisms.jpg)
Migration planning
- Plan
- Discover
- Assessment and profiling
- Data requirements and classification
- Prioritization
- Business logic and infrastructure dependencies
- Design
- Detailed migration plan
- Estimate effort
- Security and risk assessment
- Discover
- Build
- Transform
- Network topology
- Migrate
- Deploy
- Validate
- Transition
- Pilot testing
- Transition to support
- Release management
- Cutover and decommission
- Transform
- Run
- Operate
- Staff training
- Monitoring
- Incident management
- Provisioning
- Optimise
- Monitoring-driven optimization
- Continuous integration and continuous deployment
- Well-Architected Framework
- Operate
![](https://s.natalian.org/2020-02-26/storage-portfolio.jpg)
![](https://s.natalian.org/2020-02-26/all-three.jpg)
Cost control
![](https://s.natalian.org/2020-02-26/tag-everything.jpg)
![](https://s.natalian.org/2020-02-26/two-tags.jpg)
Enforce tags with AWS Config.
- Termination protection does not work for Auto scaling groups
- Instance protection does work
Improving Architectures
Sub-domain: troubleshooting solution architectures
![](https://s.natalian.org/2020-02-28/trouble-shooting.jpg)
![CW Events != Alarms](https://s.natalian.org/2020-02-28/1582860243_2560x1440.png)
Sub-domain: operational excellence
- Two way doors (reversible changes) as opposed to more risky one way doors
- Implement CloudFormation aka IaC
Sub-domain: improve reliability
![The operational continium](https://s.natalian.org/2020-02-28/operational.png)
- Instance auto recovery
- Use Multi-AZ services: S3/DynamoDB automatically Multi-AZ
- AWS EBS Snapshots minimize Recovery Point Objective
- Use RI for critical systems
- DLP with CloudTrail
![](https://s.natalian.org/2020-02-28/snapshots.jpg)
Sub-domain: improving performance
![](https://s.natalian.org/2020-02-28/ebs-performance.jpg)
![](https://s.natalian.org/2020-02-28/redis-performance.jpg)
- Memcached is single AZ
- Redis Lazy loading versus Write through
Sub-domain: improving security
![](https://s.natalian.org/2020-02-28/restrict-access.jpg)
![](https://s.natalian.org/2020-02-28/encryption-options.jpg)
![](https://s.natalian.org/2020-02-28/perimeter-controls.jpg)
- NACLs are stateless and accomodate DENY rules unlike Security groups
Sub-domain: improving deployment
- Cloud Formation - consider Deletion policy attribute, be wary of downtime. Retain for S3, Snapshot (default) for RDS/EBS etc
- Code deploy - Must remove underlying instances
- Elastic Beanstalk - can do it all
- OpsWorks - Chef can handle minimal downtime
- AWS ECS
![](https://s.natalian.org/2020-02-28/additional-resources.jpg)
Who is Mike? @BlaineSundrud https://t.co/t5t0DhZUCb AWS instructor explains the "security onion" ... I think 😂
— Kai Hendry (@kaihendry) February 28, 2020
Active-Active versus Active-Passive Failover
![RPO versus RTO](https://s.natalian.org/2020-03-05/1583386029_2560x1440.png)
![Backup/Restore, Pilot light, Warm standby, to Hot standby](https://s.natalian.org/2020-03-05/1583386197_2560x1440.png)
The common cloud data migration challenge
Number of days = (Total Bytes)/(Megabits per second * 125 * 1000 * Network Utilization * 60 seconds * 60 minutes * 24 hours)