SAP-C01 AWS Certified Solutions Architect - Professional scrap book
Notes whilst preparing for a certification
Published: Wednesday, Feb 26, 2020 Last modified: Monday, Dec 9, 2024
Design for Organizational Complexity
Acronyms:
- DX
- VIFs
Sub-domain: cross-account authentication and access strategies
Active directory options
Gateway differences
Sub-domain: Networks
VPN connection types
Sub-domain: multi-account AWS environments
New solutions
Sub-domain: security requirements and controls
SWF takes an awful lot of code to make it work well.
Sub-domain: deployment strategies for business requirements
Migration planning
- Plan
- Discover
- Assessment and profiling
- Data requirements and classification
- Prioritization
- Business logic and infrastructure dependencies
- Design
- Detailed migration plan
- Estimate effort
- Security and risk assessment
- Discover
- Build
- Transform
- Network topology
- Migrate
- Deploy
- Validate
- Transition
- Pilot testing
- Transition to support
- Release management
- Cutover and decommission
- Transform
- Run
- Operate
- Staff training
- Monitoring
- Incident management
- Provisioning
- Optimise
- Monitoring-driven optimization
- Continuous integration and continuous deployment
- Well-Architected Framework
- Operate
Cost control
Enforce tags with AWS Config.
- Termination protection does not work for Auto scaling groups
- Instance protection does work
Improving Architectures
Sub-domain: troubleshooting solution architectures
Sub-domain: operational excellence
- Two way doors (reversible changes) as opposed to more risky one way doors
- Implement CloudFormation aka IaC
Sub-domain: improve reliability
- Instance auto recovery
- Use Multi-AZ services: S3/DynamoDB automatically Multi-AZ
- AWS EBS Snapshots minimize Recovery Point Objective
- Use RI for critical systems
- DLP with CloudTrail
Sub-domain: improving performance
- Memcached is single AZ
- Redis Lazy loading versus Write through
Sub-domain: improving security
- NACLs are stateless and accomodate DENY rules unlike Security groups
Sub-domain: improving deployment
- Cloud Formation - consider Deletion policy attribute, be wary of downtime. Retain for S3, Snapshot (default) for RDS/EBS etc
- Code deploy - Must remove underlying instances
- Elastic Beanstalk - can do it all
- OpsWorks - Chef can handle minimal downtime
- AWS ECS
Who is Mike? @BlaineSundrud https://t.co/t5t0DhZUCb AWS instructor explains the "security onion" ... I think 😂
— Kai Hendry (@kaihendry) February 28, 2020
Active-Active versus Active-Passive Failover
The common cloud data migration challenge
Number of days = (Total Bytes)/(Megabits per second * 125 * 1000 * Network Utilization * 60 seconds * 60 minutes * 24 hours)