Email ITClassSL@gmail.com Whatapp https://wa.link/qj2yy6 to schedule your online classes. https://www.youtube.com/channel/UCo--CBzGxwhlpDQqyYCCZCg
AWS services and features
Analytics:
· Amazon Athena Amazon Athena is an interactive query service that
makes it easy to analyze data in Amazon S3 using standard SQL. Athena is
serverless, so there is no infrastructure to manage, and you pay only for the
queries that you run.
Athena
is easy to use. Simply point to your data in Amazon S3, define the schema, and
start querying using standard SQL. Most results are delivered within seconds.
With Athena, there’s no need for complex ETL jobs to prepare your data for
analysis. This makes it easy for anyone with SQL skills to quickly analyze
large-scale datasets.
Athena
is out-of-the-box integrated with AWS Glue Data Catalog, allowing you to
create a unified metadata repository across various services, crawl data
sources to discover schemas and populate your Catalog with new and modified
table and partition definitions, and maintain schema versioning.
· Amazon
Elasticsearch Service (Amazon ES) Amazon Elasticsearch Service is a fully managed
service that makes it easy for you to deploy, secure, and run Elasticsearch
cost effectively at scale. You can build, monitor, and troubleshoot your
applications using the tools you love, at the scale you need. The service
provides support for open source Elasticsearch APIs, managed Kibana,
integration with Logstash and
other AWS services, and built-in alerting and SQL querying. Amazon Elasticsearch
Service lets you pay only for what you use – there are no upfront costs or
usage requirements. With Amazon Elasticsearch Service, you get the ELK stack
you need, without the operational overhead.
· Amazon EMR
Amazon
EMR is the industry-leading cloud big data platform for processing vast amounts
of data using open source tools such as Apache Spark, Apache Hive, Apache HBase, Apache Flink, Apache Hudi, and Presto. Amazon EMR makes
it easy to set up, operate, and scale your big data environments by automating
time-consuming tasks like provisioning capacity and tuning clusters. With EMR
you can run petabyte-scale analysis at less than half of the cost of traditional on-premises
solutions and over 3x faster than standard Apache Spark. You can
run workloads on Amazon EC2 instances, on Amazon Elastic Kubernetes Service
(EKS) clusters, or on-premises using EMR on AWS Outposts.
· AWS Glue
AWS
Glue is a serverless data integration service that makes it easy to discover,
prepare, and combine data for analytics, machine learning, and application
development. AWS Glue provides all of the capabilities needed for data integration
so that you can start analyzing your data and putting it to use in minutes
instead of months.
Data
integration is the process of preparing and combining data for analytics,
machine learning, and application development. It involves multiple tasks, such
as discovering and extracting data from various sources; enriching, cleaning,
normalizing, and combining data; and loading and organizing data in databases,
data warehouses, and data lakes. These tasks are often handled by different
types of users that each use different products.
AWS
Glue provides both visual and code-based interfaces to make data integration
easier. Users can easily find and access data using the AWS Glue Data Catalog.
Data engineers and ETL (extract, transform, and load) developers can visually
create, run, and monitor ETL workflows with a few clicks in AWS Glue Studio.
Data analysts and data scientists can use AWS Glue DataBrew to
visually enrich, clean, and normalize data without writing code. With AWS Glue Elastic
Views, application developers can use familiar Structured Query
Language (SQL) to combine and replicate data across different data stores.
· Amazon
Kinesis Amazon Kinesis makes it easy to collect, process, and analyze
real-time, streaming data so you can get timely insights and react quickly to
new information. Amazon Kinesis offers key capabilities to cost-effectively
process streaming data at any scale, along with the flexibility to choose the
tools that best suit the requirements of your application. With Amazon Kinesis,
you can ingest real-time data such as video, audio, application logs, website
clickstreams, and IoT telemetry data for machine learning, analytics, and other
applications. Amazon Kinesis enables you to process and analyze data as it
arrives and respond instantly instead of having to wait until all your data is
collected before the processing can begin.
· Amazon
QuickSight Amazon QuickSight is a scalable, serverless,
embeddable, machine learning-powered business intelligence (BI) service built
for the cloud. QuickSight lets you easily create and publish interactive BI
dashboards that include Machine Learning-powered insights. QuickSight
dashboards can be accessed from any device, and seamlessly embedded into your
applications, portals, and websites.
QuickSight
is serverless and can automatically scale to tens of thousands of users without
any infrastructure to manage or capacity to plan for. It is also the first BI
service to offer pay-per-session pricing, where you only pay when your users
access their dashboards or reports, making it cost-effective for large scale
deployments.
With
QuickSight, you can ask business questions of your data in plain language and
receive answers in seconds.
AWS Billing and Cost Management:
· AWS Budgets
AWS
Budgets gives you the ability to set custom budgets that alert you when your
costs or usage exceed (or are forecasted to exceed) your budgeted amount. You
can also use AWS Budgets to set reservation utilization or coverage targets and
receive alerts when your metrics drop below the threshold you define.
Reservation alerts support Amazon EC2, Amazon RDS, Amazon Redshift, Amazon
ElastiCache, and Elasticsearch reservations.
· Cost
Explorer AWS Cost Explorer has an easy-to-use interface that
lets you visualize, understand, and manage your AWS costs and usage over time.
Application Integration:
· Amazon
Simple Notification Service (Amazon SNS) Amazon Simple
Notification Service (Amazon SNS) is a fully managed messaging service for both
application-to-application (A2A) and application-to-person (A2P) communication.
The
A2A pub/sub functionality provides topics for high-throughput, push-based,
many-to-many messaging between distributed systems, microservices, and
event-driven serverless applications. Using Amazon SNS topics, your publisher
systems can fanout messages to a large number of subscriber systems including
Amazon SQS queues, AWS Lambda functions and HTTPS endpoints, for parallel
processing, and Amazon Kinesis Data Firehose. The A2P functionality enables you
to send messages to users at scale via SMS, mobile push, and email.
Amazon Simple Queue Service
(Amazon SQS) Amazon Simple Queue Service (SQS) is a fully managed message
queuing service that enables you to decouple and scale microservices,
distributed systems, and serverless applications. SQS eliminates the complexity
and overhead associated with managing and operating message oriented middleware
and empowers developers to focus on differentiating work. Using SQS, you can
send, store, and receive messages between software components at any volume,
without losing messages or requiring other services to be available. Get
started with SQS in minutes using the AWS console, Command Line Interface or
SDK of your choice, and three simple commands.
SQS
offers two types of message queues. Standard queues offer maximum throughput,
best-effort ordering, and at-least-once delivery. SQS FIFO queues are designed
to guarantee that messages are processed exactly once, in the exact order that
they are sent.
Compute:
· Amazon EC2 Amazon
Elastic Compute Cloud (Amazon EC2) is a web service that provides secure,
resizable compute capacity in the cloud. It is designed to make web-scale cloud
computing easier for developers. Amazon EC2’s simple web service interface
allows you to obtain and configure capacity with minimal friction. It provides
you with complete control of your computing resources and lets you run on
Amazon’s proven computing environment.
Amazon
EC2 offers the broadest and deepest compute platform with choice of processor,
storage, networking, operating system, and purchase model. We offer the fastest
processors in the cloud and we are the only cloud with 400 Gbps ethernet
networking. We have the most powerful GPU instances for machine learning
training and graphics workloads, as well as the lowest cost-per-inference
instances in the cloud. More SAP, HPC, Machine Learning, and Windows workloads
run on AWS than any other cloud. Click here to
learn What's New with Amazon EC2.
· AWS Elastic
Beanstalk AWS Elastic Beanstalk is an easy-to-use service for
deploying and scaling web applications and services developed with Java, .NET,
PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache,
Nginx, Passenger, and IIS.
You
can simply upload your code and Elastic Beanstalk automatically handles the
deployment, from capacity provisioning, load balancing, auto-scaling to
application health monitoring. At the same time, you retain full control over
the AWS resources powering your application and can access the underlying
resources at any time.
There
is no additional charge for Elastic Beanstalk - you pay only for the AWS
resources needed to store and run your applications.
· Amazon
Elastic Container Service (Amazon ECS) Amazon Elastic
Container Service (Amazon ECS) is a fully managed container orchestration
service that helps you easily deploy, manage, and scale containerized
applications. It deeply integrates with the rest of the AWS platform to provide
a secure and easy-to-use solution for running container workloads in the cloud
and now on your infrastructure with Amazon ECS Anywhere.
Amazon
ECS leverages serverless technology from AWS Fargate to deliver autonomous
container operations, which reduces the time spent on configuration, patching,
and security. Instead of worrying about managing the control plane, add-ons,
and nodes, Amazon ECS enables you to rapidly build applications and grow your
business.
· Amazon
Elastic Kubernetes Service (Amazon EKS) Amazon Elastic
Kubernetes Service (Amazon EKS) gives you the flexibility to start, run, and
scale Kubernetes applications in the AWS cloud or on-premises. Amazon EKS helps
you provide highly available and secure clusters and automates key tasks such
as patching, node provisioning, and updates. Customers such as Intel, Snap,
Intuit, GoDaddy, and Autodesk trust EKS to run their most sensitive and mission
critical applications.
EKS
runs upstream Kubernetes and is certified Kubernetes conformant for a
predictable experience. You can easily migrate any standard Kubernetes
application to EKS without needing to refactor your code.
EKS
makes it easy to standardize operations across every environment. You can run
fully managed EKS clusters on AWS. You can have an open source, proven
distribution of Kubernetes wherever you want for consistent operations with Amazon EKS
Distro. You can host and operate your Kubernetes clusters
on-premises and at the edge with AWS Outposts and AWS Wavelength, and have a
consistent cluster management experience with Amazon EKS
Anywhere (coming in 2021.)
· Elastic Load
Balancing Elastic Load Balancing automatically distributes
incoming application traffic across multiple targets, such as Amazon EC2
instances, containers, IP addresses, Lambda functions, and virtual appliances.
It can handle the varying load of your application traffic in a single
Availability Zone or across multiple Availability Zones. Elastic Load Balancing
offers four types of load balancers that all feature the high availability,
automatic scaling, and robust security necessary to make your applications
fault tolerant.
· AWS Fargate AWS Fargate is a serverless compute engine for
containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service
(EKS). Fargate makes it easy for you to focus on building your
applications. Fargate removes the need to provision and manage servers, lets
you specify and pay for resources per application, and improves security
through application isolation by design.
Fargate
allocates the right amount of compute, eliminating the need to choose instances
and scale cluster capacity. You only pay for the resources required to run your
containers, so there is no over-provisioning and paying for additional servers.
Fargate runs each task or pod in its own kernel providing the tasks and pods
their own isolated compute environment. This enables your application to have
workload isolation and improved security by design. This is why customers such
as Vanguard, Accenture, Foursquare, and Ancestry have chosen to run their
mission critical applications on Fargate.
· AWS Lambda
AWS
Lambda is a serverless compute service that lets you run code without
provisioning or managing servers, creating workload-aware cluster scaling
logic, maintaining event integrations, or managing runtimes. With Lambda, you
can run code for virtually any type of application or backend service - all
with zero administration. Just upload your code as a ZIP file or container
image, and Lambda automatically and precisely allocates compute execution power
and runs your code based on the incoming request or event, for any scale of
traffic. You can set up your code to automatically trigger from over 200 AWS
services and SaaS applications or call it directly from any web or mobile app.
You can write Lambda functions in your favorite language (Node.js, Python, Go,
Java, and more) and use both serverless and container tools, such as AWS SAM or
Docker CLI, to build, test, and deploy your functions.
Database:
· Amazon Aurora
Amazon
Aurora is a MySQL and PostgreSQL-compatible relational database built
for the cloud, that combines the performance and availability of traditional
enterprise databases with the simplicity and cost-effectiveness of open source
databases.
Amazon
Aurora is up to five times faster than standard MySQL databases and
three times faster than standard PostgreSQL databases. It provides the
security, availability, and reliability of commercial databases at 1/10th the
cost. Amazon Aurora is fully managed by Amazon Relational Database Service (RDS),
which automates time-consuming administration tasks like hardware provisioning,
database setup, patching, and backups.
Amazon
Aurora features a distributed, fault-tolerant, self-healing storage system that
auto-scales up to 128TB per database instance. It delivers high performance and
availability with up to 15 low-latency read replicas, point-in-time recovery,
continuous backup to Amazon S3, and replication across three Availability Zones
(AZs).
Visit
the Amazon RDS
Management Console to create your first Aurora database
instance and start migrating your MySQL and PostgreSQL databases
· Amazon
DynamoDB Amazon DynamoDB is a key-value and document database
that delivers single-digit millisecond performance at any scale. It's a fully
managed, multi-region, multi-active, durable database with built-in security,
backup and restore, and in-memory caching for internet-scale applications.
DynamoDB can handle more than 10 trillion requests per day and can support
peaks of more than 20 million requests per second.
Many
of the world's fastest growing businesses such as Lyft, Airbnb, and Redfin as
well as enterprises such as Samsung, Toyota, and Capital One depend on the
scale and performance of DynamoDB to support their mission-critical workloads.
Hundreds
of thousands of AWS customers have chosen DynamoDB as their key-value and
document database for mobile, web, gaming, ad tech, IoT, and other applications
that need low-latency data access at any scale. Create a new table for your
application and let DynamoDB handle the rest.
· Amazon
ElastiCache Amazon ElastiCache allows you to seamlessly set up,
run, and scale popular open-source compatible in-memory data stores in the
cloud. Build data-intensive apps or boost the performance of your existing
databases by retrieving data from high throughput and low latency in-memory
data stores. Amazon ElastiCache is a popular choice for real-time use cases
like Caching, Session Stores, Gaming, Geospatial Services, Real-Time Analytics,
and Queuing.
Amazon
ElastiCache offers fully managed Redis, voted the most loved database by developers in the Stack Overflow
2020 Developer Survey, and Memcached for
your most demanding applications that require sub-millisecond response times.
· Amazon RDS
Amazon
Relational Database Service (Amazon RDS) makes it easy to set up, operate, and
scale a relational database in the cloud. It provides cost-efficient and
resizable capacity while automating time-consuming administration tasks such as
hardware provisioning, database setup, patching and backups. It frees you to
focus on your applications so you can give them the fast performance, high
availability, security and compatibility they need.
Amazon
RDS is available on several database instance types -
optimized for memory, performance or I/O - and provides you with six familiar
database engines to choose from, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server. You can use
the AWS Database Migration Service to
easily migrate or replicate your existing databases to Amazon RDS.
· Amazon
Redshift Amazon Redshift is a fully-managed petabyte-scale
cloud based data warehouse product designed for large scale data set storage
and analysis. It is also used to perform large scale database migrations.
Redshift’s
column-oriented database is designed to connect to SQL-based clients and business
intelligence tools, making data available to users in real
time. Based on PostgreSQL 8, Redshift delivers fast performance and efficient
querying that help teams make sound business analyses and decisions.
Management and Governance:
· AWS Auto
Scaling AWS Auto Scaling monitors your applications and automatically
adjusts capacity to maintain steady, predictable performance at the lowest
possible cost. Using AWS Auto Scaling, it’s easy to setup application scaling
for multiple resources across multiple services in minutes. The service
provides a simple, powerful user interface that lets you build scaling plans
for resources including Amazon EC2 instances
and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes,
and Amazon Aurora Replicas.
AWS Auto Scaling makes scaling simple with recommendations that allow you to
optimize performance, costs, or balance between them. If you’re already using Amazon EC2 Auto Scaling to
dynamically scale your Amazon EC2 instances, you can now combine it with AWS
Auto Scaling to scale additional resources for other AWS services. With AWS
Auto Scaling, your applications always have the right resources at the right
time.
It’s
easy to get started with AWS Auto Scaling using the AWS Management Console,
Command Line Interface (CLI), or SDK. AWS Auto Scaling is available at no
additional charge. You pay only for the AWS resources needed to run your
applications and Amazon
CloudWatch monitoring fees.
· AWS Backup
AWS
Backup enables you to centralize and automate data protection across AWS
services. AWS Backup offers a cost-effective, fully managed, policy-based
service that further simplifies data protection at scale. AWS Backup also helps
you support your regulatory compliance or business policies for data
protection. Together with AWS Organizations, AWS Backup enables you to
centrally deploy data protection policies to configure, manage, and govern your
backup activity across your organization’s AWS accounts and resources,
including Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Elastic
Block Store (Amazon EBS) volumes, Amazon Relational Database Service (RDS)
databases (including Amazon Aurora clusters), Amazon DynamoDB tables, Amazon Elastic
File System (EFS), Amazon FSx for Lustre, Amazon FSx for Windows File Server,
and AWS Storage Gateway volumes.
· AWS
CloudFormation AWS CloudFormation gives you an easy way to model a
collection of related AWS and third-party resources, provision them quickly and
consistently, and manage them throughout their lifecycles, by treating
infrastructure as code. A CloudFormation template describes your desired
resources and their dependencies so you can launch and configure them together
as a stack. You can use a template to create, update, and delete an entire
stack as a single unit, as often as you need to, instead of managing resources
individually. You can manage and provision stacks across multiple AWS accounts
and AWS Regions.
· AWS
CloudTrail AWS CloudTrail is a service that enables governance,
compliance, operational auditing, and risk auditing of your AWS account. With
CloudTrail, you can log, continuously monitor, and retain account activity
related to actions across your AWS infrastructure. CloudTrail provides event
history of your AWS account activity, including actions taken through the AWS
Management Console, AWS SDKs, command line tools, and other AWS services. This
event history simplifies security analysis, resource change tracking, and troubleshooting. In
addition, you can use CloudTrail to detect unusual activity in your AWS
accounts. These capabilities help simplify operational analysis and
troubleshooting.
· Amazon
CloudWatch Amazon CloudWatch is a monitoring and observability
service built for DevOps engineers, developers, site reliability engineers (SREs),
and IT managers. CloudWatch provides you with data and actionable insights to
monitor your applications, respond to system-wide performance changes, optimize
resource utilization, and get a unified view of operational health. CloudWatch
collects monitoring and operational data in the form of logs, metrics, and
events, providing you with a unified view of AWS resources, applications, and
services that run on AWS and on-premises servers. You can use CloudWatch to
detect anomalous behavior in your environments, set alarms, visualize logs and
metrics side by side, take automated actions, troubleshoot issues, and discover
insights to keep your applications
running smoothly.
· AWS Config
AWS
Config is a service that enables you to assess, audit, and evaluate the
configurations of your AWS resources. Config continuously monitors and records
your AWS resource configurations and allows you to automate the evaluation of
recorded configurations against desired configurations. With Config, you can
review changes in configurations and relationships between AWS resources, dive
into detailed resource configuration histories, and determine your overall
compliance against the configurations specified in your internal guidelines.
This enables you to simplify compliance auditing, security analysis, change
management, and operational troubleshooting.
· Amazon
EventBridge (Amazon CloudWatch Events) Amazon EventBridge is a
serverless event bus that makes it easier to build event-driven applications at
scale using events generated from your applications, integrated
Software-as-a-Service (SaaS) applications, and AWS services. EventBridge
delivers a stream of real-time data from event sources such as Zendesk or Shopify
to targets like AWS Lambda and other SaaS applications. You can set up routing
rules to determine where to send your data to build application architectures
that react in real- time to your data sources with event publisher and consumer
completely decoupled.
· AWS
Organizations AWS Organizations helps you centrally manage and
govern your environment as you grow and scale your AWS resources. Using AWS
Organizations, you can programmatically create new AWS accounts and allocate
resources, group accounts to organize your workflows, apply policies to
accounts or groups for governance, and simplify billing by using a single
payment method for all of your accounts.
In
addition, AWS Organizations is integrated with other AWS services so you can
define central configurations, security mechanisms, audit requirements, and
resource sharing across accounts in your organization. AWS Organizations is
available to all AWS customers at no additional charge.
· AWS Resource
Access Manager AWS Resource Access Manager (RAM) is a service that
enables you to easily and securely share AWS resources with any AWS account or
within your AWS Organization. You can share AWS Transit Gateways, Subnets, AWS
License Manager configurations, and Amazon Route 53 Resolver rules resources
with RAM.
Many
organizations use multiple accounts to create administrative or billing
isolation, and to limit the impact of errors. RAM eliminates the need to create
duplicate resources in multiple accounts, reducing the operational overhead of
managing those resources in every single account you own. You can create
resources centrally in a multi-account environment, and use RAM to share those
resources across accounts in three simple steps: create a Resource Share,
specify resources, and specify accounts. RAM is available to you at no
additional charge.
· AWS Systems
Manager AWS Systems Manager is the operations hub for AWS.
Systems Manager provides a unified user interface so you can track and resolve
operational issues across your AWS applications and resources from a central
place. With Systems Manager, you can automate operational tasks for Amazon EC2
instances or Amazon RDS instances. You can also group resources by application,
view operational data for monitoring and troubleshooting, implement pre-approved
change work flows, and audit operational changes for your groups of resources.
Systems Manager simplifies resource and application management, shortens the
time to detect and resolve operational problems, and makes it easier to operate
and manage your infrastructure at scale.
· AWS Trusted
Advisor AWS Trusted Advisors provides recommendations that help you
follow AWS best practices. Trusted Advisor evaluates your account by using
checks. These checks identify ways to optimize your AWS infrastructure, improve
security and performance, reduce costs, and monitor service quotas. You can
then follow the check recommendations to optimize your services and resources.
AWS
Basic Support and AWS Developer
Support customers can access core security checks and all
checks for service quotas. AWS Business
Support and AWS Enterprise
Support customers can access all checks, including cost
optimization, security, fault tolerance, performance, and service quotas. For a
complete list of checks and descriptions, see the Trusted Advisor
Best Practices.
Migration and Transfer:
· AWS Database
Migration Service (AWS DMS) database remains fully operational during the
migration, minimizing downtime to applications that rely on the database. The
AWS Database Migration Service can migrate your data to and from most widely
used commercial and open-source databases.
AWS
Database Migration Service supports homogeneous migrations such as Oracle
to Oracle, as well as heterogeneous migrations between different database
platforms, such as Oracle or Microsoft SQL Server to Amazon Aurora. With
AWS Database Migration Service, you can continuously replicate your data with
high availability and consolidate databases into a petabyte-scale data
warehouse by streaming data to Amazon Redshift and Amazon S3. Learn more about
the supported source and target databases.
When
migrating databases to Amazon Aurora, Amazon Redshift, Amazon DynamoDB or
Amazon DocumentDB (with MongoDB compatibility) you can use DMS free for six
months.
· AWS DataSync
AWS
DataSync is an online data transfer service that simplifies, automates, and
accelerates moving data between on-premises storage systems and AWS Storage
services, as well as between AWS Storage services. You can use DataSync to
migrate active datasets to AWS, archive data to free up on-premises storage
capacity, replicate data to AWS for business continuity, or transfer data to
the cloud for analysis and processing.
Writing,
maintaining, monitoring, and troubleshooting scripts to move large amounts of
data can burden your IT operations and slow migration projects. DataSync
eliminates or automatically handles this work for you. DataSync provides
built-in security capabilities such as encryption of data in-transit, and data
integrity verification in-transit and at-rest. It optimizes use of network
bandwidth, and automatically recovers from network connectivity failures. In
addition, DataSync provides control and monitoring capabilities such as data
transfer scheduling and granular visibility into the transfer process through
Amazon CloudWatch metrics, logs, and events.
DataSync
can copy data between Network File System (NFS) shares, Server Message Block
(SMB) shares, self-managed object storage, AWS Snowcone, Amazon Simple
Storage Service (Amazon S3) buckets, Amazon Elastic File System (Amazon EFS)
file systems, and Amazon FSx for Windows File Server file systems.
· AWS
Migration Hub AWS Migration Hub provides a single location to
track the progress of application migrations across multiple AWS and partner
solutions. Using Migration Hub allows you to choose the AWS and partner
migration tools that best fit your needs, while providing visibility into the
status of migrations across your portfolio of applications. Migration Hub also
provides key metrics and progress for individual applications, regardless of
which tools are being used to migrate them. This allows you to quickly get
progress updates across all of your migrations, easily identify and
troubleshoot any issues, and reduce the overall time and effort spent on your
migration projects.
AWS
Migration Hub provides a single place to monitor migrations in any AWS region
where your migration tools are available. There is no additional cost for using
Migration Hub. You only pay for the cost of the individual migration tools you
use, and any resources being consumed on AWS.
· AWS Server
Migration Service (AWS SMS) Amazon Server Migration Service automates the
migration of your on-premises VMware vSphere, Microsoft Hyper-V/SCVMM, and
Azure virtual machines to the Amazon Cloud. Amazon SMS incrementally replicates
your server VMs as cloud-hosted Amazon Machine Images (AMIs) ready for
deployment on Amazon EC2. Working with AMIs, you can easily test and update
your cloud-based images before deploying them in production.
· AWS Snowball
Snowball is
a petabyte-scale data transport solution that uses secure appliances to
transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses
common challenges with large-scale data transfers including high network costs,
long transfer times, and security concerns.
· AWS Transfer
Family
The AWS Transfer Family provides fully managed support for file transfers
directly into and out of Amazon S3 or Amazon EFS. With support for Secure
File Transfer Protocol (SFTP), File Transfer Protocol over SSL (FTPS), and File
Transfer Protocol (FTP), the AWS Transfer Family helps you seamlessly migrate
your file transfer workflows to AWS by integrating with existing authentication
systems, and providing DNS routing with Amazon Route 53 so nothing changes for
your customers and partners, or their applications. With your data in Amazon S3
or Amazon EFS, you can use it with AWS services for processing, analytics,
machine learning, archiving, as well as home directories and developer tools.
Getting started with the AWS Transfer Family is easy; there is no infrastructure
to buy and set up.
Networking and Content
Delivery:
· Amazon API
Gateway Amazon API Gateway is a fully managed service that makes it easy
for developers to create, publish, maintain, monitor, and secure APIs at any
scale. APIs act as the "front door" for applications to access data,
business logic, or functionality from your backend services. Using API Gateway,
you can create RESTful APIs and WebSocket APIs that enable real-time two-way
communication applications. API Gateway supports containerized and serverless
workloads, as well as web applications.
API
Gateway handles all the tasks involved in accepting and processing up to
hundreds of thousands of concurrent API calls, including traffic management,
CORS support, authorization and access control, throttling, monitoring, and API
version management. API Gateway has no minimum fees or startup costs. You pay
for the API calls you receive and the amount of data transferred out and, with
the API Gateway tiered pricing model, you can reduce your cost as your API
usage scales.
· Amazon
CloudFront Amazon
CloudFront is a fast content delivery network (CDN) service that securely
delivers data, videos, applications, and APIs to customers globally with low
latency, high transfer speeds, all within a developer-friendly environment.
CloudFront
offers the most advanced security capabilities, including field level
encryption and HTTPS support, seamlessly integrated with AWS Shield, AWS Web Application Firewall and Amazon Route 53 to protect against
multiple types of attacks including network and application layer DDoS attacks.
These services co-reside at edge networking locations – globally scaled and
connected via the AWS network backbone – providing a more secure, performant,
and available experience for your users.
CloudFront
works seamlessly with any AWS origin, such as Amazon S3, Amazon EC2, Elastic Load Balancing, or
with any custom HTTP origin. You can customize your content delivery through
CloudFront using the secure and programmable edge computing features CloudFront
Functions and AWS Lambda@Edge.
· AWS Direct
Connect makes it easy to establish a dedicated connection from an
on-premises network to one or more VPCs in the same region. Using private VIF
on AWS Direct Connect, you can establish private connectivity between AWS and
your data center, office, or colocation environment,
· AWS Global
Accelerator AWS Global Accelerator is a networking service
that improves the performance of your users’ traffic by up to 60% using Amazon
Web Services’ global network infrastructure. When the internet is congested,
AWS Global Accelerator optimizes the path to your application to keep packet
loss, jitter, and latency consistently low.
With
Global Accelerator, you are provided two global static public IPs that act as a
fixed entry point to your application, improving availability. On the back end,
add or remove your AWS application endpoints, such as Application Load
Balancers, Network Load Balancers, EC2 Instances, and Elastic IPs without
making user-facing changes. Global Accelerator automatically re-routes your
traffic to your nearest healthy available endpoint to mitigate endpoint
failure.
Set
up your accelerator on the AWS Management Console in minutes with step-by-step documentation or with one click in the
Elastic Load Balancing Console. Learn more by following the self-service
workshop and test performance benefits from your location with
the AWS Global Accelerator speed comparison
tool.
· Amazon Route
53 Amazon Route 53 is a highly available and scalable cloud Domain Name
System (DNS) web service. It is designed to give developers and
businesses an extremely reliable and cost effective way to route end users to
Internet applications by translating names like www.example.com into the
numeric IP addresses like 192.0.2.1 that computers use to connect to each
other. Amazon Route 53 is fully compliant with IPv6 as well.
Amazon
Route 53 effectively connects user requests to infrastructure running in AWS –
such as Amazon EC2 instances, Elastic Load Balancing load balancers, or Amazon
S3 buckets – and can also be used to route users to infrastructure outside of
AWS. You can use Amazon Route 53 to configure DNS health checks to route
traffic to healthy endpoints or to independently monitor the health of your
application and its endpoints. Amazon Route 53 Traffic Flow makes it easy for
you to manage traffic globally through a variety of routing types, including
Latency Based Routing, Geo DNS, Geoproximity, and Weighted Round Robin—all of
which can be combined with DNS Failover in order to enable a variety of
low-latency, fault-tolerant architectures. Using Amazon Route 53 Traffic Flow’s
simple visual editor, you can easily manage how your end-users are routed to
your application’s endpoints—whether in a single AWS region or distributed
around the globe. Amazon Route 53 also offers Domain Name Registration – you
can purchase and manage domain names such as example.com and Amazon Route 53
will automatically configure DNS settings for your domains.
· AWS Transit
Gateway AWS Transit Gateway connects VPCs and on-premises networks
through a central hub. This simplifies your network and puts an end to complex
peering relationships. It acts as a cloud router – each new connection is only
made once.
As
you expand globally, inter-Region peering connects AWS Transit Gateways
together using the AWS global
network. Your data is automatically encrypted, and never travels
over the public internet. And, because of its central position, AWS Transit
Gateway Network Manager has a unique view over your entire
network, even connecting to Software-Defined Wide Area Network (SD-WAN)
devices.
· Amazon VPC
(and associated features) Amazon Virtual Private Cloud (Amazon VPC) is a
service that lets you launch AWS resources in a logically isolated virtual
network that you define. You have complete control over your virtual networking
environment, including selection of your own IP address range, creation of
subnets, and configuration of route tables and network gateways. You can use
both IPv4 and IPv6 for most resources in your virtual private cloud, helping to
ensure secure and easy access to resources and applications.
As
one of AWS's foundational services, Amazon VPC makes it easy to customize your
VPC's network configuration. You can create a public-facing subnet for your web
servers that have access to the internet. It also lets you place your backend
systems, such as databases or application servers, in a private-facing subnet
with no internet access. Amazon VPC lets you to use multiple layers of
security, including security groups and network access control lists, to help
control access to Amazon EC2 instances
in each subnet.
Security, Identity, and Compliance:
· AWS Certificate Manager (ACM) AWS Certificate
Manager is a service that lets you easily provision, manage, and deploy public
and private Secure Sockets Layer/Transport Layer Security (SSL/TLS)
certificates for use with AWS services and your internal connected resources.
SSL/TLS certificates are used to secure network communications and establish
the identity of websites over the Internet as well as resources on private
networks. AWS Certificate Manager removes the time-consuming manual process of
purchasing, uploading, and renewing SSL/TLS certificates.
With
AWS Certificate Manager, you can quickly request a certificate, deploy it on
ACM-integrated AWS resources, such as Elastic Load Balancers, Amazon CloudFront
distributions, and APIs on API Gateway, and let AWS Certificate Manager handle
certificate renewals. It also enables you to create private certificates for
your internal resources and manage the certificate lifecycle centrally. Public
and private certificates provisioned through AWS Certificate Manager for use
with ACM-integrated services are free. You pay only for the AWS resources you
create to run your application. With AWS Certificate Manager
Private Certificate Authority, you pay monthly for the operation of
the private CA and for the private certificates you issue
· AWS
Directory Service AWS Directory Service for Microsoft Active
Directory, also known as AWS Managed Microsoft Active Directory (AD), enables your
directory-aware workloads and AWS resources to use managed Active Directory
(AD) in AWS. AWS Managed
Microsoft AD is built on actual Microsoft AD and does not
require you to synchronize or replicate data from your existing Active
Directory to the cloud. You can use the standard AD administration tools and
take advantage of the built-in AD features, such as Group Policy and single
sign-on. With AWS Managed Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances
to your domain, and use AWS End User
Computing (EUC) services, such as Amazon WorkSpaces, with AD
users and groups.
· Amazon
GuardDuty Amazon GuardDuty is a threat detection service that
continuously monitors for malicious activity and unauthorized behavior to
protect your AWS accounts, workloads, and data stored in Amazon S3. With the
cloud, the collection and aggregation of account and network activities is
simplified, but it can be time consuming for security teams to continuously
analyze event log data for potential threats. With GuardDuty, you now have an
intelligent and cost-effective option for continuous threat detection in AWS.
The service uses machine learning, anomaly detection, and integrated threat
intelligence to identify and prioritize potential threats. GuardDuty analyzes
tens of billions of events across multiple AWS data sources, such as AWS
CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs. With a few clicks in
the AWS Management Console, GuardDuty can be enabled with no software or
hardware to deploy or maintain. By integrating with Amazon CloudWatch Events,
GuardDuty alerts are actionable, easy to aggregate across multiple accounts,
and straightforward to push into existing event management and workflow systems
· AWS Identity
and Access Management (IAM) AWS Identity and Access Management (IAM) enables you
to manage access to AWS services and resources securely. Using IAM, you can
create and manage AWS users and groups, and use permissions to allow and deny
their access to AWS resources.
IAM
is a feature of your AWS account offered at no additional charge. You will be
charged only for use of other AWS services by your users.
To
get started using IAM, or if you have already registered with AWS, go to the AWS Management Console and
get started with these IAM Best Practices.
· Amazon
Inspector Amazon Inspector is an automated security
assessment service that helps improve the security and compliance of
applications deployed on AWS. ... Amazon Inspector security
assessments help you check for unintended network accessibility of your Amazon EC2
instances and for vulnerabilities on those EC2 instances.
· AWS Key
Management Service (AWS KMS) AWS Key Management Service (KMS) makes it easy for
you to create and manage cryptographic keys and control their use across a wide
range of AWS services and in your applications. AWS KMS is a secure and
resilient service that uses hardware security modules that have been validated
under FIPS 140-2, or are in the process of being validated, to protect your
keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all
key usage to help meet your regulatory and compliance needs.
· Amazon Macie
Amazon
Macie is a fully managed data security and data privacy service that uses
machine learning and pattern matching to discover and protect your sensitive
data in AWS.
As
organizations manage growing volumes of data, identifying and protecting their
sensitive data at scale can become increasingly complex, expensive, and
time-consuming. Amazon Macie automates the discovery of sensitive data at scale
and lowers the cost of protecting your data. Macie automatically provides an
inventory of Amazon S3 buckets including a list of unencrypted buckets,
publicly accessible buckets, and buckets shared with AWS accounts outside those
you have defined in AWS Organizations. Then, Macie applies machine learning and
pattern matching techniques to the buckets you select to identify and alert you
to sensitive data, such as personally identifiable information (PII).
Macie’s
alerts, or findings, can be searched and filtered in the AWS Management Console
and sent to Amazon EventBridge, formerly called Amazon CloudWatch Events, for
easy integration with existing workflow or event management systems, or to be
used in combination with AWS services, such as AWS Step Functions to take
automated remediation actions. This can help you meet regulations, such as the
Health Insurance Portability and Accountability Act (HIPAA) and General Data
Privacy Regulation (GDPR). You can get started with Amazon Macie by
leveraging the 30-day free trial for bucket evaluation. The trial includes 30-days
of Amazon S3 bucket inventory and bucket-level security and access control
assessment at no cost. Note that sensitive data discovery is not included in
the 30-day free trial for bucket evaluation.
· AWS Secrets
Manager AWS Secrets Manager helps you protect secrets needed to access
your applications, services, and IT resources. The service enables you to
easily rotate, manage, and retrieve database credentials, API keys, and other
secrets throughout their lifecycle. Users and applications retrieve secrets
with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive
information in plain text. Secrets Manager offers secret rotation with built-in
integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB. Also, the
service is extensible to other types of secrets, including API keys and OAuth
tokens. In addition, Secrets Manager enables you to control access to secrets
using fine-grained permissions and audit secret rotation centrally for
resources in the AWS Cloud, third-party services, and on-premises.
· AWS Shield
AWS
Shield is a managed Distributed Denial of Service (DDoS) protection service
that safeguards applications running on AWS. AWS Shield provides always-on
detection and automatic inline mitigations that minimize application downtime
and latency, so there is no need to engage AWS Support to benefit from DDoS
protection. There are two tiers of AWS Shield - Standard and Advanced.
All
AWS customers benefit from the automatic protections of AWS Shield Standard, at
no additional charge. AWS Shield Standard defends against most common,
frequently occurring network and transport layer DDoS attacks that target your
web site or applications. When you use AWS Shield Standard with Amazon
CloudFront and Amazon Route 53, you receive comprehensive
availability protection against all known infrastructure (Layer 3 and 4)
attacks.
For
higher levels of protection against attacks targeting your applications running
on Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), Amazon
CloudFront, AWS Global Accelerator and Amazon Route 53 resources, you can
subscribe to AWS Shield Advanced. In addition to the network and transport
layer protections that come with Standard, AWS Shield Advanced provides additional
detection and mitigation against large and sophisticated DDoS attacks, near
real-time visibility into attacks, and integration with AWS WAF, a web
application firewall. AWS Shield Advanced also gives you 24x7 access to the AWS
DDoS Response Team (DRT) and protection against DDoS related spikes in your
Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing (ELB), Amazon
CloudFront, AWS Global Accelerator and Amazon Route 53 charges.
AWS
Shield Advanced is available globally on all Amazon CloudFront, AWS Global
Accelerator, and Amazon Route 53 edge locations. You can protect your web
applications hosted anywhere in the world by deploying Amazon CloudFront in
front of your application. Your origin servers can be Amazon S3, Amazon Elastic
Compute Cloud (EC2), Elastic Load Balancing (ELB), or a custom server outside
of AWS. You can also enable AWS Shield Advanced directly on an Elastic IP or
Elastic Load Balancing (ELB) in the following AWS Regions - Northern
Virginia, Ohio, Oregon, Northern California, Montreal, São Paulo, Ireland,
Frankfurt, London, Paris, Stockholm, Singapore, Tokyo, Sydney, Seoul, and
Mumbai.
· AWS Single
Sign-On AWS Single Sign-On is a cloud-based single sign-on (SSO) service
that makes it easy to centrally manage SSO access to all of your AWS accounts
and cloud applications. Specifically, it helps you manage SSO access and user
permissions across all your AWS accounts in AWS Organizations. AWS SSO also
helps you manage access and permissions to commonly used third-party software
as a service (SaaS) applications, AWS SSO-integrated applications as well as
custom applications that support Security Assertion Markup Language (SAML) 2.0.
AWS SSO includes a user portal where your end-users can find and access all
their assigned AWS accounts, cloud applications, and custom applications in one
place.
· AWS WAF
AWS
WAF is a web application firewall that lets you monitor the HTTP and HTTPS
requests that are forwarded to CloudFront, and lets you control access to your
content. Based on conditions that you specify, such as the values of query
strings or the IP addresses that requests originate from, CloudFront responds
to requests either with the requested content or with an HTTP status code 403
(Forbidden). You can also configure CloudFront to return a custom error page
when a request is blocked. For more information about AWS WAF, see the AWS WAF
Developer Guide.
After
you create an AWS WAF web access control list (web ACL), create or update a web
distribution to associate the distribution with the web ACL. You can associate
as many CloudFront distributions as you want with the same web ACL or with
different web ACLs. For information about creating a distribution and
associating it with a web ACL, see Creating a
Distribution.
Storage:
· Amazon
Elastic Block Store (Amazon EBS) Amazon Elastic Block Store (Amazon EBS) provides
block level storage volumes for use with EC2 instances. EBS volumes behave like
raw, unformatted block devices. You can mount these volumes as devices on your
instances. EBS volumes that are attached to an instance are exposed as storage
volumes that persist independently from the life of the instance. You can
create a file system on top of these volumes, or use them in any way you would
use a block device (such as a hard drive). You can dynamically change the
configuration of a volume attached to an instance.
We
recommend Amazon EBS for data that must be quickly accessible and requires
long-term persistence. EBS volumes are particularly well-suited for use as the
primary storage for file systems, databases, or for any applications that
require fine granular updates and access to raw, unformatted, block-level
storage. Amazon EBS is well suited to both database-style applications that
rely on random reads and writes, and to throughput-intensive applications that
perform long, continuous reads and writes.
· Amazon
Elastic File System (Amazon EFS) Amazon Elastic File System (Amazon EFS) provides a
simple, serverless, set-and-forget elastic file system for use with AWS Cloud
services and on-premises resources. It is built to scale on demand to petabytes
without disrupting applications, growing and shrinking automatically as you add
and remove files, eliminating the need to provision and manage capacity to
accommodate growth. Amazon EFS has a simple web services interface that allows
you to create and configure file systems quickly and easily. The service
manages all the file storage infrastructure for you, meaning that you can avoid
the complexity of deploying, patching, and maintaining complex file system
configurations.
Amazon
EFS supports the Network File System version 4 (NFSv4.1 and NFSv4.0) protocol,
so the applications and tools that you use today work seamlessly with Amazon
EFS. Multiple compute instances, including Amazon EC2, Amazon ECS, and AWS
Lambda, can access an Amazon EFS file system at the same time, providing a
common data source for workloads and applications running on more than one
compute instance or server.
· Amazon FSx
Amazon
FSx for Windows File Server provides fully managed Microsoft Windows file
servers, that are backed by a fully native Windows file system. When using
Amazon FSx for Windows File Server together with ECS, you can provision your
Windows tasks with persistent, distributed, shared, static file storage.
· Amazon S3
Amazon
Simple Storage Service (Amazon S3) is an object storage service that offers
industry-leading scalability, data availability, security, and performance.
This means customers of all sizes and industries can use it to store and
protect any amount of data for a range of use cases, such as data lakes,
websites, mobile applications, backup and restore, archive, enterprise applications,
IoT devices, and big data analytics. Amazon S3 provides easy-to-use management
features so you can organize your data and configure finely-tuned access
controls to meet your specific business, organizational, and compliance
requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability,
and stores data for millions of applications for companies all around the world.
· Amazon S3
Glacier Amazon S3 Glacier and S3 Glacier Deep Archive are secure,
durable, and extremely low-cost Amazon S3 cloud storage classes for data
archiving and long-term backup. They are designed to deliver 99.999999999%
durability, and provide comprehensive security and compliance capabilities that
can help meet even the most stringent regulatory requirements. Customers can
store data for as little as $1 per terabyte per month, a significant savings
compared to on-premises solutions. To keep costs low yet suitable for varying
retrieval needs, Amazon S3 Glacier provides three options for access to
archives, from a few minutes to several hours, and S3 Glacier Deep Archive
provides two access options ranging from 12 to 48 hours.
· AWS Storage
Gateway
AWS Storage Gateway is a hybrid cloud storage service that gives you
on-premises access to virtually unlimited cloud storage. Customers use Storage
Gateway to simplify storage management and reduce costs for key hybrid cloud
storage use cases. These include moving backups to the cloud, using on-premises
file shares backed by cloud storage, and providing low latency access to data
in AWS for on-premises applications.
To support these use cases, Storage Gateway offers four
different types of gateways – Amazon S3 File Gateway, Amazon FSx File Gateway, Tape Gateway, and Volume Gateway – that
seamlessly connect on-premises applications to cloud storage, caching data
locally for low-latency access. Your applications connect to the service
through a virtual machine or gateway hardware appliance using
standard storage protocols, such as NFS, SMB, and iSCSI. The gateway connects
to AWS storage services, such as Amazon S3, Amazon S3 Glacier, Amazon S3
Glacier Deep Archive, Amazon FSx for Windows File Server, Amazon EBS, and
AWS Backup, providing storage for files, volumes, snapshots, and virtual tapes
in AWS. The service includes a highly-optimized and efficient data transfer
mechanism, with bandwidth management and automated network resilience.
Copy - Paste from
AWS Certified Solutions Architect – Associate
(SAA-C02) Exam Guide
Version 2.0 SAA-C02 1 | PAGE
Introduction
The AWS Certified Solutions Architect – Associate (SAA-C02) exam is intended for individuals who perform
in a solutions architect role. The exam validates a candidate’s ability to design secure and robust solutions
by using AWS technologies.
The exam also validates a candidate’s ability to complete the following tasks:
Design a solution by using appropriate AWS services and by following architectural principles
based on requirements
Provide implementation guidance based on best practices to the organization throughout the
workload lifecycle
Target candidate description
The target candidate should have at least 1 year of hands-on experience designing secure, highperforming, cost-effective, highly available, and scalable systems by using AWS services.
Recommended AWS knowledge
The target candidate should have the following knowledge:
Hands-on experience using compute, networking, storage, management, and database AWS
services
The ability to identify and define technical requirements for a solution that involves AWS
technology
The ability to identify which AWS services meet a given technical requirement
An understanding of best practices for building well-architected solutions on AWS
An understanding of the AWS global infrastructure
An understanding of AWS security services and features in relation to traditional services
What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be
able to perform. These items are out of scope for the exam:
Design a complex, hybrid network architecture
Design identity federation within multiple accounts
Design an architecture that meets compliance requirements
Incorporate specialized services in a design
Develop deployment strategies
Create a migration strategy for complex multi-tier applications
For a detailed list of specific tools and technologies that might be covered on the exam, as well as a list of
in-scope AWS services, refer to the Appendix.Version 2.0 SAA-C02 2 | PAGE
Exam content
Response types
There are two types of questions on the exam:
Multiple choice: Has one correct response and three incorrect responses (distractors)
Multiple response: Has two or more correct responses out of five or more response options
Select one or more responses that best complete the statement or answer the question. Distractors, or
incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose.
Distractors are generally plausible responses that match the content area.
Unanswered questions are scored as incorrect; there is no penalty for guessing. The exam includes 50
questions that will affect your score.
Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about
candidate performance on these unscored questions to evaluate these questions for future use as scored
questions. These unscored questions are not identified on the exam.
Exam results
The AWS Certified Solutions Architect – Associate exam is a pass or fail exam. The exam is scored against a
minimum standard established by AWS professionals who follow certification industry best practices and
guidelines.
Your results for the exam are reported as a scaled score of 100–1,000. The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether or not you passed. Scaled
scoring models help equate scores across multiple exam forms that might have slightly different difficulty
levels.
Your score report could contain a table of classifications of your performance at each section level. This
information provides general feedback about your exam performance. The exam uses a compensatory
scoring model, which means that you do not need to achieve a passing score in each section. You need to
pass only the overall exam.
Each section of the exam has a specific weighting, so some sections have more questions than other
sections have. The table contains general information that highlights your strengths and weaknesses. Use
caution when interpreting section-level feedback. Candidates who pass the exam will not receive this
additional information.
Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive
listing of the content on the exam. However, additional context for each of the objectives is available to
help guide your preparation for the exam. The following table lists the main content domains and their
weightings. The table precedes the complete exam content outline, which includes the additional context.
The percentage in each domain represents only scored content.Version 2.0 SAA-C02 3 | PAGE
Domain % of Exam
Domain 1: Design Resilient Architectures 30%
Domain 2: Design High-Performing Architectures 28%
Domain 3: Design Secure Applications and Architectures 24%
Domain 4: Design Cost-Optimized Architectures 18%
TOTAL 100%
Domain 1: Design Resilient Architectures
1.1 Design a multi-tier architecture solution
Determine a solution design based on access patterns.
Determine a scaling strategy for components used in a design.
Select an appropriate database based on requirements.
Select an appropriate compute and storage service based on requirements.
1.2 Design highly available and/or fault-tolerant architectures
Determine the amount of resources needed to provide a fault-tolerant architecture across
Availability Zones.
Select a highly available configuration to mitigate single points of failure.
Apply AWS services to improve the reliability of legacy applications when application changes
are not possible.
Select an appropriate disaster recovery strategy to meet business requirements.
Identify key performance indicators to ensure the high availability of the solution.
1.3 Design decoupling mechanisms using AWS services
Determine which AWS services can be leveraged to achieve loose coupling of components.
Determine when to leverage serverless technologies to enable decoupling.
1.4 Choose appropriate resilient storage
Define a strategy to ensure the durability of data.
Identify how data service consistency will affect the operation of the application.
Select data services that will meet the access requirements of the application.
Identify storage services that can be used with hybrid or non-cloud-native applications.
Domain 2: Design High-Performing Architectures
2.1 Identify elastic and scalable compute solutions for a workload
Select the appropriate instance(s) based on compute, storage, and networking requirements.
Choose the appropriate architecture and services that scale to meet performance
requirements.
Identify metrics to monitor the performance of the solution. Version 2.0 SAA-C02 4 | PAGE
2.2 Select high-performing and scalable storage solutions for a workload
Select a storage service and configuration that meets performance demands.
Determine storage services that can scale to accommodate future needs.
2.3 Select high-performing networking solutions for a workload
Select appropriate AWS connectivity options to meet performance demands.
Select appropriate features to optimize connectivity to AWS public services.
Determine an edge caching strategy to provide performance benefits.
Select appropriate data transfer service for migration and/or ingestion.
2.4 Choose high-performing database solutions for a workload
Select an appropriate database scaling strategy.
Determine when database caching is required for performance improvement.
Choose a suitable database service to meet performance needs.
Domain 3: Design Secure Applications and Architectures
3.1 Design secure access to AWS resources
Determine when to choose between users, groups, and roles.
Interpret the net effect of a given access policy.
Select appropriate techniques to secure a root account.
Determine ways to secure credentials using features of AWS IAM.
Determine the secure method for an application to access AWS APIs.
Select appropriate services to create traceability for access to AWS resources.
3.2 Design secure application tiers
Given traffic control requirements, determine when and how to use security groups and
network ACLs.
Determine a network segmentation strategy using public and private subnets.
Select the appropriate routing mechanism to securely access AWS service endpoints or
internet-based resources from Amazon VPC.
Select appropriate AWS services to protect applications from external threats.
3.3 Select appropriate data security options
Determine the policies that need to be applied to objects based on access patterns.
Select appropriate encryption options for data at rest and in transit for AWS services.
Select appropriate key management options based on requirements.
Domain 4: Design Cost-Optimized Architectures
4.1 Identify cost-effective storage solutions
Determine the most cost-effective data storage options based on requirements.
Apply automated processes to ensure that data over time is stored on storage tiers that
minimize costs.Version 2.0 SAA-C02 5 | PAGE
4.2 Identify cost-effective compute and database services
Determine the most cost-effective Amazon EC2 billing options for each aspect of the
workload.
Determine the most cost-effective database options based on requirements.
Select appropriate scaling strategies from a cost perspective.
Select and size compute resources that are optimally suited for the workload.
Determine options to minimize total cost of ownership (TCO) through managed services and
serverless architectures.
4.3 Design cost-optimized network architectures
Identify when content delivery can be used to reduce costs.
Determine strategies to reduce data transfer costs within AWS.
Determine the most cost-effective connectivity options between AWS and on-premises
environments.Version 2.0 SAA-C02 6 | PAGE
Appendix
Which key tools, technologies, and concepts might be covered on the exam?
The following is a non-exhaustive list of the tools and technologies that could appear on the exam. This list
is subject to change and is provided to help you understand the general scope of services, features, or
technologies on the exam. The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely
be covered more than others on the exam, the order and placement of them in this list is no indication of
relative weight or importance:
Compute
Cost management
Database
Disaster recovery
High availability
Management and governance
Microservices and component decoupling
Migration and data transfer
Networking, connectivity, and content delivery
Security
Serverless design principles
Storage
AWS services and features
Analytics:
Amazon Athena
Amazon Elasticsearch Service (Amazon ES)
Amazon EMR
AWS Glue
Amazon Kinesis
Amazon QuickSight
AWS Billing and Cost Management:
AWS Budgets
Cost Explorer
Application Integration:
Amazon Simple Notification Service (Amazon SNS)
Amazon Simple Queue Service (Amazon SQS)Version 2.0 SAA-C02 7 | PAGE
Compute:
Amazon EC2
AWS Elastic Beanstalk
Amazon Elastic Container Service (Amazon ECS)
Amazon Elastic Kubernetes Service (Amazon EKS)
Elastic Load Balancing
AWS Fargate
AWS Lambda
Database:
Amazon Aurora
Amazon DynamoDB
Amazon ElastiCache
Amazon RDS
Amazon Redshift
Management and Governance:
AWS Auto Scaling
AWS Backup
AWS CloudFormation
AWS CloudTrail
Amazon CloudWatch
AWS Config
Amazon EventBridge (Amazon CloudWatch Events)
AWS Organizations
AWS Resource Access Manager
AWS Systems Manager
AWS Trusted Advisor
Migration and Transfer:
AWS Database Migration Service (AWS DMS)
AWS DataSync
AWS Migration Hub
AWS Server Migration Service (AWS SMS)
AWS Snowball
AWS Transfer Family
Networking and Content Delivery:
Amazon API Gateway
Amazon CloudFront
AWS Direct Connect
AWS Global Accelerator
Amazon Route 53
AWS Transit Gateway
Amazon VPC (and associated features)Version 2.0 SAA-C02 8 | PAGE
Security, Identity, and Compliance:
AWS Certificate Manager (ACM)
AWS Directory Service
Amazon GuardDuty
AWS Identity and Access Management (IAM)
Amazon Inspector
AWS Key Management Service (AWS KMS)
Amazon Macie
AWS Secrets Manager
AWS Shield
AWS Single Sign-On
AWS WAF
Storage:
Amazon Elastic Block Store (Amazon EBS)
Amazon Elastic File System (Amazon EFS)
Amazon FSx
Amazon S3
Amazon S3 Glacier
AWS Storage Gateway