AWS Solutions Architect (Associate) Exam Course Manual
The Orion Papers
Enter
Linux AcademyKeller, TexasUnited States of America
March 31, 2017
To All Linux Academy Students:
Welcome to Linux Academy's AWS Certified Solutions Architect (associate level) prep course. As part of this course, we are introducing an exciting innovation in AWS instruction - called The Orion Papers.
The Orion Papers is a non-linear, visual, interactive guide designed to enhance your learning and understanding of AWS. This guide can be used independently of the video lessons, but is meant to be supplemental and used in conjunction with the video lessons and live labs provided on linuxacademy.com.
Thank you for joining us on this AWS adventure!
Sincerely,
T homas B . H aslett
Thomas B. HaslettCourse Author
The Orion Papers
Continue
The Orion PapersAppendix
Welcome to the Appendix for the Orion Papers
Here you will find helpful resources and links to aid in your exploration of AWS.
Select a resource in the navigation panel above to explore various parts of this appendix.
Terminology About the Exam Helpful Links Live LabsCSA Concepts Exit
The Orion PapersPhysical & Networking Layer
Account & Services Layer
On-Premise Servers
Appendix
HybridEnviornments
On-premise Data Center
Open InternetOpen Internet
AWS Console AWS CLI
AWS Users(dev. account)
IAM
AWS Account(i.e. Development Account)
AWS Account(i.e. Production Account)
IAM
AWS Account & Services Layer
The Account & Services Layer represents how you create, access, and manage an AWS account and it's services. From how you interact with an AWS account and managing user rights, to how you access and use various AWS services and features.
This layer is all about account management & managing services.
AWS Infrastructure "Container"
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
Cross Account Access
The Orion PapersAccount & Services Layer
Physical & Networking Layer
On-Premise Servers
Appendix
HybridEnviornments
On-premise Data Center
i.e. us-east-1 i.e. us-west-1
i.e. eu-central-1 i.e. ap-northeast-1
AWS Edge Location
AWS Physical & Networking Layer
The Physical & Networking Layer represents the global infrastructure of AWS in terms of where resources are physically located around the world and how data flows through the AWS network.
This layer is all about how AWS is organized, and how internal and external communication with AWS works.
AWS Region
Open Internet
Customers(front end/public access)
AWS Users(back end/private access)
Web Browser (http)
Terminal(ssh/rdp)
AWS Edge Location
AW
S In
fras
ruct
ure
"C
on
tain
er"
AWS Region
AWS RegionAWS Region
The Orion Papers
On-Premise Servers
HybridEnviornments
Physical & Networking Layer
Account & Services Layer
Appendix
On-premise Data Center
AWS Physical & Networking Layer(Networking)
Moving into a pure networking view, this diagram represents how data is routed through AWS's networking infrastructure for highly available and fault tolerant web application. Identifying the methods of access for both customers (front end) and developers (back end).
VPC Peering
AWS Account(i.e. Production Account)
VPC 1(DEFAULT VPC)
Route 53(DNS)
CloudFront
S3
Terminal(ssh/rdp)
Customers(front end/public access)
AWS Users(back end/private access)
Web Browser (http)
Open Internet
Go Back
Content Delivery (CDN)
Static Web Hosting/DNS Failover
AW
S In
fras
ruct
ure
"C
on
tain
er"
VPC 2 (user created)
The Orion Papers
On-Premise Servers
Physical & Networking Layer
Account & Services Layer
Appendix
On-premise Data Center
On-Premise Servers
AWS Physical & Networking Layer(Hybrid Environments)
Hybrid architecture allows you to combine resources located in the AWS cloud with resources located on-premise, and use them as if they were located in the same environment.
Go Back
AWS Infrasructure "Container"
Availability Zone Availability Zone
Subnet 2 Subnet 1
VPC
VirtualPrivate Network
AWS Direct Connect
AWS Storage Gateway
The Orion PapersPhysical & Networking Layer
Account & Services Layer
HybridEnviornments
Appendix
Non-AWS Account holders who may need AWS Access
On-premise Data Center
Open Internet
AWS Console AWS CLI
AWS Account & Services Layer(IAM)
Moving into a more detailed view of IAM, here you can view an example of various ways different users and resources access an S3 bucket. Including all the IAM components required, such as Users, Groups, Roles, Policies, and API Keys.
IAM Essentials
AWS Infrastructure "Container"
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
EC2
S3 Bucket
Open Internet
Root user has UNLIMITED access
to all AWS resources by defaultIAM User
IAM Role
IAM Group
IAM Policy
IAM API Keys
Federate with SAML providers (i.e. Active
Directory) for temporary and single sign on access
Go Back
The Orion PapersPhysical & Networking Layer
Account & Services Layer
On-Premise Servers
Appendix
HybridEnviornments
On-premise Data Center
AWS Account & Services Layer(storage services)
AWS's main storage service is S3. As represented in the diagram, S3 has many different methods of importing, exporting, and syncing data with on-premise networks.
Go Back
S3
Storage Services
Storage Gateway
Snowball
Multi-Part UploadSingle Operation
Upload
IAM
AWS Import/Export
Snowball
Storage Gateway S3
Glacier
Open Internet
AWS Console
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
AWS Infrastructure "Container"
AWS Account(i.e Production Account)
AWS CLI
Lifecycle Policies
Storage "Transit" Services
The Orion PapersPhysical & Networking Layer
Account & Services Layer
On-Premise Servers
Appendix
On-premise Data Center
HybridEnviornments
AWS Account & Services Layer(compute services)
AWS's main compute service is EC2 - which are virtual servers you can provision in the AWS cloud. AWS also offers a newer service called Lambda, which is a serverless option for a different kind of computing requirements.
Go Back
LambdaEC2
IAM
Open Internet
AWS Console
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
AWS Infrastructure "Container"
AWS Account(i.e Production Account)
AWS CLI
AWS Compute Services
Virtual Server Based Computing Serverless Computing
The Orion PapersPhysical & Networking Layer
Account & Services Layer
On-Premise Servers
Appendix
On-premise Data Center
HybridEnviornments
AWS Account & Services Layer(Database Services)
AWS offers a wide range of database services, with its primary offerings including both RDS (SQL) and DynamoBB (NoSQL). Also included in the database category are options for high-performance (ElastiCache) and data warehousing (Redshift) datasets.
Go Back
IAM
Open Internet
AWS Console
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
AWS Infrastructure "Container"
AWS Account(i.e Production Account)
AWS CLI
AWS Compute Services
Fully-Managed SQL Databases
Serverless NoSQL Database
In-Memory Cache Engine
RDS
ElastiCache
DynamoDB
Petabyte-Scale Data Warehouse
Redshift
The Orion PapersPhysical & Networking Layer
Account & Services Layer
On-Premise Servers
Appendix
On-premise Data Center
HybridEnviornments
AWS Account & Services Layer(Application Services)
Application and messaging services provided by AWS offer a great variety of solutions - from receiving important alerts and creating decoupled environments, to managing every task required in workflow.
Go Back
IAM
Open Internet
AWS Console
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
AWS Infrastructure "Container"
AWS Account(i.e Production Account)
AWS CLI
AWS Compute Services
NotificationsQueue
Management
Workflow Management
SNS SQS
SWF
The Orion PapersPhysical & Networking Layer
Account & Services Layer
On-Premise Servers
Appendix
On-premise Data Center
HybridEnviornments
AWS Account & Services Layer(Deployment Services)
CloudFormation and Elastic BeanStalk offer two great options for quick and efficient deployment of application infrastructure.
CloudFormation to manage infrastructure as code, and Elastic BeanStalk to easily deploy out simple single tier applications.
Go Back
Elastic BeanStalk
IAM
Open Internet
AWS Console
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
AWS Infrastructure "Container"
AWS Account(i.e Production Account)
AWS CLI
AWS Deployment Services
CloudFormation
Infrastructure as Code
Simple App Deployment
The Orion PapersPhysical & Networking Layer
Account & Services Layer
On-Premise Servers
Appendix
On-premise Data Center
HybridEnviornments
AWS Account & Services Layer(Monitoring Services)
AWS offers two primary monitoring services (CloudWatch and CloudTrial), which can work together or independently, that allow you to effectively keep tabs on the status of your environment and who is taking what actions inside of it.
Go Back
CloudTrailCloudWatch
IAM
Open Internet
AWS Console
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
AWS Infrastructure "Container"
AWS CLI
AWS Account(i.e Production Account)
AWS Monitoring Services
Monitoring AWS Resources Logging Actions
The Orion PapersPhysical & Networking Layer
Account & Services Layer
On-Premise Servers
Appendix
On-premise Data Center
HybridEnviornments
AWS Account & Services Layer(Analytic Services)
AWS provides to primary service for data analytics. Kinesis for real-time data processing, and Elastic MapReduce for Hadoop framework data processing.
Go Back
Elastic MapReduce
Kinesis
IAM
Open Internet
AWS Console
Account Connection Tools
AWS Root Account HolderAWS Users
(prod. account)
AWS Infrastructure "Container"
AWS Account(i.e Production Account)
AWS CLI
AWS Analytic Services
Real-time Data Processing
Hadoop Framework Data Processing
Start
Lesson Navigation
Lambda Basics
Back to Main
Project Omega
Lambda Test
Finish
Quick Reference Current Section = Lambda
AWS Essentials Section (12):Lambda
Section (12) Topics Include:Introduction to AWS Lambda
Overview of Serverless ComputingPricing/Cost Overview
Using Lambda to Execute Code
OFF
AWS Account(i.e. Production Account)
Route 53(DNS)
Customers(front end/public access)
Web Browser (http)
Open Internet
AW
S In
fras
ruct
ure
"C
on
tain
er"
CloudFront Essentials
ELB
EC2
Edge Location
Edge Location
Edge Location
Edge Location
CloudFront "Origin"
S3