Domain 3: Design Secure Applications and Architectures

• • Design secure access to AWS resources
• • Design secure application tiers
• • Select appropriate data security options

Domain 4: Design Cost-Optimized Architectures

• • Identify cost-effective storage solutions
• • Identify cost-effective compute and database services
• • Design cost-optimized network architectures

• Course Introduction
• About the Training Architect

• Working as a Solutions Architect
• Creating an AWS Account, AWS Free Tier, Usage Tracking, and Billing Widget

Architecture 101

• Access Management
• Shared Responsibility/Security Model
• Service Models
• High Availability vs. Fault Tolerance
• RPO vs. RTO
• Scaling
• Tiered Application Designv
• Encryption
• Architecture Odds and Ends
• Architecture 101

AWS Architecture 101

• AWS Accounts
• AWS Physical and Networking Layer
• Well-Architected Framework
• Elasticity
• AWS Architecture 101

AWS Product Fundamentals

• Console Tour and Navigation
• Introduction to S3
• Introduction to CloudFormation
• Getting Started with CloudFormation
• AWS Product Fundamentals

IAM (Identity and Access Management)

• IAM Essentials
• IAM Policies
• IAM Users
• IAM Groups
• IAM Access Keys
• Securing Your Account — Creating an IAM User and Setting Up the CLI
• IAM Roles
• IAM Essentials

Multi-Account Management and Organizations

• AWS Organizations
• Role Switching Between Accounts
• Multi-Account Management and Organizations

Server-Based Compute (EC2) Fundamentals

• EC2 Architecture
• Instance Types and Sizes
• EC2 Storage Architecture
• EBS Snapshots
• Security Groups
• Instance Metadatav
• Creating and Working with an EC2 Instance
• Server-Based Compute (EC2) Fundamentals

Server-Based Compute (EC2) Intermediate

• AMI
• Bootstrap
• Instance ENI, IP, and DNS
• Instance Rolesv
• Server-Based Compute (EC2) Intermediate
• Using EC2 Roles and Instance Profiles
• Using AWS Tags and Resource Groups

Server-Based Compute (EC2) Advanced

• EBS Volume and Snapshot Encryption
• EBS Optimization, Enhanced Networking, and Placement Groups
• EC2 Billing Models: Spot,Spot Fleet and Reserved Instances
• Dedicated Hosts
• Server-Based Compute (EC2) Advanced

Serverless Compute (Lambda)

• What Are APIs and Microservices?
• Serverless and Event-Driven Architectures
• Lambda Essentials
• API Gateway Essentials
• Step Functions
• Serverless Compute (Lambda)

Container-Based Compute and Microservices

• Docker Essentials
• ECS
• Container-Based Compute and Microservices

Networking Fundamentals

• Introduction
• Seven-Layer OSI Model
• IP Addressing Basics
• Subnetting
• IP Routing
• Firewalls
• Proxy Servers
• Networking Fundamentals

Virtual Private Cloud (VPC)

• Virtual Private Cloud (VPC) and Subnets
• Routing and Internet Gateway
• Bastion Host/JumpBox
• NAT, NAT Instance, and NAT Gatewayv
• Network ACLs
• Designing and Building a Custom VPC from Scratch
• Virtual Private Cloud (VPC)

Advanced VPC

• VPC Peering
• VPC Endpoints
• IPv6 within AWS
• Egress-Only Gateway
• Implementing VPC Peering on AWS
• Advanced VPC

Global DNS (Route 53) Fundamentals

• DNS 101
• Domain Registration
• Private vs. Public Hosted Zones
• Record Set Types
• Health Checks
• Global DNS (Route 53) Fundamentals

Global DNS (Route 53) Fundamentals

• DNS 101
• Domain Registration
• Private vs. Public Hosted Zones
• Record Set Types
• Health Checks
• Global DNS (Route 53) Fundamentals

Global DNS (Route 53) Advanced

• Routing Policy: Simple
• Routing Policy: Failover
• Routing Policy: Weighted
• Routing Policy: Latency
• Routing Policy: Geolocation
• Global DNS (Route 53) Advanced

S3 Architecture and Features

• Permissions
• Transferring Data to S3
• Encryption
• Static Websites and CORS
• Object Versioning
• Presigned URLs
• Creating a Static Website Using Amazon S3

S3 Performance and Resilience

• Storage Tiers/Classes
• Lifecycle Policies and Intelligent-Tiering
• Cross-Region Replication (CRR)

CloudFront

• CloudFront Architecture
• OAI

Network File Systems

• EFS Fundamentals
• Storage and Content Delivery

Database Fundamentals

• Database Models

SQL — RDS

• RDS Essentials
• RDS Backups and Restore
• RDS Resiliency: Multi-AZ
• RDS Read Replicas
• Database Fundamentals and SQL — RDS

SQL — Aurora

• Aurora Essentials
• Parallel Queries and Aurora Global
• Aurora Serverless Essentials
• SQL — Aurora

NoSQL

• DynamoDB Essentials: Tables,Items, Query and Scan
• DynamoDB Performance and Billing
• DynamoDB Streams and Triggers
• DynamoDB Indexes: LSI,GSI
• NoSQL

In-Memory Caching

• DAX
• ElastiCache
• In-Memory Caching

Load Balancing and Auto Scaling

• Load Balancing Fundamentals
• Classic Load Balancers and Health Checks
• Application Load Balancers
• Network Load Balancers
• Launch Templates and Configurationsv
• Auto Scaling Groups
• Implementing an Auto Scaling Group and Application Load Balancer in AWS

VPN and Direct Connect

• VPC VPN (IPsec)
• Direct Connect Architecture
• When to Pick Direct Connect vs. VPN

Snow

• Snowball, Snowball Edge, and Snowmobile

Data and DB Migration

• Storage Gateway 101
• Database Migration Service 101

Identity Federation and SSO

• What Is Identity Federation?
• When to Use Identity Federation
• Hybrid and Scaling

Application Integration

• Simple Notification Service (SNS)
• Simple Queue Service (SQS)
• Elastic Transcoder
• Application Integration

Analytics

• Athena
• Elastic MapReduce (EMR)
• Kinesis and Firehose
• Redshift
• Analytics

Logging and Monitoring

• CloudWatch
• CloudWatch Logs
• CloudTrail
• VPC Flow Logsv
• Custom Logging Using CloudWatch and CloudWatch Logs
• Working with AWS VPC Flow Logs for Network Monitoring
• Logging and Monitoring

Analytics

• Athena
• Elastic MapReduce (EMR)
• Kinesis and Firehose
• Redshift
• Analytics

Operations

• CloudWatch Events
• KMS Essentials

Deployment

• Elastic Beanstalk
• OpsWorks
• Operations and Deployment