Professional Documents
Culture Documents
Security
Reliability
Performance Efficiency
Cost Optimization
Operational Excellence
Sustainability
Well Architected Framework
Design Foundations
Quotas of resources
Constraints to design
Network speeds
Workload architecture High availability
Change management – Monitor, when to scale, when
changes are made
Failure management – Backups, fault isolation,
managing component failures, Disaster Recovery
Design High-Performance Architecture
Availability
Dependency 99.9%
Availability
Dependency 99.9%
SLA Required: 99.5%
Database Server
95%
Direct Connect
Local Zones Points of Presence
Locations
AWS Regions
AWS
ALTERNATE
SERVICE ICON
Regions
RESOURCES
Regional Cloud Services
Region
Edge Services
Instance Instance
Elastic Block Elastic Block
Storage Storage
CloudFront Route 53
Region
AWS Region
VPC Application
load balancer
Local Zones allow you to use compute and storage services with single-digit
millisecond latency access to applications running locally
You can extend any VPC from the parent region into AWS Local Zones by creating a
new subnet and assigning it to the AWS Local Zone
When you create a subnet in AWS Local Zone, your VPC is extended to include the
Local Zone
Region
VPC
Local Zone
o AWS Local Zones provide single-digit millisecond latency for video rendering and cad
services
o AWS Outposts allow you to run AWS compute and storage on premises
o Wavelength provides low latency applications for 5G devices by extending AWS
infrastructure to 3rd party telco 5G datacenters
Edge Locations
Each edge location has a
local caching data center
directly connected to the
AWS cloud using high-
speed private network
links
Edge Locations @ AWS
Services at the Edge
Filtering rules
Without CloudFront
With CloudFront
Website
User (Singapore)
Amazon CloudFront
Edge Location
CloudFront Distribution Design
CloudFront
Toronto edge
S3
Bucket
CloudFront
Mumbi edge Instance
Origin server
CloudFront
Paris edge
Serving Private Content
CloudFront Cache
WAF and Shield
Protecting the Application Perimeter
Filtering rule
§ Pre-configured rules
§ Cover common attack vectors and threats
§ Influenced by OWASP Top 10 Application
Security Risks
§ Customized rule engine
§ Regular or rate-based rules
§ Actions to take (block, allow, count)
App 1 App 2 App 3 App 4
(EC2 instances / VPC Security Groups -Back-end applications)
Web ACL Rule Web ACL Rule Web ACL Rule Web ACL Rule
Internet
Route 53 Traffic Flow
Failover Routing Policy
ACTIVE
ACTIVE Paris Region
Amazon
Route 53
Create health check status; health of ELB, health of entire site/ region
Geo- Load Balancing
Amazon
Route 53
Region Region
38 msec
300 msec Paris Region
Amazon
Route 53
Create latency resource record set in each region that hosts your resource
Route 53 selects the latency resource record for the region with the lowest latency
Weighted Routing Policy
80 %%
20 % Paris Region
Amazon
Route 53
Active / Passive
US – West Region
App Server
Backup
Server
AP-Southeast Region
S3: AMI,
Snapshots
S3: Backups
Multi-Region Pilot Light Setup
Route 53
US – West Region AP-Southeast Region
App Server
App Server
Database Synchronization
DB Primary DB Replica
Multi-Region Pilot Light Response
DNS redirected
Route 53
US – West Region AP-Southeast Region
App Server
App Server
Region Region
VPC VPC
Elastic Load Balancing Elastic Load Balancing
Availability Zone Web Tier Availability Zone Availability Zone Web Tier Availability Zone
Aurora Primary Shared cluster Aurora Replica Aurora Replica Aurora cluster
data volume Snapshot
Active Active
Region Region
VPC VPC
Elastic Load Balancing Elastic Load Balancing
Availability Zone Web Tier Availability Zone Availability Zone Web Tier Availability Zone
A. Amazon Aurora.
B. Amazon DynamoDB.
C. Amazon Redshift.
D. Amazon ElastiCache.
The application specifications for the data store hosted
at AWS has the following requirements:
The data store will be 12 TB. Data growth will be
approximately 10 GB per day.
There must be three copies of data. Data compatibility
must be MySQL.
The database must be able to be replicated across
multiple regions.
Answer
Which of the following data store options would meet
this requirement?
A. Amazon Aurora.
B. Amazon DynamoDB.
C. Amazon Redshift.
D. Amazon ElastiCache.
Two years ago, the graphics department moved its
operations to AWS. Last year application development
was moved to AWS. The accounting department is now
moving to AWS. Compliance requirements dictate that
each department must use its own AWS account.
How can the charges for the AWS services used for each
Question 7 AWS account be consolidated into one bill?