Professional Documents
Culture Documents
Ben Piper
David Clinton
Copyright © 2021 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-71308-1
ISBN: 978-1-119-71309-8 (ebk.)
ISBN: 978-1-119-71310-4 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections
107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or
authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood
Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should
be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201)
748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties
with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties,
including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended
by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation.
This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other
professional services. If professional assistance is required, the services of a competent professional person should
be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an
organization or Web site is referred to in this work as a citation and/or a potential source of further information
does not mean that the author or the publisher endorses the information the organization or Web site may provide
or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may
have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our
Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317)
572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with
standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to
media such as a CD or DVD that is not included in the version you purchased, you may download this material at
booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2020947039
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley
& Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written
permission. AWS is a registered trademark of Amazon Technologies, Inc. All other trademarks are the property of
their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in
this book.
Acknowledgments
We would like to thank the following people who helped us create AWS Certified Solutions
Architect Study Guide: Associate SAA-C02 Exam, Third Edition.
First, a special thanks to our friends at Wiley. Kenyon Brown, senior acquisitions editor,
got the ball rolling on this project and pushed to get this book published quickly. His expe-
rience and guidance throughout the project was critical. Stephanie Barton, project editor,
helped push this book forward by keeping us accountable to our deadlines. Her edits made
many of the technical parts of this book more readable.
Todd Montgomery reviewed the chapters and questions for technical accuracy. Not only
did his comments and suggestions make this book more accurate, he also provided addi-
tional ideas for the chapter review questions to make them more challenging and relevant
to the exam.
Lastly, the authors would like to thank each other!
About the Authors
Ben Piper is a networking and cloud consultant who has authored multiple books,
including the AWS Certified Cloud Practitioner Study Guide: Foundational CLF-C01
Exam (Sybex, 2019) and Learn Cisco Network Administration in a Month of Lunches
(Manning, 2017). You can contact Ben by visiting his website: benpiper.com.
David Clinton is a Linux server admin and AWS solutions architect who has worked
with IT infrastructure in both academic and enterprise environments. He has authored
books—including (with Ben Piper) the AWS Certified Cloud Practitioner Study Guide:
Foundational CLF-C01 Exam (Sybex, 2019) and Linux in Action (Manning Publications,
2018)—and created more than two dozen video courses teaching Amazon Web Services
and Linux administration, server virtualization, and IT security for Pluralsight.
In a “previous life,” David spent 20 years as a high school teacher. He currently lives in
Toronto, Canada, with his wife and family and can be reached through his website:
bootstrap-it.com.
Contents at a Glance
Introduction xxi
Index 415
Contents
Introduction xxi
Summary 76
Exam Essentials 77
Review Questions 78
Chapter 4 Amazon Virtual Private Cloud 83
Introduction 84
VPC CIDR Blocks 84
Secondary CIDR Blocks 85
IPv6 CIDR Blocks 85
Subnets 87
Subnet CIDR Blocks 87
Availability Zones 88
IPv6 CIDR Blocks 91
Elastic Network Interfaces 91
Primary and Secondary Private IP Addresses 91
Attaching Elastic Network Interfaces 91
Enhanced Networking 93
Internet Gateways 93
Route Tables 94
Routes 94
The Default Route 95
Security Groups 98
Inbound Rules 98
Outbound Rules 99
Sources and Destinations 99
Stateful Firewall 99
Default Security Group 100
Network Access Control Lists 101
Inbound Rules 102
Outbound Rules 105
Using Network Access Control Lists and Security
Groups Together 106
Public IP Addresses 106
Elastic IP Addresses 107
AWS Global Accelerator 109
Network Address Translation 109
Network Address Translation Devices 110
Configuring Route Tables to Use NAT Devices 112
NAT Gateway 113
NAT Instance 113
VPC Peering 114
Hybrid Cloud Networking 115
Virtual Private Networks 115
AWS Transit Gateway 115
AWS Direct Connect 123
xii Contents
Summary 206
Exam Essentials 206
Review Questions 207
Chapter 8 The Domain Name System and Network Routing:
Amazon Route 53 and Amazon CloudFront 211
Introduction 212
The Domain Name System 212
Namespaces 212
Name Servers 213
Domains and Domain Names 213
Domain Registration 214
Domain Layers 214
Fully Qualified Domain Names 214
Zones and Zone Files 215
Record Types 215
Alias Records 216
Amazon Route 53 216
Domain Registration 217
DNS Management 217
Availability Monitoring 219
Routing Policies 220
Traffic Flow 222
Route 53 Resolver 223
Amazon CloudFront 223
AWS CLI Example 225
Summary 226
Exam Essentials 226
Review Questions 228
Chapter 9 Simple Queue Service and Kinesis 233
Introduction 234
Simple Queue Service 234
Queues 234
Queue Types 235
Polling 236
Dead-Letter Queues 237
Kinesis 237
Kinesis Video Streams 237
Kinesis Data Streams 238
Kinesis Data Firehose 239
Kinesis Data Firehose vs. Kinesis Data Streams 239
Summary 240
Exam Essentials 240
Review Questions 241
Contents xv
Index 415
Table of Exercises
Exercise 1.1 Use the AWS CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Exercise 2.1 Launch an EC2 Linux Instance and Log in Using SSH . . . . . . . . . . . . . . . . 27
Exercise 2.2 Assess the Free Capacity of a Running Instance and
Change Its Instance Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Exercise 2.3 Assess Which Pricing Model Will Best Meet the Needs
of a Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Exercise 2.4 Create and Launch an AMI Based on an Existing Instance
Storage Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Exercise 2.5 Create a Launch Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Exercise 2.6 Install the AWS CLI and Use It to Launch an EC2 Instance . . . . . . . . . . . . 51
Exercise 2.7 Clean Up Unused EC2 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Exercise 3.1 Create a New S3 Bucket and Upload a File . . . . . . . . . . . . . . . . . . . . . . . . . 62
Exercise 3.2 Enable Versioning and Lifecycle Management for an S3 Bucket . . . . . . . 67
Exercise 3.3 Generate and Use a Presigned URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Exercise 3.4 Enable Static Website Hosting for an S3 Bucket . . . . . . . . . . . . . . . . . . . . 70
Exercise 3.5 Calculate the Total Lifecycle Costs for Your Data . . . . . . . . . . . . . . . . . . . 73
Exercise 4.1 Create a New VPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Exercise 4.2 Create a New Subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Exercise 4.3 Create and Attach a Primary ENI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Exercise 4.4 Create an Internet Gateway and Default Route . . . . . . . . . . . . . . . . . . . . . 96
Exercise 4.5 Create a Custom Security Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Exercise 4.6 Create an Inbound Rule to Allow Remote Access from
Any IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Exercise 4.7 Allocate and Use an Elastic IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Exercise 4.8 Create a Transit Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Exercise 4.9 Create a Blackhole Route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Exercise 5.1 Create an RDS Database Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Exercise 5.2 Create a Read Replica . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Exercise 5.3 Promote the Read Replica to a Master . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Exercise 5.4 Create a Table in DynamoDB Using Provisioned Mode . . . . . . . . . . . . . 156
Exercise 6.1 Lock Down the Root User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Exercise 6.2 Assign and Implement an IAM Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Exercise 6.3 Create, Use, and Delete an AWS Access Key . . . . . . . . . . . . . . . . . . . . . . . 171
Exercise 6.4 Create and Configure an IAM Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
xx Table of Exercises
each chapter, referring to the answer key will give you not only the correct answers but a
detailed explanation as to why they’re correct. It will also explain why the other answers
are incorrect.
The book also contains a self-assessment exam with 39 questions, two practice exams
with 50 questions each to help you gauge your readiness to take the exam, and flashcards to
help you learn and retain key facts needed to prepare for the exam.
This AWS Certified Solutions Architect Study Guide: Associate SAA-C02 Exam, Third
Edition is divided into two parts: “The Core AWS Services” and “The Well-Architected
Framework.”
Chapter 11: The Performance Efficiency Pillar This chapter covers how to build
highly performing systems and use the AWS elastic infrastructure to rapidly scale up
and out to meet peak demand.
Chapter 12: The Security Pillar In this chapter, you’ll learn how to use encryption
and security controls to protect the confidentiality, integrity, and availability of your
data and systems on AWS. You’ll also learn about the various security services such as
GuardDuty, Inspector, Shield, and Web Application Firewall.
Chapter 13: The Cost Optimization Pillar This chapter will show you how to
estimate and control your costs in the cloud.
Chapter 14: The Operational Excellence Pillar In this chapter, you’ll learn how
to keep your systems running smoothly on AWS. You’ll learn how to implement a
DevOps mind-set using CloudFormation, Systems Manager, and the AWS Developer
Tools.
Exam Objectives
The AWS Certified Solutions Architect – Associate exam is intended for people who have
experience in designing distributed applications and systems on the AWS platform. In gen-
eral, you should have the following before taking the exam:
■■ A minimum of one year of hands-on experience designing systems on AWS
■■ Hands-on experience using the AWS services that provide compute, networking,
storage, and databases
■■ Ability to define a solution using architectural design principles based on customer
requirements
■■ Ability to provide implementation guidance
■■ Ability to identify which AWS services meet a given technical requirement
■■ An understanding of the five pillars of the Well-Architected Framework
■■ An understanding of the AWS global infrastructure, including the network technol-
ogies used to connect them
■■ An understanding of AWS security services and how they integrate with traditional on-
premises security infrastructure
The exam covers five different domains, with each domain broken down into objectives.
Objective Map
The following table lists each domain and its weighting in the exam, along with the chap-
ters in the book where that domain’s objectives are covered.
Assessment Test
1. True/false: The Developer Support plan provides access to a support application program-
ming interface (API).
A. True
B. False
2. True/false: AWS is responsible for managing the network configuration of your EC2
instances.
A. True
B. False
3. Which of the following services is most useful for decoupling the components of a mono-
lithic application?
A. SNS
B. KMS
C. SQS
D. Glacier
4. An application you want to run on EC2 requires you to license it based on the number of
physical CPU sockets and cores on the hardware you plan to run the application on. Which
of the following tenancy models should you specify?
A. Dedicated host
B. Dedicated instance
C. Shared tenancy
D. Bring your own license
5. True/false: Changing the instance type of an EC2 instance will change its elastic IP address.
A. True
B. False
6. True/false: You can use a Quick Start Amazon Machine Image (AMI) to create any in-
stance type.
A. True
B. False
7. Which S3 encryption option does not require AWS persistently storing the encryption keys
it uses to decrypt data?
A. Client-side encryption
B. SSE-KMS
C. SSE-S3
D. SSE-C
Another random document with
no related content on Scribd:
Ett' yhä riemuissas
Sä heräät unestas.
Ja isäs saapuvi
Ja leikkii kanssasi
Sua kohta suudellen,
Sä tyttö pienoinen.
Sureva ystävä!
Kuoleman kuvia.
1.
2.
3.
Lutherin Postillaan
Oi tokkohan?
Sin' yönä, kun Juudas petti
Mun Öljyvuorella kerta,
Rukoellen itkin mä verta
Sen yön pelastaakseni sua.
Oi tokkohan konsaan, konsaan
Sä lainkaan muistelet mua?
Kun orjantappurakruunuin
Mua piinaten ruoskittihin,
Ja parjaten pilkattihin,
Niin aattelin yksin sua.
Oi tokkohan konsaan, konsaan
Sä lainkaan muistelet mua?
Hyvästi.
Uudenvuodenlaulu.
Luontokappalten huokaus.
Kuin kauan vielä helmahan yön
niin turhaan tuskamme soi
Miss' ei sydän lempivä ainoakaan
sen huutoa kuulla voi?
Ja milloin kaamean vankilan tään
ovet murtavi armon työ,
Valo voittavi, pelkomme haipuu pois
ja vapauden hetki lyö?
Kons' särkevä on kirouksemme
Käsi Herramme?
Lähetyslaulu.
Halleeluja, halleeluja!
Kaikk' kansa maan käy laulamaan!
Oi, Jumalaa nyt veisatkaa,
Hän sanassaan
Käy voittain yli meren, maan.
Yö pakenee ja vaikenee
Suur' päivä se, kun Herramme
Jo tunnetaan ain' ääriin maan,
Ja kirkkaana
On totuutensa loistava.
Halleeluja, halleeluja!
Ja laupeuden hän ikuisen
Suo lemmessään, ken käskyjään
On seuraava,
Ol' liki taikka kaukana.
Iltarukous.
Oi Jeesus, anteeksi
Mä anon sydämestä,
Suo kalliin veresi
Pois syntivelkain pestä;
En ennen päästä sua,
Kuin Herra siunaat mua.
Mä nukun — valvomaan
Sä tahdot luoksein jäädä!
Mua kurjaa konsanaan
Sä helmastas et häädä,
Vaikk' oonkin synti vaan.
Ja tuhka, multa maan.
Oi Poika Jumalan,
Kun suljen silmät illoin,
Niin valon korkean
Luot sieluhuni silloin;
Oi aarre arvokas,
Hyv' yötä, Messias!
Epiloogi ystävilleni.
Äidilleni.
Lars.
1.
2.
3.