SKIP THE SHIPPING
Use code NOSHIP during checkout to save 40% on eligible eBooks, now through January 5. Shop now.
Also available in other formats.
Register your product to gain access to bonus material or receive a coupon.
AWS Certified Solutions Architect - Associate (SAA-C02) Cert Guide Premium Edition eBook and Practice Test
The exciting new AWS Certified Solutions Architect - Associate (SAA-C02) Cert Guide Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice test features. The Premium Edition eBook and Practice Test contains the following items:
* The AWS Certified Solutions Architect - Associate (SAA-C02) Cert Guide Premium Edition Practice Test, including four full practice exams and enhanced practice test features available for use both online and download
* PDF and EPUB formats of the AWS Certified Solutions Architect - Associate (SAA-C02) Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone
About the Premium Edition Practice Test
This Premium Edition contains an enhanced version of the Pearson Test Prep practice test software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package
* Enables you to focus on individual topic areas or take complete, timed exams
* Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
* Provides unique sets of exam-realistic practice questions
* Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most
Pearson Test Prep online system requirements:
Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above.
Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7. Internet access required.
Pearson Test Prep offline system requirements:
Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases
About the Premium Edition eBook
Learn, prepare, and practice for AWS Certified Solutions Architect - Associate (SAA-C02) exam success with this Cert Guide from Pearson IT Certification, a leader in IT certification learning.
* Master AWS Certified Solutions Architect - Associate (SAA-C02) exam topics
* Assess your knowledge with chapter-ending quizzes
* Review key concepts with exam preparation tasks
* Practice with realistic exam questions
AWS Certified Solutions Architect - Associate (SAA-C02) Cert Guide from Pearson IT Certification prepares you to succeed on the exam by directly addressing the exam's official objectives as stated by Amazon. Leading Cloud expert Mark Wilkins shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
AWS Certified Solutions Architect - Associate (SAA-C02) Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.
This study guide helps you master all the topics on the AWS Certified Solutions Architect - Associate (SAA-C02) exam, including
* Resilient Architectures: multi-tier architecture solutions; highly available and/or fault-tolerant architectures; decoupling mechanisms using AWS services; resilient storage
* High-Performing Architectures: elastic and scalable compute solutions; high-performing and scalable storage solutions, networking solutions, and database solutions
* Secure Applications and Architectures: secure access to AWS resources; secure application tiers; data security options
* Cost-Optimized Architectures: cost-effective storage solutions and compute and database services; cost-optimized network architectures
Download the sample pages (includes Chapter 3)
Introduction xxvi
Chapter 1 Understanding the Foundations of AWS
Essential Characteristics of AWS Cloud Computing
On-Demand Self-Service
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
Moving to AWS
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Operational Benefits of AWS
Cloud Provider Limitations
Security at AWS
Network Security at AWS
Application Security at AWS
Playing in the AWS Sandbox
Determining What Problem Needs to Be Solved
Migrating Applications
Applications That Can Be Moved to AWS and Hosted on an EC2 Instance with No Changes
Applications with Many Local Dependencies That Cause Problems When Being Moved to the Cloud
Replacing an Existing Application with a SaaS Application Hosted by a Public Cloud Provider
Applications That Should Remain on Premises and Eventually Be Deprecated
The AWS Well-Architected Framework
The Well-Architected Tool
In Conclusion
Chapter 2 Designing Multi-Tier Architecture Solutions
"Do I Know This Already?" Quiz
Foundation Topics
Availability and Reliability
Availability in the Cloud
Reliability
AWS Regions and Availability Zones
Availability Zones
Availability Zone Distribution
Multiple Availability Zones
Choosing a Region
Compliance Rules
Understanding Compliance Rules at AWS
The Shared Responsibility Model
AWS and Compliance
HIPAA
NIST
GovCloud
Latency Concerns
Services Offered in Each AWS Region
Calculating Costs
Multi-Tier Architecture Solutions
Resilient VPC Architecture
Design Problems to Overcome
Multi-Tier Data Redundancy
Protecting Against Application Failure
AWS Global Services: Edge Locations
Services Located at the Edge
Route 53
AWS Shield (Standard and Advanced)
Web Application Firewall (WAF)
CloudFront
AWS Lambda@Edge
AWS Service Quotas
Exam Preparation Tasks
Chapter 3 Highly Available and Fault-Tolerant Architectures
"Do I Know This Already?" Quiz
Foundation Topics
Comparing Architecture Designs
Designing for High Availability
Adding Fault Tolerance
Removing Single Points of Failure
Disaster Recovery and Business Continuity
Backup and Restoration
Pilot Light Solution
Warm Standby Solution
Hot Site Solution
Multi-Region Active-Active Application Deployment
The AWS Service-Level Agreement (SLA)
Automating AWS Architecture
Automating Infrastructure with CloudFormation
CloudFormation Components
CloudFormation Templates
CloudFormation Stacks
CloudFormation Stack Sets
Third-Party Solutions
AWS Service Catalog
Elastic Beanstalk
Updating Elastic Beanstalk Applications
Deployment Methodologies
Rule 1: Use One Codebase That Is Tracked with Version Control to Allow Many Deployments
AWS CodeCommit
Rule 2: Explicitly Declare and Isolate Dependencies
Rule 3: Store Configuration in the Environment
Rule 4: Treat Backing Services as Attached Resources
Rule 5: Separate the Build and Run Stages
Rule 6: Execute an App as One or More Stateless Processes
Rule 7: Export Services via Port Binding
Rule 8: Scale Out via the Process Model
Rule 9: Maximize Robustness with Fast Startup and Graceful Shutdown
Rule 10: Keep Development, Staging, and Production as Similar as Possible
Rule 11: Treat Logs as Event Streams
Rule 12: Run Admin/Management Tasks as One-Off Processes
Exam Preparation Tasks
Chapter 4 Decoupling Mechanisms Using AWS Services
"Do I Know This Already?" Quiz
Foundation Topics
Stateful Design
Changing User State Locations
User Session Management
Application Integration Services
Amazon SNS
SNS Cheat Sheet
Amazon SQS
SQS Cheat Sheet
AWS Step Functions
Lambda
Lambda Cheat Sheet
API Gateway
API Gateway Cheat Sheet
Building a Serverless Web App
Step 1: Create a Static Website
Step 2: Handle User Authentication
Step 3: Create the Serverless Backend Components
Step 4: Set Up the API Gateway
Step 5: Register for Conference
Exam Preparation Tasks
Chapter 5 Choosing Resilient Storage
Do I Know This Already?
Foundation Topics
AWS Storage Options
Workload Storage Requirements
Elastic Block Storage (EBS)
EBS Volume Types
General-Purpose SSD (gp2/gp3)
Elastic Volumes
Attaching an EBS Volume
EBS Cheat Sheet
EBS Snapshots
Taking a Snapshot from a Linux Instance
Taking a Snapshot from a Windows Instance
Snapshot Administration
Snapshot Cheat Sheet
Local Instance Storage
Elastic File System (EFS)
EFS Performance Modes
EFS Throughput Modes
EFS Security
EFS Lifecycle Management
EFS DataSync
EFS Cheat Sheet
FSx for Windows File Server
Simple Storage Service (S3)
Buckets, Objects, and Keys
S3 Data Consistency
S3 Storage Classes
S3 Management
Versioning
Amazon S3 Access Points
S3 Cheat Sheet
S3 Glacier Storage Options
S3 Glacier
Vaults and Archives
S3 Glacier Deep Archive
Glacier Cheat Sheet
Exam Preparation Tasks
Chapter 6 Designing High-Performing Compute Architecture
Do I Know This Already?
Foundation Topics
EC2 Instances
Instance Families
What Is a vCPU?
EC2 Instance Choices
Micro Instances
General-Purpose Instances
Instances Designed to Burst
Compute-Optimized Instances
Memory-Optimized Instances
x1 Instances
High-Memory Instances
z1d Instances
Accelerated Computing Instances
g3 Instances
f1 Instances
Storage-Optimized Instances
Bare-Metal Instances
Dedicated Hosts
Dedicated Hosts Cheat Sheet
Dedicated Instances
EC2 Network Performance
Using Launch Templates
Changing the Current Instance Type
Amazon Lightsail
Amazon Machine Images (AMIs)
Choosing an AMI
AWS Linux AMIs
Windows AMIs
AMIs at AWS Marketplace
Creating a Custom AMI
Instance Store-Backed Windows or Linux AMIs
Custom Instance Store AMIs
AMI Build Considerations
Elastic Container Service (ECS)
Amazon Elastic Container Service (ECS)
AWS Fargate
AWS ECS for Kubernetes (EKS)
Monitoring with CloudWatch
CloudWatch Basic Monitoring
CloudWatch Logs
Collecting Data with the CloudWatch Agent
Planning for Monitoring
CloudWatch Integration
CloudWatch Terminology
Creating a CloudWatch Alarm
Additional Alarm and Action Settings
CloudWatch Cheat Sheet
Elastic Load Balancing (ELB) Services
Redundancy in Design
Health Checks
ELB Cheat Sheet
Classic Load Balancer (CLB)
Application Load Balancer (ALB)
Target Groups
ALB Cheat Sheet
Big-Picture Steps: ALB Creation
Rule Choices
HTTPS Listener Security Settings
Target Group Routing
Target Group Attributes
Maintaining User Sessions
Sticky Session Support
Configuring Health Checks
ALB Security
Monitoring Load Balancer Operation
CloudWatch
Access Logs
Network Load Balancer
NLB Cheat Sheet
EC2 Auto Scaling
EC2 Auto Scaling Cheat Sheet
EC2 Auto Scaling Operation
Launch Configuration
Launch Templates
Auto Scaling Groups (ASGs)
Scaling Options for Auto Scaling Groups
Cooldown Period
Termination Policy
Lifecycle Hooks
Exam Preparation Tasks
Chapter 7 Choosing High-Performing and Scalable Storage Solutions
Do I Know This Already?
Foundation Topics
Elastic Block Storage (Provisioned IOPS)
io1 and io2
Storage-Optimized EC2 Instances
Shared File Storage at AWS
Elastic File System (EFS)
EFS Performance Modes
Storage Classes
EFS Throughput Modes
EFS Security
EFS Cheat Sheet
Storage Options Compared
Amazon FSx for Windows File Server
FSx File System Performance
FSx Cheat Sheet
FSx for Lustre
FSx for Lustre Cheat Sheet
AWS Data Transfer Options
AWS Storage Gateway Family
AWS Storage Gateway Cheat Sheet
Exam Preparation Tasks
Chapter 8 Selecting Networking Solutions for Workloads
Do I Know This Already?
Foundation Topics
VPC Networking
Partnering with AWS
VPC Cheat Sheet
To Host or to Associate?
What's Behind the Networking Curtain?
It's All About Packet Flow
The Mapping Service
Creating a VPC
Using the Create VPC Wizard
Using the Launch VPC Wizard
Using the AWS CLI to Create a VPC
How Many VPCs Do You Need?
Creating the VPC CIDR Block
Planning Your Primary VPC CIDR Block
Adding a Secondary CIDR Block
The Default VPC
Revisiting Availability Zones
Subnets
Subnet Cheat Sheet
Route Tables
The Main Route Table
Custom Route Tables
Route Table Summary
Route Table Cheat Sheet
IP Address Types
Private IPv4 Addresses
Private IP Address Summary
Public IPv4 Addresses
Elastic IP Addresses
Public IPv4 Address Cheat Sheet
Inbound and Outbound Traffic Charges
Bring-Your-Own IP (BYOIP)
The BYOIP Process
IPv6 Addresses
Security Groups
Security Group Cheat Sheet
Custom Security Groups
Application Server Inbound Ports
Database Server Inbound Ports
Administration Access
Pinging an EC2 Instance
Elastic Load Balancing (ELB)
Security Group Planning
Network ACLs
Network ACL Implementation Details
Network ACL Cheat Sheet
Network ACL Rule Processing
Understanding Ephemeral Ports
Network ACL Planning
VPC Flow Logs
Connectivity Options
Peering VPCs
Establishing a Peering Connection
Endpoints
Gateway Endpoints
Interface Endpoints
Endpoint Services with PrivateLink
External Connections
Internet Gateway: The Public Door
Internet Gateway Cheat Sheet
Egress-Only Internet Gateway
NAT
NAT Gateway
NAT Gateway Cheat Sheet
Transit Gateway
VPN Connections
Virtual Private Gateway
Customer Gateway
VPN CloudHub
Understanding Route Propagation
Direct Connect
Direct Connect Cheat Sheet
Exam Preparation Tasks
Chapter 9 Designing High-Performing Database Solutions
Do I Know This Already?
Foundation Topics
Relational Database Service (RDS)
RDS Database Instances
Database Instance Class Types
High-Availability Design for RDS
Multi-AZ RDS Deployments
Big-Picture RDS Installation Steps
Monitoring Database Performance
Best Practices for RDS
RDS Cheat Sheet
Amazon Aurora
Aurora Storage
Communicating with Aurora
Aurora Cheat Sheet
DynamoDB
Database Design 101
DynamoDB Tables
Provisioning Table Capacity
Adaptive Capacity
Data Consistency
ACID and DynamoDB
Global Tables
DynamoDB Accelerator (DAX)
Backup and Restoration
ElastiCache
Memcached Cheat Sheet
Redis Cheat Sheet
Amazon Redshift
Exam Preparation Tasks
Chapter 10 Securing AWS Resources
Do I Know This Already?
Foundation Topics
Identity and Access Management (IAM)
IAM Policy Definitions
IAM Authentication
Requesting Access to AWS Resources
The Authorization Process
Actions
IAM Users and Groups
The Root User
The IAM User
Creating an IAM User
IAM User Access Keys
IAM Groups
Signing In as an IAM User
IAM Account Details
Creating a Password Policy
Rotating Access Keys
Using Multifactor Authentication (MFA)
Creating IAM Policies
IAM Policy Types
Identity-Based Policies
Resource-Based Policies
In-Line Policies
IAM Policy Creation
Policy Elements
Reading a Simple JSON Policy
Policy Actions
Additional Policy Control Options
Reviewing Policy Permissions
IAM Policy Versions
Using Conditional Elements
Using Tags with IAM Identities
IAM Roles
When to Use Roles
Using Roles When AWS Services Perform Actions on Your Behalf
Using Roles for EC2 Instances Hosting Applications That Need Access to AWS Resources
Using Roles with Mobile Applications
Cross-Account Access to AWS Resources
AWS Security Token Service (STS)
IAM Cheat Sheet
Identity Federation
IAM Best Practices
IAM Security Tools
AWS Organizations
AWS Organizations Cheat Sheet
AWS Resource Access Manager (RAM)
Exam Preparation Tasks
Chapter 11 Securing Application Tiers
Do I Know This Already?
Foundation Topics
AWS CloudTrail
Creating a CloudWatch Trail
CloudTrail Cheat Sheet
Essential AWS Management Tools
AWS Secrets Manager
GuardDuty
Amazon Inspector
AWS Trusted Advisor
Exam Preparation Tasks
Chapter 12 Selecting Appropriate Data Security Options
Do I Know This Already?
Foundation Topics
EBS Encryption
S3 Bucket Security
S3 Storage at Rest
Object Lock Policies
Legal Hold
S3 Glacier Storage at Rest
Key Management Service (KMS)
Envelope Encryption
KMS Cheat Sheet
CloudHSMfa
Amazon Certificate Manager (ACM)
Exam Preparation Tasks
Chapter 13 Designing Cost-Effective Solutions
Do I Know This Already?
Foundation Topics
Calculating AWS Costs
Management Service Costs
Understanding Tiered Pricing at AWS
Compute Costs
EC2 Pricing
On-Demand Instance Limits
Reserved Instances (RI)
Term Commitment
Payment Options
EC2 Reserved Instance Types
Scheduled Reserved EC2 Instances
Regional and Zonal Reserved Instances
Savings Plans
Spot Instances
Spot Fleet Optimization Strategies
Spot Capacity Pools
EC2 Fleet
EC2 Pricing Cheat Sheet
Storage Costs
Tagging EBS Volumes and Snapshots
Cost Allocation Tags
Storage Performance Comparison
Database Costs
Database Design Solutions
Networking Costs
Network Design Solutions
Public Versus Private Traffic Charges
Data Transfer Costs Cheat Sheet
Management Tool Pricing Example: AWS Config
AWS Config Results
AWS Billing Costs
AWS Cost Explorer
AWS Budgets
Cost Explorer
Cost and Usage Report
Managing Costs Cheat Sheet
Exam Preparation Tasks
Chapter 14 Final Preparation
Exam Information
Tips for Getting Ready for the Exam
Scheduling Your Exam
Tools for Final Preparation
Pearson Test Prep Practice Test Software and Questions on the Website
Accessing the Pearson Test Prep Software Online
Accessing the Pearson Test Prep Software Offline
Customizing Your Exams
Updating Your Exams
Premium Edition
Chapter-Ending Review Tools
Suggested Plan for Final Review/Study
Summary
Glossary of Key Terms
Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Sections
Appendix B AWS Certified Solutions Architect - Associate (SAA-C02) Cert Guide Exam Updates
Online Elements:
Appendix C Study Planner
Glossary of Key Terms
9780137325214 TOC 5/27/2021
We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.
Download the errata (18 KB .docx)