AWS Certified Solutions Architect Associate Level
Agenda 08/Set - Abertura, Overview AWS e S3 16/Set (terça) - Cloudfront e Route53 22/Set - EC2 e VPC 29/Set - RDS, DynamoDB e Other Storage Options 06/Out - Elastic Beanstalk, CloudFormation, SWF e SQS 13/Out - IAM e Security 20/Out - Architecting for the Cloud e Revisão Horário: 18:00 as 20:00
Retrospectiva Como estamos até o momento?
Encontro 01 Modelo de Referência - Produtos S3 O que é? Pra que serve? Durabilidade (com e sem RRS) Disponibilidade Web content hosting Opções de criptografia Object Lifecycle Multi-part upload Logs de acesso Object versioning Reduced Redundancy Storage
Encontro 02 Route53 O que é? Pra que serve? Ajuda com? Tolerância falha Escalabilidade Routing Policy Simple weighted Latency Failover Geolocation Health Checks CloudFront O que é? Pra que serve? Ajuda com? Tolerância falha Escalabilidade Impactos de fazer cache de conteúdo dinâmico Custom SSL
Encontro 03 EC2 VPC Instâncias Modelo de cobrança Tipos Como acessar On demand Reserved Spot Elastic IPs EBS AMI Load Balancers Auto Scaling Launch configurations Auto Scaling Groups CloudWatch Como configurar? Subnets Route Tables Internet Gateways Qual impacto no Security Group? NAT Bastion Host VPN
Agenda 08/Set - Abertura, Overview AWS e S3 16/Set (terça) - Cloudfront e Route53 22/Set - EC2 e VPC 29/Set - RDS, DynamoDB e Other Storage Options 06/Out - Elastic Beanstalk, CloudFormation, SWF e SQS 13/Out - IAM e Security 20/Out - Architecting for the Cloud e Revisão Horário: 18:00 as 20:00
O que preciso lembrar? RDS O que é? Pra que serve? Como obter: Tolerância falha Escalabilidade Software Patching Backups / Restores Multi-AZ Read Replica Possui suporte a modelo reserved? Security Group Suporte a VPC Parameter Groups DynamoDB O que é? Pra que serve? Como obter: Tolerância falha Escalabilidade Hash key Range key Secondary Indexes Dynamic DynamoDB
Materiais de Apoio Referências 1. 2. 3. 4. 5. 6. 7. Página oficial Post sobre o programa e prova AWS Architecture Center AWS Security Center AWS Documentation Page Curso online Slideshare White Papers 1. 2. 3. 4. 5. 6. 7. Overview of Amazon Web Services Overview of Security Processes AWS Risk and Compliance Storage Options in the AWS Cloud Architecting for the AWS Cloud: Best Practices Storage Use Cases Designing Fault-Tolerant Applications in the AWS Cloud
Agenda 08/Set - Abertura, Overview AWS e S3 16/Set (terça) - Cloudfront e Route53 22/Set - EC2 e VPC 29/Set - RDS, DynamoDB e Other Storage Options 06/Out - Elastic Beanstalk, CloudFormation, SWF e SQS 13/Out - IAM e Security 20/Out - Architecting for the Cloud e Revisão Horário: 18:00 as 20:00
RDS - Relational Database Service Serviço Gerenciado Sem acesso a SO Endpoint servidor banco Software patching Failure detection / Recovery Backups Escalonamento vertical Change instance type Escalonamento horizontal Read replica (MySQL) Engines: MySQL PostgreSQL (re:invent 2013) Oracle Microsoft SQL
Detalhemento Storage Capacity 5 GB - 3 TB* IOPS - Standard X Provisioned 1.000-30.000 IOPS* Variáveis de cobrança (tem reserved) Instance class Running time Full instance-hour. Storage Pro-rated I/O requests per month Backup storage no additional charge for 100% provisioned database storage Data transfer * Depende da engine usada, tipo de máquina e tamanho do storage Instance Type Micro Instances Standard Memory Optimized Burst Capable Variáveis vcpu ECU Memory EBS-Optimized Network Performance
Escalonamento - Read Read Replica (MySQL) Cross Region Parallel Replica Creation
Escalonamento - Read Complex
Escalonamento - Write Exemplo: www.scalebase.com
Segurança VPC Security Group Alerta: Integração com EC2s fora da VPC IAM DB instances DB snapshots Read replicas Reserved instances DB security groups DB option groups DB parameter groups Event subscriptions DB subnet groups
Exemplos Regras IAM 1. Permit a user to perform any Describe action on any RDS resource 2. Permit a user to create a DB instance that uses a specified DB engine 3. Permit a user to create a DB instance that uses the specified DB parameter and security groups 4. Prevent users from creating DB instances for certain DB instance classes and from creating DB instances that use Provisioned IOPS
Lab 1 RDS MySQL
Agenda 08/Set - Abertura, Overview AWS e S3 16/Set (terça) - Cloudfront e Route53 22/Set - EC2 e VPC 29/Set - RDS, DynamoDB e Other Storage Options 06/Out - Elastic Beanstalk, CloudFormation, SWF e SQS 13/Out - IAM e Security 20/Out - Architecting for the Cloud e Revisão Horário: 18:00 as 20:00
Principais Funcionalidades Fully managed cloud NoSQL database service Fast, Predictable Performance Particionamento de informações SSD Scalable High Availability Replica dados em AZs Mais cobrado na prova de Developer
Custo Capacidade de taxa de transferência provisionada 10 unidades de capacidade de gravação 50 unidades de capacidade de leitura Armazenamento de dados indexados Capacidade reservada Até 53% no período de 1 ano Até 76% no período de 3 anos Alertas Secondary Indexes Código capacidade VS operações por segundo
Secondary Indexes
Dynamic DynamoDB
Lab 2 Dynamo DB
Agenda 08/Set - Abertura, Overview AWS e S3 16/Set (terça) - Cloudfront e Route53 22/Set - EC2 e VPC 29/Set - RDS, DynamoDB e Other Storage Options 06/Out - Elastic Beanstalk, CloudFormation, SWF e SQS 13/Out - IAM e Security 20/Out - Architecting for the Cloud e Revisão Horário: 18:00 as 20:00
Traditional Storage Options Memory Caches, In-memory databases and RAM disks Storage area network (SAN) Virtual disk LUNs Direct-attached storage (DAS) Network attached storage (NAS) Databases Relational database, a NoSQL non-relational database, or a data warehouse. Backup and Archive Tapes or optical media Message Queues Temporary durable storage for data sent asynchronously between computer systems or application components.
AWS Storage Options (1/3)
AWS Storage Options (2/3)
AWS Storage Options (3/3)
O que preciso lembrar? RDS O que é? Pra que serve? Como obter: Tolerância falha Escalabilidade Software Patching Backups / Restores Multi-AZ Read Replica Possui suporte a modelo reserved? Security Group Suporte a VPC Parameter Groups DynamoDB O que é? Pra que serve? Como obter: Tolerância falha Escalabilidade Hash key Range key Secondary Indexes Dynamic DynamoDB
OBRIGADO!! AWS Certified Solutions Architect Associate Level
Questão 01 / 10 Does S3 provide read-after-write consistency? a. No, not for any region b. Yes, but only for certain regions c. Yes, but only for certain regions and for new objects d. Yes, for all regions
Questão 02 / 10 What is the maximum size of a single S3 object? a. There is no such limit b. 5 TB c. 5 GB d. 100 GB
Questão 03 / 10 Is data stored in S3 is always encrypted? a. Yes, S3 always encrypts data for security b. No, there is no such feature c. Yes, but only when right APIs are called d. Yes, but only in Gov Cloud datacenters
Questão 04 / 10 What is true for S3 buckets (select multiple if more than one is true)? a. Bucket namespace is shared and is global among all AWS users. b. Bucket names can contain alphanumeric characters c. Bucket are associated with a region, and all data in a bucket resides in that region d. Buckets can be transferred from one account to another through API
Questão 05 / 10 EBS can always tolerate an Availability Zone failure? a. No, all EBS volume is stored in a single Availability Zone b. Yes, EBS volume has multiple copies so it should be fine c. Depends on how it is setup d. Depends on the Region where EBS volume is initiated
Questão 06 / 10 Which of the following Auto scaling CANNOT do (select multiple if more than one is true)? a. Start up EC2 instances when CPU utilization is above threshold b. Release EC2 instances when CPU utilization is below threshold c. Increase the instance size when utilization is above threshold d. Add more Relational Database Service (RDS) read replicas when utilization is above threshold
Questão 07 / 10 Which of the following benefits does adding Multi-AZ deployment in RDS provide (choose multiple if more than one is true)? a. MultiAZ deployed database can tolerate an Availability Zone failure b. Decrease latencies if app servers accessing database are in multiple Availability Zones c. Make database access times faster for all app servers d. Make database more available during maintenance tasks
Questão 08 / 10 What happens to data when an EC2 instance terminates (select multiple if more than one is true)? a. For EBS backed AMI, the EBS volume with operation system on it is preserved b. For EBS backed AMI, any volume attached other than the OS volume is preserved c. All the snapshots of the EBS volume with operating system is preserved d. For S3 backed AMI, all the data in the local (ephemeral) hard drive is deleted
Questão 09 / 10 For an EC2 instance launched in a private subnet in VPC, which of the following are the options for it to be able to connect to the internet (assume security groups have proper ports open). a. Simply attach an elastic IP b. If there is also a public subnet in the same VPC, an ENI can be attached to the instance with the ip address range of the public subnet c. If there is a public subnet in the same VPC with a NAT instance attached to internet gateway, then a route can be configured from the instance to the NAT d. There is no way for an instance in private subnet to talk to the internet
Questão 10 / 10 When an ELB is setup, what is the best way to route a website s traffic to it? a. Resolve the ELB name to an ip address and point the website to that ip address b. There is no direct way to do so, Route53 has to be used c. Generate a CNAME record for the website pointing to the DNS name of the ELB