AWS

AWS Pricing – Whitepaper – Certification

~ Last updated on : ~ jayendrapatil

AWS Pricing Whitepaper Overview

AWS pricing features include

  • Pay as you go
    • No minimum contracts/commitments or long-term contracts required
    • Pay only for services you use that can be stopped when not needed
    • Each service is charged independently, providing flexibility to choose services as needed
  • Pay less when you reserve
    • some services like EC2 provide reserved capacity, which provide significantly discounted rate and increase in overall savings
  • Pay even less by using more
    • some services like storage and data services, the more the usage the less you pay per gigabyte
    • consolidated billing to consolidate multiple accounts and get tiering benefits
  • Pay even less as AWS grows
    • AWS works continuously to reduce costs by reducing data center hardware costs, improving operational efficiencies, lowering power consumption, and generally lowering the cost of doing business
  • Free services
    • AWS offers lot of services free like AWS VPC, Elastic Beanstalk, CloudFormation, IAM, Auto Scaling, OpsWorks, Consolidated Billing
  • Other features
    • AWS Free Tier for new customers, which offer free usage of services within permissible limits

AWS Pricing Resources

  • AWS Simple Monthly Calculator tool to effectively estimate the costs, which provides per service cost breakdown, as well as an aggregate monthly estimate.
  • AWS Economic Center provides access to information, tools, and resources to compare the costs of AWS services with IT infrastructure alternatives.
  • AWS Account Activity to view current charges and account activity, itemized by service and by usage type. Previous months’ billing statements are also available.
  • AWS Usage Reports provides usage reports, specifying usage types, timeframe, service operations, and more can customize reports.

AWS Pricing Fundamental Characteristics

  • AWS basically charges for
    • Compute,
    • Storage and
    • Data Transfer Out – aggregated across EC2, S3, RDS, SimpleDB, SQS, SNS, and VPC and then charged at the outbound data transfer rate
  • AWS does not charge
    • Inbound data transfer across all AWS Services in all regions
    • Outbound data transfer charges between AWS Services within the same region

AWS Elastic Cloud Compute – EC2

EC2 provides resizable compute capacity in cloud and the cost depends on –

  • Clock Hours of Server Time
    • Resources are charged for the time they are running
    • AWS updated the EC2 billing from hourly basis to Per Second Billing (Circa Oct. 2017). It takes cost of unused minutes and seconds in an hour off of the bill, so the focus is on improving the applications instead of maximizing usage to the hour
  • Machine Configuration
    • Depends on the physical capacity and Instance pricing varies with the AWS region, OS, number of cores, and memory
  • Machine Purchase Type
    • On Demand instances – pay for compute capacity with no required minimum commitments
    • Reserved Instances – option to make a low one-time payment – or no payment at all – for each reserved instance and in turn receive a significant discount on the usage
    • Spot Instances – bid for unused EC2 capacity
  • Auto Scaling & Number of Instances
    • Auto Scaling automatically adjusts the number of EC2 instances
  • Load Balancing
    • ELB can be used to distribute traffic among EC2 instances.
    • Number of hours the ELB runs and the amount of data it processes contribute to the monthly cost.
  • CloudWatch Detailed Monitoring
    • Basic monitoring is enabled and available at no additional cost
    • Detailed monitoring, which includes seven preselected metrics recorded once a minute, can be availed for a fixed monthly rate
    • Partial months are charged on an hourly pro rata basis, at a per instance-hour rate
  • Elastic IP Addresses
    • Elastic IP addresses are charged only when are not associated with an instance
  • Operating Systems and Software Packages
    • OS prices are included in the instance prices. There are no additional licensing costs to run the following commercial OS: RHEL, SUSE Enterprise Linux,  Windows Server and Oracle Enterprise Linux
    • For unsupported commercial software packages, license needs to be obtained

AWS Lambda

AWS Lambda lets running code without provisioning or managing servers and the cost depends on

  • Number of requests for the functions and the time for the code to execute
    • Lambda registers a request each time it starts executing in response to an event notification or invoke call, including test invokes from the console.
    • Charges are for the total number of requests across all the functions.
    • Duration is calculated from the time the code begins executing until it returns or otherwise terminates, rounded up to the nearest 100 milliseconds.
    • Price depends on the amount of memory allocated to the function.

AWS Simple Storage Service – S3

S3 provides object storage and the cost depends on

  • Storage Class
    • Each storage class has different rates and provide different capabilities
    • Standard Storage is designed to provide 99.999999999% durability and 99.99% availability.
    • Standard – Infrequent Access (SIA) is a storage option within S3 that you can use to reduce your costs by storing  than Amazon S3’s standard storage.
    • Standard – Infrequent Access for storing less frequently accessed data at slightly lower levels of redundancy, is designed to provide the same 99.999999999% durability as S3 with 99.9% availability in a given year.
  • Storage
    • Number and size of objects stored in the S3 buckets as well as type of storage.
  • Requests
    • Number and type of requests. GET requests incur charges at different rates than other requests, such as PUT and COPY requests.
  • Data Transfer Out
    • Amount of data transferred out of the S3 region.

AWS Elastic Block Store – EBS

EBS provides block level storage volumes and the cost depends on

  • Volumes
    • EBS provides three volume types: General Purpose (SSD), Provisioned IOPS (SSD), and Magnetic, charged by the amount provisioned in GB per month, until its released
  • Input Output Operations per Second (IOPS)
    • With General Purpose (SSD) volumes, I/O is included in the price
    • With EBS Magnetic volumes, I/O is charged by the number of requests made to the volume
    • With Provisioned IOPS (SSD) volumes, I/O is charged by the amount of provisioned, multiplied by the % of days provisioned for the month
  • Data Transfer Out
    • Amount of data transferred out of the application and outbound data transfer charges are tiered.
  • Snapshot
    • Snapshots of data to S3 are created for durable recovery. If opted for EBS snapshots, the added cost is per GB-month of data stored.

AWS Relational Database Service – RDS

RDS provides an easy to set up, operate, and scale a relational database in the cloud and the cost depends on

  • Clock Hours of Server Time
    • Resources are charged for the time they are running, from the time a DB instance is launched until terminated
  • Database Characteristics
    • Depends on the physical capacity and Instance pricing varies with the database engine, size, and memory class.
  • Database Purchase Type
    • On Demand instances – pay for compute capacity for each hour the DB Instance runs with no required minimum commitments
    • Reserved Instances – option to make a low, one-time, up-front payment for each DB Instance to reserve for a 1-year or 3-year term and in turn receive a significant discount on the usage
  • Number of Database Instances
    • multiple DB instances can be provisioned to handle peak loads
  • Provisioned Storage
    • Backup storage of up to 100% of a provisioned database storage for an active DB Instance is not charged
    • After the DB Instance is terminated, backup storage is billed per gigabyte per month.
  • Additional Storage
    • Amount of backup storage in addition to the provisioned storage amount is billed per gigabyte per month.
  • Requests
    • Number of input and output requests to the database.
  • Deployment Type
    • Storage and I/O charges vary, depending on the number of AZs the RDS is deployed – Single AZ or Multi-AZ
  • Data Transfer Out
    • Outbound data transfer costs are tiered.
    • Inbound data transfer is free

AWS CloudFront

CloudFront is a web service for content delivery and an easy way to distribute content to end users with low latency, high data transfer speeds, and no required minimum commitments.

  • Traffic Distribution
    • Data transfer and request pricing vary across geographic regions, and pricing is based on edge location through which the content is served
  • Requests
    • Number and type of requests (HTTP or HTTPS) made and the geographic region in which the requests are made.
  • Data Transfer Out
    • Amount of data transferred out of the CloudFront edge locations

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. How does AWS charge for AWS Lambda?
    1. Users bid on the maximum price they are willing to pay per hour.
    2. Users choose a 1-, 3- or 5-year upfront payment term.
    3. Users pay for the required permanent storage on a file system or in a database.
    4. Users pay based on the number of requests and consumed compute resources.

References

AWS Pricing Whitepaper – 2016

 

 

AWS EC2 Container Service – ECS

~ Last updated on : ~ jayendrapatil ~ 8 Comments

AWS EC2 Container Service – ECS

  • AWS EC2 Container Service – ECS is a highly scalable, high-performance container management service that supports Docker containers and allows running applications on a managed cluster of EC2 instances.
  • ECS
    • is a regional service that simplifies running application containers in a highly available manner across multiple AZs within a region.
    • eliminates the need to install, operate, and scale the cluster management infrastructure.
    • helps schedule the placement of containers across the cluster based on the resource needs and availability requirements.
    • allows the integration of your own custom scheduler or third-party schedulers to meet business or application specific requirements.
    • provides a serverless option with AWS Fargate.

ECS Launch Types

EC2 Launch Type

  • EC2 launch type – Configure and deploy EC2 instances in your cluster to run your containers.
  • EC2 launch type is suitable for the following workloads:
    • Workloads that require consistently high CPU core and memory usage
    • Large workloads that need to be optimized for price
    • Applications need to access persistent storage
    • You must directly manage your infrastructure

ECS Overview Standard

AWS Fargate Launch Type

  • AWS Fargate is a technology that provides a serverless pay-as-you-go option with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances.
  • With AWS Fargate, there is no need to provision, configure, or scale clusters of virtual machines to run containers and also removes the need to choose server types, decide when to scale the clusters or optimize cluster packing.
  • Fargate launch type is suitable for the following workloads:
    • Large workloads that need to be optimized for low overhead
    • Small workloads that have an occasional burst
    • Tiny workloads
    • Batch workloads

ECS Overview

ECS Components

Containers and Images

  • Applications deployed on ECS must be architected to run in Docker containers, which is a standardized unit of software development, containing everything that the software application needs to run: code, runtime, system tools, system libraries, etc.
  • Containers are created from a read-only template called an image.
  • Images are typically built from a Dockerfile and stored in a registry from which they can be downloaded and run on the container instances.
  • ECS can be configured to access a private Docker image registry within a VPC, Docker Hub or is integrated with EC2 Container Registry (ECR)

Clusters

  • An ECS cluster is a logical grouping of EC2 container instances to run tasks or services.
  • ECS downloads the container images from the specified registry and runs those images on the container instances within your cluster.

Task Definitions

  • Task definition is a description of an application that contains one or more docker containers.
  • Task definition is needed to prepare an application to run on ECS
  • Task definition is a text file in JSON format that describes one or more containers that form your application.
  • Task definitions specify various parameters for the application, such as containers to use, their repositories, ports to be opened, and data volumes
  • Task Execution Role is used by the ECS agent and container runtime environment to prepare the containers to run for e.g. pull images from ECR, manage logs etc. It is not used by the task itself.
  • Task Role grants additional AWS permissions that are assumed by the containers running in the task.
  • Network mode specifies the Docker networking mode to use for the containers in the task. The valid values are nonebridgeawsvpc, and host.

Tasks and Scheduling

  • A task is the instantiation of a task definition on a container instance within the cluster.
  • After a task definition is created for the application within ECS, you can specify the number of tasks that will run on the cluster.
  • ECS task scheduler is responsible for placing tasks on container instances, with several different scheduling options available

Services

  • ECS Service helps to run and maintain a specified number of instances of a task definition simultaneously.
  • Service can optionally be configured to use Elastic Load Balancing to distribute traffic evenly across the tasks in the service.
  • EC2 Launch Type supports ALB, NLB, and Classic Load Balancer.
  • Fargate Launch Type supports only ALB and NLB.
  • ALBs are recommended as they offer several features
    • Each service can serve traffic from multiple load balancers and expose multiple load-balanced ports by specifying multiple target groups.
    • supported by tasks hosted on both Fargate and EC2 instances.
    • allow containers to use dynamic host port mapping (so that multiple tasks from the same service are allowed per container instance).
    • support path-based routing and priority rules (so that multiple services can use the same listener port on a single ALB).

Container Agent

  • Container agent runs on each instance within an ECS cluster
  • Container Agent sends information about the instance’s current running tasks and resource utilization to ECS, and starts and stops tasks whenever it receives a request from ECS

ECS vs Elastic Beanstalk

  • ECS helps in having a more fine-grained control for custom application architectures.
  • Elastic Beanstalk is ideal to leverage the benefits of containers but just want the simplicity of deploying applications from development to production by uploading a container image.
  • Elastic Beanstalk is more of an application management platform that helps customers easily deploy and scale web applications and services.
  • With Elastic Beanstalk, specify container images to be deployed, with the CPU & memory requirements, port mappings and container links.
  • Elastic Beanstalk abstracts the finer details and automatically handles all the details such as provisioning an ECS cluster, balancing load, auto-scaling, monitoring, and placing the containers across the cluster.

ECS vs Lambda

  • EC2 Container Service is a highly scalable Docker container management service that allows running and managing distributed applications in Docker containers.
  • AWS Lambda is an event-driven task compute service that runs code (Lambda functions) in response to “events” from event sources like SES, SNS, DynamoDB & Kinesis Streams, CloudWatch etc.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. You need a solution to distribute traffic evenly across all of the containers for a task running on Amazon ECS. Your task definitions define dynamic host port mapping for your containers. What AWS feature provides this functionally?
    1. Application Load Balancers support dynamic host port mapping.
    2. CloudFront custom origins support dynamic host port mapping.
    3. All Elastic Load Balancing instances support dynamic host port mapping.
    4. Classic Load Balancers support dynamic host port mapping.
  2. Your security team requires each Amazon ECS task to have an IAM policy that limits the task’s privileges to only those required for its use of AWS services. How can you achieve this?
    1. Use IAM roles for Amazon ECS tasks to associate a specific IAM role with each ECS task definition
    2. Use IAM roles on the Amazon ECS container instances to associate IAM role with each ECS task on that instance
    3. Connect to each running amazon ECS container instance and add discrete credentials
    4. Reboot each Amazon ECS task programmatically to generate new instance metadata for each task

References

AWS Classic Load Balancer vs Application Load Balancer vs Network Load Balancer

~ Last updated on : ~ jayendrapatil ~ 16 Comments

AWS Classic Load Balancer vs Application Load Balancer vs Network Load Balancer

  • Elastic Load Balancing supports three types of load balancers:
    • Classic Load Balancer – CLB
    • Application Load Balancer – ALB
    • Network Load Balancer – NLB
  • While there is some overlap in the features, AWS does not maintain feature parity between the different types of load balancers.

CLB vs ALB vs NLB General

Usage Patterns

  • Classic Load Balancer
    • provides basic load balancing across multiple EC2 instances and operates at both the request level and connection level.
    • is intended for applications that were built within the EC2-Classic network.
    • is ideal for simple load balancing of traffic across multiple EC2 instances.
  • Application Load Balancer
    • is ideal for microservices or container-based architectures where there is a need to route traffic to multiple services or load balance across multiple ports on the same EC2 instance.
    • operates at the request level (layer 7), routing traffic to targets – EC2 instances, containers, IP addresses, and Lambda functions based on the content of the request.
    • is ideal for advanced load balancing of HTTP and HTTPS traffic, and provides advanced request routing targeted at delivery of modern application architectures, including microservices and container-based applications.
    • simplifies and improves the security of the application, by ensuring that the latest SSL/TLS ciphers and protocols are used at all times.
  • Network Load Balancer
    • operates at the connection level (Layer 4), routing connections to targets – EC2 instances, microservices, and containers – within VPC based on IP protocol data.
    • is ideal for load balancing of both TCP and UDP traffic,
    • is capable of handling millions of requests per second while maintaining ultra-low latencies.
    • is optimized to handle sudden and volatile traffic patterns while using a single static IP address per AZ
    • is integrated with other popular AWS services such as Auto Scaling, ECS, CloudFormation, and AWS Certificate Manager (ACM).
  • AWS recommends using Application Load Balancer for Layer 7 and Network Load Balancer for Layer 4 when using VPC.

AWS ELB Classic Load Balancer vs Application Load Balancer
Supported Protocols

  • Classic ELB operates at layer 4 and supports HTTP, HTTPS, TCP, SSL
  • ALB operates at layer 7 and supports HTTP, HTTPS, HTTP/2, WebSockets
  • NLB operates at the connection level (Layer 4)

Load Balancing to Multiple Ports on the same instance

  • Only ALB & NLB supports Load Balancing to multiple ports on the same instance

Host-based Routing & Path-based Routing

  • Host-based routing use host conditions to define rules that forward requests to different target groups based on the hostname in the host header. This enables ALB to support multiple domains using a single load balancer.
  • Path-based routing use path conditions to define rules that forward requests to different target groups based on the URL in the request. Each path condition has one path pattern. If the URL in a request matches the path pattern in a listener rule exactly, the request is routed using that rule.
  • Only ALB supports Host-based & Path-based routing.

CLB vs ALB vs NLB Common configurations and Features

Slow Start

  • By default, a target starts to receive its full share of requests as soon as it is registered with a target group and passes an initial health check.
  • Using slow start mode gives targets time to warm up before the load balancer sends them a full share of requests.
  • Only ALB supports slow start mode

Static IP and Elastic IP Address

  • NLB automatically provides a static IP per AZ (subnet) that can be used by applications as the front-end IP of the load balancer.
  • NLB also allows the option to assign an Elastic IP per AZ (subnet) thereby providing your own fixed IP.
  • Classic ELB and ALB does not support Static and Elastic IP address

Connection Draining OR Deregistration Delay

  • Connection draining enables the load balancer to complete in-flight requests made to instances that are de-registering or unhealthy.
  • All Load Balancer types support connection draining/deregistration delay.

Idle Connection Timeout

  • Idle Connection Timeout helps specify a time period, which ELB uses to close the connection if no data has been sent or received by the time that the idle timeout period elapses
  • Can be configured for  CLB & ALB (default 60 seconds)
  • Cannot be configured for NLB (350 secs for TCP, 120 secs for UDP)
  • It is recommended to enable HTTP keep-alive in the web server settings for the EC2 instances, thus making the ELB reuse the backend connections until the keep-alive timeout expires.

PrivateLink Support

  • CLB and ALB do not support PrivateLink (TCP, TLS)
  • Only NLB supports PrivateLink (TCP, TLS)

Zonal Isolation

  • Only NLB supports Zonal Isolation which supports application architectures in a single zone. It automatically fails over to other healthy AZs, if something fails in an AZ
  • CLB and ALB do not support Zonal Isolation.

Deletion Protection

  • Only ALB & NLB supports Deletion Protection, wherein a load balancer can’t be deleted if deletion protection is enabled
  • CLB does not support deletion protection.

Preserve Source IP address

  • As the ELB intercepts the traffic between the client and the back-end servers, the back-end server does not know the IP address, Protocol, and the Port used between the Client and the Load balancer.
  • Classic ELB (HTTP/HTTPS) and ALB do not preserve the client-side source IP.  It needs to be retrieved using X-Forward-XXX.
    • X-Forwarded-For request header to help back-end servers identify the IP address of a client when you use an HTTP or HTTPS load balancer.
    • X-Forwarded-Proto request header to help back-end servers identify the protocol (HTTP/S) that a client used to connect to the server
    • X-Forwarded-Port request header to help back-end servers identify the port that an HTTP or HTTPS load balancer uses to connect to the client.
  • CLB (SSL/TLS) uses Proxy Protocol Version 1 and NLB uses Proxy Protocol Version 2 to provide the information.
  • NLB preserves the client-side source IP or needs Proxy Protocol allowing the back-end to see the IP address of the client.
    • If targets are registered by instance ID or ECS tasks, the source IP addresses of the clients are preserved and provided to the applications.
    • If targets are registered by IP address
      • for TCP & TLS, the source IP addresses are the private IP addresses of the load balancer nodes. Use Proxy Protocol.
      • for UDP & TCP_UDP, it is enabled by default and the source IP addresses of the clients are preserved.

Health Checks

  • All Load Balancer types support Health checks to determine if the instance is healthy or unhealthy
  • ALB provides health check improvements that allow detailed error codes from 200-399 to be configured

Supported Platforms

  • Classic ELB supports both EC2-Classic and EC2-VPC
  • ALB and NLB support only EC2-VPC.

WebSockets

  • CLB does not support WebSockets
  • Only ALB and NLB support WebSockets

Cross-zone Load Balancing

  • By default, Load Balancer will distribute requests evenly across its enabled AZs, irrespective of the instances it hosts.
  • Cross-zone Load Balancing help distribute incoming requests evenly across all instances in its enabled AZs.
  • CLB -> Cross Zone load balancing is disabled, by default, and can be enabled and free of charge.
  • ALB -> Cross Zone load balancing is enabled by default and free.
  • NLB -> Cross Zone load balancing is disabled, by default, and can be enabled but is charged for inter-az data transfer.

Stick Sessions (Cookies)

  • Stick Sessions (Session Affinity) enables the load balancer to bind a user’s session to a specific instance, which ensures that all requests from the user during the session are sent to the same instance
  • CLB, ALB, and NLB support sticky sessions to maintain session affinity
  • CLB and ALB maintain session stickiness using cookies.
  • NLB does not support sticky sessions. NLB now supports sticky sessions.
  • NLB uses a built-in 5-tuple hash table in order to maintain stickiness across backend servers.
  • NLB idle timeout for TCP connections is 350 seconds. Once the timeout is reached or the session is terminated, the NLB will forget the stickiness and incoming packets will be considered as a new flow and could be load balanced to a new target.

CLB vs ALB vs NLB Security

SSL Termination/Offloading

  • SSL Termination helps decrypt requests from clients before sending them to targets and hence reducing the load. SSL certificate must be installed on the load balancer.
  • All load balancers types support SSL Termination.

Server Name Indication

  • CLB only supports a single certificate and does not support SNI
  • ALB and NLB support multiple certificates and use SNI to serve multiple secure websites using a single TLS listener.
    • If the hostname provided by a client matches a single certificate in the certificate list, the load balancer selects this certificate.
    • If a hostname provided by a client matches multiple certificates in the certificate list, the load balancer selects the best certificate that the client can support.

Back-end Server Authentication

  • Back-end Server Authentication enables authentication of the instances. 
  • Load balancer communicates with an instance only if the public key that the instance presents to the load balancer matches a public key in the authentication policy for the load balancer.
  • Classic Load Balancer supports Back-end Server Authentication
  • ALB does not support Back-end Server Authentication

CloudWatch Metrics

  • All Load Balancer types integrate with CloudWatch to provide metrics, with ALB providing additional metrics

Access Logs

  • Access logs capture detailed information about requests sent to the load balancer. Each log contains information such as request received time, client’s IP address, latencies, request paths, and server responses
  • All Load Balancer types provide access logs, with ALB providing additional attributes

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. A company wants to use load balancer for their application. However, the company wants to forward the requests without any header modification. What service should the company use?
    1. Classic Load Balancer
    2. Network Load Balancer
    3. Application Load Balancer
    4. Use Route 53
  2. A Solutions Architect is building an Amazon ECS-based web application that requires that headers are not modified when being forwarded to Amazon ECS. Which load balancer should the Architect use?
    1. Application Load Balancer
    2. Network Load Balancer
    3. A virtual load balancer appliance from AWS marketplace
    4. Classic Load Balancer
  3. An application tier currently hosts two web services on the same set of instances, listening on different ports. Which AWS service should a solutions architect use to route traffic to the service based on the incoming request?
    1. AWS Application Load Balancer
    2. Amazon CloudFront
    3. Amazon Route 53
    4. AWS Classic Load Balancer
  4. A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances with support for WebSockets using load balancers. How can the Architect meet these requirements?
    1. Configure a Network Load balancer.
    2. Configure an Application Load Balancer.
    3. Configure a Classic Load Balancer.
    4. Configure a Layer-4 Load Balancer.
  5. A company is hosting an application in AWS for third party access. The third party needs to whitelist the application based on the IP. Which AWS service can the company use in the whitelisting of the IP address?
    1. AWS Application Load Balancer
    2. AWS Classic Load balancer
    3. AWS Network Load Balancer
    4. AWS Route 53

References

AWS_Elastic_Load_Balancing_features

AWS API Gateway

~ Last updated on : ~ jayendrapatil ~ 32 Comments

AWS API Gateway

  • AWS API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale.
  • API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.
  • API Gateway has no minimum fees or startup costs and charges only for the API calls received and the amount of data transferred out.
  • API Gateway acts as a proxy to the configured backend operations.
  • API Gateway scales automatically to handle the amount of traffic the API receives.
  • API Gateway exposes HTTPS endpoints only for all the APIs created. It does not support unencrypted (HTTP) endpoints.
  • APIs built on API Gateway can accept any payloads sent over HTTP with typical data formats including JSON, XML, query string parameters, and request headers.
  • API Gateway can communicate to multiple backends
    • Lambda functions
    • AWS Step functions state machines
    • HTTP endpoints exposed through Elastic Beanstalk, ELB or EC2 servers
    • Non AWS hosted HTTP based operations accessible via public Internet
  • API Gateway endpoints are always public to the Internet and do not run within a VPC. Proxy requests to backend operations also need to be publicly accessible on the Internet.

AWS API Gateway

API Gateway helps with several aspects of creating and managing APIs

  • Metering
    • automatically meters traffic to the APIs and lets you extract utilization data for each API key.
    • define plans that meter, restrict third-party developer access, configure throttling, and quota limits on a per API key basis
  • Security
    • helps remove authorization concerns from the backend code
    • allows leveraging of AWS administration and security tools, such as IAM and Cognito, to authorize access to APIs
    • can verify signed API calls on your behalf using the same methodology AWS uses for its own APIs.
    • supports custom authorizers written as Lambda functions and verify incoming bearer tokens.
    • automatically protects the backend systems from distributed denial-of-service (DDoS) attacks, whether attacked with counterfeit requests (Layer 7) or SYN floods (Layer 3).
  • Resiliency
    • helps manage traffic with throttling so that backend operations can withstand traffic spikes.
    • helps improve the performance of the APIs and the latency end users experience by caching the output of API calls to avoid calling the backend every time.
  • Operations Monitoring
    • integrates with CloudWatch and provides a metrics dashboard to monitor calls to API services
    • integrates with CloudWatch Logs to receive errors, access or debug logs
    • provides backend performance metrics covering API calls, latency data and error rates.
  • Lifecycle Management
    • allows multiple API versions and multiple stages (development, staging, production etc.) for each version simultaneously so that existing applications can continue to call previous versions after new API versions are published.
    • saves the history of the deployments, which allows rollback of a stage to a previous deployment at any point, using APIs or console.
  • Designed for Developers
    • allows specifying a mapping template to generate static content to be returned, helping you mock APIs before the backend is ready
    • helps reduce cross-team development effort and time-to-market for applications and allows dependent teams to begin development while backend processes are still built.

API Gateway Features

  • Support for stateful (WebSocket) and stateless (HTTP and REST) APIs.
  • Powerful, flexible authentication mechanisms, such as AWS IAM policies, Lambda authorizer functions, and Amazon Cognito user pools.
  • Developer portal for publishing your APIs.
  • Canary release deployments for safely rolling out changes.
  • CloudTrail logging and monitoring of API usage and API changes.
  • CloudWatch access logging and execution logging, including the ability to set alarms.
  • Ability to use AWS CloudFormation templates to enable API creation.
  • Support for custom domain names.
  • Integration with AWS WAF for protecting your APIs against common web exploits.
  • Integration with AWS X-Ray for understanding and triaging performance latencies.

API Gateway Throttling and Caching

API Gateway Throttling and Caching

  • Throttling
    • API Gateway provides throttling at multiple levels including global and by service calls and limits can be set for standard rates and bursts.
    • It tracks the number of requests per second. Any requests over the limit will receive a 429 HTTP response.
    • Throttling ensures that API traffic is controlled to help the backend services maintain performance and availability.
  • Caching
    • API Gateway provides API result caching by provisioning an API Gateway cache and specifying its size in gigabytes.
    • Caching helps improve performance and reduces the traffic sent to the back end.
    • API Gateway handles the request in the following manner
      • If caching is not enabled and throttling limits have not been applied, then all requests pass through to the backend service until the account level throttling limits are reached.
      • With throttling limits defined, the API Gateway will shed necessary amount of requests and send only the defined limit to the back-end
      • If a cache is configured, the API Gateway will return a cached response for duplicate requests for a customizable time, but only if under configured throttling limits. It caches responses from the endpoint for a specified time-to-live (TTL) period, in seconds
  • API Gateway does not arbitrarily limit or throttle invocations to the backend operations and all requests that are not intercepted by throttling and caching settings are sent to your backend operations.

API Gateway Endpoint Types

Edge-optimized API Endpoints

  • An edge-optimized API endpoint is best for geographically distributed clients and is the default endpoint type for API Gateway REST APIs.
  • API requests are routed to the nearest CloudFront Point of Presence (POP).
  • Edge-optimized APIs capitalize the names of HTTP headers (for example, Cookie).
  • CloudFront sorts HTTP cookies in natural order by cookie name before forwarding the request to your origin.
  • Any custom domain name used for an edge-optimized API applies across all regions.

Regional API Endpoints

  • A regional API endpoint is intended for clients in the same region.
  • When a client running on an EC2 instance calls an API in the same region, or when an API is intended to serve a small number of clients with high demands, a regional API reduces connection overhead.
  • For a regional API, any custom domain name used is specific to the region where the API is deployed. If you deploy a regional API in multiple regions, it can have the same custom domain name in all regions.
  • Regional API endpoints pass all header names through as-is.

Private API Endpoints

  • A private API endpoint is an API endpoint that can only be accessed from VPC using an interface VPC endpoint.
  • Private API endpoints pass all header names through as-is.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. You are running a mobile media application and are considering API Gateway for the client entry point. What benefits would this provide? Choose 2 answers
    1. Caching API responses
    2. IP blacklisting
    3. Intrusion prevention
    4. Load balancing
    5. Throttling traffic

References

AWS Certified DevOps – Professional Exam Learning Path

~ Last updated on : ~ jayendrapatil ~ 46 Comments

AWS Certified DevOps – Professional Exam Learning Path

AWS Certified DevOps – Professional exam basically validates the following

  • Implement and manage continuous delivery systems and methodologies on AWS
  • Understand, implement, and automate security controls, governance processes, and compliance validation
  • Define and deploy monitoring, metrics, and logging systems on AWS
  • Implement systems that are highly available, scalable, and self-healing on the AWS platform
  • Design, manage, and maintain tools to automate operational processes

Refer to the AWS Certified DevOps – Professional Exam Blue Print

AWS Certified DevOps - Professional Exam Breakup

AWS Cloud Computing Whitepapers

AWS Certified DevOps – Professional Exam Contents

Domain 1: Continuous Delivery and Process Automation

  • 1.1 Demonstrate an understanding of application lifecycle management:
    • Application deployment management strategies such as rolling deployments and A/B.
    • Version control, testing, build tools and bootstrapping.
      • includes CloudFormation Best Practices esp. Nested Templates for better control, using parameters for reusability
      • includes bootstrapping using userdata
      • includes CloudFormation helper scripts, WaitCondition and Creation Policy
      • includes CloudFormation Custom Resource
      • Using Pre-Baked AMIs
      • Using Docker with Elastic Beanstalk
  • 1.2 Demonstrate an understanding of infrastructure configuration and automation.
  • 1.3 Implement and manage continuous delivery processes using AWS services.
    •  includes CodeDeploy, OpsWorks
  • 1.4 Develop and manage scripts and tools to automate operational tasks using the AWS SDKs, CLI, and APIs.
    • includes using CloudFormation helper scripts
    • includes using Elastic Beanstalk container commands

Domain 2: Monitoring, Metrics, and Logging

  • 2.1 Monitor availability and performance.
  • 2.2 Monitor and manage billing and cost optimization processes.
  • 2.3 Aggregate and analyze infrastructure, OS and application log files.
    • includes using CloudWatch logs
    • includes using ELB access logs, CloudTrail logs which can be integrated with CloudWatch logs
  • 2.4 Use metrics to drive the scalability and health of infrastructure and applications.
    • includes using CloudWatch alarms, SNS and AutoScaling
  • 2.5 Analyze data collected from monitoring systems to discern utilization patterns.
    • includes CloudWatch and analysis using CloudWatch metrics
    • includes using Kinesis for real time log analysis
  • 2.6 Manage the lifecycle of application and infrastructure logs
  • 2.7 Leverage the AWS SDKs, CLIs and APIs for metrics and logging.
    • includes CloudWatch logs using CloudWatch agent with logs group, events and metrics

Domain 3: Security, Governance, and Validation

Domain 4: High Availability and Elasticity

  • 4.1 Determine appropriate use of multi-Availability Zone versus multi-region architectures.
  • 4.2 Implement self-healing application architectures.
  • 4.3 Implement the most appropriate front-end scaling architecture.
    • includes building scalable architecture using ELB with Auto Scaling
    • includes using CloudFront covering cache behavior, dynamic content, work with on premise servers as origin, HLS with Elastic Transcoder
  • 4.4 Implement the most appropriate middle-tier scaling architecture.
    • includes building scalable architecture using ELB with Auto Scaling
    • includes building loosely coupled scalable architecture using SQS, CloudWatch and AutoScaling and SWF
  • 4.5 Implement the most appropriate data storage scaling architecture.
  • 4.6 Demonstrate an understanding of when to appropriately apply vertical and horizontal scaling concepts.
    • includes basic understanding of horizontal scaling is scale in/out and vertical scaling is scale up/down

AWS Certified DevOps – Professional Exam Resources
Braincert-AWS-Certified-SA-Professional-Practice-Exam
ACloudGuru DevOps Professional
A Cloud Guru Professional Bundle Sale

AWS Certified Developer – Associate Exam Learning Path

~ Last updated on : ~ jayendrapatil ~ 43 Comments

AWS Certified Developer – Associate Exam Learning Path

NOTE – Refer to AWS Certified Developer – Associate June 2018 Exam for latest Developer Associate Exam learning path.

AWS Developer – Associate exam basically validates the following

  • Design, develop and deploy cloud based solutions using AWS
  • Understand the core AWS services, uses, and basic architecture best practices
  • Develop and maintain applications written for Amazon Simple Storage Services (S3), Amazon DynamoDB, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS), Amazon Simple Workflow Service (SWF), AWS Elastic Beanstalk, and AWS CloudFormation

Refer to the AWS Certified Developer – Associate Exam Blue Print

AWS Certified Developer - Associate Exam Break Up

AWS Developer – Associate Exam Contents

Domain 1.0: AWS Fundamentals

Domain 2.0: Designing and Developing

Domain 3.0: Deployment and Security

Domain 4.0: Debugging

  • General troubleshooting information and questions
  • Best Practices in debugging

NOTE: I have just marked the topics inline with the AWS Exam Blue Print. So be sure to check the same, as it is updated regularly and go through Whitepapers, FAQs and Re-Invent videos.

AWS Developer – Associate Exam Resources

Braincert-AWS-Certified-Developer-Associate-Practice-Exam

Udemy AWS Certified Developer - Associate Practice Tests

  • Purchased the acloud guru AWS Certified Developer – Associate course from udemy (should get it for $10-$15 on discount) helps to get a clear picture of the the format, topics and relevant sections
  • Opinion : acloud guru course are good by itself but is not sufficient to pass the exam but might help to counter about 50-60% of exam questions
  • Signed up with AWS for the Free Tier account which provides a lot of the Services to be tried for free with certain limits which are more then enough to get things going. Be sure to decommission anything, if you using any thing beyond the free limits, preventing any surprises 🙂
  • Also, used the QwikLabs for all the introductory courses which are free and allow you to try out the services multiple times (I think its max 5, as I got the warnings couple of times)
  • Update: Qwiklabs seems to have reduced the free courses quite a lot and now provide targeted labs for AWS Certification exams which are charged
  • Read the FAQs atleast for the important topics, as they cover important points and are good for quick review
  • Did not purchase the AWS Practice exams, as the questions are available all around. But if you want to check the format, it might be useful.
  • You can also check practice tests

AWS SysOps Administrator – Associate Exam Learning Path

~ Last updated on : ~ jayendrapatil ~ 75 Comments

AWS SysOps Administrator – Associate Exam Learning Path

NOTE – SysOps Administrator exam has been updated from 24th Sept 2018. Please check SysOps Administrator – Associate SOA-C01 Exam Learning path

AWS SysOps Administrator – Associate exam basically validates the following

  • Deliver the stability and scalability needed by a business on AWS
  • Provision systems, services and deployment automation on AWS
  • Ensure data integrity and data security on AWS technology
  • Provide guidance on AWS best practices
  • Understand and monitor metrics on AWS

Refer to the AWS SysOps Administrator – Associate Exam Blue Print
AWS SysOps Administrator - Associate Breakup

AWS Cloud Computing Whitepapers

AWS SysOps Administrator – Associate Exam Contents

Domain 1.0: Monitoring and Metrics

Domain 2.0: High Availability

Domain 3.0: Analysis

  • Optimize the environment to ensure maximum performance
  • Identify performance bottlenecks and implement remedies
  • Identify potential issues on a given application deployment

Domain 4.0: Deployment and Provisioning

  • Demonstrate the ability to build the environment to conform with the architected design
  • Demonstrate the ability to provision cloud resources and manage implementation automation

Domain 5.0: Data Management

Domain 6.0: Security

  • Implement and manage security policies
  • Ensure data integrity and access controls when using the AWS platform
  • Demonstrate understanding of the shared responsibility model
  • Demonstrate ability to prepare for security assessment use of AWS

Domain 7.0: Networking

  • Demonstrate ability to implement networking features of AWS
    • includes topics VPC
  • Demonstrate ability to implement connectivity features of AWS

NOTE: I have just marked the topics inline with the AWS Exam Blue Print. So be sure to check the same, as it is updated regularly and go through Whitepapers, FAQs and Re-Invent videos.

AWS SysOps Administrator – Associate Exam Resources

  • Purchased the acloud guru AWS Certified SysOps Administrator – Associate 2017 course from udemy (should get it for $10-$15 on discount) helps to get a clear picture of the the format, topics and relevant sections
  • Opinion : acloud guru course are good by itself but is not sufficient to pass the exam but might help to counter about 50-60% of exam questions
  • Signed up with AWS for the Free Tier account which provides a lot of the Services to be tried for free with certain limits which are more then enough to get things going. Be sure to decommission anything, if you using any thing beyond the free limits, preventing any surprises 🙂
  • Also, used the QwikLabs for all the introductory courses which are free and allow you to try out the services multiple times (I think its max 5, as I got the warnings couple of times)
  • Update: Qwiklabs seems to have reduced the free courses quite a lot and now provide targeted labs for AWS Certification exams which are charged
  • Read the FAQs atleast for the important topics, as they cover important points and are good for quick review
  • Did not purchase the AWS Practice exams, as the questions are available all around. But if you want to check the format, it might be useful.
  • You can also check practice tests

AWS Certified Solution Architect – Associate Exam Learning Path

~ Last updated on : ~ jayendrapatil ~ 430 Comments

AWS Certified Solution Architect – Associate Exam Learning Path

AWS Solution Architect – Associate exam basically validates the following 2 abilities

  • Identify and gather requirements in order to define a solution to be built using architecture best practices.
  • Provide guidance on architectural best practices to developers and system administrators throughout the lifecycle of the project.

Refer to the AWS Solution Architect – Associate Exam Blue Print

AWS Solution Architect - Associate Exam Break up

AWS Cloud Computing Whitepapers

AWS Solution Architect – Associate Exam Contents

NOTE: With recent feedback from users AWS SA-A Exams have questions for new Lambda, ALB, ALB vs Classic Load Balancer, ECS, API Gateway services

Domain 1.0: Designing highly available, cost-efficient, fault-tolerant, scalable systems

  1. Identify and recognize cloud architecture considerations, such as fundamental components and effective designs. Content may include the following:

2 Domain 2.0: Implementation/Deployment

  1. Identify the appropriate techniques and methods using Amazon EC2, Amazon S3, AWS Elastic Beanstalk, AWS CloudFormation, AWS OpsWorks, Amazon Virtual Private Cloud (VPC), and AWS Identity and Access Management (IAM) to code and implement a cloud solution.
    Content may include the following:

    1. Configure an Amazon Machine Image (AMI)
    2. Operate and extend service management in a hybrid IT architecture
    3. Configure services to support compliance requirements in the cloud
    4. Launch instances across the AWS global infrastructure
    5. Configure IAM policies and best practices

3 Domain 3.0: Data Security

  1. Recognize and implement secure practices for optimum cloud deployment and maintenance. Content may include the following:
  2. Recognize critical disaster recovery techniques and their implementation.
    Content may include the following:

4 Domain 4.0: Troubleshooting

  1. Content may include the following:

NOTE: I have just marked the topics inline with the AWS Exam Blue Print. So be sure to check the same, as it is updated regularly and go through Whitepapers, FAQs and Re-Invent videos.

AWS Solution Architect – Associate Exam Resources

Braincert-AWS-Certified-SA-Associate-Practice-Exam

Udemy AWS Certified Solution Architect - Associate Practice Tests

  • Purchased the acloud guru AWS Certified Solutions Architect – Associate course from Udemy (should get it for $10-$15 on discount) helps to get a clear picture of the the format, topics and relevant sections
  • Opinion : acloud guru course are good by itself but is not sufficient to pass the exam but might help to counter about 50-60% of exam questions
  • DolfinEd Udemy AWS Certified Solutions Architect Associate Exam Mastery 2018
    • Covers the exam topics in detail, is extensive, scenario based practice questions and visual aids.
    • Very good rating and user feedback (~ 4.7)

  • Signed up with AWS for the Free Tier account which provides a lot of the Services to be tried for free with certain limits which are more then enough to get things going. Be sure to decommission anything, if you using any thing beyond the free limits, preventing any surprises 🙂
  • Also, used the QwikLabs for all the introductory courses which are free and allow you to try out the services multiple times (I think its max 5, as I got the warnings couple of times)
  • Update: Qwiklabs seems to have reduced the free courses quite a lot and now provide targeted labs for AWS Certification exams which are charged
  • Read the FAQs atleast for the important topics, as they cover important points and are good for quick review
  • Did not purchase the AWS Practice exams, as the questions are available all around. But if you want to check the format, it might be useful.
  • You can also check practice tests

AWS Elasticsearch

~ Last updated on : ~ jayendrapatil ~ 4 Comments

AWS Elasticsearch

  • Elasticsearch Service is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS Cloud.
  • Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and clickstream analytics
  • Elasticsearch provides
    • real-time, distributed search and analytics engine
    • ability to provision all the resources for the Elasticsearch cluster and launches the cluster
    • easy to use cluster scaling options. Scaling the Elasticsearch Service domain by adding or modifying instances, and storage volumes is an online operation that does not require any downtime.
    • provides self-healing clusters, which automatically detects and replaces failed Elasticsearch nodes, reducing the overhead associated with self-managed infrastructures
    • domain snapshots to back up and restore ES domains and replicate domains across AZs
    • data durability
    • enhanced security with IAM access control and security groups
    • node monitoring
    • multiple configurations of CPU, memory, and storage capacity, known as instance types
    • storage volumes for the data using EBS volumes
    • Multiple geographical locations for your resources, known as regions and Availability Zones
    • ability to span cluster nodes across multiple AZs in the same region, known as zone awareness,  for high availability and redundancy.  Elasticsearch Service automatically distributes the primary and replica shards across instances in different AZs.
    • dedicated master nodes to improve cluster stability
    • data visualization using the Kibana tool
    • integration with CloudWatch for monitoring ES domain metrics
    • integration with CloudTrail for auditing configuration API calls to ES domains
    • integration with S3, Kinesis, and DynamoDB for loading streaming data
    • ability to handle structured and unstructured data
    • HTTP Rest APIs

Elasticsearch Domains

  • Elasticsearch Service domains are Elasticsearch clusters created using the Elasticsearch Service console, CLI, or API.
  • Each domain is the cluster in the cloud with the specified compute and storage resources.
  • Enables you to create and delete domains, define infrastructure attributes, and control access and security.
  • Elasticsearch Service automates common administrative tasks, such as performing backups, monitoring instances and patching software once the domain is running

Elasticsearch Security

  • Access to Elasticsearch Service management APIs for operations such as creating and scaling domains are controlled with AWS IAM policies.
  • Elasticsearch Service domains can be configured to be accessible with an endpoint within the VPC or a public endpoint accessible to the internet.
  • Network access for VPC endpoints is controlled by security groups and for public endpoints, access can be granted or restricted by IP address.
  • Elasticsearch Service provides user authentication via IAM and basic authentication using username and password.
  • Authorization can be granted at the domain level (via Domain Access Policies) as well as at the index, document, and field level (via the fine-grained access control feature powered by Open Distro for Elasticsearch).
  • Fine-grained access control feature extends Kibana with read-only views and secure multi-tenant support.
  • Elasticsearch Service supports integration with Cognito, to allow your end-users to log-in to Kibana through enterprise identity providers such as Microsoft Active Directory using SAML 2.0, Cognito User Pools, and more
  • Elasticsearch Service supports encryption at rest through AWS Key Management Service (KMS), node-to-node encryption over TLS, and the ability to require clients to communicate with HTTPS.
  • Encryption at rest encrypts shards, log files, swap files, and automated S3 snapshots.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. You need to perform ad-hoc analysis on log data, including searching quickly for specific error codes and reference numbers. Which should you evaluate first?
    1. AWS Elasticsearch Service (Elasticsearch Service (ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS cloud. Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics. Refer link)
    2. AWS RedShift
    3. AWS EMR
    4. AWS DynamoDB
  2. You are hired as the new head of operations for a SaaS company. Your CTO has asked you to make debugging any part of your entire operation simpler and as fast as possible. She complains that she has no idea what is going on in the complex, service-oriented architecture, because the developers just log to disk, and it’s very hard to find errors in logs on so many services. How can you best meet this requirement and satisfy your CTO?
    1. Copy all log files into AWS S3 using a cron job on each instance. Use an S3 Notification Configuration on the <code>PutBucket</code> event and publish events to AWS Lambda. Use the Lambda to analyze logs as soon as they come in and flag issues.
    2. Begin using CloudWatch Logs on every service. Stream all Log Groups into S3 objects. Use AWS EMR cluster jobs to perform adhoc MapReduce analysis and write new queries when needed.
    3. Copy all log files into AWS S3 using a cron job on each instance. Use an S3 Notification Configuration on the <code>PutBucket</code> event and publish events to AWS Kinesis. Use Apache Spark on AWS EMR to perform at-scale stream processing queries on the log chunks and flag issues.
    4. Begin using CloudWatch Logs on every service. Stream all Log Groups into an AWS Elasticsearch Service Domain running Kibana 4 and perform log analysis on a search cluster. (AWS Elasticsearch with Kibana stack is designed specifically for real-time, ad-hoc log analysis and aggregation)

AWS Certification Exam Resources, Courses, Quizzes

~ Last updated on : ~ jayendrapatil ~ 50 Comments

AWS Certification Exam Courses, Resources, Quizzes

  • Clearing the AWS certification for Solution Architect, SysOps Associate and Solution Architect Professional has been a long journey of over an year now.
  • I always remember starting fresh on AWS with no knowledge and a plethora of resources, courses and documentation can be very confusing, overwhelming and tough
  • So I have just put some resources, courses and deals which might help you get started at a reasonable cost

NOTE: This is my personal recommendations and tried & tested ones.

AWS documentation

  • Nothing can replace the fantastic AWS documentation that the team has put and maintained
  • AWS documentation includes
    • AWS Developer, User guides
    • AWS FAQs – Very Important to get a quick summary for important questions targeted in the exams
    • AWS Re-Invent Videos – quick way to know details of the services
    • AWS Whitepapers – covers condensed knowledge of important topics and services

Online Courses

Udemy

  • However, they are not sufficient to clear the exams
  • Udemy does not have aCloud Guru professional courses
  • They are listed at a very high price, however, wait for offers from Udemy and you can get the Associate ones for $10-$15
  • I will keep on listing any Udemy offers as belowFor Associate, I started with aCloud Guru courses from Udemy and they provide a nice overview of the exam topics


A Cloud Guru

  • As mentioned above, Associate courses from A Cloud Guru are good to get started and can be purchased from Udemy
  • A Cloud Guru forums have very nice discussion over the topics, highly recommended going through them
  • I had purchased Solution Architect – Professional course from A Cloud Guru site directly
    • Personally, I find it very expensive and it does not cover the topics in great details

Linux Academy

  • I haven’t tried Linux Academy courses for Associate, so any of you have any opinion let me
  • I had purchased the Solution Architect – Professional course and found is detailed and exhaustive with labs
  • Personally, would recommend it over the A Cloud Guru
  • You can try Linux Academy Trail for 7 days and then for monthly $29 which would give you access to everything but limited period

Free Linux Academy, PluralSight and Opsgility courses

  • I started preparing for Azure and was checking for resources, and stumbled upon 3 months Free subscription for LinuxAcademy, PluralSight and OpsUtility.
  • Follow the steps below
    • Navigate to Visual Studio Dev Essentials
    • Click on Join or Access Now
    • Sign up as its free
    • Microsoft would provide 3 months access to the courses as their Education Program
    • Activate the code and you are good to go
    • Enjoy the same till is lasts

Free Subscription for Linux Academy, Opsgility, Pluralsight

Practice Quiz

  • Personally, I have not taken any Practice test either officially from AWS or from any other provider
  • However, there are lot of sites, apart from my blog, which provide AWS questions & Answers, but I had found them to provide incorrect answers. So always research from your side
  • I have got a lot of positive feedback from colleagues taking tests on Braincert.


Udemy AWS Certified Solution Architect - Associate Practice Tests

  • Any other Online Quiz which you found very useful, let me know and I can add the same

Feel free to provide any feedback or any other resources that you found very helpful and help back the community.