Check GitHUB URL for my detailed notes
Focus on Keywords :
There could be multiple correct options , but you need to figure out the “keyword” in question to see which one fits the scenario requirement.
Keywords could be :
- least expensive
- near real-time
- least performance impact
- reduce down-time
- loosely coupled
- achieve resiliency, high availability
- reduce operational overhead
- Understand which service AWS recommends for what usecase, i.e. Kinesis Data streams can be used for log ingestion and analytics etc., To confuse; question might give you cloud watch logs + insights as option too. If log ingestion + real time analytics go for Kinesis brand of services.
- Learn to differentitate within Kinesis services i.e. If question speaks about real-time streaming, pickup Kinesis Data Streams. If you can tolerate delay of ~60 seconds, go for Kinesis Firehose
- Know the limitations on each service, they are very important to elimiate wrong answers for a given question. Like CloudFront supports 100000 RPS, ALB 10000 RPS etc., DynamoDB RCU/WCU 4KB/1KB, SQS/SNS Max Message Size limit 256KB, Lambda memory allocation can go from 128MB to 10,240MB (10GB) , per execution limit upto 15 minutes , S3 single object can be upto 5TB in size etc.
- Understand different DR strategies and carefully evaluate given RPO/RTO requirements vs. cost considerations for all types Backup & Restore, Pilot Light, Warm Standby and Multi-Site/Active-Active
- Understand when to use migration services like DMS, SCT, SMS,VM Import/Export,Application Discovery Service and their limitations. Can you migrate non-VM servers using SMS ?
- If there is no mention of any performance or cost , just asks for the best option. In order to eliminate wrong answers, stick with AWS recommendations.
- Understand difference between Private VIF and Public VIF for DX i.e. to access AWS services, use Private VIF , to establish secure VPN tunnel over DX, use Public VIF etc.
- Understand Purpose of a given security service i.e. Shield (DoS etc.), Inspector(CVE assessment etc.) , WAF(SQL/injector attacks etc.), X-RAY(debug etc) , Trusted Advisor(recommendations) , Security Hub(centralize security alerts etc.), AWS Config(audit,remediation etc.), Amazon Macie (Sensitive information,PII etc.), AWS Artifact (Compliance-related reports etc.)
- Understand when to use SCP vs IAM Policy
- Almost always, if you see option to choose between static long term credentails (IAM User) or short-term temporary credentials(IAM role), go for latter option
- What are alternative Options to SSH i.e. Systems Manager etc.
- Understand purpose of different System Manager services (i.e. Automation, Run Command, Session Manager, State Manager, Patch Manager, Maintenance Window)
- When to use AWS Serverless Application Model (SAM) vs CloudFormation in deploying Lambda with DynamoDB
- AWS CI/CD Services (CodeCommit, CodeBuild, CodeDeploy, CodePipeline) and 3rd party alternatives so, to understand code repository change from lets say GitHub to CodeCommit
- AWS WAF rules and which products it applies on i.e. ELB (ALB), CloudFront, Amazon API Gateway and EC2
- AWS Shield Standard vs AWS Shield Advanced (Cost Factor vs Business Continuity)
- Amazon ES (Elasticsearch?) – Kibana Endpoint
- Providing access to data and visualization tool: QuickSight vs Kibana
- Querying data from S3 : Athena or ?
- Lambda accessing a database from outside your VPC
- Private Hosted Zone in Route 53 to connect the routing of your multiple VPCs..
- Lambda@edge vs Lambda Functions
- Improving CloudFront performance (Cache Hit Rate?, Origin ?)
- Systems Manager Run command vs User Data Scripts vs ?
- S3 Standard Access vs Infrequent Access vs Intelligent Tiering vs Glacier vs Glacier Deep Archive
- Use cases for Provisioned IOPS vs Throughput Optimized IOPS vs General Purpose GP2
- DynamoDB , DynamoDB Accelerator (DAX) , DynamoDB StreamsStreams
- ElastiCache cluster (Redis vs. Memcached) based on criteria : performance vs cost etc.
- Lambda vs Simple Workflow (SWF) vs Step Functions
- AWS Storage Gateway and its offerings (Cached Volume vs Stored Volume vs File vs Tape Gateway)
- 6 R’s of Migration and their use cases i.e. Rehosting (lift-and-shift), Replatforming , Repurchasing, Refactoring / Re-architecting,Retire , Retain
- SCP vs IAM Policy vs Resource Policy vs Bucket Policy etc.
Make sure you go through whitepapers and FAQs:
- AWS Security Best Practices
- AWS Well-Architected Framework
- Architecting for the Cloud AWS Best Practices
- Practicing Continuous Integration and Continuous Delivery on AWS Accelerating Software Delivery with DevOps
- Microservices on AWS
- Serverless Architectures with AWS Lambda
- Optimizing Enterprise Economics with Serverless Architectures
- Running Containerized Microservices on AWS
- Blue/Green Deployments on AWS
- Amazon Simple Queue Service
- Amazon DynamoDB
- Amazon ElastiCache
- Amazon Kinesis
- AWS Lambda
- Amazon API Gateway
- AWS Elastic Beanstalk
- AWS Identity and Access Management
- AWS Key Management Service
Practice Resources :
This blog is a work in progress (WIP). Will add more tips/notes along the way.
Tariq Sheikh has been working in IT industry for 15 plus years He is a dual CCIEx26141 with Security,Collaboration and Data Center as his specialities as well as 4xAWS Certified . He is based in Dubai,UAE and his areas of expertise include Data Center technologies, Networking, Security and AWS solution architect