Please enable JavaScript.
Coggle requires JavaScript to display documents.
AWS Associate Solution Architect (Exam) - Coggle Diagram
AWS Associate Solution Architect (Exam)
Domain 1: Design Secure Architectures
Domain 2: Design Resilient Architectures
Reliability
or
resiliency
is the ability of an application to avoid or to recover from failure
Availability
is the percentage of time that application is performing as expected
We should define
Availability
beforehand, because every architecture decision ties to
Availability
Service Level Agreement
(SLA) is calculated Availability for AWS services
Loose Coupling
One component doesn't depend on specific component
URL point not to specific EC2 but to ELB
Redundancy
->
Loose Coupling
->
Availability
We can scale resource independently without hurting
Availability
Microservices Architecture
Benefits
Easier to update
Scalability
Availability
Simple Queue Service
(SQS) can enable
Loose Coupling
Containers
Great for microservice
AWS ECS service
can configure elastic load balancer
Cloud native application
is the application that is depends on cloud solutions that cannot be on premises like
SQS
, S3 or DynamoDB
serverless lets you think about servers less
Advantages
Scalability
Performance
Convenience
Disadvantages
you are locked in with one cloud vendor
slightly lower availability
Trusted Advisor
Service limits
we can't reach 100% availability using more redundant resources because there are service limits
limits are
per
region
Summary
To design an Architecture you need to think about
availability
. Availability is not cheap. So we need to balance availability and cost to hit a sweet spot.
availability is achievable with
redundancy
loose coupling
improves performance
improves availability
to calculate
availability of redundant components
multiply failure rate of each component and subtract this from 100%
to calculate the
availability of hard dependencies
just multiply the availability of components together.
Containers are cool
service limits
SQS is used for loose coupling
setting up aws env
AWS Budget
set up the budget to save money
we can configure billing alerts with
CloudWatch
or
AWS Budgets
will not shut down anything if budget is exceeded
IAM
root user principal
is the first user after fresh created AWS account
can do
anything
IAM principal
can be restricted
MFA (multi factor auth)
CloudTrail
event history can show every action done in 90 days
Amazon Certificate manager
route53
Building VPC Networks
AWS Transit Gateway
is service that provides with ability to connect different VPC, on premises server through one gateway, transit gateway
Direct Connect
well ye, dedicated connection from on prem to aws cloud
Elastic IP Address
EIP
is bound to
Elastic Network Interface
that is attached to EC2
You can move
EIP
to different
ENI
if we assign
EIP
to
EC2
that already has public IP,
EIP
will replace public IP
Types:
Amazon own
you get a random IP
customer own
You get your ip, you can transfer it to AWS
this is reserved
public
address that you can release when you want. And it is tied to
region
Global Accelerator
provides two anycast IPv4 addresses
not tied to
region
advertised from
points-of-presense (
POP) around the world
connections to global accelerator can be forwarded to nearest AWS region or to any region
Decouples
IP address from region
NAT gateway
AWS Shield Standard - protects from DDos atacks
Connectivity options
AWS Direct Connect
dedicated direct connection
1-10 Gbps
Direct connection hosted connection
50 Mbps to 10 Gbps
VPN
have two options
transit gateway
like a router, can connect on prem to VPC and VPC to VPC and all of that stuff
scale well. in general is cooler than virtual private gateway
you can control how traffic goes to and fro with Transit Gateway Routing Table
supports
multicast???
peering connection for other region connection
virtual private gateway
doesn't scale well
one gateway one connection with one VPC
unpredicted latency of internet
Encrypted with
IPsec
CloudFormation
templates
stack
Application Load Balancer
Multi-region application with Route 53
active-active
redundancy using Weighted Resource Records
weighted routing
is when there is one domain that distribute traffic to multiple resource
one domain points to
two
active regions (active-active)
active-passive
redundancy using failover resource records
we have
primary
region and
backup
region. Our traffic goes to primary but when something occurs then it is forwarded to backup. Backup is
passive
and primary is
active
Pilot light
is low resource architecture replica. it can scale out the resource when needed
Warm standby
near replica of
primary
. It costs more than
pilot light
Route 53 health checks
can work as Elastic Load Balancer
cost effective (poors man elb)
Domain 3: Design High-Performing Architectures
Domain 4: Design Cost-Optimized Architectures