AWS Certified SysOps Administrator Official Study Guide

The AWS Certified SysOps Administrator Official Study Guide: Associate Exam is written by the AWS team of?Eli Schilling, Russell Sayers, Michael Roth, and Blaine Sundrud.

Foreword xix


Introduction xxi


Assessment Test xxvi


Chapter 1 Introduction to Systems Operations on AWS 1


Systems Operators 2


Deploying Systems 2


Monitoring Systems 2


Optimizing Systems 3


Fortifying Systems 3


Securing Systems 3


AWS Certified SysOps Administrator - Associate 4


Which AWS Services Should You Study? 4


Reference Architecture: The Three-Tier Design 5


Introduction to the Three-Tier Design 5


Sample Scenario 6


Reference Architecture: The Serverless Design 14


Key Product: Serverless Design 17


Summary 18


Exam Essentials 18


Key Pieces to Study 19


Review Questions 20


Chapter 2 Working with AWS Cloud Services 23


Introduction to AWS Cloud Services 24


Systems Operations Using the AWS Toolset 24


AWS Software Development Kits (SDKs) 30


AWS Internet of Things (IoT) and Mobile Software


Development Kits (SDKs) 33


Summary 34


Exam Essentials 35


Resources to Review 35


Exercises 35


Review Questions 38


Chapter 3 Security and AWS Identity and Access Management (IAM) 41


Security on AWS 43


Shared Responsibility Model 43


AWS Security Responsibilities 43


Customer Security Responsibilities 44


AWS Global Infrastructure Security 44


Physical and Environmental Security 46


Business Continuity Management 47


Network Security 48


Network Monitoring and Protection 49


AWS Compliance Program 50


Securing Your AWS Account with AWS Identity and Access Management (IAM) 51


IAM User 52


IAM Groups 56


IAM Policies 56


IAM Roles 57


Best Practices for Securing Your AWS Account 58


Securing Your AWS Cloud Services 59


Key Pairs 59


Monitoring to Enhance Security 62


AWS CloudTrail 62


Amazon Virtual Private Cloud (Amazon VPC) Flow Logs 62


Amazon CloudWatch 63


AWS Config 63


Amazon Inspector 64


AWS Certificate Manager 64


AWS Web Application Firewall (AWS WAF) 64


AWS Trusted Advisor 64


AWS Cloud Service-Specific Security 65


Compute Services 65


Networking 69


Storage 75


AWS Storage Gateway Security 80


Database 80


Application Services 88


Analytics Services 89


Deployment and Management Services 91


Mobile Services 92


Applications 94


Summary 95


Exam Essentials 96


Exercises 98


Review Questions 103


Chapter 4 Compute 107


Introduction to AWS Compute Services 109


Amazon Elastic Compute Cloud (Amazon EC2) 111


Implementation 111


Management 117


Security 122


Amazon EC2 Container Service (Amazon ECS) 123


Implementation 124


Management 124


Security 125


AWS Elastic Beanstalk 125


Languages Supported in AWS Elastic Beanstalk 126


Services that AWS Elastic Beanstalk Deploys 126


Management 126


Security 127


AWS Lambda 128


Implementation 128


Management 130


Security 130


Amazon Lightsail 130


Implementation 131


Management 131


Security 133


AWS Batch 133


Implementation 133


Management 135


Security 135


Summary 135


Exam Essentials 136


Resources to Review 139


Exercises 140


Review Questions 146


Chapter 5 Networking 151


Introduction to Networking on AWS 153


Amazon Virtual Private Cloud (Amazon VPC) 154


Amazon VPC Implementation 154


Amazon VPC Management 164


AWS Direct Connect 166


AWS Direct Connect Implementation 167


AWS Direct Connect Management 169


AWS Direct Connect Security 170


Load Balancing 171


Load Balancing Implementation 172


Load Balancing Management 176


Load Balancing Security 178


Virtual Private Network (VPN) 178


VPN Installation 178


VPN Management 179


Amazon Route 53 179


Amazon Route 53 Implementation 180


Amazon Route 53 Management 185


Amazon CloudFront 185


Amazon CloudFront Implementation 186


Amazon CloudFront Management 194


Amazon CloudFront Security 194


Summary 195


Resources to Review 195


Exam Essentials 196


Exercises 198


Review Questions 201


Chapter 6 Storage Systems 207


Understanding Different Storage Options 209


Block Storage vs. Object Storage 209


Block Storage Basics 210


Object Storage Basics 210


Retrieval Times (Hot vs. Cold Storage) 211


Cost Efficiency 211


Block Storage on AWS 212


Amazon Elastic Block Store (Amazon EBS) 212


Instance Store 221


Amazon Elastic File System (Amazon EFS) 222


Object Storage on AWS 224


Amazon Simple Storage Service (Amazon S3) 224


Amazon Glacier 230


Systems Operator Scenario: The Newspaper 232


Storage Needs 233


Solution Breakdown 233


Additional Storage Solutions 234


Amazon CloudFront 234


AWS Storage Gateway 235


AWS Snowball 235


Summary 236


Resources to Review 236


Exam Essentials 237


Exercises 239


Review Questions 244


Chapter 7 Databases 249


Introduction to AWS Databases 250


SQL vs. NoSQL 251


Relational Databases Overview 252


Relational Database Design 252


Non-Relational Database Overview 253


Amazon RDS Features and Benefits 254


Amazon Aurora 256


Monitoring Amazon RDS 278


Monitoring Tools 278


Amazon RDS Pricing 282


Non-Relational Databases 283


Amazon DynamoDB 283


Amazon DynamoDB Core Components 284


Amazon Redshift 292


Cluster Management 293


Cluster Access and Security 293


Databases 294


Monitoring Clusters 295


Amazon ElastiCache 296


Summary 298


Resources to Review 298


Exam Essentials 299


Exercises 300


Review Questions 307


Chapter 8 Application Deployment and Management 313


Introduction to Application Deployment and Management 314


Deployment Strategies 314


Provisioning Infrastructure 314


Deploying Applications 315


Configuration Management 315


Scalability Capabilities 318


Monitoring Resources 318


Continuous Deployment 319


Deployment Services 322


AWS Elastic Beanstalk 323


Amazon EC2 Container Service 325


AWS OpsWorks Stacks 328


AWS CloudFormation 330


AWS Command Line Interface (AWS CLI) 345


Summary 346


Resources to Review 347


Exam Essentials 347


Exercises 349


Review Questions 358


Chapter 9 Monitoring and Metrics 363


Introduction to Monitoring and Metrics 364


An Overview of Monitoring 364


Why Monitor? 364


Amazon CloudWatch 365


AWS CloudTrail 365


AWS Config 365


AWS Trusted Advisor 366


AWS Service Health Dashboard 366


AWS Personal Health Dashboard 367


Amazon CloudWatch 367


Metrics 369


Custom Metrics 369


Amazon CloudWatch Metrics Retention 370


Namespaces 371


Dimensions 372


Statistics 373


Units 374


Periods 374


Aggregation 375


Dashboards 376


Percentiles 376


Monitoring Baselines 377


Amazon EC2 Status Checks 378


Authentication and Access Control 379


AWS Cloud Services Integration 382


Amazon CloudWatch Limits 382


Amazon CloudWatch Alarms 384


Alarms and Thresholds 384


Missing Data Points 386


Common Amazon CloudWatch Metrics 386


Amazon CloudWatch Events 395


Events 396


Rules 397


Targets 397


Metrics and Dimensions 398


Amazon CloudWatch Logs 399


Archived Data 400


Log Monitoring 400


Amazon CloudWatch Logs: Agents and IAM 401


Searching and Filtering Log Data 403


Monitoring AWS Charges 406


Detailed Billing 407


Cost Explorer 409


AWS Billing and Cost Management Metrics and Dimensions 410


AWS CloudTrail 411


What Are Trails? 411


Types of Trails 411


Multiple Trails per Region 412


Encryption 412


AWS CloudTrail Log Delivery 412


Overview: Creating a Trail 413


Monitoring with AWS CloudTrail 413


AWS CloudTrail vs. Amazon CloudWatch 414


AWS CloudTrail: Trail Naming Requirements 414


Getting and Viewing AWS CloudTrail Log Files 414


AWS Config 417


Ways to Use AWS Config 418


AWS Config Rules 419


AWS Config and AWS CloudTrail 420


Pricing 421


Summary 421


Resources to Review 422


Exam Essentials 423


Exercises 425


Review Questions 438


Chapter 10 High Availability 441


Introduction to High Availability 443


Amazon Simple Queue Service 444


Using Amazon Simple Queue Service to Decouple an Application 444


Standard Queues 448


First-In, First-Out Queues 448


Dead Letter Queues 449


Shared Queues 449


Amazon Simple Notification Service 450


Mobile Push Messaging 451


Amazon SNS Fan-Out Scenario 451


Highly Available Architectures 452


Network Address Translation (NAT) Gateways 453


Elastic Load Balancing 453


Auto Scaling 454


Session State Management 455


Amazon Elastic Compute Cloud Auto Recovery 455


Scaling Your Amazon Relational Database Service Deployment 456


Multi-Region High Availability 457


Amazon Simple Storage Service 457


Amazon DynamoDB 457


Amazon Route 53 457


Highly Available Connectivity Options 463


Redundant Active-Active VPN Connections 463


Redundant Active-Active AWS Direct Connect Connections 465


AWS Direct Connect with Backup VPN Connection 466


Disaster Recovery 467


Backup and Restore Method 467


Pilot Light Method 468


Warm-Standby Method 470


Multi-Site Solution Method 470


Failing Back from a Disaster 471


Summary 472


Resources to Review 473


Exam Essentials 473


Exercises 474


Review Questions 478


Appendix Answers to the Review Questions 481


Chapter 1: Introduction to Systems Operations on AWS 482


Chapter 2: Working with AWS Cloud Services 483


Chapter 3: Security and AWS Identity and Access Management (IAM) 483


Chapter 4: Compute 485


Chapter 5: Networking 486


Chapter 6: Storage Systems 488


Chapter 7: Databases 490


Chapter 8: Application Deployment and Management 492


Chapter 9: Monitoring and Metrics 494


Chapter 10: High Availability 496


Index 499


Table of Exercises


Exercise 2.1 Install and Configure AWS CLI on Linux or Mac 36


Exercise 2.2 Install and Configure AWS CLI on Windows with MSI36


Exercise 3.1 Creating AWS Identity and Access Management (IAM) Users99


Exercise 3.2 Create IAM Credentials99


Exercise 3.3 Create IAM Groups100


Exercise 3.4 Working with IAM Policies.101


Exercise 3.5 Working with IAM Roles.101


Exercise 4.1 Create a Linux Instance via the AWS Management Console.141


Exercise 4.2 Create a Windows Instance via the AWS Management Console142


Exercise 4.3 Create a Linux Instance via the AWS CLI142


Exercise 4.4 Create a Windows Instance via the AWS CLI.143


Exercise 4.5 Inspect the AWS Service Health Dashboards143


Exercise 4.6 Use the Elastic IP Addresses144


Exercise 4.7 Work with Metadata144


Exercise 4.8 Attach an AWS IAM Role to an Instance145


Exercise 5.1 Create an Elastic IP (EIP)198


Exercise 5.2 Create an Amazon VPC 198


Exercise 5.3 Tag Your Amazon VPC and Subnets199


Exercise 5.4 Create an Elastic Network Interface (ENI)199


Exercise 5.5 Associate the ENI200


Exercise 5.6 Test Your ENI200


Exercise 5.7 Delete VPC200


Exercise 6.1 Create an Encrypted Amazon EBS Volume240


Exercise 6.2 Monitor Amazon EBS Using Amazon CloudWatch.240


Exercise 6.3 Create and Attach an Amazon EFS Volume.240


Exercise 6.4 Create and Use an Amazon S3 Bucket241


Exercise 6.5 Enable Amazon S3 Versioning242


Exercise 6.6 Enable Cross-Region Replication242


Exercise 6.7 Create an Amazon Glacier Vault242


Exercise 6.8 Enable Lifecycle Rules243


Exercise 7.1 Create a New Option Group Using the Console300


Exercise 7.2 Create an Amazon DynamoDB Table from the AWS CLI301


Exercise 7.3 Add Items to the Amazon DynamoDB Table MusicCollection Using the AWS CLI302


Exercise 7.4 Create a MySQL Amazon RDS DB Instance303


Exercise 8.1 Create an AWS Elastic Beanstalk Environment.349


Exercise 8.2 Manage Application Versions with AWS Elastic Beanstalk349


Exercise 8.3 Perform a Blue/Green Deployment with AWS Elastic Beanstalk350


Exercise 8.4 Create an Amazon ECS Cluster350


Exercise 8.5 Launch an Amazon EC2 Instance Optimized for Amazon ECS351


Exercise 8.6 Use Amazon ECR.352


Exercise 8.7 Work with Amazon ECS Task Definitions.352


Exercise 8.8 Work with Amazon ECS Services354


Exercise 8.9 Create an AWS OpsWorks Stack355


Exercise 8.10 Make a Layer in AWS OpsWorks Stacks.355


Exercise 8.11 Add an Amazon EC2 Instance to an AWS OpsWorks Stacks Layer356


Exercise 8.12 Add an Application to AWS OpsWorks Stacks 356


Exercise 8.13 Create an AWS CloudFormation Stack.357


Exercise 8.14 Delete an AWS CloudFormation Stack.357


Exercise 9.1 Search for Available Metrics425


Exercise 9.2 View Available Metrics for Running Amazon EC2 Instances by Namespace and Dimension Using the Amazon CloudWatch Console426


Exercise 9.3 View Available Metrics by Namespace, Dimension, or Metric Using the AWS CLI429


Exercise 9.4 List All Available Metrics for a Specific Resource.430


Exercise 9.5 List all Resources that Use a Single Metric430


Exercise 9.6 Get Statistics for a Specific Resource430


Exercise 9.7 Get CPU Utilization for a Single Amazon EC2 Instance from the Command Line433


Exercise 9.8 Create a Billing Alert. 435


Exercise 9.9 Create a Billing Alarm.435


Exercise 9.10 Create an Amazon CloudWatch Dashboard.436


Exercise 10.1 Create an Amazon SNS Topic475


Exercise 10.2 Create a Subscription to Your Topic475


Exercise 10.3 Publish to Your Topic 475


Exercise 10.4 Create an Amazon Simple Queue Service (Amazon SQS).476


Exercise 10.5 Subscribe the Queue to Your Amazon SNS Topic476


Exercise 10.6 Deploy Amazon RDS in a Multi-AZ Configuration477