PartnerCast - Solutions Architect Associate - Ver2 - 2

Bem vindos a
AWS Training &

Certification
AWS Certified Solutions Architect
Associate Exam
Guilherme Hasse
AWS Partner Trainer
guilheh@amazon.com
Agenda de hoje
Seção 1 Seção 2
 Primeiros passos com certificações AWS  Conteúdo para prova
 Sobre o exame  O que esperar de perguntas
 Dicas , Q&A
 Como se registrar para prova
 Como adicionar +30min ao tempo de prova
 Recursos para estudo
© 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 2
AWS Certification
Passo zero+
aws.training
 Tenho uma conta APN ?
 Tenho uma conta de T&C ?
 Tenho uma conta Free Tier ?
Good to Go! ---->

Primeiros passos
aws.amazon.com/certification/
Sempre veja os documentos:
Guia do Exame Exemplos de Perguntas
AWS Certified Associate SAA-C01
Sobre o exame
Multiple-responses:
• 130 minutos What are AWS services? :
• US$ 150,00 ( • ) IAM

( • ) CloudFront
( ) AWS Games
• Resultado Imediato
( ) ForCloud
( ) Discovery Tiers
• Score : 100 a 1000. Mínimo 720 PASS.
Multiple-Choice:
• 65 questões.
CloudFront Service Infrastructure:
( • ) EdgeLocations
Respostas não respondidas = incorreto. ( ) Data Centers
Sem penalidades para incorretas. ( ) AWS Transceivers
( ) Cloud Content
© 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
( ) External DNS 7
Sobre o exame
• Conteúdo principal:
Faça download do Guia do Exame

https://aws.amazon.com/certification/certified-solutions-architect-associate/
O que a prova pede
• Experiência:
• Serviços de computação, redes, armazenamento, BD’s
• Serviços de implantação e gerenciamento
• Projetos de arquitetura de sistemas distribuidos, econômicos, tolerantes a falhas, escaláveis
• Identificar e definir:
• Requisitos técnicos para aplicativos
• Quais serviços cumprem determinada função
• Aspectos de segurança e compliance
• Características básicas de implementação e operação
• Compreensão:
• Diferentes arquiteturas em AWS (HA,DR,FT)
• Infraestrutura global da AWS
• Tecnologias de rede e segurança
• Billing, account management, e modelos de precificação
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 9
Certifications Path
U$ 100,00 U$ 150,00 U$ 300,00

Cloud Practitioner 90min +1 ano 130min 170min
>6 meses Experiência prática

Descrever princípios básicos Identificar e definir
+2 anos
Conhecer os pilares … Compreensão
Experiência prática CLI, API, CF
Identificar modelos $, doc , sup. Melhores práticas
Projetar e implantar
Migrar aplicativos complexos
Associate Solutions Architect Projetar aplicativos (W.A.F.)
Professional Solutions Architect
Question Navigation
Flags, Timer
Item Navigation
# State Flagged Item text
NDA Answered By Taking this exam, you agree to the AWS Certification Program Agreement governing our Certifica…
1 Answered You have a car that gets 25 miles to the gallon. The gas tank holds 12.5 gallons. You have already…
2 Answered The subscription to a magazine is $14 per year, which covers 12 issues. If you cancel your subscription…
3 Answered You are planning a drive of 300 km and want to arrive by 5:00 pm. If the speed limit is…
4 Answered A stone is dropped from a helicopter 5000 feet in the air. If gravity is 32.2. ft/s2, when will the…
5 Answered How many 1 gallon buckets of paint will be needed to paint the walls of a room 10’ x 15’ if the…
6 Unanswered A jar of pickles is 16 cm tall and 12 cm in diameter. If the inside of a refrigerator is .5 m x .75m x …
7 Answered Johnny must be 4 feet tall to ride the roller coaster. Johnny is 6 years old and 3 feet 6 inches tall…
8 Answered A loop of spring is wrapped tightly around the earth. If the string is lengthened by 6 cm, how…
9 Answered John has 3 more apples than Sue. Sue gas twice as many apples as Danielle. How many…
Estratégias Gerais
01 Leia a pergunta e resposta na sequencia.
02 Identifique as funcionalidades mencionadas nas respostas.
Identifique texto na pergunta que direcione certo serviço AWS.

03
Exemplos: required IOPS, data retrieval times, user management
Preste atenção em frases qualificativas

04 Exemplos “in the most cost-effective way,” “will best fulfill”, “more
performance”
Estas frases podem eliminar algumas respostas
05 Elimine respostas obviamente erradas ou fora de context.

Como se registrar para prova
aws.training > Certification
Adicionar 30min
Países não nativos na língua inglesa têm direito a adicionar 30min ao tempo de prova.
Tempo padrão: 130min
Tempo estendido: 160min
Deve ser realizado antes de agendar a prova. Auto aprovado; 1x somente.
Como fazer isso ?

Vá no portal de certificação (passo anterior)
Adicionar 30min
Recursos para estudo
Treinamentos Online
1- AWS Technical Professional (Digital) aws.training
2- AWS Business Professional (Digital)
3- Exam Readiness: AWS Certified Solutions
Architect – Associate (Digital)
Whitepapers da AWS
Architecting for the Cloud: AWS Best Practices
Disaster Recovery on AWS
AWS Security Best Practices
Docs da AWS
EC2, EBS, S3, VPC, ELB, RDS, Route53, SQS…
AWS support plans
LABS em aws.qwiklabs.com
Disponível em aws.training
Treinamentos Presenciais
 STP Foundations Technical (1dia)  Technical Essentials (1 dia)

 STP Migration Technical (1 dia)  Architecting on AWS (3dias)
 Advanced Architecting on AWS (3 dias)
 Simulado online US$ 20,00
Seção 2
 Conteúdo para prova
 O que esperar de perguntas
 Dicas , Q&A
Seção 2 – Conteúdo para prova
Domain 1: Design – Arquiteturas Resilientes
Domain 2: Define – Arquiteturas de Alto Desempenho
Domain 3: Specify – Arquiteturas e Aplicações Seguras
Domain 4: Design – Arquiteturas Otimizadas para Custos
Domain 5: Define – Arquiteturas de Excelência Operacional
AWS Highly Available Global Infrastructure
21 64 160
Geographic Availability Edge
Regions Zones Locations
Region
Interconnected using
high-speed private links
AWS Availability Zone (AZ)
AZ
AZ
Independent failure zone
AWS Cloud Hierarchy
Global Services > Regional > VPC > AZ > Host
 Conheça o escopo de funcionamento dos serviços:
Route 53 – DNS
CloudFront , IAM
Buckets S3
Região AMI Images
EBS Snapshots
Instances EC2/RDS
AZ Volumes EBS
Containers
Host Host applications

Anti-virus, Licenses
Domain 1: Arquiteturas Resilientes
1.1 Armazenamento resiliente
1.2 Mecanismos de desacoplamento
1.3 Design de arquiteturas multi-tier
1.4 Design de arquiteturas HA, DR
Armazenamento Persistente e Efêmero
EBS vs Instance Store
Window Svr
SSD HDD
gp2 io1 st1 sc1 SSD_1 SSD_2 SSD_N

General Provisioned Throughput Cold
Purpose IOPS Optimized HDD
SSD SSD HDD
Elastic Block Store
Diferentes tipos
Encriptação
Snapshots
Capacidade Provisionada
Ciclo de vida independente da EC2
Múltiplos volumes combinados em RAID 0 (stripe)
Elastic Block Store
Solid-State Drives (SSD) Hard disk Drives (HDD)

Volume Type General Purpose SSD (gp2) Provisioned IOPS SSD Throughput Optimized HDD Cold HDD
(io1) (st1) (sc1)
Use Cases • Recommended for most • Critical business • Streaming workloads • Throughput-oriented storage
workloads applications that require requiring consistent, fast for large volumes of data
• System boot volumes sustained IOPS throughput at a low price that is infrequently accessed
• Virtual desktops performance, or more • Big data • Scenarios where the lowest
• Low-latency interactive than 10,000 IOPS or 160 • Data warehouses storage cost is important
apps MiB/s of throughput per • Log processing • Cannot be a boot volume
• Dev and test volume • Cannot be a boot volume
environments • Large database workloads
Volume Size 1 GiB - 16 TiB 4 GiB - 16 TiB 500 GiB - 16 TiB 500 GiB - 16 TiB
Max. IOPS/Volume 16.000 64.000 500 250
Max. Throughput/Volume 250 MiB/s 1.000 MiB/s 500 MiB/s 250 MiB/s
Dominant Performance IOPS IOPS MiB/s MiB/s

Attribute
Material de Estudo
FAQ – EBS
Whitepaper – AWS Storage Services Overview
Lab - Introduction to Amazon Elastic Block Store (EBS)
Amazon EC2 Instance Store
Sample Exam Question
A database is running on an EC2 Instance. The database software

has a backup feature that requires block storage.
What storage option would be the lowest cost option for the backup data?
A. Amazon Glacier
B. EBS Cold HDD Volume
C. Amazon S3
D. EBS Throughput Optimized HDD Volume
A database is running on an EC2 Instance. The database software

has a backup feature that requires block storage.
What storage option would be the lowest cost option for the backup data?
A. Amazon Glacier
B. EBS Cold HDD Volume
C. Amazon S3
D. EBS Throughput Optimized HDD Volume
E sobre o EFS ?
• File storage in the AWS Cloud

• Storage compartilhado
• File System de escala de Petabyte
• Capacidade elástica, pay-per-use
• Suporta NFS v4.0 e 4.1 (NFSv4)
• Compatível com instâncias Amazon EC2 Linux
• Dica: fique atento a cross-AZ access quando for criar mount target em somente 1 AZ
EFS Solution
Somente é possível utilizar um EFS file

system em uma VPC por vez.
Se o IP do mount target for alterado,

qualquer montagem de file system deve
ser refeito.
Amazon S3
Classes de Armazenamento – Std, IA, IA-1Z, DA

Encryption (data at rest) – SSE-S3, SSE-KMS, SSE-C
Encryption (data in transit) – HTTPS
Versionamento
Escopo regional
Replicação multi-AZ -> Eventualmente consistente
S3 bucket
Amazon S3 Glacier
99.999999999% durability of objects over a given year
 Arquivamento de longo prazo

 Baixo custo.
 Dados são extraídos pela execução de ‘retrieval jobs’.
Ready to download!
 Object ID 001
 Object ID 025 ID 001 ID 025 ID 150
 Object ID 150
 Object ID 400 Archive retrieval job
….
 Expedited: 1~5min
ID 400
 Standard: 3~5hs
 Bulk: 5~12hs
Material de Estudo
Amazon Glacier Documentation
FAQs – EFS, S3, Glacier, CloudFront
Lab - Introduction to Amazon Simple Storage Service (S3)
Lab - Introduction to Amazon Elastic File System (EFS)

Desacoplamento – Saúde dos Componentes
Web Server
X X Email Service
X
Email Server

Web Server
X
Email Service
X
Email Server
Desacoplamento para Escalabilidade
Amazon
Web Server Logging Service DynamoDB
Web Server Amazon

DynamoDB
Logging Service
Push-based vs Pull-based
SNS SQS
Notificação Mensageria
Push Based - SNS
Push é EMPURRAR !!!
 Message Filtering
dwell time = Tpub. - Tpush  Message Fanout
 SNS VPC endpoint
 Message Delivery Status
Pull Based - SQS
Pull é PUXAR !!!
 Def. message retention period: 4 dias
 Visibility Timeout: 30 seg.
 MaximumMessageSize: 1KB > 256KB
 ReceiveCount > maxReceiveCount -> DLQ
 Dead-letter queue
 SQS Long Polling : evitar GET zerado

Informações das filas são consumidas.
SQS Queues
Material de Estudo
Study Guide Chapter 8

SQS FAQs
ELB FAQs
ELB Documentation
EIP FAQs
Route 53 Documentation
Which of the following AWS services facilitate the implementation

of loosely coupled architectures? (Select TWO.)
A. AWS CloudFormation
B. Amazon Simple Queue Service
C. AWS CloudTrail
D. Elastic Load Balancing
E. Amazon Elastic MapReduce
Arquiteturas Resilientes
Alta Disponibilidade
• O sistema continuará a funcionar apesar da falha completa de qualquer componente da arquitetura.

• Refere-se à redundância conjunta dos componentes de uma solução.
• É uma medida do uptime do sistema. (SLA).
Tolerância a Falhas
• Capacidade de um sistema permanecer em funcionamento mesmo quando alguns dos componentes usados para
construir o sistema falham.
• Refere-se à redundância interna dos componentes de uma solução.
• Pode haver queda no desempenho quando os componentes do sistema falharem.
Como desenvolver arquiteturas com HA na AWS
• Utilize multi-AZ e outras regiões.

• Use Auto Scaling.
• Evite ‘single point of failures’.
• Aproveite os serviços com alta disponibilidade, como:
• Multi-AZ Amazon RDS
• Amazon Simple Storage Service (S3)
• Elastic Load Balancing
• Amazon DynamoDB
• Amazon Simple Queue Service (SQS)
• AWS Lambda
CloudFormation
• Declarative programming language for deploying AWS resources.

• Uses templates and stacks to provision resources.
• Create, update, and delete a set of resources as a single unit (stack).
AWS CloudFormation
Create/delete AWS
resources
Create/delete
Template Stack
- Basic definition of - Collection of AWS
resources to create resources
- JSON text file
Domain 2: Arquiteturas de Alto Desempenho
2.1 Escolha de storage e databases de alta performance
2.2 Utilização de cache para melhorar performance
2.3 Design de soluções com elasticidade e escalabilidade
Amazon EBS Volume Types
Solid-State Drives (SSD) Hard Disk Drives (HDD)

Throughput-
General Purpose Provisioned IOPS Cold
Optimized
Max volume size 16 TiB 16 TiB 16 TiB 16 TiB
Max IOPS/volume 16.000 64.000 500 250
Max throughput/volume 250 MiB/s 1.000 MiB/s 500 MiB/s 250 MiB/s
Como incrementar performance em volumes EBS?

Amazon S3 Buckets
Amazon S3
To upload your data (photos, videos, documents):
1. Create a bucket in one of the AWS Regions.
2. Upload any number of objects to the bucket.
Bucket
http://bucket.s3.amazonaws.com
Virtual hosted-based URLs
[bucket name]
http://bucket.s3-aws-region.amazonaws.com
Object
Preview2.mp4 https://s3-ap-northeast-1.amazonaws.com/[bucket name]/Preview2.mp4
Tokyo Region
(ap-northeast-1) Key
Key Amazon S3 Features
Event Cross-region VPC endpoint

notifications replication for Amazon S3
• Amazon CloudWatch Expired object Incomplete

Lifecycle policy
metrics for Amazon S3 delete marker multipart
upload expiration
• AWS CloudTrail support
Amazon S3: Payment Model
Pague apenas pelo que usar

• GBs por mês
• Transfer out da região
• PUT, COPY, POST, LIST, and GET requests
Free of charge
• Transfer in to Amazon S3
• Transfer out from Amazon S3 to Amazon CloudFront or the same region
Medimos seu uso de armazenamento em Tempo Armazenado: “ByteHrs”

Ex: 100GB (107,374,182,400 bytes) de dados no Amazon S3 Standard por 15 dias
Total Byte-Hour usage = [107,374,182,400 bytes x 15 days x (24 hours / day)]
S3 Storage Tiers
Durable
“Hot” Data 99.999999999%
Active and/or
Temporary Data
$0.023/GB per month > 0K ≥ 0 Days
S3 Available
S3: 99.99%
$0.0125/GB per month ≥ 128K ≥ 30 Days S3-IA: 99.9%
“Warm” Data
Infrequently
L
Accessed Data $0.01/GB retrieval if
S3-IA Performant
e Low Latency
High Throughput
“Warm” Data
$0.0125/GB per month ≥ 128K ≥ 30 Days c
Infrequently
Accessed Data $0.01/GB retrieval y Scalable
S3-IA-1Zone c Elastic capacity
No preset limits
l
e
“Cold” Data $0.004/GB per month > 0K ≥ 90 Days
Archive and
Compliance Data
$0.01/GB retrieval > 5% 3 – 5 Hrs
Glacier
Amazon Databases
Amazon Relational Amazon Amazon

Database Service DynamoDB Redshift
Amazon RDS – Relational Database Service
• Relational Databases
• Self Managed Service
• Rotinas automatizadas
Amazon
Amazon • Seguro, escalável, simples de usar Aurora
RDS • Baixo custo, pague por uso
Amazon Aurora
• Roda sobre o RDS
• Compatível com MySQL e PostgreSQL
• Até 64TiB de auto-scaling SSD
• Data Backup automático (1*-35 dias)
• Até 15 Read Replicas
• Monitoramento Automático e failover em menos de 30 seg.

RDS Read Replicas
Amazon RDS Amazon RDS

read replica read replica
Amazon RDS Amazon RDS

master standby
Availability Availability
Zone A Zone B
Cross-Region Read Replicas
Choose cross-region read replicas for faster disaster recovery and enhanced data locality
• Promote a read replica to a master for

faster recovery in the event of disaster
• Bring data close to your customer’s

applications in different regions
DynamoDB: Provisioned Throughput
Alocação de recurso computacional baseado em capacidade de throughput

(read/write)
• Read capacity unit (para um item de até 4 KB in size)

• One strongly consistent read per second
• Two eventually consistent reads per second
• Write capacity unit (para um item de até 1 KB in size)

• One write per second
Amazon CloudFront
Use case and benefits

Content - static and dynamic
Origins - S3, EC2, ELB, HTTP servers
Protect private content
Improve security
AWS Shield Standard and Advanced
AWS WAF
Memcached vs. Redis
Memcached Redis
Multithreading Support for data structures
Low maintenance Persistence
Easy horizontal scalability Atomic operations

with Auto Discovery Pub/sub messaging
Read replicas/failover
Cluster mode/sharded clusters
Memcached vs. Redis
Memcached Redis
Sub-millisecond latency Yes Yes

Developer ease of use
Yes Yes
Data partitioning Yes Yes
Support for a broad set of programming languages Yes Yes
Advanced data structures - Yes

Multithreaded architecture Yes -
Snapshots - Yes
Replication (Read Replicas) - Yes
Transactions
- Yes
Pub/Sub - Yes
Lua scripting - Yes
Geospatial support
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. - Yes 61
Vertical Scaling vs. Horizontal Scaling
Vertical scaling Horizontal scaling

(Scale up and down) (Scale out and in)
Change in the specifications of instances (more CPU, Change in the number of instances (add and
memory)
remove instances as needed).
Small Xlarge
EC2 Auto Scaling
• Crescimento horizontal de instâncias CPU utilization triggers the alarm: capacity is doubled until
• Provisiona e Deprovisiona CPU utilization drops below 60% or max capacity is reached.
• Garante High Availability
• Redução de custos. Demanda=Consumo
• Min. = 2, Max. = 12
• Políticas de crescimento
• CPU, Memory, Volumes, etc.. Auto Scaling group
Availability Zone 1 Availability Zone 2
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Como Auto Scaling funciona?
What Where When

Auto Scaling
AMI EC2
policy
1 2 Specifies when to increase or

3 decrease Amazon EC2
Launch Auto Scaling instances based on
configuration group CloudWatch alarms.
Auto Scaling group defines:

• Name Scheduled action
• Launch configuration name
• Min and Max
• AZ or subnet Tells Auto Scaling to perform a
• Load balancer scaling action at a certain time
• Desired capacity
• Etc.
in the future (minimum,
maximum, and desired size for
the ASG).
CloudWatch Metrics
Know what CloudWatch can monitor

CPU
Network
Queue Size
Understand CloudWatch Logs
Understand the difference between default and custom

metrics
Elastic Load Balancing
Traffic
Elastic Load Balancing
 Health Checks
 Sticky Sessions
 Association with Auto Scaling group and
 Auto Scaling ELB Health Check
EC2 EC2
Availability Availability
Zone A Zone B
Application Load Balancer:
How It Works
• Register instances as targets in a

target group, and route traffic to a
target group.
• Load balancer routes request at the
Application layer (HTPP/HTTPS).
Load balancer
Rule Listener Rule Listener Rule
Target Target Target Target Target Target Target

Health Health
Target Group Check
Target Group /api Check
Target Group /mobile Health
Check
67
Load Balancer Comparison
Feature Classic Application Network

Load Balancer Load Balancer Load Balancer
Protocols TCP, SSL, HTTP, HTTPS HTTP, HTTPS TCP
Platforms EC2-Classic, VPC VPC VPC

Cross-zone load
Yes Yes Yes
balancing
Logging Yes Yes Yes
Path-based routing No Yes No
Sticky sessions No Yes No
Static IP No No Yes
68
Instance Metadata & User Data
• To view all categories of instance metadata from

within a running instance, use the following URI:
http://169.254.169.254/latest/meta-data/
• On a Linux instance, you can use:

$ curl http://169.254.169.254/latest/meta-data/
$ GET http://169.254.169.254/latest/meta-data/
• User data – passed only at launch

• Linux script – executed by cloud-init
• Windows batch or PowerShell scripts – executed by EC2Launch #!/bin/sh
service
yum -y install httpd
chkconfig httpd on
/etc/init.d/httpd start
Where to Fill Your Gaps
Study Guide Chapter 5

Auto Scaling Qwiklab
ELB FAQs
CloudWatch FAQs
Auto Scaling Group FAQs
Domain 3: Arquiteturas e Aplicações Seguras
3.1 Como proteger camadas de aplicações
3.2 Como proteger os dados
3.3 Definir a infraestrutura de redes para uma aplicação single VPC
Service Specific Security
Guest OS+Top App. Service Security
Firewall rules (sec.group, NACL) AWS builds security into every layer of the AWS
infrastructure and also into each of the services
Administrative Security - IAM available on the infrastructure.
Host OS , Virtualization Security

EC2 instance
DC Physical Infrastructure Security
…
RDS Application Load Amazon Amazon
Balancer S3 DynamoDB
72
Platform Security Services
AWS também desenvolveu serviços específicos de segurança e monitoração.
Procure conhecer esses serviços para o exame:
Security & Compliance Management & Operation
Amazon AWS AWS

IAM AWS Shield AWS WAF AWS Artifact Amazon CloudWatch
Cloud Directory CloudTrail Config
AWS
MFA token
CloudFormation
Support & Services
Technical Account
Manager (TAM)
Enterprise
Business B
E
AWS N
Developer
Service E
Levels F
Basic I
T
AWS Support Plans S
Shared Responsibility Model
https://aws.amazon.com/pt/compliance/shared-responsibility-model/
Depende do tipo de serviço contratado. Compare um managed service (RDS) vs Instância EC2.
Customer Data
Platform, Applications, Identity and Access Management

Customer
Responsible For
Security “IN” The Operating System, Network, and Firewall Configuration
Cloud
Client-Side Data Encryption and Server-Side Encryption (File System Network Traffic Protection
Data Integrity Authentication and Data) (Encryption/Integrity/Identity)
Compute Storage Database Networking
Responsible For Regions

AWS
Security “OF” The

Cloud AWS Global
Edge Locations
Infrastructure
Availability Zones
Shared Responsibility Model is not Static
• Pode ser diferente baseado na tecnologia utilizada.
Infrastructure Services Container Services Abstracted Services

Amazon EC2 –Remote Access
At the moment of creation of the instance it is defined which key-pair will be used to access the instance.
“A key pair consists of a public key that AWS stores, and AWS
a private key file that you store.”
SSH – Command Line

TCP port 22
Private Key
Public Key
Administrator RDP – Remote Desktop
TCP port 3389
AWS Identity & Access Management
• A core AWS security service

• Create and manage AWS users, roles and groups
• Manage fine-grained access control to AWS resources
• Control what operations a user or service can perform
• Integrates with Microsoft Active Directory using SAML identity federation and AWS Directory
Service (AD Connector)
• Allows scalable, consistent security and auditability
• Multi-factor authentication for highly privileged users
https://aws.amazon.com/iam/
AWS Principals
Account Owner ID (Root Account)

• Access to all subscribed services.
• Access to billing.
• Access to console and APIs.
• Access to Customer Support.
IAM Users, Groups and Roles

• Access to specific services.
• Access to console and/or APIs.
• Access to Customer Support (Business and Enterprise).
Temporary Security Credentials

• Access to specific services.
• Access to console and/or APIs.
IAM Recap
• Users and Groups

• Password for console access
• Policies to control access to AWS APIs
• Access Key ID + Secret Access Key
• Multifactor Authentication
• Roles and Policies

• Don’t hardcode access keys
• Use roles for instances where possible
• IAM Access Advisor

AWS IAM Policy Assignment
Assigned Assigned
IAM Policy
IAM User
IAM Group
Assigned
Assumed Assumed
AWS Resources
IAM User IAM Roles
Amazon VPC
Amazon Implicit Internet Customer Virtual VPN VPC

VPC Router gateway gateway private connection peering
gateway
• Provision a logically isolated section of the AWS cloud

• Control your virtual networking environment
• Subnets
• Route tables
• Security groups
• Network ACLs
• Connect to your on-premises network via VPN or Direct Connect
• Control if and how your instances access the Internet
5 VPC’s por região

Amazon VPC Example
Internet Customer
Network
Internet Virtual
gateway private
gateway
R
Web server VPC NAT

Gateway App Server
DB server
Web server App Server DB server

Public subnet Private subnet VPN-only subnet
Visão Geral VPC
Security Groups vs. Network ACL
Security Groups Access Control Lists

Access Type Specify a port, protocol, source Specify a port,
IP protocol, source IP
Rules Explicit Allow only Explicit Allow or Deny
State Stateful Stateless
Application Applied to ENIs Applied to subnets
Association Associated with single VPC Associated with single
VPC
Supports VPC and EC2 Classic VPC only
5 Security Groups por ENI 200 subnets por VPC

Material de Estudo
VPC Fundamentals video

Bastion Hosts
VPC User Guide
Dicas – Domain 3 Security
Restringir acesso ao usuário root
Security groups permitem apenas regras de allow.
Network ACLs permitem regras de allow e deny explícito.
Prefira o uso de IAM Roles.

Domain 4: Arquiteturas Otimizadas para Custos
4.1 Determinar como projetar armazenamento otimizado para custos
4.2 Determinar como projetar computação otimizada para custos
Composição de custos _ EC2
• Instâncias EC2 são cobradas somente em estado ‘running’.
• Linux & Ubuntu são cobradas por ‘segundo‘, mín 60s.
• Windows cobradas por hora cheia.

Reg. Y
Internet
out Reg.Y $
out $ out $
AZ-1 AZ-2
In/out Free In/out $0.01/GB
Reg. X
Amazon EC2 Amazon EC2 Amazon EC2
Composição de custos _ EC2
• 1 Elastic IP associado a running instance sem custos.

• Detailed monitoring habilitado.
• Tenancy (Shared , Dedicated Host, Dedicated Instance)
• Pricing Options
Amazon EC2 – Opções de compra
On-Demand Reservada Spot

Pague por capacidade Compromissos de 1 ou 3 anos e Spare EC2 capacity at savings
computacional por segundo receba um desconto sobre of up to 90% off On-Demand
sem compromissos de longo valores On-Demand prices
prazo
Committed, steady-state Fault-tolerant, dev/test, time-
Spiky workloads, sizing flexible, stateless workloads
https://aws.amazon.com/pt/ec2/pricing/
Composição de custos _ S3
01. Storage class Standard, Infrequent Access, IA-1Z, Glacier, …

S3
02. Storage Bytes armazenados. Detalhes do IA e Glacier
03. Requests PUT/COPY/POST/LIST/GET/SELECT
04. Data transfer
01. Volumes gp2, io1, sc1, st1

EBS
02. Input/output operations per second (IOPS) io1
03. Snapshots $0.05 per GB-month
04. Data transfer
Arquiteturas Serverless
Perceba as oportunidades de reduzir custos com arquiteturas serverless
AWS Lambda Amazon S3 Amazon DynamoDB Amazon API Gateway

Dicas – Domain 4
• Se o workload for de uso constante utilize Reserved Instances.
• Utilize o serviço de storage e sua classe mais eficiente.
• Conheça sobre billing dos principais serviços.
Domain 5: Arquiteturas de Excelência Operacional
5.1 Escolha funcionalidades em soluções que possibilitem excelência operacional
AWS Services Supporting
Operational Excellence
AWS Config AWS CloudFormation AWS Trusted Advisor
VPC Flow Logs AWS Cloud Trail

AWS Inspector
AWS Trusted Advisor?
A service providing guidance to help you reduce cost,

increase performance, and improve security
AWS CloudWatch
 Provides operational visibility.
 Monitoring and Alarm Service.
 Dashboard of consumptions reading.
 Can be used for Cost Management.
 Integrated with various AWS services.
AWS CloudWatch - Alarms
Define Metric Define Triggers Define Notifications
1. Who 2. When 3. Warn/Perform…
1. SNS Notification
o EBS 2. Autoscaling Action

web app
server o S3
o RDS
Instância EC2
o …
( 3. EC2 Action )*
*only if Metric=EC2
AWS CloudTrail
Who did that?!

 CloudTrail provides the event history of AWS account activity.
 Permits governance, compliance, audit.
 Logs API calls.
 Security analysis.
 Tracking of resource changes.
 Problems solution.
AWS Config
 Monitor and record change logs in your AWS resource settings.
 Resources Inventory.
 'Out of standard' changes triggers SNS notifications.
Amazon
AWS Config
Amazon
EC2 EBS
Amazon AWS
VPC CloudTrail
Ferramentas para Migração
 Server Migration Service

VMware AWS
 Database Migration Service

Source DB Target DB
• Offline transfer
 Snowball • Size: 50TB, 80TB, 100TB.
• Time to transfer in low bandwidth uplinks.
To-Do
 Saiba o que é a prova.
 Increva-se nos treinamentos STP.
 Entre no site AWS e leia sobre os pricipais serviços aws.amazon.com
 Use a console!!! Realize os labs auto-guiados.
 Realize o Exam Readiness online – AWS Certified Solutions Architect – Associate (Digital).
Perguntas e Respostas
DÚVIDAS ?
Mande sua dúvida pelo CHAT.
Boa sorte!
Por favor inscrevam-se:

 Treinamentos STP OBRIGADO!
 Workshops, PartnerCasts
Guilherme Hasse
guilheh@amazon.com

PartnerCast - Solutions Architect Associate - Ver2 - 2

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

PartnerCast - Solutions Architect Associate - Ver2 - 2

Enviado por

Direitos autorais:

Formatos disponíveis

Bem vindos a

AWS Training &

 Sobre o exame  O que esperar de perguntas

 Como adicionar +30min ao tempo de prova

 Recursos para estudo

 Tenho uma conta APN ?

 Tenho uma conta de T&C ?

 Tenho uma conta Free Tier ?

Good to Go! ---->

Guia do Exame Exemplos de Perguntas

• 130 minutos What are AWS services? :

• US$ 150,00 ( • ) IAM

Faça download do Guia do Exame

U$ 100,00 U$ 150,00 U$ 300,00

>6 meses Experiência prática

Professional Solutions Architect

01 Leia a pergunta e resposta na sequencia.

02 Identifique as funcionalidades mencionadas nas respostas.

Identifique texto na pergunta que direcione certo serviço AWS.

Preste atenção em frases qualificativas

05 Elimine respostas obviamente erradas ou fora de context.

aws.training > Certification

Tempo padrão: 130min

Tempo estendido: 160min

Deve ser realizado antes de agendar a prova. Auto aprovado; 1x somente.

Como fazer isso ?

 STP Foundations Technical (1dia)  Technical Essentials (1 dia)

 Simulado online US$ 20,00

 O que esperar de perguntas

Domain 1: Design – Arquiteturas Resilientes

Domain 2: Define – Arquiteturas de Alto Desempenho

Domain 3: Specify – Arquiteturas e Aplicações Seguras

Domain 4: Design – Arquiteturas Otimizadas para Custos

Domain 5: Define – Arquiteturas de Excelência Operacional

Independent failure zone

Global Services > Regional > VPC > AZ > Host

 Conheça o escopo de funcionamento dos serviços:

Host Host applications

1.1 Armazenamento resiliente

1.2 Mecanismos de desacoplamento

1.3 Design de arquiteturas multi-tier

1.4 Design de arquiteturas HA, DR

EBS vs Instance Store

gp2 io1 st1 sc1 SSD_1 SSD_2 SSD_N

Ciclo de vida independente da EC2

Múltiplos volumes combinados em RAID 0 (stripe)

Solid-State Drives (SSD) Hard disk Drives (HDD)

Dominant Performance IOPS IOPS MiB/s MiB/s

Whitepaper – AWS Storage Services Overview

Lab - Introduction to Amazon Elastic Block Store (EBS)

Amazon EC2 Instance Store

A database is running on an EC2 Instance. The database software

A database is running on an EC2 Instance. The database software

• File storage in the AWS Cloud

Somente é possível utilizar um EFS file

Se o IP do mount target for alterado,

Classes de Armazenamento – Std, IA, IA-1Z, DA

 Arquivamento de longo prazo

 Dados são extraídos pela execução de ‘retrieval jobs’.

Amazon Glacier Documentation

FAQs – EFS, S3, Glacier, CloudFront

Lab - Introduction to Amazon Simple Storage Service (S3)

Lab - Introduction to Amazon Elastic File System (EFS)