Professional Documents
Culture Documents
Saa4 wk3
Saa4 wk3
Saa4 wk3
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Week 3 Digital Training Curriculum
Course
Lab
Introduction to Amazon DynamoDB
Introduction to Amazon Relational Database Service (Windows)
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
About the Exam
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Certified Solutions Architect - Associate
About the Exam
• 130 minutes
• 65 Questions
• 50 questions count to your score
• Scored 100 to 1000 (720+ pass)
• $150/voucher
• Multiple Response & Individual response
questions
• In-Person & Remote proctoring available
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Certified Solutions Architect - Associate
Key Exam Topics
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Certified Solutions Architect - Associate
Helpful Resources
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
OPTIONAL AWS Skill Builder Subscription
The Skill Builder subscription provides access to official AWS Certification practice exams, self-paced
digital training content including open-ended challenges, self-paced labs, and game-based learning.
Please note, the Skill Builder subscription is not required for this Accelerator program.
Access 65
Free digital training Individual subscription Solutions Architect -
LINK HERE LINK HERE Associate Practice
Special features include: Everything in free digital training, plus:
Exam Questions
• 500+ digital courses • AWS Cloud Quest (3 additional roles)
with feedback on
• Learning plans •• 3 AWS
AWS Certification
Certification Official
Official Practice
Practice Exams
Exams
your answer choices
• 10 Practice Question Sets • Exam prep courses
• AWS Cloud Quest • 100+ AWS Builder Labs
• AWS Jam Journey (lab-based challenges)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. *Terms and conditions apply. A 50% discount exam voucher is available for participants who want to earn an AWS Certified Associate - level Certification
1 Enterprise Strategy Group, AWS Training and Certification Help Learners Thrive in an Increasingly Cloud-first World, 2022
AWS Skill Builder 7-day Free Trial
WHO is the trial for? WHEN is the trial?
Aspiring AWS Cloud Solution
Architects participating in this AWS June 5 – July 30, 2023
Solutions Architect – Accelerator
program. 7-days from time of redemption
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark.
This promotion is redeemable through July 30th, 2023. Terms and conditions apply. If you do not cancel your free trial after 7 days, you will be
automatically subscribed at $29 USD per month.
AWS Storage Gateway
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Storage Gateway
A hybrid cloud storage solution that provide on-prem access to cloud storage
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Storage Gateway - Types
A hybrid cloud storage solution that provide on-prem access to cloud storage
Tape Volume
Gateway Gateway
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Groups and NACLs
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Groups & NACLS
Two AWS features to increase security in your VPC: security groups and network ACLs.
Region
VPC
Availability Zone
Route table A
Public subnet
Security group A
Network
Access
Control List
Network
• Network ACLs are stateless Access
Control List Route table B
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Groups & NACLS
Region
VPC
Availability Zone
Route table A
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Groups
Acts as a virtual firewall, controlling the traffic allowed to reach and leave associated resources
Inbound
Source Protocol Port range Description
• Name
• Description Allows inbound
• Protocol traffic from
The security group
• Port range resources that are
ID (its own resource All All
• IP address assigned to the
ID)
• IP range same security
• Security Group name group.
Outbound
Destination Protocol Port range Description
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Network Access Controls Lists (NACLs)
Optional layer of security for VPC that acts as a firewall controlling traffic in and out of subnets
Inbound
Rule # Type Protocol Port range Source Allow/Deny
You might set up network ACLs with rules similar to All IPv4
100 All All 0.0.0.0/0 ALLOW
your security groups in order to add an additional layer traffic
of security to your VPC.
All IPv4
* All All 0.0.0.0/0 DENY
traffic
Outbound
Destinati
Rule # Type Protocol Port range Allow/Deny
on
All IPv4
100 All All 0.0.0.0/0 ALLOW
traffic
All IPv4
* All All 0.0.0.0/0 DENY
traffic
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Groups and NACLs
Security group
Supports allow rules only Supports allow rules and deny rules
Applies to an instance only if someone specifies the security Automatically applies to all instances in the subnets that it's
group when launching the instance, or associates the associated with (therefore, it provides an additional layer of
security group with the instance later on defense if the security group rules are too permissive)
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Groups and NACLs Diagram
Layered security approach for additional defense
Region
VPC
Availability Zone
Route table A
Public subnet
Security group A
EC2 Instance
Network Access
Control List
Security group B
EC2 Instance
Network Access
Control List
Route table B
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon KMS & EBS Encryption
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Key Management Service (KMS)
AWS KMS is a managed service that makes it easy for you to create and control the cryptographic keys that
are used to protect your data
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Key Management Service (KMS)
AWS KMS is a managed service that makes it easy for you to create and control the cryptographic keys that
are used to protect your data
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EBS Encryption
You can encrypt both the boot and data volumes of an EC2 instance.
• Data at rest inside the volume When you create an encrypted EBS resource, it is encrypted by
your account's default KMS key for EBS encryption unless you
• All data moving between the volume and the instance specify a different customer managed key in the volume creation
parameters or the block device mapping for the AMI or instance
• All snapshots created from the volume
Using your own KMS key gives you more flexibility, including the
• All volumes created from those snapshots ability to create, rotate, and disable KMS keys.
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Monitoring & Alerting
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon CloudWatch
Amazon CloudWatch is a monitoring and management service that provides data and actionable
insights for AWS, hybrid, and on-premises applications and infrastructure resources
Monitoring
CloudWatch Metrics are provided automatically for a
number of AWS products and services. You can also
monitor custom metrics generated by your own
applications and services.
Key Concept
Monitor key metrics and logs, visualize your application
and infrastructure stack, create alarms, and correlate data
to understand and resolve the root cause of performance
issues in your AWS resources.
Amazon EventBridge
Amazon EventBridge is a serverless event bus service that you can use to connect your applications with
data from a variety of sources.
What is it?
Amazon EventBridge is a serverless event bus
service that you can use to connect your
applications with data from a variety of sources.
EventBridge delivers a stream of real-time data
from your applications, software as a service SaaS
(SaaS) applications, and AWS services to targets event bus
such as AWS Lambda functions, HTTP
invocation endpoints using API destinations, or
event buses in other AWS accounts.
Default
event bus
Custom
event bus
AWS Security
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon CloudTrail
CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS
infrastructure, giving you control over storage, analysis, and remediation actions.
Key Benefits
Amazon GuardDuty makes it easy for you to
continuously monitor your AWS accounts,
workloads, and data stored in Amazon S3.
Use Cases
Use up-to-date common vulnerabilities and
exposures (CVE) information combined with
factors such as network accessibility to create
context-based risk scores that help you
prioritize and address vulnerable resources.
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved.