Description
As an AWS Cloud Architect, you will play a critical role in an organization's cloud computing strategy. Learn how to plan, design, and deploy secure cloud infrastructure at scale in AWS. Begin by designing and constructing high-availability infrastructure, then progress to scalable, secure, and cost-effective architecture. Finally, investigate and put into action best practises and strategies for securing access to cloud services and infrastructure.
Syllabus:
Course 1: Design for Availability, Reliability, and Resiliency
Availability Zones and Regions
- • Build on the AWS global infrastructure
- • Take advantage of the multiple availability options on AWS
- • Build multiple AWS VPCs to suit requirements
- • Create custom isolated networks to meet business needs
Building for Resiliency
- • Take advantage of different high availability options on AWS
- • Create multi-AZ services
- • Create multi-region services
- • Identify what availability options exist for which AWS services
- • Take advantage of resilient features in AWS services
Business Objectives
- • Calculate availability in terms of up and down time
- • Set reasonable business metrics for RTO and RPO
- • Make determinations on what types of DR plans a company needs
- • Implement a DR plan
Security
- • Learn the importance of security in the cloud
- • See Identity & Access Management (IAM) in action
- • Secure applications using IAM users, groups, and policies
Monitor, React, and Recover
- • Monitor AWS applications
- • Alert on problems in applications
- • Recover failures in your platform
- • Understand testing and tradeoffs in automating recovery from failure
Project: Recoverability in AWS
You will create a multi-availability zone, multi-region database in this project. You'll show how applications can use this distributed infrastructure to migrate your primary database from one geographical region to another. You will also create a versioned website and demonstrate how it is protected from accidental or malicious disruption, with the ability to revert to a previous state if something disrupts your normal operations.
Course 2: Design for Performance and Scalability
Introduction to Design for Cost, Performance, and Scalability
- • Recognize the major differences between traditional data centers and cloud
- • Understand how cloud infrastructure offers scalability and elasticity with potentially reduced costs
- • Understand the objectives of the cloud infrastructure team
Cost and Monitoring
- • Understand the power of cloud computing
- • Estimate and calculating cloud costs
- • Use workload knowledge and planning factor to reduce costs
- • Adapt infrastructure to meet budget and performance requirements
- • Select the optimal DB type when migrating to the cloud
- • Use file retention policies to reduce storage costs and management overhead
High Performance
- • Define and document performance goals
- • Identify and resolve performance bottlenecks
- • Understand elasticity and scalability
- • Select the best instance for your performance goals
- • Leverage archiving options for cost and performance
Servers and Security Groups
- • Compare cloud migration vs cloud native strategies
- • Identify expected obstacles when re-architecting a solution for the cloud
- • Understand the benefits of serverless architecture
- • Analyze the tradeoffs between traditional and serverless architectures
- • Explain the benefits of containers
Storage and Databases
- • Identify how automation can reduce error and effort
- • Understand the benefits of IaC
- • Explain the tradeoffs using different provisioning tools
- • Provision infrastructure using the AWS CLI and Terraform
- • Manage Terraform State and Terraform using best practices
Project: Design, Provision, and Monitor AWS Infrastructure at Scale
In this project, you will use industry-standard and open source tools to plan, design, provision, and monitor infrastructure in AWS. You will put your knowledge and skills to use to optimise infrastructure for cost and performance. Terraform will also be used to provision and configure AWS services in a global configuration.
Course 3: Design for Security
Securing Access to Cloud Services
- • Apply Identity and Access Management best practices
- • Use Identity and Access Management roles to access cloud services
- • Fine-tune least privilege Identity and Access Management policies
- • Understand Identity Federation concepts in the cloud
Securing Access to Cloud Infrastructure
- • Compare techniques to set up secure access to cloud servers
- • Understand options available to establish secure connectivity to cloud networks
- • Investigate methods for controlling network ingress and egress in the cloud
- • Assess the network access points of your environment
Protecting Data Stored In the Cloud
- • Understand options available in the cloud for encrypting data at rest
- • Use cloud SDKs to encrypt data from within the application code
- • Use server-side encryption to ensure data is protected by cloud services
- • Apply best practices for securing S3 storage
- • Structure roles and responsibilities around key usage
Defensive Security in the Cloud
- • Identify vulnerabilities within infrastructure as code and OS configuration
- • Use cloud native tools to identify insecure and out of compliant configurations in your environment
- • Leverage methods to defend against and detect exploits and intrusion-related behavior
- • Incorporate “shift-left” security practices into a DevOps deployment pipeline
Project: Securing the Recipe Vault Application
In this project, you will deploy and assess the security posture of a simple web application environment.
You will be able to test the environment's security by simulating an attack scenario and exploiting cloud configuration vulnerabilities. You will also set up monitoring to detect suspicious behaviour and vulnerable configurations, and you will correct any misconfigurations that are discovered. Finally, you'll tie everything together by proposing a DevOps build pipeline that incorporates security best practises.