(在家觀看 = 0%,在校觀看 = 100%)
100% 在校觀看日期及時間:
自由選擇,點選以下地區觀看辦公時間及位置
課時: 18 小時
享用時期: 6 星期。進度由您控制,可快可慢。
課堂錄影導師:Franco
在校免費試睇:首 1 小時,請致電以上地點與本中心職員預約。
本課程提供在校免費重睇及導師解答服務。
(在家觀看 = 33%,在校觀看 = 67%)
33% 在家觀看日期及時間:
每天 24 小時全天候不限次數地觀看
67% 在校觀看日期及時間:
本中心辦公時間內自由選擇,點選以下地區觀看辦公時間及位置
旺角:$4,980 報名 phone
電話:2332-6544
觀塘:$4,980 報名 phone
電話:3563-8425
北角:$4,980 報名 phone
電話:3580-1893
沙田:$4,980 報名 phone
電話:2151-9360
屯門:$4,980 報名 phone
電話:3523-1560
課時: 18 小時
在家及在校觀看: 在家觀看首 6 小時,在校觀看尾 12 小時。
享用時期: 6 星期。進度由您控制,可快可慢。
課堂錄影導師:Franco
在校免費試睇:首 1 小時,請致電以上地點與本中心職員預約。
本課程提供在校免費重睇及導師解答服務。
雲端運算 (Cloud Computing) 提供一種簡單的方式,透過互聯網、VPN (Virtual Private Network) 等的方式存取雲端伺服器、儲存、資料庫和各種應用程式服務。它有以下的好處:
- 不用花費大筆金錢來建立、執行和維護自已的資料中心 (Data Center)。
- 大多數的雲端運算服務是按用量收費,可大可小,可多可少。從此不用再估算容量,方便靈活。
- 符合或取得多個合規要求,例如 ISO 9001 (全球品質標準)、ISO 27001 (安全管理控制)、ISO 27017 (雲端特定控制)、ISO 27018 (個人資料保護)、PCI DSS 第 1 級 (支付卡標準,第 1 級表示每年儲存、處理和 / 或傳輸超過 30 萬筆交易的任何服務提供者)、SOC 1 (稽核控制報告)、SOC 2 (安全性、可用性和機密性報告)、SOC 3 (一般控制報告)、C5 (https://aws.amazon.com/compliance/bsi-c5/) 等。詳情可以參閱 https://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-soc-fedramp-faqs/
- 大量成功的商業例子及經驗。
現時有不少公司提供雲端運算 (Cloud Computing) 服務,Amazon Web Service (AWS) 被 Gartner* 評為全球第一的 Cloud Infrastructure as a Service。
“Magic Quadrant for Strategic Cloud Platform Services”
Source: https://www.gartner.com/doc/reprints?id=1-2ES4ML14&ct=230823&st=sb&trk=44f67619-4f3b-42e8-93b9-32ad8a123845&sc_channel=el
* Gartner 是知名的信息技術研究和顧問的美國上市公司。
為了你有知識和能力使用 AWS 技術以構建和部署安全可靠的服務,AWS 便推出 AWS Certified Solutions Architect – Professional 國際認可證書。本中心的 AWS Certified Solutions Architect – Professional 國際認可證書課程由 Franco Tsang 籌備多時,精心編排。由上堂、溫習、考試研習、做試題至最後考試,均為你度身訂造,作出有系統的編排。務求真正教識你,又令你考試及格。
- 爆 hard disk,唔 delete files 唔熄機地擴大 C drive:
https://www.facebook.com/systematic.hk/photos/a.173134451964/1015... [圖] - 程式用 AWS SNS sends 短訊 (Amazon SNS):
https://www.facebook.com/systematic.hk/photos/a.173134451964/1015... [圖] - 在 AWS 上分析情歌歌詞的情感 (Sentiment Analysis):
https://www.facebook.com/systematic.hk/photos/a.173134451964/1015... [圖] - 在 AWS 上玩 Hadoop Big data analysis (Amazon EMR + Amazon S3):
https://www.facebook.com/systematic.hk/photos/a.173134451964/1015... [圖] - 在 AWS 使用 Check Point R80.30 實踐 SSL VPN / TLS VPN (以手機 App 接駁 (Check Point Capsule Connect)) (Amazon EC2 + VPC):
https://www.facebook.com/systematic.hk/photos/a.173134451964/1015... [圖] - 更多應用情景 / 導師在 Facebook 所分享的文章:
https://www.systematic.com.hk/course_Franco.htm?panel=2
課程名稱: |
AWS Certified Solutions Architect - Professional (Amazon Cloud AWS SAP) 國際認可證書課程 - 簡稱:Amazon Cloud AWS SAP Training Course |
課程時數: | 課堂 18 小時 (共 6 堂) |
適合人士: | 已經具備 AWS Certified Solutions Architect - Associate (Amazon Cloud AWS SAA) 國際認可證書課程 技術的人士。 (重要資訊:AWS SAP 考試範圍是會包括 AWS SAA 技術的,若還未掌握 AWS SAA 技術,請務必先報讀本中心的 AWS Certified Solutions Architect - Associate (Amazon Cloud AWS SAA) 國際認可證書課程。) |
授課語言: | 以廣東話為主,輔以英語 |
課程筆記: | 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。 |
提供模擬考試題目: | 本中心為學員提供模擬考試題目,每條考試題目均附有標準答案。 |
只要你於下列科目取得合格成績,便可獲 AWS 頒發 AWS Certified Solutions Architect – Professional 國際認可證書:
考試編號 | 考試名稱 |
SAP-C02 | AWS Certified Solutions Architect - Professional (English) |
本中心為 VUE 指定的 AWS Certified Solutions Architect – Professional 考試試場,導師會在課堂上講解考試程序。考試費為 USD $300。
課程名稱:AWS Certified Solutions Architect - Professional (Amazon Cloud AWS SAP) 國際認可證書課程 - 簡稱:Amazon Cloud AWS SAP Training Course |
(重要資訊:AWS SAP 考試範圍是會包括 AWS SAA 技術的,若還未掌握 AWS SAA 技術,請務必先報讀本中心的 AWS Certified Solutions Architect - Associate (Amazon Cloud AWS SAA) 國際認可證書課程。)
第 1 部份:CloudFormation。在 AWS SAA 課程 已經教授了透過 AWS 網頁或 AWS CLI 以建立、設定和刪除 AWS Resources (e.g. EC2, S3, Lambda 等),本課程會教授 CloudFormation 以自動化的方法建立、設定和刪除 AWS Resources,做到如巴塞足球會般的 “one-click deployment of our whole infrastructure.” (Reference: https://aws.amazon.com/solutions/case-studies/futbol-club-barcelona/)
- 教授基本 CloudFormation Stack Script 的基本結構,例如 Parameters、Mappings、Conditions、Metadata 和 Outputs。
- 配合 Designer 寫 Script,但要注意 Designer / Visual Designer 並不是具備有所有 AWS Resources,所以在課堂需要教授如何解決 Designer 的 “不足”。
- 讓用戶在執行 CloudFormation Stack 前輸入或選定參數,避免過份 hardcode。
- 執行 CloudFormation Stack 後將新建立的 AWS Resources 資料顯示出來,例如使用 CloudFormation Stack 建立 IAM users 後將 username, password, access key 和 secret access key 顯示出來。
- 善用 AWS 提供的 Function (Fn) 以寫 Script。
第 2 部份:Elastic Beanstalk。在 AWS SAA 課程 已經 “獨立” 地教授了 EC2、ELB、Auto Scaling、RDS 等。本課程會教授的 Elastic Beanstalk 能令企業快速部署和管理應用程式,並 “整合地” 處理容量佈建、負載平衡、自動調整規模和程式監控,同時能令企業進行 Rolling Update 或 Blue-Green Deployment。
- 教授如何準備 Elastic Beanstalk “認到” 的程式。
- 在 Elastic Beanstalk 進行 Auto Scaling。
- 教授不同的 Deployment policies,分析它們的使用時機,並作出更新程式的示範,了解 deploy 途中程式能否運作。
- 版本管理。
- Clone Environment。
- 在 Elastic Beanstalk 建立 Database。大家從以下的記錄中發現建立 Database 後有一個新的 Rolling Update? 為什麼有這樣現象? 上堂再詳談。
- 程式如何接駁到 Elastic Beanstalk 的 Database 內 (不是在程式碼上 hardcode Endpoint URL)。
- 進行 Blue-Green Deployment (FrancoApp-env → FrancoApp-env WithDB)。
- 備份環境 (Environments)。
- Elastic Beanstalk 與 CloudFormation 的關係: 理解 Elastic Beanstalk 背後執行甚麼,有助理解和 troubleshoot Elastic Beanstalk。
第 3 部份:VPC。在 AWS SAA 課程 已經教授了 VPC 的基本概念,例如 Public Subnet + IGW、Private Subnet + NAT gateway、Site-to-Site VPN + VGW + CGW + BGP 打通天地等話題。本課程會教授進階的 VPC 技術。
- IPv6: 教授如何在 VPC 使用 IPv6,並教授 IGW 與 EIGW (Egress-Only Internet Gateways) 的分別及它們的使用時機。
- 善用 AWS “內部” 網路,避免不必要的 Internet Access,因為 Internet Access 可能涉及如 NAT Gateway 等的收費,善用 “內部” 網路亦可以避免使用 Public IP。
- 教授如下圖的 “Special Route”,上堂解說這 route 做甚麼。
- 教授如下圖的 “blockhole” routes 的成因及處理方法。
- 在 AWS SAA 課程 已經教了 Site-to-Site VPN per VPC 的做法,如果 VPC 數量不多都還可以的;但一旦 VPC 數量多,VPN 數量都可能會多,這不利管理和控制 VPN 的成本,本課程會教授一個有趣的技術可以打通不同的 VPCs 和 VPNs (不是 VPC Peering!),如下圖所示
第 4 部份:Step Functions。在 AWS SAA 課程 已經教授了 Lambda Functions 等serverless 的基本概念,進入了 serverless 的世界。相信執行一個或少量的 Lambda Functions 應該沒有太大的問題 (例子)。但如果我們面對比較複雜的情況,也許需要考慮使用 Step Functions 以協調分散式應用程式 (Distributed applications / Lambda functions) 和微服務 (Microservices)。此章節的教授重點是 architectures,不是程式編寫。
- 教授分散式應用程式和微服務的結構 (課堂內盡量以 AWS SAA 課程 已經教授過 Lambda Functions 作解釋及示範,避免過份處理如 Java EE 的程式語言和架構),並教授 Step Functions 的角色。
- 由 “Hello World” 開始學習 Step Functions。
- 處理例外情況 (Exceptions)。
- Iterations, outputs, Inputs 和 functions 之間的訊息傳遞。
- 其他相關的知識及要注意的事項。
第 5 部份:Containers (ECS + ECR + Fargate + Auto Scaling)。本章節教授 AWS 的 Container solutions。
- 教授 Containers 技術特點,了解其特點、優點及限制。
- 小試牛刀:先教授在一台 EC2 instance 操作 Docker。製作 Dockerfile,然後 build 成 Image。
- 建立及測試 Containers。
- 將 image 儲存到 ECR (Elastic Container Registry) 內。
- 下一階段在 ECS (Elastic Container Service) 操作 Containers,首先教授 Fargate,一個十分有趣的概念,我們可以在 “無 Node / 無 EC2 instance” 下操作 Containers。
- 準備 Task definition 。
- 在 ECS Cluster “單獨” 地執行 Tasks。
- 在 ECS Cluster 建立 Service 在有 Application Load Balancer + Auto Scaling 下執行 containers,例如下圖反映了因為 CPU Utilization 太低,由 2 個 tasks 減少到 1 個 task。
- 以 200% 的 capacity 進行 Rolling Update (示範更新軟件 / 內容)。
- 其他 AWS Resources 和 Containers 之間的話題,例如怎樣將 container 的 stdout 儲存到 CloudWatch 內。
第 6 部份:Miscellaneous 。本章節主要視乎上課當時 AWS 技術發展情況和 AWS 客戶使用 AWS 技術情況教授有關技術。
- 教授同時管理多個 AWS account 的技巧。
- 教授使用 AWS Catalog。
- 教授使用 AWS Systems Manager 管理 EC2 instances。
- 教授使用AWS WAF (Web Application Firewall) 以保護 Web application。
- 教授 AWS CDK (Cloud Development Kit) 概念以使用擅長的編程語言定義雲架構。
- 教授 AWS SAM (Serverless Application Model ) 概念以定義 serverless 架構。
- 教授 AWS Billing 和 Cost Management 以有效管理成本,例如列出每小時的使用情況、設定 Budget 等。
- 教授 AWS Config 以追蹤更變。
- AWS Resource Access Manager (AWS RAM) 概念以分享資料。
The course content above may change at any time without notice in order to better reflect the content of the examination.
1 Preparation
2 Elastic Beanstalk (EB)
2.1 Introduction to Elastic Beanstalk (EB)
2.1.1 What Elastic Beanstalk (EB) can do?
2.1.2 Elastic Beanstalk (EB) terms
2.1.2.1 Application
2.1.2.2 Application version
2.1.2.3 Environment
2.1.2.4 Saved configuration
2.1.2.5 Platform
2.1.3 Application Source Bundle and source codes
2.2 Demonstration: Create an application and environment
2.3 Demonstration: View current status
2.3.1 Demonstration: View configuration
2.3.2 Demonstration: View logs
2.3.3 Demonstration: View health
2.3.4 Demonstration: View monitoring
2.3.5 Demonstration: View alarms
2.3.6 Demonstration: View managed updates
2.3.7 Demonstration: View events
2.3.9 Demonstration: View application version
2.4 Demonstration: Notification
2.5 Demonstration: From single instances to auto scaling with load balancer
2.6 Security settings
2.6.1 Introduction
2.6.2 AWSElasticBeanstalkEnhancedHealth
2.6.3 AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
2.7 Deployments
2.7.1 Deployment policies
2.7.2 Rolling deployment
2.7.3 Immutable deployments
2.7.4 Traffic-splitting deployments
2.7.5 Deployment options
2.7.6 Demonstration: Rolling with additional batch
2.7.6.1 Demonstration: Configure rolling with additional batch
2.7.6.2 Demonstration: Application update
2.7.7 Demonstration: Rollback to previous versions
2.7.8 Blue/Green Deployments
2.7.8.1 Clone an Elastic Beanstalk Environment
2.7.8.2 Demonstration: Clone an Elastic Beanstalk Environment and Deploy the version 2 application in the cloned environment.
2.7.8.3 Demonstration: Blue-Green deployment
2.8 Databases
2.8.1 Demonstration: Create a new database in an Elastic Beanstalk environment
2.8.2 Applications connect to databases
2.8.2.1 “Trick” to connect to databases in Elastic Beanstalk environment
2.8.2.2 Demonstration: Applications connect to databases
2.9 Elastic beanstalks “data”
2.10 CloudFormation and Elastic Beanstalks
2.11 Save Configuration
2.11.1 Demonstration: Save Configuration
2.12 Demonstration: Delete Elastic Beanstalk applications and environments
3 Advanced Virtual Private Cloud (VPC)
3.1 IPv6
3.1.1 Demonstration: IPv6
3.1.1.1 Demonstration: VPC with IPv6
3.1.2 Demonstration: Internet Gateway (igw) for Internet connectivity
3.1.3 Egress-Only Internet Gateways (eigw)
3.1.3.1 Introduction to Egress-Only Internet Gateways
3.1.3.2 Demonstration: Egress-Only Internet Gateways
3.1.4 Demonstration: IPv6 Subnet
3.1.5 Demonstration: IPv6 Route Table
3.1.6 Demonstration: EC2 instances with IPv6 connectivity
3.1.7 Demonstration: Clean up
3.2 VPC Endpoints
3.2.1 Introduction to VPC Endpoints
3.2.2 Interface endpoints
3.2.3 Gateway endpoints
3.2.4 Demonstration: VPC Endpoints
3.2.4.1 Demonstration: Topology and preparation
3.2.4.1.1 Demonstration: Prepare VPC
3.2.4.1.2 Demonstration: Create EC2 instances
3.2.4.1.2.1 Demonstration: Create EC2 instances in Public Subnet
3.2.4.1.2.2 Demonstration: Create EC2 instances in Private Subnet
3.2.4.1.3 Demonstration: Prepare IAM Access key ID and Secret access key
3.2.4.2 Demonstration: Interface endpoints
3.2.4.3 Demonstration: Gateway endpoints
3.2.4.4 Demonstration: Clean up
3.3 Advanced VPN topics in AWS
3.3.1 Transit Gateway
3.3.1.1 Introduction to Transit Gateway
3.3.1.2 Demonstration: Transit Gateway
3.3.1.2.1 Demonstration: On-Premises Cisco Router
3.3.1.2.2 Demonstration: 1st VPC (172.20.0.0/16) and subnets
3.3.1.2.3 Demonstration: 2nd VPC (172.21.0.0/16)
3.3.1.2.4 Demonstration: Create a Transit Gateway
3.3.1.2.5 Demonstration: Transit Gateway Attachment: site-to-site VPN connection between Transit Gateway and On-Premises Cisco Router
3.3.1.2.6 Demonstration: Transit Gateway Attachment: VPC (172.20.0.0/16)
3.3.1.2.7 Demonstration: Transit Gateway Attachment: VPC (172.21.0.0/16)
3.3.1.2.8 Demonstration: Transit Gateway Route Table
3.3.1.2.9 Demonstration: Configure Main Route table of VPC (172.20.0.0/16)
3.3.1.2.10 Demonstration: Configure Main Route table of VPC (172.21.0.0/16)
3.3.1.2.11 Demonstration: Clean up
3.3.1.2.11.1 Demonstration: Delete Transit Gateway Attachment (VPC)
3.3.1.2.11.2 Demonstration: Delete Transit Gateway Attachment (VPN)
3.3.1.2.11.3 Demonstration: Delete Transit Gateway
3.3.1.2.11.4 Demonstration: Delete VPCs
4 Containers in AWS (Elastic Container Service (ECS ) + Elastic Container Registry (ECR) + Fargate + Auto Scaling)
4.1 Introduction
4.1.1 Containers
4.1.2 Containers vs Virtual Machines (VMs)
4.1.3 Dockerfile, image and container
4.1.4 Docker Hub
4.2 Demonstration: Containers in EC2
4.2.1 Demonstration: Launch an EC2 instance with Docker
4.2.2 Demonstration: Dockerfile and images
4.2.2.1 Demonstration: Prepare a Dockerfile
4.2.2.2 Build an image based on Dockerfile
4.2.2.3 Demonstration: Containers
4.2.2.4 Demonstration: Export and import images
4.3 Elastic Container Registry (ECR)
4.3.1 Demonstration: Elastic Container Registry (ECR)
4.3.1.1 Demonstration: Create IAM access key
4.3.2 Demonstration: Create a Elastic Container Registry (ECR) Repository
4.3.3 Demonstration: Push the custom docker image to Elastic Container Registry (ECR) Repository
4.3.4 Demonstration: “Download” the docker image from Elastic Container Registry (ECR)
4.3.5 Demonstration: Clean up
4.4 Elastic Container Service (ECS)
4.4.1 Introduction to Elastic Container Service (ECS)
4.4.2 Fargate launch type
4.4.3 EC2 launch type
4.4.4 External instances (Amazon ECS Anywhere)
4.4.4.1 Introduction to Fargate, Task definition, Service and Cluster
4.4.4.1.1 Introduction to Task definition
4.4.4.1.2 Introduction to Service
4.4.4.1.3 Introduction to Cluster
4.4.5 Demonstration: Elastic Container Service (ECS)
4.4.5.1 Demonstration: Task definition
4.4.5.2 Demonstration: Cluster
4.4.5.3 Demonstration: Task
4.4.5.3.1 Demonstration: Create a new Task
4.4.5.3.2 Demonstration: Stop a Task (Delete a Task)
4.4.5.4 Demonstration: Create a new Service
4.4.5.4.1 Demonstration: Create a new Service (with load balancer and auto scaling)
4.4.5.5 Demonstration: Rolling Updates
4.4.5.5.1 Demonstration: Update task definition
4.4.5.5.2 Demonstration: Rolling Update / Update Service
4.4.5.6 Demonstration: Clean up
4.4.5.6.1 Demonstration: Delete the Service
4.4.5.6.2 Demonstration: Delete the cluster
4.4.5.6.3 Demonstration: Deregister Delete the task definition
5 Step Functions
5.1 Introductions to Step Functions
5.2 Step Functions concepts
5.2.1 State Machines, States and Tasks
5.2.1.1 State Machines
5.2.1.2 States
5.2.1.3 Tasks
5.2.1.4 An example of state and task
5.3 Demonstration: Step Function
5.3.1 Demonstration: Hello World Step Function
5.3.1.1 Demonstration: Prepare a IAM role for the Lambda function
5.3.1.1.1 Demonstration: Create and test a Lambda function
5.3.1.1.2 Demonstration: Step Function State Machine definition
5.3.1.1.3 Demonstration: Execute a Step Function
5.3.1.2 Demonstration: Step Function with exceptions and exception handling
5.3.1.2.1 Demonstration: Modify Lambda function
5.3.1.2.2 Demonstration: Modify Step function
5.3.1.2.3 Demonstration: Execute a Step Function (with exceptions)
5.3.1.2.4 Demonstration: Execute a Step Function (without exceptions)
5.3.1.3 Demonstration: Step Function with iteration and loop
5.3.1.3.1 Demonstration: Modify Lambda function
5.3.1.3.2 Demonstration: Modify Step function
5.3.1.3.3 Demonstration: Execute a Step Function
5.3.1.4 Demonstration: Clean Up
5.3.1.4.1 Demonstration: Delete Step Functions
5.3.1.4.2 Demonstration: Delete Lambda Functions
5.3.1.4.3 Demonstration: Delete IAM Role
6 CloudFormation
6.1 Introduction to CloudFormation
6.2 CloudFormation Concepts
6.2.1 Templates
6.2.2 CloudFormation Stacks
6.2.3 CloudFormation Change Sets
6.3 IAM requirements in CloudFormation
6.3.1 View stack permissions
6.3.2 Create stack and resource permissions
6.4 Demonstration: The “simplest” CloudFormation (S3 bucket)
6.4.1 Demonstration: Designer and templates
6.4.2 Demonstration: Validate and save the template
6.4.3 Create a stack based on the template
6.4.4 Delete all resources created by CloudFormation
6.5 Demonstration: S3 bucket with properties
6.5.1 Demonstration: Open a temple file in Designer
6.5.2 Demonstration: S3 bucket with properties
6.6 Reference (Ref) | CloudFormation Intrinsic function
6.6.1 Introduction to Reference (Ref)
6.6.2 Demonstration: Reference (Ref) to other resources in the same template (EC2 instance references security group)
6.6.3 Demonstration: “Hard code” to existing resources in your account (EC2 instance with hard code references)
6.7 Parameters
6.7.1 Introduction to Parameters
6.7.2 AWS-Specific Parameter Types
6.7.2.1 Introduction to AWS-Specific Parameter Types
6.7.2.2 Supported AWS-Specific Parameter Types
6.7.2.3 Demonstration: Supported AWS-Specific Parameter Types (Single Parameter) (EC2 instance with existing key pair)
6.7.2.4 Demonstration: Supported AWS-Specific Parameter Types (Multiple Parameters with List) (EC2 instance with multiple parameters with List)
6.7.3 Pseudo Parameters / Pseudo Parameters Reference
6.7.3.1 Introduction to Pseudo Parameters
6.7.3.2 Common Pseudo Parameters
6.7.4 Custom Parameters
6.7.4.1 Introduction to Custom Parameters
6.7.4.1.1 Create Custom Parameters
6.7.4.1.2 Use Custom Parameters
6.7.4.2 Demonstration: Custom Parameters (String, Number and Password Masking)
6.8 Mappings
6.8.1 Introduction to Mappings
6.8.1.1 Create Mappings
6.8.1.1.1 Single-Value Mappings
6.8.1.1.2 Multiple-Value Mappings
6.8.1.2 Use Mappings
6.8.2 Demonstration: Pseudo Parameters, Mappings, Mistakes and Rollback (AMI images based on AWS Region)
6.9 Conditions
6.9.1 Introduction to Conditions
6.9.2 Common Intrinsic Functions used for Conditions
6.9.3 Demonstration: Conditions (Creating EC2 instances based on condition ‘production’ vs ‘testing’)
6.9.3.1 Demonstration: Preparation
6.9.3.2 Demonstration: Parameters
6.9.3.3 Demonstration: Conditions
6.9.3.4 Demonstration: EC2 instance properties and condition
6.9.3.4.1 Demonstration: EC2 instance (production) properties and condition
6.9.3.4.2 Demonstration: EC2 instance (testing) properties and condition
6.9.3.5 Demonstration: Create stack with Conditions
6.9.3.5.1 Demonstration: Create stack with Conditions (production)
6.9.3.5.2 Demonstration: Create stack with Conditions (testing)
6.10 Outputs
6.10.1 Introduction to Outputs
6.10.2 Fn::GetAtt
6.10.3 Fn::Split and Fn::Select
6.10.3.1 Fn::Split
6.10.3.2 Fn::Select
6.10.4 Fn::Join
6.10.5 Demonstration: Outputs (Simple Outputs)
6.10.6 Demonstration: Outputs (Customized Outputs)
6.10.6.1 Demonstration: Lab Goal and Logic
6.10.6.1.1 Demonstration: Lab Goal
6.10.6.1.2 Demonstration: Logic
6.10.6.2 Demonstration: Lab Procedures
6.11 Description
6.11.1 Demonstration: Description
6.12 Template Anatomy (Whole View)
6.12.1 Structure of the whole template file
6.12.2 Common components
6.12.3 An Example
6.13 An Integrated Example
6.13.1 EC2 instance + Security Group
6.13.1.1 Key points
6.13.1.1.1 CloudFormation of Security Group
6.13.1.1.2 CloudFormation of EC2 instances
6.13.1.2 Integrated demonstration: EC2 instance + Security Group
6.13.1.2.1 Integrated demonstration: EC2 instance + Security Group: Preparation
6.13.1.2.2 Integrated demonstration: EC2 instance + Security Group: Parameters
6.13.1.2.3 Integrated demonstration: EC2 instance + Security Group: Resource: Security Group
6.13.1.2.4 Integrated demonstration: EC2 instance + Security Group: Resource: EC2 instance
6.13.1.2.5 Integrated demonstration: EC2 instance + Security Group: Outputs (Dynamically obtain Public DNS, Private DNS, Public IP, Private IP, Availability Zone (AZ) of the created EC2 instance
6.13.1.2.6 Integrated demonstration: EC2 instance + Security Group: Resource: Create Stack and Verification
6.13.1.2.7 Integrated demonstration: EC2 instance + Security Group: Resource: Clean Up
7 AWS Certified Solutions Architect – Professional Examination
7.1 Examination details
7.2 Examination registration
8 Further reading
8.1 RPO and RTO
8.1.1 RPO
8.1.2 RTO
8.1.3 Relationship between RTO and RPO
8.2 AWS Organizations (Manage Multiple AWS Accounts)
8.2.1 Introduction to AWS Organizations
8.2.2 Use cases of AWS Organizations
8.2.3 Concepts of AWS Organizations
8.2.3.1 Organization unit (OU)
8.2.3.2 Service control policy (SCP)
8.2.3.3 Management account
8.2.3.4 Member accounts
8.2.3.5 Tag policy
8.3 AWS Systems Manager
8.3.1 Introduction to AWS Systems Manager
8.3.2 Features provided by AWS Systems Manager
8.3.3 Demonstration: Configure an EC2 instance to a “managed instance”
8.3.3.1 Demonstration: Create an IAM role for EC2 instance
8.3.3.2 Demonstration: “Properly” launch an EC2 instance
8.3.3.3 Demonstration: Fleet Manager
8.3.3.4 Demonstration: Inventory
8.3.3.5 Demonstration: Connect to an EC2 instance through AWS Systems Manager (without Putty and Key-Pair) and session history (command history)
8.3.4 Patch manager
8.3.4.1 Introduction to Patch manager
8.3.4.2 Patch Policy
8.3.4.3 Patch now
8.3.4.4 Patch
8.3.4.5 Patch baseline
8.4 AWS Catalog
8.4.1 Introduction to AWS Catalog
8.4.2 Benefits of AWS Catalog
8.4.3 Demonstration: AWS Catalog
8.4.3.1 Demonstration: Prepare a CloudFormation template
8.4.3.2 Demonstration: Products
8.4.3.3 Demonstration: Portfolios + Add Product to Portfolios
8.4.3.4 Demonstration: Manage user access in portfolio
8.4.3.5 Demonstration: Discover and launch services
8.4.3.6 More about portfolio
8.4.3.7 Demonstration: Clean up
8.4.3.7.1 Demonstration: Terminate provisioned products
8.4.3.7.2 Demonstration: Delete profolio
8.4.3.7.3 Demonstration: Delete products
8.5 AWS WAF (Web Application Firewall) and AWS Shield
8.6 AWS Shield
8.6.1 AWS Shield Standard
8.6.2 AWS Shield Advanced
8.7 AWS WAF (Web Application Firewall)
8.7.1 Introduction to AWS WAF (Web Application Firewall)
8.7.2 Demonstration: AWS WAF
8.7.2.1 Demonstration: AWS WAF: Prepare an Application Load Balancer
8.7.2.2 Demonstration: AWS WAF: Conditions
8.7.2.2.1 Demonstration: AWS WAF: Rule / Rule group
8.7.2.2.2 Demonstration: AWS WAF: Web ACL
8.7.2.3 Demonstration: AWS WAF: Clean up
8.7.2.3.1 Demonstration: AWS WAF: Clean up: Delete Web ACL
8.8 AWS Resource Access Manager (AWS RAM)
8.8.1 Introduction to AWS Resource Access Manager (AWS RAM)
8.9 AWS CDK (Cloud Development Kit)
8.9.1 Concepts in CDK
8.9.1.1 Constructs
8.9.1.1.1 L1 constructs
8.9.1.1.2 L2 constructs
8.9.1.1.3 L3 constructs
8.9.1.2 Initialization
8.9.1.3 Environments
8.9.1.4 App
8.9.1.4.1 App lifecycle
8.9.2 CDKtf and CDK8s
8.10 AWS Serverless Application Model (AWS SAM)
8.10.1 AWS SAM template specification
8.11 AWS Billing and Cost Management
8.11.1 AWS Billing
8.11.1.1 AWS Cost and Usage Reports
8.11.2 Cost Management
8.11.2.1 AWS Cost Explorer
8.11.2.1.1 Cost Explorer reports
8.11.2.2 Savings Plans
8.11.2.3 Regional and zonal Reserved Instances
8.11.2.4 On-Demand Capacity Reservations
8.11.2.5 AWS Budgets
8.11.2.6 AWS Cost Anomaly Detection
8.11.2.7 Rightsizing Recommendations
8.12 AWS IoT Core
8.13 More about CloudFront
8.13.1 Customize cache behaviors
8.13.2 Signed URLs
8.13.2.1 Canned and custom policies for signed URLs
8.14 AWS Disaster Recovery / AWS Elastic Disaster Recovery
8.15 AWS Config
8.15.1 Resource Administration
8.15.2 Advanced queries
8.15.3 Compliance
8.16 AWS Application Discovery Service
8.17 Amazon Neptune
8.18 More examples about CloudFormation
8.18.1 Elastic Block Store (EBS) with dynamically get Availability Zone (AZ)
8.18.1.1 Key points
8.18.1.1.1 CloudFormation of Elastic Block Store (EBS)
8.18.1.1.2 CloudFormation of VolumeAttachment
8.18.1.2 Integrated demonstration: Elastic Block Store (EBS)
8.18.1.2.1 Integrated demonstration: Elastic Block Store (EBS): Preparation
8.18.1.2.2 Integrated demonstration: Elastic Block Store (EBS): Parameters
8.18.1.2.3 Integrated demonstration: Elastic Block Store (EBS): Resource: Security Group
8.18.1.2.4 Integrated demonstration: Elastic Block Store (EBS): Resource: EC2 instances
8.18.1.2.5 Integrated demonstration: Elastic Block Store (EBS): Resource: EBS
8.18.1.2.6 Integrated demonstration: Elastic Block Store (EBS): Resource: VolumeAttachment (invisible)
8.18.1.2.7 Integrated demonstration: Elastic Block Store (EBS): Outputs
8.18.1.2.8 Integrated demonstration: Elastic Block Store (EBS): Create Stack and Verification
8.18.1.2.9 Integrated demonstration: Elastic Block Store (EBS): Clean Up
8.18.2 Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms
8.18.2.1 Key points
8.18.2.1.1 CloudFormation of SNS
8.18.2.1.2 CloudFormation of Subscription
8.18.2.1.3 CloudFormation of CloudWatch
8.18.2.2 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms
8.18.2.2.1 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Preparation
8.18.2.2.2 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Parameters
8.18.2.2.3 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Resource: Security Group
8.18.2.2.4 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Resource: SNS Topic
8.18.2.2.5 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Resource: SNS Subscription
8.18.2.2.6 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Resource: EC2 Instance
8.18.2.2.7 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Resource: CloudWatch Alarm
8.18.2.2.8 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Outputs
8.18.2.2.9 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Create Stack and Verification
8.18.2.2.10 Integrated demonstration: Detailed Monitoring, SNS Topics, SNS Subscriptions and CloudWatch Alarms: Clean Up
8.18.3 VPC + Public Subnet + IGW + Route Table + Route + EC2 instances
8.18.3.1 Key points
8.18.3.1.1 CloudFormation of VPC
8.18.3.1.2 CloudFormation of IGW
8.18.3.1.3 CloudFormation of Public Subnet
8.18.3.1.4 CloudFormation of Route
8.18.3.1.5 CloudFormation of Route Table
8.18.3.1.6 CloudFormation of EC2 instance
8.18.3.2 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances
8.18.3.2.1 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Preparation
8.18.3.2.2 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Parameters
8.18.3.2.3 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: VPC
8.18.3.2.4 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: Security Group
8.18.3.2.5 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: IGW (Internet Gateway)
8.18.3.2.6 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: VPCGatewayAttachment
8.18.3.2.7 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: Public Subnet
8.18.3.2.8 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: Public Route Table
8.18.3.2.9 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: Route
8.18.3.2.10 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: SubnetRouteTableAssociation
8.18.3.2.11 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Resource: EC2 instances (public)
8.18.3.2.12 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Outputs
8.18.3.2.13 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Create Stack and Verification
8.18.3.2.14 Integrated demonstration: VPC + Public Subnet + IGW + Route Table + Route + EC2 instances: Clean Up
8.18.4 VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances
8.18.4.1 Key points
8.18.4.1.1 CloudFormation of Private Subnet
8.18.4.1.2 CloudFormation of Customer Gateway (CGW)
8.18.4.1.3 CloudFormation of VPN Gateway (VGW)
8.18.4.1.4 CloudFormation of VPNAttachment (with DependOn)
8.18.4.1.5 CloudFormation of VPN
8.18.4.2 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances
8.18.4.2.1 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Preparation
8.18.4.2.2 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Parameters
8.18.4.2.3 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: VPC
8.18.4.2.4 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: Security Group
8.18.4.2.5 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: Private Subnet
8.18.4.2.6 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: Private Route Table
8.18.4.2.7 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: SubnetRouteTableAssociation
8.18.4.2.8 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: VPN CGW (Customer Gateway)
8.18.4.2.9 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: VPN VGW (Virtual Private Gateway)
8.18.4.2.10 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: VPCGatewayAttachment
8.18.4.2.11 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: VPNConnection
8.18.4.2.12 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Resource: EC2 instances
8.18.4.2.13 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Create Stack and Verification
8.18.4.2.14 Integrated demonstration: VPC + Private Subnet + Site-to-Site VPN + Route Table + EC2 instances: Clean Up
8.18.5 Application Load Balancer (ALB)
8.18.5.1 Key Points
8.18.5.1.1 CloudFormation of Target Group
8.18.5.1.2 CloudFormation of Application Load Balancer (ALB)
8.18.5.1.3 CloudFormation of Listener
8.18.5.2 Integrated demonstration: Application Load Balancer (ALB)
8.18.5.2.1 Integrated demonstration: Application Load Balancer (ALB): Preparation
8.18.5.2.2 Integrated demonstration: Application Load Balancer (ALB): Parameters
8.18.5.2.3 Integrated demonstration: Application Load Balancer (ALB): Resource: Security Group for Application Load Balancer (ALB)
8.18.5.2.4 Integrated demonstration: Application Load Balancer (ALB): Resource: Security Group for EC2 instance
8.18.5.2.5 Integrated demonstration: Application Load Balancer (ALB): Resource: Application Load Balancer (ALB)
8.18.5.2.6 Integrated demonstration: Application Load Balancer (ALB): Resource: Listener
8.18.5.2.7 Integrated demonstration: Application Load Balancer (ALB): Resource: Target Group a
8.18.5.2.8 Integrated demonstration: Application Load Balancer (ALB): Resource: Target Group b
8.18.5.2.9 Integrated demonstration: Application Load Balancer (ALB): Resource: Target Group ab
8.18.5.2.10 Integrated demonstration: Application Load Balancer (ALB): Resource: EC2 instance in AZ a
8.18.5.2.11 Integrated demonstration: Application Load Balancer (ALB): Resource: EC2 instance in AZ b
8.18.5.2.12 Integrated demonstration: Application Load Balancer (ALB): Outputs
8.18.5.2.13 Integrated demonstration: Application Load Balancer (ALB): Create Stack and Verification
8.18.5.2.14 Integrated demonstration: Application Load Balancer (ALB): Clean Up
8.18.6 Relational Database Service (RDS) [Single AZ / Multi-AZ] + Deletion Policy
8.18.6.1 Key Points
8.18.6.1.1 CloudFormation of Subnet Group
8.18.6.1.2 CloudFormation of DB Instance
8.18.6.1.3 Deletion Policy of DB insetance
8.18.6.2 Integrated demonstration: Relational Database Service (RDS)
8.18.6.2.1 Integrated demonstration: Relational Database Service (RDS): Preparation
8.18.6.2.2 Integrated demonstration: Relational Database Service (RDS): Parameters
8.18.6.2.3 Integrated demonstration: Relational Database Service (RDS): Resource: Security Group
8.18.6.2.4 Integrated demonstration: Relational Database Service (RDS): Resource: Subnet group
8.18.6.2.5 Integrated demonstration: Relational Database Service (RDS): Resource: DBInstance
8.18.6.2.6 Integrated demonstration: Relational Database Service (RDS): Resource: DBInstance (Deletion Policy)
8.18.6.2.7 Integrated demonstration: Relational Database Service (RDS): Create Stack and Verification
8.18.6.2.8 Integrated demonstration: Relational Database Service (RDS): Clean Up
8.18.7 Identity and Access Management (IAM)
8.18.7.1 Key Points
8.18.7.1.1 CloudFormation of IAM Group
8.18.7.1.2 CloudFormation of IAM Policy
8.18.7.1.3 CloudFormation of IAM User
8.18.7.2 Integrated demonstration: Identity and Access Management (IAM)
8.18.7.2.1 Integrated demonstration: Identity and Access Management (IAM): Preparation
8.18.7.2.2 Integrated demonstration: Identity and Access Management (IAM): Parameters
8.18.7.2.3 Integrated demonstration: Identity and Access Management (IAM): Resource: IAM Groups
8.18.7.2.4 Integrated demonstration: Identity and Access Management (IAM): Resource: IAM Policies
8.18.7.2.5 Integrated demonstration: Identity and Access Management (IAM): Resource: IAM Users
8.18.7.2.6 Integrated demonstration: Identity and Access Management (IAM): Resource: IAM AccessKey
8.18.7.2.7 Integrated demonstration: Identity and Access Management (IAM): Outputs
8.18.7.2.8 Integrated demonstration: Identity and Access Management (IAM): Create Stack and Verification
8.18.7.2.9 Integrated demonstration: Identity and Access Management (IAM): Clean Up
8.18.8 Auto Scaling
8.18.8.1 Key Points
8.18.8.1.1 CloudFormation of Launch Configuration
8.18.8.1.2 CloudFormation of AutoScaling Group
8.18.8.1.3 CloudFormation of Scaling Policy
8.18.8.1.4 CloudFormation of CloudWatch Alarm
8.18.8.2 Integrated demonstration: Auto Scaling
8.18.8.2.1 Integrated demonstration: Auto Scaling: Preparation
8.18.8.2.2 Integrated demonstration: Auto Scaling: Parameters
8.18.8.2.3 Integrated demonstration: Auto Scaling: Resource: Security Group
8.18.8.2.4 Integrated demonstration: Auto Scaling: Resource: Application Load Balancer
8.18.8.2.5 Integrated demonstration: Auto Scaling: Resource: ALB Listener
8.18.8.2.6 Integrated demonstration: Auto Scaling: Resource: Target Group
8.18.8.2.7 Integrated demonstration: Auto Scaling: Resource: Launch Configuration
8.18.8.2.8 Integrated demonstration: Auto Scaling: Resource: Alarm for high CPU utilization
8.18.8.2.9 Integrated demonstration: Auto Scaling: Resource: Alarm for low CPU utilization
8.18.8.2.10 Integrated demonstration: Auto Scaling: Resource: Scaling policy for high CPU utilization
8.18.8.2.11 Integrated demonstration: Auto Scaling: Resource: Scaling policy for low CPU utilization
8.18.8.2.12 Integrated demonstration: Auto Scaling: Resource: Auto Scaling Group
8.18.8.2.13 Integrated demonstration: Auto Scaling: Resource: SNS Topics
8.18.8.2.14 Integrated demonstration: Auto Scaling: Outputs
8.18.8.2.15 Integrated demonstration: Auto Scaling: Create Stack and Verification
8.18.8.2.16 Integrated demonstration: Auto Scaling: Clean Up
8.18.9 Common mistakes in CloudFormation
8.18.10 CloudFormation StackSet
8.18.11 CloudFormation Nested Stacks
The course content above may change at any time without notice in order to better reflect the content of the examination.