Skip to content
Personal Docs

AWS Certified Solutions Architect

Getting Started

Regions

A region is a geographical area where AWS has data centers. Each region is isolated from others to provide fault tolerance and stability. Regions are named with a code that includes the continent and a number, such as us-east-1 for the US East (N. Virginia) region. A region is a group of Availability Zones (AZ).

**How to choose a region: ** - Conformity : Choose a region that conforms to your data residency and compliance requirements. - Proximity : Select a region that is geographically close to your users to reduce latency. - Services : Ensure the region supports the AWS services you need for your application. - Pricing : Consider the pricing differences between regions, as costs can vary.

Availability Zones

An Availability Zone (AZ) is a distinct location within a region that is engineered to be isolated from failures in other AZs. Each AZ has its own power, cooling, and physical security, and is connected to other AZs in the region with low-latency links.

Availability Zones: - an Availability Zone is group of data centers (one or more) - each AZ is separated geographically from others in the same region (isolatied from desaster) - All AZ are linked with low-latency, high-throughput, and highly redundant network connections

IAM & AWS CLI

Users, Groups, Roles, and Policies

Users: - A user is an individual identity with credentials (username and password) to access AWS resources. - Users can be assigned permissions through policies to control their access to AWS services.

Groups: - Multiple users in one group - One users can be in multiple groups - A user can have no group

Policies: - Policies are JSON documents that define permissions for users, groups, or roles. - Policies can be attached to users, groups, or roles to grant permissions to AWS resources.

Roles: - A role is an AWS identity with specific permissions that can be assumed by users, applications, or services. - Roles are used to delegate access to AWS resources without sharing long-term credentials. - Roles can be assumed by AWS services, such as EC2 instances or Lambda functions, to perform actions on your behalf.

IAM Policies

{
  "Version": "2012-10-17", # Version of the policy language
  "Id": "PolicyForS3Access", # Unique identifier for the policy (optional)
  "Statement": [
    {
      "Sid": "AllowS3ListAndGet", # Statement ID (optional)
      "Effect": "Allow", # Allow access to the specified action
      "Principal": { # Specify the principal (user, group, or role) to which this policy applies
        "AWS": "arn:aws:iam::123456789012:user/ExampleUser" # Replace with the actual ARN of the user
      },
      "Action": "s3:ListBucket", # Can list the contents of the bucket
      "Resource": "arn:aws:s3:::example-bucket" # specify the bucket ARN
      "Condition": { # Optional condition to restrict access
        "StringEquals": {
          "s3:prefix": "public/" # Only allow access to objects with the prefix 'public/'
        }
      }
    }
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
    {
        "Effect": "Deny",
        "Action": "s3:DeleteObject",
        "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}

AWS Access Keys

Terminal window
aws configure
> AWS Access Key ID [None]: YOUR_ACCESS_KEY_ID
> AWS Secret Access Key [None]: YOUR_SECRET_ACCESS_KEY
> Default region name [None]: us-east-1
> Default output format [None]: json

EC2

EC2 (Elastic Compute Cloud) is a web service that provides resizable compute capacity in the cloud. It allows users to run virtual servers, known as instances, on-demand.

EC2 options

  • OS: Choose the operating system for your instance, such as Amazon Linux, Ubuntu, or Windows.
  • Storage: Specify the storage options for your instance, including EBS volumes or instance store.
  • CPU: Choose the number of virtual CPUs (vCPUs) required for your instance.
  • Memory: Specify the amount of RAM required for your instance, such as 1
  • Network: Speed and bandwidth requirements for your instance, including VPC and subnet configuration.

EC2 User Data

User data is a script that runs when an EC2 instance is launched. It can be used to perform initial setup tasks, such as installing software or configuring the instance.

EC2 Instance Types

EC2 instances are categorized into different types based on their intended use case. The main categories include:

  • General Purpose: Balanced CPU, memory, and network resources. Examples: t3, m5.
  • Compute Optimized: High CPU-to-memory ratio for compute-intensive applications. Examples: c5, c6g.
  • Memory Optimized: High memory-to-CPU ratio for memory-intensive applications. Examples: r5, x1.
  • Storage Optimized: High disk throughput and IOPS for data-intensive applications. Examples: i3, d2.

SSH Key Pairs

SSH key pairs are used to securely connect to EC2 instances. When you launch an instance, you can specify a key pair that will be used for SSH access.

Security Groups

Security groups act as virtual firewalls for your EC2 instances. They control inbound and outbound traffic to instances based on rules you define.

Here are some ports commonly used in security groups:

  • SSH (22): Secure Shell for remote administration.
  • FTP (21): File Transfer Protocol for transferring files.
  • SFTP (22): Secure File Transfer Protocol, typically using SSH.
  • HTTP (80): Standard port for web traffic.
  • HTTPS (443): Secure web traffic.
  • RDP (3389): Remote Desktop Protocol for Windows instances.

Elastic IP Addresses

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. It allows you to associate a public IP address with an EC2 instance, enabling you to maintain a consistent IP address even if the instance is stopped or restarted.

EC2 Instance Lifecycle

The lifecycle of an EC2 instance includes the following states:

  • Pending: The instance is being launched.
  • Running: The instance is running and available for use.
  • Stopping: The instance is being stopped.
  • Stopped: The instance is stopped and can be restarted later.
  • Terminated: The instance is permanently deleted and cannot be restarted.

EC2 Pricing Models

EC2 propose plusieurs modĂšles de tarification pour rĂ©pondre Ă  diffĂ©rents cas d’utilisation :

  • On-Demand Instances : Payez pour la capacitĂ© de calcul Ă  l’heure ou Ă  la seconde, sans engagements Ă  long terme.
  • Reserved Instances : RĂ©servez de la capacitĂ© pour une durĂ©e d’un an ou trois ans, offrant des Ă©conomies significatives par rapport Ă  la tarification Ă  la demande.
  • Spot Instances : Achetez de la capacitĂ© EC2 inutilisĂ©e Ă  des prix rĂ©duits, vous permettant d’enchĂ©rir sur la capacitĂ© excĂ©dentaire.
  • Savings Plans : ModĂšle de tarification flexible qui offre des Ă©conomies sur l’utilisation d’EC2 en Ă©change d’un engagement Ă  une utilisation constante sur une pĂ©riode d’un an ou trois ans (10€/h pendant 1 an).
  • Dedicated Hosts : Serveurs physiques dĂ©diĂ©s Ă  votre usage, vous permettant de contrĂŽler l’allocation des instances sur un hĂŽte spĂ©cifique. Ils sont particuliĂšrement utiles pour rĂ©pondre Ă  des exigences strictes de conformitĂ© ou de licence, comme l’utilisation de logiciels nĂ©cessitant des licences par socket ou par cƓur physique.
  • Dedicated Instances : Instances exĂ©cutĂ©es sur du hardware dĂ©diĂ© Ă  un seul client, offrant une isolation physique par rapport aux instances des autres clients. Contrairement aux Dedicated Hosts, vous n’avez pas de contrĂŽle direct sur l’allocation des instances au niveau de l’hĂŽte physique.
  • Capacity Reservations : RĂ©servez de la capacitĂ© pour vos instances dans une Availability Zone spĂ©cifique, garantissant que vous disposez des ressources nĂ©cessaires lorsque vous en avez besoin.

Price IPv4 addresses

Generally, AWS charges for Elastic IP addresses that are not associated with a running instance. The cost is typically around $0.005 per hour for each unused Elastic IP address.

EC2 Auto Scaling

EC2 Auto Scaling automatically adjusts the number of EC2 instances in your application based on demand. It helps ensure that you have the right number of instances available to handle incoming traffic while optimizing costs.

EC2 Load Balancing

Load balancing distributes incoming traffic across multiple EC2 instances to ensure high availability and fault tolerance. AWS provides several load balancing options, including:

  • Application Load Balancer (ALB): Operates at the application layer (HTTP/HTTPS) and supports advanced routing features.
  • Network Load Balancer (NLB): Operates at the transport layer (TCP/UDP) and is designed for high performance and low latency.
  • Classic Load Balancer: Legacy load balancer that supports both HTTP/HTTPS and TCP protocols.

Solution Architect Associate Level

Private Public IP

  • A private IP address is an IP address that is not routable on the public internet.
  • A public IP address, on the other hand, is an IP address that is routable on the public internet.

Elastic IP Address

Everytime you start an EC2 instance, it gets a new public IP address. If you want to keep the same public IP address, you can associate an Elastic IP address with the instance. Price for Elastic IP addresses is around $0.005 per hour for each unused Elastic IP address.