This chapter covers the following official AWS Certified SysOps Administrator – Associate (SOA-C02) exam domain: Domain 3: Deployment, Provisioning, and Automation (For more information on the official AWS Certified SysOps Administrator – Associate [SOA-C02] exam topics, see the Introduction.) As you can probably imagine, provisioning resources in AWS is a major responsibility within an organization. […]

Application Load Balancing The application load balancer, or layer 7 load balancer, is a version 2 ELB that supports HTTP, HTTPS, and WebSocket protocols. It is important to remember that the ALB does not listen for other protocols such as VOIP, gaming, SSH, FTP, or any others. If you want to work with these protocols, […]

Principle 2 – Test Recovery Procedures Having automated recovery procedures is good, but making sure they work is better. If you’re new to the cloud, you may be used (in your on-premises environment) to testing your workloads and making sure they work in “normal” conditions, but you may be less used to testing recovery procedures […]

Reviewing the Findings in GuardDuty If you went through the exercise in the previous section, you will see the findings appear inside the GuardDuty console after about 8 to 10 minutes. At the top of the screen, the colored ovals that previously contained all zeros will now have one in the medium-severity category and two […]

Data visualization is an art! No matter how much effort you and your team put into data preparation and preliminary analysis for modeling, if you don’t know how to show your findings effectively, your audience may not understand the point you are trying to make. Often, such situations may be even worse when you are […]

Network Load Balancing In the Open Systems Interconnection (OSI) model, layer 4 is the transport layer and primarily uses the UDP, TCP, or the SSL/TLS networking protocols. The layer 4 load balancers are in the network load balancer category and are known for their high connection rates, low latency, and overall high-performance characteristics. While you […]

Summary This chapter has covered quite a lot of ground in terms of designing secure solutions on AWS. You learned how to leverage IAM and identity federation in your solution to provide granular access control. You then looked at the best practices to protect your infrastructure resources—using tools such as AWS WAF, AWS Shield, and […]

Exam Readiness Drill – Chapter Review Questions Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That is why working on these skills early on in your learning journey is key. Chapter review questions are designed to […]

Glacier Glacier is the archiving tier of S3 in AWS; however, you can use Glacier directly through the API as well. Many different backup tools allow you to store data onto Glacier directly. When using Glacier, be mindful of the RTO because the retrieval times in Glacier fall into three categories: Expedited retrieval: Retrieval of […]

Enabling Amazon GuardDuty Amazon GuardDuty is a regional service. You must first select the region where you will enable the service; once that is done, it is effortless to enable it. Just complete the following steps: After enabling GuardDuty, you will be brought to the main GuardDuty page (that is, the Findings page) by default. […]