AWS Certified SysOps Administrator Study Guide
Description
The newly updated Third Edition of AWS Certified SysOps Administrator Study Guide: Associate (SOA-C02) Exam prepares you for the Amazon Web Services SysOps Administrator certification and a career in the deployment, management, and operation of an AWS environment.
Whether you're preparing for your first attempt at the challenging SOA-C02 Exam, or you want to upgrade your AWS SysOps skills, this practical Study Guide delivers the hands-on skills and best practices instruction you need to succeed on the test and in the field. You'll get:
* Coverage of all of the SOA-C02 exam's domains, including monitoring, logging, remediation, reliability, business continuity, and more
* Instruction that's tailor-made to achieve success on the certification exam, in an AWS SysOps job interview, and in your next role as a SysOps administrator
* Access to the Sybex online study tools, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms
The AWS Certified SysOps Administrator Study Guide: Associate (SOA-C02) Exam includes all the digital and offline tools you need to supercharge your career as an AWS Certified SysOps Administrator.
More details
Other editions
Additional editions
Persons
ABOUT THE AUTHORS
JORGE T. NEGRÓN is part of Cloud Academy's AWS Subject Matter Experts team where he builds courses, writes blogs and records podcast while helping customers learn and improve their skills in AWS technologies. Prior to that Jorge was AWS Academy's Technical Program Manager within the training and certification teams. He was born and raised in San Juan Puerto Rico and travels the world enabling customers and partners gain intimate knowledge of Cloud Computing related skills and development. His passion is in education and contributing to the next generation work force with Cloud Computing literacy.
CHRISTOFFER JONES, AWS Certified DevOps Professional, is a technologist, IT consultant, and educator who has spent more than 20 years working with IT operations, network engineering, and IT administration. He has spent the last six years diving deep into Amazon Web Services to consult, teach, and mentor others on AWS services and solutions.
GEORGE SAWYER has been in technology education since before the turn of the century and was an early adopter of cloud computing. In addition to teaching around the world with his own training company, George has been a senior technical trainer and global learning strategist at Amazon Web Services. He is currently developing learning programs for Compass, Inc. George is a doctoral candidate and lives on his farm with his wife Mandi where they practice regenerative farming and raise heritage livestock.
Content
Introduction xxi
Chapter 1 AWS Fundamentals 1
Getting Started 1 2
The AWS Shared Responsibility Model 8
General Root Account Best Practices 9
The AWS Global Infrastructure 16
The AWS Command-Line Interface 17
The AWS Health API and Dashboards 23
Pricing 24
Summary 25
Exam Essentials 25
Hands-On Exercises 26
Review Questions 29
Chapter 2 Account Creation, Security, and Compliance 33
Shared Responsibility 34
Compliance 37
IAM 38
AWS Organizations and Control Tower 60
AWS Directory Service 68
AWS License Manager 72
Summary 74
Exam Essentials 74
Review Questions 75
Chapter 3 AWS Cost Management 81
AWS Cost and Usage Reports 82
AWS Cost Explorer 88
Savings Plans 90
AWS Budgets 95
Managing Costs with Managed Services 99
Amazon EC2 Spot Instances and Cost Optimization 100
Summary 101
Exam Essentials 102
Review Questions 104
Chapter 4 Automated Security Services and Compliance 109
Review Reports, Findings, and Checks 110
Data Protection Strategies 131
Network Protection Strategies 160
Summary 190
Exam Essentials 193
Review Questions 195
Chapter 5 Compute 201
The Hypervisor 202
Amazon Machine Image (AMI) 203
Amazon EC2 206
Amazon EC2 Image Builder 211
Compute Optimizer 213
Elastic Load Balancing 214
Auto Scaling 218
AWS Application Auto Scaling 223
AWS Lambda 225
Summary 230
Exam Essentials 230
Review Questions 232
Chapter 6 Storage, Migration, and Transfer 237
Storage vs. Migration 238
Amazon Simple Storage Service (S3) 239
Amazon S3 Glacier 247
Amazon Elastic Block Store 252
Amazon Elastic File System 256
Amazon FSx 259
Migration and Transfer 263
AWS Backup 263
AWS Storage Gateway 267
AWS DataSync 270
AWS Transfer Family 272
Summary 273
Exam Essentials 276
Review Questions 278
Chapter 7 Databases 285
Amazon Relational Database Service 286
Amazon ElastiCache 294
Summary 300
Exam Essentials 300
Review Questions 302
Chapter 8 Monitoring, Logging, and Remediation 307
Amazon CloudWatch 308
Monitoring on AWS 313
Basic CloudWatch Terms and Concepts 315
Monitoring Compute 317
Monitoring Storage 318
CloudWatch Alarms 319
CloudWatch Events 320
Exercises 322
AWS CloudTrail 327
API Logs Are Trails of Data 332
CloudTrail as a Monitoring Tool 334
Exercises 336
AWS Config 340
AWS Systems Manager 346
Exercises 351
Summary 357
Exam Essentials 358
Review Questions 360
Chapter 9 Networking 365
Networking 366
Troubleshooting 371
VPC IP Address Manager 371
Hubs, Spokes, and Bastion Hosts 373
Connecting to the Internet 374
Connecting to Networks and Services 375
VPC Peering 376
Bastion Hosts 378
Monitoring VPC Traffic 381
AWS Client VPN 384
VPC Endpoints 385
AWS Transit Gateway 386
Cloud WAN 389
Summary 389
Exam Essentials 389
Review Questions 391
Chapter 10 Content Delivery 395
Domain Name System 396
Amazon Route 53 399
Route 53 Health Checks 401
Routing Policies 404
Route 53 Traffic Flow 408
Route 53 Guided Exercise 409
Amazon CloudFront 412
Edge Locations 413
The CloudFront Cache Process 413
Restricting Access to S3 (OAI vs. OAC) 414
CloudFront Functions 415
CloudFront Guided Exercise 415
AWS Global Accelerator 420
Pricing 421
Summary 421
Exam Essentials 422
Review Questions 423
Chapter 11 Deployment, Provisioning, and Automation 427
Elastic Beanstalk 429
Elastic Beanstalk Extensions 433
AWS CloudFormation 435
Amazon SQS 446
Amazon SNS 449
Amazon Kinesis Services 451
Step Functions 454
Summary 457
Exam Essentials 458
Review Questions 460
Appendix Answers to Review Questions 465
Chapter 1: AWS Fundamentals 466
Chapter 2: Account Creation, Security, and Compliance 468
Chapter 3: AWS Cost Management 470
Chapter 4: Automated Security Services and Compliance 472
Chapter 5: Compute 475
Chapter 6: Storage, Migration, and Transfer 477
Chapter 7: Databases 481
Chapter 8: Monitoring, Logging, and Remediation 483
Chapter 9: Networking 485
Chapter 10: Content Delivery 487
Chapter 11: Deployment, Provisioning, and Automation 488
Index 491
Introduction
The rate of cloud computing adoption continues to rise, as it has for several years. Technology companies and startups often embrace the cloud early, while heavily regulated industries like healthcare and finance may have a slower adoption process due to security and compliance considerations. This all results in a demand for cloud systems' operators to deploy, monitor, scale, and run the day-to-day operations of a cloud implementation.
This rate of adoption represents an opportunity for systems operators to add to their existing toolset a suite of cloud computing best practices. The best practices put forward by the well-architected framework is intended to allow you to accomplish an implementation that leverages the best and most practical intelligence available. This results in scalable, resilient, highly available, and operationally excellent workloads.
This certification of systems operations for AWS Cloud systems is intended to make sure you understand the variety of critical services that are focused on operations, monitoring, security, and networking. You can dig into the documentation since it's already available online. However, aggregating the reading list from documentation and whitepapers can add up very fast and consume a large amount of time.
We wrote this book so that you don't have to do that aggregation. The idea is to present you with a comprehensive set of services, configurations, and features that are typically in daily use during systems operations. Our hope is that this book saves you time and helps you successfully complete the certifications. We speak from experience; using Wiley cert prep books is how we gained certification our very first time a few years ago. We sincerely hope it does the same for you. Thank you for picking it up.
What Does This Book Cover?
This book covers the topics you need to understand as you prepare to take the AWS Certified SysOps Administrator - Associate exam. The topics that we cover in this book include the following:
- Chapter 1, "AWS Fundamentals": The first part of the book starts with the foundational topics that you need to know and understand before you dig into the rest of the book content. These topics include account creation, using the management console, using the command-line interface (CLI), and the Personal Health dashboard. This is basically a review of concepts that should be familiar to you already.
- Chapter 2, "Account Creation, Security, and Compliance": The second chapter covers identity and access management, Access Analyzer, AWS Organizations, AWS Directory Service, AWS Control Tower, and AWS License Management. This chapter concentrates on account creation and the different modalities to implement authentication and authorization for users and administrators. Some of the tasks covered in this chapter are:
- Implementing IAM features (for example, password policies, multifactor authentication [MFA], roles, SAML, federated identity, resource policies, policy conditions)
- Troubleshooting and auditing access issues by using AWS services (for example, CloudTrail, IAM Access Analyzer, IAM policy simulator)
- Validating service control policies (SCPs) and permissions boundaries
- Reviewing AWS Trusted Advisor security checks
- Validating AWS region and service selections based on compliance requirements
- Implementing secure multi-account strategies (for example, AWS Control Tower, AWS Organizations)
- Chapter 3, "AWS Cost Management": In the third chapter of this book, the focus shifts to cost analysis and management. The cost and usage report, AWS Cost Explorer, Savings Plan, and Budgets are discussed to give you the tools to manage your costs effectively. Some of the tasks covered in this chapter are:
- Implementing cost allocation tags
- Identifying and remediating underutilized or unused resources by using AWS services and tools (for example, Trusted Advisor, AWS Compute Optimizer, AWS Cost Explorer)
- Configuring AWS Budgets and billing alarms
- Assessing resource usage patterns to qualify workloads for EC2 Spot Instances
- Identifying opportunities to use managed services (for example, Amazon RDS, AWS Fargate, Amazon EFS)
- Recommending compute resources based on performance metrics
- Monitoring Amazon Elastic Block Store (Amazon EBS) metrics and modifying configuration to increase performance efficiency
- Implementing S3 performance features (for example, S3 Transfer Acceleration, multipart uploads)
- Monitoring RDS metrics and modifying the configuration to increase performance efficiency (e.g., Performance Insights, RDS Proxy)
- Enabling enhanced EC2 capabilities (e.g., Elastic Network Adapter, instance store, placement groups)
- Chapter 4, "Automated Security Services and Compliance": The fourth chapter of the book introduces the variety of services that are available. When you activate a service in your account and region, the service operates almost automatically for the protections it provides. Services include Amazon Inspector for EC2s, AWS Security Hub, Amazon Guard Duty, Amazon Detective, Amazon Macie, AWS Shield, AWS WAF, AWS Firewall Manager, AWS Key management services, AWS Secrets Manager, and AWS Certificate Manager. Some of the tasks covered in this chapter are:
- Enforcing a data classification scheme
- Creating, managing, and protecting encryption keys
- Implementing encryption at rest (e.g., AWS Key Management Service [AWS KMS])
- Implementing encryption in transit (e.g., AWS Certificate Manager [ACM], VPN)
- Securely storing secrets by using AWS services (e.g., AWS Secrets Manager, Systems Manager Parameter Store)
- Reviewing reports or findings (e.g., AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)
- Chapter 5, "Compute": In the fifth chapter we discuss compute services. One of the most common questions here is whether containers are included. As of this writing, Amazon Elastic Container Service and Registry (ECS and ECR) and Amazon Lightsail are "out of scope" for this exam. We cover Amazon Machine Images (AMIs), Amazon EC2, Amazon EC2 Image Builder, Elastic Load Balancers, Auto Scaling, and AWS Lambda. Some of the tasks covered in this chapter are:
- Configuring Elastic Load Balancing (ELB) and Amazon Route 53 health checks
- Differentiating between the use of a single availability zone and multi-AZ deployments (e.g., Amazon EC2 Auto Scaling groups, ELB, Amazon FSx, Amazon RDS)
- Implementing fault-tolerant workloads (e.g., Amazon Elastic File System [Amazon EFS], Elastic IP addresses)
- Chapter 6, "Storage, Migration, and Transfer": As its title suggests, in Chapter 6 we cover storage, migration, and transfer services like Amazon S3, Amazon S3 Glacier, Elastic Block Store, Elastic File System, Amazon FSx, AWS Backup, AWS Storage Gateway, AWS Data Sync, and the Snowball AWS transfer family of devices. Some of the tasks covered in this chapter are:
- Automating snapshots and backups based on use cases (e.g., RDS snapshots, AWS Backup, RTO and RPO, Amazon Data Lifecycle Manager, retention policy)
- Restoring databases (e.g., point-in-time restore, promote read replica)
- Implementing versioning and life cycle rules
- Configuring Amazon S3 Cross-Region Replication (CRR)
- Performing disaster recovery procedures
- Chapter 7, "Databases": It is important to understand all AWS databases in terms of their name and what function they provide, and, more importantly, in which situations to use them. This chapter concentrates on the implementation and operation of Amazon RDS, including Aurora. This should provide a sign that Amazon RDS is a service that needs to be understood well for the exam. It's also important to understand how to use ElastiCache, the engines it supports, and the types of caching process that can be implemented. Some of the tasks covered in this chapter are:
- Implementing caching
- Implementing Amazon RDS replicas and Amazon Aurora replicas
- Differentiating between horizontal scaling and vertical scaling
- Chapter 8, "Monitoring, Logging, and Remediation": This is probably the main chapter of the study guide as it contains the material that has the highest percentage of coverage in the exam. In this chapter we discuss Amazon CloudWatch as a service to monitor AWS and third-party tools; Amazon CloudWatch Logs, for the aggregation and processing of log streams; and Amazon CloudWatch Events (also known as Amazon EventBridge), AWS CloudTrail, AWS Config, and AWS Systems Manager as some of the services allowing for scalable deployments and operations. Some of the tasks covered in this chapter are:
- Identifying, collecting, analyzing, and exporting logs (e.g., Amazon CloudWatch Logs, CloudWatch Logs Insights, AWS CloudTrail logs)
- Collecting metrics and logs by using the CloudWatch agent
- Creating CloudWatch alarms
- Creating metric filters
- Creating CloudWatch dashboards
- Configuring notifications (e.g., Amazon Simple Notification Service [Amazon SNS], CloudWatch alarms, AWS Health events)
- Troubleshooting or taking corrective actions based on notifications and alarms
- Configuring Amazon EventBridge rules to invoke actions
- Using AWS Systems...
