AWS Solutions Architect Professional

Course Outline

DOMAINS OF AWS SOLUTIONS ARCHITECT PROFESSIONAL:

  • DOMAIN 1
    Design Solutions for Organizational Complexity
  • DOMAIN 2
    Design for new solutions
  • DOMAIN 3
    Continuous Improvement for Existing Solutions
  • DOMAIN 4
    Accelerate Workload Migration and Modernization

DOMAIN: 1 DESIGN SOLUTIONS FOR ORGANIZATIONAL COMPLEXITY

1: ARCHITECT NETWORK CONNECTIVITY STRATEGIES

KNOWLEDGE OF

  • AWS global infrastructure
  • AWS networking concepts (for example, Amazon VPC, AWS Direct Connect, AWS VPN, transitive routing, AWS container services)
  • Hybrid DNS concepts (for example, Amazon Route 53 Resolver, on-premises DNS integration)
  • Network segmentation (for example, subnetting, IP addressing, connectivity among VPCs)
  • Network traffic monitoring

SKILLS IN

  • Evaluating connectivity options for multiple VPCs
  • Evaluating connectivity options for on-premises, co-location, and cloud integration
  • Selecting AWS Regions and Availability Zones based on network and latency requirements
  • Troubleshooting traffic flows by using AWS tools
  • Utilizing service endpoints for service integrations

HANDS-ON LAB

  • VPC Peering
  • VPN, Transit Gateway
  • CDN, CloudFront
  • Network Traffic Flows
  • VPC Endpoints

HANDS-ON LAB

  • VPC Peering
  • VPN, Transit Gateway
  • CDN, CloudFront
  • Network Traffic Flows
  • VPC Endpoints

2: PRESCRIBE SECURITY CONTROLS

KNOWLEDGE OF

  • AWS Identity and Access Management (IAM) and AWS Single Sign-On
  • Route tables, security groups, and network ACLs
  • Encryption keys and certificate management (for example, AWS Key Management Service [AWS KMS], AWS Certificate Manager [ACM])
  • AWS security, identity, and compliance tools (for example, AWS CloudTrail, AWS Identity and Access Management Access Analyzer, AWS Security Hub, Amazon Inspector)

SKILLS IN

  • Evaluating cross-account access management
  • Integrating with third-party identity providers
  • Deploying encryption strategies for data at rest and data in transit
  • Developing a strategy for centralized security event notifications and auditing

HANDS-ON LAB

  • Cross Account Access
  • Saml Integration
  • SSL & KMS Encryption
  • CloudTrail & S3

3: DESIGN RELIABLE AND RESILIENT ARCHITECTURES

KNOWLEDGE OF

  • Recovery time objectives (RTOs) and recovery point objectives (RPOs)
  • Disaster recovery strategies (for example, using AWS Elastic Disaster Recovery [CloudEndure Disaster Recovery], pilot light, warm standby, and multi-site)
  • Data backup and restoration

SKILLS IN

  • Designing disaster recovery solutions based on RTO and RPO requirements
  • Implementing architectures to automatically recover from failure
  • Developing the optimal architecture by considering scale-up and scale-out options
  • Designing an effective backup and restoration strategy

HANDS-ON LAB

  • RTO, RPO Use case (Theory)
  • Autoscaling with Self Healing
  • Life Cycle Manager Backup

4: DESIGN A MULTI-ACCOUNT AWS ENVIRONMENT

KNOWLEDGE OF

  • AWS Organizations and AWS Control Tower
  • Multi-account event notifications
  • AWS resource sharing across environments

SKILLS IN

  • Evaluating the most appropriate account structure for organizational requirements
  • Recommending a strategy for central logging and event notifications
  • Developing a multi-account governance model

HANDS-ON LAB

  • Organization
  • Control Tower

5: DETERMINE COST OPTIMIZATION AND VISIBILITY STRATEGIES

KNOWLEDGE OF

  • AWS cost and usage monitoring tools (for example, AWS Trusted Advisor, AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets)
  • AWS purchasing options (for example, Reserved Instances, Savings Plans, Spot Instances)
  • AWS right-sizing visibility tools (for example, AWS Compute Optimizer, S3 Storage Lens)

SKILLS IN

  • Monitoring cost and usage with AWS tools
  • Developing an effective tagging strategy that maps costs to business units
  • Understanding how purchasing options affect cost and performance

HANDS-ON LAB

  • Cost Explorer, Budgets
  • Cost Allocation Tags
  • Use Case of ——-

DOMAIN: 2 DESIGN FOR NEW SOLUTIONS

1: DESIGN A DEPLOYMENT STRATEGY TO MEET BUSINESS REQUIREMENTS

KNOWLEDGE OF

  • Infrastructure as code (IaC) (for example, AWS CloudFormation)
  • Continuous integration/continuous delivery (CI/CD)
  • Change management processes
  • Configuration management tools (for example, AWS Systems Manager)

SKILLS IN

  • Determining an application or upgrade path for new services and features
  • Selecting services to develop deployment strategies and implement appropriate rollback mechanisms
  • Adopting managed services as needed to reduce infrastructure provisioning and patching overhead
  • Making advanced technologies accessible by delegating complex development and deployment tasks to AWS

HANDS-ON LAB

  • AWS CFT with Nested Stack/Update Stack & Output Section
  • CI/CD
  • AWS CFT Execution Set
  • System Manager/ Session Manager

2: DESIGN A SOLUTION TO ENSURE BUSINESS CONTINUITY

KNOWLEDGE OF

  • AWS global infrastructure
  • AWS networking concepts (for example, Route 53, routing methods)
  • RTOs and RPOs
  • Disaster recovery scenarios (for example, backup and restore, pilot light, warm standby, multi-site)
  • Disaster recovery solutions on AWS

SKILLS IN

  • Configuring disaster recovery solutions
  • Configuring data and database replication
  • Performing disaster recovery testing
  • Architecting a backup solution that is automated, is cost-effective, and supports business continuity across multiple Availability Zones and/or AWS Regions
  • Designing an architecture that provides application and infrastructure availability in the event of a disruption
  • Leveraging processes and components for centralized monitoring to proactively recover from system failures

HANDS-ON LAB

  • AWS Route 53 Failover
  • AWS 4 Backup Plans
  • Database Replication/ Cross Region
  • Architecting Automatic Backup Solution
  • Multi Zone & Multi Region SA
  • Helth Checks

3: DETERMINE SECURITY CONTROLS BASED ON REQUIREMENTS

KNOWLEDGE OF

  • Route tables, security groups, and network ACLs
  • Encryption options for data at rest and data in transit
  • AWS service endpoints
  • Credential management services
  • AWS managed security services (for example, AWS Shield, AWS WAF, Amazon GuardDuty, AWS Security Hub)

SKILLS IN

  • Specifying IAM users and IAM roles that adhere to the principle of least privilege access
  • Specifying inbound and outbound network flows by using security group rules and network ACL rules
  • Developing attack mitigation strategies for large-scale web applications
  • Developing encryption strategies for data at rest and data in transit
  • Specifying service endpoints for service integrations
  • Developing strategies for patch management to remain compliant with organizational standards

HANDS-ON LAB

  • IAM Users & Roles Configuration
  • Security Groups and nakle
  • WAF & Shield
  • SSL & TLS

4: DESIGN A STRATEGY TO MEET RELIABILITY REQUIREMENTS

KNOWLEDGE OF

  • AWS global infrastructure
  • AWS storage services and replication strategies (for example Amazon S3, Amazon RDS, Amazon ElastiCache)
  • Multi-AZ and multi-Region architectures
  • Multi-AZ and multi-Region architectures
  • Application integration (for example, Amazon Simple Notification Service [Amazon SNS], Amazon Simple
  • Queue Service [Amazon SQS], AWS Step Functions)
  • Service quotas and limits

SKILLS IN

  • Designing highly available application environments based on business requirements
  • Leveraging advanced techniques to design for failure and ensure seamless system recoverability
  • Implementing loosely coupled dependencies
  • Operating and maintaining high-availability architectures (for example, application failovers, database failovers)
  • Leveraging AWS managed services for high availability
  • Implementing DNS routing policies (for example, Route 53 latency-based routing, geolocation routing, simple routing)

HANDS-ON LAB

  • Design Lab: Create a multi zone VPC with LB & AS & Route 53 with Failover

5: DESIGN A SOLUTION TO MEET PERFORMANCE OBJECTIVES

KNOWLEDGE OF

  • Performance monitoring technologies
  • Storage options on AWS
  • Instance families and use cases
  • Purpose-built databases

SKILLS IN

  • Designing large-scale application architectures for a variety of access patterns
  • Designing an elastic architecture based on business objectives
  • Applying design patterns to meet performance objectives with caching, buffering, and replicas
  • Developing a process methodology for selecting purpose-built services for required tasks
  • Designing a right-sizing strategy

HANDS-ON LAB

  • CloudWatch
  • Storage Gateway
  • FSX
  • EFX
  • Elastic Cache

6: DETERMINE A COST OPTIMIZATION STRATEGY TO MEET SOLUTION GOALS AND OBJECTIVES

KNOWLEDGE OF

  • AWS cost and usage monitoring tools (for example, Cost Explorer, Trusted Advisor, AWS Pricing Calculator)
  • Pricing models (for example, Reserved Instances, Savings Plans)
  • Storage tiering
  • Data transfer costs
  • AWS managed service offerings

SKILLS IN

  • Identifying opportunities to select and right size infrastructure for cost-effective resources
  • Identifying appropriate pricing models
  • Performing data transfer modeling and selecting services to reduce data transfer costs
  • Developing a strategy and implementing controls for expenditure and usage awareness

HANDS-ON LAB

  • AWS Calculator
  • Use Case: Calculate the whole infrastructure based on design which includes data storage, transfer and Managed Services

DOMAIN: 3 CONTINUOUS IMPROVEMENT FOR EXISTING SOLUTIONS

1: DETERMINE A STRATEGY TO IMPROVE OVERALL OPERATIONAL EXCELLENCE

KNOWLEDGE OF

  • Alerting and automatic remediation strategies
  • Disaster recovery planning
  • Monitoring and logging solutions (for example, Amazon CloudWatch)
  • CI/CD pipelines and deployment strategies (for example, blue/green, all-at-once, rolling)
  • Configuration management tools (for example, Systems Manager)

SKILLS IN

  • Determining the most appropriate logging and monitoring strategy
  • Evaluating current deployment processes for improvement opportunities
  • Prioritizing opportunities for automation within a solution stack
  • Recommending the appropriate AWS solution to enable configuration management automation
  • Engineering failure scenario activities to support and exercise an understanding of recovery actions

HANDS-ON LAB

  • CloudWatch with logging
  • Use Case (How to improve existing insfrastructure)
  • Use Case (How to use configuration managed system in existing infrastructure)
  • Use Case (What type of recovery, Recover Infrastructure)

2: DETERMINE A STRATEGY TO IMPROVE SECURITY

KNOWLEDGE OF

  • Data retention, data sensitivity, and data regulatory requirements
  • Automated monitoring and remediation strategies (for example, AWS Config rules)
  • Secrets management (for example, Systems Manager, AWS Secrets Manager)
  • Principle of least privilege access
  • Security-specific AWS solutions
  • Patching practices
  • Backup practices and methods

SKILLS IN

  • Evaluating a strategy for the secure management of secrets and credentials
  • Auditing an environment for least privilege access
  • Reviewing implemented solutions to ensure security at every layer
  • Reviewing comprehensive traceability of users and services
  • Prioritizing automated responses to the detection of vulnerabilities
  • Designing and implementing a patch and update process
  • Designing and implementing a backup process
  • Employing remediation techniques

HANDS-ON LAB

  • Use Case (How to Audit Environment with lost)
  • Patch & Update Process (SM)
  • Backup Process

3: DETERMINE A STRATEGY TO IMPROVE PERFORMANCE

KNOWLEDGE OF

  • High-performing systems architectures (for example, auto scaling, instance fleets, and placement groups)
  • Global service offerings (for example, AWS Global
  • Accelerator, Amazon CloudFront, and edge computing services)
  • Monitoring tool sets and services (for example, CloudWatch)
  • Service level agreements (SLAs) and key performance indicators (KPIs)

SKILLS IN

  • Translating business requirements to measurable metrics
  • Testing potential remediation solutions and making recommendations
  • Proposing opportunities for the adoption of new technologies and managed services
  • Assessing solutions and applying right sizing based on requirements
  • Identifying and examining performance bottlenecks

HANDS-ON LAB

  • Use Case (Diagram will be given (Incomplete) to determine strategy)

4: DETERMINE A STRATEGY TO IMPROVE RELIABILITY

KNOWLEDGE OF

  • AWS global infrastructure
  • Data replication methods
  • Scaling methodologies (for example, load balancing, auto scaling)
  • High availability and resiliency
  • Disaster recovery methods and tools
  • Service quotas and limits

SKILLS IN

  • Understanding application growth and usage trends
  • Evaluating existing architecture to determine areas that are not sufficiently reliable
  • Remediating single points of failure
  • Enabling data replication, self-healing, and elastic features and services

HANDS-ON LAB

  • Use Case

5: IDENTIFY OPPORTUNITIES FOR COST OPTIMIZATIONS

KNOWLEDGE OF

  • Cost-conscious architecture choices (for example, utilizing Spot Instances, scaling policies, and right-sizing resources)
  • Price model adoptions (for example, Reserved Instances, Savings Plans)
  • Networking and data transfer costs
  • Cost management, alerting, and reporting

SKILLS IN

  • Analyzing usage reports to identify underutilized and overutilized resources
  • Utilizing AWS solutions to identify unused resources
  • Designing billing alarms based on expected usage patterns
  • Investigating AWS Cost and Usage Reports at a granular level
  • Utilizing tagging for cost allocation and reporting

HANDS-ON LAB

  • Use Case

DOMAIN: 4 ACCELERATE WORKLOAD MIGRATION AND MODERNIZATION

1: SELECT EXISTING WORKLOADS AND PROCESSES FOR POTENTIAL MIGRATION

KNOWLEDGE OF

  • Migration assessment and tracking tools (for example, AWS Migration Hub)
  • Portfolio assessment
  • Asset planning
  • Prioritization and migration of workloads (for example, wave planning)

SKILLS IN

  • Completing an application migration assessment
  • Evaluating applications according to the seven common migration strategies (7Rs)
  • Evaluating total cost of ownership (TCO)

HANDS-ON LAB

  • Migration Techniques (Search)
  • Migration types
  • Migration Tools
  • Snow Family

2: DETERMINE THE OPTIMAL MIGRATION APPROACH FOR EXISTING WORKLOADS

KNOWLEDGE OF

  • Data migration options and tools (for example, AWS DataSync, AWS Transfer Family, AWS Snow Family, S3 Transfer Acceleration)
  • Application migration tools (for example, AWS Application Discovery Service, AWS Application Migration Service [CloudEndure Migration], AWS Server Migration Service [AWS SMS])
  • AWS networking services and DNS (for example, Direct Connect, AWS Site-to-Site VPN, Route 53)
  • Identity services (for example, AWS SSO, AWS Directory Service)
  • Database migration tools (for example, AWS Database Migration Service [AWS DMS], AWS Schema Conversion Tool [AWS SCT])
  • Governance tools (for example, AWS Control Tower, Organizations)

SKILLS IN

  • Selecting the appropriate database transfer mechanism
  • Selecting the appropriate application transfer mechanism
  • Selecting the appropriate data transfer service and migration strategy
  • Applying the appropriate security methods to migration tools
  • Selecting the appropriate governance model

3: DETERMINE A NEW ARCHITECTURE FOR EXISTING WORKLOADS

KNOWLEDGE OF

  • Compute services (for example, Amazon EC2, AWS Elastic Beanstalk)
  • Containers (for example, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], AWS Fargate, Amazon Elastic Container Registry [Amazon ECR])
  • AWS storage services (for example, Amazon Elastic Block Store [Amazon EBS], Amazon Elastic File System [Amazon EFS], Amazon FSx, Amazon S3, Volume Gateway)
  • Databases (for example, Amazon DynamoDB, Amazon OpenSearch Service [Amazon Elasticsearch Service], Amazon RDS, self-managed databases on Amazon EC2)

SKILLS IN

  • Selecting the appropriate compute platform
  • Selecting the appropriate container hosting platform
  • Selecting the appropriate storage service
  • Selecting the appropriate database platform

4: DETERMINE OPPORTUNITIES FOR MODERNIZATION AND ENHANCEMENTS

KNOWLEDGE OF

  • Serverless compute offerings (for example, AWS Lambda)
  • Containers (for example, Amazon ECS, Amazon EKS, AWS Fargate)
  • AWS storage services (for example, Amazon S3, Amazon EFS)
  • Purpose-built databases (for example, DynamoDB, Amazon Aurora Serverless, ElastiCache)
  • Integration service (for example, Amazon SQS, Amazon SNS, Amazon EventBridge [Amazon CloudWatch Events], Step Functions)

SKILLS IN

  • Identifying opportunities to decouple application components
  • Identifying opportunities for serverless solutions
  • Selecting the appropriate service for containers
  • Identifying opportunities for purpose-built databases
  • Selecting the appropriate application integration service