Your #1 all-in-one reference and exam Study Guide for the UPDATED AWS SysOps Administrator certification!
This comprehensive book guides readers through the role of a SysOps Administrator and helps prepare candidates to take the updated AWS Certified SysOps Administrator—Associate (SOA-C01) Exam. The AWS Certified SysOps Administrator—Associate certification validates technical expertise in deployment, management, and operations on the AWS platform.
This Study Guide not only prepares readers for the AWS exam, but it makes sure the reader is ready to perform the duties expected of SysOps Administrators. The book focuses on the skill-set required of AWS professionals by filling in the gap between test preparation and real-world preparedness. Concepts covered include:
Monitoring and Reporting High Availability Deployment and Provisioning Storage and Dada Management Security and Compliance Networking Automation and Optimization And More
Readers will also have one year of free access to the Sybex interactive online learning environment and test bank, providing a suite of robust study tools including an assessment test, chapter tests, bonus practice exam, electronic flashcards, and a glossary of key terms.
By:
Sara Perrott,
Brett McLaughlin
Imprint: Sybex Inc.,U.S.
Country of Publication: United States
Edition: 2nd edition
Dimensions:
Height: 234mm,
Width: 188mm,
Spine: 31mm
Weight: 816g
ISBN: 9781119561552
ISBN 10: 1119561558
Pages: 512
Publication Date: 21 February 2020
Audience:
Professional and scholarly
,
Undergraduate
Replaced By: 9781119813101
Format: Paperback
Publisher's Status: Active
Introduction xxvii Assessment Test xxxiv Part I AWS Fundamentals 1 Chapter 1 Introduction to Systems Operations on AWS 3 The AWS Ecosystem 5 The AWS Services Model 6 The AWS Global Presence 7 AWS Managed Services 8 What is Systems Operations? 14 The AWS Shared Responsibility Model 15 The AWS Service Level Agreement 16 The Seven Domains 16 Working with AWS 17 The AWS Management Console 17 The AWS CLI 19 AWS SDKs 19 Technical Support and Online Resources 19 Support Plans 20 Other Support Resources 20 Key Exam Resources 20 Summary 21 Exam Essentials 21 Review Questions 24 Part II Monitoring and Reporting 29 Chapter 2 Amazon CloudWatch 31 Monitoring on AWS 32 Monitoring is Event-Driven 33 Monitoring is Customizable 34 Monitoring Drives Action 36 Basic CloudWatch Terms and Concepts 36 CloudWatch is Metric- and Event-Based 36 Alarms Indicate Notifiable Change 36 Events and CloudWatch Events are Lower Level 37 CloudWatch Events Has Three Components 37 Choosing Between Alarms and Events 37 What’s in a Namespace? 37 To the 10th Dimension 38 Statistics Aggregate Metrics 38 Monitoring Compute 39 EC2 Instance Metrics 39 EC2 EBS Metrics 40 ECS Metrics 41 Monitoring Storage 41 S3 Metrics 42 RDS Metrics 42 DynamoDB2 Metrics 43 CloudWatch Alarms 44 Create an Alarm Threshold 45 Set Off an Alarm 45 Respond to an Alarm 45 CloudWatch Events 46 Events 46 Rules 46 Targets 47 Summary 47 Resources to Review 48 Exam Essentials 48 Exercises 49 Review Questions 56 Chapter 3 AWS Organizations 61 Managing Multiple Accounts 62 AWS Organizations Consolidates User Management 63 AWS Organizations Consolidates Billing 63 Core AWS Organizations Concepts 64 An Organization is a Collection of Accounts 64 Organizations Have a Master Account 65 Manage Organizational Units Across Accounts 65 Apply Service Control Policies 66 AWS Organizations and Consolidated Billing 68 Compliance Benefits 69 Prefer AWS Organizations Over Tagging 69 Summary 69 Exam Essentials 70 Exercises 70 Review Questions 73 Chapter 4 AWS Config 77 Managing Configuration Changes 78 Continuous Everything 79 On-Premises Solutions 80 Configuration in the Cloud 80 AWS Config Use Cases 81 Centralized Configuration Management 81 Audit Trails 83 Configuration as Security 83 AWS Config Rules and Responses 83 Rules are Desired Configurations 83 A Configuration Item Represents a Specific Configuration 84 Rules are Evaluated 85 AWS Config or AWS CloudTrail? 87 Summary 87 Resources to Review 88 Exam Essentials 88 Exercises 89 Review Questions 96 Chapter 5 AWS CloudTrail 101 API Logs are Trails of Data 102 What Exactly is a Trail? 103 The CloudTrail Process 105 CloudTrail as a Monitoring Tool 106 Viewing CloudTrail Logs 106 Connect a CloudTrail Trail to SNS 107 CloudTrail Handles Permissions…Sometimes 108 Summary 108 Resources to Review 108 Exam Essentials 109 Exercises 109 Review Questions 115 Part III High Availability 119 Chapter 6 Amazon Relational Database Service 121 Creating Databases with Amazon RDS 122 Amazon RDS vs. Your Own Instances 123 Supported Database Engines 125 Database Configuration and Parameter Groups 125 Scalability with Amazon RDS 127 Amazon RDS Key Features 128 Scaling Amazon RDS Instances 128 Backing Up Amazon RDS Instances 128 Securing Amazon RDS Instances 129 Multi-AZ Configuration 129 Creating a Multi-AZ Deployment 129 Failing Over to the Secondary Instance 130 Read Replicas 131 Replication to Read Replicas 131 Connecting to Read Replicas 132 Read Replicas’ Requirements and Limitations 132 Amazon Aurora 132 Aurora Volumes 133 Aurora Replicas 133 Summary 133 Resources to Review 134 Exam Essentials 134 Review Questions 136 Chapter 7 Auto Scaling 141 Auto Scaling Terms and Concepts 142 Auto Scaling Groups 143 Scaling In and Scaling Out 143 Scaling More than EC2 144 Minimums, Maximums, and Desired Capacity 145 Auto Scaling Groups Auto Scale 145 Auto Scaling Instances Must Be Maintained 146 Launch Configurations 147 EC2 Instances are Launch Configuration Templates 147 One Auto Scaling Group Has One Launch Configuration 148 Launch Templates: Versioned Launch Configurations 148 Auto Scaling Strategies 149 Manual Scaling 149 Scheduled Scaling 149 Dynamic Scaling 150 Cooldown Periods 150 Instances Terminate in Order 151 When Auto Scaling Fails 152 Summary 153 Resources to Review 153 Exam Essentials 153 Exercises 154 Review Questions 158 Part IV Deployment and Provisioning 163 Chapter 8 Hubs, Spokes, and Bastion Hosts 165 VPC Peering 166 Understanding the Use Case for Hub-and-Spoke Architecture 168 Using a VPC Peering Connection Across Multiple Regions (Interregion Peering) 169 Bastion Hosts 169 Architecting for Bastion Host Use 170 Options for Bastion Hosts 170 Summary 171 Resources to Review 172 Linux Bastion Hosts on the AWS Cloud: 172 Exam Essentials 172 Exercises 173 Review Questions 183 Chapter 9 AWS Systems Manager 187 AWS Systems Manager 188 Communication with AWS Systems Manager 189 AWS Managed Instances 190 AWS Resource Groups 191 Taking Action with AWS Systems Manager 191 Summary 196 Resources to Review 196 Exam Essentials 197 Exercises 197 Review Questions 205 Part V Storage and Data Management 209 Chapter 10 Amazon Simple Storage Service (S3) 211 Object Storage and Amazon S3 212 What’s in a URL? 214 Availability and Durability 215 S3 Storage Classes 216 Securing and Protecting Data in S3 217 Access Control 217 Versioning 220 Encryption 221 Amazon Glacier 222 Amazon Glacier Deep Archive 223 S3 Lifecycle Management 223 Storage Gateways 224 Summary 225 Resources to Review 225 Exam Essentials 226 Exercises 226 Review Questions 232 Chapter 11 Elastic Block Store (EBS) 237 Understanding Block Storage and EBS 238 Types of EBS Storage 239 EBS vs. Instance Stores 241 Encrypting Your EBS Volumes 242 EBS Snapshots 244 Summary 244 Resources to Review 244 Exam Essentials 245 Exercises 245 Review Questions 248 Chapter 12 Amazon Machine Image (AMI) 253 Amazon Machine Images (AMIs) 254 Accessibility of AMIs 255 AMI Storage 257 AMI Security 258 Launch Permissions 258 Encryption 258 Moving AMIs Between Regions 258 AWS Management Console 259 AWS CLI 259 Common AMI Issues 260 Summary 260 Resources to Review 260 Exam Essentials 261 Exercises 261 Review Questions 264 Part VI Security and Compliance 269 Chapter 13 IAM 271 Shared Responsibility Model: A Cloud Security Primer 272 Building Blocks of IAM 273 Users 273 Groups 274 Roles 274 Policies 275 Managing IAM 278 Managing Passwords 278 Managing Access Keys 279 Securing Your AWS Accounts 281 Protecting the Root Account 281 IAM Best Practices 281 Trusted Advisor 282 Other Identity Services 282 Cognito 282 Federation 283 AWS KMS 283 Summary 283 Resources to Review 284 Exam Essentials 284 Exercises 285 Review Questions 290 Chapter 14 Reporting and Logging 295 Reporting and Monitoring in AWS 296 AWS CloudTrail 296 Applying a Trail to All Regions 298 Management Events 298 Data Events 298 But You Said CloudTrail Was Free… 300 Amazon CloudWatch 300 Amazon CloudWatch Alarms 301 Amazon CloudWatch Logs 302 Amazon CloudWatch Events 303 Amazon CloudWatch Dashboard 303 AWS Config 304 Summary 305 Resources to Review 305 Exam Essentials 306 Exercises 306 Review Questions 311 Chapter 15 Additional Security Tools 315 Amazon Inspector 316 Amazon GuardDuty 318 Summary 320 Resources to Review 320 Exam Essentials 320 Exercises 321 Review Questions 326 Part VII Networking 331 Chapter 16 Virtual Private Cloud 333 Understanding AWS Networking 334 Classless Inter-Domain Routing Refresher 335 Virtual Private Cloud 336 Subnets 337 Route Tables 338 Internet Gateways 339 NAT Gateways and Instances 340 VPC Endpoints 342 Connecting to the Outside 344 Securing Your Network 345 Security Groups 345 Network Access Control Lists 346 Troubleshooting Network Issues 347 VPC Flow Logs 347 Other Resources 348 Summary 348 Resources to Review 349 Exam Essentials 350 Exercises 351 Review Questions 356 Chapter 17 Route 53 361 Domain Name System 362 DNS Records 363 Amazon Route 53 364 Amazon Traffic Flow 366 AWS Private DNS 366 Routing Policies 366 Simple Routing Policy 366 Failover Routing Policy 367 Geolocation Routing Policy 368 Geoproximity Routing Policy 368 Latency Routing Policy 369 Multivalue Answer Routing Policy 369 Weighted Routing Policy 370 Health Checks and Failover 371 Summary 372 Resources to Review 372 Exam Essentials 373 Exercises 373 Review Questions 377 Part VIII Automation and Optimization 381 Chapter 18 CloudFormation 383 An Introduction to IaaS 384 CloudFormation Templates 385 AWSTemplateFormatVersion 385 Description 385 Metadata 386 Parameters 386 Mappings 386 Conditions 387 Transform 388 Resources 388 Outputs 388 Creating and Customizing Your Stacks 389 Parameters 389 Outputs 390 Improving Your Templates 390 Built-in Functions 390 Mapping 391 Pseudo Parameters 392 Issues with CloudFormation Templates 392 Summary 392 Resources to Review 393 Exam Essentials 393 Exercise 394 Review Questions 396 Chapter 19 Elastic Beanstalk 401 What is Elastic Beanstalk? 402 Platforms and Languages 403 Creating a Custom Platform 405 Updates in Elastic Beanstalk 408 All-at-Once Deployment 409 Rolling Deployment 409 Rolling with Additional Batches Deployment 409 Immutable Deployment 409 Testing Your Application with a Blue/Green Deployment 410 Configuring Elastic Beanstalk 410 Securing Elastic Beanstalk 412 Data Protection 412 Identity and Access Management 412 Logging and Monitoring 412 Compliance 412 Resilience 413 Configuration and Vulnerability Analysis 413 Security Best Practices 413 Applying Security Best Practices to Elastic Beanstalk 413 AWS Elastic Beanstalk CLI 414 Troubleshooting Elastic Beanstalk 414 Summary 415 Resources to Review 415 Exam Essentials 416 Exercise 416 Review Questions 418 Appendix Answers to Review Questions 423 Chapter 1: Introduction to Systems Operations on AWS 424 Chapter 2: Amazon CloudWatch 425 Chapter 3: AWS Organizations 427 Chapter 4: AWS Config 429 Chapter 5: AWS CloudTrail 430 Chapter 6: Amazon Relational Database Service 432 Chapter 7: Auto Scaling 434 Chapter 8: Hubs, Spokes, and Bastion Hosts 436 Chapter 9: AWS Systems Manager 437 Chapter 10: Amazon Simple Storage Service (S3) 439 Chapter 11: Elastic Block Store (EBS) 440 Chapter 12: Amazon Machine Image (AMI) 441 Chapter 13: IAM 443 Chapter 14: Reporting and Logging 444 Chapter 15: Additional Security Tools 446 Chapter 16: Virtual Private Cloud 447 Chapter 17: Route 53 449 Chapter 18: CloudFormation 451 Chapter 19: Elastic Beanstalk 452 Index 455
SARA PERROTT is an accredited AWS Academy instructor at Bellevue College where she is an adjunct professor. She works full-time in the cybersecurity field and is passionate about her work. She has an MS in Cybersecurity and Information Assurance and holds several industry certifications such as the CISSP and GCIH, in addition to the AWS Certified Solutions Architect Associate and AWS Certified SysOps Administrator Associate certifications. You can contact Sara via her website at https://www.saraperrott.com. BRETT MCLAUGHLIN currently works in cloud computing, focusing on scalable cloud platforms and staging and distributing petabyte-scale data stores. He is an expert in cloud-based architectures and large data sets and has led projects for NASA and billion-dollar AUM hedge funds. He is currently the CTO for Volusion, as well as an active instructor in the AWS and serverless communities.