Difference between revisions of "AWS Solutions Architect"
(Add more front-matter) |
(add IAM and EC2) |
||
Line 1: | Line 1: | ||
− | [[File:AWS Solutions Architect Ramp-Up Guide.pdf|page=1|600px]] | + | [[File:AWS Solutions Architect Ramp-Up Guide.pdf|page=1|600px|link=Special:FilePath/AWS_Solutions_Architect_Ramp-Up_Guide.pdf]] |
As the top certification in 2023, I'm getting my AWS Solutions Architect - Professional certification. | As the top certification in 2023, I'm getting my AWS Solutions Architect - Professional certification. | ||
Line 11: | Line 11: | ||
− | == Key Personal Characteristics == | + | ==Key Personal Characteristics== |
Are you a Solutions Architect, or want to become one? | Are you a Solutions Architect, or want to become one? | ||
You will need: | You will need: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | == Global == | + | #Hands-on experience - a Solutions Architect is not an entry-level position. It takes years of experience in the technology sector before you have seen and learned enough lessons to truly become a valuable architect. |
+ | #Business analysis skills for understanding and interpreting the customer requirements. | ||
+ | #Strong interpersonal skills for dealing regularly with various stakeholders - architects don't work in ivory towers. | ||
+ | #Broad technology skills - software, hardware, various vendors and so-on | ||
+ | #On-premises technology | ||
+ | #Other clouds: you can't know just one. You should know AWS, Azure, GCP and perhaps even more cloud operators such as Digital Ocean, Linode, RackSpace or service offerings from giants like IBM/RedHat, Canonical etc. | ||
+ | #Core technology skills - Compute, storage, networking, databases | ||
+ | #Automation, containers and serverless technologies | ||
+ | #Programming or scripting useful | ||
+ | |||
+ | ==Global== | ||
[https://aws.amazon.com/about-aws/global-infrastructure/regions_az/ Regions, with discreet Availability Zones] for geographic proximity (low latency), and data compliance. Pay attention to costs (which are determined on a local basis) and service availability. | [https://aws.amazon.com/about-aws/global-infrastructure/regions_az/ Regions, with discreet Availability Zones] for geographic proximity (low latency), and data compliance. Pay attention to costs (which are determined on a local basis) and service availability. | ||
'''Edge''' locations are what they call CDNs. [https://aws.amazon.com/cloudfront/features/ CloudFront] is their product. | '''Edge''' locations are what they call CDNs. [https://aws.amazon.com/cloudfront/features/ CloudFront] is their product. | ||
− | == Interacting == | + | ==Interacting== |
− | |||
− | |||
− | |||
− | == Security == | + | *[https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/learn-whats-new.html Management Console] The web browser interface to AWS |
+ | *[https://aws.amazon.com/cli/ CLI] (including cloudshell which is what they call the browser-based CLI) | ||
+ | *[https://aws.amazon.com/developer/tools/ SDKs] You can use your favorite programming language to interact with the AWS Service APIs | ||
+ | |||
+ | ==Security== | ||
"[https://aws.amazon.com/compliance/shared-responsibility-model/ Shared Responsibility Model]" = AWS is responsible for security '''of''' the cloud. The customer is responsible for security '''in''' the cloud. Specifically, in the use-case of a VM in EC2, AWS will provide security up to the level of the hypervisor. You provide security in terms of OS patches, application and service configuration; and access control to services and data. | "[https://aws.amazon.com/compliance/shared-responsibility-model/ Shared Responsibility Model]" = AWS is responsible for security '''of''' the cloud. The customer is responsible for security '''in''' the cloud. Specifically, in the use-case of a VM in EC2, AWS will provide security up to the level of the hypervisor. You provide security in terms of OS patches, application and service configuration; and access control to services and data. | ||
− | == Free Software alternatives == | + | Always enable MFA for the "root" user account. |
+ | |||
+ | == AWS Identity and Access Management == | ||
+ | Identity and Access Management (IAM) '''Identity Center''' (formerly called Single Sign-on) is an [[:en:OpenID#OpenID_Connect_(OIDC)|OIDC-capable]] authentication service similar to Microsoft Active Directory. It is enabled by default for a single account (with minor restrictions). For enterprises, setup your organization first, then enable IC. Using IC, an enterprise can leverage their per-existing (Microsoft Azure Active Directory) Identity and Access Control infrastructure in a federated way. [https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html Security Best Practices in IAM] Of course, IAM IC is available for use in your [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html CloudFormation templates] | ||
+ | |||
+ | == EC2 == | ||
+ | Amazon's original 'compute' service, [https://aws.amazon.com/ec2/ EC2] offers Virtual Machines (VMs); and now also offers containerized (e.g. [[Docker]]) and serverless (e.g. Fargate) options in addition to traditional [[Virtualization|Virtual Machines]]. A large aspect of the complexity of AWS can be attributed to the sheer number and variations of EC2 Instance types and sizes. It is every bit as complex as choosing hardware from a traditional hardware vendor. | ||
+ | |||
+ | ==Free Software alternatives== | ||
Any Solutions Architect with credibility is going to acknowledge that the giants of proprietary software solutions have built their empires on the backs of Free Software. But the product offerings have grown like weeds in a garden, so it can be hard to distinguish the original crop. What solutions or equivalents exist? | Any Solutions Architect with credibility is going to acknowledge that the giants of proprietary software solutions have built their empires on the backs of Free Software. But the product offerings have grown like weeds in a garden, so it can be hard to distinguish the original crop. What solutions or equivalents exist? | ||
− | === Cloud Provider Alternatives === | + | ===Cloud Provider Alternatives=== |
For specific needs, there are sometimes niche vendors that offer a more attractive proposition. https://www.websiteplanet.com/blog/aws-alternatives/ lists alternatives such as Digital Ocean, Kamatera, LiquidWeb and Cloudways if all you really need is | For specific needs, there are sometimes niche vendors that offer a more attractive proposition. https://www.websiteplanet.com/blog/aws-alternatives/ lists alternatives such as Digital Ocean, Kamatera, LiquidWeb and Cloudways if all you really need is | ||
− | == Links == | + | ==Links== |
AWS is so large, here's a short list of the most relevant links | AWS is so large, here's a short list of the most relevant links | ||
− | # https://docs.aws.amazon.com/ | + | |
+ | #https://docs.aws.amazon.com/ | ||
[[Category:Cloud]] | [[Category:Cloud]] | ||
[[Category:System Architecture]] | [[Category:System Architecture]] | ||
[[Category:AWS]] | [[Category:AWS]] |
Revision as of 21:52, 29 January 2024
File:AWS Solutions Architect Ramp-Up Guide.pdf
As the top certification in 2023, I'm getting my AWS Solutions Architect - Professional certification.
Amazon has a pretty robust, multi-lingual ecosystem of paid products and services for training, tutorials, and certification. It is somewhat challenging just to get an account created (well, actually you need multiple accounts: one for AWS login and product usage itself (aka the "root user"), and a separate account for their "Skill Builder" (paid) training system. In any case, I enrolled in the Solutions Architect - Knowledge Badge Readiness Path. To actually get certified, you need to create an account and agree to the Certification Program Agreement (CPA) on their "CertMetrics" website.
Jeff Bezos wants $300 for an annual subscription to access some of the premium content in their learning catalog. On top of that, some of their courses are taught by 3rd party training companies that charge $2,000 or more for a 3-day course. |
Contents
Key Personal Characteristics[edit | edit source]
Are you a Solutions Architect, or want to become one? You will need:
- Hands-on experience - a Solutions Architect is not an entry-level position. It takes years of experience in the technology sector before you have seen and learned enough lessons to truly become a valuable architect.
- Business analysis skills for understanding and interpreting the customer requirements.
- Strong interpersonal skills for dealing regularly with various stakeholders - architects don't work in ivory towers.
- Broad technology skills - software, hardware, various vendors and so-on
- On-premises technology
- Other clouds: you can't know just one. You should know AWS, Azure, GCP and perhaps even more cloud operators such as Digital Ocean, Linode, RackSpace or service offerings from giants like IBM/RedHat, Canonical etc.
- Core technology skills - Compute, storage, networking, databases
- Automation, containers and serverless technologies
- Programming or scripting useful
Global[edit | edit source]
Regions, with discreet Availability Zones for geographic proximity (low latency), and data compliance. Pay attention to costs (which are determined on a local basis) and service availability.
Edge locations are what they call CDNs. CloudFront is their product.
Interacting[edit | edit source]
- Management Console The web browser interface to AWS
- CLI (including cloudshell which is what they call the browser-based CLI)
- SDKs You can use your favorite programming language to interact with the AWS Service APIs
Security[edit | edit source]
"Shared Responsibility Model" = AWS is responsible for security of the cloud. The customer is responsible for security in the cloud. Specifically, in the use-case of a VM in EC2, AWS will provide security up to the level of the hypervisor. You provide security in terms of OS patches, application and service configuration; and access control to services and data.
Always enable MFA for the "root" user account.
AWS Identity and Access Management[edit | edit source]
Identity and Access Management (IAM) Identity Center (formerly called Single Sign-on) is an OIDC-capable authentication service similar to Microsoft Active Directory. It is enabled by default for a single account (with minor restrictions). For enterprises, setup your organization first, then enable IC. Using IC, an enterprise can leverage their per-existing (Microsoft Azure Active Directory) Identity and Access Control infrastructure in a federated way. Security Best Practices in IAM Of course, IAM IC is available for use in your CloudFormation templates
EC2[edit | edit source]
Amazon's original 'compute' service, EC2 offers Virtual Machines (VMs); and now also offers containerized (e.g. Docker) and serverless (e.g. Fargate) options in addition to traditional Virtual Machines. A large aspect of the complexity of AWS can be attributed to the sheer number and variations of EC2 Instance types and sizes. It is every bit as complex as choosing hardware from a traditional hardware vendor.
Free Software alternatives[edit | edit source]
Any Solutions Architect with credibility is going to acknowledge that the giants of proprietary software solutions have built their empires on the backs of Free Software. But the product offerings have grown like weeds in a garden, so it can be hard to distinguish the original crop. What solutions or equivalents exist?
Cloud Provider Alternatives[edit | edit source]
For specific needs, there are sometimes niche vendors that offer a more attractive proposition. https://www.websiteplanet.com/blog/aws-alternatives/ lists alternatives such as Digital Ocean, Kamatera, LiquidWeb and Cloudways if all you really need is
Links[edit | edit source]
AWS is so large, here's a short list of the most relevant links