Difference between revisions of "AWS Solutions Architect"

From Freephile Wiki
Jump to navigation Jump to search
m
 
Line 5: Line 5:
 
But how do you do that? How did I do it? I'll answer those questions and more here - with high-level notes along the way as a future refresher or reference.
 
But how do you do that? How did I do it? I'll answer those questions and more here - with high-level notes along the way as a future refresher or reference.
  
== Where do you get training? ==
+
==Where do you get training?==
 
{{#ev:youtube|vf9xTPtxtmQ|720|right|Neil Davis from Digital Cloud Training on top interview questions for Solutions Architect roles<br>[https://neal-davis.medium.com/top-20-aws-solutions-architect-interview-questions-f838553395cf Medium blog post] |frame}}
 
{{#ev:youtube|vf9xTPtxtmQ|720|right|Neil Davis from Digital Cloud Training on top interview questions for Solutions Architect roles<br>[https://neal-davis.medium.com/top-20-aws-solutions-architect-interview-questions-f838553395cf Medium blog post] |frame}}
  
Line 13: Line 13:
  
 
{{Ambox|
 
{{Ambox|
|text=Jeff Bezos wants $300 for an annual subscription to access some of the premium content in their learning catalog. On top of that, some of their courses are taught by 3rd party training companies that charge $2,000 or more for a 3-day course. '''For the biggest value, take the Udemy video training course by Neal Davis''' - which can be bought for $15}}
+
|text=Jeff Bezos wants $300 for an annual subscription to access some of the premium content in their learning catalog. On top of that, some of their courses are taught by 3rd party training companies that charge $2,000 or more for a 3-day course. '''For the biggest value, take the Udemy video [https://digitalcloud.training/aws-solutions-architect-professional/ training course by Neal Davis]''' - which can be bought for $15}}
  
== How do you get certified? ==
+
==How do you get certified?==
 
To actually get certified, you need to create an account and agree to the Certification Program Agreement (CPA) on their "[https://cp.certmetrics.com/amazon/en/home/dashboard CertMetrics]" website.  
 
To actually get certified, you need to create an account and agree to the Certification Program Agreement (CPA) on their "[https://cp.certmetrics.com/amazon/en/home/dashboard CertMetrics]" website.  
  
== When am I done? ==
+
==When am I done?==
 
While most people will think that a Solutions Architect's job is to determine the "perfect" solution given a set of requirements, the reality is that it's not a static thing. The solution must evolve over time and be refined in operation, not just drawn up in development or prototyping. You should always perform some sort of process improvement such as Deming's PDCA in your implementations so that you can tell that you're [https://www.youtube.com/watch?v=gjNPpjYNiow Well Architected] So, the job of the Solution Architect is never done, and the training and re-certification is also a continuous process.
 
While most people will think that a Solutions Architect's job is to determine the "perfect" solution given a set of requirements, the reality is that it's not a static thing. The solution must evolve over time and be refined in operation, not just drawn up in development or prototyping. You should always perform some sort of process improvement such as Deming's PDCA in your implementations so that you can tell that you're [https://www.youtube.com/watch?v=gjNPpjYNiow Well Architected] So, the job of the Solution Architect is never done, and the training and re-certification is also a continuous process.
 
==Key Personal Characteristics==
 
==Key Personal Characteristics==
Line 78: Line 78:
 
AWS Lambda is akin to the 'entrypoint' script of a docker container. It's a function (or program) that can run independently of any hardware (so "serverless") via an event trigger.  For event-driven architectures it can be useful to have such capabilities. For instance, if we have a video website (e.g. YouTube) and we need to transcode new uploads, that transcoding is a one-time process triggered each time a user uploads a new source video. Another example would be to decouple [https://aws.amazon.com/blogs/compute/resize-images-on-the-fly-with-amazon-s3-aws-lambda-and-amazon-api-gateway/ image resizing] from image uploading.
 
AWS Lambda is akin to the 'entrypoint' script of a docker container. It's a function (or program) that can run independently of any hardware (so "serverless") via an event trigger.  For event-driven architectures it can be useful to have such capabilities. For instance, if we have a video website (e.g. YouTube) and we need to transcode new uploads, that transcoding is a one-time process triggered each time a user uploads a new source video. Another example would be to decouple [https://aws.amazon.com/blogs/compute/resize-images-on-the-fly-with-amazon-s3-aws-lambda-and-amazon-api-gateway/ image resizing] from image uploading.
  
== Networking ==
+
==Networking==
  
== VPC ==
+
==VPC==
 
Virtual Private Cloud or VPC is one of the main networking products at AWS. For each VPC, you establish Subnets, the Routing Tables and Security Groups.
 
Virtual Private Cloud or VPC is one of the main networking products at AWS. For each VPC, you establish Subnets, the Routing Tables and Security Groups.
  
 
For the VPC you need:
 
For the VPC you need:
  
# Name of the VPC
+
#Name of the VPC
# Region where the VPC will live - A VPC spans all the Availability Zones within the selected Region.
+
#Region where the VPC will live - A VPC spans all the Availability Zones within the selected Region.
# IP range for the VPC in CIDR notation - This determines the size of your network. Each VPC can have up to five CIDRs: one primary and four secondaries for IPv4. Each of these ranges can be between /28 (in CIDR notation) and /16 in size.
+
#IP range for the VPC in CIDR notation - This determines the size of your network. Each VPC can have up to five CIDRs: one primary and four secondaries for IPv4. Each of these ranges can be between /28 (in CIDR notation) and /16 in size.
  
 
After you create your VPC, you must create subnets inside the network. Subnets are similar to virtual local area networks (VLANs) in a traditional, on-premises network. When you launch an EC2 instance, you launch it inside a subnet, which will be located inside the Availability Zone that you choose.
 
After you create your VPC, you must create subnets inside the network. Subnets are similar to virtual local area networks (VLANs) in a traditional, on-premises network. When you launch an EC2 instance, you launch it inside a subnet, which will be located inside the Availability Zone that you choose.

Latest revision as of 18:55, 7 February 2024

File:AWS Solutions Architect Ramp-Up Guide.pdf

As the top certification in 2023, I'm getting my AWS Solutions Architect - Professional certification.

But how do you do that? How did I do it? I'll answer those questions and more here - with high-level notes along the way as a future refresher or reference.

Where do you get training?[edit | edit source]

Neil Davis from Digital Cloud Training on top interview questions for Solutions Architect roles
Medium blog post

Amazon has a pretty robust, multi-lingual ecosystem of paid products and services for training, tutorials, and certification. They've created a separate system called "Skill Builder" to sell training as opposed to providing comprehensive and free documentation. If you're tempted to just create a 'free tier' AWS account and dive right in, that won't work. You need multiple accounts: one for AWS login and product usage itself (aka the "root user"), and a separate account for their Skill Builder (paid) training system.

I enrolled in the (no cost) Solutions Architect - Knowledge Badge Readiness Path, but the content is barely more than marketing material. And, perhaps 50% of the Skill Builder content (the non-fluff stuff) is paid content. I think you're better off going with independent 3rd-party training courses.

How do you get certified?[edit | edit source]

To actually get certified, you need to create an account and agree to the Certification Program Agreement (CPA) on their "CertMetrics" website.

When am I done?[edit | edit source]

While most people will think that a Solutions Architect's job is to determine the "perfect" solution given a set of requirements, the reality is that it's not a static thing. The solution must evolve over time and be refined in operation, not just drawn up in development or prototyping. You should always perform some sort of process improvement such as Deming's PDCA in your implementations so that you can tell that you're Well Architected So, the job of the Solution Architect is never done, and the training and re-certification is also a continuous process.

Key Personal Characteristics[edit | edit source]

Are you a Solutions Architect, or want to become one?

You will need:

  1. Hands-on experience - a Solutions Architect is not an entry-level position. It takes years of experience in the technology sector before you have seen and learned enough lessons to truly become a valuable architect.
  2. Business analysis skills for understanding and interpreting the customer requirements.
  3. Strong interpersonal skills for dealing regularly with various stakeholders - architects don't work in ivory towers.
  4. Broad technology skills - software, hardware, various vendors and so-on.
  5. On-premises technology - you can't architect Cloud solutions without knowledge of the physical underpinnings and classic alternatives; plus hybrid or integrations with traditional IT infrastructure.
  6. Other clouds: you can't know just one. You should know AWS, Azure, GCP and perhaps even more cloud operators such as Digital Ocean, Linode, RackSpace or service offerings from giants like IBM/RedHat, Canonical etc.
  7. Core technology skills - you must have a solid base in compute, storage, networking, and database technologies so that you can easily work with higher-level abstractions and state of the art technologies that build on or reinvent these core skills.
  8. Automation, containers and serverless technologies
  9. Programming or scripting useful

Global[edit | edit source]

Regions, with discreet Availability Zones for geographic proximity (low latency), and data compliance. Pay attention to costs (which are determined on a local basis) and service availability.

Edge locations are what they call CDNs. CloudFront is their product.

Interacting[edit | edit source]

  • Management Console The web browser interface to AWS
  • CLI (including cloudshell which is what they call the browser-based CLI)
  • SDKs You can use your favorite programming language to interact with the AWS Service APIs

Security[edit | edit source]

"Shared Responsibility Model" = AWS is responsible for security of the cloud. The customer is responsible for security in the cloud. Specifically, in the use-case of a VM in EC2, AWS will provide security up to the level of the hypervisor. You provide security in terms of OS patches, application and service configuration; and access control to services and data.

Always enable MFA for the "root" user account.

AWS Identity and Access Management[edit | edit source]

Identity and Access Management (IAM) Identity Center (formerly called Single Sign-on) is an OIDC-capable authentication service similar to Microsoft Active Directory. It is enabled by default for a single account (with minor restrictions). For enterprises, setup your organization first, then enable IC. Using IC, an enterprise can leverage their per-existing (Microsoft Azure Active Directory) Identity and Access Control infrastructure in a federated way. Security Best Practices in IAM Of course, IAM IC is available for use in your CloudFormation templates

EC2[edit | edit source]

Amazon's original 'compute' service, Elastic Compute Cloud or EC2 offers Virtual Machines (VMs); and now also offers containerized (e.g. Docker) and serverless (e.g. Fargate) options in addition to traditional Virtual Machines. A large aspect of the complexity of AWS can be attributed to the sheer number and variations of EC2 Instance types and sizes. It is every bit as complex as choosing hardware from a traditional hardware vendor.

There are multiple purchase models. If you thought that "buy or lease" was a tough comparison for buying a car, wait 'til you see all the purchase models for AWS. For pricing assistance, there are various AWS services that analyze your spend[1] There is the pricing calculator

"Free" is listed everywhere, but realistically there is nothing that you can do on a t2.micro (free) instance (unless you're trying to create a "Raspberry Pi in the sky"). To launch a true minimal Linux host, with 8GB of RAM, you're looking at $65 dollars/month PLUS storage costs (S3 + EBS) whereas you can get the same at Digital Ocean for around $30/month.

Containers[edit | edit source]

AWS offers a "Public Gallery" of Docker images for their ECR service. For example, they have this MediaWiki image https://gallery.ecr.aws/docker/library/mediawiki

I would always use the 'standard' images from Docker Hub (https://hub.docker.com/_/mediawiki) which receive from the 'official' WMF Image Repository https://docker-registry.wikimedia.org/ [2] and operations [3][4].

ECS[edit | edit source]

Docker offerings at AWS

EKS[edit | edit source]

Kubernetes offerings at AWS

Fargate[edit | edit source]

Fargate is a serverless architecture for running 'tasks' on the ECS platform. Customer profiles "this is my architecture"

Lambda[edit | edit source]

AWS Lambda is akin to the 'entrypoint' script of a docker container. It's a function (or program) that can run independently of any hardware (so "serverless") via an event trigger. For event-driven architectures it can be useful to have such capabilities. For instance, if we have a video website (e.g. YouTube) and we need to transcode new uploads, that transcoding is a one-time process triggered each time a user uploads a new source video. Another example would be to decouple image resizing from image uploading.

Networking[edit | edit source]

VPC[edit | edit source]

Virtual Private Cloud or VPC is one of the main networking products at AWS. For each VPC, you establish Subnets, the Routing Tables and Security Groups.

For the VPC you need:

  1. Name of the VPC
  2. Region where the VPC will live - A VPC spans all the Availability Zones within the selected Region.
  3. IP range for the VPC in CIDR notation - This determines the size of your network. Each VPC can have up to five CIDRs: one primary and four secondaries for IPv4. Each of these ranges can be between /28 (in CIDR notation) and /16 in size.

After you create your VPC, you must create subnets inside the network. Subnets are similar to virtual local area networks (VLANs) in a traditional, on-premises network. When you launch an EC2 instance, you launch it inside a subnet, which will be located inside the Availability Zone that you choose.

Free Software alternatives[edit | edit source]

Any Solutions Architect with credibility is going to acknowledge that the giants of proprietary software solutions have built their empires on the backs of Free Software. But the product offerings have grown like weeds in a garden, so it can be hard to distinguish the original crop. What solutions or equivalents exist?

Cloud Computing Platforms[edit | edit source]

The OpenStack platform was started by RackSpace and NASA and is a free, open standard cloud computing platform. The March 2023 release included 41 services.

Cloud Provider Alternatives[edit | edit source]

For specific needs, there are sometimes niche vendors that offer a more attractive proposition. https://www.websiteplanet.com/blog/aws-alternatives/ lists alternatives such as Digital Ocean, Kamatera, LiquidWeb and Cloudways if all you really need is a web host or routine solutions.

Links[edit | edit source]

AWS is so large, here's a short list of the most relevant links

  1. https://docs.aws.amazon.com/
  2. https://www.youtube.com/@awsdevelopers
  3. https://github.com/awslabs



References[edit source]