AWS Solutions Architect
File:AWS Solutions Architect Ramp-Up Guide.pdf
As the top certification in 2023, I'm getting my AWS Solutions Architect - Professional certification.
Amazon has a pretty robust, multi-lingual ecosystem of paid products and services for training, tutorials, and certification. It is somewhat challenging just to get an account created (well, actually you need multiple accounts: one for AWS login and product usage itself (aka the "root user"), and a separate account for their "Skill Builder" (paid) training system. In any case, I enrolled in the Solutions Architect - Knowledge Badge Readiness Path. To actually get certified, you need to create an account and agree to the Certification Program Agreement (CPA) on their "CertMetrics" website.
Jeff Bezos wants $300 for an annual subscription to access some of the premium content in their learning catalog. On top of that, some of their courses are taught by 3rd party training companies that charge $2,000 or more for a 3-day course. |
Contents
Key Personal Characteristics
Are you a Solutions Architect, or want to become one? You will need:
- Hands-on experience - a Solutions Architect is not an entry-level position. It takes years of experience in the technology sector before you have seen and learned enough lessons to truly become a valuable architect.
- Business analysis skills for understanding and interpreting the customer requirements.
- Strong interpersonal skills for dealing regularly with various stakeholders - architects don't work in ivory towers.
- Broad technology skills - software, hardware, various vendors and so-on
- On-premises technology
- Other clouds: you can't know just one. You should know AWS, Azure, GCP and perhaps even more cloud operators such as Digital Ocean, Linode, RackSpace or service offerings from giants like IBM/RedHat, Canonical etc.
- Core technology skills - Compute, storage, networking, databases
- Automation, containers and serverless technologies
- Programming or scripting useful
Global
Regions, with discreet Availability Zones for geographic proximity (low latency), and data compliance. Pay attention to costs (which are determined on a local basis) and service availability.
Edge locations are what they call CDNs. CloudFront is their product.
Interacting
- Management Console The web browser interface to AWS
- CLI (including cloudshell which is what they call the browser-based CLI)
- SDKs You can use your favorite programming language to interact with the AWS Service APIs
Security
"Shared Responsibility Model" = AWS is responsible for security of the cloud. The customer is responsible for security in the cloud. Specifically, in the use-case of a VM in EC2, AWS will provide security up to the level of the hypervisor. You provide security in terms of OS patches, application and service configuration; and access control to services and data.
Always enable MFA for the "root" user account.
AWS Identity and Access Management
Identity and Access Management (IAM) Identity Center (formerly called Single Sign-on) is an OIDC-capable authentication service similar to Microsoft Active Directory. It is enabled by default for a single account (with minor restrictions). For enterprises, setup your organization first, then enable IC. Using IC, an enterprise can leverage their per-existing (Microsoft Azure Active Directory) Identity and Access Control infrastructure in a federated way. Security Best Practices in IAM Of course, IAM IC is available for use in your CloudFormation templates
EC2
Amazon's original 'compute' service, EC2 offers Virtual Machines (VMs); and now also offers containerized (e.g. Docker) and serverless (e.g. Fargate) options in addition to traditional Virtual Machines. A large aspect of the complexity of AWS can be attributed to the sheer number and variations of EC2 Instance types and sizes. It is every bit as complex as choosing hardware from a traditional hardware vendor.
Free Software alternatives
Any Solutions Architect with credibility is going to acknowledge that the giants of proprietary software solutions have built their empires on the backs of Free Software. But the product offerings have grown like weeds in a garden, so it can be hard to distinguish the original crop. What solutions or equivalents exist?
Cloud Provider Alternatives
For specific needs, there are sometimes niche vendors that offer a more attractive proposition. https://www.websiteplanet.com/blog/aws-alternatives/ lists alternatives such as Digital Ocean, Kamatera, LiquidWeb and Cloudways if all you really need is
Links
AWS is so large, here's a short list of the most relevant links