Open main menu

File:AWS Solutions Architect Ramp-Up Guide.pdf

As the top certification in 2023, I'm getting my AWS Solutions Architect - Professional certification.

Neil Davis from Digital Cloud Training on top interview questions for Solutions Architect roles
Medium blog post

Amazon has a pretty robust, multi-lingual ecosystem of paid products and services for training, tutorials, and certification. It is somewhat challenging just to get an account created (well, actually you need multiple accounts: one for AWS login and product usage itself (aka the "root user"), and a separate account for their "Skill Builder" (paid) training system. In any case, I enrolled in the Solutions Architect - Knowledge Badge Readiness Path. To actually get certified, you need to create an account and agree to the Certification Program Agreement (CPA) on their "CertMetrics" website.


Key Personal Characteristics

Are you a Solutions Architect, or want to become one? You will need:

  1. Hands-on experience - a Solutions Architect is not an entry-level position. It takes years of experience in the technology sector before you have seen and learned enough lessons to truly become a valuable architect.
  2. Business analysis skills for understanding and interpreting the customer requirements.
  3. Strong interpersonal skills for dealing regularly with various stakeholders - architects don't work in ivory towers.
  4. Broad technology skills - software, hardware, various vendors and so-on
  5. On-premises technology
  6. Other clouds: you can't know just one. You should know AWS, Azure, GCP and perhaps even more cloud operators such as Digital Ocean, Linode, RackSpace or service offerings from giants like IBM/RedHat, Canonical etc.
  7. Core technology skills - Compute, storage, networking, databases
  8. Automation, containers and serverless technologies
  9. Programming or scripting useful

Global

Regions, with discreet Availability Zones for geographic proximity (low latency), and data compliance. Pay attention to costs (which are determined on a local basis) and service availability.

Edge locations are what they call CDNs. CloudFront is their product.

Interacting

  • Management Console The web browser interface to AWS
  • CLI (including cloudshell which is what they call the browser-based CLI)
  • SDKs You can use your favorite programming language to interact with the AWS Service APIs

Security

"Shared Responsibility Model" = AWS is responsible for security of the cloud. The customer is responsible for security in the cloud. Specifically, in the use-case of a VM in EC2, AWS will provide security up to the level of the hypervisor. You provide security in terms of OS patches, application and service configuration; and access control to services and data.

Always enable MFA for the "root" user account.

AWS Identity and Access Management

Identity and Access Management (IAM) Identity Center (formerly called Single Sign-on) is an OIDC-capable authentication service similar to Microsoft Active Directory. It is enabled by default for a single account (with minor restrictions). For enterprises, setup your organization first, then enable IC. Using IC, an enterprise can leverage their per-existing (Microsoft Azure Active Directory) Identity and Access Control infrastructure in a federated way. Security Best Practices in IAM Of course, IAM IC is available for use in your CloudFormation templates

EC2

Amazon's original 'compute' service, Elastic Compute Cloud or EC2 offers Virtual Machines (VMs); and now also offers containerized (e.g. Docker) and serverless (e.g. Fargate) options in addition to traditional Virtual Machines. A large aspect of the complexity of AWS can be attributed to the sheer number and variations of EC2 Instance types and sizes. It is every bit as complex as choosing hardware from a traditional hardware vendor.

There are multiple purchase models. If you thought that "buy or lease" was a tough comparison for buying a car, wait 'til you see all the purchase models for AWS. For pricing assistance, there are various AWS services that analyze your spend[1] There is the pricing calculator

"Free" is listed everywhere, but realistically there is nothing that you can do on a t2.micro (free) instance (unless you're trying to create a "Raspberry Pi in the sky"). To launch a true minimal Linux host, with 8GB of RAM, you're looking at $65 dollars/month PLUS storage costs (S3 + EBS) whereas you can get the same at Digital Ocean for around $30/month.

Containers

ECS

Docker offerings at AWS

EKS

Kubernetes offerings at AWS

Fargate

Fargate is a serverless architecture for running 'tasks' on the ECS platform. Customer profiles "this is my architecture"

Lambda

AWS Lambda is akin to the 'entrypoint' script of a docker container. It's a function (or program) that can run independently of any hardware via an event trigger. For event-driven architectures it can be useful to have such capabilities. For instance, if we have a video website (e.g. YouTube) and we need to transcode new uploads, that transcoding is a one-time process triggered each time a user uploads a new source video. Another example would be to decouple image resizing from image uploading.

Free Software alternatives

Any Solutions Architect with credibility is going to acknowledge that the giants of proprietary software solutions have built their empires on the backs of Free Software. But the product offerings have grown like weeds in a garden, so it can be hard to distinguish the original crop. What solutions or equivalents exist?

Cloud Provider Alternatives

For specific needs, there are sometimes niche vendors that offer a more attractive proposition. https://www.websiteplanet.com/blog/aws-alternatives/ lists alternatives such as Digital Ocean, Kamatera, LiquidWeb and Cloudways if all you really need is

Links

AWS is so large, here's a short list of the most relevant links

  1. https://docs.aws.amazon.com/
  2. https://www.youtube.com/@awsdevelopers
    1. A bill so complicated, that you need to pay to figure it out.. using Artificial Intelligence