AWS Solutions Architect
File:AWS Solutions Architect Ramp-Up Guide.pdf
As the top certification in 2023, I'm getting my AWS Solutions Architect - Professional certification.
But how do you do that? How did I do it? I'll answer those questions and more here - with high-level notes along the way as a future refresher or reference.
Contents
Where do you get training?
Amazon has a pretty robust, multi-lingual ecosystem of paid products and services for training, tutorials, and certification. They've created a separate system called "Skill Builder" to sell training as opposed to providing comprehensive and free documentation. If you're tempted to just create a 'free tier' AWS account and dive right in, that won't work. You need multiple accounts: one for AWS login and product usage itself (aka the "root user"), and a separate account for their Skill Builder (paid) training system.
I enrolled in the (no cost) Solutions Architect - Knowledge Badge Readiness Path, but the content is barely more than marketing material. And, perhaps 50% of the Skill Builder content (the non-fluff stuff) is paid content. I think you're better off going with independent 3rd-party training courses.
Jeff Bezos wants $300 for an annual subscription to access some of the premium content in their learning catalog. On top of that, some of their courses are taught by 3rd party training companies that charge $2,000 or more for a 3-day course. For the biggest value, take the Udemy video training course by Neal Davis - which can be bought for $15 |
How do you get certified?
To actually get certified, you need to create an account and agree to the Certification Program Agreement (CPA) on their "CertMetrics" website.
When am I done?
While most people will think that a Solutions Architect's job is to determine the "perfect" solution given a set of requirements, the reality is that it's not a static thing. The solution must evolve over time and be refined in operation, not just drawn up in development or prototyping. You should always perform some sort of process improvement such as Deming's PDCA in your implementations so that you can tell that you're Well Architected So, the job of the Solution Architect is never done, and the training and re-certification is also a continuous process.
Key Personal Characteristics
Are you a Solutions Architect, or want to become one?
You will need:
- Hands-on experience - a Solutions Architect is not an entry-level position. It takes years of experience in the technology sector before you have seen and learned enough lessons to truly become a valuable architect.
- Business analysis skills for understanding and interpreting the customer requirements.
- Strong interpersonal skills for dealing regularly with various stakeholders - architects don't work in ivory towers.
- Broad technology skills - software, hardware, various vendors and so-on.
- On-premises technology - you can't architect Cloud solutions without knowledge of the physical underpinnings and classic alternatives; plus hybrid or integrations with traditional IT infrastructure.
- Other clouds: you can't know just one. You should know AWS, Azure, GCP and perhaps even more cloud operators such as Digital Ocean, Linode, RackSpace or service offerings from giants like IBM/RedHat, Canonical etc.
- Core technology skills - you must have a solid base in compute, storage, networking, and database technologies so that you can easily work with higher-level abstractions and state of the art technologies that build on or reinvent these core skills.
- Automation, containers and serverless technologies
- Programming or scripting useful
Global
Regions, with discreet Availability Zones for geographic proximity (low latency), and data compliance. Pay attention to costs (which are determined on a local basis) and service availability.
Edge locations are what they call CDNs. CloudFront is their product.
Interacting
- Management Console The web browser interface to AWS
- CLI (including cloudshell which is what they call the browser-based CLI)
- SDKs You can use your favorite programming language to interact with the AWS Service APIs
Security
"Shared Responsibility Model" = AWS is responsible for security of the cloud. The customer is responsible for security in the cloud. Specifically, in the use-case of a VM in EC2, AWS will provide security up to the level of the hypervisor. You provide security in terms of OS patches, application and service configuration; and access control to services and data.
Always enable MFA for the "root" user account.
AWS Identity and Access Management
Identity and Access Management (IAM) Identity Center (formerly called Single Sign-on) is an OIDC-capable authentication service similar to Microsoft Active Directory. It is enabled by default for a single account (with minor restrictions). For enterprises, setup your organization first, then enable IC. Using IC, an enterprise can leverage their per-existing (Microsoft Azure Active Directory) Identity and Access Control infrastructure in a federated way. Security Best Practices in IAM Of course, IAM IC is available for use in your CloudFormation templates
EC2
Amazon's original 'compute' service, Elastic Compute Cloud or EC2 offers Virtual Machines (VMs); and now also offers containerized (e.g. Docker) and serverless (e.g. Fargate) options in addition to traditional Virtual Machines. A large aspect of the complexity of AWS can be attributed to the sheer number and variations of EC2 Instance types and sizes. It is every bit as complex as choosing hardware from a traditional hardware vendor.
There are multiple purchase models. If you thought that "buy or lease" was a tough comparison for buying a car, wait 'til you see all the purchase models for AWS. For pricing assistance, there are various AWS services that analyze your spend[1] There is the pricing calculator
"Free" is listed everywhere, but realistically there is nothing that you can do on a t2.micro (free) instance (unless you're trying to create a "Raspberry Pi in the sky"). To launch a true minimal Linux host, with 8GB of RAM, you're looking at $65 dollars/month PLUS storage costs (S3 + EBS) whereas you can get the same at Digital Ocean for around $30/month.
Containers
ECS
Docker offerings at AWS
EKS
Kubernetes offerings at AWS
Fargate
Fargate is a serverless architecture for running 'tasks' on the ECS platform. Customer profiles "this is my architecture"
Lambda
AWS Lambda is akin to the 'entrypoint' script of a docker container. It's a function (or program) that can run independently of any hardware (so "serverless") via an event trigger. For event-driven architectures it can be useful to have such capabilities. For instance, if we have a video website (e.g. YouTube) and we need to transcode new uploads, that transcoding is a one-time process triggered each time a user uploads a new source video. Another example would be to decouple image resizing from image uploading.
Networking
VPC
Virtual Private Cloud or VPC is one of the main networking products at AWS. For each VPC, you establish Subnets, the Routing Tables and Security Groups.
For the VPC you need:
- Name of the VPC
- Region where the VPC will live - A VPC spans all the Availability Zones within the selected Region.
- IP range for the VPC in CIDR notation - This determines the size of your network. Each VPC can have up to five CIDRs: one primary and four secondaries for IPv4. Each of these ranges can be between /28 (in CIDR notation) and /16 in size.
After you create your VPC, you must create subnets inside the network. Subnets are similar to virtual local area networks (VLANs) in a traditional, on-premises network. When you launch an EC2 instance, you launch it inside a subnet, which will be located inside the Availability Zone that you choose.
Free Software alternatives
Any Solutions Architect with credibility is going to acknowledge that the giants of proprietary software solutions have built their empires on the backs of Free Software. But the product offerings have grown like weeds in a garden, so it can be hard to distinguish the original crop. What solutions or equivalents exist?
Cloud Computing Platforms
The OpenStack platform was started by RackSpace and NASA and is a free, open standard cloud computing platform. The March 2023 release included 41 services.
Cloud Provider Alternatives
For specific needs, there are sometimes niche vendors that offer a more attractive proposition. https://www.websiteplanet.com/blog/aws-alternatives/ lists alternatives such as Digital Ocean, Kamatera, LiquidWeb and Cloudways if all you really need is a web host or routine solutions.
Links
AWS is so large, here's a short list of the most relevant links
- ↑ A bill so complicated, that you need to pay to figure it out.. using Artificial Intelligence