Module 1: Design Secure Architectures
Design secure access to AWS resources
- Access controls and management across multiple accounts
- AWS federated access and identity services (AWS Identity and Access Management IAM, AWS IAM Identity Center AWS Single Sign-On)
- AWS global infrastructure (Availability Zones, AWS Regions)
- AWS security best practices (the principle of least privilege)
- The AWS shared responsibility model
Design secure workloads and applications
- Application configuration and credentials security
- AWS service endpoints
- Control ports, protocols, and network traffic on AWS
- Secure application access
- Security services with appropriate use cases (Amazon Cognito, Amazon GuardDuty, Amazon Macie)
- Threat vectors external to AWS (DDoS, SQL injection)
Determine appropriate data security controls
- Data access and governance
- Data recovery
- Data retention and classification
- Encryption and appropriate key management
Module 2: Design Resilient Architectures
Design scalable and loosely coupled architectures
- API creation and management (Amazon API Gateway, REST API)
- AWS managed services with appropriate use cases (AWS Transfer Family, Amazon SQS, Secrets Manager)
- Caching strategies
- Design principles for microservices (stateless workloads compared with stateful workloads)
- Event-driven architectures
- Horizontal scaling and vertical scaling
- How to appropriately use edge accelerators (CDN)
- How to migrate applications into containers
- Load balancing concepts (Application Load Balancer)
- Multi-tier architectures
- Queuing and messaging concepts (publish/subscribe)
- Serverless technologies and patterns (AWS Fargate, AWS Lambda)
- Storage types with associated characteristics (object, file, block)
- The orchestration of containers (Amazon ECS, Amazon EKS)
- When to use read replicas
- Workflow orchestration (AWS Step Functions)
Design highly available and/or fault-tolerant architectures
- AWS global infrastructure (Availability Zones, AWS Regions, Amazon Route 53)
- AWS managed services with appropriate use cases (Amazon Comprehend, Amazon Polly)
- Basic networking concepts (route tables)
- Disaster recovery (DR) strategies (backup and restore, pilot light, warm standby, active-active failover, RPO, RTO)
- Distributed design patterns
- Failover strategies
- Immutable infrastructure
- Load balancing concepts (Application Load Balancer)
- Proxy concepts (Amazon RDS Proxy)
- Service quotas and throttling (how to configure the service quotas for a workload in a standby environment)
- Storage options and characteristics (durability, replication)
- Workload visibility (AWS X-Ray)
Module 3: Design High-Performing Architectures
Determine high-performing and/or scalable storage solutions
- Hybrid storage solutions to meet business requirements
- Storage services with appropriate use cases (Amazon S3, Amazon Elastic File System Amazon EFS, Amazon Elastic Block Store Amazon EBS)
- Storage types with associated characteristics (object, file, block)
Design high-performing and elastic compute solutions
- AWS compute services with appropriate use cases (AWS Batch, Amazon EMR, Fargate)
- Distributed computing concepts supported by AWS global infrastructure and edge services
- Queuing and messaging concepts (publish/subscribe)
- Scalability capabilities with appropriate use cases (for example, Amazon EC2 Auto Scaling, AWS Auto Scaling)
- Serverless technologies and patterns (Lambda, Fargate)
- The orchestration of containers (Amazon ECS, Amazon EKS)
Determine high-performing database solutions
- AWS global infrastructure (Availability Zones, AWS Regions)
- Caching strategies and services (Amazon ElastiCache)
- Data access patterns (read-intensive compared with write-intensive)
- Database capacity planning (capacity units, instance types, Provisioned IOPS)
- Database connections and proxies
- Database engines with appropriate use cases (heterogeneous migrations, homogeneous migrations)
- Database replication (read replicas)
- Database types and services (serverless, relational compared with non-relational, in-memory)
Determine high-performing and/or scalable network architectures
- Edge networking services with appropriate use cases (Amazon CloudFront, AWS Global Accelerator)
- How to design network architecture (subnet tiers, routing, IP addressing)
- Load balancing concepts (Application Load Balancer)
- Network connection options (AWS VPN, Direct Connect, AWS PrivateLink)
Determine high-performing data ingestion and transformation solutions
- Data analytics and visualization services with appropriate use cases (Amazon Athena, AWS Lake Formation, Amazon QuickSight)
- Data ingestion patterns (frequency)
- Data transfer services with appropriate use cases (AWS
- DataSync, AWS Storage Gateway)
- Data transformation services with appropriate use cases (AWS Glue)
- Secure access to ingestion access points
- Sizes and speeds needed to meet business requirements
- Streaming data services with appropriate use cases (Amazon Kinesis)
Module 4: Design Cost-Optimized Architectures
Design cost-optimized storage solutions
- Access options (an S3 bucket with Requester Pays object storage)
- AWS cost management service features (cost allocation tags, multi-account billing)
- AWS cost management tools with appropriate use cases (AWS Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
- AWS storage services with appropriate use cases (Amazon FSx, Amazon EFS, Amazon S3, Amazon EBS)
- Backup strategies
- Block storage options (hard disk drive volume types, solid state drive volume types)
- Data lifecycles
- Hybrid storage options (DataSync, Transfer Family, Storage Gateway)
- Storage access patterns
- Storage tiering (cold tiering for object storage)
- Storage types with associated characteristics (object, file, block)
Design cost-optimized compute solutions
- AWS cost management service features (cost allocation tags, multi-account billing)
- AWS cost management tools with appropriate use cases (Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
- AWS global infrastructure (Availability Zones, AWS Regions)
- AWS purchasing options (Spot Instances, Reserved Instances, Savings Plans)
- Distributed compute strategies (edge processing)
- Hybrid compute options (AWS Outposts, AWS Snowball Edge)
- Instance types, families, and sizes (memory optimized, compute optimized, virtualization)
- Optimization of compute utilization (containers, serverless computing, microservices)
- Scaling strategies (auto scaling, hibernation)
Design cost-optimized database solutions
- AWS cost management service features (cost allocation tags, multi-account billing)
- AWS cost management tools with appropriate use cases (Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
- Caching strategies
- Data retention policies
- Database capacity planning (capacity units)
- Database connections and proxies
- Database engines with appropriate use cases (heterogeneous migrations, homogeneous migrations)
- Database replication (read replicas)
- Database types and services (relational compared with nonrelational, Aurora, DynamoDB
Design cost-optimized network architectures
- AWS cost management service features (cost allocation tags, multi-account billing)
- AWS cost management tools with appropriate use cases (Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
- Load balancing concepts (Application Load Balancer)
- NAT gateways (NAT instance costs compared with NAT gateway costs)
- Network connectivity (private lines, dedicated lines, VPNs)
- Network routing, topology, and peering (AWS Transit Gateway, VPC peering)
- Network services with appropriate use cases (DNS)
