One of a the best book about Solution Architecture AWS oriented. AWS Solution Architect Handbook 1. Core Concepts Global Infrastructure: Regions, Availability Zones (AZs), Edge Locations. Shared Responsibility Model: AWS → Security of the cloud (infra, services). Customer → Security in the cloud (data, IAM, configs). Well-Architected Framework → 6 Pillars: Operational Excellence Security Reliability…
Snow Family (Offline Data Transfer) Snowcone: Small device (~8 TB) → data transfer to S3/EC2. Snowball Edge: Larger device (~20–80 TB), with compute/storage options. Snowmobile: Truck-sized (up to 100 PB) for massive data migration. FSx (Managed File Systems) FSx for Windows Server: Supports AD integration, SQL Server, SMB protocol. ❌ No NFS. ✅ Multi-AZ. FSx…
AI / ML & Data Processing Lex: Build chatbots (natural language). Kendra: Enterprise search in unstructured data. Translate: Machine translation (text ↔ text). (⚠️ tu as noté “speed to text” → en fait c’est Transcribe qui fait Speech-to-Text). Polly: Text-to-Speech (TTS). Security & Customer Data Macie: Detects sensitive data (PII) in S3. Pinpoint: Customer engagement…
VPC & Networking VPC Sharing: Plusieurs comptes partagent le même VPC pour réduire duplication et coûts. Private IP ranges (RFC1918): 10.0.0.0/8 172.16.0.0 – 172.31.255.255 (/12) 192.168.0.0/16 Elastic IP: IP publique fixe attachée à une ressource (ex: EC2). Instance Connect: Se connecter à une instance EC2 depuis la console (SSH intégré). VPC Endpoints Interface Endpoint: Uses…
Big Data & Analytics Services EMR (Elastic MapReduce): Managed Hadoop/Spark for big data. Glue: ETL service (extract, transform, load). DataBrew: No-code data cleaning/transformations. Streaming ETL: Real-time processing. Bookmarks: Avoid reprocessing, track processed data. QuickSight: BI (dashboards, analytics), integrates with Spectrum for querying data in S3. AWS Well-Architected 6 Pillars Sustainability – efficient use of resources….
Access & Security Pre-signed URL: Temporary access (default 7 days). Bucket Policy: Controls access inside S3 (resource-based). Encryption: S3 encrypts every object by default, but no audit/rotation built-in. Data Access Features Byte-Range Fetch: Retrieve partial object (useful for large files). S3 Select: Query data within objects (CSV, JSON, Parquet). Costs & Storage Classes Cost hierarchy:…
ECS Fargate: Serverless option; AWS manages infrastructure, you specify RAM/CPU. EC2: User manages underlying instances. Networking & Access NLB (Network Load Balancer): High performance, static public IP, supports TCP/UDP. NAT Instance: EC2-based; allows private instances to access Internet. NAT Gateway: Managed, scalable, must be in public subnet, controlled by NACLs. Direct Connect: Dedicated physical link…
inesis (KDS, Firehose, Analytics) Kinesis Data Streams (KDS): Real-time data streaming; replayable up to 7 days. Kinesis Firehose: Delivers streaming data to S3, Redshift, or HTTP endpoints (fully managed, no storage). Kinesis Data Analytics: Real-time (RT) analytics on streaming data. EventBridge: Event bus that integrates AWS services with third-party apps. Autoscaling: Adjusts shard capacity automatically….
User Pool: Provides built-in user management and authentication extensions. Identity Pool: Issues credentials and ephemeral identities for accessing AWS services. User Groups: Belonging to a group is optional. IAM Policy: Defined by version, ID, statement (with ID, effect, principal, action, resource). Certificate: Managed via AWS Certificate Manager. Cognito: Supports federated users (e.g., social or enterprise…
RDS aurora serverless 15 read replicas/3AZ read replicas are not the same as Disaster Recovery Multi AZ is not the same as multi region By default, RDS is not multi AZ multi AZ cross regions does not exist for RDS, only for Aurora it exists aurora endpoint storage autoscaling RDS proxy <=> connection pool maintenance:…