Advanced Architecting on AWS

Advanced Architecting on AWSAWSAAAWAmazon Web ServicesAW-AWSAA3<h4>In this course, you will learn to:</h4><ul> <li>Review the AWS Well-Architected Framework to ensure understanding of best cloud design practices by responding to poll questions while following a graphic presentation</li><li>Demonstrate the ability to secure Amazon Simple Storage Service (Amazon S3) virtual private cloud (VPC) endpoint connections in a lab environment</li><li>Identify how to implement centralized permissions management and reduce risk using AWS Organizations organizational units (OUs) and service control policies (SCPs) with AWS Single Sign-On</li><li>Compare the permissions management capabilities of OUs, SCPs, and AWS SSO with and without AWS Control Tower to determine best practices based on use cases</li><li>Discuss AWS hybrid network designs to address traffic increases and streamline remote work while ensuring FIPS 140-2 Level 2, or Level 3 security compliance</li><li>Explore the solutions and products available to design a hybrid infrastructure, including access to 5G networks, to optimize service and reduce latency while maintaining high security for critical on premises applications</li><li>Explore ways to simplify the connection configurations between applications and high-performance workloads across global networks</li><li>Demonstrate the ability to configure a transit gateway in a lab environment</li><li>Identify and discuss container solutions and define container management options</li><li>Build and test a container in a lab environment</li><li>Examine how the AWS developer tools optimize the CI/CD pipeline with updates based on near-real-time data</li><li>Identify the anomaly detection and protection services that AWS offers to defend against DDoS attacks</li><li>Identify ways to secure data in transit, at rest, and in use with AWS Key Management Service (AWS KMS) and AWS Secrets Manager</li><li>Determine the best data management solution based on frequency of access, and data query and analysis needs</li><li>Set up a data lake and examine the advantages of this type of storage configuration to crawl and query data in a lab environment</li><li>Identify solutions to optimize edge services to eliminate latency, reduce inefficiencies, and mitigate risks</li><li>Identify the components used to automate the scaling of global applications using geolocation and traffic control</li><li>Deploy and activate an AWS Storage Gateway file gateway and AWS DataSync in a lab environment</li><li>Review AWS cost management tools to optimize costs while ensuring speed and performance</li><li>Review migration tools, services, and processes that AWS provides to implement effective cloud operation models based on use cases and business needs</li><li>Provide evidence of your ability to apply the technical knowledge and experience gained in the course to improve business practices by completing a Capstone Project</li></ul><p>We recommend that attendees of this course have: </p> <ul> <li>Knowledge and experience with core AWS services from the compute, storage, networking, and AWS Identity and Access Management (IAM) categories</li></ul><ul> <li>At least one of the following:<ul> <li>Attended the <span class="cms-link-marked"><a class="fl-href-prod" href="/swisscom/en/course/amazon-awsa"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Architecting on AWS <span class="fl-prod-pcode">(AWSA)</span></a></span> classroom training OR</li><li>Achieved the AWS Certified Solutions Architect - Associate certification OR</li><li>Have at least 1 year of experience operating AWS workloads</li></ul></li></ul><h4>Who should take this course: </h4><ul> <li>Cloud architects</li><li>Solutions architects</li><li>Anyone who designs solutions for cloud infrastructures</li></ul><h4>Day 1</h4><h5>Module 1: Reviewing Architecting Concepts</h5><ul> <li>Group Exercise: Review Architecting on AWS core best practices</li><li>Lab 1: Securing Amazon S3 VPC Endpoint Communications</li></ul><h5>Module 2: Single to Multiple Accounts</h5><ul> <li>AWS Organizations for multi-account access and permissions</li><li>AWS SSO to simplify access and authentication across AWS accounts and third-party services</li><li>AWS Control Tower</li><li>Permissions, access, and authentication</li></ul><h5>Module 3: Hybrid Connectivity</h5><ul> <li>AWS Client VPN authentication and control</li><li>AWS Site-to-Site VPN</li><li>AWS Direct Connect for hybrid public and private connections</li><li>Increasing bandwidth and reducing cost</li><li>Basic, high, and maximum resiliency</li><li>Amazon Route 53 Resolver DNS resolution</li></ul><h5>Module 4: Specialized Infrastructure</h5><ul> <li>AWS Storage Gateway solutions</li><li>On-demand VMware Cloud on AWS</li><li>Extending cloud infrastructure services with AWS Outposts</li><li>AWS Local Zones for latency-sensitive workloads</li><li>Your 5G network with and without AWS Wavelength</li></ul><h5>Module 5: Connecting Networks</h5><ul> <li>Simplifying private subnet connections</li><li>VPC isolation with a shared services VPC</li><li>Transit Gateway Network Manager and VPC Reachability Analyzer</li><li>AWS Resource Access Manager</li><li>AWS PrivateLink and endpoint services</li><li>Lab 2: Configuring Transit Gateways</li></ul><h4>Day 2</h4><h5>Module 6: Containers</h5><ul> <li>Container solutions compared to virtual machines</li><li>Docker benefits, components, solutions architecture, and versioning</li><li>Container hosting on AWS to reduce cost</li><li>Managed container services: Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS)</li><li>AWS Fargate</li><li>Lab 3: Deploying an Application with Amazon ECS on Fargate</li></ul><h5>Module 7: Continuous Integration/Continuous Delivery (CI/CD)</h5><ul> <li>CI/CD solutions and impact</li><li>CI/CD automation with AWS CodePipeline</li><li>Deployment models</li><li>AWS CloudFormation StackSets to improve deployment management</li></ul><h5>Module 8: High Availability and DDoS Protection</h5><ul> <li>Common DDoS attacks layers</li><li>AWS WAF</li><li>AWS WAF web access control lists (ACLs), real-time metrics, logs, and security automation</li><li>AWS Shield Advanced services and AWS DDoS Response Team (DRT) services</li><li>AWS Network Firewall and AWS Firewall Manager to protect accounts at scale</li></ul><h5>Module 9: Securing Data</h5><ul> <li>What cryptography is, why you would use it, and how to use it</li><li>AWS KMS</li><li>AWS CloudHSM architecture</li><li>FIPS 140-2 Level 2 and Level 3 encryption</li><li>Secrets Manager</li></ul><h5>Module 10: Large-Scale Data Stores</h5><ul> <li>Amazon S3 data storage management including storage class, inventory, metrics, and policies</li><li>Data lake vs. data warehouse: Differences, benefits, and examples</li><li>AWS Lake Formation solutions, security, and control</li><li>Lab 4: Setting Up a Data Lake with Lake Formation</li></ul><h4>Day 3</h4><h5>Module 11: Large-Scale Applications</h5><ul> <li>What edge services are and why you would use them</li><li>Improve performance and mitigate risk with Amazon CloudFront</li><li>Lambda@Edge</li><li>AWS Global Accelerator: IP addresses, intelligent traffic distribution, and health checks</li><li>Lab 5: Migrating an On-Premises NFS Share Using AWS DataSync and Storage Gateway</li></ul><h5>Module 12: Optimizing Cost</h5><ul> <li>On-premises and cloud acquisition/deprecation cycles</li><li>Cloud cost management tools including reporting, control, and tagging</li><li>Examples and analysis of the five pillars of cost optimization</li></ul><h5>Module 13: Migrating Workloads</h5><ul> <li>Business drivers and the process for migration</li><li>Successful customer practices</li><li>The 7 Rs to migrate and modernize</li><li>Migration tools and services from AWS</li><li>Migrating databases and large data stores</li><li>AWS Schema Conversion Tool (AWS SCT)</li></ul><h5>Module 14: Capstone Project</h5><ul> <li>Use the Online Course Supplement (OCS) to review use cases, investigate data, and answer architecting design questions about Transit Gateway, hybrid connectivity, migration, and cost optimization</li></ul>In this course, you will learn to: - Review the AWS Well-Architected Framework to ensure understanding of best cloud design practices by responding to poll questions while following a graphic presentation - Demonstrate the ability to secure Amazon Simple Storage Service (Amazon S3) virtual private cloud (VPC) endpoint connections in a lab environment - Identify how to implement centralized permissions management and reduce risk using AWS Organizations organizational units (OUs) and service control policies (SCPs) with AWS Single Sign-On - Compare the permissions management capabilities of OUs, SCPs, and AWS SSO with and without AWS Control Tower to determine best practices based on use cases - Discuss AWS hybrid network designs to address traffic increases and streamline remote work while ensuring FIPS 140-2 Level 2, or Level 3 security compliance - Explore the solutions and products available to design a hybrid infrastructure, including access to 5G networks, to optimize service and reduce latency while maintaining high security for critical on premises applications - Explore ways to simplify the connection configurations between applications and high-performance workloads across global networks - Demonstrate the ability to configure a transit gateway in a lab environment - Identify and discuss container solutions and define container management options - Build and test a container in a lab environment - Examine how the AWS developer tools optimize the CI/CD pipeline with updates based on near-real-time data - Identify the anomaly detection and protection services that AWS offers to defend against DDoS attacks - Identify ways to secure data in transit, at rest, and in use with AWS Key Management Service (AWS KMS) and AWS Secrets Manager - Determine the best data management solution based on frequency of access, and data query and analysis needs - Set up a data lake and examine the advantages of this type of storage configuration to crawl and query data in a lab environment - Identify solutions to optimize edge services to eliminate latency, reduce inefficiencies, and mitigate risks - Identify the components used to automate the scaling of global applications using geolocation and traffic control - Deploy and activate an AWS Storage Gateway file gateway and AWS DataSync in a lab environment - Review AWS cost management tools to optimize costs while ensuring speed and performance - Review migration tools, services, and processes that AWS provides to implement effective cloud operation models based on use cases and business needs - Provide evidence of your ability to apply the technical knowledge and experience gained in the course to improve business practices by completing a Capstone ProjectWe recommend that attendees of this course have: - Knowledge and experience with core AWS services from the compute, storage, networking, and AWS Identity and Access Management (IAM) categories - At least one of the following: - Attended the Architecting on AWS (AWSA) classroom training OR - Achieved the AWS Certified Solutions Architect - Associate certification OR - Have at least 1 year of experience operating AWS workloadsWho should take this course: - Cloud architects - Solutions architects - Anyone who designs solutions for cloud infrastructuresDay 1 Module 1: Reviewing Architecting Concepts - Group Exercise: Review Architecting on AWS core best practices - Lab 1: Securing Amazon S3 VPC Endpoint Communications Module 2: Single to Multiple Accounts - AWS Organizations for multi-account access and permissions - AWS SSO to simplify access and authentication across AWS accounts and third-party services - AWS Control Tower - Permissions, access, and authentication Module 3: Hybrid Connectivity - AWS Client VPN authentication and control - AWS Site-to-Site VPN - AWS Direct Connect for hybrid public and private connections - Increasing bandwidth and reducing cost - Basic, high, and maximum resiliency - Amazon Route 53 Resolver DNS resolution Module 4: Specialized Infrastructure - AWS Storage Gateway solutions - On-demand VMware Cloud on AWS - Extending cloud infrastructure services with AWS Outposts - AWS Local Zones for latency-sensitive workloads - Your 5G network with and without AWS Wavelength Module 5: Connecting Networks - Simplifying private subnet connections - VPC isolation with a shared services VPC - Transit Gateway Network Manager and VPC Reachability Analyzer - AWS Resource Access Manager - AWS PrivateLink and endpoint services - Lab 2: Configuring Transit Gateways Day 2 Module 6: Containers - Container solutions compared to virtual machines - Docker benefits, components, solutions architecture, and versioning - Container hosting on AWS to reduce cost - Managed container services: Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS) - AWS Fargate - Lab 3: Deploying an Application with Amazon ECS on Fargate Module 7: Continuous Integration/Continuous Delivery (CI/CD) - CI/CD solutions and impact - CI/CD automation with AWS CodePipeline - Deployment models - AWS CloudFormation StackSets to improve deployment management Module 8: High Availability and DDoS Protection - Common DDoS attacks layers - AWS WAF - AWS WAF web access control lists (ACLs), real-time metrics, logs, and security automation - AWS Shield Advanced services and AWS DDoS Response Team (DRT) services - AWS Network Firewall and AWS Firewall Manager to protect accounts at scale Module 9: Securing Data - What cryptography is, why you would use it, and how to use it - AWS KMS - AWS CloudHSM architecture - FIPS 140-2 Level 2 and Level 3 encryption - Secrets Manager Module 10: Large-Scale Data Stores - Amazon S3 data storage management including storage class, inventory, metrics, and policies - Data lake vs. data warehouse: Differences, benefits, and examples - AWS Lake Formation solutions, security, and control - Lab 4: Setting Up a Data Lake with Lake Formation Day 3 Module 11: Large-Scale Applications - What edge services are and why you would use them - Improve performance and mitigate risk with Amazon CloudFront - Lambda@Edge - AWS Global Accelerator: IP addresses, intelligent traffic distribution, and health checks - Lab 5: Migrating an On-Premises NFS Share Using AWS DataSync and Storage Gateway Module 12: Optimizing Cost - On-premises and cloud acquisition/deprecation cycles - Cloud cost management tools including reporting, control, and tagging - Examples and analysis of the five pillars of cost optimization Module 13: Migrating Workloads - Business drivers and the process for migration - Successful customer practices - The 7 Rs to migrate and modernize - Migration tools and services from AWS - Migrating databases and large data stores - AWS Schema Conversion Tool (AWS SCT) Module 14: Capstone Project - Use the Online Course Supplement (OCS) to review use cases, investigate data, and answer architecting design questions about Transit Gateway, hybrid connectivity, migration, and cost optimization3 days1500.001480.001480.001480.001480.001480.001480.001480.001480.001850.001850.001850.001450.001395.001395.001395.001485.001485.001485.001395.001395.001485.002025.001650.001750.001800.00127500.001895.009320.001750.001750.002195.001750.001995.002510.001995.004900.002655.003150.002795.001995.002395.00