AWS Certified Solutions Architect ??? Associate Guide: The ultimate exam guide to AWS Solutions Architect certification

AWS Certified Solutions Architect – Associate Guide

The ultimate exam guide to AWS Solutions Architect certification

Gabriel Ramirez

Stuart Scott

BIRMINGHAM - MUMBAI

AWS Certified Solutions Architect – Associate Guide

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha

Acquisition Editor: Heramb Bhavsar

Content Development Editor: Abhishek Jadhav

Technical Editor: Mohd Riyan Khan

Copy Editor: Safis Editing

Project Coordinator: Jagdish Prabhu

Proofreader: Safis Editing

Indexer: Tejal Daruwale Soni

Graphics: Tom Scaria

Production Coordinator: Nilesh Mohite

First published: October 2018

Production reference: 1311018

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-78913-066-9

www.packtpub.com

To my family, with love!

– Gabriel Ramirez

To my loving wife Lisa, for her support and encouragement throughout this book!

– Stuart Scott

mapt.io

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

Packt.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the authors

Gabriel Ramirez is a passionate technologist with a broad experience in the Software Industry, he currently works as an Authorized Trainer for Amazon Web Services and Google Cloud.

He is holder of 9/9 AWS Certifications and does community work by organizing the AWS User Groups in Mexico. He can be found on LinkedIn at linkedin.com/in/gramirezm/.

Stuart Scott is the AWS content lead at Cloud Academy where he has created over 40 courses reaching tens of thousands of students. His content focuses heavily on cloud security and compliance, specifically on how to implement and configure AWS services to protect, monitor and secure customer data in an AWS environment.

He has written numerous cloud security blogs Cloud Academy and other AWS advanced technology partners. He has taken part in a series of cloud security webinars to share his knowledge and experience within the industry to help those looking to implement a secure and trusted environment.

In January 2016 Stuart was awarded 'Expert of the Year' from Experts Exchange for his knowledge share within cloud services to the community.

About the reviewer

Yohan Wadia is a client-focused evangelist and technologist with more than 8 years of experience in the cloud industry, focused on helping customers succeed with cloud adoption.

As a technical consultant, he provides guidance and implementation services to customers looking to leverage cloud computing through either Amazon Web Services, Windows Azure, or Google Cloud Platform by helping them come up with pragmatic solutions that make practical as well as business sense.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

AWS Certified Solutions Architect – Associate Guide

Dedication

Packt Upsell

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Conventions used

Get in touch

Reviews

Introducing Amazon Web Services

Technical requirements

Minimizing complexity

Conway's law

Cloud computing

Architecting for AWS

Cloud design principles

Cloud design patterns – CDP

AWS Cloud Adoption Framework – AWS CAF

AWS Well-Architected Framework – AWS WAF

Shared security model

Identity and Access Management

User creation

Designing an access structure

Create an administration group

Business case

Inline policies

IAM cross-account roles

Summary

Further reading

AWS Global Infrastructure Overview

Technical requirements

Introducing AWS global infrastructure

Becoming a service company

Data centers

10,000-feet view

Regions

100,000-feet view

Latency

Compliance

Supported services

Cost

Connectivity

Endpoint access

Global CDN

Amazon CloudFront

Single region / multi-region patterns

Rationale

Active-active

Active-passive

Network-partitioning tolerance

Complexity

CloudFront

Data replication and redundancy with managed services

Exercise

Replicating tags

Replicating ACLs

Distributed nature of S3

Metadata replication

Encryption replication

Hosting a static website with S3 and CloudFront

Summary

Further reading

Elasticity and Scalability Concepts

Technical requirements

Sources of failure

The cause

Dividing and conquering

Serial configuration

Parallel configuration

Reactive and proactive scalability

Horizontal scalability

Vertical scalability

Exercise

Virtualization technologies

LAMP installation

Scaling the web server

Resiliency

EC2 persistence model

Disaster recovery

Cascading deletion

Bootstrapping

Scaling the compute layer

Proactive scalability

Scaling a database server

Summary

Further reading

Hybrid Cloud Architectures

Effective migration to the cloud

Extending your data center

All in the cloud

VPC

Tenancy

Sizing

The default VPC

Public traffic

Private traffic

Security groups

Creating a security group

Chaining security groups

Bastion host

Hybrid deployment

Software VPNs

Static hardware VPNs

Dynamic hardware VPNs

Direct Connect (DX)

Storage gateway use cases

Network filesystems with file gateways

Block storage iSCSI with volume gateway – stored

Block storage iSCSI with volume gateway – cached

Virtual tape library iSCSI with a tape gateway

The Database Migration Service

Homogeneous migration

The AWS Schema Conversion tool

Heterogeneous migrations

Summary

Further reading

Resilient Patterns

Technical requirements

Route 53

Health checks

Record types

Summary

Further reading

Event Driven and Stateless Architectures

Technical requirements

Web application hosting

Route 53

Serverless application architecture

Streaming data architecture

Summary

Further reading

Integrating Application Services

Technical requirements

SQS as a reliable broker

Asynchrony

Creating a queue

Security

Durability

Message delivery

Message reception

Messaging patterns

Managing 1:N communications with SNS

Subscriber

Fanout

Authenticating your web and mobile apps with Cognito

Cognito user pools

Federated identities

API Gateway integration

Request flow

WebSockets in AWS

AWS IoT

AWS AppSync

Web app demo

Summary

Further reading

Disaster Recovery Strategies

Technical requirements

Availability metrics

The business perspective

Business impact analysis

Recovery Time Objective (RTO)

Recovery Point Objective (RPO)

Availability monitoring

Backup and restore

Preparation phase

In the case of a disaster

Trade-offs

Pilot light

The preparation phase

In the case of a disaster

Trade-offs

Warm standby

The preparation phase

In the case of a disaster

Trade-offs

Multi-site active-active

The preparation phase

In the case of a disaster

Trade-offs

Best practices

Summary

Further reading

Storage Options

Technical requirements

Relational databases

RDS

Managed capabilities

Instances

Parameter groups

Option groups

Snapshots

Events

Multi-AZ

Read replicas

Caching

Object storage

Simple storage service

Data organization

Integrity

Availability

Cost dimensions

Reducing cost

Durability

Maximum durability

Limited durability

Use cases

Consistency

Storage optimization

Creating objects from the CLI

Copy an existing object

Using a lifecycle policy

Lifecycle policies

Archiving with Glacier

Retrieval options

Workflow

NoSQL

DynamoDB

Control plane

Managed capabilities

Consistency

Local secondary index

Global secondary index

DynamoDB Streams

Global tables

Summary

Further reading

Matching Supply and Demand

Technical requirements

Elastic Load Balancing

Classic Load Balancer – CLB

Network Load Balancer – NLB

Application Load Balancer – ALB

Creating an Application Load Balancer

ELB attributes

Stateless versus stateful

Internet-facing versus internal-facing

TCP passthrough

Cross-zone load balancing

Connection draining

AWS Auto Scaling

Alternate flow

Create a launch configuration

Auto Scaling groups

Resiliency

Summary

Further reading

Introducing Amazon Elastic MapReduce

Technical requirements

Clustering in AWS

High performance computing

CfnCluster

Enhanced networking

Jumbo frames

Placement groups

Creating a placement group

Benchmarking

Elastic MapReduce

MapReduce

Analyzing a public dataset

Summary

Further reading

Web Scale Applications

Technical requirements

AWS Lambda

Summary

Further reading

Understanding Access Control

Technical requirements

Authentication, authorization, and access control

Authentication

Authorization

Access control

Authenticating via access control methods

Usernames and passwords

Multi-factor authentication

Programmatic access

Key pairs

IAM roles

Cross-account roles

Web identity and SAML federation

Federation of access

Web identity federation

SAML 2.0 federation

IAM authorization

Users

Groups

Roles

Identity-based policies

Managed policies versus inline policies

Writing policies from scratch by using a JSON policy editor

Using the visual editor within IAM

Copying an existing managed policy

Inline policies

Summary

Further reading

Encryption and Key Management

Technical requirements

An overview of encryption

Symmetric key cryptography

Asymmetric key cryptography

EBS encryption

Encrypting a new EBS volume

Encrypting a new EBS volume during the launch of a new EC2 instance

Encrypting an existing EBS volume

Amazon S3 encryption

Server-side encryption with S3 managed keys (SSE-S3)

Server-side encryption with KMS managed keys (SSE-KMS)

Server-side encryption with customer managed keys (SSE-C)

Client-side encryption with KMS managed keys (CSE-KMS)

Client-side encryption with KMS managed keys (CSE-C)

RDS encryption

How to enable encryption

Steps to encrypt an existing database

Key Management Service (KMS)

So, what is KMS?

Customer master keys

Data encryption keys (DEK)

Key policies

Grants

Key rotation

Manual key rotation

Summary

Further reading

An Overview of Security and Compliance Services

Technical requirements

AWS CloudTrail

Amazon Inspector

Installing the agent

Assessment templates, runs, and findings

AWS Trusted Advisor

Yellow warning under service limits

Red warning under service limits

AWS Systems Manager

Resource groups

Creating a resource group

Actions

Insights

Shared resource

AWS Config

Configuration item

Configuration streams

Configuration history

Configuration snapshot

Configuration recorder

Config rules

Resource relationship

High-level process overview

Summary

Further reading

AWS Security Best Practices

Technical requirements

Shared responsibility model

Data protection

Using encryption at rest for sensitive data

Taking advantage of encryption features built into AWS services

Using encryption in transit for sensitive data

Protecting against unexpected data loss

Using S3 MFA delete to prevent accidental deletion

Using S3 lifecycle policies

Implementing S3 versioning to protect against unintended actions

Virtual Private Cloud

Using security groups to control access at an instance level

Using NACLs to control access at a subnet level

Implementing the rule of least privilege

Implementing layers in your VPC

Creating Flow Logs to obtain deeper analysis of network traffic

Identity and Access Management

Avoid sharing identities

Using MFA for privileged users

Using roles

Password policy

Assigning permissions to groups instead of to individual users

Rotating your access keys

Assigning permissions according to the rule of least privilege

Re-evaluating permissions and deleting accounts

Do not use the root account as an operational user

EC2 security

Implementing a patching strategy

Controlling access with security groups

Encrypting sensitive data on persistent storage

Harden the operating system

Using Bastion hosts to connect to your EC2 instances

Security services

Summary

Further reading

Web Application Security

Technical requirements

AWS web application firewall

Conditions

Rules

Web ACL

Monitoring

AWS Shield

DDoS

Shield plans

AWS Firewall Manager

Before using AWS Firewall Manager

Amazon CloudFront security features

Summary

Further reading

Cost Effective Resources

Technical requirements

Reserved Instances

Standard Reserved Instances

Convertible Reserved Instances

Billing and cost management

Billing alarms

Service level alarms

Billing reports

Cost Explorer

Reserved Instances recommendations

QuickSight visualization

Cost Allocation Tags

AWS Organizations

Summary

Further reading

Working with Infrastructure as Code

Technical requirements

AWS CloudFormation

Template anatomy

Resources

Stack updates

Deletion policy

Outputs

Template reusability

Parameters

Mappings

Depends on

Helper scripts

Multi-tier web app

Best practices

Summary

Further reading

Automation with AWS

Technical requirements

Incident Response

CloudWatch Logs Agent

CloudWatch Metric Filters

Summary

Further reading

Introduction to the DevOps practice in AWS

Technical requirements

CI / CD pipeline

AWS CodeDeploy

AppSpec file

Summary

Further reading

Mock Test 1

Mock Test 2

Assessment

Mock Test 1

Mock Test 2

Another Book You May Enjoy

Leave a review - let other readers know what you think

Preface

Amazon Web Services (AWS) is currently the leader in the public cloud market. With an increasing global interest in leveraging cloud infrastructure, the AWS Cloud from Amazon offers a cutting-edge platform for architecting, building, and deploying web-scale cloud applications.

As more the rate of cloud platform adoption increases, so does the need for cloud certification. The AWS Certified Solution Architect – Associate Guide is your one-stop solution to gaining certification. Once you have grasped what AWS and its prerequisites are, you will get insights into different types of AWS services such as Amazon S3, EC2, VPC, SNS, and more to get you prepared with core Amazon services. You will then move on to understanding how to design and deploy highly scalable applications. Finally, you will study security concepts along with the AWS best practices and mock papers to test your knowledge.

By the end of this book, you will not only be fully prepared to pass the AWS Certified Solutions Architect – Associate exam but also capable of building secure and reliable applications.

Who this book is for

The AWS Certified Solutions Architect – Associate Guide is for you if you are an IT professional or Solutions Architect wanting to pass the AWS Certified Solution Architect – Associate 2018 exam. This book is also for developers looking to start building scalable applications on AWS.

What this book covers

Chapter 1, Introducing Amazon Web Services, in this chapter, the Amazon Web Services provides a very rich feature set of services and this chapter will take the readers through fundamentals concepts of AWS concepts. This will include information about what AWS Cloud is, how it enables large organizations and small start-ups to leverage enterprise class infrastructure.

Chapter 2, AWS Global Infrastructure Overview, this chapter will teach the readers about the AWS Global infrastructure, the service endpoints and partitions, availability zones, regions, edge locations and how the interact with high availability patterns and resilient designs. This chapter will also cover replication and synchronization of data at a global scale with a special focus on security.

Chapter 3, Elasticity and Scalability Concepts, this chapter will teach the readers how to match capacity and demand, design cost efficient solutions and understand how this two concepts play a role in Cloud Architecture. We'll focus on Demand, Buffer and Time based approaches, automation and serverless implementations.

Chapter 4, Hybrid Cloud Architectures, this chapter will teach the readers how to integrate cloud services, deploy new applications and interconnect and extend existing infrastructure to the cloud. Use application services as message queues, publisher subscriber, API Gateway and lambda as a bridge as a adapter.

Chapter 5, Resilient Patterns, this chapter will teach the readers how to avoid complete service failures by absorbing the operational impact of a service failure by loosely coupling components and services. To inject failure in our systems to make them fault tolerant and exposing failure paths. To design reactive autonomous monitoring systems in the cloud.

Chapter 6, Event Driven and Stateless Architectures, this chapter will teach the readers how to design workflows like ETL and image processing leveraging storage and processing using lambda. You will understand the pros and cons about maintaining servers and using PaaS and abstract services like S3 and DynamoDB.

Chapter 7, Integrating Application Services, the chapter will teach the readers how to integrate services like authentication, mobile backends, messaging and persistence to their apps. You will use Backend as a Service (BaaS) to decouple front end and middleware and to use 3rd party service providers.

Chapter 8, Disaster Recovery Strategies, the chapter will teach the readers what are the main patterns in DR strategies using the cloud. The reader will learn to implement successfully backup and restore, use pilot light and multi site active - active scenarios. You will be guided on how to implement a full DR exercise in a hybrid environment.

Chapter 9, Storage Options, the chapter will teach the readers the different storage options available, to evaluate durability, cost, performance size and management tasks of each one. You will compare hot and cold solutions and examples of EBS, S3, Glacier, RedShift and DynamoDB.

Chapter 10, Matching Supply and Demand, the chapter will teach the readers how to optimize for cost, use optimal resources on every layer. Work with AutoScaling and resize RDS databases with CloudWatch alarms.

Chapter 11, Introducing Amazon Elastic MapReduce, this chapter will teach the readers get insight about Elastic Map Reduce, the use cases and how to design clusters for High Performance Computing on EC2. Profiling your instances to maximize throughput and optimize network resources.

Chapter 12, Web Scale Applications, the chapter will teach the readers how to build massive applications that reach millions of users, with high levels of concurrency. Offload your backends with cache technologies like CloudFront and ElasticCache and NoSQL datastores.

Chapter 13, Understanding Access Control, the chapter will teach the readers to get familiar about the main security objectives, use granular control access for your users and applications. Learn about the security best practices and permission management through IAM.

Chapter 14, Encryption and Key Management, the chapter will teach the readers how encryption works in the cloud, use custom means to encrypt sensitive information and leverage encryption mechanisms from different AWS services and how to integrate with the Marketplace solutions to design robust security schemes and be compliant with several international standards, regulations and frameworks.

Chapter 15, An Overview of Security and Compliance Services, the chapter will provide an overview of some of the key AWS services that are used to secure, protect and govern data and resources within an AWS environment. It will define what each service is used for and the components that are used within each.

Chapter 16, AWS Security Best Practices, the chapter will teach the readers how to implement the AWS security reference model and get an in depth analysis of every service and configuration used to protect your application and data.

Chapter 17, Web Application Security, the chapter will teach the readers how to protect web applications, take a proactive standpoint for application design. You will learn how to avoid Cross Site Scripting, Man in the middle attacks and data integrity loss.

Chapter 18, Cost Effective Resources, the chapter will teach the readers how to design cost efficient resources and optimize services to improve ROI. Build custom cost reports with custom tags and use consolidated billing with multiple accounts. Create budgets and alarms to avoid unexpected charges.

Chapter 19, Working with Infrastructure as Code, the chapter will teach the readers how manage infrastructure using a set of tools, practices and thinking as software to gain consistency, flexibility, reusability and many advantages of this paradigm. We will work with CloudFormation and introduce you to OpsWorks, also will talk about many of the tools available in the industry that will help you manage configurations and infrastructure.

Chapter 20, Automation with AWS, the chapter will continue on the previous one demonstrating how automation help industries achieve more with less, how deployment strategies can help in consistency, availability and continuity of business. We show how to automate response to application logs, CloudTrail and Configuration Changes through AWS Config.

Chapter 21, Introduction to DevOps in AWS, the chapter will explain the principles, processes, toolchain and culture behind this practice. We'll take a holistic approach to apply SCM, Continuous Integration (CI) and Continuous Delivery (CD).

Chapter 22, Mock Test 1, in this chapter, readers will get the hands-on experience of the real time certification exam which will cover questions from the above stated services and which will make them confident about clearing the associate exam with the help of important tips and tricks.

Chapter 23, Mock Test 2, in this chapter, readers will get the hands-on experience of the real time certification exam which will cover questions from the above stated services and which will make them confident about clearing the associate exam with the help of important tips and tricks.

To get the most out of this book

You should have access to an AWS account.

The detailed requirement for each chapter can be found in the Technical requirement section of the chapters.

Download the example code files

You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packt.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at www.packt.com.

Select the SUPPORT tab.

Click on Code Downloads & Errata.

Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows

Zipeg/iZip/UnRarX for Mac

7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/AWS-Certified-Solutions-Architect-Associate-Guide. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: The public key is installed in the ~/.ssh/authorized_keys in the filesystem of the instance.

A block of code is set as follows:

{

Tenancy: default,

GroupName: ,

AvailabilityZone: us-east-1a

}

Any command-line input or output is written as follows:

mkdir webApp && cd $_

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: In the EC2 console choose Launch Instance.

Warnings or important notes appear like this.

Tips and tricks appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at customercare@packtpub.com.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Introducing Amazon Web Services

Welcome to the journey of becoming an Amazon Web Services (AWS) solutions architect. A path full of challenges, but also a path full of knowledge awaits you. To begin, I'd like to start by defining the role of a solutions architect in the software-engineering context. Architecture has a lot to do with technology, but it also has a lot to do with everything else; it is a discipline responsible for the nonfunctional requirements, and a model to design the Quality of Service (QoS) of the information systems.

Architecture is about finding the right balance and the midpoint of every circumstance. It is about understanding the environment in which problems are created, involving the people, the processes, the organizational culture, the business capabilities, and any external drivers that can influence the success of a project.

We will learn that part of our role as solutions architects is to evaluate several trade-offs, manage the essential complexity of things, their technical evolution, and the inherent entropy of complex systems.

The following topics will be covered in this chapter:

Understanding cloud computing

Cloud design patterns and principles

Shared security model

Identity and access management

Technical requirements

Solution scripts are available in the book's repositories at the following URLs, if you get stuck with the examples:

https://github.com/PacktPublishing/AWS-Certified-Solutions-Architect-Associate-Guide

https://github.com/gabanox/Certified-Solution-Architect-Associate-Guide

Minimizing complexity

A widely used strategy to solve difficult problems is to use functional decomposition, that is, breaking a complex system or process into manageable parts; a pattern for this is the multilayered architecture, also known as the n-tier architecture, by which we decompose big systems into logical layers focused only on one responsibility, leveraging characteristics such as scalability, flexibility, reusability, and many other benefits. The three-layer architecture is a popular pattern used to decompose monolithic applications and design distributed systems by isolating their functions into three different services:

Presentation Tier: This represents the component responsible for the user interface, in which user actions and events are generated via a web page, a mobile application, and so on.

Logic Tier: This is the middleware, the middle tier where the business logic is found. This tier can be implemented via web servers or application servers;here, every presentation tier event gets translated into service methods and business functions.

Data Tier: Persistence means will interact with the logic tier to maintain user state and behavior; this is the central repository of data for the application. Examples of this are database management systems (DBMS) or distributed memory-caching systems.

Conway's law

organizations which design systems ... are constrained to produce designs which are copies of the communication structures of these organizations.

This sentence shows the relevance of the way people organize to develop systems, and how this impacts every design decision we make. We will get into depth in the later chapters discussing microservices architectures, about how we can decouple and remove the barriers that prevent systems from evolving. Bear in mind that this book will show you a new way of systems thinking, and with AWS you have the tools to solve any kind of problem and create very sophisticated solutions.

Cloud computing

Cloud computing is a service model based on large pools of resources exposed through web interfaces, with the objective being to provide shareable, elastic, and secure services on demand with low cost and high flexibility:

Architecting for AWS

Designing cloud-based architectures, carries a different approach than traditional solutions, because physical hardware and infrastructure are now treated as software. This brings many benefits, such as reusability, high cohesion, a uniform service interface, and flexible operations.

It's easy to make use of on-demand resources when they are needed to modify its attributes in a matter of minutes. We can also provision complex structures declaratively and adapt services to the demand patterns of our users. In this chapter, we will be discussing the design principles that will make the best use of AWS.

Cloud design principles

These principles confirm the fundamental pillars on which well-architected and well-designed systems must be made:

Enable scalability:

Antipattern: Manual operation to aggregate capacity reactively and not proactively. Passive detection of failures and service limits can result in downtimes for applications and is prone to human errors due to limited reaction timespans:

From the diagram, we can see that instances take time to be fully usable, and the process is human-dependent.

Best practice: The elastic nature of AWS services makes it