AW300: Advanced Architecting on AWS™

Agenda:

• Reviewing Architecting Concepts
  • Group Exercise: Review Architecting on AWS™ core best practices
  • Lab 1: Securing Amazon S3 VPC Endpoint Communications

• Single to Multiple Accounts
  • AWS™ Organizations for multi-account access and permissions
  • AWS™ SSO to simplify access and authentication across AWS™ accounts and third-party services
  • AWS™ Control Tower
  • Permissions, access, and authentication

• Hybrid Connectivity
  • AWS™ Client VPN authentication and control
  • AWS™ Site-to-Site VPN
  • AWS™ Direct Connect for hybrid public and private connections
  • Increasing bandwidth and reducing cost
  • Basic, high, and maximum resiliency
  • Amazon Route 53 Resolver DNS resolution

• Specialized Infrastructure
  • AWS™ Storage Gateway solutions
  • On-demand VMware™ Cloud on AWS™
  • Extending cloud infrastructure services with AWS™ Outposts
  • AWS™ Local Zones for latency-sensitive workloads
  • Your 5G network with and without AWS™ Wavelength

• Connecting Networks
  • Simplifying private subnet connections
  • VPC isolation with a shared services VPC
  • Transit Gateway Network Manager and VPC Reachability Analyzer
  • AWS™ Resource Access Manager
  • AWS™ PrivateLink and endpoint services
  • Lab 2: Configuring Transit Gateways

• Containers
  • Container solutions compared to virtual machines
  • Docker benefits, components, solutions architecture, and versioning
  • Container hosting on AWS™ to reduce cost
  • Managed container services: Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS)
  • AWS™ Fargate
  • Lab 3: Deploying an Application with Amazon EKS on Fargate

• Continuous Integration/Continuous Delivery (CI/CD)
  • CI/CD solutions and impact
  • CI/CD automation with AWS™ CodePipeline
  • Deployment models
  • AWS™ CloudFormation StackSets to improve deployment management

• Common DDoS attacks layers
  
  • AWS™ WAF
  • AWS™ WAF web access control lists (ACLs), real-time metrics, logs, and security automation
  • AWS™ Shield Advanced services and AWS™ DDoS Response Team (DRT) services
  • AWS™ Network Firewall and AWS™ Firewall Manager to protect accounts at scale

• Securing Data
  • What cryptography is, why you would use it, and how to use it
  • AWS™ KMS
  • AWS™ CloudHSM architecture
  • FIPS 140-2 Level 2 and Level 3 encryption
  • Secrets Manager

• Large-Scale Data Stores
  • Amazon S3 data storage management including storage class, inventory, metrics, and policies
  • Data lake vs. data warehouse: Differences, benefits, and examples
  • AWS™ Lake Formation solutions, security, and control
  • Lab 4: Setting Up a Data Lake with Lake Formation

• Large-Scale Applications
  • What edge services are and why you would use them
  • Improve performance and mitigate risk with Amazon CloudFront
  • Lambda@Edge
  • AWS™ Global Accelerator: IP addresses, intelligent traffic distribution, and health checks
  • Lab 5: Migrating an On-Premises NFS Share Using AWS™ DataSync and Storage Gateway

• Optimizing Cost
  • On-premises and cloud acquisition/deprecation cycles
  • Cloud cost management tools including reporting, control, and tagging
  • Examples and analysis of the five pillars of cost optimization

• Migrating Workloads
  • Business drivers and the process for migration
  • Successful customer practices
  • The 7 Rs to migrate and modernize
  • Migration tools and services from AWS™
  • Migrating databases and large data stores
  • AWS™ Schema Conversion Tool (AWS™ SCT)

• Capstone Project
  • Use the Online Course Supplement (OCS) to review use cases, investigate data, and answer architecting design questions about Transit Gateway, hybrid connectivity, migration, and cost optimization

Objectives:

In this course AW300 Advanced Architecting on AWS™, you will:

• Review the AWS™ Well-Architected Framework to ensure understanding of best cloud design
  practices by responding to poll questions while following a graphic presentation
• Demonstrate the ability to secure Amazon Simple Storage Service (Amazon S3) virtual private
  cloud (VPC) endpoint connections in a lab environment
• Identify how to implement centralized permissions management and reduce risk using AWS™
  Organizations organizational units (OUs) and service control policies (SCPs) with AWS™ Single Sign-On
• Compare the permissions management capabilities of OUs, SCPs, and AWS™ SSO with and without AWS™ Control Tower to determine best practices based on use cases
• Discuss AWS™ hybrid network designs to address traffic increases and streamline remote work while ensuring FIPS 140-2 Level 2, or Level 3 security compliance
• Explore the solutions and products available to design a hybrid infrastructure, including access to 5G networks, to optimize service and reduce latency while maintaining high security for critical on-premises applications
• Explore ways to simplify the connection configurations between applications and high-performance workloads across global networks
• Demonstrate the ability to configure a transit gateway in a lab environment
• Identify and discuss container solutions and define container management options
• Build and test a container in a lab environment
• Examine how the AWS™ developer tools optimize the CI/CD pipeline with updates based on near-real-time data
• Identify the anomaly detection and protection services that AWS™ offers to defend against DDoS attacks
• Identify ways to secure data in transit, at rest, and in use with AWS™ Key Management Service (AWS™ KMS) and AWS™ Secrets Manager
• Determine the best data management solution based on frequency of access, and data query and analysis needs
• Set up a data lake and examine the advantages of this type of storage configuration to crawl and query data in a lab environment
• Identify solutions to optimize edge services to eliminate latency, reduce inefficiencies, and mitigate risks
• Identify the components used to automate the scaling of global applications using geolocation and traffic control
• Deploy and activate an AWS™ Storage Gateway file gateway and AWS™ DataSync in a lab environment
• Review AWS™ cost management tools to optimize costs while ensuring speed and performance
• Review migration tools, services, and processes that AWS™ provides to implement effective cloud operation models based on use cases and business
  needs
• Provide evidence of your ability to apply the technical knowledge and experience gained in the course to improve business practices by completing a Capstone Project

Target audience:

This course AW300 Advanced Architecting on AWS™ is intended for

• Cloud Architects
• Solutions Architects
• Anyone who designs solutions for cloud infrastructures

Prerequisites:

To participate in the course AW300 Advanced Architecting on AWS™ at qSkills™, you should have attended the following AWS™ training:

• AW200 Architecting on AWS™

In addition, you should meet the following prerequisites:

• The certification "AWS™ Certified Solutions Architect – Associate"
• Knowledge and experience with core AWS™ services in the areas of Compute, Storage, Networking and AWS™ Identity and Access Management (IAM)
• At least 1 year of experience in operating AWS™ workloads
  
  
  

Description:

In this course AW300 Advanced Architecting on AWS™, each module presents a scenario with an architectural challenge to be solved. You will examine available AWS™ services and features as solutions to the problem. You will gain insights by participating in problem-based discussions and learning about the AWS™ services that you could apply to meet the challenges.
Over 3 days, the course AW300 Advanced Architecting on AWS™ goes beyond the basics of a cloud infrastructure and covers topics to meet a variety of needs for AWS™ customers. Course modules focus on managing multiple AWS™ accounts, hybrid connectivity and devices, networking with a focus on AWS™ Transit Gateway connectivity, container services, automation tools for continuous integration/continuous delivery (CI/CD), security and distributed denial of service (DDoS) protection, data lakes and data stores, edge services, migration options, and managing costs.
The course AW300 Advanced Architecting on AWS™ concludes by presenting you with scenarios and challenging you to identify the best solutions.

This course AW300 Advanced Architecting on AWS™ includes presentations, group discussions, use cases, videos, assessments, and hands-on labs.

Other Info:

The course materials (e-book) are in English, the course language is German.

This course is also available as a 4-day workshop with AWS™ Jam.
AW300 Advanced Architecting on AWS™ with AWS™ Jam

Real-world problem solving, exploration of new services, and understanding the interaction of individual components are the focus of this hands-on day.