Virtual, hands-on learning labs allow you to apply your technical skills in realistic environments. So Sybex has bundled AWS labs from XtremeLabs with our popular AWS Certified SysOps Administrator Study Guide to give you the same experience working in these labs as you prepare for the Certified SysOps Administrator Exam that you would face in a real-life application. These labs in addition to the book are a proven way to prepare for the certification and for work as an AWS SysOps Administrator.
This comprehensive book guides readers through the role of a SysOps Administrator and helps prepare candidates to take the updated AWS Certified SysOps Administrator--Associate (SOA-C01) Exam. The AWS Certified SysOps Administrator--Associate certification validates technical expertise in deployment, management, and operations on the AWS platform.
This Study Guide not only prepares readers for the AWS exam, but it makes sure the reader is ready to perform the duties expected of SysOps Administrators. The book focuses on the skill-set required of AWS professionals by filling in the gap between test preparation and real-world preparedness. Concepts covered include:
* Monitoring and Reporting
* High Availability
* Deployment and Provisioning
* Storage and Dada Management
* Security and Compliance
* Networking
* Automation and Optimization
* And More
Readers will also have one year of free access to the Sybex interactive online learning environment and test bank, providing a suite of robust study tools including an assessment test, chapter tests, bonus practice exam, electronic flashcards, and a glossary of key terms.
And included with this version of the book, XtremeLabs virtual labs that run from your browser. The registration code is included with the book and gives you 6 months unlimited access to XtremeLabs AWS Certified SysOps Administrator Labs with 6 unique lab modules based on the book.

SARA PERROTT is an accredited AWS Academy instructor at Bellevue College where she is an adjunct professor. She works full-time in the cybersecurity field and is passionate about her work. She has an MS in Cybersecurity and Information Assurance and holds several industry certifications such as the CISSP and GCIH, in addition to the AWS Certified Solutions Architect Associate and AWS Certified SysOps Administrator Associate certifications. You can contact Sara via her website at https://www.saraperrott.com.

BRETT MCLAUGHLIN currently works in cloud computing, focusing on scalable cloud platforms and staging and distributing petabyte-scale data stores. He is an expert in cloud-based architectures and large data sets and has led projects for NASA and billion-dollar AUM hedge funds. He is currently the CTO for Volusion, as well as an active instructor in the AWS and serverless communities.

Introduction xxvii

Assessment Test xxxiv

Part I AWS Fundamentals 1

Chapter 1 Introduction to Systems Operations on AWS 3

The AWS Ecosystem 5

The AWS Services Model 6

The AWS Global Presence 7

AWS Managed Services 8

What is Systems Operations? 14

The AWS Shared Responsibility Model 15

The AWS Service Level Agreement 16

The Seven Domains 16

Working with AWS 17

The AWS Management Console 17

The AWS CLI 19

AWS SDKs 19

Technical Support and Online Resources 19

Support Plans 20

Other Support Resources 20

Key Exam Resources 20

Summary 21

Exam Essentials 21

Review Questions 24

Part II Monitoring and Reporting 29

Chapter 2 Amazon CloudWatch 31

Monitoring on AWS 32

Monitoring is Event-Driven 33

Monitoring is Customizable 34

Monitoring Drives Action 36

Basic CloudWatch Terms and Concepts 36

CloudWatch is Metric- and Event-Based 36

Alarms Indicate Notifiable Change 36

Events and CloudWatch Events are Lower Level 37

CloudWatch Events Has Three Components 37

Choosing Between Alarms and Events 37

What's in a Namespace? 37

To the 10th Dimension 38

Statistics Aggregate Metrics 38

Monitoring Compute 39

EC2 Instance Metrics 39

EC2 EBS Metrics 40

ECS Metrics 41

Monitoring Storage 41

S3 Metrics 42

RDS Metrics 42

DynamoDB2 Metrics 43

CloudWatch Alarms 44

Create an Alarm Threshold 45

Set Off an Alarm 45

Respond to an Alarm 45

CloudWatch Events 46

Events 46

Rules 46

Targets 47

Summary 47

Resources to Review 48

Exam Essentials 48

Exercises 49

Review Questions 56

Chapter 3 AWS Organizations 61

Managing Multiple Accounts 62

AWS Organizations Consolidates User Management 63

AWS Organizations Consolidates Billing 63

Core AWS Organizations Concepts 64

An Organization is a Collection of Accounts 64

Organizations Have a Master Account 65

Manage Organizational Units Across Accounts 65

Apply Service Control Policies 66

AWS Organizations and Consolidated Billing 68

Compliance Benefits 69

Prefer AWS Organizations Over Tagging 69

Summary 69

Exam Essentials 70

Exercises 70

Review Questions 73

Chapter 4 AWS Config 77

Managing Configuration Changes 78

Continuous Everything 79

On-Premises Solutions 80

Configuration in the Cloud 80

Contents xvii

AWS Config Use Cases 81

Centralized Configuration Management 81

Audit Trails 83

Configuration as Security 83

AWS Config Rules and Responses 83

Rules are Desired Configurations 83

A Configuration Item Represents a Specific Configuration 84

Rules are Evaluated 85

AWS Config or AWS CloudTrail? 87

Summary 87

Resources to Review 88

Exam Essentials 88

Exercises 89

Review Questions 96

Chapter 5 AWS CloudTrail 101

API Logs are Trails of Data 102

What Exactly is a Trail? 103

The CloudTrail Process 105

CloudTrail as a Monitoring Tool 106

Viewing CloudTrail Logs 106

Connect a CloudTrail Trail to SNS 107

CloudTrail Handles Permissions...Sometimes 108

Summary 108

Resources to Review 108

Exam Essentials 109

Exercises 109

Review Questions 115

Part III High Availability 119

Chapter 6 Amazon Relational Database Service 121

Creating Databases with Amazon RDS 122

Amazon RDS vs. Your Own Instances 123

Supported Database Engines 125

Database Configuration and Parameter Groups 125

Scalability with Amazon RDS 127

Amazon RDS Key Features 128

Scaling Amazon RDS Instances 128

Backing Up Amazon RDS Instances 128

Securing Amazon RDS Instances 129

Multi-AZ Configuration 129

Creating a Multi-AZ Deployment 129

Failing Over to the Secondary Instance 130

Read Replicas 131

Replication to Read Replicas 131

Connecting to Read Replicas 132

Read Replicas' Requirements and Limitations 132

Amazon Aurora 132

Aurora Volumes 133

Aurora Replicas 133

Summary 133

Resources to Review 134

Exam Essentials 134

Review Questions 136

Chapter 7 Auto Scaling 141

Auto Scaling Terms and Concepts 142

Auto Scaling Groups 143

Scaling In and Scaling Out 143

Scaling More than EC2 144

Minimums, Maximums, and Desired Capacity 145

Auto Scaling Groups Auto Scale 145

Auto Scaling Instances Must Be Maintained 146

Launch Configurations 147

EC2 Instances are Launch Configuration Templates 147

One Auto Scaling Group Has One Launch Configuration 148

Launch Templates: Versioned Launch Configurations 148

Auto Scaling Strategies 149

Manual Scaling 149

Scheduled Scaling 149

Dynamic Scaling 150

Cooldown Periods 150

Instances Terminate in Order 151

When Auto Scaling Fails 152

Summary 153

Resources to Review 153

Exam Essentials 153

Exercises 154

Review Questions 158

Part IV Deployment and Provisioning 163

Chapter 8 Hubs, Spokes, and Bastion Hosts 165

VPC Peering 166

Understanding the Use Case for Hub-and-Spoke Architecture 168

Using a VPC Peering Connection Across Multiple Regions (Interregion Peering) 169

Bastion Hosts 169

Architecting for Bastion Host Use 170

Options for Bastion Hosts 170

Summary 171

Resources to Review 172

Linux Bastion Hosts on the AWS Cloud: 172

Exam Essentials 172

Exercises 173

Review Questions 183

Chapter 9 AWS Systems Manager 187

AWS Systems Manager 188

Communication with AWS Systems Manager 189

AWS Managed Instances 190

AWS Resource Groups 191

Taking Action with AWS Systems Manager 191

Summary 196

Resources to Review 196

Exam Essentials 197

Exercises 197

Review Questions 205

Part V Storage and Data Management 209

Chapter 10 Amazon Simple Storage Service (S3) 211

Object Storage and Amazon S3 212

What's in a URL? 214

Availability and Durability 215

S3 Storage Classes 216

Securing and Protecting Data in S3 217

Access Control 217

Versioning 220

Encryption 221

Amazon Glacier 222

Amazon Glacier Deep Archive 223

S3 Lifecycle Management 223

Storage Gateways 224

Summary 225

Resources to Review 225

Exam Essentials 226

Exercises 226

Review Questions 232

Chapter 11 Elastic Block Store (EBS) 237

Understanding Block Storage and EBS 238

Types of EBS Storage 239

EBS vs. Instance Stores 241

Encrypting Your EBS Volumes 242

EBS Snapshots 244

Summary 244

Resources to Review 244

Exam Essentials 245

Exercises 245

Review Questions 248

Chapter is Amazon Machine Image (AMI) 253

Amazon Machine Images (AMIs) 254

Accessibility of AMIs 255

AMI Storage 257

AMI Security 258

Launch Permissions 258

Encryption 258

Moving AMIs Between Regions 258

AWS Management Console 259

AWS CLI 259

Common AMI Issues 260

Summary 260

Resources to Review 260

Exam Essentials 261

Exercises 261

Review Questions 264

Part VI Security and Compliance 269

Chapter 13 IAM 271

Shared Responsibility Model: A Cloud Security Primer 272

Building Blocks of IAM 273

Users 273

Groups 274

Roles 274

Policies 275

Managing IAM 278

Managing Passwords 278

Managing Access Keys 279

Securing Your AWS Accounts 281

Protecting the Root Account 281

IAM Best Practices 281

Trusted Advisor 282

Other Identity Services 282

Cognito 282

Federation 283

AWS KMS 283

Summary 283

Resources to Review 284

Exam Essentials 284

Exercises 285

Review Questions 290

Chapter 14 Reporting and Logging 295

Reporting and Monitoring in AWS 296

AWS CloudTrail 296

Applying a Trail to All Regions 298

Management Events 298

Data Events 298

But You Said CloudTrail Was Free... 300

Amazon CloudWatch 300

Amazon CloudWatch Alarms 301

Amazon CloudWatch Logs 302

Amazon CloudWatch Events 303

Amazon CloudWatch Dashboard 303

AWS Config 304

Summary 305

Resources to Review 305

Exam Essentials 306

Exercises 306

Review Questions 311

Chapter 15 Additional Security Tools 315

Amazon Inspector 316

Amazon GuardDuty 318

Summary 320

Resources to Review 320

Exam Essentials 320

Exercises 321

Review Questions 326

Part VII Networking 331

Chapter 16 Virtual Private Cloud 333

Understanding AWS Networking 334

Classless Inter-Domain Routing Refresher 335

Virtual Private Cloud 336

Subnets 337

Route Tables 338

Internet Gateways 339

NAT Gateways and Instances 340

VPC Endpoints 342

Connecting to the Outside 344

Securing Your Network 345

Security Groups 345

Network Access Control Lists 346

Troubleshooting Network Issues 347

VPC Flow Logs 347

Other Resources 348

Summary 348

Resources to Review 349

Exam Essentials 350

Exercises 351

Review Questions 356

Chapter 17 Route 53 361

Domain Name System 362

DNS Records 363

Amazon Route 53 364

Amazon Traffic Flow 366

AWS Private DNS 366

Routing Policies 366

Simple Routing Policy 366

Failover Routing Policy 367

Geolocation Routing Policy 368

Geoproximity Routing Policy 368

Latency Routing Policy 369

Multivalue Answer Routing Policy 369

Weighted Routing Policy 370

Health Checks and Failover 371

Summary 372

Resources to Review 372

Exam Essentials 373

Exercises 373

Review Questions 377

Part VIII Automation and Optimization 381

Chapter 18 CloudFormation 383

An Introduction to IaaS 384

CloudFormation Templates 385

AWSTemplateFormatVersion 385

Description 385

Metadata 386

Parameters 386

Mappings 386

Conditions 387

Transform 388

Resources 388

Outputs 388

Creating and Customizing Your Stacks 389

Parameters 389

Outputs 390

Improving Your Templates 390

Built-in Functions 390

Mapping 391

Pseudo Parameters 392

Issues with CloudFormation Templates 392

Summary 392

Resources to Review 393

Exam Essentials 393

Exercise 394

Review Questions 396

Chapter 19 Elastic Beanstalk 401

What is Elastic Beanstalk? 402

Platforms and Languages 403

Creating a Custom Platform 405

Updates in Elastic Beanstalk 408

All-at-Once Deployment 409

Rolling Deployment 409

Rolling with Additional Batches Deployment 409

Immutable Deployment 409

Testing Your Application with a Blue/Green Deployment 410

Configuring Elastic Beanstalk 410

Securing Elastic Beanstalk 412

Data Protection 412

Identity and Access Management 412

Logging and Monitoring 412

Compliance 412

Resilience 413

Configuration and Vulnerability Analysis 413

Security Best Practices 413

Applying Security Best Practices to Elastic Beanstalk 413

AWS Elastic Beanstalk CLI 414

Troubleshooting Elastic Beanstalk 414

Summary 415

Resources to Review 415

Exam Essentials 416

Exercise 416

Review Questions 418

Appendix Answers to Review Questions 423

Chapter 1: Introduction to Systems Operations on AWS 424

Chapter 2: Amazon CloudWatch 425

Chapter 3: AWS Organizations 427

Chapter 4: AWS Config 429

Chapter 5: AWS CloudTrail 430

Chapter 6: Amazon Relational Database Service 432

Chapter 7: Auto Scaling 434

Chapter 8: Hubs, Spokes, and Bastion Hosts 436

Chapter 9: AWS Systems Manager 437

Chapter 10: Amazon Simple Storage Service (S3) 439

Chapter 11: Elastic Block Store (EBS) 440

Chapter 12: Amazon Machine Image (AMI) 441

Chapter 13: IAM 443

Chapter 14: Reporting and Logging 444

Chapter 15: Additional Security Tools 446

Chapter 16: Virtual Private Cloud 447

Chapter 17: Route 53 449

Chapter 18: CloudFormation 451

Chapter 19: Elastic Beanstalk 452

Index 455