Senior Acquisitions Editor: Kenyon Brown
Development Editor: Gary Schwartz
Production Editor: Rebecca Anderson
Copy Editor: Kezia Endsley
Editorial Manager: Mary Beth Wakefield
Production Manager: Kathleen Wisor
Executive Editor: Jim Minatel
Book Designers: Judy Fung and Bill Gibson
Proofreader: Nancy Carrasco
Indexer: Robert Swanson
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: © Getty Images Inc./Jeremy Woodhouse
Copyright© 2018 by Amazon Web Services, Inc.
Published by John Wiley & Sons, Inc. Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-37742-9
ISBN: 978-1-119-37744-3 (ebk.)
ISBN: 978-1-119-37743-6 (ebk.)
Manufactured in the United States of America
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2017947567
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. AWS is a registered trademark of Amazon Technologies, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
For our customers (whom we are always obsessing over). May this book find you well in your pursuit of becoming an AWS Certifi ed Systems Operator.
The authors would like to thank a few people who helped us develop and write the AWS Certified SysOps Administrator Official Study Guide – Associate Exam.
First and foremost, a very big thank you to all of our friends and families who put up with us spending weekends, evenings, and vacations creating content, writing questions, and reviewing each other’s chapters. Their flexibility, patience, and support made this book a reality.
Thank you to Nathan Bower and Victoria Steidel, the technical writers at AWS who reviewed and edited every single piece of content. They were always willing to review content, and their due diligence kept us on schedule. Their wisdom made us all better writers.
We could not have written this book without the help of our friends at Wiley. Gary Schwartz, Project Editor, provided valuable advice that kept us on track with our deliverables. Additionally, we were guided by Kezia Endsley, Copy Editor, who further refined our content to make the various chapters written by the many authors, flow into one cohesive piece of work.
A special thanks to Eli Schilling, Biff (yes that’s his real name) Gaut, and Brian Wagner. Eli gathered the group of authors to write this book, Biff provided us much needed foresight, as he had co-authored the AWS Certified Solutions Architect Official Study Guide, and Brian helped us write some last-minute questions for the online practice exams.
Lastly, we want to thank all the Solutions Architects and Technical Trainers at AWS who participated in certification blueprint development, question writing, review sessions, and the development of a world-class certification program for cloud practitioners that is setting the standard for our industry. #LearnAndBeCurious
Stephen Cole is a Technical Trainer with AWS, having joined the Training and Certification team in 2016. He received his Bachelor of Arts degree from Indiana University of Pennsylvania (IUP) in 1991 and, in 2015, earned a Master of Arts in Organizational Leadership from Gonzaga University. Currently, he has two AWS certifications: Solutions Architect Associate and SysOps Administrator Associate. Stephen would like to express his gratitude and appreciation for his wife, Laura, and son, Eli, as they were both very patient while sacrificing significant family time for this book.
Gareth Digby, Technical Trainer for AWS, delivers training on AWS services to students throughout North America. Gareth holds a B.Sc. and Ph.D. in Electrical and Electronic Engineering from the University of Swansea. Gareth has held full time faculty posts in the Electrical and Electronic Engineering Department, at University of Swansea and at the School of Electrical and Electronic Engineering, University of Birmingham. He has taught as adjunct faculty in the Department of Computer Science at University of Oxford and the Penn State Great Valley School of Graduate Professional Studies. Prior to joining AWS, in addition to his academic posts, Gareth has held systems engineering and system architecture roles on a variety of public sector projects. Gareth wants to thank Enfield Grammar School for introducing him to computers, the Electrical and Electronic Engineering Department and the Computer Science Department at University of Wales, Swansea for inspiring him to teach about computers, and his family for allowing him to pursue these passions for far too many years.
Christopher Fitch is a Technical Trainer with AWS. He has over 15 years’ experience in various engineering, administration, and architectural positions. His experience brings with it a combination of academic and hands-on knowledge that’s provided a diverse and well-rounded set of skills. Prior to working with AWS, he spent most of his career working with the DoD. Christopher holds a Bachelor’s of Science in Technical Management from DeVry University, a Master of Science in Information Systems, and a Master of Science in Network and Communications Management from the Keller Graduate School. Chris is a geek at heart. He is a native Floridian and Seattle transplant who is passionate about design, photography, and biking.
Steve Friedberg has been an educator for 40 years, teaching in ten different countries. He has been a course developer and instructor for IBM, Oracle, DEC, Cisco, Microsoft, Marconi, and TIBCO, as well as an adjunct professor at Grace College in Winona Lake, IN. He has been with AWS as a Technical Trainer for over a year, and he holds all three AWS Associate certifications. Steve’s formal training includes a Bachelor of Science in Engineering from Cornell University and a Master of Arts in Education from Ball State University. He lives with his wife in Indiana near his children and grandchildren. His real passion is teaching and developing curriculum about the Old Testament feasts, holidays, and prophecies.
Shaun Qualheim has been with AWS since September 2014. He is currently serving customers as a Senior Solutions Architect. In previous lives, Shaun was a Linux Systems Administrator at companies ranging from a leading computational fluid dynamics (CFD) company to one of the largest educational assessment companies in the world. Shaun is the proud father of an amazing 9-year old son, Jackson, who loves to come to the NYC AWS office and socialize with everyone. He wishes to thank his team for their patience while he worked on this book. Shaun would like to dedicate his portion of this book to his father, who taught him the value of never wavering in doing what’s right for the customer and whose example continues to show him the value of diligent work. Without that guidance, Shaun wouldn’t be where he is today.
Jerry Rhoads has been with AWS since May 2014. Jerry started off as a Solutions Architect, and he recently joined the Training and Certification Team as a Technical Trainer. Jerry holds a Bachelor’s of Science in Computer Science and a Master of Science in Information Systems Technology from the George Washington University, as well as all five AWS certifications. Jerry would like to give special thanks to Dr. Marjorie Battaglia, who inspired him to be a better writer; Reggie Carreker, who provided him with a passion for teaching; his wife, Linda, and his four children (+ one on the way), Ashley, Harry, Tinsley, and Liam for their much-needed patience and inspiration.
Michael Roth is a Technical Trainer with AWS, having joined Amazon in 2015. He is a Certified Cisco Network Academy Instructor and has taught Linux. Michael graduated from the University of Michigan with a Bachelor of Science in Zoology and a Bachelor of Arts in Urban Planning. He also has a Master of Science Degree in Telecommunications Management from Golden Gate University. Michael would like to thank his co-workers in the AWS Technical Training Organization—he is very proud to be a part of this amazing group of people. Finally, he would like to thank his spouse, Betsy, and son, Robert. Without their support and love, this book would not have been possible.
Blaine Sundrud began his teaching career at the Show Low Arizona High School before becoming a product evangelist for Digital Technology International. At DTI, Blaine worked with newspapers from around the world helping them improve their publishing platforms, until he realized that supporting the print newspaper industry was not a long-term employment option. Blaine now works in the Training and Certification department at AWS, where he holds all five certifications. His current focus is on leveraging brain science to improve classroom learning through the NeuroEducate program that he developed at AWS. Blaine wants to thank his three children: Kelly, Hunter, and Dessa for their resiliency, as well as his wife, Diana, for her high availability.
I entered college in 1978, and I immediately found a second home at the computer lab on campus. This lab was home to an IBM mainframe and a roomful of noisy keypunch machines. I punched my code onto a stack of cards, and I handed the stack to a system operator. The operator loaded the cards into the reader, and my job was queued for processing. If things went well and the mainframe was not too busy, I would have my cards and my output back within four hours or so. The operator managed the work queue for the mainframe, adjusting the balance of jobs and priorities, looking for hot spots and slowdowns, and keeping the monolithic mainframe as busy and as productive as possible at all times.
As a young, curious student, I always wondered what was happening behind the scenes. As a young, impoverished student, in the days before the Internet, information was not always easy to come by. I found a rack of manuals in the lab, figured out how to order others for free, and even scavenged the trash cans for operating system “builds” to study. That thirst for knowledge, with a focus on understanding how things work at the most fundamental level, has worked really well for me over the intervening four decades.
A little over a decade ago, I wrote blog posts to announce the launches of Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2). Those early launches set the tone for what was to come, introducing services that emerged with a minimal feature set that would be enhanced over time in response to customer feedback. At that time, aspiring AWS developers and architects did not need to make very many choices when they set out to build an AWS-powered system. There was one instance type, a couple of Availability Zones in a single Region, and simple access via the AWS CLI and the API.
Back in my mainframe days, operations was a hands-on affair. There was little in the way of tooling or automation; the operator was expected to watch the console, check on status, and to deal with issues as they arose. Today, many routine operations are handled automatically. Fault tolerance, automatic scaling, load balancing, and other high-level facilities take on many chores that were once described in detailed run books. With this change, systems operations comes into play much earlier in the system-building process, with the goal of setting up the system for success and high availability. At the same time, the operations role now spans a wider range of tasks and technologies including networking, security, and optimization. With pay-as-you-go services now the norm, people who once focused on technology can now add business skills to their repertoire.
If you are about to read this book, I am sure that you know that AWS is far more complex than it was a decade ago. On the Amazon EC2 side alone, there are now dozens of instance types, multiple types of Amazon Elastic Block Storage (Amazon EBS) volumes, and far more moving parts. There are now close to 100 services, each of which can be a valuable addition to your toolbox. The vocabulary itself has changed, with new terms such as containers, microservices, serverless computing, infrastructure as code, and so forth now commonplace.
You now face many choices when you set out to design and implement a new system. This book is designed to provide you with detailed information on many aspects of AWS, coupled with the practical knowledge needed to put your new knowledge to use and to earn your AWS certification. Within its chapters, you will find service overviews, sample scenarios, test-taking tips, and exercises. After setting up your AWS tools, you will learn about security, compute services, storage services, networking, databases, and more. Towards the end of the book, you will wrap up by learning about monitoring, metrics, and high availability. As you will soon see, the authors have packed it with the insights that they have gained while putting AWS to use in a wide variety of customer environments. There are no better teachers than those who have actually put their theory into practice.
You can choose to study the chapters individually, or you can digest the entire book as-written. Either way, I know that you will be well-prepared to build great systems and to pass your certification exams. I strongly encourage you to get hands-on experience with each service by working through the scenarios and the exercises.
I believe in the principle of life-long learning, especially when it comes to technology. The half-life of knowledge is shorter than ever before, and keeping up is far better than catching up. So dive deep and keep on learning!
— Jeff Barr, Chief Evangelist, AWS
Preparing to take and pass any certification is a studious process. The AWS Certified SysOps Administrator Official Study Guide - Associate Exam was written to align with the exam blueprint to enable you to study for the exam, perform exercises, and answer review questions to enable you to become a skilled systems operator on the AWS cloud and to take and pass the AWS Certified SysOps Administrator – Associate exam with confidence.
This study guide presents the set of topics needed to round out a systems operator/systems administrator’s hands-on experiences with AWS by covering the relevant AWS cloud services and concepts within the scope of the AWS Certified SysOps Administrator – Associate exam. This study guide begins with an introduction to Systems Operations on AWS, which is then followed by chapters on specific domains covered in the exam. In addition to the material covered on the exam, the chapters go deep into the actual technology. The authors go deep on topics that will serve you in preparing for the exam and the book should make a good desktop reference on AWS systems operations.
Each chapter includes specific information on the service or topic covered, followed by an Exam Essentials section that contains key information needed in your exam preparation. The Exam Essentials section is followed by a Test Taking Tip to help you prepare for what you will experience on the exam or at the testing center.
Next, each chapter includes an Exercise section with activities designed to help reinforce the topic of the chapter with hands-on learning. Each chapter then contains sample Review Questions to get you accustomed to answering questions about how to use and administer AWS cloud services.
Following this up-front section, the book contains a self-assessment exam with 25 questions. Two practice exams with 50 questions each are also available to help you gauge your readiness to take the exam, and flashcards are provided to help you learn and retain key facts needed to prepare for the exam.
If you are looking for a targeted book, created by technical trainers and solutions architects who wrote, reviewed, and developed the AWS Certified SysOps Administrator – Associate exam, then this is the book for you.
This book covers topics that you need to know to prepare for the Amazon Web Services (AWS) Certified SysOps Administrator – Associate exam:
Chapter 1: Introduction to Systems Operations on AWS This chapter provides an introduction to System Operations on AWS. It provides an overview of the AWS cloud services covered on the AWS Certified SysOps Administrator – Associate exam.
Chapter 2: Working with AWS Cloud Services This chapter shows you how to configure your workstation to work with AWS cloud services. You will install the AWS Command Line Interface (AWS CLI). Topics include AWS CLI, jmespath (a query language for JSON, http://jmespath.org), and the Boto software development kit (SDK).
Chapter 3: Security and AWS Identity and Access Management (IAM) In this chapter, you will learn about the Shared Responsibility Model and the different layers of security. You will learn how to secure your systems with services such as AWS Key Management Service (AWS KMS), AWS Hard Security Module (AWS HSM), Security Groups, and Network Access Control Lists (nACLs). Furthermore, the chapter covers AWS Identity and Access Management (IAM) and Security Best Practices.
Chapter 4: Compute This chapter describes how to use the compute stack on AWS. The topics covered are Amazon Elastic Compute Cloud (Amazon EC2), AWS Lambda, AWS Beanstalk, Amazon Elastic Container Service (Amazon ECS), Amazon Lightsail, and AWS Batch. You will provision an Amazon EC2 instance, assign an Amazon EC2 Role, and work with instance metadata.
Chapter 5: Networking In this chapter, you will learn how to deploy Amazon Virtual Private Cloud (Amazon VPC) and the various methods to connect to your Amazon VPC. Additionally. you will learn how to use the Elastic Load Balancing service, Amazon Route 53. and Amazon CloudFront.
Chapter 6: Storage Systems This chapter covers deploying and using the various storage options on AWS. The services covered include: Amazon Simple Storage Service (Amazon S3), Amazon Elastic File Service (Amazon EFS), Amazon Elastic Block Service (Amazon EBS), the Amazon EC2 instance store Volumes, Amazon Glacier, AWS Snowball, and AWS Snowmobile.
Chapter 7: Databases This chapter covers the use of AWS managed database services: Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, Amazon Redshift, and Amazon ElastiCache. You will learn how these managed services simplify the setup and operation of relational databases, NoSQL databases, data warehouses, and in-memory caches.
Chapter 8: Application Deployment and Management This chapter focuses on the various methods of deployment of applications and infrastructure; for example, blue/green and rolling deployments. You will learn about AWS OpsWorks, AWS Elastic Beanstalk, Amazon EC2 Container Service, and AWS CloudFormation.
Chapter 9: Monitoring and Metrics In this chapter, you will learn about how to monitor your environment with Amazon CloudWatch, AWS CloudTrail, AWS Config, AWS Trusted Advisor, and AWS Service Health Dashboard.
Chapter 10: High Availability This chapter covers high availability on AWS. You will be introduced to decoupling strategies using Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Notification Service (Amazon SNS). The chapter covers deploying your application to multiple Availability Zones and Multiple AWS Regions. Other high availability topics include Auto Scaling, failover with Amazon Route 53, and redundant VPN and AWS Direct Connect connections.
The authors have worked hard to provide you with some really great tools to help you with your certification process. The interactive online learning environment that accompanies the AWS Certified SysOps Administrator Official Study Guide: Associate Exam provides a test bank with study tools to help you prepare for the certification exam. This will help you increase your chances of passing it the first time! The test bank includes the following:
Sample Tests All the questions in the book are provided in the form of review questions that are located at the end of each chapter. There is a 25-question assessment at the end of this introductory section. In addition, there are two practice exams with 50 questions each. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.
Flashcards The online test banks include 100 flashcards specifically written to quiz your knowledge of operations on AWS. After completing all of the exercises, review questions, practice exams, and flashcards, you should be more than ready to take the exam. The flashcard questions are provided in a digital flashcard format (a question followed by a single correct answer with URL links for additional information). You can use the flashcards to reinforce your learning and provide last-minute test prep before the exam.
Glossary A glossary of key terms from this book is available as a fully searchable PDF.
The AWS Certified SysOps Administrator – Associate exam validates technical expertise in deployment, management, and operations on the AWS platform. Exam concepts that you should understand for this exam include the following:
In general, certification candidates should have the following:
The exam covers seven different domains, with each domain broken down into objectives and subobjectives.
The following table lists each domain and its weighting in the exam, along with the chapters in the book where that domain’s objectives and subobjectives are covered.
Domain | Percentage of Exam | Chapter |
Domain 1.0 Monitoring and Metrics | 15% | |
1.1 Demonstrate ability to monitor availability and performance | 3, 5, 7, 9, 10 | |
1.2 Demonstrate ability to monitor and manage billing and cost optimization processes | 7, 9 | |
Domain 2.0: High Availability | 15% | |
2.1 Implement scalability and elasticity based on scenario | 4, 7, 8, 10 | |
2.2 Ensure level of fault tolerance based on business needs | 4, 5, 7, 8, 10 | |
Domain 3.0: Analysis | 15% | |
3.1 Optimize the environment to ensure maximum performance | 5, 9 | |
3.2 Identify performance bottlenecks and implement remedies | 9 | |
3.3 Identify potential issues on a given application deployment | 9 | |
Domain 4.0: Deployment and Provisioning | 15% | |
4.1 Demonstrate the ability to build the environment to conform with the architected design | 1, 4, 6, 7, 8 | |
4.2 Demonstrate the ability to provision cloud resources and manage implementation automation | 1, 2, 4, 6, 7, 8 | |
Domain 5.0: Data Management | 12% | |
5.1 Demonstrate ability to create backups for different services | 6, 7 | |
5.2 Demonstrate ability to enforce compliance requirements | 6 | |
5.3 Manage backup and disaster recovery processes | 7, 10 | |
Domain 6.0: Security | 15% | |
6.1 Implement and manage security policies | 3, 5, 7 | |
6.2 Ensure data integrity and access controls when using the AWS platform | 1, 3, 6, 7, 9 | |
6.3 Demonstrate understanding of the shared responsibility model | 3, 4, 7 | |
6.4 Demonstrate ability to prepare for security assessment use of AWS | 3, 9 | |
Domain 7.0: Networking | 13% | |
7.1 Demonstrate ability to implement networking features of AWS | 1, 5, 10 | |
7.2 Demonstrate ability to implement connectivity features of AWS | 5, 7, 10 |