The following AWS Services are enough to grab an AWS Solutions Architect role
Ec2, IAM , SNS , S3, VPC, Cloud trail, CloudWatch, Route 53, AWS Backup, Guard duty, RAM(resources access, Manager), EFS , Autoscailing, AWS System Manager, AWS Config, Landing Zone, Tansit Gateway.
EC2 and VPC with interview answers.
The common question you would have come across in interviews are how you will launch an ec2 instance?
The first step before creating EC2 is to create a VPC, Get the CIDR range from your customer. The next step is to create Public Subnet and one Private Subnet. If the Ec2 instance wants to be accessed from outsiders for example third parties, then you have to create a Internet Gateway and go to subnet’s route table then associate the IGW with 0.0.0.0/0.
As the instance needs to access by outsiders create a Elastic IP(Public IP) and associate it with the instance.
If the Ec2 instance needs to be accessed only by your customer using Site to site VPN then create a NAT gateway and go to Private Subnet’s route table, then associate the NAT Gateway with 0.0.0.0/0 by doing this the instance will be able to access internet but outsiders cannot access your instance.
While launching Ec2 instance it prompts to choose VPC,Subnet.
Choose two subnets while creating Ec2 instance and also turn the termination protection as “ON”
IAM
When you open a AWS account for your customer using their credit card details you will be setting up the username an email id and a password.
AWS recommend creating an IAM user and enabling console access with progrmatic access. It also recommends changing the password policy ie rotation of your password and access key/secret key once in a month.
In IAM you will find groups the groups are created with desired permissions so that you can add your IAM users to group and if any employee leaves your organization, you can navigate to groups and remove the employee associated with that group.
SNS
SNS stands for Simple Notification Service, to enable this first a SNS topic is created using any meaningful name for ex ProdAccountSNSnotification
The next step is to create subscription it means when it prompts to give email id you have to feed the account owners email id it can be either your customer or your Cloud support team.
Once you create subscription, the email id you gave while creating subscription would have received a notification to accept the subscription. Once its done navigate to cloudwatch then Rule, create Rule, choose Ec2 then instance change notification and to your right you will find add target, choose the SNS topic you created ie ProdAccountSNSnotification. By doing these whatever actions you perform in Prod Account related to Ec2, your account owner will receive notifications.
S3
S3 stands for Simple Storage Service. The S3 service is used in order to store objects, logs. Create a S3 bucket, block public access and enable read/write according to your requirement. Once bucket is created you can navigate to permissions and edit the bucket policy.
For example if you want to enable VPC flow logs then navigate to VPC and choose flow log, create flow log and destination for logs should be either Cloudwatch log group or S3 bucket. We will choose S3 bucket here and navigate to bucket policy and edit it according to your requirement.
Cloudtrail
This service is used in order to track event that occurs in your AWS account.
For example an IAM user deletes an instance or modify their access permissions then it will be reflected in Cloudtrail
The following AWS Services are enough to grab a AWS Solutions Architect role
Ec2, IAM , SNS , S3, VPC, Cloud trail, CloudWatch, Route 53, AWS Backup, Guard duty, RAM(resources access, Manager), EFS , Autoscailing, AWS System Manager, AWS Config, Landing Zone, Tansit Gateway.
EC2 and VPC with interview answers.
The common question you would have come across in interviews are how you will launch an ec2 instance ?
The first step before creating EC2 is to create a VPC, Get the CIDR range from your customer. The next step is to create Public Subnet and one Private Subnet. If the Ec2 instance wants to accessed from outsiders for example third parties then you have to create a Internet Gateway and go to subnet’s route table then associate the IGW with 0.0.0.0/0.
As the instance needs to accessed by outsiders create a Elastic IP(Public IP) and associate it with the instance.
If the Ec2 instance needs to be accessed only by your customer using Site to site VPN then create a NAT gateway and go to Private Subnet’s route table then associate the NAT Gateway with 0.0.0.0/0 by doing this the instance will be able to access internet but outsiders cannot access your instance.
While launching Ec2 instance it prompts to choose VPC,Subnet.
Choose two subnets while creating Ec2 instance and also turn the termination protection as “ON”
IAM
When you open a AWS account for your customer using their credit card details you will be setting up the username an email id and a password.
AWS recommend to create an IAM user and enabling console access with progrmatic access. It also recommends to change the password policy ie rotation of your password and access key/secret key once in a month.
In IAM you will find groups the groups are created with desired permissions so that you can add your IAM users to group and if any employee leaves your organization, you can navigate to groups and remove the employee associated with that group.
SNS
SNS stands for Simple Notification Service, to enable this first a SNS topic is created using any meaningful name for ex ProdAccountSNSnotification
The next step is to create subscription it means when it prompts to give email id you have to feed the account owners email id it can be either your customer or your Cloud support team.
Once you create subscription, the email id you gave while creating subscription would have received a notification to accept the subscription. Once its done navigate to cloudwatch then Rule, create Rule, choose Ec2 then instance change notification and to your right you will find add target, choose the SNS topic you created ie ProdAccountSNSnotification. By doing this whatever actions you perform in Prod Account related to Ec2, your account owner will receive notifications.
S3
S3 stands for Simple Storage Service. The S3 service is used in order to store objects, logs. Create a S3 bucket, block public access and enable read/write accoriding to your requirement. Once bucket is created you can navigate to permissions and edit the bucket policy.
For example if you want to enable VPC flow logs then navigate to VPC and choose flow log, create flow log and destination for logs should be either Cloudwatch log group or S3 bucket. We will choose S3 bucket here and navigate to bucket policy and edit it according to your requirement.
Cloudtrail
This service is used in order to track event that occurs in your AWS account.
For example an IAM user deletes an instance or modify their access permissions then it will be reflected in Cloudtrail
Route 53
Please refer this- Amazon Route 53 — Amazon Web Services
AWS backup
This service is used in order to create automatic snapshot backup of your Ec2 instances, navigate to backup vault, create vault choose instances to be backed up and choose the retention policy its highly recommended to have it as 7 days or 1 month.
Guard Duty
This service once enabled then it prevents attacks on your AWS accounts.
It captures the hackers information such as IP address that tries to harm your AWS account.
RAM
This service is used in order to share your AWS resources present in “A” account to any other Account. Create RAM request choose the resource to be shared with other account and navigate to the other account’s RAM you will find a accept request.
EFS
ELastic File system, create it and then it can be paired with your instances.
When you choose the contents in your EFS it will be reflected in all instances to which your EFS is paired with
Autoscaling
Suppose you have a instance running a website, at a particular period the instance receives lots of traffic, there is possiblity for the instance to go down to avoid this an autoscaling launch configuration template is created with minimum and maximum number of instances to be launched at the time when instance receives lots of traffic.
AWS System Manager, AWS Config, Landing Zone — Checkout youtube,AWS docs
Tansit Gateway — I have covered in my previous article
These services are enough to grab the AWS Solutions Architect role.
Learn how to draw architecture diagrams using New tab (draw.io)
Good luck for your job hunt/career change … to be continued
Please refer this- Amazon Route 53 — Amazon Web Services
AWS backup
This service is used in order to create automatic snapshot backup of your Ec2 instances, navigate to backup vault, create vault choose instances to be backed up and choose the retention policy its highly recommended to have it as 7 days or 1 month.
Guard Duty
This service once enabled then it prevents attacks on your AWS accounts.
It captures the hackers information such as IP address that tries to harm your AWS account.
RAM
This service is used in order to share your AWS resources present in “A” account to any other Account. Create RAM request choose the resource to be shared with other account and navigate to the other account’s RAM you will find a accept request.
EFS
ELastic File system, create it and then it can be paired with your instances.
When you choose the contents in your EFS it will be reflected in all instances to which your EFS is paired with
Autoscaling
Suppose you have a instance running a website, at a particular period the instance receives lots of traffic, there is possiblity for the instance to go down to avoid this an autoscaling launch configuration template is created with minimum and maximum number of instances to be launched at the time when instance receives lots of traffic.
AWS System Manager, AWS Config, Landing Zone — Checkout youtube,AWS docs
Tansit Gateway — I have covered in my previous article
These services are enough to grab the AWS Solutions Architect role.
Learn how to draw architecture diagrams using New tab (draw.io)
Good luck for your job hunt/career change … to be continued
(Since medium blog is not free, I have replicated from my medium blog to here)
Top comments (0)