I am preparing for AWS Certifications and already completed the following courses from Udemy:
- Ultimate AWS Certified Solutions Architect Associate by Stephane Maarek
- Ultimate AWS Certified Solutions Architect Professional by Stephane Maarek
These are really good ones from a certification point of view. These will get you started with AWS services.
I noticed, after completing these, I was still struggling to put all pieces in place. I realized, I lack hands-on implementing end-2-end projects on AWS platform. After looking for various options, I settled in for AWS Cloud Architect Nanodegree by Udacity.
After enrollment, I made a plan to finish ND in 1.5 months! I managed to complete all lectures within a month. I worked 20+hrs/week, mostly on weekends. But when I started with projects, things started to drifting. ND Projects were demanding. I just managed to complete them just one week before 3 months purchased plan!
AWS Cloud Arch ND is divided into three sections.
The first section is “Design for Availability, Reliability and Resiliency”. This not only shows how to build resilient systems but also tries to answer what should be the driving force behind these e.g.
- Investigating need vs want.
- How critical those systems to your success?
- Asks to make cost vs benefit decisions.
I loved the “Business Objective” lesson. It talks about
- Uptime, downtime, and SLAs.
- RPO, RTO, and how to calculate for a given system.
- Introduces to DR plans.
“Monitoring” tells to “Monitor everything and don’t let your customers tell you that you are down!”
In “Recoverability in AWS” project, I got hands-on with AWS CloudFormation. I started implementation with CloudFormation stacks. But as I researched more, I found CloudFormation Stack Sets are best as the as ask was for multi-regional setup.
The second section is “Design for Performance and Scalability”. It covers costing and how to achieve cost optimization.
Here are some of the tips:
- Keep a subset of data in RDS and move CLOB, BLOB to S3.
- Move historical data to S3.
- Communicate within the same AZ.
- For long term workloads, reserved instances are best.
- For short workloads, use spot instances. Take an effort to engineer apps to support these instances.
- Use consolidated billing.
The good part is, it also discusses the hybrid cloud. If you want to dig deeper into it, please visit Hybrid Cloud Fundamentals by Nuatnix (https://www.udacity.com/course/hybrid-cloud-fundamentals--ud0321) The course then moves onto IaC! Why it’s important? Introduces Terraform and share Terraform best practices.
In “Design, Provision, and Monitor AWS Infrastructure at Scale” project had 6 tasks. Out of which cost estimation part was the toughest. Estimation is required for “A cost-effective AWS infrastructure for a new social media application development project for 50,000 single-region users with given infra”. For this, I had to come up with a lot of assumptions. All of them were documented in Initial_Cost_Estimate.txt
Finally, outcome is: Initial Estimate.
The last section is “Design for Security”.
It discusses service security (IAM, Identity federation, etc.) and infrastructure security (Security Groups, NACL, etc.) I liked the idea of immutable servers from this lesson.
Defensive security discusses shift left strategy i.e. moving security checks earlier in the development cycle.
- IaC code should be tested and scanned for vulnerabilities and misconfigurations.
- Build artifacts, VM/container images, os, running env, all need to be scanned via automated tools.
Then course moved on to introduce AWS native security tools i.e. AWS Inspector, AWS Config, AWS WAF, AWS Security Hub, etc.
It also briefs about third-party tools where native tools are not present e.g. container scanning.
“Securing the Recipe Vault Application” project is all about using the above tools to identify issues in a given simple web application.
Next, we need to fix them. Also, as a part of this, designed DevOps build pipeline.
Udacity grants $25 AWS credits to complete exercises and above projects. I used to clean up resources as soon as I am done with labs. For projects, I tried creating resourced via AWS CLI/CF. Hence creation/deletion of resources was a daily activity. With this, I managed to keep my AWS cost below $10.
To conclude, I enjoyed learnings from this ND and achieved my goal of getting hands-on with AWS.