AWS Certified SysOps Administrator-Associate

Getting Started

The Basics


About Me


At a Glance

at a glance for aws

An infrastructure service for the world

Elastic Computing

Cloud Storage


AWS Certification Tracks

aws certification tracks


aws for prerequisites

Additional Prerequisites

  • An Understanding of Cloud Computing
  • Microsoft / Linux Essentials
  • Networking Essentials
  • Working Knowledge of Virtualization
  • Storage Fundamentals

Strategy for Success!

aws for strategy for success


  • Course at a glance
  • AWS Certifications
  • Prerequisites
  • Strategy for success

Understanding Virtual Networking on AWS

What Is Virtual Private Cloud (VPC)?

  • Logically isolated network in the AWS cloud
  • Control of network architecture
  • Enhanced security
  • Internetwork with other organizations
  • Elastic IP Address (public IPs)
  • Enable hybrid cloud (site-to-site VPN)
  • Single tenant dedicated server hardware
  • VPC cost = $0 / VPN cost is $0.05/hr

AWS Reference Model

aws reference model
aws vpc subnet
vpc for aws

IP Address Blocks

  • AWS reserves 5 addresses per subnet
  • Single Region, multi-AZ
  • CIDR 16 –28
  • Select IP prefix

VPC Access


  • Internet Gateway (IGW)
    • - Ingress and egress
  • Virtual Private Gateway (VPG)
    • - AWS side of secure VPN
  • Customer Gateway (CG)
    • - Customer side of secure VPN


  • Direct Connect
    • - Dedicated and isolated
    • - No internet
    • - HA connectivity supported
  • Hardware-based VPN
    • - On-premises to AWS over internet
    • - HA connectivity supported
    • - 3rd party brands supported

VPC Security

Security Groups

  • Resource level traffic firewall
    • - Instance, ELB, etc…
  • Ingress and Egress
  • Stateful
    • - Return traffic allowed

Access Control Lists

  • Source and Protocol filtering
  • Subnet level traffic firewall
    • - Separate inbound and outbound rule set
  • Stateless
    • - Traffic strictly filtered

VPC Peering

vpc peering for aws

VPC Peering

  • Inter-VPC routing
  • Same or different AWS account
  • No overlapping network addresses

Wizard-driven VPC Setup

Wizard-driven VPC Setup for aws


  • - What Is VPC?
  • - VPC Access
  • - VPC Security
  • - VPC Peering
  • - VPC Setup

In-Depth VPC Configuration

VPC manual Configuration


  • VPC Manual Configuration

Working with Security Groups and NACLs

Layered Security

layered security for aws

Security Groups and NACLsy

Security Groups

  • Resource level traffic firewall
    • - Instance, ELB, etc…
  • Ingress and Egress
  • Stateful
    • - Return traffic allowed

Network Access Control Lists

  • Subnet level traffic firewall
    • - Separate inbound and outbound rule set
  • Source and Protocol filtering
  • Stateless
    • - Traffic strictly filtered

Security Groups and NACLsy

security groups andnacls for aws

Understanding Security Groups

  • Resource level traffic firewall
  • SG maximums:
    • - Up to 100 security groups per VPC
    • - Up to 50 lines in each SG
    • - Up to 5 SG per instance
  • Instances can’t communicate unless allowed
  • Default SG allows communications from other instances in the same SG
  • Destination port filtering only (no source port filtering)

Understanding Security Groups

understanding security groups for aws

Security Groups and NACLs

Security Groups and NACLs of aws

Security Groups and NACLs

  • Deny all inbound until allow
  • Allow rules only
  • Allow all outbound until allow
  • SGs are Stateful -return traffic allowed
  • Default rule: deny all
  • Can have permit and deny rules
  • One NACL per subnet
  • NACLs are stateless -Traffic strictly filtered

Understanding Network Access Control Lists (NACLs)

understanding network access control lists for aws
  • Subnet level traffic firewall
  • Are a list of rules
    • Lower numbers are processed first
    • Stop on first match
  • Separate inbound / outbound rules


  • Understanding Security Groups
  • Understanding NACLs

Understanding and Configuring VPC Access

AWS VPC Access

aws vpc access

VPN Types

aws of vpc types

AWS VPC Access

aws vpc access internate

AWS Direct Connect

aws direct connect

AWS Direct Connect

aws direct connect internate

Configuring VPN

AWS Management Console

VPC Peering

aws of vpc peering

VPC Peering

  • Inter-VPC routing
  • Same or different AWS account
  • No overlapping network addresses


  • VPN Types
  • AWS VPC Access
  • Configuring VPN

EC2 Instance Types

EC2 Instance Types

aws of ec2 instance types

On-Demand Instances

  • The default type
  • The most expensive option
  • No commitment
  • Prices vary by AWS Region
  • Billed on an hourly basis

Reserved Instances (RI)

reserved instances for aws
  • Less expensive
  • Requires a commitment (1 or 3 years)
  • Reserved capacity
  • Lower hourly rate
  • RI can be sold on the AWS Marketplace
  • You commit to utilization

Spot Instances

  • Unused AWS capacity
  • Very cheap hourly rate
  • Not guaranteed
  • Based on a bid
  • Ideal for raw processing power, grid-like applications
  • Highly scriptable

EC2 Instance Family

Micro instances General purpose Compute optimized
GPU instances Memory optimized Storage optimized


  • EC2 Instance Types
  • EC2 Instance Family

Working with Elastic Block Storage

Storage Types

aws for Storage types
Pluralsight course:

Amazon Web Services (AWS) Fundamentals for System Administrators

Elastic Block Storage Characteristics

  • Billed on storage capacity and I/O
  • Does not need to be attached to an instance
  • Can be transferred between AZ
  • EBS volumes are designed for an annual failure rate (AFR) of between 0.1% -0.2%
  • EBS volume data is replicated across multiple servers in an Availability Zone
  • SLA 99.95%

EBS Volume Types

aws for ebs volume types
Amazon EBS Volume Types:

Increasing IOPS Performance

increasing iops performance raid for aws
  • Multiple stripped gp2 or standard volumes (typically RAID 0)
  • Multiple striped PIOPS volumes (typically RAID 0)
  • Function of the guest OS

EBS–Optimized Instances

  • Dedicated capacity for Amazon EBS I/O
  • 500 Mbps –4,000 Mbps
  • GP-SSD within 10% of baseline and burst performance 99.9% of the time
  • PIOPS within 10% of provisioned performance 99.9% of the time
  • EBS-optimized instances are designed for use with all EBS volume types
  • Additional hourly fee
    • - Amazon EC2 pricing page


  • Storage Types
  • EBS Characteristics
  • EBS Volume Types
  • Increasing IOPS Performance
  • EBS-Optimized Instances

EBS Snapshots and Replication

EBS Snapshots Characteristics

  • Point-in-time snapshots
  • Supports incremental snapshots
  • Billed only for the changed blocks
  • Deleting a snapshot removes only the data not needed by any other snapshot
  • EBS leverages S3 for snapshot storage

EBS Snapshots Features

  • Resizing EBS volumes
  • Sharing EBS Snapshots
  • Copying EBS Snapshots across regions
  • Lazy loading

Pre-Warming EBS Volumes

  • Pre-Warming on Windows:
    • - Format the drive (new volume)
    • - Use dd for Windows (drive with data)
    • -
  • Pre-Warming on Linux:
    • - Use dd to write or read
    • -


  • EBS Snapshots Characteristics
  • EBS Snapshots Features
  • Pre-Warming EBS Volumes

Working with Amazon S3

Amazon S3 Characteristics

amazon s3 for aws
  • It’s not a file system
  • AWS Region-level storage
  • Support REST and SOAP APIs
  • Globally unique S3 bucket names
  • Server-side encryption of data at rest

Two Types of S3 Storage

two types of s3 storage for aws
  • Standard storage
    • -99.999999999% durability
    • - 99.99% availability
  • Reduced Redundancy Storage (RRS)
    • - 99.99% durability (average annual expected loss of 0.01% of objects)
    • -99.99% availability

Amazon S3 Replication

amazon s3 replication for aws
  • S3 stores data in multiple facilities and on multiple devices within each facility
  • RRS Amazon S3 does not replicate objects as many times as standard Amazon S3
  • Synchronously stores data across multiple facilities before confirming that the data has been successfully stored
  • Calculates checksums on all network traffic to detect corruption of data packets

Amazon S3 Features

  • Versioning
  • Cross-region replication (CRR)
  • MFA delete (via API)
  • Time-limited access to objects
  • Audit logs
  • Event notifications
  • Data lifecycle management
  • Permissions

Amazon S3 Security

  • IAM policies
    • - User-level security
    • - Granular security configuration
  • Bucket policies
    • - Bucket-level security
  • ACLs
    • - Legacy access control mechanism
    • - Bucket and object-level security
  • Query string authentication (Presigned URLs)
    • - Grant temporary access to your Amazon S3 resources


  • Amazon S3 characteristics
  • Amazon S3 replication
  • Amazon S3 features
  • Amazon S3 security

Amazon S3 Website Hosting

Static Website Hosting

amazon s3 for aws
  • Host a static website
  • Associate your domain with your S3 website
    • - Route 53
    • - Your DNS hosting provider
  • Accelerate your S3 website
    • - Content Delivery Network (CDN)


  • Static Website Hosting

Configuring Elastic Load Balancer (ELB)

ELB Characteristics

  • Region wide load balancer
  • Can be used internally or externally
  • SSL termination and processing
  • Cookie-based sticky session
  • Integrates with Auto Scaling
  • ELB EC2 health checks / Amazon Cloud Watch
  • Integrates with Route 53
 aws cloud
 aws of cloud
 aws of availability
 aws of region


  • ELB Characteristics
  • Configuring ELB

Configuring Auto Scaling

Auto Scaling Features

 Auto Scaling Features for aws
 Auto Scaling for aws

Auto Scaling Components

 Auto Scaling components for aws


  • Auto Scaling Features
  • Auto Scaling Components
  • Configuring Auto Scaling

Understanding AWS Networking, CloudWatch and Auto Scaling

Route 53

  • DNS is crucial for any environment
  • Worldwide distributed DNS
  • Route 53 has a 100% SLA uptime
  • Route 53 API
  • Server health checks


  • Route 53

Working with Identity and Access Management (lAM)

Identity and Access Management (lAM)

aws for identity and access management (lam)

Users, Groups, Roles, and Policies



  • Identity and Access Management (lAM)

Monitoring with Amazon CloudWatch and Trusted Advisor

Amazon CloudWatch Characteristics

  • Monitoring services for AWS cloud resources
  • Collect and track metrics / custom metrics
  • Collect and monitor logs
  • Set alarms
    • - Billing
    • - EC2
    • - Databases (RDS, DynamoDB)
    • - EBS

Trusted Advisor

  • Automated AWS account audits
    • - Cost
    • - Performance
    • - Security
    • - Fault Tolerance
  • Paid version expands number of areas audited


  • Amazon CloudWatch Characteristics

RDS HA and Load Sharing

RDS Characteristics

rds characteristics for aws
  • Database engine managed by AWS
  • MySQL, Oracle, Microsoft SQL,PostgreSQL, or Amazon Aurora
  • Multi-AZ deployment options
  • On-demand and reserved instance pricing
  • Magnetic, GP-SSD, or PIOPS

Multi-AZ Failover

  • Multi-AZ RDS deployment designed for HA
  • Synchronous replica in secondary AZ
  • Standby replica RDS instance is invisible
  • DB snapshots always taken against standby instance
  • AWS automatically adjusts DNS record when needed
  • Multi-AZ is different from an RDS read replica
synchronous for aws
synchronous of aws
aws for Synchronous

RDS Read Replicas

rds read replicas for aws
  • Read replicas designed for workload sharing / offloading
  • Created from a snapshot of the master instance
  • Asynchronous replication / Read-only connections
  • Read-only disaster recovery


  • RDS characteristics
  • Multi-AZ failover
  • RDS read replicas

Understanding Backup Options

EBS Backup

  • Point-in-time snapshots to S3
  • Snapshots can be used to:
    • - Resize
    • - Copy
    • - Share
  • Deleting snapshots only removes the data not needed by another snapshot
  • Additional backup options:
    • - VPN / Direct Connect
    • - Agent-based backup

S3 Backup

  • 99.999999999 durability
  • Versioning
  • Glacier

RDS Backup

  • Automated backup / maintenance:
    • - Select backup/maintenance window
  • DB Snapshot-based backup


  • EBS Backup
  • 53 Backup
  • RDS Backup



Thanks for You!