A solid understanding of Virtual Private Cloud (VPC) architecture is central to just about everything connected to the Amazon Web Services universe. But if you’re thinking of taking the AWS Solutions Architect Associate level exam, it’s critical.
In this post, I will explain why I believe this to be true and specify which VPC elements will require your greatest focus if you’re serious about passing this exam.
Take a look at the AWS Solutions Architect exam blueprint. You will see a table breaking the exam material down into four areas:
|Designing highly available, cost-efficient, fault tolerant, scalable systems.||60%|
As you can see, 60% of the exam is specifically focused on Designing highly available, cost-efficient, fault tolerant, scalable systems. In my experience, what that really means is…understand the virtual private cloud.
So let’s outline the virtual private cloud elements I think are the most critical.
Critical Virtual Private Cloud Elements
1. Security Groups and Network ACLs
Amazon virtual private clouds come with two built-in security tools:
- Security groups work at the instance level to control all traffic into and out of associated Amazon EC2 instances.
- Network access control lists (ACLs) work at the subnet level to control all traffic into and out of associated subnets.
As a complete guide to VPC security is way beyond the scope of this post, be sure to read through the excellent Amazon documentation on the subject. A valid course to deep dive into AWS Networking is this Networking Fundamentals for AWS course in the Cloud Academy library.
For now, here’s an excellent illustrative diagram from Amazon’s documentation:
2. Public and Private IP Addresses
Make sure you understand the difference between public and private IP addresses. Simply put: private IP addresses are not accessible from the Internet but are used for communication between instances within your virtual private cloud. Public IP addresses, on the other hand, are accessible from the Internet and can be used for communication between your instances and the Internet, or with other AWS services that have public endpoints.
The Solutions Architect exam may contain some tricky IP-related questions. You might be expected to know how to connect a private IP to the internet or to understand how specific protocols can affect connectivity. You’ll also need to understand how public and private IP Addresses interact with Security Groups and Network ACLs.
Again, AWS documentation and the Cloud Academy’s Creating and Configuring Basics for Your EC2 Network course are your two best friends here.
3. NAT Instances
You are almost certain to see at least one Network Address Translation (NAT) question on the exam. How, for instance, can you connect an instance from a private subnet to the internet (to allow software updates)? You could create a special NAT instance in a public subnet in your virtual private cloud to provide controlled outbound connectivity to instances in the private subnet while restricting all inbound traffic.
If you’ve never set up a virtual private cloud on AWS, I suggest that you do it now. Play around with various VPC configuration profiles to see for yourself how your public and private networks interact between themselves and the outside world.
4. Virtual private cloud peering
A VPC peering connection is a networking connection between two virtual private clouds that enables you to route traffic between them using private IP addresses. This configuration scenario is important enough that you might face a related question on the exam. Again, the best option is to play around on the AWS console and try and set up 2 or more VPC’s and then play around with routing traffic between them using private IP addresses.
Conclusion and other virtual private cloud concepts
I cannot overstate the importance of fully understanding VPCs for passing the AWS Solutions Architect Associate exam. This article obviously doesn’t cover the whole topic. You’ll still need to work on other pieces of the puzzle like Network Interfaces, Route tables, and Internet gateways, and how they all interact with each other.
The AWS exam is well designed as a challenging test of your practical skills. As there are very few obvious or easy answers, you should definitely not take passing for granted, and perhaps more than any other topic, you should focus your preparations on VPC.
What Exactly Is a Cloud Architect and How Do You Become One?
One of the buzzwords surrounding the cloud that I'm sure you've heard is "Cloud Architect." In this article, I will outline my understanding of what a cloud architect does and I'll analyze the skills and certifications necessary to become one. I will also list some of the types of jobs ...
Content Roadmap: AZ-500, ITIL 4, MS-100, Google Cloud Associate Engineer, and More
Last month, Cloud Academy joined forces with QA, the UK’s largest B2B skills provider, and it put us in an excellent position to solve a massive skills gap problem. As a result of this collaboration, you will see our training library grow with additions from QA’s massive catalog of 500+...
DevSecOps: How to Secure DevOps Environments
Security has been a friction point when discussing DevOps. This stems from the assumption that DevOps teams move too fast to handle security concerns. This makes sense if Information Security (InfoSec) is separate from the DevOps value stream, or if development velocity exceeds the band...
Test Your Cloud Knowledge on AWS, Azure, or Google Cloud Platform
Cloud skills are in demand | In today's digital era, employers are constantly seeking skilled professionals with working knowledge of AWS, Azure, and Google Cloud Platform. According to the 2019 Trends in Cloud Transformation report by 451 Research: Business and IT transformations re...
Disadvantages of Cloud Computing
If you want to deliver digital services of any kind, you’ll need to estimate all types of resources, not the least of which are CPU, memory, storage, and network connectivity. Which resources you choose for your delivery — cloud-based or local — is up to you. But you’ll definitely want...
Google Cloud vs AWS: A Comparison (or can they be compared?)
The "Google Cloud vs AWS" argument used to be a common discussion among our members, but is this still really a thing? You may already know that there are three major players in the public cloud platforms arena: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)...
Deployment Orchestration with AWS Elastic Beanstalk
If you're responsible for the development and deployment of web applications within your AWS environment for your organization, then it's likely you've heard of AWS Elastic Beanstalk. If you are new to this service, or simply need to know a bit more about the service and the benefits th...
How to Use & Install the AWS CLI
What is the AWS CLI? | The AWS Command Line Interface (CLI) is for managing your AWS services from a terminal session on your own client, allowing you to control and configure multiple AWS services and implement a level of automation. If you’ve been using AWS for some time and feel...
Cloud Academy’s Blog Digest: July 2019
July has been a very exciting month for us at Cloud Academy. On July 10, we officially joined forces with QA, the UK’s largest B2B skills provider (read the announcement). Over the coming weeks, you will see additions from QA’s massive catalog of 500+ certification courses and 1500+ ins...
AWS Fundamentals: Understanding Compute, Storage, Database, Networking & Security
If you are just starting out on your journey toward mastering AWS cloud computing, then your first stop should be to understand the AWS fundamentals. This will enable you to get a solid foundation to then expand your knowledge across the entire AWS service catalog. It can be both d...
How to Become a DevOps Engineer
The DevOps Handbook introduces DevOps as a framework for improving the process for converting a business hypothesis into a technology-enabled service that delivers value to the customer. This process is called the value stream. Accelerate finds that applying DevOps principles of flow, f...
AWS AMI Virtualization Types: HVM vs PV (Paravirtual VS Hardware VM)
Amazon Machine Images (AWS AMI) offers two types of virtualization: Paravirtual (PV) and Hardware Virtual Machine (HVM). Each solution offers its own advantages. When we’re using AWS, it’s easy for someone — almost without thinking — to choose which AMI flavor seems best when spinning...