- [Instructor] Let me provide you with a high level view of the learning path to help you navigate and get started with the content. We start our journey learning some of the terminology used in cloud computing, and with a high level view of AWS services. We then dive right into Compute storage and services. We start by learning the basics of Compute, and the Compute services offered on AWS, standing up an EC2 instance, and the first of many hands-on labs we have in this learning path. We then dive into storage, Amazon S3, databases, elastic file system, and then the AWS management services, such as AWS Config, Cloudtrail, Trusted Advisor, and the Personal Health Dashboard. Then we learn all about the virtual private cloud, or VPC. We have an exam at the end of each domain to check our knowledge before we move into the domains on designing architectures. In Domaine One: Designing Resilient Architectures, we first introduce the concepts of high availability and fault tolerance, and introduce you to how we go about designing highly available fault tolerance solutions on AWS. We will learn about the AWS well-architected framework, and how that framework can help us make design decisions that deliver the best outcome for end users. And next, we will introduce and explain the concept of business continuity, and how AWS services can be used to plan and implement a disaster recovery plan. In Domain Two: Designing Performant Architectures, we are going to extend our understanding of how we select and use AWS services together to create performant and scalable solutions. As an architect, we need to be able to quickly match and apply the appropriate AWS services to best meet requirements. To build this design in confidence, we first need to extend our knowledge of some of the key AWS services within the context of the Solution Architect Associate exam. Domain three is all about security, and so is Stewart Scott, so here he is to tell you all about it.

 

- Hello, I'm Stewart Scott, and I've created a number of the courses within this domain which focus on security. Firstly, let's review the domain criteria. This is split into three different sections, which dictates that you must be able to determine how to secure application tiers, determine how to secure data, and define the networking infrastructure for a single VPC application. I shall begin by addressing a number of key services, such as Amazon S3, Amazon Redshift, Amazon AMR, among others. To explain how these services have their own methods of controlling encryption, to ensure your data and application remains protected and secure at all times. I will then talk about the Identity and Access Management service, which is critical to manage, control, and govern authentication, authorization, and access control mechanisms or identities to your resources within your AWS account. I shall discuss how, through the use of users, groups, roles, policies, and access mechanisms, you can create a secure and robust access control strategy to effectively and efficiently ensure your data is secure and safe from unnecessary exposure. Diving deeper into access control, I shall also focus on the various different means of authentication and authorization mechanisms provided by AWS. I shall discuss how a combination of these can be used to set secure standards to your internal security policies. Preventing an identify of gaining access to a resource that they should not be permitted to access can prevent a large number of security vulnerabilities, and so it's important to firstly understand the difference between authentication and authorization, and then the methods of enforcing these within your environment. I shall also discuss the different security controls that are available to provide the best practice security across a range of services that fall outside of the infrastructure as a service security umbrella, by focusing on services such as S3, which is an abstract service, and RDS, considered as a container service. I'll also look at segmenting your VPC, and how this can also enhance your security profile. Diving deeper into the process of the encryption itself, you'll also learn and understand how and when to use the Key Management Service, known as KMS. This service is used to help you manage, generate, and control data access keys, and allow you to perform encryption of your data. KMS works with a large number of services, leveraging the potential of enforcing the strong encryption controls where needed. There'll also be a number of different labs in this domain, allowing you to get hands-on with a live AWS environment, provided by our platform, that will guide you step by step on how to configure specific security-centric tasks.

 

- Excellent, thank you Stewart. Now, next up is Domain Four: Designing Cost-Optimized Architectures. Our shared goal as AWS certified architects is to be constantly looking for ways to optimize and drive down costs for our end customers. So, in this domain, we share tips and best practices for how we can select and tune AWS Compute and storage services to be as cost efficient as possible. We then learn how to use AWS services to monitor and maintain the most cost-optimized environments possible. For Domain Five, we get to put our new design skills to use in designing and then optimizing a highly available solution on AWS. At the conclusion of this learning path, we have a comprehensive collection of study guides and a preparation exam to help you prepare for sitting the certification exam. Okay, so if you're ready, let's get started!