AWS Certified Solution Architect – Associate Cheat Sheet

  • Compute
    • EC2
    • Auto Scaling
    • EBS
    • ELB
    • Lambda
    • API Gateway
  • Networking
    • VPC = isolated network with in a region
      • CIDR = IP address pool
      • Subnet = isolated network with in a VPC, within an AZ
        • Private Subnet = a subnet without a default route pointing to an Internet Gateway, instances in private subnet cannot access Internet, also inaccessible from the Internet
        • Public Subnet = a subnet with a default route pointing to an Internet Gateway, allowing access to and from Internet
      • NAT = a gateway for instances in private subnet to access Internet (one-way), must be placed in public subnet
        • NAT Gateway = AWS managed gateway, highly available by default
        • NAT Instance = User installs NAT software on an EC2 instance, need to create multiple instances to enable high availability
      • Bastion = an gateway to allow user on Internet to access instances in private subnet, opposite to NAT
      • Internet Gateway = a gateway to enable Internet access to a VPC
      • NACL = a stateless port firewall for a VPC or subnet
        • Stateless = Traffic in both way must be allowed to enable access
        • Rules are ordered and applied from large to small number
        • Rule source can only be IP addresses
      • Security Group = a stateful port firewall, opens certain port for instances or services
        • Stateful = Allow port 21 then traffic in and out on port 21 is allowed
        • Rule source can be IP address or other security groups (i.e. allow instances in group A to access group B)
      • VPC Endpoint = a special gateway for instances to access AWS resources without going through the Internet
        • S3 Endpoint
    • Route 53 = AWS managed DNS service
    • CloudFront = AWS managed CDN, accelerates up- and downstream
      • OAI = CloudFront pulls content from AWS origins using OAI (i.e. IAM roles), so the origin can stay private
  • Database
    • RDS
    • Aurora
    • DynamoDB
  • Messaging
    • SQS
    • SNS
  • Storage
    • S3
  • Security
    • IAM
  • Analytics
    • Redshift
  • Operations
    • CloudWatch
    • CloudTrail