Module 1: Monitoring, Logging, and Remediation
Implement metrics, alarms, and filters by using AWS monitoring and logging services
- Identify, collect, analyze, and export logs (Amazon CloudWatch Logs, CloudWatch Logs Insights, AWS CloudTrail logs)
- Collect metrics and logs by using the CloudWatch agent
- Create CloudWatch alarms
- Create metric filters
- Create CloudWatch dashboards
- Configure notifications (Amazon SNS, Service Quotas, CloudWatch alarms, AWS Health events)
Remediate issues based on monitoring and availability metrics
- Troubleshoot or take corrective actions based on notifications and alarms
- Configure Amazon EventBridge rules to invoke actions
- Use AWS Systems Manager Automation runbooks to take action based on AWS Config rules
Module 2: Reliability and Business Continuity
Implement scalability and elasticity
- Create and maintain AWS Auto Scaling plans
- Implement caching
- Implement Amazon RDS replicas and Amazon Aurora Replicas
- Implement loosely coupled architectures
- Differentiate between horizontal scaling and vertical scaling
Implement high availability and resilient environments
- Configure Elastic Load Balancing (ELB) and Amazon Route 53 health checks
- Differentiate between the use of a single Availability Zone and Multi-AZ deployments (Amazon EC2 Auto Scaling groups, ELB, Amazon FSx, Amazon RDS)
- Implement fault-tolerant workloads (Amazon EFS, Elastic IP addresses)
- Implement Route 53 routing policies (failover, weighted, latency based)
Implement backup and restore strategies
- Automate snapshots and backups based on use cases (RDS snapshots, AWS Backup, RTO and RPO, Amazon Data Lifecycle Manager, retention policy)
- Restore databases (point-in-time restore, promote read replica)
- Implement versioning and lifecycle rules
- Configure Amazon S3 Cross-Region Replication (CRR)
- Perform disaster recovery procedures
Module 3: Deployment, Provisioning, and Automation
Provision and maintain cloud resources
- Create and manage AMIs (EC2 Image Builder)
- Create, manage, and troubleshoot AWS CloudFormation
- Provision resources across multiple AWS Regions and accounts (AWS Resource Access Manager AWS RAM, CloudFormation StackSets, IAM cross-account roles)
- Select deployment scenarios and services (blue/green, rolling, canary)
- Identify and remediate deployment issues (service quotas, subnet sizing, CloudFormation errors, permissions)
Automate manual or repeatable processes
- Use AWS services (Systems Manager, CloudFormation) to automate deployment processes
- Implement automated patch management
- Schedule automated tasks by using AWS services (EventBridge, AWS Config)
Module 4: Security and Compliance
Implement and manage security and compliance policies
- Implement IAM features (password policies, multi-factor authentication MFA, roles, SAML, federated identity, resource policies, policy conditions)
- Troubleshoot and audit access issues by using AWS services (CloudTrail, IAM Access Analyzer, IAM policy simulator)
- Validate service control policies (SCPs) and permissions boundaries
- Review AWS Trusted Advisor security checks
- Validate AWS Region and service selections based on compliance requirements
- Implement secure multi-account strategies (Control Tower, AWS Organizations)
Implement data and infrastructure protection strategies
- Enforce a data classification scheme
- Create, manage, and protect encryption keys
- Implement encryption at rest (AWS KMS)
- Implement encryption in transit (AWS Certificate Manager ACM, VPN)
- Securely store secrets by using AWS services (AWS Secrets Manager, Systems Manager Parameter Store)
- Review reports or findings (AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)
Module 5: Networking and Content Delivery
Implement networking features and connectivity
- Configure a VPC (subnets, route tables, network ACLs, security groups, NAT gateway, internet gateway)
- Configure private connectivity (Systems Manager Session Manager, VPC endpoints, VPC peering, VPN)
- Configure AWS network protection services (AWS WAF, AWS Shield)
Configure Modules, DNS services, and content delivery
- Configure Route 53 hosted zones and records
- Implement Route 53 routing policies (geolocation, geoproximity)
- Configure DNS (Route 53 Resolver)
- Configure Amazon CloudFront and S3 origin access control (OAC)
- Configure S3 static website hosting
Troubleshoot network connectivity issues
- Interpret VPC configurations (subnets, route tables, network ACLs, security groups)
- Collect and interpret logs (VPC Flow Logs, ELB access logs, AWS WAF web ACL logs, CloudFront logs)
- Identify and remediate CloudFront caching issues
- Troubleshoot hybrid and private connectivity issues
Module 6: Cost and Performance Optimization
Implement cost optimization strategies
- Implement cost allocation tags
- Identify and remediate underutilized or unused resources by using AWS services and tools (Trusted Advisor, AWS Compute Optimizer, AWS Cost Explorer)
- Configure AWS Budgets and billing alarms
- Assess resource usage patterns to qualify workloads for EC2 Spot Instances
- Identify opportunities to use managed services (for example, Amazon RDS, AWS Fargate, Amazon EFS)
Implement performance optimization strategies
- Recommend compute resources based on performance metrics
- Monitor Amazon Elastic Block Store (Amazon EBS) metrics and modify configuration to increase performance efficiency
- Implement S3 performance features (S3 Transfer Acceleration, multipart uploads)
- Monitor RDS metrics and modify the configuration to increase performance efficiency (Performance Insights, RDS Proxy)
- Enable enhanced EC2 capabilities (Elastic Network Adapter, instance store, placement groups)
