Month: August 2017

Step-by-Step Guide to Creating an AWS VPC and NAT Gateways

VPC and NAT Gateway

In this blog post I’m going to provide a step-by-step guide to create an AWS VPC. I’ll walk through how to create an Internet Gateway and configure a couple of Public Subnets that are spread across two Availability Zones for High Availability whilst also creating a custom route table to enable the Public Subnets to access the Internet. Next I’ll configure a couple of Private Subnets that are also spread across two Availability Zones and will then configure a NAT Gateway to allow these Private Subnets the ability to connect to the Internet for operating system patches whilst not allowing anything on the Internet the ability to connect to these Private Subnets. For the purpose of this I’m going to be using the eu-west-1 AWS Region.

Creating the VPC

  • Login to the AWS Management Console.
  • Navigate to Networking & Content Delivery.
  • Click “VPC”.
  • From within the VPC Dashboard, Click “Your VPCs”.
  • Click “Create VPC”.
  • Specify the Name of the VPC e.g. ‘MyVPC’.
  • Specify the IPv4 CIDR block e.g. ‘192.168.0.0/16’.
  • Click “Yes, Create”.

Continue reading “Step-by-Step Guide to Creating an AWS VPC and NAT Gateways”

Step-by-Step Guide to Creating AWS Microsoft AD and Configuring for Single Sign-On

AWS Directory Service

In this blog post I’m going to provide a step-by-step guide to create an AWS Microsoft AD and then configure it to enable access for single sign-on to the AWS Management Console.  As part of this I’ll only allow Full Access to Amazon S3 for the Admin user account.

Create the AWS Microsoft AD

  • Log in to the AWS Management Console.
  • Navigate to Security, Identity & Compliance.
  • Click on “Directory Service”.
  • Click “Setup Directory” and then Click “Microsoft AD”.
  • Specify the Fully Qualified Domain Name (FQDN) for the Active Directory Domain e.g. ‘corp.local’.
  • Specify the NetBIOS Domain Name for the Active Directory Domain e.g. ‘CORP’.
  • Specify the Password for the Admin User and then Confirm the Password.

Continue reading “Step-by-Step Guide to Creating AWS Microsoft AD and Configuring for Single Sign-On”

AWS SA Professional – Practice Question 6

question

Welcome back to another revision question.

You are designing internet connectivity for your VPC. The web servers must be available on the internet. The application must have a highly available architecture. Which alternatives should you consider? (Choose 2)

a. Configure ELB with an EIP. Place all your web servers behind ELB. Configure a Route53 A Record that points to the EIP.

b. Assign EIPs to all web servers. Configure a Route53 record set with all EIPs, with health checks and DNS failover.

c. Place all your web servers behind an ELB. Configure a Route53 CNAME to point to the ELB DNS name.

d. Configure a CloudFront distribution and configure the origin to point to the private IP address of your web servers. Configure a Route53 CNAME record to your CloudFront distribution.

e. Configure a NAT instance in your VPC. Create a default route via the NAT instance and associate it with all subnets. Configure a DNS A record that points to the NAT instance public IP address.

Reviewing the question its testing your understanding of VPC, understanding of DNS records, enabling internet access for servers within a VPC and designing high availability within a VPC. For this particular question we have to choose two correct answers. Lets work this one through.

Continue reading “AWS SA Professional – Practice Question 6”

AWS re:Invent 2017

reInvent2017

Amazon have now opened up the Session Catalog for this year’s re:Invent and as this is going to be my first, I was amazed to see how many sessions are available.  Whilst the full schedule is still not due to be published until October I’ve started to shortlist the sessions that I’m interested to attend.  I know full well that I won’t be able to attend all of these due to either timings, proximity or the fact that I’ve got training as well as exams booked whilst I’m out in Las Vegas, but I’ll whittle these down nearer to the time.

Architecture

  • ARC301 – Fitch Ratings: Migrating to the Cloud to Transform Business Services Delivery
  • ARC303 – Running Lean Architectures: How to Optimize for Cost Efficiency
  • ARC304 – From One to Many: Evolving VPC Design
  • ARC305 – How Toyota Racing Development Uses Amazon CloudFront, AWS CloudFormation, and Amazon ECS in Motorsports
  • ARC306 – High Resiliency & Availability of PlayStation Communities Using Multiple AWS Regions
  • ARC308 – Leveraging a Cloud Policy Framework – From Zero to Well Governed
  • ARC401 – Serverless Architectural Patterns and Best Practices

Continue reading “AWS re:Invent 2017”

AWS SA Professional – Practice Question 5

question

A customer is running an application in US-WEST (Northern California) region and wants to setup disaster recovery failover to the Asian Pacific (Singapore) region. The customer is interested in achieving a low Recovery Point Objective (RPO) for an Amazon Relational Database Service (RDS) multi-AZ MySQL database instance. Which approach is best suited to this need? (Choose 1)

a. Synchronous Replication

b. Asynchronous Replication

c. Route53 Health checks

d. Copying of RDS incremental snapshots

This question is testing your understanding of Disaster Recovery strategies and also ensuring you understand a number of key concepts.

Continue reading “AWS SA Professional – Practice Question 5”