Companies can improve their efficiency by using AWS CloudFormation to automation platform deployment, manage infrastructure as code, simplify compliance and governance procedures, and enable further cost optimization.

If you are seeking a block-level storage volume service to utilize with EC2 instances on AWS, Amazon Elastic Block Storage (EBS) is a recommended option. EBS is a raw, unformatted block device that can be mounted as devices on instances. AWS offers three types of storage, and EBS is an instance of block storage, providing block-level storage volumes for use with EC2 instances. In this tutorial with AWS-certfied expert Sudhanshu Pandey, we will examine EBS, how to increase the size of EBS volumes, and the various types of storage provided by AWS. Thus, let us delve into an in-depth analysis of EBS and its potential to benefit your AWS environment.

Watch AWS EBS Tutorial

Topics covered in this post:

• Virtual Private Cloud
• VPC Order of Operations
• Public vs Private Subnets
• How Internet Gateways and Route tables work within a VPC

In the previous post in this series, we looked at foundations of AWS infrastructure. In this post, we start to focus on the AWS services you use as a customer. I highly recommend you have foundational knowledge of IPv4 networks and OSI model before proceeding with this section.

AWS Foundational Services Overview

There are four foundational services offered by AWS:

• Network
• Compute
• Storage
• Database

These services follow the general building block services which we discussed in this post. These foundational services tend be the first services that AWS customers adopt when beginning to use AWS. In fact, most certification exams focus on the four foundational areas of Network, Compute, Storage and Database.

This post will cover networking, and we'll cover other higher order services like integration in the future.

AWS uses all custom network hardware that it designed and manufactures for its own use. For the more network-savvy readers, in a typical AWS environment, there are tens of thousands of customers deploying servers that use overlapping network ranges with each other. Traditional network hardware simply cannot scale up the number of Virtual Local Area Networks (VLAN) to meet this kind of demand. So AWS came up with their own Network Hardware implementation to to scale that kind of cloud implementation.

What Is A Virtual Private Cloud (VPC)?

We start with VPC which is clearly an acronym. It stands for Virtual Private Cloud. VPC is a region-scoped, entirely virtualized private network that you can create and manage on your own. This includes picking your own Classless InterDomain Routing (CIDR) range, to defining your own subnets, route tables, and firewalls and so forth.

(Note: Anytime you hear that a service is region-scoped, it means it's not only highly available and fault-tolerant, it will also exhibit a high degree of self-healing where AWS manages all of that on your behalf.)

Most AWS customers will create VPC networks and deploy some AWS resources in them.

You may ask if you could use AWS and never have to create a VPC? Absolutely yes. There are a lot of serverless offerings you could use to deploy your infrastructure and you would never need to create a network, but those options are limited. In the end, most cloud scenarios will require creating and deploying VPCs.

With a VPC you have full control over the security. Not all the way down to the hardware of course, which AWS manages, but you're in charge of areas like data sovereignty and compliance. This matters when it comes to selecting which region is ultimately scoped or chosen for your particular VPC. Except for the hardware, the VPC you provision is yours to do as you wish.

Something else to consider when selecting the appropriate region for your VPC is that geography affects latency. So, the further the distance, the greater the latency. As a good practice, it is best to select the Region that is close to your business operations or users.

There are also a lot of connectivity options to consider with the VPC in order to get your network traffic in and out of the VPC network.

How to Create a VPC in AWS

How do you create your first VPC? It is actually quite simple:

1. Name your network
2. Select an appropriate CIDR Range which adheres to RFC 1918 approved private IP address ranges. CIDR is basically the notation of what IP addresses are available for your particular private network

Now we have an empty VPC and can't yet deploy a load-balancer, virtual application servers or databases, which is typical 3-tier on-premises architecture. We need VPCs to launch our virtual machines, but need a few more steps to make this VPC operational. Again, this is just a high-level overview. For more information, please check out our advanced AWS Networking training certification or this no-cost AWS Essentials course.

Think of VPC as matching your on-premises networking address scheme for your on-premise data center. We are just doing this in the AWS Cloud environment now.

Topics covered in this post:

• AWS Data Center
• AWS Availability Zone (collection of AWS Data Centers)
• AWS Regions (collection of AWS Availability Zones)
• AWS Local Zones

Author's note: I recommend anyone who works on AWS or wants to build AWS fluency have foundational knowledge of IPv4 Networking and the OSI model. This will make it easier to understand these Getting Started Guides for AWS and other cloud vendor content. And for a refresher, read the previous blog in this series: Getting Started with AWS: Design & Building Blocks

AWS Data Center Overview

It's important to understand AWS's Global Infrastructure because that is where all foundational AWS services like network, compute, storage and databases reside.

Let’s start with the atomic unit AWS' infrawstucture, the individual Data Center (DC) — not to be confused with DC Comics! A DC is comprised of anywhere from 40,000 to 80,000 servers and no services run in this layer. This is the same for any other large cloud provider, so AWS is no different in this case. There are things AWS does in their data centers that makes them unique: The way they secure them and make them redundant in terms of redundant network, internet, power access and HVAC.

But none of that matters. Why? Because it's the cloud and AWS is already taking care of this.

What matters is understanding the terms of your Service Level Agreement (SLA). This is the fine print which AWS tells you what kind of uptime and availability to expect for their services and what hardware and technology they use to achieve that.

The hardware also doesn't matter to us as the consumers of cloud computing, but let's answer some common questions:

What hardware does AWS use? I don't know for sure but strongly suspect AWS uses some commodity server and storage hardware that most of us are probably familiar with.

What kind of virtualization is AWS using? Two different kinds. They use a heavily modified version of Xen Hypervisor that’s slowly being phased out. They also use a technology called the ‘Nitro’ hypervisor, which AWS developed internally. If you're wondering if AWS uses VMware or something like that, the answer is no. AWS has some pretty deep partnerships with VMware, so if you are a VMware shop, there are some great integration points in AWS. But the coolest and newest stuff you can do with EC2 runs on Nitro hypervisor.

AWS Availability Zone Overview

Now let's expand beyond the DC to the next AWS infrastructure layer, the Availability Zone (AZ).

An availability zone is a highly-available building block. When we deploy a resource that is scoped at the AZ level, the resource is won't be very redundant and won't have much high availability built into it. But we can deploy lots of resources in more than one AZ to achieve higher availability. An availability zone is one or more data centers that are co-located — meaning a short walking distance. Imagine a college campus with many different buildings. Each of those buildings could be a different DC, but part of the same AZ. And if you want to create a virtual machine, it is scoped at the AZ level.

AWS announced an update to their most popular certification, the AWS Solutions Architect – Associate certification. Here's what you need to know about the new exam.

Amazon Web Services (AWS) have announced an update to what can be considered their most popular certification, the AWS Certified Solutions Architect – Associate certification.

The current AWS SAA-C02 certification was released on March 23, 2020, so it’s been generally available for almost two years, so it’s not surprising that it is being updated. The rate of change and innovation with AWS in two years is huge. By updating their certification to include the latest services, features and best practices ensures that the certification continues to prove its worth to both businesses and individuals.

I imagine you may have a number of questions like the following:

• Can I still take the current SAA-C02 exam as I’m currently studying for it?
• I recently passed my SAA-C02, will it still be effective, or will I have to take the new exam?
• When does the new exam come into effect?
• What are the changes?
• Will there be any exam lab questions like there are in the AWS SysOps Administrator certification?
• Where can I learn the new materials for this exam?
• Where can I find more information on this exam?

To make things simpler and less stressful, let me answer each of these for you.

Can I still take the current SAA-C02 exam as I’m currently studying for it?

The answer is yes! In fact, I recommend that if you have already started studying for the AWS SAA-C02 exam then you continue to do so. You have plenty of time to finish your studies as the last date to take the SAA-C02 exam is August 29th, 2022. If you haven’t yet started studying and want to take this exam, you still have time to prepare and pass it by August 29th, 2022.

For those looking to study and prepare with course materials and hand-on-labs for the current AWS Solution Architect Associate exam (SAA-C02), you can explore our training bundle with hands-on Challenge Labs which will give you all the support you need.

I recently passed my SAA-C02, will it still be effective, or will I have to take the new exam?

This is always a concern when AWS announces an updated certification, and for good reason.

I have some good news for you: You DO NOT have to re-sit the updated certification to keep your credentials. Even if you took the AWS SAA-C02 exam on the last date available (29th August 2022), then your exam will still last for 3 years from that date. The certificate and digital badge you get for attaining the certification does not include the version of the exam.

When does the new exam come into effect?

The new exam, which will be labeled as AWS SAA-C03 will be available to take from the 30th, August 2022. However, the registration to be able to book for the AWS SAA-C03 exam opens on July 26th, 2022, so if you want to be one of the first then you can book it from this date.

What are the changes?

After reviewing the difference between the exam guides for the SAA-C02 and the SAA-C03 there are some changes, however there is a lot of overlap from the SAA-C02.

From a domain perspective, there are still 4 different assessment domains to focus on with minor changes as shown here with the 2 domain tables for each exam.

SAA-C02 DOMAINS % OF EXAM Domain 1: Design Resilient Architectures 30% Domain 2: Design High-Performing Architectures 28% Domain 3: Design Secure Applications and Architectures 24% Domain 4: Design Cost-Optimized Architectures 18% TOTAL 100% SAA-C03 DOMAINS % Of exam Domain 1: Design Secure Architectures 30% Domain 2: Design Resilient Architectures 26% Domain 3: Design High Performing Architectures 24% Domain 4: Design Cost-Optimized Architectures 20% TOTAL 100%

You will notice that 3 of the 4 domains are still named the same, however their percentages have changed in the new exam guide:

• Design Resilient Architectures – Percentage dropped from 30% to 26%
• Design High-performing architectures – Percentage dropped from 28% to 24%
• Design Cost-Optimized Architectures – Percentage increased from 18% to 20%

One domain has changed slightly in its name, in SAA-C02 it’s called Design Secure Applications and Architectures, in SAA-C03 it is labeled as Design Secure Architectures and the percentage has increased from 24% to 30%.

Based on these comparisons alone we can see that there is now more of an emphasis on cost management and security as the percentages in these areas has increased by 8% between the two.

The new exam guide for SAA-C03 contains a lot more information as to what is in scope and out of scope compared to that of the SAA-C02. It also has detailed information showing you what knowledge you should have for each domain, in addition to the skills necessary to meet the requirements of the domain.