Skip to main content

AWS Certified SysOps Administrator Official Study Guide: Associate Exam

AWS Certified SysOps Administrator Official Study Guide: Associate Exam

Stephen Cole, Gareth Digby, Chris Fitch, Steve Friedberg, Shaun Qualheim, Jerry Rhoads, Michael Roth, Blaine Sundrud

ISBN: 978-1-119-37742-9

Oct 2017

552 pages

In Stock



Comprehensive, interactive exam preparation and so much more

The AWS Certified SysOps Administrator Official Study Guide: Associate Exam is a comprehensive exam preparation resource. This book bridges the gap between exam preparation and real-world readiness, covering exam objectives while guiding you through hands-on exercises based on situations you'll likely encounter as an AWS Certified SysOps Administrator. From deployment, management, and operations to migration, data flow, cost control, and beyond, this guide will help you internalize the processes and best practices associated with AWS. The Sybex interactive online study environment gives you access to invaluable preparation aids, including an assessment test that helps you focus your study on areas most in need of review, and chapter tests to help you gauge your mastery of the material. Electronic flashcards make it easy to study anytime, anywhere, and a bonus practice exam gives you a sneak preview so you know what to expect on exam day.

Cloud computing offers businesses a cost-effective, instantly scalable IT infrastructure. The AWS Certified SysOps Administrator - Associate credential shows that you have technical expertise in deployment, management, and operations on AWS.  

  • Study exam objectives
  • Gain practical experience with hands-on exercises
  • Apply your skills to real-world scenarios
  • Test your understanding with challenging review questions

Earning your AWS Certification is much more than just passing an exam—you must be able to perform the duties expected of an AWS Certified SysOps Administrator in a real-world setting. This book does more than coach you through the test: it trains you in the tools, procedures, and thought processes to get the job done well. If you're serious about validating your expertise and working at a higher level, the AWS Certified SysOps Administrator Official Study Guide: Associate Exam is the resource you've been seeking.

Related Resources


Request an Evaluation Copy for this title

Foreword xix

Introduction xxi

Assessment Test xxvi

Chapter 1 Introduction to Systems Operations on AWS 1

Systems Operators 2

Deploying Systems 2

Monitoring Systems 2

Optimizing Systems 3

Fortifying Systems 3

Securing Systems 3

AWS Certified SysOps Administrator - Associate 4

Which AWS Services Should You Study? 4

Reference Architecture: The Three-Tier Design 5

Introduction to the Three-Tier Design 5

Sample Scenario 6

Reference Architecture: The Serverless Design 14

Key Product: Serverless Design 17

Summary 18

Exam Essentials 18

Key Pieces to Study 19

Review Questions 20

Chapter 2 Working with AWS Cloud Services 23

Introduction to AWS Cloud Services 24

Systems Operations Using the AWS Toolset 24

AWS Software Development Kits (SDKs) 30

AWS Internet of Things (IoT) and Mobile Software

Development Kits (SDKs) 33

Summary 34

Exam Essentials 35

Resources to Review 35

Exercises 35

Review Questions 38

Chapter 3 Security and AWS Identity and Access Management (IAM) 41

Security on AWS 43

Shared Responsibility Model 43

AWS Security Responsibilities 43

Customer Security Responsibilities 44

AWS Global Infrastructure Security 44

Physical and Environmental Security 46

Business Continuity Management 47

Network Security 48

Network Monitoring and Protection 49

AWS Compliance Program 50

Securing Your AWS Account with AWS Identity and Access Management (IAM) 51

IAM User 52

IAM Groups 56

IAM Policies 56

IAM Roles 57

Best Practices for Securing Your AWS Account 58

Securing Your AWS Cloud Services 59

Key Pairs 59

Monitoring to Enhance Security 62

AWS CloudTrail 62

Amazon Virtual Private Cloud (Amazon VPC) Flow Logs 62

Amazon CloudWatch 63

AWS Config 63

Amazon Inspector 64

AWS Certificate Manager 64

AWS Web Application Firewall (AWS WAF) 64

AWS Trusted Advisor 64

AWS Cloud Service-Specific Security 65

Compute Services 65

Networking 69

Storage 75

AWS Storage Gateway Security 80

Database 80

Application Services 88

Analytics Services 89

Deployment and Management Services 91

Mobile Services 92

Applications 94

Summary 95

Exam Essentials 96

Exercises 98

Review Questions 103

Chapter 4 Compute 107

Introduction to AWS Compute Services 109

Amazon Elastic Compute Cloud (Amazon EC2) 111

Implementation 111

Management 117

Security 122

Amazon EC2 Container Service (Amazon ECS) 123

Implementation 124

Management 124

Security 125

AWS Elastic Beanstalk 125

Languages Supported in AWS Elastic Beanstalk 126

Services that AWS Elastic Beanstalk Deploys 126

Management 126

Security 127

AWS Lambda 128

Implementation 128

Management 130

Security 130

Amazon Lightsail 130

Implementation 131

Management 131

Security 133

AWS Batch 133

Implementation 133

Management 135

Security 135

Summary 135

Exam Essentials 136

Resources to Review 139

Exercises 140

Review Questions 146

Chapter 5 Networking 151

Introduction to Networking on AWS 153

Amazon Virtual Private Cloud (Amazon VPC) 154

Amazon VPC Implementation 154

Amazon VPC Management 164

AWS Direct Connect 166

AWS Direct Connect Implementation 167

AWS Direct Connect Management 169

AWS Direct Connect Security 170

Load Balancing 171

Load Balancing Implementation 172

Load Balancing Management 176

Load Balancing Security 178

Virtual Private Network (VPN) 178

VPN Installation 178

VPN Management 179

Amazon Route 53 179

Amazon Route 53 Implementation 180

Amazon Route 53 Management 185

Amazon CloudFront 185

Amazon CloudFront Implementation 186

Amazon CloudFront Management 194

Amazon CloudFront Security 194

Summary 195

Resources to Review 195

Exam Essentials 196

Exercises 198

Review Questions 201

Chapter 6 Storage Systems 207

Understanding Different Storage Options 209

Block Storage vs. Object Storage 209

Block Storage Basics 210

Object Storage Basics 210

Retrieval Times (Hot vs. Cold Storage) 211

Cost Efficiency 211

Block Storage on AWS 212

Amazon Elastic Block Store (Amazon EBS) 212

Instance Store 221

Amazon Elastic File System (Amazon EFS) 222

Object Storage on AWS 224

Amazon Simple Storage Service (Amazon S3) 224

Amazon Glacier 230

Systems Operator Scenario: The Newspaper 232

Storage Needs 233

Solution Breakdown 233

Additional Storage Solutions 234

Amazon CloudFront 234

AWS Storage Gateway 235

AWS Snowball 235

Summary 236

Resources to Review 236

Exam Essentials 237

Exercises 239

Review Questions 244

Chapter 7 Databases 249

Introduction to AWS Databases 250

SQL vs. NoSQL 251

Relational Databases Overview 252

Relational Database Design 252

Non-Relational Database Overview 253

Amazon RDS Features and Benefits 254

Amazon Aurora 256

Monitoring Amazon RDS 278

Monitoring Tools 278

Amazon RDS Pricing 282

Non-Relational Databases 283

Amazon DynamoDB 283

Amazon DynamoDB Core Components 284

Amazon Redshift 292

Cluster Management 293

Cluster Access and Security 293

Databases 294

Monitoring Clusters 295

Amazon ElastiCache 296

Summary 298

Resources to Review 298

Exam Essentials 299

Exercises 300

Review Questions 307

Chapter 8 Application Deployment and Management 313

Introduction to Application Deployment and Management 314

Deployment Strategies 314

Provisioning Infrastructure 314

Deploying Applications 315

Configuration Management 315

Scalability Capabilities 318

Monitoring Resources 318

Continuous Deployment 319

Deployment Services 322

AWS Elastic Beanstalk 323

Amazon EC2 Container Service 325

AWS OpsWorks Stacks 328

AWS CloudFormation 330

AWS Command Line Interface (AWS CLI) 345

Summary 346

Resources to Review 347

Exam Essentials 347

Exercises 349

Review Questions 358

Chapter 9 Monitoring and Metrics 363

Introduction to Monitoring and Metrics 364

An Overview of Monitoring 364

Why Monitor? 364

Amazon CloudWatch 365

AWS CloudTrail 365

AWS Config 365

AWS Trusted Advisor 366

AWS Service Health Dashboard 366

AWS Personal Health Dashboard 367

Amazon CloudWatch 367

Metrics 369

Custom Metrics 369

Amazon CloudWatch Metrics Retention 370

Namespaces 371

Dimensions 372

Statistics 373

Units 374

Periods 374

Aggregation 375

Dashboards 376

Percentiles 376

Monitoring Baselines 377

Amazon EC2 Status Checks 378

Authentication and Access Control 379

AWS Cloud Services Integration 382

Amazon CloudWatch Limits 382

Amazon CloudWatch Alarms 384

Alarms and Thresholds 384

Missing Data Points 386

Common Amazon CloudWatch Metrics 386

Amazon CloudWatch Events 395

Events 396

Rules 397

Targets 397

Metrics and Dimensions 398

Amazon CloudWatch Logs 399

Archived Data 400

Log Monitoring 400

Amazon CloudWatch Logs: Agents and IAM 401

Searching and Filtering Log Data 403

Monitoring AWS Charges 406

Detailed Billing 407

Cost Explorer 409

AWS Billing and Cost Management Metrics and Dimensions 410

AWS CloudTrail 411

What Are Trails? 411

Types of Trails 411

Multiple Trails per Region 412

Encryption 412

AWS CloudTrail Log Delivery 412

Overview: Creating a Trail 413

Monitoring with AWS CloudTrail 413

AWS CloudTrail vs. Amazon CloudWatch 414

AWS CloudTrail: Trail Naming Requirements 414

Getting and Viewing AWS CloudTrail Log Files 414

AWS Config 417

Ways to Use AWS Config 418

AWS Config Rules 419

AWS Config and AWS CloudTrail 420

Pricing 421

Summary 421

Resources to Review 422

Exam Essentials 423

Exercises 425

Review Questions 438

Chapter 10 High Availability 441

Introduction to High Availability 443

Amazon Simple Queue Service 444

Using Amazon Simple Queue Service to Decouple an Application 444

Standard Queues 448

First-In, First-Out Queues 448

Dead Letter Queues 449

Shared Queues 449

Amazon Simple Notification Service 450

Mobile Push Messaging 451

Amazon SNS Fan-Out Scenario 451

Highly Available Architectures 452

Network Address Translation (NAT) Gateways 453

Elastic Load Balancing 453

Auto Scaling 454

Session State Management 455

Amazon Elastic Compute Cloud Auto Recovery 455

Scaling Your Amazon Relational Database Service Deployment 456

Multi-Region High Availability 457

Amazon Simple Storage Service 457

Amazon DynamoDB 457

Amazon Route 53 457

Highly Available Connectivity Options 463

Redundant Active-Active VPN Connections 463

Redundant Active-Active AWS Direct Connect Connections 465

AWS Direct Connect with Backup VPN Connection 466

Disaster Recovery 467

Backup and Restore Method 467

Pilot Light Method 468

Warm-Standby Method 470

Multi-Site Solution Method 470

Failing Back from a Disaster 471

Summary 472

Resources to Review 473

Exam Essentials 473

Exercises 474

Review Questions 478

Appendix Answers to the Review Questions 481

Chapter 1: Introduction to Systems Operations on AWS 482

Chapter 2: Working with AWS Cloud Services 483

Chapter 3: Security and AWS Identity and Access Management (IAM) 483

Chapter 4: Compute 485

Chapter 5: Networking 486

Chapter 6: Storage Systems 488

Chapter 7: Databases 490

Chapter 8: Application Deployment and Management 492

Chapter 9: Monitoring and Metrics 494

Chapter 10: High Availability 496

Index 499

Table of Exercises

Exercise 2.1 Install and Configure AWS CLI on Linux or Mac 36

Exercise 2.2 Install and Configure AWS CLI on Windows with MSI36

Exercise 3.1 Creating AWS Identity and Access Management (IAM) Users99

Exercise 3.2 Create IAM Credentials99

Exercise 3.3 Create IAM Groups100

Exercise 3.4 Working with IAM Policies.101

Exercise 3.5 Working with IAM Roles.101

Exercise 4.1 Create a Linux Instance via the AWS Management Console.141

Exercise 4.2 Create a Windows Instance via the AWS Management Console142

Exercise 4.3 Create a Linux Instance via the AWS CLI142

Exercise 4.4 Create a Windows Instance via the AWS CLI.143

Exercise 4.5 Inspect the AWS Service Health Dashboards143

Exercise 4.6 Use the Elastic IP Addresses144

Exercise 4.7 Work with Metadata144

Exercise 4.8 Attach an AWS IAM Role to an Instance145

Exercise 5.1 Create an Elastic IP (EIP)198

Exercise 5.2 Create an Amazon VPC 198

Exercise 5.3 Tag Your Amazon VPC and Subnets199

Exercise 5.4 Create an Elastic Network Interface (ENI)199

Exercise 5.5 Associate the ENI200

Exercise 5.6 Test Your ENI200

Exercise 5.7 Delete VPC200

Exercise 6.1 Create an Encrypted Amazon EBS Volume240

Exercise 6.2 Monitor Amazon EBS Using Amazon CloudWatch.240

Exercise 6.3 Create and Attach an Amazon EFS Volume.240

Exercise 6.4 Create and Use an Amazon S3 Bucket241

Exercise 6.5 Enable Amazon S3 Versioning242

Exercise 6.6 Enable Cross-Region Replication242

Exercise 6.7 Create an Amazon Glacier Vault242

Exercise 6.8 Enable Lifecycle Rules243

Exercise 7.1 Create a New Option Group Using the Console300

Exercise 7.2 Create an Amazon DynamoDB Table from the AWS CLI301

Exercise 7.3 Add Items to the Amazon DynamoDB Table MusicCollection Using the AWS CLI302

Exercise 7.4 Create a MySQL Amazon RDS DB Instance303

Exercise 8.1 Create an AWS Elastic Beanstalk Environment.349

Exercise 8.2 Manage Application Versions with AWS Elastic Beanstalk349

Exercise 8.3 Perform a Blue/Green Deployment with AWS Elastic Beanstalk350

Exercise 8.4 Create an Amazon ECS Cluster350

Exercise 8.5 Launch an Amazon EC2 Instance Optimized for Amazon ECS351

Exercise 8.6 Use Amazon ECR.352

Exercise 8.7 Work with Amazon ECS Task Definitions.352

Exercise 8.8 Work with Amazon ECS Services354

Exercise 8.9 Create an AWS OpsWorks Stack355

Exercise 8.10 Make a Layer in AWS OpsWorks Stacks.355

Exercise 8.11 Add an Amazon EC2 Instance to an AWS OpsWorks Stacks Layer356

Exercise 8.12 Add an Application to AWS OpsWorks Stacks 356

Exercise 8.13 Create an AWS CloudFormation Stack.357

Exercise 8.14 Delete an AWS CloudFormation Stack.357

Exercise 9.1 Search for Available Metrics425

Exercise 9.2 View Available Metrics for Running Amazon EC2 Instances by Namespace and Dimension Using the Amazon CloudWatch Console426

Exercise 9.3 View Available Metrics by Namespace, Dimension, or Metric Using the AWS CLI429

Exercise 9.4 List All Available Metrics for a Specific Resource.430

Exercise 9.5 List all Resources that Use a Single Metric430

Exercise 9.6 Get Statistics for a Specific Resource430

Exercise 9.7 Get CPU Utilization for a Single Amazon EC2 Instance from the Command Line433

Exercise 9.8 Create a Billing Alert. 435

Exercise 9.9 Create a Billing Alarm.435

Exercise 9.10 Create an Amazon CloudWatch Dashboard.436

Exercise 10.1 Create an Amazon SNS Topic475

Exercise 10.2 Create a Subscription to Your Topic475

Exercise 10.3 Publish to Your Topic 475

Exercise 10.4 Create an Amazon Simple Queue Service (Amazon SQS).476

Exercise 10.5 Subscribe the Queue to Your Amazon SNS Topic476

Exercise 10.6 Deploy Amazon RDS in a Multi-AZ Configuration477

Figure correction
Corrected figures
ChapterPageDetailsDatePrint Run
FMvErrata in text
In the front matter, on page v, in the "About the Authors" section, Gareth Digby's biography should read:
Technical Trainer for AWS, delivers training on AWS services to students throughout North America. Gareth holds a B.Sc. and Ph.D. in Electrical and Electronic Engineering from the University of Swansea. Gareth has held full time faculty posts in the Electrical and Electronic Engineering Department, at University of Swansea and at the School of Electrical and Electronic Engineering, University of Birmingham. He has taught as adjunct faculty in the Department of Computer Science at University of Oxford and the Penn State Great Valley School of Graduate Professional Studies. Prior to joining AWS, in addition to his academic posts, Gareth has held systems engineering and system architecture roles on a variety of public sector projects. Gareth wants to thank Enfield Grammar School for introducing him to computers, the Electrical and Electronic Engineering Department and the Computer Science Department at University of Wales, Swansea for inspiring him to teach about computers, and his family for allowing him to pursue these passions for far too many years.

4138Errata in text
In the section "Know the different tools available to manage security for Amazon EC2," please change "RPD" to "RDP."

5157Errata in text
Table 5.1 -
Table 5.1 -
Paragraph 2 -
Paragraphs 2 -
Table 5.2 -
Table 5.2 -

5181, 182Errata
The images have been swapped. Figure 5.8 should be image 5.9, and vice versa. Correct image posted in Download section

8493Errata in text
Appendix: Answers to Review Questions
Answer/Question #5
B. AWS Elastic Beanstalk does not support the C language. It provides platforms for other programming languages (such as Java, PHP, Python, Ruby, and Go), web containers (Tomcat, Passenger, and Puma), and Docker containers, with multiple configurations of each.

Appendix493Errata in text
Appendix, Chapter 8
7. A, B, D. There is no such thing as AWS CloudFormation conditional deployments. AWS OpsWorks is its own service and doesn't apply to AWS Elastic Beanstalk.
7. A, B, E. There is no such thing as AWS CloudFormation conditional deployments. AWS OpsWorks is its own service and doesn't apply to AWS Elastic Beanstalk.

0237Errata in text
INCORRECT: the word "version" is preceded with only a single dash "-"
CORRECT: change to double dashes "--"

INCORRECT: in the diagram, it says SE5
CORRECT: change to SES

399Errata in text
INCORRECT: the word "user-name" is preceded with only a single dash "-"
CORRECT: change to double dashes "--"

flastxxiiErrata in text
INCORRECT: "Elastic Cloud Compute"
CORRECT: "Elastic Compute Cloud"