一、等级划分
助理级:
系统管理员
开发者
系统架构师助理
专家级:
系统架构师
运维开发工程师
涉及方面:
从计算,网络,存储,负载均衡,到安全,大数据,CDN,DNS,部署,中间件,不仅仅是AWS的相关服务,还涉及全面的架构设计经验和理解,需要很多平时的积累。
掌握:
包括IAM, STS, VPC, EC2, EBS, ELB, S3, Storage Gateway, RDS, DynamoDB, CloudFront, Route53, CloudFormation, OpsWorks, Kinesis。
了解:
包括Glacier, CloudWatch, CloudTrail, Direct Connect, Elastic Beanstalk, ElastiCache, EMR, Redshift, Data Pipeline, SWF, SNS, SES。
AWS系统架构助理技术要求:
AWS知识
- 熟练使用计算机、网络、存储和数据库AWS服务
- 构建大型分布式系统的专业经验:理解弹性和可扩展性概念
- 了解AWS全球基础设施
- 了解与AWS相关的网络技术
- 很好地理解AWS提供的所有安全特性和工具以及它们与传统服务的关系。
- 对AWS平台的客户界面有很强的理解能力,具有AWS部署和管理服务的实践经验
基础IT知识
- 对典型的多层体系结构有很好的理解:Web服务器、缓存、应用服务器、负载平衡器和存储
- 了解关系数据库管理系统(RDBMS)和NoSQL
- 消息队列和企业服务总线(ESB)的知识
- 熟悉松耦合和无状态系统
- 了解分布式系统中的不同一致性模型
- 了解内容分发网络(CDN)
- 具有核心LAN/WAN网络技术的动手经验
- 具有路由表、访问控制列表、防火墙、NAT、HTTP、DNS、IP和OSI网络的经验:REST Web服务、XML、JSON的知识
- 熟悉软件开发生命周期
- 具有信息和应用安全概念、机制和工具的工作经验
- 了解终端用户计算和协作技术
二、实战
1:设计高可用、低成本、容错、可扩展的系统
1.1识别和识别云架构考虑,如基本组件和有效设计。
内容可包括以下内容:
- 如何设计云服务
- 规划设计
- 监测和记录
熟悉:
- AWS体系结构的最佳实践
- 开发客户规范,包括定价/成本(例如,按需与保留对现货;RTO和RPO DR设计)
- 架构权衡决策(例如,高可用性与成本)、亚马逊关系数据库服务(RDS)与在亚马逊弹性计算云(EC2)上安装自己的数据库混合IT架构(例如,直接连接、存储网关、VPC、目录服务)
- 弹性和可伸缩性(例如,自动缩放、SQL、ELB、CyrdFrand)
2 2:实现/部署
2.1使用Amazon EC2、Amazon S3、AWS弹性豆茎、AWS CuldFug、AWS OPSWorkWork、Amazon虚拟私有云(VPC)和AWS身份和访问管理(IAM)来编码和实现云解决方案来识别适当的技术和方法。内容可包括以下内容:
- 配置亚马逊机器映像(AMI)
- 在混合IT体系结构中操作和扩展服务管理
- 配置服务以支持云中的合规要求
- 在AWS全球基础设施上启动实例:配置IAM策略和最佳实践
3 3:数据安全
3.1识别和实施最佳云部署和维护的安全实践。内容可包括以下内容:
- AWS共担责任模型
- AWS平台符合性
- AWS安全属性(客户工作负载到物理层)
- ·AWS管理和安全服务
- AWS身份和访问管理(IAM)
- Amazon虚拟私有云(VPC)
- AWS CyrdTr踪迹
- 入口与出口过滤,以及AWS服务和特征拟合
- “核心”Amazon EC2和S3安全特征集
- 结合常用的常规安全产品(防火墙、×××)
- 设计模式
- DOS缓解
- 加密解决方案(例如,关键服务)
- 复杂的访问控制(建立复杂的安全组、ACL等)
- Amazon CuldWa手表为安全架构师
- 值得信赖的顾问
- 云表日志
3.2识别关键灾难恢复技术及其实现。内容可包括以下内容:
- 灾难恢复
- 恢复时间目标
- 恢复点目标
- 亚马逊弹性街区店
- AWS进出口
- AWS存储网关
- Amazon Rout53
- 数据恢复方法的验证
4 4:故障排除
内容可包括以下内容:
- 信息和问题的一般故障排除
AWS Knowledge
• Hands-on experience using compute, networking, storage, and database AWS services
• Professional experience architecting large-scale distributed systems • Understanding of elasticity and scalability concepts
• Understanding of the AWS global infrastructure
• Understanding of network technologies as they relate to AWS
• A good understanding of all security features and tools that AWS provides and how they relate to traditional services
• A strong understanding of client interfaces to the AWS platform • Hands-on experience with AWS deployment and management services
General IT Knowledge
• Excellent understanding of typical multi-tier architectures: web servers, caching, application servers, load balancers, and storage
• Understanding of Relational Database Management System (RDBMS) and NoSQL
• Knowledge of message queuing and Enterprise Service Bus (ESB)
• Familiarity with loose coupling and stateless systems
• Understanding of different consistency models in distributed systems
• Knowledge of Content Delivery Networks (CDN)
• Hands-on experience with core LAN/WAN network technologies
• Experience with route tables, access control lists, firewalls, NAT, HTTP, DNS, IP and OSI Network • Knowledge of RESTful Web Services, XML, JSON
• Familiarity with the software development lifecycle
• Work experience with information and application security concepts, mechanisms, and tools
• Awareness of end-user computing and collaborative technologies
1 Domain
1.0: Designing highly available, cost-efficient, fault-tolerant, scalable systems
1.1 Identify and recognize cloud architecture considerations, such as fundamental components and effective designs.
Content may include the following:
• How to design cloud services
• Planning and design
• Monitoring and logging
• Familiarity with:
o Best practices for AWS architecture
o Developing to client specifications, including pricing/cost (e.g., on Demand vs. Reserved vs. Spot; RTO and RPO DR Design)
o Architectural trade-off decisions (e.g., high availability vs. cost, Amazon Relational Database Service (RDS) vs. installing your own database on Amazon Elastic Compute Cloud (EC2))
o Hybrid IT architectures (e.g., Direct Connect, Storage Gateway, VPC, Directory Services)
o Elasticity and scalability (e.g., Auto Scaling, SQS, ELB, CloudFront)
2 Domain
2.0: Implementation/Deployment
2.1 Identify the appropriate techniques and methods using Amazon EC2, Amazon S3, AWS Elastic Beanstalk, AWS CloudFormation, AWS OpsWorks, Amazon Virtual Private Cloud (VPC), and AWS Identity and Access Management (IAM) to code and implement a cloud solution. Content may include the following:
• Configure an Amazon Machine Image (AMI)
• Operate and extend service management in a hybrid IT architecture
• Configure services to support compliance requirements in the cloud
• Launch instances across the AWS global infrastructure • Configure IAM policies and best practices
3 Domain
3.0: Data Security
3.1 Recognize and implement secure practices for optimum cloud deployment and maintenance. Content may include the following:
• AWS shared responsibility model
• AWS platform compliance
• AWS security attributes (customer workloads down to physical layer)
• AWS administration and security services
• AWS Identity and Access Management (IAM)
• Amazon Virtual Private Cloud (VPC)
• AWS CloudTrail
• Ingress vs. egress filtering, and which AWS services and features fit
• “Core” Amazon EC2 and S3 security feature sets
• Incorporating common conventional security products (Firewall, ×××)
• Design patterns
• DoS mitigation
• Encryption solutions (e.g., key services)
• Complex access controls (building sophisticated security groups, ACLs, etc.)
• Amazon CloudWatch for the security architect
• Trusted Advisor
• CloudWatch Logs
3.2 Recognize critical disaster recovery techniques and their implementation. Content may include the following:
• Disaster recovery
o Recovery time objective
o Recovery point objective
o Amazon Elastic Block Store
• AWS Import/Export
• AWS Storage Gateway
• Amazon Route53
• Validation of data recovery method
4 Domain
4.0: Troubleshooting
Content may include the following:
• General troubleshooting information and questions