So, what do you do for a living? I'm a cloud architect. Oh, that's nice. I hear it's going to rain.
If you tell someone that you work for IT, the cloud, or the new kid in town, AI, the conversation is generally over—unless, of course, the person who asked the question is technically inclined. Nobody else will listen to and understand your conversation.
Which brings us to talking about the topic of the day, the cloud architect.
The term cloud architect is commonly used when describing the work carried out at AWS. Let's explore the role of the cloud architect in relation to becoming AWS-certified.
According to Grok, an architect is a professional who plans, designs and oversees the construction of buildings and other physical structures. (Deep Seek probably has other ideas.)
As cloud architects at AWS, we do not plan and design using physical resources such as storage arrays, computers, or anything else. Instead, we plan and design application infrastructure tiers using virtual cloud services, stitching them together to meet each application’s unique needs.
Of course, you're probably used to virtual servers and storage arrays if you've worked anywhere in the computer industry for the last decade. The virtual resources at AWS are defined as “managed services”. Maintained by AWS and managed by the customer.
A selected storage or computer service will have a virtual front-end dashboard interface where the selected service is ordered and configured. (There is also a command-line interface for more experienced administrators to carry out administrative tasks or to automate tasks.)
As the AWS cloud architect, you recommend and/or make decisions about each application’s security, reliability, cost, and performance. Of course, outside the certification world we focus on, you may also be a developer and an architect in the real world!
Regardless, every successful application deployment ultimately follows the well-architected framework pillars of security, reliability, performance efficiency, and cost.
Operational excellence is one of the additional pillars that is not seemingly well-named at first glance.
Operational excellence is defining your initial goals as to what you're hoping to achieve.
It is fully defined as the process of planning and designing the appropriate infrastructure for hosting your application stack at AWS, considering the overall security, reliability, performance, and cost of the infrastructure you choose to deploy.
For example, I'm creating a financial application hosted at AWS that my 5,000 financial analysts will use to calculate the inflation rate on an ongoing basis. They will use this application 24 hours a day. Data needs to be secured and encrypted, and access will be web-based and potentially through a financial application yet to be developed.
After the application is developed, tested, and ultimately deployed, operational excellence continues as a daily, weekly and forever process.
To ensure each application’s excellent operation by continuously monitoring and reviewing application security, reliability, performance efficiency, and cost.
Applying This Knowledge to the Test
Ultimately, the 65 exam questions in the AWS Certified Solutions Architect—Associate exam will test your knowledge and application of security, reliability, performance, and costs when running applications in the AWS cloud that utilize the available computing, storage, networking, and monitoring services regarding the current or proposed architecture design described in each test question. You will need to select the correct answer or answers following one or more of the following criteria:
· What is the better solution than what is currently being used?
· What service should be added or changed?
· What first initial steps need to be carried out?
· What’s the fastest solution (fewest steps)
From Legacy to Cloud Native
While it is possible to migrate and deploy on-premises legacy applications at AWS without properly addressing security, high availability, and failover, over time, these issues won’t be able to be ignored.
Certified solutions architect associates understand the core AWS infrastructure services regarding security, reliability, and performance that can be deployed for applications developed and hosted at AWS. They also understand that better security, reliability, and performance cost more.
Let’s start with a not-so-great example to illustrate the thought process of a cloud architect.
For a legacy on-premises application with a single server, the user interface (authentication, interface, security), business logic (the application itself), and data (static and dynamic storage) are deployed on the same server. It works, and everyone is happy enough.
Reviewing the architecture of this application, we can see that the services are bundled tightly together instead of being separated. If one of the services fails or the computer system fails, the entire application fails.
Although a self-contained application server can be migrated to AWS and run hosted on a single subnet with direct access to the Internet, this does not mean it is a good idea.
As noted, this design has a few problems that must certainly be addressed, notably that this single server is a single point of failure.
Each component/service hosted on this application server can be deployed at AWS utilizing separate highly available and fault-tolerant managed cloud services.
A successful AWS cloud deployment following the ideals of the well-architected framework is certainly much more complicated.
However, separating the required application services into integrated cloud services has many benefits.
Remember, the cloud architect's job is to choose the AWS service that best matches the application's needs and requirements.
Please take a few minutes to review the proposed cloud services infrastructure that could support the application's operation at AWS. You may also think of other design choices, which is OK. Depending on the use case and application requirements, other design choices could be selected.
· Compute could be multiple virtual web/application servers running Amazon EC2 instances. Or containerized application deployments running Docker (Elastic Container Service) or Kubernetes (Elastic Kubernetes Service).
· Databases could be deployed using the Amazon Relational Database Service or Amazon DynamoDB. Or custom-built using EC2 instances.
· Amazon S3 and Amazon S3 Glacier object storage could provide unlimited encrypted static storage.
· Security services are provided using Security Identity and Compliance (Identity Access Management).
· Monitoring could be performed using Amazon CloudWatch, and alarms communicated using Amazon Simple Notification Service or third-party security services such as Service Now.
· Amazon Simple Notification Service can communicate issues to humans, Amazon Systems Manager, automated solutions, or by using Amazon Lambda custom functions.
· The user interface and application could be designed using various AWS Tools, SDKs, and Mobile app development services. (Not a relevant exam topic. Whew!)
· User authentication and access control could be provided using Amazon Cognito. Or other third-party services such as Okta or Strong DM.
· Decoupling applications and server-to-server communication could utilize a message queue like Amazon Simple Queue Service.
For the AWS Certified Solutions Architect—Associate exam, we need to know about these cloud services: their basic operation, the use case for selecting each service, and the key features that match the application’s needs and requirements.
By the way, if you’re interested, I’m using a handy diagramming tool called draw.io to create the graphics in this blog post. It’s a great idea to become well-versed in using a diagramming tool such as Draw.io to diagram AWS architecture quickly.
Happy drawing!