AWS系統管理員學習指南(第2版·SOA-C01)

[美] 薩拉·佩洛特(Sara Perrott) 佈雷特·麥克勞林(Brett McLaughlin)著 姚力 譯

  • AWS系統管理員學習指南(第2版·SOA-C01)-preview-1
  • AWS系統管理員學習指南(第2版·SOA-C01)-preview-2
  • AWS系統管理員學習指南(第2版·SOA-C01)-preview-3
AWS系統管理員學習指南(第2版·SOA-C01)-preview-1

買這商品的人也買了...

商品描述

涵蓋了所有考試目標: ● 監測和報告服務 ● AWS的高可用性環境 ● 存儲和數據管理 ● 部署和資源供給 ● 安全性和合規性 ● AWS的網絡和連接服務 ● 自動化和優化

目錄大綱

目    錄

第Ⅰ部分 AWS 基礎

第1 章 AWS 系統操作簡介·············· 3

1.1 AWS 生態系統·················· 4

1.1.1 AWS 服務模型············· 4

1.1.2 AWS 全球業務············· 5

1.2 AWS 受管服務·················· 7

1.3 什麽是系統操作···············10

1.3.1 AWS 責任共擔模型······ 11

1.3.2 AWS 服務級別協議······12

1.3.3 7 個知識點·················12

1.4 使用AWS ·······················13

1.4.1 AWS 管理控制台·········13

1.4.2 AWS CLI ···················14

1.4.3 AWS SDK··················15

1.4.4 技術支持和在線資源····15

1.4.5 支持計劃···················15

1.4.6 其他支持資源·············16

1.4.7 主要考試資源·············16

1.5 本章小結························16

1.6 考試要點························16

1.7 復習題···························18

第Ⅱ部分 監控和報告工具

第2 章 Amazon CloudWatch ·········23

2.1 AWS 監控·······················24

2.1.1 監控是事件驅動的·······24

2.1.2 監控是可定製的··········25

2.1.3 監控可以驅動操作·······26

2.2 CloudWatch 的基本術語和概念······························26

2.2.1 CloudWatch 是基於指標和事件的···················26

2.2.2 警報顯示可通知的變更·························27

2.2.3 事件和CloudWatch 事件級別較低···················27

2.2.4 CloudWatchEvents 包含3 個組件····················27

2.2.5 在警報和事件之間選擇·························27

2.2.6 什麽是命名空間··········28

2.2.7 到第10 層維度············28

2.2.8 統計聚合指標·············29

2.3 監控計算能力··················29

2.3.1 EC2 實例指標·············29

2.3.2 EC2 EBS 指標·············30

2.3.3 ECS 指標···················31

2.4 存儲監控························31

2.4.1 S3 指標·····················31

2.4.2 RDS 指標··················32

2.4.3 DynamoDB2 指標········32

2.5 CloudWatch 警報···············33

2.5.1 創建一個警報閾值·······33

2.5.2 發出警報···················34

2.5.3 響應警報···················34

2.6 CloudWatch 事件···············34

2.6.1 事件·························35

2.6.2 規則·························35

2.6.3 目標·························35

2.7 本章小結························36

2.8 復習資源························36

2.9 考試要點························37

2.10 練習·····························37

2.11 復習題··························43

第3 章 AWS Organizations············47

3.1 管理多賬戶·····················47

3.1.1 AWS Organizations 整合用戶管理···················48

3.1.2 AWS Organizations 合並賬單·························48

3.2 AWS Organizations 核心概念······························49

3.2.1 組織是一個賬戶的集合·························49

3.2.2 組織擁有一個主賬戶····49

3.2.3 跨賬戶管理組織單位····50

3.2.4 使用服務控制策略·······51

3.3 AWS Organizations 與合並計費······························53

3.3.1 合規性的優勢·············53

3.3.2 AWS Organizations優於標記···················53

3.4 本章小結························53

3.5 考試要點························54

3.6 練習······························54

3.7 復習題···························56

第4 章 AWS Config························59

4.1 管理配置更改··················60

4.1.1 關於持續···················60

4.1.2 本地解決方案·············61

4.1.3 雲中的配置················61

4.2 AWS Config 用例··············62

4.2.1 中央配置管理·············62

4.2.2 審計跟蹤···················63

4.2.3 作為安全的配置··········64

4.3 AWS Config 規則和應答·····64

4.3.1 規則是理想的配置·······64

4.3.2 配置項表示特定配置····65

4.3.3 評估規則···················65

4.4 AWS Config 還是AWS CloudTrail ·······················67

4.5 本章小結························68

4.6 復習資源························68

4.7 考試要點························68

4.8 練習······························69

4.9 復習題···························74

第5 章 AWS CloudTrail ··················79

5.1 API 日誌是數據的跟蹤·······79

5.1.1 跟蹤到底是什麽··········80

5.1.2 CloudTrail 流程···········82

5.2 CloudTrail 作為監控工具·····83

5.2.1 查看CloudTrail 日誌·····83

5.2.2 將CloudTrail 和SNS連接在一起················84

5.2.3 有時CloudTrail 處理權限·························84

5.3 本章小結························85

5.4 復習資源························85

5.5 考試要點························85

5.6 練習······························86

5.7 復習題···························90

第Ⅲ部分 高可用性

第6 章 Amazon RelationalDatabase Service ···············95

6.1 使用Amazon RDS 創建數據庫···························95

6.1.1 Amazon RDS 對比你自己的實例················96

6.1.2 所支持的數據庫引擎····97

6.1.3 數據庫配置和參數組····98

6.1.4 Amazon RDS 可擴展性······················99

6.2 Amazon RDS 的主要功能·· 100

6.2.1 擴展Amazon RDS實例······················ 100

6.2.2 備份Amazon RDS實例······················· 100

6.2.3 保護Amazon RDS 實例安全······················· 101

6.3 多AZ 配置····················· 101

6.3.1 創建一個多AZ 部署··· 101

6.3.2 故障轉移到從屬實例··· 102

6.4 讀副本························· 103

6.4.1 復制到讀副本··········· 103

6.4.2 連接到讀副本··········· 104

6.4.3 讀副本的要求和限制······················· 104

6.5 Amazon Aurora ··············· 104

6.5.1 Aurora 捲················· 105

6.5.2 Aurora 副本·············· 105

6.6 本章小結······················ 105

6.7 復習資源······················ 105

6.8 考試要點······················ 106

6.9 復習題························· 107

第7 章 自動縮放····························111

7.1 自動縮放的術語和概念···· 112

7.1.1 自動縮放組·············· 112

7.1.2 縮小和放大·············· 112

7.1.3 EC2 以外的縮放········ 113

7.1.4 最小容量、最大容量和預期容量················· 114

7.1.5 自動縮放組的自動縮放······················· 114

7.1.6 自動縮放實例需要維護······················· 115

7.2 啟動配置······················ 116

7.2.1 EC2 實例是啟動配置模板······················· 116

7.2.2 一個自動縮放組擁有一個啟動配置··········· 117

7.2.3 啟動模板:版本化的啟動配置················· 117

7.3 自動縮放策略················ 117

7.3.1 手動縮放················· 117

7.3.2 計劃縮放················· 118

7.3.3 動態縮放················· 118

7.3.4 冷卻期···················· 119

7.3.5 實例按序終止··········· 119

7.4 當自動縮放失敗時·········· 120

7.5 本章小結······················ 121

7.6 復習資源······················ 121

7.7 考試要點······················ 122

7.8 練習···························· 122

7.9 復習題························· 125

第Ⅳ部分 部署和供給

第8 章 中央、分支和堡壘主機·····131

8.1 VPC 夥伴······················ 131

8.1.1 瞭解中央-分支架構的用例······················· 133

8.1.2 跨多個區域使用VPC夥伴連接 (區域間夥伴網絡) ······················ 133

8.2 堡壘主機······················ 134

8.2.1 堡壘主機使用架構····· 134

8.2.2 堡壘主機選項··········· 135

8.3 本章小結······················ 136

8.4 復習資源······················ 136

8.5 考試要點······················ 136

8.6 練習···························· 137

8.7 復習題························· 144

第9 章 AWS Systems Manager ····149

9.1 介紹AWS SystemsManager························ 149

9.1.1 與AWS Systems Manager進行通信················· 150

9.1.2 AWS 受管實例·········· 151

9.1.3 AWS 資源組············· 152

9.1.4 運用AWS Systems Manager 執行操作····· 152

9.2 本章小結······················ 156

9.3 復習資源······················ 156

9.4 考試要點······················ 157

9.5 練習···························· 157

9.6 復習題························· 163

第Ⅴ部分 存儲和數據管理

第10 章 Amazon Simple Storage Service(S3)····················· 169

10.1 對象存儲和Amazon S3 ··· 170

10.2 可用性和持久性············ 172

10.3 S3 中的數據安全和保護··························· 174

10.3.1 訪問控制·············· 174

10.3.2 版本控制·············· 176

10.3.3 加密···················· 177

10.4 Amazon Glacier ············· 178

10.5 S3 生命周期管理··········· 179

10.6 存儲網關····················· 179

10.7 本章小結····················· 180

10.8 復習資源····················· 180

10.9 考試要點····················· 181

10.10 練習························· 181

10.11 復習題······················ 185

第11 章 Elastic Block Store(EBS)······························ 189

11.1 瞭解塊存儲和EBS········· 189

11.1.1 EBS 存儲類型········ 190

11.1.2 EBS 對比實例存儲···················· 192

11.2 加密EBS 捲················· 192

11.3 EBS 快照····················· 194

11.4 本章小結····················· 194

11.5 復習資源····················· 194

11.6 考試要點····················· 195

11.7 練習··························· 195

11.8 復習題························ 197

第12 章 Amazon Machine Image(AMI)·······························201

12.1 Amazon Machine Images(AMIs)························ 202

12.2 AMI 存儲···················· 204

12.3 AMI 安全···················· 204

12.3.1 啟動權限·············· 205

12.3.2 加密···················· 205

12.4 在區域間移動AMIs ······· 205

12.4.1 AWS 管理工作台···· 205

12.4.2 AWS CLI ·············· 206

12.5 常見的AMI 問題··········· 206

12.6 本章小結····················· 207

12.7 復習資源····················· 207

12.8 考試要點····················· 208

12.9 練習··························· 208

12.10 復習題······················ 210

第Ⅵ部分 安全性與合規性

第13 章 IAM ·································215

13.1 共擔責任模型:雲安全入門··························· 215

13.2 IAM 組件···················· 216

13.2.1 用戶···················· 216

13.2.2 組······················· 217

13.2.3 角色···················· 217

13.2.4 策略···················· 217

13.3 管理IAM ···················· 220

13.3.1 管理口令·············· 220

13.3.2 管理訪問密鑰········ 221

13.3.3 保護訪問密鑰········ 222

13.4 保護AWS 賬戶············· 222

13.4.1 保護根賬戶··········· 222

13.4.2 IAM 最佳實踐······· 223

13.4.3 Trusted Advisor······· 223

13.5 其他身份服務··············· 224

13.5.1 Cognito ················ 224

13.5.2 聯邦···················· 224

13.5.3 AWS KMS ············ 224

13.6 本章小結····················· 224

13.7 復習資源····················· 225

13.8 考試要點····················· 225

13.9 練習··························· 226

13.10 復習題······················ 229

第14 章 報告和日誌····················· 233

14.1 AWS 中的報告和監控····· 233

14.2 AWS CloudTrail············· 234

14.2.1 對所有區域使用跟蹤·················· 235

14.2.2 管理事件·············· 235

14.2.3 數據事件·············· 236

14.2.4 但是你說過CloudTrail是免費的·············· 237

14.3 Amazon CloudWatch ······· 237

14.3.1 Amazon CloudWatch警報···················· 238

14.3.2 Amazon CloudWatch日誌···················· 239

14.3.3 Amazon CloudWatch事件···················· 240

14.3.4 Amazon CloudWatch儀表板················· 240

14.4 AWS Config ················· 241

14.5 本章小結····················· 241

14.6 復習資源····················· 241

14.7 考試要點····················· 242

14.8 練習··························· 243

14.9 復習題························ 246

第15 章 附加安全工具··················249

15.1 Amazon Inspector··········· 249

15.2 Amazon GuardDuty ········ 251

15.3 本章小結····················· 252

15.4 復習資源····················· 252

15.5 考試要點····················· 253

15.6 練習··························· 253

15.7 復習題························ 257

第Ⅶ部分 網絡

第16 章 虛擬私有雲(VPC)············263

16.1 瞭解AWS 網絡············· 264

16.1.1 CIDR 介紹············ 264

16.1.2 VPC ···················· 265

16.1.3 子網···················· 266

16.1.4 路由表················· 267

16.1.5 互聯網網關··········· 268

16.1.6 NAT 網關和實例···· 268

16.1.7 VPC 端點············· 271

16.1.8 與外部連接··········· 272

16.2 保護網絡安全··············· 273

16.2.1 安全組················· 273

16.2.2 網絡訪問控制列表(NACL) ················ 274

16.3 排查網絡問題··············· 275

16.3.1 VPC 流日誌·········· 275

16.3.2 其他資源·············· 275

16.4 本章小結····················· 275

16.5 復習資源····················· 276

16.6 考試要點····················· 277

16.7 練習··························· 278

16.8 復習題························ 281

第17 章 Route 53 ························285

17.1 域名系統····················· 286

17.2 Amazon Route 53 ··········· 287

17.2.1 Amazon TrafficFlow···················· 288

17.2.2 AWS 私有DNS ······ 288

17.3 路由策略····················· 289

17.3.1 簡單路由策略········ 289

17.3.2 故障轉移路由策略··· 289

17.3.3 地理定位路由策略·· 290

17.3.4 地理鄰近路由策略··· 291

17.3.5 基於延遲的路由策略···················· 291

17.3.6 多值應答路由策略··· 291

17.3.7 權重路由策略········ 292

17.4 健康檢查和故障轉移······ 293

17.5 本章小結····················· 294

17.6 復習資源····················· 294

17.7 考試要點····················· 294

17.8 練習··························· 295

17.9 復習題························ 298

第Ⅷ部分 自動化和優化

第18 章 CloudFormation ·············303

18.1 IaaS 簡介····················· 303

18.2 CloudFormation 模板······ 304

18.3 AWSTemplateFormat-Version························ 304

18.3.1 描述···················· 305

18.3.2 元數據················· 305

18.3.3 參數···················· 305

18.3.4 映射···················· 305

18.3.5 條件···················· 306

18.3.6 轉換···················· 306

18.3.7 資源···················· 307

18.3.8 輸出···················· 307

18.4 創建和定製堆棧············ 307

18.4.1 參數···················· 308

18.4.2 輸出···················· 308

18.5 改進模板····················· 308

18.5.1 內置函數·············· 309

18.5.2 映射···················· 310

18.5.3 偽參數················· 310

18.6 CloudFormation 模板存在的問題··························· 310

18.7 本章小結····················· 311

18.8 復習資源····················· 311

18.9 考試要點····················· 311

18.10 練習························· 312

18.11 復習題······················ 313

第19 章 Elastic Beanstalk ············317

19.1 什麽是Elastic Beanstalk ··· 317

19.1.1 平臺和語言··········· 318

19.1.2 創建自定義平臺····· 319

19.2 Elastic Beanstalk 更新····· 322

19.2.1 一次性部署··········· 323

19.2.2 滾動部署·············· 323

19.2.3 帶有額外批處理的滾動部署·············· 323

19.2.4 不可變部署··········· 323

19.3 使用藍/綠部署測試應用··· 324

19.4 配置Elastic Beanstalk ····· 324

19.5 保護Elastic Beanstalk ····· 325

19.5.1 數據保護·············· 325

19.5.2 身份和訪問管理····· 326

19.5.3 日誌和監控··········· 326

19.5.4 合規···················· 326

19.5.5 彈性恢復·············· 326

19.5.6 配置和漏洞分析····· 326

19.5.7 安全最佳實踐········ 327

19.5.8 對Elastic Beanstalk 使用安全最佳實踐········ 327

19.6 Elastic Beanstalk CLI······· 327

19.7 Elastic Beanstalk 排錯····· 328

19.8 本章小結····················· 328

19.9 復習資源····················· 329

19.10 考試要點··················· 329

19.11 練習························· 329

19.12 復習題······················ 331

復習題答案······································335