Content Domain 1: Design Solutions for Organizational Complexity - AWS Certification
Task 1.1: Architect network connectivity strategiesTask 1.2: Prescribe security controlsTask 1.3: Design reliable and resilient architecturesTask 1.4: Design a multi-account AWS environmentTask 1.5: Determine cost optimization and visibility strategies

Content Domain 1: Design Solutions for Organizational Complexity

Task 1.1: Architect network connectivity strategies

Knowledge of:

  • AWS Global Infrastructure

  • AWS networking concepts (for example, Amazon Virtual Private Cloud [Amazon VPC], AWS Direct Connect, AWS VPN, transitive routing, AWS container services)

  • Hybrid DNS concepts (for example, Amazon Route 53 Resolver, on-premises DNS integration)

  • Network segmentation (for example, subnetting, IP addressing, connectivity among VPCs)

  • Network traffic monitoring

Skills in:

  • Evaluating connectivity options for multiple VPCs

  • Evaluating connectivity options for on-premises, co-location, and cloud integration

  • Selecting AWS Regions and Availability Zones based on network and latency requirements

  • Troubleshooting traffic flows by using AWS tools

  • Using service endpoints for service integrations

Task 1.2: Prescribe security controls

Knowledge of:

  • AWS Identity and Access Management (IAM) and AWS IAM Identity Center

  • Route tables, security groups, and network ACLs

  • Encryption keys and certificate management (for example, AWS Key Management Service [AWS KMS], AWS Certificate Manager [ACM])

  • AWS security, identity, and compliance tools (for example, AWS CloudTrail, AWS Identity and Access Management Access Analyzer, AWS Security Hub, Amazon Inspector)

Skills in:

  • Evaluating cross-account access management

  • Integrating with third-party identity providers

  • Deploying encryption strategies for data at rest and data in transit

  • Developing a strategy for centralized security event notifications and auditing

Task 1.3: Design reliable and resilient architectures

Knowledge of:

  • Recovery time objectives (RTOs) and recovery point objectives (RPOs)

  • Disaster recovery strategies (for example, using AWS Elastic Disaster Recovery, pilot light, warm standby, and multi-site)

  • Data backup and restoration

Skills in:

  • Designing disaster recovery solutions based on RTO and RPO requirements

  • Implementing architectures to automatically recover from failure

  • Developing the optimal architecture by considering scale-up and scale-out options

  • Designing an effective backup and restoration strategy

Task 1.4: Design a multi-account AWS environment

Knowledge of:

  • AWS Organizations and AWS Control Tower

  • Multi-account event notifications

  • AWS resource sharing across environments

Skills in:

  • Evaluating the most appropriate account structure for organizational requirements

  • Recommending a strategy for central logging and event notifications

  • Developing a multi-account governance model

Task 1.5: Determine cost optimization and visibility strategies

Knowledge of:

  • AWS cost and usage monitoring tools (for example, AWS Trusted Advisor, AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets)

  • AWS purchasing options (for example, Reserved Instances, Savings Plans, Spot Instances)

  • AWS rightsizing visibility tools (for example, AWS Compute Optimizer, Amazon Simple Storage Service [Amazon S3] Storage Lens)

Skills in:

  • Monitoring cost and usage with AWS tools

  • Developing an effective tagging strategy that maps costs to business units

  • Understanding how purchasing options affect cost and performance