AWS Certified Solution Architect Professional Mind Maps

Domain 1: Design for Organizational Complexity 12.5%
Domain 2: Design for New Solutions 31%
Domain 3: Migration Planning 15%
Domain 4: Cost Control 12.5%
Domain 5: Continuous Improvement for Existing Solutions 29%

{Please note it is still in draft phase. I am planning to add more content to this page in future}

  1. Design for New Solutions
    1. Security
      1. DDOS
      2. CloudHSM
      3. AWS Shield
      4. AWS Key Management
      5. VPC Peering
      6. NACL
      7. VPN , Direct Connect
    2. Maintainance
    1.  Performance
      1. Elastic Network Interface
      2. Enhance Networking
      3. Placement Group
    2. Providing more than one benefits
      1. VPC End Point (improve security, performance, cost-saving as well)
    3.  Miscellaneous
      1. Load Balancer
      2. API Gateway
      3. Kinesis
      4. Route 53
      5. NAT Gateway
      6. RDS
      7. ECS
      8. EFS
      9. SQS
      10. Autoscaling
      11. NoSQL
        1. DynamoDb
  2. Continuous Improvement for Existing systems
    1. Lambda
    2. API Gateway
    3. S3
  3. Design for Organizational Complexity
    1. Maintaiance
      1. Logging
        1. CloudWatch Logs
        2. CloudTrail
        3. VPCFlow Logs
        4. AWS Config


Compare AWS with Azure networking

AWS Azure Important Notes
1 Virtual private cloud (VPC) Virtual Network
2 Subnet Virtual subnet In AWS subnet is specific to Availability zone i.e. one to one relationship between AZ and subnet

but in Azure we can have subnet span across multiple Availability zone i.e. One subnet can be mapped to multiple to AZ.

Access control      
3 Network access control list (NACL) NACL is stateless in AWS.

Azure don’t have any substitute for it.

4 Security group Network security group
  • Both are stateful.
  • Network security group can be applied to VM or subnet.
  • When applied to a subnet it is still enforced at the vmNIC. It is not edge device.
  • Lowest priority means higher in priority.
Load Balancer      
5 AWS Elastic load balancer Azure load Balancer
  • App gateway also has optional web application firewall components.
  • Both load balancers have health check mechanism to avoid sending traffic if any VM is not up.
  • Elastic load balancer and azure load balaner both are type 4 load balancer
  • AWS application load balancer and Azure APP Gateway both are type 7 load balancer.
6 AWS Application load balancer Azure APP Gateway
connect other networks on premises or in cloud      
7 VPC Peering Virtual network peering
9 Direct Connect Express route (Dedicated Connection)
10 Route53 Azure DNS
  1. In AWS Route 53 provide both
  2. DNS hosting services
  3. Endpoint balancing.
  4. Azure DNS Provide DNS zone hosting service.
  5. Azure traffic manager Provide DNS based service balancing.
  6. It can load balance based on (Requesting user (based on latency , Round robin ,Failover Geography)
  7. Targets can be VM in azure, PaaS Service, Other Traffic manager instances, On Premises services.
11 Azure Traffic Manager

Cheat Sheet-Amazon Web Services – Networking -Route 53


  • Route 53 is AWS’s proprietary DNS service.
  • AWS written Route 53 from scratch i.e. do not use any code base, service for implementation.
  • What is DNS?
  • It can be consider as Domain names to IP mapping.
  • It is helpful for converting human friendly domain names into IP addresses by machines.
  • Why Route 53 name for AWS DNS?

By default DNS use default port 53 for TCP or UDP for communication.

  • Route 53 is global service not specific to any AWS Region.
  • It has API which help us to programmatically perform various operations.

Important Concepts for DNS

IP address types

  • IPv4
  • Represent 32 bit i.e. nearly 4 billion IPv4 addresses
  • IPv6
  • Represent 128 bit
  • Need: – every time when we add new device on internet we need to represent it with some unique identifier. As more and more devices available on internet and due to IOT devices we ran out of IPv4 addresses. IPv6 help us to resolve this IP scarcity issue.
  • Till Dec 2016 AWS don’t support IPv6

Domain registrar

  • Domain registrar is authority which ensure uniqueness of domain names to avoid duplication
  • Domains are registered with InterNIC and WhoIs database
  • Example of domain registrar
    • GoDaddy
    • Recently Amazon became domain registrar hence become bit easier to work with DNS


  • Indicates Time to live
  • It indicates amount of time DNS record cached on resolving server or user’s own PC.
  • It represented in seconds
  • Example :- whenever we request any specific domain name then our PC will check if it has address associated with this domain or not. If not then it will fetch it from resolving server. As soon as our PC receive IP associated with domain name it will cache that specific IP for time period of TTL. For next request our local PC will request it from cache and not from resolving server.
  • Caveat for DNS migration :- if we are adding additional
  • A record or
  • additional service to our production website
  • or moving application to AWS
  • Then many websites reduce TTL record to 300 seconds so that changes replicated across all client machines and then wait for previous TTL period.
  • If we don’t do this then few of our client request will go to old site while other go to new site.
  • Many applications have TTL by default for 2 days.


  • We cannot use Route 53 to configure instances on premises.
  • We can support on premises DNS to support Amazon VPC.

DNS Records supported by Route 53

A Address Record

§ Used by machine to translate the name of domain to IP addresses

§  Usually one domain name mapped to multiple IP addresses.

AAAA IPv6 Address Record.
PTR Pointer Record

It is exact opposite of A record i.e. it will provide domain name when IP address is provided.


Reverse lookup i.e. fetching domain from IP
Example for YAHOO IP address


NS Name Server Record

It is used by top level domain servers to direct traffic to the content DNS server.

SOA Start of authority record.

§   It is very first Name server for our domain name.

§   It gives majority of information for our domain


CNAME Canonical Record Name

§   It is used to resolve one domain name to another domain.

§   A record points to IP address but CName points to another domain.

§   E.g. and both point to same application.


Alias ·         This term is specific to AWS


  • Need for Alias
  • The problem is with a cname you cannot use the cname in the “apex” of a domain. Meaning cannot point to a cname. But can.
  • Difference between CNAME and Alias
  • Both Alias and CNAME points to different DNS record.
  • CNAME cannot be used for Zone Apex record (naked domain names)
  • They differ from a CNAME record in that they are not visible to resolvers. Resolvers only see the A record and the resulting IP address of the target record.
What is mean by Naked domain name?
Internet domain name without www or subdomain is known as Naked domain name. is naked domain

but is not naked domain.

Other record types

  • CAA (certification authority authorization)
  • MX (mail exchange record)
  • NAPTR (name authority pointer record)
  • SPF (sender policy framework)
  • SRV (service locator)
  • TXT (text record)

Routing Policies


  • It is default routing policy
  • We can associate A record with multiple IP addresses
  • Requests are handled in round robin fashion
  • Does not perform health check hence if any issue occurred with instance then user will get error message.


  • Similar to Simple routing policy with following difference
  • Use to route traffic to multiple resources in proportions that you specify. E.g. if we have three servers then we can set policy to route 50% traffic to first server, 40 % to second server and remaining 10% to third server.
  • Use cases
  • We are having servers of different capacity in that case we can use this policy i.e. routing most of the traffic to server with higher capacity.
  • In few scenarios we might need to get early feedback from customer for newly developed UI. In that scenario we can use this strategy.



  • When our system used from multiple geographic location and our system is also present in multiple AWS regions then this strategy used.
  • Route traffic to the resource that provides the best latency.


  • Use when you want to configure active-passive failover.
  • Route 53 will perform health check. If health check fails for primary site then it will route traffic to secondary site.


  • Use when we are having application catering to customers all over the world.
  • Consider we are having AWS environment in Europe and Asia and If we set this routing policy then users from Netherlands can route requests to Application customized for Dutch. If someone is coming from India then AWS will route request for application customized for India based users.



Amazon Web Services – Storage

This mind map highlight various storage types and supported services in AWS



Mind map for simple storage service(S3)

simple_storage_service (1)


Mind map for cloud front



Mind map for block storage supported by AWS



%d bloggers like this: