Over the last year, many have asked me about how certifications relate to roles and responsiblities within an organization and if they should choose the Solutions Architect certification.

Here's the way I'll put it. A Solutions Architect is ideally meant to be for a 'Systems Architect'. Someone who knows which 1 & 1 to put together to make 2. This know-how comes from years of working in different areas of tech like storage, networks, databases etc.  And a DevOps is ideally supposed be the person that actually makes that possible by doing the development & integration of those 1s to get 2.

If you have been following so far, you would see that a Solutions Architect is more of a hands off role designing the solutions but not necessarily doing the implementation rather supervising it. Granted that nowadays many organizations especially startups have mixed roles regardless of your actual designation or certification, a Solutions Architect has multiple DevOps reporting/working for them where as an SA, you design & oversee implementations.

If have already crossed 8+ yrs of experience in IT in roles that included different areas of tech, then go for the Solutions side as your future with regards to jobs will otherwise be along the lines of Individual Contributor. Solutions side will eventually open up roles into project management and higher executive business roles. DevOps side after those many years would sometimes mean you have to take a step down/salary cut to build up your career again as it's highly competitive and require eyes closed coding skills. But this can be highly rewarding if you are the person that gets satisfaction from getting their hands dirty and actually building things. IC roles will be what you most likely fit into for the rest of your career if you choose this route.

The individual certifications like ML, DB etc. are in it's true form meant for those who are going to be working on the actual implementation, i.e developer/admins. As an Solutions Architect, it will add credibility for you to design solutions in that area but not a requirement since you are only designing the solution, not implementing it.

What are your thoughts on this?

Hi All,

We have created 14 weeks of Bootcamp to prep for AWS Solution Architect Associate Certification with hands demo. Please follow the below Youtube playlist

Playlist Link: https://youtube.com/playlist?list=PLs8Ya...ks2bbXdO0w.

Greetings!

This is my first post on this forum.  I'm relatively new to AWS and am setting up an S3 Bucket for a static website and when trying to set an S3 Bucket Policy generated from the policy generator, I am getting an error:


Unknown Error
An unexpected error occurred.

*API Response
Invalid principle in policy

Here is the JSON script I am using from out of the policy generator.  Note: I pasted into Notepad and recopied first for formatting purposes:

{
  "Id": "Policy1657559771298",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1657559769311",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws3:::continuous-improvement.org",
      "Principal": {
        "AWS": [
          "admin-w"
        ]
      }
    }
  ]
}


Please let me know if you have any ideas...

I'm creating my first website on AWS, and using S3 for the task.  I'm hoping to get through the process without a hitch, but may lean on the community for tuning recommendations, among other things.

Glad to see an active community out there for AWS!

AWS User Group Hyderabad will be hosting 15min sessions on Fridays which will be demo sessions with a quick walk-through on how it's done.

The first session will be around using AWS IoT to control a Lamp using ESP32 Micro Controller.

Friday, July 23rd 8:30PM IST

Official Site Registration: https://bit.ly/3ejWGN5
Meetup Site: https://bit.ly/36FtPhW
Join the clubhouse group: https://bit.ly/3xKJDvW


Users registering on the site will have the opportunity to claim goodies in the near future.

Hi guys, got the below message earlier, is there any way to turn off these alerts and make sure that I dont receive the alert below 

Hello AWS VPN Customer,

You're receiving this message because you have at least one VPN Connection in the eu-west-1 Region, for which your VPN Customer Gateway is not using both tunnels. This mode of operation is not recommended as you may experience connectivity issues if your active tunnel fails.

The VPN Connection(s) which do not currently have both tunnels established are:

VPN xxxx Number 


You can obtain the VPN Connection configuration recommendations for several types of VPN devices from the AWS Management Console [1]. On the "Amazon VPC" tab, select "VPN Connections". Then highlight the VPN Connection and choose "Download Configuration".

For Static VPNs, enabling both tunnels may lead to asymmetric routing, which will need to be permitted by your Customer Gateway Device. For configuration options, please refer to your vendor specific documentation.

This notice will be sent regularly until both tunnels are established. For assistance in establishing your second tunnel, or to opt-out of these notifications, please contact AWS Premium Support [2].

[1] https://console.aws.amazon.com
[2] https://aws.amazon.com/support

Sincerely,
The AWS VPN Team

A few days ago someone asked what is the difference between these services as their functionality looks very similar on the surface. Below is a short write up I did to help bring some clarity for those who are still new to AWS.

1. Route53 Geolocation Policy

This routing policy is specifically used if you always want users from a certain location i.e a country, continent or in the case of US, a specific state to be always given an IP of the same environment/region, everytime. This is used for content localization, for example if you want people from Europe to only access an environment/region that hosts content that is local/relevant to that region. Think of this like when you open youtube from different parts in the world, you see content related to that region on the home page.

   

This means that unless you have setup a failover route as well for the same FQDN using traffic policy inside Route53, then if that region fails, the users will get failure screens with 4xx errors. Also, if your DNS record TTL values are high i.e >300, then there is a possibility that even though your environment might have recovered from a failure using new endpoint IPs, existing users who might already have a failed environment IP will still get the failure as DNS changes can take a long time to propogate fully.


2. Cloudfront

This is specifically used only for speeding up the delivery of your content. It caches your content on the global edge locations, and it does not route repeated requests to your environment, which means if you make changes, then you have to wait till you invalidate the cache across the globe for the new content to replace old one. Also, the source is a single point, so in cases of that environment failing or a region failing, no new content can be delivered to users while your env is down. The advantage is ofcourse that you do not need to run high capacity servers because lesser requests are hitting your origin servers or lesser API requests hitting your S3 buckets. CloudFront supports only HTTP & HTTPS requests.

   


3. Global accelerator

This service does not cache your content like CloudFront. It basically wants your users from anywhere in the world to jump onto the AWS network at their closest point and then get shot through the AWS global network to reach the closest environment/region where you have running resources. This is much faster than traversing the normal submarine cables which offer no guaranteed QoS and are plagued by bandwidth throttling courtesy telcos. The only similarity with CloudFront is that it makes use of edge locations to let your customers into the AWS global network.

Unlike cloudfront, you can use a wide range of TCP & UDP listener ports and you can have multiple regions behind your GlobalAccelerator which means higher availability. Also, since it provides anycast IPs, all your environments regardless of region and number of environments will have 2 global IPs which means any third party provider integration, you do not need to be hassled with multiple IPs and also whitelisting on firewalls by others becomes a breeze. Also, failovers are much more quicker since there is no DNS propagation to wait for. All in all, this will greatly reduce latency without need for caching any content. Super useful for use-cases like live gaming.



Global Accelerator Image source: https://aws.amazon.com/blogs/networking-...celerator/

Hi
I am new to AWS and this forum so bear with me please.
I am testing ELB ( network ) to 2 EC2 instances and noticed no logs are created in my S3 bucket even when i enable logging on the load balancer. Is anybody aware that the ELB events will log with normal ELB ( network ) not using TLS ? I cant find the answer to this anywhere
Thanks in advance
Kind Regards
Mac

Hi Everyone
Thanks for having me. I live in North West UK and am a network security engineer by trade all on premises infrastructure. I want to learn AWS, get certified and eventually work with AWS.
This seems a fantastic forum and i hope to be an active participant and help where i can.
Best wishes to all.
Mac

When I started out posting updates here about 2 years ago, what I underestimated was the pace of change at AWS. The number of weekly updates became so huge that it soon became out of scope to be updated here regularly.

Since then, there has been large improvements in how AWS puts out information about updates which has made putting updates here redundant. Going forward, I would request all users to use the below Official AWS blog link to see all the updates in a single location.

AWS Only Updates: https://aws.amazon.com/blogs/aws/

AWS + Ecosystem & Partner updates: https://aws.amazon.com/blogs/

Hope this helps!