I’d like to start by saying some wise words I once read somewhere, “Everyone has a plan until they get punched in the mouth” and I believe this one was said by Mike Tyson. I think it holds a lot of true.
I recently attempted the AWS Network Specialty exam, and was humbled immediately after seeing the very first 5 questions. I failed the exam and felt a bit down for a while, but to recover from it I want to make sure I work on my plan extensively, so that I don’t get punched that bad next time.
Quick advisory before we dive deep into this one, all the blog posts you will see from my website, are mainly to help me document my progress, and things that I’m working on, I have a terrible memory and this blog helps with exactly that. Readers will benefit from it, and that is a great thing!!! Follow with caution.
Talking about the Exam
Without breaking any law or any already signed NDA, I want introduce you to the Domains you will be tested on:
- Design and implement hybrid IT network architectures at scale
- Design and implement AWS networks
- Automate AWS tasks
- Configure network integration with application services
- Design and implement for security and compliance
- Manage, optimize, and troubleshoot the network
In order to break down these, it will be very difficult task as some of the Features and servicess will overlapp with multiple domains, but the exam guide, does a really good job at explaining everything.
The AWS Services that you should be preparaed to be tested on are vast, but I believe a doable and fair part of the exam. We will look into it at some point during this post.
Does the exam really go deep into Networking?
I want to say yes, and no. We Network engineers are used to more terminologies and more theory, as well as many ins and outs of why things work the way it works. Cloud Networking seems a bit more practical. Meaning that in the actual exam guide you get pointed out at concepts like Static Routes, BGP, and some of the configuration of BGP. What I consider interesting is that AWS will make sure you understand connectivity with their service, nothing else.
Word of caution!
Cloud networking is different from the traditional networking you and I have worked on, AWS Networking is also different from other cloud providers. Remember the main idea is to make the Network piece as an abstraction to services and applications. It is very important that you show up for your training with an open mind, there are things that you are used to have control over, well in Cloud it is a different story.
What are the services and concepts that I will be tested on?
- Route 53
- Direct Connect
- VPN Connectivity Site to Site
- VPCs and Subnets
- Network Specific (VLANs, 802.1Q, BGP, BFD)
- More Network Specific (Route Filtering, Route Maps, Policy Based Routing, ACLs, AS Manipulations)
- Regions and Availability Zones
- Private VIFs
- Public VIFs
- AWS Transit Gateway
- Network Optimization (Placement Groups, Enhanced Networking, ENI, ENA, EFA, EBS Optimized, MTU, Throughput to the internet)
- Understanding of Cost based on Network Design
- Cloud Formation
- Infrastructure-as-Code understanding with AWS CodeCommit
- AWS Config
- Amazon Single Nptification Service
- AWS Lambda
- Cloud Formation drift Detection
- ** Implement Overlay Network configurations dynamically using Amazon EC2 (Multicast)
- Transit Gateway to route multicast traffic between subnets of attached VPCs
- Lambda as Cloud Formation resource for integration with IPAM Software
- Cloud Formation Templates and Stacks
- ** Scripting to implement solutions for NAT/Firewalls on EC2
- Use of APIs for Network Monitoring ** AWS Config
- CloudWatch Logs
- AWS Network Manager Console
- DNS Solutions for Hybrid IT infrastructures
- Route53 Aliases
- DNS Zones (Public or Private)
- DNS Routing Strategy
- DNS Health Checks
- DNS Hosted Zones
- Understand how DHCP in AWS
- DHCP Option Sets
- Understand AmazonProvidedDNS defaults
- Load Balancers (CLB, ALB, NLB)
- Sticky Sessions
- CloudFront Distributions
- AWS Services communication with VPCs (Protocols, Ports, and Services)
- Security and Compliance
- DMZ, isolated Subnets, Management and Services Subnets
- VPC Flows
- CloudTrail for attempted/completed networking resource changes
- Security Groups, Network ACLs, IAM
- Encryption technologies to secure network communications
- AWS Key Management Service
- Data in Transit and at Rest encryption with S3, EBS, RDS and other custom solutions with EC2
- Manage, optimize, and troubleshoot the network
What is next?
The best way to learn cloud, perhaps Cloud Network and solve challenges that you may not know how to solve, is by creating and comparing Use cases, Architectures. What are the reuqirements and analyze the provided and validated designs provided.
I will be hunting for use cases that solve Connectivity issues, and will post a few as I go along in my process.
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
Started working professionally in 2003, Andres is specialized in Unified Communications and Collaboration technologies | Enterprise Networks and Network Security. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations, including Cisco technologies, such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.