Domain 2: Network Implementation (26% of the exam content) - AWS Certification
Task 2.1: Implement routing and connectivity between on-premises networks and the CloudTask 2.2: Implement routing and connectivity across multiple accounts, Regions, and VPCs to support different connectivity patternsTask 2.3: Implement complex hybrid and multi-account DNS architecturesTask 2.4: Automate and configure network infrastructure

Domain 2: Network Implementation (26% of the exam content)

This domain accounts for 26% of the exam content.

Task 2.1: Implement routing and connectivity between on-premises networks and the Cloud

Knowledge of:

  • Routing protocols (for example, static, dynamic)

  • VPNs (for example, security, accelerated VPN)

  • Layer 1 and types of hardware to use (for example, Letter of Authorization [LOA] documents, colocation facilities, Direct Connect)

  • Layer 2 and layer 3 (for example, VLANs, IP addressing, gateways, routing, switching)

  • Traffic management and SD-WAN (for example, Transit Gateway Connect)

  • DNS (for example, conditional forwarding, hosted zones, resolvers)

  • Security appliances (for example, firewalls)

  • Load balancing (for example, layer 4 compared with layer 7, reverse proxies, layer 3)

  • Infrastructure automation

  • Organizations and Resource Access Manager ( RAM) (for example, multi-account Transit Gateway, Direct Connect, Amazon VPC, Route 53)

  • Test connectivity (for example, Route Analyzer, Reachability Analyzer)

  • Networking services of VPCs

Skills in:

  • Configuring the physical network requirements for hybrid connectivity solutions

  • Configuring static or dynamic routing protocols to work with hybrid connectivity solutions

  • Configuring existing on-premises networks to connect with the Cloud

  • Configuring existing on-premises name resolution with the Cloud

  • Configuring and implementing load balancing solutions

  • Configuring network monitoring and logging for services

  • Testing and validating connectivity between environments

Task 2.2: Implement routing and connectivity across multiple accounts, Regions, and VPCs to support different connectivity patterns

Knowledge of:

  • Inter-VPC and multi-account connectivity (for example, VPC peering, Transit Gateway, VPN, third-party vendors, SD-WAN, multi-protocol label switching [MPLS])

  • Private application connectivity (for example, PrivateLink)

  • Methods of expanding networking connectivity (for example, Organizations, RAM)

  • Host and service name resolution for applications and clients (for example, DNS)

  • Infrastructure automation

  • Authentication and authorization (for example, SAML, Active Directory)

  • Security (for example, security groups, network ACLs, Network Firewall)

  • Test connectivity (for example, Route Analyzer, Reachability Analyzer, tooling)

Skills in:

  • Configuring network connectivity architectures by using services in a single-VPC or multi-VPC design (for example, DHCP, routing, security groups)

  • Configuring hybrid connectivity with existing third-party vendor solutions

  • Configuring a hub-and-spoke network architecture (for example, Transit Gateway, transit VPC)

  • Configuring a DNS solution to make hybrid connectivity possible

  • Implementing security between network boundaries

  • Configuring network monitoring and logging by using solutions

Task 2.3: Implement complex hybrid and multi-account DNS architectures

Knowledge of:

  • When to use private hosted zones and public hosted zones

  • Methods to alter traffic management (for example, based on latency, geography, weighting)

  • DNS delegation and forwarding (for example, conditional forwarding)

  • Different DNS record types (for example, A, AAAA, TXT, pointer records, alias records)

  • DNSSEC

  • How to share DNS services between accounts (for example, RAM)

  • Requirements and implementation options for outbound and inbound endpoints

Skills in:

  • Configuring DNS zones and conditional forwarding

  • Configuring traffic management by using DNS solutions

  • Configuring DNS for hybrid networks

  • Configuring appropriate DNS records

  • Configuring DNSSEC on Route 53

  • Configuring DNS within a centralized or distributed network architecture

  • Configuring DNS monitoring and logging on Route 53

Task 2.4: Automate and configure network infrastructure

Knowledge of:

  • Infrastructure as code (IaC) (for example, Cloud Development Kit [ CDK], CloudFormation, CLI, SDK, APIs)

  • Event-driven network automation

  • Common problems of using hardcoded instructions in IaC templates when provisioning cloud networking resources

Skills in:

  • Creating and managing repeatable network configurations

  • Integrating event-driven networking functions

  • Integrating hybrid network automation options with native IaC

  • Eliminating risk and achieving efficiency in a cloud networking environment while maintaining the lowest possible cost

  • Automating the process of optimizing cloud network resources with IaC