- AWS Cloud Practioner
- Where you can take this exam ?
- Exam Guide
- What is Cloud Computing
- Benefits of the cloud computing
- Types of Cloud Computing
- Cloud Computing Models
- AZs(Availability Zones)
- Edge Locations (Get Data Fast or Upload Data Fast)
- Gov Cloud
- EC2 Instances
- AMI (Amazon Machine Image)
- Elastic Load Balancer
- S3 Buckets
(Relational Database Service)
- AWS Lambda
- EC2 Pricing Models
- Billing and Pricing
- AWS Networking
- AWS Compute Services
- AWS Storage Services
- AWS Business Centric Services
- AWS Enterprise Integration
- AWS Logging Services
- Most Common
- AWS Security
- Amazon Guard Duty Service
- KMS (Key Management System)
- Amazon Macie
- Security Groups VS NACLs(Network Access Control Lists)
- AWS VPN(Virtual Private Network)
- Same Name But Different Services (Don't Get Confused)
- AWS Connect Services
- Elastic Transcoder VS AWS Elemental MediaConvert
This certification is mostly used by people to get the understanding of the
You can take this exam on Pearson VUE online.
- This cost $100
- 90 mins
- 65 Questions
- 70% passing score
- Valid for 3 years.
This is what exam mostly comprises of
- Cloud Concepts
- Billing & Pricing
We have total of
65 questions and most of them are
mutiple choice or
multiple response questions.
Its the practice of using a network of remote servers hosted on the internet to store,manage and process data rather using a local server or personal computer.
- No upfront costs such as paying for server. You can Pay On Demand.
- Economies of sale you can simply save alot of money since there are so many people using the cloud.
- You can scale up or scale down based on your need.
- With few clicks of a button your service is deployed.
- No more maintenance costs.
- Go global in few minutes since there are global regions where cloud servers are hosted.
SaaS--> Software as a Service. Basically a complete product that is ran and managed by the service provider.(Examples: Salesforce,Gmail,GoogleDocs)
PaaS--> Platform as a Service. Focusing on deploying applications without worrying about managing the infrastructure. (Examples: Heroku,Netlify and etc)
IaaS--> Infrastructure as a Service. The building blocks of the IT. Providing computers access and storage needs and etc. (Examples: AWS,GCP and Azure).
- Cloud (Fully hosted on Cloud such as startups)
- Hybrid (On-Premise and Public Cloud such as Banks)
- On-Premise (On Private Cloud where sensitive data is being stored).
- There over a million active customers using
- there are total
22Geographic Regions around the world.
Regions--> physical location with multiple availabilty zones.
Availability Zones(AZ)--> one or more discrete data locations.(owned by aws)
Edge Locations--> data center owned by trusted partner of
- A geographically distinct location with multiple data centers.
- Each region has two
US-EAST(North Virginia)is the largest
AWSregion and services almost always become available first in this region.
- Not all services are available in the all regions.
US-EAST-1is where you see your billing information.
- Each Region has two AZs.
- An AZ is a data center ran and owned by AWS.
- less than 10ms latency between
- A data center owned by trusted partner of
AWSand has direct connection to the
- These location serve requests for
Route53. Requests going to either of these services will be routed to the nearest edge location automatically.
S3 Transfer accelarationand
API Gatewayendpoint also use the
AWS Edge Network.
- This allows for low latency no matter where ever you are located.
AWS service that allows customers to host sensitive Controlled
Unclassified Information or other types of workloads
- Only operated by
US Citizensor on the
- Should follow several compliance guidelines.
- In order to create a
EC2instance head over to AWS Console.
EC2and follow along. Make sure you select
Amazon Linux 2 AMIand select the type as
t2.microsince that is offered with free tier.
- Now follow along and make sure to set IAM role.
- lastly make sure you have billing alerts turned on.
- You can either use
sessions managerto get into
- You can also get to
sessions-managerby going to
sessions-manageropens a simple
bashshell that can help you access your
- You can create an image by going into
ec2management console and clicking on actions and selecting
- Basically this creates a copy that allows you launch multiple servers.
- This allows you ensure that multiple instances and multiple servers are running.
- This also allows you meet the demand of web traffic.
- In order to configure this its located in
- This allows reroute the traffic. especially when doing updates to the application.
- Its usually global and the buckets are usually region specific.
- its a block storage used to store the files.
- CloudFront is basically Cotent Delivery Network.
- It makes easier for companies to distribute there content.
- Hook it up to S3 Bucket and deliver your content around the world.
- It's used to setup a relational database (Examples: SQL,PSQL).
- Amazon aurora would be default when setting up this service
- It has auto scaling.
- Serverless framework.
- Allows you to run simple functions you can think of it as cronjobs.
E2 has four different pricing models
- Low Cost and Flexible.
- only charges per hr
- short term
- good for first time apps or prototypes.
- No upfront payment.
- Good for committed applications.
- Standard savings 75% (Cannot change the RI attributes.)
- Best for long term
- You can schedule to reserve the instances.
- there's a commitment like 1 to 3 year with AWS.
- RI's can be shared between multiple accounts.
- You can even sell your unused instances.
- You can think of it has a hotel who offers discounts to fill there spots.
- Just like hotel
awsuses similar approach to maximize the usage of there idle servers.
- There are conditions such as,
- Instances can be terminated anytime.
- If you instance gets terminated you dont get charged for partial hour of usuage.
- If you terminate an instance you will be charged for any hour that it ran.
- Good for applications feasible for very low usage.
- It provides you 90% savings.
- Its the most expensive
- Its built for tenant customers. Its more useful for large enterprises.
- Its offered both in demand and reserved.
(Identity Access Management)--> used for creating user roles.
- Auto Scaling
- Elastic Bean
- AWS Cost Explorer
NOTE: Services in bold are free but they can provision AWS Services to cost money.
- $0/month - Basic (Support Only by Email).
- $20/month - Developer (Tech Support Via Email reply within 24hrs)
- No Third Party Support.
- General Guidance only.
- $100/month - Business (Tech Support Via Chat/Phone 24/7)
- Does support third party.
- Production system down less than 1hr response time (business downtime)
- $15000/month - Enterprise (Tech Support Via Chat/Phone 24/7)
- Personal Concierge.
- TAM (Technical Account Manager)
- Response time less than 15min. (business downtime)
- A place where you will thousands of software listings from independant software vendors.
- The product is free to use or can have a charge which becomes part of the
- This advises customers on
- FREE has 7 trusted Advisor Checks
- Enterprise and Business - All trusted advisor checks.
- One Master account for all member accounts.
- Cost Explorer tool for visualizing the usage.
- It also offers volume discounts (The more you use the cheaper it gets.)
- Allows you to visualize the usage of the multiple accounts.
- First two budgets are free of charge.
- Allows you setup alerts when you exceed your limits.
- You can set three types of alerts
- Alerts supports
- You can manage budgets from
AWS Budget Dashboardor
- Get notified through email or ChatBot.
The Total Cost of Ownership calculator allows you show how much can save by shifting to
- A tool that allows you build reports for execs to show how much you can save.
- Only for approximation purposes.
- Meant for enterprises.
- Automatically provisions and configure new accounts via
Service Catalog template.
- Tags are words or phrases that act as metadata for organizing
- Resource Groups are collection of resources that share one or more tag.
- Resource Group can display following details of about a group of resource based on.
- Configuration Settings.
Prebuilt templates offered by
AWS partners that helps you deploy popular stacks on
AWS. This allows to reduce the manual effort.
It's divided into three steps.
- A reference architecture for deployment.
AWS CloudFormationtemplates that automate and configure the deployment.
- A guide explaining the architecture and implementation in detail.
This allows you to generate a detailed report of your
You'll get a spreadsheet highlighting the costs.
- Reports are stored in
- You can use
ATHENAto turn this into queryable database.
Region-> The geographic location of the network.
VPC-> An isolated space of
awswhere you can launch
AZ-> the data center of the
Security Groups-> Acts as a firewall at the instance level.
Internet Gateway-> Enables access to the internet.
NACLs-> acts as a firewall at the subnet level.
Route Tables-> determine where network traffic from your subnets are directed.
Subnets-> A logical partition of an IP network into multiple,smaller network segments.
key/valuedatabase. (Examples:Cassandra).This is really fast for read and write access.
DocumentDB-> NoSQL Document database that is compatible to
RDS-> Relational DataBase Service that supports multiple engines
MariaDB. (Most Popular DB)
AuroraDB-> MySQL (5x fast) and PSQL (3x Fast) fully managed database. (Runs 6 copies of the Database when used and more expensive DB)
Aurora Serverless-> Only runs when needed.
Neptune-> Graph DataBase.
RedShift-> Columnar Database petabyte warehouse.
Elastic Cache-> Redis or Memecached database.
Elastic BeanStalk-> Think of it as
Heroku. Its a service used for deploying and scaling the web applications and services deployed with
c++and etc (Perfect for deploying WebApps)
OpsWork-> Configuration management service that provides managed instances of
Puppet.(It has layers like tier 2 or tier 3)
CloudFormation-> IaaS , Infrastructure as Code
AWS QuickStart-> ready made templates that can launch and configure your aws compute, network, and other services.
AWS MarketPlacesA place where you can buy or sell software or services for
EC2-> Elastic Compute Cloud highly configurable server.
ECS-> Elastic Container Service
Docker As Servicehighly scalable,high performance and good for microservices.
Fargate-> You don't chose the
ec2like you might chose in
ECS. You define and
AWSwill run the service. (Like Lambda since you dont pay for EC2)
EKS-> Kuberenetes as services makes it easy to deploy ,manage and scale.
Lambda Serverless. Just upload code as function and
AWSwill run the code for you.
Elastic BeanStalk-> upload the code and it will do the rest for you. Good for developers who want to just upload there apps.
AWS Batch-> Its for Batch Processing where you can schedule
S3-> A simple storage service - Object Store (Simply Upload Files).
S3 Glacier-> low cost for storage and good for archiving the data for long term backup.
Storage Gateway-> A hybrid solution from on premisis to cloud for storage.
EBS (Elastic Block Storage)-> A hard drive in cloud you attach to
ec2instance such as
EFS (Elastic File Storage)-> file storage moutable to multiple
EC2instances at the same time.
Snowball-> A way of moving data from on premise to aws.
Snowball Edge-> 100 TB (better version and additional features).
SnowMobile-> Allows to move petabytes of data (DataCenter on Wheels).
Amazon Connect-> Cloud Based call center service you can setup in few minutes and later you can save the calls in s3 for furhter analysis.You can even route calls based on defined rules
WorkSpaces-> Secured managed
WorkDocs-> aws version of sharepoint where you can collaborate and share documents.
Chime-> Think of it as skype where you can do business calls and meetings.
awsemail service just like
Microsoft Outlook Exchangeuses
PinPoint-> For marketing campaigns for targetted sending emails and sms notifications.
SES (Simple Email Service)A cloud based email sending service used to send emails and notifications (Good for webapps that supports sending email notifications and has
HTMLformat email option)
QuickSight. Think of it as
Tableauas this allows you to visualize the data.
Direct Connect-> A dedicated Gigabit connection from on premise to aws.
Site to Site-> Connecting to on premise to aws.
Client Vpn-> Connecting a client to
Storage GatewayA hybrid storate service that enables on premise applications to use
- Good for backup.
- Disaster Recovery.
- data processing.
AD (Active Directory)An AWS directory service for Microsoft Active Directory also known as AWS Managed Microsoft AD - Enables your workloads and AWS related resources to use managed
ADin aws cloud.
CloudTrail-> a logging service that logs all the
api calls(SDK,CLIs) between
- Who created the service.
- Who spun up the
- Who launched sagemaker notebook
- Detects developer misconfigurations.
- Detects Malicious Activity.
- Automates responses.
CloudWatchA collection of multiple services. Its more like a storage solution for all the logs.
- Stores all types of the logs.
CloudWatch Metrics-> timeseries data of logs.
CloudWatch Events-> trigger event based on a condition.(Taking the snapshot of the server)
CloudWatch Alarms-> trigger notifications based on metrics.
CloudWatch Dashboard-> create visualizations based on metrics.
IAM:Identity Access Management.
S3: Simple Storage
SWF: Simple Workflow Service.
SNS: Simple Notification System.
SQS: Simple Queue Service.
SES: Simple Email Service.
SSM: Simple Systems Manager.
RDS: Relations DataBase Service.
VPC: Virtual Private Cloud.
VPN: Virtual Private Network.
CFN: Cloud Formation
WAF: Web Application Firewall.
MQ: Amazon ActiveMQ.
ASG: AutoScaling Groups.
TAM: Technical Account Manager.
ELB: Elastic Load Balancer.
ALB: Application Load Balancer.
NLB: Network Load Balancer.
EC2: Elastic Cloud Compute .
ECS: Elastic Container Service.
ECR: Elastic Container Repository.
EBS: Elastic Block Storage.
ELF: Elastic File Storage.
EMR: Elastic MapReduce.
EB: Elastic Beanstalk.
ES: Elastic Search.
EKS: Elastic Kubernetes Service.
MKS: Managed Kafka Service.
IoT: Internet of Things.
RI: Reserved Instances.
Shared Responsibility Model the customer is responsible for the security of the cloud such as securing the data and using the right configuration.
and anything the customer can't touch or get access is secured by aws. Such as Hardward,Operation of Managed Services and Global Infrastructure.
- Customer Data
- OS,Network and Firewall Configs.
- Maintaining Encryption Protocols.
- Services that
A set of internal policies and procedures of a company to comply with rules and regulations or to uphold reputation.
two most popular ones
PCI (Payment Card Data/You can readmore by googling it)
A no cost, self service portal for on demand access to AWS compliance reports.
AWS inspector is a tool that runs a security benchmarks against specific EC2 instances. The most popular one is run by
CIS (Center for Internet Security) which has
699 benchmarks.It can even inspect the network to check if there are any ports are open and running.
It allows you protect your web application against the most common exploits.
You can write your own rules that will allow the traffic based on the contents of
HTTP requests. You can use
AWS trusted secuirty partner. It can be either attached to
Application Load Balance (ALB).
Most Common Attacks Include
Sensitive Data Exposure
XML External Entities XXE
Broken Access Control
XSS Cross Site Scripting
Using Components with known Vulnerabilities
Insufficient logging and Monitoring
DDOS(Distributed Denial of Service) protection service that safeguards applications running on aws.
All AWS customers benefit from the automatic protections of AWS shield standard at no charge.
When you route your traffic through
CloudFront you are using
Protects you against
- 7 Application
- 4 Transport
- 3 Network
There's also a paid tier known as
Shield Advance and that costs
$3000/Year(upfront or Commitment).
It gives you extra protection with
24/7 support and its available on
- Amazon Route 53
- Amazon CloudFront
- AWS Global Accelarator
- Elastic IP(Amazon Elastic Compute Cloud and Netword and Load Balancer).
An authorized service that allows you simulate a cyber attack on a computer system, performed to evaluate the security of the system.
- EC2 Instances,NAT Gateways, and ELB.
- API Gateways
- AWS Lambda and Lambda@Edge function
- LightSail resources.
- DNS zone walking via Amazon Route 53 Hosted Zones.
- DoS(Denial Of Service),DDoS,Simulated DoS,Simulated DDoS.
- Port flooding
- Protocol flooding
- Request flooding
IDS: Intrustion Detection System
IPS: Intrustion Protection System
A device or software that monnitors a network or systems for malicious activity or policy violations.
Guard Duty is a threat detection service that continuously monitors for the malicious,suspicious activity and unauthorized behavior. It uses machine learning ty8111o analyze following AWS logs.
- CloudTrail Logs.
- VPC Flow Logs
- DNS logs.
It will alert you of the findings which you can automate an incident response via
CloudWatch Events or 3rd Party Software.
A managed service that makes it easy for you to create or control the encryption keys used to encrypt that data.
KMSis a multi-tenant HSM (Hardware Security Model).
- Many AWS services are intergrated to use
KMSto encrypt your data with simple checkbox.
KMSuses Envelope Encryption.
When you encrypt your data, your data is protect but you have to protect your encryption key. When you encrypt your data key with master key as an additional layer of security. READMORE
Macie is fully managed service that continuously monitors
S3 data access activity for anomalies and generates detailed alerts when it detects risk of unqthorized access or inadvertent data leaks.
It uses machine learning to analyze
It provides you with following alerts.
- Anonymized Access.
- Config Compliance
- Credential loss
- Data Compliance
- File Hosting
- Identity Enumeration
- Information Loss
- Location Anomaly
- Open Permisson
- Privilege Escalation
- Service Disruption
- Suspiscious Activity
|Security Groups||Network Access Control Lists (NACLs)|
|Acts as a firewall at the instance level.||Acts as a firewall at the subnet level|
|Implicitly denies all traffic. You create Allow rules (For Example allow an `EC2` Instance to access `port 22`)||You create `allow` and `deny` rules|
It allows you create a secure and private tunnel from your network or device to the aws global network.
AWS Site-to-Site VPN : Securely connect to on premises network or branch office site to VPC.
AWS Client VPN: Securely connect users to AWS or on premises networks.
CloudFormation: IaaS (Infrastructure as a Service) used to setup template scripting (
CloudTrail: logs all the
aws-services(who to blame).
CloudFront: CDN(Content Delivery Network),It is used to distribute the content (Such as videos,static assets and etc).
CloudWatch: a collection of multiple services
CloudSearch: search engine for your site (Ecommerce).
Direct Connect: A dedicated fiber optics connections from data center to AWS.
Lets say an enterprise want a direct connection from there on premise datacenter to aws they might use this service to connect to AWS.
If you want to add extra layer of security you might need a
Amazon Connect: Call Center Service.
Media Connect: A new version of Elastic Transcoder, Converts videos to different formats.
Lets say you have 1000 videos and you need to transcode them into different formats then this might be a useful service. You can even add watermarks and insert intro infront of every video.
|Elastic Transcoder `OldWay`||AWS Elemental MediaConvert `NewWay`
|Transcodes videos to
|Transcodes videos to
|Insert Video Clips|
|Extract captions data|
|Better and Robust UI|
They Both Connect Apps via Messages.
- It uses
PubSubmodel which is also known as publisher subscriber model.
- It sends notifications to subscribers via protocols such as
- It is generally used for sending
plaintextemails which is triggered via other
awsservices. The best example can be billing alerts.
- Can retry sending in case of failure for
- Its good for
webhooks,internal emails and triggering lambda functions.
Queue Up Messages, Guaranteed Delivery
- It places messages into a queue and applications pull queue using
- It can retain a message for up to 14 days.
- Can send them in sequential order or parallel.
- Can ensure only one message is sent.
- Can ensure messages are delivered at least once.
- Really good for delayed tasks,queueing up emails.
You can readmore about this here
performance is required (Example: Netflix)
|Intended for applications
that were built within the
|**Routing Rules**,more usability
from one load balancer
|Capable of handling millions of requests
per second while maintaining `ultra-low-latencies`
|Doesn't use Target Groups|
|Can attach WAF(WebApp Firewall)||Optimized for `sudden and volatile` traffic patterns
while using a single static IP address per AZ
ACM (Amazon Certification Manager) SSL Manager
Anyways this all you need to know for your
AWS Cloud Practitioner Exam and I hope you found these helpful.
Originally Posted here