- AWS Cloud Practioner
- Where you can take this exam ?
- Exam Guide
- What is Cloud Computing
- Benefits of the cloud computing
- Types of Cloud Computing
- Cloud Computing Models
AWS
Global Infrastructure- Regions
AWS
- AZs(Availability Zones)
- Edge Locations (Get Data Fast or Upload Data Fast)
- Gov Cloud
- EC2 Instances
- AMI (Amazon Machine Image)
- AutoScaling
- Elastic Load Balancer
(ELBs)
- S3 Buckets
- CloudFront
(CDN)
- RDS
(Relational Database Service)
- AWS Lambda
- EC2 Pricing Models
- Billing and Pricing
- AWS Networking
- AWS
Database
Services - AWS
Provisioning
Services - AWS Compute Services
- AWS Storage Services
- AWS Business Centric Services
- AWS Enterprise Integration
- AWS Logging Services
- Most Common
AWS
Initials - AWS Security
- Amazon Guard Duty Service
- KMS (Key Management System)
- Amazon Macie
- Security Groups VS NACLs(Network Access Control Lists)
- AWS VPN(Virtual Private Network)
- Same Name But Different Services (Don’t Get Confused)
- AWS Connect Services
- Elastic Transcoder VS AWS Elemental MediaConvert
SNS
vsSQS
AWS Cloud Practioner
This certification is mostly used by people to get the understanding of the AWS
services.
Where you can take this exam ?
You can take this exam on Pearson VUE online.
- This cost $100
- 90 mins
- 65 Questions
- 70% passing score
- Valid for 3 years.
Exam Guide
This is what exam mostly comprises of
- Cloud Concepts
28%
. - Security
24%
- Technology
36%
- Billing & Pricing
12%
We have total of 65
questions and most of them are mutiple choice
or multiple response
questions.
What is Cloud Computing
Its the practice of using a network of remote servers hosted on the internet to store,manage and process data rather using a local server or personal computer.
Benefits of the cloud computing
- No upfront costs such as paying for server. You can Pay On Demand.
- Economies of sale you can simply save alot of money since there are so many people using the cloud.
- You can scale up or scale down based on your need.
- With few clicks of a button your service is deployed.
- No more maintenance costs.
- Go global in few minutes since there are global regions where cloud servers are hosted.
Types of Cloud Computing
SaaS
–> Software as a Service. Basically a complete product that is ran and managed by the service provider.(Examples: Salesforce,Gmail,GoogleDocs)PaaS
–> Platform as a Service. Focusing on deploying applications without worrying about managing the infrastructure. (Examples: Heroku,Netlify and etc)IaaS
–> Infrastructure as a Service. The building blocks of the IT. Providing computers access and storage needs and etc. (Examples: AWS,GCP and Azure).
Cloud Computing Models
- Cloud (Fully hosted on Cloud such as startups)
- Hybrid (On-Premise and Public Cloud such as Banks)
- On-Premise (On Private Cloud where sensitive data is being stored).
AWS
Global Infrastructure
- There over a million active customers using
aws
. - there are total
69
Availability Zones22
Geographic Regions around the world. Regions
–> physical location with multiple availabilty zones.Availability Zones(AZ)
–> one or more discrete data locations.(owned by aws)Edge Locations
–> data center owned by trusted partner ofaws
Regions AWS
- A geographically distinct location with multiple data centers.
- Each region has two
AZs
. US-EAST(North Virginia)
is the largestAWS
region and services almost always become available first in this region.- Not all services are available in the all regions.
US-EAST-1
is where you see your billing information.
AZs(Availability Zones)
- Each Region has two AZs.
- An AZ is a data center ran and owned by AWS.
- less than 10ms latency between
AZs
Edge Locations (Get Data Fast or Upload Data Fast)
- A data center owned by trusted partner of
AWS
and has direct connection to theaws
network. - These location serve requests for
CloudFront
andRoute53
. Requests going to either of these services will be routed to the nearest edge location automatically. S3 Transfer accelaration
andAPI Gateway
endpoint also use theAWS Edge Network
.- This allows for low latency no matter where ever you are located.
Gov Cloud
An AWS
service that allows customers to host sensitive Controlled Unclassified Information
or other types of workloads
- Only operated by
US Citizens
or on theUS Soil
. - Should follow several compliance guidelines.
- GovCloud
EC2 Instances
- In order to create a
EC2
instance head over to AWS Console. - Choose
EC2
and follow along. Make sure you selectAmazon Linux 2 AMI
and select the type ast2.micro
since that is offered with free tier. - Now follow along and make sure to set IAM role.
- lastly make sure you have billing alerts turned on.
- You can either use
ssh
orsessions manager
to get intoec2
instance. - You can also get to
sessions-manager
by going tosystems manager
. sessions-manager
opens a simplebash
shell that can help you access yourec2
instance.
AMI (Amazon Machine Image)
- You can create an image by going into
ec2
management console and clicking on actions and selectingimage
. - Basically this creates a copy that allows you launch multiple servers.
AutoScaling
- This allows you ensure that multiple instances and multiple servers are running.
- This also allows you meet the demand of web traffic.
- In order to configure this its located in
ec2
management console.
Elastic Load Balancer (ELBs)
- This allows reroute the traffic. especially when doing updates to the application.
S3 Buckets
- Its usually global and the buckets are usually region specific.
- its a block storage used to store the files.
CloudFront (CDN)
- CloudFront is basically Cotent Delivery Network.
- It makes easier for companies to distribute there content.
- Hook it up to S3 Bucket and deliver your content around the world.
RDS (Relational Database Service)
- It’s used to setup a relational database (Examples: SQL,PSQL).
- Amazon aurora would be default when setting up this service
- It has auto scaling.
AWS Lambda
- Serverless framework.
- Allows you to run simple functions you can think of it as cronjobs.
EC2 Pricing Models
E2 has four different pricing models
On Demand
- Low Cost and Flexible.
- only charges per hr
- short term
- good for first time apps or prototypes.
- No upfront payment.
Reserved Instances
- Good for committed applications.
- Standard savings 75% (Cannot change the RI attributes.)
- Best for long term
- You can schedule to reserve the instances.
- there’s a commitment like 1 to 3 year with AWS.
- RI’s can be shared between multiple accounts.
- You can even sell your unused instances.
Spot instances
- You can think of it has a hotel who offers discounts to fill there spots.
- Just like hotel
aws
uses similar approach to maximize the usage of there idle servers. - There are conditions such as,
- Instances can be terminated anytime.
- If you instance gets terminated you dont get charged for partial hour of usuage.
- If you terminate an instance you will be charged for any hour that it ran.
- Good for applications feasible for very low usage.
- It provides you 90% savings.
Dedicated
- Its the most expensive
EC2
instance. - Its built for tenant customers. Its more useful for large enterprises.
- Its offered both in demand and reserved.
Billing and Pricing
AWS Free Services
- IAM
(Identity Access Management)
–> used for creating user roles. - Auto Scaling
- CloudFormation
- Elastic Bean
- Opswork
- Amplify
- AppSync
- CodeStar
- AWS Cost Explorer
NOTE: Services in bold are free but they can provision AWS Services to cost money.
AWS Support Plan
- $0/month - Basic (Support Only by Email).
- $20/month - Developer (Tech Support Via Email reply within 24hrs)
- No Third Party Support.
- General Guidance only.
- $100/month - Business (Tech Support Via Chat/Phone 24/7)
- Does support third party.
- Production system down less than 1hr response time (business downtime)
- $15000/month - Enterprise (Tech Support Via Chat/Phone 24/7)
- Personal Concierge.
- TAM (Technical Account Manager)
- Response time less than 15min. (business downtime)
AWS MarketPlace
- A place where you will thousands of software listings from independant software vendors.
- The product is free to use or can have a charge which becomes part of the
AWS
bill.
AWS Trusted Advisor Check
- This advises customers on
security
,saving money
,performance
,service limits
andfault tolerance
. - FREE has 7 trusted Advisor Checks
- Enterprise and Business - All trusted advisor checks.
Consolidated Billing
- One Master account for all member accounts.
- Cost Explorer tool for visualizing the usage.
- It also offers volume discounts (The more you use the cheaper it gets.)
AWS Cost Explorer
- Allows you to visualize the usage of the multiple accounts.
AWS Budgets
- First two budgets are free of charge.
- Allows you setup alerts when you exceed your limits.
- You can set three types of alerts
Budget
,Usage
andinstance reservation
- Alerts supports
EC2
,RDS
,RedShift
andElastic Cache
. - You can manage budgets from
AWS Budget Dashboard
orBudgets API
. - Get notified through email or ChatBot.
TCO Calculator
The Total Cost of Ownership calculator allows you show how much can save by shifting to aws
.
- A tool that allows you build reports for execs to show how much you can save.
- Only for approximation purposes.
AWS Landing Zone
- Meant for enterprises.
- Automatically provisions and configure new accounts via
Service Catalog template
. - uses
SSO
.
AWS Resource Groups & Tagging
- Tags are words or phrases that act as metadata for organizing
AWS
resources. - Resource Groups are collection of resources that share one or more tag.
- Resource Group can display following details of about a group of resource based on.
- Metrics
- Alarms
- Configuration Settings.
AWS QuickStart
Prebuilt templates offered by AWS
or AWS
partners that helps you deploy popular stacks on AWS
. This allows to reduce the manual effort.
It’s divided into three steps.
- A reference architecture for deployment.
AWS CloudFormation
templates that automate and configure the deployment.- A guide explaining the architecture and implementation in detail.
AWS Cost and Usage Report
This allows you to generate a detailed report of your AWS
costs. You’ll get a spreadsheet highlighting the costs.
- Reports are stored in
S3
. - You can use
ATHENA
to turn this into queryable database. QuickSight
for analyzing.
AWS Networking
Region
-> The geographic location of the network.VPC
-> An isolated space ofaws
where you can launchaws
resources.AZ
-> the data center of theaws
resources.Security Groups
-> Acts as a firewall at the instance level.Internet Gateway
-> Enables access to the internet.NACLs
-> acts as a firewall at the subnet level.Route Tables
-> determine where network traffic from your subnets are directed.Subnets
-> A logical partition of an IP network into multiple,smaller network segments.
AWS Database
Services
DynamoDB
-> NoSQLkey/value
database. (Examples:Cassandra).This is really fast for read and write access.DocumentDB
-> NoSQL Document database that is compatible toMongoDB
.RDS
-> Relational DataBase Service that supports multiple enginesMySQL
,Postgres
,MariaDB
. (Most Popular DB)AuroraDB
-> MySQL (5x fast) and PSQL (3x Fast) fully managed database. (Runs 6 copies of the Database when used and more expensive DB)Aurora Serverless
-> Only runs when needed.Neptune
-> Graph DataBase.RedShift
-> Columnar Database petabyte warehouse.Elastic Cache
-> Redis or Memecached database.
AWS Provisioning
Services
Elastic BeanStalk
-> Think of it asHeroku
. Its a service used for deploying and scaling the web applications and services deployed withJava
,python
,c++
and etc (Perfect for deploying WebApps)OpsWork
-> Configuration management service that provides managed instances ofCHEF
andPuppet
.(It has layers like tier 2 or tier 3)CloudFormation
-> IaaS , Infrastructure as CodeJSON
orYAML
.AWS QuickStart
-> ready made templates that can launch and configure your aws compute, network, and other services.AWS MarketPlaces
A place where you can buy or sell software or services forAWS Cloud
.
AWS Compute Services
EC2
-> Elastic Compute Cloud highly configurable server.ECS
-> Elastic Container ServiceDocker As Service
highly scalable,high performance and good for microservices.Fargate
-> You don’t chose theec2
like you might chose inECS
. You define andAWS
will run the service. (Like Lambda since you dont pay for EC2)EKS
-> Kuberenetes as services makes it easy to deploy ,manage and scale.Lambda Serverless
. Just upload code as function andAWS
will run the code for you.Elastic BeanStalk
-> upload the code and it will do the rest for you. Good for developers who want to just upload there apps.AWS Batch
-> Its for Batch Processing where you can scheduleBatch
jobs.
AWS Storage Services
S3
-> A simple storage service - Object Store (Simply Upload Files).S3 Glacier
-> low cost for storage and good for archiving the data for long term backup.Storage Gateway
-> A hybrid solution from on premisis to cloud for storage.EBS (Elastic Block Storage)
-> A hard drive in cloud you attach toec2
instance such asSSDs
,HDDS
.EFS (Elastic File Storage)
-> file storage moutable to multipleEC2
instances at the same time.Snowball
-> A way of moving data from on premise to aws.Snowball Edge
-> 100 TB (better version and additional features).SnowMobile
-> Allows to move petabytes of data (DataCenter on Wheels).
AWS Business Centric Services
Amazon Connect
-> Cloud Based call center service you can setup in few minutes and later you can save the calls in s3 for furhter analysis.You can even route calls based on defined rulesWorkSpaces
-> Secured managedvirutal desktops
.WorkDocs
-> aws version of sharepoint where you can collaborate and share documents.Chime
-> Think of it as skype where you can do business calls and meetings.WorkMail
-> Managedaws
email service just likeMicrosoft Outlook Exchange
usesIMAP
ProtocolPinPoint
-> For marketing campaigns for targetted sending emails and sms notifications.SES (Simple Email Service)
A cloud based email sending service used to send emails and notifications (Good for webapps that supports sending email notifications and hasHTML
format email option)QuickSight
. Think of it asQlikSense
orTableau
as this allows you to visualize the data.
AWS Enterprise Integration
Direct Connect
-> A dedicated Gigabit connection from on premise to aws.VPN
Site to Site
-> Connecting to on premise to aws.Client Vpn
-> Connecting a client toAWS
network.
Storage Gateway
A hybrid storate service that enables on premise applications to useAWS
cloud storage.- Good for backup.
- Archiving
- Disaster Recovery.
- migration
- data processing.
AD (Active Directory)
An AWS directory service for Microsoft Active Directory also known as AWS Managed Microsoft AD - Enables your workloads and AWS related resources to use managedAD
in aws cloud.
AWS Logging Services
CloudTrail
-> a logging service that logs all theapi calls
(SDK,CLIs) betweenAWS
services.- Who created the service.
- Who spun up the
EC2
instance. - Who launched sagemaker notebook
- Detects developer misconfigurations.
- Detects Malicious Activity.
- Automates responses.
CloudWatch
A collection of multiple services. Its more like a storage solution for all the logs.- Stores all types of the logs.
CloudWatch Metrics
-> timeseries data of logs.CloudWatch Events
-> trigger event based on a condition.(Taking the snapshot of the server)CloudWatch Alarms
-> trigger notifications based on metrics.CloudWatch Dashboard
-> create visualizations based on metrics.
Most Common AWS
Initials
IAM
:Identity Access Management.S3
: Simple StorageSWF
: Simple Workflow Service.SNS
: Simple Notification System.SQS
: Simple Queue Service.SES
: Simple Email Service.SSM
: Simple Systems Manager.RDS
: Relations DataBase Service.VPC
: Virtual Private Cloud.VPN
: Virtual Private Network.CFN
: Cloud FormationWAF
: Web Application Firewall.MQ
: Amazon ActiveMQ.ASG
: AutoScaling Groups.TAM
: Technical Account Manager.ELB
: Elastic Load Balancer.ALB
: Application Load Balancer.NLB
: Network Load Balancer.EC2
: Elastic Cloud Compute .ECS
: Elastic Container Service.ECR
: Elastic Container Repository.EBS
: Elastic Block Storage.ELF
: Elastic File Storage.EMR
: Elastic MapReduce.EB
: Elastic Beanstalk.ES
: Elastic Search.EKS
: Elastic Kubernetes Service.MKS
: Managed Kafka Service.IoT
: Internet of Things.RI
: Reserved Instances.
AWS Security
In the Shared Responsibility Model
the customer is responsible for the security of the cloud such as securing the data and using the right configuration. and anything the customer can’t touch or get access is secured by aws. Such as Hardward,Operation of Managed Services and Global Infrastructure.
Things Customer should take care of
- IAM
- Customer Data
- OS,Network and Firewall Configs.
- Maintaining Encryption Protocols.
Things AWS takes care of
- Software
- Hardware
- Services that
aws
provides.
AWS Compliance Programs
A set of internal policies and procedures of a company to comply with rules and regulations or to uphold reputation.
two most popular ones
- HIPPA
-
PCI (Payment Card Data/You can readmore by googling it)
- ReadMore Here
AWS Artifact
A no cost, self service portal for on demand access to AWS compliance reports.
AWS Inspector
AWS inspector is a tool that runs a security benchmarks against specific EC2 instances. The most popular one is run by CIS (Center for Internet Security)
which has 699
benchmarks.It can even inspect the network to check if there are any ports are open and running.
AWS WAF (Web Application Firewall)
It allows you protect your web application against the most common exploits. You can write your own rules that will allow the traffic based on the contents of HTTP
requests. You can use ruleset
from AWS
trusted secuirty partner. It can be either attached to CloudFront
or Application Load Balance (ALB)
.
Most Common Attacks Include
Injection
Broken Authentication
Sensitive Data Exposure
XML External Entities XXE
Broken Access Control
Security Misconfigurations
XSS Cross Site Scripting
Insecure Deserialization
Using Components with known Vulnerabilities
Insufficient logging and Monitoring
AWS Shield
A managed DDOS(Distributed Denial of Service)
protection service that safeguards applications running on aws.
All AWS customers benefit from the automatic protections of AWS shield standard at no charge.
When you route your traffic through ROUTE53
or CloudFront
you are using AWS Shield
.
Protects you against Layer3
,Layer4
, and Layer7
attacks
- 7 Application
- 4 Transport
- 3 Network
There’s also a paid tier known as Shield Advance
and that costs $3000/Year
(upfront or Commitment). It gives you extra protection with 24/7
support and its available on
- Amazon Route 53
- Amazon CloudFront
- ELB
- AWS Global Accelarator
- Elastic IP(Amazon Elastic Compute Cloud and Netword and Load Balancer).
AWS Penetration Testing
An authorized service that allows you simulate a cyber attack on a computer system, performed to evaluate the security of the system.
Permitted Services
- EC2 Instances,NAT Gateways, and ELB.
- RDS
- CloudFront
- Aurora
- API Gateways
- AWS Lambda and Lambda@Edge function
- LightSail resources.
Prohibited Services
- DNS zone walking via Amazon Route 53 Hosted Zones.
- DoS(Denial Of Service),DDoS,Simulated DoS,Simulated DDoS.
- Port flooding
- Protocol flooding
- Request flooding
Amazon Guard Duty Service
IDS
: Intrustion Detection System
IPS
: Intrustion Protection System
A device or software that monnitors a network or systems for malicious activity or policy violations.
Guard Duty
is a threat detection service that continuously monitors for the malicious,suspicious activity and unauthorized behavior. It uses machine learning ty8111o analyze following AWS logs.
- CloudTrail Logs.
- VPC Flow Logs
- DNS logs.
It will alert you of the findings which you can automate an incident response via CloudWatch
Events or 3rd Party Software.
KMS (Key Management System)
A managed service that makes it easy for you to create or control the encryption keys used to encrypt that data.
KMS
is a multi-tenant HSM (Hardware Security Model).- Many AWS services are intergrated to use
KMS
to encrypt your data with simple checkbox. KMS
uses Envelope Encryption.
Envelope Encryption
When you encrypt your data, your data is protect but you have to protect your encryption key. When you encrypt your data key with master key as an additional layer of security. READMORE
Amazon Macie
Macie is fully managed service that continuously monitors S3 data access
activity for anomalies and generates detailed alerts when it detects risk of unqthorized access or inadvertent data leaks.
It uses machine learning to analyze CloudTrail
logs.
It provides you with following alerts.
- Anonymized Access.
- Config Compliance
- Credential loss
- Data Compliance
- File Hosting
- Identity Enumeration
- Information Loss
- Location Anomaly
- Open Permisson
- Privilege Escalation
- Ransomware
- Service Disruption
- Suspiscious Activity
Security Groups VS NACLs(Network Access Control Lists)
Security Groups | Network Access Control Lists (NACLs) |
---|---|
Acts as a firewall at the instance level. | Acts as a firewall at the subnet level |
Implicitly denies all traffic. You create Allow rules (For Example allow an `EC2` Instance to access `port 22`) | You create `allow` and `deny` rules |
AWS VPN(Virtual Private Network)
It allows you create a secure and private tunnel from your network or device to the aws global network.
AWS Site-to-Site VPN : Securely connect to on premises network or branch office site to VPC. AWS Client VPN: Securely connect users to AWS or on premises networks.
Same Name But Different Services (Don’t Get Confused)
CloudFormation
: IaaS (Infrastructure as a Service) used to setup template scripting (YAML
,JSON
).CloudTrail
: logs all theapi
calls betweenaws-services
(who to blame).CloudFront
: CDN(Content Delivery Network),It is used to distribute the content (Such as videos,static assets and etc).CloudWatch
: a collection of multiple servicesCloudSearch
: search engine for your site (Ecommerce).
AWS Connect Services
-
Direct Connect
: A dedicated fiber optics connections from data center to AWS. Lets say an enterprise want a direct connection from there on premise datacenter to aws they might use this service to connect to AWS. If you want to add extra layer of security you might need avpn
connection. -
Amazon Connect
: Call Center Service. -
Media Connect
: A new version of Elastic Transcoder, Converts videos to different formats.
Lets say you have 1000 videos and you need to transcode them into different formats then this might be a useful service. You can even add watermarks and insert intro infront of every video.
Elastic Transcoder VS AWS Elemental MediaConvert
Elastic Transcoder `OldWay` | AWS Elemental MediaConvert `NewWay` |
---|---|
Transcodes videos to streaming formats | Transcodes videos to streaming formats |
Overlay images | |
Insert Video Clips | |
Extract captions data | |
Better and Robust UI |
SNS
vs SQS
They Both Connect Apps via Messages.
SNS
- It uses
PubSub
model which is also known as publisher subscriber model. - It sends notifications to subscribers via protocols such as
HTTP
,Email
SQS
andSMS
. - It is generally used for sending
plaintext
emails which is triggered via otheraws
services. The best example can be billing alerts. - Can retry sending in case of failure for
HTTPS
. - Its good for
webhooks
,internal emails and triggering lambda functions.
SQS (Examples RabbitMQ
) - (think of it as message broker service)
Queue Up Messages, Guaranteed Delivery
- It places messages into a queue and applications pull queue using
AWS SDK
. - It can retain a message for up to 14 days.
- Can send them in sequential order or parallel.
- Can ensure only one message is sent.
- Can ensure messages are delivered at least once.
- Really good for delayed tasks,queueing up emails.
You can readmore about this here
NLB vs ALB vs CLB
Application | Network | Classic |
---|---|---|
Layer 7 Requests | Layer 4 IP protocol data | Layer 4 and Layer 7 |
HTTPS and HTTP traffic | TCP and TLS traffic where extremeperformance is required (Example: Netflix) | Intended for applications that were built within the EC2 Classic network |
**Routing Rules**,more usability from one load balancer | Capable of handling millions of requests per second while maintaining `ultra-low-latencies` | Doesn't use Target Groups |
Can attach WAF(WebApp Firewall) | Optimized for `sudden and volatile` traffic patterns while using a single static IP address per AZ |
Can Attach ACM (Amazon Certification Manager) SSL Manager
Anyways this all you need to know for your AWS Cloud Practitioner
Exam and I hope you found these helpful.
If you think I missed anything or mispelled anything feel free to fork this repo and create a PR
.
I am always available through twitter and email