# CPE Notes ::: info **AWS Cloud Practitioner Essentials [Class_Notes]** ::: ---- ### Important Links ---- :::info - [Digital Version of Cloud Practitioner Essentials Course](https://explore.skillbuilder.aws/learn/course/external/view/elearning/134/aws-cloud-practitioner-essentials) - [AWS Cloud Quest: Cloud Practitioner](https://explore.skillbuilder.aws/learn/course/external/view/elearning/11458/aws-cloud-quest-cloud-practitioner) - [AWS Cloud Quest: Recertify Cloud Practitioner](https://explore.skillbuilder.aws/learn/course/external/view/elearning/17623/aws-cloud-quest-recertify-cloud-practitioner) - [Exam Prep Official Question Set: AWS Certified Cloud Practitioner (CLF-C02 - English)](https://explore.skillbuilder.aws/learn/course/external/view/elearning/14050/exam-prep-official-question-set-aws-certified-cloud-practitioner-clf-c02-english) - [AWS 12 Weeks Workshop Challenge](https://12weeksworkshops.com/) - [AWS Workshops - Full Catalogue](https://workshops.aws/) - [AWS Rampup Guides](https://aws.amazon.com/training/ramp-up-guides/) - [AWS Certification Home Page](https://aws.amazon.com/certification/) - [AWS Certified Cloud Practitioner Certification](https://aws.amazon.com/certification/certified-cloud-practitioner/) - [AWS Digital Courses - Skill builder](https://explore.skillbuilder.aws/learn) - [AWS Trainings and Webinars](https://aws.amazon.com/training/events/) ::: ---- ### Keywords ---- :::warning - Linux Password-less authentication - Monolithic vs Microservices - Decoupled application Architecture - Message brokers (e.g. - RabbitMQ) - Content Delivery Network - Private vs Public IPs - Static vs Dynamic IPs - SDDC [Software Defined Data Centre] - Server Virtualization (Hypervisors - VMware ESXi / KVM / HyperV / Xen Server / Nitro Systems) - Storage Virtualization (SAN / NetAPP / EMC2) - Network Virtualization (SDN, NSX, CNI,) - Capacity Planning - SAN / DAS / NAS - Thin vs Thick Provisioning - Shared Tenancy Model - HCI (Cloud in a Box) - CVE - Docker vs Kubernetes ::: --- ### [General Concepts](https://aws.amazon.com/what-is-aws/) --- #### [Cloud Deployment Models](https://aws.amazon.com/types-of-cloud-computing/) :::success - Cloud - AWS - On-premises / Private Cloud - Organization specific - Hybrid Cloud - Public + Private/On-Prem ::: #### [AWS Global Infrastructure](https://aws.amazon.com/about-aws/global-infrastructure/) :::success - Regions | Cluster of 3 or more AZ | 31 Regions - Availability Zones - Cluster of DCs | 95+ AZs - Edge Locations | CDN | Web Content caching | 410+ PoPs - Amazon Backbone Network | Low latency High speed physical cables connecting AWS DCs - AWS Outposts | Run your workload on AWS from within your Data Centres ::: #### [AWS Service interaction can be via:](https://docs.aws.amazon.com/whitepapers/latest/aws-overview/accessing-aws-services.html) :::success - Console (GUI) - AWS CLI (Command line) - SDK (Programmatic Access) ::: #### AWS Service Scope can be: :::success - Global - IAM, Route53 - Regional - VPC, DynamoDB - AZ Specific - EC2, EBS, Subnets ::: #### AWS Services can be: :::success - Managed --> DynamoDB, S3, VPC - Unmanaged --> EC2, EBS ::: #### AWS Service limits/Quotas can be: :::success - Hard limits --> Cannot be changed - Soft Limits --> Can be changed ::: :arrow_right: *Use "**Service Quotas**" to check your account specific Limits* ---- ### [Compute on AWS](https://aws.amazon.com/products/compute/) ---- #### Compute Services :::info - Virtual Machines - EC2 - Containers - ECS - EKS - Serverless - Lambda ::: #### EC2 Nomenclature :::info m5.xlarge m --> Family 5 --> Generation xlarge--> Size (vCPU / Memory / Network bandwidth) ::: **Compute Evolution** :::success ```` Physical Machines --> Virtual Machines ---> Containers ---> Serverless ```` ::: #### EC2 Pricing Options :::info - On Demand - Spot (Upto 90% discounts over Ondemand) - Commitment based ((upto 70% discounts over on demand) - Reserved | 1 or 3 year contract | No Upfront, Partial Upfront, Full Upfront - Savings Plans | 1 or 3 year contract | No Upfront, Partial Upfront, Full Upfront - Hardware Isolation - Dedicated Instance - Dedicated Hosts ::: --- ### [Containerization on AWS](https://aws.amazon.com/containers/) --- #### Container Runtimes :::warning - Docker - Runc - CRI-O - Podman - Containerd ::: #### Container Orchestration Engines :::warning - Kubernetes (based on Borg at Google) | Open sourced in 2015 - OpenShift - Apache Mesosphere - Docker Swarm ::: #### [Docker Architecture](https://docs.docker.com/get-started/overview/) :::warning - Docker Runtime - Docker Daemon - Docker Host - Docker Containers (EC2) - Docker Images (AMI) - Registry - Public - [Docker Hub](hub.docker.com) - Private - [Amazon ECR](https://aws.amazon.com/ecr/) ::: #### Container Orchestration on AWS :::warning - [Amazon ECS](https://aws.amazon.com/ecs/) | Proprietory Amazon Engine - [Amazon EKS](https://aws.amazon.com/eks/) | hosted Kubernetes Engine - [AWS Fargate](https://aws.amazon.com/fargate/) | Serverless Container workloads ::: --- ### [Load Balancing on AWS](https://aws.amazon.com/elasticloadbalancing/) --- :::success - Elastic Load Balancer (ELB) - ALB | Application Layer | Layer 7 | http and https | Content or Path based routing - NLB | Layer 4 | tcp, udp, tls | IP based routing - GLB | Layer 3/4 | IP filtering | security appliance integration - CLB | Layer 4/7 | Legacy LB | Works with EC2 classic Network ::: --- ### [Decoupling on AWS](https://aws.amazon.com/messaging/) --- :::warning - SNS - Email - SMS - http - Chat - Messaging Queue - SQS - Amazon MQ - ELB ::: **Software Architecture Evolution** :::info --> Monolithic ---> SOA ---> Microservices ::: --- ### [Networking on AWS](https://aws.amazon.com/products/networking/) --- :::warning - **AWS Account** - Region - VPC - Subnets (Public or Private) - Resources (Webservers, Databases etc.) - Internet Gateway - NAT Gateway **Security** - Security Groups - Firewall at the instance level - Default: All incoming blocked; all outgoing allowed - Stateful packet filtering - NACL - Firewall at the subnet level - Default: All incoming/outgoing allowed - Stateless packet filtering - **Hybrid Connectivity** - VPN - Virtual Private Gateway (VGW) - Direct Connect ::: --- ### [Storage on AWS](https://aws.amazon.com/products/storage/) --- :::warning - Object Storage - S3 | Internet accessible unlimited storage | Accessed via API calls | Pay for what you use - Versioning - Storage Classes - 99.999999999% - 5TB max file/object size - 100 Buckets per account - Block Storage | Attach to an instance - EBS | Persistent Block Storage | SAN | Pay for what you provision - SSD Based - Provisioned IOPS - General Purpose SSD - HDD Based - throughput Optimized HDD - Cold HDD - Instance Store | Ephemeral Block Storage | DAS - File/Network Storage (NAS) | Mount the file system to an instance | Pay for what you use - EFS | Linux Workloads | NFS 4.0 and 4.1 ::: **Analogies to understand storage solutions** :::info Block --> C:\, D:\ Object --> C:\myfiles, D:\officedocs Network --> K:\, G:\, Z:\ (NTFS, CIFS, SMB, NFS) ::: --- ### [Databases on AWS](https://aws.amazon.com/products/databases/) --- **Relational** :::warning - RDS DB Engines - MySQL - MS SQL - Oracle - PosgreSQL - Maria DB - Amazon Aurora - RDS Features - Multi-AZ (Synchronous Replication) --> High Availablity - Read replicas (Asynchronous Replication) --> Performance Benefit - Automated backups (Upto 35 Days retention) - Database Sharding (For Performance benefits) ::: **Non Relational** :::warning - DynamoDB - Fully Managed non-relational DB service - Global Tables - Eventually and Strongly consistency models - Extreme horizontal scaling capacity - DocumentDB [MongoDB_compatible] - Keyspaces [Managed_Apache_Cassandra] - Other Purpose-Built Databases - Redshift [Data_warehousing] - Elasticache [Database_Caching] - Redis - Memcached - Neptune [Graph_Database] - Amazon QLDB [HyperLedger/Blockchain] - Amazon Timestream [Time_Series] ::: ---- ### [Security in AWS](https://aws.amazon.com/products/security/) ---- :::warning - [Shared Responisbility Model](https://aws.amazon.com/compliance/shared-responsibility-model/) - IAM - Users - Groups - Policies - Roles - Temporary elevated privileges - Federated access - Applications accessing resources - Other Services - AWS Organizations - AWS Artifact - WAF and Shield - Amazon Inspector - AWS KMS - Amazon GuardDuty ::: ---- ### [Monitoring and Observability](https://aws.amazon.com/cloudops/monitoring-and-observability/) --- :::warning - CloudWatch - Basic Monitoring (5 Minutes granularity, Free) - Detailed Monitoring (1 Minute Granularity, Addtional charges apply) - CloudTrail - AWS Trusted Advisor ::: ---- ### [AWS Pricing and Cost Management](https://aws.amazon.com/aws-cost-management/) --- :::warning - AWS Free Tier - AWS Cost Explorer - AWS Pricing Calculator - Consolidated Billing - AWS Budgets - AWS Support Plans - Developer - Business - Enterprise - AWS Marketplace ::: ---- ### [Migration and Innovation on AWS ](https://aws.amazon.com/free/migration/) --- :::warning - [AWS CAF](https://aws.amazon.com/professional-services/CAF/) - [7 Rs of migration](https://docs.aws.amazon.com/prescriptive-guidance/latest/large-migration-guide/migration-strategies.html) - [AWS Snow Family](https://aws.amazon.com/snow/) - [AWS Well Architected Framework](https://aws.amazon.com/architecture/well-architected/) ::: --- ### References --- :::info https://aws.amazon.com/ec2/nitro/ https://aws.amazon.com/free/ https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html https://aws.amazon.com/s3/storage-classes/ https://aws.amazon.com/s3/pricing/ https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf https://aws.amazon.com/compliance/services-in-scope/ https://aws.amazon.com/compliance/ https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf https://aws.amazon.com/premiumsupport/plans/ https://aws.amazon.com/compliance/shared-responsibility-model/ https://www.capitalone.com/tech/cloud/crushing-the-aws-ccp-exam/ https://docs.aws.amazon.com/whitepapers/latest/aws-best-practices-ddos-resiliency/aws-best-practices-ddos-resiliency.pdf https://calculator.aws/#/ https://aws.amazon.com/compliance/ https://aws.amazon.com/professional-services/CAF/ https://d1.awsstatic.com/whitepapers/aws-caf-ebook.pdf https://aws.amazon.com/blogs/enterprise-strategy/6-strategies-for-migrating-applications-to-the-cloud/ https://aws.amazon.com/architecture/well-architected/ ::: **Containerization** :::info - **Basic Level:** https://docker-curriculum.com/ https://training.play-with-docker.com/ - **Intermediate Level:** https://ecsworkshop.com/ https://www.eksworkshop.com/ ::: ### Connect with me: :::warning LinkedIn: https://www.linkedin.com/in/shariquekamal/ ::: :::danger :warning: *Disclaimer: The content provided here is for informational purposes only and is based purely on my own understanding, knowledge and experience. This is **not** an official AWS documentation.* :::