AWS Certified Cloud Practitioner

Proposed Curriculum for BeSA

AWS Certified Cloud Practitioner

Important Links

Week 1

Introduction to AWS Certifications

Introduction to Cloud Computing

Cloud Deployment Models

Cloud
On-premises
Hybrid Cloud

AWS Global Infrastructure

Regions | Cluster of 3 or more AZ | 31 Regions
Availability Zones - Cluster of DCs | 95+ AZs
Edge Locations | CDN | Web Content caching | 410+ PoPs
Amazon Backbone Network | Low latency High speed physical cables connecting AWS DCs
AWS Outposts | Run your workload on AWS from within your Data Centres

AWS Service interaction can be via:

Console (GUI)
AWS CLI (Command line)
SDK (Programmatic Access)

AWS Service Scope can be:

Global - IAM, Route53
Regional - VPC, DynamoDB
AZ Specific - EC2, EBS, Subnets

AWS Services can be:

Managed –> DynamoDB, S3, VPC
Unmanaged –> EC2, EBS

AWS Service limits/Quotas can be:

Hard limits –> Cannot be changed
Soft Limits –> Can be changed

Image Not Showing Possible Reasons

The image file may be corrupted
The server hosting the image is unavailable
The image path is incorrect
The image format is not supported

Learn More →

Use "Service Quotas" to check your account specific Limits

Compute on AWS

Compute Services

Virtual Machines
- EC2
Containers
- ECS
- EKS
Serverless
- Lambda

EC2 Nomenclature

m5.xlarge
m –> Family
5 –> Generation
xlarge–> Size (vCPU / Memory / Network bandwidth)

Compute Evolution

Physical Machines --> Virtual Machines  ---> Containers 
                                        ---> Serverless

EC2 Pricing Options

On Demand
Spot (Upto 90% discounts over Ondemand)
Commitment based ((upto 70% discounts over on demand)
- Reserved | 1 or 3 year contract | No Upfront, Partial Upfront, Full Upfront
- Savings Plans | 1 or 3 year contract | No Upfront, Partial Upfront, Full Upfront
Hardware Isolation
- Dedicated Instance
- Dedicated Hosts

Containers on AWS

Container Runtimes

Docker
Runc
CRI-O
Podman
Containerd

Container Orchestration Engines

Kubernetes (based on Borg at Google) | Open sourced in 2015
OpenShift
Apache Mesosphere
Docker Swarm

Docker Architecture

Docker Daemon
Docker Host
Docker Containers (EC2)
Docker Images (AMI)
Registry
- Public
  - Docker Hub
- Private
  - Amazon ECR

Container Services on AWS

Amazon ECS | Proprietory Amazon Engine
Amazon EKS | hosted Kubernetes Engine
AWS Fargate | Serverless Container workloads

Load Balancing on AWS

Elastic Load Balancer (ELB)
- ALB | Application Layer | Layer 7 | http and https | Content or Path based routing
- NLB | Layer 4 | tcp, udp, tls | IP based routing
- GLB | Layer 3/4 | IP filtering | security appliance integration
- CLB | Layer 4/7 | Legacy LB | Works with EC2 classic Network

EC2 Auto Scaling

EC2 Auto Scaling Components
- Launch Template
- Auto Scaling Group
- Auto Scaling Policies
  - Scheduled
  - Dynamic
    - Simple
    - Step scaling
    - Target tracking
  - Predictive

Week 2

Security in AWS

Shared Responisbility Model
IAM
- Users
- Groups
- Policies
- Roles
  - Temporary elevated privileges
  - Federated access
  - Applications accessing resources
Other Services
- AWS Organizations
- AWS Artifact
- WAF and Shield
- Amazon Inspector
- AWS KMS
- Amazon GuardDuty

Networking on AWS

AWS Account
- Region
  - VPC
    - Subnets (Public or Private)
      - Resources (Webservers, Databases etc.)
    - Internet Gateway
    - NAT Gateway
Security
- Security Groups
  - Firewall at the instance level
  - Default: All incoming blocked; all outgoing allowed
  - Stateful packet filtering
- NACL
  - Firewall at the subnet level
  - Default: All incoming/outgoing allowed
  - Stateless packet filtering
Hybrid Connectivity
- VPN
- Virtual Private Gateway (VGW)
- Direct Connect

Week 3

Storage on AWS

Object Storage
- S3 | Internet accessible unlimited storage | Accessed via API calls | Pay for what you use
  - Versioning
  - Storage Classes
  - 99.999999999%
  - 5TB max file/object size
  - 100 Buckets per account
Block Storage | Attach to an instance
- EBS | Persistent Block Storage | SAN | Pay for what you provision
  - SSD Based
    - Provisioned IOPS
    - General Purpose SSD
  - HDD Based
    - throughput Optimized HDD
    - Cold HDD
- Instance Store | Ephemeral Block Storage | DAS
File/Network Storage (NAS) | Mount the file system to an instance | Pay for what you use
- EFS | Linux Workloads | NFS 4.0 and 4.1

Analogies to understand storage solutions

Block –> C:, D:\
Object –> C:\myfiles, D:\officedocs
Network –> K:, G:, Z:\ (NTFS, CIFS, SMB, NFS)

Databases on AWS

Relational

RDS DB Engines
- MySQL
- MS SQL
- Oracle
- PosgreSQL
- Maria DB
- Amazon Aurora
- IBM Db2
RDS Features
- Multi-AZ (Synchronous Replication) –> High Availablity
- Read replicas (Asynchronous Replication) –> Performance Benefit
- Automated backups (Upto 35 Days retention)
- Database Sharding (For Performance benefits)

Non Relational

DynamoDB
- Fully Managed non-relational DB service
- Global Tables
- Eventually and Strongly consistency models
- Extreme horizontal scaling capacity
DocumentDB [MongoDB_compatible]
Keyspaces [Managed_Apache_Cassandra]

Other Purpose-Built Databases

Redshift [Data_warehousing]
Elasticache [Database_Caching]
- Redis
- Memcached
Neptune [Graph_Database]
Amazon QLDB [HyperLedger/Blockchain]
Amazon Timestream [Time_Series]

Week 4

Monitoring and Observability

CloudWatch
- Basic Monitoring (5 Minutes granularity, Free)
- Detailed Monitoring (1 Minute Granularity, Addtional charges apply)
CloudTrail
AWS Trusted Advisor

AWS Pricing and Cost Management

AWS Free Tier
AWS Cost Explorer
AWS Pricing Calculator
Consolidated Billing
AWS Budgets
AWS Support Plans
- Developer
- Business
- Enterprise
AWS Marketplace

Other AWS Services

Decoupling on AWS

SNS
- Email
- SMS
- http
- Chat
Messaging Queue
- SQS
- Amazon MQ
ELB

IaC on AWS

Migration and other Concepts

References

Containerization

Basic Level:
https://docker-curriculum.com/
https://training.play-with-docker.com/
Intermediate Level:
https://ecsworkshop.com/
https://www.eksworkshop.com/