AWS Certified Cloud practitioner

# AWS Certified Cloud practitioner ## Agenda - [About the course](#About) - [Cloud computing intro](#Cloud-computing-intro) - [AWS Services](#AWS-services) - [Architecting For The Cloud (the 5 pillars)](#Architecting-For-The-Cloud-Best-Practices) - [Cloud Architecture Trends](#Cloud-Architecture-Trends) - [Pricing](#Pricing) - [Pricing principles](#Pricing-principles) - [What determines pricing?](#What-determines-pricing?) - [Pricing by service](#Pricing-by-service) - [Resources](#Resources) ## About **It validates an examinee’s ability to:** - Explain the value of the AWS Cloud. - Understand and explain the AWS shared responsibility model. - Understand AWS Cloud security best practices. - Understand AWS Cloud costs, economics, and billing practices. - Describe and position the core AWS services, including compute, network, databases, and storage. - Identify AWS services for common use cases **Recommended previous experience:** It is recommended that candidates have at least 6 months of experience with the AWS Cloud in any role, including traditional and non-traditional students, educators, and individuals exploring the AWS Cloud, including project managers, IT managers, sales managers, decision makers, and marketers, as well as those working in finance, procurement, and legal departments. ### Examination scoring Domain 1: Cloud Concepts 26% of mark Domain 2: Security and Compliance 25% of mark Domain 3: Technology 33% of mark Domain 4: Billing and Pricing 16% of mark **Domain 1: Cloud Concepts** 1.1 Define the AWS Cloud and its value proposition 1.2 Identify aspects of AWS Cloud economics 1.3 List the different cloud architecture design principles **Domain 2: Security and Compliance** 2.1 Define the AWS shared responsibility model 2.2 Define AWS Cloud security and compliance concepts 2.3 Identify AWS access management capabilities 2.4 Identify resources for security support **Domain 3: Technology** 3.1 Define methods of deploying and operating in the AWS Cloud 3.2 Define the AWS global infrastructure 3.3 Identify the core AWS services 3.4 Identify resources for technology support **Domain 4: Billing and Pricing** 4.1 Compare and contrast the various pricing models for AWS 4.2 Recognize the various account structures in relation to AWS billing and pricing 4.3 Identify resources available for billing support **AWS are market leaders and growing:** ![AWS are market leaders and growing](https://i.imgur.com/uli1qQN.png) ## Cloud computing intro ### Advantages of cloud computing 1. You can trade capital expense for variable expense - pay for usage, not infrastructure 2. You benefit from economies of scale that Amazon has 3. You stop guessing about capacity - it can scale with your needs 4. Increase speed and agility - can make use of serverless 5. Stop spending money maintaining data scentres 6. Go global in minutes - deploy to many regions ### 3 types of cloud computing 1. Infrastructure As A Service - management of the data center e.g. EC2 2. Platform As A Service - e.g. GoDaddy or Elastic Beanstalk, somebody else worries about hardware updates, security etc. 3. Software As A Service - e.g. Gmail, all you do is use the software, it is managed by another a computer ### 3 types of cloud computing deployments - Public Cloud - AWS, Azure, GCP - Hybrid - Mixture of public and private - Private Cloud - You manage it in your datacenter, Openstack or Vmware ## AWS services **Those required for the course:** - AWS Global infrastructure - Compute: EC2, Lambda - Storage: Simple Storage Service, Glacier - Databases RDS, DynamoDB - Security, identity and compliance - AWS Cost Management - Network: VPC, Route53 ### AWS Global infrastructure - A region is a geographical area, consisting of 2 or more availability zones - What is an availability zone? essentially a datacenter (1 or more facilities close together) - Edge locations, a way to cache content using CloudFront **Why to chose a region?** - Data Sovereignty Laws - Data latency to users - AWS services available. (US East 1 is always the first to get a new service) ### AWS Support Plans - Basic: account and billing support + community forums (free) - Developer: One contact for technical questions for support center, response within 12-24h during business hours ($29 per month) - Business: 24x7 phone support, 1-hour response to urgent support and help with common third party software. Access to AWS Advisor for optimizing infrastructure ($100 per month) - Enterprise: dedicated Technical Account Manager. 15 min response to critical support cases ($15,000 per month) - plan pricing scales with usage too ![](https://i.imgur.com/kbxHspe.png) ![](https://i.imgur.com/iBywFdT.png) ### Billing You can set up alerts to alarm when spending reaches a certain level ### IAM - Identity Access Management - It is global, not on a region basis - You can access the platform from the console, programatically or using the SDKs - The root account has full administrator access. You should not use this. It should have MFA - Groups are ways of storing users - Users should always represent one real human being - To set permissions for a group you need to set "policies", JSON format key-value pairs - IAM reports are a good way of analysing passwords - when they were last used, access Keys, MFA ### S3 - Simple Storage Service - A place to put your static files - Object based storage (apposed to block based storage where you would install an OS) - Max file size is 5TB, files stored as buckets (like folders) - Bucket names must be unique globally - S3 is not regional - You will receive a HTTP 200 code if your upload was successful - Read after Write consitancy for PUTS of new Objects - If you update an existing file or delete a file and read it immediaately, you may get the older version or you may not. - Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate) - Guaranteed for 99.9% availability, 99.9999999999% durability 11x9 - Tiered Storage - Lifecycle Management -> changing files once they have been unused etc. - Versioning (you can't disable versioning) - can use with lifecycle rules - Replication - buckets in different regions - Encryption - Secure your data with Access Control List (individual file basis) - Bucket Policies (whole bucket level control) - Different storage classes: Standard, Infrequently Accessed (lower fee, but charged for retreival), One Zone infrequently accessed (even lower fee and lower data resilience), Intelligent tiering, moves data to the most cost-effective access tier, Glacier low cost durable - variable retrieval time, Glacier deep archive - 12h retrieval acceptable - You are charged for: Storage, Requests, Storage Management, Data Transfer, Transfer Acceleration (fast transfer of files over an optimised AWS path between cloudfront edge locations and the buckets, seems to be upload only), Cross Region Replication - You can change storage class for individual objects, on the fly - Buckets can be made to be private only, partly public or fully public with a bucket policy - You can make an S3 bucket into a static website ### Cloudfront - A system of distributed servers - Edge locations, where the data is cached - Origin - where our files come from (S3, EC2, LoadBalancer etc.) - Distribution - the name given to the CDN, a collectin of edge locations we use - Edge locations are not read only, you can write to them too ### EC2 Elastic Compute Cloud - virtual servers in the cloud **pricing models:** 1. **On Demand** - can boot in minutes, fixed rate paid for by the second, flexible, good for learning, good for spikey apps, good for apps with uncertainty 2. **Reserved** - the more you pay upfront the cheaper rates you get. Application with a steady predictable rates. Upfront costs reduce the rates (different options available with different levels of discounting, e.g. offering convertable instance types, scheduled reserved instances) 3. **Spot** - price fluctuates with offers like a stock, you may lose your server if the price goes beyond your limit. Applications that need very low compute prices, doesn't matter when it starts and stops 4. **Dedicated hosts** - regulatory requirements, licensing that doesn't support multi-tenancy. Can also be purchased as a reservation **Instance types** FIGHT DR MC PXZ AU ![](https://i.imgur.com/rOxKzsi.png) ![Instance types](https://i.imgur.com/1cKP9mD.png) - Security groups 0.0.0.0/0 lets everything in. X.X.X.X/32 lets only a specific ip address - Security groups act as a virtual firewall to control traffic to/from specific ports and ip addresses - You can connect to EC2 using their built in connection tool, but the security group must allow for it - Otherwise you can connect using SSH on port 22 (for linux), Remote Desktop Protocol, or just HTTP/HTTPS - You can create an image of an EC2 instance and use it as an AMI for future instances ### EBS Elastic Block Store - storage volume you can attach to an EC2 instance - a virtual disk in the cloud - SSD: GP2 -> general purpose, IO1 (IO = Input Output) High performance - Magnetic: ST1 -> Throughput Optimised low cost but still frequently accessed, SC1 -> Lowest cost, designed for less frequently accessed, Magnetic -> last gen ### EC2 Launch Configurations And Auto Scaling Groups - Launch configurations specify which machine should be used - Auto scaling groups allow you to set scaling rules on this configuration ### Roles - Roles allow services (not people) permisions to perform actions on your behalf - You specify what kind of service should be able to use the role & what permissions the role grants - Then you apply to role to the specific instance of that service - Much safer than using access key ids ### Load Balancer - Application Load Balancer HTTP/HTTPS (Can see into layer 7 so can make intelligent routing decisions) - Network load balancer - high performance and static ip addresses - Classic load balancer - previous generation - You can create A target group for a load balancer to use. In that target group you can specify the EC2 instances you want it to point to - Gateway Load Balancer - for ? ### Databases - Relational is called RDS: SQL, Oracle, MySQL, PostgreSQL, Aurora, MariaDB **Two key features** - Multi AZ - for disaster recovery (automatic switch to another db) - Read replicas - for performance (up to 5 copies of a read db) - Non Relational Database: Collection, Document, Fields. Columns in the table can vary, not impacting other rows in the db. Called DynamoDB - OLTP (online transaction processing - get a single record) vs OLAP (Online analytics processing - pull in a large number of records & performs analytics) - Data warehousing is used to pull in data for OLAP. AWS data warehouse solution is called Redshift. Complex queries not hit on the main db - ElastiCache is an in-memory cache in the cloud for your most common queries. Reduces load from your production DBs, supports two open-source in-memory caching engines: Memcached & Redis ### Route 53 - A DNS service - It is global for AWS, similar to IAM and S3 - You can use it to redirect traffic - You can purchase domains here ### Elastic Beanstalk - Free service, but the resources provisioned are chargeable - Will provision services such as pre-installed EC2, load balancer, database, security groups, scaling, health monitoring for you ### CloudFormation - Lets you write infrastructure as code using "stacks" - Free service, but the resources provisioned are chargeable ### Global AWS Services - IAM - Route 53 - CloudFront - SNS & SES - S3 gives a global view but is actually regional ### CloudWatch - Compute: Monitors EC2, Autoscaling Groups, Elastic Load Balancers, Route 53 Health Checks - Storage & CDN: EBS Volumes, Storage Gateways, CloudFront - Host Level Metrics of CPU, Network, Disk, Status check - Can create custom metrics - Can create CloudWatch alarms which trigger notifications - CloudWatch is all about performance ### AWS Sytems Manager - Allows you to manage a fleet of many EC2 instances. e.g. run a command, updates etc. on all EC2s - A piece of software installed on each VM - Can be both inside and used on premise - Run Command is used to install patch, uninstall etc. ### Service Health Dashboard - Shows the health & uptime of AWS services - You can subscribe to RSS feeds of this data and get notifications ### Personal Health Dashboard - Same as the service health dashboard, but for only the services you use ### S3 vs EBS vs EFS - S3 object based storage area for static files. Can't install an operating system or database on S3 - EBS, persistant block storage volumes, good for OS's and databases. Like a virtual hard drive. Can store files, but not as resilient & hard to share. Already replicated within one availability zone - EFS - Elastic File System. File storage for EC2. Like EBS, but for static files, it is elastic so space can grow (unlike EBS). Usualy used for CMS, or a centralised file server. It is a virual disk like EBS ### Global Accelerator - User traffic goes through Amazon's own network, improving availability and performance for local and global users - Uses AWS global infrastructure to improve performance by up to 60% ## Architecting For The Cloud Best Practices (5 Pillars) ### General Design Principles - Stop guessing your capacity needs - Test systems at production scale - Automate to make architectural experimentation easier - Allow for evolutionary architectures - Drive architectures using data (if you don't collect it, the system won't improve) - Improve through game days (simulate events in production) ### Operational Excellence The Operational Excellence pillar includes the ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value. - Perform operations as code (IAC, operations procedures as code, events) - Make frequent, small, reversible changes - Refine operations procedures frequently - Anticipate failure (pre-mortems in addition to post-mortems, gamedays) - Learn from all operational failures ### Security - Implement a strong identity foundation - Enable traceability - Apply security at all layers - Automate security best practices - Protect data in transit and at rest - Keep people away from data - Prepare for security events ### Reliability - Automatically recover from failure - Test recovery procedures - Scale horizontally to increase aggregate workload availability - Stop guessing capacity - Manage change in automation ### Performance Efficiency - Democratize advanced technologies - Go global in minutes - Use serverless architectures - Experiment more often - Consider mechanical sympathy, right tools for the right job ### Cost Optimization - Implement Cloud Financial Management - Adopt a consumption model - Measure overall efficiency - Stop spending money on undifferentiated heavy lifting - Analyze and attribute expenditure ### Reviewing Architecture The review of architectures needs to be done in a consistent manner, with a blamefree approach that encourages diving deep. It should be a light weight process (hours not days) that is a conversation and not an audit. The purpose of reviewing an architecture is to identify any critical issues that might need addressing or areas that could be improved. The outcome of the review is a set of actions that should improve the experience of a customer using the workload. ## Cloud Architecture Trends ### Benefits of the cloud vs traditional - IT assets as provisioned resources - Global, availble and scaleable - Higher Level Managed Services - Built-in Security - Architecting For Cost - Operations on AWS ### Scalability - Scale Up (bigger server, RAM & CPU) - Scale Out (horizontally scale, more machines) - Stateless Applications (e.g. lambda) - Distribute load to multiple nodes - Stateless components (store data localy on the users browser) - Stateful components (e.g. basket storage in the database) - Implement Session Affinity (e.g. cookie sticks a user to an instance) - Distributed Processing (e.g. multiple EC2 instances processing data together - Elastic Map Reduce) - Implement Distributed Processing - ### Instantiating Compute Resources - Bootstrapping (e.g. EC2 bootstrap script) - Golden Images (e.g. EC2 AMI) - Containers - Hybrid containers + EC2 ### Infrastructure As Code - Cloud formation ### Automation - Serverless Management and Deployment - Infrastructure management and Deployment (Elastic Beanstalk, EC2 auto recovery, Systems Manager, Auto Scaling) ### Alarms and Events - CloudWatch alarms - CloudWatch Events - AWS Lambda scheduled evens - AWS WAF security automation ### Loose Coupling - Well defined Interfaces (API Gateway) - Service Discovery (using abstracted connections, rather than specific failable connections) - SQS, using event busses to reduce coupling - Graceful Failure (with mechanisms to report to admins) ### Services - Managed Services - Serverless Architectures ### Databases - Relational Databases (Aurora) - Scalability - High Availability - Multi-AZ - Anti-Patterns - no need for joins or complex transactions, use No-Sql - Non-relational Databases (DynamoDB) - Scalability - High Availability - Multi-AZ - Anti-Patterns - requires joins or complex transactions, use relational databases. If you have large binary files e.g. image, audio, video, use S3 - Data Warehouse (Redshift) - Scalability - High Availability - Multi-AZ - Anti-Paterns - not meant for On Line Transaction Processing (OLTP) - Search (CloudSearch, Elasticsearch) - Scalability - High Availability - Multi-AZ - Graph Databases (Neptune) - Scalability - High Availability - Data lakes (S3) - Allows you to store massive amounts of data in a central location, so it is available to be categorised, processed, analysed and consumed by diverse groups. Since it is stored as-is, you do not have to convert it to a predefined schema and you no longer need to know what questions to ask about your data beforehand - You can use Athena to run SQL queries on your DB ### Removing Single Points of Failure - Introducint Redundancy - Detect Failure - Durable Data Storage - Automate Multi-Data Center Resilience - Fault Isolation and Traditional Horizontal Scaling - Sharding - ### Oprimize for Cost - Right Sizing - Elasticity - Take advantage of variety of purchasing options - Reserved Capacity - Spot Instances ### Caching - Application caching (ElasticCache) - Edge Caching (CND like CloudFront) ### Security - Use AWS Features for Defence - Share Security Responsibility with AWS - Reduce Priviledge Access - Security as Code (Golden secure environments used) - Real-Time Auditing (CloudTrail) ## Pricing ### Capex vs Opex - Capital Expenditure, pay up front, fixed costs - Operational Expenditure, you pay for what you use ### Basic Pricing policies - Pay as you go - Pay less when you reserve - Pay even less per unit by using more - Pay even less as AWS grows - Custom pricing ### Pricing principles #### Understanding the fundamentals of pricing - Compute - Storage - Data Outbound #### Start early with cost optimization - Put cost visibility controls in place before your environments grow #### Maximise the power of flexibility - services are priced independently & are scaleable - You don't pay for services that aren't running, you can turn them off #### Use the right pricing model from the job - on demand - fixed rate by the hour or second - dedicated instances (Physical server for you, may save on software licences) - spot instances (bidding) - reservations (contract term 1yr or 3 yr) - Free Tier, 12 month & always free thresholds - Generaly free services: - Amazon VPC - Elastic Beanstalk - CloudFormation - IAM - Auto Scaling - Opsworks - Consolidated Billing ### What determines pricing? - Clock hours of server time - Instance type - Pricing models - Number of instances (auto scaling) - Load balancing - Detailed monitoring - Elastic IP addresses - Operating Systems & Software **Reserved instance example pricing** ![](https://i.imgur.com/46qMIe8.png) ### Pricing by service #### Lambda pricing - Request pricing - Free Tier: 1 million req per mth - $0.20 per 1 million requests thereafter - Duration pricing - 400,000 GB-seconds (GB of ram * seconds run), 3.2 million seconds of compute time - $0.00000167 for each GB-second after - Additional charges - lambda using other AWS services e.g. S3 #### EBS pricing - Volumes (per GB) - Snapshots (per GB) - Data Transfer #### S3 pricing - Storage class (Standard or IA, 1AZ IA etc.) - Storage (size) - Requests (GET PUT COPY) - Data transfer #### Glacier pricing - Storage size - Data retrieval times ![](https://i.imgur.com/RSZW74N.png) #### Snowball pricing - Peta byte scale data transport solution - Massive disk that comes to your local office, you load it up and send it to AWS to put into the cloud. Can also go the other way around - Service fee per job - 50TB $200 - 80TB $250 - Daily charge - First 10 days free, $15 a day after - Data transfer into S3 is free. Data transfer out of S3 is not #### RDS pricing - Clock hours of server time - Data base characteristics - Database purchase type (instance type) - Number of DB instances - Size of storage (both proviisioned and additional) - Requests - Deployment type - Data transfer #### DynamoDb pricing - Provisioned throughput write - Provisioned throughput read - indexed data storage #### CloudFront pricing - Traffic distribution - Number of requests - Data transfer out ### AWS Budgets & Costs - AWS Budgets lets you forecast costs & alert you of costs before they have occured - AWS Cost Explorer allows you to visualise costs over time after they have occured ### Tagging & resource groups - Tags are Key Value Pairs attached to AWS resources, containing metadata - Tags can sometimes be inherited, e.g. CloudFormation - Resource groups allow you to group resources using tags - Resource groups can contain info like, Region, Name, EmployeeID, Department - Tags can contain specific information e.g. IP addresses, port configurations, Database engine etc. ## Resources - AWS course https://aws.amazon.com/certification/certified-cloud-practitioner/ - AWS Well Architected Framework: https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html - Operataional Excellence Focused white paper: Link to focused whitepaper: https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/welcome.html?ref=wellarchitected-wpp - AWS Pricing white paper: https://docs.aws.amazon.com/whitepapers/latest/how-aws-pricing-works/welcome.html - Link to foundation level white papers (very heavy): https://aws.amazon.com/certification/certification-prep/?nc2=sb_ce_ep