2個月從0開始考過AWS CCP證照+50%折扣碼攻略

# 2個月從0開始考過AWS CCP證照+50%折扣碼攻略 ## CLF-C02: AWS Certified Cloud Practitioner 不囉嗦，先上成績單！ ![image](https://hackmd.io/_uploads/H1_QVnvPp.png) ## 心路歷程 **準備時間**：2個月從0開始 **準備方式**： 1. 第一個月：參加職訓局雲端大數據課程，每週約7hrs實作課，了解功能及名詞打基礎 2. 第二個月：**這個月才是準備考照的重點**，聽AWS雲端培訓計劃線上教材及刷近450題考古題(<font color="#f00">文末都有分享資源，都是免費的！還有考試相關折扣資訊，其實當初會報名完全就是貪小便宜心態給的動力XD</font>) * 第一週：聽完AWS雲端培訓計劃約6hrs影片課程(非常有幫助) * 第二週：考古題ExamTopics把免費的125題寫完(**每題作答完馬上訂正，有時候網站答案不一定是對的，所以看下面的討論很重要，我有把每則留言都看過一遍**) * 第三週：考古題ExamTricksTips2023寫完前面60題(**每題作答完馬上訂正，慢慢拆解每題題目的思路並找出一套邏輯，答錯當學習！**) * 第四週：AWS Certified Cloud Practitioner Exam Questions Dumps(最後衝刺期，大量刷題，為模擬真實考試，我是按影片順序，每天抓65題，並設定90分鐘內完成。然後每題作答後，先對答並先記錄結果，最後才回來訂正，僅看不確定及答錯的題目。**在這階段其實最重要的是了解自己的程度，以及建立信心，不用太糾結在想不出來的題目，多寫就會發現自己的進步**) **心得**： 1. **動態的調整目標**： - 設定目標：最一開始沒有頭緒，是先爬文看看其他人怎麼準備考照，然後在評估自己現有時間下，能做多少事，先訂定大方向，每週目標，在比較有方向後，設定每天目標。 - 調整目標：在開始執行的時候，難免會有發現自己花費過多時間仍未達成目標，或有其他想做的事減少能準備的時間。**=>取捨很重要，釐清自己現階段什麼是必須做的，什麼是可以放棄的，重新訂定新的目標，就會減輕壓力。** 2. **訂正是最痛苦的部分**：有時候看了解答還是無法理解，每天訂定的目標題數又無法完成，會懷疑自己到底準備時間夠不夠。**=>真的想不出來就把題目先記下來，考題重複性很高，每錯一次回來查找就會記住。** 3. **OnVUE線上考試**：**差評！！！** * 考前30分鐘檢錄：先按網頁指示，下載OnVUE程式，並輸入網站提供的登入碼，開始測試環境。但不知道怎樣最後總是會出現請離開程式的按鍵，按下去後程式就不明不白的結束了？**=>後來是把防火牆全關掉、重新用網站申請登入碼**(否則用同一個登入碼重進會跳出已過期的錯訊)**後才成功** * 等待監考官聯絡你： - 畫面上會顯示有多少人在排隊入場，上方還忽然顯示你的考試沒有launch的不明訊息?=>**持續等待，我是在表定考試時間過了1個小時後才等到考官**。會忽然跳出交談視窗以及監考官聲音，叫你把**耳機跟手錶拿掉(全程禁止使用)**，眼看時間都只剩一半了，問他現在的情況，結果他都不會回答你，差點以為我遇到的是AI機器人，相當令人抓狂。 - 跟著監考官的指示操作後，他還要我重新關掉程式用同一組登入碼重登一次，結果又重新進入了排隊入場畫面，等到第二次監考官跟我確認後才讓我開始考。=>**還好時間是從進入考試畫面後才開始計算**，也還好時間相當充裕，需要一段時間心情總算平復。 - 監考官會叫你顯示整個房間，**拔掉筆電充電線後，要記得插回去**。好不容易走到這步了，結果做答到一半電腦直接**斷電關機**，傻爆眼。還好重新開機後打開程式，畫面還在，萬歲！ * 綜合以上幾點，可以躺在床上考，這點其實還不錯啦:) ## 重點整理 **粗體字**是考題內容 ### Cloud computing benefits 1. **Variable expenses**: Pay only for what you use(用多少付多少) 2. **Cost optimization**: Focus on applications and customers(減少時間跟金錢的成本在維運機房) 3. **Capacity**: Scale in(減少) and scale out(增加) as needed(可隨著用戶流量變化，增減資源) 5. **Economies of scale**: Benefit from cutomers' aggregated usage(規模越大平均成本越低) 6. **Speed and agility**: Minutes between wanting resources and having resources(可以非常快速地擴充資源)，experiment quickly 7. **Global in minutes**: Quickly deploy applications worldwide(若客戶在歐洲，傳統機房在亞洲會有網路延遲; 雲端運算則可直接使用歐洲的機房資源) ### Deployment models 1. Cloud-based: 雲端機房(新創公司) 2. **On-premises**: 地端機房(Use virtualization and resource，硬體虛擬化技術，將硬體裝多個作業系統，共享硬體資源，發揮最大效能) 3. Hybrid: 混合模式(雲端+地端機房)，如：前端使用雲端機房+後端及資料庫使用地端機房(機密資料較安全) ### AWS六大服務 1. Compute a. EC2(Elastic Compute Cloud) * EC2 instance types - General purpose - Compute optimized(大量統計資料計算時使用) - Memory optimized(資料庫查詢需求時使用) - Accelerated computing(使用GPU時使用) - Storage optimized(蒐集大量資料、資料倉儲時使用) * EC2 instance pricing options - On-Demand(沒有固定用量**unpredictable workload**，依需求計價，無優惠，服務不中斷**continuously**，does not require a long-term commitment) - Spot(競價模式，可以用非常低可能至一折的價格買到，但隨時可能會被中斷服務**can be interrupted**，故適合僅做運算時使用): **stateless**, **fault tolerant**, **downtime** - Reserved(長期合約，一到三年，有折扣，服務不中斷): **lowest cost**，**stable workload** - Compute Savings Plan(同上，但有彈性可以更換機器規格，貴上面一點): **lowest cost**, **Lambda fuctions**, **EC2** - Dedicated Hosts: A Dedicated Host is a physical EC2 server fully dedicated for your use to support existing **software license** and integrated with **AWS License Manager**. **Total Cost of Ownership(TCO)**, **physical isolation** of a customer workload, the highest reduction is **all upfront payment**, **long-term commitment**. * EC2 scaling - manual scaling: 隨用戶量，手動增減機台 - auto scaling: 隨用戶量，自動擴展增減機台(dynamic scaling/predictive scaling)，設定Desired(策略，什麼情況下要增減機台)、Minimum instances、Maximum instances * ELB(Elastic Load Balancing): 將用戶流量平分到每個機台，由一個入口點連結到Auto Scaling group b. Lambda: Serverless，當用量不高，不需整天計價時，可用Lambda取代EC2。**Lambda functions have a maximum execution time of 15 minutes** 2. Network a. Amazon VPC(Amazon Virtual Private Cloud): 內網 * Public subnet: 透過Internet，外網連到內網 ![image](https://hackmd.io/_uploads/rkMkYNfV6.png) * Private subnet: 透過Internet，內網連到內網 ![image](https://hackmd.io/_uploads/SJJCqVGNp.png) * **AWS Direct Connect location**: 第三方電信商，透過實體專線(**private dedicated connection**)連接Public subnet/Private subnet(不走網際網路連線)，快、穩、低延遲，頻寬較大，但比較貴(Hybrid使用)，替代方案為VPN(成本較低，但可能安全不合規，走網際網路連線) ![image](https://hackmd.io/_uploads/rkLD54GNp.png) * VPC endpoints - **private connections** between **VPC** and **supported AWS services** - **does not require** internet gateway, virtual private gateway, NAT device, VPN connection, or AWS Direct Connect connection b. **NACL**(Network access control lists): 第一道防火牆**FireWall(Block network traffic)**，保護對象為subnet c. **Security Group**: 第二道防火牆**FireWall(Block network traffic)**，保護對象為EC2 instance(的網卡)，**allow access to EC2 instance through only a specific port** ![image](https://hackmd.io/_uploads/BJc5lSG46.png) * Network ACLs vs. Security Groups ![image](https://hackmd.io/_uploads/rJr6R1dLxe.png) d. Domain Name System(DNS): Route53(指到最鄰近的Edge locations使用CloudFront服務，**CloudFront service enables companies to deploy an application close to end users**) 3. Storage a. Block storage: 快速 * EBS(Elastic Block store) volumes: 就是硬碟，可存放OS，EC2 開機一定要掛一顆 EBS。EC2關機後，資料還會在(一個EC2能掛載多個EBS，但一個EBS只能給一個EC2使用) * Instance store: Cache storage，EC2關機後，資料就消滅了 b. Object storage: Data, Metadata, Key, **Durability**, **cost-effective** * S3(Simple Storage Service): 存放圖片、影片、log等資料，不能被 EC2 直接掛載 * S3 storage classes: - S3 Standard: Frequently accessed data(數據分析), minimum 3AZ - S3 Standard-IA: Infrequently accessed data, minimum 3AZ - S3 One Zone-IA: lower price than S3 Standard-IA, minimum 1AZ - S3 Intelligent-Tiering: data with unknown or changing access patterns(根據歷史資料自動做成本優化) - S3 Glacier: Low-cost storage designed for data archiving, retrieve objects within a few minutes to hours(少用的到資料，需要解凍才能拿到資料) - S3 Glacier Deep Archive: **Lowest-cost, long-term data object storge class**, retrieve objects within 12 hours * **S3 Versioning**: preserve, retrieve, and restore every version of every object stored in your buckets. **Protecting the data from accidental deletion or overwriting** c. File System: **shared file folder**(如:NAS) * EFS(Elastic File System): Store data in a scalable file system(可擴展，一個EFS可以share給多個EC2使用)，**provide static files(digital handbooks) securely**，**Serverless**! **EFS doesn't support mounting from EC2 Windows instances.** [**Tutorial**](https://www.youtube.com/watch?v=Aux37Nwe5nc) 4. Database a. **RDS**(Relational Database Service): use SQL(structured query language, provides OLTP(online transaction processing) * MySQL * MariaDB * PostgreSQL * Oracle * Microsoft SQL Server * Amazon MQ: **support MySQL** * **Amazon AuroraDB**: 全代管**Fully Managed**，不需開EC2，其他的都得開EC2，**support MySQL+PostgreSQL**，**cross-Region read replicas**，**automated backups of data by default** * **Amazon Redshift**: operate a **data warehouse** to analyze data without managing the data warehouse infrastructure b. **Nonrelational Database**: provides **sub-millisecond latency** on a large scale, handle over 10 trillion requests per day, **automatically scales**(方便擴展，分散式效能更好) * **Amazon DynamoDB**: **key-value pairs**，a fully managed **NoSQL database service** that provides fast and predictable performance with **seamless scalability**，**Serverless**! * **Amazon ElastiCache: in-memory data store service** c. **Amazon Athena: occasionally run queries on data stored in Amazon S3**(not a database but a query tool) d. **Amazon Neptune: graph database service** 5. Security a. Responsibilities * Customers - **Update the guest operating system of the EC2 instances** - **Classify company assets in the AWS Cloud** - **Applications** - **Configure the security group firewall** - Host-based firewalls - Account management - **Configure IAM credentials** - **Access to DynamoDB tables** - **Maintain high availability at the database layer** - **Managing the encryption options on the S3 bucket** * AWS - **Physical security of data centers** - **Hardware and software infrastructure**(firmware updates on hardware) - Network infrastructure - **Virtualization infrastructure** * AWS & Customers - **Security** - **Compliance** - **Patch management** - **Configuration management** b. **AWS IAM**(Identity and Access Management): is a feature of your AWS account and is offered at **no additional charge(Always Free)**. * [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) - IAM user: 可以用AWS的人，**access key ID and secret access key** - IAM group: IAM user的集合，套用一個policy，所有人都套用 - IAM policy: 控制存取AWS的權限permission - **IAM role**: **grant users in one AWS account access to resources in another AWS account, ex: SNS(可以在不同account之間存取資料)；可以讓使用者有身分來透過**EC2存取S3資源，**provide temporary security credentials** - MFA(Multi-factor authentication) c. AWS OU(Organizations Unit): **no additional cost** * Use SCPs(service control policies): 讓Root下，不同的account套不同的policy(**centrally manage security policies**)，就可以有不同的存取權限(**create new AWS accounts, group multiple accounts** to organize workflows, and **apply policies to groups of accounts**) * **Consolidate billing across accounts(quantity discounts)** * [Design principles for your multi-account strategy](https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/design-principles-for-your-multi-account-strategy.html) d. **AWS Artifact**: 列出所有的**Compliances**(法規法令), **compliance reports**, including **certifications**, attestations, and other relevant documents. Provide applicable report to the auditor preparing **security audit report** e. AWS Application Security: WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include **IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting**(可由IP判斷是否為hacker，阻擋其request). **Filter and control inbound web traffic**，**Provide detailed logging information** f. **AWS Shield**: **protection against DDoS**(distributed denial of service) attacks(special cases which can't be handled by WAF) g. AWS Inspector: automated **vulnerability management** service, **security assessments** on your applications(掃描漏洞) 6. Mangement ### Global Infrastructure 1. Three aspects ![image.png](https://hackmd.io/_uploads/SyULAxY76.png) * Region(EC2、S3) * Availability Zones(EBS): 包含Data Center，**use redundant underlying power sources** * Edge locations(**CloudFront**、R53): Cache，**global content delivery network(CDN)**，Securely deliver content with **low latency and high transfer speeds(stream live, on-demand video, static files, websites, applications, APIs)，CloudFront can protection against DDoS attacks** 2. Factors of determining the right region * Compliance with data governance and legal requirements * Proximity to your customers * Available services within a region * Pricing 3. Concepts of deploys web servers across several AWS Regions/AZs: * Resilience: The ability of a workload to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions, such as misconfigurations or transient network issues. * Availability * Reliability: The ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle. * Design for failure ### Monitoring 1. **CloudWatch**: dashboard(RDS Metrics), **automatic alerts**(**alarms**) 2. **CloudTrail**: **track user activites and API requests, filter logs**. By reviewing CloudTrail logs, you can **identify when an EC2 instance was terminated**, who initiated the termination, and other relevant details about the event.**Enable traceability** 3. Cloud Advisor: suggestions of **best practices**, real-time, detecting **underutilized resources** to **save costs**, **recommendations for rightsizing AWS resources**, improving **security** by **proactively** monitoring the AWS environment. To monitor for **misconfigured security groups** that are allowing **unrestricted access to specific ports** * **Cost Optimization** * **Performance** * Security * Fault Tolerance * Services Limits ### Pricing 1. 成本管理工具 * AWS Cost Explorer: **visualize**, understand, and manage your AWS costs and usage over time, forecast costs, **rightsizing opportunities for Amazon EC2 instances** * AWS Cost and Usage Report: detailed information about AWS usage and costs * AWS Budgets: 預計花多少錢 * Pricing Calculator: **estimate costs before deployment, predict future costs，examine costs associated with different workloads** * Cost allocation tags: monitor and classify expenditure at a precise level, track and categorize AWS costs * AWS Billing and Cost Management: track and manage AWS costs * AWS Billing console: access report about estimated environmental impact of usage 2. S3 pricing factors: * Storage * Requests(API) and data retrievals * Data transfer * Management and replication 3. Benefits of **Consolidated billing**: * **One bill**: Receive a single bill for all the AWS accounts * **Combined usage**: Volume pricing in Amazon S3(將所有account的使用量相加算錢可獲得折扣) * Easy tracking: You can track the charges across multiple accounts and download the combined cost and usage data. * No extra fee 4. [AWS Support](https://aws.amazon.com/premiumsupport/plans/?nc1=h_ls): * Basic Support(for free) * Developer * Business: 3rd party tool，**full set of AWS Trusted Advisor best practice checks** * **Enterprise**: 3rd party tool，**TAM(Technical Account Manager)**，**AWS Concierge Support team**，回應時間短(緊急處理)，AWS Enterprise Support offers guidance and support for operational readiness assessments and risk mitigation at no additional charge * **only root user can change AWS Support plan** * out of scope: Tuning database queries 5. AWS Marketplace: Provides listing of third-party software that runs on AWS. **Pre-installed third-party firewall** on EC2. ### Migration 1. Migration strategies discovery phase: * Rehost: 地端為VM(最簡單) * Replatform: 地端為DB(效益較高，費用低，但轉移時間成本較高) * Refactor/Rearchitect: 架構(效益更高，費用低，但轉移時間成本較高) * Repurchase: 內部系統如CRM沒有在更新，不好維運，上雲後，重新購買CRM服務 * Retain: 搬不上雲，保持原狀 * Retire: 沒有在用，關掉 2. Well-Architected Framework **Pillars**: 上雲後，優化架構 * Operation excellence: 漸進式優化，Learn to improve from operational failures(從營運失敗中學習經驗改進營運程序)，**anticipate failure**(預料失敗)，**reversible changes**，並以程式碼形式執行營運，減少手動改成自動部屬, **Perform operations as code**. **Run workloads effectively, gain insight into operations, continuously improve supporting processes and procedures** * **Security**: 架構安全(不能被妥協)，**protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks** * Reliability: 自動偵查及修復**automatically recovery**, test recovery procedures, **stop guessing capacity**, **decouple the components**, perform its intended function **correctly and consistently** * Performance efficiency: 使用serverless自動調度資源，提高效能 * Cost optimization: 分析並選擇成本最低的方式架構 * Sustainability: understanding, **minimizing the environmental impacts, using app without upgrading mobile devices** ### 補充 1. Cloud Adoption Framework(CAF) * **identify and prioritize business transformation opportunities, improve cloud readiness** * https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html * https://docs.aws.amazon.com/whitepapers/latest/aws-caf-governance-perspective/appendix-aws-caf-perspectives-and-foundational-capabilities.html ![image](https://hackmd.io/_uploads/SyTbyKBU6.png) * https://aws.amazon.com/cloud-adoption-framework/ ![image](https://hackmd.io/_uploads/HyQzQN-vT.png) 2.名詞解釋 https://wa.aws.amazon.com/wellarchitected/2020-07-02T19-33-23/wat.concepts.wa-concepts.en.html ## 考古題 ### ExamTricksTips2023 https://www.youtube.com/@ExamTricksTips2023 ### ExamTopics https://www.examtopics.com/exams/amazon/aws-certified-cloud-practitioner-clf-c02/ ### AWS Certified Cloud Practitioner Exam Questions Dumps https://www.youtube.com/watch?v=mLs3cxbLWos&list=PL7GozF-qZ4KeQftuqU3yxvQ-f3eFNUiuJ ## 模擬測驗成績正式考試70分通過，評分標準似乎不是直接依照答對率計算，但模擬測驗也只能這樣算了。 **第一回**：答對率43/65(66%) **第二回**：答對率41/65(63%) **第三回**：答對率44/65(67%) **第四回**：答對率60/65(92%) ## 測驗技巧 https://pages.awscloud.com/tw_cloud_fluency.html 1. 申請**非母語考試延長考試時間**(總長變130分鐘) 2. 選擇**繁體中文**考試(可以切換至英文，若選英文則無法切換中文)，**若有申請非母語仍能延長考試時間！** 3. 設定時間限制： * 在模擬練習的時候，我先要求自己在90分鐘內寫完65題，每30分鐘做22題。(習慣的話，正式考試有130分鐘，慢慢寫都寫得完，不過**正式考試時間顯示方式是130分鐘開始倒扣喔！**) * 每題盡量在1分鐘內作答 * 1題最多考慮5分鐘，答不出來先以最相關的關鍵字做連結直接選擇一個最接近的答案(若仍無法作答，選擇最長的答案，再無法判斷直接選C!) 5. 標籤及註解題目(在畫面上方左右兩側有標籤及註解按鈕)：分成**確定**、**不確定**、**完全不懂** * **確定**：若有多餘時間，優先回來檢查，確定是否有粗心誤解題目 * **不確定**：若在後續答題的過程，看到其他題目有類似的關鍵字，可能會想起來正確答案，這時候再回來解，否則不需重看(重看完有可能思考的方式改變，改變作答結果，但答案也不一定會是對的) * **完全不懂**：不需重看(重看完有可能思考的方式改變，改變作答結果，但答案也不一定會是對的) ## AWS雲端培訓計劃 https://pages.awscloud.com/tw_cloud_fluency.html 1. **CCP考照半價優惠**：通過以上培訓計劃任務，可以索取半價折扣碼(拿到後需在一個月期限內**報名CCP考試**)，台幣3000元->1500元 2. **通過CCP考試後**，會再得到一組**半價折扣碼**，**可以報名任何考試**如：SAA。其實當初有在考慮是否要直接上SAA，也擔心說自己考到CCP後就會失去動力了(剛考完確實有這個想法)，結果收到半價折扣，看來不考不行了XD，這樣算起來，不僅價格比直接考SAA優惠，多了時間與經驗準備，自己心理也覺得更為踏實。 4. 培訓計劃到2023今年底，但之後有機會再延長