Try   HackMD

AWS Certified Cloud Practitioner Exam Preparation Workshop

Welcome!

Thanks for your interest in the AWS Certified Cloud Practitioner Certification. Below is your go to review guide before you attempt your AWS Cloud Practitioner Certification.

I am confident that a thorough review of this sheet will help you ace your your Cloud Practitioner Exam in your very first attempt.

I would love to hear from you when you pass your exam! I love seeing success from my students!

Thank you and all the best!

Joel Skepper
Senior Technical Trainer, AWS

Learn more at AWS Skillbuilder

Exam Overview

This section covers information about the exam itself. Please see the official AWS Certification - Cloud Practitioner page for up to date information and links, including the current Exam Guide and Sample Questions set.

AWS Certified Cloud Practitioner Exam Summary

  • Covers foundational AWS cloud concepts for any technical or non-technical role
  • Proctored Exam
  • 90 Minutes
  • 65 Multiple Choice, Multiple Answer Questions

The AWS Certified Cloud Practitioner examination is intended for individuals who have the knowledge and skills necessary to effectively demonstrate an overall understanding of the AWS Cloud, independent of specific technical roles addressed by other AWS Certifications. The exam can be taken at a testing center or from the comfort and convenience of a home or office location as an online proctored exam.

Certification Domains

For a detailed description of what is covered in the exam, please see the Exam Guide.

This exam prep page covers the following domains and summarises information you should have a good understanding of in order to successfully pass your certification.

  • Cloud Concepts
    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
  • Security and Compliance
  • Technology
  • Billing and Pricing

Getting Started with Study

So where do we start? If you're reading this, chances are you have attended a Cloud Practitioner 1 day course, completed the self paced Cloud Practitioner learning in skillbuilder, or Cloud Practitioner Exam Prep session and are looking for some guidance on how to fully prepare for the exam.

Below are topic level key areas that you should understand:

  • Cloud Concepts
    • What is the cloud?
    • What is AWS cloud?
    • Key benefits of the AWS cloud
    • AWS infrastructure
    • Ways to access or interact with AWS cloud
    • AWS cloud economics
  • Security and Compliance
    • Reviewing the Shared Responsibility Model
    • Identity and Permissions
    • Compliance
    • Threat prevention
  • AWS Technology
    • Compute
    • Storage
    • Networking
    • Monitoring
    • Scalability
    • Databases
    • Automation options
    • Serverless
    • Ways to decouple
    • Caching and content delivery
  • Pricing and Support
    • Fundamentals of Pricing
    • Cost estimating tools
    • Cost management tools
    • AWS support levels

An invaluable set of resources to be aware of are the Ramp-up guides in Skillbuilder. In particular, focus on the Cloud Essentials or Decision Maker guides which provide additional materials to help achieve the Cloud Practitioner certification.

So lets get started

Domain 1: Cloud Concepts

What is the Cloud? What is AWS Cloud?

Check out this neat page with a video which answers the question - What is the Cloud?

We should also be familiar with these 3 concepts:

  • IaaS - Infrastructure as a Service
  • PaaS - Platform as a Service
  • SaaS - Software as a Service

Understanding these three concepts will help us understand and interact with the Shared Responsibility Model. We will discuss the Shared Responsibility Model later in this guide.

Benefits of AWS Cloud

The 6 main benefits of the cloud are covered here in this great Amazon docs page - Six Advantages of Cloud Computing

For a sumarised view of these benefits, check out this info page - Benefits of the Cloud

Economics of Cloud

When thinking about cloud economics, it is important to consider how expenditure can differ:

  • Upfront expense
    • Expenses usually associated with "getting started" in a project. An example can be purchasing an Amazon Elastic Compute Cloud (Amazon EC2) Savings Plan.
  • Variable Expense
    • The regular day to day expenses of running a workload, which might fluctuate over time as demand increases and priorities change.

Here is a good booklet discussing some Cloud Economics considerations. Note that it does talk about topics outside of the Cloud Practitioner exam, however it is a good place to get started - Cloud Economics e-Book

AWS Global Infrastructure

Understanding the AWS Global Infrastructure is a critical part of all certifications, including the Cloud Practitioner. Ensure you understand each of the below topics and how they relate.

A great resource to learn more about AWS Global Infrastructure is the infrastructure.aws page.

Regions:

  • Based in a specific geographic region
  • Made up of three or more Availability Zones (AZs)
  • Offers a specific subset of AWS services
  • Factors that go into selecting a region include compliance and legal requirements, proximity to your customers, available services within the region, and pricing

Availability Zones

  • Made up of one or more data centers
  • Low latency communication between availability zones
  • Designed to isolate any failure to a single availability zone

AWS Outposts

  • AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises.

AWS Edge Locations

  • Used as nodes of a global content delivery network
  • Allows AWS to serve content from locations closest to users
  • Primarily used by Amazon CloudFront and related services

Interacting with AWS Services

Ultimately, AWS Cloud is a large set of independant "micro" services. Every time you interact with a service you make an API call. These API calls can be initiated from multiple different sources:

How you interact depends on your experience level, your use case and what you're trying to achieve. It is beneficial (but not required) to have hands on experience with the Management Console for this certification. You should also be aware of the CLI and SDK.

In order to gain hands on experience with the Management Console, please create yourself a free AWS account, which can be created here

Domain 2: Security

Security is an integral part to everything we do at AWS. As such, we will start with a key partnership between AWS and you, the user of AWS services. This partnership is known as the Shared Responsibility Model.

Shared Responsibility Model

The Shared Responsibility Model details and illustrates the different responsibilities between AWS and you, the customer. We have to work together to ensure the AWS cloud remains secure.

Security and Compliance is a shared responsibility between AWS and the customer.

The Shared Responsibility Model is separated into two distinct layers - Security of the Cloud and Security in the Cloud.

Security of the cloud - AWS

AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

Some activities can include:

  • Deploying hardware for Global Infrastructure
  • Maintaining global data centers and the underlying network
  • Configuration Management for Infrastructure
  • Patching Cloud Infrastructure & Services

Security in the cloud - Customer

Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities.

Some activities can include:

  • Individual Access to Cloud Resources & Training
  • Data Security & Encryption (both in transit and at rest)
  • Operating System, Network, and Firewall Configuration
  • All Code Deployed onto Cloud Infrastructure
  • Patching Guest OS and Custom Applications

AWS Identity and Access Management

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Identity and Access Management

  • Controls access to AWS resources
  • Manages both Authentication and Authorization
  • Supports Identity Federation
  • Principals include users and roles

Users

An AWS IAM user is an entity that you create in AWS. The IAM user represents the human user or workload who uses the IAM user to interact with AWS. A user in AWS consists of a name and credentials.

Roles

An IAM role is an IAM identity that you can create in your account that has specific permissions. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

Policies in AWS IAM

Are a JSON document that defines permissions for an IAM principal or resource. Policies define what services a principal can or cannot access, and what actions can or cannot be taken on that service

Policy Example:

IAM Best Practices

An extensive list of best practices can be found here. Below is a list of practices that are relevant to this course:

  • Multi-factor Authentication - Provides additional security with either a physical or virtual device that generates a token for login
  • Least Privilege Access - Users should only be granted access to AWS resources that are required for their current tasks
  • Use roles for applications - assign a role to a resource (eg: EC2 instance) rather than hardcoding or configuring direct credentials into the application
  • Rotate credentials regularly
  • Remove unnecessary users and credentials
  • Monitor activity in your AWS account via the various monitoring services

AWS Organizations

AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.

AWS Organizations includes account management and consolidated billing capabilities that enable you to better meet the budgetary, security, and compliance needs of your business.

  • Allows customers to manage multiple accounts under a single master account
  • Provides customers with the ability to leverage Consolidated Billing for all accounts
  • Enables customers to centralize logging and security standards across accounts

Compliance on AWS

  • AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.
    Keep in mind that attestations provided within AWS Artifact assure the Security of the Cloud (AWS responsibility). You must still manage Security in the Cloud and obtain the necessary documentation.
  • The AWS Compliance Center is a central location to research cloud-related regulatory requirements and how they impact your industry

Application Security

AWS Web Application Firewall (AWS WAF)

AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits. These exploits might affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications

AWS Shield

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.

There are two tiers of AWS Shield - Standard and Advanced. Standard is free with all AWS accounts, Advanced has premium features with an associated fee.

Standard:

  • Free with all AWS accounts
  • Quick detection
  • Inline attack mitigation

Advanced:

  • Enhanced detection
  • Advanced attack mitigation
  • Visibility and attack notifications
  • DDoS cost protection
  • Speclialised support

AWS Inspector

Amazon Inspector is a vulnerability management service that continuously scans your AWS workloads for software vulnerabilities and unintended network exposure. Amazon Inspector automatically discovers and scans running Amazon EC2 instances, container images in Amazon Elastic Container Registry (Amazon ECR), and AWS Lambda functions for known software vulnerabilities and unintended network exposure.

  • Assesses applications for vulnerabilities
  • Leverages security best practices
  • Produces a detailed list of security findings
  • Helps remediate issues by providing recommendations

AWS Key Management Service (AWS KMS)

AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the cryptographic keys that are used to protect your data.

Amazon GuardDuty

Amazon GuardDuty is a security monitoring service that analyzes and processes Foundational data sources, such as AWS CloudTrail management events, AWS CloudTrail event logs, VPC flow logs (from Amazon EC2 instances), and DNS logs.

It also processes Features such as Kubernetes audit logs, RDS login activity, S3 logs, EBS volumes, Runtime monitoring, and Lambda network activity logs

Domain 3: Technology

This section covers technical details on a number of AWS services that you should know for the certification. For each service it is recommended that you:

  • Understand the what the service is (it's purpose)
  • Know what type of use case applies to the service

It is also suggested that you understand the concepts of:

  • Billing units - how will you be charged for this service? (eg: compute time, storage amount etc)
  • Scope - what is the infrastructure scope of this service? (i.e. is it Global, regional or availability zone scoped)

Compute Services

You should be familiar with the following compute services for the certification.

Amazon Elastic Compute Cloud (Amazon EC2)

Amazon Elastic Compute Cloud (Amazon EC2) provides on-demand, scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 reduces hardware costs so you can develop and deploy applications faster.

EC2 is an extremely powerful service. Here are some of the features you should be familiar with:

  • EC2 Instance Types - Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications.
  • EC2 Auto Scaling - Amazon EC2 Auto Scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application. See more details below.
  • Amazon Machine Images - An Amazon Machine Image (AMI) is a supported and maintained image provided by AWS that provides the information required to launch an EC2 instance

Container Services

It is helpful to know generally what a container is -

A container is a standardized unit of software development that holds everything that your software application requires to run.

A key challenge when deploying containers is managing container orchestration -

Orchestration is the act of deploying, managing, and scaling containerized applications.

AWS primary container services are Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS). These services will help orchestrate your container based workloads.

Both container services support deploying containers on Amazon EC2 and AWS Fargate.

AWS Fargate is a technology that you can use with Amazon ECS or Amazon EKS to run containers without having to manage servers or clusters of Amazon EC2 instances. With AWS Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers.

Serverless

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume.

  • Enables the running of code without provisioning infrastructure
  • Only charged for usage based on execution time
  • Can configure available memory from 128 MB to 10 GB
  • Integrates with many AWS services
  • Enables event-driven workflows
  • Primary service for serverless architecture

Scaling your compute

Elastic Load Balancer

Elastic Load Balancing (ELB) comes in three different flavours to cater for different use cases. ELB can distribute traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. ELB types are:

Application Load Balancer Network Load Balancer Classic Load Balancer
best suited for load balancing of HTTP and HTTPS traffic best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic intended for applications that were built within the EC2-Classic network
Auto Scaling

AWS Auto Scaling covers managed scaling across multiple different services, from EC2 and Containers to DynamoDB and Amazon Aurora. The Autoscaling we will discuss here specifically relates to Auto Scaling Groups for EC2.

An Auto Scaling Group (ASG) contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management.

Auto scaling allows us to respond automatically to changes in application demand (this contributes to the "elastic" nature of cloud). When thinking about ASG, consider:

  • Minimum and maximum group size
  • A metric used to monitor performance of the group
  • A conditional value used to determine when to scale out or scale in.
  • ASG metrics are monitored by AWS CloudWatch
  • ASGs are perfect candidates to sit behind an Elastic Load Balancer. The ELB distributes traffic across all instances within the Auto Scaling Group.

Networking Services

Amazon Virtual Private Cloud (Amazon VPC)

What is a VPC?

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS

VPC is a regionally scoped service. When you create a VPC it sits across all availability zones within a region.

Some concepts you should be aware of when learning about VPC:

  • CIDR - The IP address range associated with the VPC
  • Subnet - A sub portion ("Sub Network") of IP addresses within the VPC. The subnet is Availability Zone scoped, meaning you need a subnet within each AZ you wish to deploy resources
  • Security Groups - acts as a stateful, virtual firewall for your instance to control inbound and outbound traffic
  • Network ACLs - is an optional layer of security for your VPC that acts as a stateless firewall for controlling traffic in and out of one or more subnets
  • Flow Logs - enable you to capture information about the IP traffic going to and from network interfaces in your VPC

A little deeper discussion on the differences between Security Groups and Network Access Control Lists can be found here in VPC Security.

Direct Connect

AWS Direct Connect (DX) is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS.

This allows you to connect your existing on-premises network directly into AWS VPC, which means your traffic (data) does not cross the public internet. This is specifically useful for highly regulated environments, or workloads that have sensitive data.

A Direct Connect fibre connection will connect to an AWS Direct Connect Partner datacenter. See the AWS Direct Connect Partner page for more information.

AWS VPN

By default, instances that you launch into an Amazon VPC can't communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.

Route53

AWS Route53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like aws.amazon.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.

You can also use Route53 to register your domain names, create different DNS routing configurations and perform health checks on your services.

Amazon CloudFront

Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.

CloudFront utilises AWS edge locations to bring content closer to your customer. This caching technology can also be used in reverse, allowing customers to upload content directly to an edge location.

CloudFront makes use of AWS Shield for DDoS mitigation and AWS WAF (Web Application Firewall) for application protection.

Storage on AWS

There are many different types of storage options available. In this section we will cover block storage, file storage, and object storage.

Block Storage

Amazon Elastic Block Store (Amazon EBS) is the persistent block storage layer for use with Amazon EC2.

  • Enables redundancy within an AZ
  • Allows users to take snapshots of its data
  • Offers encryption of its volumes
  • Provides multiple volume types

The concept of an EBS volume (disk drive for EC2) is important - it allows us to define performance and cost attributes.

File Storage

Amazon Elastic File System (Amazon EFS) provides serverless, fully elastic file storage so that you can share file data without provisioning or managing storage capacity and performance.

Additionally, AWS provides the FSx service family which supports different file system types. A commonly seen deployment is Amazon FSx for Windows which provides fully managed Microsoft Windows file servers, backed by a fully native Windows file system.

Object Storage

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

This storage service is divided into immediately available object storage (S3) and archival object storage (S3 Glacier)

Some key concepts are:

  • Stores objects (files) in buckets
  • Provides different storage classes (tiers) for different use cases
  • Stores data across multiple availability zones (enables high availability and durability)
  • Enables URL access for files
  • Can provide transfer acceleration for uploads using AWS edge locations
  • Offers configurable rules for data lifecycle

Another important concept to learn here is the difference between Availabillity and Durabiity.

S3 Glacier is a long term archival option within the S3 family.

  • Designed for archiving data within S3 as separate storage classes
  • Offers configurable retrieval times
  • Can send files directly or through lifecycle rules in S3

Amazon S3 storage classes are an important concept to understand - ensure you familiarise yourself with them.

AWS Snow Family

AWS Snow family is a collection of purpose built devices to cost effectively move petabytes (and more) of data into AWS, whilst offline. The Snow family is made up of:

  • AWS Snowcone - AWS Snowcone is a small, rugged, and secure edge computing and data migration device
  • AWS Snowball - Service to physically migrate petabyte scale data to AWS
  • AWS Snowmobile - Service to physically migrate exabyte scale data onto AWS

Databases on AWS

AWS has a plethora of Database services which fulfil many different use cases. A full list can be found on the AWS Database Product page.

Key database services for the Cloud Practitioner certification are:

  • Amazon RDS
  • Amazon Aurora
  • Amazon DynamoDB
  • Amazon Elasticache
  • AWS Database Migration Service

You should also be aware of:

You should also know the difference between SQL (relational) and NoSQL (non-relational) databases. A good discussion on this topic can be found on the NoSQL database page. Scroll down to the topic header "SQL (relational) vs. NoSQL (nonrelational) databases".

Amazon Relational Database Service - RDS

Amazon Relational Database Service (Amazon RDS) is a managed relational database product that makes it easy to set up, operate, and scale a relational database in the cloud.

  • Fully managed service for relational databases
  • Handles provisioning, patching, backup and recovery of your database
  • Supports deployment across multiple availability zones (multi-AZ)
  • Some platforms support read replicas
  • Launches into a VPC
  • Provides both general purpose SSD and provisioned IOPS SSD drive options
  • Platforms Include
    • MySQL
    • PostgresSQL
    • MariaDB
    • Oracle Database
    • SQL Server
    • Amazon Aurora

Amazon Aurora

Amazon Aurora (Aurora) is a fully managed relational database engine that's compatible with MySQL and PostgreSQL.

Amazon DynamoDB

Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multiregion, multiprimary, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications

  • Fully managed NoSQL database service
  • Provides both key-value and document database
  • Enables extremely low latency at virtually any scale
  • Supports automated scaling based on configuration
  • Offers in-memory cache with the DynamoDB Accelerator (DAX)

AWS Database Migration Service

AWS Database Migration Service (AWS DMS) enables you to securely migrate data into AWS in an efficient manner for both homogeneous and heterogeneous migrations either all at once or in a continual manner.

AWS DMS uses the Schema Conversion Tool when performing heterogeneous migrations. For further discussion on heterogeneous migrations, check out this Amazon docs page - Heterogenous Database Migration

In heterogeneous database migrations, the source and target databases engines are different, as in Oracle to Amazon Aurora, or Oracle to PostgreSQL, MySQL, or MariaDB migrations. The schema structure, data types, and database code in the source and target databases can be quite different, so the schema and code must be transformed before the data migration starts. For this reason, heterogeneous migration is a two-step process

Amazon Elasticache

Amazon ElastiCache allows you to seamlessly set up, run, and scale popular open-source compatible in-memory data stores in the cloud. It offers fully managed Redis and Memcached for your most demanding applications that require sub-millisecond response times

Monitoring

Amazon CloudWatch

Amazon Cloudwatch is a performance monitoring tool that tracks metrics to provide you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health.

  • Enables performance monitoring and metrics on your AWS resources
  • Monitoring and management service
  • Collects logs, metrics and events from most AWS services
  • Enables alarms based on metrics
  • Provides visualization capabilities for metrics
  • Allows for custom dashboards based on collected metrics
  • Can configure rules to respond to events to create automation, or can b used to create automated and scheduled actions

Amazon Cloudwatch can also collect custom metrics and logs from your servers by use of the Cloudwatch Agent.

AWS CloudTrail

AWS CloudTrail is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.

AWS Trusted Advisor

AWS Trusted Advisor draws upon best practices learned from serving hundreds of thousands of AWS customers. Trusted Advisor inspects your AWS environment, and then makes recommendations when opportunities exist to save money, improve system availability and performance, or help close security gaps.

Automating Deployments

AWS CloudFormation

AWS CloudFormation is a powerful deployment tool that provides a common language for you to model and provision AWS and third party application resources in your cloud environment.

  • Provides Infrastructure as Code (IaC) capabilities for AWS
  • Managed service for provisioning infrastructure based on templates
  • No additional charge (although you pay for the resources that CloudFormation provisions)
  • Templates can be YAML or JSON (see below)
  • Manages dependencies between resources
  • Provides drift detection to find changes in your infrastructure

The key elemets of CloudFormation are:

  • Template - the document or code, that CloudFormation uses to deploy resources
  • Stack - the resultant set of resources that CloudFormation provisions. These resources are configured within the Template.

Here are two examples of a basic Template, one in YAML, the other in JSON.

yaml Example

Description: Creates an S3 bucket
Resources:
 SampleS3Bucket:
  Type: AWS::S3::Bucket
  Properties:
   BucketName: sample-s3-bucket

JSON Example

{
    "Resources": {
        "MyBucket": {
            "Type": "AWS::S3::Bucket",
            "Properties": {}
        }
    }
}

The code above if placed within a full CloudFormation template would create a single S3 bucket

AWS Elastic Beanstalk

AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS

  • Automates the process of deploying and scaling workloads on EC2
  • Supports a specific set of technologies
  • Leverages existing AWS services
  • Only pay for the services you deploy
  • Handles provisioning, load balancing, scaling and monitoring

Elastic Beanstalk is a great way to quickly deploy applications without having to worry about underlying resources. This means any person with sufficient permissions can deploy infrastructure without knowing the underlying code.

Serverless

Amazon Simple Notification Service

Amazon Simple Notification Service (Amazon SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications

  • Fully managed pub/sub messaging service
  • Enables you to create decoupled applications
  • Organized according to topics
  • Integrates with multiple AWS services
  • Provides end user notifications across SMS, email and other push notification endpoints

Amazon Simple Queue Service

Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

  • Fully managed message queue service
  • Enables you to build decoupled and fault tolerant applications
  • Supports up to 256 KB data payload
  • Allows messages to be store up to 14 days
  • Provides two types of queues
    • Standard queue
    • FIFO queue (first in first out)

Domain 4: Pricing and Support

It is important to understand the fundamentals of AWS pricing to ensure your deployed architecture is as cost efficient as possible. They key aspects are:

  • Pay as you go
  • Save when you reserve
  • Pay less with volume based discounts

When we look at pricing concepts, you must consider each service has it's fundamental "billing units". They are usually:

  • Compute - time spent "computing". Eg: EC2 instance uptime.
  • Storage - how much data is actually being stored
  • Data Transfer - Data transfer out (from AWS) and between some regions
  • Access - how many times have you accessed a service

Some useful services

Amazon EC2

A key part to understanding any service is understanding the billing units of that service. EC2 Pricing is divided into different purchasing options:

  • On-demand - Pay by the second or hour for instances launched
  • Reserved - Purchase discount instances in advance for 1-3 years
  • Compute savings plans - Savings Plans is a flexible pricing model that can help you reduce your bill by up to 72% compared to On-Demand prices, in exchange for a commitment to a consistent amount of usage.
  • Spot - Leverage unused capacity in a region for large discount
Considerations for choosing an appropriate Purchasing Option
  • If you have an instance that is consistent and always needed, you should consider a Reserved Instance or Savings Plan.
  • If you have batch processing where the process can start and stop without affecting the job, you should leverage Spot Instances.
  • If you have an inconsistent need for instances that cannot be stopped without affecting the job, leverage On-demand Instances.

AWS Lambda

With Lambda, you can run code for virtually any type of application or backend service, all with zero administration, and only pay for what you use. You are charged based on the number of requests for your functions and the duration it takes for your code to execute.

The Lambda pricing pages detail compute costs and show examples of how costs might be accrued for different use cases.

Amazon S3

S3 pricing is based on four factors:

  • Storage
  • Requests and data retrievals
  • Data transfer
  • Management and replication.

For the Cloud Practitioner it is key to understand the Storage Classes. The S3 pricing pages summarise these classes well. For example:

S3 Standard - General purpose storage for any type of data, typically used for frequently accessed data

AWS Cost Planning Tools

  • AWS Pricing Calculator is a web-based planning tool that you can use to create estimates for your AWS use cases. You can use it to model your solutions before building them, explore the AWS service price points, and review the calculations behind your estimates.
  • AWS Cost Explorer is a tool that enables you to view and analyze your costs and usage. You can explore your usage and costs using the main graph, the Cost Explorer cost and usage reports, or the Cost Explorer RI reports.
  • You can use AWS Budgets to track and take action on your AWS costs and usage. You can use AWS Budgets to monitor your aggregate utilization and coverage metrics for your Reserved Instances (RIs) or Savings Plans.

Supporting Your AWS Resources

AWS Support Plans are designed to give you the right mix of tools and access to expertise so that you can be successful with AWS while optimizing performance, managing risk, and keeping costs under control.

AWS Basic
  • Enabled by default for all AWS accounts
  • Basic access to Trusted Advisor - 7 core checks
  • 24x7 cccess to Customer Service for Billing issues, documentation, forums and whitepapers
  • Access to Personal Health Dashboard
AWS Developer
  • Includes all features of Basic Support, plus business hours access to Support Engineers
  • Limited to 1 Primary Contact
AWS Business
  • Includes all features of Developer Support
  • Full set of Trusted Advisor Checks
  • 24x7 phone, email and chat access to Support Engineers
  • Unlimited contacts
  • AWS Support API
AWS Enterprise On-ramp
  • Includes all features of Business Support
  • Access to a pool of Technical Account Managers (TAMs) to help resolve issues
  • Includes Concierge Support Team
AWS Enterprise
  • Includes all features of Business Support
  • Includes designated Technical Account Manager (TAM)
  • Includes Concierge Support Team

AWS Marketplace

AWS Marketplace is a curated digital catalog that you can use to find, buy, deploy, and manage third-party software, data, and services that you need to build solutions and run your businesses. AWS Marketplace includes thousands of software listings from popular categories such as security, networking, storage, machine learning, IoT, business intelligence, database, and DevOps

See the documentation pages for buyers and sellers.

Next Steps

Congratulations on getting this far in your preparation for the Cloud Practitioner certification! Here I will list some next step actions and some other things that are well worth knowing!

  1. Make sure you have reviewed the Cloud Essentials or Decision Maker ramp up plans as these will provide an extensive list of resouces you can use to increase your AWS knowledge.
  2. Make sure you book your exam! If you keep "waiting for tommorrow" to book it, life will inevitably get in the way!
  3. Complete the Cloud Practitioner exam prep session where an experienced AWS Technical Instructor will take you through a summary of what is required for the exam, including practice questions and what to expect.
  4. Complete the Cloud Practitioner Official Practice Exam in Skillbuilder to cement your confidence to sit the actual exam
  5. If you are like me and prefer hands on learning to embed the concepts you've read here, make sure you begin (and complete!) the Cloud Practitioner Cloud Quest series - a gamified learning experience giving hands on practical application of the topics and concepts covered here.

Other Important Concepts

Well Architected Framework

The Well Architected Framework is a collection of best practices across six key pillars providing guidance on how to best create systems that create business value on AWS.

  • Operational Excellence - focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures
  • Security - focuses on protecting information and systems
  • Reliability - focuses on the ability to prevent, and quickly recover from failures to meet business and customer demand
  • Performance Efficiency - focuses on using IT and computing resources efficiently
  • Cost Optimization - focuses on avoiding unnecessary costs
  • Sustainability - focuses on managing your environmental impact.

Cloud Adoption Framework

The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS.

At the very least, be familiar with the six different perspectives of the AWS CAF:

Business perspective helps ensure that your cloud investments accelerate your digital transformation ambitions and business outcomes. Common stakeholders include chief executive officer (CEO), chief financial officer (CFO), chief operations officer (COO), chief information officer (CIO), and chief technology officer (CTO).

People perspective serves as a bridge between technology and business, accelerating the cloud journey to help organizations more rapidly evolve to a culture of continuous growth, learning, and where change becomes business-as-normal, with focus on culture, organizational structure, leadership, and workforce. Common stakeholders include CIO, COO, CTO, cloud director, and cross-functional and enterprise-wide leaders.

Governance perspective helps you orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks. Common stakeholders include chief transformation officer, CIO, CTO, CFO, chief data officer (CDO), and chief risk officer (CRO).

Platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions. Common stakeholders include CTO, technology leaders, architects, and engineers.

Security perspective helps you achieve the confidentiality, integrity, and availability of your data and cloud workloads. Common stakeholders include chief information security officer (CISO), chief compliance officer (CCO), internal audit leaders, and security architects and engineers.

Operations perspective helps ensure that your cloud services are delivered at a level that meets the needs of your business. Common stakeholders include infrastructure and operations leaders, site reliability engineers, and information technology service managers.

Migration Strategies

A migration strategy is the approach used to migrate a workload into the AWS Cloud. There are seven migration strategies for moving applications to the cloud, known as the 7 Rs:

  • Retire
  • Retain
  • Rehost
  • Relocate
  • Repurchase
  • Replatform
  • Refactor or re-architect

Reliability on AWS

Fault Tolerance

Fault-tolerance is the ability for a system to remain in operation even if some of the components used to build the system fail.

High Availability

High availability is the ability to remain operational during an incident, however may experience some performance degradation.

AWS Disaster Recovery Approaches

  • Backup & Restore - Backups of systems are stored to restore in a DR event
  • Pilot Light - Minimal resources are setup in AWS to support a DR event
  • Warm Standby - Systems are running in AWS and can be scaled up for DR
  • Multi-Site - Systems are running in two regions and support users

AWS Acceptable Use Policy

The AWS Acceptable Use Policy defines prohibited uses of the services offered by AWS. All users of the platform are bound by this policy.

AWS Teams

  • AWS Enterprise Support - Support Engineers + Technical Account Managers (TAMs)
  • AWS Solutions Architects - Help Customers Architect solutions on AWS
  • AWS Professional Services - Paid services team that help customer deploy solutions on AWS
  • AWS Partner Network Technology Partners - They build products using AWS Services
  • AWS Partner Network Consulting Partners - If a customer does not have in-house AWS expertise, then they can leverage Consulting Partners

Sitting the Exam!

Here are some tips I've used to complete over 6 AWS technical certifications, including the Solutions Architect Professional and Security Specialty exams:

  • Read the stem of the question and try to identify the key requirements
  • If you're unsure of the context of the question immediately, mark it for review - you can always come back at the end!
  • Don't waste time agonising over an individual question - chances are another question in the exam will job your memory.
  • When you get to the end of the exam, you will be presented with a review screen. Take this time to "mentally rest" for 30seconds - 1minute, before going back and reviewing each marked question
    • I often have 10-20 questions marked so don't feel bad if you have lots!
  • If you are totally unsure of an answer, after you've reviewed, just guess! There are no marks deducted for incorrect answers!
  • The exam has 65 questions in 90 minutes, meaning a little over 1 minute per question. Don't be intimidated! You've got this!

Closing Remarks

I wish you all the best with your AWS journey and would love to hear from you when you successfully complete your certification! I will leave you with a mind map I created during delivering the Cloud Practitioner Essentials training course which helps students prepare for the exam.

Regards,

Joel Skepper - LinkedIn
Senior Technical Trainer, AWS

Last changed by 
skepperj
9
8258
Published on HackMD