AWS Certified Practitioner Exam Notes

Module 2

 

AWS Elastic Compute Cloud (Amazon EC2) – Amazon’s virtual server instances

·       General Purpose Instances – application, gaming, backend servers for enterprise, small and medium databases.

·       Compute Optimized Instances – Ideal for compute-bound applications that benefit from high performance processors. Ideal for high-performance web servers, compute-intensive applications servers, and dedicated gaming servers. You can also use compute optimized instances for batch processing workloads that require processing many transactions in a single group.

·       Memory Optimized Instances – Designed to deliver fast performance for workloads that process large datasets in memory. E.g. a high performance database.

·       Accelerated Computing Instances – Use hardware accelerators, or coprocessors, to perform some functions more efficiently than is possible in software running on CPUs. Ideal for workloads such as graphics applications, game streaming, and application streaming.

·       Storage Optimized Instances – designed for workloads that require high, sequential read and write access to large datasets on local storage

Pricing for EC2

·       On-Demand – No upfront costs or minimum contracts.

·       Savings Plans – Can be used if lock into a 1-3 year plan and commit a minimum compute level. Saves up to 66%.

·       Reserved Instances – Billing discount applied to on-demand instances. Once it ends, you can terminate the instance or purchase a new reserved instance. Can be 1 or 3 year terms. Basically a ‘rate’ lock-in it sounds like.

·       Spot Instances – Ideal when the workload is flexible start and end times. Must be requested. Good for something that doesn’t need to be continuous – e.g. responses to customer feedback survey. Reduces costs by up to 90%.

·       Dedicated Hosts – Physical servers with Amazon EC2 instance capacity that is fully dedicated to a client’s use.

 

Auto Scaling –

·       Amazon EC2 Auto Scaling enables you to automatically add or remove Amazon EC2 instances in response to changing application demand

o   Dynamic scaling responds to changing demand.

o   Predictive scaling automatically schedules the right number of Amazon EC2 instances based on predicted demand.

·       Minimum Capacity – Minimum EC2 instances that launch immediately after you have created the group.

·       Desired Capacity – Can be configured based on ANTICIPATED demand. 

·       Maximum Capacity – Ceiling in which auto scaling will go.

 

Elastic Load Balancer – Automatically distributes incoming application traffic across multiple resources. All incoming traffic passes through this.

Monolithic Application - an application with tightly coupled components. These components might include databases, servers, the user interface, business logic, and so on. if a single component fails, other components fail, and possibly the entire application fails.

Microservices - application components are loosely coupled. In this case, if a single component fails, the other components continue to work because they are communicating with each other. The loose coupling prevents the entire application from failing. Two messaging services help facilitate this:

·       Amazon Simple Notification Service (Amazon SNS) – A publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.

·       Amazon Simple Queue Service (Amazon SQS) – can send, store, and receive messages between software components, without losing messages or requiring other services to be available. In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

AWS Lambda – service that lets you run code without needing to provision or manage services. One pays only for the compute time that you consume.

 

Containerization

·       Amazon Elastic Container Service (Amazon ECS) – Highly scalable, high performance container management system that enables you to run and scale containerized applications on AWS.

o   Supports ECS docker containers

·       Amazon Elastic Kubernetes Services (Amazon EKS) – fully managed service that you can use to run Kubernetes on AWS.

·       AWS Fargate – serverless compute engine for containers. Works with both ECS and EKS. Just means you aren’t provisioning or managing servers (virtual)


 

Module 3

 

AWS Regions – Four business factor impact how to select regions:

·       Compliance with Data Governance and Legal Requirements

·       Proximity to Your Customers

·       Available Services within a Region

·       Pricing

 

Availability Zones – a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This is close enough to have low latency

Edge Location – A site that Amazon CloudFront uses to store cached copies of your content closer to your customers for fast delivery.

 

AWS Management Console – A web-based interface for accessing and managing AWS services. You can quickly access recently used services and search for other services by name, keyword, or acronym. The console includes wizards and automated workflows that can simplify the process of completing tasks.

AWS Command Line Interface (AWS CLI) - enables you to control multiple AWS services directly from the command line within one tool. AWS CLI is available for users on Windows, macOS, and Linux. 

AWS Software Development Kits (SDKs) - enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS. provides documentation and sample code for each supported programming language. Supported programming languages include C++, Java, .NET, and more.

 

AWS Elastic Beanstalk – you provide code and configuration settings, and Elastic Beanstalk deploys the resources necessary to perform the following tasks:

·       Adjust capacity

·       Load balancing

·       Automatic scaling

·       Application health monitoring

 

AWS CloudFormation – Treat infrastructure as code. build an environment by writing lines of code instead of using the AWS Management Console to individually provision resources. provisions your resources in a safe, repeatable manner, enabling you to frequently build your infrastructure and applications without having to perform manual actions.

 

AWS CloudFront – Content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world.

AWS Outposts – Extend AWS infrastructure and services to your on-premises data center.

 


 

Module 4

 

Amazon Virtual Provide Cloud (Amazon VPC) – Networking service that you can use to establish boundaries around your AWS resources. enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define. Within a virtual private cloud (VPC), you can organize your resources into subnets.

 

Internet Gateway – Connection between a VPC and the internet.

Virtual Private Gateway - allows protected internet traffic to enter into the VPC. A virtual private gateway enables you to establish a virtual private network (VPN) connection between your VPC and a private network, such as an on-premises data center or internal corporate network. A virtual private gateway allows traffic into the VPC only if it is coming from an approved network.

AWS direct Connect - service that enables you to establish a dedicated private connection between your data center and a VPC.

 

Subnets / Network Access Controls

·       Public Subnets – Contain resources that need to be accessible by the public, such as an online store’s website.

·       Private Subnets – Contain resources that should be accessible only through your private network such as a database that contains PII.

·       Network Access Control Lists (ACLs) – Virtual firewall that controls inbound and outbound traffic at the subnet level. Used passport counter at an airport as a particularly apt analogy.

o   Network ACLS perform stateless packet filtering.

 

Amazon Route 53 – Provides DNS web service. Gives developers and businesses a reliable way to route end users to internet applications hosted in AWS. the ability to manage the DNS records for domain names. You can register new domain names directly in Route 53. You can also transfer DNS records for existing domain names managed by other domain registrars. This enables you to manage all of your domain names within a single location.


 

Module 5

 

Amazon Elastic Block Store (Amazon EBS) – provides block-level storage volumes that can be used with Amazon EC2 instances. If an EC2 instance is stopped or terminated, all data attached to the EBS volume remains available.

·       Create and EBS volume, configure (volume size, type) and attach it to the EC2 instance.

·       Can use EBS snapshots to backup the volumes.

o   This is an incremental backup – only changes are backed up after the initial full backup.

·       Stored in a single availability zone, and this zone must be the same as the associated EC2 instance.

 

Amazon Simple Storage Service (Amazon S3) – provides object level storage. S3 stores data as objects in buckets. There are classes that depend on two factors – how often one plans to retrieve data and the availability needs of the data:

·       S3 Standard – designed for frequently accessed data, and stores data in a minimum of three Availability Zones.

o   Provides high availability for objects. Higher cost than other storage classes.

·       S3 Standard – Infrequent Access (S3 Standard-IA) – Ideal for infrequently accessed data – similar to S3 standard but lower storage price and higher retrieval price.

o   Ideal for data infrequently accessed but requiring high availability when needed.

·       S3 One Zone – Infrequent Access (S3 One Zone-IA) – Stores data in a single availability zone, and has a lower storage price than S3 Standard-IA. Useful if one wants to save on storage costs, and can easily reproduce the data in the event of an Availability Zone failure.

·       S3 Intelligent – Tiering – Moves between S3 Standard IA and Standard based on monitored patterns of access to the objects. Charges a small fee per object.

·       S3 Glacier – Low cost storage designed for data archiving. Able to retrieve objects within a few minutes to hours. 

·       S3 Glacier Deep Archive – Lowest cost object storage class ideal for archiving. Able to retrieve data within 12 hours.

 

Amazon Elastic File System (Amazon EFS) – Scalable file system used with AWS cloud services an on-premise resources. As you add and remove files, Amazon EFS grows and shrinks automatically. Useful when a large number of services and resources need to access the same data at the same time. 

 

Amazon Relational Database Service (RDS) – Allows users to run relational databases within the AWS Cloud. This is a managed service that automates tasks such as hardware provisioning, database setup, patching and backups. Available in SIX database engines:

·       Amazon Aurora

·       PostrgeSQL

·       MySQL

·       MariaDB

·       Oracle Database

·       Microsoft SQL Server

 

Amazon DynamoDB – Key-value database service. Delivers single digit millisecond performance at any scale. This is serverless, and scales automatically.

Amazon DynamoDB Accelerator – In-memory cache for DynmaoDB and helps improve response times to microseconds.

Amazon Redshift – Data warehousing service that can be used for big data analytics. Offers the ability to collect data from many sources and helps understand relationships and trends across the data.

AWS Database Migration Service (AWS DMS) – Can move data between a source database and a target database. Source/target do not need to be the same type.

Amazon DocumentDB – Document database service that supports MongoDB workloads.

Amazon Neptune – Graph database service. Can be used to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, etc.

Amazon Quantum Ledger Database (Amazon QLDB) – Ledger database service. Can be used to review a complete history of all the changes that have been made to your application data.

Amazon Managed BlockChain – Can be used to create and manage blockchain networks with open-source frameworks. A distributed ledger the lets multiple parties run transactions and share data without a central authority.

Amazon ElastiCache – Adds caching layers on top of your databases to help improve the read times of common requests. Supports Redis and Memcached types of data stores.

 

Module 6

Shared Responsibility Model:

 

AWS Identity and Access Management – Enables you to manage access to AWS services and resources securely. Controlled by ‘Root User’ (pretty much system admin).

IAM User – Allowed to interact with objects. Default has no capabilities; root user must add the permissions.

IAM Policy – Allows you to set policy that control how interaction occurs with objects. E.g. these roles can access these assets, etc.

IAM Groups – Group users by specific roles, etc. and apply policies at the group level so all you need to do is add the user rather than building the user’s permissions from the ground up.

IAM Roles – Temporary access permissions afforded to a user that may be changing what they need to do in AWS. Temporary being the key word.

AWS Organizations – can be used to consolidate and manage multiple AWS accounts within a certain location. Can centrally control permissions for the accounts in your organization by using service control policies (SCPs). SCPs can be applied to individual accounts or OUs.

Organizational Units – Grouping at the basically organization level to apply policy consistently.

AWS Artifact – service that provides on-demand access to AWS security and compliance reports and select online agreements. Consists of AWS Artifact Agreements and AWS Artifact Reports.

·       AWS Artifact Agreements – If you need to sign an agreement with AWS regarding use of certain types of information (e.g. HIPAA)

·       AWS Artifact Reports – This is where reports from third parties (e.g. SOC reports are available).

AWS Compliance Center - https://aws.amazon.com/compliance/customer-center/ - Contains information about compliance. Helpful to auditors so probably want to check it out at some point.

AWS Shield – protects against DDoS attacks.

·       AWS Shield Standard – Automatically protects and is included at no cost.

·       AWS Shield Advanced – Paid DDoS protection that integrates with other AWS products and is paid rather than free. Includes attack iagnostics and the ability to detect and mitigate sophisticated DDoS attacks.

 

AWS Key Management Services (AWS KMS) – enables performance of encryption operations though the use of cryptographic keys. Can be used to create, manage and use cryptographic keys. Can choose the specific levels of access control that you need for your keys.

 

AWS Web Application Firewall (AWS WAF) – Web application firewall within AWS. Works with CloudFront and Load Balancer. Uses ACLs to protect AWS resources.

 

Amazon Inspector – Used to perform automated security assessments. This checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions. Provides a list by severity level, including detail of the issue and recommendation on how to fix it.

Amazon GuardDuty – Service that provides intelligent threat detection for AWS infrastructure and resources. Effectively a monitoring mechanism. Sends any issues to the management console.

 

Module 7 

 

Amazon Cloudwatch – web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics. AWS services send metrics to CloudWatch, which then uses the metrics to create graphs.

·       Cloudwatch Alarms – Will send an alert if a predefined threshold is exceeded. Will also automate responses such as stopping an EC2 instance that’s not been used over a certain period of time.

·       CloudWatch dashboard – Effectively AWS’s monitoring dashboard.

 

AWS CloudTrail – Records API calls for the account, including the identity of the API caller, the time of the API call, the source IP address and more. Basically the logging function. Can use CloudTrail Insights to automatically detect unusual API activities on the account.

 

AWS Trusted Advisor – Web service that inspects the AWS environment and provides real-time recommendations in accordance with AWS best practices.


 

Module 8

 

AWS Cost Explorer - a tool that enables you to visualize, understand, and manage your AWS costs and usage over time. AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.

 

Module 9

 

AWS Cloud Adoption Framework (AWS CAF):

In general, the BusinessPeople, and Governance Perspectives focus on business capabilities, whereas the PlatformSecurity, and Operations Perspectives focus on technical capabilities.

 

·       The Business Perspective ensures that IT aligns with business needs and that IT investments link to key business results.

 

Use the Business Perspective to create a strong business case for cloud adoption and prioritize cloud adoption initiatives. Ensure that your business strategies and goals align with your IT strategies and goals.

 

Common roles in the Business Perspective include: 

·       Business managers

·       Finance managers

·       Budget owners

·       Strategy stakeholders

 

  • The People Perspective supports development of an organization-wide change management strategy for successful cloud adoption.

Use the People Perspective to evaluate organizational structures and roles, new skill and process requirements, and identify gaps. This helps prioritize training, staffing, and organizational changes.

 

Common roles in the People Perspective include: 

·       Human resources

·       Staffing

·       People managers

 

·       The Governance Perspective focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.

 

Use the Governance Perspective to understand how to update the staff skills and processes necessary to ensure business governance in the cloud. Manage and measure cloud investments to evaluate business outcomes.

 

Common roles in the Governance Perspective include: 

·       Chief Information Officer (CIO)

·       Program managers

·       Enterprise architects

·       Business analysts

·       Portfolio managers

 

·       The Platform Perspective includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.

 

Use a variety of architectural models to understand and communicate the structure of IT systems and their relationships. Describe the architecture of the target state environment in detail.

 

Common roles in the Platform Perspective include: 

·       Chief Technology Officer (CTO)

·       IT managers

·       Solutions architects

 

·       The Security Perspective ensures that the organization meets security objectives for visibility, auditability, control, and agility. 

 

Use the AWS CAF to structure the selection and implementation of security controls that meet the organization’s needs.

 

Common roles in the Security Perspective include: 

·       Chief Information Security Officer (CISO)

·       IT security managers

·       IT security analysts

 

·       The Operations Perspective helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.

 

Define how day-to-day, quarter-to-quarter, and year-to-year business is conducted. Align with and support the operations of the business. The AWS CAF helps these stakeholders define current operating procedures and identify the process changes and training needed to implement successful cloud adoption.

 

Common roles in the Operations Perspective include: 

·       IT operations managers

·       IT support managers

 

Migration Strategies:

 

·       Rehosting also known as “lift-and-shift” involves moving applications without changes. 

In the scenario of a large legacy migration, in which the company is looking to implement its migration and scale quickly to meet a business case, the majority of applications are rehosted.  

 

·       Replatforming, also known as “lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.

 

·       Refactoring (also known as re-architecting) involves reimagining how an application is architected and developed by using cloud-native features. Refactoring is driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.

 

·       Repurchasing involves moving from a traditional license to a software-as-a-service model. 

 

For example, a business might choose to implement the repurchasing strategy by migrating from a customer relationship management (CRM) system to Salesforce.com.

 

·       Retaining consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.

 

·       Retiring is the process of removing applications that are no longer needed.

 

Snow Family: collection of physical devices that help to physically transport up to exabytes of data into and out of AWS

·       Snowcone - is a small, rugged, and secure edge computing and data transfer device. 

 

It features 2 CPUs, 4 GB of memory, and 8 TB of usable storage.

·       Snowball – Offers two types of devices:

    • Snowball Edge Storage Optimized devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs. 

      • Storage: 80 TB of hard disk drive (HDD) capacity for block volumes and Amazon S3 compatible object storage, and 1 TB of SATA solid state drive (SSD) for block volumes. 

      • Compute: 40 vCPUs, and 80 GiB of memory to support Amazon EC2 sbe1 instances (equivalent to C5).

    • Snowball Edge Compute Optimized provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks. 

      • Storage: 42-TB usable HDD capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and 7.68 TB of usable NVMe SSD capacity for Amazon EBS compatible block volumes. 

      • Compute: 52 vCPUs, 208 GiB of memory, and an optional NVIDIA Tesla V100 GPU. Devices run Amazon EC2 sbe-c and sbe-g instances, which are equivalent to C5, M5a, G3, and P3 instances.

·       Snowmobile - an exabyte-scale data transfer service used to move large amounts of data to AWS. You can transfer up to 100 petabytes of data per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi trailer truck.

Other services:

§  Machine Learning – Amazon SageMaker – Build Train an deploy ML models quickly

§  Artificial Intelligence –

o   Speech to text with Amazon Transcribe

o   Discover patters in text with Amazon Comprehend

o   Identify potentially Fraudulent online activities with Amazon Fraud Detector

o   Build voice and text chatbots with Amazon Lex

 

AWS Well-Architected Framework:

§  Five pillars: