AWS Certified Cloud Practitioner

based on Exam Pro Free Tier - AWS Certified Cloud Practitioner

Cloud computing

the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer

Compute

virtual computer than can run application, programs, and code

Networking

virtual network defining internet connections or network isolations between services or outbound to the internet

Storage

virtual hard-drive that can store files

Databases

virtual database for storing reporting data or a database for general purpose web application

Public Cloud

everything is built on the Cloud Service Provider

Private Cloud

everything built on company’s datacenters (On-Premise)

Hybrid Cloud

Using both On-Premise and a Cloud Service Provider

• established connection

Cross (Multi) Cloud

Using Multiple Cloud Providers

• using AWS, Azure, and GCP at the same time

Pay-As-You-Go

• AWS charges based on usage — by the second, minute, or hour

• You do not pay a fixed monthly fee unless you've committed via Reserved Instances or Savings Plans

AWS Free Tier

allows new AWS account holders to access certain services for free for the first 12 months or free usage up to a certain monthly limit forever

Benefits of Cloud

• Trade upfront expense for variable expense

  • You can pay only when you consume computing resource

• Benefit from massive economies of scale

  • Receive lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services

• Stop guessing capacity

  • You don’t have to predict how much infrastructure capacity you will need before deploying an application

• Increase speed and agility

  • Makes it easier for you to develop and deploy applications

• Stop spending money running and maintaining data centers

  • Focus less on managing infrastructure and servers and more on your applications and customers

• Go global in minutes

  • Enables you to quickly deploy applications to customers around the world, while providing them with low latency

AWS Global Infrastructure

globally distributed hardware and datacenters that are physically networked together to act as one large resource for the end customer

Regions

geographically distinct locations consisting of one or more Availability Zones

• generally has 3 Availability Zones

• not all AWS Services are available in all regions

• the cost of AWS services vary per region

four factors to consider when choosing a region:

1. What Regulatory Compliance does this region meet?

2. What is the cost of the AWS services in this region?

3. What AWS services are available in this region?

4. What is the distance or latency to my end-users?

Regional Services

AWS scopes their AWS Management Console on a selected Region.

This will determine where an AWS service will be launched and what will be seen within an AWS Service’s console

You generally don’t explicitly set the Region for a service at the time of creation

Global Services

Some AWS services operate across multiple regions and the region will be fixed to “Global”

Ex: Amazon S3, CloudFront, Rout53, IAM

Availability Zones

physical location made up of one or more datacenter

datacenter: a secured building that contains hundreds of thousands of computers

high availability → common practice is to run workloads in at least 3 AZs to ensure services remain available in case one or two data centers fail

a subnet is associated with an Availability Zone

all traffic within AZ’s are encrypted

Fault Domain / Failure Zone

a section of a network that is vulnerable to damage if a critical device or system fails.

the purpose of a gault domain is that if a failure occurs it will not cascade outside that domain, limiting the damage possible

AWS Region → Fault Level

AWS AZ → Fault Domain / Failure Zone

Points of Presence (PoP)

an intermediate location between an AWS Region and the end user, and this location could be a datacenter or collection of hardware

for AWS, PoP resources are edge locations and regional edge caches

Edge Locations

a site that Amazon CloudFront uses to store cached copies of your content closer to your customers for fast delivery

AWS Global Accelerator and AWS S3 Transfer Acceleration

• uses Edge locations as an on-ramp to quickly reach AWS resources in other regions by traversing the fast AWS Global Network

Amazon CloudFront (CDN)

• uses Edge locations as an off-ramp, to provide at the Edge storage and compute near the end user

Regional Edge Locations

datacenters that hold much larger caches of less popular files to reduce a full round trip and also to reduce the cost of transfer fees

Amazon CloudFront

a Content Delivery Network service:

• You point your website to CloudFront so that it will route requests to nearest Edge Location cache

• allows you to choose an origin (such as a web-server or storage) that will be source of cached

• caches the contents of what origin would returned to various Edge Locations around the world

Amazon S3 Transfer Acceleration

allows you to generate a special URL that can be used by end users to upload files to a nearby Edge Location. Once a file is uploaded to an Edge Location, it can move much faster within the AWS Network to reach S3

AWS Global Accelerator

can find the optimal path from the end user to your web-servers. Global Accelerator are deployed within Edge Locations so you send user traffic to an Edge Location instead of directly to your web-application

AWS Direct Connect

a dedicated gigabit connection from on-premise data center to AWS

a private/dedicated connection between your datacenter, office, co-location (data center where equipment, space, and bandwidth are available for rental to retail customers), and AWS

Direct Connect Locations - trusted partnered datacenters that you can establish a dedicated high speed, low-latency connection from your on-premise to AWS

Local Zones

datacenters located very close to a densely populated area to provide single-digit millisecond low latency performance for that area

Wavelength Zones

allows for edge-computing on 5G Networks

applications will have ultra-low latency being as close as possible to the users

High Availability

your ability for your service to remain available by ensuring there is no single point of failure and/or ensure a certain level of performance

Elastic Load Balancer

a load balancer allows you to evenly distribute traffic to multiple servers in one or more datacenters

if a datacenter or server becomes unavailable, the load balancer will route the traffic to only available datacenters with servers

High Scalability

your ability to increase your capacity based on the increasing demand of traffic, memory, and computing power

vertical scaling - scaling up - upgrade to a bigger server

horizontal scaling - scaling out - add more servers of the same size

High Elasticity

your ability to automatically increase or decrease your capacity based on the current demand of traffic, memory, and computing power

horizontal scaling - scaling in or out

Auto Scaling Groups - are an AWS feature that will automatically add or remove servers based on scaling rules you define

Fault Tolerance

your ability for your service to ensure there is no single point of failure, preventing the chance of failure

fail-overs is when you have a plan to shift traffic to a redundant system in case the primary system fails

common ex: having a copy (secondary) of your database where all ongoing changes are synced

RDS Multi-AZ - is when you run a duplicate standby database in another Availability Zone in case your primary database fails

High Durability

your ability to recover from a disaster and to prevent the loss of data solutions that recover from a disaster is known as Disaster Recovery

CloudEndure Disaster Recovery - continuously replicates your machines into a low-cost staging area in your target AWS account and preferred Region enabling fast and reliable recovery in case of IT data center failures

AWS API

an HTTP API you can interact with by sending HTTPS requests, using an application interacting with APIs like Postman

AWS Management Console

a web-based unified console used to build, manage, and monitor everything from simple web apps to complex cloud developments

point and click to manually launch and configure AWS resources with limited programming knowledge

Amazon Resource Name (ARNs)

uniquely identify AWS resources.

ARNs are required to specify a resource unambiguously across all of AWS

AWS Command Line Interface (CLI)

allows users to programmatically interact with the AWS API via entering single or multi-line commands into a shell or terminal

AWS Software Development Kit (SDK)

programmatically create, delete, or interact with AWS resources

offered in Java, Python, Node.js, Ruby, Go, .NET, PHP, JavaScript, C++

AWS CloudShell

a browser-based shell built into the AWS Management Console

AWS CloudFormation (CFN)

a infrastructure modeling and provisioning service that allows you to write Infrastructure as Code as either a JSON or YAML file

AWS Cloud Development Kit (CDK)

allows you to use a programming language to write Infrastructure as Code

included languages: TypeScript, NodeJS, Python, Java, ASP.NET

ensures idempotent of infrastructure, meaning managing states consistently

AWS ToolKit

an open-source plugin for VSCode to create, debug, deploy AWS resources

Access Key

a key and secret required to have programmatic access to AWS resources when interacting with the AWS API outside of the AWS Management Console

• never share your access keys

• access keys have whatever access a user has to AWS resources

AWS Documentation

a large collection of technical documentation on how to use AWS Services

Shared Responsibility Model

a cloud security framework that defines the security obligations of the customer versa AWS

AWS: hardware / global infrastructure, software

AWS is responsible for security OF the cloud

Customers: configuration of managed services or third-party software, configuration of virtual infrastructure and systems, security configuration of data

customers are responsible for security IN the cloud

Amazon EC2

a highly configurable server where you can choose an Amazon Machine Image (AMI) - a predefined configuration for a virtual machine

• the amount of CPUs

• the amount of memory (RAM)

• the amount of network bandwidth

• the operating system

Amazon LightSail

the managed virtual server service

“friendly” version of EC2 Virtual Machines

Elastic Container Service (ECS)

a container orchestration service that support Docker containers

launches a cluster of server(s) on EC2 instances with Docker installed

Elastic Container Registry (ECR)

a repository for container images.

an image just means a saved copy. a repository just means a storage that has version control

AWS Fargate

serverless orchestration container service.

you pay on-demand per running container, AWS manages the underlying server, so you don’t have yo scale or upgrade the EC2 server

Elastic Kubernetes Service (EKS)

a fully managed Kubernetes service.

AWS Lambda

a serverless functions service

you can run code without provisioning or managing servers

you upload small pieces of code, choose much memory and how long function is allowed to run before timing out. you are charged based on the runtime of the serverless function rounded to the nearest 100ms.

AWS Outposts

physical rack of servers that you can put in your data center

allows you to use AWS API and Services such as EC2 right in your datacenter

VMWare Cloud on AWS

allows you to manage on-premise virtual machines using VMWare as EC2 instances

AWS Batch

plans, schedules, and executes your batch computing workloads across the full range of AWS compute services, can utilize Spot Instance to save money

AWS Compute Optimizer

suggests how to reduce costs and improve performance by using machine learning to analyze your previous usage history

EC2 Autoscaling Groups (ASGs)

automatically adds or remove EC2 servers to meet the current demand of traffic. will save you money and meet capacity since you only run the amount of servers you need

AWS Elastic Beanstalk

easily deploying web-applications without developers having to worry about setting up and understanding the underlying AWS Services

• not recommend for “production” applications (for enterprise, larger companies)

EC2 Spot Instances, Reserved Instanced, and Savings Plan

ways to save on computing, by paying up in full or partially, by committing to a yearly contracts or by being flexible about availability and interruption to computing service

Elastic Block Store (EBS)

persistent block storage service

data is split into evenly split blocks

directly accessed by the Operating System

Supports only a single write volume

use case: when you need a virtual hard drive attached to a VM

AWS Elastic File Storage (EFS)

cloud-native NFS file system service

file is stored with data and metadata

multiple connections via a network share

supports multiple reads, writing locks the file

use case: when you need a file-share where multiple users or VMs need to access the same drive

Amazon Simple Storage Service (S3)

a serverless object storage service

object is stored with data, metadata, and unique ID

buckets hold objects

scales with limited no file limit or storage limit

supports multiple reads and writes (no locks)

use case: when you just want to upload files, and not have to worry about underlying infrastructure

S3 Standard (default)

Use cases: cloud applications, dynamic websites, content distribution, mobile and gaming applications, and big data analytics

99.99% Availability, 11 9’s Durability. Replicated across at least three AZs

S3 Intelligent Tiering

Use cases: data lakes, data analytics, new applications, and user-generated content

Uses ML to analyze object usage and determine the appropriate storage class. Data is moved to the most cost-effective access tier, without any performance impact or added overhead

S3 Standard-IA (Infrequent Access)

Use cases: long-term storage, backups, and data store for disaster recovery files

Cheaper if you access files less than once a month. Additional retrieval fee is applied. 50% less than Standard (reduced availability)

S3 One-Zone-IA

For data accessed less frequently but required rapid access when needed

Objects only exist in one AZ. Availability (is 99.5%). but cheaper than Standard IA by 20% less (Reduce durability) Data could get destroyed. A retrieval fee is applied

S3 Glacier

For long-term cold storage. Retrieval of data can take minutes to hours but the off is very cheap storage

S3 Glacier Deep Archive

Use case: Designed for customers that retain data sets for 7-10 years or longer to meet regulatory compliance requirements

The lowest cost storage class. Data retrieval time is 12 hours.

AWS Snow Family

storage and compute devices used to physically move data in or out the cloud when moving data over the internet or private connection it to slow, difficult, or costly

Snowcone: 8 TB (HHD), 14 TB (SSD)

Snowball Edge: storage optimized - 80 TB or 210 TB, compute optimized - 39.5 TB

Snowmobile: 100 PB of storage

Storage Gateway

a hybrid cloud storage service that extends your on-premise storage to cloud

file gateway - extends your local storage to AWS S3

volume gateway - caches your local drives to S3 so you have a continuous backup of local files in the cloud

tape gateway - stores files onto virtual tapes for backing up your files on very cost effective long term storage

AWS DynamoDB

a serverless NoSQL key/value and document database

designed to scale to billions of records with guaranteed consistent data return in at least a second.

when we want a massively scalable database

AWS DocumentDB

a NoSQL document database that is “MongoDB compatible”

when you want a MongoDB database.

Amazon Keyspaces

a fully managed Apache Cassandra database with some additional features

when you want use Apache Cassandra.

AWS Relational Database Service (RDS)

a relational database service that supports multiple SQL engines.

supports MySQL, MariaDB, Postgres, Oracle, Microsoft SQL Server, Aurora

RDS on VMware - allows you to deploy RDS supported engines to an on-premise data center

Amazon Aurora

a fully managed database of either MySQL or PostgreSQL

when you want a highly available, durable, scalable, and secure relational database for Postgres or MySQL

Aurora Serverless - the serverless on-demand version of Aurora

when you want most of the benefits of Aurora but can trade to have cold-starts or you don’t have lots of traffic demand.

Amazon Redshift

a petabyte-size data-warehouse

when you want to quickly generate analytics or reports from a large amount of data

Amazon ElastiCache

a managed database of the in-memory and caching open-source databases Redis or Memcached.

when you need to improve the performance of application by adding a caching layer in-front of web-server or database

Amazon Neptune

a managed graph database

when you need to understand the connections between data

Amazon Timestream

a fully managed time series database

when you need to measure how things change over time

Amazon Quantum Ledger Database

a fully managed ledger database that provides transparent, immutable, and cryptographically variable transaction logs

when you need to record history of financial activities that can be trusted

AWS Database Migration Service (DBS)

a database migration service. you can migrate from:

• on-premise database to AWS

• from two database in different or same AWS accounts using different SQL engines

• from a SQL to NoSQL database

AWS Virtual Private Network (VPN)

a secure and private tunnel from your network or device to the AWS global network

AWS PrivateLinks

keeps traffic within the AWS network and not traverse the internet to keep traffic secure

Amazon Virtual Private Cloud (VPC)

a logically isolated section of the AWS Network where you launch your AWS resources

Subnets

a logical partition of an IP network into multiple smaller network segments

you are breaking up your IP range for VPC into smaller networks

Public Subnet

one that can reach the internet

Private Subnet

one that cannot reach the internet

Network Access Control Lists (NACL)

act as a virtual firewall at the subnet level

you create Allow AND Deny rules

e.g. block a specific IP address known for abuse

Security Groups

Acts as a virtual firewall at the instance level

implicitly denies all traffic. you can ONLY create Allow rules

e.g. allow an EC2 instance access on port 22 for SSH

e.g. CANNOT block a single IP address

AWS Elastic Compute Cloud (EC2)

a highly configure virtual server/machine

resizable compute capacity

anything and everything on AWS uses EC2 Instance underneath

Steps: choose OS via AMI, choose Instance Type, add storage (EBS, EFS), configure instance

Instance Families

different combinations of CPU, Memory, Storage, and Networking capacity

allows you to choose the appropriate combination of capacity to meet your application’s unique requirements

different instance families are different because of the varying hardware used to give them their unique properties

General Purpose EC2 Instance Family

balance of compute, memory, and networking resource

use-cases: web servers and code repositories

Compute Optimized EC2 Instance Family

ideal for compute bound applications that benefit from high performance processor

use-cases: scientific modeling, dedicated gaming servers and ad server engines

Memory Optimized EC2 Instance Family

fast performance for workloads that process large data sets in memory

use-cases: in-memory caches, in-memory databases, real time big data analysis

Accelerated Optimized EC2 Instance Family

hardware accelerators or co-processors

use-cases: machine learning, computational finance, seismic analysis, speech recognition

Storage Optimized EC2 Instance Family

high, sequential read and write access to very large data sets on local storage

use-cases: NoSQL, in-memory or transactional databases, data warehousing

Instance Type

a particular instance size and instance family

sizes: nano, micro, small, medium, large, xlarge, 2xlarge, 4xlarge, 8xlarge

ex: t2.small

Dedicated Hosts

single-tenant EC2 instances designed to let you Bring-Your-Own-License based on machine characteristic (sockets, cores, hostID)

On-Demand EC2 Pricing

Default

Pay-As-You-Go model, where you consume compute and then you pay

• low cost and flexible

• only pay per hour or second

• short-term, spiky, unpredictable workloads

• cannot be interrupted

• for first time apps

• least commitment

Spot EC2 Pricing

AWS has unused compute capacity that they want to maximize the utility of their idle servers

Can be terminated if the computing capacity is needed by other On-Demand customers

• request spare computing capacity

• flexible start and end times

• can handle interruptions (server randomly stopping and starting)

• for non-critical background jobs

• biggest savings