AWS Cloud Practitioner Essentials (Second Edition) – Notes

Use the following notes to refresh your memory before the exam. The notes are not a replacement for the digital course.

Course Introduction

This course covers the following topics:

• Overview of AWS basics
• Introduction to some AWS core and integrated services
• Cloud architecture
• Some security features
• Pricing

Introduction to AWS Cloud

• Cloud computing: On-demand delivery of IT resources and applications via the internet.
• Cloud computing vs Datacenters:
  • With data centers: We need to be prepared for the worst-case scenario.
  • With cloud computing: We access all the resources via the internet, and we can scale up or down based on our actual needs in seconds.
• Cloud computing reduces risk by:
  • Decreasing the cost of change.
  • Reducing security risk. You can test often and respond to incidents quickly.
• Scalability: Ability to resize your resources as necessary.
• Agility factors:
  • Speed – AWS global reach facilitates it.
  • Experimentation – Low cost, low-risk experimentation.
  • Culture of innovation – You spend less time on infrastructure. AWS provides it to you.
• Elasticity: The power to scale computing resources up or down easily.
• Reliability: The ability of a system to recover from infrastructure or service failure.
• To achieve reliability
  • AWS data centers are hosted all over the world in AWS Regions.
  • Each region is a separate geographic area with multiple isolated locations, knows as Availability Zones.
  • Each availability zone consists of one or more data centers, each supported by redundant power and networking.
• Fault tolerance: The system can remain operational even if some of the components of the system fail. (without the need for human intervention)
• Security:
  • AWS customer retains complete ownership and control over their data.
  • AWS customer holds the encryption keys.
  • Regional compliance and data residency requirements are met.
  • Physical security.

Introduction to AWS Interfaces

• You can create and manage AWS resources in three unique ways:
  • AWS management console – Graphical interface. Can be accessed from a laptop or mobile app.
  • Command-line interface (CLI) – Language agnostic. Can be used in scripts.
  • Software development kits (SDKs) – Available in different programming languages. Enables you to access AWS resources from your application.
• All the above three ways manage the same resources.
• Resource groups: Collection of related resources you frequently use.
• Tag editor: Manage tags for resources. Tags are key-value pairs.
• Infrastructure as code: Your applications are enabled to manage your infrastructure.

AWS Core Services

AWS core services are:

• EC2 – Elastic Cloud Compute
• EBS – Elastic Block Store
• S3 – Simple Storeage Service
• VPC – Virtual Private Network

EC2

• Amazon EC2 instances are servers in cloud
• Pay as you go
• Select hardware/software
• Global hosting
• EC2 instance creation demo
  • Step 1 – Choose an Amazon Machine Image (AMI) – Software
  • Step 2 – Choose an Instance Type – Hardware
  • Step 3 – Configure Instance Details – Network
  • Step 4 – Add Storage
  • Step 5 – Add Tags
  • Step 6 – Configure Security Group
  • Step 7 – Review Instance Launch

EBS Volumes

AWS core services are:

• Choose SSD or HDD
• Replicated in the same AZ
• Backup using Snapshots
• Can be encrypted
• Elastic
• EBS volumes can be attached to EC2 instances (both should be in the same AZ)

S3

• Managed cloud storage service
• Low latency access over internet
• Secure
• Managed means: You don’t need to worry about provisioning for throughput or storage
• Objects inside Buckets
• Access S3 Objects over internet – https://bucket-name/aws-region-specific-endpoint/object-key
• Common use cases:
  • Store application common assets
  • Static web hosting
  • Backup & disaster recovery
  • Big data
• Demo – Create a bucket and sync files between local and S3

AWS Global Infrastructure

• Regions – Host two or more availability zones
• Availability Zones – Physically and logically separate
• Edge Locations – Content Delivery Network (CDN) Cloudfront

VPC

• A private, virtual network in the AWS Cloud
• Complete control of network configuration
• Several layers of security controls
• AWS services can be deployed to VPC
• Features
  • Builds upon high availabilty of AWS regions and AZs
  • Subnets
  • Route tables
  • Internet Gateway
  • NAT Gateway
  • Network Access Control LIsts (NACL)

Security Groups

• Built-in firewalls
• Filter traffic to or from instances
• Control access to instances through rules

AWS Integrated Services

• ALB – Application Load Balancer
• Auto Scaling
• Amazon Route 53
• RDS – Amazon Relational Database Services
• Lambda
• Elastic Beanstalk
• SNS – Amazon Simple Notification Service
• CloudWatch
• CloudFront
• CloudFormation

ALB

• One of the three types of Elastic Load Balancers – the other two are Classic LB and Network LB
• Enhanced features of ALB
  • Supported protocols
  • CloudWatch metrics
  • Access log
  • Health check
• Use cases
  • Route requests to different EC2 instances based on port
• ALB Concepts
  • Listener: A set of rules that checks requests protocol and port and routes them.
  • Target: A destination for traffic.
  • Target Group: One or more registered targets.
• Added features of ALB
  • Path routing: Forward requests to different target groups based on URL
  • Host-based routing: Forward requests to different target groups based on host name

Auto Scaling

• Auto-correct number of EC2 instances to handle the load
• Minimize cost while maintaining performance
• Scaling out: Adding more instances
• Scaling in: Terminating instances
• Autoscaling components:
  • Launch config (What – AMI, Security Group, Role)
  • Auto scaling group (Where – VPC, Minium, Maximum, Desired)
  • Auto scaling policy (When – Scheduled, Scale in/out Policies)

Route 53

• DNS service – public and private DNS names
• Purchase domain – Domain registration
• Hosted zone resolves DNS queries for the domain
• Create record sets in the DNS
• DNS resolution strategies
  • Simple routing
  • Geo-location
  • Failover
  • Weighted round robin
  • Latency based
  • Multi-value answer

RDS

• Managed meaning don’t worry about security, maintenance, OS, and database software patches, …
• DB instance class
  • CPU
  • Memory
  • Network performance
• DB instance storage
  • Magnetic
  • General purpose (SSD)
  • Provisioned IOPS
• Database types
  • MySQL
  • Amazon Aurora
  • Microsoft SQL Server
  • PostgreSQL
  • MariaDB
  • Oracle
• RDS DB instance is assigned a subnet (identifies AZ too)
• High availability with multi-AZ (replication)
• Read replicas
  • Supported for some of DB types
  • AWS syncs data between DB intance and read replica instances
  • Good for managing load on read-heavy DBs
  • Can be promoted to become master DB
  • Can be created in a different region

Lambda

• Run code without provisioning or managing servers
• Serverless compute
• Event-driven
• You only pay for the time the code runs
• Supports multiple programming languages
• Use cases
  • Automated backups
  • Processing objects uploaded to S3
  • Event driven log analysis
  • Event driven transformation
  • Internet of Things (IOT)
  • Operating serverless websites

Elastic Beanstalk

• Platform as a service
• Quick deployment of your applications
• Reduces management complexity, still you have control
• Supports a range of platforms (Go, .NET, Node.js, PHP, Ruby, …)
• Easy to deploy new versions of the application

SNS

• Managed publish/subscription messaging + mobile notifications
• Enables decoupled microservices communicate
• Subscribers can be:
  • Lambda
  • HTTP(S)
  • SQS
  • Mobile systems

CloudWatch

• AWS monitoring service
• Collect and track metrics
• Set alarms
• React to changes
• Components
  • Metrics: data about the performance of the systems
  • Alarms: watches a single metric and can invoke actions such as scaling in or out or sending messages
  • Events: Near real-time system events
  • Logs: Enables monitoring and troubleshooting systems
  • Dashboards: Customizable home pages in the CloudWatch console

CloudFront

• Content deliver network (CDN)
• Lower latency – high performance
• Cache content
• Use cases
  • Static asset caching
  • Security and DDOS protection
  • API acceleration
  • Live and on-demand video streaming
  • Software distribution

CloudFormation

• Automates resource provisioning
• Create, update and delete resources
• Input: template files, Output: the full stack in AWS
• Teamplates are in JSON or YAML
• Use parameters and conditions for more flexible templates (e.g development and production)
• If something goes wrong CloudFormation will roll back and deletes the resources it has created

Well-Architected Framework

• 5 Pillars
  • Security
  • Reliability
  • Performance Efficiency
  • Cost Optimization
  • Operational Excellence
• Security
  • Identity and access management (IAM)
  • Detective controls
  • Infrastructure protection
  • Data protection
  • Incident response
• Security Pillar – Design Principles
  • Implement security at all layers
  • Enable traceability
  • Apply principle of least priviledge
  • Focus on securing your system
  • Automate
• Reliability
  • Recover from issues/failures
  • Apply best practices in: Foundations, Change management, Failure management
  • Anticipate, respond, and prevent failures
• Reliability Pillar – Design Principles
  • Test recovery procudures
  • Automatically recover
  • Scale horizontally
  • Stop guessing capacity
  • Manage change in automation
• Performance Efficiency
  • Select customizable solutions
  • Review to continually inovate
  • Monitor AWS services
  • Consider the trade-offs
• Performance Efficiency Pillar – Design Principals
  • Democratize advanced technologies
  • Go global in minutes
  • Use a serverless architecture
  • Experiment more often
  • Have mechanical sympathy
• Cost Optimization
  • Use cost-effective resources
  • Matching supply with demand
  • Increase expenditure awareness
  • Optimize over time
• Cost Optimization Pillar – Design Principals
  • Adopt a consumption model
  • Measure overall efficiency
  • Reduce spending on data center operations
  • Analyze and attribute expenditure
  • Use managed services
• Operational Excellence
  • Manage and automate changes
  • Respond to events
  • Define the standards

Falut Tolerance and High Availability

• Fault tolerance is the ability of a system to remain operational
• Fault tolerance is achieved by built-in redundancy of an application’s components
• High availability
  • Systems are generally functioning and accessible
  • Downtime is minimized
  • Minimal human intervention is required
  • Minimal up-front financial investment
• High availability service tools
  • Elastic load balancers (ELB)
  • Elastic IP addresses: Mask failures
  • Route 53
  • Auto scaling
  • CloudWatch
• Fault tolerant tools
  • Simple Queue Service (SQS)
  • S3
  • RDS

Web Hosting

• Cost effective, on-demand scalable solution

Security

• Shared responsility model
  • Physical (AWS responsibility)
  • Network (AWS responsibility)
  • Hypervisor (AWS responsibility)
  • Guest OS (User responsibility)
  • Applications (User responsibility)
  • User data (User responsibility)
• Identity and access management (IAM)
  • User: Permanent named operator, either human or machine
  • Group: A collection of users
  • Role: Is not your permission, Is an authentication method, Temporary
  • Policy document: JSON document identifies permissions
  • Authentication with User, Group, Role
  • Authorization with Policy document
• Amazon inspector
  • Identiify application security issues
  • Accessing Amazon Inspector: Console, SDK, API, CLI (faster)
• AWS shield
  • Managed Distributed Denial of Service (DDoS)
  • DoS (Denial of Service) A deliberate attempt to make your website or application unavailable to users
  • DDoS Attacker uses multiple sources
  • AWS Shield Standard: automatic, any AWS resource, any region, always-on
  • AWS Shield Advanced: 24/7 access to specialized support
• Security compliance
  • Third-party audits
  • Legal/regulatory support
  • Compliance reports
  • Compliance approach
    • Risk management
    • Control environment
    • Information security

Pricing and Support

• Fundamentals of Pricing
  • Pay as you go
  • You pay only for the services you use
  • Reserved capacity is cheaper than on-demand
  • Pay upfront (partial or in full) for reserved and get discount
  • Cost fundamendals
    • Compute capacity
    • Storage
    • Outbound data transfer
  • Cost factors
  • Clock-second/hourly billing
  • Instance configuration
  • Purchase types
  • On-demand instances
  • Reserved instances
  • Spot instances
• Trusted Advisor
  • Provides best practices in four categories
    • Cost optimization
    • Performance
    • Security
    • Fault tolerance
• AWS support
  • Proactive guidance by Technical Account Manager (TAM)
  • Best practices by Trust Advisor
  • Account assistance by Support concierge (non-technical billing)
  • Support plants
    • Basic
    • Developer
    • Business
    • Enterprise

More

I’m sharing my experience in taking new certs on Twitter. Follow me and get some helpful tips 🙂