AWS Certified Cloud Practitioner (CLF-001) is a certification for beginners who want to learn how to implement a solution in the AWS Cloud. While preparing for the exam, I wrote the following list of concepts to know.
AWS Acceptable Use Policy Provides information regarding prohibited actions on the AWS infrastructure.
Amazon Athena Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL.
Amazon Aurora Aurora is a fully managed relational database engine that’s compatible with MySQL and PostgreSQL. Replicate 6 copies of data across data 3 AZ.
AWS Consolidated Billing helps generate a report based on linked accounts.
AWS Cost Explorer The AWS Billing and Cost Management console includes the Cost Explorer tool for viewing AWS cost data as a graph.
AWS Data Pipeline It is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises.
AWS Budgets It is the simplest way to monitor your AWS spending and be alerted when you exceed or are forecasted to exceed your desired spending limit.
AWS CLI Use IAM Users Credentials - access key ID and secret access key
AWS CloudFormation Allows you to model your entire infrastructure in a template. You can use JSON or YAML to describe what AWS resources you want to create and configure. CloudFormation automates the provisioning and updating of your infrastructure in a safe and controlled manner. AWS IAM access advisor uses data analysis to help you set permission guardrails confidently by providing service last accessed information for your accounts.
Amazon CloudFront It is a content delivery network (CDN) operated by Amazon Web Services. Content delivery networks provide a globally-distributed network of proxy servers that cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content. It delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the user is routed to the edge location that provides the lowest latency, so that content is delivered with the best possible performance.
Amazon CloudWatch The monitoring tool for your AWS resources and applications is for performance monitoring. Display metrics and create alarms that watch the metrics and send notifications or automatically make changes to the resources you monitor when a threshold is breached. It can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console. AWS Auto Scaling and Simple Notification Service work in conjunction with CloudWatch. Metrics are data about the performance of your systems. By default, many services provide free metrics for resources (such as Amazon EC2 instances, Amazon EBS volumes, and Amazon RDS DB instances). It is used to publish with Amazon Simple Notification Service.
Amazon CloudWatch Logs It is a monitor, store, and access to your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, and Route 53.
AWS CodeDeploy It fully automates your software deployments, allowing you to deploy reliably and rapidly. You can consistently deploy your application across your development, test, and production environments whether deploying to Amazon EC2, AWS Fargate, AWS Lambda, or your on-premises servers.
AWS Cognito Lets you easily add user sign-up and sign-in and manage permissions for your mobile and web apps.
Amazon Comprehend It is a natural-language processing (NLP) service that uses machine learning (ML) to uncover information in unstructured data and text.
AWS Config It is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Provides a detailed view of the configuration of AWS resources in your AWS account.
AWS Database Migration Service DMS is used to migrate databases to AWS quickly and security.
AWS Direct Connect This establishes a dedicated connection between their on-premises network and AWS VPC.
Amazon DynamoDB It is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale without incurring downtime. Designed to handle over 10 trillion requests per day.
Amazon Elastic Compute Cloud EC2 allows renting virtual computers. Enterprise applications, HPC, Big Data, and Analytics workloads (e.g. Hadoop, Spark) Migrations from on-premises environments, including BYOL, Application modernization
AWS Elastic Beanstalk It is an easy-to-use service for deploying and scaling web applications and services developed with Java, NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
Amazon Elastic Container Service ECS is manage Docker on a cluster.
Amazon Elastic Block Storage Volume EBS is Block-level storage volumes for use with EC2 instances. The virtual hard disk is in the cloud. EBS volumes store data in a single AZ.
Amazon Elastic Load Balancers Distribute network traffic to improve application scalability. Service providing fault tolerance by distributing incoming traffic across multiple EC2 instances.
Amazon Elastic File System EFS is a fully-managed file storage service that makes it easy to set up and scale file storage in the Amazon Cloud. Allows to connect hundreds or thousands of EC2 instances concurrently and using file-level NFS protocol. EFS file systems store data across multiple AZ.
Amazon Elastic Network Interface ENI is a logical networking component in a VPC that represents a virtual network card.
Amazon Elastic Transcoder It is media transcoding in the cloud. It is designed to be a highly scalable, easy-to-use, and cost-effective way for developers and businesses to convert (or “transcode”) media files from their source format into versions that will playback on devices like smartphones, tablets, and PCs.
AWS Fargate It is a technology for Amazon ECS that lets you run Docker containers without deploying or managing infrastructure.
AWS Glue It is a serverless data integration service that makes data preparation simpler, faster, and cheaper.
AWS IAM It is used to securely control individual and group access to AWS resources. IAM can also be used to manage multi-factor authentication (MFA). IAM is a global service.
Amazon Inspector It is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities. It has a fixed built-in library of best practices and rules. Currently, it doesn’t support any custom rules beyond this default setting.
AWS Lambda It is an event-driven service. Serverless compute service that lets you run code without provisioning or managing servers. No servers to manage, Continuous scaling, Cost optimized with millisecond metering, and Consistent performance at any scale.
Amazon Lightsail It is an easy-to-use virtual private server (VPS) that offers simple management of cloud resources such as containers. Simple web applications, Websites, including custom code, WordPress, eCommerce, Single-server business software, and Dev/Test environments.
Amazon Machine Image AMI is a special type of virtual appliance that is used to create a virtual machine within AWS.
Amazon Macie It is a fully managed data security and data privacy that uses machine learning and pattern matching to discover and protect your sensitive data in Amazon S3.
AWS Managed VPN This can be used to quickly connect from an office to an Amazon VPC.
AWS Markertplace This provides a new sales channel for ISVs and Consulting Partners to sell their solutions to AWS customers.
Amazon MQ It is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers on AWS.
Amazon Neptune Build and run graph applications with highly connected datasets
AWS Organizations This helps you quickly scale your environment by allowing you to programmatically create new AWS accounts. Simply management for multiple AWS accounts. Volume pricing discounts can be applied across resources in multiple accounts.
AWS Outposts It is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises. By providing local access to AWS managed infrastructure, AWS Outposts enables customers to build and run applications on-premises using the same programming interfaces as in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs.
Amazon Rekognition It makes it easy to add image and video analysis to your applications. Amazon Rekognition is based on the same proven, highly scalable, deep learning technology developed by Amazon’s computer vision scientists to analyze billions of images and videos daily.
Amazon Route 53 It is a scalable and highly available Domain Name System (DNS) service
Amazon SageMaker It is a fully managed machine learning service. Build, train, and deploy machine learning (ML) models for any use case with fully managed infrastructure, tools, and workflows
Amazon Simple Storage Service S3 stores data as objects within buckets. An object consists of a file and optionally any metadata that describes that file. A key is a unique identifier for an object within a bucket. Storage capacity is virtually unlimited. Designed for frequently accessed data. Store data in a minimum of 3 AZ.
Amazon S3 Standard-IA Designed for infrequently accessed data. With S3 Standard has a lower storage price and higher retrieval price.
Amazon S3 Glacier It is a storage class that is purpose-built for data archiving, providing you with the highest performance, most retrieval flexibility, and the lowest cost of archive storage in the cloud. All S3 Glacier storage classes provide virtually unlimited scalability and are designed for 99.999999999% (11 nines) of data durability. Able to retrieve objects within a few minutes to hours
AWS S3 Glacier Deep Archive It is an AWS storage solution designed to archive data that will rarely be ever accessed. Able to retrieve objects within 12 hours.
AWS S3 Intelligent-Tiering Ideal for data with unknown or changing access patterns. Requires a small monthly monitoring and automation fee per object.
AWS S3 One Zone-IA (Infrequent Access) AWS S3 One Zone-IA is for data that is accessed less frequently but requires rapid access when needed. Stores data in a single AZ. It is ideal for customers who want a lower-cost option for infrequently accessed data but do not require availability and resilience. Good choice for secondary backup copies of on-premises data.
Amazon S3 Transfer Acceleration It is a bucket-level feature that enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
Amazon CloudSearch Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.
AWS Shield It protects from DDoS attack Protect Amazon Route 53, CloudFront, EC2 instances, and ELB.
AWS Snowball Transfer hundreds of TB to PT data from on-prem to AWS.
Amazon Simple Queue Service SQS is a web service that gives you access to message queues that store messages waiting to be processed. It is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
AWS Systems Manager Provides an operations console and APIs for centralized application and resource management in hybrid environments. It provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
Amazon Simple Notification Service SNS is fully managed pub/sub messaging, SMS, email, and mobile push notifications. It is used for building and integrating loosely coupled distributed applications.
Amazon Spot instance A Spot Instance is an instance that uses spare EC2 capacity that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price.
AWS Storage Gateway is Cloud + On-Premises It is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.
Amazon Simple Workflow Service SWF makes it easy to build applications. In Amazon SWF, a task represents a logical unit of work that is performed by a component of your workflow.
AWS Transit Gateway It is a network transit hub that you can use to interconnect your VPCs and on-premises networks to a single gateway.
AWS WAF WAF integrates well with AWS CloudWatch allowing you to monitor set metrics for the service. Metrics are reported in 1-minute intervals by default.
AWS Whitepaper This describes best practices for creating scalable and secure network architectures in a large network using AWS services.
Amazon Workspaces It is a fully managed desktop virtualization service
AWS X-Ray Analyze and debug production and distributed applications.
Availability Zone AZ is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region.
Endpoint It is a URL that is the entry point for a web service.
Elastic IP address It is a static IPv4 address designed for dynamic cloud computing. It is associated with your AWS account.
Enterprise-level Support customers have additional features:
Application architecture guidance
Infrastructure event management
AWS Concierge
Technical account manager
white-glove case routing Questions related to billing can be directed to the AWS Concierge, for AWS Enterprise Accounts.
Object Lifecycle Management This can be used with objects so that they are stored cost-effectively throughout their lifecycle. Objects can be transitioned to another storage class or expired.
Reliability Pillar includes
Automatically recover from failure
Test recovery procedures
Scale horizontally to increase aggregate workload availability
Stop guessing capacity ( Maintain Redundancy )
Manage change in automation
Reserved Instance RIs provide you with a significant discount (Standard RIs are up to 75% off On-Demand ) compared to On-Demand instance pricing. You have the flexibility to charge families, OS types, and tenancies while benefitting from RI pricing when you use Conrtigle RIs. Convertible RIs, provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of RI. Scheduled RIs, are available to launch within the time windows you reserve.
Security Group Acts as a virtual firewall that controls the traffic for one or more instances. It is an instance-level firewall that can be used to control traffic that reaches your EC2 instances. Create different security groups to deal with instances that have different security requirements. You can add rules to each security group that allows traffic to or from its associated instances. You can modify the rules for a security group at any time. New rules are automatically applied to all instances associated with the security group. Evaluates all the rules from all the security groups that are associated with an instance to decide whether to allow traffic or not. By default, security groups allow all outbound traffic. Security group rules are always permissive; you can’t create rules that deny access. Security groups are stateful meaning that if traffic is allowed in one direction, the return traffic is automatically allowed regardless of whether there is a matching rule for the traffic.
Security Pillar
Principle of least privilege for last time
Security in Depth ( Apply security in all layers )
Protect Data at Rest
Protect Data in Transit
Detect Threats: Actively monitor for security issues
Total Cost of Ownership TCO compares cost of running applications in AWS vs On-Premise.