Preparation AWS Certified Cloud Practitioner (CLF-001)
Published:
AWS Certified Cloud Practitioner (CLF-001) is a certification for beginners who want to learn how to implement a solution in the AWS Cloud.
While preparing for the exam, I wrote the following list of concepts to know.
- AWS Acceptable Use Policy
Provides information regarding prohibited actions on the AWS infrastructure. - AWS Artifact
A self-service central repository of AWS security and compliance reports and select online agreements.
An audit artifact is a piece of evidence that demonstrates that an organization is following a documented process or meeting a specific requirement (business compliant). - Amazon Athena
Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. - Amazon Aurora
Aurora is a fully managed relational database engine that’s compatible with MySQL and PostgreSQL.
Replicate 6 copies of data across data 3 AZ. - AWS Consolidated Billing
helps generate a report based on linked accounts. - AWS Cost Explorer
The AWS Billing and Cost Management console includes the Cost Explorer tool for viewing AWS cost data as a graph. - AWS Data Pipeline
It is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises. - AWS EC2 Auto Scaling
Automatically scale the capacity of an AWS cloud resource based on the incoming traffic to improve availability and reduce failures. - AWS Budgets
It is the simplest way to monitor your AWS spending and be alerted when you exceed or are forecasted to exceed your desired spending limit. - AWS CLI
Use IAM Users Credentials - access key ID and secret access key - AWS CloudFormation Allows you to model your entire infrastructure in a template.
You can use JSON or YAML to describe what AWS resources you want to create and configure.
CloudFormation automates the provisioning and updating of your infrastructure in a safe and controlled manner.
AWS IAM access advisor uses data analysis to help you set permission guardrails confidently by providing service last accessed information for your accounts. - Amazon CloudFront
It is a content delivery network (CDN) operated by Amazon Web Services.
Content delivery networks provide a globally-distributed network of proxy servers that cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content.
It delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the user is routed to the edge location that provides the lowest latency, so that content is delivered with the best possible performance. - Amazon CloudWatch
The monitoring tool for your AWS resources and applications is for performance monitoring.
Display metrics and create alarms that watch the metrics and send notifications or automatically make changes to the resources you monitor when a threshold is breached.
It can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console.
AWS Auto Scaling and Simple Notification Service work in conjunction with CloudWatch.
Metrics are data about the performance of your systems. By default, many services provide free metrics for resources (such as Amazon EC2 instances, Amazon EBS volumes, and Amazon RDS DB instances). It is used to publish with Amazon Simple Notification Service. - Amazon CloudWatch Logs
It is a monitor, store, and access to your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, and Route 53. - AWS CloudTrail
Actions taken by a user, role, or an AWS service in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs are recorded as events.
CloudTrail focuses on auditing API activity.
Automatically detect unusual account activity.
View events in Event History , where you can view, search and download the past 90 days of activity in your AWS account. - AWS CodeDeploy
It fully automates your software deployments, allowing you to deploy reliably and rapidly. You can consistently deploy your application across your development, test, and production environments whether deploying to Amazon EC2, AWS Fargate, AWS Lambda, or your on-premises servers. - AWS Cognito
Lets you easily add user sign-up and sign-in and manage permissions for your mobile and web apps. - Amazon Comprehend
It is a natural-language processing (NLP) service that uses machine learning (ML) to uncover information in unstructured data and text. - AWS Config
It is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Provides a detailed view of the configuration of AWS resources in your AWS account. - AWS Database Migration Service
DMS is used to migrate databases to AWS quickly and security. - AWS Direct Connect This establishes a dedicated connection between their on-premises network and AWS VPC.
- Amazon DynamoDB
It is a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale without incurring downtime.
Designed to handle over 10 trillion requests per day. - Amazon Elastic Compute Cloud
EC2 allows renting virtual computers.
Enterprise applications, HPC, Big Data, and Analytics workloads (e.g. Hadoop, Spark)
Migrations from on-premises environments, including BYOL, Application modernization - AWS Elastic Beanstalk
It is an easy-to-use service for deploying and scaling web applications and services developed with Java, NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. - Amazon Elastic Container Service
ECS is manage Docker on a cluster. - Amazon Elastic Block Storage Volume
EBS is Block-level storage volumes for use with EC2 instances.
The virtual hard disk is in the cloud.
EBS volumes store data in a single AZ. - Amazon Elastic Load Balancers
Distribute network traffic to improve application scalability.
Service providing fault tolerance by distributing incoming traffic across multiple EC2 instances. - Amazon Elastic File System
EFS is a fully-managed file storage service that makes it easy to set up and scale file storage in the Amazon Cloud. Allows to connect hundreds or thousands of EC2 instances concurrently and using file-level NFS protocol.
EFS file systems store data across multiple AZ. - Amazon Elasticache
ElastiCache is a distributed in-memory cache environment in the AWS Cloud.
ElastiCache works with both the Redis and Memcached engines.
Scaling vertically requires downtime. - Amazon Elastic Network Interface
ENI is a logical networking component in a VPC that represents a virtual network card. - Amazon Elastic Transcoder
It is media transcoding in the cloud. It is designed to be a highly scalable, easy-to-use, and cost-effective way for developers and businesses to convert (or “transcode”) media files from their source format into versions that will playback on devices like smartphones, tablets, and PCs. - AWS Fargate
It is a technology for Amazon ECS that lets you run Docker containers without deploying or managing infrastructure. - AWS Glue
It is a serverless data integration service that makes data preparation simpler, faster, and cheaper. - AWS IAM
It is used to securely control individual and group access to AWS resources.
IAM can also be used to manage multi-factor authentication (MFA).
IAM is a global service. - Amazon Inspector
It is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities.
It has a fixed built-in library of best practices and rules.
Currently, it doesn’t support any custom rules beyond this default setting. - AWS Lambda
It is an event-driven service.
Serverless compute service that lets you run code without provisioning or managing servers.
No servers to manage, Continuous scaling, Cost optimized with millisecond metering, and Consistent performance at any scale. - Amazon Lightsail
It is an easy-to-use virtual private server (VPS) that offers simple management of cloud resources such as containers.
Simple web applications, Websites, including custom code, WordPress, eCommerce, Single-server business software, and Dev/Test environments. - Amazon Machine Image
AMI is a special type of virtual appliance that is used to create a virtual machine within AWS. - Amazon Macie
It is a fully managed data security and data privacy that uses machine learning and pattern matching to discover and protect your sensitive data in Amazon S3. - AWS Managed VPN
This can be used to quickly connect from an office to an Amazon VPC. - AWS Markertplace
This provides a new sales channel for ISVs and Consulting Partners to sell their solutions to AWS customers. - Amazon MQ
It is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers on AWS. - Amazon Neptune
Build and run graph applications with highly connected datasets - AWS OpsWorks
A configuration management service that helps you configure and operate applications in a cloud enterprise by using Puppet or Chef.
AWS OpsWorks Stacks and AWS OpsWorks for Chef Automate (1 and 2) let you use Chef cookbooks and solutions for configuration management, while OpsWorks for Puppet Enterprise lets you configure a Puppet Enterprise master server in AWS.
With AWS OpsWorks, you can automate how nodes are configured, deployed, and managed, whether they are Amazon EC2 instances or on-premises devices - AWS Organizations
This helps you quickly scale your environment by allowing you to programmatically create new AWS accounts.
Simply management for multiple AWS accounts.
Volume pricing discounts can be applied across resources in multiple accounts. - AWS Outposts
It is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises.
By providing local access to AWS managed infrastructure, AWS Outposts enables customers to build and run applications on-premises using the same programming interfaces as in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs. - AWS Personal Health Dashboard
It is a personalized view of the health status of each AWS service that you currently have. It also provides an alert when your resources are impacted by an AWS-initiated activity. - AWS Professional Services
It is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. - Amazon Redshift
A fully managed, petabyte-scale data warehouse service.
Redshift extends data warehouse queries to your data lake. You can run analytic queries against petabytes of data stored locally in Redshift, and directly against exabytes of data stored in S3.
RedShift is an OLAP type of DB. - Amazon Rekognition
It makes it easy to add image and video analysis to your applications.
Amazon Rekognition is based on the same proven, highly scalable, deep learning technology developed by Amazon’s computer vision scientists to analyze billions of images and videos daily. - Amazon Relational Database Service
RDS is Industry-standard relational database.
RDS manages backups, software patching, automatic failure detection, and recovery.
Scaling vertically requires downtime.
Offer to backup with DB snapshots and Automated backup.
You can have automated backups performed when you need them or manually create your backup snapshot. You can use these backups to restore a database.
Supports Aurora, MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server.
Purchasing options: On-Demand Instances or Reserved Instances. - Amazon Route 53
It is a scalable and highly available Domain Name System (DNS) service - Amazon SageMaker
It is a fully managed machine learning service.
Build, train, and deploy machine learning (ML) models for any use case with fully managed infrastructure, tools, and workflows - Amazon Simple Storage Service
S3 stores data as objects within buckets.
An object consists of a file and optionally any metadata that describes that file.
A key is a unique identifier for an object within a bucket.
Storage capacity is virtually unlimited.
Designed for frequently accessed data.
Store data in a minimum of 3 AZ. - Amazon S3 Standard-IA
Designed for infrequently accessed data.
With S3 Standard has a lower storage price and higher retrieval price. - Amazon S3 Glacier
It is a storage class that is purpose-built for data archiving, providing you with the highest performance, most retrieval flexibility, and the lowest cost of archive storage in the cloud.
All S3 Glacier storage classes provide virtually unlimited scalability and are designed for 99.999999999% (11 nines) of data durability.
Able to retrieve objects within a few minutes to hours - AWS S3 Glacier Deep Archive
It is an AWS storage solution designed to archive data that will rarely be ever accessed.
Able to retrieve objects within 12 hours. - AWS S3 Intelligent-Tiering
Ideal for data with unknown or changing access patterns.
Requires a small monthly monitoring and automation fee per object. - AWS S3 One Zone-IA (Infrequent Access)
AWS S3 One Zone-IA is for data that is accessed less frequently but requires rapid access when needed.
Stores data in a single AZ.
It is ideal for customers who want a lower-cost option for infrequently accessed data but do not require availability and resilience.
Good choice for secondary backup copies of on-premises data. - Amazon S3 Transfer Acceleration
It is a bucket-level feature that enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. - Amazon CloudSearch
Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application. - AWS Shield
It protects from DDoS attack
Protect Amazon Route 53, CloudFront, EC2 instances, and ELB. - AWS Simple Monthly Calculator (old service) estimate charges for AWS services.
- AWS Snowball
Transfer hundreds of TB to PT data from on-prem to AWS. - Amazon Simple Queue Service
SQS is a web service that gives you access to message queues that store messages waiting to be processed.
It is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. - AWS Systems Manager
Provides an operations console and APIs for centralized application and resource management in hybrid environments.
It provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. - Amazon Simple Notification Service
SNS is fully managed pub/sub messaging, SMS, email, and mobile push notifications.
It is used for building and integrating loosely coupled distributed applications. - Amazon Spot instance
A Spot Instance is an instance that uses spare EC2 capacity that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price. - AWS Storage Gateway is Cloud + On-Premises
It is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. - Amazon Simple Workflow Service
SWF makes it easy to build applications.
In Amazon SWF, a task represents a logical unit of work that is performed by a component of your workflow. - AWS Transit Gateway
It is a network transit hub that you can use to interconnect your VPCs and on-premises networks to a single gateway. - AWS Trusted Advisor
Analyzes your AWS environment and provides best practice recommendations in five categories:
Cost optimization, performance, security & fault tolerance, and Service limits. - Amazon VPC
Create a virtual network in the cloud dedicated to your AWS account where you can launch AWS resources.
Amazon VPC is the networking layer of Amazon EC2.
A VPC spans all the Availability Zones in the region. After creating a VPC, you can add one or more subnets in each Availability Zone. - AWS WAF
WAF integrates well with AWS CloudWatch allowing you to monitor set metrics for the service.
Metrics are reported in 1-minute intervals by default. - AWS Whitepaper
This describes best practices for creating scalable and secure network architectures in a large network using AWS services. - Amazon Workspaces
It is a fully managed desktop virtualization service - AWS X-Ray
Analyze and debug production and distributed applications. - Availability Zone
AZ is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. - Endpoint
It is a URL that is the entry point for a web service. - Elastic IP address
It is a static IPv4 address designed for dynamic cloud computing.
It is associated with your AWS account. - Enterprise-level Support customers have additional features:
- Application architecture guidance
- Infrastructure event management
- AWS Concierge
- Technical account manager
- white-glove case routing
Questions related to billing can be directed to the AWS Concierge, for AWS Enterprise Accounts.
- Object Lifecycle Management
This can be used with objects so that they are stored cost-effectively throughout their lifecycle.
Objects can be transitioned to another storage class or expired. - Reliability Pillar includes
- Automatically recover from failure
- Test recovery procedures
- Scale horizontally to increase aggregate workload availability
- Stop guessing capacity ( Maintain Redundancy )
- Manage change in automation
- Reserved Instance
RIs provide you with a significant discount (Standard RIs are up to 75% off On-Demand ) compared to On-Demand instance pricing.
You have the flexibility to charge families, OS types, and tenancies while benefitting from RI pricing when you use Conrtigle RIs.
Convertible RIs, provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of RI.
Scheduled RIs, are available to launch within the time windows you reserve. - Security Group Acts as a virtual firewall that controls the traffic for one or more instances.
It is an instance-level firewall that can be used to control traffic that reaches your EC2 instances. Create different security groups to deal with instances that have different security requirements.
You can add rules to each security group that allows traffic to or from its associated instances.
You can modify the rules for a security group at any time.
New rules are automatically applied to all instances associated with the security group.
Evaluates all the rules from all the security groups that are associated with an instance to decide whether to allow traffic or not.
By default, security groups allow all outbound traffic.
Security group rules are always permissive; you can’t create rules that deny access.
Security groups are stateful meaning that if traffic is allowed in one direction, the return traffic is automatically allowed regardless of whether there is a matching rule for the traffic. - Security Pillar
- Principle of least privilege for last time
- Security in Depth ( Apply security in all layers )
- Protect Data at Rest
- Protect Data in Transit
- Detect Threats: Actively monitor for security issues
- Total Cost of Ownership
TCO compares cost of running applications in AWS vs On-Premise.