AWS Cloud Practitioner Online Training

Understand the structural components of AWS Cloud. Regions are countries or one part of a country where AWS has their physical data centers. The data centers themselves are the Availability Zones. Local Zones are limited service datacenters set up in areas with high demand for local availability of AWS services. Edge locations are part of a global content delivery network, making content available near to the consumer. Outposts are AWS private cloud setups for businesses at their own premises. 

EC2 is Virtual Machine hosting option in AWS. ECS is for Containers, EKS is Kubernetes on AWS and Elastic Beanstalk is kind of a PaaS solution to host application codes for the platforms supported by it.  

There are three types of storage in a typical datacenter, SAN, NAS and SMB. AWS has each type available as a service. SAN equivalent is EBS, NAS equivalent is EFS, and SMB equivalent is FSx. On top of it, AWS has the new age storage type called Object Storage in form of S3.

AWS storage can be presented to on-prem servers on familiar interfaces of file storage, block storage and Virtual Tape Library. The software system making this possible are called the storage gateways for File, Block and Tape respectively.

Creating your own network architecture in AWS is done using VPCs. Subnets allow one to define custom network IP ranges on AWS. VPN setups allow one to connect on-prem subnets with VPC subnets. Bastion Hosts allow remote users to login into a public instance having access to private network on AWS. VPC peering allows services within separate VPCs to be connected. VPC endpoints & PrivateLink allow components hosted inside VPC to connect to external services without going over the internet. 

Public VM to access Private Network used to be called as NAT Instances. AWS then started providing a similar service called NAT gateway. For public network instances to connect to internet, Internet Gateway is added into the network. Transit Gatway helps in multiple VPC’s to be connected together

Instance level firewall is implemented as Security Groups whereas Network level firewall is implemented as Network Access Control Lists (NACL).

While normally, an instance loses a public IP if the instance is stopped and started subsequently, having an Elastic IP ensures that the instance continues to have the same public IP even after a stop/start. ENI is the virtual network interface on an instance, while ENA is the high speed version of it. EFA is an alternative to ENA, built for High Performance Computing (HPC).

Route 53 is AWS’s DNS service. CloudFront is AWS’s Content Delivery Network. Global Accelerator is AWS’s WAN being available to users to leverage than to connect to AWS services over internet. Direct Connect allows corporate network to be connected to a nearby Data Center which in turn is connected to AWS over WAN.

Application load balancer works on OSI Layer 7, Network Load Balancer works on OSI Layer 4. Classic Load Balancer works on both Layer 7 and Layer 4, but is considered to be predecessor of ALB, NLB. Gateway LB works at Layer 3 for AWS hosted virtual appliances. Autoscaling can be implemented with load balancers. 

AWS provides managed database services where installing and maintaining database is taken care of by AWS while customer gets to use it. RDS provides traditional databases in this managed service. Aurora provides high performance custom databases compatible to PostGreSQL and MySQL. And redshift provides data warehousing capabilities.

AWS has NoSQL databases for unstructured data. DynamoDB is the high performance native NoSQL DB of AWS. DocumentDB is custom but mongodb compatible NoSQL DB service from AWS.

Some databases run in memory for better performance

Identity, Authentication and Authorization management

Security services for perimeter protection

Services that help one in tracking, audition, troubleshooting security issues

Define the AWS Cloud and its value proposition
Define the benefits of the AWS cloud including:
o Security
o Reliability
o High Availability
o Elasticity
o Agility
o Pay-as-you go pricing
o Scalability
o Global Reach
o Economy of scale
Explain how the AWS cloud allows users to focus on business value
o Shifting technical resources to revenue-generating activities as opposed to managing
infrastructure
Identify aspects of AWS Cloud economics
Define items that would be part of a Total Cost of Ownership proposal
o Understand the role of operational expenses (OpEx)
o Understand the role of capital expenses (CapEx)
o Understand labor costs associated with on-premises operations
o Understand the impact of software licensing costs when moving to the cloud
Identify which operations will reduce costs by moving to the cloud
o Right-sized infrastructure
o Benefits of automation
o Reduce compliance scope (for example, reporting)
o Managed services (for example, RDS, ECS, EKS, DynamoDB)
Explain the different cloud architecture design principles
Explain the design principles
o Design for failure
o Decouple components versus monolithic architecture
o Implement elasticity in the cloud versus on-premises
o Think parallel

Define the AWS shared responsibility model
Recognize the elements of the Shared Responsibility Model
Describe the customer’s responsibly on AWS
o Describe how the customer’s responsibilities may shift depending on the service used
(for example with RDS, Lambda, or EC2)
Describe AWS responsibilities

Define AWS Cloud security and compliance concepts
Identify where to find AWS compliance information
o Locations of lists of recognized available compliance controls (for example, HIPPA,
SOCs)
o Recognize that compliance requirements vary among AWS services
At a high level, describe how customers achieve compliance on AWS
o Identify different encryption options on AWS (for example, In transit, At rest)
Describe who enables encryption on AWS for a given service
Recognize there are services that will aid in auditing and reporting
o Recognize that logs exist for auditing and monitoring (do not have to understand the
logs)
o Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
Explain the concept of least privileged access

Identify AWS access management capabilities
Understand the purpose of User and Identity Management
o Access keys and password policies (rotation, complexity)
o Multi-Factor Authentication (MFA)
o AWS Identity and Access Management (IAM)
• Groups/users
• Roles
• Policies, managed policies compared to custom policies
o Tasks that require use of root accounts
Protection of root accounts

Identify resources for security support
Recognize there are different network security capabilities
o Native AWS services (for example, security groups, Network ACLs, AWS WAF)
o 3
rd party security products from the AWS Marketplace
Recognize there is documentation and where to find it (for example, best practices,
whitepapers, official documents)
o AWS Knowledge Center, Security Center, security forum, and security blogs
o Partner Systems Integrators
Know that security checks are a component of AWS Trusted Advisor

Define methods of deploying and operating in the AWS Cloud
Identify at a high level different ways of provisioning and operating in the AWS cloud
o Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as
Code
Identify different types of cloud deployment models
o All in with cloud/cloud native
o Hybrid
o On-premises
Identify connectivity options
o VPN
o AWS Direct Connect
o Public internet

Define the AWS global infrastructure
Describe the relationships among Regions, Availability Zones, and Edge Locations
Describe how to achieve high availability through the use of multiple Availability Zones
o Recall that high availability is achieved by using multiple Availability Zones
o Recognize that Availability Zones do not share single points of failure
Describe when to consider the use of multiple AWS Regions
o Disaster recovery/business continuity
o Low latency for end-users
o Data sovereignty
Describe at a high level the benefits of Edge Locations
o Amazon CloudFront
o AWS Global Accelerator

Identify the core AWS services
Describe the categories of services on AWS (compute, storage, network, database)
Identify AWS compute services
o Recognize there are different compute families
o Recognize the different services that provide compute (for example, AWS Lambda
compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)
o Recognize that elasticity is achieved through Auto Scaling
o Identify the purpose of load balancers
Identify different AWS storage services
o Describe Amazon S3
o Describe Amazon Elastic Block Store (Amazon EBS)
o Describe Amazon S3 Glacier
o Describe AWS Snowball
o Describe Amazon Elastic File System (Amazon EFS)
o Describe AWS Storage Gateway
Identify AWS networking services
o Identify VPC
o Identify security groups
o Identify the purpose of Amazon Route 53
o Identify VPN, AWS Direct Connect
Identify different AWS database services
o Install databases on Amazon EC2 compared to AWS managed databases

o Identify Amazon RDS
o Identify Amazon DynamoDB
o Identify Amazon Redshift

Identify resources for technology support
Recognize there is documentation (best practices, whitepapers, AWS Knowledge Center,
forums, blogs)
Identify the various levels and scope of AWS support
o AWS Abuse
o AWS support cases
o Premium support
o Technical Account Managers
Recognize there is a partner network (marketplace, third-party) including Independent
Software Vendors and System Integrators
Identify sources of AWS technical assistance and knowledge including professional services,
solution architects, training and certification, and the Amazon Partner Network
Identify the benefits of using AWS Trusted Advisor

Compare and contrast the various pricing models for AWS (for example, On-Demand Instances,
Reserved Instances, and Spot Instance pricing)
Identify scenarios/best fit for On-Demand Instance pricing
Identify scenarios/best fit for Reserved-Instance pricing
o Describe Reserved-Instances flexibility
o Describe Reserved-Instances behavior in AWS Organizations
Identify scenarios/best fit for Spot Instance pricing

Recognize the various account structures in relation to AWS billing and pricing
Recognize that consolidated billing is a feature of AWS Organizations
Identify how multiple accounts aid in allocating costs across departments
4.3 Identify resources available for billing support
Identify ways to get billing support and information
o Cost Explorer, AWS Cost and Usage Report, Amazon QuickSight, third-party partners,
and AWS Marketplace tools
o Open a billing support case
o The role of the Concierge for AWS Enterprise Support Plan customers
Identify where to find pricing information on AWS services
o AWS Simple Monthly Calculator
o AWS Services product pages
o AWS Pricing API
Recognize that alarms/alerts exist
Identify how tags are used in cost allocation

Attempt a Mock Exam to prepare for actual certification