AWS Cloud Practitioner Exam Notes
- Jacinth Paul
- 3 days ago
- 22 min read
Cloud Computing - On demand' delivery of IT resources' over the internet' with pay as you' go pricing.
Cloud deployment types - You can deploy cloud resources in multiple ways: cloud, on-premises, and hybrid.
Cloud Benefits
Trade fixed expense for variable expense
Massive economies of scale
Stop guessing capacity
Increase speed and agility
Stop spending money to maintain and run data centers
Go global in minutes
AWS Global Infrastructure
High availability - Applications stay accessible with minimum downtime
Fault tolerance - Continue to operate even when multiple components fail. (Build resilience into even layer so that no one component breaks down the whole system)
AWS Regions are physical locations around the world that contain groups of data centers called availability zones.
An Availability Zone consists of one or more data centers with redundant power, networking, and connectivity.
It's recommended to distribute your resources across multiple AZs.
---------------
The AWS Shared Responsibility Model is a concept designed to help AWS and customers work together to create a secure, functional cloud environment.
AWS responsible for security of the cloud. Customer responsible for security in the cloud.
AWS Compute
Compute refers to the processing power needed to run applications, manage data, and perform calculations
Amazon EC2 (Elastic Compute Cloud) - VMs sharing underlying hardware (multi tenancy)
Launching an EC2 → Select the AMI to define the OS and additional SW. Also choose the instance type with hardware resources.
Select the Amazon Machine Image (AMI), Instance type and Storage
Connecting to EC2 → SSH for Linux and Remote Desktop Protocol (RDP) for Windows instances. Also AWS Systems Manager offer a secure and simplified method for accessing instances.
Multi-tenancy: Each virtual machine is isolated but shares resources from a host machine.
EC2 instance types: General Purpose, Compute optimized, memory optimized, storage optimized and Accelerated computing.
Memory optimized instances are designed for high-memory workloads - best choice for real-time analytics.
In AWS, tasks such as launching an EC2 instance, stopping an instance, or modifying instance settings are done through API requests.
AWS Management console - Browser based.
AWS Command lin interface , CLI - Using the terminal (cloudshell) and commands
AWS Spftware development Kit, SDK - Interact through programming languages
An unmanaged service like Amazon EC2 requires you to perform all of the necessary security configuration and management tasks.
AMIs are pre-built virtual machine images that have the basic components for what is needed to start an instance.
An AMI includes the operating system, storage setup, architecture type, permissions for launching, and any extra software that is already installed.
AMIs provide repeatability through a consistent environment for every new instance.
EC2 Pricing options - On demand, savings plans (commitment for 1 or 3 years, 70% savings), reserve instances, spot instances (90%savings, but AWS can take whenever needed), dedicated hosts (for security sensitive or licensing specific. Dedicated servers), dedicated instances (dedicated hardware, isolates other aw customers)
Dedicated Hosts offer exclusive use of a server with full control, whereas Dedicated Instances provide isolation without server control.
-------------
Scalability helps you manage fluctuating demand by adjusting compute capacity.
Scalability refers to the ability of a system to handle an increased load by adding resources. Scale up or scale out. Scalability focuses on long-term capacity planning
Elasticity is the ability to automatically scale resources up or down in response to real-time demand. Elasticity provides cost efficiency and optimal resource usage at any given moment.
Amazon EC2 Auto Scaling automatically adjusts the number of EC2 instances based on changes in application demand, providing better availability.
Dynamic scaling or Predictive scaling
Auto Scaling groups, which are collections of EC2 instances that can scale in or out to meet your application’s needs.
Provide the minimun, desired and maximum capacity for the no. of EC2 instances required
-------------
Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple resources, such as EC2 instances, to optimize performance and reliability.
Single point of contact for all incoming web traffic to an Auto Scaling group.
Benefits - Efficient traffic distribution, Auto scaling, decouples front end and backend, handles failover etc
ELB Routing methods: round robin, least connections, IP hash, least response time
ELB and Auto Scaling work together to efficiently manage varying levels of demand. ELB is responsible for distributing incoming traffic and Auto Scaling automatically adjusts the number of EC2 instances based on the demand.
-------------
Amazon SQS - a message queuing service to send, store and receive messages with paylods (data) and SQS queues
Amazon SNS - a publish-subscribe service that publishers use to send messages to subscribers through SNS topics.
EventBridge - a serverless service that helps connect different parts of an application using events.
EventBridge can route events to the relevant services
Microservices are loosely coupled, meaning that if one component fails, the others continue to function normally.
-------------
Managed & Serverless compute services
With serverless computing, you run applications without managing the underlying infrastructure.
Managed services, on the other hand, reduce the amount of infrastructure you need to manage.
Fully-managed services—like serverless ones—take abstraction even further, eliminating the need to provision or manage any servers at all. Eg Lambda.
Customer responsible only for customer data & client side data encryption (IAM as well)
Lambda - a serverless compute service that runs code in response to events without the need to provision or manage servers.
Lambda handles execution, scaling, and resource allocation. Functions to be executed within 15 mins.
The key components of AWS Lambda are the function, triggers, and runtimes.
Eg - Automatically processing images as users upload them to an Amazon S3 bucket. Perfect for this event-driven use case. It can run code in response to uploads and scale automatically based on the number of events.
Containerization
Container Hosting and compute:
Amazon ECS - Streamlines & Integrated, define some parameters, fully managed service
Amazon Elastic Container Service (Amazon ECS) is a scalable container orchestration service for running and managing containers on AWS, like Docker containers.
Docker is a software platform for building, testing, and deploying applications quickly.
AWS Fargate - a serverless compute engine for containers. It works with both Amazon ECS and Amazon EKS.
Container orchestration:
Amazon EKS - Open source platform, more complex, more control & flexibility.
Amazon ECR - (Elastic Container Registry) is where you can store, manage, and deploy container images.
A container packages your application with everything it needs to run, so it works the same on any computer.
As containerized applications scale, managing them becomes more complex. This is where orchestration tools come in.
Start with uploading a container image to ECR
Choose an orchestration service based on needs - ECS/EKS
Select compute platform to run your container - EC2/Fargate
-------------
AWS Elastic Beanstalk - fully managed service. Simplified provisioning, configuration management, visibility & control
supports various programming languages and frameworks
AWS Batch - fully managed service. Infrastructure management, parallel processing support, automatic scaling
Good for Processing large-scale, parallel workloads
Amazon LIghtsail - Simplicity, cost effective, managed infrastructure
ideal for small businesses, basic workloads, and developers seeking a straightforward AWS experience
AWS Outposts - Hybrid cloud solution, consistency across onprem and cloud, low latency and data residency
fully managed hybrid cloud solution that extends AWS infrastructure and services to on-premises data centers.
AWS Going Global
AWS edge locations - smaller footprint facilities
Cache items like images, videos, and other resources, so that users can access the content they need with lower latency.
Edge locations offer multiple services to run closer to end users, including AWS networking services like Amazon CloudFront.
CloudFormation - Helps to automate the deployment of your cloud resources. use infrastructure as code, or IaC
You create a template that describes all the AWS resources that you want and CloudFormation takes care of provisioning and configuring those resources for you.
Key considerations when choosing a region - Compliance, proximity, features and pricing
Designing highly available architectures - Deploying multi-Region and multi-AZ resources
High availability: High availability refers to the capability of a system to operate continuously without failing.
Agility: Agility refers to the ability to quickly adapt to changing requirements or market conditions.
Elasticity: Elasticity refers to the ability of a system to scale resources up or down automatically in response to changes in demand.
To interact with AWS resources, you must invoke AWS APIs.
To interact with these APIs, you can use the AWS SDKs, the AWS Command Line Interface (AWS CLI), the AWS Management Console, or IaC tools such as CloudFormation.
AWS Networking
Networking in the AWS Cloud consists of the infrastructure and services working together to host your applications, data, and any other resources you might need.
Amazon VPC - a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
Increased security, save time, control environment. used to establish boundaries around your AWS resources.
Subnet - Subnets are used to organize your resources and can be made publicly or privately accessible.
Segments of your VPC. A subnet is a range of IP addresses in your VPC.
Public subnets are designed to provide direct internet access to resources placed inside them. They are connected with an internet gateway.
With a virtual private gateway, you can establish a VPN connection between your VPC and a private network, such as an on-premises data center or internal corporate network.
Virtual private network - A VPN encrypts your internet traffic, helping protect it from anyone who might try to intercept or monitor it.
-------
Connecting to the AWS Cloud
AWS Client VPN - A networking service you can use to connect your remote workers and on-premises networks to the cloud. fully managed, elastic VPN service. Securely connect a remote workforce to AWS Cloud resources
AWS Site-to-Site VPN - Securely connect sites to other sites. between your data center or branch offices and your AWS Cloud resources.
AWS PrivateLink - Securely connect resources, even in other VPCs. used for connecting your clients in your VPC to resources, other VPCs, and endpoints.
AWS Direct Connect - Dedicated private connections for increased bandwidth. reduces network costs and increases amount of bandwidth. For latency sensitive applications, large scale data migration or transfer, hybrid cloud architectures.
Additional gateway services - AWS transit gateway, Network address translation (NAT) gateway, Amazon API Gateway.
-------------
Two very powerful and flexible ways to control network traffic in your VPC are security groups and network access control lists, or network ACLs.
A network ACL is a virtual firewall that controls inbound and outbound traffic at the subnet level.
Stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.
Security groups - Control inbound and outbound traffic at the resource level like EC2. Stateful packet filtering. They remember previous decisions made for incoming packets.
By default, a security group denies all inbound traffic and allows all outbound traffic.
With security groups, you can add custom rules to configure which traffic should be allowed.
Network ACLs and security groups are customer responsibility
Building an Amazon VPC
Create the Amazon VPC - specify the Region best located for your resources.
Create the subnets - create two public and private subnets across two availability zones.
Create an internet gateway and route traffic
Global Networking
Edge networking services: Secure and speedy networking for user-facing application data
Route 53 is a DNS that provides a reliable and cost-effective way to route end users to internet applications.
This happens because of DNS resolution. DNS resolution involves a customer DNS resolver communicating with a company DNS server.
You can think of DNS as being the phone book of the internet. DNS resolution is the process of translating a domain name to an IP address. Another feature of Route 53 is the ability to manage the DNS records for domain names.
Amazon CloudFront - a content delivery network (CDN) service that delivers your content with faster loading times, cost savings, and reliability.
AWS Global Accelerator - Global Accelerator is a service that uses the AWS global network to improve application availability, performance, and security.
Global Accelerator directs traffic through the AWS private global network
Use VPN - Secure, Flexible, Remote Access, Small Scale, dedicated isn't necessary use cases
Use Direct Connect - High bandwidth, Low latency, consistent performance, large data transfers, critical applications
AWS Storage
AWS offers three distinct types of cloud storage: block storage, object storage, and file storage.
Block storage - data divided into pieces called blocks, direct data access without file system layers, best for applications/databases needing fast, frequent updates
Amazon EC2 instance store, Amazon Elastic Block Store (EBS). Attach to EC2 instances like physical hard drives.
Object storage - object = data + unique ID + meta data, full rewrite required to updatean object, organised using buckets, best for large or infrequently changed files
Amazon Simple Storage Service (S3)
File storage - Cloud based access through shared file systems, straightforward implementation without code changes, nest for applications needing shared file access
Amazon Elastic File System (EFS) for use with AWS Cloud services and on-premises resources. Amazon FSx - for popular file systems like Windows, Lustre, and NetApp ONTAP.
Additional Storage services:
AWS Storage Gateway - hybrid-cloud storage service that provides on-premises access to virtually unlimited cloud storage.
AWS Elastic Disaster Recovery - streamlines the recovery of your physical, virtual, and cloud-based servers into AWS.
Amazon EC2 instance store54
EC2 instance store is directly attached to the host, offering extremely low latency and high I/O performance for applications that need temporary storage with fast access.
Amazon EBS ensures data protection through automatic replication within the same Availability Zone. This provides the high availability and durability needed for financial applications with critical data.
EBS volumes have a lifecycle that is independent from EC2 instances. They can be detached from one instance and attached to another, and the data remains intact even if the instance is shut down or terminated.
EBS Snapshots - EBS snapshots are point-in-time backups of EBS volume.
They can be used for disaster recovery, data migration, volume resizing, and for creating consistent backups of production workloads.
Amazon data Lifecycle manager
Schedule automatic snapshot creation
Set retention policies
manage snapshot lifecycle
Apply consistent backup policies
Amazon S3
An object storage service that can store unlimited amounts of data in the AWS Cloud. Each object typically includes the data itself, metadata, and a unique identifier, or key.
Object storage is particularly well-suited for handling large amounts of unstructured data, such as documents, images, and videos.
An S3 bucket is a container for storing objects in Amazon S3. Buckets have a globally unique name across all of AWS
Amazon S3 Security: Private access by default, bucket policies, pre signed urls, access points, audit logs
S3 Block Public Access settings override bucket policies, preventing public access even when policies allow it.
Amazon S3 is designed with this durability level as a key feature, which is critical for valuable media assets that cannot be conveniently recreated if lost.
Amazon S3 offers various storage classes to suit a variety of workloads with specific performance, access, resiliency, and cost requirements
S3 Standard, S3 Intelligent-Tiering, S3 Standard Infrequent Access (Standard-IA), S3 One Zone Infrequent Access (One Zone-IA), S3 Express One Zone, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, S3 Glacier Deep Archive, S3 Outposts
S3 Lifecycle: To avoid manually managing your object storage tier configurations, you can use S3 Lifecycle configurations to automate the process via Transition actions, Expiration actions.
Use cases - Periodic logs, Data that changes in access frequency
-----------
Amazon EFS integrates seamlessly with AWS services and eliminates the need to provision and manage file servers.
Multi AZ availability unlike EBS volumes restricted within a region
automatically scales unlike EBS volumes
Shared access to multiple EC2s unlike EBS volumes
Amazon EFS storage classes: Standard, One Zone, Archive
Amazon FSx : Compared to Amazon EFS, which focuses on the Network File System (NFS) compatibility, Amazon FSx supports multiple filesystem protocols, including Windows File Server, Lustre, OpenZFS, and NetAPP ONTAP.
----------
AWS Storage Gateway bridges the gap between your traditional infrastructure and the cloud.
It's a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.
Seamless integration, improved data management, local caching, cost optimization
Types - Amazon S3 File Gateway, Volume Gateway, Tape Gateway
Elastic Disaster Recovery provides continuous block-level replication that maintains exact server replicas with minimal time between backup intervals, enabling rapid recovery when needed.
Storage Vs Database: Storage is a general term for a place to save data, like a hard drive or cloud service, that holds raw, often unstructured files. A database is a more structured system that organizes and manages data, making it easy to search, query, and update specific information, and is ideal for structured data like customer records or product information.
The main difference is that databases provide an organized, queryable layer over raw data stored in files.
AWS Databases
AWS database services include options for relational databases, nonrelational databases, in-memory caches, and purpose-built services for use cases like document management.
Relational databases use a rigid schema that organizes collections of data into tables with rows and columns, where relationships exist between different tables.
AWS relational databases support popular database engines like MySQL, PostgreSQL, and Oracle, making it easier to migrate existing databases to AWS.
Amazon RDS is a managed relational database service that handles routine database tasks such as backups, patching, and hardware provisioning.
supports multiple database instance class types that optimize for memory, performance, or input/output (I/O).
Amazon Aurora: Aurora is a managed relational database designed to help reduce unnecessary I/O operations. It's compatible with MySQL and PostgreSQL. Cloud Native database
NoSQL databases use flexible data schemas for storing and retrieving many different types of information.
Instead of row and column relationships, NoSQL databases build a structure for the data that they contain using key-value pairs instead. With key-value pairs, data is organized into items identified by unique keys.
DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance for both document and key-value data structures.
In-memory caching services are optimized to provide sub-millisecond latency for read and write operations.
An in-memory cache is a high-speed storage layer that temporarily stores frequently accessed data in a computer's main memory, or RAM. Eg Redis OSS, Valkey, Memecached.
Amazon ElastiCache - ElastiCache is a fully managed in-memory caching service that was built to help reduce the complexity of administering in-memory caching systems.
------------
Amazon DocumentDB (with MongoDB compatibility) - is fully managed service designed to handle semistructured data, which is information that doesn't conform to rigid relational schemas. Use case eg - product catalogs.
AWS Backup - AWS Backup streamlines data protection across various AWS resources and on-premises deployments by providing a single dashboard for monitoring and managing backups.
Amazon Neptune - Neptune is a fully managed, purpose-built graph database service that manages highly connected data sets, like those used in social networking applications. Low-latency queries on highly connected data
AI/ML & Data Analytics
The AWS AI/ML stack is composed of the following three tiers of solutions:
AI services - pre-built models that are already trained to perform specific functions
Language services
Amazon Comprehend: uses natural language processing to extract key insights from documents.
Amazon Polly converts text into lifelike speech.
Amazon Transcribe converts speech into text.
Amazon Translate is a text translation service.
Computer vision and search services
Amazon Kendra uses natural language processing to search for answers within large amounts of enterprise content.
Amazon Rekognition is a video analysis service.
Amazon Textract detects and extracts typed and handwritten
Conversational AI and personalization services
With Amazon Lex, you can add voice and text conversational interfaces to your applications.
With Amazon Personalize, you can use historical data to build intelligent application
ML services - a more customized approach with Amazon SageMaker AI where you build, train, and deploy your own ML models with fully managed infrastructure
ML frameworks and infrastructure - a completely custom approach to building models using purpose-built chips that integrate with popular ML frameworks
Generative AI on AWS
Amazon SageMaker JumpStart—An ML hub with FMs and pre-built ML solutions deployable with a few clicks
Rapid ML model deployments, Custom fine-tuned solutions, ML experiments and prototypes
Amazon Bedrock—A fully managed service for adapting and deploying FMs from Amazon and other leading AI companies
Enterprise-grade generative AI, Multimodal content generation, Advanced conversational AI
Amazon Q—An interactive AI assistant that can be integrated with a company's information repositories
Amazon Q Business - answer pressing questions, help solve problems, and take actions using the data
Amazon Q Developer - provides code recommendations to accelerate development for coding languages
-----------
With ETL, you perform the following steps:
Extract the data from various sources and store it.
Transform it into a consistent, usable format for downstream tools to consume.
Load it into a destination system, like a data warehouse or analytics platform.
Data pipelines are automated assembly lines used to make the ETL process efficient and repeatable.
Data ingestion services: Data ingestion involves moving data from source systems into your chosen storage solution.
You can use Kinesis Data Streams for real-time ingestion of terabytes of data from applications, streams, and sensors.
Amazon Data Firehose is an option for data ingestion in near real-time. This fully managed service provides automatic provisioning and scaling.
Data storage services: To gain insights, data is commonly consolidated into a single location.
Amazon S3 is a popular choice for data lakes. structured or unstructured data
Amazon Redshift is a fully managed data warehouse service that can store petabytes of structured or semistructured data
Data cataloging services: Cataloging your data with metadata provides an inventory of your organization's data.
AWS Glue Data Catalog provides a centralized, scalable, and managed metadata repository that enhances data discovery.
Data processing services clean and transform your data so it's ready to be analyzed.
AWS Glue is a fully managed ETL service that makes data preparation simpler, faster, and cost effective.
Amazon EMR is ideal for large-scale data processing and organizations with existing big data expertise.
Data analysis and visualization services: Queries and visualization tools help you to develop important insights about your data.
With Athena, you can run SQL queries to analyze data in relational, nonrelational, object, and custom data sources.
With QuickSight, both technical and non-technical users can quickly create modern interactive dashboards and reports
With OpenSearch Service, you can search for relevant content through precise keyword matching or natural language queries.
Security
Authentication: verifying the identity of a user or entity through credentials
Authorization: Granting authenticated users with certain access rights and permissions
Cloud security is a shared responsibility between customers and AWS.
Customers: Security in the cloud
AWS: Security of the cloud
AWS Identity and Access Management (IAM): Securely manage identities and access to AWS services and resources.
IAM provides users, groups, and roles so you can configure access
An IAM role is an identity someone can assume to gain temporary access to permissions.
An IAM policy is a JSON document that allows or denies permission to access AWS services and resources
IAM Identity Center is specifically designed to help organizations implement single sign-on for AWS resources using their existing identity providers.
AWS Secrets Manager: Secrets Manager provides a secure way to manage, rotate, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
AWS Systems Manager: Systems Manager provides a centralized view of nodes across your organization’s accounts and Regions and multi-cloud and hybrid environments.
Network and application attacks
DoS attacks - In a denial of service attack, an attacker floods a web application with excessive network traffic.
DDoS attacks - In a distributed denial of service (DDoS) attack, an attacker can use multiple infected computers (called zombie bots) to unknowingly send excessive traffic to a web application.
AWS protection through infrastructure
Security groups only allow in proper request traffic.
ELB handles traffic first before handing it off, so your frontend server is not overwhelmed
The enormous capacity of Regions makes them extremely difficult to overwhelm.
AWS protection through services
AWS Shield Standard is designed to automatically protect AWS customers from the most common, frequently occurring types of DDoS attacks at no cost.
AWS Shield Advanced is a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks
AWS WAF is a web application firewall that monitors network requests that come into your web applications.
----------
Data encryption works like a lock and key mechanism. If you have the right key, you can access the encrypted data. Otherwise, you cannot access the data.
Data encryption at rest: The data is idle and not moving, like when it's stored in a database.
Data encryption in transit: The data is moving between locations, like when it's being sent from a database to an application.
SSL/TLS certificates are used to establish encrypted network connections from one system to another.
You can use AWS Key Management Service (AWS KMS) to create and manage cryptographic keys.
These keys can then be used to encrypt and decrypt your data.
With Amazon Macie, you can monitor your sensitive data at rest to make sure it's safe. Macie uses machine learning (ML) and automation to discover sensitive data stored in Amazon S3.
AWS Certificate Manager (ACM): ACM centralizes the management of your SSL/TLS certificates that provide data encryption in transit.
SSL/TLS certificates are used to establish encrypted network connections from one system to another.
------------
Detection and response services
Amazon Inspector: Runs automated security assessments, finds security best practices deviations, detects EC2 exposures, finds vulnerable software installations
Amazon GuardDuty: Continous monitoring, AI/ML powered threat detection
Amazon Detective: Simplified, automatic security investigations, interactive threat visualizations, genai powered insights
AWS Security Hub: One comprehensive security view, automatic monitoring, actionable grouping of insights etc
Monitoring, Compliance, and Governance
The progression you generally want to use is as follows:
Securing systems : Protect data, systems, and infrastructure from unauthorized access, use, disclosure, disruption, modification, or destruction
Monitoring activities : Continuously observe and analyze system activity, network traffic, and security events to detect potential threats or anomalies
Conducting audits : Periodically review and assess the effectiveness of security controls and check that all requirements are met and security policies and procedures are adhered to
Ensuring compliance : Help ensure that an organization's security practices and controls meet the requirements of relevant regulations, industry standards, and contractual obligations
Amazon CloudWatch - CloudWatch monitors your AWS resources and the applications that you run on AWS in real time.
CloudWatch metrics, CloudWatch alarms, CloudWatch dashboards, CloudWatch logs
AWS CloudTrail - CloudTrail tracks user activity and API usage in the AWS Cloud, on premises, and even with other cloud provider
Save logs indefinitely, store in secure S3 buckets, tamperproof
CloudTrail events, logs, insights
--------------
AWS Artifact is a service that provides no-cost, on-demand access to AWS security and compliance reports and select online agreements.
AWS Artifact consists of two types: AWS Artifact agreements and AWS Artifact reports.
AWS Config: a service that you can use to assess, audit, and evaluate the configurations of your AWS resources.
helps evaluate configurations against a desired state, manage resource configuration changes, and simplify troubleshooting.
AWS Audit Manager: a service that continually audits your AWS usage to simplify risk and compliance assessment. It helps collect evidence and manage audit data.
The Customer Compliance Center provides resources to help you learn more about AWS compliance.
-------------
AWS Organizations: An organization is a collection of AWS accounts that you can manage centrally and organize into a hierarchical, tree-like structure with a root at the top and organizational units (OUs) nested under the root.
An organizational unit (OU) is a logical grouping of accounts in an AWS Organization
Member account not in an OU: If you have a member account that has unique requirements that do not overlap with those of an organizational unit, you can add them to the organization
Service control policies (SCP): An SCP is a policy that lets you place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.
--------------
Three AWS services that can help govern and enforce services and accounts to meet your company's requirements:
AWS Control Tower: A service you can use to set up and govern a secure, compliant, multi-account AWS environment based on best practices
AWS Service Catalog: A service you can use to create, share, and organize AWS services and resources from a curated catalog that you define
AWS License Manager: A service that helps you manage your software licenses and fine-tune licensing costs
-------------
AWS Health Dashboard: With AWS Health Dashboard, you can view account-specific health information and get AWS Health event updates.
Trusted Advisor: It can be used to optimize cost, efficiency, security, improve performance, and track service limits.
IAM Access Analyzer: It can be used to set fine-grained permissions, verify who can access what, remediate unused access, and refine and remove broad access.
Pricing & Support
Key concepts of AWS pricing: Pay as you go, Save when you commit and Pay less by using more
Driving factors of cost: Compute, storage, outbound data transfer
AWS Billing and Cost Management dashboard: The AWS Billing and Cost Management dashboard centralizes cost management, showing current charges, usage, forecasts, and detailed breakdowns.
AWS Budgets: AWS Budgets helps set custom budgets and sends alerts when costs, usage, or Savings Plans and Reserved Instances (RIs) utilization or coverage exceed defined thresholds.
AWS Cost Explorer: AWS Cost Explorer helps visualize, analyze, and manage AWS costs and usage with interactive graphs, reports, and forecasts
AWS Pricing Calculator: The AWS Pricing Calculator is a web-based planning tool that you can use to create estimates
----------
Types of AWS support: Basic Support → Developer Support → Business Support → Enterprise On-Ramp Support → Enterprise Support
A technical account manager (TAM) is included with the Enterprise On-Ramp and Enterprise Support plans.
Additional resources for your cloud journey
AWS re:Post is a community-driven, question-and-answer platform
The AWS Trust and Safety Center provides information on how to report activity or content on AWS that you suspect is abusive.
For Business and Enterprise Support customers, AWS solutions architects (SAs) provide architectural guidance, best practice recommendations, and help in designing scalable and secure applications.
AWS Professional Services is a consulting service that offers deeper, project-based support.
AWS also provides extensive documentation and self-support resources that you can use to research, answer a question, or troubleshoot an issue.
AWS Marketplace: The AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors.
AWS Partner Network: The AWS Partner Network (APN) is a global community that uses AWS technologies, programs, expertise, and tools to build solutions and services for customers.
Cloud Migration
Three phases of the migration process -
Assess: In this phase, you build the business case for the migration and assess your readiness.
Migration Evaluator.
Mobilize: In this phase, you prepare the organization and mobilize the resources needed for the migration.
Application Discovery Service and the AWS Migration Hub.
Migrate and modernize: In this phase, you use your strategy, plan, and the best practices to migrate and modernize.
AWS Application Migration Service and AWS Database Migration Service (AWS DMS)
Data Transfer Tools: AWS DataSync, AWS Transfer Family, and the AWS Snow Family.
AWS CAF: The AWS Cloud Adoption Framework is a framework that brings AWS experience and best practices to companies preparing to migrate to the AWS Cloud.
There are several groups of stakeholders and various parts of the business to consider in your migration planning and readiness.
6 perspectives of AWS CAF - Business, People, Governance, Platform, Security, Operations.
Seven migration strategies (7Rs of Migration): Relocate, Rehost, Replatform, Refactor, Repurchase, Retain, Retire
Migration Services and Tools:
Assess phase. The Migration Evaluator is a migration assessment service that helps you create a business case for AWS Cloud planning and migration
Mobilize phase. The Application Discovery Service discovers on-premises server inventory and connections. The Migration Hub is a centralized hub to take you from discovery, assessment, planning, and execution of your migration.
Migrate and modernize phase. Application Migration Service is a tool to move and improve your on-premises and cloud-based applications.
Migrating databases
AWS DMS - The AWS Database Migration Service (AWS DMS) makes it possible to quickly and securely migrate databases and perform ongoing data replication tasks for live databases and data warehouses.
AWS Schema Conversion Tool SCT - AWS SCT makes it possible to convert database schemas and code objects (like stored procedures, views, and functions) from one database engine to another
Transferring data to and from the AWS Cloud
Transferring Data Online
AWS DataSync - AWS DataSync is specifically designed for automating and accelerating data transfer.
AWS Transfer Family - The AWS Transfer Family makes it possible to seamlessly manage and share data with simple, secure, and scalable file transfers.
Direct Connect - AWS Direct Connect is a service that makes it possible for you to establish a dedicated private connection between your network and virtual private cloud (VPC) in the AWS Cloud.
Transferring Data Offline
Snowball Edge Storage Optimized devices - AWS Snowball Edge Storage Optimized devices are a great solution for offline data migration where connecting to the internet might not be an option.
Well-Architected Solutions
AWS Specialized Services
Development services
CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages for deployment.
CodePipeline is a fully managed CI/CD service that automates the build, test, and deploy phases of your release process.
X-Ray is a powerful tracing, debugging, and performance analysis tool that helps developers visualize application behavior.
AWS AppSync is a fully managed GraphQL service. With AWS AppSync, developers can create a single GraphQL API that can securely access, manipulate, and combine data from multiple data sources.
Amplify helps you streamline the process of developing, deploying, and managing secure and scalable full-stack applications on AWS
Business application services
Amazon Connect - Businesses can use this AI-powered contact center service to efficiently set up and operate a scalable customer service call center.
Amazon Simple Email Service - Amazon SES is a scalable and cost-effective email service provider that can be integrated into any application for reliable, high-volume email automation.
End-user computing services
AppStream 2.0 is a fully managed service that streams applications from the cloud directly to any compatible device.
Amazon WorkSpaces - employees can securely access their work environment from any device with an internet connection.
Amazon WorkSpaces Secure Browser (formerly Amazon WorkSpaces Web) - WorkSpaces Secure Browser is a fully managed remote enterprise browser.
IoT services
AWS IoT Core is a managed cloud service used to securely connect physical devices with cloud applications.
The AWS Well-Architected Tool (AWS WA Tool) is a free service that helps assess and improve cloud workloads based on the six key pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
Well-Architected Framework pillars
Operational Excellence: Focuses on operations, monitoring, automation, and continuous improvement
Security: Protects systems and data through best practices like least privilege and data integrity
Reliability: Emphasizes recovery planning and system adaptability to meet changing demands
Performance Efficiency: Encourages using the right resources for the job and adjusting as needs evolve
Cost Optimization: Helps control and reduce costs through smart provisioning and resource management
Sustainability: Promotes energy-efficient design and environmentally conscious resource usage
AWS Cloud Practitioner Exam Notes as flashcards videos
Download the AWS Cloud Practitioner Exam Notes here:
