Objective | Weighting |
Cloud Concepts | 28% |
Security | 24% |
Technology | 36% |
Billing and Pricing | 12% |
Before exam read the whitepapers
- Architecting for the Cloud: AWS Best Practices
- How AWS Pricing Works
Cloud Computing
- Renting someone’s computing power
6 advantages of Cloud Computing
- Trade Capital Expense for Variable
Expense
- Don’t have to invest heavily in data centers and servers before you know how you’re going to use them
- Only have to pay for what you use
- Benefit from massive economies of
scale
- Companies such as Amazon have exceptionally stronger buying power
- Stop guessing about capacity
- Don’t have to worry about buying too much or too little since you can scale your cloud environment
- Increase speed and agility
- Methods such as serverless architecture allow the ability to scale infinitely
- Stop spending money running and
maintaining data centers
- Let someone else manage the infrastructure
- Go global in minutes
- Easily deploy an application in multiple regions are the world with just a few clicks
3 Types of Cloud Computing
- Infrastructure As A Service (IAAS)
- You manage the physical or virtual server including the operating system
- Data center provider will not have access to the server
- Platform As A Service (PAAS)
- Someone else manages the hardware and operating systems
- You focus on the applications
- You do not handle security patching, updates, maintenance, etc.
- Software As A Service (SAAS)
- All you manage is your interface with the software (Gmail Inbox)
3 Types of Cloud Computing Deployments
- Public Cloud – AWS, Azure, GCP
- Hybrid – Mixture of public and private
- Private Cloud (Or On Premise) – You manage it, in your datacenter. Openstack or VMware
AWS – High Level Services
- Compute
- EC2
- Lambda
- Storage
- Simple Storage Service
- Glacier
- Databases
- Relational Database Service (RDS)
- DynamoDB (Non-Relational Databases)
- Migration & Transfer
- Network & Content Delivery
- VPC
- Route53
- Security, Identity & Compliance
- Identity Access Management (IAM)
- AWS Cost Management
- CloudWatch
- Billing Alarms
- CloudWatch
Availability Zones & Regions
- An availability zone is one or more data centers with redundant power, networking, and connectivity
- A region is a geographical area which consists of two or more availability zones
- Edge locations are endpoints for AWS
used for caching content
- CloudFront, Amazon’s Content Delivery Network (CDN)
- Currently there are over 150 Edge locations
Price Plans
- Basic
- Price is included
- Customer service for account and billing questions and access to community forums
- Developer
- $29/month – scales based on usage
- One primary contact can ask technical questions through Support Center and get response within 12-24 hours during local business hours
- Business
- $100/month – scales based on usage
- 24×7 support by phone and chat
- 1hr response time for urgent support cases
- Help with common third-party software
- Full access to AWS Trusted Advisor for automating optimization of AWS infrastructure in real-time
- Access to AWS Support API for automating support cases and retrieving Trusted Advisor result
- Enterprise
- $15,000/month – scales based on usage
- All the features from Business Plan
- An assigned technical account manager (TAM) who provides proactive guidance and best practices to help plan, develop, and run your AWS solutions
- Support Concierge who provides billing and account analysis and assistance
- Access to infrastructure Event Management to support product launches, seasonal promotions/events, and migrations.
- 15-minute response to critical support cases with prioritized case handling
Identity Access Management (IAM)
- Global, not a regional setting
- Root account is the email address used to set up your AWS account and has full administrator access
- Users are assigned to a group to
determine privileges
- Group policies consist of Java Script Object Notation (JSON)
AWS Platform Access
- Via the console (web-interface)
- Programmatically (Using the Command Line)
- Using the Software Developers Kit (SDK)
What is S3 (Simple Storage Service)
- AWS Storage Gateway
- Primarily used for attaching infrastructure located in a data center to the AWS Storage infrastructure
- File gateway is the file system mount on S3
- Secure, durable, highly-scalable object storage
- The data is spread across multiple devices and facilities
- 0 bytes to 5 TB per file
- Unlimited storage
- Files are stored in Buckets
- S3 is a universal namespace, bucket names must be unique globally
- When you upload if it was successful you will receive an HTTP 200 code response
- If you write a new file and read it immediately afterwards, you will be able to view the data
- If you updated an existing file or delete a file and try to read it immediately after, you may get the older version, or you may not. Changes can take time to propagate
- Built for 99.99% availability for the S3 platform, Amazon guarantees 99.9% availability, guarantees 99.999999999% durability (11 x 9s)
- Features
- Tiered Storage Available
- S3 Standard
- 99.99% availability, 11 x 9s durability
- Stored redundantly across multiple devices in multiple facilities
- Designed to sustain the loss of 2 facilities concurrently
- S3 – IA (Infrequently Accessed)
- For data that is accessed less frequently
- Rapid access when needed
- Lower fee than S3 but, you are charged a retrieval fee
- S3 One Zone – IA
- Lower-cost option for infrequently accessed data
- Does not provide multiple Availability Zone data resilience
- S3 – Intelligent Tiering
- Designed for optimizing costs by automatically moving data to the most cost-effective access tier
- No performance impact or operational overhead
- S3 Glacier
- Secure, durable, low-cost storage class for data archiving
- Store any amount of data for same or cheaper costs than on-premises solutions
- Retrieval times configurable from minutes to hours
- S3 Glacier Deep Archive
- Lowest-cost storage class
- Retrieval time of 12 hours is acceptable
- S3 Standard
- Lifecycle Management
- Versioning
- Encryption
- Secure data with Access Control Lists and Bucket Policies
- Tiered Storage Available
- Charges
- Storage
- Requests
- Storage Management Pricing
- Data Transfer Pricing
- Transfer Acceleration
- Enables fast, easy, and secure transfers of files over long distances between end users and an S3 bucket
- Utilizes Amazon CloudFront’s globally distributed edge locations
- Data is routed to Amazon S3 over an optimized network path
- Cross Region Replication Pricing
- Bucket is replicated in another region and files are replicated to this new region for reliability
What is CloudFront
- CDN (Content Delivery Network)
- A system of distributed servers that deliver webpages and other web content to a user based on the geographic location of the user, the origin of the webpage, and a content delivery server
- Edge Location is where content will be cached
- Are not just READ only, you can write to them such as placing an object on them
- Objects are cached for the TTL (Time To Live)
- You can clear cached objects but you will be charged
- Origin is the origin of all the files that the CDN will
distribute
- S3 Bucket, EC2 Instance, Elastic Load Balancer, Route53
- Distribution is a collection of Edge Locations
- Used to deliver an entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations
- Requests for this content is automatically routed to the nearest edge location so that the content is delivered with the best possible performance
- Distributions
- Web Distribution – typically used for websites
- RTMP – used for media streaming
What is Amazon EC2 (Amazon Elastic Compute Cloud)
- A virtual server or servers in the
cloud
- Reduces the time required to obtain and boot new serer instances to minutes
- Allows for scalability both up and down as requirements change
- Pricing Models
- On Demand
- Allows you to pay a fixed rate by the hour or second with no commitment
- Users that want low cost and flexibility without long-term commitment or up-front payment
- Applications with short term, spiky, or unpredictable workloads
- Applications being developed or tested
- Reserved
- Provides you with a capacity reservation
- Offers a significant discount on the hourly charge for an instance
- Contract terms are 1 year or 3 year terms
- Applications with steady state or predictable usage
- Applications that require reserved capacity
- Up-front payments to reduce total costs
- Spot
- Enables you to bid whatever price you want for instance capacity
- Allows for even greater savings if your applications have flexible start and end times
- Applications that have flexible start and end times
- Applications that are only feasible at very low compute prices
- Users with urgent computing needs for large amounts of additional capacity
- Dedicated Hosts
- Physical EC2 server dedicated for your use
- Dedicated Hosts can help reduce costs by allowing you to use your existing server-bound software licenses
- Used for regulatory requirements that may not support multi-tenant virtualization
- For licensing which does not support multi-tenancy or cloud
- Can be purchased On-Demand (hourly)
- Can be purchased as a reservation for up to 70% off the On-Demand price
- On Demand
- EC2 Instance Types – do not need for
exam
- F – FPGA
- I – IOPS (Input/output Operations Per Second) High speed storage
- G – Graphics
- H – High Disk Throughput
- T – Cheap general purpose (think T2 Micro)
- D – Density – dense storage
- R – RAM
- M – Main choice for general purpose apps
- C – Compute
- P – Graphics
- X – Extreme Memory
- Z – Extreme Memory and CPU
What is EBS (Elastic Block Storage)
- Allows you to create storage volumes and attach them to EC2 instances
- Once attached you can create a file system on top of these volumes and run a database or use them in any other way you would use a block device
- Placed in a specific Availability Zone where they are automatically replicated to protect you
- SSD
- General Purpose SSD (GP2)
- Balances price and performance for a wide variety of workloads
- Provisioned IOPS SSD (IO1)
- Highest performance SSD volume for mission-critical low-latency or high-throughput workloads
- General Purpose SSD (GP2)
- Magnetic
- Throughput Optimized HDD (ST1)
- Low cost HDD volume designed for frequently accessed, throughput-intensive workloads
- Cold HDD (SC1)
- Lowest cost HDD volume designed for less frequently accessed workloads (File Servers)
- Throughput Optimized HDD (ST1)
Load Balancers
- 3 different flavors
- Application Load Balancers
- Utilizes layer 7 to make intelligent decisions
- Network load balancers
- Extreme performance and static IP addresses
- Classic load balancers
- Used for testing and development to keep costs low
- Application Load Balancers
- Should place EC2 instances in different availability zones so that if one goes down you still have an instance
Relational Database
- Database file
- Tables
- Rows
- Columns
- Tables
- On AWS it is called RDS (Relational
Database Service)
- SQL Server
- Oracle
- MySQL Server
- PostgreSQL
- Aurora
- Scalability
- High Availability – Multi-AZ
- Anti-Patterns – Do not use Aurora if there is no need for joins or complex transactions, use No-SQL
- MariaDB
- Has two key features
- Multiple availability zones for disaster recovery
- Read Replicas promote performance
Non-Relational Database
Collection | Table |
Document | Row |
Key Value Pairs | Fields |
- The columns in the table can vary
- Does not affect other rows in the database
- On AWS it is called DynamoDB
- Scalability
- High Availability – Multi-AZ
- Anti-Patterns – Do not use DynamoDB if you require joins or complex transactions, if so, use Aurora or others
- Anti-Patterns – Do not use DynamoDB if you have large binary files such as audio, video, and images, instead, store in Amazon S3
OLTP (Online Transaction Processing) vs OLAP (Online Analytics Processing)
- OLTP
- Query something such as an order number
- Pulls up a row of data such as name, date, address, etc. for that order number
- Use RDS
- OLAP
- Pulls large number of records
- Can use these records for business analytics
- Use Redshift
Data Warehousing
- Used for business intelligence
- Tools like Cognos, Jaspersoft, SQL Server Reporting Services, Oracle Hyperion, SAP NetWeaver
- Used to pull very large and complex data sets
- Usually used by management to do queries on data
- Databases use different type of architecture both from a database perspective and infrastructure layer
- Amazon’s Data Warehouse Solution is
Redshift
- Scalability
- High availability – Multi-AZ
- Not meant for Online Transaction Processing
ElastiCache
- Stores common queries in cache
- Web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud
- Improves performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying entirely on a slow disk-based database
- Supports two open-source in-memory
caching engines
- Memcached
- Redis
CloudWatch
- Monitor usage and provides graphs
- Set alarms for usage or costs
Autoscaling
- Allows you to use a standard image to automatically spin up additional servers if usage reaches a specified value
- Specify a minimum number of servers and a maximum
- Can be used with a load balancer target group so that if an EC2 instance becomes overloaded it can spin up a new server and the load balancer will distribute the load
Route 53
- DNS management
- Traffic management
- Availability monitoring
- Domain registration
Elastic Beanstalk (EB)
- Free
- Quickly deploy and manage applications in the AWS Cloud
- Do not have to worry about the infrastructure that runs the applications
- Simply upload the application and EB automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring
- Limited as it is not programmable like CloudFormation
CloudFormation
- Free
- Service that helps model and set up AWS resources
- Can create a template that describes all the AWS resources you want such as EC2 and RDS DB instances and CloudFormation takes care of provisioning and configuring those resources
- No need to individually create and configure AWS resources
- The resources are created and configured based on programmable JSON that describes the environment
Traditional Computing vs Cloud Computing
- IT Assets as Provisioned resources – programmable IT assets
- Global, available, and scalable capacity
- Higher level managed services such as machine learning
- Built-in security
- Architecting for cost
- Operations on AWS
Scalability
- Scale Up, increasing amount of computing power for an individual virtual machine
- Scale Out, add additional virtual
machines to handle the requests
- Stateless Applications
- Distribute load to multiple loads
- Stateless components, storing user info in their browsers cookies
- Stateful component, storing user info in a database
- Implement session affinity
- Implement distributed processing
Instantiating Compute Resources
- Bootstrapping, no need to manually configure every instance
- Golden Images, create a copy of an image to be duplicated
- Containers
- Hybrid, utilizing EC2 instances and containers
Infrastructure As Code
- CloudFormation
Automation
- Serverless Management and Deployment
- Infrastructure Management and
Deployment
- AWS Elastic Beanstalk
- Amazon EC2 auto recovery
- AWS Systems Manager
- Auto Scaling
- Alarms and Events
- Amazon CloudWatch alarms
- Amazon CloudWatch events
- AWS Lambda scheduled events
- AWS WAF security automations
Loose Coupling
- Well Defined Interfaces
- Amazon API Gateway
- Service Discovery
- Implement Service Discovery
- Asynchronous Integration
- Distributed Systems Best Practices
- Graceful Failure in Practice
Services Not Servers
- Managed Services
- Serverless Architectures
Graph Database
- Amazon Neptune
AWS Pricing
- Pay as you go
- Pay for what you use
- Pay less as you use more
- Pay even less when you reserve capacity
- Fundamental drivers of cost
- Compute
- Storage
- Data Outbound
- Free Services
- Amazon VPC
- Elastic Beanstalk
- CloudFormation
- Identity Access Management (IAM)
- Auto Scaling
- Opsworks
- Consolidated Billing
- What determines price
- For EC2
- Clock hours of server time
- Instance type
- Pricing model
- Number of instances
- Load balancing
- Detailed monitoring
- Auto scaling because it requires additional instances
- Elastic IP addresses
- Operating Systems and Software Packages
- For Lambda
- Request Pricing
- Free Tier: 1 million requests per month
- $0.20 per 1 million requests thereafter
- Duration Pricing
- 400,000 GB-seconds per month free up to 3.2 million seconds of compute time
- $0.00001667 for every GB-second used thereafter
- Additional charges
- If your lambda function uses other AWS services or transfers data
- For EBS
- Volumes (Per GB)
- Snapshots (Per GB)
- Data Transfer
- For S3
- Storage class (Standard or IA or 1 AZ IA etc)
- Storage
- Requests (GET,PUT,COPY)
- Data Transfer
- For Glacier
- Storage
- Data Retrieval times
- For Snowball
- Service Fee per job
- 50 TB: $200
- 80 TB: $250
- Daily Charge
- First 10 days free then $15 a day thereafter
- Data Transfer
- Transfer into S3 is free, Data transfer out is not
- Service Fee per job
- For RDS
- Clock hours of server time
- Database characteristics
- Database purchase type
- Number of database instances
- Provisioned storage
- Additional storage
- Requests
- Deployment type
- Data transfer
- For DynamoDB
- Provisioned throughput (write)
- Provisioned throughput (read)
- Indexed data storage
- For CloudFront
- Traffic distribution
- Requests
- Data Transfer out
- Request Pricing
- For EC2
What is Snowball
- AWS Snowball is a PB(Petabyte)-scale data transport solution
- Uses secure appliances to transfer large amounts of data into and out of the AWS Cloud
- Basically a gigantic disk to move data into the cloud
What are Tags
- Key Value Pairs attached to AWS resources
- Metadata
- Tags can sometimes be inherited
- Resource groups make it easy to group resources using tags that are assigned to them
- You can group resources that share one or more tags
- Can apply automation to resources with specific tags
- Resource groups in combination with AWS systems manager allow you to control and execute automation against fleets of EC2 instances at the push of a button
- Tag editor is a global service that allows us to discover resources and add additional tags to them as well
- Newer regions may take some time to be compatible with tag editor
What is CloudTrail
- CloudWatch monitors performance
- CloudTrail monitors API calls in the
AWS platform
- Includes all modifications made to services on AWS such as spinning up an EC2 server
- Per AWS account and is enabled per region
- Can consolidate logs from multiple
accounts using an S3 bucket
- Turn on CloudTrail in paying account
- Create a bucket policy that allows cross-account access
- Turn on CloudTrail in the other accounts and use the bucket in the paying account
AWS Organizations

- An account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage
- Two feature sets
- Consolidated Billing
- Paying account links organizational accounts to manage payments
- One bill per AWS account
- Very easy to track charges and allocate costs
- Volume pricing discount
- All features
- Consolidated Billing
- Best Practices
- Always enable multi-factor authentication on root account
- Always use a strong and complex password on root account
- Paying account should be used for billing purposes only
- Can still create billing alerts per individual account
- Details per account on billing reports
AWS Quick Start
- Way of deploying environments quickly
- Using CloudFormation templates built by AWS Solutions Architects who are experts in that particular technology
AWS Landing Zone
- A solution that helps customers quickly set up a secure, multi-account AWS environment based on AWS best practices
AWS Calculators
- AWS helps you calculate costs using different calculators
- Available in two feature sets
- AWS Simple Monthly calculator
- Cost on AWS
- AWS Total Cost of Ownership Calculator (TCO)
- How much it’ll cost doing it yourself (not on AWS) vs doing it on AWS
- AWS Simple Monthly calculator
AWS Shared Responsibility Model
- AWS manages security of the cloud
- Security in the cloud is the responsibility of the customer
- Customers are in control of what security they choose to implement to protect their own content, platform, applications, systems and networks

What is AWS WAF (Web Application Firewall)
- Helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources
- Layer 7
What is AWS Shield
- A managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS
- Provides always-on detection and automatic inline mitigations that minimize application downtime and latency
- Two tiers of AWS Shield
- Standard
- Advanced
- $3,000/month
- Will reimburse you for the costs of mitigations due to an attack
- Application layer monitoring
What is Amazon Inspector
- An automated security assessment service
- Helps improve security and compliance of applications deployed on AWS
- Produces a detailed list of security findings prioritized by level of severity
- Used for inspecting EC2 instances for vulnerabilities
What is AWS Trusted Advisor
- For all services and is global
- An online resource to help you reduce cost, increase performance, and improve security by optimization
- Provides real time guidance to help you provision your resources following AWS best practices
- Advice you on cost, optimization, performance, security, and fault tolerance
What is AWS CloudTrail
- Regional service
- Increases visibility into your user and resource activity by recording AWS Management Console actions and API calls
- Can identify which users and accounts called AWS, source IP addresses, and when the calls occurred
Acronyms
AWS – Amazon Web Services
TAM – Technical Account Manager
IAM – Identity Access Management
SDK – Software Developers Kit
JSON – Java Script Object Notation
API – Application Programming Interface
CDN – Content Delivery Network
RDS – Relational Database Service
IAAS – Infrastructure As A Service
PAAS – Platform As A Service
SAAS – Software As A Service
S3 – Simple Storage Service
IA – Infrequently Accessed
TTL – Time To Live
EC2 – Elastic Compute Cloud
IOPS – Input Output Per Second
GP2 – General Purpose SSD
IO1 – Provisioned IOPS SSD
ST1 – Throughput Optimized HDD
SC1 – Cold HDD
OLTP – Online Transaction Processing
OLAP – Online Analytics Processing
DMS – Database Migration Services
AMI – Amazon Machine Image
EB – Elastic Beanstalk
TCO – Total Cost of Ownership
WAF – Web Application Firewall
SNS – Simple Notification Service
EBS – Elastic Block Store
EMR – Elastic MapReduce
Leave a Reply