AWS Cloud Practitioner

Objective Weighting
Cloud Concepts 28%
Security 24%
Technology 36%
Billing and Pricing 12%

Before exam read the whitepapers

  • Architecting for the Cloud: AWS Best Practices
  • How AWS Pricing Works

Cloud Computing

  • Renting someone’s computing power

6 advantages of Cloud Computing

  1. Trade Capital Expense for Variable Expense
    1. Don’t have to invest heavily in data centers and servers before you know how you’re going to use them
    1. Only have to pay for what you use
  2. Benefit from massive economies of scale
    1. Companies such as Amazon have exceptionally stronger buying power
  3. Stop guessing about capacity
    1. Don’t have to worry about buying too much or too little since you can scale your cloud environment
  4. Increase speed and agility
    1. Methods such as serverless architecture allow the ability to scale infinitely
  5. Stop spending money running and maintaining data centers
    1. Let someone else manage the infrastructure
  6. Go global in minutes
    1. Easily deploy an application in multiple regions are the world with just a few clicks

3 Types of Cloud Computing

  1. Infrastructure As A Service (IAAS)
    1. You manage the physical or virtual server including the operating system
    1. Data center provider will not have access to the server
  2. Platform As A Service (PAAS)
    1. Someone else manages the hardware and operating systems
    1. You focus on the applications
    1. You do not handle security patching, updates, maintenance, etc.
  3. Software As A Service (SAAS)
    1. All you manage is your interface with the software (Gmail Inbox)

3 Types of Cloud Computing Deployments

  1. Public Cloud – AWS, Azure, GCP
  2. Hybrid – Mixture of public and private
  3. Private Cloud (Or On Premise) – You manage it, in your datacenter. Openstack or VMware

AWS – High Level Services

  • Compute
    • EC2
    • Lambda
  • Storage
    • Simple Storage Service
    • Glacier
  • Databases
    • Relational Database Service (RDS)
    • DynamoDB (Non-Relational Databases)
  • Migration & Transfer
  • Network & Content Delivery
    • VPC
    • Route53
  • Security, Identity & Compliance
    • Identity Access Management (IAM)
  • AWS Cost Management
    • CloudWatch
      • Billing Alarms

Availability Zones & Regions

  • An availability zone is one or more data centers with redundant power,  networking, and connectivity
  • A region is a geographical area which consists of two or more availability zones
  • Edge locations are endpoints for AWS used for caching content
    • CloudFront, Amazon’s Content Delivery Network (CDN)
    • Currently there are over 150 Edge locations

Price Plans

  • Basic
    • Price is included
    • Customer service for account and billing questions and access to community forums
  • Developer
    • $29/month – scales based on usage
    • One primary contact can ask technical questions through Support Center and get response within 12-24 hours during local business hours
  • Business
    • $100/month – scales based on usage
    • 24×7 support by phone and chat
    • 1hr response time for urgent support cases
    • Help with common third-party software
    • Full access to AWS Trusted Advisor for automating optimization of AWS infrastructure in real-time
    • Access to AWS Support API for automating support cases and retrieving Trusted Advisor result
  • Enterprise
    • $15,000/month – scales based on usage
    • All the features from Business Plan
    • An assigned technical account manager (TAM) who provides proactive guidance and best practices to help plan, develop, and run your AWS solutions
    • Support Concierge who provides billing and account analysis and assistance
    • Access to infrastructure Event Management to support product launches, seasonal promotions/events, and migrations.
    • 15-minute response to critical support cases with prioritized case handling

Identity Access Management (IAM)

  • Global, not a regional setting
  • Root account is the email address used to set up your AWS account and has full administrator access
  • Users are assigned to a group to determine privileges
    • Group policies consist of Java Script Object Notation (JSON)

AWS Platform Access

  • Via the console (web-interface)
  • Programmatically (Using the Command Line)
  • Using the Software Developers Kit (SDK)

What is S3 (Simple Storage Service)

  • AWS Storage Gateway
    • Primarily used for attaching infrastructure located in a data center to the AWS Storage infrastructure
    • File gateway is the file system mount on S3
  • Secure, durable, highly-scalable object storage
  • The data is spread across multiple devices and facilities
  • 0 bytes to 5 TB per file
  • Unlimited storage
  • Files are stored in Buckets
  • S3 is a universal namespace, bucket names must be unique globally
  • When you upload if it was successful you will receive an HTTP 200 code response
  • If you write a new file and read it immediately afterwards, you will be able to view the data
  • If you updated an existing file or delete a file and try to read it immediately after, you may get the older version, or you may not. Changes can take time to propagate
  • Built for 99.99% availability for the S3 platform, Amazon guarantees 99.9% availability, guarantees 99.999999999% durability (11 x 9s)
  • Features
    • Tiered Storage Available
      • S3 Standard
        • 99.99% availability, 11 x 9s durability
        • Stored redundantly across multiple devices in multiple facilities
        • Designed to sustain the loss of 2 facilities concurrently
      • S3 – IA (Infrequently Accessed)
        • For data that is accessed less frequently
        • Rapid access when needed
        • Lower fee than S3 but, you are charged a retrieval fee
      • S3 One Zone – IA
        • Lower-cost option for infrequently accessed data
        • Does not provide multiple Availability Zone data resilience
      • S3 – Intelligent Tiering
        • Designed for optimizing costs by automatically moving data to the most cost-effective access tier
        • No performance impact or operational overhead
      • S3 Glacier
        • Secure, durable, low-cost storage class for data archiving
        • Store any amount of data for same or cheaper costs than on-premises solutions
        • Retrieval times configurable from minutes to hours
      • S3 Glacier Deep Archive
        • Lowest-cost storage class
        • Retrieval time of 12 hours is acceptable
    • Lifecycle Management
    • Versioning
    • Encryption
    • Secure data with Access Control Lists and Bucket Policies
  • Charges
    • Storage
    • Requests
    • Storage Management Pricing
    • Data Transfer Pricing
    • Transfer Acceleration
      • Enables fast, easy, and secure transfers of files over long distances between end users and an S3 bucket
      • Utilizes Amazon CloudFront’s globally distributed edge locations
      • Data is routed to Amazon S3 over an optimized network path
    • Cross Region Replication Pricing
      • Bucket is replicated in another region and files are replicated to this new region for reliability

What is CloudFront

  • CDN (Content Delivery Network)
    • A system of distributed servers that deliver webpages and other web content to a user based on the geographic location of the user, the origin of the webpage, and a content delivery server
    • Edge Location is where content will be cached
      • Are not just READ only, you can write to them such as placing an object on them
      • Objects are cached for the TTL (Time To Live)
      • You can clear cached objects but you will be charged
    • Origin is the origin of all the files that the CDN will distribute
      • S3 Bucket, EC2 Instance, Elastic Load Balancer, Route53
    • Distribution is a collection of Edge Locations
  • Used to deliver an entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations
  • Requests for this content is automatically routed to the nearest edge location so that the content is delivered with the best possible performance
  • Distributions
    • Web Distribution – typically used for websites
    • RTMP – used for media streaming

What is Amazon EC2 (Amazon Elastic Compute Cloud)

  • A virtual server or servers in the cloud
    • Reduces the time required to obtain and boot new serer instances to minutes
    • Allows for scalability both up and down as requirements change
  • Pricing Models
    • On Demand
      • Allows you to pay a fixed rate by the hour or second with no commitment
      • Users that want low cost and flexibility without long-term commitment or up-front payment
      • Applications with short term, spiky, or unpredictable workloads
      • Applications being developed or tested
    • Reserved
      • Provides you with a capacity reservation
      • Offers a significant discount on the hourly charge for an instance
      • Contract terms are 1 year or 3 year terms
      • Applications with steady state or predictable usage
      • Applications that require reserved capacity
      • Up-front payments to reduce total costs
    • Spot
      • Enables you to bid whatever price you want for instance capacity
      • Allows for even greater savings if your applications have flexible start and end times
      • Applications that have flexible start and end times
      • Applications that are only feasible at very low compute prices
      • Users with urgent computing needs for large amounts of additional capacity
    • Dedicated Hosts
      • Physical EC2 server dedicated for your use
      • Dedicated Hosts can help reduce costs by allowing you to use your existing server-bound software licenses
      • Used for regulatory requirements that may not support multi-tenant virtualization
      • For licensing which does not support multi-tenancy or cloud
      • Can be purchased On-Demand (hourly)
      • Can be purchased as a reservation for up to 70% off the On-Demand price
  • EC2 Instance Types – do not need for exam
    • F – FPGA
    • I – IOPS (Input/output Operations Per Second) High speed storage
    • G – Graphics
    • H – High Disk Throughput
    • T – Cheap general purpose (think T2 Micro)
    • D – Density – dense storage
    • R – RAM
    • M – Main choice for general purpose apps
    • C – Compute
    • P – Graphics
    • X – Extreme Memory
    • Z – Extreme Memory and CPU

What is EBS (Elastic Block Storage)

  • Allows you to create storage volumes and attach them to EC2 instances
  • Once attached you can create a file system on top of these volumes and run a database or use them in any other way you would use a block device
  • Placed in a specific Availability Zone where they are automatically replicated to protect you
  • SSD
    • General Purpose SSD (GP2)
      • Balances price and performance for a wide variety of workloads
    • Provisioned IOPS SSD (IO1)
      • Highest performance SSD volume for mission-critical low-latency or high-throughput workloads
  • Magnetic
    • Throughput Optimized HDD (ST1)
      • Low cost HDD volume designed for frequently accessed, throughput-intensive workloads
    • Cold HDD (SC1)
      • Lowest cost HDD volume designed for less frequently accessed workloads (File Servers)

Load Balancers

  • 3 different flavors
    • Application Load Balancers
      • Utilizes layer 7 to make intelligent decisions
    • Network load balancers
      • Extreme performance and static IP addresses
    • Classic load balancers
      • Used for testing and development to keep costs low
  • Should place EC2 instances in different availability zones so that if one goes down you still have an instance

Relational Database

  • Database file
    • Tables
      • Rows
      • Columns
  • On AWS it is called RDS (Relational Database Service)
    • SQL Server
    • Oracle
    • MySQL Server
    • PostgreSQL
    • Aurora
      • Scalability
      • High Availability – Multi-AZ
      • Anti-Patterns – Do not use Aurora if there is no need for joins or complex transactions, use No-SQL
    • MariaDB
    • Has two key features
      • Multiple availability zones for disaster recovery
      • Read Replicas promote performance

Non-Relational Database

Collection Table
Document Row
Key Value Pairs Fields
  • The columns in the table can vary
  • Does not affect other rows in the database
  • On AWS it is called DynamoDB
    • Scalability
    • High Availability – Multi-AZ
    • Anti-Patterns – Do not use DynamoDB if you require joins or complex transactions, if so, use Aurora or others
    • Anti-Patterns – Do not use DynamoDB if you have large binary files such as audio, video, and images, instead, store in Amazon S3

OLTP (Online Transaction Processing) vs OLAP (Online Analytics Processing)

  • OLTP
    • Query something such as an order number
    • Pulls up a row of data such as name, date, address, etc. for that order number
    • Use RDS
  • OLAP
    • Pulls large number of records
    • Can use these records for business analytics
    • Use Redshift

Data Warehousing

  • Used for business intelligence
  • Tools like Cognos, Jaspersoft, SQL Server Reporting Services, Oracle Hyperion, SAP NetWeaver
  • Used to pull very large and complex data sets
  • Usually used by management to do queries on data
  • Databases use different type of architecture both from a database perspective and infrastructure layer
  • Amazon’s Data Warehouse Solution is Redshift
    • Scalability
    • High availability – Multi-AZ
    • Not meant for Online Transaction Processing

ElastiCache

  • Stores common queries in cache
  • Web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud
  • Improves performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying entirely on a slow disk-based database
  • Supports two open-source in-memory caching engines
    • Memcached
    • Redis

CloudWatch

  • Monitor usage and provides graphs
  • Set alarms for usage or costs

Autoscaling

  • Allows you to use a standard image to automatically spin up additional servers if usage reaches a specified value
  • Specify a minimum number of servers and a maximum
  • Can be used with a load balancer target group so that if an EC2 instance becomes overloaded it can spin up a new server and the load balancer will distribute the load

Route 53

  • DNS management
  • Traffic management
  • Availability monitoring
  • Domain registration

Elastic Beanstalk (EB)

  • Free
  • Quickly deploy and manage applications in the AWS Cloud
  • Do not have to worry about the infrastructure that runs the applications
  • Simply upload the application and EB automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring
  • Limited as it is not programmable like CloudFormation

CloudFormation

  • Free
  • Service that helps model and set up AWS resources
  • Can create a template that describes all the AWS resources you want such as EC2 and RDS DB instances and CloudFormation takes care of provisioning and configuring those resources
  • No need to individually create and configure AWS resources
  • The resources are created and configured based on programmable JSON that describes the environment

Traditional Computing vs Cloud Computing

  • IT Assets as Provisioned resources – programmable IT assets
  • Global, available, and scalable capacity
  • Higher level managed services such as machine learning
  • Built-in security
  • Architecting for cost
  • Operations on AWS

Scalability

  • Scale Up, increasing amount of computing power for an individual virtual machine
  • Scale Out, add additional virtual machines to handle the requests
    • Stateless Applications
    • Distribute load to multiple loads
    • Stateless components, storing user info in their browsers cookies
    • Stateful component, storing user info in a database
    • Implement session affinity
    • Implement distributed processing

Instantiating Compute Resources

  • Bootstrapping, no need to manually configure every instance
  • Golden Images, create a copy of an image to be duplicated
  • Containers
  • Hybrid, utilizing EC2 instances and containers

Infrastructure As Code

  • CloudFormation

Automation

  • Serverless Management and Deployment
  • Infrastructure Management and Deployment
    • AWS Elastic Beanstalk
    • Amazon EC2 auto recovery
    • AWS Systems Manager
    • Auto Scaling
  • Alarms and Events
    • Amazon CloudWatch alarms
    • Amazon CloudWatch events
    • AWS Lambda scheduled events
    • AWS WAF security automations

Loose Coupling

  • Well Defined Interfaces
    • Amazon API Gateway
  • Service Discovery
    • Implement Service Discovery
  • Asynchronous Integration
  • Distributed Systems Best Practices
    • Graceful Failure in Practice

Services Not Servers

  • Managed Services
  • Serverless Architectures

Graph Database

  • Amazon Neptune

AWS Pricing

  • Pay as you go
  • Pay for what you use
  • Pay less as you use more
  • Pay even less when you reserve capacity
  • Fundamental drivers of cost
    • Compute
    • Storage
    • Data Outbound
  • Free Services
    • Amazon VPC
    • Elastic Beanstalk
    • CloudFormation
    • Identity Access Management (IAM)
    • Auto Scaling
    • Opsworks
    • Consolidated Billing
  • What determines price
    • For EC2
      • Clock hours of server time
      • Instance type
      • Pricing model
      • Number of instances
      • Load balancing
      • Detailed monitoring
      • Auto scaling because it requires additional instances
      • Elastic IP addresses
      • Operating Systems and Software Packages
    • For Lambda
      • Request Pricing
        • Free Tier: 1 million requests per month
        • $0.20 per 1 million requests thereafter
      • Duration Pricing
        • 400,000 GB-seconds per month free up to 3.2 million seconds of compute time
        • $0.00001667 for every GB-second used thereafter
      • Additional charges
        • If your lambda function uses other AWS services or transfers data
      • For EBS
        • Volumes (Per GB)
        • Snapshots (Per GB)
        • Data Transfer
      • For S3
        • Storage class (Standard or IA or 1 AZ IA etc)
        • Storage
        • Requests (GET,PUT,COPY)
        • Data Transfer
      • For Glacier
        • Storage
        • Data Retrieval times
      • For Snowball
        • Service Fee per job
          • 50 TB: $200
          • 80 TB: $250
        • Daily Charge
          • First 10 days free then $15 a day thereafter
        • Data Transfer
          • Transfer into S3 is free, Data transfer out is not
      • For RDS
        • Clock hours of server time
        • Database characteristics
        • Database purchase type
        • Number of database instances
        • Provisioned storage
        • Additional storage
        • Requests
        • Deployment type
        • Data transfer
      • For DynamoDB
        • Provisioned throughput (write)
        • Provisioned throughput (read)
        • Indexed data storage
      • For CloudFront
        • Traffic distribution
        • Requests
        • Data Transfer out

What is Snowball

  • AWS Snowball is a PB(Petabyte)-scale data transport solution
  • Uses secure appliances to transfer large amounts of data into and out of the AWS Cloud
  • Basically a gigantic disk to move data into the cloud

What are Tags

  • Key Value Pairs attached to AWS resources
  • Metadata
  • Tags can sometimes be inherited
  • Resource groups make it easy to group resources using tags that are assigned to them
  • You can group resources that share one or more tags
  • Can apply automation to resources with specific tags
  • Resource groups in combination with AWS systems manager allow you to control and execute automation against fleets of EC2 instances at the push of a button
  • Tag editor is a global service that allows us to discover resources and add additional tags to them as well
  • Newer regions may take some time to be compatible with tag editor

What is CloudTrail

  • CloudWatch monitors performance
  • CloudTrail monitors API calls in the AWS platform
    • Includes all modifications made to services on AWS such as spinning up an EC2 server
  • Per AWS account and is enabled per region
  • Can consolidate logs from multiple accounts using an S3 bucket
    • Turn on CloudTrail in paying account
    • Create a bucket policy that allows cross-account access
    • Turn on CloudTrail in the other accounts and use the bucket in the paying account

AWS Organizations

  • An account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage
  • Two feature sets
    • Consolidated Billing
      • Paying account links organizational accounts to manage payments
      • One bill per AWS account
      • Very easy to track charges and allocate costs
      • Volume pricing discount
    • All features
  • Best Practices
    • Always enable multi-factor authentication on root account
    • Always use a strong and complex password on root account
    • Paying account should be used for billing purposes only
  • Can still create billing alerts per individual account
  • Details per account on billing reports

AWS Quick Start

  • Way of deploying environments quickly
  • Using CloudFormation templates built by AWS Solutions Architects who are experts in that particular technology

AWS Landing Zone

  • A solution that helps customers quickly set up a secure, multi-account AWS environment based on AWS best practices

AWS Calculators

  • AWS helps you calculate costs using different calculators
  • Available in two feature sets
    • AWS Simple Monthly calculator
      • Cost on AWS
    • AWS Total Cost of Ownership Calculator (TCO)
      • How much it’ll cost doing it yourself (not on AWS) vs doing it on AWS

AWS Shared Responsibility Model

  • AWS manages security of the cloud
  • Security in the cloud is the responsibility of the customer
  • Customers are in control of what security they choose to implement to protect their own content, platform, applications, systems and networks

What is AWS WAF (Web Application Firewall)

  • Helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources
  • Layer 7

What is AWS Shield

  • A managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS
  • Provides always-on detection and automatic inline mitigations that minimize application downtime and latency
  • Two tiers of AWS Shield
    • Standard
    • Advanced
      • $3,000/month
      • Will reimburse you for the costs of mitigations due to an attack
      • Application layer monitoring

What is Amazon Inspector

  • An automated security assessment service
  • Helps improve security and compliance of applications deployed on AWS
  • Produces a detailed list of security findings prioritized by level of severity
  • Used for inspecting EC2 instances for vulnerabilities

What is AWS Trusted Advisor

  • For all services and is global
  • An online resource to help you reduce cost, increase performance, and improve security by optimization
  • Provides real time guidance to help you provision your resources following AWS best practices
  • Advice you on cost, optimization, performance, security, and fault tolerance

What is AWS CloudTrail

  • Regional service
  • Increases visibility into your user and resource activity by recording AWS Management Console actions and API calls
  • Can identify which users and accounts called AWS, source IP addresses, and when the calls occurred

Acronyms

AWS – Amazon Web Services

TAM – Technical Account Manager

IAM – Identity Access Management

SDK – Software Developers Kit

JSON – Java Script Object Notation

API – Application Programming Interface

CDN – Content Delivery Network

RDS – Relational Database Service

IAAS – Infrastructure As A Service

PAAS – Platform As A Service

SAAS – Software As A Service

S3 – Simple Storage Service

IA – Infrequently Accessed

TTL – Time To Live

EC2 – Elastic Compute Cloud

IOPS – Input Output Per Second

GP2 – General Purpose SSD

IO1 – Provisioned IOPS SSD

ST1 – Throughput Optimized HDD

SC1 – Cold HDD

OLTP – Online Transaction Processing

OLAP – Online Analytics Processing

DMS – Database Migration Services

AMI – Amazon Machine Image

EB  – Elastic Beanstalk

TCO – Total Cost of Ownership

WAF – Web Application Firewall

SNS – Simple Notification Service

EBS – Elastic Block Store

EMR – Elastic MapReduce

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: