All AWS Concepts and Services for AWS Cloud Practitioner Exam (Simplified)

Posted on by Shobhit Mehta
  • Cloud Computing – storing your data at someone else’s computer / using someone else’s CPU to perform processing / both
  • Infrastructure as a Service (IaaS) – Hardware, bare-metal
  • Platform as a Service (PaaS) – Infrastructure + Operating System
  • Software as a Service (SaaS) – Infrastructure + Operating System + Software
  • Scalability – Easily grow based on demand
  • Elasticity – Easily shrink based on demand
  • Agility – Easily launch a new service
  • Fault Tolerance – Tolerate failure and still work (self-heal)
  • High Availability – Ability to access something via multiple platforms
  • Scalability v/s Availability v/s Elasticity – link
  • Compute – EC2, Lambda
  • Networking – Direct Connect, Route 53
  • Storage – S3, Glacier
  • VPC – Compute + Networking + Storage
  • Region > Availability Zones > Data Centre
  • AWS Direct Connect – Connect from on-prem corporate network to AWS network (VPC)
  • AWS VPN – Connect from a corporate network to AWS network securely
  • Default user – root (full rights to AWS account) – delete the access keys ASAP, activate MFA, create individual IAM users, use groups to assign permissions, apply IAM password policy
  • Additional accounts have no rights, all access will be granted on the ‘least privilege’ basis
  • IAM policies are assigned to users and groups grant access to AWS resources
  • Internet Gateway – a combination of hardware and software that provides your private network with a route to the internet
  • Security groups are for Instances, NACLs are for Subnets, Route tables for Networks
  • Security groups allow all outbound traffic and deny all inbound traffic
  • Elastic Load Balancer (ELB) – evenly distributes traffic between EC2 instances that are associate with the ELB. Prioritized to the instance with the least load. Provides high availability and fault tolerance. 3 types – NLB, ALB, CLB
  • Network Load Balancer (NLB) – to manage TCP and TLS traffic
  • Application Load Balancer (ALB) – to manage HTTP and HTTPS traffic
  • Classic Load Balancer (CLB) – previous generation load balancer to manage HTTP, HTTPS and TCP traffic
  • Auto-scaling – automates the process of adding (scaling-up) or removing (scaling down) EC2 instances based on traffic demand for the application
  • AWS Route 53 – DNS Service. Configure and manage web domains for websites or applications hosted on AWS. Main functions – domain registration, DNS service, health checking
  • AWS CloudFront – Content Delivery Network (CDN). Allows to store (cache) content at edge locations located around the world
  • AWS CloudWatch – monitor AWS resources
  • AWS CloudTrail – logs actions of IAM users. Enables Governance, Compliance and Risk Auditing. Logs are saved in an S3 bucket in a gzip archive
  • AWS Simple Notification Service (SNS) – allows you to automate the sending of email or text message notifications based on events that happen in the AWS account. 3 components: Topics – how you label and group endpoints; Subscriptions – endpoints to which messages are sent; Publishers – the human/alarm/event that gives SNS the message that has to be sent (e.g. CloudWatch)
  • Databases: SQL – Relational Database Service (RDS) – Aurora, MySQL, etc. No SQL – DynamoDB. Graph- Neptune
  • AWS Elasticache – data caching service used to help improve speed/performance of web applications. Engines supported: Redis – fast,open source, in-memory data store and cache; Memcached – memory object caching system
  • AWS RedShift – data warehouse database service designed to handle PB of data for analysis and business intelligence
  • AWS Lambda – serverless computing. lets you run code without provisioning and managing servers. Executes code only when needed and scales automatically
  • Shared Responsibility Model – link
  • Security of the cloud – AWS; security in the cloud – customer
  • AWS Organizations – centralized management of AWS accounts and billing
  • AWS GuardDuty – threat detection service, think preventing SQL injection, CSRF, etc.
  • AWS Inspector – prevents from vulnerabilities
  • AWS Shield – Mitigate DDoS attacks. Enabled with all AWS accounts. Shield Advanced can be enabled for an additional cost
  • AWS Web Application Firewall (WAF) – monitors web requests forwarded by an ELB, CloudFront or API Gateway, think blocking IP address spamming the EC2 instance
  • AWS Artifact – portal that provides access to AWS compliance documentation
  • AWS Key Management System (KMS) – enables encryption of data and provides centralized encryption key storage, management and auditing. Integrates with S3, Glacier, Storage Gateway, DynamoDB, etc. Keys are region specific.
  • AWS QuickStart – provides the ability to use templates provided by AWS
  • AWS Athena – serverless interaction query service used to analyze data in S3 buckets using standard SQL
  • AWS Elastic Map Reduce (EMR) – provides a managed Hadoop framework
  • AWS LightSail – private virtual server aimed at developers to provide everything needed to launch a service quickly
  • AWS Rekognition – provides video/image analysis and can identify objects, people, text, etc. in the image/video
  • AWS Trusted Advisor – advises and helps optimize aspects of AWS account in these categories – Cost Optimization, Performance, Security, Fault Tolerance, Service Limits
  • 7 core checks from Trusted Advisor that are available for all accounts – Security Groups (port checks), IAM use, MFA enabled for root account, EBS public snapshots, RDS public snapshots, Service limits, S3 bucket permissions
  • AWS OpsWorks – manage instances of Chef and Puppet
  • AWS CloudFormation – provides a common language to describe and provision all the infrastructure resources
  • AWS SDK – takes the complexity out of coding by providing language-specific APIs for AWS Services
  • AWS Database Migration Service (DMS) – helps in migrating the databases to AWS quickly and securely
  • AWS Elastic Beanstalk – easy to use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go & Docker
  • AWS X-Ray – helps analyze and debug production distributed applications built on microservices architecture
  • AWS Snowball – PB-scale data transport solution that uses secure appliances to transfer large amount of data in/out of AWS cloud
  • 5 Pillars of AWS Well-Architected Framework: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization – link
  • Support plans: 4 support plans: Basic -> Developer -> Business -> Enterprise. Only Enterprise accounts receive the dedicated Technical Account Manager (TAM). – link
  • Pricing Model: On-demand – least commitment, flexible; Reserved – best for long term steady and predictable usage, requires commitment of 1 or 3 years; Spot – Least expensive, ideal for non-critical background jobs, can be terminated/interrupted anytime; Dedicated – Most expensive, dedicated servers, can be on-demand or reserved, guarantee of isolated hardware

All the best!