- Overview
- AWS Documentation
- Compute
- Database
- Storage
- Billing & Cost Management
- Security, Identity, & Compliance
- Machine Learning
- Networking & Content Delivery
- Management & Governance
- Developer Tools
- Cryptography & PKI
- Other
- AWS Well-Architected Framework
- Whizlabs Tricky questions
- Resources
Virtual servers in the cloud | Source
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud.
Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example, host name, events, and security groups. | Source
User data is information that is passed to in instance's operating system, this can be in the form of a bash script written in plaintext. | Source - Whizlabs Free Practice Test for AWS Certified Cloud Practitioner
Important
Although you can only access instance metadata and user data from within the instance itself, the data is not protected by authentication or cryptographic methods. Anyone who has direct access to the instance, and potentially any software running on the instance, can view its metadata. Therefore, you should not store sensitive data, such as passwords or long-lived encryption keys, as user data. | Source
Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, plus a cost-effective, monthly plan. | Source
Smooth sailing 😊
High performance managed relational database | Source
A MySQL and PostgreSQL-compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.
Amazon Aurora is fully managed by Amazon Relational Database Service (RDS), which automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups.
Fast and flexible NoSQL database service for any scale | Source
Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale.
Low-cost archive storage in the cloud | Source
Amazon S3 Glacier and S3 Glacier Deep Archive are a secure, durable, and extremely low-cost Amazon S3 cloud storage classes for data archiving and long-term backup. They are designed to deliver 99.999999999% durability, and provide comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements.
Highly-secure, portable devices to collect and process data at the edge, and migrate data into and out of AWS | Source
- AWS Snowmobile
- AWS Snowball
- AWS Snowcone
The AWS Snow Family is a service that helps customers who need to run operations in austere, non-data center environments, and in locations where there's no consistent network connectivity. | Source
Migrate or transport exabyte-scale data sets into and out of AWS | Source
AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck.
Edge computing and petabyte-scale data transport | Source
AWS Snowball, a part of the AWS Snow Family, is an edge computing, data migration, and edge storage device that comes in two options. | Source
AWS Snowcone is the smallest member of the AWS Snow Family of edge computing, edge storage, and data transfer devices, weighing in at 4.5 pounds (2.1 kg) with 8 terabytes of usable storage. | Source
AWS Snowcone is a portable, rugged, and secure device for edge computing and data transfer. You can use Snowcone to collect, process, and move data to AWS, either offline by shipping the device to AWS, or online by using AWS DataSync. | Source
The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. | Source
You can receive reports that break down your costs by the hour, day, or month, by product or product resource, or by tags that you define yourself.
A Beginner’s Guide to AWS Cost Management
AWS Billing and Cost Management is the service that you use to pay your AWS bill, monitor your usage, and analyze and control your costs. | Source
You create a forecast by selecting a future time range for your report. | Source
Visualize, understand, and manage your AWS costs and usage over time | Source
AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
Get started quickly by creating custom reports that analyze cost and usage data. Analyze your data at a high level (for example, total costs and usage across all accounts) or dive deeper into your cost and usage data to identify trends, pinpoint cost drivers, and detect anomalies.
When you first sign up for Cost Explorer, AWS prepares the data about your costs for the current month and the last 12 months, and then calculates the forecast for the next 12 months. The current month's data is available for viewing in about 24 hours. | Source
After you sign up, Cost Explorer can display up to 12 months of historical data (if you have that much), the current month, and the forecasted costs for the next 12 months. | Source
Cost explorer provides forecasts of the likely spend for the next 12 months. | Source - Whizlabs Free Practice Test for AWS Certified Cloud Practitioner
Plans
- Basic
- Developer
- Business
- Enterprise
Basic Support is included for all AWS customers and includes:
- Customer Service and Communities - 24x7 access to customer service, documentation, whitepapers, and support forums.
- AWS Trusted Advisor - Access to the 7 core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security.
- AWS Personal Health Dashboard - A personalized view of the health of AWS services, and alerts when your resources are impacted.
With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified per hourly rates for the instance you use.
Amazon EC2 Spot instances allow you to request spare Amazon EC2 computing capacity for up to 90% off the On-Demand price.
Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. In addition, when Reserved Instances are assigned to a specific Availability Zone, they provide a capacity reservation, giving you additional confidence in your ability to launch instances when you need them.
A Dedicated Host is a physical EC2 server dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server (subject to your license terms), and can also help you meet compliance requirements.
A permanent named operator. Could be human, could be machine. | Source - AWS Cloud Practitioner Essentials (Second Edition)
A collection of Users. | Source - AWS Cloud Practitioner Essentials (Second Edition)
Not permissions. It's an authentication method. An operator (human or machine) with temporary credentials. | Source - AWS Cloud Practitioner Essentials (Second Edition)
You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. | Source
Everything in AWS is an api. | Blain
This means that we have to authenticate and authorize.
Lists the specific api, or wildcard group of api's, that I am allowing against which resources, are there conditions, certain times of day. | Blain
Can be attached to a User, Group, or Role. | Source - AWS Cloud Practitioner Essentials (Second Edition)
Example: An operator wants to put and Object into an S3 bucket.
That is an API call. This is the flow of events:
- The API call is made with credentials attached (username / password).
- The call is presented to the IAM engine, is it looks at the credentials and makes sure they are active credentials for a User, Group, or Role.
- Policy Documents for a User, Group, or Role are then checked to make sure the call is authorized.
The Security Manager can execute a single API statement that removes all the policy documents from all User, Groups, or Roles. A hacker trying to remove an asset, the api action is evaluated by the IAM engine. Since there are no Policy documents associated with the credentials, they are not authorized to execute the action. It's also logged on CloudTrail... every api action is recorded, successful or declined.
Identity management for your apps | Source
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.
Your app users can sign in either directly through a user pool, or federate through a third-party identity provider (IdP). | Source
No cost, self-service portal for on-demand access to AWS’ compliance reports. | Source
AWS Artifact is your go-to, central resource for compliance-related information that matters to you.
Procides multiple ways to use Microsoft Active Directory (AD) with other AWS services | Source
Centrally view and manage security alerts and automate security checks | Source
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts.
Analyze application security | Source
Assesses applications for exposure, vulnerabilities, and deviations from best practices | Source
Automated security assessments service | Source
Tell inspector what targets to assess, and how often. Inspector can provide assessments at any stage in the deployment lifecycle.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.
Managed threat detection service | Source
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3.
Discover, clasify, and protect your data | Source
Macie, macie-ine language security service
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
Find your most expensive lines of code | Source
Amazon CodeGuru is a developer tool powered by machine learning that provides intelligent recommendations for improving code quality and identifying an application’s most expensive lines of code.
Achieve fault tolerance for any application | Source
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.
Isolated cloud resources | Source
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
VPC peering can be established between VPCs in different AWS Regions and in separate AWS Accounts. | Source - Whizlabs Free Practice Test for AWS Certified Cloud Practitioner
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection). | Source
Scalable domain name system (DNS) | Source
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service.
In Amazon Route 53, the geolocation routing policy allows for different resources to serve content base on the origin of the request. This in turn makes it possible in the scenario for different versions of the website to be served. | Source - Whizlabs Free Practice Test for AWS Certified Cloud Practitioner
Each record has a TTL (time to live) value that specifies how long, in seconds, that you want DNS resolvers to cache the information in the record, such as the IP address for a web server. Until the amount of time that is specified by the TTL passes, DNS resolvers will continue to return the old value in response to DNS queries. | Source
Optimize performance and security | Source
AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits.
AWS Trusted Advisor can save you money on AWS by eliminating unused and idle resources or by making commitments to reserved capacity. | Source
AWS Trusted Advisor can improve the performance of your service by checking your service limits, ensuring you take advantage of provisioned throughput, and monitoring for over-utilized instances. | Source
AWS Trusted Advisor can improve the security of your application by closing gaps, enabling various AWS security features, and examining your permissions. | Source
AWS Trusted Advisor can increase the availability and redundancy of your AWS application by take advantage of auto scaling, health checks, multi AZ, and backup capabilities. | Source
AWS Trusted Advisor checks for service usage that is more than 80% of the service limit. Values are based on a snapshot, so your current usage might differ. Limit and usage data can take up to 24 hours to reflect any changes. | Source
Monitor resources and applications | Source
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers.
Gain operational insights and take action | Source
Safely manage and operate you entire infrastructure.
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. With Systems Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and take action on your groups of resources.
Create, organize, and govern | Source
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures.
Enables organizations to create and manage catalogs of IT services that are approved for use on AWS. | Source
AWS Service Catalog allows organizations to centrally manage commonly deployed IT services, and helps organizations achieve consistent governance and meet compliance requirements.
Create and manage AWS resources stacks with templates | Source
Manage your "Infrastructure Architecture". CloudFormation can provision and configure your AWS resource stack. Configureable with a JSON "template" or you can choose from prebuilt templates.
AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure as code.
Set up and govern a secure, compliant multi-account environment | Source
"Apply Guardrails" - Prevent resources form being deployed that don't conform to policies | Source - Video on page
If you’re an organization with multiple AWS accounts and teams, cloud setup and governance can be complex and time consuming, slowing down the very innovation you’re trying to speed up. AWS Control Tower provides the easiest way to set up and govern a new, secure, multi-account AWS environment based on best practices established through AWS’ experience working with thousands of enterprises as they move to the cloud.
Policy-based management for multiple AWS accounts. | Source
AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS.
You can use organizational units (OUs) to group accounts together to administer as a single unit. | Source
For example, you can attach a policy-based control to an OU, and all accounts within the OU automatically inherit the policy.
Secure, scalable, and cost-effective artifact management for software development | Source
Development teams often rely on both open-source software packages and those packages built within their organization. IT leaders need to be able to control access to and validate the safety of these software packages. Teams need a way to find up-to-date packages that have been approved for use by their IT leaders. To address these challenges, IT leaders turn to central artifact repository services to store and share packages. However, existing solutions often require teams to purchase licenses for software solutions that are complex to setup, scale, and operate. | Source
- Introducing AWS CodeArtifact - AWS Online Tech Talks (Youtube)
- AWS CodeArtifact Documentation
- AWS CodeArtifact Concepts
- What is AWS CodeArtifact?
Release software using continuous delivery | Source
A fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.
Quickly develop, build, and deploy applications on AWS | Source
AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place.
Build and test code | Source
Build and test code with continuous scaling. Pay only for the build time you use.
AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Write, run, and debug code on a cloud IDE | Source
A cloud IDE for writing, running, and debugging code
Managed hardware security module (HSM) on the AWS Cloud. | Source
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.
Provision, manage, and deploy SSL/TLS certificates | Source
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
Managed creation and control of encryption keys | Source
AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications.
Personalized view of AWS service health | Source
AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.
Security and Compliance is a shared responsibility between AWS and the customer | Source
AWS Well-Architected Framework
Review and improve your workloads | Source
AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads.
The 5 pillars of the AWS Well-Architected framework are:
- Operational Excellence - Automate changes, respond to events
- Security - Protection of information and systems
- Reliability - Performs correctly and consistently
- Performance Efficiency - Using computing resources efficiently
- Cost Optimization - Avoid unnecessary costs
The operational excellence pillar focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations. | Source
The security pillar focuses on protecting information and systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events. | Source
More information can be found here.
The reliability pillar focuses on ensuring a workload performs its intended function correctly and consistently when it’s expected to. A resilient workload quickly recovers from failures to meet business and customer demand. Key topics include distributed system design, recovery planning, and how to handle change. | Source
The performance efficiency pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve. | Source
The cost optimization pillar focuses on avoiding unnecessary costs. Key topics include understanding and controlling where money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without overspending. | Source
More information can be found here.
Here are some notes from their free practice exam.
- There is no "AWS Resource center" - Getting Started Resource Center
- There is no "Premium" AWS Support Plan
- "AWS Service health dashboard" - https://status.aws.amazon.com/
- "AWS Publishes most up-to-the-minute information on AWS service availability here."