This is a cheat sheet for AWS Cloud Practitioner Certification Exam.
If you haven't read the first part please refer to the link.
This is not enough for preparation but it's enough for revision.
Instance stores and Amazon Elastic Block Store (Amazon EBS)
- When you launch an EC2 instance, depending on the type of the EC2 instance you launched, it might provide you with local storage called instance store volumes.
- An instance store provides temporary block-level storage for an Amazon EC2 instance. An instance store is disk storage that is physically attached to the host computer for an EC2 instance and therefore has the same lifespan as the instance. When the instance is terminated, you lose any data in the instance store.
- Amazon Elastic Block Store (Amazon EBS) is a service that provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available.
- An EBS snapshot is an incremental backup. This means that the first backup taken of a volume copies all the data. Only the blocks of data that have changed since the most recent snapshot are saved for subsequent backups.
Amazon Simple Storage Service (Amazon S3)
Each object consists of data, metadata, and a key in object storage.
Amazon Simple Storage Service (Amazon S3)
- Amazon Simple Storage Service (Amazon S3) is a service that provides object-level storage. Amazon S3 stores data as objects in buckets.
- S3 Standard provides high availability for objects. This makes it a good choice for a wide range of use cases, such as websites, content distribution, and data analytics. S3 Standard has a higher cost than other storage classes intended for infrequently accessed data and archival storage.
- S3 Standard-IA is ideal for data infrequently accessed but requires high availability when needed. Both S3 Standard and S3 Standard-IA store data in a minimum of three Availability Zones. Compared to S3 Standard and S3 Standard-IA, which store data in a minimum of three Availability Zones, S3 One Zone-IA stores data in a single Availability Zone.
- In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. S3 Glacier is a low-cost storage class that is ideal for data archiving
- You can retrieve objects stored in the S3 Glacier storage class within a few minutes to a few hours. By comparison, you can retrieve objects stored in the S3 Glacier Deep Archive storage class within 12 hours.
Amazon Elastic File System (Amazon EFS)
- Compared to block storage and object storage, file storage is ideal for use cases in which a large number of services and resources need to access the same data at the same time.
- Amazon Elastic File System (Amazon EFS) is a scalable file system used with AWS Cloud services and on-premises resources. As you add and remove files, Amazon EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.
Amazon Relational Database Service (Amazon RDS)
- Relational databases use structured query language (SQL) to store and query data. This approach allows data to be stored in an easily understandable, consistent, and scalable way.
- Amazon RDS is a managed service that automates tasks such as hardware provisioning, database setup, patching, and backups.
- Many Amazon RDS database engines offer encryption at rest (protecting data while it is stored) and encryption in transit (protecting data while it is being sent and received).
- Amazon Aurora is an enterprise-class relational database. It is compatible with MySQL and PostgreSQL relational databases. It is up to five times faster than standard MySQL databases and up to three times faster than standard PostgreSQL databases.
Nonrelational databases are sometimes referred to as “NoSQL databases” because they use structures other than rows and columns to organize data. One type of structural approach for nonrelational databases is key-value pairs.
- Amazon Redshift is a data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.
AWS Database Migration Service (AWS DMS)
- AWS Database Migration Service (AWS DMS) enables you to migrate relational databases, nonrelational databases, and other types of data stores.
- Amazon DocumentDB is a document database service that supports MongoDB workloads. (MongoDB is a document database program.) Amazon Neptune is a graph database service.
- You can use Amazon Neptune to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
- Amazon Quantum Ledger Database (Amazon QLDB) is a ledger database service.
- You can use Amazon QLDB to review a complete history of all the changes that have been made to your application data.
- Amazon ElastiCache is a service that adds caching layers on top of your databases to help improve the read times of common requests.
- Amazon DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB.
- It helps improve response times from single-digit milliseconds to microseconds.
The AWS shared responsibility model
you treat the environment as a collection of parts that build upon each other. AWS is responsible for some parts of your environment and you (the customer) are responsible for other parts. This concept is known as the shared responsibility model.
- you treat the environment as a collection of parts that build upon each other. AWS is responsible for some parts of your environment and you (the customer) are responsible for other parts. This concept is known as the shared responsibility model.
- AWS operates, manages, and controls the components at all layers of the infrastructure. This includes areas such as the host operating system, the virtualization layer, and even the physical security of the data centers from which services operate.
User permissions and access
- when you create a new IAM user in AWS, it has no permissions associated with it. To allow the IAM user to perform specific actions in AWS, such as launching an Amazon EC2 instance or creating an Amazon S3 bucket, you must grant the IAM user the necessary permissions
- IAM policies enable you to customize users’ levels of access to resources
An IAM group is a collection of IAM users. When you assign an IAM policy to a group, all users in the group are granted permissions specified by the policy.
In IAM, multi-factor authentication (MFA) provides an extra layer of security for your AWS account.
- When you create an organization, AWS Organizations automatically creates a root, which is the parent container for all the accounts in your organization.
- In AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs). SCPs enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.
- In AWS Organizations, you can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.
AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements. AWS Artifact consists of two main sections: AWS Artifact Agreements and AWS Artifact Reports.
In AWS Artifact Agreements, you can review, accept, and manage agreements for an individual account and all your accounts in AWS Organizations. Different types of agreements are offered to address the needs of customers who are subject to specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).
AWS Artifact Reports provide compliance reports from third-party auditors. These auditors have tested and verified that AWS is compliant with a variety of global, regional, and industry-specific security standards and regulations. AWS Artifact Reports remain up to date with the latest reports released. You can provide the AWS audit artifacts to your auditors or regulators as evidence of AWS security controls.
Customer Compliance Center
- In the Customer Compliance Center, you can read customer compliance stories to discover how companies in regulated industries have solved various compliance, governance, and audit challenges.
- A denial-of-service (DoS) attack is a deliberate attempt to make a website or application unavailable to users.
- In a distributed denial-of-service (DDoS) attack, multiple sources are used to start an attack that aims to make a website or application unavailable. This can come from a group of attackers or even a single attacker. The single attacker can use multiple infected computers (also known as “bots”) to send excessive traffic to a website or application.
- AWS Shield Standard automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring types of DDoS attacks.
- AWS Shield Advanced is a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks.
AWS Key Management Service (AWS KMS)
- applications’ data is secure while in storage (encryption at rest) and while it is transmitted, known as encryption in transit.
- AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys.
- AWS WAF is a web application firewall that lets you monitor network requests that come into your web applications.
- AWS WAF works together with Amazon CloudFront and an Application Load Balancer.
- Amazon Inspector helps to improve the security and compliance of applications by running automated security assessments. It checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.
- Amazon CloudWatch is a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.
- CloudWatch uses metrics to represent the data points for your resources.
- With CloudWatch, you can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.
- The CloudWatch dashboard feature enables you to access all the metrics for your resources from a single location.
- AWS CloudTrail records API calls for your account. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, and more. - You can think of CloudTrail as a “trail” of breadcrumbs (or a log of actions) that someone has left behind them.
- Within CloudTrail, you can also enable CloudTrail Insights. This optional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.
AWS Trusted Advisor
AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations by AWS best practices.
Trusted Advisor compares its findings to AWS best practices in five categories: cost optimization, performance, security, fault tolerance, and service limits.
AWS pricing concepts
- For each service, you pay for exactly the amount of resources that you use, without requiring long-term contracts or complex licensing.
- Some services offer reservation options that provide a significant discount compared to On-Demand Instance pricing. Some services offer tiered pricing, so the per-unit cost is incrementally lower with increased usage.
- For AWS Lambda, you are charged based on the number of requests for your functions and the time that it takes for them to run.
- AWS Lambda allows 1 million free requests and up to 3.2 million seconds of computing time per month.
- Aws consolidate: consolidates bills under an org
- In AWS Budgets, you can create budgets to plan your service usage, service costs, and instance reservations.
- AWS Cost Explorer is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time.
- AWS offers four different Support plans to help you troubleshoot issues, lower costs, and efficiently use AWS services.
- AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.
AWS Cloud Adoption Framework (AWS CAF)
- At the highest level, the AWS Cloud Adoption Framework (AWS CAF) organizes guidance into six areas of focus, called Perspectives. Each Perspective addresses distinct responsibilities. The planning process helps the right people across the organization prepare for the changes ahead. In general, the Business, People, and Governance Perspectives focus on business capabilities, whereas the Platform, Security, and Operations Perspectives focus on technical capabilities.
- The Business Perspective ensures that IT aligns with business needs and that IT investments link to key business results.
Common roles in the Business Perspective include:
- Business managers
- Finance managers
- Budget owners
- Strategy stakeholders
The People Perspective supports the development of an organization-wide change management strategy for successful cloud adoption.
- Human resources
- People managers
The Governance Perspective focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.
Common roles in the Governance Perspective include:
- Chief Information Officer (CIO)
- Program managers
- Enterprise architects
- Business analysts
- Portfolio managers
The Platform Perspective includes principles and patterns for implementing new solutions on the cloud and migrating on-premises workloads to the cloud.
Common roles in the Platform Perspective include:
- Chief Technology Officer (CTO)
- IT managers
- Solutions architects
The Security Perspective ensures that the organization meets security objectives for visibility, audibility, control, and agility.
Common roles in the Security Perspective include:
- Chief Information Security Officer (CISO)
- IT security managers
- IT security analysts
The Operations Perspective helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.
- Common roles in the Operations Perspective include:
- IT operations managers
- IT support managers
6 strategies for migration
When migrating applications to the cloud, six of the most common migration strategies that you can implement are:
- Rehosting: also known as “lift-and-shift” involves moving applications without changes.
- Replatforming: also known as “lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit.
- Refactoring/re-architecting: involves reimagining how an application is architected and developed by using cloud-native features. Refactoring is driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.
- Repurchasing: involves moving from a traditional license to a software-as-a-service model.
- Retaining: consists of keeping applications that are critical for the business in the source environment
- Retiring: the process of removing applications that are no longer needed
AWS Snow Family members
- AWS Snowcone is a small, rugged, and secure edge computing and data transfer device
- Snowball Edge Storage Optimized devices are well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs.
- AWS Snowmobile is an exabyte-scale data transfer service used to move large amounts of data to AWS.
If you like my content do like share and give a follow
Top comments (0)