AWS Cloud Practitioner

So what is the Cloud Practitioner Exam?

The CPE is Amazon’s introduction to the cloud. It is a non-technical qualification which allows individuals to demonstrate an understanding of the cloud.

  • Cloud Concepts — 28% of the exam
  • Security — 24%
  • Technology — 36%
  • Billing and Pricing — 12%

Section 1 — Cloud Concepts

Unstructuring an application

You can think of an application as being comprised of four parts:

  • Compute —this refers to the brains of the operation and includes the CPU and RAM.
  • Storage — where the data is saved
  • Network — the pathways that allow communication between different devices
  • Database an application that stores the data in a structured way

What Challenges did business’s face before the cloud / Benefits of the Cloud?

  • Cost Control: Before the cloud a business would be required to make large capital expenditures of hardware with a life-cycle of between three and five years with the cloud a business only pays for what is uses. Cloud allows you to trade fixed expenses for variable expenses. “No longer have to guess”.
  • Slow Provisioning: If a business wanted to add additional capacity they would need to order a new server, schedule someone to come in and configure/test it with this all taking a lot of time
  • Server Sprawl: Server Sprawl is defined as a situation in which multiple, under-utilized servers take up more space and consume more resources than can be justified by their workload”.When operating a traditional client-server architecture, in which a server was dedicated to a single application, a business would have to spin up new servers for each application when it needed additional capacity. However, if this capacity was not needed in the future the business was be left with a server which was not fully utilized
  • Workforce: A business would be required to hire a workforce to install, upgrade and maintain all of its on-premise infrastructure
  • Physical Requirements: A business would have to set up a physical data center as well as be responsible for the large power and cooling systems
  • No Economies of Scale: Businesses did not group together for large IT purchases as so did not benefit from EoS. With a cloud provider having hundreds of thousands of customers, a business can now fully benefit from EoS translating to lower costs
  • Going Global: With the cloud a business can quickly “go global” and leverage on data centers around the world while if a business with on-premise infrastructure wanted to reach clients globally this could take a huge cost and years to deliver

The Three Types of Clouds

You can commonly think of a cloud as falling into one of three types.

  • Flexibility / Fully Customization: You are in complete control which allows you to customize the cloud environment to meet specific needs i.e if you are a quantitative hedge fund with very specific requirements
  • Security: As resources are not shared with others, it can be more secure which is very important, especially to large firms
  • Higher Cost: Especially, if a company is operating an Internal Private Cloud within their own premise’s it will be far more expensive than using a public cloud like AWS with the customer not benefiting from economies of scale.
  • Maintenance: A business will be responsible for the maintenance of the cloud
  • Lack of Elasticity: Potentially do not have the ability to scale up or down your resources to align with market demand
  • Lower costs: There is no need to purchase hardware or software.
  • No Maintenance: You are not responsible for any of the maintenance of the cloud
  • Scalable: You are able to practically scale your resources to enormous levels
  • Highly Reliable: A vast network of servers ensures up time
  • Control: Your company can maintain a private infrastructure for sensitive assets
  • Flexibility: You can take advantage of additional resources in the public cloud when you need them
  • Best of Both Worlds: Can give you a “best of both worlds” type situation where you can pick and choose where you deploy services based on the specific use case

The Three Types of Cloud Services

  • IaaS (Infrastructure as a service) — This is the most basic level and is when a third party will provide the access to networking, compute and storage. Examples include AWS, Azure and GCP
  • PaaS (Platform as a service) — This is a step further and includes the operating system and application services as well such as Windows, Linux etc. PaaS removes the need for a company to manage underlying infrastructure and allows you to focus on deployment and management of applications. Offerings include AWS’s Elastic Beanstalk which provides a platform to deploy a web application sitting on top of the IaaS
  • Saas (Software as a service) — A fully functional application hosted on the cloud examples include Dropdown, Slack and Salesforce

Cloud Terminology & Further Benefits of the Cloud

When talking about the cloud & its benefits there are a few terms that routinely come up.

The AWS Global Infrastructure

The AWS Cloud Infrastructure is built around AWS Regions and Availability zones. There are currently 21 regions and 64 availability zones with more coming.

  • Region — A Region is a physical location in the world which contains multiple availability zones. Each region is isolated from each other and independent to ensure fault tolerance and sustainability
  • Availability Zone —AZ consist of one of more data centers each with redundant power, networking and connectivity i.e. they are isolated and non-dependent on each other or the same resources. Each AZ within a region is connected via low latency links.
  • Edge Locations — These are CDN endpoints for Cloudfront with there currently being over 100 edge locations allowing you to cache data closely to your end users
  • The idea is to use multiple AZs within a region to ensure high availability and fault tolerance as even if one of the data centers has a problem and other AZs within a region can handle the workload or store your data
  • For example, the region North Virginia contains 6 Availability Zones

Identity & Access Management (IAM)

So what is IAM?

  • Authentication = User pools are user directories that provide sign-up and sign-in options for your app users.
  • Authorization = Identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. With an identity pool, you can obtain temporary, limited-privilege AWS credentials to access other AWS services.
  • An access key which consists of an access key ID and a secret ID.
  • A session token.
  • Expiration or duration of validity.
  • Users (or an application that the user runs) can use these credentials to access your resources.

Cloud Networking — Section 2

I think this is the hardest section…

What is a VPC?

Cloud Compute — Section 3

What is an EC2?

  • On-Demand: You can choose any type you like and provision/terminate the instance at any time only paying for what you use. Of course, this flexibility comes at a price with the user paying a premium for this ability
  • Reserves: With reserved purchasing, you can purchase an instance for a set time period such as one-year or three-years. As you are reserving compute you get a significant discount — There are even different types of Reserved payment models such as Standard (you cannot change any of your EC2 options like instance type), Convertible (you can increase options like instance type) or Scheduled (you can reserve for limited periods like one day a week)
  • Spot: Spot instances allow you to take advantage of the spare capacity in the AWS cloud. It is to AWS’s advantage to have as much of their infrastructure working and generating revenue. Spot instances are offered at steep discounts when compared with on-demand instances, allowing you to lower your operating costs. Because a spot instance can be terminated — that is “recovered” by AWS with only a two minute warning, workloads must be fault-tolerant and able to adapt to the changes in the spot environment
  • Dedicated Host: “an Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements” — it is by far the most expensive option and is mainly used when a user cannot deploy on an multi-tenant server helping to get over any compliant issues.
  • Elastic Computing: You can quickly increase or decrease EC2 usage as well as transition from running one to one thousand instances
  • Flexible Service: You can choose between multiple instance types, operating systems and software packages as well as instances with varying CPUs, memory and storage
  • Reliable & Secure: EC2s can have SLAs of 99.95% which they are fully integrated with the AWS security infastructure
  • Template for the OS, server and its applications
  • Launch permissions that control which AWS accounts can use the AMI to launch instances
  • A block device mapping that specifies the volumes to attach to the instance when it’s launched
  • Community AMIs — free to use and generally just selecting the OS you want
  • AWS Marketplace AMIs — pay to use and generally come with additional licensed software
  • My AMIs — AMIs that you create yourself — can be known as a Golden Image
  • AWS Lightsail instance: A Lightsail instance is a virtual private server (VPS) that lives in the AWS Cloud. Use your Lightsail instances to store your data, run your code, and build web-based applications or websites.
  • AWS Lightsail Databases: Amazon Lightsail databases are instances that are dedicated to running databases. Amazon Lightsail managed databases provide an easy, low maintenance way to store your data in the cloud.

Cloud Storage — Section 3

What is S3?

  • S3 Standard — General purpose storage for any type of data, typically used for frequently accessed data. Durable, immediately available, frequently accessed. Standard is the most expensive class as it has the highest durability and accessibility
  • S3 IA (Infrequently accessed) — For durable, immediately available but infrequently accessed objects. It is cheaper than S3 but you will pay a retrieval fee to get your object.
  • S3 One Zone-IA — Similar to IA but in as your data resides in only one availability zone it is less resilient and therefore it is cheaper to store your data this way.
  • S3 Glacier — This is used to cheaply archive data. As you can see from the table below your data is housed across 3 availability zones (very safe), however it can take minutes or even hours to retrieve data that you have requested.
  • S3 Intelligent Tiering — This tier allows AWS to move your data based on the frequency of it being accessed/newness between different tiers to save you money. In the words of AWS “S3 Intelligent-Tiering stores objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. For a small monthly monitoring and automation fee per object, S3 Intelligent-Tiering monitors access patterns and moves objects that have not been accessed for 30 consecutive days to the infrequent access tier.”
  • The destination bucket where you want Amazon S3 to replicate objects
  • An AWS Identity and Access Management (IAM) role that Amazon S3 can assume to replicate objects on your behalf
  • Reduce cost when using large volumes of traffic.
  • Increase reliability (predictable performance).
  • Increase bandwidth (predictable bandwidth).
  • Decrease latency.

Elastic Load Balancing & Auto Scaling — Section 4

What is Elastic Load Balancing?

  • Scaling Up: increase the power of a single EC2
  • Scaling Out: increase the number of EC2s with ELB handling the traffic

CloudFront & DNS — Section 5

What is Route 53?

  • Domain Registration
  • Domain Name System (DNS): DNS is a DB which simply translates domain names to IP addresses so browser can load internet resources
  • Health Checking: Automated requests over the internet to your application to verify that its reachable and available
  • Cache content at Edge Location for fast distribution to customers.
  • Built-in Distributed Denial of Service (DDoS) attack protection.
  • Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda)

Monitoring and Logging — Section 6

What is Cloudwatch?

  • AWS Management Console.
  • AWS SDKs.
  • Command line tools.
  • Higher-level AWS services (such as CloudFormation).
  • The identity of the API caller.
  • The time of the API call.
  • The source IP address of the API caller.
  • The request parameters.
  • The response elements returned by the AWS service.

Notification Services — Section 11

What is the Simple Notification Service (SNS)?

  • Topics — how you label and group different endpoints that you send messages to.
  • Subscriptions — the endpoints that a topic sends messages to.
  • Publishers — the person/alarm/event that gives SNS the message that needs to be sent.
  • Send automated or manual notifications.
  • Send notification to email, mobile (SMS), SQS, and HTTP endpoints.
  • Closely integrated with other AWS services such as CloudWatch so that alarms, events, and actions in your AWS account can trigger notifications.

SQL and NoSQL — Section 12

Relational Databases and Non-Relational Databases

  • Relational Databases known as “SQL”: A relational database is a collection of data items with pre-defined relationships between them. These items are organized as a set of tables with columns and rows. Tables are used to hold information about the objects to be represented in the database. RDS is an example of a SQL Database.
  • Non-Relational Databases known as “NoSQL” as in “Not Only SQL”: A NoSQL database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases. Dynamo DB is an example of a NoSQL DB.
  • Read Replicas: Amazon RDS Read Replicas enable you to create one or more read-only copies of your database instance within the same AWS Region or in a different AWS Region. Updates made to the source database are then asynchronously copied to your Read Replicas. This will mean that when you perform read queries the work will not be performed by the main DB and therefore it will reduce its workload!
  • Multi-AZ: When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. Your DB can be more fault-tolerant and resilient!

ElastiCache and Redshift — Section 13

What is ElastiCache?

  • ETL
  • Machine Learning

Migrating Data(bases) from On-Premise to the Cloud

What is AWS Database Migration Service?

Serverless — Section 14

What is Lambda?

  • No servers to manage
  • Continuous Scaling
  • Integrates with almost all other AWS services

Security and Compliance — Section 15

The Shared Responsibility Model

  • Patch Management — AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications such as Qlik Sense
  • Configuration Management — AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications such as Qlik Sense
  • Awareness & Training — AWS trains AWS employees, but a customer must train their own employees

Security & Compliance

What is a penetration test?

  • AWS Inspector: works within EC2s to inspect for any vulnerabilities
  • AWS GuardDuty: a threat detection service that provides a way to monitor your AWS account
  • AWS Artifact: provides access to security and compliance reports on the AWS infrastructure. AWS Artifact is your go-to, central resource for compliance-related information that matters to you. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.
  • Trusted Advisor applies to the AWS account and AWS services
  • Amazon Inspector applies to the content of multiple EC2 instances

When you think of either AWS KMS or CloudHSM think of Encryption!

What is AWS Key Management Service?

Billing & Support Services — Section 16

What is an AWS Organisation?

AWS Support Plans

AWS has 4 different plans for various users:

  • Basic: A free service with no support and SLAs
  • Developer: $29 a month with Tech support via email and an SLA of between 12–24 hours
  • Business: $100 a month with Tech support provided via email, chat or phone. 1 Hour SLA for Urgent Cases
  • Enterprise: $15K a month with full Tech Support and a 15 minute response time SLA. Only Enteprise accounts come with there own Technical Account Manager (TAM)

Code Deployment

What is CodeCommit?

  • Execute automated bootstrapping actions to modify default configurations.
  • This includes scripts that install software or copy data to bring that resource to a particular state.
  • You can parameterize configuration details that vary between different environments.
  • A stateless application is an application that needs no knowledge of previous interactions and stores no session information.
  • A stateless application can scale horizontally since any request can be serviced by any of the available compute resources (e.g., EC2 instances, AWS Lambda functions).
  • Most applications need to maintain some kind of state information.
  • For example, web applications need to track whether a user is signed in, or else they might present personalized content based on previous actions.
  • Web applications can use HTTP cookies to store information about a session at the client’s browser (e.g., items in the shopping cart).
  • Consider only storing a unique session identifier in a HTTP cookie and storing more detailed user session information server-side.
  • DynamoDB is often used for storing session state to maintain a stateless architecture.
  • For larger files a shared storage system can be used such as S3 or EFS.
  • SWF can be used for a multi step workflow.
  • Databases are stateful.
  • Many legacy applications are stateful.
  • Load balancing with session affinity can be used for horizontal scaling of stateful components.
  • Session affinity is however not guaranteed and existing sessions do not benefit from newly launched nodes.

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store