The AWS Certified Cloud Practitioner validates foundational, high-level understanding of AWS Cloud, services, and terminology. This is a good starting point on the AWS Certification journey for individuals with no prior IT or cloud experience switching to a cloud career or for line-of-business employees looking for foundational cloud literacy.
Cloud Concepts:Taking the first steps as you start building on the cloud can seem overwhelming. Adjusting to a cloud-native approach can take time, especially if you are accustomed to the traditional on-premises way of provisioning hardware and building applications. Gaining familiarity with core concepts of cloud computing and the AWS Cloud will help give you confidence as you begin your cloud journey. In the following sections, we answer common questions about cloud computing and explore best practices for building on AWS. Define the AWS Cloud and its value proposition, Identify aspects of AWS Cloud economics. Be able to list the different cloud architecture design principles such as Reasonable Deployment, Business Continuity, Elastic Expansion, Performance Efficiency and Security Compliance.
Cloud security is a collection of procedures and technology designed to address external and internal threats to business security. Organizations need cloud security as they move toward their digital transformation strategy and incorporate cloud-based tools and services as part of their infrastructure.
The AWS shared responsibility model is a concept of dividing responsibilities between AWS and a Customer. The Customer is you. AWS's responsibilities are the security of the cloud.
Cloud security at AWS is the highest priority. AWS cloud allows customers to scale and innovate, while maintaining a secure environment.
AWS Cloud Security and Compliance covers following aspects of AWS Security
- Infrastructure Security
- Infrastructure Resilience
- Data Encryption
- Monitoring and Logging
- Identity and Access Control
- Compliance Assurance Programs
- Security Support
- Standards and Best Practices
- Identify AWS access management capabilities
- Identity and Access Management (IAM): IAM is a web service that allows users to manage access to AWS resources. With IAM, users can create and manage users and groups, assign permissions and policies, and set up multi-factor authentication (MFA) to add an extra layer of security to their AWS accounts.
- AWS Single Sign-On (SSO): AWS SSO is a cloud-based service that makes it easy to manage access to multiple AWS accounts and business applications. With AWS SSO, users can centrally manage access to AWS accounts, as well as other third-party applications and services.
- AWS Organizations: AWS Organizations is a service that allows users to centrally manage and govern multiple AWS accounts. With AWS Organizations, users can create and manage accounts, apply policies and controls across accounts, and simplify billing and cost management.
- Resource-level permissions: AWS allows users to set granular permissions for specific AWS resources, such as EC2 instances or S3 buckets. This helps ensure that only authorized users can access and modify these resources.
- AWS Security Token Service (STS): STS is a web service that enables users to generate temporary security credentials that can be used to access AWS resources. These temporary credentials can be used by applications or users who need access to AWS resources for a short period of time, without requiring the use of long-term credentials.
Overall, AWS provides a range of access management capabilities to help users secure their AWS resources and data, and ensure that only authorized users have access to sensitive information.
For security and operational health of your infrastructure, AWS Support provides:
- Real-time insight through AWS Trusted Advisor. Trusted Advisor helps provision your resources by following best practices. Trusted Advisor inspects your AWS environment and finds opportunities to save money, improve system performance and reliability, or help close security gaps.
- Proactive support and advocacy through Technical Account Manager (TAM). TAM is single point of contact and advocate who provides technical expertise across AWS services.
- Technology Define methods of deploying and operating in the AWS Cloud. Multiple options for provisioning your IT infrastructure and the deployment of your applications. The main principles to remember are AAA – Automate, Automate, and Automate.
AWS Elastic Beanstalk
- It is a high-level deployment tool
- Helps you get an app from your desktop to the web in a matter of minutes.
handles the details of your hosting environment for
- capacity provisioning
- load balancing
- application health monitoring
- A platform configuration defines the infrastructure and software stack to be used for a given environment.
- When you deploy your app, Elastic Beanstalk provisions a set of AWS resources
- AWS resources can include Amazon EC2 instances, alarms, a load balancer, security groups, and more.
- It is a service to model and set up your Amazon Web Services resources
- Spend less time managing those resources
- More time focusing on your applications that run in AWS.
- Create a template that describes all the AWS resources that you want (like Amazon EC2 instances or RDS)
- CloudFormation takes care of provisioning and configuring those resources for you.
- Use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
- This file serves as the single source of truth for your cloud environment.
- Available at no additional charge, and you pay only for the AWS resources needed to run your applications.
- It is a fully-managed source control service
- Makes it easy for companies to host secure and highly scalable private Git repositories.
- It integrates with AWS CodePipeline and AWS CodeDeploy to streamline your development and release process.
- It is a secure, highly scalable, managed source control service that hosts private Git repositories.
- It is a service that automates code deployments and software deployments to any instance, including Amazon EC2 instances and instances running on-premises.
- Makes it easier for you to rapidly release new features
- Helps you avoid downtime during application deployment
- Handles the complexity of updating your applications.
- It is a continuous integration and continuous delivery service
- It is used for fast and reliable application and infrastructure updates.
- It builds, tests, and deploys your code every time there is a code change, based on the release process models you define.
Amazon EC2 Container Service
- It is a highly scalable, high performance container management service that supports Docker containers
- Allows you to easily run applications on a managed cluster of Amazon EC2 instances.
- Eliminates the need for you to install, operate, and scale your own cluster management infrastructure.
- It is a configuration management service
- Helps you configure and operate applications in a cloud enterprise by using Chef.
- There are 2 variants: AWS OpsWorks Stacks and AWS OpsWorks for Chef Automate.
- Define the AWS global infrastructure
The AWS Global Infrastructure gives you the flexibility of choosing how and where you want to run your workloads, and when you do you are using the same network, control plane, API's, and AWS services. If you would like to run your applications globally you can choose from any of the AWS Regions and AZs.
- Identify the core AWS services
Amazon Elastic Compute Cloud or Amazon EC2, is
- A web service that provides secure, resizable compute capacity in the cloud
- Designed to make web-scale cloud computing easier for developers.
- Amazon S3 is object storage
- Built to store and retrieve any amount of data from anywhere – web sites and mobile apps, corporate applications, and data from IoT sensors or devices.
- Can deliver 99.999999999% durability,
- Provides comprehensive security and compliance capabilities
- It has query-in-place functionality, allowing you to run powerful analytics directly on your data at rest in S3.
- Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud.
- Provides cost-efficient and resizable capacity
- Automates time-consuming administration tasks such as hardware provisioning, database setup, patching and backups.
- Available on several database instance types – optimized for memory, performance or I/O.
- Six familiar database engines to choose from.
- Supports encryption at rest and in transit, using keys managed through KMS.
- Backups are automated, user-initiated snapshots are available and database software is updated automatically.
- It is highly available and scalable cloud Domain Name System (DNS) web service
- It also offers Domain Name Registration
- It will automatically configure DNS settings for your domains.
- Used to configure DNS health checks to route traffic to healthy endpoints.
- Independently monitor the health of your application and its endpoints.
- Amazon Route 53 Traffic Flow makes it easy for you to manage traffic globally
Amazon Simple Notification Service (SNS) is
- A Pub/Sub messaging and mobile notifications for
- distributed systems
- serverless applications
- It makes it simple and cost effective to send push notifications to iOS and Android based devices.
- Billing and Pricing
The AWS Billing console contains features to pay your AWS bills and report your AWS cost and usage. You can also use the AWS Billing console to manage your consolidated billing if you're a part of AWS Organizations. Amazon Web Services automatically charges the credit card that you provided when you sign up for an AWS account. You can view or update your credit card information at any time, including designating a different credit card for AWS to charge.
- Recognize the various account structures in relation to AWS billing and pricing
- Accounts are the main billing entity for AWS Resources.
- Different billing options are available including invoicing
- Consolidated billing, lets one account pick up the bill for multiple ‘sub accounts’.
- billing alerts can be set up
- AWS Budgets and automated bill reporting provided for better insights.
- Tagging can also be used for better cost allocation.
- Identify resources available for billing support
- AWS Knowledge Center gives answers to questions about your bill.
- Customers have access to account and billing support free of charge.
- Personalized technical support requires a support plan.
- Use AWS Cost Calculator to estimate monthly bill.
- Trusted Advisor helps with reducing costs, by suggesting changes to your existing infrastructure.
Note, AWS Certified Cloud Practitioner is a beneficial certification for cloud professionals irrespective for their technical skills and job roles to deal with cloud operations and make price-related decisions. AWS Certification solidifies AWS services and the details of how designs are made to help a business.
Holding an AWS certification, even at the foundational level, can enhance your resume and validate your skills. Career Opportunities: As cloud technology continues to gain prominence, the demand for professionals with cloud expertise is on the rise.
Remember that becoming a Cloud Practitioner in AWS requires practice and hands-on experience. As you progress in your learning journey, we at bitsvalleyilabs will engage you on real world projects to apply your knowledge and enhance your skills