AWS Certified Cloud Practitioner 2022/2023 Study Guide, Exams of Nursing

A study guide for the AWS Certified Cloud Practitioner exam. It covers various AWS services such as Elastic Container Service, Fargate, Elastic Container Registry, Lambda, CodeArtifact, CodeStar, Cloud9, CodeCommit, Systems Manager, Route 53, CloudFront, SNS, Kinesis, MQ, CloudWatch, CloudTrail, X-Ray, CodeGuru, AWS Status, AWS WAF, ACM, Secrets Manager, and GuardDuty. It explains the features, benefits, and use cases of each service. It also provides tips and tricks for the exam.

Typology: Exams

2022/2023

Available from 04/06/2023

Allivia
Allivia ๐Ÿ‡จ๐Ÿ‡ฆ

3.7

(83)

17K documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
AWS Certified Cloud Practitioner 2022/2023 Study
Guide
ECS - - โœ…โœ…โœ…Elastic Container Service
- Launch Docker containers on AWS
- You MUST provision & maintain the infrastructure (the EC2 instance)
- AWS takes care of starting/stopping containers
- Has integrations w/the app load balancer
Fargate - - โœ…โœ…โœ…- Launch Docker containers on AWS
-DOES NOT need to provision EC2
-SERVERLESS Offering
- AWS just runs containers for you based on the CPU/RAM you need
ECR - - โœ…โœ…โœ…Elastic Container Registry
- Private docker registry on AWS
- this is where you store your docker images so they can be run by ECS or
Fargate
What's serverless? - - โœ…โœ…โœ…- new paradigm in which the developers don't
have to manage servers anymore
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download AWS Certified Cloud Practitioner 2022/2023 Study Guide and more Exams Nursing in PDF only on Docsity!

Guide

ECS - - โœ…โœ…โœ…Elastic Container Service

  • Launch Docker containers on AWS
  • You MUST provision & maintain the infrastructure (the EC2 instance)
  • AWS takes care of starting/stopping containers
  • Has integrations w/the app load balancer Fargate - - โœ…โœ…โœ…- Launch Docker containers on AWS -DOES NOT need to provision EC -SERVERLESS Offering
  • AWS just runs containers for you based on the CPU/RAM you need ECR - - โœ…โœ…โœ…Elastic Container Registry
  • Private docker registry on AWS
  • this is where you store your docker images so they can be run by ECS or Fargate What's serverless? - - โœ…โœ…โœ…- new paradigm in which the developers don't have to manage servers anymore

Guide

  • they just deploy code or functions!
  • initially FaaS (Fx as a service)
  • serverless was pioneered by AWS Lambda but now also includes anything that's managed :DB, msg, storage, etc Serverless AWS services - - โœ…โœ…โœ…Amazon S3, DynamoDB, Fargate, Lambda Lambda - - โœ…โœ…โœ…Virtual functions - no servers to manage! Limited by time - short executions Run on -demand Scaling is automated EC2 vs Lambda Serverless Thumbnail creation & CronJob - - โœ…โœ…โœ…image created in S3 then pushed to Lambda Fx creating a Thumbnail, then pushed to new thumbnail in S3 and Metadata in DynamoDB, ALL serverless integrations. CRON allows you to define schedule and run script, runs on Linux AMI. CloudWath Events EventBridge, trigger every hr for Lambda fx to perform a task

Guide

Use Cases:

  • simple web applications
  • simple websites
  • Dev/Test env Elastic Beanstalk - - โœ…โœ…โœ…Platform as a service for developers to only deploy code, end to end management of web application
  • Health monitoring suite available within the service pushes metrics to CloudWatch.
  • Also checks for app health, publishes health events AWS CodeDeploy - - โœ…โœ…โœ…Deploy apps automatically Works w/EC2 and also on-prem servers is a "HYBRID" service AWS CodePipeline - - โœ…โœ…โœ…Orchestrate the diff steps to have the code automatically pushed to production
  • code ->Build->Test->Provision->Deploy
  • Basis for CICD (Continuous integration & continuous Delivery)

Guide

Benefits: fully managed and compatible with Code xxx AWS Code Artifact - - โœ…โœ…โœ…Storing and retrieving dependencies called "artifact management"

  • SW packages depend on each other to be built (code dependencies) and new ones are created CodeArtifact is a secure, scalable and cost-effective management for software development
  • Developers and codebuild can retrieve dependencies straight from CodeArtifact AWS CodeStar - - โœ…โœ…โœ…One stop shop for SW development management
  • Unified UI to easily manage SW development activities in one place via dashboard AWS Cloud9 - - โœ…โœ…โœ…a cloud IDE (Integrated Development Environment) for writing, running and debugging code
  • looks like a code editor
  • can be used within a web browser

Guide

Route 53 - - โœ…โœ…โœ…1) simple routing policy, No health checks. Traditional routing process

  1. Weighted routing policy, traffic is divided based on the weight set for each server (e.g., 70%, 20%, 10%) 3)Latency routing policy: reroute to closest servers by looking at user's location
  2. failover routing policy, DR: Route 53 health checks on primary and if fails, it routes to Failover server DIFFERENCE BETWEEN Load balancing vs. Route 53 ELB = traffic distribution among multiple AZs Route 53= traffic distribution among multiple regions AWS CloudFront - - โœ…โœ…โœ…A content delivery network (CDN). High performance due to caching content near where your users are and lowers latency. An origin is the location that a distribution sources content from, can be an EC2 instance, public S3 bucket, HTTP. DDoS protection (cuz worldwide), integration w/Shield, AWS Web App Firewall.

Guide

S3 Transfer Acceleration - - โœ…โœ…โœ…Increase transfer speed by transferring file to an AWS edge location which will forward the data to the S3 bucket in the target region AWS Global Accelerator - - โœ…โœ…โœ…is a networking service that improves the availability and performance of the applications that you offer to your global users AWS Global Accelerator vs CloudFront - - โœ…โœ…โœ…- they both use the AWS global network and its edge locations around the world

  • both services integrate w/AWS Shield for DDoS protection -CloudFront = Content Delivery Network, used to cache content and served at the edge location -Global Accelerator: no caching, proxying packets at the edge to apps running in one or more AWS Regions. Make your request go faster via internal private network, not internet AWS Outposts - - โœ…โœ…โœ…"server racks" that offers the same AWS infra, services, APIs & tools to build your own apps on-premises just as in the cloud.

Guide

Amazon SNS - - โœ…โœ…โœ…Simple Notification Services, Pub/sub

  • the "event" publisher only sends msg to one SNS topic
  • as many "event subscribers" as we want to listen to the SNS topic notifications
  • each subscriber to the topic will get all the msg Amazon Kinesis - - โœ…โœ…โœ…real-time big data streaming Amazon MQ - - โœ…โœ…โœ…A managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud. CloudWatch Metrics - - โœ…โœ…โœ…Monitor the performance of AWS services and billing metrics CloudWatch Logs - - โœ…โœ…โœ…collect logs file. Can be collected from:
  • Elastic Beanstalk: logs from application
  • ECS: from containers
  • Lambda: from function logs

Guide

  • CloudTrail based on filter -CloudWatch log agents: on EC2 machines or on-prem servers CloudTrail - - โœ…โœ…โœ…- Provides governance, compliance and audit for your AWS account
  • enabled by default
  • Get an history of events/API calls made w/in AWS account by console, SDK, CLI, AWS services
  • trail can be applied to all regions or a single region
  • if a resource is deleted in AWS, investigate cloudtrail first! CloudTrail Events - - โœ…โœ…โœ…1) Management Events: operations that are performed on resources in your AWS account
  1. Data Events
  2. CloudTrain Insights Events: enable to detect unusual activity (need to pay) in your account CloudTrail Events Retention - - โœ…โœ…โœ…- Events are stored for 90 days in CloudTrail

Guide

Public and Private Subnets - - โœ…โœ…โœ…Public subnet = Internet Gateways allows access to the internet Private subnet: NAT Gateways & NAT Instances allow instances in private subnets to access the internet via NAT Gateway placed in public subnet. Network ACL (NACL) - - โœ…โœ…โœ…A firewall that controls traffic from and to submit within VPC Can have ALLOW and DENY rules attached at the Subnet level Stateless: return traffic must be explicitly allowed by rules Security Groups - - โœ…โœ…โœ…A firewall that controls traffic to and from an ENI/an EC2 Instance Can have only ALLOW rules Stateful: return traffic is automatically allowed, regardless of any rules VPC Flow Logs - - โœ…โœ…โœ…Capture information about IP traffic going into your interfaces = VPC, Subnet, Elastic Network Interface flow logs

Guide

Helps to monitor and troubleshoot connectivity issues between subnets, to and from internet Captures network info from AWS managed interfaces such as ELB, ElastiCache, RDS, Aurora, etc... VPC Peering - - โœ…โœ…โœ…- connect two VPCs, privately using AWS' network

  • make them behave as if they were in the same network
  • must not have overlapping CIDR (IP range)
  • VPC peering connection is not transitive (transferrable) Site to Site VPN & Direct Connect - - โœ…โœ…โœ…S2S VPN: connect on-prem VPN to AWS, connection is encrypted but security concerns still exist as it goes over the public internet Direct Connect (DX): physical connection between on-prem and AWS. It's private, secure and fast but expense. Takes a month to establish. AWS Shield - - โœ…โœ…โœ…AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS

Guide

AWS Secrets Manager - - โœ…โœ…โœ…-Newer service, meant for storing secrets -capability to force rotation of secrets every x days -automate generation of secrets on rotation (uses Lambda) -Integration w/RDS (MySQL, PosgreSQL,Aurora) -secrets are encrypted using KMS Amazon GuardDuty - - โœ…โœ…โœ…โ€ข Intelligent Threat discovery to Protect AWS Account โ€ข Uses Machine Learning algorithms, anomaly detection, 3rd party data

  • VPC Flow logs+CloudTrail logs+DNS Logs will feed into GuardDuty, it will analyze and import events to CloudWatchEvent, then will either go into Lambda or SNS Amazon Inspector - - โœ…โœ…โœ…-Automated Security Assessments for EC instances -Analyze the running OS against known vulnerabilities -Analyze against unintended network accessibility -AWS inspector Agent must be installed on OS in EC2 instances -After the assessment, a report is provided with list of vulnerabilities

Guide

AWS Config - - โœ…โœ…โœ…--helps w/auditing and recording compliance of your AWS resources -helps record configurations and changes over time -possibility of storing the configuration data into S3 (analyzed by Athena) -NOT free service -can view CloudTrail API calls if enabled

  • e.g., is there restricted SSH? AWS Macie - - โœ…โœ…โœ…-fully managed data security and privacy service that uses machine learning and pattern matching to discover and protect sensitive data in AWS -help identify and alert you to sensitive data such as PII ex) S3 Bucket --> Macie analyzes and identifies PII --> notify cloudwatch events (eventbridge) --> integrates with SNS or Lambda GuardDuty vs Macie - - โœ…โœ…โœ…Threat detection vs auto discovery/secure content at scale

Guide

Amazon Kendra - - โœ…โœ…โœ…-Fully managed document search service powered by ML -Extract answers from within a document -natural language search capabilities

  • Incremental learning AWS Control Tower - - โœ…โœ…โœ…-Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices Benefits:
  • automate setup of your env in a few clicks
  • automate ongoing policy mgmt using guardrails -detect policy violations and remediate them -monitor compliance through an interactive dashboard AWS control tower runs on top of AWS organizations:
  • it automatically sets up AWS organizations or organize accts and implement SCPs (service control policies)

Guide

Savings Plan - - โœ…โœ…โœ…EC2 Savings Plan: up to 72% discount compared to on- prem, commit to usage of individual instance families in a region (e.g., C5 or M5) regardless of AZ, size, OS or tenancy Compute Savings Plan: up to 66% discount, regardless of family, region, size, OS and compute options (e.g., EC2, Fargate, Lambda) Setup from the AWS cost explorer console Support Plans - - โœ…โœ…โœ…Basic, Developer, Business, Enterprise Know the details for the exam! AWS Global Services - - โœ…โœ…โœ…- IAM

  • Route
  • CloudFront -WAF (web application firewall) AWS Region-scoped services - - โœ…โœ…โœ…- Amazon EC2 (IaaS) -Elastic Beanstalk (PaaS) -Lambda (FaaS)
  • Rekognition (SaaS)