Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

AWS Certified Cloud Practitioner 2022/2023 Study Guide, Exams of Nursing

A study guide for the AWS Certified Cloud Practitioner exam. It covers various AWS services such as Elastic Container Service, Fargate, Elastic Container Registry, Lambda, CodeArtifact, CodeStar, Cloud9, CodeCommit, Systems Manager, Route 53, CloudFront, SNS, Kinesis, MQ, CloudWatch, CloudTrail, X-Ray, CodeGuru, AWS Status, AWS WAF, ACM, Secrets Manager, and GuardDuty. It explains the features, benefits, and use cases of each service. It also provides tips and tricks for the exam.

Typology: Exams

2022/2023

Available from 04/06/2023

Allivia
Allivia 🇺🇸

3.6

(69)

3.7K documents

1 / 22

Toggle sidebar

Related documents


Partial preview of the text

Download AWS Certified Cloud Practitioner 2022/2023 Study Guide and more Exams Nursing in PDF only on Docsity! AWS Certified Cloud Practitioner 2022/2023 Study Guide ECS - - ✅✅✅Elastic Container Service - Launch Docker containers on AWS - You MUST provision & maintain the infrastructure (the EC2 instance) - AWS takes care of starting/stopping containers - Has integrations w/the app load balancer Fargate - - ✅✅✅- Launch Docker containers on AWS -DOES NOT need to provision EC2 -SERVERLESS Offering - AWS just runs containers for you based on the CPU/RAM you need ECR - - ✅✅✅Elastic Container Registry - Private docker registry on AWS - this is where you store your docker images so they can be run by ECS or Fargate What's serverless? - - ✅✅✅- new paradigm in which the developers don't have to manage servers anymore AWS Certified Cloud Practitioner 2022/2023 Study Guide - they just deploy code or functions! - initially FaaS (Fx as a service) - serverless was pioneered by AWS Lambda but now also includes anything that's managed :DB, msg, storage, etc Serverless AWS services - - ✅✅✅Amazon S3, DynamoDB, Fargate, Lambda Lambda - - ✅✅✅Virtual functions - no servers to manage! Limited by time - short executions Run on -demand Scaling is automated EC2 vs Lambda Serverless Thumbnail creation & CronJob - - ✅✅✅image created in S3 then pushed to Lambda Fx creating a Thumbnail, then pushed to new thumbnail in S3 and Metadata in DynamoDB, ALL serverless integrations. CRON allows you to define schedule and run script, runs on Linux AMI. CloudWath Events EventBridge, trigger every hr for Lambda fx to perform a task AWS Certified Cloud Practitioner 2022/2023 Study Guide Benefits: fully managed and compatible with Code xxx AWS Code Artifact - - ✅✅✅Storing and retrieving dependencies called "artifact management" - SW packages depend on each other to be built (code dependencies) and new ones are created CodeArtifact is a secure, scalable and cost-effective management for software development - Developers and codebuild can retrieve dependencies straight from CodeArtifact AWS CodeStar - - ✅✅✅One stop shop for SW development management - Unified UI to easily manage SW development activities in one place via dashboard AWS Cloud9 - - ✅✅✅a cloud IDE (Integrated Development Environment) for writing, running and debugging code - looks like a code editor - can be used within a web browser AWS Certified Cloud Practitioner 2022/2023 Study Guide - code collaboration in real-time (pair programming) AWS CodeCommit - - ✅✅✅a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. AWS Systems Manager (SSM) - - ✅✅✅- Hybrid AWS service that can be used to manage both EC2 and on-prem systems at scale - get operational insights about the state of your infra - important features are Patching automation for enhanced compliance, run commands across an entire fleet of servers - works both Win and Linux OS 3 ways to access EC2 - - ✅✅✅1. open port 22 and SSH into EC2 2. EC2 instance connect, still need port 22 3. Session Manager Session Manager (Systems Manager) - - ✅✅✅to securely access EC2 without SSH AWS Certified Cloud Practitioner 2022/2023 Study Guide Route 53 - - ✅✅✅1) simple routing policy, No health checks. Traditional routing process 2) Weighted routing policy, traffic is divided based on the weight set for each server (e.g., 70%, 20%, 10%) 3)Latency routing policy: reroute to closest servers by looking at user's location 4) failover routing policy, DR: Route 53 health checks on primary and if fails, it routes to Failover server DIFFERENCE BETWEEN Load balancing vs. Route 53 ELB = traffic distribution among multiple AZs Route 53= traffic distribution among multiple regions AWS CloudFront - - ✅✅✅A content delivery network (CDN). High performance due to caching content near where your users are and lowers latency. An origin is the location that a distribution sources content from, can be an EC2 instance, public S3 bucket, HTTP. DDoS protection (cuz worldwide), integration w/Shield, AWS Web App Firewall. AWS Certified Cloud Practitioner 2022/2023 Study Guide Amazon SNS - - ✅✅✅Simple Notification Services, Pub/sub - the "event" publisher only sends msg to one SNS topic - as many "event subscribers" as we want to listen to the SNS topic notifications - each subscriber to the topic will get all the msg Amazon Kinesis - - ✅✅✅real-time big data streaming Amazon MQ - - ✅✅✅A managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud. CloudWatch Metrics - - ✅✅✅Monitor the performance of AWS services and billing metrics CloudWatch Logs - - ✅✅✅collect logs file. Can be collected from: - Elastic Beanstalk: logs from application - ECS: from containers - Lambda: from function logs AWS Certified Cloud Practitioner 2022/2023 Study Guide - CloudTrail based on filter -CloudWatch log agents: on EC2 machines or on-prem servers CloudTrail - - ✅✅✅- Provides governance, compliance and audit for your AWS account - enabled by default - Get an history of events/API calls made w/in AWS account by console, SDK, CLI, AWS services - trail can be applied to all regions or a single region - if a resource is deleted in AWS, investigate cloudtrail first! CloudTrail Events - - ✅✅✅1) Management Events: operations that are performed on resources in your AWS account 2) Data Events 3) CloudTrain Insights Events: enable to detect unusual activity (need to pay) in your account CloudTrail Events Retention - - ✅✅✅- Events are stored for 90 days in CloudTrail AWS Certified Cloud Practitioner 2022/2023 Study Guide - To keep events beyond this period, log them to S3 and use Athena AWS X-Ray - - ✅✅✅AWS X-Ray helps developers analyze and debug distributed applications in production or under development, such as those built using a microservices architecture. Amazon CodeGuru - - ✅✅✅machine learning powered service for 1) automated code reviews and 2) application performance recommendations - CodeGuru Reviewer and Profiler AWS Status - Service Health Dashboard - - ✅✅✅High-level dashboard • Shows all regions, all services health • Shows historical information for each day • Has an RSS feed you can subscribe to AWS personal Health Dashboard - - ✅✅✅More personalized dashboard than service health dashboard - alert, remediation, proactive, scheduled activities that may impact your resources AWS Certified Cloud Practitioner 2022/2023 Study Guide standard (free) and advanced (3k more) AWS WAF - Web Application Firewall - - ✅✅✅Layer 7 content filtering Support rules to block/allow/count requests Integrate with Amazon CloudFront Protect against SQL Injection Cross-site Scripting (XSS) Block based on Ip addresses Http headers/body content URI string Rate limiting per client IP Managed rules for common threats OWASP Bots Common Vulnerabilities and Exposures (CVE) AWS Certificate Manager (ACM) - - ✅✅✅Let's you easily provision, manage, and deploy SSL/TLS Certificates • Used to provide in-flight encryption for websites (HTTPS) • Supports both public and private TLS certificates • Free of charge for public TLS certificates • Automatic TLS certificate renewal • Integrations with (load TLS certificates on) • ex) Elastic Load Balancers • CloudFront Distributions • APIs on API Gateway AWS Certified Cloud Practitioner 2022/2023 Study Guide AWS Secrets Manager - - ✅✅✅-Newer service, meant for storing secrets -capability to force rotation of secrets every x days -automate generation of secrets on rotation (uses Lambda) -Integration w/RDS (MySQL, PosgreSQL,Aurora) -secrets are encrypted using KMS Amazon GuardDuty - - ✅✅✅• Intelligent Threat discovery to Protect AWS Account • Uses Machine Learning algorithms, anomaly detection, 3rd party data - VPC Flow logs+CloudTrail logs+DNS Logs will feed into GuardDuty, it will analyze and import events to CloudWatchEvent, then will either go into Lambda or SNS Amazon Inspector - - ✅✅✅-Automated Security Assessments for EC2 instances -Analyze the running OS against known vulnerabilities -Analyze against unintended network accessibility -AWS inspector Agent must be installed on OS in EC2 instances -After the assessment, a report is provided with list of vulnerabilities AWS Certified Cloud Practitioner 2022/2023 Study Guide AWS Config - - ✅✅✅--helps w/auditing and recording compliance of your AWS resources -helps record configurations and changes over time -possibility of storing the configuration data into S3 (analyzed by Athena) -NOT free service -can view CloudTrail API calls if enabled - e.g., is there restricted SSH? AWS Macie - - ✅✅✅-fully managed data security and privacy service that uses machine learning and pattern matching to discover and protect sensitive data in AWS -help identify and alert you to sensitive data such as PII ex) S3 Bucket --> Macie analyzes and identifies PII --> notify cloudwatch events (eventbridge) --> integrates with SNS or Lambda GuardDuty vs Macie - - ✅✅✅Threat detection vs auto discovery/secure content at scale AWS Certified Cloud Practitioner 2022/2023 Study Guide Savings Plan - - ✅✅✅EC2 Savings Plan: up to 72% discount compared to on- prem, commit to usage of individual instance families in a region (e.g., C5 or M5) regardless of AZ, size, OS or tenancy Compute Savings Plan: up to 66% discount, regardless of family, region, size, OS and compute options (e.g., EC2, Fargate, Lambda) Setup from the AWS cost explorer console Support Plans - - ✅✅✅Basic, Developer, Business, Enterprise Know the details for the exam! AWS Global Services - - ✅✅✅- IAM - Route53 - CloudFront -WAF (web application firewall) AWS Region-scoped services - - ✅✅✅- Amazon EC2 (IaaS) -Elastic Beanstalk (PaaS) -Lambda (FaaS) - Rekognition (SaaS) AWS Certified Cloud Practitioner 2022/2023 Study Guide Alternatives to AWS Management Console - - ✅✅✅- CLI (command line interface) - SDK (software development kit) both use access keys Redshift - - ✅✅✅Online analytical processing (analytics and data warehousing) Columnar storage of data Amazon QLDB - - ✅✅✅Quantum Ledger Database - recording financial transactions -immutable system: entry cannot be removed or modified - used to review history of all the changes made to your app data over time AWS Glue - - ✅✅✅Managed ETL (extract, transform and load) service - to prepare and transform data for analytics - serverless AWS Certified Cloud Practitioner 2022/2023 Study Guide - extract from S3 Bucket/RDS -> prepare data -> Redshift