Certification Tips for "AWS Certified Cloud Practitioner"

I began my cloud certification journey in 2019 with the AWS Certified Cloud Practitioner. Sat for the exam on 01/10/2019 and was able to pass it.

There were 65 questions to be answered in 90 minutes. Don't waste too much time on one question; flag it and come back to it after answering all of the questions. Since there is no negative marking, feel free to answer every question even if you don't know the answer.

This exam validates an examinee's ability to:

1. Define what the AWS Cloud is and the basic global infrastructure
2. Describe basic AWS Cloud architectural principles
3. Describe the AWS Cloud value proposition
4. Describe key services on the AWS platform and their common use cases (for example, compute and analytics)
5. Describe basic security and compliance aspects of the AWS platform and the shared security model
6. Define the billing, account management, and pricing models
7. Identify sources of documentation or technical assistance (for example, whitepapers or support tickets)
8. Describe basic/core characteristics of deploying and operating in the AWS Cloud

I spent a week preparing for the exam. It was an easy exam for me mainly because I have been working with Microsoft Azure cloud since 2012. Most of the concepts and techniques are similar, hence making it a piece of cake.

Following are few resources to help you prepare for the exam. Feel free to post any questions you may have.

Read the Exam Guide and Sample Questions. It is not really needed for this exam but another recommendation is to read FAQs for each of the technologies; those pages are filled with information which may appear in the exam.

AWS Cloud Practitioner Essentials is the most important free training which covers important topics covered in the exam.

Following is the list of topics covered in this training. Under each topic are the important points to remember and understand for the exam.

AWS Cloud Practitioner Essentials - Core Services

AWS Cloud Practitioner Essentials: Cloud Concepts

AWS Cloud Practitioner Essentials: Core Services

Introduction to Services and Categories

The exam will cover the following categories. Review each category, know what services are offered under each, and what is the purpose of each service. Focus should be on learning the purpose of each service; no need to go into details. For each of the services (under each category), don't forget to review the related FAQs.

1. Compute
2. Storage
3. Database
4. Networking and Content Delivery
5. Security, Identity and Compliance

AWS Global Infrastructure

There are three main concepts to understand.

1. Regions
2. Availability Zones
3. Edge Locations

Regions

Regions are geographic areas that contain two or more Availability Zones. That means a Region will have at least two Availability Zones.

They allow you to host your applications closer to your users hence reducing latency and improving user experience.

Regions aren't connected to or dependent upon each other. They are independent entities that may, for example, shutdown in next 5 minutes but would have no impact on the availability of other Regions.

Not all regions offer the same set of services. Therefore check the Region Table for supported services before planning out deployments.

Availability Zones

Availability Zones, or AZs, are collection of data centers within a region. That means a Region will have at least two data centers.

AZs within a Region are connected to each other using high-speed networks but they are physically apart and isolated.

Each AZ has its own a) uninterruptible power supply b) backup generators c) cooling equipment d) network connectivity. Failure of an AZ doesn't have an impact on other AZs in the same Region.

AWS recommends provisioning your data among multiple AZs.

Edge Locations

These nodes host the AWS Content Delivery Network (CDN) called Amazon CloudFront and serves content to end-users from the host closest to them. This reduces latency and improves user experience.

Edge Locations are located in highly populated areas similar to Regions and AZs.

Checkout the complete list here.

Amazon Virtual Private Cloud (VPC)

Amazon VPC FAQs

VPC allows to create a virtual network in the cloud that offers same concepts and constructs as on-premise networks. It allows you to setup IP address space, sub nets, routing tables as well as control the incoming and outgoing traffic.

VPCs live within a Region. An AWS account may have many VPCs.

Applications deployed within VPC honor the security settings built into the network.

It is a foundational service that integrates with many other AWS services including EC2, RDS, Elastic Beanstalk and S3.

It is possible to create many subnets with a VPC effectively allowing a VPC to span multiple AZs. By default all subnets within a VPC can communicate with each other.

Internet Gateway (IGW) allows a public subnet access to Internet.

Don't forget to explore how to create a VPC, Internet Gateway, and public/private subnets.

AWS Security Groups

Think about AWS Security Groups as virtual firewalls for your servers in the cloud. At the very basic level, it is another method to filter traffic to your instance.

Compute Services

AWS Compute Services Overview

Elastic Compute Cloud (EC2)

Introduction to Amazon Elastic Compute Cloud (EC2)

Introduction to EC2 Auto Scaling

Amazon EC2 FAQs

Elastic Beanstalk

Introduction to AWS Elastic Beanstalk

AWS Elastic Beanstalk FAQs

Beanstalk can either be a "Web server environment" or "Worker environment".

Web server environment allows running a website, web application or APIs that serve HTTP requests.

Worker environment is for running workloads that take long time to run. Each worker environment runs a daemon that reads an Amazon SQS queue for incoming requests.

AWS Lambda

Introduction to AWS Lambda

AWS Lambda FAQs

AWS Lambda allows us to run code in response to important events we are interested in. No servers are needed to run the code. AWS manages everything behind the scene. From our perspective, the code gets executed without having to setup and host the infrastructure, hence the term Server-less Computing.

Lambda execution is metered in sub-seconds and we do have the option to continuously scale to thousands of executions per second.

Lambda can be deployed using AWS Code Pipeline and AWS Code Deploy.

AWS imposes few restrictions on Lambda functions:

a) Disk space is limited to 512 MB.

b) Memory allocation can be between 128 MB to 1536 MB.

c) Lambda functions can't execute for more than 5 minutes.

d) Request and response payload can't exceed 6 MB. Event request body is limited to 128 KB.

Lightsail

Amazon Lightsail FAQs

Elastic Container Service (ECS)

Elastic Container Service FAQs

Application Load Balancer

Introduction to Amazon Elastic Load Balancer - Application

Application Load Balancer FAQs

Elastic Load Balancer

Elastic Load Balancing FAQs

Auto Scaling

AWS Auto Scaling FAQs

Amazon Elastic Block Storage (EBS)

Amazon Elastic Block Storage FAQs

Amazon Simple Storage Service (S3)

Amazon Simple Storage Service FAQs

Amazon Glacier

Amazon Galcier FAQs

Amazon Relational Database Service (RDS)

AWS Database Services Overview

Mapping a Few Core Oracle DB Concepts to Amazon RDS/Aurora PostgreSQL Concepts

Introduction to Amazon Relational Database Service (RDS)

Amazon Relational Database Service FAQs

Amazon DynamoDB

Amazon DynamoDB FAQs

Amazon Redshift

Introduction to Amazon Redshift

Amazon Redshift FAQs

Amazon Aurora

Introduction to Amazon Aurora Serverless

Introduction to Amazon Aurora

Amazon Aurora FAQs

AWS Trusted Advisor

Trusted Advisor FAQs

AWS Cloud Practitioner Essentials - Security

Introduction to AWS Security

AWS Cloud Practitioner Essentials: Security

IAM FAQs

All AWS customers get a resilient infrastructure designed for high security without the capital outlay and operational overhead of a traditional data center.

AWS makes continuous improvements based on customers feedback.

Core security services such as Identity and Access Management (IAM), logging and monitoring, encryption and key management, network segmentation, and standard DDoS protection are constantly evolved.

AWS and its partners offer a wide-range of tools and features to help you to meet your security objectives. AWS provides security tools for a) network security b) configuration management c) access control, and d) data security.

AWS Network Security includes a) built-in firewalls that allow you to create private networks within AWS b) control network access to our instances and subnets c) encryption in transit with Transport Layer Security across all services d) connectivity options that enable private or dedicated connections from your office or on-premises environment, and e) DDoS mitigation technologies.

AWS offers data encryption for data at rest in the cloud. These include data encryption capabilities available in AWS storage and database services, such as EBS, S3, Glacier, Oracle RDS, SQL Server RDS, and Redshift.

Flexible key management options that allow you to choose whether you have AWS manage the encryption keys or maintain complete control over your keys.

The AWS Shared Responsibility Model

Once the customer starts using AWS, Amazon shares the responsibility of securing the data in AWS with its customers.

AWS is responsible for security of the cloud. Under this model, AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate.

In addition to that, AWS is responsible for the security configuration of its products that are considered foundational, which include Compute, Storage, Database, and Networking. DynamoDB, RDS, Redshift, Elastic MapReduce, and Workspaces are few examples of such services. For these services, AWS will handle basic security tasks like guest operating system and database patching, firewall configuration, and disaster recovery.

AWS Shared Responsibility Model means by using AWS, you inherit the many security controls that AWS operates, thus reducing the number of security controls that you need to maintain.

If AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. For most of the managed services, what you have to do is configure logical access controls for the resources and protect your account credentials. You are also responsible for a) what content should go into the cloud b) which AWS services are used with the content c) in what country the content is stored d) format and structure of that content and whether it is masked, anonymized or encrypted. e) who has access to that content, and f) how access rights are granted, managed, and revoked.

AWS Access Control and Management

IAM - Identity and Access Management. This controls access to AWS resources by implementing authentication and authorization.

IAM allows you to manage access to a) Compute b) Storage c) Database, and d) Application Services in the AWS cloud.

You can create Users, Groups and Roles and assign them Permissions to allow or deny access to AWS resources.

Users - Users or applications that need access to your AWS instance.

Groups - collection of users for ease of management.

Roles - allow you to grant AWS services and external identities access to your AWS resources.

Policies - allow you to define permissions for IAM users, groups, and roles.

AWS Account Root User - The very first user that creates the AWS account. This user has complete access to AWS services.

AWS supports a) MFA for important accounts b) hardware based authenticaters. c) integration and federation with corporate directories.

AWS Cloud Practitioner Essentials - Architecting

AWS Cloud Practitioner Essentials: Architecting

AWS Cloud Practitioner Essentials - Pricing and Support

AWS Cloud Practitioner Essentials: Pricing and Support

AWS pricing is based on the Utility Model that includes:

1. Pay as you go
2. Pay less when you reserve. (It is an important concepts; in the exam, there were 3-4 questions related to this.)
3. Pay even less per unit by using more
4. Pay even less as AWS grows

Whitepapers

In the end, in case you have time, read these whitepapers.They overlap with the content covered above but provide more details on important aspects of AWS. I didn't read these white papers for the exam.

Overview of Amazon Web Services

Architecting for the Cloud: AWS Best Practices

How AWS Pricing Works

The Total Cost of (Non) Ownership of Web Applications in the Cloud

Compare AWS Support Plans