The Ultimate AWS Cloud Practitioner Certification Cheat Sheet (CLF-C01 Exam)

This is the ultimate, well researched cheat sheet that can help you become an AWS Certified Cloud Practitioner.

AWS EC2 – Virtual Cloud Server

• AWS EC2 stands for AWS Elastic Cloud Compute
• EC2 is a virtual server offered by AWS Cloud services.
• Offers resources on demand and makes scaling of capacity up and down as demanded.

EC2 Instance Types

• General Purpose Instance:  When you have a balanced resource demand.
• Compute Optimized Instances: There’s a need for high compute resources.
• Memory Optimized Instances: Demand to preload huge data sets  before running the app
• Accelerated Computing Instances: Use of hardware accelerators, desirable for graphics and streaming apps
• Storage Optimized Instances: Large datasets on local storage for example data warehouses, large file systems, etc.

Security Groups

• A Security Group is a firewall regulating both inbound and outgoing traffic.
• This capability is only available on AWS EC2 instances.

AWS EC2 Pricing

• Pay for compute time used for short-term workloads. On-demand resources.
• The savings plan offers a discounted price when you commit for a time period is a commitment for usage over a 1-year or 3-year term.
• The Reserved Instances are used to reserve instances for a pre-determined period. A higher period leads to higher discounts.
• Spot Instances for flexible start and end times, with the ability to take interruptions
• Dedicated Hosts are the most expensive model. Offers fully dedicated physical servers.

AWS EC2 Auto Scaling allows you to add or remove EC2 instances automatically.

• It automates the capacity of the demand.
• There are two approaches:
• Dynamic scaling: responds to changing demand
• Predictive scaling: schedules the number of instances based on a predicted demand
• Dynamic and Predictive scaling can be combined to scale faster

What are Instance Stores?

• Instance Store is a storage volume that functions in the same way as a physical hard disc.
• It serves as a temporary storage location for Amazon EC2 instances.
• The data in an instance store is persistent over the lifetime of the instance.
• Instance Stores are useful for temporary files and quickly restored data, hence it is advised that valuable data not be stored in the store instances.

Elastic Load Balancing Service

• This service is responsible for distributing application traffic across services.
• The Load Balancer serves as a centralized point of contact for incoming web traffic.
• Because of the single point of contact, traffic is routed via the Load Balancer first, distributing the load across the resources.
• It receives requests and routes them to the appropriate instances, ensuring that no resource is overburdened and that traffic is distributed evenly.
• AWS EC2 and Elastic Load Balancing are two distinct services that complement one another effectively.

Monolithic Application

• A monolithic application is an architecture with strongly connected components.
• Databases, servers, and interfaces can be considered components.
• If one of the components fails, a monolithic application is likely to render errors.

Microservices

• Even If one component fails, microservices can assist to keep the service running.
• This is because the services are tightly integrated and communicate with one another.
• Amazon Web Services offers two services to enable this integration :

• AWS Simple Notification Service (AWS SNS)
• AWS Simple Queue Service (AWS SQS)

AWS SNS can publish messages to the following endpoints:

• AWS SQS
• Applications
• AWS Lambda
• HTTP and HTTPS
• Email and Email-JSON
• SMS (depending on region)

What’s The Difference between Amazon SQS and SNS

AWS Simple Notification Service vs AWS Simple Queue Service

• SNS is a notification system that sends messages to its users.
• SQS is a queuing system; receivers must extract messages to be processed and delete them from the queue.
• SNS and SQS may complement one other nicely

What’s the Difference between EC2 and Serverless

• AWS EC2 offers virtual server instances.
• To execute an EC2 instance, you need to first provision the EC2 instances (i.e. Virtual servers), then deploy the codebase and also undertake maintenance and operations of the Virtual servers.
• However, if you go Serverless, you do not need to provision or allocate resources to maintain and operate the servers.
• You only need to think about the code that is to be deployed.
• AWS offers a  serverless compute service called AWS Lambda wherein you can deploy code with support for multiple languages.

Containers in the AWS Cloud

• Containers allow you to bundle code into a single object.
• The container separates the code and removes its dependency on other components.
• Containers are widely used for cloud application deployment and management.

Elastic Container Service – AWS ECS

• ECS enables the execution of containerized applications and improves performance.

How AWS EKS (Amazon Elastic Kubernetes Service) works

• AWS EKS is a service that allows you to run and scale Kubernetes applications and deploy them in the cloud, on-premises, and with your tools.

Serverless Compute for Containers – AWS Fargate

• AWS Fargate is a serverless, pay-as-you-go computing engine that enables you to focus on developing apps rather than managing servers. AWS Fargate works with Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS).

AWS Availability Zone (Amazon AZ)

• A single Data Center or a collection of Data Centers in an area constitutes an Availability Zone.
• The Edge Location is the Data Center that is utilized to quickly provide content to your users.
• AWS Edge Locations makes use of a feature called CloudFront (stores cached copies of the content).

How Cache Works

• The cache keeps subsets of the data and makes it accessible.
• When data is requested, it is copied and saved at the Edge Location.
• The next individual who wants the same data will receive it faster from the closest Edge Location.

AWS Command Line Interface

• When making API queries, the CLI saves you time.
• CLI allows you to use scripts to automate activities on AWS services.

Cloud Orchestration Service – Elastic Beanstalk

• Elastic Beanstalk is a service for managing web infrastructure.
• Beanstalk manages web application and service deployment and scalability.
• Elastic Beanstalk automates the setup, configuration, scaling, and provisioning of AWS services.
• AWS EC2 (Elastic Compute Cloud), Amazon S3 (Simple Storage Service), AWS RDS (Relational Database Service), Amazon DynamoDB, and Amazon SimpleDB can all be automatically managed by AWS Elastic Beanstalk.

What is AWS CloudFormation

• AWS CloudFormation aids in the automation of resource provision.
• CloudFormation is a service that provides infrastructure and allows you to develop templates that define the AWS services you want to use. Thereafter, it takes care of the configuration and provisioning of the resources specified in the template.

AWS Virtual Private Cloud

• AWS VPC is another name for AWS Virtual Private Cloud.
• VPC is a service that allows you to isolate your AWS services within a secure network.
• AWS may limit network traffic by creating boundaries around resources.
• The Virtual Private Gateway secures internet traffic by encrypting it.

Subnets

•  A subnet is a part of VPC.
•  You may group resources using the Subnet.
• The groups may have varying security or operational requirements.
• Subnets can be both public and private.

AWS Direct Connect

• AWS Direct Connect enables you to establish a dedicated private connection between a Data Center and a VPC.
• A dedicated connection allows only you and your data to use the connection. The link is not distributed to anybody else.

AWS ACL (Access Control Lists)

• Network Access Control Lists are called ACLs.
• ACL is a firewall that controls the traffic, both inbound and outbound.
• IAM and ACLs work together to allow access to S3 buckets and objects, so a user only needs the appropriate authorization from one of these systems to access a bucket or object.

Stateless Packet Filtering

• ACLs provide Stateless Packet Filtering.
• They have no memory and will forget the request after it has been processed.

Stateful Packet Filtering

• Security Groups provide stateful Packet filtering.
• They remember the previous actions that were done with Packets

AWS Route 53

• Route 53 is a DNS Web service that connects end users to AWS-hosted internet apps.
• Route 53 links users and their requests to AWS and third-party services.

 What is AWS EBS?

• AWS Elastic Block Store  (EBS) provides storage volumes that can be used for your EC2 instances.
• It is critical to back up the data using AWS EBS snapshots.

Object-level storage contains objects.

Each object is made of:

• Data – any type of file
• Metadata – information about what the data is
• Key – unique identifier

Amazon S3

AWS S3 (Amazon Simple Storage Service) is an object-level storage service.

• S3 Standard: Data that is frequently accessed. High availability of data and most expensive S3 storage class.
• S3 Standard-Infrequent Access (IA): Data that requires high availability but less frequently accesses as compared to S3 standard.
• S3 One Zone-IA (S3 One Zone-Infrequent Access): Data less frequently accessed as compared to the above 2 options. Also, comparatively cheaper than the above two. Uses 1 availability zone.
• S3 Intelligent Tiering: Data with Unpredictable access requirements. Helps in optimizing storage costs.
• S3 Glacier:  Archived data that can be retrieved in a few minutes. Cheaper.
• S3 Glacier Deep Archive: Lowest cost. Archived data that can be retrieved within 12 hours

Compared to AWS EBS, AWS EFS saves the data in many Availability Zones.

Amazon RDS

AWS RDS stands for AWS Relational Database Service. This service automates database tasks and enabled relational databases in the AWS cloud. The following database engines are supported by AWS RDS :

• AWS Aurora
• PostgreSQL
• Oracle Database
• Microsoft SQL Server
• MySQL
• MariaDB

What is Amazon Aurora?

Amazon Aurora is a relational database that offers high availability of data and is best for large organizations and enterprises with large datasets.

AWS DynamoDB

• Non-relational Database on Cloud
• AWS DynamoDB is a serverless, high-performance, non-relational, NoSQL database.

Difference between AWS RDS and AWS DynamoDB

• AWS RDS supports complex data and stores it in tables. Compared to AWS DynamoDB, RDS is slow and more expensive.
• AWS DynamoDB stores data in documents and supports structured data.
• AWS Redshift is a big data analytics service.

You may also expect questions from the following topics in the AWS Cloud Practitioner Certification Exam

AWS DMS (Database Migration Service)

• AWS DMS enables you to move data between databases. You can use this service to combine multiple databases into a single unified database and also to send data to other data sources.

AWS DocumentDB

• It’s a document-based database service that is best for content management systems and cataloging.

AWS Neptune

• It’s a graph database service that helps in deriving value by storing and navigating relationships between entities.

 AWS QLDB (AWS Quantum Ledger Database)

• Sores historical data of application modifications. It’s a ledger database service.

AWS ElastiCache

• Amazon ElastiCache is a fully managed in-memory data storage and caching service. The service boosts web application speed by obtaining data from controlled in-memory caches.

AWS DynamoDB Accelerator (DAX)

• It’s a fully managed, in-memory caching service for AWS DynamoDB that improves read times and performance for your non-relational data.

What is the AWS Shared Responsibility Model?

• The AWS shared responsibility model divides obligations between AWS and a customer.
• AWS’s obligations include cloud security.
• Customer duties include cloud security.

Responsibility of AWS and Customers

AWS’s responsibility is the security of the cloud.

• AWS manages security and all infrastructure layers such as Data centers, Hardware, and software, Virtualization, and Networking

Customers’ responsibility is the security of everything they build and deploy in AWS Cloud. They manage AWS services, software, and access to the data.

AWS IAM, Policies, and AWS Organizations

• When you initially create an AWS account, the root user is created.
• An IAM user is a person or business that interacts with AWS resources and services.
• IAM policies either block or grant access to AWS resources and services.
• An IAM group is a grouping of IAM users. All IAM users in the IAM group are granted permission by the IAM policy given to that group.
• The IAM position allows for temporary access to services or resources.
• Multi-factor authentication is a multi-step process. It can offer more than one authentication method.
• AWS Organization is a container for your Amazon Web Services accounts. It allows you to control the permissions of the accounts in your company.
• Service control policies (SCPs) govern permissions in AWS organizations.

AWS Artifact

• AWS Artifact is a service that provides on-demand access to compliance reports and AWS security.
• AWS Artifact comprises AWS Artifact Reports and AWS Artifact Agreements.

Amazon DoS vs DDoS

• A denial-of-service (DoS) attack is an attempt to render an application or website inoperable.
• A DDoS assault comprises a network of linked internet devices, known as a botnet, that are used to flood a target website with bogus traffic.
• AWS offers an AWS Shield to lessen the consequences of DoS and DDoS attacks on your application or website.

AWS Key Management Service (KMS) secures your application data with cryptographic keys.

 AWS Web Application Firewall (WAF) allows or blocks network traffic by monitoring your application’s network requests.

Amazon Inspector assists you in improving the security of your applications by inspecting software versions and other flaws.

Amazon GuardDuty detects possible threats to AWS resources and infrastructure.

CloudWatch is a web-based service that lets you monitor your resources and create automatic alarms.

CloudTrail logs, continually monitor, and saves account activity connected to AWS infrastructure tasks, providing you control over storage, analysis, and resolution.

AWS Trusted Advisor service checks and offers real-time recommendations to optimize costs, and improve performance, security, and fault tolerance.

The AWS Free Tier offers you access to free services. However, not all services are free as some are limited to 12 months of free access and Trials.

AWS has 4 pricing models

• Pay as You Go
• Pay Less by Using More
• Save When You Reserve
• Free Usage Tier

AWS Budget helps you in planning usage, cost, and instance reservations.

Cost Explorer visualizes your cost and usage so that you can analyze and optimize the costs.

AWS offers 4 types of support plans :

• Developer: Basic use, experimentation, and support during business hours
• Business: Production workloads in AWS, 24/7 support
• Enterprise On-Ramp: Business critical workloads. 24/7 support. Consultative guidance, and access to a pool of technical account managers.
• Enterprise: All the above, designated Technical Account Manager to monitor and recommend optimizations.

• A marketplace is a digital catalog where software suppliers may display and sell their products.
• The AWS CAF (Cloud Adoption Framework) is a framework that guides you through the process of migrating applications to the cloud.

Cloud Migration Strategies

1. Rehosting: lift-and-shift.
2. Replatforming: lift tinker-and-shift.
3. Refactoring: re-architecting
4. Repurchasing: moves your application to a software-as-a-service (SaaS) model from a traditional model
5. Retaining: keeping crucial business applications
6. Retiring:  removing unnecessary applications.

AWS Snow Family

• Amazon Snow Family is a group of devices that transport data in and out of AWS.
• AWS Snow Family devices are physical devices. Exabytes of data.

AWS Snowcone

• AWS Snowcone is a secure and small device that transfers data.

AWS Snowball

• AWS Snowball has 2 types of devices, described in the table below.
• Snowball Edge Storage Optimized Devices:  This is optimal for large-scale data migrations.
• Snowball Edge Compute Optimized Devices is very good for services requiring abundant computing resources.
• AWS Snowmobile migrates large data sets to AWS.
• It can transfer up to 100 petabytes of data

AWS Well-Architected Framework

AWS Well-Architected Framework leverages best practices to optimize your applications in the cloud.

5 Pillars of AWS Well-Architected Framework

1. Operational excellence
2. Security
3. Reliability
4. Performance efficiency
5. Cost optimization