AWS Cloud Practitioner Reference
AWS Cloud Practitioner Reference

AWS Cloud Practitioner Reference

EC2

AWS EC2
Amazon Elastic Compute Cloud (EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make it easy for businesses to deploy applications and scale their computing resources as needed.
 
AMIs
An Amazon Machine Image (AMI) is a template that contains the software configuration (for example, the operating system, application servers, and databases) required to launch an instance. AMIs can be created from existing instances, or from scratch using a variety of tools and services.
 
Instance types/families
Instance types are defined by the hardware configuration of the underlying computing resources. Each instance type is designed for a specific set of workloads and requirements. Instance families group together instance types that have similar characteristics, such as compute power, memory, and storage.
 
Security groups
Security groups are firewall rules that control inbound and outbound traffic to and from instances. Security groups can be applied to multiple instances, and they can be used to create different security zones for your applications.
 
Elastic IPs
An Elastic IP address is a static public IP address that can be assigned to an instance. Elastic IPs are useful for applications that require a fixed IP address, such as web servers and mail servers.
 
 
When you launch an EC2 instance, you must specify an AMI, an instance type, and one or more security groups. You can also optionally assign an Elastic IP address to the instance.
The AMI provides the software configuration for the instance. The instance type determines the hardware configuration of the instance. The security groups control inbound and outbound traffic to and from the instance. The Elastic IP address provides the instance with a static public IP address.
 
 

Elastic Load Balancers

AWS Elastic Load Balancers
An AWS Elastic Load Balancer (ELB) is a network service that distributes traffic across multiple EC2 instances. ELBs can be used to scale your applications horizontally, and to improve the availability and performance of your applications.
 
There are four types of ELBs:
  • Classic ELB: Classic ELBs are the original type of ELB and are still supported, but they are no longer recommended for new deployments.
  • Application Load Balancer (ALB): ALBs are designed for modern applications that use HTTP/2 and other advanced protocols.
  • Network Load Balancer (NLB): NLBs are designed for high-performance applications that need low latency and high throughput.
  • Gateway Load Balancer (GLB): GLBs are designed for routing traffic to multiple VPCs or to on-premises networks.
 
Horizontal vs. Vertical Scaling
Horizontal scaling is the process of adding more EC2 instances to your application to distribute the workload across them. Vertical scaling is the process of increasing the resources of an existing EC2 instance, such as the CPU, memory, or storage.
Horizontal scaling is generally the preferred scaling method because it is more scalable and resilient to failure. Vertical scaling can be useful for short-term spikes in traffic, but it is not as scalable or resilient as horizontal scaling.
 
On-Demand, Spot, and Reserved Instances
On-demand instances are the most flexible type of EC2 instance. You can launch on-demand instances at any time, and you only pay for the time that you use them.
Spot instances are the least expensive type of EC2 instance, but they are also the least reliable. Spot instances are spare capacity that AWS makes available at a discounted price. When demand for EC2 instances increases, AWS can terminate spot instances to make room for on-demand instances.
Reserved instances are the most reliable type of EC2 instance, but they are also the most expensive. Reserved instances are a one- or three-year commitment to use a specific EC2 instance type in a specific AWS Region. In return for this commitment, you receive a significant discount on the price of the EC2 instances.
 

Elastic Beanstalk

AWS Elastic Beanstalk is a platform as a service (PaaS) that makes it easy to deploy and scale web applications and services. Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto scaling to application health monitoring. At the same time, you retain full control over the underlying AWS resources powering your application and can access the underlying resources at any time.
 
Auto Scaling
AWS Elastic Beanstalk Auto Scaling automatically adjusts the number of EC2 instances running your application based on demand. Auto Scaling can scale your application up or down to meet demand, and it can also automatically scale your application to zero instances when there is no demand.
Auto Scaling works by monitoring the health and performance of your application. When Auto Scaling detects that your application is under-resourced, it will launch new EC2 instances. When Auto Scaling detects that your application is over-resourced, it will terminate EC2 instances.
You can configure Auto Scaling to scale your application based on a variety of metrics, such as CPU utilization, memory utilization, and request queue length. You can also configure Auto Scaling to scale your application up or down at specific times of day or on specific days of the week.
 

Serverless & Lambdas

AWS serverless computing is a way to run code without provisioning or managing servers. With serverless computing, you simply deploy your code and AWS takes care of the rest. AWS serverless computing is event-driven, which means that your code is only executed when triggered by an event, such as an HTTP request, a message from an SQS queue, or a change to an S3 bucket.
AWS Lambdas are serverless compute functions that you can use to run code without provisioning or managing servers. AWS Lambdas are event-driven, and they are executed in response to events, such as an HTTP request, a message from an SQS queue, or a change to an S3 bucket.
AWS Lambdas are a good choice for a variety of workloads, such as:
  • Web applications
  • Mobile backends
  • Data processing
  • IoT applications
  • Batch processing
 
 

S3 & S3 Glacier

Amazon Simple Storage Service (S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries use S3 to store and protect any amount of data for a broad range of use cases, such as websites and mobile applications, data lakes and analytics, content delivery, backup and restore, archiving, and disaster recovery.
 
S3 Glacier
S3 Glacier is a low-cost storage service for rarely accessed data. It is ideal for long-term archiving of data, such as medical images, financial records, and user-generated content.
 
S3 Glacier offers three storage classes:
  • S3 Glacier Instant Retrieval: This class is for data that needs to be retrieved quickly, within minutes to hours.
  • S3 Glacier Flexible Retrieval: This class is for data that needs to be retrieved within hours to days.
  • S3 Glacier Deep Archive: This class is for data that needs to be retrieved within days to weeks.
 
 

EBS vs. File Storage

Amazon Elastic Block Store (EBS) is a block storage service that provides persistent storage for Amazon Elastic Compute Cloud (EC2) instances. EBS volumes are attached to EC2 instances and appear as local disks. EBS volumes can be used to store operating systems, applications, and data.
 
AWS file storage
AWS file storage provides shared file systems for EC2 instances and on-premises servers to access. AWS file storage services include Amazon Elastic File System (EFS) and Amazon File Storage (FSx).
 
When to use EBS
EBS is a good choice for storing data that needs to be accessed by a single EC2 instance, such as operating systems and applications. EBS is also a good choice for storing data that needs to be highly performant, such as database files.
 
When to use file storage
File storage is a good choice for storing data that needs to be accessed by multiple EC2 instances or on-premises servers. File storage is also a good choice for storing data that is not performance-critical, such as log files and user-generated content.
 
 

Relational Databases

AWS relational databases are managed services that make it easy to set up, operate, and scale relational databases in the cloud. AWS relational databases are based on popular open-source and commercial database engines, such as MySQL, PostgreSQL, Oracle Database, and Microsoft SQL Server.
 
Types of Available Databases
  • Amazon Relational Database Service (RDS): RDS is a fully managed database service that makes it easy to set up, operate, and scale a variety of relational databases in the cloud.
  • Amazon Aurora: Aurora is a relational database that combines the performance and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases.
  • Amazon Redshift: Redshift is a petabyte-scale data warehouse service that makes it easy to analyze all your data using standard SQL and your existing business intelligence tools.
  • Amazon DynamoDB: DynamoDB is a fully managed, multi-region, multi-master, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications.
EMR
Amazon Elastic MapReduce (EMR) is a managed Hadoop framework service that makes it easy to run big data applications on the cloud. EMR provides a managed Hadoop cluster that you can use to run Hadoop, Apache Spark, Hive, Pig, Presto, and other big data applications.
 
Redshift
Redshift is a petabyte-scale data warehouse service that makes it easy to analyze all your data using standard SQL and your existing business intelligence tools. Redshift is designed for large-scale data warehousing, and it can be used to analyze data from a variety of sources, including relational databases, NoSQL databases, and Hadoop clusters.
 
ElastiCache
ElastiCache is a fully managed, in-memory data store and cache service. It delivers real-time, cost-optimized performance for modern applications. Elasticache scales to hundreds of millions of operations per second with microsecond response time, and offers enterprise-grade security and reliability.
Elasticache is compatible with Redis and Memcached, two popular open-source in-memory data stores.
 

VPCs and Subnets

AWS VPC (Virtual Private Cloud) is like a virtual city for your cloud resources. It lets you create isolated networks for your resources, each with its own set of security and access rules. This helps to keep your resources secure and organized.
Subnets are like the neighborhoods within your VPC. They are smaller networks that you can use to further segment your resources. For example, you might have one subnet for your web servers, another subnet for your database servers, and so on.
 
Public and Private Subnets
AWS subnets are divided into two types: public and private. Public subnets have direct access to the internet, while private subnets do not.
Public subnets are typically used for resources that need to be accessible from the internet, such as web servers and load balancers. Private subnets are typically used for resources that need to be protected from the internet, such as database servers and application servers.
 
NAT Instance and Gateway
A NAT instance (Network Address Translation) translates the private IP addresses of your instances in a private subnet to a public IP address. This allows your instances to communicate with the internet, but it prevents the internet from communicating directly with your instances.
An internet gateway is a highly available, managed gateway that connects your VPC to the internet. Internet gateways are typically used in conjunction with NAT instances to provide internet access to private subnets.
 
NACL vs. Security Groups
A NACL (Network Access Control List) is a firewall that applies to all instances in a subnet. NACLs are used to control inbound and outbound traffic to and from instances in a subnet.
A security group is a firewall that applies to specific instances. Security groups can be used to control inbound and outbound traffic to and from specific instances.
NACLs are typically used to implement coarse-grained firewall rules, while security groups are typically used to implement fine-grained firewall rules.
 
VPC Peering
VPC peering is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they were within the same network.
VPC peering is a good way to connect two VPCs that are owned by the same account, or to connect two VPCs that are owned by different accounts.
 
Direct Connecting vs. Managed VPN
Direct Connect is a service that lets you connect your on-premises network to your AWS VPC. This allows you to create a private connection between your on-premises network and your AWS resources.
A VPN (Virtual Private Network) is a secure tunnel that allows you to send traffic between two networks over the internet. You can use a VPN to connect your on-premises network to your AWS VPC.
 
Infrastructure Extension Service
Infrastructure Extension Service (IES) lets you extend your on-premises network to your AWS VPC. This allows you to use the same networking infrastructure for your on-premises and AWS resources.
IES is a good way to connect your on-premises network to your AWS VPC if you need to use the same networking infrastructure for both environments.
 

IAM

AWS Identity and Access Management (IAM) is a service that helps you to manage who can access your AWS resources and what they can do with them. IAM lets you create users and groups, and assign policies to them. Policies define what actions users and groups can perform on AWS resources.
 
IAM Users
An IAM user is an identity that you create in IAM. IAM users can be people or applications. Each IAM user has a unique user name and password.
 
IAM Groups
An IAM group is a collection of IAM users. You can use IAM groups to manage permissions for multiple users at a time. For example, you could create an IAM group for all of the users in your organization who need to access your web servers.
 
IAM Policies
An IAM policy is a document that defines what actions users and groups can perform on AWS resources. You can create your own IAM policies, or you can use AWS managed policies. AWS managed policies are pre-written policies that you can attach to users and groups to give them access to specific AWS services and resources.
 
IAM Roles
Roles are similar to IAM users, but they are not associated with a specific person. They are a secure way to grant temporary access to AWS resources because they do not have long-term credentials, such as passwords or access keys, that can be compromised.
 

Security and Encryption

Encryption
AWS Encryption is a service that helps you to protect your data by encrypting it. AWS Encryption offers a variety of encryption options, including:
  • Server-side encryption (SSE): SSE encrypts your data at rest on AWS servers.
  • Client-side encryption: Client-side encryption encrypts your data before it is uploaded to AWS.
  • AWS Key Management Service (KMS): KMS is a managed service that makes it easy to create and manage encryption keys.
  • AWS Cloud HSM: Cloud HSM is a managed service that provides hardware security modules (HSMs) for generating, storing, and managing encryption keys. KMS
 
KMS
AWS Key Management Service (KMS) is a managed service that makes it easy to create and manage encryption keys. KMS provides a variety of features for managing encryption keys, including:
  • Key generation: KMS can generate encryption keys for you.
  • Key storage: KMS can store your encryption keys for you.
  • Key rotation: KMS can rotate your encryption keys for you.
  • Key sharing: KMS can share your encryption keys with other AWS accounts.
Cloud HSM
AWS Cloud HSM is a managed service that provides hardware security modules (HSMs) for generating, storing, and managing encryption keys. HSMs are physical devices that are designed to protect encryption keys from unauthorized access.
 
SSE
Server-side encryption (SSE) encrypts your data at rest on AWS servers. SSE is available for a variety of AWS services, including S3, EBS, and RDS.
 
Shield
AWS Shield is a managed DDoS protection service that helps to safeguard applications running on AWS. It provides dynamic detection and automatic inline mitigations that minimize application downtime and latency.
 
WAF
AWS WAF is a web application firewall that helps to protect your web applications from common web attacks, such as SQL injection and cross-site scripting.
 
Macie
AWS Macie is a security service that uses machine learning to automatically identify and protect sensitive data in AWS. Macie can help you to identify sensitive data, such as credit card numbers and social security numbers.
 
Secrets Manager
AWS Secrets Manager is a service that helps you to store and manage secrets. Secrets Manager can store a variety of secrets, including passwords, API keys, and database credentials.
 
Systems Manager Parameter Store
AWS Systems Manager Parameter Store is a service that helps you to store and manage system parameters. Parameter Store can store a variety of parameters, such as configuration settings, environment variables, and database passwords.
 
SSO
AWS Single Sign-On (SSO) is a service that helps you to centrally manage and secure user access to AWS applications. SSO can help you to simplify user login and reduce the risk of security breaches.
 
GuardDuty
AWS GuardDuty is a threat detection service that uses machine learning to identify and respond to threats to your AWS resources. GuardDuty can monitor your AWS resources for malicious activity and send you alerts when it detects suspicious activity.
 
Certificate Manager
AWS Certificate Manager (ACM) is a service that helps you to provide secure connections to your websites and applications. ACM can help you to create, manage, and renew SSL/TLS certificates.
 
Artifact
AWS Artifact is a service that helps you to store, manage, and protect software artifacts. Artifact can store a variety of software artifacts, such as container images, machine learning models, and configuration files.
 
Security Hub
AWS Security Hub is a service that provides a comprehensive view of your security state across AWS accounts. Security Hub aggregates security findings from a variety of AWS security services and provides you with a single place to view and manage your security findings.
 
Detective
AWS Detective is a service that helps you to investigate security incidents. Detective provides you with a visual timeline of security events and helps you to identify the root cause of security incidents.
 

Monitoring

AWS CloudTrail
AWS CloudTrail is a service that records API calls made to AWS services. CloudTrail provides a record of who did what, when, and where in your AWS account. CloudTrail logs can be used for a variety of purposes, such as auditing, compliance, and security investigations.
 
AWS Config
AWS Config is a service that evaluates your AWS resources against desired configurations. Config continuously monitors your AWS resources and sends alerts when it detects changes to your configurations. Config can help you to ensure that your AWS resources are configured correctly and that they remain compliant with your desired configurations.
 
AWS CloudWatch
AWS CloudWatch is a monitoring and observability service that provides data and actionable insights for your AWS-powered applications. CloudWatch collects and analyzes metrics, logs, and events from your Amazon EC2 instances, Amazon RDS databases, and other AWS services.
 

SQS & SNS

AWS SQS
Amazon Simple Queue Service (SQS) is a managed messaging service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS offers a highly scalable, durable, and secure way to buffer messages between applications and components.
 
AWS SNS
Amazon Simple Notification Service (SNS) is a managed push notification service that enables you to decouple microservices, distributed systems, and serverless applications. SNS provides a highly scalable, durable, and secure way to publish messages to a wide range of heterogeneous subscribers and endpoint types.
 
SQS and SNS are both messaging services, but they have different strengths and use cases.
 
SQS is a good choice for:
Decoupling applications: SQS can help you to decouple your applications by providing a buffer between them. This allows your applications to continue processing messages even if one of the applications is unavailable. Scaling microservices: SQS can help you to scale your microservices by providing a way to buffer messages between them. This allows your microservices to handle spikes in traffic without becoming overloaded. Building serverless applications: SQS can be used to build serverless applications by providing a way to trigger AWS Lambda functions when messages are received in a queue.
SNS is a good choice for:
Pushing notifications to devices and applications: SNS can be used to push notifications to devices and applications, such as mobile phones, email clients, and web applications. Sending alerts and alarms: SNS can be used to send alerts and alarms to users when events occur in your AWS environment. Fanning out messages to multiple subscribers: SNS can be used to fan out messages to multiple subscribers, such as email addresses, SMS numbers, and AWS Lambda functions.
 
 

CloudFront & Route 53

AWS CloudFront
Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high performance, and high availability. CloudFront works by caching your content across a global network of edge locations, which are located close to your users. This allows your content to be delivered to your users quickly and efficiently, regardless of their location.
 
AWS Route 53
Amazon Route 53 is a highly scalable and available domain name system (DNS) web service. Route 53 helps you to route your end users to your infrastructure worldwide by directing them to the nearest and healthiest resources. Route 53 provides a number of features, including:
Route 53 provides a global DNS network that directs traffic to your applications, regardless of where your users are located. Latency-based routing: Route 53 can route traffic to your applications based on latency, which can improve the performance of your applications for your users. Route 53 can automatically route traffic away from unhealthy applications, which can improve the reliability of your applications.
AWS Global Accelerator
Amazon Global Accelerator is a networking service that improves the performance and reliability of your global applications. Global Accelerator works by routing traffic to your applications through your AWS edge locations, which are located close to your users. This allows your applications to be delivered to your users quickly and efficiently, even if your applications are located in multiple AWS Regions.
 

On-Premises Migration

AWS Snowball
AWS Snowball is a petabyte-scale data transfer service that uses secure devices to transport data to and from AWS. Snowball is ideal for transferring large amounts of data, such as terabytes or petabytes, into or out of AWS.
 
AWS Datasync
AWS Datasync is a data transfer service that makes it easy to automate the process of moving data between on-premises storage systems and AWS storage services, as well as between AWS storage services. Datasync offers a variety of features to help you manage your data transfers.
 
AWS Data Pipeline
AWS Data Pipeline is a web service that helps you to automate the movement and processing of data between different data stores in AWS. Data Pipeline can be used to build data pipelines that perform tasks.
 
AWS Database Migration Service (DMS)
AWS Database Migration Service (DMS) is a service that helps you to migrate databases to AWS. DMS can migrate databases from a variety of sources, including on-premises databases, cloud databases, and Amazon Relational Database Service (RDS) databases. DMS also offers a variety of features to help you manage your database migrations
 
 

Kinesis

AWS Kinesis is a streaming data platform that makes it easy to collect, process, and store streaming data in real time. It offers two services: Kinesis Data Streams and Kinesis Data Firehose.
 
Kinesis Data Streams
Kinesis Data Streams is a good choice for applications that need to process real-time data at low latency, such as fraud detection and anomaly detection. It can also be used to build custom data processing applications.
 
Kinesis Firehose
Kinesis Data Firehose is a good choice for applications that need to load data into AWS destinations for analytics and machine learning, such as Amazon S3 and Amazon Redshift.
 
Analytics
AWS Analytics offers a variety of services for processing and analyzing streaming data, including Kinesis Analytics and Amazon Elastic MapReduce (EMR).
 

DevOps

AWS DevOps is a set of practices and tools that help organizations to develop, deploy, and manage applications more efficiently and reliably. AWS DevOps is built on the principles of continuous integration (CI) and continuous delivery (CD), which automate the software development lifecycle from code commit to production deployment.
CI/CD is a set of practices that automates the software development and delivery process. CI/CD pipelines typically include the following steps:
  • Code commit: Developers commit their code to a code repository, such as AWS CodeCommit.
  • Build: A CI/CD tool, such as AWS CodeBuild, builds the code into an executable artifact, such as a JAR file or a Docker image.
  • Test: A CI/CD tool runs automated tests on the build artifact to ensure that it meets quality standards.
  • Deploy: A CI/CD tool deploys the build artifact to a production environment, such as AWS Elastic Beanstalk or Amazon Elastic Container Service (ECS).
IAAC
IAAC stands for infrastructure as code. IAAC is a practice of defining and managing infrastructure using code, rather than manually provisioning and configuring resources. AWS provides a number of IAAC tools, such as AWS CloudFormation and AWS CDK.
 
CloudFormation
AWS CloudFormation is a service that helps you to automate the deployment and management of your AWS infrastructure. CloudFormation templates are used to define the resources that you want to deploy and the relationships between them. CloudFormation then provisions and configures the resources for you.
 
OpsWorks
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
 
 

Serverless Orchestration

API Gateway
AWS API Gateway is a fully managed service that makes it easy to create, publish, maintain, monitor, and secure APIs at any scale. It provides a single point of entry for your APIs and handles all the tasks involved in routing requests to the appropriate backend service.
 
Cognito
AWS Cognito is a fully managed user identity and access service that allows you to add user sign-up, sign-in, and access control to your web and mobile applications. It provides a variety of features, including:
  • User authentication: Cognito can authenticate users using a variety of methods, including passwords, social media accounts, and multi-factor authentication.
  • Authorization: Cognito can authorize users to access specific resources in your application.
  • User management: Cognito can manage user accounts, including user profiles, passwords, and groups.
 
Step Functions
AWS Step Functions is a fully managed service that makes it easy to coordinate the execution of multiple AWS services into serverless workflows. It allows you to define and manage complex workflows visually, without having to write any code.
 
Microservices and Containers
Microservices are a software development approach that structures an application as a collection of loosely coupled services. Each service is self-contained and performs a specific task. Microservices are often deployed in containers.
Containers are a way to package and deploy software applications. Containers are lightweight and portable, and they can be run on any platform that supports the Docker runtime.
Kubernetes is an open-source container orchestration platform that automates many of the manual tasks involved in managing containerized applications.
 
ECS Fargate
AWS ECS Fargate is a serverless compute engine that lets you focus on building applications without managing servers. Fargate runs your containerized applications on the optimal infrastructure for you, eliminating the need to provision, configure, and scale servers.
 

Misc.

Control Tower
AWS Control Tower is a managed service that helps you set up and govern a secure, multi-account AWS environment. Control Tower automates many of the tasks involved in setting up and managing a multi-account AWS environment, such as creating accounts, configuring networking, and implementing security best practices.
Transit Gateway
AWS Transit Gateway is a managed service that helps you connect your AWS VPCs, on-premises networks, and other networks together. Transit Gateway provides a central place to manage all of your network connections, and it makes it easy to route traffic between your different networks.
Elastic Container Service
AWS Elastic Container Service (ECS) is a managed container orchestration service that helps you deploy, manage, and scale containerized applications. ECS provides a variety of features for managing containers, including service discovery, load balancing, and health monitoring.
Elastic Kubernetes Service
AWS Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it easy to deploy, manage, and scale Kubernetes applications. EKS provides a variety of features for managing Kubernetes clusters, such as cluster provisioning, node management, and logging and monitoring.
 
Machine Learning
AWS Machine Learning is a collection of machine learning services that helps you build, train, and deploy machine learning models. AWS Machine Learning provides a variety of services for machine learning, including natural language processing, computer vision, and fraud detection.
Proton
AWS Proton is a managed service that helps you deliver and manage serverless applications. Proton automates the deployment and management of serverless applications, and it provides a central place to manage all of your serverless applications.
Connect
AWS Connect is a cloud-based contact center service that helps you provide customer service to your customers. Connect provides a variety of features for customer service, including voice, chat, and email support.
Simple Email Service
AWS Simple Email Service (SES) is a managed email service that helps you send email from your applications. SES provides a reliable and scalable way to send email, and it is easy to use.
AppStream
AWS AppStream 2.0 is a fully managed, streaming application service that provides a secure way to stream desktop applications to end users. AppStream 2.0 is easy to use and can be scaled to meet the needs of any organization.

Guides and practical notes, training references, and code snippets shared freely for learning and career growth.