A W S C E R T I F I E D
CLOUD
PRACTITIONER
EXAM
J O N B O N S O A N D A D R I A N F O R M A R A N
Tutorials Dojo
Study Guide and Cheat Sheets
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
TABLE OF CONTENTS
INTRODUCTION 4
AWS CERTIFIED CLOUD PRACTITIONER EXAM OVERVIEW 5
Exam Details 5
Exam Domains 5
Exam Scoring System 6
Exam Benefits 7
AWS CERTIFIED CLOUD PRACTITIONER EXAM STUDY GUIDE 8
What to review 8
How to review 10
Common Exam Scenarios 11
Validate Your Knowledge 16
Sample Practice Test Questions: 16
Question 1 16
Question 2 19
What to expect from the exam 23
AWS CHEAT SHEETS 24
AWS OVERVIEW 24
AWS Global infrastructure 24
AWS Pricing 26
AWS Well-Architected Framework - Five Pillars 28
AWS Well-Architected Framework - Design Principles 31
AWS Well-Architected Framework - Disaster Recovery 36
AWS Support Plans 38
COMPUTE 41
Amazon EC2 43
AWS Elastic Beanstalk 52
AWS Lambda 54
Amazon Elastic Container Service (ECS) 56
AWS Batch 58
Amazon Elastic Container Registry (ECR) 59
AWS Savings Plan 60
STORAGE 62
Amazon S3 62
https://portal.tutorialsdojo.com/ 1
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon S3 Glacier 69
Amazon EBS 71
Amazon EFS 77
AWS Storage Gateway 80
DATABASE 82
Amazon Aurora 83
Amazon Relational Database Service (RDS) 86
Amazon DynamoDB 93
Amazon Elasticache 97
Amazon Redshift 100
NETWORKING AND CONTENT DELIVERY 101
Amazon API Gateway 101
Amazon CloudFront 103
AWS Elastic Load Balancing 105
Amazon Route 53 111
Amazon VPC 116
SECURITY AND IDENTITY 123
AWS Identity and Access Management (IAM) 123
AWS WAF 128
Amazon Macie 129
AWS Shield 130
Amazon Inspector 131
AWS Organizations 133
AWS Artifact 135
MIGRATION 138
AWS Snowball Edge 138
AWS Snowmobile 139
MANAGEMENT 140
AWS Auto Scaling 140
AWS CloudFormation 143
AWS CloudTrail 144
Amazon CloudWatch 146
AWS OpsWorks 149
AWS Management Console 151
AWS Trusted Advisor 152
ANALYTICS 153
Amazon Kinesis 153
https://portal.tutorialsdojo.com/ 2
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
DEVELOPER 156
AWS CodeDeploy 156
AWS CodePipeline 158
AWS CodeBuild 159
AWS CodeCommit 160
AWS X-Ray 161
AWS BILLING AND COST MANAGEMENT 162
APPLICATION 165
Amazon SQS 165
Amazon SNS 168
AWS Step Functions 170
COMPARISON OF AWS SERVICES 172
S3 vs EBS vs EFS 172
Amazon S3 vs Glacier 174
S3 Standard vs S3 Standard-IA vs S3OneZone-IA 175
RDS vs DynamoDB 176
RDS vs Aurora 179
CloudTrail vs CloudWatch 184
Security Group vs NACL 185
EBS-SSD vs HDD 187
Application Load Balancer vs Network Load Balancer vs Gateway Load Balancer 190
EC2 Container Services ECS vs Lambda 193
FINAL REMARKS 194
ABOUT THE AUTHORS 195
https://portal.tutorialsdojo.com/ 3
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
INTRODUCTION
We are in an age of rapid technological innovation and information exchange. New technologies are being
produced every day by different industries, governments, and researchers to make life more enjoyable. Hence,
people are also beginning to shift their infrastructures onto the cloud, especially onto Amazon Web Services
(AWS). The cloud is the perfect platform for innovation. It allows you to obtain compute and storage capacity
simply through a click of a button. There is no need to meticulously allocate capital anymore for physical
infrastructure and setting them up yourself.
For several years, AWS has been recognized as the leading cloud provider in the market 1 . They have been
continuously upgrading their services to deliver customer satisfaction and drive customer success. Every year,
you can expect AWS to deliver something new to the table. And since the AWS cloud is already so vast,
industries will need trained people who understand how the AWS cloud operates and how to maximize
solutions that will produce the best results. AWS formalizes this process of training and recognition through
their highly valued AWS Certifications .
The path for learning cloud is like a long and exciting journey. Becoming an AWS Cloud Practitioner is a great
way to start it off. It opens up a lot of career opportunities for you, and you can choose the path that you want
to take. You can become a cloud solutions architect, a cloud developer, a cloud operations administrator, or
even entirely something else (specializations). The AWS Cloud Practitioner course is the first step in helping
you understand the value of moving to the cloud, as well as the basic AWS services which are fundamental and
crucial for building success in AWS.
Note: We took extra care to come up with these study guides and cheat sheets, however, this is meant to be
just a supplementary resource when preparing for the exam. We highly recommend working on hands-on
sessions and practice exams to further expand your knowledge and improve your test taking skills.
1 https://aws.amazon.com/blogs/aws/aws-named-as-a-leader-in-gartners-infrastructure-as-a-service-iaas-magic-quadrant-for-the
-9th-consecutiveyear/
https://portal.tutorialsdojo.com/ 4
https://www.qwiklabs.com/
https://www.qwiklabs.com/
https://portal.tutorialsdojo.com/courses/aws-certified-solutions-architect-associate-practice-exams/
https://aws.amazon.com/blogs/aws/aws-named-as-a-leader-in-gartners-infrastructure-as-a-service-iaas-magic-quadrant-for-the-9th-consecutiveyear/
https://aws.amazon.com/blogs/aws/aws-named-as-a-leader-in-gartners-infrastructure-as-a-service-iaas-magic-quadrant-for-the-9th-consecutiveyear/
,RDS and
DynamoDB for Database, Route53, VPC, and AWS Direct Connect for Network
○ Review - AWS Blog and What’s New section of the website
○ Monitoring - Amazon CloudWatch
○ Tradeoffs - Amazon Elasticache, Amazon CloudFront, AWS Snowball, Amazon RDS read
replicas.
● Key AWS service:
https://portal.tutorialsdojo.com/ 29
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Amazon CloudWatch
5. Cost Optimization
● The ability to avoid or eliminate unneeded cost or suboptimal resources.
● There are four best practice areas and tools for cost optimization in the cloud:
○ Cost-Effective Resources - Cost Explorer, Amazon CloudWatch and Trusted Advisor, Amazon
Aurora for RDS, AWS Direct Connect with Amazon CloudFront
○ Matching supply and demand - Auto Scaling
○ Expenditure Awareness - AWS Cost Explorer, AWS Budgets
○ Optimizing Over Time - AWS News Blog and the What’s New section on the AWS website, AWS
Trusted Advisor
● Key AWS service:
○ Cost Explorer
Source:
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
https://portal.tutorialsdojo.com/ 30
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Well-Architected Framework - Design Principles
1. Scalability
● Scaling Horizontally - an increase in the number of resources
● Scaling Vertically - an increase in the specifications of an individual resource
2. Disposable Resources Instead of Fixed Servers
● Instantiating Compute Resources - automate setting up of new resources along with their configuration
and code
● Infrastructure as Code - AWS assets are programmable. You can apply techniques, practices, and tools
from software development to make your whole infrastructure reusable, maintainable, extensible, and
testable.
3. Automation
● Serverless Management and Deployment - being serverless shifts your focus to automation of your
code deployment. AWS handles the management tasks for you.
https://portal.tutorialsdojo.com/ 31
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Infrastructure Management and Deployment - AWS automatically handles details, such as resource
provisioning, load balancing, auto scaling, and monitoring, so you can focus on resource deployment.
● Alarms and Events - AWS services will continuously monitor your resources and initiate events when
certain metrics or conditions are met.
4. Loose Coupling
● Well-Defined Interfaces - reduce interdependencies in a system by allowing various components to
interact with each other only through specific, technology agnostic interfaces, such as RESTful APIs.
● Service Discovery - applications that are deployed as a set of smaller services should be able to be
consumed without prior knowledge of their network topology details. Apart from hiding complexity, this
also allows infrastructure details to change at any time.
● Asynchronous Integration - interacting components that do not need an immediate response and
where an acknowledgement that a request has been registered will suffice, should integrate through an
intermediate durable storage layer.
● Distributed Systems Best Practices - build applications that handle component failure in a graceful
manner.
5. Services, Not Servers
● Managed Services - provide building blocks that developers can consume to power their applications,
such as databases, machine learning, analytics, queuing, search, email, notifications, and more.
● Serverless Architectures - allow you to build both event-driven and synchronous services without
managing server infrastructure, which can reduce the operational complexity of running applications.
6. Databases
● Choose the Right Database Technology for Each Workload
● Relational Databases provide a powerful query language, flexible indexing capabilities, strong integrity
controls, and the ability to combine data from multiple tables in a fast and efficient manner.
● NoSQL Databases trade some of the query and transaction capabilities of relational databases for a
more flexible data model that seamlessly scales horizontally. It uses a variety of data models, including
graphs, key-value pairs, and JSON documents, and are widely recognized for ease of development,
scalable performance, high availability, and resilience.
● Data Warehouses are a specialized type of relational database, which is optimized for analysis and
reporting of large amounts of data.
● Graph Databases uses graph structures for queries.
○ Search Functionalities
■ Search is often confused with query. A query is a formal database query, which is
addressed in formal terms to a specific data set. Search enables datasets to be queried
that are not precisely structured.
https://portal.tutorialsdojo.com/ 32
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
■ A search service can be used to index and search both structured and free text format
and can support functionality that is not available in other databases, such as
customizable result ranking, faceting for filtering, synonyms, and stemming.
7. Managing Increasing Volumes of Data
● Data Lake - an architectural approach that allows you to store massive amounts of data in a central
location so that it's readily available to be categorized,
,processed, analyzed, and consumed by diverse
groups within your organization.
8. Removing Single Points of Failure
● Introducing Redundancy
○ Standby redundancy - when a resource fails, functionality is recovered on a secondary resource
with the failover process. The failover typically requires some time before it completes, and
during this period the resource remains unavailable. This is often used for stateful components
such as relational databases.
○ Active redundancy - requests are distributed to multiple redundant compute resources. When
one of them fails, the rest can simply absorb a larger share of the workload.
● Detect Failure - use health checks and collect logs
● Durable Data Storage
https://portal.tutorialsdojo.com/ 33
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Synchronous replication - only acknowledges a transaction after it has been durably stored in
both the primary storage and its replicas. It is ideal for protecting the integrity of data from the
event of a failure of the primary node.
○ Asynchronous replication - decouples the primary node from its replicas at the expense of
introducing replication lag. This means that changes on the primary node are not immediately
reflected on its replicas.
○ Quorum-based replication - combines synchronous and asynchronous replication by defining a
minimum number of nodes that must participate in a successful write operation.
● Automated Multi-Data Center Resilience - utilize AWS Regions and Availability Zones (Multi-AZ
Principle). (See Disaster Recovery section)
● Fault Isolation and Traditional Horizontal Scaling - Shuffle Sharding
9. Optimize for Cost
● Right Sizing - AWS offers a broad range of resource types and configurations for many use cases.
● Elasticity - save money with AWS by taking advantage of the platform’s elasticity.
● Take Advantage of the Variety of Purchasing Options - Reserved Instances vs Spot Instances (See
AWS Pricing)
10. Caching
● Application Data Caching - store and retrieve information from fast, managed, in-memory caches.
● Edge Caching - serve content by infrastructure that is closer to viewers, which lowers latency and gives
high, sustained data transfer rates necessary to deliver large popular objects to end users at scale.
11. Security
● Use AWS Features for Defense in Depth - secure multiple levels of your infrastructure from network
down to application and database.
● Share Security Responsibility with AWS - AWS handles security OF the Cloud while customers handle
security IN the Cloud.
● Reduce Privileged Access - implement Principle of Least Privilege controls.
● Security as Code - firewall rules, network access controls, internal/external subnets, and operating
system hardening can all be captured in a template that defines a Golden Environment .
● Real-Time Auditing - implement continuous monitoring and automation of controls on AWS to
minimize exposure to security risks.
12. Cloud Architecture Best Practices
There are various best practices that you can follow which can help you build an application in the AWS cloud.
The notable ones are:
https://portal.tutorialsdojo.com/ 34
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
1. Decouple your components - the key concept is to build components that do not have tight
dependencies on each other so that if one component were to fail for some reason, the other
components in the system will continue to work. This is also known as loose coupling. This reinforces
the Service-Oriented Architecture (SOA) design principle that the more loosely coupled the components
of the system are, the better and more stable it scales.
2. Think parallel - This internalizes the concept of parallelization when designing architectures in the
cloud. It encourages you to implement parallelization whenever possible and to also automate the
processes of your cloud architecture.
3. Implement elasticity - This principle is implemented by automating your deployment process and
streamlining the configuration and build process of your architecture. This ensures that the system can
scale in and scale out to meet the demand without any human intervention.
4. Design for failure - This concept encourages you to be a pessimist when designing architectures in the
cloud and assume that the components of your architecture will fail. This reinforces you to always
design your cloud architecture to be highly available and fault-tolerant.
Sources:
https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
https://www.slideshare.net/AmazonWebServices/best-practices-for-architecting-in-the-cloud-jeff-barr
https://portal.tutorialsdojo.com/ 35
https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
https://www.slideshare.net/AmazonWebServices/best-practices-for-architecting-in-the-cloud-jeff-barr
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Well-Architected Framework - Disaster Recovery
● RTO is the time it takes after a disruption to restore a business process to its service level.
● RPO is the acceptable amount of data loss measured in time before the disaster occurs.
● Disaster Recovery With AWS
○ Backup and Restore - storing backup data on S3 and recovering data quickly and reliably.
○ Pilot Light for Quick Recovery into AWS - quicker recovery time than backup and restore
because core pieces of the system are already running and are continually kept up to date.
○ Warm Standby Solution - a scaled-down version of
,a fully functional environment is always
running in the cloud
○ Multi-Site Solution - run your infrastructure on another site, in an active-active configuration.
○ AWS Production to an AWS DR Solution Using Multiple AWS Regions - take advantage of AWS’
multiple availability zones
● Services
○ S3 as a destination for backup data that might be needed quickly to perform a restore.
○ Import/Export for transferring very large data sets by shipping storage devices directly to AWS.
○ Server Migration Service for performing agentless server migrations from on-premises to AWS.
○ Database Migration Service and Schema Conversion Tool for moving databases from
on-premises to AWS and automatically converting SQL schema from one engine to another.
○ Glacier for longer-term data storage where retrieval times of several hours are adequate.
○ Storage Gateway copies snapshots of your on-premises data volumes to S3 for backup. You
can create local volumes or EBS volumes from these snapshots.
○ Preconfigured servers bundled as Amazon Machine Images (AMIs) .
○ Elastic Load Balancing (ELB) for distributing traffic to multiple instances.
○ Route 53 for routing production traffic to different sites that deliver the same application or
service.
○ Elastic IP address for static IP addresses.
○ Virtual Private Cloud (VPC) for provisioning a private, isolated section of the AWS cloud.
○ Direct Connect for a dedicated network connection from your premises to AWS.
○ Relational Database Service (RDS) for scale of a relational database in the cloud.
○ DynamoDB for a fully managed NoSQL database service to store and retrieve any amount of
data and serve any level of request traffic.
○ Redshift for a petabyte-scale data warehouse service that analyzes all your data using existing
business intelligence tools.
○ CloudFormation for creating a collection of related AWS resources and provisioning them in an
orderly and predictable fashion.
○ Elastic Beanstalk is a service for deploying and scaling web applications and services
developed.
○ OpsWorks is an application management service for deploying and operating applications of all
types and sizes.
https://portal.tutorialsdojo.com/ 36
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Source:
https://www.slideshare.net/AmazonWebServices/disaster-recovery-options-with-aws
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-opti
ons-in-the-cloud.html
https://portal.tutorialsdojo.com/ 37
https://www.slideshare.net/AmazonWebServices/disaster-recovery-options-with-aws
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-cloud.html
https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-options-in-the-cloud.html
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Support Plans
With hundreds of services and features, AWS provides a combination of various tools, technologies, programs
and human resources to proactively help their customers. AWS offers various support plans that customers
can choose from based on their needs.
AWS has 4 different Support Plans:
1. Basic
2. Developer
3. Business
4. Enterprise
The Basic Support plan is already available to all AWS customers by default and is free of charge. It also offers
support for account and billing questions including requests for service limit increases. This AWS Support type
includes the following:
● Customer Service & Communities - You have 24x7 access to customer service, AWS
documentation, whitepapers, and support forums.
● AWS Trusted Advisor - This provides guidance on how to properly provision your AWS resources
based on the best practices to further increase performance and improve the overall security of your
cloud architecture. You are only provided access to the 7 core Trusted Advisor checks.
● AWS Personal Health Dashboard - This is a personalized view of the health status of each AWS
service that you currently have. It also provides an alert when your resources are impacted by an
AWS-initiated activity.
A Technical Account Manager (TAM) is a technical point of contact who provides advocacy and guidance to
assist you in planning and building solutions in AWS using industry best practices. This person proactively
coordinates and liaises your concerns to subject matter experts and product teams to ensure that your AWS
environment operates optimally.
Take note that a designated TAM is only available if you opt for the AWS Enterprise Support plan.
https://portal.tutorialsdojo.com/ 38
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Comparison of AWS Support Plans
Customers with an Enterprise support plan are eligible for additional services that are not available in the
Developer or Business plans. Aside from having a designated Technical Account Manager, you will also have
the following benefits if you opt for an Enterprise-level support in AWS:
● Infrastructure Event Management
● Architecture Support
● White-glove case routing
● Management business reviews
● Concierge Support Team
https://portal.tutorialsdojo.com/ 39
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Technical Support Response Times
You can also choose a type of AWS Support Plan based
,on your production workload. If you are only
experimenting, testing or doing a Proof of Concept (POC) in AWS, it is recommended that you choose the
Developer plan. If you have production workloads running in AWS, it is suitable to opt for the Business plan.
Lastly, if you have mission-critical workloads, it is better to stick with an Enterprise plan because it provides the
most efficient response times to support your systems.
With its Enhanced Technical Support, the Enterprise Support plan provides you with 24x7 access to the AWS
Cloud Support Engineers via phone, chat, and email. You can also have an unlimited number of contacts that
can open an unlimited amount of cases. AWS also provides you with a response time of less than 15 minutes
in the event that your business-critical systems go down.
https://portal.tutorialsdojo.com/ 40
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
COMPUTE
AWS provides a variety of cost-effective and flexible computing services to meet the needs of your
organization such as Amazon Elastic Compute Cloud (EC2), Amazon Elastic Container Service (ECS), Amazon
Elastic Container Service for Kubernetes (EKS), Amazon Lightsail, AWS Batch, and AWS Lambda to name a
few. For some services like Amazon EC2, you have extensive control of the underlying resources while for
others, AWS has full control.
With these computing services in AWS, you can dynamically provision a number of resources and pay only the
computing resources you actually consume. This significantly reduces the upfront capital investment required
and replaces it with lower variable costs. Instead of the traditional long-term contracts or up-front
commitments, you can opt to pay your compute resources in AWS using an On-Demand or Spot pricing option
to easily discontinue your cloud resources if you don’t need them, effectively reducing your operating
expenses. Amazon EC2 is a commonly used AWS service which you can integrate with various features and
services like Amazon Machine Image, Instance Store, Elastic Block Store, Elastic Network Interface, Elastic IP,
Auto Scaling, Elastic Load Balancer, Placements Groups, Enhanced Networking, Security Groups and so much
more.
Have you ever heard people say “Amazon Linux EC2 Instance ” instead of “Amazon Linux EC2 Server ” when
they launch a compute resource in AWS? It is because AWS is programmatically creating a new virtual machine
(VM) instance , rather than providing you with an actual physical server , when you launch an EC2 Instance. AWS
has a powerful virtualization infrastructure that is composed of physical servers that they manage. Each
physical server has a host operating system that runs a virtual machine monitor (VMM), also known as a
hypervisor, which instantiates multiple VM “instances” that you can use. These instances use guest operating
systems that you can manage.
https://portal.tutorialsdojo.com/ 41
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS manages, operates, and controls the components from the host operating system and virtualization layer
down to the physical security of the facilities in which the service operates. Conversely, the customer is
responsible for the management of the guest operating system such as installing patches and doing the
necessary security configuration.
You can also use these compute services in AWS to run your High Performance Computing (HPC) applications.
Basically, HPC requires a higher storage I/O and large amounts of memory to perform a complex task. Moving
your HPC workloads to AWS eliminates the unnecessary wait times and long job queues that are associated
with limited on-premises HPC resources. Since there are no upfront capital expenditures or lengthy
procurement cycles, you can get significant cost savings whenever you process time-flexible, stateless
workloads.
https://portal.tutorialsdojo.com/ 42
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon EC2
● A Linux-based/Windows-based/Mac-based virtual server that you can provision.
● You are limited to running up to a total of 20 On-Demand instances across the instance family,
purchasing 20 Reserved Instances, and requesting Spot Instances per your dynamic Spot limit per
region .
Features
● Server environments are called instances .
● Package OS and additional installations in a reusable template called Amazon Machine Images.
● Various configurations of CPU, memory, storage, and networking capacity for your instances, known as
instance types
● Secure login information for your instances using key pairs
● Storage volumes for temporary data that are deleted when you STOP or TERMINATE your instance,
known as instance store volumes. Take note that you can stop an EBS-backed instance but not an
Instance Store-backed instance. You can only either start or terminate an Instance Store-backed
instance.
● Persistent storage volumes for your data using Elastic Block Store volumes (see aws storage services).
● Multiple physical locations for deploying your resources, such as instances and EBS volumes, known as
regions and Availability Zones (see AWS overview) .
● A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your
instances using security groups (see aws networking and content delivery).
● Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses (see aws
networking
,and content delivery).
● Metadata, known as tags , that you can create and assign to your EC2 resources
● Virtual networks you can create that are logically isolated from the rest of the AWS cloud, and that you
can optionally connect to your own network, known as virtual private clouds or VPC s (see aws
networking and content delivery).
● Add a script that will be run on instance boot called user-data .
Instance states
● Start - run your instance normally. You are continuously billed while your instance is running.
● Stop - is just a normal instance shutdown. You may restart it again anytime. All EBS volumes remain
attached, but data in instance store volumes are deleted. You won’t be charged for usage while the
instance is stopped. You can attach or detach EBS volumes. You can also create an AMI from the
instance, and change the kernel, RAM disk, and instance type while in this state.
● Hibernate - When an instance is hibernated, it writes the in-memory state to a file in the root EBS
volume and then shuts itself down. The AMI used to launch the instance must be encrypted, and also
the root EBS volume of the instance. The encryption ensures proper protection for sensitive data when
https://portal.tutorialsdojo.com/ 43
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
it is copied from memory to the EBS volume. While the instance is in hibernation, you pay only for the
EBS volumes and Elastic IP Addresses attached to it; there are no hourly charges.
● Terminate - instance performs a normal shutdown and gets deleted. You won’t be able to restart an
instance once you terminate it. The root device volume is deleted by default, but any attached EBS
volumes are preserved by default. Data in instance store volumes are deleted.
● To prevent accidental termination, enable termination protection.
Root Device Volumes
● The root device volume contains the image used to boot the instance.
● Instance Store-backed Instances
○ Any data on the instance store volumes is deleted when the instance is terminated (instance
store-backed instances do not support the Stop action) or if it fails (such as if an underlying
drive has issues).
● Amazon EBS-backed Instances
○ An Amazon EBS-backed instance can be stopped and later restarted without affecting data
stored in the attached volumes.
○ When in a stopped state, you can modify the properties of the instance, change its size, or
update the kernel it is using, or you can attach your root volume to a different running instance
for debugging or any other purpose.
○ By default, the root device volume for an AMI backed by Amazon EBS is deleted when the
instance terminates.
AMI
● Includes the following:
○ A template for the root volume for the instance (OS, application server, and applications)
○ Launch permissions that control which AWS accounts can use the AMI to launch instances
○ A block device mapping that specifies the volumes to attach to the instance when it's launched
● Backed by Amazon EBS - root device for an instance launched from the AMI is an Amazon EBS volume.
AMIs backed by Amazon EBS snapshots can use EBS encryption.
● Backed by Instance Store - root device for an instance launched from the AMI is an instance store
volume created from a template stored in S3.
https://portal.tutorialsdojo.com/ 44
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● You can copy AMIs to different regions.
Pricing
● On-Demand - pay for the instances that you use by the second, with no long-term commitments or
upfront payments.
● Reserved - make a low, one-time, up-front payment for an instance, reserve it for a one - or three -year
term, and pay a significantly lower hourly rate for these instances. It has two offering classes: Standard
and Convertible.
○ The Standard class provides the most significant discount but you can only modify some of its
attributes during the term. It can also be sold in the Reserved Instance Marketplace.
○ The Convertible class provides a lower discount than Standard Reserved Instances, but can be
exchanged for another Convertible Reserved Instance with different instance attributes.
However, this one cannot be sold in the Reserved Instance Marketplace.
https://portal.tutorialsdojo.com/ 45
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Spot - request unused EC2 instances, which can lower your costs significantly. Spot Instances are
available at up to a 90% discount compared to On-Demand prices.
● Dedicated Hosts – pay for a physical host that is fully dedicated to running your instances, and bring
your existing per-socket, per-core, or per-VM software licenses to reduce costs.
● Dedicated Instances – pay, by the hour, for instances that run on single-tenant hardware.
● There is a data transfer charge when copying AMI from one region to another
● EBS pricing is different from instance pricing. (see AWS storage services)
https://portal.tutorialsdojo.com/ 46
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● AWS imposes a small hourly charge if an Elastic IP address is not associated with a running instance,
or if it is associated with
,a stopped instance or an unattached network interface.
● You are charged for any additional Elastic IP addresses associated with an instance.
● If data is transferred between these two instances, it is charged at "Data Transfer Out from EC2 to
Another AWS Region" for the first instance and at "Data Transfer In from Another AWS Region" for the
second instance.
Security
● Use IAM to control access to your instances (see AWS Security and Identity Service).
○ IAM policies
○ IAM roles
● Restrict access by only allowing trusted hosts or networks to access ports on your instance.
● A security group acts as a virtual firewall that controls the traffic for one or more instances.
○ Create different security groups to deal with instances that have different security requirements.
○ You can add rules to each security group that allow traffic to or from its associated instances.
○ You can modify the rules for a security group at any time.
○ New rules are automatically applied to all instances that are associated with the security group.
○ Evaluates all the rules from all the security groups that are associated with an instance to
decide whether to allow traffic or not.
○ By default, security groups allow all outbound traffic .
○ Security group rules are always permissive ; you can't create rules that deny access.
○ Security groups are stateful
● If you don't specify a security group when you launch an instance, the instance is automatically
associated with the default security group for the VPC, which has the following rules:
○ Allows all inbound traffic only from other instances associated with the default security group.
○ Allows all outbound traffic from the instance.
Networking
● An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. With it, you can
mask the failure of an instance or software by rapidly remapping the address to another instance in
your account.
● You need to associate an Elastic IP address with your instance to enable communication with the
internet.
● An Elastic IP address is for use in a specific region only.
● By default, all AWS accounts are limited to five (5) Elastic IP addresses per region, because public
(IPv4) internet addresses are a scarce public resource.
● By default EC2 instances come only with a private IP when created in a private subnet, and a public and
private IP when created in a public subnet.
https://portal.tutorialsdojo.com/ 47
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● An elastic network interface is a logical networking component in a VPC that represents a virtual
network card, which directs traffic to your instance
● Scale with EC2 Scaling Groups and distribute traffic among instances using Elastic Load Balancer .
Monitoring
● EC2 items to monitor
○ CPU utilization, Network utilization, Disk performance, Disk Reads/Writes using EC2 metrics
○ Memory utilization, disk swap utilization, disk space utilization, page file utilization, log
collection using a monitoring agent/CloudWatch Logs
● Automated monitoring tools include:
○ System Status Checks - monitor the AWS systems required to use your instance to ensure they
are working properly. These checks detect problems with your instance that require AWS
involvement to repair.
○ Instance Status Checks - monitor the software and network configuration of your individual
instance. These checks detect problems that require your involvement to repair.
○ Amazon CloudWatch Alarms - watch a single metric over a time period you specify, and perform
one or more actions based on the value of the metric relative to a given threshold over a number
of time periods.
○ Amazon CloudWatch Events - automate your AWS services and respond automatically to
system events.
○ Amazon CloudWatch Logs - monitor, store, and access your log files from Amazon EC2
instances, AWS CloudTrail, or other sources.
● Monitor your EC2 instances with CloudWatch. By default, EC2 sends metric data to CloudWatch in
5-minute periods.
● You can also enable detailed monitoring to collect data in 1-minute periods.
Instance Metadata and User Data
● Instance metadata is data about your instance that you can use to configure or manage the running
instance.
● View all categories of instance metadata from within a running instance at
http://169.254.169.254/latest/meta-data/
● You can pass two types of user data to EC2: shell scripts and cloud-init directives.
Storage
● EBS (see AWS Storage Services)
○ Provides durable, block-level storage volumes that you can attach to a running instance.
○ Use as a primary storage device for data that requires frequent and granular updates.
○ To keep a backup copy of your data, create a snapshot of an EBS volume, which is stored in S3.
You can create an EBS volume from a snapshot, and attach it to another instance.
https://portal.tutorialsdojo.com/ 48
http://169.254.169.254/latest/meta-data/
http://169.254.169.254/latest/meta-data/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Instance Store
○ Provides temporary block-level storage for instances.
○ The data on an instance store volume persists only during the life of the associated instance; if
you stop or terminate an instance, any data on instance store volumes is lost.
● Elastic File System (EFS) (see AWS Storage Services)
○ Provides scalable file storage for use with Amazon EC2. You can create an EFS file system and
configure your instances to mount the file system.
○ You can use an EFS file system as a common data source for workloads and applications
running on multiple instances.
● FSx Lustre and FSx for Windows File Server
,○ Amazon FSx for Windows File Server is a fully-managed file storage built on Windows Server.
○ Amazon FSx for Lustre is a fully-managed file storage built on the world’s most popular
high-performance file system, Lustre.
● S3 (see AWS Storage Services)
○ Provides access to reliable and inexpensive data storage infrastructure.
○ Storage for EBS snapshots and instance store-backed AMIs.
● Resources and Tagging
○ EC2 resources include images, instances, volumes, and snapshots. When you create a resource,
AWS assigns the resource a unique resource ID .
○ Some resources can be used in all regions (global), and some resources are specific to the
region or Availability Zone in which they reside.
https://portal.tutorialsdojo.com/ 49
Resource Type Description
AWS account Global You can use the same AWS account in all regions.
Key pairs Global or Regional The key pairs that you create using EC2 are tied to the
region where you created them. You can create your own
RSA key pair and upload it to the region in which you want
to use it; therefore, you can make your key pair globally
available by uploading it to each region.
Amazon EC2 resource
identifiers
Regional Each resource identifier, such as an AMI ID, instance ID,
EBS volume ID, or EBS snapshot ID, is tied to its region and
can be used only in the region where you created the
resource.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ You can optionally assign your own metadata to each resource with tags , which consists of a
key and an optional value that you both define.
Sources:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
https://portal.tutorialsdojo.com/ 50
User-supplied resource
names
Regional Each resource name, such as a security group name or
key pair name, is tied to its region and can be used only in
the region where you created the resource. Although you
can create resources with the same name in multiple
regions, they aren't related to each other.
AMIs Regional An AMI is tied to the region where its files are located
within S3. You can copy an AMI from one region to
another.
Elastic IP addresses Regional An Elastic IP address is tied to a region and can be
associated only with an instance in the same region.
Security groups Regional A security group is tied to a region and can be assigned
only to instances in the same region. You can't enable an
instance to communicate with an instance outside its
region using security group rules.
EBS snapshots Regional An EBS snapshot is tied to its region and can only be used
to create volumes in the same region. You can copy a
snapshot from one region to another.
EBS volumes Availability Zone An EBS volume is tied to its Availability Zone and can be
attached only to instances in the same Availability Zone.
Instances Availability Zone An instance is tied to the Availability Zones in which you
launched it. However, its instance ID is tied to the region.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://aws.amazon.com/ec2/features/
https://aws.amazon.com/ec2/pricing/
https://aws.amazon.com/ec2/faqs/
https://portal.tutorialsdojo.com/ 51
https://aws.amazon.com/ec2/features/
https://aws.amazon.com/ec2/pricing/
https://aws.amazon.com/ec2/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Elastic Beanstalk
● Allows you to quickly deploy and manage applications in the AWS Cloud without worrying about the
infrastructure that runs those applications.
● Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling,
and application health monitoring for your applications.
● It is a Platform-as-a-Service
● Elastic Beanstalk supports the following languages:
○ Go
○ Java
○ .NET
○ Node.js
○ PHP
○ Python
○ Ruby
● Elastic Beanstalk supports the following web containers:
○ Tomcat
○ Passenger
○ Puma
● Elastic Beanstalk supports Docker containers.
● Your application’s domain name is in the format: subdomain . region .elasticbeanstalk.com
Monitoring
● Elastic Beanstalk Monitoring console displays your environment's status and application health at a
glance.
● Elastic Beanstalk reports the health of a web server environment depending on how the application
running in it responds to the health check.
● You can create alarms for metrics to help you monitor changes to your environment so that you can
easily identify and mitigate problems before they occur.
● EC2 instances in your Elastic Beanstalk environment generate logs that you can view to troubleshoot
issues with your application or configuration files.
Security
● When you create an environment, Elastic Beanstalk prompts you to provide two AWS IAM roles: a
service role and an instance profile .
○ Service Roles - assumed by Elastic Beanstalk to use other AWS services on your behalf.
○ Instance Profiles - applied to the instances in your environment and allows them to retrieve
application versions from S3, upload logs to S3, and perform other tasks that vary depending on
the environment type and platform.
https://portal.tutorialsdojo.com/ 52
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● User Policies
,- allow users to create and manage Elastic Beanstalk applications and environments.
Pricing
● There is no additional charge for Elastic Beanstalk. You pay only for the underlying AWS resources that
your application consumes.
Sources:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg
https://aws.amazon.com/elasticbeanstalk/details/
https://aws.amazon.com/elasticbeanstalk/pricing/
https://aws.amazon.com/elasticbeanstalk/faqs /
https://portal.tutorialsdojo.com/ 53
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg
https://aws.amazon.com/elasticbeanstalk/details/
https://aws.amazon.com/elasticbeanstalk/pricing/
https://aws.amazon.com/elasticbeanstalk/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Lambda
● A serverless compute service.
● Lambda executes your code only when needed and scales automatically.
● Lambda functions are stateless - no affinity to the underlying infrastructure.
● You choose the amount of memory you want to allocate to your functions and AWS Lambda allocates
proportional CPU power, network bandwidth, and disk I/O.
● Natively supports the following languages:
○ Node.js
○ Java
○ C#
○ Go
○ Python
○ Ruby
○ PowerShell
● You can also provide your own custom runtime.
Components of a Lambda Application
● Function – a script or program that runs in Lambda. Lambda passes invocation events to your function.
The function processes an event and returns a response.
● Runtimes – Lambda runtimes allow functions in different languages to run in the same base execution
environment. The runtime sits in-between the Lambda service and your function code, relaying
invocation events, context information, and responses between the two.
● Event source – an AWS service or a custom service that triggers your function and executes its logic.
● Log streams – While Lambda automatically monitors your function invocations and reports metrics to
CloudWatch, you can annotate your function code with custom logging statements that allow you to
analyze the execution flow and performance of your Lambda function.
Lambda@Edge
● Lets you run Lambda functions to customize content that CloudFront delivers, executing the functions
in AWS locations closer to the viewer. The functions run in response to CloudFront events, without
provisioning or managing servers.
Pricing
● You are charged based on the total number of requests for your functions and the duration, the time it
takes for your code to execute.
https://portal.tutorialsdojo.com/ 54
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Sources:
https://docs.aws.amazon.com/lambda/latest/dg
https://aws.amazon.com/lambda/features/
https://aws.amazon.com/lambda/pricing/
https://aws.amazon.com/lambda/faqs/
https://portal.tutorialsdojo.com/ 55
https://docs.aws.amazon.com/lambda/latest/dg
https://aws.amazon.com/lambda/features/
https://aws.amazon.com/lambda/pricing/
https://aws.amazon.com/lambda/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Elastic Container Service (ECS)
● A container management service to run, stop, and manage Docker containers on a cluster.
● ECS can be used to create a consistent deployment and build experience, manage, and scale batch and
Extract-Transform-Load (ETL) workloads, and build sophisticated application architectures on a
microservices model.
● Amazon ECS is a regional service.
Features
● You can create ECS clusters within a new or existing VPC.
● After a cluster is up and running, you can define task definitions and services that specify which Docker
container images to run across your clusters.
● AWS Compute SLA guarantees a Monthly Uptime Percentage of at least 99.99% for Amazon ECS.
Components
● Containers and Images
○ Your application components must be architected to run in containers ー containing everything
that your software application needs to run: code, runtime, system tools, system libraries, etc.
○ Containers are created from a read-only template called an image .
○ Images are typically built from a Dockerfile , a plain text file that specifies all of the components
that are included in the container. These images are then stored in a registry from which they
can be downloaded and run on your cluster.
○ When you launch a container instance, you have the option of passing user data to the instance.
The data can be used to perform common automated configuration tasks and even run scripts
when the instance boots.
○ Docker Volumes can be a local instance store volume, EBS volume or EFS volume. Connect your
Docker containers to these volumes using Docker drivers and plugins.
AWS Fargate
● You can use Fargate with ECS to run containers without having to manage servers or clusters of EC2
instances.
● You no longer have to provision, configure, or scale clusters of virtual machines to run containers.
● Fargate only supports container images hosted on Elastic Container Registry (ECR) or Docker Hub.
Monitoring
● You can configure your container instances to send log information to CloudWatch Logs. This enables
you to view different logs from your container instances in one convenient location.
https://portal.tutorialsdojo.com/ 56
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● With CloudWatch Alarms, watch a single metric over a time period that you specify, and perform one or
more actions based on
,the value of the metric relative to a given threshold over a number of time
periods.
● Share log files between accounts, monitor CloudTrail log files in real time by sending them to
CloudWatch Logs.
Tagging
● ECS resources, including task definitions, clusters, tasks, services, and container instances, are
assigned an Amazon Resource Name (ARN) and a unique resource identifier (ID). These resources can
be tagged with values that you define, to help you organize and identify them.
Pricing
● With Fargate, you pay for the amount of vCPU and memory resources that your containerized
application requests. vCPU and memory resources are calculated from the time your container images
are pulled until the Amazon ECS Task terminates.
● There is no additional charge for EC2 launch type. You pay for AWS resources (e.g. EC2 instances or
EBS volumes) you create to store and run your application.
Sources:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
https://aws.amazon.com/ecs/features/
https://aws.amazon.com/ecs/pricing/
https://aws.amazon.com/ecs/faqs/
https://portal.tutorialsdojo.com/ 57
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
https://aws.amazon.com/ecs/features/
https://aws.amazon.com/ecs/pricing/
https://aws.amazon.com/ecs/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Batch
● Enables you to run batch computing workloads on the AWS Cloud.
● It is a regional service that simplifies running batch jobs across multiple AZs within a region.
Features
● Batch manages compute environments and job queues, allowing you to easily run thousands of jobs of
any scale using EC2 and EC2 Spot.
● Batch chooses where to run the jobs, launching additional AWS capacity if needed.
● Batch carefully monitors the progress of your jobs. When capacity is no longer needed, it will be
removed.
● Batch provides the ability to submit jobs that are part of a pipeline or workflow, enabling you to express
any interdependencies that exist between them as you submit jobs.
Security
● Take advantage of IAM policies, roles, and permissions.
Monitoring
● You can use the AWS Batch event stream for CloudWatch Events to receive near real-time notifications
regarding the current state of jobs that have been submitted to your job queues.
● Events from the AWS Batch event stream are ensured to be delivered at least one time.
● CloudTrail captures all API calls for AWS Batch as events.
Pricing
● There is no additional charge for AWS Batch. You pay for resources you create to store and run your
application.
Sources:
https://docs.aws.amazon.com/batch/latest/userguide/
https://aws.amazon.com/batch/features/
https://aws.amazon.com/batch/pricing/
https://aws.amazon.com/batch/faqs/
https://portal.tutorialsdojo.com/ 58
https://docs.aws.amazon.com/batch/latest/userguide/
https://aws.amazon.com/batch/features/
https://aws.amazon.com/batch/pricing/
https://tutorialsdojo.com/courses/mobile-app-courses/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Elastic Container Registry (ECR)
● A managed AWS Docker registry service.
● Amazon ECR is a regional service.
Features
● ECR supports Docker Registry HTTP API V2 allowing you to use Docker CLI commands or your
preferred Docker tools in maintaining your existing development workflow.
● ECR stores both the containers you create and any container software you buy through AWS
Marketplace.
● ECR stores your container images in Amazon S3.
● ECR supports the ability to define and organize repositories in your registry using namespaces.
● You can transfer your container images to and from Amazon ECR via HTTPS.
Pricing
● You pay only for the amount of data you store in your repositories and data transferred to the Internet.
Sources:
https://docs.aws.amazon.com/AmazonECR/latest/userguide/
https://aws.amazon.com/ecr/features/
https://aws.amazon.com/ecr/pricing/
https://aws.amazon.com/ecr/faqs/
https://portal.tutorialsdojo.com/ 59
https://docs.aws.amazon.com/AmazonECR/latest/userguide/
https://aws.amazon.com/ecr/features/
https://aws.amazon.com/ecr/pricing/
https://aws.amazon.com/ecr/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Savings Plan
● Savings Plan is a flexible pricing model that helps you save up cost on Amazon EC2, AWS Fargate, and
AWS Lambda usage.
● You can purchase Savings Plans from any account, payer or linked.
● By default, the benefit provided by Savings Plans is applicable to usage across all accounts within an
AWS Organization/consolidated billing family. You can also choose to restrict the benefit of Savings
Plans to only the account that purchased them.
● Similar to Reserved Instances, you have All Upfront, Partial upfront, or No upfront payment options.
Plan Types
● Compute Savings Plans - provide the most flexibility and prices that are up to 66 percent off of
On-Demand rates. These plans automatically apply to your EC2 instance usage, regardless of instance
family (example, M5, C5, etc.), instance sizes (example, c5.large, c5.xlarge, etc.), Region (for example,
us-east-1, us-east-2, etc.), operating system (for example, Windows, Linux, etc.), or tenancy (Dedicated,
default, dedicated host). They also apply to your Fargate and Lambda usage.
○ You can move a workload between different instance families, shift your usage between
different regions, or migrate your application from Amazon EC2 to Amazon ECS using Fargate at
any time and continue to receive the discounted rate provided by your Savings Plan.
● EC2 Instance Savings Plans - provide savings up to 72
,percent off On-Demand, in exchange for a
commitment to a specific instance family in a chosen AWS Region (for example, M5 in N. Virginia
US-East-1). These plans automatically apply to usage regardless of instance size, OS, and tenancy
within the specified family in a region.
○ You can change your instance size within the instance family (example, from c5.xlarge to
c5.2xlarge) or the operating system (example, from Windows to Linux), or move from Dedicated
tenancy to Default and continue to receive the discounted rate provided by your Savings Plan.
Savings Plan vs RIs
https://portal.tutorialsdojo.com/ 60
Compute Savings
Plans
EC2 Instance
Savings Plans
Convertible RIs Standard RIs
Savings over On-Demand Up to 66 percent Up to 72 percent Up to 66 percent Up to 72 percent
Automatically applies
pricing to any instance
family
✓ — — —
Automatically applies
pricing to any instance
size
✓ ✓ Regional only Regional only
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Monitoring
● The Savings Plans Inventory page shows a detailed overview of the Savings Plans you own.
● If you're a user in a linked account of AWS Organizations, you can view the Savings Plans owned by
your specific linked account.
● If you’re a user in the payer account in AWS Organizations, you can view Savings Plans owned only by
the payer account, or you can view Savings Plans owned by all accounts in AWS Organizations.
● You can use AWS Budgets to set budgets for your Savings Plan utilization, coverage, and costs.
Sources:
https://aws.amazon.com/savingsplans/
https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html
https://aws.amazon.com/savingsplans/faq/
https://portal.tutorialsdojo.com/ 61
Automatically applies
pricing to any tenancy or
OS
✓ ✓ — —
Automatically applies to
Amazon ECS using
Fargate and Lambda
✓ — — —
Automatically applies
pricing across AWS
Regions
✓ — — —
Term length options of 1
or 3 years
✓ ✓ ✓ ✓
https://aws.amazon.com/savingsplans/
https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html
https://aws.amazon.com/savingsplans/faq/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
STORAGE
Amazon S3
● S3 stores data as objects within buckets .
● An object consists of a file and optionally any metadata that describes that file.
● A key is the unique identifier for an object within a bucket.
● Storage capacity is virtually unlimited.
Buckets
● For each bucket, you can:
○ Control access to it (create, delete, and list objects in the bucket)
○ View access logs for it and its objects
○ Choose the geographical region where to store the bucket and its contents.
● Bucket name must be a unique DNS-compliant name.
○ The name must be unique across all existing bucket names in Amazon S3.
○ After you create the bucket you cannot change the name.
○ The bucket name is visible in the URL that points to the objects that you're going to put in your
bucket.
● By default, you can create up to 100 buckets in each of your AWS accounts.
● You can't change its Region after creation.
● You can host static websites by configuring your bucket for website hosting.
● You can't delete an S3 bucket using the Amazon S3 console if the bucket contains 100,000 or more
objects. You can't delete an S3 bucket using the AWS CLI if versioning is enabled.
Storage Classes
● Storage Classes for Frequently Accessed Objects
○ S3 STANDARD for general-purpose storage of frequently accessed data.
● Storage Classes for Infrequently Accessed Objects
○ S3 STANDARD_IA for long-lived, but less frequently accessed data. It stores the object data
redundantly across multiple geographically separated AZs.
○ S3 ONEZONE_IA stores the object data in only one AZ. Less expensive than STANDARD_IA, but
data is not resilient to the physical loss of the AZ.
○ These two storage classes are suitable for objects larger than 128 KB that you plan to store for
at least 30 days . If an object is less than 128 KB, Amazon S3 charges you for 128 KB. If you
delete an object before the 30-day minimum, you are charged for 30 days.
● Amazon S3 Intelligent Tiering
https://portal.tutorialsdojo.com/ 62
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ S3 Intelligent-Tiering is a storage class designed for customers who want to optimize storage
costs automatically when data access patterns change, without performance impact or
operational overhead.
○ S3 Intelligent-Tiering is the first cloud object storage class that delivers automatic cost savings
by moving data between two access tiers — frequent access and infrequent access — when
access patterns change, and is ideal for data with unknown or changing access patterns.
○ There are no retrieval fees in S3 Intelligent-Tiering.
● GLACIER
○ For long-term archive
○ Archived objects are not available for real-time access. You must first restore the objects before
you can access them.
○ Glacier objects are visible through S3 only.
○ Retrieval Options
■ Expedited - allows you to quickly access your data when occasional urgent requests for
a subset of archives are required. For all but the largest archived objects, data accessed
are typically made available within 1–5 minutes.
■ Standard - allows you to access any of your archived objects within several hours.
Standard retrievals typically complete within 3–5 hours.
,https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CERTIFIED CLOUD PRACTITIONER EXAM OVERVIEW
In 2013, Amazon Web Services (AWS) began the Global Certification Program with the primary purpose of
validating the technical skills and knowledge for building secure and reliable cloud-based applications using
the AWS platform. By successfully passing the AWS exam, individuals can prove their expertise to their current
and future employers. The AWS Certified Cloud Practitioner exam is currently the most basic certificate that
you can get and is also known to be the easiest among all of the certification exams.
Fun Fact : The AWS Certified Cloud Practitioner was the first certification exam allowed by AWS that can be
taken from your home or your office.
Exam Details
The AWS Certified Cloud Practitioner (CLF-C01) examination is intended for individuals who have the
knowledge and skills necessary to effectively demonstrate an overall understanding of the AWS Cloud,
independent of specific technical roles addressed by other AWS certifications (for example, Solutions Architect
- Associate, Developer - Associate, or SysOps Administrator - Associate). It is composed of identification and
enumeration questions that are formatted as either multiple-choice or multiple-response.
For multiple-choice types of questions, you will have to choose one correct response out of four options. For
multiple-response types of questions, you will have to choose two or more correct responses out of five or
more options. You can take the exam via online proctoring or from a testing center close to you.
Exam Code: CLF-C01
Prerequisites: None
No. of Questions: 65
Score Range: 100-1000
Cost: 100 USD (Practice exam: 20 USD)
Passing Score: 700
Time Limit: 90 minutes
Exam Domains
The AWS Certified Cloud Practitioner exam has four different domains, each with a corresponding weight and
topic coverage. The domains are: Cloud Concepts (28%), Security (24%), Technology (36%), Billing and Pricing
(12%).
Domain 1: Cloud Concepts
1.1 Define the AWS Cloud and its value proposition
1.2 Identify aspects of AWS Cloud economics
https://portal.tutorialsdojo.com/ 5
https://aws.amazon.com/blogs/apn/now-you-can-take-the-aws-certified-cloud-practitioner-exam-at-your-home-or-office-24-7/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
1.3 List the different cloud architecture design principles
Domain 2: Security
2.1 Define the AWS Shared Responsibility model
2.2 Define AWS Cloud security and compliance concepts
2.3 Identify AWS access management capabilities
2.4 Identify resources for security support
Domain 3: Technology
3.1 Define methods of deploying and operating in the AWS Cloud
3.2 Define the AWS global infrastructure
3.3 Identify the core AWS services
3.4 Identify resources for technology support
Domain 4: Billing and Pricing
4.1 Compare and contrast the various pricing models for AWS
4.2 Recognize the various account structures in relation to AWS billing and pricing
4.3 Identify resources available for billing support
Exam Scoring System
You can get a score from 100 to 1,000 with a minimum passing score of 700 when you take the AWS Certified
Cloud Practitioner exam. AWS uses a scaled scoring model to associate scores across multiple exam types
that may have different levels of difficulty. Your complete score report will be sent to you by email 1 - 5
business days after your exam. However, as soon as you finish your exam, you’ll immediately see a pass or fail
notification on the testing screen.
For individuals who unfortunately do not pass their exams, you must wait 14 days before you are allowed to
retake the exam. There is no hard limit on the number of attempts you can retake an exam. Once you pass,
you’ll receive various benefits such as a discount coupon which you can use for your next AWS exam.
Once you receive your score report via email, the result should also be saved in your AWS Certification account
already. The score report contains a table of your performance on each domain and it will indicate whether you
have met the level of competency required for these domains. Take note that you do not need to achieve
competency in all domains for you to pass the exam. At the end of the report, there will be a score
performance table that highlights your strengths and weaknesses which will help you determine the areas you
need to improve on.
https://portal.tutorialsdojo.com/ 6
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Exam Benefits
If you successfully passed any AWS exam, you will be eligible for the following benefits:
● Exam Discount - You’ll get a 50% discount voucher that you can apply for your recertification or any
other exam you plan to pursue. To access your discount voucher code, go to the “Benefits” section of
your AWS Certification Account, and apply the voucher when you register for your next exam.
● Free Practice Exam - To help you prepare for your next exam, AWS provides another voucher that you
can use to take any official AWS practice exam for free. You can access your voucher code from the
“Benefits” section of your AWS Certification Account.
● AWS Certified Store - All AWS certified professionals will be given access to exclusive AWS Certified
merchandise. You can get your store access from the “Benefits” section of your AWS Certification
Account.
● Certification Digital Badges - You can showcase your achievements to your colleagues and employers
,This is the default option for
retrieval requests that do not specify the retrieval option.
■ Bulk - Glacier’s lowest-cost retrieval option, enabling you to retrieve large amounts, even
petabytes, of data inexpensively in a day. Bulk retrievals typically complete within 5–12
hours.
○ For S3 Standard, S3 Standard-IA, and Glacier storage classes, your objects are automatically
stored across multiple devices spanning a minimum of three Availability Zones.
https://portal.tutorialsdojo.com/ 63
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Bucket Configurations
https://portal.tutorialsdojo.com/ 64
Subresource Description
location Specify the AWS Region where you want S3 to create the bucket.
policy and ACL (access
control list)
All your resources are private by default. Use bucket policy and ACL
options to grant and manage bucket-level permissions.
website You can configure your bucket for static website hosting.
logging Logging enables you to track requests for access to your bucket. Each
access log record provides details about a single access request,
such as the requester, bucket name, request time, request action,
response status, and error code, if any.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Objects
● Each S3 object has data , a key , and metadata .
● Tagging
○ You can associate up to 10 tags with an object. Tags associated with an object must have
unique tag keys.
Pricing
● S3 charges you only for what you actually use, with no hidden fees and no overage charges
● No charge for creating a bucket, but only for storing objects in the bucket and for transferring objects in
and out of the bucket.
https://portal.tutorialsdojo.com/ 65
tagging S3 provides the tagging subresource to store and manage tags on a
bucket. AWS generates a cost allocation report with usage and costs
aggregated by your tags.
Charge Comments
Storage You pay for storing objects in your S3 buckets. The rate you’re charged
depends on your objects' size, how long you stored the objects during the
month, and the storage class.
Requests You pay for requests, for example, GET requests, made against your S3
buckets and objects. This includes lifecycle requests. The rates for
requests depend on what kind of request you’re making.
Retrievals You pay for retrieving objects that are stored in STANDARD_IA,
ONEZONE_IA, and GLACIER storage.
Early Deletes If you delete an object stored in STANDARD_IA, ONEZONE_IA, or
GLACIER storage before the minimum storage commitment has passed,
you pay an early deletion fee for that object.
Storage
Management
You pay for the storage management features that are enabled on your
account’s buckets.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Security
● Policies contain the following:
○ Resources – buckets and objects
○ Actions – set of operations
○ Effect – can be either allow or deny. Need to explicitly grant allow to a resource.
○ Principal – the account, service or user who is allowed access to the actions and resources in
the statement.
● Resource Based Policies
○ Bucket Policies
■ Provides centralized access control to buckets and objects based on a variety of
conditions, including S3 operations, requesters, resources, and aspects of the request
(e.g., IP address).
■ Can either add or deny permissions across all (or a subset) of objects within a bucket.
■ IAM users need additional permissions from root account to perform bucket operations.
■ Bucket policies are limited to 20 KB in size.
○ Access Control Lists
■ A list of grants identifying grantee and permission granted.
■ ACLs use an S3–specific XML schema.
■ You can grant permissions only to other AWS accounts, not to users in your account.
■ You cannot grant conditional permissions, nor explicitly deny permissions.
■ Object ACLs are limited to 100 granted permissions per ACL.
■ The only recommended use case for the bucket ACL is to grant write permissions to the
S3 Log Delivery group .
● User Policies
○ AWS IAM (see AWS Security and Identity Services)
■ IAM User Access Keys
■ Temporary Security Credentials
● Versioning
○ Use versioning to keep multiple versions of an object in one bucket.
○ Versioning protects you from the consequences of unintended overwrites and deletions.
○ You can also use versioning to archive objects so you have access to previous versions.
https://portal.tutorialsdojo.com/ 66
Bandwidth You pay for all bandwidth into and out of S3, except for the following:
● Data transferred in from the internet
● Data transferred out to an Amazon EC2 instance, when the
instance is in the same AWS Region as the S3 bucket
● Data transferred out to Amazon CloudFront
You also pay a fee for any data transferred using Amazon S3 Transfer
Acceleration.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ You can permanently delete an object by specifying the version you want to delete. Only the
owner of an Amazon S3 bucket can permanently delete a version.
● Encryption
○ Server-side Encryption using
■ Amazon S3-Managed Keys (SSE-S3)
■ AWS KMS-Managed Keys (SSE-KMS)
■ Customer-Provided Keys (SSE-C)
○ Client-side Encryption using
■ AWS
,KMS-managed customer master key
■ client-side master key
● MFA Delete
○ MFA delete grants additional authentication for either of the following operations:
■ Change the versioning state of your bucket
■ Permanently delete an object version
○ MFA Delete requires two forms of authentication together:
■ Your security credentials
■ The concatenation of a valid serial number, a space, and the six-digit code displayed on
an approved authentication device
● Cross-Account Access
○ You can provide another AWS account access to an object that is stored in an Amazon Simple
Storage Service (Amazon S3) bucket. These are the methods on how to grant cross-account
access to objects that are stored in your own Amazon S3 bucket:
■ Resource-based policies and AWS Identity and Access Management (IAM) policies for
programmatic-only access to S3 bucket objects
■ Resource-based Access Control List (ACL) and IAM policies for programmatic-only
access to S3 bucket objects
■ Cross-account IAM roles for programmatic and console access to S3 bucket objects
● Requester Pays Buckets
○ Bucket owners pay for all of the Amazon S3 storage and data transfer costs associated with
their bucket. To save on costs, you can enable the Requester Pays feature so the requester will
pay the cost of the request and the data download from the bucket instead of the bucket owner.
Take note that the bucket owner always pays the cost of storing data.
● Monitoring
○ Automated monitoring tools to watch S3:
■ Amazon CloudWatch Alarms – Watch a single metric over a time period that you specify,
and perform one or more actions based on the value of the metric relative to a given
threshold over a number of time periods.
■ AWS CloudTrail Log Monitoring – Share log files between accounts, monitor CloudTrail
log files in real time by sending them to CloudWatch Logs, write log processing
applications in Java, and validate that your log files have not changed after delivery by
CloudTrail.
https://portal.tutorialsdojo.com/ 67
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Monitoring with CloudWatch
■ Daily Storage Metrics for Buckets ‐ You can monitor bucket storage using CloudWatch,
which collects and processes storage data from S3 into readable, daily metrics.
■ Request metrics ‐ You can choose to monitor S3 requests to quickly identify and act on
operational issues. The metrics are available at 1 minute intervals after some latency to
process.
Sources:
https://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html
https://aws.amazon.com/s3/faqs/
https://portal.tutorialsdojo.com/ 68
https://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html
https://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon S3 Glacier
● Long-term archival solution optimized for infrequently used data, or "cold data."
● You can store an unlimited number of archives and an unlimited amount of data.
● You cannot specify Glacier as the storage class at the time you create an object.
● It is designed to provide an average annual durability of 99.999999999% for an archive. Glacier
synchronously stores your data across multiple AZs before confirming a successful upload.
● To prevent corruption of data packets over the wire, Glacier uploads the checksum of the data during
data upload. It compares the received checksum with the checksum of the received data and validates
data authenticity with checksums during data retrieval.
● Glacier works together with Amazon S3 lifecycle rules to help you automate archiving of S3 data and
reduce your overall storage costs. Requested archival data is copied to S3 One Zone-IA
Data Model
● Vault
○ A container for storing archives.
○ Each vault resource has a unique address with form:
https:// region-specific endpoint / account-id /vaults/ vaultname
○ You can store an unlimited number of archives in a vault.
○ Vault operations are Region specific.
● Archive
○ Can be any data such as a photo, video, or document and is a base unit of storage in Glacier.
○ Each archive has a unique address with form:
https:// region-specific-endpoint / account-id /vaults/ vault-name /archives/ archive-id
Security
● Glacier encrypts your data at rest by default and supports secure data transit with SSL.
● Data stored in Amazon Glacier is immutable, meaning that after an archive is created it cannot be
updated.
● Access to Glacier requires credentials that AWS can use to authenticate your requests. Those
credentials must have permissions to access Glacier vaults or S3 buckets.
● You can attach identity-based policies to IAM identities.
● A Glacier vault is the primary resource and resource-based policies are referred to as vault policies .
● When activity occurs in Glacier, that activity is recorded in a CloudTrail event along with other AWS
service events in Event History .
Pricing
● You are charged per GB per month of storage
https://portal.tutorialsdojo.com/ 69
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● You are charged for retrieval operations such as retrieve requests and amount of data retrieved
depending on the data access tier - Expedited, Standard, or Bulk
● Upload requests are charged.
● You are charged for data transferred out of Glacier.
● Pricing for Glacier Select is based upon the total amount of data scanned, the amount of data returned,
and the number of requests initiated.
● There is a charge if you delete data
,within 90 days.
Sources:
https://docs.aws.amazon.com/amazonglacier/latest/dev/
https://aws.amazon.com/glacier/features/?nc=sn&loc=2
https://aws.amazon.com/glacier/pricing/?nc=sn&loc=3
https://aws.amazon.com/glacier/faqs/?nc=sn&loc=6
https://portal.tutorialsdojo.com/ 70
https://docs.aws.amazon.com/amazonglacier/latest/dev/
https://aws.amazon.com/glacier/features/?nc=sn&loc=2
https://aws.amazon.com/glacier/pricing/?nc=sn&loc=3
https://aws.amazon.com/glacier/faqs/?nc=sn&loc=6
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon EBS
● Block level storage volumes for use with EC2 instances.
● Well-suited for use as the primary storage for file systems, databases, or for any applications that
require fine granular updates and access to raw, unformatted, block-level storage.
● Well-suited to both database-style applications (random reads and writes), and to throughput-intensive
applications (long, continuous reads and writes).
● New EBS volumes receive their maximum performance the moment that they are available and do not
require initialization (formerly known as pre-warming). However, storage blocks on volumes that were
restored from snapshots must be initialized (pulled down from Amazon S3 and written to the volume)
before you can access the block.
Features
● Different types of storage options: General Purpose SSD (gp2,gp3) , Provisioned IOPS SSD (io1,io2) ,
Throughput Optimized HDD (st1) , and Cold HDD (sc1) volumes up to 16 TiB in size or 64TiB for io2
Block Express.
● You can mount multiple volumes on the same instance, and you can mount a Provisioned IOPS volume
to multiple instances at a time using Amazon EBS Multi-Attach.
● Enable Multi-Attach on EBS Provisioned IOPS io1 volumes to allow a single volume to be concurrently
attached to up to sixteen AWS Nitro System-based Amazon EC2 instances within the same AZ.
● You can create a file system on top of these volumes, or use them in any other way you would use a
block device (like a hard drive).
● You can use encrypted EBS volumes to meet data-at-rest encryption requirements for regulated/audited
data and applications.
● You can create point-in-time snapshots of EBS volumes, which are persisted to Amazon S3. Similar to
AMIs. Snapshots can be copied across AWS regions.
● Volumes are created in a specific AZ, and can then be attached to any instances in that same AZ. To
make a volume available outside of the AZ, you can create a snapshot and restore that snapshot to a
new volume anywhere in that region.
● You can copy snapshots to other regions and then restore them to new volumes there, making it easier
to leverage multiple AWS regions for geographical expansion, data center migration, and disaster
recovery.
● Performance metrics, such as bandwidth, throughput, latency, and average queue length, provided by
Amazon CloudWatch, allow you to monitor the performance of your volumes to make sure that you are
providing enough performance for your applications without paying for resources you don't need.
● EBS fast snapshot restore allows you to create a volume from a snapshot that is fully initialized. This
removes the latency of I/O operations on the block when accessed for the first time.
https://portal.tutorialsdojo.com/ 71
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Types of EBS Volumes
https://portal.tutorialsdojo.com/ 72
Volume Name General Purpose SSD Provisioned IOPS SSD
Volume type gp3 gp2 io2 io1
Description
General Purpose SSD
volume that balances
price performance for
a wide variety of
transactional
workloads
General Purpose SSD
volume that balances
price performance for
a wide variety of
transactional
workloads
High performance
SSD volume designed
for business-critical
latency-sensitive
applications
High performance
SSD volume designed
for latency-sensitive
transactional
workloads
Use Cases
virtual desktops,
medium sized single
instance databases
such as MSFT SQL
Server and Oracle DB,
low-latency
interactive apps, dev
& test, boot volumes
Boot volumes,
low-latency
interactive apps, dev
& test
Workloads that
require
sub-millisecond
latency, and
sustained IOPS
performance or more
than 64,000 IOPS or
1,000 MiB/s of
throughput
Workloads that
require sustained
IOPS performance or
more than 16,000
IOPS and
I/O-intensive
database workloads
Volume Size 1 GB – 16 TB 1 GB – 16 TB
4 GB – 16 TB
/ 64 TB for io2 block
express
4 GB – 16 TB
Durability 99.8% - 99.9%
durability
99.8% - 99.9%
durability 99.999% 99.8% - 99.9%
Max IOPS / Volume 16,000 16,000
64,000
/ 256,000 for io2
block express
64,000
Max Throughput /
Volume 1000 MB/s 250 MB/s
1,000 MB/s
/ 4,000 MiB/s for io2
block express
1,000 MB/s
Max IOPS / Instance 260,000 260,000
160,000
/ 260,000 MiB/s for
io2 block express
260,000
Max IOPS / GB N/A N/A
500 IOPS/GB
/ 1,000 IOPS/GB for
io2 block express
50 IOPS/GB
Max Throughput /
Instance 7,500 MB/s 7,500 MB/s
4,750 MB/s
/ 7,500 MB/s for io2
block express
7,500 MB/s
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://portal.tutorialsdojo.com/ 73
Latency single digit
millisecond
single digit
millisecond
single digit
millisecond
single digit
millisecond
Multi-Attach No No Yes Yes
Volume Name Throughput Optimized HDD Cold HDD
Volume type st1 sc1
Description
Low
,cost HDD volume designed for
frequently accessed,
throughput-intensive workloads
Throughput-oriented storage for data
that is infrequently accessed
Scenarios where the lowest storage
cost is important
Use Cases Big data, data warehouses, log
processing
Colder data requiring fewer scans per
day
Volume Size 125 GB – 16 TB 125 GB – 16 TB
Durability 99.8% - 99.9% durability 99.8% - 99.9% durability
Max IOPS / Volume 500 250
Max Throughput / Volume 500 MB/s 250 MB/s
Max IOPS / Instance 260,000 260,000
Max IOPS / GB N/A N/A
Max Throughput / Instance 7,500 MB/s 7,500 MB/s
Multi-Attach No No
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Encryption
● Data stored at rest on an encrypted volume, disk I/O, and snapshots created from it are all encrypted.
● Also provides encryption for data in-transit from EC2 to EBS since encryption occurs on the servers that
host EC2 instances.
● The following types of data are encrypted:
○ Data at rest inside the volume
○ All data moving between the volume and the instance
○ All snapshots created from the volume
○ All volumes created from those snapshots
https://portal.tutorialsdojo.com/ 74
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Uses AWS Key Management Service (AWS KMS) master keys when creating encrypted volumes and
any snapshots created from your encrypted volumes.
● Volumes restored from encrypted snapshots are automatically encrypted.
● EBS encryption is only available on certain instance types.
● There is no direct way to encrypt an existing unencrypted volume, or to remove encryption from an
encrypted volume. However, you can migrate data between encrypted and unencrypted volumes.
● You can now enable Amazon Elastic Block Store (EBS) Encryption by Default, ensuring that all new EBS
volumes created in your account are encrypted.
Monitoring
● Cloudwatch Monitoring two types: Basic and Detailed monitoring
● Volume status checks provide you the information that you need to determine whether your EBS
volumes are impaired, and help you control how a potentially inconsistent volume is handled. List of
statuses include:
○ Ok - normal volume
○ Warning - degraded volume
○ Impaired - stalled volume
○ Insufficient-data - insufficient data
Modifying the Size, IOPS, or Type of an EBS Volume on Linux
● If your current-generation EBS volume is attached to a current-generation EC2 instance type, you can
increase its size, change its volume type, or (for an io1 volume) adjust its IOPS performance, all without
detaching it.
● EBS currently supports a maximum volume size of 16 TiB.
● Decreasing the size of an EBS volume is not supported.
EBS Snapshots
● Back up the data on your EBS volumes to S3 by taking point-in-time snapshots.
● Snapshots are incremental backups, which means that only the blocks on the device that have changed
after your most recent snapshot are saved. This minimizes the time required to create the snapshot
and saves on storage costs by not duplicating data.
● When you delete a snapshot, only the data unique to that snapshot is removed.
● A snapshot is constrained to the Region where it was created.
● EBS snapshots broadly support EBS encryption.
● You can't delete a snapshot of the root device of an EBS volume used by a registered AMI. You must
first deregister the AMI before you can delete the snapshot.
● User-defined tags are not copied from the source snapshot to the new snapshot.
https://portal.tutorialsdojo.com/ 75
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Snapshots are constrained to the Region in which they were created. To share a snapshot with another
Region, copy the snapshot to that Region.
Amazon EBS–Optimized Instances
● Provides the best performance for your EBS volumes by minimizing contention between EBS I/O and
other traffic from your instance.
● EBS–optimized instances deliver dedicated bandwidth between 500 Mbps and 60,000 Mbps to EBS.
● For instance types that are EBS–optimized by default, there is no need to enable EBS optimization and
no effect if you disable EBS optimization.
Pricing
● You are charged by the amount you provision in GB per month until you release the storage.
● Provisioned storage for gp2 volumes, provisioned storage and provisioned IOPS for io1 volumes,
provisioned storage for st1 and sc1 volumes will be billed in per-second increments, with a 60 second
minimum.
● With Provisioned IOPS SSD (io1) volumes, you are also charged by the amount you provision in IOPS
per month.
● After you detach a volume, you are still charged for volume storage as long as the storage amount
exceeds the limit of the AWS Free Tier. You must delete a volume to avoid incurring further charges.
● Snapshot storage is based on the amount of space your data consumes in Amazon S3.
● Copying a snapshot to a new Region does incur new storage costs.
● When you enable EBS optimization for an instance that is not EBS-optimized by default, you pay an
additional low hourly fee for the dedicated capacity.
Sources:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html
https://aws.amazon.com/ebs/faqs/
https://portal.tutorialsdojo.com/ 76
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets
,- AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon EFS
A fully-managed file storage service that makes it easy to set up and scale file storage in the Amazon Cloud.
Features
● The service manages all the file storage infrastructure for you, avoiding the complexity of deploying,
patching, and maintaining complex file system configurations.
● EFS supports the Network File System version 4 protocol.
● Multiple Amazon EC2 instances can access an EFS file system at the same time, providing a common
data source for workloads and applications running on more than one instance or server.
● EFS file systems store data and metadata across multiple Availability Zones in an AWS Region.
● EFS file systems can grow to petabyte scale, drive high levels of throughput, and allow massively
parallel access from EC2 instances to your data.
● EFS provides file system access semantics, such as strong data consistency and file locking.
● EFS enables you to control access to your file systems through Portable Operating System Interface
(POSIX) permissions.
● Amazon EFS Infrequent Access (EFS IA) is a new storage class for Amazon EFS that is cost-optimized
for files that are accessed less frequently.
Monitoring File Systems
● Amazon CloudWatch Alarms
● Amazon CloudWatch Logs
● Amazon CloudWatch Events
● AWS CloudTrail Log Monitoring
● Log files on your file system
Security
● You must have valid credentials to make EFS API requests, such as create a file system.
● You must also have permissions to create or access resources.
● Specify EC2 security groups for your EC2 instances and security groups for the EFS mount targets
associated with the file system.
Pricing
● You pay only for the storage used by your file system.
● Costs related to Provisioned Throughput are determined by the throughput values you specify.
https://portal.tutorialsdojo.com/ 77
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
EFS vs EBS vs S3
● Performance Comparison
● Storage Comparison
https://portal.tutorialsdojo.com/ 78
Amazon EFS Amazon EBS Provisioned IOPS
Per-operation latency Low, consistent latency. Lowest, consistent latency.
Throughput scale Multiple GBs per second Single GB per second
Amazon EFS Amazon S3
Per-operation latency Low, consistent latency. Low, for mixed request types, and
integration with CloudFront.
Throughput scale Multiple GBs per second Multiple GBs per second
Amazon EFS Amazon EBS Provisioned IOPS
Availability and
durability
Data are stored redundantly
across multiple AZs.
Data are stored redundantly in a
single AZ.
Access Up to thousands of EC2
instances from multiple AZs can
connect concurrently to a file
system.
A single EC2 instance in a single
AZ can connect to a file system.
Use cases Big data and analytics, media
processing workflows, content
management, web serving, and
home directories.
Boot volumes, transactional and
NoSQL databases, data
warehousing, and ETL.
Amazon EFS Amazon S3
Availability and
durability
Data are stored redundantly
across multiple AZs.
Stored redundantly across
multiple AZs.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● We have more comparisons for EFS, S3, and EBS in our Comparison of AWS Services section.
Sources:
https://docs.aws.amazon.com/efs/latest/ug/
https://aws.amazon.com/efs/pricing/
https://aws.amazon.com/efs/faq/
https://aws.amazon.com/efs/features/
https://aws.amazon.com/efs/when-to-choose-efs/
https://portal.tutorialsdojo.com/ 79
Access Up to thousands of EC2
instances from multiple AZs can
connect concurrently to a file
system.
One to millions of connections
over the web.
Use cases Big data and analytics, media
processing workflows, content
management, web serving, and
home directories.
Web serving and content
management, media and
entertainment, backups, big data
analytics, data lake.
https://docs.aws.amazon.com/efs/latest/ug/
https://aws.amazon.com/efs/pricing/
https://aws.amazon.com/efs/faq/
https://aws.amazon.com/efs/features/
https://aws.amazon.com/efs/when-to-choose-efs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Storage Gateway
● The service enables hybrid storage between on-premises environments and the AWS Cloud.
● It integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud
storage services through industry standard storage protocols.
● The service stores files as native S3 objects, archives virtual tapes in Amazon Glacier, and stores EBS
Snapshots generated by the Volume Gateway with Amazon EBS.
● Storage Solutions
○ File Gateway - supports a file interface into S3 and combines a service and a virtual software
appliance.
■ The software appliance, or gateway, is deployed into your on-premises environment as a
virtual machine running on VMware ESXi or Microsoft Hyper-V hypervisor.
■ File gateway supports
● S3 Standard
● S3 Standard - Infrequent Access
● S3 One Zone - IA
■ With a file gateway, you can do the following:
● You can store and retrieve files directly using the NFS version 3 or 4.1 protocol.
● You can store and retrieve files directly using the SMB file system version, 2 and
3 protocol.
● You can access your data directly in S3 from any AWS Cloud application or
service.
○ Volume Gateway - provides cloud-backed storage volumes that you can mount as iSCSI devices
from your on-premises application servers.
■ Cached volumes – you store your data in S3
,and retain a copy of frequently accessed
data subsets locally.
■ Stored volumes – if you need low-latency access to your entire dataset, first configure
your on-premises gateway to store all your data locally. Then asynchronously back up
point-in-time snapshots of this data to S3.
○ Tape Gateway - archive backup data in Amazon Glacier.
■ Has a virtual tape library (VTL) interface to store data on virtual tape cartridges that you
create.
■ Deploy your gateway on an EC2 instance to provision iSCSI storage volumes in AWS.
■ The AWS Storage Gateway service integrates Tape Gateway with Amazon S3 Glacier
Deep Archive storage class, allowing you to store virtual tapes in the lowest-cost
Amazon S3 storage class.
■ Tape Gateway also has the capability to move your virtual tapes archived in Amazon S3
Glacier to Amazon S3 Glacier Deep Archive storage class, enabling you to further reduce
the monthly cost to store long-term data in the cloud by up to 75%.
https://portal.tutorialsdojo.com/ 80
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Security
● After your file gateway is activated and running, you can add additional file shares and grant access to
S3 buckets.
● You can use AWS KMS to encrypt data written to a virtual tape.
● Authentication and access control with IAM.
Pricing
● You are charged based on the type and amount of storage you use, the requests you make, and the
amount of data transferred out of AWS.
● You are charged only for the amount of data you write to the Tape Gateway tape, not the tape capacity.
Sources:
https://docs.aws.amazon.com/storagegateway/latest/userguide/
https://aws.amazon.com/storagegateway/features/
https://aws.amazon.com/storagegateway/pricing/
https://aws.amazon.com/storagegateway/faqs/
https://portal.tutorialsdojo.com/ 81
https://docs.aws.amazon.com/storagegateway/latest/userguide/
https://aws.amazon.com/storagegateway/features/
https://aws.amazon.com/storagegateway/pricing/
https://aws.amazon.com/storagegateway/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
DATABASE
AWS offers purpose-built databases for all your application needs. Whether you need a Relational, Key-Value,
In-memory, or any other type of data store, AWS would most likely have a database service that you can use.
Relational databases store data with predefined schemas and “relationships” between the tables, hence the
“Relational” name. It is designed to support ACID (Atomicity, Consistency, Isolation, Durability) transactions
with strong data consistency to maintain referential integrity. Key-value databases are suitable for storing and
retrieving large volumes of data. It delivers quick response times even in large volumes of concurrent requests.
In-memory databases are primarily used for applications that require real-time access to data. It is capable of
delivering data to applications in microseconds and not just in milliseconds since the data are directly stored in
memory and not on disk. Aside from this, AWS also offers Document, Time Series, Ledger, and many other
database types.
https://portal.tutorialsdojo.com/ 82
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Aurora
● A fully managed relational database engine that's compatible with MySQL and PostgreSQL .
● Aurora includes a high-performance storage subsystem. The underlying storage grows automatically as
needed, up to 128 terabytes.
● Aurora will keep your database up-to-date with the latest patches.
● Aurora is fault-tolerant and self-healing.
● Storage and Reliability
○ Aurora data is stored in the cluster volume, which is designed for reliability. A cluster volume
consists of copies of the data across multiple Availability Zones in a single AWS Region.
○ Aurora automatically detects failures in the disk volumes that make up the cluster volume.
When a segment of a disk volume fails, Aurora immediately repairs the segment. When Aurora
repairs the disk segment, it uses the data in the other volumes that make up the cluster volume
to ensure that the data in the repaired segment is current.
○ Aurora is designed to recover from a crash almost instantaneously and continue to serve your
application data without the binary log. Aurora performs crash recovery asynchronously on
parallel threads, so that your database is open and available immediately after a crash.
● High Availability and Fault Tolerance
○ When you create Aurora Replicas across Availability Zones, RDS automatically provisions and
maintains them synchronously.
○ An Aurora DB cluster is fault tolerant by design. If the primary instance in a DB cluster fails,
Aurora automatically fails over to a new primary instance in one of two ways:
■ By promoting an existing Aurora Replica to the new primary instance
■ By creating a new primary instance
○ Aurora storage is also self-healing. Data blocks and disks are continuously scanned for errors
and repaired automatically.
○ Aurora backs up your cluster volume automatically and retains restore data for the length of the
backup retention period, from 1 to 35 days.
○ Aurora automatically maintains 6 copies of your data across 3 Availability Zones and will
automatically attempt to recover your database in a healthy AZ with no data loss.
○ Aurora has a Backtrack feature that rewinds or restores the DB cluster to the time you specify.
However, take note that the Amazon Aurora Backtrack feature is not a total replacement for fully
backing up your DB cluster
,since the limit for a backtrack window is only 72 hours.
● Tags
○ You can use Amazon RDS tags to add metadata to your RDS resources.
○ Tags can be used with IAM policies to manage access and to control what actions can be
applied to the RDS resources.
○ Tags can be used to track costs by grouping expenses for similarly tagged resources.
● Monitoring
https://portal.tutorialsdojo.com/ 83
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Subscribe to Amazon RDS events to be notified when changes occur with a DB instance, DB
cluster, DB cluster snapshot, DB parameter group, or DB security group.
○ Database log files
○ Use CloudWatch Metrics, Alarms and Logs
● Security
○ Use IAM to control access.
○ To control which devices and EC2 instances can open connections to the endpoint and port of
the DB instance for Aurora DB clusters in a VPC, you use a VPC security group.
○ You can make endpoint and port connections using Transport Layer Security (TLS) / Secure
Sockets Layer (SSL). In addition, firewall rules can control whether devices running at your
company can open connections to a DB instance.
○ Use RDS encryption to secure your RDS instances and snapshots at rest.
● Pricing
○ You are charged for DB instance hours, I/O requests, Backup storage and Data transfer.
○ You can purchase On-Demand Instances and pay by the hour for the DB instance hours that you
use, or Reserved Instances to reserve a DB instance for a one-year or three-year term and
receive a significant discount compared to the on-demand DB instance pricing.
Sources:
https://portal.tutorialsdojo.com/ 84
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/
https://aws.amazon.com/rds/aurora/serverless/
https://aws.amazon.com/rds/aurora/pricing/
https://aws.amazon.com/rds/aurora/faqs/
https://portal.tutorialsdojo.com/ 85
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/
https://aws.amazon.com/rds/aurora/serverless/
https://aws.amazon.com/rds/aurora/pricing/
https://aws.amazon.com/rds/aurora/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Relational Database Service (RDS)
● Industry-standard relational database
● RDS manages backups, software patching, automatic failure detection, and recovery.
● You can have automated backups performed when you need them, or manually create your own backup
snapshot. You can use these backups to restore a database.
● Supports Aurora , MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server .
● Basic building block of RDS is the DB instance , which is an isolated database environment in the cloud.
● You can have up to 40 Amazon RDS DB instances.
● Each DB instance runs a DB engine .
● You can run your DB instance in several AZs, an option called a Multi-AZ deployment . Amazon
automatically provisions and maintains a secondary standby DB instance in a different AZ. Your
primary DB instance is synchronously replicated across AZs to the secondary instance to provide data
redundancy, failover support, eliminate I/O freezes, and minimize latency spikes during system
backups.
● DB Instance:
● Endpoint: rds.
● Storage
○ Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server use
Amazon EBS volumes for database and log storage.
○ Storage types :
General Purpose SSD (gp2)
■ MySQL, MariaDB, Oracle, and PostgreSQL DB instances: 20 GiB–64 TiB
storage size
■ SQL Server for Enterprise, Standard, Web, and Express editions: 20
GiB–16 TiB storage size
Provisioned IOPS SSD (io1)
https://portal.tutorialsdojo.com/ 86
Database Engine Range of Provisioned IOPS Range of Storage
MariaDB 1,000–80,000 100 GiB–64 TiB
SQL Server, Enterprise and Standard
editions
1000–32,000 or 64,000 for
Nitro-based m5 instance types
20 GiB–16 TiB
SQL Server, Web and Express
editions
1000–32,000 or 64,000 for
Nitro-based m5 instance types
100 GiB–16 TiB
MySQL 1,000–80,000 100 GiB–64 TiB
Oracle 1,000–80,000 100 GiB–64 TiB
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
■ For production OLTP use cases, use Multi-AZ deployments for enhanced
fault tolerance with Provisioned IOPS storage for fast and predictable
performance.
■ Magnetic
■ Doesn't allow you to scale storage when using the SQL Server
database engine.
■ Doesn't support elastic volumes.
■ Limited to a maximum size of 3 TiB.
■ Limited to a maximum of 1,000 IOPS.
Security
● Security Groups
○ DB Security Groups - controls access to a DB instance that is not in a VPC. By default, network
access is turned off to a DB instance. This SG is for the EC2-Classic platform.
○ VPC Security Groups - controls access to a DB instance inside a VPC. This SG is for the
EC2-VPC platform.
○ EC2 Security Groups - controls access to an EC2 instance and can be used with a DB instance.
● Practices
○ Assign an individual IAM account to each person who manages RDS resources. Do not use AWS
root credentials to manage RDS resources.
○ Grant each user the minimum set of permissions required to perform his or her duties.
○ Use IAM groups to effectively manage permissions for multiple users.
○ Rotate your IAM credentials regularly.
○ Use security groups to control what IP
,addresses or Amazon EC2 instances can connect to your
databases on a DB instance.
○ Run your DB instance in an Amazon Virtual Private Cloud ( VPC ) for the greatest possible
network access control.
○ Use Secure Socket Layer (SSL) connections with DB instances running the MySQL, MariaDB,
PostgreSQL, Oracle, or Microsoft SQL Server database engines.
○ Use RDS encryption to secure your RDS instances and snapshots at rest.
○ Use the security features of your DB engine to control who can log in to the databases on a DB
instance.
● Encryption
○ At rest and in-transit.
○ Manage keys used for encrypted DB instances using the AWS KMS. KMS encryption keys are
specific to the region that they are created in.
https://portal.tutorialsdojo.com/ 87
PostgreSQL 1,000–80,000 100 GiB–64 TiB
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ RDS encryption is currently available for all database engines and storage types. RDS encryption
is available for most DB instance classes.
○ You can't restore an unencrypted backup or snapshot to an encrypted DB instance.
○ You can use SSL from your application to encrypt a connection to a DB instance running MySQL,
MariaDB, SQL Server, Oracle, or PostgreSQL.
● Amazon RDS supports the following scenarios for accessing a DB instance in a VPC:
Tagging
● An RDS tag is a name-value pair that you define and associate with an RDS resource. The name is
referred to as the key. Supplying a value for the key is optional.
● All Amazon RDS resources can be tagged.
● Use tags to organize your AWS bill to reflect your own cost structure.
● A tag set can contain as many as 50 tags, or it can be empty.
High Availability using Multi-AZ
● Multi-AZ deployments for Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon's
failover technology . SQL Server DB instances use SQL Server Mirroring .
● Amazon RDS for SQL Server offers Always On Availability Groups for the Multi-AZ configuration in all
AWS Regions. This is available for both Standard and Enterprise editions.
● You can modify a DB instance in a Single-AZ deployment to a Multi-AZ deployment.
● The primary DB instance switches over automatically to the standby replica if any of the following
conditions occur:
○ An Availability Zone outage
https://portal.tutorialsdojo.com/ 88
DB Instance Accessed By
In a VPC An EC2 Instance in the Same VPC
An EC2 Instance in a Different VPC
An EC2 Instance Not in a VPC
A Client Application Through the Internet
Not in a VPC An EC2 Instance in a VPC
An EC2 Instance Not in a VPC
A Client Application Through the Internet
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ The primary DB instance fails
○ The DB instance's server type is changed
○ The operating system of the DB instance is undergoing software patching
○ A manual failover of the DB instance was initiated using Reboot with failover
Read Replicas
● Updates made to the source DB instance are asynchronously copied to the Read Replica.
● You can reduce the load on your source DB instance by routing read queries from your applications to
the Read Replica.
https://portal.tutorialsdojo.com/ 89
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Multi-AZ Deployments vs Read Replicas
Backups and Restores
https://portal.tutorialsdojo.com/ 90
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Your DB instance must be in the ACTIVE state for automated backups to occur .
● The first snapshot of a DB instance contains the data for the full DB instance. Subsequent snapshots of
the same DB instance are incremental.
Monitoring
● Amazon CloudWatch
● RDS Events
○ An Amazon RDS event is created when the reboot is completed.
○ Be notified when changes occur with a DB instance, DB snapshot, DB parameter group, or DB
security group.
○ Uses the Amazon Simple Notification Service (SNS) to provide notification when an Amazon
RDS event occurs.
● Database log files
● CloudWatch gathers metrics about CPU utilization from the hypervisor for a DB instance, and
Enhanced Monitoring gathers its metrics from an agent on the instance.
● Instance Status - indicates the health of the instance.
● CloudTrail captures all API calls for RDS as events.
Pricing
● With Amazon RDS, you pay only for the RDS instances that are active.
● The data transferred for cross-region replication incurs RDS data transfer charges.
● Instances are billed for DB instance hours (per second), Storage (per GiB per month), I/O requests (per
1 million requests per month), Provisioned IOPS (per IOPS per month), Backup storage (per GiB per
month), and Data transfer (per GB).
○ Amazon RDS is billed in one-second increments for database instances and attached storage.
Pricing is still listed on a per-hour basis, but bills are now calculated down to the second and
show usage in decimal form. There is a 10 minute minimum charge when an instance is
created, restored or started.
● RDS purchasing options:
○ On-Demand Instances – Pay by the hour for the DB instance hours that you use.
○ Reserved Instances – Reserve a DB instance for a one-year or three-year term and receive
,a
significant discount compared to the on-demand DB instance pricing.
● Amazon RDS is now billed in one-second increments for database instances and attached storage.
Pricing is still listed on a per-hour basis, but bills are now calculated down to the second and show
usage in decimal form. There is a 10 minute minimum charge when an instance is created, restored or
started.
https://portal.tutorialsdojo.com/ 91
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Sources:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/
https://aws.amazon.com/rds/features/
https://aws.amazon.com/rds/pricing/
https://aws.amazon.com/rds/faqs/
https://portal.tutorialsdojo.com/ 92
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/
https://aws.amazon.com/rds/pricing/
https://aws.amazon.com/rds/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon DynamoDB
● NoSQL database service that provides fast and predictable performance with seamless scalability.
● Offers encryption at rest.
● You can create database tables that can store and retrieve any amount of data, and serve any level of
request traffic.
● You can scale up or scale down your tables' throughput capacity without downtime or performance
degradation, and use the AWS Management Console to monitor resource utilization and performance
metrics.
● Provides on-demand backup capability as well as enable point-in-time recovery for your DynamoDB
tables.
● All of your data is stored in partitions, backed by solid state disks (SSDs) and automatically replicated
across multiple AZs in an AWS region, providing built-in high availability and data durability.
● Transactions provide atomicity, consistency, isolation, and durability (ACID) in DynamoDB, helping you
to maintain data correctness in your applications.
Tagging
● Tags can help you:
○ Quickly identify a resource based on the tags you've assigned to it.
○ See AWS bills broken down by tags.
● Maximum number of tags per resource: 50
On-Demand Backup and Restore
● You can use IAM to restrict DynamoDB backup and restore actions for some resources.
● All backup and restore actions are captured and recorded in AWS CloudTrail.
● Backups
○ Each time you create an on-demand backup, the entire table data is backed up.
○ All backups and restores in DynamoDB work without consuming any provisioned throughput on
the table.
○ DynamoDB backups do not guarantee causal consistency across items; however, the skew
between updates in a backup is usually much less than a second.
○ You can restore backups as new DynamoDB tables in other regions.
● Restore
○ You cannot overwrite an existing table during a restore operation.
○ You restore backups to a new table.
○ For tables with even data distribution across your primary keys, the restore time is proportional
to the largest single partition by item count and not the overall table size.
○ If your source table contains data with significant skew, the time to restore may increase.
https://portal.tutorialsdojo.com/ 93
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Security
● Encryption
○ Encrypts your data at rest using an AWS Key Management Service (AWS KMS) managed
encryption key for DynamoDB.
○ Encryption at rest can be enabled only when you are creating a new DynamoDB table.
○ After encryption at rest is enabled, it can't be disabled.
○ Uses AES-256 encryption.
○ Authentication and Access Control
■ Access to DynamoDB requires credentials.
■ Aside from valid credentials, you also need to have permissions to create or access
DynamoDB resources.
■ Types of Identities
■ AWS account root user
■ IAM user
■ IAM role
Monitoring
● Automated tools:
○ Amazon CloudWatch Alarms – Watch a single metric over a time period that you specify, and
perform one or more actions based on the value of the metric relative to a given threshold over
a number of time periods.
○ Amazon CloudWatch Logs – Monitor, store, and access your log files from AWS CloudTrail or
other sources.
○ Amazon CloudWatch Events – Match events and route them to one or more target functions or
streams to make changes, capture state information, and take corrective action.
○ AWS CloudTrail Log Monitoring – Share log files between accounts, monitor CloudTrail log files
in real time by sending them to CloudWatch Logs, write log processing applications in Java, and
validate that your log files have not changed after delivery by CloudTrail.
● Using the information collected by CloudTrail, you can determine the request that was made to
DynamoDB, the IP address from which the request was made, who made the request, when it was
made, and additional details.
Best Practices
● Know the Differences Between Relational Data Design and NoSQL
https://portal.tutorialsdojo.com/ 94
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://portal.tutorialsdojo.com/ 95
Relational database systems (RDBMS) NoSQL database
In RDBMS, data can be queried flexibly, but
queries are relatively expensive and don't scale
well in high-traffic situations.
In a NoSQL database such as DynamoDB, data can be
queried
,efficiently in a limited number of ways, outside
of which queries can be expensive and slow.
In RDBMS, you design for flexibility without
worrying about implementation details or
performance. Query optimization generally
doesn't affect schema design, but normalization
is very important.
In DynamoDB, you design your schema specifically to
make the most common and important queries as
fast and as inexpensive as possible. Your data
structures are tailored to the specific requirements of
your business use cases.
For an RDBMS, you can go ahead and create a
normalized data model without thinking about
access patterns. You can then extend it later
when new questions and query requirements
arise. You can organize each type of data into its
own table.
For DynamoDB, by contrast, you shouldn't start
designing your schema until you know the questions it
will need to answer. Understanding the business
problems and the application use cases up front is
essential.
You should maintain as few tables as possible in a
DynamoDB application. Most well designed
applications require only one table.
It is important to understand three fundamental
properties of your application's access patterns:
1. Data size: Knowing how much data will be
stored and requested at one time will help
determine the most effective way to partition
the data.
2. Data shape: Instead of reshaping data when a
query is processed, a NoSQL database
organizes data so that its shape in the
database corresponds with what will be
queried.
3. Data velocity: DynamoDB scales by increasing
the number of physical partitions that are
available to process queries, and by efficiently
distributing data across those partitions.
Knowing in advance what the peak query loads
might be helps determine how to partition data
to best use I/O capacity.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Pricing
● DynamoDB charges per GB of disk space that your table consumes. The first 25 GB consumed per
month is free.
● DynamoDB charges for Provisioned Throughput ---- WCU and RCU, Reserved Capacity and Data Transfer
Out.
● You should round up to the nearest KB when estimating how many capacity units to provision.
● There are additional charges for DAX, Global Tables, On-demand Backups (per GB), Continuous
backups and point-in-time recovery (per GB), Table Restorations (per GB), and Streams (read request
units).
Sources:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html?shortFooter=true
https://aws.amazon.com/dynamodb/faqs/
https://portal.tutorialsdojo.com/ 96
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html?shortFooter=true
https://aws.amazon.com/dynamodb/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Elasticache
● ElastiCache is a distributed in-memory cache environment in the AWS Cloud.
● ElastiCache works with both the Redis and Memcached engines.
● Elasticache can be used for storing session state.
● Redis VS Memcached
○ Memcached is designed for simplicity while Redis offers a rich set of features that make it
effective for a wide range of use cases.
https://portal.tutorialsdojo.com/ 97
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Pricing
https://portal.tutorialsdojo.com/ 98
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ With on-demand nodes you pay only for the resources you consume by the hour without any
long-term commitments.
○ With Reserved Nodes, you can make a low, one-time, up-front payment for each node you wish
to reserve for a 1 or 3 year term. In return, you receive a significant discount off the ongoing
hourly usage rate for the Node(s) you reserve.
○ ElastiCache provides storage space for one snapshot free of charge for each active ElastiCache
for Redis cluster. Additional backup storage is charged.
○ EC2 Regional Data Transfer charges apply when transferring data between an EC2 instance and
an ElastiCache Node in different Availability Zones of the same Region.
Sources:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/
https://aws.amazon.com/elasticache/redis-details/
https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/
https://aws.amazon.com/elasticache/redis-vs-memcached/
https://aws.amazon.com/elasticache/features/
https://aws.amazon.com/elasticache/pricing/
https://portal.tutorialsdojo.com/ 99
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/
https://aws.amazon.com/elasticache/redis-details/
https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/
https://aws.amazon.com/elasticache/redis-vs-memcached/
https://aws.amazon.com/elasticache/features/
https://aws.amazon.com/elasticache/pricing/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Redshift
● A fully managed, petabyte-scale data warehouse service.
● Redshift extends data warehouse queries to your data lake. You can run analytic queries against
petabytes of data stored locally in Redshift, and directly against exabytes of data stored in S3.
● RedShift is an OLAP type of DB.
● Currently, Redshift only supports Single-AZ deployments.
● Features
○ Redshift uses columnar storage , data compression, and zone maps to reduce the amount
,with digital badges on your email signatures, Linkedin profile, or on your social media accounts. You
can also show your Digital Badge to gain exclusive access to Certification Lounges at AWS re:Invent,
regional Appreciation Receptions, and select AWS Summit events. To view your badges, simply go to
the “Digital Badges” section of your AWS Certification Account.
You can visit the official AWS Certification FAQ page to view the frequently asked questions about getting AWS
Certified and other information about the AWS Certification: https://aws.amazon.com/certification/faqs/ .
https://portal.tutorialsdojo.com/ 7
https://aws.amazon.com/certification/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CERTIFIED CLOUD PRACTITIONER EXAM STUDY GUIDE
The AWS Certified Cloud Practitioner exam or AWS CCP is the easiest to achieve among all the AWS
certification exams. This certification covers most, if not all, fundamental knowledge that one should know
when venturing into the Cloud. The AWS CCP course intends to provide practitioners a fundamental
understanding of the AWS Cloud without having to dive deep into the technicalities. This includes the AWS
Global Infrastructure, best practices in using AWS Cloud, pricing models, technical support options, and many
more. You can view the complete details and guidelines for the certification exam here.
What to review
1. The AWS Cloud Services
Currently, AWS offers more than 160+ services and products to their customers. And every year, the list grows
longer. You don’t have to memorize every single service and function to pass the exam (although that would be
amazing if you did!). What’s important is that you familiarize yourself with the more commonly used services
such as those under compute , storage , databases , security , networking and content delivery, management
and governance, and a few others . To quickly view over the different categories, you may visit this link .
To help you get started with the familiarization, this AWS whitepaper contains an overview of the different AWS
services along with their definitions and use cases. It is also important to know what cloud computing
introduces into the industry, and how the AWS Global Infrastructure is set up to help you maximize the
capabilities of cloud computing. Aside from questions on the different services, questions about Regions and
Availability Zones commonly pop up in the exam as well.
2. Best Practices when Architecting for the Cloud
This section is highly important and might comprise the bulk of your CCP exam. Focus on reading the contents
of this AWS Well-Architected Framework whitepaper . The best practices are essentially the ways you can take
advantage of AWS Cloud’s strengths. This paper elaborates on the different pillars that make up a
well-architected system. Reading through the design principles and core services of each pillar will help you
connect the dots between the best practices and AWS services. Lastly, you can visit this site to gather more
information and view additional content for your review of this section.
3. Security in the Cloud
Security in the AWS Cloud is another major part of your CCP Exam. AWS has defined the security controls that
they manage and the security controls that you manage through the Shared Responsibility Model below.
https://portal.tutorialsdojo.com/ 8
https://aws.amazon.com/certification/certified-cloud-practitioner/
https://aws.amazon.com/certification/certified-cloud-practitioner/
https://aws.amazon.com/products/
https://aws.amazon.com/products/
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
https://aws.amazon.com/architecture/well-architected/
https://aws.amazon.com/architecture/well-architected/
https://aws.amazon.com/compliance/shared-responsibility-model/
https://aws.amazon.com/compliance/shared-responsibility-model/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
The primary resource that you should be studying for this section is this whitepaper . The AWS Security Best
Practices whitepaper discusses the many ways you can secure your applications and services. I suggest you
thoroughly review the following:
1) Data encryption at rest and in transit (EBS, S3, EC2, RDS, etc)
2) Identity and Access Management (IAM)
3) VPC and Application Network Security (security groups, ACLs, etc)
4) Monitoring and Logging of your Infrastructure (Cloudwatch, cloudtrail, etc)
5) AWS Compliance Programs
4. AWS Pricing Model
One of the advantages of using Cloud is having on-demand capacity provisioning. Therefore, it is also crucial
for you to understand the provider’s pricing model. AWS charges you in multiple ways. There is no exact model
that applies to all, since different AWS services have their own cost plans. However, AWS has three
fundamental drivers of cost that usually apply to any kind of service. They are:
i. Compute cost
ii. Storage cost
iii. Outbound data transfer cost
Aside from on-demand capacity provisioning, AWS also offers you multiple ways to lower your total cost, such
as the option to reserve capacity or create a savings plan.
https://portal.tutorialsdojo.com/ 9
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and
,of I/O
needed to perform queries.
○ It uses a massively parallel processing data warehouse architecture to parallelize and distribute
SQL operations.
○ Redshift uses machine learning to deliver high throughput based on your workloads.
○ Redshift uses result caching to deliver sub-second response times for repeat queries.
○ Redshift automatically and continuously backs up your data to S3. It can asynchronously
replicate your snapshots to S3 in another region for disaster recovery.
● Security
○ By default, an Amazon Redshift cluster is only accessible to the AWS account that creates the
cluster.
○ Use IAM to create user accounts and manage permissions for those accounts to control cluster
operations.
○ If you are using the EC2-Classic platform for your Redshift cluster, you must use Redshift
security groups.
○ If you are using the EC2-VPC platform for your Redshift cluster, you must use VPC security
groups.
○ When you provision the cluster, you can optionally choose to encrypt the cluster for additional
security. Encryption is an immutable property of the cluster.
○ Snapshots created from the encrypted cluster are also encrypted.
● Pricing
○ You pay a per-second billing rate based on the type and number of nodes in your cluster.
○ You pay for the number of bytes scanned by RedShift Spectrum
○ You can reserve instances by committing to using Redshift for a 1 or 3 year term and save
costs.
Sources:
https://docs.aws.amazon.com/redshift/latest/mgmt/
https://aws.amazon.com/redshift/features/
https://aws.amazon.com/redshift/pricing/
https://aws.amazon.com/redshift/faqs/
https://portal.tutorialsdojo.com/ 100
https://docs.aws.amazon.com/redshift/latest/mgmt/
https://aws.amazon.com/redshift/features/
https://aws.amazon.com/redshift/pricing/
https://aws.amazon.com/redshift/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
NETWORKING AND CONTENT DELIVERY
Amazon API Gateway
● Enables developers to create, publish, maintain, monitor, and secure APIs at any scale.
● Allows creating, deploying, and managing a RESTful API to expose backend HTTP endpoints, Lambda
functions, or other AWS services.
● Together with Lambda, API Gateway forms the app-facing part of the AWS serverless infrastructure.
● Features
○ API Gateway can execute Lambda code in your account, start Step Functions state machines, or
make calls to Elastic Beanstalk, EC2, or web services outside of AWS with publicly accessible
HTTP endpoints.
○ API Gateway helps you define plans that meter and restrict third-party developer access to your
APIs.
○ API Gateway helps you manage traffic to your backend systems by allowing you to set throttling
rules based on the number of requests per second for each HTTP method in your APIs.
○ You can set up a cache with customizable keys and time-to-live in seconds for your API data to
avoid hitting your backend services for each request.
○ API Gateway lets you run multiple versions of the same API simultaneously with API Lifecycle .
○ After you build, test, and deploy your APIs, you can package them in an API Gateway usage plan
and sell the plan as a Software as a Service (SaaS) product through AWS Marketplace.
○ API Gateway offers the ability to create, update, and delete documentation associated with each
portion of your API, such as methods and resources.
○ Amazon API Gateway offers general availability of HTTP APIs, which gives you the ability to
route requests to private ELBs AWS AppConfig, Amazon EventBridge, Amazon Kinesis Data
Streams, Amazon SQS, AWS Step Functions and IP-based services registered in AWS CloudMap
such as ECS tasks. Previously, HTTP APIs enabled customers to only build APIs for their
serverless applications or to proxy requests to HTTP endpoints.
○ You can create data mapping definitions from an HTTP API’s method request data (e.g. path
parameters, query string, and headers) to the corresponding integration request parameters and
from the integration response data (e.g. headers) to the HTTP API method response
parameters.
○ Use wildcard custom domain names (*.example.com) to create multiple URLs that route to one
API Gateway HTTP API.
○ You can configure your custom domain name to route requests to different APIs. Using
multi-level base path mappings, you can implement path-based API versioning and migrate API
traffic between APIs according to request paths with many segments.
● All of the APIs created expose HTTPS endpoints only . API Gateway does not support unencrypted
(HTTP) endpoints.
● Monitoring
https://portal.tutorialsdojo.com/ 101
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ API Gateway console is integrated with CloudWatch, so you get backend performance metrics
such as API calls, latency, and error rates.
○ You can set up custom alarms on API Gateway APIs.
○ API Gateway can also log API execution errors to CloudWatch Logs.
● Pricing
○ You pay only for the API calls you receive and the amount of data transferred out.
○ API Gateway also provides optional data caching charged at an hourly rate that varies based on
the cache size you select.
Sources:
https://docs.aws.amazon.com/apigateway/latest/developerguide/
https://aws.amazon.com/api-gateway/features/
https://aws.amazon.com/api-gateway/pricing/
https://aws.amazon.com/api-gateway/faqs /
https://portal.tutorialsdojo.com/ 102
https://tutorialsdojo.com/aws-cheat-sheet-aws-global-infrastructure/
https://aws.amazon.com/api-gateway/features/
https://aws.amazon.com/api-gateway/pricing/
https://aws.amazon.com/api-gateway/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and
,Adrian Formaran
Amazon CloudFront
● A web service that speeds up distribution of your static and dynamic web content to your users. A
Content Delivery Network (CDN) service.
● It delivers your content through a worldwide network of data centers called edge locations . When a
user requests content that you're serving with CloudFront, the user is routed to the edge location that
provides the lowest latency, so that content is delivered with the best possible performance.
○ If the content is already in the edge location with the lowest latency, CloudFront delivers it
immediately.
○ If the content is not in that edge location, CloudFront retrieves it from an origin that you've
defined
● CloudFront also has regional edge caches that bring more of your content closer to your viewers, even
when the content is not popular enough to stay at a CloudFront edge location, to help improve
performance for that content.
● Different CloudFront Origins
○ Using S3 buckets for your origin - you place any objects that you want CloudFront to deliver in
an S3 bucket.
○ Using S3 buckets configured as website endpoints for your origin
○ Using a mediastore container or a media package channel for your origin - you can set up an
S3 bucket that is configured as a MediaStore container, or create a channel and endpoints with
MediaPackage. Then you create and configure a distribution in CloudFront to stream the video.
○ Using EC2 or other custom origins - A custom origin is an HTTP server, for example, a web
server.
○ Using CloudFront Origin Groups for origin failover - use origin failover to designate a primary
origin for CloudFront plus a second origin that CloudFront automatically switches to when the
primary origin returns specific HTTP status code failure responses.
● CloudFront Distributions
○ You create a CloudFront distribution to tell CloudFront where you want content to be delivered
from, and the details about how to track and manage content delivery.
○ You create a distribution and choose the configuration settings you want:
■ Your content origin—that is, the Amazon S3 bucket, MediaPackage channel, or HTTP
server from which CloudFront gets the files to distribute. You can specify any
combination of up to 25 S3 buckets, channels, and/or HTTP servers as your origins.
■ Access—whether you want the files to be available to everyone or restrict access to
some users.
■ Security—whether you want CloudFront to require users to use HTTPS to access your
content.
● Price Class
https://portal.tutorialsdojo.com/ 103
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Choose the price class that corresponds with the maximum price that you want to pay for
CloudFront service. By default, CloudFront serves your objects from edge locations in all
CloudFront regions.
● Monitoring
○ CloudFront integrates with Amazon CloudWatch metrics so that you can monitor your website
or application.
○ Capture API requests with AWS CloudTrail. CloudFront is a global service. To view CloudFront
requests in CloudTrail logs, you must update an existing trail to include global services.
● Pricing
○ Charge for storage in an S3 bucket.
○ Charge for serving objects from edge locations.
○ Charge for submitting data to your origin.
■ Data Transfer Out
■ HTTP/HTTPS Requests
■ Invalidation Requests,
■ Dedicated IP Custom SSL certificates associated with a CloudFront distribution.
○ You also incur a surcharge for HTTPS requests, and an additional surcharge for requests that
also have field-level encryption enabled.
Sources:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide
https://aws.amazon.com/cloudfront/features/
https://aws.amazon.com/cloudfront/pricing/
https://aws.amazon.com/cloudfront/faqs/
https://portal.tutorialsdojo.com/ 104
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide
https://aws.amazon.com/cloudfront/features/
https://aws.amazon.com/cloudfront/pricing/
https://aws.amazon.com/cloudfront/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Elastic Load Balancing
● Distributes incoming application or network traffic across multiple targets, such as EC2 instances ,
containers (ECS) , Lambda functions, and IP addresses , in multiple Availability Zones.
General features
● Accepts incoming traffic from clients and routes requests to its registered targets.
● Monitors the health of its registered targets and routes traffic only to healthy targets.
● Enable deletion protection to prevent your load balancer from being deleted accidentally. Disabled by
default.
● Deleting ELB won’t delete the instances registered to it.
● Cross Zone Load Balancing - when enabled, each load balancer node distributes traffic across the
registered targets in all enabled AZs.
● Supports SSL Offloading which is a feature that allows the ELB to bypass the SSL termination by
removing the SSL-based encryption from the incoming traffic.
Types of Load Balancers
● Application Load Balancer
○ Functions at the application layer, the seventh layer of the Open Systems Interconnection (OSI)
model.
○ Allows HTTP and HTTPS.
○ At least 2 subnets must be specified when creating this type of load balancer.
○ Monitoring:
■ CloudWatch metrics - retrieve statistics about data points for your load balancers and
targets as an ordered set of time-series data, known as metrics .
■ Access logs - capture detailed information about the requests made to your load
balancer and store them as log files in S3.
■ CloudTrail logs - capture detailed information about the calls made to the Elastic Load
Balancing API and store them as log files in S3.
● Network Load Balancer
○ Functions at the fourth layer of the Open Systems Interconnection
,(OSI) model. Uses TCP and
UDP connections.
○ At least 1 subnet must be specified when creating this type of load balancer, but the
recommended number is 2.
○ Monitoring:
■ CloudWatch metrics - retrieve statistics about data points for your load balancers and
targets as an ordered set of time-series data, known as metrics .
■ VPC Flow Logs - capture detailed information about the traffic going to and from your
Network Load Balancer.
https://portal.tutorialsdojo.com/ 105
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
■ CloudTrail logs - capture detailed information about the calls made to the Elastic Load
Balancing API and store them as log files in Amazon S3.
● Gateway Load Balancer
○ Enables you to deploy, scale, and manage virtual appliances, such as firewalls, intrusion
detection and prevention systems, and deep packet inspection systems.
○ Operates at the third layer of the Open Systems Interconnection (OSI) model, the network layer.
It listens for all IP packets across all ports and forwards traffic to the target group that's
specified in the listener rule.
○ Gateway Load Balancers use Gateway Load Balancer endpoints to securely exchange traffic
across VPC boundaries. A Gateway Load Balancer endpoint is a VPC endpoint that provides
private connectivity between virtual appliances in the service provider VPC and application
servers in the service consumer VPC.
○ Traffic to and from a Gateway Load Balancer endpoint is configured using route tables.
● Classic Load Balancer
○ Distributes incoming application traffic across multiple EC2 instances in multiple Availability
Zones.
○ For use with EC2 classic only. Register instances with the load balancer. AWS recommends
using Application or Network load balancers instead.
○ An Internet-facing load balancer has a publicly resolvable DNS name, so it can route requests
from clients over the Internet to the EC2 instances that are registered with the load balancer.
Classic load balancers are always Internet-facing.
○ Monitoring:
■ CloudWatch metrics - retrieve statistics about ELB-published data points as an ordered
set of time-series data, known as metrics .
■ Access logs - capture detailed information for requests made to your load balancer and
store them as log files in the S3 bucket that you specify.
■ CloudTrail logs - keep track of the calls made to the Elastic Load Balancing API by or on
behalf of your AWS account.
Security, Authentication and Access Control
● Use IAM Policies to grant permissions
● Resource-level permissions
● Security groups that control the traffic allowed to and from your load balancer.
Recommended rules for internet-facing load balancer:
https://portal.tutorialsdojo.com/ 106
Inbound
Source Port Range
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
For internal load balancer:
Summary of Features
https://portal.tutorialsdojo.com/ 107
0.0.0.0/0 listener
Outbound
Destination Port Range
instance security group instance listener
instance security group health check
Inbound
Source Port Range
VPC CIDR listener
Outbound
Destination Port Range
instance security group instance listener
instance security group health check
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://portal.tutorialsdojo.com/ 108
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Pricing
● You are charged for each hour or partial hour that an Application Load Balancer is running and the
number of Load Balancer Capacity Units (LCU) used per hour.
● You are charged for each hour or partial hour that a Network Load Balancer is running and the number
of Load Balancer Capacity Units (LCU) used by Network Load Balancer per hour.
https://portal.tutorialsdojo.com/ 109
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● You are charged for each hour or partial hour that a Gateway Load Balancer is running and the number
of Gateway Load Balancer Capacity Units (GLCU) used by Gateway Load Balancer per hour.
● You are charged for each hour or partial hour that a Classic Load Balancer is running and for each GB
of data transferred through your load balancer.
Sources:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/introduction.html
https://aws.amazon.com/elasticloadbalancing/features/
https://aws.amazon.com/elasticloadbalancing/pricing/?nc=sn&loc=3
https://portal.tutorialsdojo.com/ 110
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/introduction.html
https://aws.amazon.com/elasticloadbalancing/features/
https://aws.amazon.com/elasticloadbalancing/pricing/?nc=sn&loc=3
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified
,Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Route 53
● A highly available and scalable Domain Name System (DNS) web service used for domain registration,
DNS routing, and health checking.
Key Features
● Resolver
● Traffic flow
● Latency based routing
● Geo DNS
● Private DNS for Amazon VPC
● DNS Failover
● Health Checks and Monitoring
● Domain Registration
● CloudFront and S3 Zone Apex Support
● Amazon ELB Integration
Domain Registration
● Choose a domain name and confirm that it's available, then register the domain name with Route 53.
The service automatically makes itself the DNS service for the domain by doing the following:
○ Creates a hosted zone that has the same name as your domain.
○ Assigns a set of four name servers to the hosted zone. When someone uses a browser to
access your website, such as www.example.com, these name servers tell the browser where to
find your resources, such as a web server or an S3 bucket.
○ Gets the name servers from the hosted zone and adds them to the domain.
● If you already registered a domain name with another registrar, you can choose to transfer the domain
registration to Route 53.
Routing Internet Traffic to your Website or Web Application
● Use the Route 53 console to register a domain name and configure Route 53 to route internet traffic to
your website or web application.
● After you register your domain name, Route 53 automatically creates a public hosted zone that has the
same name as the domain.
● To route traffic to your resources, you create records , also known as resource record sets , in your
hosted zone.
● You can create special Route 53 records, called alias records , that route traffic to S3 buckets,
CloudFront distributions, and other AWS resources.
● Each record includes information about how you want to route traffic for your domain, such as:
https://portal.tutorialsdojo.com/ 111
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Name - name of the record corresponds with the domain name or subdomain name that you
want Route 53 to route traffic for.
○ Type - determines the type of resource that you want traffic to be routed to.
○ Value
Know the following Concepts
● Domain Registration Concepts - domain name, domain registrar, domain registry, domain reseller,
top-level domain
● DNS Concepts
○ Alias record - a type of record that you can create to route traffic to AWS resources.
○ DNS query
○ DNS resolver
○ Domain Name System (DNS)
○ Private DNS
○ Hosted zone - a container for records, which includes information about how to route traffic for
a domain and all of its subdomains.
○ Name servers - servers in the DNS that help to translate domain names into the IP addresses
that computers use to communicate with one another.
○ Record (DNS record) - an object in a hosted zone that you use to define how you want to route
traffic for the domain or a subdomain.
○ Routing policy
○ Subdomain
○ Time to live (TTL)
Records
● Alias Records
○ Route 53 alias records provide a Route 53–specific extension to DNS functionality. Alias records
let you route traffic to selected AWS resources. They also let you route traffic from one record in
a hosted zone to another record.
○ You can create an alias record at the top node of a DNS namespace, also known as the zone
apex.
● CNAME Record
○ You cannot create an alias record at the top node of a DNS namespace using a CNAME record.
● Alias records vs CNAME records
https://portal.tutorialsdojo.com/ 112
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Route 53 Health Checks and DNS Failover
https://portal.tutorialsdojo.com/ 113
CNAME Records Alias Records
You can't create a CNAME record at
the zone apex.
You can create an alias record at the zone apex. Alias
records must have the same type as the record you're
routing traffic to.
Route 53 charges for CNAME
queries.
Route 53 doesn't charge for alias queries to AWS
resources.
A CNAME record redirects queries for
a domain name regardless of record
type.
Route 53 responds to a DNS query only when the
name and type of the alias record matches the name
and type in the query.
A CNAME record can point to any
DNS record that is hosted anywhere.
An alias record can only point to selected AWS
resources or to another record in the hosted zone that
you're creating the alias record in.
A CNAME record appears as a
CNAME record in response to dig or
Name Server (NS) lookup queries.
An alias record appears as the record type that you
specified when you created the record, such as A or
AAAA.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Each health check that you create can monitor one of the following:
○ The health of a specified resource, such as a web server
○ The status of other health checks
○ The status of an Amazon CloudWatch alarm
● Two types of failover configurations
○ Active-Active Failover - all the records that have the same name, the same type, and the same
routing policy are active unless Route 53 considers them unhealthy. Use this failover
configuration when you want all of your resources to be available the majority of the time.
○ Active-Passive Failover - use this failover configuration when you want a primary resource or
group of resources to be available the
,majority of the time and you want a secondary resource
or group of resources to be on standby in case all the primary resources become unavailable.
When responding to queries, Route 53 includes only the healthy primary resources.
Monitoring
● The Route 53 dashboard provides detailed information about the status of your domain registrations,
including:
https://portal.tutorialsdojo.com/ 114
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Status of new domain registrations
○ Status of domain transfers to Route 53
○ List of domains that are approaching the expiration date
● You can use Amazon CloudWatch metrics to see the number of DNS queries served for each of your
Route 53 public hosted zones. With these metrics, you can see at a glance the activity level of each
hosted zone to monitor changes in traffic.
● You can monitor your resources by creating Route 53 health checks, which use CloudWatch to collect
and process raw data into readable, near real-time metrics.
● Log API calls with CloudTrail
Pricing
● A hosted zone is charged at the time it's created and on the first day of each subsequent month. To
allow testing, a hosted zone that is deleted within 12 hours of creation is not charged, however, any
queries on that hosted zone will still incur charges.
● Billion queries / month
● Queries to Alias records are provided at no additional cost to current Route 53 customers when the
records are mapped to the following AWS resource types:
○ Elastic Load Balancers
○ Amazon CloudFront distributions
○ AWS Elastic Beanstalk environments
○ Amazon S3 buckets that are configured as website endpoints
● Traffic flow policy record / month
● Pricing for domain names varies by Top Level Domain (TLD)
Sources:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html
https://aws.amazon.com/route53/features/
https://aws.amazon.com/route53/pricing/
https://portal.tutorialsdojo.com/ 115
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html
https://aws.amazon.com/route53/features/
https://aws.amazon.com/route53/pricing/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon VPC
● Create a virtual network in the cloud dedicated to your AWS account where you can launch AWS
resources
● Amazon VPC is the networking layer of Amazon EC2
● A VPC spans all the Availability Zones in the region. After creating a VPC, you can add one or more
subnets in each Availability Zone.
Key Concepts
● A virtual private cloud (VPC) allows you to specify an IP address range for the VPC, add subnets,
associate security groups, and configure route tables.
● A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a specified
subnet. Use a public subnet for resources that must be connected to the internet, and a private subnet
for resources that won't be connected to the internet.
● To protect the AWS resources in each subnet, use security groups and network access control lists
(ACL) .
● Expand your VPC by adding secondary IP ranges.
Default vs Non-Default VPC
https://portal.tutorialsdojo.com/ 116
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Accessing a Corporate or Home Network
● You can optionally connect your VPC to your own corporate data center using an IPsec AWS managed
VPN connection , making the AWS Cloud an extension of your data center.
● A VPN connection consists of:
○ a virtual private gateway (which is the VPN concentrator on the Amazon side of the VPN
connection) attached to your VPC.
○ a customer gateway (which is a physical device or software appliance on your side of the VPN
connection) located in your data center.
○ A diagram of the connection
VPC Use Case Scenarios
● VPC with a Single Public Subnet
● VPC with Public and Private Subnets (NAT)
● VPC with Public and Private Subnets and AWS Managed VPN Access
● VPC with a Private Subnet Only and AWS Managed VPN Access
Subnets
● When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a
Classless Inter-Domain Routing (CIDR) block (example: 10.0.0.0/16). This is the primary CIDR block for
your VPC.
● You can add one or more subnets in each Availability Zone of your VPC’s region.
● You specify the CIDR block for a subnet, which is a subset of the VPC CIDR block.
● A CIDR block must not overlap with any existing CIDR block that's associated with the VPC.
● Types of Subnets
○ Public Subnet - has an internet gateway
○ Private Subnet - doesn’t have an internet gateway
○ VPN-only Subnet - has a virtual private gateway instead
● You cannot increase or decrease the size of an existing CIDR block.
● When you associate a CIDR block with your VPC, a route is automatically added to your VPC route
tables to enable routing within the VPC (the destination is the CIDR block and the target is local ).
● You have a limit on the number of CIDR blocks you can associate with a VPC and the number of routes
you can add to a route table.
Subnet Routing
● Each subnet must be associated with a route table , which specifies the allowed routes for outbound
traffic leaving the subnet.
● Every subnet that you create is automatically associated with the main route table for the VPC.
● You can change the association, and you can change the contents of the main route table.
https://portal.tutorialsdojo.com/
,117
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● You can allow an instance in your VPC to initiate outbound connections to the internet over IPv4 but
prevent unsolicited inbound connections from the internet using a NAT gateway or NAT instance .
● To initiate outbound-only communication to the internet over IPv6, you can use an egress-only internet
gateway.
Subnet Security
● Security Groups — control inbound and outbound traffic for your instances
○ You can associate one or more (up to five) security groups to an instance in your VPC.
○ If you don't specify a security group, the instance automatically belongs to the default security
group.
○ When you create a security group, it has no inbound rules. By default, it includes an outbound
rule that allows all outbound traffic.
○ Security groups are associated with network interfaces.
● Network Access Control Lists — control inbound and outbound traffic for your subnets
○ Each subnet in your VPC must be associated with a network ACL. If none is associated,
automatically associated with the default network ACL.
○ You can associate a network ACL with multiple subnets; however, a subnet can be associated
with only one network ACL at a time.
○ A network ACL contains a numbered list of rules that is evaluated in order, starting with the
lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated
with the network ACL.
○ The default network ACL is configured to allow all traffic to flow in and out of the subnets to
which it is associated.
○ For custom ACLs, you need to add a rule for ephemeral ports, usually with the range of
32768-65535. If you have a NAT Gateway, ELB or a Lambda function in a VPC, you need to
enable 1024-65535 port range.
● Flow logs — capture information about the IP traffic going to and from network interfaces in your VPC
that is published to CloudWatch Logs.
https://portal.tutorialsdojo.com/ 118
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Diagram of security groups and NACLs in a VPC
VPC Networking Components
● Network Interfaces
○ A virtual network interface that can include:
■ a primary private IPv4 address
■ one or more secondary private IPv4 addresses
■ one Elastic IP address per private IPv4 address
■ one public IPv4 address, which can be auto-assigned to the network interface for eth0
when you launch an instance
■ one or more IPv6 addresses
■ one or more security groups
■ a MAC address
■ a source/destination check flag
■ a description
○ Network interfaces can be attached and detached from instances, however, you cannot detach
a primary network interface.
● Route Tables
○ Contains a set of rules, called routes , that are used to determine where network traffic is
directed.
https://portal.tutorialsdojo.com/ 119
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ A subnet can only be associated with one route table at a time, but you can associate multiple
subnets with the same route table.
○ You cannot delete the main route table, but you can replace the main route table with a custom
table that you've created.
○ You must update the route table for any subnet that uses gateways or connections.
● Internet Gateways
○ Allows communication between instances in your VPC and the internet.
○ Imposes no availability risks or bandwidth constraints on your network traffic.
● NAT
○ Enable instances in a private subnet to connect to the internet or other AWS services, but
prevent the internet from initiating connections with the instances.
○ NAT Instance vs NAT Gateways
https://portal.tutorialsdojo.com/ 120
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● DNS
○ AWS provides instances launched in a default VPC with public and private DNS hostnames that
correspond to the public IPv4 and private IPv4 addresses for the instance.
● Elastic IP Addresses
○ A static, public IPv4 address .
○ You can associate an Elastic IP address with any instance or network interface for any VPC in
your account.
https://portal.tutorialsdojo.com/ 121
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ You can mask the failure of an instance by rapidly remapping the address to another instance in
your VPC.
○ Your Elastic IP addresses remain associated with your AWS account until you explicitly release
them.
○ AWS imposes a small hourly charge when EIPs aren't associated with a running instance, or
when they are associated with a stopped instance or an unattached network interface.
○ You're limited to five Elastic IP addresses.
Pricing
● Charged for VPN Connection-hour
● Charged for each “NAT Gateway-hour" that your NAT gateway is provisioned and available.
● Data processing charges apply for each Gigabyte processed through the NAT gateway regardless of the
traffic’s source or destination.
● You also incur standard AWS data transfer charges for all data transferred via the NAT gateway.
● Charges for unused or inactive Elastic IPs.
Sources:
https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
,https://aws.amazon.com/vpc/details/
https://aws.amazon.com/vpc/pricing/
https://aws.amazon.com/vpc/faqs/
https://portal.tutorialsdojo.com/ 122
https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
https://aws.amazon.com/vpc/details/
https://aws.amazon.com/vpc/pricing/
https://aws.amazon.com/vpc/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
SECURITY AND IDENTITY
AWS Identity and Access Management (IAM)
● Control who is authenticated (signed in) and authorized (has permissions) to use resources.
● AWS account root user is a single sign-in identity that has complete access to all AWS services and
resources in the account.
● Features
○ You can grant other people permission to administer and use resources in your AWS account
without having to share your password or access key.
○ You can grant different permissions to different people for different resources.
○ You can add two-factor authentication to your account and to individual users for extra security.
○ You receive AWS CloudTrail log records that include information about IAM identities who made
requests for resources in your account.
○ You use an access key (an access key ID and secret access key) to make programmatic
requests to AWS. An Access Key ID and Secret Access Key can only be uniquely generated once
and must be regenerated if lost.
○ Your unique account sign-in page URL:
https:// My_AWS_Account_ID .signin.aws.amazon.com/console/
○ You can use IAM tags to add custom attributes to an IAM user or role using a tag key–value
pair.
○ You can generate and download a credential report that lists all users on your AWS account. The
report also shows the status of passwords, access keys, and MFA devices.
● Infrastructure Elements
○ Principal
■ An entity that can make a request for an action or operation on an AWS resource. Users,
roles, federated users, and applications are all AWS principals.
■ Your AWS account root user is your first principal .
○ Request
■ When a principal tries to use the AWS Management Console, the AWS API, or the AWS
CLI, that principal sends a request to AWS.
■ Requests includes the following information:
● Actions or operations – the actions or operations that the principal wants to
perform.
● Resources – the AWS resource object upon which the actions or operations are
performed.
● Principal – the user, role, federated user, or application that sent the request.
Information about the principal includes the policies that are associated with that
principal.
https://portal.tutorialsdojo.com/ 123
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Environment data – information about the IP address, user agent, SSL enabled
status, or the time of day.
● Resource data – data related to the resource that is being requested.
○ Authentication
■ To authenticate from the console as a user, you must sign in with your username and
password.
■ To authenticate from the API or AWS CLI, you must provide your access key and secret
key.
○ Authorization
■ To provide your users with permissions to access the AWS resources in their own
account, you need identity-based policies .
■ Resource-based policies are for granting cross-account access.
■ Evaluation logic rules for policies:
● By default, all requests are denied .
● An explicit allow in a permissions policy overrides this default.
● A permissions boundary overrides the allow. If there is a permissions boundary
that applies, that boundary must allow the request. Otherwise, it is implicitly
denied.
● An explicit “deny” in any policy overrides any “allow”.
○ Actions or Operations
■ Operations are defined by a service, and include things that you can do to a resource,
such as viewing, creating, editing, and deleting that resource.
○ Resource
■ An object that exists within a service. The service defines a set of actions that can be
performed on each resource.
● Users
○ IAM Users
■ Instead of sharing your root user credentials with others, you can create individual IAM
users within your account that correspond to users in your organization. IAM users are
not separate accounts; they are users within your account.
■ Each user can have its own password for access to the AWS Management Console. You
can also create an individual access key for each user so that the user can make
programmatic requests to work with resources in your account.
■ By default, a brand new IAM user has NO permissions to do anything.
■ Users are global entities.
○ Federated Users
■ If the users in your organization already have a way to be authenticated, you can federate
those user identities into AWS.
○ IAM Groups
■ An IAM group is a collection of IAM users.
https://portal.tutorialsdojo.com/ 124
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
■ You can organize IAM users into IAM groups and attach access control policies to a
group.
■ A user can belong to multiple groups.
■ Groups cannot belong to other groups.
■ Groups do not have security credentials, and cannot access web services directly.
○ IAM Role
■ A role does not have any credentials associated with it.
■ An IAM user can assume a role to temporarily take on different permissions for a
specific task. A role can be assigned to a federated user who signs in by using an
external identity provider instead of IAM.
■ AWS service role is a role that a service assumes to perform actions in your account on
your behalf.
,This service role must include all the permissions required for the service to
access the AWS resources that it needs.
○ Users or groups can have multiple policies attached to them that grant different permissions.
● Policies
○ Most permission policies are JSON policy documents.
○ To assign permissions to federated users, you can create an entity referred to as a role and
define permissions for the role .
https://portal.tutorialsdojo.com/ 125
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Identity-Based Policies
■ Permissions policies that you attach to a principal or identity.
■ Managed policies are standalone policies that you can attach to multiple users, groups,
and roles in your AWS account.
■ Inline policies are policies that you create and manage and that are embedded directly
into a single user, group, or role.
Resource-based Policies
■ Permissions policies that you attach to a resource such as an Amazon S3 bucket.
■ Resource-based policies are only inline policies.
■ Trust policies - resource-based policies that are attached to a role and define which
principals can assume the role.
● AWS Security Token Service (STS)
○ Create and provide trusted users with temporary security credentials that can control access to
your AWS resources.
○ Temporary security credentials are short-term and are not stored with the user but are
generated dynamically and provided to the user when requested.
○ By default, AWS STS is a global service with a single endpoint at https://sts.amazonaws.com .
● Assume Role Options
○ AssumeRole - Returns a set of temporary security credentials that you can use to access AWS
resources that you might not normally have access to. These temporary credentials consist of
an access key ID, a secret access key, and a security token. Typically, you use AssumeRole
within your account or for cross-account access.
■ You can include multi-factor authentication (MFA) information when you call
AssumeRole . This is useful for cross-account scenarios to ensure that the user that
assumes the role has been authenticated with an AWS MFA device.
○ AssumeRoleWithSAML - Returns a set of temporary security credentials for users who have
been authenticated via a SAML authentication response. This allows you to link your enterprise
identity store or directory to role-based AWS access without user-specific credentials or
configuration.
○ AssumeRoleWithWebIdentity - Returns a set of temporary security credentials for users who
have been authenticated in a mobile or web application with a web identity provider. Example
providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID
Connect-compatible identity provider.
● STS Get Tokens
○ GetFederationToken - Returns a set of temporary security credentials (consisting of an access
key ID, a secret access key, and a security token) for a federated user. You must call the
GetFederationToken operation using the long-term security credentials of an IAM user. A typical
use is in a proxy application that gets temporary security credentials on behalf of distributed
applications inside a corporate network.
○ GetSessionToken - Returns a set of temporary credentials for an AWS account or IAM user. The
credentials consist of an access key ID, a secret access key, and a security token. You must call
https://portal.tutorialsdojo.com/ 126
https://sts.amazonaws.com/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
the GetSessionToken operation using the long-term security credentials of an IAM user.
Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to
specific AWS API operations.
● IAM Access Analyzer
● Provides policy checks that help you proactively validate policies when creating them. These
checks analyze your policy and report errors, warnings, and suggestions with actionable
recommendations that help you set secure and functional permissions.
● IAM Access Analyzer continuously monitors for new or updated resource policies and
permissions granted for S3 buckets, KMS keys, SQS queues, IAM roles, Lambda functions, and
Secrets Manager secrets.
● Best Practices
○ Lock Away Your AWS Account Root User Access Keys
○ Create Individual IAM Users
○ Use Groups to Assign Permissions to IAM Users
○ Use AWS Defined Policies to Assign Permissions Whenever Possible
○ Grant Least Privilege
○ Use Access Levels to Review IAM Permissions
○ Configure a Strong Password Policy for Your Users
○ Enable MFA for Privileged Users
○ Use Roles for Applications That Run on Amazon EC2 Instances
○ Use Roles to Delegate Permissions
○ Do Not Share Access Keys
○ Rotate Credentials Regularly
○ Remove Unnecessary Credentials
○ Use Policy Conditions for Extra Security
○ Monitor Activity in Your AWS Account
Sources:
https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
https://aws.amazon.com/iam/faqs/
https://portal.tutorialsdojo.com/ 127
https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html
https://aws.amazon.com/iam/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS WAF
● A web application firewall that helps protect web applications from attacks by allowing you to configure
rules that allow, block, or monitor (count) web requests based on conditions that you define.
Features
● WAF lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP
headers and body, or custom URIs.
● You can also create rules that block
,common web exploits like SQL injection and cross site scripting.
● For application layer attacks, you can use WAF to respond to incidents.
Pricing
● WAF charges based on the number of web access control lists (web ACLs) that you create, the number
of rules that you add per web ACL, and the number of web requests that you receive.
Sources:
https://docs.aws.amazon.com/waf/latest/developerguide
https://aws.amazon.com/waf/features/
https://aws.amazon.com/waf/pricing/
https://aws.amazon.com/waf/faqs/
https://portal.tutorialsdojo.com/ 128
https://docs.aws.amazon.com/waf/latest/developerguide
https://aws.amazon.com/waf/features/
https://aws.amazon.com/waf/pricing/
https://aws.amazon.com/waf/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Macie
● A security service that uses machine learning to automatically discover, classify, and protect sensitive
data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or
intellectual property.
● Amazon Macie allows you to achieve the following:
○ Identify and protect various data types, including PII, PHI, regulatory documents, API keys, and
secret keys
○ Verify compliance with automated logs that allow for instant auditing
○ Identify changes to policies and access control lists
○ Observe changes in user behavior and receive actionable alerts
○ Receive notifications when data and account credentials leave protected zones
○ Detect when large quantities of business-critical documents are shared internally and externally
Sources:
https://aws.amazon.com/macie/
https://docs.aws.amazon.com/macie/latest/userguide/what-is-macie.html
https://aws.amazon.com/macie/faq/
https://www.youtube.com/watch?v=LCjX2rsQ2wA
https://portal.tutorialsdojo.com/ 129
https://aws.amazon.com/macie/
https://docs.aws.amazon.com/macie/latest/userguide/what-is-macie.html
https://aws.amazon.com/macie/faq/
https://www.youtube.com/watch?v=LCjX2rsQ2wA
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Shield
● A managed Distributed Denial of Service (DDoS) protection service that safeguards applications
running on AWS.
Shield Tiers and Features
Standard
○ All AWS customers benefit from the automatic protections of Shield Standard.
Advanced
○ Shield Advanced provides enhanced detection, inspecting network flows and also monitoring
application layer traffic to your Elastic IP address, Elastic Load Balancing, CloudFront, or Route
53 resources.
○ It handles the majority of DDoS protection and mitigation responsibilities for layer 3 , layer 4 , and
layer 7 attacks.
○ You have 24x7 access to the AWS DDoS Response Team. To contact the DDoS Response Team,
customers will need the Enterprise or Business Support levels of AWS Premium Support.
Other Additional Features
● You can scan Amazon S3 buckets across multiple AWS accounts, and perform scoping of scans by
object prefix.
● An estimation of the costs of these job runs is sent to you for review before you run them.
● Once a job is submitted, findings are generated in the Amazon Macie console and sent out through
Amazon EventBridge where sensitive data location information is included in the findings. This allows
for identification of sensitive data within objects using detail such as line numbers, page numbers,
record index, or column and row numbers.
Pricing
● Shield Standard provides protection at no additional charge.
● Shield Advanced , however, is a paid service. It requires a 1-year subscription commitment and charges
a monthly fee, plus a usage fee based on data transfer out from CloudFront, ELB, EC2, and AWS Global
Accelerator.
Sources:
https://aws.amazon.com/shield/features/
https://aws.amazon.com/shield/pricing/
https://aws.amazon.com/shield/faqs/
https://portal.tutorialsdojo.com/ 130
https://aws.amazon.com/shield/features/
https://aws.amazon.com/shield/pricing/
https://aws.amazon.com/shield/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon Inspector
● An automated security assessment service that helps you test the network accessibility of your EC2
instances and the security state of your applications running on the instances.
● Inspector uses IAM service-linked roles .
Features
● Inspector provides an engine that analyzes system and resource configuration and monitors activity to
determine what an assessment target looks like, how it behaves, and its dependent components. The
combination of this telemetry provides a complete picture of the assessment target and its potential
security or compliance issues.
● Inspector incorporates a built-in library of rules and reports. These include checks against best
practices, common compliance standards and vulnerabilities.
● Automate security vulnerability assessments throughout your development and deployment pipeline or
against static production systems.
● Inspector is an API-driven service that uses an optional agent , making it easy to deploy, manage, and
automate.
https://portal.tutorialsdojo.com/ 131
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Sources:
https://docs.aws.amazon.com/inspector/latest/userguide
https://aws.amazon.com/inspector/pricing/
https://aws.amazon.com/inspector/faqs/
https://portal.tutorialsdojo.com/ 132
https://docs.aws.amazon.com/inspector/latest/userguide
https://aws.amazon.com/inspector/pricing/
https://aws.amazon.com/inspector/faqs/
https://portal.tutorialsdojo.com/
,Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Organizations
● It offers policy-based management for multiple AWS accounts.
Features
● With Organizations, you can create groups of accounts and then apply policies to those groups.
● Organizations provides you a policy framework for multiple AWS accounts. You can apply policies to a
group of accounts or all the accounts in your organization.
● AWS Organizations enables you to set up a single payment method for all the AWS accounts in your
organization through consolidated billing . With consolidated billing, you can see a combined view of
charges incurred by all your accounts, as well as take advantage of pricing benefits from aggregated
usage, such as volume discounts for EC2 and S3.
● AWS Organizations, like many other AWS services, is eventually consistent . It achieves high availability
by replicating data across multiple servers in AWS data centers within its region.
Administrative Actions in Organizations
● Create an AWS account and add it to your organization, or add an existing AWS account to your
organization.
● Organize your AWS accounts into groups called organizational units (OUs).
● Organize your OUs into a hierarchy that reflects your company’s structure.
● Centrally manage and attach policies to the entire organization, OUs, or individual AWS accounts.
Concepts
● An organization is a collection of AWS accounts that you can organize into a hierarchy and manage
centrally.
● A management account is the AWS account you use to create your organization. You cannot change
which account in your organization is the management account.
○ From the management account, you can create other accounts in your organization, invite and
manage invitations for other accounts to join your organization, and remove accounts from your
organization.
○ You can also attach policies to entities such as administrative roots, organizational units (OUs),
or accounts within your organization.
○ The management account has the role of a payer account and is responsible for paying all
charges accrued by the accounts in its organization.
● A member account is an AWS account, other than the management account, that is part of an
organization. A member account can belong to only one organization at a time. The management
account has the responsibilities of a payer account and is responsible for paying all charges that are
accrued by the member accounts.
https://portal.tutorialsdojo.com/ 133
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● An administrative root is the starting point for organizing your AWS accounts. The administrative root
is the top-most container in your organization’s hierarchy. Under this root, you can create OUs to
logically group your accounts and organize these OUs into a hierarchy that best matches your business
needs.
● An organizational unit (OU) is a group of AWS accounts within an organization. An OU can also contain
other OUs enabling you to create a hierarchy.
● A policy is a “document” with one or more statements that define the controls that you want to apply to
a group of AWS accounts.
○ Service control policy (SCP) is a policy that specifies the services and actions that users and
roles can use in the accounts that the SCP affects. SCPs are similar to IAM permission policies
except that they don't grant any permissions. Instead, SCPs are filters that allow only the
specified services and actions to be used in affected accounts.
● AWS Organizations has two available feature sets:
○ All organizations support consolidated billing , which provides basic management tools that you
can use to centrally manage the accounts in your organization.
○ If you enable all features , you continue to get all the consolidated billing features plus a set of
advanced features such as service control policies.
● You can remove an AWS account from an organization and make it into a standalone account.
● Organization Hierarchy
○ Including root and AWS accounts created in the lowest OUs, your hierarchy can be five levels
deep.
○ Policies inherited through hierarchical connections in an organization.
○ Policies can be assigned at different points in the hierarchy.
Pricing
● This service is free.
Sources:
https://docs.aws.amazon.com/organizations/latest/userguide/
https://aws.amazon.com/organizations/features/
https://aws.amazon.com/organizations/faqs/
https://portal.tutorialsdojo.com/ 134
https://docs.aws.amazon.com/organizations/latest/userguide/
https://aws.amazon.com/organizations/features/
https://aws.amazon.com/organizations/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Artifact
● A self-service central repository of AWS’ security and compliance reports and select online agreements.
● An audit artifact is a piece of evidence that demonstrates that an organization is following a
documented process or meeting a specific requirement (business compliant).
● AWS Artifact Reports include the following:
○ ISO,
○ Service Organization Control (SOC) reports,
○ Payment Card Industry (PCI) reports,
○ and certifications that validate the implementation and operating effectiveness of AWS security
controls.
● AWS Artifacts Agreements include
○ the Nondisclosure Agreement (NDA)
○ the Business Associate Addendum (BAA), which typically is required for companies that are
subject to the HIPAA Act to ensure that protected health information (PHI) is appropriately
safeguarded.
● All AWS Accounts with AWS Artifact IAM permissions have access to AWS Artifact . Root users and
IAM users with admin permissions can download all audit artifacts
,Adrian Formaran
Detailed information about each of these costs can be seen in this whitepaper , which also serves as your main
study material for this section. The purpose of studying cost and pricing models is to help you optimize your
costs in AWS. AWS provides a great tool to calculate expected monthly costs, known as the AWS Pricing
Calculator . Note that the CCP exam frequently asks scenarios where you’d have to optimize your costs.
5. AWS Support Plans
AWS offers four types of support plans: Basic, Developer, Business, and Enterprise. It is important to know how
each support plan differs from one another. With that said, this webpage will serve as your primary study
material. You might miss the subtle details if you don’t read each support plan properly, so be sure to take note
of these details.
In tandem with learning the AWS Support Plans is studying AWS Trusted Advisor. AWS Trusted Advisor is a tool
that offers best practice checks and recommendations across five categories: cost optimization, security, fault
tolerance, performance, and service limits. You do not need to memorize each check in AWS Trusted Advisor,
though browsing through them is an advantage.
How to review
As with any exam, the very first step is always the same - KNOWING WHAT TO STUDY . Although we have
already enumerated them in the previous section, I highly suggest you go over the AWS CCP Exam Guide again
and see the exam contents.
AWS already has a vast number of (free!) resources available for you to prepare for the exam. I suggest you
first read Overview of Amazon Web Services whitepaper , and gain a good understanding of the different AWS
concepts and services. Again, you don’t need to memorize every single AWS service and function there. Rather,
focus on the services that are more commonly used by the industry. You can check out the amazing Tutorials
Dojo cheat sheets to supplement your review for this section.
After reviewing the services whitepaper, I recommend reading the whitepaper How Pricing Works next. The
AWS CCP exam frequently throws out tricky questions about pricing, TCO and cost optimization. Be extra
careful in answering questions that ask for the most cost effective solution. Always prioritize utility over
pricing, since there might be a choice in the question where it is the cheapest solution, but is not appropriate
for the scenario’s needs. You can compare the pricing of the different services here on this website .
The AWS Security Best Practices whitepaper discusses what you'll need to know for AWS Security. Also,
familiarize yourself with the Shared Responsibility Model . This frequently comes up in the AWS CCP exam.
With security, you should know the following:
● Protect your data in AWS and going out of AWS. Different services have different encryption methods
and protocols.
https://portal.tutorialsdojo.com/ 10
https://docs.aws.amazon.com/whitepapers/latest/how-aws-pricing-works/welcome.html
https://calculator.aws/
https://calculator.aws/
https://calculator.aws/
https://aws.amazon.com/premiumsupport/plans/
https://aws.amazon.com/premiumsupport/plans/
https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf
https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf
https://turon.tutorialsdojo.com/top-5-free-aws-review-materials/
https://turon.tutorialsdojo.com/top-5-free-aws-review-materials/
https://d0.awsstatic.com/whitepapers/aws-overview.pdf
https://d0.awsstatic.com/whitepapers/aws-overview.pdf
https://tutorialsdojo.com/links-to-all-aws-cheat-sheets/
https://tutorialsdojo.com/links-to-all-aws-cheat-sheets/
https://tutorialsdojo.com/links-to-all-aws-cheat-sheets/
https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
https://aws.amazon.com/pricing/?nc2=h_ql_pr
https://aws.amazon.com/pricing/?nc2=h_ql_pr
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
https://aws.amazon.com/compliance/shared-responsibility-model/
https://aws.amazon.com/compliance/shared-responsibility-model/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Network level security and subnet level security. There are many ways you can secure your VPC and the
services inside it, such as NACLs and security groups.
● Be comfortable with IAM. Focus on concepts of IAM users, groups, policies and roles.
● Understand AWS monitoring and logging features such as Cloudwatch, CloudWatch Logs, VPC Logs
and CloudTrail.
The last whitepaper you need to review is the AWS Well-Architected Framework whitepaper. The material nicely
wraps up all the AWS services, products, features, and pricing that you’ve learned. It is very important to
understand what the best practices are, since scenario questions in the exam always revolve around these
topics. You can open up an AWS Management Console to help you visualize what is being discussed in this
paper.
After reading through all the whitepapers, the last section of your review is the AWS Support Plans. This is a
quick browse of a webpage, and shouldn’t take you long to study. Take note of what support plans are
available, and how they differ from each other. There might be questions in the exam that ask which support
plan offers some specific service.
AWS also provides a free, online virtual course called AWS Cloud Practitioner Essentials which you can take to
better prepare yourself for the AWS CCP exam. This course contains a set of video lectures that summarize
everything you’ve read so far in your review, and discuss topics you might have missed.
Also check out this article: Top 5 FREE AWS Review Materials .
Common Exam Scenarios
https://portal.tutorialsdojo.com/ 11
Scenario Solution
Domain 1: Cloud Concepts
A key financial benefit of migrating systems hosted
on your on-premises
,available to their account by
agreeing to the associated terms and conditions. You will need to grant IAM users with non-admin
permissions access to AWS Artifact.
● To use organization agreements in AWS Artifact, your organization must be enabled for all features .
● AWS Artifact Agreements
https://portal.tutorialsdojo.com/ 135
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ AWS Artifact Account Agreements apply only to the individual account you used to sign into
AWS.
○ AWS Artifact Organization Agreements apply to all accounts in an organization created through
AWS Organizations, including the organization's management account and all member
accounts. Only the management account in an organization can accept agreements in AWS
Artifact Organization Agreements.
○ Management accounts and member accounts of an Organization can have AWS Artifact
Account Agreements and AWS Artifact Organization Agreements of the same type in place at
the same time.
○ If you have accounts in separate organizations that you want covered by an agreement, you
must log in to each organization’s management account and accept the relevant agreements
through AWS Artifact Organization Agreements.
○ Terminating the organization agreement does not terminate the account agreement.
○ When a member account is removed from an organization (e.g. by leaving the organization, or
by being removed from the organization by the master account), any organization agreements
accepted on its behalf will no longer apply to that member account.
● Business Associate Addendum (BAA)
○ You can accept the AWS BAA for your individual account, or if you are a management account in
an organization, you can accept the AWS BAA on behalf of all accounts in your organization.
○ Upon accepting the AWS BAA in AWS Artifact Agreements, you will instantly designate your
AWS account(s) for use in connection with protected health information (PHI) and HIPAA.
○ If you terminate an online BAA under the Account agreements tab in AWS Artifact, the account
you used to sign into AWS will immediately cease to be a HIPAA Account, unless it was also
covered by an organization BAA.
○ If you are a user of a management account and terminate an online BAA in AWS Artifact, all
accounts within your organization will immediately be removed as HIPAA Accounts, unless they
were covered by individual account BAAs.
○ If you have both an account BAA and an organization BAA in place at the same time, the terms
of the organization BAA will apply instead of the terms of the account BAA.
● AWS Australian Notifiable Data Breach Addendum (ANDB Addendum)
○ Using the master account of your organization you can use the Organization agreements tab in
AWS Artifact Agreements to accept an ANDB Addendum on behalf of all existing and future
member accounts in your organization.
○ When both the account ANDB Addendum and organizations ANDB Addendum are accepted, the
organizations ANDB Addendum will apply instead of the account ANDB Addendum.
○ If you terminate an account ANDB Addendum under the Account agreements tab in AWS
Artifact, the AWS account you used to sign into AWS Artifact will not be covered by an ANDB
Addendum with AWS, unless it is also covered by an organizations ANDB Addendum.
○ If you are a user of a management account and terminate an organizations ANDB Addendum
within the Organization agreements tab in AWS Artifact, the AWS accounts in that AWS
https://portal.tutorialsdojo.com/ 136
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
organization will not be covered by an ANDB Addendum with AWS, unless they are covered by
an account ANDB Addendum
● Most errors you receive from AWS Artifact can be resolved by adding the necessary IAM permissions.
Sources:
https://aws.amazon.com/artifact/
https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html
https://aws.amazon.com/artifact/faq/
https://portal.tutorialsdojo.com/ 137
https://aws.amazon.com/artifact/
https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html
https://aws.amazon.com/artifact/faq/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
MIGRATION
AWS Snowball Edge
● A type of Snowball device with on-board storage and compute power for select AWS capabilities. It can
undertake local processing and edge-computing workloads in addition to transferring data between
your local environment and the AWS Cloud.
● Has on-board S3-compatible storage and compute to support running Lambda functions and EC2
instances.
● You start by requesting one or more Snowball Edge Compute Optimized or Snowball Edge Storage
Optimized devices in the AWS Management Console based on how much data you need to transfer and
the compute power needed for local processing.
● Once a device arrives, you connect it to your local network and set the IP address either manually or
automatically with DHCP. Then use the Snowball Edge client software, job manifest, and unlock code to
verify the integrity of the Snowball Edge device or cluster, and unlock it for use.
● All logistics and shipping is done by Amazon, so when copying is complete and the device is ready to
be returned, the E Ink shipping label will automatically update the return address. Once the device ships,
you can receive tracking status via messages sent by Amazon SNS, generated texts and emails, or
directly from the console.
● Snowball Edge devices are designed to be requested and used within
,a single AWS Region. The device
may not be requested from one Region and returned to another.
● Snowball Edge encrypts all data with 256-bit encryption.
Sources:
https://aws.amazon.com/snowball-edge/features/
https://aws.amazon.com/snowball-edge/pricing/
https://aws.amazon.com/snowball-edge/faqs/
https://portal.tutorialsdojo.com/ 138
https://aws.amazon.com/snowball-edge/features/
https://aws.amazon.com/snowball-edge/pricing/
https://aws.amazon.com/snowball-edge/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Snowmobile
● An exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can
transfer up to 100PB per Snowmobile.
● Snowmobile will be returned to your designated AWS region where your data will be uploaded into the
AWS storage services you have selected, such as S3 or Glacier.
● Snowmobile uses multiple layers of security to help protect your data including dedicated security
personnel:
○ GPS tracking, alarm monitoring
○ 24/7 video surveillance
○ an optional escort security vehicle while in transit
○ All data is encrypted with 256-bit encryption keys you manage through the AWS Key
Management Service and designed for security and full chain-of-custody of your data.
● Snowmobile pricing is based on the amount of data stored on the truck per month.
Sources:
https://aws.amazon.com/snowmobile/faqs/
https://aws.amazon.com/snowmobile/pricing/
https://portal.tutorialsdojo.com/ 139
https://aws.amazon.com/snowmobile/faqs/
https://aws.amazon.com/snowmobile/pricing/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
MANAGEMENT
AWS Auto Scaling
● Configure automatic scaling for the AWS resources quickly through a scaling plan that uses dynamic
scaling and predictive scaling .
● Optimize for availability, for cost, or a balance of both.
● Scaling in means decreasing the size of a group while scaling out means increasing the size of a group.
● Useful for
○ Cyclical traffic such as high use of resources during regular business hours and low use of
resources overnight
○ On and off traffic patterns, such as batch processing, testing, or periodic analysis
○ Variable traffic patterns, such as software for marketing campaigns with periods of spiky
growth
● Features
○ Launch or terminate EC2 instances in an Auto Scaling group.
○ Launch or terminate instances from an EC2 Spot Fleet request, or automatically replace
instances that get interrupted for price or capacity reasons.
○ Adjust the ECS service desired count up or down in response to load variations.
○ Enable a DynamoDB table or a global secondary index to increase or decrease its provisioned
read and write capacity to handle increases in traffic without throttling.
○ Dynamically adjust the number of Aurora read replicas provisioned for an Aurora DB cluster to
handle changes in active connections or workload.
● Amazon EC2 Auto Scaling
○ Ensuring you have the correct number of EC2 instances available to handle your application load
using Auto Scaling Groups .
○ An Auto Scaling group contains a collection of EC2 instances that share similar characteristics
and are treated as a logical grouping for the purposes of instance scaling and management.
○ You specify the minimum, maximum and desired number of instances in each Auto Scaling
group.
○ Key Components
https://portal.tutorialsdojo.com/ 140
Groups Your EC2 instances are organized into groups so that they are
treated as a logical unit for scaling and management. When you
create a group, you can specify its minimum, maximum, and
desired number of EC2 instances.
Launch configurations Your group uses a launch configuration as a template for its EC2
instances. When you create a launch configuration, you can specify
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ You can add a lifecycle hook to your Auto Scaling group to perform custom actions when
instances launch or terminate.
○ Scaling Options
■ Scale to maintain current instance levels at all times
■ Manual Scaling
■ Scale based on a schedule
■ Scale based on a demand
○ Scaling Policy Types
■ Target tracking scaling —Increase or decrease the current capacity of the group based
on a target value for a specific metric.
■ Step scaling —Increase or decrease the current capacity of the group based on a set of
scaling adjustments, known as step adjustments, that vary based on the size of the
alarm breach.
■ Simple scaling —Increase or decrease the current capacity of the group based on a
single scaling adjustment.
○ Amazon EC2 Auto Scaling marks an instance as unhealthy if the instance is in a state other than
running , the system status is impaired , or Elastic Load Balancing reports that the instance failed
the health checks.
○ Termination of Instances
■ When you configure automatic scale in, you must decide which instances should
terminate first and set up a termination policy . You can also use instance protection to
prevent specific instances from being terminated during automatic scale in.
■ Default Termination Policy
■ Custom Termination Policies
■ OldestInstance - Terminate the oldest instance in the group.
■ NewestInstance - Terminate the newest instance in the group.
■ OldestLaunchConfiguration - Terminate instances that have the oldest launch
configuration.
■ ClosestToNextInstanceHour - Terminate instances that are closest to the next
billing hour.
A launch configuration is an instance configuration template that an Auto Scaling group uses to
,launch
EC2 instances, and you specify information for the instances.
○ You can specify your launch configuration with multiple Auto Scaling groups.
○ You can only specify one launch configuration for an Auto Scaling group at a time, and you can't
modify a launch configuration after you've created it.
https://portal.tutorialsdojo.com/ 141
information such as the AMI ID, instance type, key pair, security
groups, and block device mapping for your instances.
Scaling options How to scale your Auto Scaling groups.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● You can attach one or more classic ELBs to your existing Auto Scaling Groups. The ELBs must be in the
same region.
● Auto Scaling rebalances by launching new EC2 instances in the AZs that have fewer instances first, only
then will it start terminating instances in AZs that had more instances
● Monitoring
○ Health checks - identifies any instances that are unhealthy
■ Amazon EC2 status checks (default)
■ Elastic Load Balancing health checks
■ Custom health checks.
Sources:
https://docs.aws.amazon.com/autoscaling/plans/userguide/what-is-aws-auto-scaling.html
https://aws.amazon.com/autoscaling/features/
https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html
https://aws.amazon.com/autoscaling/pricing/
https://aws.amazon.com/autoscaling/faqs/
https://portal.tutorialsdojo.com/ 142
https://docs.aws.amazon.com/autoscaling/plans/userguide/what-is-aws-auto-scaling.html
https://aws.amazon.com/autoscaling/features/
https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html
https://aws.amazon.com/autoscaling/pricing/
https://aws.amazon.com/autoscaling/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CloudFormation
● A service that gives developers and businesses an easy way to create a collection of related AWS
resources and provision them in an orderly and predictable fashion.
Features
● CloudFormation allows you to model your entire infrastructure in a text file called a template . You can
use JSON or YAML to describe what AWS resources you want to create and configure.
● CloudFormation automates the provisioning and updating of your infrastructure in a safe and controlled
manner.
CloudFormation vs Elastic Beanstalk
● Elastic Beanstalk provides an environment to easily deploy and run applications in the cloud.
● CloudFormation is a convenient provisioning mechanism for a broad range of AWS resources.
Concepts
● Templates
○ A JSON or YAML formatted text file.
○ CloudFormation uses these templates as blueprints for building your AWS resources.
● Stacks
○ Manage related resources as a single unit.
○ All the resources in a stack are defined by the stack's CloudFormation template.
Pricing
● No additional charge for CloudFormation. You pay for AWS resources created using CloudFormation in
the same manner as if you created them manually.
Sources:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
https://aws.amazon.com/cloudformation/features/
https://aws.amazon.com/cloudformation/pricing/
https://aws.amazon.com/cloudformation/faqs/
https://portal.tutorialsdojo.com/ 143
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/
https://aws.amazon.com/cloudformation/features/
https://aws.amazon.com/cloudformation/pricing/
https://aws.amazon.com/cloudformation/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CloudTrail
● Actions taken by a user, role, or an AWS service in the AWS Management Console, AWS Command Line
Interface, and AWS SDKs and APIs are recorded as events .
● CloudTrail is enabled on your AWS account when you create it.
● CloudTrail focuses on auditing API activity.
● View events in Event History , where you can view, search, and download the past 90 days of activity in
your AWS account.
● Trails
○ Create a CloudTrail trail to archive, analyze, and respond to changes in your AWS resources.
○ Types
■ A trail that applies to all regions - CloudTrail records events in each region and delivers
the CloudTrail event log files to an S3 bucket that you specify. This is the default option
when you create a trail in the CloudTrail console.
■ A trail that applies to one region - CloudTrail records the events in the region that you
specify only. This is the default option when you create a trail using the AWS CLI or the
CloudTrail API.
○ CloudTrail publishes log files about every five minutes.
● Events
○ The record of an activity in an AWS account. This activity can be an action taken by a user, role,
or service that is monitorable by CloudTrail.
○ Types
■ Management events
● Logged by default
● Management events provide insight into management operations performed on
resources in your AWS account, also known as control plane operations .
■ Data events
● Not logged by default
● Data events provide insight into the resource operations performed on or in a
resource, also known as data plane operations .
● Data events are often high-volume activities.
■ Insights events
● Not logged by default
● Insights events capture unusual activity in your AWS account. If you have Insights
events enabled, CloudTrail detects unusual activity and logs this to S3.
● Insights events provide relevant information, such as the associated API, incident
time, and statistics, that help you understand and act on unusual activity.
● Insights events are logged only when CloudTrail detects changes in your
account's API usage that differ significantly from the account's typical usage
patterns.
https://portal.tutorialsdojo.com/
,144
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Price
○ The first copy of management events within each region is delivered free of charge. Additional
copies of management events are charged.
○ Data events are recorded and charged only for the Lambda functions, DynamoDB tables, and S3
buckets you specify.
○ Once a CloudTrail trail is set up, S3 charges apply based on your usage, since CloudTrail delivers
logs to an S3 bucket.
Sources:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/
https://aws.amazon.com/cloudtrail/features/
https://aws.amazon.com/cloudtrail/pricing/
https://aws.amazon.com/cloudtrail/faqs/
https://portal.tutorialsdojo.com/ 145
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/
https://aws.amazon.com/cloudtrail/features/
https://aws.amazon.com/cloudtrail/pricing/
https://aws.amazon.com/cloudtrail/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon CloudWatch
● Monitoring tool for your AWS resources and applications.
● Display metrics and create alarms that watch the metrics and send notifications or automatically make
changes to the resources you are monitoring when a threshold is breached.
● CloudWatch is basically a metrics repository. An AWS service, such as Amazon EC2, puts metrics into
the repository and you retrieve statistics based on those metrics. If you put your own custom metrics
into the repository, you can retrieve statistics on these metrics as well.
● CloudWatch does not aggregate data across regions. Therefore, metrics are completely separate
between regions.
● CloudWatch Concepts
○ Namespaces - a container for CloudWatch metrics.
■ There is no default namespace.
■ The AWS namespaces use the following naming convention: AWS/ service .
○ Metrics - represents a time-ordered set of data points that are published to CloudWatch.
■ Exists only in the region in which they are created.
■ Cannot be deleted, but they automatically expire after 15 months if no new data is
published to them.
■ As new data points come in, data older than 15 months is dropped.
■ Each metric data point must be marked with a timestamp . The timestamp can be up to
two weeks in the past and up to two hours into the future. If you do not provide a
timestamp, CloudWatch creates a timestamp for you based on the time the data point
was received.
■ By default, several services provide free metrics for resources. You can also enable
detailed monitoring , or publish your own application metrics.
○ Dimensions - a name/value pair that uniquely identifies a metric.
■ You can assign up to 10 dimensions to a metric.
○ Statistics - metric data aggregations over specified periods of time.
■ Each statistic has a unit of measure. Metric data points that specify a unit of measure
are aggregated separately.
https://portal.tutorialsdojo.com/ 146
Statistic Description
Minimum The lowest value observed during the specified period. You can use this
value to determine low volumes of activity for your application.
Maximum The highest value observed during the specified period. You can use this
value to determine high volumes of activity for your application.
Sum All values submitted for the matching metric added together. Useful for
determining the total volume of a metric.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Percentiles - indicates the relative standing of a value in a dataset. Percentiles help you get a better
understanding of the distribution of your metric data.
● Alarms - watches a single metric over a specified time period, and performs one or more specified
actions, based on the value of the metric relative to a threshold over time
○ When an alarm is on a dashboard, it turns red when it is in the ALARM state.
○ Alarm States
■ OK —The metric or expression is within the defined threshold.
■ ALARM —The metric or expression is outside of the defined threshold.
■ INSUFFICIENT_DATA —The alarm has just started, the metric is not available, or not
enough data is available for the metric to determine the alarm state.
○ You can also monitor your estimated AWS charges by using Amazon CloudWatch Alarms.
However, take note that y ou can only track the estimated AWS charges in CloudWatch and
not the actual utilization of your resources. Remember that you can only set coverage
targets for your reserved EC2 instances in AWS Budgets or Cost Explorer, but not in
CloudWatch.
https://portal.tutorialsdojo.com/ 147
Average The value of Sum / SampleCount during the specified period. By
comparing this statistic with the Minimum and Maximum, you can
determine the full scope of a metric and how close the average use is to
the Minimum and Maximum. This comparison helps you to know when to
increase or decrease your resources as needed.
SampleCount The count (number) of data points used for the statistical calculation.
pNN.NN The value of the specified percentile. You can specify any percentile, using
up to two decimal places (for example, p95.45). Percentile statistics are
not available for metrics that include any negative values.
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
CloudWatch Dashboard
○ Customizable home pages in the CloudWatch console that you can use to monitor your
resources in a single view, even those spread across different regions.
,CloudWatch Events / Amazon EventBridge
○ Deliver near real-time stream of system events that describe changes in AWS resources.
○ Events respond to these operational changes and take corrective action as necessary, by
sending messages to respond to the environment, activating functions, making changes, and
capturing state information.
○ Concepts
■ Events - indicates a change in your AWS environment.
■ Targets - processes events.
■ Rules - matches incoming events and routes them to targets for processing.
CloudWatch Logs
○ Features
■ Monitor logs from EC2 instances in real-time
■ Monitor CloudTrail logged events
■ By default, logs are kept indefinitely and never expire
■ Archive log data
■ Log Route 53 DNS queries
CloudWatch Agent
○ Collect more logs and system-level metrics from EC2 instances and your on-premises servers.
○ Needs to be installed.
Pricing
○ You are charged for the number of metrics you have per month
○ You are charged per 1000 metrics requested using CloudWatch API calls
○ You are charged per dashboard per month
○ You are charged per alarm metric (Standard Resolution and High Resolution)
○ You are charged per GB of collected, archived and analyzed log data
○ There is no Data Transfer IN charge, only Data Transfer Out.
○ You are charged per million custom events and per million cross-account events
Sources:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring
https://aws.amazon.com/cloudwatch/features/
https://aws.amazon.com/cloudwatch/pricing/
https://aws.amazon.com/cloudwatch/faqs/
https://portal.tutorialsdojo.com/ 148
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring
https://aws.amazon.com/cloudwatch/features/
https://aws.amazon.com/cloudwatch/pricing/
https://aws.amazon.com/cloudwatch/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS OpsWorks
● A configuration management service that helps you configure and operate applications in a cloud
enterprise by using Puppet or Chef .
● AWS OpsWorks Stacks and AWS OpsWorks for Chef Automate (1 and 2) let you use Chef cookbooks
and solutions for configuration management, while OpsWorks for Puppet Enterprise lets you configure
a Puppet Enterprise master server in AWS.
● With AWS OpsWorks, you can automate how nodes are configured, deployed, and managed, whether
they are Amazon EC2 instances or on-premises devices:
OpsWorks for Puppet Enterprise
● Provides a fully-managed Puppet master, a suite of automation tools that enable you to inspect, deliver,
operate, and future-proof your applications, and access to a user interface that lets you view
information about your nodes and Puppet activities.
● Does not support all regions.
● Uses puppet-agent software.
● Pricing
○ You are charged based on the number of nodes (servers running the Puppet agent) connected
to your Puppet master and the time those nodes are running on an hourly rate, and you also pay
for the underlying EC2 instance running your Puppet master.
OpsWorks for Chef Automate
https://portal.tutorialsdojo.com/ 149
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Lets you create AWS-managed Chef servers that include Chef Automate premium features, and use the
Chef DK and other Chef tooling to manage them.
● AWS OpsWorks for Chef Automate supports Chef Automate 2.
● Uses chef-client.
● Pricing
○ You are charged based on the number of nodes connected to your Chef server and the time
those nodes are running, and you also pay for the underlying EC2 instance running your Chef
server.
Sources:
https://aws.amazon.com/opsworks/chefautomate/features
https://aws.amazon.com/opsworks/chefautomate/pricing
https://aws.amazon.com/opsworks/chefautomate/faqs
https://aws.amazon.com/opsworks/puppetenterprise/feature
https://aws.amazon.com/opsworks/puppetenterprise/pricing
https://aws.amazon.com/opsworks/puppetenterprise/faqs
https://aws.amazon.com/opsworks/stacks/features
https://aws.amazon.com/opsworks/stacks/pricing
https://aws.amazon.com/opsworks/stacks/faqs
https://portal.tutorialsdojo.com/ 150
https://aws.amazon.com/opsworks/chefautomate/features
https://aws.amazon.com/opsworks/chefautomate/pricing
https://aws.amazon.com/opsworks/chefautomate/faqs
https://aws.amazon.com/opsworks/puppetenterprise/feature
https://aws.amazon.com/opsworks/puppetenterprise/pricing
https://aws.amazon.com/opsworks/puppetenterprise/faqs
https://aws.amazon.com/opsworks/stacks/features
https://aws.amazon.com/opsworks/stacks/pricing
https://aws.amazon.com/opsworks/stacks/faqs
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Management Console
● Resource Groups
○ A collection of AWS resources that are all in the same AWS region, and that match criteria
provided in a query.
○ Resource groups make it easier to manage and automate tasks on large numbers of resources
at one time.
○ Two types of queries on which you can build a group:
■ Tag-based
■ AWS CloudFormation stack-based
● Tag Editor
○ Tags are words or phrases that act as metadata for identifying and organizing your AWS
resources. The tag limit varies with the resource, but most can have up to 50 tags.
○ You can sort and filter the results of your tag search to find the tags and resources that you
need to work with.
Sources:
https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg
https://docs.aws.amazon.com/ARG/latest/userguide/
https://portal.tutorialsdojo.com/ 151
https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg
https://docs.aws.amazon.com/ARG/latest/userguide/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon
,Bonso and Adrian Formaran
AWS Trusted Advisor
● Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five
categories:
○ Cost Optimization
○ Performance
○ Security
○ Fault Tolerance
○ Service Limits
● Access to the seven core Trusted Advisor checks are available to all AWS users.
● Access to the full set of Trusted Advisor checks are available to Business and Enterprise Support plans.
Sources:
https://aws.amazon.com/premiumsupport/trustedadvisor/
https://aws.amazon.com/premiumsupport/ta-faqs/
https://www.amazonaws.cn/en/support/trustedadvisor/best-practices/
https://portal.tutorialsdojo.com/ 152
https://aws.amazon.com/premiumsupport/trustedadvisor/
https://aws.amazon.com/premiumsupport/ta-faqs/
https://www.amazonaws.cn/en/support/trustedadvisor/best-practices/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
ANALYTICS
Amazon Kinesis
● Makes it easy to collect, process, and analyze real-time, streaming data.
● Kinesis can ingest real-time data such as video, audio, application logs, website clickstreams, and IoT
telemetry data for machine learning, analytics, and other applications.
Kinesis Video Streams
● A fully managed AWS service that you can use to stream live video from devices to the AWS Cloud, or
build applications for real-time video processing or batch-oriented video analytics.
● Benefit
○ You can connect and stream from millions of devices.
○ You can configure your Kinesis video stream to durably store media data for custom retention
periods. Kinesis Video Streams also generates an index over the stored data based on
producer-generated or service-side timestamps.
○ Kinesis Video Streams is serverless, so there is no infrastructure to set up or manage.
○ You can build real-time and batch applications on data streams.
○ Kinesis Video Streams enforces Transport Layer Security (TLS)-based encryption on data
streaming from devices, and encrypts all data at rest using AWS KMS.
● Pricing
○ You pay only for the volume of data you ingest, store, and consume through the service.
Kinesis Data Stream
● A massively scalable, highly durable data ingestion and processing service optimized for streaming
data. You can configure hundreds of thousands of data producers to continuously put data into a
Kinesis data stream.
● Security
Kinesis Data Streams can automatically encrypt sensitive data as a producer enters it into a
stream. Kinesis Data Streams uses AWS KMS master keys for encryption.
Use IAM for managing access controls.
You can use an interface VPC endpoint to keep traffic between your Amazon VPC and Kinesis
Data Streams from leaving the Amazon network.
● Pricing
You are charged for each shard at an hourly rate.
PUT Payload Unit is charged with a per million PUT Payload Units rate.
When consumers use enhanced fan-out, they incur hourly charges per consumer-shard hour and
per GB of data retrieved.
https://portal.tutorialsdojo.com/ 153
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
You are charged for an additional rate on each shard hour incurred by your data stream once
you enable extended data retention.
Kinesis Data Firehose
● The easiest way to load streaming data into data stores and analytics tools.
● It is a fully managed service that automatically scales to match the throughput of your data.
● It can also batch, compress, and encrypt the data before loading it.
● Features
○ It can capture, transform, and load streaming data into S3, Redshift, Elasticsearch Service, and
Splunk, enabling near real-time analytics with existing business intelligence tools and
dashboards being used today.
○ You can specify a batch size or batch interval to control how quickly data is uploaded to
destinations. Additionally, you can specify if data should be compressed.
○ Once launched, your delivery streams automatically scale up and down to handle gigabytes per
second or more of input data rate, and maintain data latency at levels you specify for the
stream.
○ Kinesis Data Firehose can convert the format of incoming data from JSON to Parquet or ORC
formats before storing the data in S3.
○ You can configure Kinesis Data Firehose to prepare your streaming data before it is loaded to
data stores. Kinesis Data Firehose provides pre-built Lambda blueprints for converting common
data sources such as Apache logs and system logs to JSON and CSV formats. You can use
these pre-built blueprints without any change, or customize them further, or write your own
custom functions.
● Security
○ Kinesis Data Firehose provides you the option to have your data automatically encrypted after it
is uploaded to the destination.
○ Manage resource access with IAM.
● Pricing
○ You pay only for the volume of data you transmit through the service. You are billed for the
volume of data ingested into Kinesis Data Firehose, and if applicable, for data format conversion
to Apache Parquet or ORC.
Kinesis Data Analytics
● Analyze streaming data, gain actionable insights, and respond to your business and customer needs in
real time. You can quickly build SQL queries and Java applications using built-in templates and
operators for common processing functions to organize, transform, aggregate, and analyze data at any
scale.
● General Features
https://portal.tutorialsdojo.com/ 154
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Kinesis Data Analytics is serverless and takes care of everything required to continuously run
your application.
○ Kinesis Data
,Analytics elastically scales applications to keep up with any volume of data in the
incoming data stream.
○ Kinesis Data Analytics delivers sub-second processing latencies so you can generate real-time
alerts, dashboards, and actionable insights.
● Pricing
○ You are charged an hourly rate based on the average number of Kinesis Processing Units (or
KPUs) used to run your stream processing application.
Sources:
https://aws.amazon.com/kinesis/
https://portal.tutorialsdojo.com/ 155
https://aws.amazon.com/kinesis/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
DEVELOPER
AWS CodeDeploy
● A fully managed deployment service that automates software deployments to a variety of compute
services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers.
○ Advantages of using Blue/Green Deployments vs In-Place Deployments
■ An application can be installed and tested in the new replacement environment and
deployed to production simply by rerouting traffic.
■ If you're using the EC2/On-Premises compute platform, switching back to the most
recent version of an application is faster and more reliable. Traffic can just be routed
back to the original instances as long as they have not been terminated. With an in-place
deployment, versions must be rolled back by redeploying the previous version of the
application.
■ If you're using the EC2/On-Premises compute platform, new instances are provisioned
and contain the most up-to-date server configurations.
■ If you're using the AWS Lambda compute platform, you control how traffic is shifted
from your original AWS Lambda function version to your new AWS Lambda function
version.
● With AWS CodeDeploy, you can also deploy your applications to your on-premises data centers.
https://portal.tutorialsdojo.com/ 156
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Pricing
○ There is no additional charge for code deployments to Amazon EC2 or AWS Lambda.
○ You are charged per on-premises instance update using AWS CodeDeploy.
Sources:
https://aws.amazon.com/codedeploy/features/?nc=sn&loc=2
https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html
https://aws.amazon.com/codedeploy/faqs/?nc=sn&loc=6
https://portal.tutorialsdojo.com/ 157
https://aws.amazon.com/codedeploy/features/?nc=sn&loc=2
https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html
https://aws.amazon.com/codedeploy/faqs/?nc=sn&loc=6
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CodePipeline
● A fully managed continuous delivery service that helps you automate your release pipelines for
application and infrastructure updates.
● You can easily integrate AWS CodePipeline with third-party services such as GitHub or with your own
custom plugin.
● Concepts
○ A pipeline defines your release process workflow, and describes how a new code change
progresses through your release process.
○ A pipeline comprises a series of stages (e.g., build, test, and deploy), which act as logical
divisions in your workflow. Each stage is made up of a sequence of actions, which are tasks
such as building code or deploying to test environments.
● Features
○ AWS CodePipeline can pull source code for your pipeline directly from AWS CodeCommit,
GitHub, Amazon ECR, or Amazon S3.
○ It can run builds and unit tests in AWS CodeBuild.
○ It can deploy your changes using AWS CodeDeploy, AWS Elastic Beanstalk, Amazon ECS, AWS
Fargate, Amazon S3, AWS Service Catalog, AWS CloudFormation, and/or AWS OpsWorks
Stacks.
● Limits
○ Maximum number of total pipelines per Region in an AWS account is 300
○ Number of stages in a pipeline is minimum of 2, maximum of 10
● Pricing
○ You are charged per active pipeline each month. Newly created pipelines are free to use during
the first 30 days after creation.
Sources:
https://aws.amazon.com/codepipeline/features/?nc=sn&loc=2
https://aws.amazon.com/codepipeline/pricing/?nc=sn&loc=3
https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html
https://aws.amazon.com/codepipeline/faqs/?nc=sn&loc=5
https://portal.tutorialsdojo.com/ 158
https://aws.amazon.com/codepipeline/features/?nc=sn&loc=2
https://aws.amazon.com/codepipeline/pricing/?nc=sn&loc=3
https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html
https://aws.amazon.com/codepipeline/faqs/?nc=sn&loc=5
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CodeBuild
● A fully managed continuous integration service that compiles source code, runs tests, and produces
software packages that are ready to deploy.
● Features
○ AWS CodeBuild runs your builds in preconfigured build environments that contain the operating
system, programming language runtime, and build tools (such as Apache Maven, Gradle, npm)
required to complete the task. You just specify your source code’s location and select settings
for your build, such as the build environment to use and the build commands to run during a
build.
○ AWS CodeBuild builds your code and stores the artifacts into an Amazon S3 bucket, or you can
use a build command to upload them to an artifact repository.
○ AWS CodeBuild provides build environments for
■ Java
■ Python
■ Node.js
■ Ruby
■ Go
■ Android
■ .NET Core for Linux
■ Docker
○ You can define the specific commands that you want AWS CodeBuild to perform, such as
installing build tool packages, running unit tests, and packaging
,your code.
○ You can integrate CodeBuild into existing CI/CD workflows using its source integrations, build
commands, or Jenkins integration.
○ CodeBuild can connect to AWS CodeCommit, S3, GitHub, and GitHub Enterprise and Bitbucket
to pull source code for builds.
○ CodeBuild allows you to use Docker images stored in another AWS account as your build
environment, by granting resource level permissions.
○ It now allows you to access Docker images from any private registry as the build environment.
Previously, you could only use Docker images from public DockerHub or Amazon ECR in
CodeBuild.
● Pricing
○ You are charged for compute resources based on the duration it takes for your build to execute.
The per-minute rate depends on the compute type that you use.
Sources:
https://aws.amazon.com/codebuild/features/?nc=sn&loc=2
https://aws.amazon.com/codebuild/pricing/?nc=sn&loc=3
https://aws.amazon.com/codebuild/faqs/?nc=sn&loc=5
https://docs.aws.amazon.com/codebuild/latest/userguide/getting-started.html
https://portal.tutorialsdojo.com/ 159
https://aws.amazon.com/codebuild/features/?nc=sn&loc=2
https://aws.amazon.com/codebuild/pricing/?nc=sn&loc=3
https://aws.amazon.com/codebuild/faqs/?nc=sn&loc=5
https://docs.aws.amazon.com/codebuild/latest/userguide/getting-started.html
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CodeCommit
● A fully-managed source control service that hosts secure Git-based repositories, similar to Github.
● You can create your own code repository and use Git commands to interact with your own repository
and other repositories.
● You can store and version any kind of file, including application assets such as images and libraries
alongside your code.
● The AWS CodeCommit Console lets you visualize your code, pull requests, commits, branches, tags and
other settings.
● High Availability
○ CodeCommit stores your repositories in Amazon S3 and Amazon DynamoDB.
● Monitoring
○ CodeCommit uses AWS IAM to control and monitor who can access your data as well as how,
when, and where they can access it.
○ CodeCommit helps you monitor your repositories via AWS CloudTrail and AWS CloudWatch.
○ You can use Amazon SNS to receive notifications for events impacting your repositories. Each
notification will include a status message as well as a link to the resources whose event
generated that notification.
● Pricing
○ The first 5 active users per month are free of charge. You also get to have unlimited repositories,
with 50 GB-month total worth of storage, and 10,000 Git requests/month at no cost.
○ You are billed for each active user beyond the first 5 per month. You also get an additional
10GB-month of storage per active user, and an additional 2,000 Git requests per active user.
Sources:
https://aws.amazon.com/codecommit/
https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html
https://aws.amazon.com/codecommit/faqs/
https://portal.tutorialsdojo.com/ 160
https://aws.amazon.com/codecommit/
https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html
https://aws.amazon.com/codecommit/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS X-Ray
● AWS X-Ray analyzes and debugs production, distributed applications, such as those built using a
microservices architecture. With X-Ray, you can identify performance bottlenecks, edge case errors, and
other hard to detect issues.
● AWS X-Ray provides an end-to-end, cross-service, application-centric view of requests flowing through
your application by aggregating the data gathered from individual services in your application into a
single unit called a trace .
● You pay based on the number of traces recorded, retrieved, and scanned. A trace represents a request
to your application and may include multiple data points, such as for calls to other services and
database access.
Sources:
https://aws.amazon.com/xray/features/
https://aws.amazon.com/xray/pricing/
https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html
https://aws.amazon.com/xray/faqs/
https://portal.tutorialsdojo.com/ 161
https://aws.amazon.com/xray/features/
https://aws.amazon.com/xray/pricing/
https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html
https://aws.amazon.com/xray/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS BILLING AND COST MANAGEMENT
● Cost Explorer tracks and analyzes your AWS usage. It is free for all accounts.
● Use Budgets to manage budgets for your account.
● Use Bills to see details about your current charges.
● Use Payment History to see your past payment transactions.
● AWS Billing and Cost Management closes the billing period at midnight on the last day of each month
and then calculates your bill.
● At the end of a billing cycle or at the time you choose to incur a one-time fee, AWS charges the credit
card you have on file and issues your invoice as a downloadable PDF file.
● With CloudWatch, you can create billing alerts that notify you when your usage of your services exceeds
thresholds that you define.
● Use cost allocation tags to track your AWS costs on a detailed level. AWS provides two types of cost
allocation tags, an AWS generated tags and user-defined tags .
AWS Free Tier
● When you create an AWS account, you're automatically signed up for the free tier for 12 months .
● You can use a number of AWS services for free, as long as you haven’t surpassed the allocated usage
limit.
● To help you stay within the limits, you can track your free tier usage and set a billing alarm with AWS
Budgets to notify you if you start incurring charges.
AWS Cost and Usage Reports
,● The AWS Cost and Usage report provides information about your use of AWS resources and estimated
costs for that usage.
● The AWS Cost and Usage report is a .csv file or a collection of .csv files that is stored in an S3 bucket.
Anyone who has permissions to access the specified S3 bucket can see your billing report files.
● You can use the Cost and Usage report to track your Reserved Instance Utilization, charges, and
allocations.
● Reports can be automatically uploaded into AWS Redshift and/or AWS QuickSight for analysis.
AWS Cost Explorer
● Cost Explorer includes a default report that helps you visualize the costs and usage associated with
your TOP FIVE cost-accruing AWS services, and gives you a detailed breakdown on all services in the
table view.
● You can view data for up to the last 12 months, forecast how much you're likely to spend for the next
three months, and get recommendations for what Reserved Instances to purchase.
https://portal.tutorialsdojo.com/ 162
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Cost Explorer must be enabled before it can be used. You can enable it only if you're the owner of the
AWS account and you signed in to the account with your root credentials.
● If you're the owner of a management account in an organization, enabling Cost Explorer enables Cost
Explorer for all of the organization accounts. You can't grant or deny access individually.
● You can create forecasts that predict your AWS usage and define a time range for the forecast.
● Other default reports available are:
○ The EC2 Monthly Cost and Usage report lets you view all of your AWS costs over the past two
months, as well as your current month-to-date costs.
○ The Monthly Costs by Linked Account report lets you view the distribution of costs across your
organization.
○ The Monthly Running Costs report gives you an overview of all of your running costs over the
past three months, and provides forecasted numbers for the coming month with a
corresponding confidence interval.
AWS Budgets
● Set custom budgets that alert you when your costs or usage exceed or are forecasted to exceed your
budgeted amount.
● With Budgets, you can view the following information:
○ How close your plan is to your budgeted amount or to the free tier limits
○ Your usage to date, including how much you have used of your Reserved Instances
○ Your current estimated charges from AWS and how much your predicted usage will incur in
charges by the end of the month
https://portal.tutorialsdojo.com/ 163
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ How much of your budget has been used
● Budget information is updated up to three times a day.
● Types of Budgets:
○ Cost budgets – Plan how much you want to spend on a service.
○ Usage budgets – Plan how much you want to use one or more services.
○ RI utilization budgets – Define a utilization threshold and receive alerts when your RI usage falls
below that threshold.
○ RI coverage budgets – Define a coverage threshold and receive alerts when the number of your
instance hours that are covered by RIs fall below that threshold.
● Budgets can be tracked at the monthly, quarterly, or yearly level, and you can customize the start and
end dates.
● Budget alerts can be sent via email and/or Amazon SNS topic.
● First two budgets created are free of charge.
Sources:
https://aws.amazon.com/aws-cost-management/aws-budgets/
https://aws.amazon.com/aws-cost-management/aws-cost-explorer/
https://aws.amazon.com/aws-cost-management/aws-cost-and-usage-reporting/
https://aws.amazon.com/aws-cost-management/faqs/
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2
https://portal.tutorialsdojo.com/ 164
https://aws.amazon.com/aws-cost-management/aws-budgets/
https://aws.amazon.com/aws-cost-management/aws-cost-explorer/
https://aws.amazon.com/aws-cost-management/aws-cost-and-usage-reporting/
https://aws.amazon.com/aws-cost-management/faqs/
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
APPLICATION
Amazon SQS
● A hosted queue that lets you integrate and decouple distributed software systems and components.
● SQS supports both standard and FIFO queues .
● SQS uses pull based (polling) not push based
● Benefits
○ You control who can send messages to and receive messages from an SQS queue.
○ Supports server-side encryption.
○ SQS stores messages on multiple servers for durability.
○ SQS uses redundant infrastructure to provide highly-concurrent access to messages and high
availability for producing and consuming messages.
○ SQS can scale to process each buffered request and handle any load increases or spikes
independently.
○ SQS locks your messages during processing, so that multiple producers can send and multiple
consumers can receive messages at the same time.
https://portal.tutorialsdojo.com/ 165
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● Types of Queues
● Monitoring, Logging, and Automating
○ Monitor SQS queues using CloudWatch
○ Log SQS API Calls Using AWS CloudTrail
○ Automate notifications from AWS Services to SQS using CloudWatch Events
● Security
○ Use IAM for user authentication.
○ SQS has its own resource-based permissions system that uses
,policies written in the same
language used for IAM policies.
○ Protect data using Server-Side Encryption and AWS KMS.
● Pricing
○ You are charged per 1 million SQS requests. Price depends on the type of queue being used.
Requests include:
https://portal.tutorialsdojo.com/ 166
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
■ API Actions
■ FIFO Requests
■ A single request of 1 to 10 messages, up to a maximum total payload of 256 KB
■ Each 64 KB chunk of a payload is billed as 1 request
■ Interaction with Amazon S3
■ Interaction with AWS KMS
○ Data transfer out of SQS per TB/month after consuming 1 GB for that month
Sources:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide
https://aws.amazon.com/sqs/features/
https://aws.amazon.com/sqs/pricing/
https://aws.amazon.com/sqs/faqs/
https://portal.tutorialsdojo.com/ 167
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide
https://aws.amazon.com/sqs/features/
https://aws.amazon.com/sqs/pricing/
https://aws.amazon.com/sqs/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon SNS
● A web service that makes it easy to set up, operate, and send notifications from the cloud. SNS follows
the “publish-subscribe” (pub-sub) messaging paradigm, with notifications being delivered to clients
using a “push” mechanism rather than to periodically check or “poll” for new information and updates.
Features
● SNS is an event-driven computing hub that has native integration with a wide variety of AWS event
sources (including EC2, S3, and RDS) and AWS event destinations (including SQS, and Lambda).
○ Event-driven computing is a model in which subscriber services automatically perform work in
response to events triggered by publisher services. It can automate workflows while decoupling
the services that collectively and independently work to fulfil these workflows.
● Message filtering allows a subscriber to create a filter policy, so that it only gets the notifications it is
interested in.
● Message fanout occurs when a message is sent to a topic and then replicated and pushed to multiple
endpoints. Fanout provides asynchronous event notifications, which in turn allows for parallel
processing.
● SNS mobile notifications allows you to fanout mobile push notifications to iOS, Android, Fire OS,
Windows and Baidu-based devices. You can also use SNS to fanout text messages (SMS) to 200+
countries and fanout email messages (SMTP).
● Application and system alerts are notifications, triggered by predefined thresholds, sent to specified
users by SMS and/or email.
● Push email and text messaging are two ways to transmit messages to individuals or groups via email
and/or SMS.
● SNS provides durable storage of all messages that it receives. When SNS receives your Publish request,
it stores multiple copies of your message to disk. Before SNS confirms to you that it received your
request, it stores the message in multiple Availability Zones within your chosen AWS Region.
● SNS allows you to set a TTL (Time to Live) value for each message. When the TTL expires for a given
message that was not delivered and read by an end user, the message is deleted.
SNS provides simple APIs and easy integration with applications.
Publishers and Subscribers
● Publishers communicate asynchronously with subscribers by producing and sending a message to a
topic, which is a logical access point and communication channel.
● Subscribers consume or receive the message or notification over one of the supported protocols when
they are subscribed to the topic.
● Publishers create topics to send messages, while subscribers subscribe to topics to receive messages.
https://portal.tutorialsdojo.com/ 168
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● SNS FIFO topics support the forwarding of messages to SQS FIFO queues. You can also use SNS to
forward messages to standard queues.
SNS Topics
● Instead of including a specific destination address in each message, a publisher sends a message to a
topic . SNS matches the topic to a list of subscribers who have subscribed to that topic, and delivers the
message to each of those subscribers.
● Each topic has a unique name that identifies the SNS endpoint for publishers to post messages and
subscribers to register for notifications.
● A topic can support subscriptions and notification deliveries over multiple transports.
The SNS service will attempt to deliver messages from the publisher in the order they were published into the
topic, so no guarantee.
Monitoring
● Monitoring SNS topics using CloudWatch
● Logging SNS API calls using CloudTrail
Security
● SNS provides encrypted topics to protect your messages from unauthorized and anonymous access.
The encryption takes place on the server side.
● Using access control policies, you have detailed control over which endpoints a topic allows, who is
able to publish to a topic, and under what conditions.
Pricing
● You pay based on the number of notifications you publish, the number of notifications you deliver, and
any additional API calls for managing topics and subscriptions. Delivery pricing varies by endpoint type.
Sources:
https://docs.aws.amazon.com/sns/latest/dg
https://aws.amazon.com/sns/features/
https://aws.amazon.com/sns/pricing/
https://aws.amazon.com/sns/faqs/
https://portal.tutorialsdojo.com/ 169
https://docs.aws.amazon.com/sns/latest/dg
,data center to AWS.
- Replaces upfront capital expenses (CAPEX) with low
variable operational expenses (OPEX).
- Reduce the Total Cost of Ownership (TCO)
4 cloud architectures design principle in AWS 1. Design for failure.
2. Decouple your components
3. Implement elasticity
4. Think parallel
A cloud architecture for mission-critical workloads in
AWS which must be highly-available.
Use multiple Availability Zones
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
https://www.aws.training/learningobject/curriculum?id=27076
https://www.aws.training/learningobject/curriculum?id=27076
https://turon.tutorialsdojo.com/top-5-free-aws-review-materials/
https://turon.tutorialsdojo.com/top-5-free-aws-review-materials/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://portal.tutorialsdojo.com/ 12
A change or a failure in one component should not
cascade to other components.
Loose coupling
You need to enable your Amazon EC2 instances in the
public subnet to connect to the public Internet.
Internet Gateway
You need to enable your EC2 instances in the private
subnet to connect to the public Internet.
NAT Gateway
Domain 2: Security and Compliance
A security management tool to configure your AWS
WAF rules across your accounts.
AWS Firewall Manager
A company needs to download the
compliance-related documents in AWS such as
Service Organization Controls (SOC) reports
AWS Artifact
Improve the security of IAM users. - Enable Multi-Factor Authentication (MFA)
- Configure a strong password policy
An IAM identity that uses access keys to manage
cloud resources via AWS CLI.
IAM User
Grant temporary access to your AWS resources. IAM Role
Apply and easily manage the common access
permissions to a large number of IAM users in AWS.
IAM Group
Grant the required permissions to access your
Amazon S3 resources.
Bucket Policy
User Policy
You must provide temporary AWS credentials for
users who have authenticated via their social media
logins as well as for guest users who do not require
any authentication.
Amazon Cognito Identity Pool
A startup needs to evaluate the newly created IAM
policies.
IAM Policy Simulator
A service that discovers, classifies, and protects
sensitive data such as personally identifiable
information (PII) or intellectual property.
Amazon Macie
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://portal.tutorialsdojo.com/ 13
A threat detection service that continuously monitors
for malicious activity to protect your AWS account.
Amazon GuardDuty
Prevent unauthorized deletion of Amazon S3 objects. Enable Multi-Factor Authentication (MFA)
A company needs to control the traffic going in and
out of their VPC subnets.
Network Access Control List (NACL)
What acts as a virtual firewall in AWS that controls
the traffic at the EC2 instance level?
Security Group
Set up an automated security assessment service to
improve the security and compliance of your
applications.
Amazon Inspector
Domain 3: Technology
A company needs to use the AWS global network to
improve availability of deployed applications on AWS
using an anycast static IP address.
AWS Global Accelerator
You need to securely transfer hundreds of petabytes
of data into and out of the AWS Cloud.
AWS Snowball Edge
A type of an EC2 instance that allows you to use your
existing server-bound software licenses.
Dedicated Host
A service that allows you to continuously monitor and
log account activities such as the user actions made
from the AWS Management Console and AWS SDKs.
AWS CloudTrail
A highly available and scalable cloud DNS web
service in AWS.
Amazon Route 53
Store the results of I/O-intensive SQL database
queries to improve the application performance.
Amazon ElastiCache
A combination of AWS services that allows you to
serve the static files with lowest possible latency.
Amazon S3
Amazon CloudFront
Automatically scale the capacity of an AWS cloud
resource based on the incoming traffic to improve
availability and reduce failures
AWS Auto Scaling
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://portal.tutorialsdojo.com/ 14
A company needs to migrate an on-premises MySQL
database to Amazon RDS.
AWS Database Migration Service (AWS DMS)
Automatically transfer your infrequently accessed
data in your S3 bucket to a more cost-effective
storage class.
S3 Lifecycle Policy
You need to upload a single object as a set of parts to
improve throughput and have a quicker recovery from
any network issues.
Use Multipart Upload API
A company needs to establish a dedicated
connection between their on-premises network and
their AWS VPC.
AWS Direct Connect
A Machine Learning service that allows you to add a
visual analysis feature to your applications.
Amazon Rekognition
A source control service that allows you to host
Git-based repositories.
AWS CodeCommit
A service that can trace user requests in your
application.
AWS X-Ray
A company needs to retrieve the instance ID, public
keys, and public IP address of their EC2 instance.
Instance metadata
You need to speed up the content delivery of static
assets to your customers around the globe
Amazon CloudFront
Create and deploy infrastructure-as-code templates AWS CloudFormation
You have to encrypt the log data that is stored and
managed by AWS CloudTrail.
AWS Key Management
,https://aws.amazon.com/sns/features/
https://aws.amazon.com/sns/pricing/
https://aws.amazon.com/sns/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Step Functions
● AWS Step Functions is a web service that provides serverless orchestration for modern applications. It
enables you to coordinate the components of distributed applications and microservices using visual
workflows.
Features
○ Using Step Functions, you define your workflows as state machines , which transform complex
code into easy to understand statements and diagrams.
○ Step Functions provides ready-made steps for your workflow called states that implement basic
service primitives for you, which means you can remove that logic from your application. States
are able to:
■ pass data to other states and microservices,
■ handle exceptions,
■ add timeouts,
■ make decisions,
■ execute multiple paths in parallel,
■ and more.
○ Using Step Functions service tasks , you can configure your Step Functions workflow to call
other AWS services.
○ Step Functions can coordinate any application that can make an HTTPS connection, regardless
of where it is hosted—Amazon EC2 instances, mobile devices, or on-premises servers.
○ AWS Step Functions coordinates your existing Lambda functions and microservices, and lets
you modify them into new compositions. The tasks in your workflow can run anywhere,
including on instances, containers, functions, and mobile devices.
○ Nesting your Step Functions workflows allows you to build larger, more complex workflows out
of smaller, simpler workflows.
○ Step Functions keeps the logic of your application strictly separated from the implementation of
your application. You can add, move, swap, and reorder steps without having to make changes
to your business logic.
○ Step Functions maintains the state of your application during execution, including tracking what
step of execution it is in, and storing data that is moving between the steps of your workflow.
You won't have to manage state yourself with data stores or by building complex state
management into all of your tasks.
○ Step Functions automatically handles errors and exceptions with built-in try/catch and retry ,
whether the task takes seconds or months to complete. You can automatically retry failed or
timed-out tasks, respond differently to different types of errors, and recover gracefully by falling
back to designated cleanup and recovery code.
○ Step Functions has built-in fault tolerance and maintains service capacity across multiple
Availability Zones in each region , ensuring high availability for both the service itself and for the
application workflow it operates.
https://portal.tutorialsdojo.com/ 170
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ Step Functions automatically scales the operations and underlying compute to run the steps of
your application for you in response to changing workloads.
○ AWS Step Functions has a 99.9% SLA.
○ It also supports callback patterns. Callback patterns automate workflows for applications with
human activities and custom integrations with third-party services.
○ AWS Step Functions supports workflow execution events, which make it faster and easier to
build and monitor event-driven, serverless workflows.
● Pricing
○ Step Functions counts a state transition each time a step of your workflow is executed. You are
charged for the total number of state transitions across all your state machines, including
retries.
● Common Use Cases
○ Step Functions can help ensure that long-running, multiple ETL jobs execute in order and
complete successfully, instead of manually orchestrating those jobs or maintaining a separate
application.
○ By using Step Functions to handle a few tasks in your codebase, you can approach the
transformation of monolithic applications into microservices as a series of small steps.
○ You can use Step Functions to easily automate recurring tasks such as patch management,
infrastructure selection, and data synchronization, and Step Functions will automatically scale,
respond to timeouts, and retry failed tasks.
○ Use Step Functions to combine multiple AWS Lambda functions into responsive serverless
applications and microservices, without having to write code for workflow logic, parallel
processes, error handling, timeouts or retries.
○ You can also orchestrate data and services that run on Amazon EC2 instances, containers, or
on-premises servers.
Sources:
https://aws.amazon.com/step-functions/features/
https://aws.amazon.com/step-functions/pricing/
https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html
https://aws.amazon.com/step-functions/faqs/
https://portal.tutorialsdojo.com/ 171
https://aws.amazon.com/step-functions/features/
https://aws.amazon.com/step-functions/pricing/
https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html
https://aws.amazon.com/step-functions/faqs/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
COMPARISON OF AWS SERVICES
S3 vs EBS vs EFS
https://portal.tutorialsdojo.com/ 172
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://portal.tutorialsdojo.com/ 173
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Amazon S3 vs Glacier
●
,Service (AWS KMS)
A database service that can be used to store JSON
documents.
Amazon DynamoDB
Domain 4: Billing and Pricing
A designated technical point of contact that will
maintain an operationally healthy AWS environment.
Technical Account Manager (TAM)
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
https://portal.tutorialsdojo.com/ 15
A tool that inspects your AWS environment and
makes recommendations that follows AWS best
practices.
AWS Trusted Advisor
A startup needs to estimate the costs of moving their
application to AWS.
AWS Pricing Calculator
Set coverage targets and receive alerts when your
utilization drops.
AWS Budgets
A type of Reserved Instance that allows you to
change its instance family, instance type, platform,
scope, or tenancy.
Convertible RI
Take advantage of unused EC2 capacity in the AWS
Cloud and provides up to 90% discount.
Spot Instance
You need to centrally manage policies and
consolidate billing across multiple AWS accounts.
AWS Organizations
The most cost-efficient storage option for retaining
database backups that allows occasional data
retrieval in minutes.
Amazon Glacier
Forecast future costs and usage of your AWS
resources based on your past consumption.
AWS Cost Explorer
Categorize and track AWS costs on a detailed level. Cost allocation tags
A company launched a new VPC which is way beyond
the default service limit.
Request a service limit increase in AWS Support Center
The most cost-effective option when you purchase a
Reserved Instance for a 1-year term.
All Upfront
You have to combine usage volume discounts of your
multiple AWS accounts.
Consolidated Billing
Sell your catalog of custom AMIs in AWS AWS Marketplace
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Validate Your Knowledge
When you are feeling confident with your review, it is best to validate your knowledge through sample exams.
Tutorials Dojo offers a very useful and well-reviewed set of practice tests for the Cloud Practitioner exam
takers here . Each test contains many unique questions which will surely help you verify if you have missed out
on anything important that might appear on your exam. You can pair our practice exams with this study guide
eBook.
If you have scored well on the Tutorials Dojo AWS Certified Cloud Practitioner practice tests and you think you
are ready, then go earn your certification with your head held high. If you think you are lacking in certain areas,
better go review them again, and take note of any hints in the questions that will help you select the correct
answers. If you are not that confident that you’ll pass, then it would be best to reschedule your exam to another
day, and take your time preparing for it. In the end, the efforts you have put in for this will surely reward you.
Sample Practice Test Questions:
Question 1
Which of the following is true on how AWS lessens the time to provision your IT resources?
https://portal.tutorialsdojo.com/ 16
https://portal.tutorialsdojo.com/all-courses/?catid=42
https://portal.tutorialsdojo.com/all-courses/?catid=42
https://portal.tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/
https://portal.tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/
https://portal.tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/
https://portal.tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
1. It provides an AI-powered IT ticketing platform for fulfilling resource requests.
2. It provides various ways to programmatically provision IT resources.
3. It provides an automated system of requesting and fulfilling IT resources from third-party vendors.
4. It provides express service to deliver your servers to your data centers fast.
Correct Answer: 2
Cloud computing is the on-demand delivery of compute power, database, storage, applications, and other IT
resources via the internet with pay-as-you-go pricing.
Whether you are using it to run applications that share photos to millions of mobile users or to support
business critical operations, a cloud services platform provides rapid access to flexible and low cost IT
resources. With cloud computing, you don’t need to make large upfront investments in hardware and spend a
lot of time on the heavy lifting of managing that hardware. Instead, you can provision exactly the right type and
size of computing resources you need to power your newest idea or operate your IT department. You can
access as many resources as you need, almost instantly, and only pay for what you use.
https://portal.tutorialsdojo.com/ 17
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
With Cloud Computing, you can stop spending money running and maintaining data centers. You can then
focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on
your own customers, rather than on the heavy lifting of racking, stacking, and powering servers.
https://portal.tutorialsdojo.com/ 18
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon
,Bonso and Adrian Formaran
With the cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or
months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver
results faster. AWS provides you various ways and tools to programmatically provision IT resources such as
AWS CLI, AWS API and the web-based AWS Management Console.
Hence, the correct answer is: It provides various ways to programmatically provision IT resources.
The option that says: It provides an AI-powered IT ticketing platform for fulfilling resource requests is
incorrect because AWS doesn't have this kind of ticketing platform. What AWS actually does is it allows you to
programmatically provision IT resources using AWS CLI, AWS API, and the web-based AWS Management
Console.
The option that says: It provides an automated system of requesting and fulfilling IT resources from
third-party vendors is incorrect because AWS primarily is the cloud vendor and it doesn't rely on third-party
vendors to provision your resources.
The option that says: It provides express service to deliver your servers to your data centers fast is incorrect
because AWS actually handles the underlying servers needed to run the cloud resources you requested.
Remember that Cloud Computing is the on-demand delivery of compute power, database, storage,
applications, and other IT resources via the Internet and not from your on-premises data centers.
References:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
Question 2
Which among the options below can you use to launch a new Amazon RDS database cluster to your VPC in a
quick and easy manner? (Select TWO)
1. AWS Management Console
2. AWS Concierge
3. AWS CodePipeline
4. AWS CloudFormation
5. AWS Systems Manager
Correct Answers: 1,4
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational
database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming
administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to
https://portal.tutorialsdojo.com/ 19
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
focus on your applications so you can give them the fast performance, high availability, security and
compatibility they need.
You can launch a new RDS database cluster using the AWS Management Console, AWS CLI, and AWS
CloudFormation. The AWS Management Console provides a web-based way to administer AWS services. You
can sign in to the console and create, list, and perform other tasks with AWS services for your account. These
tasks might include starting and stopping Amazon EC2 instances and Amazon RDS databases, creating
Amazon DynamoDB tables, creating IAM users, and so on. The AWS Command Line Interface (CLI), on the
other hand, is a unified tool to manage your AWS services.
https://portal.tutorialsdojo.com/ 20
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CloudFormation provides a common language for you to describe and provision all the infrastructure
resources in your cloud environment. CloudFormation allows you to use programming languages or a simple
text file to model and provision, in an automated and secure manner, all the resources needed for your
applications across all regions and accounts.
https://portal.tutorialsdojo.com/ 21
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
Hence, the correct answers are: AWS Management Console and AWS CloudFormation .
AWS Concierge is incorrect because this is actually a senior customer service agent who is assigned to your
account when you subscribe to an Enterprise or qualified Reseller Support plan. This customer service agent is
not authorized to launch an RDS cluster on your behalf.
AWS CodePipeline is incorrect because this is just a fully managed continuous delivery service that helps you
automate your release pipelines for fast and reliable application and infrastructure updates.
AWS Systems Manager is incorrect because this is just a unified user interface so you can view operational
data from multiple AWS services, and allows you to automate operational tasks across your AWS resources.
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/console.html
https://aws.amazon.com/cli/
https://aws.amazon.com/cloudformation/
Check out this AWS CloudFormation Cheat Sheet:
https://turon.tutorialsdojo.com/aws-cheat-sheet-aws-cloudformation/
Click here for more AWS Certified Cloud Practitioner practice exam questions .
Check out our other AWS practice test courses here :
High Quality Video Courses on Udemy
There are a few top rated AWS Certified Cloud Practitioner video courses on Udemy that you can check out as
well, which can complement your exam preparations especially if you are the type of person who can learn
better through visual courses instead of reading long whitepapers:
1. AWS Certified Cloud Practitioner by Zeal Vora
2. AWS Certified Cloud Practitioner by Alan Rodrigues
Once you have finished studying all the aforementioned sections, it is time to validate your knowledge. You can
try answering the AWS Certified Cloud Practitioner Sample Exam found in
,the exam guide, or purchase the
actual practice exam (Exam Code CLF-P01) in the AWS Training website. A few days before your exam, you can
https://portal.tutorialsdojo.com/ 22
https://docs.aws.amazon.com/IAM/latest/UserGuide/console.html
https://aws.amazon.com/cli/
https://aws.amazon.com/cloudformation/
https://turon.tutorialsdojo.com/aws-cheat-sheet-aws-cloudformation/
https://portal.tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/
https://portal.tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/
https://portal.tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/
https://portal.tutorialsdojo.com/courses/aws-certified-cloud-practitioner-practice-exams/
https://portal.tutorialsdojo.com/
https://portal.tutorialsdojo.com/
https://click.linksynergy.com/deeplink?id=*1/s5hZBVMU&mid=39197&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Faws-certified-cloud-practitioner%2F%3FcouponCode%3D
https://click.linksynergy.com/link?id=*1/s5hZBVMU&offerid=507388.1477998&type=2&murl=https%3A%2F%2Fwww.udemy.com%2Fcourse%2Faws-certified-cloud-practitioner-2018%2F
https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practioner_Sample%20Questions_v1.1_FINAL.PDF
https://d1.awsstatic.com/training-and-certification/Docs%20-%20Cloud%20Practitioner/AWS%20Certified%20Cloud%20Practioner_Sample%20Questions_v1.1_FINAL.PDF
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
choose to reread all the whitepapers or rewatch the video lectures, or you can simply study the reviewer you
made. Since the AWS CCP is not meant to be technical, the exam itself should be straightforward.
What to expect from the exam
There are two types of questions on the examination:
● Multiple-choice: Has one correct response and three incorrect responses (distractors).
● Multiple-response: Has two or more correct responses out of five or more options.
Distractors, or incorrect answers, are response options that an examinee with incomplete knowledge or skill
would likely choose. However, they are generally plausible responses that fit in the content area defined by the
test objective.
Unanswered questions are scored as incorrect; there is no penalty for guessing.
Majority of questions are usually scenario based. Some will ask you to identify a specific service or concept.
While others will ask you to select multiple responses that fit the given requirements. No matter the style of the
question, as long as you understand what is being asked, then you will do fine.
Your examination may include unscored items that are placed on the test by AWS to gather statistical
information. These items are not identified on the form and do not affect your score.
The AWS Certified Cloud Practitioner (CLF-C01) examination is a pass or fail exam. Your results for the
examination are reported as a scaled score from 100 through 1000, with a minimum passing score of 700.
Right after the exam, you will immediately know whether you passed or you failed. And in the succeeding
business days, you should receive your complete results with the score breakdown (and hopefully the
certificate too).
A few more tips:
1. Be sure to get proper sleep the night before, and don’t be lazy in preparing for the exam. If you feel that
you aren’t ready enough, you can just reschedule your exam.
2. Come early to the exam venue so that you have time to handle mishaps if there are any.
3. Read the exam questions properly, but don’t spend too much time on a question you don’t know the
answer to. You can always go back to it after you answer the rest.
4. Keep your reviewer if you plan on taking other AWS certifications in the future. It will be handy for sure.
5. And be sure to visit the Tutorials Dojo website to see our latest AWS reviewers, cheat sheets and other
guides.
https://portal.tutorialsdojo.com/ 23
https://tutorialsdojo.com/
https://tutorialsdojo.com/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS CHEAT SHEETS
AWS OVERVIEW
AWS Global infrastructure
● The AWS Global infrastructure is built around Regions and Availability Zones (AZs).
● Regions provide multiple, physically separated and isolated Availability Zones which are connected
with low latency, high throughput, and highly redundant networking.
● Availability Zones offer highly availability, fault tolerance, and scalability.
○ Consist of one or more discrete data centers, each with redundant power, networking, and
connectivity, housed in separate facilities.
○ An Availability Zone is represented by a region code followed by a letter identifier ; for example,
us-east-1a.
● An AWS Local Region is a single datacenter designed to complement an existing AWS Region. An AWS
Local Zone places AWS compute, storage, database, and other select services closer to large
population, industry, and IT centers where no AWS Region exists today.
https://portal.tutorialsdojo.com/ 24
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
● To deliver low-latency content to users around the globe, AWS has placed Points of Presence , which
are either edge locations or edge caches. These points are used by Cloudfront and Lambda@edge
services.
● Edge locations are locations where end users access services located at AWS.
View the Interactive AWS Global Infrastructure Map here .
Sources:
https://aws.amazon.com/about-aws/global-infrastructure/
https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/global-infrastructure.html
https://www.infrastructure.aws/
https://portal.tutorialsdojo.com/ 25
https://www.infrastructure.aws/
https://www.infrastructure.aws/
,https://aws.amazon.com/about-aws/global-infrastructure/
https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/global-infrastructure.html
https://www.infrastructure.aws/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Pricing
● There are three fundamental drivers of cost with AWS:
○ Compute
○ Storage
○ Outbound data transfer.
● AWS offers pay-as-you-go for pricing.
● For certain services like Amazon EC2, Amazon EMR, and Amazon RDS , you can invest in reserved
capacity. With Reserved Instances, you can save up to 75% over equivalent on-demand capacity. When
you buy Reserved Instances, the larger the upfront payment, the greater the discount.
○ With the All Upfront option, you pay for the entire Reserved Instance term with one upfront
payment. This option provides you with the largest discount compared to On-Demand instance
pricing.
○ With the Partial Upfront option, you make a low upfront payment and are then charged a
discounted hourly rate for the instance for the duration of the Reserved Instance term.
https://portal.tutorialsdojo.com/ 26
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ The No Upfront option does not require any upfront payment and provides a discounted hourly
rate for the duration of the term.
● There are also volume based discounts for services such as Amazon S3.
● For new accounts, AWS Free Tier is available.
○ Free Tier offers limited usage of AWS products at no charge for 12 months since the account
was created. More details at https://aws.amazon.com/free/ .
● You can estimate your monthly AWS bill using AWS Pricing Calculator .
○ Estimate the cost of migrating your architecture to the cloud.
○ Generate the lowest cost estimate for your workload.
Sources:
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf
https://aws.amazon.com/pricing/
https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
https://portal.tutorialsdojo.com/ 27
https://aws.amazon.com/free/
https://aws.amazon.com/free/
https://calculator.aws/#/
https://calculator.aws/#/
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf%20%20https://aws.amazon.com/pricing/%20https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf%20%20https://aws.amazon.com/pricing/%20https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf%20%20https://aws.amazon.com/pricing/%20https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
AWS Well-Architected Framework - Five Pillars
Having well-architected systems greatly increases the plausibility of business success which is why AWS
created the AWS Well-Architected Framework to help organizations. The AWS Well-Architected Framework is
composed of five pillars that helps you understand the pros and cons of decisions you make while building
cloud architectures and systems on the AWS platform. You will learn the architectural best practices for
designing and operating reliable, efficient, cost-effective and secure systems in the cloud by using the
framework. It also provides a way to consistently measure your architectures against best practices and
identify areas for improvement.
1. Operational Excellence
● The ability to run and monitor systems to deliver business value and to continually improve supporting
processes and procedures.
● There are three best practice areas and tools for operational excellence in the cloud:
○ Prepare - AWS Config
○ Operate - Amazon CloudWatch
○ Evolve - Amazon Elasticsearch Service
● Key AWS service:
https://portal.tutorialsdojo.com/ 28
https://portal.tutorialsdojo.com/
Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified Cloud Practitioner
by Jon Bonso and Adrian Formaran
○ AWS CloudFormation for creating templates. (See AWS Management Tools Cheat Sheet)
2. Security
● The ability to protect information, systems, and assets while delivering business value through risk
assessments and mitigation strategies.
● There are five best practice areas and tools for security in the cloud:
○ Identity and Access Management - IAM, Multi-Factor Authentication, AWS Organizations
○ Detective Controls - AWS CloudTrail, AWS Config, Amazon GuardDuty
○ Infrastructure Protection - Amazon VPC, Amazon CloudFront with AWS Shield, AWS WAF
○ Data Protection - ELB, Amazon Elastic Block Store (Amazon EBS), Amazon S3, and Amazon
Relational Database Service (Amazon RDS) encryption, Amazon Macie, AWS Key Management
Service (AWS KMS)
○ Incident Response - IAM, Amazon CloudWatch Events
● Key AWS service:
○ AWS Identity and Access Management (IAM)
3. Reliability
● The ability of a system to recover from infrastructure or service disruptions, dynamically acquire
computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient
network issues.
● There are three best practice areas and tools for reliability in the cloud:
○ Foundations - IAM, Amazon VPC, AWS Trusted Advisor, AWS Shield
○ Change Management - AWS CloudTrail, AWS Config, Auto Scaling, Amazon CloudWatch
○ Failure Management - AWS CloudFormation, Amazon S3, AWS KMS, Amazon Glacier
● Key AWS service:
○ Amazon CloudWatch
4. Performance Efficiency
● The ability to use computing resources efficiently to meet system requirements, and to maintain that
efficiency as demand changes and technologies evolve.
● There are four best practice areas for performance efficiency in the cloud:
○ Selection - Auto Scaling for Compute, Amazon EBS and S3 for Storage, Amazon
