AWS CCP

AWS CCP

exam info and tips
1. can be in person or online
2. costs 100$
3. takes 90 min
4. valid for 3 years
5. contents
  1. cloud concepts 28%
    1. define the aws cloud and it's value proposition
    2. indentify aspects of AWS Cloud economics
    3. List the different cloud architecture design principles
  2. security 24%
    1. aws shared responsibility model
    2. aws cloud security and compliance concepts
    3. access management capabilities
    4. resources for security support
  3. Technology 36%
    1. methods of deploying and operating in the AWS cloud
    2. aws global infrastructure
    3. core AWS services
    4. technology support resources
  4. Billing and pricing 12%
    1. pricing models
    2. account structures in relation to AWS billing and pricing
    3. billing support resources
6. questions can be multiple choice or multiple response
7. resources
  1. AWS training
  2. AWS whitepapers
  3. support plans
basic cloud computing
1. the practice of using a network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer
2. on-premise vs cloud providers
3. 6 advantages and benefits
  1. trade capital expense for variable expense
  2. benefit from a massive economies of scale
  3. stop guessing capacity
  4. increase speed and agility
  5. stop spending money on running and maintaining data centers
  6. go global in minutes
4. types of cloud computing
  1. Saas
  2. PaaS
  3. IaaS
5. deployment models
  1. cloud
  2. hybrid
  3. on-premise
global infrastructure
1. regions
  1. geographically distinct location
  2. has atleast 2 AZs
  3. US-EAST is the biggest region
  4. US-EAST-1 is where the billing info can be seen
  5. not all services are available for all regions!
2. availibility zones
  1. datacenter owned and operated by AWS
  2. atleast 2 per region
  3. represented by region code followed by a letter identifier us-east-1a
  4. multi-AZ - distributing your instances across multiple AZs allows failover config for handling requests when one goes down
  5. <10 ms latency between AZs
3. edge location
  1. datacenter owned by trusted partner
  2. serve requests for cloudfront and route53
    1. requests going to either of these services will be routed to the nearest edge location automatically
  3. S3 transfer acceleration and API gateway also use AWS Edge Network
  4. low latency no matter where the end user is geographically located
  5. outnumber AZs
4. govcloud regions
  1. special region for sensitive info
  2. US citizens on US soil
Billing
1. preferences
  1. can enable pdf invoicing
  2. can enable free tier alerts
  3. can enable custom alerts which can't be disabled
2. budgets
  1. cost
    1. Monitor your costs against a specified amount and receive alerts when your user-defined thresholds are met.
  2. reservation
    1. Track the RI Utilization or RI Coverage associated with your reservations. These budgets support Amazon EC2, RDS, Redshift, ElastiCache and Elasticsearch reservation models.
  3. savings plan
    1. Track the utilization and coverage associated with your Savings Plans.
  4. usage
    1. Monitor your usage of one or more specified usage types or usage type groups and receive alerts when your user-defined thresholds are met.
3. it's all on US-EAST 1 (N. Virginia)
4. cloudwatch
  1. Set alarms on any of your metrics to receive notifications when your metric crosses your specified threshold.
IAM
1. security principles
  1. Establishing a principle of least privilege ensures that identities are only permitted to perform the most minimal set of functions necessary to fulfill a specific task, while balancing usability and efficiency.
  2. Centrally manage and govern your environment as you scale your AWS resources. Easily create new AWS accounts, group accounts to organize your workflows, and apply policies to accounts or groups for governance.
  3. Manage users and access across multiple services from your preferred identity source. Using AWS Single Sign-On centrally manage access to multiple AWS accounts and provide users with single sign-on access to all their assigned accounts from one place.
  4. For extra security, we recommend that you require multi-factor authentication (MFA) for all users.
  5. Change your own passwords and access keys regularly, and make sure that all users in your account do as well.
  6. Enable IAM Access Analyzer to analyze public, cross-account, and cross-organization access.
2. creating users
  1. done by admin
  2. most ppl should be power users, instead of admin best practice
EC2
1. actual servers
2. connecting
  1. you need to setup IAM or something else at first
  2. IAM
  3. SSM
    1. AWS recommended way
    2. simple session manager
    3. has history
3. autoscaling groups
  1. AMI
    1. created from ec2 instance
  2. creates instances as needed
4. EC2 - pricing models
  1. reserved
    1. BEST LONG TERM (up to 75% off)
    2. steady state or predictable usage
    3. commit to EC2 over 1 or 3 year term
    4. can resell unused reserved instances
  2. on demand
    1. low cost and fleixble
    2. only pay per hour
    3. short term, spiky, unpredictable workloads
    4. cannot be interrupted
    5. for first time apps
    6. LEAST COMMITEMENT
  3. spot
    1. requests spare computing capacity
    2. flexible start and end times
    3. can handle iterruptions
    4. for non-critical background jobs
    5. BIGGEST SAVING (up to 90%)
  4. dedicated
    1. MOST EXPENSIVE
    2. dedicated servers
    3. can be on-demand or reserved (upto 70% off)
    4. when u need a guarantee of isolate hardware (enterprise needs)
Elastic Load Balancer
1. used for preventing downtime
2. types
  1. applicaton
  2. network
  3. classic
3. target group
  1. reference to instances to which to route traffic to
4. has a domain name to point traffik to
5. terminating it does not kil target group instances
S3
1. cloud storage
2. have their own unique names globally
3. s3 is global but buckets are regional
Cloudfront
1. content distribution network
2. can link to bucket, bucket will be copied around the world for efficiency, to edge locations
RDS
1. tiers
  1. production
  2. test
  3. free tier
2. various options
  1. common ones
  2. aurora - kinda mysql kinda postgresql
lambda
1. different runtimes
2. can run for ~50 max!
3. various triggers and integrations
Support plans
1. 4 levels
  1. basic
  2. developer
  3. business
  4. enterprise
2. differences
  1. response times
  2. advisory checks
  3. pricing
  4. contact options
marketplace
1. various categories
2. can be free or associated charge
3. you can also subscribe to stuff
trusted advisor
1. advises u on security, saving money, performance, service limits and fault tolerance
2. 7 on the free tier
3. types
  1. cost optimization
  2. performance
  3. security
  4. service limits
  5. fault tolerance
consolidated billing
1. 1 org, multiple member accounts
2. treated as they were 1 billing account
3. Cost explorer
  1. visualiser for incurred cost
  2. lots of options for visualizing and filtering
4. volume discounts
  1. the more you use something, the less u pay?
5. Budgets
  1. alarms on steroids
  2. 3 types
    1. cost
    2. usage
    3. reservation
  3. can be tracked monthly, quartely, yearly levels with custom start and end dates
  4. exceed or approaching your budget
6. Total Cost Ownership
  1. estimate how much you would save when moving to AWS from on-premise
  2. provides detailed set of reports
AWS landing zone
1. quickly setup a secure AWS multiaccount
2. AWS account Vending Machine
  1. auto provision and config new accounts via Service Catalog Template
  2. uses Single Sign-on (SSO) for managing accessing accounts
tags
1. words / phrases that act as metadata for organizing your AWS resources
2. resource groups - collection of resources that share one or more tags
quick starts
1. prebuilt templates by AWS and AWS partners
2. 3 parts
  1. 1. reference architecture for deployment
  2. 2. aws cloud formation templates that automate and configure the deployment
  3. 3. deployment guide explaining the architecture and implementation in detail
cost and usage report
1. place the reports in s3
2. use athena to turn the report into a queryable database
3. use quicksight to visualize your billing data as graphs
organizations and accounts
1. organizations
  1. centrally manage billing, control access, compliance, security and share resources across your AWS account
2. root account user
  1. is a single sign-in identity that has complete access to all AWS services and resources in an account
3. organization units
  1. group of AWS accounts within an organization which can also contain other organizational units
4. service control policies
  1. give central control over the allowed permissions for all accounts in your organization
networking
1. NACLs - firewalls at the subnet level
2. security groups act as firewall at the instance level
3. VPC logically isolated section of the AWS cloud
4. route table
5. IGW
6. Subnets are logical partition of an IP network into multiple smaller network segments
Database services
1. most important
  1. dynamo db
    1. nosql key/value db (cassandra)
  2. redshift
    1. columnar database, petabyte warehouse
  3. aurora
    1. mysql (5x faster) and psql (3x faster) fully managed
    2. serverless - only runs when u need it, like aws lambda
2. other
  1. documentdb
    1. nosql document database that is mongodb compatible
  2. neptune - managed graph database
  3. elasticcache
    1. redis or memcached db
1. provisioning - the allocation or creation of resources and services to a customer
  1. elastic beanstalk - deploy and scale web apps (kinda like heroku)
  2. OpsWorks - confg management service that provides managed instances of Chef and Puppet
  3. CloudFormation - infrastrucre as code, JSON or YAML
  4. AWS QuickStart - premade packages that can launch and configure your AWS compute, network, storage, and other services required to deploy
  5. AWS marketplace - digital catalogue of software listings from vendors
2. computing
  1. EC2 - elastic compute cloud
  2. elastic container service - docker as a service
  3. fargate - microservices where u dont think about the infrastructure, pay per task
  4. EKS - kubernetes as a service
  5. lambda - serverless functions
  6. elastic beanstalk - orchestrate various AWS services
  7. aws batch - plans, schedules, and executes your batch computing workloads across the full range of AWS compute services such as ec2 and spot instances
3. storage
  1. s3
  2. s3 glacier - low cost storage for archiving and long-term backup
  3. storage gateway - hybrid cloud storage with local caching
  4. Elastic Block Storage - hard drive in the cloud to attach to EC2 instances
  5. Elastic File Storage - file storage mountable to multiple EC2 instances
  6. Snowball - physically migrate lots of data via computer suitcase!?
  7. snowball edge - better version for 100 + tb
  8. snowmobile - shipping container, pulled by a semi-trailer truck - 100 PB
4. business centric services
  1. amazon connect - call center
  2. workspaces - virtual remote desktop
  3. workdocs - content creation and collaboration service (like sharepoint)
  4. chime - aws zoom?
  5. workmail - managed business email
  6. pinpoint - marketing campaigns
  7. simple email service - email sending service
  8. quicksight - BI service
5. enterprise integrations
  1. direct connect - dedicated gigabit network connection from your premises to AWS
  2. VPN - secure connection to AWS
    1. site to site or client vpn
  3. storage gateway - hybrid storage service that enables your on-premises applications to use AWS cloud storage
  4. Active Directory - something for microsoft?
6. logging services
  1. cloudtrail
  2. cloudwatch
    1. logs / metrics / events/ alarms / dashboard
Shared responsibility model
1. data config for the customer
2. hardware operation of managed services and global infra for AWS
compliance programs
1. artifact - get compliance report
inspector
1. runs assesment of EC2 instance
2. install agent
3. Web Application Firewall
  1. attached in front of cloudfront
4. Shield
  1. managed DDoS protection service
  2. free and paid tiers available
5. penetration testing
  1. a few services u are allowed to pentest, some are not
6. guard duty
  1. analize logs for intrussions
  2. threat detection system
7. Key Management Service
  1. create and control encryption keys
  2. in memory
  3. envelope encryption
8. Macie
  1. s3 access monitor
  2. detects lots of stuff such as access and info loss and alerts
  3. can rank users

Next up

Description

Resource summary

Similar

	Created by Chira Mircea-Darius almost 4 years ago