AWS Services Summary for CLF-C01 Exam

This is a summary of AWS services which will help you to revise in last minute of exam. I hope you will get benefited from this.

1. IAM — Summary

  1. Users: mapped to a physical user, has a password for AWS Console
  2. Groups: contains users only
  3. Policies: JSON document that outlines permissions for users or groups
  4. Roles: for EC2 instances or AWS services
  5. Security: MFA + Password Policy
  6. AWS CLI: manage your AWS services using the command-line
  7. AWS SDK: manage your AWS services using a programming language
  8. Access Keys: access AWS using the CLI or SDK
  9. Audit: IAM Credential Reports & IAM Access Advisor

2. EC2 — Summary

  1. EC2 Instance: AMI (OS) + Instance Size (CPU + RAM) + Storage + security groups + EC2 User Data
  2. Security Groups: Firewall attached to the EC2 instance
  3. EC2 User Data: Script launched at the first start of an instance
  4. SSH: start a terminal into our EC2 Instances (port 22)
  5. EC2 Instance Role: link to IAM roles
  6. Purchasing Options: On-Demand, Spot, Reserved (Standard + Convertible + Scheduled), Dedicated Host, Dedicated Instance

3. EC2 Instance Storage – Summary

  1. EBS volumes:
    • Network drives attached to one EC2 instance at a time
    • Mapped to an Availability Zones
    • Can use EBS Snapshots for backups / transferring EBS volumes across AZ
  2. AMI: create ready-to-use EC2 instances with our customizations
  3. EC2 Image Builder: automatically build, test and distribute AMIS
  4. EC2 Instance Store:
    • High performance hardware disk attached to our EC2 instance
    • Lost if our instance is stopped / terminated
  5. EFS: network file system, can be attached to I OOS of instances in a region
  6. EFS-IA: cost-optimized storage class for infrequent accessed files
  7. FSx for Windows: Network File System for Windows servers
  8. FSx for Lustre: High Performance Computing Linux file system

4. ELB & ASG – Summary

  1. High Availability vs Scalability (vertical and horizontal) vs Elasticity vs Agility in the Cloud
  2. Elastic Load Balancers (ELB)
    • Distribute traffic across backend EC2 instances, can be Multi-AZ
    • Supports health checks
    • 3 types: Application LB (HTTP — L 7), Network LB (TCP — L4), Classic LB (old)
  3. Auto Scaling Groups (ASG)
    • Implement Elasticity for your application, across multiple AZ
    • Scale EC2 instances based on the demand on your system, replace unhealthy
    • Integrated with the ELB

5. Amazon S3 — Summary

  1. Buckets vs Objects: global unique name, tied to a region
  2. S3 security: IAM policy, S3 Bucket Policy (public access), S3 Encryption
  3. S3 Websites: host a static website on Amazon S3
  4. S3 Versioning. multiple versions for files, prevent accidental deletes
  5. S3 Access Logs: log requests made within your S3 bucket
  6. S3 Replication: same-region or cross-region, must enable versioning
  7. S3 Storage Classes: Standard, IA, IZ-IA, Intelligent, Glacier, Glacier Deep Archive
  8. S3 Lifecycle Rules: transition objects between classes
  9. S3 Glacier Vault Lock/ S3 Object Lock WORM (Write Once Read Many)
  10. Snow Family: import data onto S3 through a physical device, edge computing
  11. OpsHub: desktop application to manage Snow Family devices
  12. Storage Gateway: hybrid solution to extend on-premises storage to S3

6. Databases & Analytics Summary in AWS

  1. Relational Databases – OLTP: RDS & Aurora (SQL)
  2. In-memory Database: ElastiCache
  3. KeyValue Database: DynamoDB (serverless) & DAX (cache for DynamoDB)
  4. Warehouse – OLAP: Redshift (SQL)
  5. Hadoop Cluster. EMR
  6. Athena: query data on Amazon S3 (serverless & SQL)
  7. QuickSight: dashboards on your data (serverless)
  8. DocumentDB: “Aurora for MongoDB” (JSON — NoSQL database)
  9. Amazon QLDB: Financial Transactions Ledger (immutable journal, cryptographically verifiable)
  10. Amazon Managed Blockchain: managed Hyperledger Fabric & Ethereum blockchains
  11. Glue: Managed ETL (Extract Transform Load) and Data Catalog service
  12. Database Migration: DMS
  13. Neptune: graph database

7. Other Compute – Summary

  1. Docker: container technology to run applications
  2. ECS: run Docker containers on EC2 instances
  3. Fargate:
    • Run Docker containers without provisioning the infrastructure
    • Serverless offering (no EC2 instances)
  4. ECR: Private Docker Images Repository
  5. Batch: run batch jobs on AWS across managed EC2 instances
  6. Lightsail: predictable & low pricing for simple application & DB stacks

8. Lambda Summary

  1. Lambda is Serverless, Function as a Service, seamless scaling, reactive
  2. Lambda Billing:
    • By the time run x by the RAM provisioned
    • By the number of invocations
  3. Language Support: many programming languages except (arbitrary) Docker
  4. Invocation time: up to 15 minutes
  5. Use cases:
    • Create Thumbnails for images uploaded onto S3
    • Run a Serverless cron job
  6. API Gateway: expose Lambda functions as HTTP API

9. Deployment – Summary

  1. CloudFormation: (AWS only)
    • Infrastructure as Code, works with almost all of AWS resources
    • Repeat across Regions & Accounts
  2. Beanstalk: (AWS only)
    • Platform as a Service (PaaS), limited to certain programming languages or Docker
    • Deploy code consistently with a known architecture: ex, ALB + EC2 + RDS
  3. CodeDeploy (hybrid): deploy & upgrade any application onto servers
  4. Systems Manager (hybrid): patch, configure and run commands at scale
  5. OpsWorks (hybrid): managed Chef and Puppet in AWS

10. Developer Services – Summary

  1. CodeCommit: Store code in private git repository (version controlled)
  2. CodeBuild: Build & test code in AWS
  3. CodeDeploy: Deploy code onto servers
  4. CodePipeline: Orchestration of pipeline (from code to build to deploy)
  5. CodeArtifact: Store software packages / dependencies on AWS
  6. CodeStar. Unified view for allowing developers to do CICD and code
  7. Cloud9: Cloud IDE (Integrated Development Environment) with collab
  8. AWS CDK: Define your cloud infrastructure using a programming language

11. Global Applications in AWS – Summary

  1. Global DNS: Route 53
    • Great to route users to the closest deployment with least latency
    • Great for disaster recovery strategies
  2. Global Content Delivery Network (CDN): CloudFront
    • Replicate part of your application to AWS Edge Locations — decrease latency
    • common requests — improved user experience and decreased latency
  3. S3 Transfer Acceleration
    • Accelerate global uploads & downloads into Amazon S3
  4. AWS Global Accelerator
    • • Improve global application availability and performance using the AWS global network

12. Global Applications in AWS – Summary

  1. AWS Outposts
    • Deploy Outposts Racks in your own Data Centers to extend AWS services
  2. AWS WaveLength
    • Brings AWS services to the edge of the 5G networks
    • Ultra-low latency applications
  3. AWS Local Zones
    • Bring AWS resources (compute, database, storage, ) closer to your users
    • Good for latency-sensitive applications

13. Integration Section — Summary

  1. SQS:
    • Queue service in AWS
    • Multiple Producers, messages are kept up to 14 days
    • Multiple Consumers share the read and delete messages when done
    • Used to decouple applications in AWS
  2. SNS:
    • Notification service in AWS
    • Subscribers: Email, Lambda, SQS, HTTR Mobile…
    • Multiple Subscribers, send all messages to all of them
    • No message retention
  3. Kinesis: real-time data streaming, persistence and analysis
  4. Amazon MQ: managed Apache MQ in the cloud (MQTT, AMQP.. protocols)

14. Monitoring Summary

  1. CloudWatch:
    • Metrics: monitor the performance of AWS services and billing metrics
    • Alarms: automate notification, perform EC2 action, notify to SNS based on metric
    • Logs: collect log files from EC2 instances, servers, Lambda functions…
    • Events (or EventBridge): react to events in AWS, or trigger a rule on a schedule
  2. CloudTrail: audit API calls made within your AWS account
  3. CloudTrail Insights: automated analysis of your CloudTraiI Events
  4. X-Ray: trace requests made through your distributed applications
  5. Service Health Dashboard: status of all AWS services across all regions
  6. Personal Health Dashboard: AWS events that impact your infrastructure
  7. Amazon CodeGuru: automated code reviews and application performance recommendations

15. VPC Closing Comments

  1. VPC: Virtual Private Cloud
  2. Subnets: Tied to an AZ, network partition of the VPC
  3. Internet Gateway: at the VPC level, provide Internet Access
  4. NAT Gateway / Instances: give internet access to private subnets
  5. NACL: Stateless, subnet rules for inbound and outbound
  6. Security Groups: Stateful, operate at the EC2 instance level or ENI
  7. VPC Peering: Connect two VPC with non overlapping IP ranges, nontransitive
  8. VPC Endpoint: Provide private access to AWS Services within VPC
  9. VPC Flow Logs: network traffic logs
  10. Site to Site VPN: VPN over public internet between on-premises DC and AWS
  11. Direct Connect: direct private connection to AWS
  12. Transit Gateway: Connect thousands of VPC and on-premises networks together

16. Section Summary: Security & Compliance

  1. Shared Responsibility on AWS
  2. Shield: Automatic DDoS Protection + 24/7 support for advanced
  3. WAF: Firewall to filter incoming requests based on rules
  4. KMS: Encryption keys managed by AWS
  5. CloudHSM: Hardware encryption, we manage encryption keys
  6. AWS Certificate Manager: provision, manage, and deploy SSL/TLS Certificatesl
  7. Artifact: Get access to compliance reports such as PCI, ISO, etc…
  8. GuardDuty: Find malicious behavior with VPC, DNS & Cloud Trail Logs
  9. Inspector: For EC2 only, install agent and find vulnerabilities

17. Section Summary: Security & Compliance

  1. Config: Track config changes and compliance against rules
  2. Macie: Find sensitive data (ex: PII data) in Amazon S3 buckets
  3. Cloud Trail: Track API calls made by users within account
  4. AWS Security Hub: gather security findings from multiple AWS accounts
  5. Amazon Detective: find the root cause of security issues or suspicious activities
  6. AWS Abuse: Report AWS resources used for abusive or illegal purposes
  7. Root user privileges:
    • Change account settings
    • Close your AWS account
    • Change or cancel your AWS Support plan
    • Register as a seller in the Reserved Instance Marketplace

18. AWS Machine Learning – Summary

  1. Rekognition: face detection, labeling, celebrity recognition
  2. Transcribe: audio to text (ex: subtitles)
  3. Polly: text to audio
  4. Translate: translations
  5. Lex. build conversational bots — chatbots
  6. Connect: cloud contact center
  7. Comprehend: natural language processing
  8. SageMaker. machine learning for every developer and data scientist
  9. Forecast: build highly accurate forecasts
  10. Kendra: ML-powered search engine
  11. Personalize: real-time personalized recommendations

19. Account Best Practices — Summary

  1. Operate multiple accounts using Organizations
  2. Use SCP (service control policies) to restrict account power
  3. Easily setup multiple accounts with best practices with AWS Control Tower
  4. Use Tags & Cost Allocation Tags for easy management & billing
  5. IAM guidelines: MFA, least-privilege, password policy, password rotation
  6. Config to record all resources configurations & compliance over time
  7. CloudFormation to deploy stacks across accounts and regions
  8. Trusted Advisor to get insights, Support Plan adapted to your needs
  9. Send Service Logs and Access Logs to S3 or CloudWatch Logs
  10. CloudTrail to record API calls made within your account
  11. If your Account is compromised: change the root password, delete and rotate all passwords / keys, contact the AWS support

20. Billing and Costing Tools — Summary

  1. Compute Optimizer: recommends resources’ configurations to reduce cost
  2. TCO Calculator: from on-premises to AWS
  3. Simple Monthly Calculator / Pricing Calculator: cost of services on AWS
  4. Billing Dashboard: high level overview + free tier dashboard
  5. Cost Allocation Tags: tag resources to create detailed reports
  6. Cost and Usage Reports: most comprehensive billing dataset
  7. Cost Explorer: View current usage (detailed) and forecast usage
  8. Billing Alarms: in us-east- I— track overall and per-service billing
  9. Budgets: more advanced — track usage, costs, RI, and get alerts
  10. Savings Plans: easy way to save based on long-term usage of AWS

21. AWS Directory Services

  1. AWS Managed Microsoft AD
    • Create your own AD in AWS, manage users
    • locally, supports MFA
    • Establish “trust” connections with your on-premise AD
  2. AD Connector
    • Directory Gateway (proxy) to redirect to on-premise AD
    • Users are managed on the on-premise AD
  3. Simple AD
    • AD-compatible managed directory on AWS
    • Cannot be joined with on-premise AD

22. Advanced Identity – Summary

  1. IAM
    • Identity and Access Management inside your AWS account
    • For users that you trust and belong to your company
  2. Organizations: manage multiple AWS accounts
  3. Security Token Service (ST S): temporary, limited-privileges credentials to access AWS resources
  4. Cognito: create a database of users for your mobile & web applications
  5. Directory Services: integrate Microsoft Active Directory in AWS
  6. Single Sign-On (SSO): one login for multiple AWS accounts & applications

Leave a Reply