CLF-C01 - AWS Certified Cloud Practitioner - Harley Stagner's Career Notes

# Module 1 - Cloud Concepts ## Aspects of AWS Cloud Economics - On-Premesis - Opex vs Capex - AWS is Opex - Labor costs - Infrastructure ops employees - Cloud - Software Licensing - How is it affected in the cloud? - Which costs can be reduced by moving to the cloud? - Right-sizing infrastructure - Automation - Reduce compliance scope - Managed services ## Cloud Architecture Design Principles - Design for failure - Understand what and how components fail and how you can architect around it. - Decouple components vs. monolithic architecture - Monolithic - all processes tightly couple and run as a single service (scaling entire architecture, patching, etc. all done at once) - Implement elasticity in the cloud vs. on-premesis - Scaling challenging on-premesis - Wasted capacity - Think parallel - Serial and sequential processing very limited. Failure in chain means failure for whole job. # Module 2 - Security and Compliance ## Security and Compliance - AWS Shared Responsibility Model - AWS is responsible for: - Security OF the cloud - Customer is responsible for: - Security IN the cloud - ![[AWS Shared Responsibility Model Image.png]] - AWS Cloud Security and Compliance Concepts - Where to find compliance information? - AWS Artifact gives on-demand access to security and compliance reports - Each AWS service has varying compliance standard levels - Encryption - Data in transit - Data at rest - Who enables encryption for different AWS services? - Understand logging - Amazon Cloudwatch - Monitoring and observability - AWS CloudTrail - Logging AWS account activity - AWS Config - Configuration auditing and inventory - Least-priviledged access - [[AWS Access Management Capabilities]] - User and Identity Management - Root user - access to everything (unrestricted) - Don't use root to carry out daily tasks - When to use vs when not to use root user - MFA, locking away credentials, access key rotation. - Name the tasks that require root user access. - IAM Features - Users - Groups - Roles - temporary credentials - Access to permissions - Service access to API call - Policies - Managed - AWS responsibility - Unmanaged IAM Policies - Who can create, edit, modify? - Everything in AWS is an API call. - Identify Resources for Security Support - AWS Trusted Advisor - Amazon Inspector - AWS Marketplace (AWS Third-Party Software) - Security Center - AWS Knowledge Center - AWS Web Application Firewall (WAF) - Can filter traffic based on: - IP addresses - HTTP headers - HTTP body - URI strings - AWS Security Group (instance level firewall) - Allow traffic based on: - Port - Protocol - Source or destination - Network ACLs (subnet level firewall) - Allow traffic based on: - Traffic type - Port - Protocol - Source or destination - IAM Policies - Attach to AWS entities (users, groups, roles) # Module 3 - Technology ## Methods of Deploying and Operating in the AWS Cloud - Methods of communication to the AWS Cloud - [[AWS APIs and SDKs]] - [[AWS Command Line Interface (CLI)]] - [[AWS Management Console]] - [[AWS Infrastructure as code]] - Methods of cloud utilization - Cloud Native - Hybrid - On-premesis - Methods for network connectivity - Virtual private network (VPN) - AWS Direct Connect - Public internet ## AWS Global Infrastructure - [[AWS Availability Zone]] - [[AWS Region]] - [[AWS Edge Location]] ## AWS Core Services - [[AWS Compute]] - [[AWS Storage]] - AWS Networking - [[AWS Database]] ## Resources for Technology Support - Areas - Documentation - Account-specific support - AWS Partner Network (APN) - AWS Trusted Advisor # Module 4 - Billing and Pricing ## Pricing Models for AWS - On-Demand - Most flexible - More costly - Reserved - Reserved can be shared using AWS Organizations - Flexible - Instance size and type - Spot - Steep discounts - Should be able to interrupt and resume ## Account Structures with AWS Billing and Pricing - Multiple AWS accounts can aid in allocating costs across departments - AWS Organization can roll-up multiple bills into one parent Org ## Resources Available for Billing Support - AWS Cost Explorer - Cost visualization - Tags to aid in cost usage - AWS Cost and Usage Report - Comprehensive set of AWS cost and usage data - Itemized at account or organization level - [[Amazon QuickSight]] - AWS Marketplace - AWS Simple Monthly Calculator - Billing Alarms and Alerts - Billing Support Case