AWS Cloud Practitioner

Training Materials
Introduction

The AWS Cloud

Detailed overview of core concepts
Course
Objectives
Define the AWS Cloud
Describe the key services on the AWS
platform
P Common use cases

Describe basic AWS Cloud architectural

principles Describe the AWS Shared
Responsibility Model
P Basic security and compliance
Course Objectives
Cont’d.
Define pricing models
Identify sources of documentation
P Whitepapers and AWS Documentation
Describe the AWS Cloud value proposition
Define characteristics of deployment/operation in the AWS Cloud
Course
Outline
Course Overview
Module 1: AWS Cloud
Concepts Module 2: AWS
Core Services Module 3: AWS
Security
Course Summary
Module 1
Introduction to:
Cloud
The AWS cloud
Module
2
AWS Core
Services
Overview of Services and
Categories Introduction to:
P The AWS Global Infrastructure
P Amazon VPC
P Security Groups
P Amazon EC2
P Amazon Elastic Block Store
P Amazon S3
P AWS Database Solutions
Module 3
AWS Security
Introduction to AWS Security
The AWS Shared Responsibility Model
AWS Access Control and Management
AWS Security and Compliance Programs
AWS Security Resources
Module 1: Cloud
Concepts Overview
Introduction to the AWS
Cloud

Cloud Computing
P On-demand delivery of IT resources and applications via the
internet with pay-as-you-go pricing
Before AWS
Guessing theoretical maximum peaks?
P Is there enough resource capacity?
P Is this sufficient storage?
With AWS
With AWS:
P Servers
P
Databases
P Storage
P Higher-
level
application
s
With AWS
Resources can be:
P Initiated within seconds
P Treated as “temporary and disposable”
Free from the inflexibility and constraints
Agility
3 factors:
Speed
Experimentation
Culture of innovation
Agility:
Increase Speed and Global Reach
Instant global reach
Rapid availability of new resources
Agility:
Increase Experimentation
AWS enables
P Operations as code
P Safe Experimentation
P Comparative testing
Agility:
Increase Innovation
Quick experimentation with low cost/risk
More experimentation and more often
Agility:
The AWS Infrastructure
Instant elasticity
Scalability
Flexible
Reliability
Secure
Regions and Availability Zones

2 3
3 3 3 3
3
3 6 3 2 2 2
4
1
2

Region & Number of AZs

3
3
Edge Locations

Edge Locations

Multiple Edge

Locations

Regional Edge
Caches
High Availability
High availability:
P Functional and accessible systems
P Minimized downtime
P No human intervention
Fault
Tolerance
Fault Tolerance:
P Operational applications during component
failure
P Built-in redundancy of components
Elasticity, Scalability, and High Performance

AWS
Elastic infrastructure
Innovative new services/products
Deployment in multiple regions
P Lower latency
P Better customer experience
Elasticity, Scalability, and High Performance

Customer
Use services at your own pace
Use tools to meet your needs
Adapt your consumption
P Scale up as workload grows
P Shutdown unneeded resources
P Use Auto Scaling
Security and Compliance

You retain control over region where data is located

Security auditing
Periodic and manual
AWS cloud offer capabilities
For governance
To meet the strictest security requirements
Security and Compliance

Latest electronic surveillance Strict least-privileged access

Multi-factor access control systems Environmental systems
Trained security guards 24/7 Multiple regions and Availability
Zones
Reliability
High-performing and reliable solutions
Achieve greater flexibility/capacity
Reliability:
P Recover from failures
P Resources that demand and mitigate
disruptions
Must have well-planned foundation
P Reduce uncertainty of forecasting
P Detect failure and automatically heal itself
Unmatched by on-premise solutions
Pricing: Pay as you go
Benefits
P Redirect focus to innovation and invention
P Adapt to changing business needs
P Improve responsiveness to changes
P Reduce risk or overprovisioning or missing capacity
Conclusion
Connect with customers
Develop ground-breaking new
insights
Scientific breakthroughs
Deliver innovative new products
and services
Module 2:
AWS Technology
Overview
Topic
s
AWS Global Infrastructure Auto Scaling
Amazon Virtual Private Cloud (VPC) Amazon Elastic Block Store (EBS)
Security groups Amazon Simple Storage Service
Compute Services (S3)
Amazon Elastic Compute Cloud Amazon Relational Database
(EC2) Service (RDS)
Elastic Load Balancing (ELB) Amazon DynamoDB
AWS Global Infrastructure
Introduction to Services and Categories
AWS Global Infrastructure

2 3
3 3 3 3
3
3 6 3 2 2
4
2 1
2

3
3
AWS Region Table
 Availability
Zones Regio
Physical
ly n
distinct

Own
Coolin
uninterruptibl
g
e power
equipment
supply

Backup Networ
generators king
Availability Zones
Isolating Availability Zones
Protects zones from failure
Designed for high availability
Handles requests through
other zones

Best practice: Implement

Edge Locations
Amazon CloudFront
Amazon Route 53
AWS Shield
AWS Web Application Firewall
Lambda@Edge Computing
Amazon Virtual Private Cloud (VPC)
Introduction
Private, virtual network in the AWS Cloud
Similar constructs as on-premises network
Customizable network configurations to
your needs
Deployment
Layer security controls in deployment
Multiple AWS services that inherit the security deployed
Introductio
n
Amazo Amazo Amazo Amazon Elastic
n n n WorkSpac Load
EC2 EMR RDS es Balanci
ng

AWS Amazo AWS Amazon

Amazo OpsWorks n Elastic Route
AWS
Data
n EFS Beanstalk 53 Pipelin
VPC e

Amazo Amazon Amazon AWS

n DynamoD ElastiCac Directory
Feature
sCharacteristics
P Allows you to provision virtual networks
Logically isolated
Configurable key features
P IP ranges
P Routing
P Network gateways
P Security setti ngs
Route Tables
P Control traffic going out of
the subnets
Example Test- VPC 10.0.0.0/16

10.0.0.0/24

Subnet A1

10
.0.
2.
0/
23

us-west-2 (Oregon)
Subnet B1
Example Test- VPC 10.0.0.0/16

10.0.0.0/24

Test- IGW Public Subnet A1

10.0.1.0/24

Private Subnet B1
Availability Zone A

us-west-2 (Oregon)
Summa
ry You created:
P VPC in the Oregon region
P An internet gateway
P One public subnet
P One private subnet
Learn More
P Route tables and isolation methods
POther Amazon VPC features (e.g., VPC endpoints and peering
connections)
P Security groups
P Amazon Elastic Cloud Compute (EC2)
P Amazon Relational Database Service (RDS)
AWS Security Groups
AWS Security
Is the highest priorities
Security groups
P Act as built-in firewalls
P Control accessibility to
instances
AWS Corporate
Admin Network

Security p
ssh
/rdp
/rd
ssh

ssh/rdp
www server app server db server

www server app server db server

htt
p/ h
internet ttp
s
www server app server db server
api api

Web Tier Application Tier Database Tier

security group security group security group
(all other ports are blocked)
Summary
Amazon EC2 Security groups
P Provide virtual firewalls
P Control access to instances through rules
P Are managed through AWS management console
Compute Services
Compute Services
Broad catalog
P Application services
P Virtual private servers
P Serverless computing
Compute Services
AWS
P Flexible
P Cost effective
Amazon EC2
P Flexible configuration and control
AWS Lambda
P Pay only for what you use
P No administration
Compute Services
Amazon Lightsail
P Launch virtual private server
P Manage simple web and application servers
Amazon ECS
P Managed containers
P Highly scalable, high performance

AWS Fargate
Amazon EKS
Amazon Elastic Compute Cloud (EC2)
What is Amazon EC2?

Elastic Compute
Cloud
ü Application Server
ü Web Server
ü Database Server
ü Game Server ü
Mail Server ü
Media Server
ü Catalog
Server
ü File Server
What is Amazon EC2?

Amazon EC2
Instances
Pay as you go
Broad selection of HW/SW
Global hosting
Much more
(aws.amazon.com/ec2)
Product Demonstration

üL o g i n to AW S console.
ü Launch E C 2 Wizard.
ü Select AMI (SW).
ü Select Instance type (HW).
üConfi gure network. ü
Confi gure storage. ü
Collect private key. ü
Launch.

ü Connect.
Instance
Types
Families Description Example Use Cases
General Purpose Websites, web applications, Dev, code repos,
t2, m4, m3
Balanced micro services, business apps
Performance
Compute Front-end fleets, web-servers, batch processing,
c3, c4, cc2 Optimized High distributed analytics, science and engineering apps,
CPU Performance ad serving, MMO gaming, video-encoding
GPU Optimized Amazon AppStream 2.0, video encoding,
g2, p2
High-end GPU machine learning, high perf databases, science
Memory Optimized
r3, r4, x1, cr1 In-memory databases, data mining
Large RAM footprint
Storage Optimized
d2, i2, i3, hi1, NAS, data warehousing, NoSQL
High I/O, High density
hs1
Choosing the Right Amazon EC2 Instances
EC2 Instance types are optimized for different use cases,
workloads & come in multiple sizes. This allows you to optimally
scale resources to your workload requirements.
AWS utilizes Intel® Xeon® processors for EC2 Instances providing
customers with high performance and value.
Consider the following when choosing your instances: core
count, memory size, storage size & type, network performance,
I/O requirements & CPU technologies.
Hurry Up & Go Idle - A larger compute instance can save you
time and money, therefore paying more per hour for a shorter
amount of time can be less expensive.
EC2 Instances Powered by Intel
Technologies

Compute Optimized General Purpose Memory Optimized Storage Optimized

EC2
Instanc C5 C4 M5 M4 T2 X1 X1e R4 H1 I3 D2
e Type

Xeon Xeon Xeon

Xeon Xeon Xeon Xeon Xeon Xeon Xeon Xeon
Intel Processor Platinu Platinu E5
E5 E7 E7 E5 E5 E5 E5
m m 2686
8175M 2666 8175M Famil 8880 8880 2686 2686 2686 2676
v4
v3 y v3 v3 v4 v4 v4 v3
2676
v3
Intel Broadwel
Skylake Haswell Skylake Yes Haswell Haswell Broadwell Broadwell Broadwell Haswell
Processor l
Technology Haswell
Intel AVX Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Intel AVX2 Yes Yes Yes Yes - Yes Yes Yes Yes Yes Yes

Intel AVX-512 Yes - Yes - - - - - - - -

Intel
Turbo
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Boost
SSD SSD
C5: Compute Optimized
Instances
Based on 3.0 GHz Intel Xeon
Processors (Skylake)
Scalable
25%
price/performance Up to 72 vCPUs and 144 GiB of
improvement over memory (2:1 Memory:vCPU ratio)
C4
25 Gbps NW bandwidth
Support for Intel AVX-
512
“We saw significant performance improvement on
Amazon EC2 C5, with up to a 140% performance
improvement in industry standard CPU
benchmarks over C4.”

C4
“We are eager to migrate onto the AVX-512 enabled
C5 c5.18xlarge instance size… . We expect to decrease
the processing time of some of our key workloads by
more than 30%.”
M5: Next-Gen General Purpose instance

14%
Powered by 2.5 GHz Intel Xeon
price/performance Scalable Processors (Skylake)
improvement With
M5 New larger instance size—m5.24xlarge
with
96 vCPUs and 384 GiB of
memory (4:1 Memory:vCPU ratio)
Improved network and EBS
performance on smaller instance sizes
Support for Intel AVX-512 offering up
to twice the performance for vector
M4 and floating point workloads
M5
Elastic Load Balancing (ELB)
Introduction to Elastic Load Balancing
Managed load balancing service

Distributes loads between instances

Elastic Load Balancing Products
Application Load Balancer (ALB) Network Load Balancer (NLB) Classic Load Balancer (CLB)

HTTP PREVIOUS GENERATION

TCP
HTTPS for HTTP, HTTPS, and TCP

• Flexible application management • Extreme performance and static

• Existing application that was built
• Advanced load balancing of IP for your application
• Load balancing of TCP traffic within the EC2-Classic network
HTTP and HTTPS traffic • Operates at both the request
• Operates at the request level • Operates at the connection level
level and connection level
(Layer 7) (Layer 4)
Application Load Balancer Use Cases

Application 1

Application 2

Application Application 3
Load Balancer
Application Load Balancer Use Cases

Application
Load Balancer

Rule Listener Rule Listener Rule

Target Target Target Targe Target Target

t Targ et

Target Group Health Health Target Group Target Group Health

Check Check Check
Classic Load Balancer Use Cases
Access servers through single point
Decouple the application environment
Provide high availability and fault tolerance
Increase elasticity and scalability
Network Load Balancer Use Cases
Sudden and volatile traffic patterns
Single static IP address per Availability Zone
Ideal for applications that require extreme performance
Summary
Managed load balancing service
Application Load Balancer
Network Load Balancer
Classic Load Balancer
Auto Scaling
What Is Auto Scaling?
Helps you verify that you have the desired number of Amazon
EC2 instances available to handle the load for your application
Monitoring Resource Performance

Amazon CloudWatch to monitor performance

Auto Scaling to add or remove EC2 instances

Capacity Management

}
Auto Scaling
Unuse
adjusting
d
← capacity as
Capacit Capaci Capaciy
needed
y ty t

Su M T W Th F Su M T W Th F
Sa Sa
Day of the Week Day of the Week
Available
Capacity Available Capacity
Critical Questions
How can I make sure that my workload has enough EC2
resources to meet fluctuating performance requirements?

Scalability

How can EC2 resource provisioning occur on-demand?

Automation
Scaling Out and
Scaling In
Elastic Load
Balancing

Auto Scaling group Auto Scaling group Auto Scaling group

Base Configuration Scaling Out Scaling In

Launch Instances Terminate Instances

Auto Scaling Components
Launch Configuration
Auto Scaling groups
Auto Scaling Policy
Auto Scaling Components
Launch Configuration: What will be
scaled?

Launch setti ngs

P AMI
P Instance type
P Security groups
P Roles
Auto Scaling Components
Auto Scaling Group: Where will it take
place?

Deployment setti ngs

P VPC and subnets
P Load balancer
P Minimum instances
P Maximum instances
P Desired capacity
Auto Scaling
Components
Auto Scaling Policy: When will it take
place?

Policy settings
P Scheduled
P On-demand
PScale-out
policy
P Scale-in policy
Dynamic Auto Scaling
Elastic
Load
Balancin
g

Auto Scaling
group

Auto Scaling CloudWatc

h
CloudWatch Alarm for Auto Scaling
Whenever: CPUUtilization

is: >= 80

for: 1 consecutive period(s)

AutoScaling Action Delete

Whenever this alarm: State is ALARM

From resource type: AutoScaling

From the: IREASG

Take this action: Increase Group Size – Add 2 instances

Summary
Created
P A launch configuration
P Auto Scaling group
P Auto Scaling policy
Triggered Auto Scaling
Amazon Elastic Block Store (EBS)
EBS Volumes
Characteristics
Persistent and customizable block storage for EC2 instances
HDD and SSD types
Use Snapshots for backups
Easy and transparent encryption
Elastic
EBS Volumes
Availability
Durable and automatically replicated
Drive Types
Storage that best fits your needs
Magnetic or SSD
Performance and price
requirements
Amazon EBS
Snapshots
Point-in-time snapshots
Recreate a new volume at any time
Encryption
Encrypted EBS volumes
No additional cost
Elasticity
Increase capacity
Change to different
types
Summary
Features
P Persistent and customizable block storage for EC2 instances
P HDD and SSD types
P Replicated in the same Availability Zones
P Easy and transparent encryption
P Elastic volumes
P Back up using snapshots
Amazon Simple Storage Service (S3)
Amazon S3
Features
P Fully managed cloud storage service
P Rich security controls

Functionality
P Store virtually unlimited number of objects
P Access any time, from anywhere
Getti ng Started with S3

media/ my-bucket-
welcome.mp4 name

media/
welcome.mp4

Key Object my-bucket-

name
Data redundantly stored in region

media/
welcome.mp4

my-bucket-
name
media/ media/ media/
welcome.mp4 welcome.mp4 welcome.mp4

regio
n
Designed for seamless scaling

media/welcome.mp4 prod2.mp4 prod3.mp4 prod4.mp4

prod5.mp4 prod6.mp4 prod7.mp4 prod8.mp4

my-bucket-
name
prod9.mp4 prod10.mp4 prod11.mp4
prod12.mp4
Access the Data Anywhere
AWS Management Console
AWS command line interface
AWS software development kits
Common Use Cases
Storing application assets
Static web hosting
Backup and disaster recovery (DR)
Staging area for big data
Summary
Fully managed cloud storage service
Store virtually unlimited number of objects
Access any time, from anywhere
Rich security controls
Common use cases
Amazon Relational Database Service (RDS)
Challenges of Relational
Databases
Server maintenance and energy
footprint Software installation and
patches Database backups and high
availability Limits on scalability
Data security
OS install and patches
Amazon RDS
Managed service that sets up and operates a relational database
in the Cloud

User Applicati
s onserver Amazon
RDS
s
AWS
Cloud
Amazon
RDS
Customer manages:
P Application Optimization
P Database schema
P Data
AWS manages:
P OS installation and patches
P Database software installation and
patches
P Database backups
P High availability
P Scaling
P Power, rack and stack
P Server maintenance
Amazon RDS DB Instances

Amazo
Amaz
on
n
RD
RDSS
D• CPU
•B Memory

M
• Network
Performance
IDB Instance
RDSDB
RDS n• Magnetic
Storage
• General Purpose
DB
maste
r maste
s (SSD)
instan
r
ce
t• Provisioned IOPS
instanc a
e DBEngines
n DB
Engines
Amazon RDS In a Virtual Private Cloud
VP
C
Public
subnet
Amazo
Ap n
EC2
p instanc
e
interne
t atewa
g User
y s
Private
subnet

RD

M S
DB
instanc
e

Availability Zone 1
High Availability with Multi-AZ
VP
C
Public
subnet

Amazo
n EC Ap
2 p
instanc
e
Private Private
subnet subnet

RDS RDS
DB
instanc
e
M SYNCHRONOU
S S DB
stand
by
instanc
e

Availability Zone 1 Availability Zone 2

High Availability with Multi-AZ
VP
C
Public
subnet

Amazo
n EC Ap
2 p
instan
ce
Private Private
subnet subnet

RDS RDS
DB
instanc
e
M FAILOVE
R S DB
stand
by
instan
ce

Availability Zone Availability Zone

1 2
Amazon RDS Read
Replicas
Features VP
C
Asynchronous replication Public
subnet

Promote to master if Ap
Amazo
n
EC2
p instanc
necessary e

Functionality Private
subnet
Read-heavy database RDS DB
read

M R
RDS DB
replica
workloads Offload read instanc
e
instan

queries ce

Availability Zone
1
Use Cases
üHigh throughput
Web and Mobile Applications üMassive storage scalability
üHigh availability

üLow-cost database
E-commerce Applications üData security
üFully managed solution

üRapidly grow capacity

Mobile and Online Games üAutomatic scaling
üDatabase monitoring
Summary
Highly scalable
High performance
Easy to
administer
Available and durable
Secure and
compliant
Amazon DynamoDB
Module 3: Security
Overview
Topics
Introduction to AWS Security
The AWS Shared Responsibility Model
AWS Access Control and Management
AWS Security Compliance Programs
Introduction to AWS Security
Introduction to AWS
Security
Security is of the utmost importance
to AWS.
Approach to security
AWS environment controls
AWS offerings and features
Keep Your Data Safe
Resilient infrastructure
High security
Strong safeguards
Continual Improvement
Rapid innovation
Constantly evolving security services
Pay For What You Need
Advanced security services
Address real-time emerging risks
Meeting needs at a lower
operational cost
Meet Compliance Requirements
Governance-enabled features
P Additional oversight
P Security control
P Central automation
AWS Shared Responsibility Model
Inherit AWS security controls
Layer your controls
Security Products and Features
Tools
P Access from AWS and partners
P Use for monitoring and logging
Network Security
Built-in firewalls
Encryption in transit
Private/dedicated
connections
Distributed denial of
service (DDoS)
mitigation
Inventory and Configuration Management
Deployment tools
Inventory and configuration tools
Template definition and management tools
Data Encryption
Encryption capabilities
Key management options
PAWS Key Management
Service
Hardware-based
cryptographic key storage
options
P AWS CloudHSM
Access Control and
Management
Identity and Access Management
(IAM) Multi-factor authentication
(MFA)
Integration and federation with corporate
directories Amazon Cognito
AWS Single Sign-On
Monitoring and Logging
Tools and features to reduce your risk profile:
P Deep visibility into API calls P

Log aggregation and options

P Alert notifications
AWS
Marketplace
Qualified partners to market/sell software to
AWS customers
Online software store that can run on AWS
The AWS Shared Responsibility Model
Shared Responsibility
Model
Security of the
Cloud

Protection of the AWS global infrastructure is top priority

Availability of third-party reports
Security of the
Cloud
• AWS Foundation Services

• Managed Services

Amazon EC2 Amazon DynamoDB

Amazon Amazon RDS
EBS Amazon Redshift
Amazon EMR
Amazon WorkSpaces
Security of the
Cloud
• AWS Foundation Services

• Managed Services

Inherited Controls Shared Controls Customer Specific

P Physical P Patch Management P Service/Communication
Protection
P Environmental P Configuration Management
P Zone Security
P Awareness and Training
Security in the
Cloud

What to store In what content format and

Which AWS services structure
In what location Who has access
Security in the
Cloud

Customers retain control

Changes to model depend on services
Security in the
Cloud
AWS Service Catalog
Virtual Machine Images
Servers
Software
Databases
Security in the
Cloud
Benefits
Centrally manage common IT services
Achieve consistent governance
Meet compliance requirements
Quickly deploy approved IT services
Example
Customer Responsibility:

P Guest O S
P Application

P Security group

Amazon
Amazon EC2 Amazon
S3 Workspaces
Summary
AWS and the customer share security responsibilities

P AWS: Security of the cloud

P Customer: Security in the cloud

Customer has full control over security measures

Customer can use AWS Service Catalog
“Infrastructure” Service
AWS Access Control and Management
AWS IAM
Control access to AWS resources
P Authentication
P Authorization
Controls access to services such as:
Compute
Storage
Database
Application services
AWS IAM
Create users and groups
Grant permissions

User Group Permissions Role

AWS IAM
Functionality
IAM Corp
Manage
P Users and their access
P Roles and their permissions
P Federate users and their permissions
AWS Account Root User

Account root user has complete access to

all AWS Services.
AWS Account Root User
Recommendations
1. Delete root user access keys.
2. Create an IAM user.
3. Grant administrator access.
4. Use IAM credentials to
interact with AWS.
IAM
AWS IAM:
Authentication
Programmatic access
P Enables access key ID and secret access key

Management console access

P Uses AWS account name and password
P MFA prompts for code
AWS IAM:
Authorization
Access AWS services
P Grant authorization
Assign permissions
P Create an AWS IAM
policy
AWS IAM: Policy Assignment

IAM Policy

IAM User IAM Group IAM Roles

IAM Best Practices
Delete AWS root account access keys
Activate multi-factor authentication (MFA)
Give IAM users only the permissions they must have
Use IAM groups
Apply an IAM password policy
IAM Best
Practices
Roles
P Use roles for applications
P Use roles instead of sharing credentials
Credentials
P Rotate credentials regularly
P Remove unnecessary users and credentials
Use policy conditions for extra security
Monitor activity in your AWS account