AWS CLOUD PRACTITIONER NOTES -

EC2
Published Jan 4, 2021
This post as the free official course from AWS [1] is the first on a series to
cover the entire course content. The focus on this post is to go over the EC2
(Elastic Compute) service and another computing services that AWS
provides. Besides that, a brief introduction to the model pay as you go that
AWS uses is shared.
Previous: AWS Cloud Practitioner Notes

MODULE 1 - INTRODUCTION AWS

The first module goes on the basics of cloud computing, what it is, and AWS
pay as you go model, remember:
1. Cloud computing is: On-demand delivery of IT resources and
applications through the internet with pay-as-you-go pricing
2. Pay on-demand: The aggregated cloud usage from a large number of
customers results in lower pay-as-you-go prices.

MODULE 2 - INTRODUCTION EC2 (CAAS)

EC2 takes care of the part of setting up physical servers. Such as buying
them, setting them up in a data-center (or even rent a hack to put it in) and the
security part as well. You can spin up a new server or take it down as you
wish.
Multitenancy [2]: AWS EC2 uses the server as a host which can have
multiple servers (EC2 instances) on it.
Provision a EC2 instance with the following OS’s:
o Linux
o Windows
Besides that you are in the control of network aspect of the EC2 as well.
In short, EC2 is:
o Flexible
 o Reliable
o Scalable
Using EC2 you are responsible for:
1. Set up and manage your instances
2. Responsible for patching instances
3. Setting up scale
4. Architect in a highly available setup

MODULES 2 - EC2 INSTANCE TYPES

Each EC2 instance type is grouped under an instance family. Instance types
offer different combinations of storage, memory, processing power.
For the following list, consider the term resources as the group of: compute,
memory and networking.
o General purpose (Balanced resources: Web servers/code repository)
o Computer optimized (Compute intensive tasks: Gaming servers, high
performance computing - HPC, Scientific modeling, batch processing)
o Memory optimized (Memory intensive tasks)
o Accelerated computing (Floating point number calculations, Graphics
processing, Data pattern matching, hardware accelerators)
o Storage optimized (High performance for locally stored data)

MODULES 2 - EC2 PRICING

The EC2 pricing model vary based on the EC2 buying option:
o On-demand
o Savings plans (low prices, in exchange for commitments in one or
three year term, leading up to 72% of saving compared to on-demand)
o Reserved instances (predictable usage up to 75% of savings
compared to on-demand)
o Spot instances (Ideal for flexible workloads - therefore AWS can
terminate the instance at any time). Up to 90% discount compared to On-
Demand prices. [3]
 o Dedicated (No shared tenancy of the host)
Besides that, the price can vary based on:
o Instance type (micro, small, large, etc). Instance type refers to a
combination of resources such as CPU, memory, storage, and
networking capacity.
o Selected region
o Number of instances
o Load balancing
o Allocated elastic IP addresses

MODULES 2 - EC2 SCALING

1. Vertical scaling: EC2 are resizable as well, you can upgrade or
downgrade hardware aspects of the instance such as: processing power,
memory and HD.
2. Horizontally - creating new instances and adding them to the pool
o Dynamic scaling: responds to changing demand- Auto scaling.
o Predictive scaling: schedule the right number of EC2 based on
predicted demand.

MODULES 2 - ELASTIC LOAD BALANCING (ELB)

Load balancing distributes incoming application traffic across multiple
resources and its built on regional construct, it runs on regional level. The ELB
has the following characteristics:
o High performance
o Cost-efficient
o Highly available
o Automatically scalable
AWS provides different ELB solutions for each kind of work load [3]:
o Application load balancer: load balancing of HTTP and HTTPS traffic
o Network load balancer: load balancing TCP traffic
 o Classic load balancer: basic load balancing across multiple Amazon
EC2 instances. The classic load balancer is intended for applications that
were built within the EC2-classic network.

MODULES 2 - MESSAGE AND QUEUEING

Applications that communicates directly are defined as: Tightly coupled
architecture. If a single component fails or changes, it causes issues to the
entire system.
talks to
Application A --------------------> Application B
Loosely coupled architectures are defined as single failure won’t cause
cascading failures.
sends to process
_________________
Application A ------> | message queue | <-------- Application B
|_______________|
For decoupled solutions, AWS provides two services:
1. AWS SQS (simple queue service)

SQS queues are places where messages are stored until they are processed.
o send messages (data within a message: payload. It is protected until
delivery)
o store messages
o receive messages
o at any volume (without loosing messages)
1. AWS SNS (simple notification service)

SNS is a channel for messages to be delivered, pub-sub pattern.Subscribers

can be web servers,email, lambda functions, etc.

MODULES 2 - ADDITIONAL COMPUTE SERVICES

AWS LAMBDA
AWS lambda is a service that allows you to upload your code to be executed.
The code is executed in a managed environment.
 o lambda is designed to run code in 15 minutes
o automatically scale

AWS ECS (ELASTIC CONTAINER SERVICE) OR EKS (ELASTIC KUBERNETES

SERVICE)
ECS is designed to orchestrated your containers at scale, without the hassle
to manage your own cluster. ECS can run on top of EC2, so then you can
manage details under the hood. Also AWS offers Fargate to deploy
containers, which is a managed service that removes the access to low level
components such as the operational system. In short:
1. ECS on EC2 you manage
2. ECS on Fargate AWS manages

UP NEXT
Infrastructure and reliability

AWS CLOUD PRACTITIONER NOTES -

INFRASTRUCTURE AND RELIABILITY
Published Jan 5, 2021
Previously we saw the EC2 computing services that AWS offers and the
difference between them. This section focus on the infrastructure and
reliability, how AWS offer such service for it’s costumers and how it enables
the capacity that AWS has. AWS provides of high availability for customers
through multiple regions in a global landscape.
Previous: AWS cloud practitioner notes - EC2

MODULE 3 - GLOBAL INFRASTRUCTURE

AWS provides a range of regions to support highly availability.
1. Compliance (does the data has restrictions to any country? Usually
complice states restrictions to where the software should operate.)
2. Proximity (Close to the customer, usually the right call as the content
will be provided faster compared to farther regions)
3. Future availability
4. Pricing (some locations are more expensive to operate)

Each region is made up of multiple of data centers. AWS calls a single data
center or a group of data centers a availability zone or AZ. AWS data
centers have redundant power, networking and connectivity.
Services that have the check “Regionally scoped service” are already high
available.

MODULE 3 - EDGE LOCATIONS

AWS provides a CDN (Content Delivery Network [1] - Amazon cloud front)
uses edge locations to accelerate communications with customers around the
world.
o Regions are geographically isolated areas
o Regions contain availability zones
o Edge locations run Amazon CloudFront
Best practice tip: deploy infrastructure across at least 2 availability zones
AWS outpost installs a mini regions inside a private data center.

MODULE 3 - HOW TO PROVISION AWS RESOURCES

In AWS everything is an API call, there are pre determined ways to interact
with AWS services. There are a few options to interact with those services, for
example:
o AWS management console (web based, visually)
o AWS Command line interface (CLI - API calls via terminal)
o AWS Software Development Kits (SDKs - interface for different
programming languages)

ELASTIC BEANSTALK (EB)

Elastic beanstalk is a AWS managed service that manages EC2 instances.
You provide a configuration such as networking, storage, scaling and the
application to run. The application can be shipped in a container image or on
a specific programming language that EB supports.
Besides, EB provides a way of making the process repeatable and prevent
the possible human error during deployment.

CLOUDFORMATION
Cloud formation is a service that AWS provides to provision services through
scripts (code tool). Through XML or JSON declarative scripts called
CloudFormation templates. This kind of approach of serving infrastructure on
a coded basis is known as Infrastructure as Code (IaC), CloudFormation is for
AWS, but, there are other tools that supports another cloud providers such as
[terraform]/certification/2021/08/07/terraform-hashicorp-certification.html.
calls to AWS apis
________________
| |
CloudFormation template ---------> | Aws Formation |
-----------> AWS services
|________________|
The CloudFormation approach decouples the what yuo want to build from how
to build it. The CloudFormation takes cares of the how, and you, the what.

UP NEXT
Networking

AWS CLOUD PRACTITIONER NOTES -

NETWORKING
Published Jan 6, 2021
Amazon VPC (Virtual Private Cloud) [1][2] lets you provision a isolated section
of aws cloud, and deliver aws services that you control. Public and private
grouping of resources are known as subnets.
o Public subnet
o Private subnet
Previous: AWS cloud practitioner notes - Infrastructure and reliability

MODULE 4 - CONNECTIVITY TO AWS

Internet gateway allows public traffic from the internet to access the VPC.

____________________________________________
| AWS cloud
|
|
___________________________________ |
| |VPC
| |
__________ | __|_________
| |
| Client | internet request | |internet |
| |
|________| --------------------------> |gateway |
| |
| |__________|
| |
| |
| |
| |
| |
| |
| |
| |
_________________________________| |
|
__________________________________________|
Virtual private gateway allow access to private resources in a VPC.

____________________________________________
| AWS cloud
|
|
___________________________________ |
| |VPC
| |
_______________ | _|_________
| |
| Corporate | | | virtual |
| |
| data center | internet | | private |
| |
|_____________| ---------------------->| gateway |
| |
VPN connection | |___________|
| |
| |
| |
| |
| |
| |
| |
| |
_________________________________| |
|
__________________________________________|
AWS Direct connect [3] provides a direct connection from private data
center, offices, or other locations to AWS.

____________________________________________
| AWS cloud
|
____________________ |
___________________________________ |
| | | |VPC
| |
_______________ |AWS direct connect| | ___|_________
| |
| Corporate | |location | | | virtual |
| |
| data center | | | | | private |
| |
|_____________|---->|AWS direct |----->| gateway |
| |
|connect end point | | |___________|
| |
 | | | |
| |
| | | |
| |
|__________________| | |
| |
| |
_________________________________| |
|
__________________________________________|

MODULE 4 - SUBNETS AND NETWORK ACCESS

CONTROL LISTS
AWS networking security features:
o Network hardening
o Application security
o User identity
o Authentication and authorization
o Distributed denial of service prevention
o Data integrity
o Data encryption
Network ACL does not evaluate the package content, it evaluates only if the
package can go in or out.
Every ec2 comes with a security group, by default all connections are blocked.
o Security groups are stateful
o Network ACL is stateless (allow all inbound and outbound traffic)

MODULE 4 - GLOBAL NETWORKING

AWS Route 53 domain name system, is the service that amazon uses to
translates a domain name to an IP address. Route 53 can route traffic based
on the following policies:
o Latency-based routing
o Geo-location DNS (Domain Name System)
o Geo-proximity routing
o weighted round robin

UP NEXT
Storage and databases

AWS CLOUD PRACTITIONER NOTES -

STORAGE AND DATABASES
Published Jan 7, 2021
This module describes the AWS services for storage and databases. AWS
has different services that goes from file storage service to serverless
database.
Previous: AWS cloud practitioner notes - Networking

MODULE 5 - INSTANCE STORES AND AMAZON

ELASTIC BLOCK STORE
Block storage level are places to store files, EC2 has different types of storage
as well.
o instance store volumes (physical attached to AWS host) - temporary
type [1]
o EBS are virtual hard drives or EBS volumes - persistent type
Incremental snapshots (backup) can be taken from EBS volumes and
restored later.

MODULE 5 - AMAZON SIMPLE STORAGE SERVICE

(AMAZON S3)
Amazon S3 is a storage service that allows you to store and retrieve files at
any scale and pay only for what you use.
 o Store data as object
o Storage objects in buckets
o Upload maximum object size of 5TB
o Version objects
o Create multiple buckets

S3 CLASSES (OR TIERS)

o S3 standard 99,99999999999% of durability
o S3 standard infrequent access (backups, disaster recovery files)
o S3 One Zone-Infrequent access (S3 one Zone-IA)
o S3 intelligent-Tiering (unknown or changing access patterns)
o AWS Glacier to archive data (Able to retrieve objects in minutes)
o AWS Glacier deep archive (Able to retrieve objects within 12 hours)
It is possible to move objects between tiers through S3 lifecycle management.
For example, from s3 standard to s3 infrequent access.

COMPARING AMAZON EBS AND AMAZON S3

EBS S3

up to 16TB Unlimited storage

Survive EC2 termination Individual objects up to 5 TB

Solid state by default Write once/read many

HDD options 99,99999999999% durability

EBS S3

USE CASE 1 - APP TO UPLOAD A PHOTO FILE

S3 is the preferred approach here, for the following reasons:
o Web enabled
o Regionally distributed
o Offers cost savings
o Serverless

USE CASE 2 - VIDEO EDITING ON A FILE

Object storage treats every file as a complete discrete object, perfect for files
that are consumed as a whole.
Block storage breaks the files in smaller pieces (blocks), for a bunch of a
small changes, EBS is preferable.
Complete changes = S3 Complex read, write, change functions = EBS

MODULE 5 - AMAZON ELASTIC FILE SYSTEM (EFS)

Multiple instances can access the data in EFS at the same time, it scales up and down as needed. The
differences between EBS and EFS are:

EBS EFS

Multiple instances reading

Amazon EBS are attached to EC2 instances
simultaneously
EBS EFS

Availability zone level resource True file system/multiple av

Need to be in the same availability zone to the attached EC2

Regional resource
instance

EBS volumes do not automatically scales Automatically scales up an

MODULE 5 - AMAZON RELATIONAL DATABASE

SERVICE (RDS)
o Automated patching
o Backups
o Redundancy
o Failover
o Disaster recovery

AMAZON AURORA
o MySQL or PostgreSQL support
o 1/10th cost of commercial databases
o Data replication
o Up to 15 read replicas
o Automated backup to S3

MODULE 5 - AMAZON DYNAMODB

DynamoDB is serverless in a sense that you don’t have to provision or, install,
maintain or operate the server that the database is in. DynamoDB scales
automatically to adjust the changes in the database.
o Non-relational database
o Millisecond response time
o Fully managed
o Highly scalable

COMPARING AMAZON RDS AND DYNAMODB

RDS DynamoDB

Automatic high availability Key-value

Customer ownership of data Massive throughput capabilities

Customer ownership of schema PB size potential

Customer control of network Granular API access

USE CASE 1 - SALES SUPPLY CHAIN APPLICATION

RDS is the choice as its application is built for analytics and requires complex
relationships between the data.

USE CASE 2 - EMPLOYEE CONTACT LIST APPLICATION

Single table territory, potentially relational, but not required as the relationship
between data would create an overhead maintaining the relationships.
MODULE 5 - AMAZON REDSHIFT
Amazon Redshift is a data-ware house service used for analytics. You can
collect data from many sources and see the relationships across the data.

MODULE 5 - AMAZON DATABASE MIGRATION

SERVICE (AWS DMS)
Amazon Database Migration Service helps you to migrate databases into aws.

HOMOGENOUS DATABASES
The first type of migration is: homogenous. Homogenous databases are
migrations across the same database type. For example:
o MySQL to Amazon RDS for MySQL
o Microsoft SQL Server to Amazon RDS for SQL Server
o Oracle to Amazon RDS for Oracle

HETEROGENEOUS DATABASES
The second type of migration is: heterogeneous databases. Which provides a
migration for different database vendors.
For this type of migration there are two steps, the first is the conversion from
the database source into the origin database. Then the last step is to do the
migration.

MODULE 5 - ADDITIONAL DATABASE SERVICES

o Amazon DocumentDB - document database that supports MongoDB
o Amazon Neptune - Graph database service
o Amazon Quantum Ledger Database - Review a complete history of all
the changes that have been mande to your application data
o Amazon Managed Blockchain - A service used to create managed
blockchain networks
o Amazon ElastiCache - A service that adds caching layer to improve
application response time
o Amazon DynamoDB accelerator - In memory cache for DynamoDB

UP NEXT
Security

AWS CLOUD PRACTITIONER NOTES -

SECURITY
Published Jan 8, 2021
The AWS security model is shared meaning, AWS is responsible for the
security of the cloud, and you, the customer is responsible for the security in
the cloud. AWS controls the servers, data centers and all the layers in this
section.

MODULE 6 - SHARED RESPONSIBILITY MODEL

CUSTOMER RESPONSIBILITIES
Customers are responsible for everything they put in AWS.
_______________________________________________________________
_____________________________
|C|__________________________________ CUSTOMER DATA
_______________________________________|
|U|
_______________________________________________________________
_________________________|
|S|_________________ PLATFORM, APPLICATIONS, IDENTITY AND
ACCESS MANAGEMENT________________|
|T|
_______________________________________________________________
_________________________|
|O|_________________ OPERATING SYSTEMS, NETWORK AND FIREWALL
CONFIGURATION ________________|
|M|
_______________________________________________________________
_________________________|
|E|
_______________________________________________________________
_________________________|
|R|_ CLIENT-SIDEDATA ENCRYPTION | SERVER SIDE ENCRYPTION |
NETWORKING TRAFFIC PROTECTION __|

AWS RESPONSIBILITIES
AWS is responsible for security of the cloud.
_______________________________________________________________
_____________________________
|A|_____________________________________ SOFTWARE
_________________________________________|
| |_____ COMPUTE ______|______ STORAGE ______|_____ DATABASE
_____|_____ NETWORKING _______|
|W|
_______________________________________________________________
_________________________|
| |_________________________ HARDWARE/AWS GLOBAL INFRASTRUCTURE
___________________________|
|S|______ REGIONS _____|____________ AVAILABILITY ZONES
__________|__ EDGE LOCATIONS ______|

MODULE 6 - USER PERMISSIONS AND ACCESS

AWS Identity and Access Management allows you to manage access to AWS
services and resources.
o The root account is the owner of the AWS account, this is the default
permission for an aws created account. The root user account controls
any resources. As such, the recommended security approach is to turn
on MF2, for this account.
o Users created by IAM, have no permissions by default. (Principle of
least privilege)
As a best practice approach, avoid using root for everyday tasks. Instead
create an user and assign it the needed permissions.
IAM policy is a JSON document that describes which apis calls an user can or
can’t do. This is a policy example:
{
"version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my_resource"
}
}
The following table describes the possible values for each field in the IAM policy JSON:

Option Value

Effect Allow / Deny

Action Any API call

Resource Which AWS resource the API call is for

IAM groups are groups of users, you can attach policies to a group and all
users in that group will have the permissions listed there.
IAM roles have associated permissions that allow or deny actions in aws, and
this roles can be assume for temporary amount of time.

MODULE 6 - ORGANIZATIONS
AWS Organizations are used to consolidate and manage multiple AWS
accounts, in a centralized manner. This approach avoids the problem of
managing multiple aws accounts.

MODULE 6 - COMPLIANCE
Compliance checks if a given regulation is being followed, countries might
have different compliances. For example:
o EU - GDPR
o Health care in US - HIPAA
Aws has already built data center, infrastructure and networking following
industries best practices for security, and you as a customer inherit those
practices as well.
Enabling data protection is a configuration setting on the resource. AWS
offers whitepapers are documents you can download and use for compliance
reports.
o AWS Artifact - compliance reports done by third parties [1]
o AWS Compliance - compliance information in all one place [2]

MODULE 6 - DENIAL-OF-SERVICE ATTACKS

DDOS attack objective is to put down a given service such that it can no
longer respond to request from clients.
o HTTP level attacks - too expensive to overwhelm AWS, not impossible
though
o UDP flood - security group
o SLOWLORIS attack - Elastic load balancer
AWS WAF uses a web application firewall to filter traffic from bad actors.

AWS SHIELD STANDARD

Automatically protects all AWS customers at no cost. It protects from the most
common and frequent types of DDoS attack.

AWS SHIELD ADVANCED

It is a paid service that provides detailed attack diagnostics.

MODULE 6 - ADDITIONAL SECURITY RESOURCES

o encryption at rest (when the data is idle). Server side encryption at rest
is enable in all dynamoDB data
o encryption in transit. SSL to data in transit encrypt data. (SQS, S3,
RDS).

AMAZON INSPECTOR
runs an automated security assessment infrastructure, check deviations
against best practices.

AMAZON GUARDDUTY
It analyses streams of data from network, vpc logs and dns logs. Runs
independently from aws services.

AWS CLOUD PRACTITIONER NOTES -

MONITORING AND ANALYTICS
Published Jan 9, 2021
AWS offers a variety of tools for analytics and monitoring, such as Amazon
CloudWatch, AWS CloudTrail and AWS Trusted Advisor.
Monitoring: Observing systems. collecting metrics, and then using data to
make decisions.

MODULE 7 - AMAZON CLOUDWATCH

Amazon CloudWatch allows you to monitor you aws infrastructure and the
applications you run in AWS in real time.
o Metrics are available tied to your resources (cpu utilization of a ec2
instance)
With cloudWatch you can:
o Access all your metrics from a central location
o Gain visibility across applications and services
o Reduce MTTR and improve TCO
o Drive insights to optimize applications

CLOUDWATCH ALARMS
You can use CloudWatch Alarms to set alerts based on a given metric that
perform actions based on its value [1].

CLOUDWATCH DASHBOARD
CloudWatch dashboard provides a single location to access all the metrics for
the resources.

MODULE 7 - AMAZON CLOUDTRAIL

AWS CloudTrail records API calls for your account. Every request gets
recorded in the Cloudtrail engine.

MODULE 7 - AWS TRUSTED ADVISOR

AWS Trusted Advisor is a web service that inspects the AWS environment
and gives real-time best practices recommendations, based on five pillars:
o Cost optimizations
o Performance
o Security
o Fault tolerance
o Service limits

AWS CLOUD PRACTITIONER NOTES -

PRICING AND SUPPORT
Published Jan 10, 2021

MODULE 8 - FREE TIER

Types of free tiers:
o Always free
o 12 months free
o Trials

SPECIAL SERVICES
o The AWS lambda service allows for 1 million free invocations per
month
o Amazon S3 is free for 12 months for up to 5GB of standard storage
o AWS Lightsail offers 1 month trial of up to 750 hours of usage
o DynamoDB offers 25GB of free storage per month

MODULE 8 - PRICING CONCEPTS

o Pay for what you use
o Pay less when you reserve
o Pay less with volume-based discount when you use more

MODULE 8 - BILLING DASHBOARD

The billing dashboard has the following information:
o Monthly-to-Date Spend by service
o Total month-to-date spend aggregated and forecast
o Top 5 Free Tier Services by Usage
o Access to cost explorer budget and bill
The bill is split by services, and then regions
MODULE 8 - CONSOLIDATED BILLING
Companies are likely to have more than one AWS account, and as such, it is
possible to manage them in a single place (AWS organizations). AWS
organizations has the feature consolidated billing, at the end of the month,
instead of paying the bill for each AWS account, you can generate a single
one for the owner of the organization.
o If you have saving cost plan it can be shared across AWS accounts in
the organization

MODULE 8 - AWS BUDGETS

AWS budgets allows you to set budge for cost and usage, in addition, you can
configure alerts based on thresholds for those budgets.

MODULE 8 - AWS COST EXPLORER

Allows you to visualize see and analyze how you are spending your money on
AWS.

MODULE 8 - AWS SUPPORT PLANS

By default every customer at aws gets the basic support, no additional cost.
The basic support offers:
o 24/7 customer service
o Documentation
o Whitepapers
o Support forums
o AWS Trusted Advisor
o AWS Personal Health Dashboard
Therefore, AWS offer the Developer support as well:
o It covers everything in the basic support
o Email access to customer support
Business support:
o It covers everything in the basic support and developer support
o AWS Trusted Advisor provides full set of best practices checks
o Direct phone access to cloud support engineers
o Infrastructure event management
Enterprise support:
o It covers everything in the basic support, developer
support and business support
o 15 minute SLA for business critical workloads
o Dedicated technical account manager (TAM)
TAM’s work together with customers to offer architecture reviews based on
the well architected framework, that is based on five pillars:
o Operational Excellence
o Security
o Reliability
o Performance Efficiency
o Cost Optimization

MODULE 8 - AWS MARKETPLACE

AWS marketplace is a catalog that has thousands of software from
independent software vendors (Enterprise focused features).
o Custom terms and pricing
o A private marketplace
o Integration into your procurement systems
o Cost management tools

AWS CLOUD PRACTITIONER NOTES -

MIGRATION AND INNOVATION
Published Jan 11, 2021
Migrating into the cloud is a process, and it takes a lot of work to get things
migrated into aws (or any cloud provider).

MODULE 9 - AWS CLOUD ADOPTION FRAMEWORK

(AWS CAF)
AWS Cloud Adoption Framework (AWS CAF) provides advise companies in 6
areas, focused on the people type that you will need for the migration
o Business
o People
o Governance
o Platform
o Security
o Operations
AWS CAF Action Plan keeps your organization on track during the migration
process.

MODULE 9 - MIGRATION STRATEGIES

The 6R’s:
1. Re-hosting (lift-and-shift) - moving applications without changes
2. Re-platforming (lift, tinker, and shift) - involves making a few cloud
optimizations to see benefits
3. Retire - removing applications that are no longer needed
4. Retain - keeps applications that are critical for the business in the
source environment
5. Re-purchashing - fresh start, moving from traditional license to a
software-as-a-service model, from a old product to a new one
6. Refactoring - Driven by strong business need to add features, it involves
changes in the code of current applications to support cloud solutions
MODULE 9 - AWS SNOW FAMILY
A collection of physical devices that help to physically transport up to exabytes
of data into and out of AWS.

AWS SNOWCONE
AWS Snowcone is a small, rugged, and secure edge computing and data
transfer device. It features 2 CPUs, 4 GB of memory, and 8 TB of usable
storage.

AWS SNOWBALL EDGE STORE OPTIMIZE

It’s well suited for large-scale data migrations

AWS SNOWBALL DGE COMPUTE OPTIMIZE

Provides powerful computing resources for use cases such as machine
learning, full motion video analysis, analytics, and local computing stacks.

AWS SNOWMOBILE
Capacity up to 100PB.

MODULE 9 - INNOVATION WITH AWS

AWS supports VMWare Cloud on AWS as lift-and-shift.

AMAZON SAGEMAKER
Quickly build, train and deploy machine learning model at scale, and it is
supported by the most popular open source frameworks.

AMAZON A2I
Machine platform that anyone can operate without an expertise
AMAZON LEX
Helps you build interactive chat-bots

AMAZON TEXTRACT
Helps you to extract text from documents

AWS DEEPRACER
Machine learning service for reinforcement learning

AWS CLOUD PRACTITIONER NOTES -

THE CLOUD JOURNEY
Published Jan 12, 2021
Is designed to enable architects developers and users of aws to build secure, performant, resilient and
efficient infra structure for their applications.

Operational excellence Security

Performance efficiency Cost optimization

MODULE 10 - AWS WELL-ARCHITECTED

FRAMEWORK
The well architected framework [1] is build on five pillars, named:
1. Operational excellence
2. Security
3. Reliability
4. Performance Efficiency
5. Cost Optimization
OPERATIONAL EXCELLENCE
Focused on running and monitoring system to delivery business values, and
continually improve process and procedures.

SECURITY
Priority number, checking integrity of data, protecting systems using
encryption.

RELIABILITY
Recovery planning, such as dynamoDB disruption or EC2 failures, how you
handle failure to meet business and customer demand.

PERFORMANCE EFFICIENCY
IT and computing resources efficiently, for example, using the correct EC2
type.

COST OPTIMIZATION
Controlling where money is spent, checking if the ec2 size if over estimated. If
so, you can change for a better type of instance.

AWS WELL-ARCHITECTED TOOL

Is available as a general tool through AWS console, it presents a plan in how
to optimize your services to suit the well architected framework.

MODULE 10 - BENEFITS OF THE AWS CLOUDS

6 BENEFITS OF USING AWS CLOUD

1. TRADE FIXED EXPENSE FOR VARIABLE EXPENSE

1. Physical space
2. Hardware
3. Staff for racking and stacking
4. Overhead of running data center
5. Fixed cost

Building with AWS is fundamentally different, the cost will vary month-to-
month as you consume different services. You cans tart small, pay for only
what you use and as you grow pay on demand.
1. Turn off unuSed instances
2. Delete old resources
3. Optimize your applications
4. Receive recommendations from AWS Trusted Advisor

2. BENEFIT FROM MASSIVE ECONOMIES OF SCALE

AWS is building on massive capacity on around the world, AWS is an expert
on building data center. Because of that you can achieve a lower price than
running your own data center.

3. STOP GUESSING CAPACITY

Building a data center you need to estimate for support the growth over time.
Imagine that you estimated a data center for 10m users, but in reality, you just
got 500k. Still you have to pay for 10m.
On the other hand, lower capacity than the expected can also lead to
difficulties, trying to support a capacity that is higher than the expected.
All in all, guessing tou capacity upfront can be problematic, if you over or
under estimate.
With AWS, you don’t have to guess.
o Provision resources you need for the now
o Scale up or down based on real life
o Scaling can take minutes with AWS, not weeks or months

4. INCREASE SPEED AND AGILITY

Experiment and try out new services on AWS is easy. You can:
o Spin up test environments
o Run experiments
o Delete resources
o Stop incurring costs
Usually, traditional data center does not offer this flexibility.

5. STOP SPENDING MONEY RUNNING AND MAINTAINING DATA

CENTER
If you aren’t a data center company, you don’t need to spend money handling
expensive data center operations. AWS let’s you focus on your business and
customers.

6. GO GLOBAL IN MINUTES
With traditionally data center approach, expand to a secondary part of the
world, could take months or years. With AWS it takes minutes.