Professional Documents
Culture Documents
Part 2
Participant Workbook
Instructions
This is the participant workbook you can use throughout this course. You will find valuable
terminology and acronym definitions explained here. There is space for you to take notes and even
additional links for you to dive deeper into the information you will learn in class today.
Table of Contents
Module 1: Security ................................................................................................................................................. 2
Module 2: Block and File Storage ....................................................................................................................... 9
Module 3: Compute in the Cloud ...................................................................................................................... 12
Version 1.3 Last updated 2-2-2024 © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Becoming a Cloud Practitioner Part 2
Module 1: Security
Helpful Terms
Term Definition
An authentication method that requires a user to provide two methods of
Multi-factor Authentication identification.
(MFA)
- Text codes, email codes, USB devices
Web Application Firewall A service that filters and monitors HTTP traffic between your application and the
(WAF) internet.
A process of replacing plain text with text created using a secret code that only you
Encryption
have the key to decipher.
Server-side encryption is the encryption of data at its destination by the
Server-side encryption
application or service that receives it.
Client-side encryption is the encryption of data at its source by the application or
Client-side encryption
service that receives it.
A site that CloudFront uses to cache copies of your content for faster delivery to
Edge location
users at any location.
Entity An individual (person), organization, device or process.
A Firewall is a network security device that monitors and filters incoming and
Firewall outgoing network traffic based on a network.
- Packet filtering, network, and application.
The process of determining that a connection was created by who or what they
Authentication claim to be.
Who you are
The process of granting permission to an authenticated entity.
Authorization
What you can/can’t do
Something that an entity has to prove their identity.
Credentials - Username and password, security key, or one-time use passcode.
What you have
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2 of 15
Becoming a Cloud Practitioner Part 2
Security and Compliance is a shared responsibility between AWS and the customer. This shared model
can help relieve the customer’s operational burden as AWS operates, manages and controls the
components from the host operating system and virtualization layer down to the physical security of
the facilities in which the service operates. The customer assumes responsibility and management of
the guest operating system (including updates and security patches), other associated application
software as well as the configuration of the AWS provided security group firewall. The nature of this
shared responsibility also provides the flexibility and customer control that permits the deployment.
As shown in the chart below, this differentiation of responsibility is commonly referred to as Security
“of” the Cloud versus Security “in” the Cloud.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3 of 15
Becoming a Cloud Practitioner Part 2
AWS Identity and Access Management (IAM) provides fine-grained access control across the entire
AWS platform. You can use IAM to specify who can access which services and resources, and under
which conditions. IAM policies let you manage permissions to your workforce and systems to ensure
least privilege permissions. Least privilege is an AWS Well-Architected Framework best practice for
building securely in the cloud.
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 4 of 15
Becoming a Cloud Practitioner Part 2
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5 of 15
Becoming a Cloud Practitioner Part 2
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment
for multiple AWS accounts or multiple Amazon Web Services India Private Limited (Amazon Web
Services India) accounts. Every organization in AWS Organizations has a management account that
pays the charges of all the member accounts.
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 6 of 15
Becoming a Cloud Practitioner Part 2
AWS Shield
AWS Shield Advanced is a tailored protection program that identifies threats using exabyte-scale
detection to aggregate data across AWS.
AWS Shield provides two levels of protection: Standard and Advanced.
• AWS Shield Standard automatically protects all AWS customers at no cost.
• AWS Shield Advanced is a paid service that provides detailed attack diagnostics and the ability
to detect and mitigate sophisticated DDoS attacks
For more information on this service, see https://aws.amazon.com/shield/features/.
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 7 of 15
Becoming a Cloud Practitioner Part 2
Encryption
AWS offers you the ability to add a layer of security to your data at rest in the cloud, providing scalable
and efficient encryption features. These include:
• Data at rest encryption capabilities available in most AWS services, such as Amazon EBS,
Amazon S3, Amazon RDS, Amazon Redshift, Amazon ElastiCache, AWS Lambda, and Amazon
SageMaker
• Flexible key management options, including AWS Key Management Service, that allow you to
choose whether to have AWS manage the encryption keys or enable you to keep complete
control over your own keys
• Dedicated, hardware-based cryptographic key storage using AWS CloudHSM, allowing you to
help satisfy your compliance requirements
• Encrypted message queues for the transmission of sensitive data using server-side encryption
(SSE) for Amazon SQS
AWS Key Management Service (AWS KMS)
AWS KMS gives you centralized control over the cryptographic keys used to protect your data. The
service is integrated with other AWS services making it easier to encrypt data you store in these
services and control access to the keys that decrypt it.
For more information on AWS KMS, see https://aws.amazon.com/kms/features/.
Amazon GuardDuty
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and
unauthorized behavior to protect your AWS accounts, Amazon EC2 workloads, container applications,
Amazon Aurora databases, and data stored in Amazon S3. GuardDuty combines machine learning,
anomaly detection, network monitoring, and malicious file discovery, using both AWS and industry-
leading third-party sources to help protect workloads and data on AWS.
For more information on Amazon GuardDuty, see https://aws.amazon.com/guardduty/features/.
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 8 of 15
Becoming a Cloud Practitioner Part 2
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 9 of 15
Becoming a Cloud Practitioner Part 2
Notes:
In file storage, multiple clients (such as users, applications, servers, and so on) can access data that is
stored in shared file folders. In this approach, a storage server uses block storage with a local file
system to organize files. Clients access data through file paths.
Compared to block storage and object storage, file storage is ideal for use cases in which a large
number of services and resources need to access the same data at the same time.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10 of 15
Becoming a Cloud Practitioner Part 2
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11 of 15
Becoming a Cloud Practitioner Part 2
Amazon Elastic Compute Cloud (Amazon EC2) provides on-demand, scalable computing capacity in the
Amazon Web Services (AWS) Cloud. Using Amazon EC2 reduces hardware costs so you can develop
and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as
you need, configure security and networking, and manage storage. You can add capacity (scale up) to
handle compute-heavy tasks, such as monthly or yearly processes, or spikes in website traffic. When
usage decreases, you can reduce capacity (scale down) again.
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 12 of 15
Becoming a Cloud Practitioner Part 2
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 13 of 15
Becoming a Cloud Practitioner Part 2
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 14 of 15
Becoming a Cloud Practitioner Part 2
You can select the appropriate load balancer based on your application needs. If you need flexible
application management, we recommend that you use an Application Load Balancer. If extreme
performance and static IP is needed for your application, we recommend that you use a Network Load
Balancer. If you have an existing application that was built within the EC2-Classic network, then you
should use a Classic Load Balancer.
Notes:
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 15 of 15