AWS Certified Cloud Practitioner Certification

Run, migrate, or build applications in the cloud.

• Use case: An application built with virtual servers, databases, and networking components, fully based in the cloud.

Resources are deployed in on-premises data centers.

• Use case: Applications running on technology fully kept in an on-premises data center with enhanced resource utilization.

Combines cloud-based and on-premises resources.

• Use case: Legacy applications remain on premises, while batch data processing and analytics services run in the cloud. or Suitable for legacy applications with regulatory requirements for cloud integration.

• Upfront Expense: Traditional IT requires heavy initial investment in data centers, servers, and infrastructure before usage.
• Variable Expense: Cloud computing allows businesses to pay only for the resources they consume, avoiding large capital expenditures.

• Traditional Challenge: Computing in data centers often requires you to spend more money and time managing infrastructure and servers.
• Cloud Advantage: Cloud computing eliminates the burden of maintaining physical hardware, allowing businesses to focus on applications and customers.
• Key Benefit: Is the ability to focus less on these tasks and more on your applications and customers.

• Traditional Challenge: You don’t have to predict how much infrastructure capacity you will need before deploying an application.
• Cloud Advantage: Cloud providers offer auto-scaling features that adjust resources based on demand.

By using cloud computing, you can achieve a lower variable cost than you can get on your own.

The flexibility of cloud computing makes it easier for you to develop and deploy applications.

The global footprint of the AWS Cloud enables you to deploy applications to customers around the world quickly, while providing them with low latency. This means that even if you are located in a different part of the world than your customers, customers are able to access your applications with minimal delays.

Provide a balance of compute, memory, and networking resources. Applications built on open source software such as

• Backend servers for enterprise applications
• Microservices
• Caching fleets
• Gaming servers
• Small and medium databases

Compute-bound applications that benefit from high-performance processors.

• Compute-intensive applications servers
• Dedicated gaming servers
• High performance web servers
• High performance computing (HPC)
• Media transcoding
• Scientific modeling
• Dedicated gaming servers
• Machine learning inference
• Batch processing workloads that require processing many transactions in a single group
• Video encoding
• Scientific modeling
• Distributed analytics

Designed to deliver fast performance for workloads that process large datasets in memory.

• High-performance database, in-memory caches
• Real-time processing of a large amount of unstructured data
• Real-time big data analytics.

Use hardware accelerators, or coprocessors, to perform some functions more efficiently than is possible in software running on CPUs.

• Generative AI applications, including question answering, code generation, video and image generation, speech recognition, and more.
• HPC applications at scale in pharmaceutical discovery, seismic analysis, weather forecasting, and financial modeling.
• Functions include floating-point number calculations
• Graphics applications processing
• Data pattern matching
• Game streaming

Are designed for workloads that require high, sequential read and write access to very large data sets on local storage Storage optimized instances are designed to deliver tens of thousands of low-latency, random IOPS.

• I/O intensive workloads that require real-time latency access to data such as relational databases (MySQL, PostgreSQL)
• Real-time databases, NoSQL databases (Aerospike, Apache Druid, Clickhouse, MongoDB)
• Real- time analytics such as Apache Spark.
• Distributed file systems
• Data warehousing applications
• High-frequency online transaction processing (OLTP) systems

Ideal for short-term, irregular workloads that cannot be interrupted.

You can purchase Standard Reserved and Convertible Reserved Instances for a 1-year or 3-year term. You realize greater cost savings with the 3-year option. Types include:

• Standard Reserved Instances: Best when you know the exact EC2 instance type, size, and AWS Region for steady-state applications
• Convertible Reserved Instances: Ideal when you need flexibility across Availability Zones or instance types

Reduce costs by committing to an hourly spend for 1-3 years, offering savings up to 72% compared to On-Demand rates.

Ideal for flexible, interruptible workloads, offering up to 90% savings by using unused EC2 capacity.

Physical servers fully dedicated to your use (most expensive option).

The number of Amazon EC2 instances that launch immediately after creating the Auto Scaling group.

The current number of instances running in your Auto Scaling group, which may be set higher than your minimum requirement (e.g., 2 instances when only 1 is needed).

The upper limit that your Auto Scaling group can scale to in response to increased demand.

1. You upload your code to Lambda.
2. You set your code to trigger from an event source, such as AWS services, mobile applications, or HTTP endpoints.
3. Lambda runs your code only when triggered.

1. Provision instances (virtual servers)
2. Upload your code.
3. Continue to manage the instances while your application is running.
4. Manage the instances while your application is running.

1. Compliance: If your company requires data to stay within a specific country, choose a Region that meets those requirements (e.g., London for UK data residency).
2. Proximity: Running infrastructure close to customers improves content delivery (e.g., a Washington, DC company might use the Singapore Region for customers there).
3. Availability: The closest Region may lack certain features, as AWS expands services gradually by building hardware in each Region.
4. Pricing: Costs vary by Region due to local tax structures (e.g., running workloads in São Paulo may be 50% more expensive than in Oregon).

1. AWS Region: A physically isolated cluster of data centers in a specific location (e.g., US-East-1, Frankfurt). (36 Regions)
2. Availability Zone (AZ): One or more discrete data centers in a Region, separated to minimize failure risk. (114 AZ)
3. AWS Data Center: A single facility within an AZ, containing physical servers, networking, and storage.
4. EC2 Instance – A virtual machine running inside a specific AZ.

1. AWS Management Console

• A web-based graphical interface for managing AWS services.
• Best for visual management, monitoring, and quick configurations.
• Provides dashboards and interactive controls for easy service navigation.

2. AWS Command Line Interface (CLI)

• A command-line tool for interacting with AWS services programmatically.
• Best for automation, scripting, and DevOps workflows.
• Allows bulk operations and remote management of AWS resources.

3. AWS Software Development Kits (SDKs)

• SDKs allow developers to integrate AWS services within applications using programming languages.
• Available for Python (Boto3), JavaScript, Java, Go, .NET, and more.
• Best for developers building cloud-native applications with AWS APIs.

1. AWS Elastic Beanstalk

• A Platform as a Service (PaaS) that simplifies application deployment.
• Manages infrastructure automatically, handling scaling, monitoring, and maintenance.
• Best for developers deploying applications without worrying about infrastructure setup.

2. AWS CloudFormation

• A fully-managed Infrastructure as Code (IaC) service.
• Uses YAML or JSON templates to define and provision AWS resources.
• Best for DevOps teams managing AWS infrastructure through automation.

1. When you enter the domain name into your browser, this request is sent to a customer DNS resolver.
2. The customer DNS resolver asks the company DNS server for the IP address that corresponds to AnyCompany’s website.
3. The company DNS server responds by providing the IP address for AnyCompany’s website, 192.0.2.0.

1. A customer requests data from the application by going to AnyCompany’s website.
2. Amazon Route 53 uses DNS resolution to identify AnyCompany.com’s corresponding IP address, 192.0.2.0. This information is sent back to the customer.
3. The customer’s request is sent to the nearest edge location through Amazon CloudFront.
4. Amazon CloudFront connects to the Application Load Balancer, which sends the incoming packet to an Amazon EC2 instance.

• An instance store provides temporary block-level storage for an Amazon EC2 instance. An instance store is disk storage that is physically attached to the host computer for an EC2 instance, and therefore has the same lifespan as the instance.
• When the instance is terminated, you lose any data in the instance store.

• In object storage, each object consists of data, metadata, and a key.
• The data might be an image, video, text document, or any other type of file.
• Metadata contains information about what the data is, how it is used, the object size, and so on.
• An object’s key is its unique identifier.

An EBS snapshot is an incremental backup. The first snapshot of an EBS volume copies all the data, while subsequent snapshots only save the blocks of data that have changed since the last snapshot. This approach differs from full backups, where all data is copied every time, including unchanged data. Incremental backups are more efficient, saving storage space and reducing backup time compared to full backups.

• Designed for frequently accessed data
• Stores data in a minimum of three Availability Zones
• Has a higher cost than other storage

This makes it a good choice for a wide range of use cases, such as websites, content distribution, and data analytics.

• Ideal for infrequently accessed data
• Stores data in a minimum of three Availability Zones
• Has a lower storage price and higher retrieval price

This makes it a good choice for a wide range of use cases, backup storage for disaster recovery, video, images, or other media files that are not part of a frequently viewed library but need to be accessible without long retrieval delays.

• Stores data in a single Availability Zone
• Has a lower storage price than Amazon S3 Standard-IA
• if you want to save costs on storage.
• You can easily reproduce your data in the event of an Availability Zone failure.

• Ideal for data with unknown or changing access patterns
• Requires a small monthly monitoring and automation fee per object

If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.

• Works well for archived data that requires immediate access
• Can retrieve objects within a few milliseconds

You can retrieve objects stored in the S3 Glacier Instant Retrieval storage class within milliseconds, with the same performance as S3 Standard.

• Low-cost storage designed for data archiving
• Able to retrieve objects within a few minutes to hours

You can retrieve objects stored in the S3 Glacier Flexible Retrieval storage class within a few hours, with a lower retrieval price than S3 Glacier Instant Retrieval.

• Lowest-cost object storage class ideal for archiving
• Able to retrieve objects within 12 hours
• All objects from this storage class are replicated and stored across at least three geographically dispersed Availability Zones.

This storage class is the lowest-cost storage in the AWS Cloud, with data retrieval from 12 to 48 hours.

Amazon S3 Outposts delivers object storage to your on-premises AWS Outposts environment. Amazon S3 Outposts is designed to store data durably and redundantly across multiple devices and servers on your Outposts.

• An Amazon EBS volume stores data in a single Availability Zone and is attach to a EC2 instance.
• In order to attach EC2 to EBS, you need to be in the same AZ.
• If you provision a two terabyte EBS volume and fill it up, it doesn’t automatically scale to give you more storage.
• Amazon EFS can have multiple instances reading and writing from it at the same time. It is a true file system for Linux. Any EC2 instance in the Region can write to the EFS file system. It automatically scales

1. Development and test database migrations: Enabling developers to test applications against production data without affecting production users.
2. Database consolidation: Combining several databases into a single database.
3. Continuous replication: Sending ongoing copies of your data to other target sources instead of doing a one-time migration

In the Customer Compliance Center, you can read customer compliance stories to discover how companies in regulated industries have solved various compliance, governance, and audit challenges. You can find:

• AWS answers to key compliance questions
• An overview of AWS risk and compliance
• An auditing security checklist

In a distributed denial-of-service (DDoS) attack, multiple sources are used to start an attack that aims to make a website or application unavailable.

This can come from a group of attackers, or even a single attacker. The single attacker can use multiple infected computers (also known as “bots”) to send excessive traffic to a website or application.

To help minimize the effect of DoS and DDoS attacks on your applications, you can use AWS Shield.

A UDP flood attack exploits internet services like the National Weather Service, which provide large responses to small requests.

The attacker sends a simple request (e.g., “Give me weather”) but spoofs the return address to the victim’s server. As a result, the service floods the victim with massive amounts of data, overwhelming its capacity.

To help minimize the effect of DoS and DDoS attacks on your applications, you can use AWS Security Groups and AWS Shield.

HTTP-level attacks mimic legitimate user behavior, such as repeatedly performing complex product searches. These attacks come from a network of compromised bots, overwhelming the server with excessive requests.

As a result, real customers are unable to access the service.

To help minimize the effect of DoS and DDoS attacks on your applications, you can use AWS WAF to filter malicious traffic and rate-limit abusive requests.

The Slowloris attack exploits server connection limits by making slow, incomplete requests, forcing the server to keep connections open indefinitely.

This is like someone taking excessively long to order at a coffee shop, blocking others from being served. A few attackers can exhaust server resources, severely impacting availability.

To help minimize the effect of DoS and DDoS attacks on your applications, you can use Elastic Load Balancer (ELB) to handle HTTP requests efficiently.

A SYN flood attack exploits the TCP handshake process by sending a large number of SYN requests without completing the connection.

The victim’s server keeps resources allocated for half-open connections, eventually exhausting its capacity and preventing legitimate users from connecting.

To help minimize the effect of SYN flood attacks on your applications, you can use AWS Shield Advanced and Elastic Load Balancer (ELB) to detect and mitigate abnormal connection attempts.

A DNS amplification attack abuses open DNS resolvers by sending small queries with a spoofed source IP (the victim’s IP). These queries trigger much larger responses, which flood the victim with data.

This attack amplifies the attacker’s bandwidth, making it highly efficient and destructive.

To help minimize the effect of DNS amplification attacks on your applications, you can use AWS Route 53 with AWS Shield Advanced to filter out malicious DNS traffic.

An ICMP flood (ping flood) attack overwhelms a network by sending excessive ICMP (ping) requests. This consumes both bandwidth and processing power, leading to service disruption.

To help minimize the effect of ICMP flood attacks on your applications, you can use AWS Security Groups and Network ACLs to block unnecessary ICMP traffic.

A Smurf attack abuses ICMP by sending spoofed requests to a network’s broadcast address. Every device on that network responds to the victim’s spoofed IP, causing a massive traffic overload.

To help minimize the effect of Smurf attacks on your applications, you can use AWS Security Groups and AWS WAF to filter malicious ICMP traffic.

With CloudWatch, you can create alarms that automatically perform actions if the value of your metric has gone above or below a predefined threshold.

You could create a CloudWatch alarm that automatically stops an Amazon EC2 instance when the CPU utilization percentage has remained below a certain threshold for a specified period.

Enables you to access all the metrics for your resources from a single location.

You can use a CloudWatch dashboard to monitor the CPU utilization of an Amazon EC2 instance, the total number of requests made to an Amazon S3 bucket, and more.

You can also enable CloudTrail Insights. This optional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.

For example, CloudTrail Insights might detect that a higher number of Amazon EC2 instances than usual have recently launched in your account.

AWS offers a range of cloud computing services with pay-as-you-go pricing.

• You pay for exactly the amount of resources that you actually use, without requiring long-term contracts or complex licensing.
• Some services offer reservation options that provide a significant discount compared to On-Demand Instance pricing.
• Some services offer tiered pricing, so the per-unit cost is incrementally lower with increased usage.

Ensures that IT aligns with business needs and that IT investments link to key business results.

Common roles in the Business Perspective include:

• Business managers
• Finance managers
• Budget owners
• Strategy stakeholders

The People Perspective supports development of an organization-wide change management strategy for successful cloud adoption.

Common roles in the People Perspective include:

• Human resources
• Staffing
• People managers

The Governance Perspective focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.

Common roles in the Governance Perspective include:

• Chief Information Officer (CIO)
• Program managers
• Enterprise architects
• Business analysts
• Portfolio managers

The Platform Perspective includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.

Common roles in the Platform Perspective include:

• Chief Technology Officer (CTO)
• IT managers
• Solutions architects

The Security Perspective ensures that the organization meets security objectives for visibility, auditability, control, and agility.

Common roles in the Security Perspective include:

• Chief Information Security Officer (CISO)
• IT security managers
• IT security analysts

The Operations Perspective helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.

Common roles in the Operations Perspective include:

• IT operations managers
• IT support managers

Rehosting also known as “lift-and-shift” involves moving applications without changes.

In the scenario of a large legacy migration, in which the company is looking to implement its migration and scale quickly to meet a business case, the majority of applications are rehosted.

Replatforming, also known as “lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.

Refactoring (also known as re-architecting) involves reimagining how an application is architected and developed by using cloud-native features. Refactoring is driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.

Repurchasing involves moving from a traditional license to a software-as-a-service model.

For example, a business might choose to implement the repurchasing strategy by migrating from a customer relationship management (CRM) system to Salesforce.com.

Retaining consists of keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.

Retiring is the process of removing applications that are no longer needed.

• Smallest device with up to 8 TB capacity
• Includes edge computing options (Amazon EC2 instances and AWS IoT Greengrass)
• Workflow: Order → Ship → Plug in & copy data → Ship back → Data transferred to your AWS account (typically an S3 bucket)
• Ideal for terabytes of data like analytics, video libraries, image collections, backups, etc.

• Available in two versions:
  1. Compute Optimized: Storage: 80 TB of hard disk drive (HDD) capacity for block volumes and Amazon S3 compatible object storage, and 1 TB of SATA solid state drive (SSD) for block volumes.
  2. Storage Optimized: Storage: 80-TB usable HDD capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and 28 TB of usable NVMe SSD capacity for Amazon EBS compatible block volumes.
• Designed for situations where 8 TB is not enough
• Rack-mountable and clusterable for greater computing needs
• Can run AWS Lambda functions, EC2-compatible AMIs, or AWS IoT Greengrass for on-site data processing
• Use cases include IoT data streams, image compression, video transcoding, and industrial signaling

• Largest offering, housed in a 45-foot rugged shipping container
• Capable of storing up to 100 petabytes
• Ideal for massive migrations and data center shutdowns
• Delivered by truck; appears as a network-attached storage device upon installation
• Features robust physical security: tamper-resistant, waterproof, temperature controlled, fire suppression, GPS tracking, 24/7 video surveillance, and escort security during transit

Operational excellence is the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

Design principles for operational excellence in the cloud include performing operations as code, annotating documentation, anticipating failure, and frequently making small, reversible changes.

The Security pillar is the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

When considering the security of your architecture, apply these best practices:

• Automate security best practices when possible.
• Apply security at all layers.
• Protect data in transit and at rest.

Reliability is the ability of a system to do the following:

• Recover from infrastructure or service disruptions
• Dynamically acquire computing resources to meet demand
• Mitigate disruptions such as misconfigurations or transient network issues

Reliability includes testing recovery procedures, scaling horizontally to increase aggregate system availability, and automatically recovering from failure.

Performance efficiency is the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

Evaluating the performance efficiency of your architecture includes experimenting more often, using serverless architectures, and designing systems to be able to go global in minutes.

Cost optimization is the ability to run systems to deliver business value at the lowest price point.

Cost optimization includes adopting a consumption model, analyzing and attributing expenditure, and using managed services to reduce the cost of ownership.

Sustainability is the ability to continually improve sustainability impacts by reducing energy consumption and increasing efficiency across all components of a workload by maximizing the benefits from the provisioned resources and minimizing the total resources required.

To facilitate good design for sustainability:

• Understand your impact
• Establish sustainability goals
• Maximize utilization
• Anticipate and adopt new, more efficient hardware and software offerings
• Use managed services
• Reduce the downstream impact of your cloud workloads

Upfront expenses include data centers, physical servers, and other resources that you would need to invest in before using computing resources.

Instead of investing heavily in data centers and servers before you know how you’re going to use them, you can pay only when you consume computing resources.

By using cloud computing, you can achieve a lower variable cost than you can get on your own.

Because usage from hundreds of thousands of customers aggregates in the cloud, providers such as AWS can achieve higher economies of scale. Economies of scale translate into lower pay-as-you-go prices.

With cloud computing, you don’t have to predict how much infrastructure capacity you will need before deploying an application.

For example, you can launch Amazon Elastic Compute Cloud (Amazon EC2) instances when needed and pay only for the compute time you use. Instead of paying for resources that are unused or dealing with limited capacity, you can access only the capacity that you need, and scale in or out in response to demand.

The flexibility of cloud computing makes it easier for you to develop and deploy applications.

This flexibility also provides your development teams with more time to experiment and innovate.

Cloud computing in data centers often requires you to spend more money and time managing infrastructure and servers.

A benefit of cloud computing is the ability to focus less on these tasks and more on your applications and customers.

The AWS Cloud global footprint enables you to quickly deploy applications to customers around the world, while providing them with low latency.