AWS Cloud Practitioner

From wikieduonline
Revision as of 13:32, 9 September 2021 by Chmod14 (talk | contribs)
Jump to navigation Jump to search

Domain 1: Cloud Concepts

1.1 Define the AWS Cloud and its value proposition

Define the benefits of the AWS cloud including:

  • Security
  • Reliability
  • High Availability
  • Elasticity
  • Agility
  • Pay-as-you go pricing
  • Scalability
  • Global Reach
  • Economy of scale

Explain how the AWS cloud allows users to focus on business value

  • Shifting technical resources to revenue-generating activities as opposed to managing

infrastructure

1.2 Identify aspects of AWS Cloud economics

Define items that would be part of a Total Cost of Ownership proposal

  • Understand the role of operational expenses (OpEx)
  • Understand the role of capital expenses (CapEx)
  • Understand labor costs associated with on-premises operations
  • Understand the impact of software licensing costs when moving to the cloud

Identify which operations will reduce costs by moving to the cloud:

  • Right-sized infrastructure
  • Benefits of automation
  • Reduce compliance scope (for example, reporting)
  • Managed services (for example, RDS, ECS, EKS, DynamoDB)

1.3 Explain the different cloud architecture design principles

Explain the design principles:

  • Design for failure
  • Decouple components versus monolithic architecture
  • Implement elasticity in the cloud versus on-premises
  • Think parallel

Version 2.1 CLF-C01 4 | PAGE

Domain 2: Security and Compliance

2.1 Define the AWS shared responsibility model

Recognize the elements of the Shared Responsibility Model Describe the customer’s responsibility on AWS

  • Describe how the customer’s responsibilities may shift depending on the service used

(for example with RDS, Lambda, or EC2)

  • Describe AWS responsibilities

2.2 Define AWS Cloud security and compliance concepts

Identify where to find AWS compliance information:

  • Locations of lists of recognized available compliance controls (for example, HIPPA,

SOCs)

  • Recognize that compliance requirements vary among AWS services

At a high level, describe how customers achieve compliance on AWS

  • Identify different encryption options on AWS (for example, In transit, At rest)

Describe who enables encryption on AWS for a given service

Recognize there are services that will aid in auditing and reporting

  • Recognize that logs exist for auditing and monitoring (do not have to understand the

logs)

  • Define Amazon CloudWatch, AWS Config, and AWS CloudTrail

 Explain the concept of least privileged access 2.3 Identify AWS access management capabilities  Understand the purpose of User and Identity Management o Access keys and password policies (rotation, complexity) o Multi-Factor Authentication (MFA) o AWS Identity and Access Management (IAM) • Groups/users • Roles • Policies, managed policies compared to custom policies o Tasks that require use of root accounts Protection of root accounts 2.4 Identify resources for security support  Recognize there are different network security capabilities o Native AWS services (for example, security groups, Network ACLs, AWS WAF) o 3 rd party security products from the AWS Marketplace  Recognize there is documentation and where to find it (for example, best practices, whitepapers, official documents) o AWS Knowledge Center, Security Center, security forum, and security blogs o Partner Systems Integrators  Know that security checks are a component of AWS Trusted Advisor

Version 2.1 CLF-C01 5 | PAGE Domain 3: Technology 3.1 Define methods of deploying and operating in the AWS Cloud  Identify at a high level different ways of provisioning and operating in the AWS cloud o Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as Code  Identify different types of cloud deployment models o All in with cloud/cloud native o Hybrid o On-premises  Identify connectivity options o VPN o AWS Direct Connect o Public internet 3.2 Define the AWS global infrastructure  Describe the relationships among Regions, Availability Zones, and Edge Locations  Describe how to achieve high availability through the use of multiple Availability Zones o Recall that high availability is achieved by using multiple Availability Zones o Recognize that Availability Zones do not share single points of failure  Describe when to consider the use of multiple AWS Regions o Disaster recovery/business continuity o Low latency for end-users o Data sovereignty  Describe at a high level the benefits of Edge Locations o Amazon CloudFront o AWS Global Accelerator 3.3 Identify the core AWS services  Describe the categories of services on AWS (compute, storage, network, database)  Identify AWS compute services o Recognize there are different compute families o Recognize the different services that provide compute (for example, AWS Lambda compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.) o Recognize that elasticity is achieved through Auto Scaling o Identify the purpose of load balancers  Identify different AWS storage services o Describe Amazon S3 o Describe Amazon Elastic Block Store (Amazon EBS) o Describe Amazon S3 Glacier o Describe AWS Snowball o Describe Amazon Elastic File System (Amazon EFS) o Describe AWS Storage Gateway  Identify AWS networking services o Identify VPC o Identify security groups o Identify the purpose of Amazon Route 53 o Identify VPN, AWS Direct Connect  Identify different AWS database services o Install databases on Amazon EC2 compared to AWS managed database


See also

Advertising: