AWS Cloud Practitioner

From wikieduonline
Jump to navigation Jump to search

Domain 1: Cloud Concepts

1.1 Define the AWS Cloud and its value proposition

Define the benefits of the AWS cloud including:

Explain how the AWS cloud allows users to focus on business value

  • Shifting technical resources to revenue-generating activities as opposed to managing

infrastructure

1.2 Identify aspects of AWS Cloud economics

Define items that would be part of a Total Cost of Ownership proposal

  • Understand the role of operational expenses (OpEx)
  • Understand the role of capital expenses (CapEx)
  • Understand labor costs associated with on-premises operations
  • Understand the impact of software licensing costs when moving to the cloud

Identify which operations will reduce costs by moving to the cloud:

  • Right-sized infrastructure
  • Benefits of automation
  • Reduce compliance scope (for example, reporting)
  • Managed services (for example, RDS, ECS, EKS, DynamoDB)

1.3 Explain the different cloud architecture design principles

Explain the design principles:

  • Design for failure
  • Decouple components versus monolithic architecture
  • Implement elasticity in the cloud versus on-premises
  • Think parallel

Version 2.1 CLF-C01 4 | PAGE

Domain 2: Security and Compliance

2.1 Define the AWS shared responsibility model

Recognize the elements of the Shared Responsibility Model Describe the customer’s responsibility on AWS

  • Describe how the customer’s responsibilities may shift depending on the service used

(for example with RDS, Lambda, or EC2)

  • Describe AWS responsibilities

2.2 Define AWS Cloud security and compliance concepts

Identify where to find AWS compliance information:

  • Locations of lists of recognized available compliance controls (for example, HIPPA,

SOCs)

  • Recognize that compliance requirements vary among AWS services

At a high level, describe how customers achieve compliance on AWS

  • Identify different encryption options on AWS (for example, In transit, At rest)

Describe who enables encryption on AWS for a given service

Recognize there are services that will aid in auditing and reporting

  • Recognize that logs exist for auditing and monitoring (do not have to understand the

logs)

  • Define Amazon CloudWatch, AWS Config, and AWS CloudTrail

Explain the concept of least privileged access

2.3 Identify AWS access management capabilities

Understand the purpose of User and Identity Management:

  • Access keys and password policies (rotation, complexity)
  • Multi-Factor Authentication (MFA)
  • AWS Identity and Access Management (IAM)
    • Groups/users
    • Roles
    • Policies, managed policies compared to custom policies
  • Tasks that require use of root accounts

Protection of root accounts

2.4 Identify resources for security support

Recognize there are different network security capabilities:

  • Native AWS services (for example, security groups, Network ACLs, AWS WAF)
  • 3

rd party security products from the AWS Marketplace

  • Recognize there is documentation and where to find it (for example, best practices,

whitepapers, official documents)

  • AWS Knowledge Center, Security Center, security forum, and security blogs
  • Partner Systems Integrators

Know that security checks are a component of AWS Trusted Advisor

Version 2.1 CLF-C01 5 | PAGE

Domain 3: Technology

3.1 Define methods of deploying and operating in the AWS Cloud  Identify at a high level different ways of provisioning and operating in the AWS cloud o Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as Code  Identify different types of cloud deployment models o All in with cloud/cloud native o Hybrid o On-premises  Identify connectivity options o VPN o AWS Direct Connect o Public internet 3.2 Define the AWS global infrastructure  Describe the relationships among Regions, Availability Zones, and Edge Locations  Describe how to achieve high availability through the use of multiple Availability Zones o Recall that high availability is achieved by using multiple Availability Zones o Recognize that Availability Zones do not share single points of failure  Describe when to consider the use of multiple AWS Regions o Disaster recovery/business continuity o Low latency for end-users o Data sovereignty  Describe at a high level the benefits of Edge Locations o Amazon CloudFront o AWS Global Accelerator 3.3 Identify the core AWS services  Describe the categories of services on AWS (compute, storage, network, database)  Identify AWS compute services o Recognize there are different compute families o Recognize the different services that provide compute (for example, AWS Lambda compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.) o Recognize that elasticity is achieved through Auto Scaling o Identify the purpose of load balancers  Identify different AWS storage services o Describe Amazon S3 o Describe Amazon Elastic Block Store (Amazon EBS) o Describe Amazon S3 Glacier o Describe AWS Snowball o Describe Amazon Elastic File System (Amazon EFS) o Describe AWS Storage Gateway  Identify AWS networking services o Identify VPC o Identify security groups o Identify the purpose of Amazon Route 53 o Identify VPN, AWS Direct Connect  Identify different AWS database services o Install databases on Amazon EC2 compared to AWS managed database

See also

Advertising: