☁️AWS Certified Cloud Practitioner Flash Cards

1. Trade capital expense for variable expense - Pay only for what you use instead of upfront investments. 2. Benefit from massive economies of scale - AWS aggregates usage resulting in lower pay-as-you-go prices. 3. Stop guessing capacity - Scale up or down as needed. 4. Increase speed and agility - Resources available in minutes not weeks. 5. Stop spending money on running data centers - Focus on your business. 6. Go global in minutes - Deploy worldwide quickly.

1. Operational Excellence: Run and monitor systems to deliver business value. 2. Security: Protect information and systems. 3. Reliability: Recover from failures and meet demand. 4. Performance Efficiency: Use resources efficiently. 5. Cost Optimization: Avoid unnecessary costs. 6. Sustainability: Minimize environmental impact of cloud workloads.

CapEx (Capital Expenditure) involves upfront purchases of physical resources with fixed costs regardless of usage, depreciation over time, typical of traditional on-premises models. OpEx (Operational Expenditure) is pay-as-you-go for services consumed with variable costs based on usage, no upfront investment, characteristic of cloud computing models.

Elasticity is the ability to acquire resources as needed and release when no longer required. Key features include automatic scaling up or down, matching capacity with demand, paying only for what you use, and avoiding over-provisioning or under-provisioning. Example: EC2 Auto Scaling automatically adjusts the number of instances based on demand.

High availability refers to systems that are continuously operational for extended periods. AWS implementation includes multiple Availability Zones, automatic failover, load balancing, health checks and auto-recovery, and redundant components. The goal is to minimize downtime and ensure continuous service availability.

Scalability is the ability to accommodate larger loads through vertical (bigger instance) or horizontal (more instances) scaling with planned capacity changes. Elasticity provides automatic scaling based on demand with dynamic resource provisioning and real-time capacity adjustments, including both scaling up and down. Elasticity is essentially automated scalability.

Cloud (Public Cloud): Applications fully deployed in the cloud with all resources running on AWS. Hybrid: Connects on-premises to cloud resources, common for legacy integration. On-Premises (Private Cloud): Resources deployed using virtualization with no cloud benefits, sometimes called 'private cloud'.

AWS is responsible for 'Security OF the Cloud' including physical security of data centers, hardware and infrastructure, network infrastructure, hypervisor, and managed service components. Customers are responsible for 'Security IN the Cloud' including data and encryption, identity and access management, operating systems and applications, network and firewall configuration, and client-side encryption.

AWS Identity and Access Management (IAM) includes Users (individual people or applications), Groups (collection of users), Roles (temporary credentials for services/users), and Policies (JSON documents defining permissions). Best practices include never using root account for daily tasks, enabling MFA, and using the principle of least privilege.

Enable MFA immediately, never share root credentials, don't use for daily tasks, create IAM admin user for administration, delete root access keys if they exist, and use a strong, unique password. Tasks only root can do include changing account settings, closing AWS account, and changing support plan.

Grant only the minimum permissions required to perform a task. Implementation involves starting with no permissions, adding permissions as needed, regular permission audits, removing unnecessary permissions, and using IAM Access Analyzer. Benefits include reduced security risk, limited blast radius, and better compliance.

AWS Organizations provides central management of multiple AWS accounts. Features include consolidated billing with single payment method, volume discounts through aggregated usage, Service Control Policies (SCPs) for central control, and account organization using OUs for hierarchy. Benefits include cost optimization, security control, and compliance management.

AWS CloudTrail records AWS API calls for auditing. It logs all API activity including who made the request, when it was made, source IP address, and request parameters. Use cases include compliance auditing, security analysis, troubleshooting, and governance.

Security Groups operate at instance level (virtual firewall), are stateful (return traffic allowed), have allow rules only, evaluate all rules, with default deny all inbound and allow all outbound. Network ACLs operate at subnet level, are stateless (must configure both ways), have allow and deny rules, process rules in order, with default allow all traffic.

AWS Regions are geographic locations (e.g., us-east-1) containing multiple Availability Zones with data sovereignty and compliance. Availability Zones (AZs) are one or more discrete data centers with redundant power and networking, connected via low-latency links. Edge Locations are CloudFront POPs for content caching with 400+ locations globally.

On-Demand: Pay by the second with no commitment. Reserved Instances: 1 or 3 year commitment for up to 72% discount. Savings Plans: Flexible pricing with commit to $/hour usage. Spot Instances: Up to 90% discount but can be interrupted. Dedicated Hosts: Physical server for compliance. Dedicated Instances: Hardware isolation at host level.

EBS (Elastic Block Store) provides persistent storage that survives instance stop/termination, supports snapshots for backup, can be detached/reattached, with multiple types (gp3, io2, etc.). Instance Store is ephemeral storage lost when instance stops/terminates, offers very high IOPS, is included in instance price, good for temporary data/cache.

S3 Standard for frequently accessed data. S3 Standard-IA for infrequent access with rapid retrieval. S3 One Zone-IA for single AZ infrequent access. S3 Intelligent-Tiering for automatic tier optimization. S3 Glacier Instant for archive with millisecond retrieval. S3 Glacier Flexible for archive with 1-12 hour retrieval. S3 Glacier Deep Archive for long-term with 12-48 hour retrieval.

Virtual Private Cloud (VPC) is your isolated network in AWS. Components include Subnets (range of IP addresses), Route Tables (control traffic routing), Internet Gateway (connect to internet), NAT Gateway (outbound internet for private resources), Security Groups (instance-level firewall), and NACLs (subnet-level firewall). A Default VPC is created automatically in each region.

Amazon RDS (Relational) offers SQL databases (MySQL, PostgreSQL, etc.) with ACID compliance, complex queries and joins, vertical scaling, and automated backups. DynamoDB (NoSQL) is a key-value and document store that's serverless with automatic scaling, single-digit millisecond performance, and global tables.

AWS Lambda is a serverless compute service. Features include running code without managing servers, paying only for compute time used, automatic scaling, support for multiple languages, and 15-minute maximum execution time. Use cases include event-driven processing, real-time file processing, API backends, and scheduled tasks.

CloudFront is a Content Delivery Network (CDN) that caches content at edge locations to reduce latency globally. It provides DDoS protection with Shield, HTTPS support, and works with S3, EC2, and Load Balancers. Use cases include static website hosting, video streaming, API acceleration, and software distribution.

Types of Load Balancers: Application Load Balancer (ALB) operates at Layer 7 (HTTP/HTTPS) with content-based routing, best for web applications. Network Load Balancer (NLB) operates at Layer 4 (TCP/UDP) with ultra-high performance and static IP addresses. Gateway Load Balancer operates at Layer 3 for third-party virtual appliances.

Pay-as-you-go: Pay only for what you use. Save when you reserve: Reserved capacity discounts. Pay less by using more: Volume discounts. Pay less as AWS grows: Price reductions over time. Free Tier includes 12 months free for new accounts, always free services, and trial offers.

Three Types: 12 Months Free includes EC2 t2.micro (750 hours/month), S3 (5GB storage), RDS (750 hours). Always Free includes Lambda (1M requests/month), DynamoDB (25GB storage), CloudWatch (10 metrics). Trials include Lightsail (1 month) and SageMaker (2 months).

Consolidated Billing is a feature of AWS Organizations providing a single bill for all accounts with volume discounts aggregated across accounts, Reserved Instance sharing, and easier tracking. Features include detailed cost reports per account, cost allocation tags, while still maintaining account isolation.

AWS Budgets lets you set custom budgets, sends alerts when exceeded, supports cost/usage/RI budgets, provides proactive notifications, and allows up to 20,000 budgets. Cost Explorer visualizes and analyzes costs, shows historical data (13 months), forecasts future costs, identifies cost drivers, and provides recommendations for savings.

Basic (Free): 24/7 customer service, documentation and forums, AWS Trusted Advisor (7 checks). Developer ($29/month): Technical support via email with 12-hour response time. Business ($100/month): 24/7 phone support, 1-hour response for urgent, all Trusted Advisor checks. Enterprise ($15,000/month): Technical Account Manager, 15-minute response critical, architecture support.

Trusted Advisor provides automated recommendations for AWS best practices across five categories: Cost Optimization (unused resources), Performance (service limits), Security (open ports, MFA), Fault Tolerance (backups, multi-AZ), and Service Limits (usage vs limits). Basic support includes 7 core checks while Business/Enterprise get all checks.

Route 53 is a scalable DNS and domain registration service. Features include domain registration, DNS routing (A, CNAME, etc.), health checking, and traffic management. Routing policies include Simple, Weighted, Latency-based, Failover, Geolocation, Geoproximity, and Multivalue answer.

Amazon ECS is AWS proprietary container orchestration with deep AWS integration and simpler to use. Amazon EKS is managed Kubernetes that's open source with portable workloads. AWS Fargate provides serverless compute for containers working with both ECS and EKS with no server management. Amazon ECR is the container image registry.

Auto Scaling automatically adjusts capacity to maintain performance. Components include Launch template (instance configuration), Auto Scaling Group (min, max, desired capacity), and Scaling policies (when to scale). Scaling types include Target tracking, Step scaling, Scheduled scaling, and Predictive scaling. Benefits include cost optimization and high availability.

Relational: RDS for managed SQL databases, Aurora for high-performance MySQL/PostgreSQL. NoSQL: DynamoDB for key-value and document, DocumentDB for MongoDB-compatible. In-Memory: ElastiCache for Redis or Memcached, MemoryDB for Redis-compatible. Data Warehouse: Redshift for analytics and BI. Graph: Neptune for graph databases.

SNS (Simple Notification Service) provides pub/sub messaging with push notifications to multiple subscribers including email, SMS, and Lambda triggers using a fan-out pattern. SQS (Simple Queue Service) offers queue messaging with a pull model, one consumer per message, for decoupling applications with both standard and FIFO queues.

AWS Migration Hub tracks migrations centrally. Database Migration Service (DMS) migrates databases with minimal downtime. Server Migration Service migrates on-premises servers. AWS Snow Family includes Snowcone (8TB, portable), Snowball (80TB, petabyte-scale), and Snowmobile (100PB, data center migration). DataSync handles online data transfer while Transfer Family manages file transfers to S3/EFS.

Elastic Beanstalk is a Platform-as-a-Service (PaaS) that handles infrastructure including auto-scaling, load balancing, and health monitoring when you upload code and deploy. It supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker containers while maintaining full control over AWS resources.

EFS (Elastic File System) provides NFS for Linux with multiple EC2 access, auto-scaling, regional service, and pay for storage used. FSx offers FSx for Windows (SMB protocol, AD integration), FSx for Lustre (HPC, ML workloads), FSx for NetApp ONTAP (Multi-protocol), and FSx for OpenZFS (Linux workloads).

Direct Connect provides a dedicated network connection to AWS with consistent bandwidth, lower latency, reduced data transfer costs, private connectivity, and predictable performance. Available speeds are 1 Gbps, 10 Gbps, and 100 Gbps. Virtual Interfaces include Private VIF for VPC access and Public VIF for AWS public services.

AI Services (Pre-trained) include Rekognition for image/video analysis, Comprehend for NLP, Polly for text-to-speech, Transcribe for speech-to-text, and Translate for language translation. ML Platform includes SageMaker to build, train, and deploy models. ML Frameworks include Deep Learning AMIs and TensorFlow/PyTorch on EC2.

SageMaker is a fully managed ML platform. Components include Studio (IDE for ML), Notebooks (Jupyter environments), Training (distributed training), Endpoints (model hosting), and Pipelines (MLOps). Features include built-in algorithms, automatic model tuning, model registry, and A/B testing.

Storage Gateway provides hybrid cloud storage with three types: File Gateway (NFS/SMB to S3 with local cache), Volume Gateway (iSCSI block storage with EBS snapshots, stored or cached volumes), and Tape Gateway (virtual tape library, backup to S3/Glacier, works with existing backup software).

AWS Backup is a centralized backup service supporting EC2, EBS, RDS, Aurora, DynamoDB, EFS, FSx, and Storage Gateway. Features include backup policies, cross-region backup, cross-account backup, lifecycle management, and compliance reporting. Pricing is based on storage plus restore requests.

WorkSpaces is a managed Desktop as a Service (DaaS) providing Windows or Linux desktops with persistent storage, access from anywhere, pay hourly or monthly, and AD integration. Bundles include Value (basic tasks), Standard (general use), Performance (high CPU), and Power (high CPU/GPU). Use cases include remote work, contractors, and BYOD scenarios.

Athena is a serverless interactive query service that queries S3 data using SQL with no infrastructure, pay per query pricing, standard SQL support, and multiple data format support including CSV, JSON, ORC, Parquet, Apache web logs, and compressed files. Use cases include ad-hoc analysis, log analysis, and BI.

Kinesis is a real-time data streaming platform. Services include Data Streams for real-time data ingestion, Data Firehose to load streams to destinations, Data Analytics for SQL on streams, and Video Streams for video processing. Use cases include real-time analytics, log processing, IoT data collection, and live dashboards.

AWS Glue is a serverless ETL service. Components include Data Catalog (metadata repository), Crawlers (discover schemas), ETL Jobs (transform data), and Development endpoints (test ETL). Features include automatic schema discovery, code generation, job scheduling, PySpark and Scala support, with integration to S3, RDS, Redshift, and Athena.

EventBridge is a serverless event bus service featuring event routing, schema registry, event replay, cross-account events, and SaaS integration. Event sources include AWS services, custom applications, and SaaS partners. Targets include Lambda, SQS, SNS, Step Functions, and Kinesis.

Step Functions is a serverless orchestration service providing visual workflows, state machines, error handling, retry logic, and parallel execution. Types include Standard for long-running workflows and Express for high-volume, short duration. Use cases include microservices orchestration, ETL, and ML pipelines.

API Gateway is a managed API service supporting REST and WebSocket APIs with API versioning, authentication, rate limiting, caching, and SDK generation. API Types include REST API (full features), HTTP API (lower cost, faster), and WebSocket API (real-time). It integrates with Lambda, EC2, and any HTTP endpoint.

QuickSight is a business intelligence service featuring interactive dashboards, ML insights, natural language queries, mobile access, and embedded analytics. Data sources include AWS services, databases, SaaS applications, and files. Pricing is per-user or per-session.

IoT Core connects IoT devices to cloud with features including device gateway, message broker, rules engine, device shadows, and device registry. Protocols include MQTT, HTTPS, WebSockets, and LoRaWAN. It scales to billions of devices and trillions of messages.