5.4 KiB
AWS - Cloud Practitioner
A summary of what you need to know for the exam can be found here
Cloud 101
What types of Cloud Computing services are there?
IAAS PAAS SAAS
Explain each of the following and give an example:
- IAAS
- PAAS
- SAAS
What types of clouds (or cloud deployments) are there?
- Public
- Hybrid
- Private
Explain each of the following Cloud Computing Deployments:
- Public
- Hybrid
- Private
AWS Global Infrastructure
Explain the following
- Availability zone
- Region
- Edge location
AWS regions are data centers hosted across different geographical locations worldwide, each region is completely independent of one another.
Within each region, there are multiple isolated locations known as Availability Zones. Multiple availability zones ensure high availability in case one of them goes down.
Edge locations are basically content delivery network which caches data and insures lower latency and faster delivery to the users in any location. They are located in major cities in the world.
AWS Networking
What is AWS Direct Connect?
Allows you to connect your corporate network to AWS network.
What is Route 53?
"Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service"
More on Route 53 here
What is VPC?
"A logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define" Read more about it here.
True or False? Subnets belong to the same VPC, can be in different availability zones
True. Just to clarify, a subnet must reside entirely in one AZ.
What is an Internet Gateway?
"component that allows communication between instances in your VPC and the internet" (AWS docs). Read more about it here
Multiple Internet Gateways can be attached to one VPC
False. Only one internet gateway can be attached to a single VPC.
Explain Security Groups and Network ACLs
- NACL - security layer on the subnet level.
- Security Group - security layer on the instance level.
AWS EC2
What is EC2?
AWS Storage
Explain what is AWS S3?
S3 stands for 3 S, Simple Storage Service. S3 is a object storage service which is fast, scalable and durable. S3 enables customers to upload, download or store any file or object that is up to 5 TB in size. While having a maximum size of 5 GB per file (multipart upload if more than 5 GB in size).
What is a bucket?
An S3 bucket is a resource which is similar to folders in a file system and allows storing objects, which consist of data and its meta data.
True or False? A bucket name must be globally unique
True
AWS IAM
What is IAM? What are some of its features?
Full explanation is here In short: it's used for managing users, groups, access policies & roles
True or False? IAM configuration is defined globally and not per region
True
Given an example of IAM best practices?
- Set up MFA
- Delete root account access keys
- Create IAM users instead of using root for daily management
What are Roles?
A way for allowing a service of AWS to use another service of AWS. You assign roles to AWS resources. For example, you can make use of a role which allows EC2 service to acesses s3 buckets (read and write).
What are Policies?
Policies documents used to give permissions as to what a user, group or role are able to do. Their format is JSON.
A user is unable to access an s3 bucket. What might be the problem?
There can be several reasons for that. One of them is lack of policy. To solve that, the admin has to attach the user with a policy what allows him to access the s3 bucket.
What should you use to:
-
Grant access between two services/resources?
-
Grant user access to resources/services?
Grant access between two services/resources?
Grant user access to resources/services?
Role
Policy
What permissions does a new user have?
Only a login access.
Final Note
Good luck! You can do it :)