AWS Certified Cloud Practitioner Exam Success Guide, 2: Prepare for CLF-C01Exam with quizzes, assessment tests, hands-on lessons, cheat sheets, and practice exams to build real-life experiences

By Ojula Technology Innovations

This book is the second volume of AWS Certified Cloud Practitioner Exam Success Guide. In this volume, you'll continue your lessons on Amazon Web Services. I'll give you special exam preparation tips in Chapter 10 to help you complete your preparation and fast-track your AWS Certified Cloud Practitioner exam success. The great thing abo

• Language: English
• Publisher: Ojula Technology Innovations
• Release date: Sep 3, 2023
• ISBN: 9781088297421

Ojula Technology Innovations

Dr. Emily Turner, one of the contributors of this book, is a distinguished molecular biologist and educator, known for her profound contributions to the field of cellular and molecular biology. With a Ph.D. in Molecular Biology and over two decades of research experience, Dr. Turner is a true luminary in the realm of life sciences.As a passionate advocate for science education, Dr. Turner has dedicated her career to making the intricacies of cellular and molecular biology accessible to students of all backgrounds. Her journey as an author began with a deep-seated commitment to empower the next generation of scientists, culminating in the co-authorship of "Cell and Molecular Biology: An Introductory Guide for Learning Cellular & Molecular Biology."Dr. Turner's work is characterized by a rare blend of scholarly excellence and pedagogical prowess. Her research has been published in renowned scientific journals, contributing groundbreaking insights to the fields of genetics and molecular biology. Simultaneously, her engaging teaching style has earned her accolades and the admiration of her students.This collaborative effort marks a milestone in her career, where she, along with her co-authors, has crafted a book that distills the complexities of cellular and molecular biology into an approachable and engaging resource. With an unwavering commitment to the advancement of scientific knowledge, Dr. Emily Turner continues to inspire and educate, leaving an indelible mark on the world of science and education.

Book preview

AWS Certified

Cloud Practitioner Exam

Success Guide 2

Prepare for CLF-C01 Exam with quizzes, assessment tests, hands-on lessons, cheat sheets, and practice exams to build real-life experiences

By

Ojula Technology Innovations

AWS Certified

Cloud Practitioner Exam

Success Guide

Volume 2

Prepare for CLF-C01Exam with quizzes, assessment tests, hands-on lessons, cheat sheets, and practice exams to build real-life experiences

ISBN: 978-1-0882-9742-1

Copyright © Ojula Technology Innovations

All rights reserved.

Published in the United States

Limit of Liability/Disclaimer of Warranty

This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. All information given in this book is based on the author’s own research and does not constitute technical, financial or professional advice.

The author and publisher have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publisher.

Trademark Notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe. The author and publisher of this book are not liable or responsible for any other websites or services linked to or from it.

It is forbidden to reproduce any part of this book in any form or medium. Reselling is prohibited.

Table of Contents

About the Author

1. Getting Started

1.0. Introduction to Volume 2: How to Complete Your Preparation of the CLF-C01 Exam

2. Amazon VPC, Networking, and Hybrid

2.0. Introduction

2.1. Amazon Virtual Private Cloud (VPC)

2.1.1. Components of a VPC

2.2. How to Create a Custom VPC (Hands-on Lab)

2.3. Security Groups and Network ACLs

2.4. How to Configure Security Groups and NACLs (Hands-on Lab)

2.5. Public, Private and Elastic IP Addresses

2.6. Working with IP Addresses

2.7. NAT Gateways and NAT Instances

2.7.1. NAT Instance vs NAT Gateway

2.8. How to Deploy a NAT Gateway (Hands-on Lab)

2.9. Amazon VPC Peering

2.10. Amazon VPN and AWS Direct Connect

2.11. AWS Transit Gateway

2.12. AWS Outposts

2.13. Exam Cram 1 (Revision)

2.14. Practice Quiz 1

2.14.1. Answers to Practice Quiz 1

3. Deployment & Automation

3.0. Introduction

3.1. Caching and Amazon CloudFront

3.2. AWS Global Accelerator

3.3. AWS CloudFormation

3.4. AWS Cloud Development Kit (CDK)

3.5. AWS Elastic Beanstalk

3.6. AWS Developer Tools (Code*)

3.7. AWS X-Ray

3.8. AWS OpsWorks

3.9. Exam Cram 2 (Revision)

3.10. Practice Quiz 2

3.10.1. Answers to Practice Quiz 2

4. Databases and Analytics

4.0. Introduction

4.1. Types of Database

4.1.1. Relational Database

4.1.2. Non-Relational Database

4.2. Relational Database Service (RDS)

4.3. Amazon Aurora

4.4. DynamoDB

4.5. RedShift

4.6. Elastic Map Reduce (EMR)

4.7. Amazon ElastiCache

4.8. Amazon Athena and AWS Glue

4.9. Kinesis

4.10. Other Databases and Analytics Services

4.11. Exam Cram 3 (Revision)

4.12. Practice Quiz 3

4.12.1. Answers to Practice Quiz 3

5. Management and Governance

5.0. Introduction

5.1. AWS Organizations

5.2. AWS Control Tower

5.3. AWS Systems Manager

5.4. AWS Service Catalog

5.5. AWS Config

5.6. AWS Trusted Advisor

5.7. AWS Health API and Dashboards

5.8. Exam Cram 4 (Revision)

5.9. Practice Quiz 4

5.9.1. Answers to Practice Quiz 4

6. AWS Cloud Security and Identity

6.0. Introduction

6.1. Identity Providers and Federation

6.2. AWS Directory Service

6.3. Protecting Secrets

6.4. Encryption

6.5. Logging and Auditing

6.6. Detect and Respond

6.7. Firewalls and DDoS Protection

6.8. Compliance Services

6.9. Security Management and Support

6.10. Penetration testing

6.11. Shared Responsibility Model Review

6.12. Exam Cram 5 (Revision)

6.13. Practice Quiz 5

6.13.1. Answers to Practice Quiz 5

7. Architecting for the Cloud

7.0. Introduction

7.1. AWS Well-Architected

7.2. AWS Well-Architected Framework

7.2.1. Operational Excellence Pillar

7.2.2. Security Pillar

7.2.3. Reliability Pillar

7.2.4. Performance Efficiency Pillar

7.2.5. Cost Optimization Pillar

7.3. Practice Quiz 6

7.3.1. Answers to Practice Quiz 6

8. Accounts, Billing and Support

8.1. Introduction

8.2. AWS Pricing Fundamentals

8.3. Amazon EC2 Pricing Options

8.4. Amazon EC2 Pricing Use Cases

8.5. Pricing for other AWS Services

8.6. AWS Pricing Calculator (Hands-on Lesson)

8.7. AWS Support Plans

8.8. Consolidated Billing

8.9. AWS Budgets

8.10. AWS Cost Allocation Tags

8.11. AWS Cost Management Tools

8.12. Exam Cram 6 (Revision)

8.13. Practice Quiz 7

Answers to Practice Quiz 7

9. Migration, Machine Learning and More

9.0. Introduction

9.1. AWS Migration and Transfer Services

9.2. AWS Machine Learning Services

9.3. End User Computing

9.4. AWS IoT Core

9.5. Exam Cram 7 (Revision)

10. Exam Preparation and Tips

10.0. Introduction

11. Full Length Practice Exams & Answers

11.1. Introduction

11.2. Download Practice Exams & Other Training Resources

About the Author

My name is Ojula Bright. I’m the CEO of Ojula Technology Innovations. My educational background is in software development, and I work with a few software developers and system engineers. I spent over 17 years as a software developer, and I’ve done a bunch of other things too. I've been involved in SDLC/process, data science, operating system security and architecture, and many more.

My most recent project is serverless computing where I simplify the building and running of distributed systems. I always use a practical approach in my projects and courses.

I hold a bunch of AWS certifications. As far as GCP goes, I've been certified by Google as both Associate Cloud Engineer and Professional Cloud Architect. Now I specialize in cloud computing and machine learning. I have created courses on cloud computing, operating systems, machine learning, data science and databases.

1. Getting Started

1.0. Introduction to Volume 2: How to Complete Your Preparation of the CLF-C01 Exam

This book is volume 2 of AWS Certified Cloud Practitioner Exam Success Guide. In this volume, you'll continue your lessons on Amazon Web Services. I’ll help you complete your preparation and fast-track your AWS Certified Cloud Practitioner exam success. The great thing about the cloud practitioner exam is it's very suitable for people coming from many different backgrounds. So, it doesn't matter if you have little or no technical experience, or if you do have a technical background and you're looking to transition your skill sets into the cloud.

Whatever background you’re coming from, the two volumes of my guide are all you need. If you’ve not read the first volume, please order it now and read it first. Everything you need is both volumes. They will help you pass your exam. You’re not in this alone because I’m going to help you through it. My support link is at the end of this book for you to contact me any time if you need further help.

Whatever your preferred learning style, I've also got you covered. If you're a visual learner, you'll love my clear diagrams and illustrations throughout this book. You'll enjoy the facts I present to you and the cheat sheets I created because they have exam specific information in them. If you're a practical learner, you'll love my hands-on lessons so that you can get practical with AWS and learn in a hands-on way.

About the hands-on lessons, there're two different types of practical lesson in this volume. The first one is a demo. A demo is a pure demonstration in which I show you something, but you don't need to follow along. The reason I do that is that there are a few examples of where I want to show you something visually so that I can demonstrate to you some feature of AWS. But the set up might be a bit more complex than the cloud practitioner exam requires. Although there're just a few of those, they're a useful way to show you some things.

Now, the other one is a hands-on lesson. A hands-on lesson is a follow-along, so you can go through AWS in your own free tier account and build on AWS. It will give you practical experience, which is really the best way to learn and become competent.

At the end of many chapters of this volume, you'll find a lesson with links to cheat sheets and quizzes that you can use to test yourself as you go through the lessons. There's often an exam cram lesson as well at the end of each chapter. This is a fast-paced run through of the cool facts ideal for quick revision before you sit your exam.

At the end of this volume, I also provide a link to download training resources, graphics and screenshots used in this book, cheat sheets, assessment tests, practice exams, and other helpful documents. You can use them for quick references and revision as well. In this volume, I also provide a link to full-length practice exams so you can test yourself and see if you're ready to sit the real thing. So, if you’ve read volume one, get started with volume 2 right now. I really hope you’ll enjoy it.

2. Amazon VPC, Networking, and Hybrid

2.0. Introduction

Networking is a topic that can be quite complex. I've left it until this second volume of the guide where I cover Amazon VPC because I wanted to expose you to it first. In the first volume, you deployed instances into VPCs, containers and so on. So, you've seen what it is and what it's about, but now I'll go into a lot more detail.

I'll also cover many of the other services for connecting into our VPC, such as Direct Connect and VPN technologies. I've done my best to make these complex subjects easy to digest, so I hope you enjoy this chapter.

2.1. Amazon Virtual Private Cloud (VPC)

You've already had some exposure to the Amazon Virtual Private Cloud, VPC. But what I've done is I've given you that exposure before we actually cover the topic in depth because it helps you understand what it is. You've kind of used it and also used something called a default VPC, which already exists in each region in your account by default.

So, the VPC is a virtual private cloud, and you can think of it as a virtual data center. So, it has a perimeter around it. Within that, you can create and launch your own AWS resources which you can keep private if you want to, or publish them to the outside world. Now, have a look at this diagram to help you understand what a VPC is.

Figure 2.1.1: An illustration of Amazon VPC

A VPC is a logically isolated portion of the cloud within a region. So, it's always within a region. It cannot span across regions. Within a region, we have a VPC. We can have more than one but within the region shown in Figure 2.1.1, we have one VPC. We then create our subnets within availability zones. In the diagram, we have two subnets, and each one is in a separate availability zone. A subnet cannot go across availability zones, but you can have multiple subnets within an availability zone.

Now, we have something called a router. You don't need to understand too much about routing and IP addressing for the Cloud Practitioner Exam. But you do need to understand at a basic level what's happening in Figure 2.1.1. Within a VPC, we have a block of addresses. In this case, our block of addresses is 10.0.0.0/16. That's an address space. Within that space, all of our resources will have their own specific IP address, which is a unique IP address that's within that range.

Now, you don't see a router in AWS but you control it through the route table (shown on the far right of Figure 2.1.1). The router essentially knows how to forward traffic. For example, if you send data from an instance in one subnet to an instance in another subnet, when the router receives that data, it looks at the IP address information and knows where to send it. It also knows whether it's within the VPC. If it is, then here it's going to route it locally, that is, it knows not to send it outside. If it's an internet address we have the entry 0.0.0.0/0 in the route table that says for every other address (that is, anything that's not in this range), send it to the Internet Gateway ID (igw-id).

The Internet Gateway attached to your VPC helps to send traffic to the outside world. So, if you're sending traffic to an internet address, the router says, well, that's not within my internal space. So, let's send it to the internet gateway. So, the internet gateway will forward it to the internet. We can then launch our EC2 instances and other resources into our subnets. Then they will be able to communicate with each other, either host to host, or via the router if it's in another subnet. If they want to connect to the outside world, they can use an Internet Gateway. But there's a little nuance to that with private subnets, which we'll cover later on in the chapter.

Within the region, we can create multiple VPCs. See Figure 2.1.2.

Figure 2.1.2: An illustration of multiple VPCs

Each VPC has a different block of IP addresses called CIDR. In the VPC block on the left, for example, we have a CIDR, which stands for Classless Inter Domain Routing. It's a bit of a complex subject that's beyond the scope of this course. But just understand that within each VPC you have a block of addresses.

The subnets within the VPC have an address range, such as 10.0.0.0/20, that's from the overall block 10.0.0.0/16. So, 10.0.0.0/16 is a big block of addresses, and each subnet has a smaller block of addresses. Those addresses can then be assigned to EC2 instances. So, each subnet has the block of addresses that come from the overall CIDR block. Also, as you can see in Figure 2.1.2, each VPC has a slightly different block of addresses (10.0.0.0/16 is different from 10.1.0.0/16).

2.1.1. Components of a VPC

Now, there's quite a few components to a VPC and we're going to cover some of these in more detail. But you don't need to know too many of them in too much detail for this exam.

Figure 2.1.3: Components of a VPC

Firstly, we just discovered what a VPC is and what a subnet is. In Figure 2.1.3, we then have the Internet gateway, which is the Amazon VPC side of a connection to the public Internet. Now, an Egress-only Internet gateway is very similar to an Internet gateway, except it's used for the IPv6 protocol, which is the newer protocol that replaces the IPv4 protocol. As I mentioned earlier, the router interconnects your subnets, and it routes traffic within your VPC and it's able to send traffic outside your VPC via other devices like Internet gateways.

A peering connection is a way that you can connect VPCs to each other so that they can send traffic internally between each other using their VPC routers. A VPC endpoint is something we will cover in a bit more detail. This is a way that you can connect to those public AWS services but using private IP addresses.

NAT instances and NAT Gateways will be covered in a bit more detail soon. These are a way that you can connect from a private subnet to the internet when your instances don't have a public IP address.

Next, we have two components in the diagram which are related to Amazon VPNs. With a virtual private network (VPN), we have something called a Virtual Private Gateway, which is an item on the AWS side, and then a Customer Gateway, which is the customer side of the connection. With these two together, we've then got the AWS side of the connection and the customer side of the connection, and you can create a virtual private network to your on-premises data center.

AWS Direct Connect is another way to connect from your data center. It offers much better