AWS IMP TIPS

1) In the Cloud means – It is Customer responsible

2) Of the Cloud Means – It is AWS responsible
3) EC2 spot instances - Intrreptiable
4) On-Premesis -On-premises computing refers to setting up and
maintaining your own IT infrastructure within your organization's
physical premises. Capital Expenditure (CapEx) and Hardware
https://awslagi.com/course/aws-certified-cloud-practitioner-clf-c01-actual-
exam/lessons/clf-c01-part-1/

*AmazonS3- offering a versioning & low-cost option for hosting static websites
& object store , durable storage, high availability, encrypt the data at rest,
offsite backup

* fast and reliable NoSQL database service & serverless DB & receive millions of
database queries each second- AWS DynamoDB

*scalable data warehouse solution & complex analytical queries- AWS redshift

*Glacier: Long term and low cost data storage

* AWS Lambda is a serverless& Event driven workload, AWS managed compute
service
* MYSQL compactable database size grows automatically when required is
Amazon Aurora.

*automatically scale with an expected increase in web traffic or automatically

added instances based on traffic - Elastic load balancer

* to serve large amounts of online video content with lowest possible latency-
Amazon S3 , Amazon CloudFront

*feature or service allows companies to track and categorize spending on a

detailed level- Cost Allocation Tags

*accelerating cloud adoption through paid engagements- Profession services

*AWS environments to find opportunities that can save money for optimise cost
and performance- Aws Trusted Advisor

* customers to use existing server-bound software licenses & performing a cost

analysis that supports physical isolation- Dedicated host

* hybrid AWS Cloud architectures- Rout53 and Virtual Private Gateway

* Route53 is a global

* MySQL database that easily scales with AWS Aurora & automated backups
of data by default by Aurora.

* AWS's responsibilities are the security of the cloud.

* Customer responsibilities are security in the cloud.

* Capacity to adjust load as change – Auto Scaling

*1 or 3 Year time frame & workload is steady and predictable–

Reserved Instance

*Spot Instances are recommended for stateless & provides 90%

discount & experience downtime

* OnDemand instance --- is stateful, default pricing model,cannot

interruptible,months

*uninterruptible – Saving plan

* a hybrid storage service that enables on-premises it provides unlimited

storage-. AWS Storage Gateway

* In the cloud & Configuring the operating system, network, and firewall –
customer responsibility
* AWS Step Functions, Amazon DynamoDB, Amazon SNS are
serverless platforms
* Multiple AWS accounts – AWS Organizations
* AWS Compliance reports – AWS Artifact

* EC2 is a ephemeral storage (Temporary) when instance Is stopped data will

deleted and also EC2 is a self managed database
*Amazon EBS is persistent(permenant) storage for a file system

OSI Model AWS infrastructure

Layer 7 Application (how the end user sees it) Application
Layer 6 Presentation (translator between layers) Web Servers,
servers application
Layer 5 Session (session establishment, security) EC2 instances
Layer 4 Transport (TCP, flow control) Security group. NACL
Layer 3 Network (Packets which contain IP addresses) Route Tables,
Subnets IGW,
Layer 2 Data Link (Frames which contain physical MAC addresses) Route
Tables, IGW, Subnets
Layer 1 Physical (cables, physical transmission bits and volts) Regions,
Availability Zones

 EC2 is a ephemeral storage (Temporary) when instance Is stopped data will

be deleted.
 sensitive data(personally identifiable information (PII)) or intellectual
property on AWS & Data leaks detects & send alerts when PII is stored –
AWS macie
 Running an application & migration on premisis to AWS – AWS TCO
 Deploy Infrastructure as a cloud& Automatic application deployments-
AWS cloudformation
 Hybrid Architecture & Dedicated network & Amazon VPC to an on-
premises – AWS DirectConnect
 Unrestricted access – AWS Trusted Advisior
 automated security assessment report & It can identify vulnerabilities in
applications running on Amazon EC2 instances, as well as infrastructure deployments -
AWS Inspector
 features or services can be used to monitor costs and expenses for an AWS
account ------ AWS Cost and Usage report & Billing alerts and Amazon
CloudWatch alarms
 AWS service helps identify malicious(accidental) & prevent or unauthorized
activities or security threats in AWS accounts and workloads- AWS
GuardDuty
 Monitor and and receive alerts - AWS CloudWatch
 to record AWS API calls – AWS CloudTrail
 One or more physical data center ----- Availability Zone
 AWS services can be used as infrastructure automation tools----AWS
CloudFormation & AWS OpsWorks
 AWS service will allow a user to set custom cost and usage limits, and will
sends an alert when the thresholds are exceeded---- AWS Budget
 AWS service or feature can be used to monitor CPU usage- Amazon
CloudWatch
 the total amount of storage offered by Amazon S3-Unlimited & max
as 5TB
 To allow communication between the VPC and the internet—Internet
Gateway
 AWS service or feature allows the user to manage cross-region
application traffic & Domain Name Sysytem----Route 53
 track resource changes and establish compliance--- AWS Config
 host steady-state workloads & reserve instances for 1 year or 3 year---
Reserved Instances
 For months & without interruptions &uninterruptible workload that runs once
a year just for 24 hours,---- On-Demand Instance
 With interruptions- -- Spot Instances
 Petabytes 50 terabytes to 80 terabytes=Snowball;
Exabytes=Snowmobile
 AWS Direct Connect ----can create a dedicated network connection
between your premises and AWS.
 deploy third-party software--- AWS Marketplace
 AWS Elastic Beanstalk is a fully managed service that simplifies the
deployment and management of applications, including Java web
applications.
 Amazon DynamoDB ---is a fully managed, serverless, *key-value*
NoSQL database designed to run high-performance applications at
any scale
 24/7 phone, email, and chat access, with a response time of less than 1 hour -
-- Bussiness
 pricing model can provide discounts of up to 90%-- Spot Instance
 common database query results----Amazon ElastiCache
 centralized storage system--- Parameter Store
 dashboards and charts to visualize and analyze business data—AWS QuickSight
 The AWS CDK supports TypeScript, JavaScript, Python, Java, C#/.Net, and Go.
Developers can use one of these supported programming languages to define reusable
cloud components

 AWS Config: This service helps you manage and enforce

configurations for your AWS resources, but it doesn't specifically track
API calls.
 AWS CloudTrail: This service continuously records API calls made
to your AWS account, including both authorized and unauthorized
calls. It provides a comprehensive audit trail that can be used to track
suspicious activity and identify unauthorized API calls performed
through the Management Console, CLI, SDKs, and other services. AWS
CloudTrail is a service that enables users to track user activity and API usage
across their AWS account. AWS CloudTrail records the details of every API
call made to AWS services
 AWS Trusted Advisor: This service provides recommendations for
improving the security, performance, and cost-effectiveness of your
AWS resources, but it doesn't directly track API calls.( Remember
these keywords, AWS Trusted Advisor - Real Time Guidance (Self
Support) 1) Cost Optimization 2) Fault Tolerance 3) Performance 4)
Security 5) Service Limits/Quota's)
 Amazon Inspector: This service assesses the security of your
Amazon EC2 instances, but it doesn't track API calls across all AWS
services.
 Amazon EC2 Auto Scaling is the AWS service specifically designed
to automatically adjust the number of Amazon EC2 instances to
handle changes in demand or traffic. It helps ensure that the desired
number of instances are available to handle the application workload
while maintaining optimal performance and cost efficiency.
 Elastic Load Balancer:is a service that automatically distributes
incoming application traffic across multiple Amazon EC2 instances to
ensure that no single instance is overwhelmed with too much traffic.
It enhances the availability and fault tolerance of applications.


 application deployment process—AWS CodePipeline
 infrastructure as code---- AWS CloudFormation
 text to speech or text to lifelike voices ---- Amazon Polly
 speech to text ---Amazon Transcribe
 chatbots&voice and text--- Amazon Lex
 Microsoft SQL Server database—EC2 & RDS
 ACL = subnet, Security Groups = instances
 SQL injection and cross-site scripting--- AWS WAF
 rotation of credentials----AWS Secrets Manager
 dashboards that include machine learning insights----Amazon QuickSight
 securely store and encrypt passwords--AWS Secrets Manager
 AWS Compute Optimizer---- Rightsizing
 AWS Simple Token Service (AWS STS)---- Temporaraly provides credentials
 AWS Secrets Manager--- securely store Amazon RDS database credentials
 AWS Well Architected Framework includes the design principle of defining workloads,
applications, and infrastructure as code (IaC)---- Operation Excelleance
 identify AWS resources that are shared externally---- AWS IAM Access
Analyzer

 forecast AWS spending & cost optimization opportunities.---- cost explorer

 long term archiving solution- s3 Glacier
 Automatically discover sensitive data across all of your
organization's S3 buckets--- AWS Macie
 to estimate costs before deployment-------AWS Pricing Calculator
 discounts --- Saving plans
 Agility = quickly deploy
 FSx File Gateway -> File sharing for Windows
 Aws Lamda, Aws fargate, DynamoDB ---- serverless
 Amazon Rekgnition is a machine learning that add images and video, also can detect
inappropriate content
 virtual desktop computers--- AWS WorkSpaces
 Amazon Athena is an interactive query service
 estimate costs before deployment or examine-- AWS Pricing Calculator
 Amazon Cognito allows users to sign in with their social media, email, or
online shopping accounts.
 security alerts----AWS Security Hub
 create, control, and manage their own cryptographic keys---CloudHSM
 DDos attacks --- Aws Shield
 WaF--- http atack, when SQl injection, block the malicious traffic protect
applications from malicious network access
 most cost-effective way—Rightsized
 centralize its operational data and automate tasks security updates----
systems manager
 AWS Snowball Edge is a service that provides a physical device that can
store up to 100 TB of data and perform local data processing on premises. It
enables users to transfer data to and from the AWS Cloud in areas with
limited or no internet connectivity
 Economies of scale—economics of scale
 historical workload usage---- AWS Compute Optimizer
 Amazon Kendra is an enterprise search service
 AWS CAF) connects technology and business--- Govarance
 wants to visualize the report--- AWS QuickSight
 build a web application---- AWS Lightsail
 AWS Glue: for prepare a multiple data type, form and source for analyze
 .AWS Quick Sight: tool for visualize and analyze for your data.
 AWS control tower ----- multiple aws account environment , cloudformation
 Amazon Simple Queue Service (Amazon SQS)---- microservices
 AWS Well-Architected Framework:
1- Operational excellence 2- Security 3- Reliability 4- Performance efficiency 5- Cost
optimization 6-sustanability

Billing Related:

AWS Organizations- is the service that allows you to consolidate

multiple AWS accounts into an organization that you create and
centrally manage. This means that you can receive a single bill that
includes the costs of all your automate create of AWS accounts,
making it easier to manage and track expenses across different
accounts.linked accounts
* migration on-premises to Cloud – AWS TCO

* costs or usage exceeds or if custom spending thresholds are exceeded –

AWS Budgets

* migration to Cloud – AWS TCO

* runs a new project – AWS simple monthly calculator

* Customer Responsibilities in the Cloud

 Ensuring that data is encrypted at rest

*AWS Responsibilites of the Cloud

1)Infrastructure

2)Hardware

SERVICES-------------------------------------------

 Amazon S3: Although a highly scalable storage solution, S3

doesn't offer the low-latency content delivery capabilities of a CDN
like CloudFront.
  AWS Global Accelerator: While it optimizes application
performance for global users, it's not designed for content caching
or handling massive traffic volumes like CloudFront.
 Amazon Route 53: Primarily a DNS service for routing traffic to
applications, it lacks the content delivery features of CloudFront.
 AWS CloudFront- content delivery network infrastructure.


There are six design principles for operational excellence in the cloud:
 Perform operations as code Annotate documentation
 Make frequent, small, reversible changes
 Refine operations procedures frequently
 Anticipate failure
 Learn from all operational failures

 Core Principles Scalability ,Disposable Resources Instead of Fixed

Servers ,Automation Loose Coupling ,Services, Not Servers, Databases
,Managing Increasing Volumes of Data, Removing Single Points of
Failure, Optimize for Cost ,Caching ,Security

 Business Support and Enterprise Support offer access to technical

support cases and other benefits, but they do not include access to
self-paced labs.
 Basic Support only offers limited support for account and billing
issues, and does not include access to self-paced labs or any
other technical support benefits.
 Developer Support specifically includes access to a library of self-
paced labs, as well as one-on-one technical support and other
benefits.
CLF02 PDF Modified answeRS

Q253) ans is opt D

Q249)ans is opt A
Q254)ans is opt D

Q256)ans is opt A

Q257)ans is opt D

Q258)ans is opt A
Q259)ans is opt D(doubt question)

Q260)ans is opt B

Q261)ans is opt C

Q264)ans is opt C
Q265)ans is opt C

Q266)ans is opt B

Q268)ans is opt B, C

Q269)ans is opt C
Q270)ans is opt C

Q271)ans is opt D,E

Q274)ans is opt B

Q275)ans is opt D
Q276)ans is opt D

Q277)ans is opt B

Q278)ans is opt D

Q279)ans is opt C
Q280)ans is opt D

Q282)ans is opt C,D

Q285)ans is opt B

Q286)ans is opt C
Q287)ans is opt C

Q288)ans is opt C

Q289)ans is opt A

Q290)ans is opt A
Q291)ans is opt A,D

Q292)ans is opt B,C

Q293)ans is opt B

Q294)ans is opt D
Q295)ans is opt C,D

Q296)ans is opt B

Q297)ans is opt B

Q298)ans is opt C
Q299)ans is opt C

Q301)ans is opt C

Q303)ans is opt A

Q304)ans is opt C
Q305)ans is opt B

Q306)ans is opt D

Q307)ans is opt D

Q308)ans is opt D
Q309)ans is opt D

Q311)ans is opt B

Q312)ans is opt A

Q313)ans is opt B
Q314)ans is opt D

Q318)ans is opt B

Q319)ans is opt B

Q320)ans is opt A
Q321)ans is opt B,C

Q323)ans is opt B

Q326)ans is opt C

Q327)ans is opt C,E

Q328)ans is opt C

Q329)ans is opt A

Q330)ans is opt A,C

Q331)ans is opt C
Q332)ans is opt B

Q333)ans is opt C

Q334)ans is opt C

Q335)ans is opt A,B

Q337)ans is opt C

Q338)ans is opt A

Q340)ans is opt B

Q341)ans is opt A
Q342)ans is opt B

Q343)ans is opt A

Q344)ans is opt B,C

Q346)ans is opt A, D
Q347)ans is opt D

Q348)ans is opt B

Q349)ans is opt C

Q350)ans is opt A
Q351)ans is opt A

Q352)ans is opt A

Q353)ans is opt D

Q354)ans is opt C
Q355)ans is opt B

Q356)ans is opt B,E

Q357)ans is opt C

Q358)ans is opt A,E

Q359)ans is opt A,D

Q360)ans is opt C

Q363)ans is opt D

Q364)ans is opt B
Q366)ans is opt D

Q368)ans is opt B

Q370)ans is opt C

Q371)ans is opt D
Q372)ans is opt B

Q373)ans is opt C

Q374)ans is opt A

Q375)ans is opt B
Q376)ans is opt B

Q377)ans is opt A