AWS Certified Cloud Practitioner Exam Guide
AWS Cloud Practitioner Essentials Day
Fri, Dec 8, 2023 10:00 AM Central
The exam has the following content domains and weightings:
1: Cloud Concepts (24% of scored content)
2: Security and Compliance (30% of scored content)
3: Cloud Technology and Services (34% of scored content)
4: Billing, Pricing, and Support (12% of scored content)
1: Cloud Concepts
1.1 Define the AWS Cloud and its value proposition
Understanding the economies of scale (for example, cost savings) By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go prices.
Understanding the benefits of global infrastructure (for example, speed of deployment, global reach) Availability Zones offer you the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center. Easily deploy your application in multiple regions around the world with just a few clicks.
Understanding the advantages of high availability, elasticity, and agility
Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud provider like Amazon Web Services (AWS).
Define the benefits of the AWS cloud including:
- Security Security at AWS starts with our core infrastructure. Custom-built for the cloud and designed to meet the most stringent security requirements in the world, our infrastructure is monitored 24/7 to help ensure the confidentiality, integrity, and availability of your data. All data flowing across the AWS global network that interconnects our datacenters and Regions is automatically encrypted at the physical layer before it leaves our secured facilities. You can build on the most secure global infrastructure, knowing you always control your data, including the ability to encrypt it, move it, and manage retention at any time.
- Reliability Text here...
- High Availability AWS delivers the highest network availability of any cloud provider. Each region is fully isolated and comprised of multiple AZs, which are fully isolated partitions of our infrastructure. To better isolate any issues and achieve high availability, you can partition applications across multiple AZs in the same region. In addition, AWS control planes and the AWS management console are distributed across regions, and include regional API endpoints, which are designed to operate securely for at least 24 hours if isolated from the global control plane functions without requiring customers to access the region or its API endpoints via external networks during any isolation.
- Elasticity Text here...
- Agility IT resources are only a click away, which means that you reduce the time to make resources available to your developers from weeks to minutes. This dramatically increases agility for the organization, because the cost and time it takes to experiment and develop is significantly lower.
- Pay-as-you go pricing Pay only when you use computing resources, and only for how much you use.
- Scalability The AWS Global Infrastructure enables companies to be extremely flexible and take advantage of the conceptually infinite scalability of the cloud. Customers used to over provision to ensure they had enough capacity to handle their business operations at the peak level of activity. Now, they can provision the amount of resources that they actually need, knowing they can instantly scale up or down along with the needs of their business, which also reduces cost and improves the customer’s ability to meet their user’s demands. Companies can quickly spin up resources as they need them, deploying hundreds or even thousands of servers in minutes.
- Global Reach AWS has the largest global infrastructure footprint of any provider, and this footprint is constantly increasing at a significant rate. When deploying your applications and workloads to the cloud, you have the flexibility in selecting a technology infrastructure that is closest to your primary target of users. You can run your workloads on the cloud that delivers the best support for the broadest set of applications, even those with the highest throughput and lowest latency requirements. And If your data lives off this planet, you can use AWS Ground Station, which provides satellite antennas in close proximity to AWS infrastructure Regions.
- Economy of scale AWS aggregates usage from hundreds of thousands of customers in the cloud, which leads to higher economies of scale. This translates into lower pay-as-you-go prices.
Explain how the AWS cloud allows users to focus on business value
- Shifting technical resources to revenue-generating activities as opposed to managing infrastructure
1.2 Identify aspects of AWS Cloud economics
Define items that would be part of a Total Cost of Ownership proposal
- Understand the role of operational expenses (OpEx)
- Understand the role of capital expenses (CapEx)
- Understand labor costs associated with on-premises operations
- Understand the impact of software licensing costs when moving to the cloud
Identify which operations will reduce costs by moving to the cloud
- Right-sized infrastructure
- Benefits of automation
- Reduce compliance scope (for example, reporting)
1.3 Explain the different cloud architecture design principles
Understanding the pillars of the Well-Architected Framework (for example, operational excellence, security, reliability, performance efficiency, cost optimization, sustainability)
Identifying differences between the pillars of the Well-Architected Framework
Explain the design principles
- Design for failure
- Decouple components versus monolithic architecture
- Implement elasticity in the cloud versus on-premises
- Think parallel
2: Security and Compliance
2.1 Define the AWS shared responsibility model
Recognize the elements of the Shared Responsibility Model
- Recognizing the components of the AWS shared responsibility model
- Describing the customer’s responsibilities on AWS
- Describing AWS responsibilities
- Describing responsibilities that the customer and AWS share
- Describing how AWS responsibilities and customer responsibilities can shift, depending on the service used (for example, Amazon RDS, AWS Lambda, Amazon EC2)
Describe the customer’s responsibly on AWS
- Describe how the customer’s responsibilities may shift depending on the service used(for example with RDS, Lambda, or EC2)
Describe AWS responsibilities
2.2 Define AWS Cloud security and compliance concepts
Identify where to find AWS compliance information
- Locations of lists of recognized available compliance controls (for example, HIPPA,SOCs)
- Recognize that compliance requirements vary among AWS services
At a high level, describe how customers achieve compliance on AWS
- Identify different encryption options on AWS (for example, In transit, At rest)
- Identifying where to find AWS compliance information (for example, AWS Artifact)
- Understanding compliance needs among geographic locations or industries (for example, AWS Compliance)
- Identifying different encryption options (for example, encryption in transit, encryption at rest)
- Recognizing services that aid in governance and compliance (for example, monitoring with Amazon CloudWatch; auditing with AWS CloudTrail, AWS Audit Manager, and AWS Config; reporting with access reports)
- Recognizing compliance requirements that vary among AWS services
The following is a partial list of assurance programs with which AWS complies:
SOC 1/ISAE 3402, SOC 2, SOC 3
FISMA, DIACAP, and FedRAMP
PCI DSS Level 1
ISO 9001, ISO 27001, ISO 27017, ISO 27018
Describe who enables encryption on AWS for a given service
For compliance-related concerns, there are a few capabilities that are worth exploring as options to increase your coverage of security controls. You can also use the reports produced by Security Hub automated compliance checks to verify and validate your encryption settings and other controls.
- Amazon S3 can automatically encrypt all new objects placed into a bucket, even when the user or software doesn’t specify encryption.
- You can use batch operations in Amazon S3 to encrypt existing objects that weren’t originally stored with encryption.
- You can use the Amazon S3 inventory report to generate a list of all S3 objects in a bucket, including their encryption status.
Recognize there are services that will aid in auditing and reporting
- Recognize that logs exist for auditing and monitoring (do not have to understand the logs)
- Define Amazon CloudWatch, AWS Config, and AWS CloudTrail
Explain the concept of least privileged access
2.3 Identify AWS access management capabilities
Understand the purpose of User and Identity Management
- Access keys and password policies (rotation, complexity)
The combination of an access key ID and a secret access key. You use access keys to sign API requests that you make to AWS.
- Multi-Factor Authentication (MFA)
- AWS Identity and Access Management (IAM)
• Groups/users
• Roles
• Policies, managed policies compared to custom policies - Tasks that require use of root accounts
- Understanding access keys, password policies, and credential storage (for example, AWS Secrets Manager, AWS Systems Manager)
- Identifying authentication methods in AWS (for example, multi-factor authentication [MFA], IAM Identity Center, cross-account IAM roles)
- Defining groups, users, custom policies, and managed policies in compliance with the principle of least privilege
- Identifying tasks that only the account root user can perform
- Understanding which methods can achieve root user protection
- Understanding the types of identity management (for example, federated)
Protection of root accounts
2.4 Identify resources for security support
Recognize there are different network security capabilities
- Native AWS services (for example, security groups, Network ACLs, AWS WAF)
- 3rd party security products from the AWS Marketplace
- Describing AWS security features and services (for example, security groups, network ACLs, AWS WAF)
- Understanding that third-party security products are available from AWS Marketplace
- Identifying where AWS security information is available (for example, AWS Knowledge Center, AWS Security Center, AWS Security Blog)
- Understanding the use of AWS services for identifying security issues (for example, AWS Trusted Advisor)
Recognize there is documentation and where to find it (for example, best practices, whitepapers, official documents)
- AWS Knowledge Center, Security Center, security forum, and security blogs
- Partner Systems Integrators
Know that security checks are a component of AWS Trusted Advisor
AWS Artifact provides on-demand access to AWS security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls.
AWS Audit Manager helps to continuously audit AWS usage to simplify how to assess risk and compliance with regulations and industry standards.
Certificate Manager - Provision, Manage, and Deploy SSL/TLS Certificates. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks.
CloudHSM - Managed Hardware Security Modules in the Cloud. It is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With AWS CloudHSM, you can manage your own encryption keys using dedicated FIPS 140-2 Level 3 validated HSMs.
Cognito - Consumer Identity Management and AWS Credentials for Federated Identities. With Amazon Cognito, you can scale to millions of users and supports sign-in with social identity providers such as Apple, Facebook, Twitter, or Amazon, with SAML 2.0 identity solutions, or by using your own identity system.
Detective - Investigate and Analyze potential security issues. It makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Amazon Detective automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations.
Directory Service - Host and Manage Active Directory. Also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.
AWS Firewall Manager - Central management of firewall rules. It is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations.
GuardDuty - Intelligent Threat Detection to Protect Your AWS Accounts and Workloads
IAM - Manage access to AWS resources enabling you to securely control access to AWS services and resources for your AWS users, groups, and roles.
IAM Identity Center is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications.
Amazon Inspector is a new automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.
Key Management Service - Securely Generate and Manage AWS Encryption Keys
Amazon Macie is a fully managed data security and data privacy service that uses inventory evaluations, machine learning, and pattern matching to discover sensitive data and accessibility in your Amazon S3 environment.
AWS Payment Cryptography - On-demand payment HSM functionality for card transactions and key management
AWS Private Certificate Authority - Managed private certificate authority service
Resource Access Manager - Share AWS resources with other accounts or AWS Organizations. You can use AWS RAM to share transit gateways, subnets, AWS License Manager license configurations, Amazon Route 53 Resolver rules, and more resource types.
Secrets Manager The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.
Security Hub is a cloud security posture management service that performs automated, continuous security best practice checks against your AWS resources. Security Hub aggregates your security alerts (i.e. findings) from various AWS services and partner products in a standardized format so that you can more easily take action on them.
Security Lake - Automatically centralize all your security data with a few clicks.
AWS Signer - Ensuring trust and integrity of your code
Amazon Verified Permissions - Manage, analyze and enforce permissions across your applications
WAF & Shield - Protects Against DDoS Attacks and Malicious Web Traffic. Web Application Firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting.
3: Technology
3.1 Define methods of deploying and operating in the AWS Cloud
Identify at a high level different ways of provisioning and operating in the AWS cloud
- Programmatic access, APIs, SDKs, AWS Management Console, CLI, Infrastructure as Code
- Deciding between options such as programmatic access (for example, APIs, SDKs, CLI), the AWS Management Console, and infrastructure as code (IaC)
- Evaluating requirements to determine whether to use one-time operations or repeatable processes
- Identifying different deployment models (for example, cloud, hybrid, onpremises)
- Identifying connectivity options (for example, AWS VPN, AWS Direct Connect, public internet)
Identify different types of cloud deployment models
- All in with cloud/cloud native
- Hybrid
- On-premises
Identify connectivity options
- VPN
- AWS Direct Connect
- Public internet
3.2 Define the AWS global infrastructure
Describe the relationships among Regions, Availability Zones, and Edge Locations
- Describing relationships among Regions, Availability Zones, and edge locations
- Describing how to achieve high availability by using multiple Availability Zones
- Recognizing that Availability Zones do not share single points of failure
- Describing when to use multiple Regions (for example, disaster recovery, business continuity, low latency for end users, data sovereignty)
- Describing at a high level the benefits of edge locations (for example, Amazon CloudFront, AWS Global Accelerator)
Describe how to achieve high availability through the use of multiple Availability Zones
- Recall that high availability is achieved by using multiple Availability Zones
- Recognize that Availability Zones do not share single points of failure
Describe when to consider the use of multiple AWS Regions
- Disaster recovery/business continuity
- Low latency for end-users
- Data sovereignty
Describe at a high level the benefits of Edge Locations
- Amazon CloudFront
- AWS Global Accelerator
3.3 Identify the core AWS services
Describe the categories of services on AWS (compute, storage, network, database)
Identify AWS compute services
- Recognize there are different compute families
- Recognize the different services that provide compute (for example, AWS Lambda compared to Amazon Elastic Container Service (Amazon ECS), or Amazon EC2, etc.)
- Recognize that elasticity is achieved through Auto Scaling
- Identify the purpose of load balancers
- Recognizing the appropriate use of different EC2 instance types (for example, compute optimized, storage optimized)
- Recognizing the appropriate use of different container options (for example, Amazon ECS, Amazon EKS)
- Recognizing the appropriate use of different serverless compute options (for example, AWS Fargate, Lambda)
- Recognizing that auto scaling provides elasticity
- Identifying the purposes of load balancers
Instance types
- On-Demand Instances - With On-Demand Instances, you pay for compute capacity by the hour or the second depending on which instances you run.
- Users that prefer the low cost and flexibility of Amazon EC2 without any up-front payment or long-term commitment
- Applications with short-term, spiky, or unpredictable workloads that cannot be interrupted
- Applications being developed or tested on Amazon EC2 for the first time
- Spot Instances are available at up to a 90% discount compared to On-Demand prices and let you take advantage of unused Amazon EC2 capacity in the AWS Cloud.
- Applications that have flexible start and end times
- Applications that are only feasible at very low compute prices
- Users with urgent computing needs for large amounts of additional capacity
- Reserved Instances provide you with a significant discount (up to 72%) compared to On-Demand Instance pricing.
- C7g Instances are ideal for high performance computing (HPC), batch processing, electronic design automation (EDA), gaming, video encoding, scientific modeling, distributed analytics, CPU-based ML inference, and ad serving.
- Inf2 Instances are purpose--built for deep learning inference. They deliver high performance at the lowest cost in Amazon EC2 for generative AI models, including large language models (LLMs) and vision transformers.
- M7g Instances are ideal for applications built on open-source software such as application servers, microservices, gaming servers, mid-size data stores, and caching fleets.
- R7g Instances are ideal for memory-intensive workloads such as open-source databases, in-memory caches, and near real-time big data analytics.
- Trn1 Instances are purpose-built for high-performance deep learning training of generative AI models, including LLMs and latent diffusion models.
- Savings Plans are a flexible pricing model that offer low prices on EC2 and Fargate usage, in exchange for a commitment to a consistent amount of usage for a one or three year term.
- Dedicated Hosts can help reduce costs by allowing use of existing server-bound software licenses, including Windows Server, Microsoft SQL Server, and SUSE Linux Enterprise Server, and can also help to meet compliance requirements.
AWS App Runner - Build and run production web applications at scale
Batch - Fully managed batch processing at any scale
EC2 - Virtual Servers in the Cloud
EC2 Image Builder - A managed service to automate build, customize and deploy OS images
Elastic Beanstalk - Run and Manage Web Apps
Lambda - Run code without thinking about servers
Lightsail - Launch and Manage Virtual Private Servers
AWS Outposts - Run AWS Services On Premises
Serverless Application Repository - Assemble, deploy, and share serverless applications within teams or publicly
AWS SimSpace Weaver - Build and run large-scale spatial simulations
Identify different AWS storage services
- Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. Amazon S3 is designed for 99.999999999% (11 9s) of durability.
- Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.
- Amazon S3 Glacier is now S3 Glacier Flexible Retrieval (see below)
- Describe AWS Snowball
- Amazon Elastic File System (Amazon EFS) provides a simple, scalable, elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need – when they need it.
- AWS Storage Gateway is a hybrid storage service that allows your on-premises applications to seamlessly use AWS cloud storage. You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiering, and migration. Uses standard storage protocols, such as NFS, SMB and iSCSI. The gateway connects to AWS storage services, such as Amazon S3, S3 Glacier, and Amazon EBS, and Amazon FSx for Windows File Server, providing storage for files, volumes, and virtual tapes in AWS.
- Identifying the uses for object storage
- Recognizing the differences in Amazon S3 storage classes
- S3 Intelligent-Tiering for automatic cost savings for data with unknown or changing access patterns
- S3 Standard for frequently accessed data
- S3 Standard-Infrequent Access (S3 Standard-IA) and S3 One Zone-Infrequent Access (S3 One Zone-IA) for less frequently accessed data
- S3 Glacier Instant Retrieval for archive data that needs immediate access
- S3 Glacier Flexible Retrieval (formerly S3 Glacier) for rarely accessed long-term data that does not require immediate access
- Amazon S3 Glacier Deep Archive is for long-term archive and digital preservation with retrieval in hours at the lowest cost storage in the cloud
- Identifying block storage solutions (for example, Amazon Elastic Block Store [Amazon EBS], instance store)
- Identifying file services (for example, Amazon Elastic File System [Amazon EFS], Amazon FSx)
- Identifying cached file systems (for example, AWS Storage Gateway, Amazon File Cache)
- Understanding use cases for lifecycle policies
- Understanding use cases for AWS Backup
AWS Backup centrally manages and automates backups across AWS services
EFS - Managed File Storage for EC2
AWS Elastic Disaster Recovery - Scalable, cost-effective application recovery to AWS
FSx - Fully managed third-party file systems optimized for a variety of workloads
S3 - Scalable Storage in the Cloud
S3 Glacier - Archive Storage in the Cloud
Storage Gateway - Hybrid Storage Integration
AWS Snowcone is the smallest member of the AWS Snow Family, weighing in at 4.5 pounds (2.1 kg) with 8 terabytes of usable storage. Snowcone is ruggedized, secure, and purpose-built for use outside of a traditional data center.
AWS Snowball comes in two options. AWS Snowball Edge Storage Optimized devices provide both block storage and Amazon S3-compatible object storage, and 40 vCPU's. They are well suited for local storage and large scale-data transfer. AWS Snowball Edge Compute Optimized devices provide 52 vCPU's, block and object storage, and an optional GPU for use cases like advanced machine learning and full motion video analysis in disconnected environments.
AWS Snowmobile moves extremely large amounts of data to AWS. Transfer up to 100 PB per Snowmobile, a 45-foot-long ruggedized shipping container pulled by a semi-trailer truck.
Identify AWS networking services
- VPC (Virtual Private Cloud) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
- Identify security groups
- Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It effectively connects user requests to infrastructure running in AWS—such as EC2 instances, Elastic Load Balancing load balancers, or Amazon S3 buckets—and can also be used to route users to infrastructure outside of AWS.
- VPN solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. AWS Direct Connect can establish private connectivity between AWS and your data center, office, or co-location environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
- Identifying the components of a VPC (for example, subnets, gateways)
- Understanding security in a VPC (for example, network ACLs, security groups) VPC can create a public-facing subnet for your web servers that has access to the Internet, and place backend systems, such as databases or application servers, in a private-facing subnet with no Internet access. Leverage multiple layers of security including security groups and network access control lists to help control access to EC2 instances in each subnet.
- Identifying edge services (for example, CloudFront, Global Accelerator)
- Identifying network connectivity options to AWS (for example AWS VPN, Direct Connect)
API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
AWS App Mesh makes it easy to monitor and control microservices running on AWS.
AWS Cloud Map is a cloud resource discovery service. With AWS Cloud Map, you can define custom names for your application resources, and it maintains the updated location of these dynamically changing resources.
CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.
Direct Connect provides a dedicated Network Connection to AWS
Global Accelerator - Improves application availability and performance using the AWS Global Network
AWS Private 5G - Deploy and scale private mobile networks on-premises. It offers an easy way to use cellular technology to augment your current network. This can help you increase reliability, extend coverage, or allow a new class of workloads, such as factory automation, autonomous robotics, and advanced augmented and virtual reality (AR/VR).
Route 53 - Scalable DNS and Domain Name Registration
Identify different AWS database services
- Install databases on Amazon EC2 compared to AWS managed databases
- Identify Amazon RDS
- Identify Amazon DynamoDB
- Identify Amazon Redshift
- Deciding when to use EC2 hosted databases or AWS managed databases
- Identifying relational databases (for example, Amazon RDS, Amazon Aurora)
- Identifying NoSQL databases (for example, DynamoDB)
- Identifying memory-based databases (for example Amazon ElastiCache)
- Identifying database migration tools (for example AWS Database Migration Service [AWS DMS], AWS Schema Conversion Tool [AWS SCT])
Amazon DocumentDB - Fully-managed MongoDB-compatible database service
DynamoDB - Managed NoSQL Database
ElastiCache - In-Memory Cache
Amazon Keyspaces - Serverless Cassandra-compatible database
Amazon MemoryDB for Redis - Fully managed, Redis-compatible, in-memory database service
Neptune - Fast, reliable graph database built for the cloud
Amazon QLDB - Fully managed ledger database
Amazon Redshift - Fast, Simple, Cost-Effective Data Warehousing
RDS - Managed Relational Database Service
Amazon Timestream - Amazon Timestream is a fast, scalable, and serverless time series database for IoT and operational applications
Identify AWS artificial intelligence and machine learning (AI/ML) services and analytics services
- Understanding the different AI/ML services and the tasks that they accomplish (for example, Amazon SageMaker, Amazon Lex, Amazon Kendra)
- Identifying the services for data analytics (for example, Amazon Athena, Amazon Kinesis, AWS Glue, Amazon QuickSight)
Machine Learning
Amazon Augmented AI - Easily implement human review of machine learning predictions
Amazon Bedrock - The easiest way to build and scale generative AI applications with foundation models (FMs).
Amazon CodeGuru - Intelligent recommendations for building and running modern applications
Amazon Comprehend - Analyze Unstructured Text
Amazon Comprehend Medical - Amazon Comprehend Medical uses machine learning to extract insights and relationships from medical text.
Amazon DeepComposer - AWS DeepComposer allows developers of all skill levels to get started with Generative AI.
Amazon DeepLens - Deep Learning Enabled Video Camera
Amazon DeepRacer - Fully autonomous 1/18th scale race car, driven by machine learning
Amazon DevOps Guru - ML-powered cloud operations service to improve application availability.
Amazon Forecast - Amazon Forecast is a fully-managed service for accurate time-series forecasting
Amazon Fraud Detector - Detect more online fraud faster using machine learning
Amazon HealthImaging - Store, analyze, and share medical images
Amazon HealthLake - Making sense of health data
Amazon HealthOmics - Transform omics data into insights.
Amazon Kendra - Highly accurate enterprise search service powered by machine learning
Amazon Lex - Build Voice and Text Chatbots
Amazon Lookout for Equipment - Detect abnormal equipment behavior by analyzing sensor data
Amazon Lookout for Metrics - Accurately detect anomalies in your business metrics and quickly understand why
Amazon Lookout for Vision - Identify defects using computer vision to automate quality inspection.
Amazon Monitron - End-to-end system for equipment monitoring
Amazon Panorama - Enabling computer vision applications at the edge
Amazon Personalize - Amazon Personalize helps you easily add real-time recommendations to your apps
Amazon Polly - Turn Text into Lifelike Speech
Amazon Rekognition - Search and Analyze Images
Amazon SageMaker - Build, Train, and Deploy Machine Learning Models
Amazon Textract - Easily extract text and data from virtually any document
Amazon Transcribe - Powerful Speech Recognition
Amazon Translate - Powerful Neural Machine Translation
Data Analytics
Athena - Serverless interactive analytics service
AWS Clean Rooms - Easily and securely collaborate on collective datasets without sharing or revealing underlying raw data
CloudSearch - Managed Search Service
AWS Data Exchange - Easily find, subscribe to, and use third-party data
Data Pipeline - Orchestration for Data-Driven Workflows
Amazon DataZone - Unlock data across organizational boundaries with built-in governance
EMR - Managed Hadoop Framework
AWS Entity Resolution - Easy-to-configure, machine learning powered entity resolution service
Amazon FinSpace - Store, catalog, prepare, and analyze financial industry data
AWS Glue - AWS Glue is a serverless data integration service.
AWS Glue DataBrew - Visual data preparation tool to clean and normalize data for analytics and machine learning
Kinesis - Work with Real-Time Streaming Data
AWS Lake Formation - AWS Lake Formation makes it easy to set up a secure data lake
Managed Apache Flink - Fully managed, highly available, and secure service for Apache Flink
MSK - Fully managed, highly available, and secure service for Apache Kafka
Amazon OpenSearch Service - Run open-source OpenSearch or Elasticsearch using Managed Clusters or Serverless deployments.
QuickSight - Fast, easy to use business analytics
Amazon Redshift - Fast, Simple, Cost-Effective Data Warehousing
Internet of Things
IoT 1-Click - Trigger AWS Lambda functions from simple devices
IoT Analytics - Collect, preprocess, store, analyze and visualize data of IoT devices
IoT Core - Connect Devices to the Cloud
IoT Device Defender - Secure your fleet of connected IoT devices
IoT Device Management - Securely Manage Fleets as Small as One Device, or as Broad as Millions of Devices
IoT Events - Detect and respond to events from IoT sensors and Industrial IoT equipment
IoT FleetWise - Easily collect, organize, and transfer vehicle data to the cloud at scale.
IoT Greengrass - Deploy and run code on your devices
IoT RoboRunner - Optimize robotics automation
IoT SiteWise - Data driven decisions in Industrial operations
IoT TwinMaker - Easily create digital twins of real-world systems to optimize operations
Migration & Transfer
Application Discovery Service - Discover on-premises application inventory and dependencies
AWS Application Migration Service - AWS Application Migration Service (MGN) automates lift-and-shift migration.
Database Migration Service - Managed Database Migration Service
DataSync - DataSync simplifies, automates, and accelerates moving data
AWS Mainframe Modernization - AWS Mainframe Modernization
AWS Migration Hub - Simplify and accelerate the migration of your data centers to AWS
AWS Snow Family - Large Scale Data Transport
AWS Transfer Family - Fully managed support for SFTP, FTPS, FTP, and AS2
3.4 Identify resources for technology support
Recognize there is documentation (best practices, whitepapers, AWS Knowledge Center, forums, blogs)
Identify the various levels and scope of AWS support
- AWS Abuse
- AWS support cases
- Premium support
- Technical Account Managers
Recognize there is a partner network (marketplace, third-party) including Independent Software Vendors and System Integrators
Identify sources of AWS technical assistance and knowledge including professional services, solution architects, training and certification, and the Amazon Partner Network
Identify the benefits of using AWS Trusted Advisor
4: Billing and Pricing
4.1 Compare and contrast the various pricing models for AWS (for example, On-Demand Instances,
Reserved Instances, and Spot Instance pricing)
Identify scenarios/best fit for On-Demand Instance pricing
Identify scenarios/best fit for Reserved-Instance pricing
- Describe Reserved-Instances flexibility
- Describe Reserved-Instances behavior in AWS Organizations
Identify scenarios/best fit for Spot Instance pricing
4.2 Recognize the various account structures in relation to AWS billing and pricing
Recognize that consolidated billing is a feature of AWS Organizations
Identify how multiple accounts aid in allocating costs across departments
4.3 Identify resources available for billing support
Identify ways to get billing support and information
- Cost Explorer, AWS Cost and Usage Report, Amazon QuickSight, third-party partners, and AWS Marketplace tools
- Open a billing support case
- The role of the Concierge for AWS Enterprise Support Plan customers
Identify where to find pricing information on AWS services
- AWS Simple Monthly Calculator
- AWS Services product pages
- AWS Pricing API
Recognize that alarms/alerts exist
Identify how tags are used in cost allocation
Which key tools, technologies, and concepts might be covered on the exam?
The following is a non-exhaustive list of the tools and technologies that could appear on the exam. This list is subject to change and is provided to help you understand the general scope of services, features, or technologies on the exam. The general tools and technologies in this list appear in no particular order.
AWS services are grouped according to their primary functions. While some of these technologies will likely be covered more than others on the exam, the order and placement of them in this list are no indication of relative weight or importance:
APIs
Cost Explorer
AWS Cost and Usage Report
AWS Command Line Interface (CLI)
Elastic Load Balancers
Amazon EC2 instance types (for example, Reserved, On-Demand, Spot)
AWS global infrastructure (for example, AWS Regions, Availability Zones)
Infrastructure as Code (IaC)
Amazon Machine Images (AMIs)
AWS Management Console
AWS Marketplace
AWS Professional Services
AWS Personal Health Dashboard
Security groups
AWS Service Catalog
AWS Service Health Dashboard
Service quotas
AWS software development kits (SDKs)
AWS Support Center
AWS Support tiers
Virtual private networks (VPNs)
AWS services and features
Analytics:
Amazon Athena
Amazon Kinesis
Amazon QuickSight
Application Integration:
Amazon Simple Notification Service (Amazon SNS)
Amazon Simple Queue Service (Amazon SQS)
Compute and Serverless:
AWS Batch
Amazon EC2
AWS Elastic Beanstalk
AWS Lambda
Amazon Lightsail
Amazon WorkSpaces
Containers:
Amazon Elastic Container Service (Amazon ECS)
Amazon Elastic Kubernetes Service (Amazon EKS)
AWS Fargate
Database:
Amazon Aurora
Amazon DynamoDB
Amazon ElastiCache
Amazon RDS
Amazon Redshift
Developer Tools:
AWS CodeBuild
AWS CodeCommit
AWS CodeDeploy
AWS CodePipeline
AWS CodeStar
Customer Engagement:
Amazon Connect
Management, Monitoring, and Governance:
AWS Auto Scaling
AWS Budgets
AWS CloudFormation
AWS CloudTrail
Amazon CloudWatch
AWS Config
AWS Cost and Usage Report
Amazon EventBridge (Amazon CloudWatch Events)
AWS License Manager
AWS Managed Services
AWS Organizations
AWS Secrets Manager
AWS Systems Manager
AWS Systems Manager Parameter Store
AWS Trusted Advisor
Networking and Content Delivery:
Amazon API Gateway
Amazon CloudFront
AWS Direct Connect
Amazon Route 53
Amazon VPC
Security, Identity, and Compliance:
AWS Artifact
AWS Certificate Manager (ACM)
AWS CloudHSM
Amazon Cognito
Amazon Detective
Amazon GuardDuty
AWS Identity and Access Management (IAM)
Amazon Inspector
AWS License Manager
Amazon Macie
AWS Shield
AWS WAF
Storage:
AWS Backup
Amazon Elastic Block Store (Amazon EBS)
Amazon Elastic File System (Amazon EFS)
Amazon S3
Amazon S3 Glacier
AWS Snowball Edge
AWS Storage Gateway