AWS Certified Cloud Practitioner Exam Guide E-Book

AWS Certified Cloud Practitioner Exam Guide

Build your cloud computing knowledge and build your skills as an AWS Certified Cloud Practitioner (CLF-C01)

Rajesh Daswani

BIRMINGHAM—MUMBAI

AWS Certified Cloud Practitioner Exam Guide

Copyright © 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Rahul Nair

Publishing Product Manager: Preet Ahuja

Senior Editor: Sangeeta Purkayastha

Content Development Editor: Nihar Kapadia

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Project Coordinator: Neil Dmello

Proofreader: Safis Editing

Indexer: Tejal Daruwale Soni

Production Designer: Shankar Kalbhor

First published: December 2021

Production reference: 2020623

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80107-593-0

www.packt.com

To my mother, Vandana, and to the memory of my father, Devkrishin, for their sacrifices and for exemplifying the power of determination. To my beautiful wife, Divya, for being my loving partner and anchor always. And to my amazing daughter, Ryka, for showing me how simplicity is the key to creativity.

– Rajesh Daswani

Contributors

About the author

Rajesh Daswani is a senior solutions architect with over 20 years' experience in IT infrastructure services and cloud computing. His work has been focused on both AWS and Microsoft 365 platforms. He has delivered cloud computing training on AWS as a corporate trainer for several clients globally.

Rajesh has helped thousands of IT professionals to appreciate real-world applications of cloud technologies and become better equipped to facilitate clients' adoption of cloud technologies.

When Rajesh is not immersed in the world of cloud computing, he can be caught watching re-runs of his favorite Star Trek shows (TNG). He also likes to be known as a food connoisseur, conjuring up his own mix of fusion dishes for his family and friends.

I would like to thank the team at Packt Publishing, especially Neil D'mello and Nihar Kapadia, for guidance and support in making this study guide a reality. I would also like to thank Renato Martins, for providing a technical review of this study guide.

About the reviewer

Renato Martins has been working in IT since 1997, having worked directly for, or consulted on behalf of, small start-ups, government agencies, and large multinationals in four countries. As a trainer, he has delivered hundreds of classes and a few dozen lectures on all topics, from development to databases, operating systems, and cloud computing in all flavors.

He has been approved in more than 200 certification exams, including AWS, Microsoft, PMI, Red Hat, Sun, and IBM, among others.

When not working, he loves to be with his family, enjoying museums and concerts, and likes to travel across the globe in whatever spare time he has.

Passionate about the fast-paced, constantly changing landscape of technology, he is always on the lookout for the next new thing, eager to learn and share it.

I'd like to thank my lovely wife, Sandra, and our incredible children, Theo and Laís, for their support, knowing I might become absent at any time as a result of diving into a big project, studying for the next exam, or delivering a class. Thanks for knowing that after, I am there to have the best moments of our lives together.

Thanks for the relaxing moments, for all the laughs and cuddles.

A big thank you also to my dog, Ted, who makes sure I am awake every day at 6 A.M. for a walk!

Table of Contents

Preface

Section 1: Cloud Concepts

Chapter 1: What Is Cloud Computing?

What is cloud computing?

The six advantages of cloud computing

Exploring the basics of virtualization

Exploring cloud computing models

Infrastructure as a Service

Platform as a Service

SaaS

Understanding cloud deployment models

Public cloud

Private cloud

Hybrid cloud

Summary

Questions

Chapter 2: Introduction to AWS and the Global Infrastructure

What is AWS?

A quick history of AWS

Exploring the AWS Global Infrastructure

Regions

AZs

Edge locations

Regional edge caches

Regional services

Global services

On-premises services

Choosing the right AWS support plan for your business

Basic support plan

Developer support plan

Business support plan

Enterprise support plan

Overview of the AWS Service Health Dashboard

The AWS AuP

Summary

Questions

Chapter 3: Exploring AWS Accounts, Multi-Account Strategy, and AWS Organizations

Why have a multi-account AWS environment?

AWS Landing Zone

AWS Control Tower

Managing multiple accounts – AWS Organizations

Introducing AWS Organizations

Consolidated billing

How many AWS accounts do you need?

Core AWS OUs

Additional OUs

AWS Free Tier accounts

Free tools

Always free services (limited offering)

Free trials

Exercise 3.1 – Setting up your first AWS Free Tier account

Exercise 3.2 – Setting up a billing alarm

Questions

Section 2: AWS Technologies

Chapter 4: Identity and Access Management

Introduction to the AWS IAM service

The AWS IAM console

The AWS IAM services

The root user account and implementing Multi-Factor Authentication (MFA)

Setting up MFA

The importance of defining IAM password policies

Key differences between IAM users and IAM groups

IAM users

IAM groups

Defining permissions with IAM policies

Types of identity-based policies

Example of an IAM policy

Assigning temporary credentials with IAM roles

Temporary credentials

Reviewing credential reports

Exercise 4.1 – creating an IAM group

Exercise 4.2 – creating an IAM user

Exercise 4.3 – logging in to your AWS account as an IAM user

Accessing the AWS platform using the CLI

Accessing your account via the CLI

Downloading the CLI tools

Exercise 4.4 – accessing the AWS platform using the AWS CLI on a Windows computer

Exercise 4.5 – creating an IAM user with administrative privileges

Summary

Questions

Chapter 5: Amazon Simple Storage Service (S3)

Technical requirements

Introduction to storage options on AWS

Block storage

File storage

Object storage

Introduction to Amazon S3

Buckets and objects

Managing your objects in a bucket

Regional hosting – global availability

Access permissions

Versioning

Cross-Region and same-Region replication

S3 encryption

Static website hosting

Amazon S3TA

Learning about archiving solutions with Amazon S3 Glacier

Connecting your on-premises storage to AWS with Amazon Storage Gateway

Migrating large datasets to AWS with the AWS Snow Family

AWS Snowball

Amazon Snowcone

Amazon Snowmobile

Exercise 5.1 – Setting up an Amazon S3 bucket

Exercise 5.2 – Configuring public access to S3 buckets

Exercise 5.3 – Enabling versioning on your bucket

Exercise 5.4 – Setting up static website hosting

Summary

Questions

Chapter 6: AWS Networking Services – VPCs, Route53, and CloudFront

Technical requirements

Introduction to on-premises networks

Basic corporate networks

Fundamentals of IP addressing and CIDRs

IP address version 4 – IPv4

Limitations of IPv4 addresses

Businesses need internet access

What about IPv6?

Network sizes and classes

What are subnet masks?

What is subnetting?

Classless Interdomain Routing (CIDR)

Virtual Private Clouds (VPCs)

All about subnets

Internet access

VPC security

Network Address Translation (NAT)

VPC peering

VPC transit gateway

Virtual Private Networks (VPNs)

Direct Connect

Learning about DNS and global routing with Amazon Route53

Domain registration

Hosted zones

Routing policies

Health checks

Traffic flow and traffic policies

Implementing a robust CDN with Amazon CloudFront

Choosing a price class for your CloudFront distribution

Introduction to Amazon API Gateway

Exercise 6.1 – setting up a public subnet VPC

Summary

Questions

Chapter 7: AWS Compute Services

Introduction to Amazon EC2

Amazon Machine Images (AMIs)

Exploring EC2 instance types

Learning about Amazon EBS and instance backed store

Amazon Elastic Block Store

AWS EC2 instance store volumes

Learning about EC2 pricing options

On-Demand Instance Pricing Option

Reserved Instance Pricing Option

Spot Instance Pricing Option

Implementing Shared File Storage with Amazon EFS

Learning about VPSes with Amazon Lightsail

Introduction to Amazon ECS and Kubernetes

Amazon ECS comes in two deployment options

Amazon Elastic Kubernetes Service (Amazon EKS)

Learning about additional compute services on AWS

Serverless option – AWS Lambda

AWS Batch

AWS Outposts

Understanding additional storage options in AWS

Amazon FSx for Lustre

Amazon FSx for Windows File Server

Securing your VPC with bastion hosts

Exercise 7.1 – Expanding ProductionVPC so that it includes two public subnets and two private subnets

Setting up additional subnets

Creating private subnets

Exercise 7.2 – Creating a Bastion Host security group

Exercise 7.3 – Launching an EC2 instance

Exercise 7.4 – Launching an application on Amazon Fargate

Summary

Questions

Chapter 8: AWS Database Services

Technical requirements

Managed databases versus unmanaged databases

Learning about additional database services for specific niche requirements

Introduction to database concepts and models

Relational databases

Non-relational (NoSQL) databases

Introduction to Amazon RDS

Deploying in Amazon VPCs

Backup and recovery

High availability with Multi-AZ

Backup and recovery

Horizontal scaling with read replicas

A brief introduction to Amazon Aurora

Learning about Amazon DynamoDB (NoSQL database solution)

Tables, items, and attributes

Provisioning capacity for DynamoDB

Understanding the use cases for Amazon Redshift and data warehousing

Online Analytical Processing (OLAP)

Redshift architecture

About Redshift Spectrum

Understanding the importance of in-memory caching options with Amazon Elasticache

Learning about additional database services for specific niche requirements

Introduction to Amazon Neptune

Amazon QLDB

Database Migration Service

Exercise 8.1 – Extending your VPC to host database subnets

Exercise 8.2 – Creating a database subnet group

Exercise 8.3 – Launching your Amazon RDS database in ProductionVPC

Exercise 8.4 – Deploying an Amazon DynamoDB table

Summary

Questions

Chapter 9: High Availability and Elasticity on AWS

Technical requirements

Introduction to vertical and horizontal scaling concepts

Overview of the OSI model

Distributing web traffic with Amazon ELB

Load balancers and VPCs

ALB

ALB and WAF

NLB

GWLB

CLB

Implementing elasticity with Amazon Auto Scaling

Auto Scaling groups

Configuration templates

Scaling options

Designing multi-Region HA solutions

Extended exercises – setting the scene

Exercise 9.1 – setting up an Amazon S3 bucket to host source files

Exercise 9.2 – creating an IAM role

Exercise 9.3 – configuring an ALB

Exercise 9.4 – amending the Production-VPC security group

Exercise 9.5 – deploying a NAT gateway

Exercise 9.6 – deploying your application servers with Amazon Auto Scaling

Exercise 9.7 – cleanup

Summary

Questions

Chapter 10: Application Integration Services

Technical requirements

Understanding notification services such as Amazon SNS

Amazon SNS endpoints

Amazon SNS topics

Standard and FIFO topics

Amazon SNS Fanout scenario

Amazon SNS pricing

Decoupling your application architecture with Amazon SQS and Amazon MQ

Amazon SQS queue types

Amazon SQS pricing and security

Amazon MQ

Designing event-driven application workflows using AWS EventBridge

Coordinating multiple AWS services into serverless workloads with Amazon Step Functions and Amazon SWF

AWS Step Functions

Workflow types

Amazon Simple Workflow Service (SWF)

Exercise 10.1 – Amazon S3 event notification using Amazon SNS

Step 1 – creating an SNS topic and subscribing to the topic

Step 2 – configuring your SNS topic policy

Step 3 – setting up the Amazon S3 event notification service

Step 4 – testing the configuration

Exercise 10.2 – cleaning up

Summary

Questions

Chapter 11: Analytics on AWS

Technical requirements

Learning about data streaming with Amazon Kinesis

Amazon Kinesis Data Firehose

Amazon Kinesis Data Streams

Amazon Kinesis Data Analytics

Amazon Kinesis Video Streams

Learning how to query data stored in Amazon S3 with Amazon Athena

Introduction to Amazon Elasticsearch

Overview of Amazon Glue and QuickSight

Overview of Amazon Glue

Overview of Amazon QuickSight

Additional analytics services

Exercise 11.1 – analyzing your sales report with Amazon Athena and AWS Glue

Step 1 – Amazon S3

Step 2 – Amazon Athena and Amazon Glue

Step 3 – Amazon Athena

Exercise 11.2 – cleaning up

Summary

Questions

Chapter 12: Automation and Deployment on AWS

Technical requirements

Understanding application deployment with Amazon Elastic Beanstalk

Core components of Amazon Elastic Beanstalk

Understanding the benefits of IaC using Amazon CloudFormation

CloudFormation templates

CloudFormation stacks

Change sets

Drift detection

Introduction to the orchestration of Chef and Puppet solutions using AWS OpsWorks

AWS OpsWorks stacks

IT automation with Lambda

Exercise 12.1 – stopping and starting EC2 instances at regular intervals using AWS Lambda

Step 1 - Launching an EC2 instance

Step 2 - Creating an IAM policy and execution role for your Lambda function

Step 3 - Creating Lambda functions that stop and start your EC2 instances

Step 4 - Creating CloudWatch event rules to trigger your Lambda functions

Step 5 - Testing your Lambda function

Exercise 12.2 – cleaning up

Summary

Questions

Chapter 13: Management and Governance on AWS

Technical requirements

The basics of Amazon CloudWatch

CloudWatch metrics

Dashboards

Alarms

CloudWatch Logs

Amazon CloudWatch Events

Meeting compliance requirements with Amazon CloudTrail

Trails

Learning about change management with AWS Config

Configuration items

Configuration history

Configuration recorder

Configuration snapshot

Configuration stream

Managing your AWS resources with AWS Systems Manager

Learning how to use AWS Trusted Advisor

AWS Trusted Advisor and Support plans

Understanding the AWS Well-Architected Framework

Reliability

Performance efficiency

Security

Operational excellence

Cost optimization

Exercise 13.1 – Reviewing the Trusted Advisor reports in your AWS account

Summary

Questions

Section 3: AWS Security

Chapter 14: Implementing Security in AWS

Understanding the Shared Responsibility Model

Security of the cloud

Security in the cloud

Introduction to the AWS compliance programs and AWS Artifact

About AWS Artifact

AWS vulnerability scanning

Overview of data encryption services on AWS

Amazon S3 encryption

AWS CloudHSM

Protecting cloud resources and applications with AWS WAF and AWS Shield

Protecting applications with AWS WAF

Protecting network attacks with AWS Shield

Assessing and securing your EC2 instances with AWS Inspector

Other AWS security services

Amazon Macie

AWS GuardDuty

Amazon Detective

AWS Certificate Manager

AWS Secrets Manager

Amazon Cognito

AWS Directory Service

Exercise 14.1 – preventing data leaks with Amazon Macie

Step 1 – creating a new Amazon S3 bucket

Step 2 – configuring Amazon Macie to identify sensitive employee data

Exercise 14.2 – cleaning up

Summary

Questions

Section 4: Billing and Pricing

Chapter 15: Billing and Pricing

Technical requirements

An overview of billing and pricing on AWS

Understanding AWS cost optimization

Learning about AWS billing and cost management tools

AWS Cost Explorer

Cost allocation tags

Cost and usage report

AWS Budgets

Learning how to use the AWS pricing and TCO calculators

The AWS Pricing Calculator

AWS Migration Evaluator

Exercise 15.1 – setting up cost budgets on AWS

Summary

Questions

Chapter 16: Mock Tests

Answers

Other Books You May Enjoy

Preface

Amazon Web Services (AWS) is the leader in cloud computing and has successfully maintained that position for many years now. Companies across the globe, in both the public and private sectors, continue to embrace cloud technologies at an ever-increasing rate, and the demand for IT professionals with experience of AWS far outstrips supply.

The AWS Certified Cloud Practitioner Exam Guide is your one-stop resource to help you prepare for one of the most popular AWS certification exams. This study guide will help you validate your understanding of the core cloud computing services offered by AWS as well as learn how to architect and build cloud solutions for your clients.

Passing this foundation certification doesn't require you to know how to build and deploy complex multi-tier application solutions. However, this book gives you the necessary skills to understand how the various services offered by AWS can be used to architect end-to-end solutions for your client. In addition, you will learn about cloud economics, security concepts, and best practices.

This study guide is designed to be used even after you pass the AWS Certified Cloud Practitioner exam, with multiple exercises that can be used as a reference to help you start building real-world solutions for your clients. Each chapter builds on the previous one, with each new exercise extending a previously configured service. This will allow you to determine how the individual services offered by AWS can be used to design end-to-end solutions.

Each chapter also includes a summary followed by a set of review questions. The book ends with two mock tests that are designed to test your knowledge and help you further prepare for the official AWS Certified Cloud Practitioner exam.

Who this book is for

This study guide is designed for anyone looking to fast-track their career in cloud computing. The AWS Certified Cloud Practitioner Exam Guide is designed for both IT and non-IT professionals who wish to learn the fundamentals of cloud computing and the AWS offering. Non-IT professionals can benefit from this study guide as they learn not only the theoretical concepts of a wide range of cloud services offered by AWS, but also gain valuable experience in configuring those services from a technical perspective. IT professionals who have primarily worked in on-premises environments will learn how to provision and deploy technical solutions in the cloud and understand strategies for migrating their on-premises workloads to AWS.

What this book covers

Chapter 1, What Is Cloud Computing?, discusses the fundamentals of cloud computing, and outlines the six advantages of cloud computing. We also look at the various cloud computing models and cloud deployment models.

Chapter 2, Introduction to AWS and the Global Infrastructure, introduces you to the AWS ecosystem, its global infrastructure, and how it enables you to start deploying solutions on a global scale. We discuss the excellent support services offered by AWS and the importance of choosing the right support plan.

Chapter 3, Exploring AWS Accounts, Multi-Account Strategy, and AWS Organizations, details the concept of AWS accounts, which enable you to access the vast array of AWS services securely. We also look at the use case for setting multiple AWS accounts and the best practices to follow to manage multiple accounts using the AWS Organizations service.

Chapter 4, Identity and Access Management, introduces you to one of the core fundamental security features of AWS. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. With AWS IAM, you can design policies and permissions to ensure access and authorization to services using the principle of least privilege.

Chapter 5, Amazon Simple Storage Service (S3), explains how AWS offers a wide range of different storage options, including block, object, and file storage services. Amazon S3 is AWS's object storage solution and in this chapter, you learn how to harness the power of this virtually unlimited and highly scalable storage offering from Amazon.

Chapter 6, AWS Networking Services – VPCs, Route53, and CloudFront, covers networking services in the cloud. Amazon Virtual Private Cloud (VPC) enables you to launch AWS resources in a logically isolated virtual network in the cloud. We also look at AWS's Domain Name System (DNS) offering, which enables you to register new domain names and design traffic routing services for your workloads. Finally, in this chapter, we look at Amazon CloudFront, which helps you design a content network delivery service for your digital assets and applications.

Chapter 7, AWS Compute Services, details the various compute services on offer from AWS. These include the Elastic Compute Cloud (EC2) service, which enables you to launch Linux, Windows, and macOS virtual servers in the cloud, through to containers and serverless compute offerings such as Amazon Lambda. In this chapter, you will also learn about block storage and file storage services on AWS.

Chapter 8, AWS Databases Services, examines the wide range of database solutions on offer from AWS, capable of supporting almost any use case. From traditional relational database services such as Amazon RDS through to NoSQL databases solutions such as Amazon DynamoDB, we examine their use cases and learn how to configure these databases for your applications. Additional niche database solutions are also discussed in this chapter.

Chapter 9, High Availability and Elasticity on AWS, covers one of the fundamental benefits of cloud computing and, specifically, AWS. Designing solutions that are highly available and capable of withstanding outages is of paramount importance for any organization and, in this chapter, you will learn how to use the tools to build highly available solutions. In addition, we also discuss how you can automatically scale your application, expanding your resources when demand increases and terminating them when demand drops. This enables you to manage costs much more effectively and avoid the need to guess capacity.

Chapter 10, Application Integration Services, examines various AWS services that enable you to build applications that adopt a decoupled architecture design. This enables you to move away from traditional monolithic design in favor of the more modern microservice architectures.

Chapter 11, Analytics on AWS, examines the vast array of tools and services on AWS that can help you analyze the massive amounts of data that organizations collect, much of which is collected in real time.

Chapter 12, Automation and Deployment on AWS, looks at several automation tools and processes to help you deploy infrastructure and applications that not only speed up the deployment process but also reduce configuration errors.

Chapter 13, Management and Governance on AWS, examines several AWS services that can be used to monitor your resources, manage them centrally, and help you follow best practices.

Chapter 14, Implementing Security on AWS, outlines the wide range of security tools, services, and processes offered by AWS that can help you design your application solutions, with security being at the forefront, thereby enabling you to adhere to any compliance and regulatory environments and ensure that your customers' data is always protected.

Chapter 15, Billing and Pricing, discusses cloud economics and examines the vast array of AWS tools to help you manage your cloud computing costs effectively. We discuss strategies for minimizing costs without compromising performance, reliability, and security.

Chapter 16, Mock Tests, enables you to test your knowledge acquired throughout this study guide by undertaking two complete practice exams. These mock tests will help you gauge your readiness to take the official AWS certification exams and also provide answer explanations to help you prepare for the AWS exams.

To get the most out of this book

To get the most out of this book, you must follow the chapters in the order in which they have been presented. This is because each new chapter builds on the previous one. In addition, it is highly recommended that you gain the necessary practice experience by completing all the exercises in this book.

If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/AWS-Certified-Cloud-Practitioner-Exam-Guide. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801075930_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in the text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "For the key, type in Name, and for the value, type in Windows-BastionSrv."

A block of code is set as follows:

{

  "Id": "Policy1613735718314",

  "Version": "2012-10-17",

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "From the Instances console, select the Launch instances button from the top right-hand corner of the screen."

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, select your book, click on the Errata Submission Form link, and enter the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Share Your Thoughts

Once you've read AWS Certified Cloud Practitioner Exam Guide, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.

Section 1: Cloud Concepts

In this section, we look at the fundamentals of cloud computing. We then look at Amazon Web Services (AWS) and an overview of its cloud offering as well as its value proposition. We examine AWS cloud economics and the advantages of cloud computing.

This part of the book comprises the following chapters:

Chapter 1: What Is Cloud Computing?

Cloud computing has become the default option to design, build, and implement Information Technology (IT) applications for businesses across the globe. In the old days, you would host the entire infrastructure, hire a group of developers, and design each component and process required to build your applications. This approach not only ate into the bottom line, but also often did not follow best practices. It also lacked flexibility and scope for innovation.

Understanding cloud computing has become vital for IT professionals worldwide if they are to sustain their jobs and make progress in their careers. You can no longer deliver old-school solutions to your clients—it is simply not cost-effective in today's fast-paced IT world.

In addition, architecting solutions for the cloud comes with its own challenges, such as security considerations and network connectivity. This makes it crucial to upskill so that you can gain a deep understanding of how to build resilient, scalable, and reliable solutions that can be hosted in the cloud.

In this chapter, we introduce you to the concept of cloud computing, what it includes, and the key advantages of moving to the cloud. We also discuss the various cloud computing models, as well as deployment options for the cloud. Understanding the key differences between the models and deployment options and their use cases and benefits is fundamental to formulating an effective cloud-adoption strategy for your business.

We also look at a high-level overview of virtualization—a principal ingredient that has made cloud computing possible.

This chapter covers the following topics:

What is cloud computing?

Cloud computing is a term used to describe the on-demand access to IT services that comprise compute, network, storage, and software services from third-party suppliers, usually via the public internet or some form of direct wide-area network (WAN) access. Companies can provision necessary IT applications for their organization without having to procure and manage their own infrastructure to host those applications. Instead, they lease/rent the required IT infrastructure from such third-party providers.

Cloud computing has existed for many years in some form, since the invention of the internet. In the old days, Hotmail (first launched in 1996 and now branded as Microsoft Outlook) was a prime example of early cloud computing. You could set up email accounts for your colleagues and yourself on Hotmail and use them to communicate. An alternative would be to host your own email servers' (the infrastructure) network connectivity, as well as the email application (the email software). This would ultimately mean additional costs as well as management overheads to maintain the email servers you hosted.

Today, cloud computing has become mainstream and is, in several cases, the default option for many companies and start-ups. Currently, Amazon Web Services (AWS) is the largest provider of cloud computing services, offering a variety of cloud IT services in the form of infrastructure, platform, and software solutions. You can opt to consume these services rather than creating your own dedicated environment to host your business applications. The sheer size of AWS enables it to actually provide the necessary components to host your business applications at a fraction of the cost, while providing high availability (HA), security, and resilience.

The six advantages of cloud computing

Let's take a look at the six advantages of cloud computing, according to AWS (AWS, Six Advantages of Cloud Computing,https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html), as depicted in the following screenshot:

Figure 1.1 – The six advantages of cloud computing

Tip

The AWS Certified Cloud Practitioner examination assumes that you have these six advantages memorized when testing the Define the AWS Cloud and its value proposition objective.

Let's look at these advantages in detail, as follows:

With cloud computing, you pay for the same infrastructure components only as and when you consume them. This on-demand, pay-as-you-go model also means that you save costs when you are not utilizing resources.

The shift away from capital expense (CAPEX) for variable expense, also known as operating expense (OPEX), means that you can direct your precious business capital to more important areas of investment, such as developing new products or improving your marketing strategy.

With cloud computing and sophisticated management software, you can provision the necessary infrastructure when you need it most. Moreover, with monitoring and automation tools offered by cloud vendors such as AWS, you can automatically scale out your infrastructure as demand increases and scale back in when demand falls. Doing so will allow you to pay only for what you consume, when you consume it.

By hosting your applications on AWS's infrastructure, you no longer need to worry about these hidden costs. Your real-estate costs and utility bills can be dramatically reduced, making your business more competitive.

By way of contrast, the cost of setting up physical data centers in other countries in which you may not have a presence may be cost-prohibitive and might prevent you from rapid global expansion. Access to multiple regions also enables you to meet any compliance or regulatory requirements related to where data is stored and how it is managed.

In this section, we learned about the basics of cloud computing and discussed its six key advantages. We understood that adopting cloud technologies helps customers manage their costs better, while also enabling them to scale their applications much faster and become more agile. In the next section, we'll discuss one of the most important underlying components of a cloud computing service—virtualization.

Exploring the basics of virtualization

Virtualization is one of the core technologies that has enabled cloud computing to go mainstream and has given birth to cloud providers such as AWS, Microsoft Azure, and Google Cloud Platform (GCP), who provide a vast array of services and applications, along with capabilities such as high availability (HA), elasticity, and the ability to provision services for their customers, usually within minutes.

Before the adoption of virtualization, if you wanted to outsource your infrastructure requirements, an IT services provider would have to provision physical infrastructure components such as a physical server for your business and grant access via the internet. Provisioning physical servers, however, often involves long lead times, from sourcing and installing all the hardware components such as the central processing unit (CPU), memory, and storage, to configuring an operating system and any necessary applications. This could mean waiting for days to have your environment configured.

The advancement of hardware technologies such as CPUs, memory, and storage has seen a substantial increase in performance and capability, to the extent that physical servers hosting a single operating system and a few applications often remain idle. Software engineering and the improvements in software design have, by way of contrast, ensured that hardware resources are efficiently consumed to power those applications. The net result has been that physical hardware resources are rarely consumed to their maximum capability by a single operating system and a small set of applications.

This relationship between hardware and software has contributed to the invention of virtualization. Virtualization technologies and hypervisors have made it possible to emulate the physical hardware components of a single physical server as multiple virtual components. These components are then deployed as multiple virtual machines (VMs), each running its own operating system and suite of applications.

A hypervisor is essentially a piece of software that sits between the actual physical hardware and the VMs. It is responsible for enabling the operating systems and applications running on those VMs to access the resources of the physical hardware in a manner that is controlled and that isolates the resources from each other. The hypervisor and its associated management software are used to carve out virtualized representations of the physical hardware components into smaller virtual components, which are then presented as VMs. Each VM can then have its own operating system installed, along with any required applications.

One of the greatest advantages of virtualization is the speed at which resources can be provisioned. With software being used to emulate existing physical hardware (so that the hardware is available when a customer makes a request), the lead times to provision virtual servers, storage, or network environments are drastically reduced.

In the following diagram, we can see how virtualization enables us to allocate virtual storage devices to our individual VMs from the physical storage attached to the server:

Figure 1.2 – Traditional physical architecture versus virtualized architecture

One of the greatest advantages of virtualization is the speed at which resources can be provisioned. Since software is designed to emulate existing physical hardware (to enable the availability of hardware when a customer makes a request), the lead times to provision virtual servers, storage, or network environments is drastically reduced.

Virtualization versus cloud computing

Virtualization, in itself, is not cloud computing. The technology, however, is responsible for making it possible to deliver cloud computing services. One of the primary characteristics of a cloud computing provider is the ability to provision virtualized infrastructure resources using a self-service management tool. AWS offers such tools in the form of its Management Console (accessible via a web browser), command-line interface (CLI), and direct access to its software application programming interfaces (APIs), to enable customers to provision their resources such as servers, network, storage, and databases. By offering well-defined APIs and enabling automation, cloud providers have made it possible for customers to provision necessary resources using a self-service model. Customers do not have to wait in a queue to get their resources deployed while a cloud engineer performs the necessary configuration for them. Customers can interact with the cloud services directly using API calls, and spin up their own resources in a matter of minutes.

Ultimately, cloud computing providers make use of virtualization and modern hardware technologies that are aware of virtualization, as well as software to deliver shared computing resources, Software-as-a-Service (SaaS)-based products, and other on-demand services via the internet. In addition, providers such as AWS offer solutions to enable elasticity, automation, scalability, and HA—all on a pay-as-you-go pricing model, which makes their services accessible to almost any type of client in any location.

In summary, here are the benefits of virtualization:

In this section, we learned that virtualization technology has been a primary driving force in the evolution of cloud computing. The technology enables the provisioning of resources such as servers, networking components, and storage services in a matter of minutes. In addition, virtualization management applications enable us to build self-service platforms. Customers can simply log in to a management console and provision the necessary resources to build an architecture to host their application.

In the next section, we'll explore the cloud computing models available. Different models require varied levels of management and accordingly offer different levels of flexibility.

Exploring cloud computing models

Cloud computing today offers businesses the ability to offload the cost and complexity of hosting and managing their applications—for example, many providers offer mainstream applications as a complete service that does not require any kind of infrastructure management by the customer. Examples include Microsoft Office 365, which is a suite of desktop productivity applications including email, messaging, and collaboration services offered via the internet. At the same time, many organizations also need to host bespoke line-of-business (LOB) applications such as those developed in-house. Often, this means that they need access to configure the necessary infrastructure in a manner best suited to the needs of the application.

To that end, companies can enlist the services of cloud providers such as AWS, which offers different cloud models to suit the specific needs of the business. The following are three main cloud models offered by most cloud vendors such as AWS.

Infrastructure as a Service

The Infrastructure as a Service (IaaS) model offers the greatest flexibility in giving the customer access and the ability to configure the underlying network, storage, and compute services that power their LOB applications. This model is very similar to owning and managing your own physical infrastructure. However, with cloud computing, a clear difference lies in the fact that you work with virtualized infrastructure components rather than having access to the underlying physical components.

The IaaS cloud computing model is ideal if you need greater control over how your infrastructure components need to be configured (usually from the operating system layer up) to support a given application.

Platform as a Service

Platform as a Service (PaaS) is another cloud computing model designed to remove the burden of configuring and managing underlying infrastructure resources such as compute, storage, and network services. PaaS is designed to allow your organization to focus on developing your application code and offers you a platform to deploy and manage your application releases, updates, and upgrades.

As your developers deploy their application code on the PaaS environment, the provider provisions the infrastructure required to support the application. This will include the necessary network architecture, firewall rules, storage, compute services, operating system management, and runtime environments.

Depending on your vendor, the PaaS model may still offer some degree of flexibility in how the underlying infrastructure is configured. AWS, for example, gives you the option to make necessary modifications to the underlying infrastructure, offering an additional level of flexibility. Example of such services include AWS Elastic Beanstalk, AWS OpsWorks, AWS Lambda, and Amazon Relational Database Service (RDS). While the PaaS model offered by AWS removes the need to minutely configure every infrastructure component (something you would have to do with an IaaS model), it still offers the flexibility of deciding just which components are deployed to support your application.

SaaS

With a SaaS model, the applications are completely hosted and managed by the provider. SaaS services take away any need to set up physical infrastructure to host an application. Instead, you simply connect to those applications via the internet and consume the services offered. A majority of SaaS applications today are fully functional via a standard web browser. This also means that there is no requirement to install any client software.

While the need to set up and configure any infrastructure to host a SaaS application is solely owned and managed by the vendor, many SaaS-based applications still require some form of configuration to meet the specific requirements of your business. You will still need to either have in-house expertise to configure the application to your specification or get support from the provider/third parties. For example, Microsoft Office 365 is a SaaS-based online suite of productivity applications that combines email, file-share, and collaboration services. Although you do not need any physical hardware on premises to host the application since it is accessible as a complete product over the internet, you will have to configure the software elements to meet your business needs. This includes security configurations, configuring your domain name to be associated with the email services offered, or enabling encryption services.

Let's look at some typical examples of IaaS, PaaS, and SaaS models, as follows:

Table 1.1 – Cloud computing models

In this section, we explored cloud computing models. We gained an understanding of the key differences between core models such as IaaS, PaaS, and SaaS. Each model comes with its own set of management overheads and with it, the flexibility to design, build, and deploy your applications.

In the next section, we examine cloud deployment models. Here, we assess the differences between hosting your own on-premises cloud (or private cloud) and using the services of a public cloud provider. We also look at how to connect your private cloud environment with the resources you might host with a public cloud provider.

Understanding cloud deployment models

When it comes to deploying cloud services for your organization, you need to consider which deployment model will suit your business. The decision will be taken based on several factors, such as the industry you are in, compliance and regulatory issues, and also cost management and flexibility of configuration.

There are three primary models of deployment, listed as follows:

These models are represented in the following diagram:

Figure 1.3 – Cloud deployment models

Let's look at each model in a little more detail.

Public cloud

A public cloud is a cloud deployment model in which a business consumes IT services from a third-party vendor, such as AWS, over the internet. This is the most popular model of cloud computing due to the vast array of services on offer. Public cloud providers such as AWS are in the business of delivering IT services across all industry verticals and for businesses of all sizes.

Public cloud services are generally paid for on a pay-as-you-go model and can help your organization move away from a CAPEX of mode of investment in IT to an OPEX mode. This frees up precious capital for more important investment opportunities. Services offered by public cloud vendors will include free services, subscription-based, or on-demand pay-as-you-go, where you are charged based on how much you consume. Providers of public cloud services are also able to offer greater scalability and agility that would otherwise have been too expensive to achieve on your own.

With a public cloud model, customers are offered a self-service capability and access to management consoles and command-line interfaces, as well as having API access to configure and consume the services on offer.

Private cloud

By contrast, a private cloud is a cloud deployment model in which your business procures, installs, configures, and manages all the necessary infrastructure and software components in-house. This may sound very similar to traditional on-premises IT. However, the cloud element of it comes from the fact that additional management software is usually deployed to allow different parts of the business to carry out self-service tasks in provisioning compute, storage, network, and software services from an available catalog of services.

While public cloud providers offer their services to all businesses across the globe and the services are therefore publicly available, a private cloud is designed solely for your business, where you will not be sharing underlying compute resources with anyone external to your organization.

A private cloud is highly customizable to suit the needs of your organization, giving maximum control on key areas such as designing security and infrastructure configuration options. This does not necessarily mean that a private cloud provider (for example, Red Hat OpenStack) is more secure than a public cloud provider. Public cloud providers such as AWS invest vast amounts of money to design security features for the services they offer—features that may be cost-prohibitive if an organization tried to implement them on its own.

Hybrid cloud

This is a combination of IT services deployed both on-premises (and managed solely by your business) and integrated with one or more third-party cloud providers.

Many companies that venture into the public cloud generally start with some form of hybrid model. Often, businesses will move/migrate services to the public cloud to reduce CAPEX investment as they opt for a pay-as-you-go model for the consumption of IT services. An example of this is where companies may need to increase the number of servers deployed for their applications, and rather than procuring more expensive physical hardware, they can set up network connectivity between on-premises infrastructure and the public cloud provider, where they would spin up those additional servers as required. Connectivity options between an on-premises environment and a cloud provider can include setting up a secure Internet Protocol Security (IPsec) virtual private network (VPN) tunnel over the public internet, or even establishing a dedicate fiber-based connection, bypassing the public internet altogether and benefiting from greater bandwidth.

A hybrid cloud is generally also used to help start off your disaster recovery (DR) projects, which often need network communication between the private cloud infrastructure and the services offered by public cloud vendors where the DR solution will be hosted. This enables replication of on-premises data and applications to the DR site, hosted with vendors such as AWS.

Hybrid cloud deployments can also help businesses to start testing out new cutting-edge technologies or adopt a phased migration approach to ensure minimum interruption to normal business functions while the migration is underway. In addition, HA solutions can also be implemented. To cite an example, if the on-premises infrastructure is experiencing downtime, consumers of those services can be redirected to replica services hosted with the public cloud provider.

Summary

In this chapter, we explored the basics of cloud computing and how it can help businesses consume necessary IT services to host their applications. We discussed six key advantages of cloud computing and the reasons it offers greater flexibility and resilience, as well as opportunities for innovation and cost reduction.

We also examined three cloud computing models, identifying their key differences and comparing the level of flexibility offered by each model. We also assessed the three cloud deployment models and identified how companies can begin their cloud journey easily by building hybrid cloud solutions.

In the next chapter, we introduce you to AWS. We will discuss its history and provide a brief overview of its services. We will also examine the AWS Global Infrastructure, which gives businesses access to globally dispersed data center facilities within which they can deploy their applications. This will enable businesses to expand their customer reach on a global scale. Then, we will look at the support plans offered by AWS, which are vital to any business looking to consume cloud services.

Questions

Here are a few questions to test your knowledge:

Chapter 2: Introduction to AWS and the Global Infrastructure

In this chapter, we discuss what Amazon Web Services (AWS) is, examine its brief history, and also aim to understand the AWS Global Infrastructure. The Global Infrastructure gives you access to AWS data centers across different continents, enabling you to build highly available, fault-tolerant, and scalable solutions for your customers. In addition, you can also ensure that you place workloads closer to the location of your customers and fulfill any compliance or regulatory requirements.

This key offering from AWS enables you to access and launch resources across different Regions. An in-depth understanding of this will help you meet your clients' requirements—adherence to regulatory and compliance requirements, disaster recovery (DR) solutions, and even cost savings—all leading to a better customer experience.

We also look at the support plans offered by AWS to its customers. Your clients may require different levels of support, depending on the number and complexity of the applications they need to host. Choosing the right plan will be key to ensuring that you have all the support you need while managing your costs effectively and meeting any specific requirements.

This chapter covers the following topics:

What is AWS?

Amazon Web Services (AWS), a subsidiary of Amazon, is the largest public cloud-computing provider in the world. It offers over 175 distinct services to its clients from its data centers located across the globe. These services are accessible over the internet (with some on-premises options available as well) on a metered pay-as-you-go model. Its customer base comprises start-ups, enterprise clients, and even governmental organizations such as the United States (US) Navy.

Gartner Research creates a yearly report known as the Magic Quadrant for Cloud Infrastructure and Platform Services, and over the last few years has awarded AWS top position in the Leaders quadrant.

You can access a wide selection of analytical research reports at https://aws.amazon.com/resources/analyst-reports. In the left-hand menu, simply filter your search for Magic Quadrants to get a selection of Gartner reports, including the aforementioned Magic Quadrant for the Cloud Infrastructure and Platform Services report.

A quick history of AWS

AWS started its journey in 2002 when it began to offer a few ad hoc services to the public. The timeline shown in the following screenshot provides an overview of some of its key milestones and its journey to date:

Figure 2.1 – AWS history: timeline

In this section, we looked at a brief history of AWS and how it emerged as a cloud leader in the market. In the next section, we will examine the AWS Global Infrastructure, which is critical to its functionality and in being able to offer a vast array of cloud services to its clients.

Exploring the AWS Global Infrastructure

The AWS Global Infrastructure comprises multiple data centers that house all the servers, storage devices, and networking equipment across different geographical regions around the globe.

As AWS continues to expand its global footprint, it builds additional data centers, which ultimately leads to an increase in the number of Regions accessible to its customers.

At the time of writing this document, the following screenshot depicts the current live Regions across the globe and includes upcoming ones too:

Figure 2.2 – AWS Global Infrastructure. Image courtesy of AWS (https://aws.amazon.com/about-aws/global-infrastructure/)

An AWS Region is a physical location where AWS will host a cluster of data centers. Within a given Region, these data centers are built such that small groups of the larger cluster are logically and physically separated from each other by a distance that falls within 100 kilometers (km) (60 miles) of each other. These logically and physically separated groups of data centers form what we call Availability Zones (AZs).

AWS currently spans 77 AZs within 24 geographical regions around the world, and has announced plans for 18 more AZs and 6 more AWS Regions in Australia, India, Indonesia, Japan, Spain, and Switzerland.

Let's take a closer look at what Regions and AZs are.

Regions

A Region will consist of a minimum of two AZs, and many even consist of three or more. The North Virginia Region (N. Virginia or us-east-1