Comprehensive Guide for AWS Academy Cloud Foundations

Module 1: Cloud Concepts Overview

This guide is organized into sections based on the provided material. It is

designed to help students master the key concepts, understand critical
de nitions, and prepare thoroughly for quizzes and exams.

1. Introduction to Cloud Computing

De nition and Core Concepts

• Cloud Computing: On-demand delivery of IT resources

(compute, storage, databases, etc.) over the internet with pay-as-
you-go pricing.
◦ Resources are hosted in data centers managed by providers
like AWS.
◦ Infrastructure is considered as software, enabling exibility
and scalability.
Traditional vs. Cloud Models

• Traditional Model:

◦ Hardware-centric: Requires physical infrastructure, capital

investment, and maintenance.
◦ Long procurement cycles and risks of over/under-
provisioning.
◦ Example: Launching a new website requires purchasing
hardware and setting up a data center.
• Cloud Model:

◦ Software-centric: Resources are exible, scalable, and

available on-demand.
◦ Lower costs and time for setup; resources can scale
elastically to match demand.
fi
fi
fl
fl
 ◦ Enables businesses to focus on innovation rather than
infrastructure management.

2. Cloud Computing Service Models

1. Infrastructure as a Service (IaaS):
◦ Provides basic building blocks like virtual servers,
networking, and storage.
◦ High exibility and management control.
◦ Example: Amazon Elastic Compute Cloud (EC2).
2. Platform as a Service (PaaS):
◦ Reduces infrastructure management; focuses on app
deployment and management.
◦ Example: AWS Elastic Beanstalk.
3. Software as a Service (SaaS):
◦ Fully managed software solutions (e.g., web-based email
services like Gmail).
◦ Example: AWS provides SaaS applications like Amazon
Connect.

3. Cloud Computing Deployment Models

1. Public Cloud:
◦ Fully hosted in the cloud by service providers like AWS.
◦ Resources are shared among multiple tenants.
2. Hybrid Cloud:
◦ Combines on-premises infrastructure with cloud resources.
◦ Example: Connecting internal systems with cloud databases.
3. Private Cloud (On-Premises):
◦ Dedicated resources for a single organization.
fl
 ◦ Provides high control but lacks exibility of public cloud
solutions.

4. Advantages of Cloud Computing

1. Trade Capital Expense for Variable Expense:
◦ Avoid upfront investment in hardware.
◦ Pay for resources as they are consumed.
2. Massive Economies of Scale:
◦ Providers like AWS aggregate usage across customers,
offering lower prices.
3. Stop Guessing Capacity:
◦ Elastic scalability allows on-demand resource provisioning.
4. Increase Speed and Agility:
◦ Deploy resources in minutes, boosting innovation and
experimentation.
5. Stop Running Data Centers:
◦ Focus on core business activities rather than infrastructure
maintenance.
6. Global Deployment:
◦ Applications can be deployed in multiple regions to reduce
latency and improve customer experience.

5. Introduction to Amazon Web Services (AWS)

AWS Overview

• De nition: AWS is a secure cloud platform offering global IT

products such as compute, storage, databases, and networking.
• Key Features:
◦ Flexible provisioning and scaling.
fi
fl
 ◦ Broad service categories like compute (EC2, Lambda),
storage (S3, EBS), and database (RDS, DynamoDB).
AWS Tools for Resource Management

1. AWS Management Console: Graphical interface for managing

AWS services.
2. AWS CLI (Command Line Interface): Automates resource
management via scripts.
3. AWS SDKs: Enables application integration in programming
languages.

6. AWS Cloud Adoption Framework (AWS CAF)

Overview

• Designed to guide organizations through the cloud adoption

journey.
• Aligns people, processes, and technology.
Six AWS CAF Perspectives
1. Business:
◦ Align IT strategy with business goals.
◦ Stakeholders: Business and nance managers.
2. People:
◦ Focus on skill development and organizational restructuring.
◦ Stakeholders: HR and staf ng managers.
3. Governance:
◦ Align IT processes with business objectives to minimize
risks.
◦ Stakeholders: CIOs, enterprise architects.
4. Platform:
◦ Build and migrate architectures for cloud environments.
fi
fi
 ◦ Stakeholders: CTOs, solution architects.
5. Security:
◦ Implement security controls for compliance and agility.
◦ Stakeholders: CISOs, IT security teams.
6. Operations:
◦ De ne operational procedures for cloud adoption.
◦ Stakeholders: IT operations managers.
7. Key AWS Services and Their Use Cases

Compute

• Amazon EC2: Virtual servers with complete control.

• AWS Lambda: Serverless compute for running code.
• Amazon ECS/EKS: Container orchestration for microservices.
Storage

• Amazon S3: Object storage for scalability and durability.

• Amazon EBS: Block storage for EC2 instances.
• Amazon EFS: Scalable le storage.
Database

• Amazon RDS: Managed relational database service.

• Amazon DynamoDB: NoSQL database for fast, scalable
applications.
Networking

• Amazon VPC: Isolated cloud networks.

• Elastic Load Balancer (ELB): Distributes traf c across resources.
fi
fi
fi
 Detailed Study Notes on AWS Cloud Foundations

Module 1: Cloud Concepts Overview

1. Introduction to Cloud Computing

De nition:

• Cloud computing refers to the on-demand delivery of computing

resources (compute power, databases, storage, and applications)
over the internet using a pay-as-you-go pricing model.
Key Features:

1. Pay-as-you-go: Pay only for the resources you use without upfront
investments.
2. On-demand provisioning: Resources can be provisioned or
decommissioned almost instantly.
3. Scalability: Adjust resources dynamically to meet changing
demands.
4. Global Access: Resources are accessible anywhere, anytime, via
the internet.
5. No infrastructure management: The cloud provider manages
underlying hardware and software.

2. Cloud Service Models

Cloud service models describe how cloud services are structured and
offered. They provide varying levels of control and management.
2.1 Infrastructure as a Service (IaaS):
fi
 • De nition: Provides access to basic computing resources like
virtual machines, storage, and networking.
• Key Characteristics:
◦ High exibility and control.
◦ Users are responsible for managing operating systems,
middleware, and applications.
• Example: Amazon Elastic Compute Cloud (EC2).
2.2 Platform as a Service (PaaS):

• De nition: Provides an environment for developers to build,

deploy, and manage applications without managing the underlying
infrastructure.
• Key Characteristics:
◦ Focus on app development and management.
◦ Simpli es deployment and scalability.
• Example: AWS Elastic Beanstalk.
2.3 Software as a Service (SaaS):

• De nition: Provides fully functional applications managed by the

provider.
• Key Characteristics:
◦ No need to manage hardware or software.
◦ End users only interact with the application.
• Example: AWS WorkDocs.

3. Cloud Deployment Models

The deployment model determines how cloud services are made

available.
3.1 Public Cloud:

• Resources are hosted by a third-party cloud provider and shared

among multiple users.
• Example: AWS public cloud services.
fi
fi
fi
fl
fi
3.2 Private Cloud:

•
Resources are exclusively used by one organization and hosted
either on-premises or by a third-party provider.
• Example: AWS Outposts.
3.3 Hybrid Cloud:

• Combines on-premises infrastructure with public cloud services to

create a uni ed environment.
• Example: Using AWS Direct Connect to link AWS with on-
premises infrastructure.

4. Advantages of Cloud Computing

4.1 Trade Capital Expense (CapEx) for Operational Expense

(OpEx):

• Avoid large upfront costs for hardware.

• Pay only for what is used, making costs more predictable.
4.2 Massive Economies of Scale:

•
Providers like AWS aggregate usage from numerous customers,
reducing costs through bulk purchasing and operational ef ciency.
4.3 Elasticity:

•
Scale resources up or down based on demand without over
provisioning.
4.4 Agility and Speed:

•
Resources can be provisioned in minutes, allowing businesses to
experiment and innovate rapidly.
4.5 Focus on Core Business:

• Reduce time spent on infrastructure management and redirect it

toward business innovation.
fi
fi
4.6 Global Reach:

• Deploy applications across multiple AWS Regions for improved

performance and customer experience.

5. AWS Cloud Adoption Framework (CAF)

A framework to guide organizations in migrating to the cloud effectively

by addressing three key areas: People, Processes, and Technology.
5.1 Perspectives in CAF:

1. Business: Aligns IT goals with business objectives.

2. People: Addresses training, staf ng, and organizational structure
changes.
3. Governance: Focuses on compliance and aligning IT and business
strategies.
4. Platform: De nes the technical requirements for cloud solutions.
5. Security: Establishes secure operations and compliance
mechanisms.
6. Operations: Optimizes day-to-day operations in the cloud.

Module 2: Cloud Economics and Billing

1. AWS Pricing Philosophy

AWS offers a transparent and exible pricing model:

• Pay-as-you-go: Pay for only the resources used.
• Reserved Instances (RIs):
◦ Commitment to a one or three-year term provides signi cant
discounts.
• Spot Instances:
◦ Use spare capacity at reduced costs.
fi
fl
fi
fi
 • Free Tier:
◦ New customers can access free resources for one year.

2. Total Cost of Ownership (TCO)

De nition:

• TCO evaluates the total costs (direct and indirect) associated with
operating IT resources, comparing on-premises and cloud
solutions.
Components of TCO:

1. On-premises Costs:
◦ Server hardware and software.
◦ Power, cooling, and maintenance.
◦ IT staff for management.
2. Cloud Costs:
◦ Usage-based charges for compute, storage, and network.
◦ No upfront infrastructure investment.
Bene ts of AWS TCO:

• Reduced upfront costs.

• Elastic scaling avoids over-provisioning.
• Faster deployment of new solutions.

3. AWS Billing and Cost Management Tools

3.1 AWS Cost Explorer:

• Visualize historical and forecasted costs.

• Analyze spending trends by service or account.
3.2 AWS Budgets:

• Set spending limits and receive alerts if exceeded.

3.3 AWS Pricing Calculator:
fi
fi
 • Model solutions and estimate costs before implementation.
3.4 Consolidated Billing:

• Aggregate charges from multiple accounts for volume discounts.

4. AWS Support Plans

AWS offers four support plans tailored to different needs:

1. Basic:
◦ Free access to documentation and forums.
◦ Limited Trusted Advisor checks.
2. Developer:
◦ Support for non-production workloads.
◦ Access to technical support during business hours.
3. Business:
◦ 24/7 support for production workloads.
◦ Trusted Advisor full access.
4. Enterprise:
◦ Tailored for mission-critical applications.
◦ Includes a Technical Account Manager (TAM).
5. Example: Delaware North Case Study

Background:

• Delaware North, a global food and hospitality provider, migrated

its IT operations to AWS, achieving signi cant cost and
operational bene ts.
Outcomes:

1. Reduced infrastructure costs by $3.5 million over ve years.

2. Improved disaster recovery and security compliance.
3. Accelerated provisioning of resources from weeks to days.
fi
fi
fi
Below is a comprehensive, detailed guide for exam preparation based on
the provided PDF le about AWS Academy Cloud Foundations
Module 2: Cloud Economics and Billing. This guide is designed to
help maximize your chances of scoring 100% on a quiz or exam.

Guide to AWS Cloud Economics and Billing

1. Fundamentals of AWS Pricing

• AWS Pricing Philosophy:

◦ Pay only for what you use.

◦ No long-term contracts required.
◦ Services are available on-demand, with no complex
licensing.
• Cost Drivers:

◦ Compute: Charges depend on the type of instances, duration

of usage, and additional features like data transfer.
◦ Storage: Costs depend on the volume stored and the storage
type (e.g., Amazon S3).
◦ Outbound Data Transfer: Aggregated and charged at the
outbound transfer rate.
• Pricing Models:

◦ Pay-as-you-go: Flexible, use as needed.

◦ Reserved Instances:
▪ All Upfront Reserved Instance (AURI): Largest
savings.
▪ Partial Upfront Reserved Instance (PURI): Medium
savings.
▪ No Upfront Reserved Instance (NURI): Smallest
savings, more exibility.
◦ Free Tier:
fl
fi
 ▪ New customers get free access to services like EC2
(T2.micro), S3, and Elastic Load Balancing for up to
one year.
• Discounts:

◦ Volume-based discounts for higher usage (e.g., Amazon S3

tiered pricing).
◦ Cost savings as AWS grows and achieves economies of scale.
2. Total Cost of Ownership (TCO)

• Comparison:

◦ On-premises Infrastructure:
▪ High upfront capital expenditure (hardware, facilities).
▪ Fixed costs, even if utilization decreases.
▪ Limited scalability.
◦ AWS Cloud:
▪ Pay only for used resources.
▪ Easy scalability (up or down).
▪ Lower total costs with no long-term commitments.
• Components of TCO:

◦ Direct Costs: Servers, storage, networking, and IT labor.

◦ Indirect Costs: Maintenance, power, and cooling for on-
premises solutions.
• Cost Reduction Examples:

◦ Case Study: Delaware North saved $3.5 million over ve

years by migrating to AWS.
3. AWS Billing and Cost Management Tools

• Billing Dashboard:

◦ Monitor monthly expenditure and trends.

◦ Visualize costs by service with graphs like “Month-to-Date
Spend by Service.”
fi
 • AWS Bills:

◦ Provides detailed breakdowns of usage and costs by service,

region, and linked account.
• Cost Explorer:

◦ Free tool for analyzing past usage and costs.

◦ Features include:
▪ 13-month historical data.
▪ 3-month forecast.
▪ Service and region-speci c insights.
• AWS Budgets:

◦ Allows users to set and track spending limits.

◦ Sends alerts when usage exceeds budgets.
• AWS Cost and Usage Reports:

◦ Detailed records of usage by service category.

◦ Can be exported to Amazon S3 for further analysis.
4. AWS Organizations

• Purpose:

◦ Consolidate multiple AWS accounts for centralized

management.
◦ Simplify billing and improve security and compliance.
• Features:

◦ Service Control Policies (SCPs):

▪ Manage access to AWS services for accounts within an
organization.
◦ Hierarchical Structure:
▪ Organization root → Organizational Units (OUs) →
AWS Accounts.
◦ Consolidated Billing:
▪ One bill for all accounts.
fi
 ▪ Volume-based discounts.
• Management Interfaces:

◦ AWS Management Console.

◦ AWS CLI (Command Line Interface).
◦ AWS SDKs for programming access.
5. AWS Technical Support Plans

• Support Plans:

◦ Basic: Free; limited features like documentation and forums.

◦ Developer: For non-production workloads; access to
technical guidance.
◦ Business: For production workloads; includes 24/7 support
and Trusted Advisor.
◦ Enterprise: For mission-critical workloads; includes a
dedicated Technical Account Manager (TAM).
• Severity Levels for Support Cases:

◦ Critical, Urgent, High, Normal, and Low.

◦ Response times depend on severity and chosen support plan.

Key Concepts and De nitions

• AWS Pricing Calculator:

◦ Estimate monthly AWS costs.

◦ Identify cost-saving opportunities.
◦ Plan and model solutions before implementation.
• AWS Trusted Advisor:

◦ Checks for cost optimization, security, and performance.

• Reserved Instances:

◦ Long-term commitment for lower prices.

◦ Suitable for predictable workloads.
fi
 • Consolidated Billing:

◦ Aggregate costs across accounts for discounts.

◦ Simpli ed nancial management.

Exam Preparation Tips

• Focus on understanding how AWS services are priced and billed.

• Memorize the different pricing models (pay-as-you-go, reserved
instances).
• Familiarize yourself with AWS tools like Cost Explorer, Pricing
Calculator, and Budgets.
• Study the bene ts of using AWS Organizations for account
management.
• Practice calculating costs using real-world examples, such as the
Delaware North case study.
Practice Questions

1. Explain the three main cost drivers in AWS pricing.

2. Compare and contrast on-premises infrastructure with AWS cloud
infrastructure.
3. How does the AWS Free Tier bene t new users?
4. What is the purpose of service control policies (SCPs) in AWS
Organizations?
5. Which AWS support plan would you recommend for a company
with mission-critical workloads, and why?
This guide should prepare you thoroughly for any quiz or exam related
to AWS Cloud Economics and Billing. Good luck!

Comprehensive Study Guide: AWS Academy Cloud Foundations

Module 3 - Global Infrastructure Overview
fi
fi
fi
fi
 Introduction

This guide provides a structured overview of AWS Global Infrastructure

and Service Categories, designed to prepare students for quiz and exam
success. Each topic is covered with clear de nitions, detailed
explanations, and highlighted examples to ensure thorough
understanding.

Section 1: AWS Global Infrastructure

Core Components
1. AWS Regions:
◦ A Region is a physical geographic location with multiple
Availability Zones (AZs).
◦ Key characteristics:
▪ Isolated for fault tolerance and stability.
▪ Data is not replicated across Regions unless explicitly
con gured by the customer.
◦ Example: US East (N. Virginia), Asia Paci c (Tokyo).
2. Availability Zones (AZs):
◦ Separate data centers within a Region.
◦ Fully isolated but connected by low-latency, high-bandwidth
links.
◦ Enable high availability and fault tolerance for applications.
◦ Example: A Region may have 3 AZs, such as "us-east-1a",
"us-east-1b", "us-east-1c".
3. Edge Locations and Regional Edge Caches:
◦ Edge Locations: Deliver content closer to end users to
reduce latency (e.g., for Amazon CloudFront).
fi
fi
fi
 ◦ Regional Edge Caches: Serve less frequently accessed
content for improved performance.
Choosing a Region

• Key Considerations:
1. Data Governance: Legal or regulatory requirements.
2. Proximity to Users: Reduces latency.
3. Services Availability: Some services may not be offered in
all Regions.
4. Cost: Pricing may vary by Region.

Section 2: Bene ts of AWS Global Infrastructure

Key Features
1. Elasticity and Scalability:
◦ Adjust resources dynamically to match demand.
2. Fault Tolerance:
◦ Built-in redundancy ensures continuous operation during
failures.
3. High Availability:
◦ Minimized downtime through multiple AZs and automated
failover.

Section 3: AWS Service Categories

Overview

AWS provides services grouped into categories. Here are the most
critical ones for exam preparation:
1. Compute Services

• Amazon EC2: Virtual servers in the cloud.

• AWS Lambda: Server less compute; pay only for execution time.
fi
 • Elastic Load Balancing (ELB): Distributes incoming application
traf c.
• Amazon ECS/EKS: Container orchestration services for Docker
and Kubernetes.
2. Storage Services

• Amazon S3:
◦ Scalable object storage for a wide variety of use cases.
◦ Offers S3 Glacier for long-term, low-cost archival storage.
• Amazon EBS:
◦ Block storage for EC2 instances; suitable for databases.
• Amazon EFS:
◦ Fully managed Network File System (NFS) for scalable
storage.
3. Database Services

• Amazon RDS:
◦ Managed relational databases (e.g., MySQL, PostgreSQL).
• Amazon DynamoDB:
◦ NoSQL database for high-speed and scalable operations.
• Amazon Redshift:
◦ Data warehousing for analytics.
4. Networking and Content Delivery

• Amazon VPC:
◦ Virtual private cloud for isolated networking environments.
• Amazon CloudFront:
◦ Content Delivery Network (CDN) for low-latency data
delivery.
• Amazon Route 53:
◦ DNS web service for domain routing.
5. Security, Identity, and Compliance

• IAM:
fi
 ◦ Manage user access and permissions securely.
• AWS Shield:
◦ Protects applications from DDoS attacks.
• AWS Key Management Service (KMS):
◦ Centralized key management for encryption.
6. Cost Management

• AWS Budgets:
◦ Set custom spending limits and alerts.
• AWS Cost Explorer:
◦ Visualize and analyze cost trends.
7. Management and Governance

• AWS Management Console:

◦ Web-based interface for managing AWS resources.
• AWS CloudTrail:
◦ Logs API activity for audit and governance.
• AWS Trusted Advisor:
◦ Recommends improvements for cost, performance, and
security.

Section 4: Hands-on Activities and Labs

Activities to Reinforce Learning

1. Explore the AWS Global Infrastructure Map:
◦ Familiarize yourself with Regions and AZs.
2. Navigate the AWS Management Console:
◦ Practice accessing services in different categories.
3. Set Up Resources:
◦ Create an S3 bucket.
◦ Launch an EC2 instance and attach an EBS volume.
4. Con gure Networking:
◦ Set up a VPC with public and private subnets.
fi
Section 5: Exam Tips

Key Focus Areas

• Understand the differences between Regions, Availability Zones,

and Edge Locations.
• Memorize service categories and examples.
• Review pricing differences between Regions.
• Practice navigating the AWS Management Console.
Practice Questions

1. What is the purpose of Availability Zones in AWS?

2. Name three services under the Compute category.
3. How does Amazon CloudFront improve performance for end
users?

Final Summary

This guide highlights essential concepts and services related to AWS

Global Infrastructure and Service Categories. With this structured
preparation, students can master the topics and excel in their exams.

Module 3: AWS Global Infrastructure Overview

1. AWS Global Infrastructure

Key Components

1. AWS Regions
◦ A Region is a physical location worldwide where AWS has
clusters of data centers.
◦ Each Region contains multiple Availability Zones (AZs).
 ◦ Examples:
▪ US East (N. Virginia)
▪ Asia Paci c (Singapore)
◦ Characteristics of Regions:
▪ Regions are isolated from one another to ensure fault
tolerance.
▪ Customers choose Regions based on compliance,
proximity, and pricing.
2. Availability Zones (AZs)
◦ AZs consist of one or more data centers located in a Region.
◦ They are independent to minimize risks (e.g., natural
disasters).
◦ Interconnected with low-latency, high-bandwidth
networking.
◦ Enable high availability by distributing resources across
multiple AZs.
3. Edge Locations
◦ These are smaller data centers used to deliver content to users
with low latency.
◦ Used by services like Amazon CloudFront and Route 53.
◦ Positioned in major cities worldwide.
Region Selection Considerations

• Data Governance and Compliance: Laws like GDPR or local

regulations may mandate data residency.
• Latency: Choose the nearest Region to reduce delays for users.
• Service Availability: Not all AWS services are available in every
Region.
• Cost: Pricing varies between Regions. For example, EC2 instance
costs in the US East (Ohio) Region are lower than in Asia Paci c
(Tokyo).
Bene ts of AWS Global Infrastructure
fi
fi
fi
 • Elasticity: Scales resources dynamically based on demand.
• Fault Tolerance: Redundant systems handle failures.
• High Availability: Maintains uptime with minimal manual
intervention.

2. AWS Service Categories

Compute Services

• Amazon EC2 (Elastic Compute Cloud):

◦ Scalable virtual machines for exible workloads.
◦ Offers instance types optimized for compute, memory, or
storage.
• AWS Lambda:
◦ Serverless computing that runs code based on events.
◦ No need to manage servers; pay only for execution time.
• Elastic Load Balancing (ELB):
◦ Automatically distributes incoming application traf c.
Storage Services

• Amazon S3 (Simple Storage Service):

◦ Object storage with unlimited scalability.
◦ Ideal for backups, big data, and IoT data storage.
• Amazon EBS (Elastic Block Store):
◦ High-performance block storage for EC2 instances.
◦ Supports transactional and throughput-intensive workloads.
• Amazon Glacier:
◦ Low-cost storage designed for data archiving.
Networking and Content Delivery

• Amazon VPC (Virtual Private Cloud):

◦ A private, isolated network on AWS.
◦ You control IP addressing, routing, and security settings.
• Amazon CloudFront:
fl
fi
 ◦ Content delivery network for faster data transfer to users
globally.
• Amazon Route 53:
◦ Scalable Domain Name System (DNS) for routing end-user
requests.

3. Summary of Key Concepts

• Regions and Availability Zones (AZs) form the backbone of

AWS global infrastructure.
• Edge Locations cache content closer to users for performance
improvements.
• Service categories include compute, storage, networking, and
more.

Comprehensive Study Guide: AWS Academy Cloud Foundations

Module 4 - Cloud Security

Introduction

This guide provides an in-depth analysis of AWS Cloud Security topics

outlined in Module 4. It is designed to prepare students thoroughly for
quizzes and exams. The content is systematically categorized to ensure
understanding of key concepts, responsibilities, and tools provided by
AWS for security and compliance.

Section 1: AWS Shared Responsibility Model

Overview

• AWS and customers share responsibilities to secure cloud

environments.
 •
AWS ensures security "of the cloud", while customers are
responsible for security "in the cloud".
AWS Responsibilities

•
Security of the global infrastructure:
◦ Physical Security:
▪ Controlled, need-based access to data centers.
▪ 24/7 security guards, video surveillance.
▪ Access logging and review.
◦ Hardware: Servers, storage devices.
◦ Network: Routers, switches, rewalls, load balancers.
Customer Responsibilities

•
Data encryption (at rest and in transit).
•
Security con gurations (e.g., rewalls, operating system patches).
•
Content management:
◦ Storage, masking, anonymization, and encryption of data.
◦ Access rights and permissions management.
Key Takeaways

• Security of infrastructure is AWS’s responsibility.

• Data and resource security within the cloud is the customer's
responsibility.

Section 2: AWS Identity and Access Management (IAM)

Core Components

1. IAM Users:
◦ Individual users with unique credentials.
◦ Different access types: programmatic or console.
2. IAM Groups:
◦ Simplify management of user permissions.
◦ Users inherit group permissions.
3. IAM Roles:
fi
fi
fi
 ◦ Temporary access with de ned policies.
◦ Ideal for delegation and cross-account access.
4. IAM Policies:
◦ JSON documents specifying permissions.
◦ Types:
▪ Identity-based Policies: Attached to users, groups, or
roles.
▪ Resource-based Policies: Attached to AWS resources.
Best Practices

• Enable Multi-Factor Authentication (MFA).

• Follow the principle of least privilege.
• Use tools like the IAM Policy Simulator for testing and
troubleshooting.

Section 3: Securing a New AWS Account

Steps to Secure a New Account

1. Create IAM users with appropriate permissions.

2. Enable MFA for root and IAM users.
3. Disable root access keys.
4. Implement a strong password policy.
5. Monitor account activities using AWS CloudTrail.
6. Enable AWS Cost and Usage Reports for nancial monitoring.

Section 4: Securing AWS Data

Data Encryption

• At Rest:
◦ Use AES-256 encryption.
◦ Automate encryption with AWS Key Management Service
(KMS).
• In Transit:
fi
fi
 ◦ Secure with Transport Layer Security (TLS).
◦ Use AWS Certi cate Manager for managing certi cates.
Amazon S3 Security

• Block Public Access:

◦ Override other permissions to prevent exposure.
• Bucket Policies and IAM Policies:
◦ De ne access controls across users and accounts.
• Access Control Lists (ACLs):
◦ Manage granular permissions.
• AWS Trusted Advisor:
◦ Checks for global access permissions in S3.

Section 5: AWS Compliance

Compliance Programs

• AWS aligns with global standards like ISO 27001, HIPAA, and
GDPR.
• Tools to ensure compliance:
◦ AWS Con g: Monitors resource con gurations.
◦ AWS Artifact: Provides compliance reports and security
documents.
Service Control Policies (SCPs)

• Restrict permissions across organizational units (OUs).

• De ne the maximum allowed actions for users and accounts.

Section 6: Additional Security Services

AWS Shield

• Protects applications from DDoS attacks.

• Two tiers:
◦ Standard: Automatic protection for all AWS customers.
fi
fi
fi
fi
fi
fi
 ◦ Advanced: Enhanced protection with cost support for large-
scale attacks.
AWS Key Management Service (KMS)

• Centralized encryption key management.

• Compatible with multiple AWS services.
Amazon Cognito

• Identity and access solutions for applications.

• Supports Single Sign-On (SSO) via SAML.

Lab Activities

1. IAM Con guration:

◦ Create users, groups, and policies.
◦ Simulate policy effects.
2. Account Setup:
◦ Enable MFA.
◦ Con gure AWS CloudTrail.
3. Secure Data:
◦ Use S3 bucket policies.
◦ Apply encryption for data at rest and in transit.
Module 4: AWS Cloud Security

1. AWS Shared Responsibility Model

Division of Responsibilities

• AWS Responsibilities (Security of the Cloud):

◦ Protecting hardware, software, and the physical data centers.

◦ Ensuring high availability of cloud infrastructure.
• Customer Responsibilities (Security in the Cloud):

◦ Managing their data, applications, and OS security.

fi
fi
 ◦ Con guring network security (e.g., security groups, rewall
rules).
◦ Encrypting data at rest and in transit.
Examples Based on Service Models:

• IaaS (e.g., Amazon EC2):

◦ Customers manage OS updates, applications, and network
con gurations.
• PaaS (e.g., AWS RDS):
◦ AWS manages the underlying infrastructure and patching.
Customers manage the data and permissions.
• SaaS (e.g., AWS Shield):
◦ AWS handles most responsibilities. Customers con gure
their data access.

2. Identity and Access Management (IAM)

Components

1. IAM Users:
◦ Represent individuals or applications with unique credentials.
2. IAM Groups:
◦ Collections of users sharing the same set of permissions.
◦ Simpli es permissions management.
3. IAM Roles:
◦ Assign temporary permissions to users or services.
◦ Example: An EC2 instance assumes a role to access S3
buckets.
4. IAM Policies:
◦ JSON documents that de ne access permissions for
resources.
◦ Types of policies:
fi
fi
fi
fi
fi
fi
 ▪ Identity-based: Attached to users, groups, or roles.
▪ Resource-based: Attached to AWS resources (e.g., S3
bucket policies).
Best Practices

• Use the principle of least privilege to grant only necessary

permissions.
• Enable Multi-Factor Authentication (MFA) for additional
security.
• Test and troubleshoot permissions with the IAM Policy
Simulator.

3. Securing AWS Accounts

Best Practices for Root Account Security

1. Avoid using the root account for daily operations.

2. Create IAM users and grant permissions based on roles.
3. Enable MFA for all users and especially for root.
4. Delete root access keys if not needed.
AWS CloudTrail

• Logs all API calls to resources in your account for auditing.

• Tracks changes to resources for accountability.

4. Data Security on AWS

Encryption

• Data at Rest:

◦ Encrypt data stored in AWS services using AES-256

encryption.
◦ Use AWS Key Management Service (KMS) for encryption
key management.
 • Data in Transit:

◦ Secure data using Transport Layer Security (TLS) 1.2.

◦ AWS Certi cate Manager (ACM) provides SSL/TLS
certi cates for secure communication.
Data Backup and Recovery

• Use Amazon S3 Versioning to retain multiple versions of an

object.
• Automate backups with AWS Backup service.

5. Security and Compliance Services

• AWS Shield:

◦ Protects applications against DDoS attacks.

◦ AWS Shield Advanced offers higher-tier protection.
• AWS Artifact:

◦ Provides access to AWS compliance reports and agreements.

• Amazon Cognito:

◦ Simpli es user sign-up, sign-in, and access control for web

and mobile applications.

Key Takeaways

• The Shared Responsibility Model divides security tasks between

AWS and customers.
• IAM roles, policies, and MFA are critical for secure account
management.
• Encrypt data at rest and in transit using AWS tools.
• Use compliance services like AWS Shield and AWS KMS to meet
regulatory needs.
fi
fi
fi
Comprehensive Guide for AWS Academy Cloud Foundations
Module 5: Networking and Content Delivery

Introduction

This guide focuses on the fundamentals of AWS Networking and

Content Delivery services, with emphasis on Amazon Virtual Private
Cloud (VPC), Amazon Route 53, and Amazon CloudFront. It
includes theoretical concepts, practical activities, and key takeaways for
effective exam preparation.

Section 1: Networking Basics

Key Concepts

• Network De nition: A network is a connection of two or more

devices sharing resources, partitioned into subnets.
• Components:
◦ Router: Directs traf c between subnets.
◦ IP Addresses: Unique identi ers for devices in a network,
available as:
▪ IPv4: 32-bit (e.g., 192.0.2.0).
▪ IPv6: 128-bit (e.g.,
2600:1f18:22ba:8c00:ba86:a05e:a5ba:00FF).
fi
fi
fi
 CIDR Notation

• Structure: IP address/Prefix length (e.g.,

192.0.2.0/24).
• Special Cases:
◦ /32: Single IP address.
◦ /0: Represents the entire internet.

Section 2: Amazon VPC

Overview

• Amazon VPC: A logically isolated section of AWS Cloud for

resource deployment.
• Capabilities:
◦ De ne IP ranges (IPv4/IPv6).
◦ Create public and private subnets.
◦ Use security layers like Security Groups and Network ACLs.
Components

• Subnets:
◦ Public: Internet accessible.
◦ Private: No direct internet access.
• IP Addressing:
◦ Assign CIDR blocks during VPC creation.
◦ Ensure non-overlapping blocks between subnets.
Networking Features

• Internet Gateway: Connects VPC to the internet.

• NAT Gateway: Allows private subnets to access the internet
without exposing them.
• Elastic Network Interface (ENI): Virtual network interface
attached to instances.

Section 3: VPC Networking

fi
 Advanced Features

• VPC Sharing: Share subnets across AWS accounts.

• VPC Peering: Connect VPCs for internal communication,
restricted by:
◦ Non-overlapping IP spaces.
◦ No transitive peering.
• AWS Direct Connect: Establish private, high-bandwidth
connections to AWS.
• AWS Transit Gateway: Simpli es multi-VPC and on-premises
network connectivity.

Section 4: VPC Security

Security Groups

• Instance-level Firewalls:
◦ Allow inbound and outbound traf c based on rules.
◦ Default Rules: Allow all outbound traf c, block inbound
traf c.
◦ Stateful: Automatically allows return traf c.
Network ACLs

• Subnet-level Firewalls:
◦ Separate inbound and outbound rules.
◦ Stateless: Requires explicit rules for return traf c.
Comparison
Security
Feature Network ACLs
Groups
Scope Instance Level Subnet Level
Allow and
Rules Allow only
Deny
Stateful/
Stateful Stateless
Stateless
fi
fi
fi
fi
fi
fi
 Section 5: Amazon Route 53

Core Features

• Purpose: Domain Name System (DNS) web service.

• Functions:
◦ Resolves domain names to IP addresses.
◦ Routes user traf c based on con gured policies.
Routing Policies

• Simple: Basic round-robin.

• Weighted: Divides traf c by percentage.
• Latency-based: Routes to the lowest latency region.
• Geolocation/Proximity: Routes traf c by user location.
• Failover: Ensures application availability during outages.
• Multivalue Answer: Responds with multiple healthy resources.

Section 6: Amazon CloudFront

Overview

• CloudFront: Content Delivery Network (CDN) for faster content

delivery globally.
• Key Bene ts:
◦ Improves latency for user access.
◦ Reduces server load.
◦ Supports dynamic and static content delivery.

Activities and Labs

Practical Exercises

1. Network Diagram:
◦ Label components like subnets, route tables, and gateways.
2. VPC Architecture:
fi
fi
fi
fi
fi
 ◦ Design a VPC with public/private subnets and a NAT
Gateway.
3. Hands-on Lab:
◦ Create a VPC.
◦ Add subnets and launch a web server instance.