Senior Acquisitions Editor: Kenyon Brown
Development Editor: Kathryn Duggan
Production Editor: Lauren Freestone
Copy Editor: Kim Wimpsett
Editorial Manager: Pete Gaughan
Production Manager: Kathleen Wisor
Associate Publisher: Jim Minatel
Proofreader: Tiffany Taylor
Indexer: Johnna VanHoose Dinse
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: © Getty Images, Inc./Jeremy Woodhouse
Copyright © 2019 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-49070-8
ISBN: 978-1-119-49069-2 (ebk.)
ISBN: 978-1-119-49071-5 (ebk.)
Manufactured in the United States of America
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2019939496
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. AWS is a registered trademark of Amazon Technologies, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
We would like to thank the following people who helped us create this AWS Certified Cloud Practitioner Study Guide CLF-C01 Exam.
First, a special thanks to our friends at Wiley. Kenyon Brown, senior acquisitions editor, got the ball rolling on this project and put all the pieces together. Our project editor Kathi Duggan kept us on track and moving in the right direction. We’re also very grateful to our sharp-eyed technical editor John Mueller and Pete Gaughan: we may not know exactly what a “content enablement manager” is, but we do know that this one made a big difference.
Lastly—once again—the authors would like to thank each other!
David Clinton is a Linux server admin who has worked with IT infrastructure in both academic and enterprise environments. He has authored technology books—including AWS Certified Solutions Architect Study Guide: Associate SAA-C01 Exam, Second Edition (Sybex, 2019)—and created 20 video courses teaching Amazon Web Services and Linux administration, server virtualization, and IT security for Pluralsight.
In a previous life, David spent 20 years as a high school teacher. He currently lives in Toronto, Canada, with his wife and family and can be reached through his website: https://bootstrap-it.com.
Ben Piper is a cloud and networking consultant who has authored multiple books including the AWS Certified Solutions Architect Study Guide: Associate SAA-C01 Exam, Second Edition (Sybex, 2019). He has created more than 20 training courses covering Amazon Web Services, Cisco routing and switching, Citrix, Puppet configuration management, and Windows Server Administration. You can contact Ben by visiting his website: https://benpiper.com.
Exercise 1.1 Create an AWS Account
Exercise 2.1 Calculate Monthly Costs for an EC2 Instance
Exercise 2.2 Build a Deployment Cost Estimate Using the AWS Simple Monthly Calculator
Exercise 2.3 Compare the On-Premises Costs of Running Your Application with AWS Costs
Exercise 2.4 Create a Cost Budget to Track Spending
Exercise 3.1 Find Out How to Copy Files from One S3 Bucket to Another
Exercise 3.2 Confirm That Your Account Security Settings Are Compliant with Best Practices
Exercise 4.1 Select a Subnet and AZ for an EC2 Instance
Exercise 4.2 Take a Quick Look at the Way CloudFront Distributions Are Configured
Exercise 5.1 Create a Password Policy for Your IAM Users
Exercise 5.2 Create an IAM User and Assign Limited Permissions
Exercise 5.3 Assign Multiple Users to an IAM Group
Exercise 6.1 Install the AWS Command Line Interface
Exercise 7.1 Select an EC2 AMI
Exercise 7.2 Launch an Apache Web Server on an EC2 Instance
Exercise 8.1 Create an S3 Bucket
Exercise 9.1 Create a DynamoDB Table
Exercise 11.1 Explore the CloudFormation Designer
Exercise 12.1 Create an Inbound Security Group Rule
Exercise 12.2 Create an Application Load Balancer
Exercise 12.3 Create a Launch Template
Exercise 12.4 Create an Auto Scaling Group
Exercise 12.5 Create a Static Website Hosted Using S3
Studying for any certification always involves deciding how much of your studying should be practical hands-on experience and how much should be simply memorizing facts and figures. Between the two of us, we’ve taken more than 20 different IT certification exams, so we know how important it is to use your study time wisely. We’ve designed this book to help you discover your strengths and weaknesses on the AWS platform so that you can focus your efforts properly. Whether you’ve been working with AWS for a long time or you’re relatively new to it, we encourage you to carefully read this book from cover to cover.
Passing the AWS Certified Cloud Practitioner exam won’t require you to know how to provision and launch complex, multitier cloud deployments. But you will need to be broadly familiar with the workings of a wide range of AWS services. Everything you’ll have to know should be available in this book, but you may sometimes find yourself curious about finer details. Feel free to take advantage of Amazon’s official documentation, which is generally available in HTML, PDF, and Kindle formats.
Even though the AWS Certified Cloud Practitioner Study Guide CLF-C01 Exam skews a bit more to the theoretical side than other AWS certifications, there’s still a great deal of value in working through each chapter’s hands-on exercises. The exercises here aren’t meant to turn you into a solutions architect who knows how things work but to help you understand why they’re so important.
Bear in mind that some of the exercises and figures rely on the AWS Management Console, which is in constant flux. As such, screen shots and step-by-step details of exercises may change. If what you see in the Management Console doesn’t match the way it’s described in this book, use it as an opportunity to dig into the AWS online documentation or experiment on your own.
Each chapter includes review questions to thoroughly test your understanding of the services you’ve seen. We’ve designed the questions to help you realistically gauge your understanding and readiness for the exam. Although the difficulty level will vary between questions, you can be sure there’s no “fluff.” Once you complete a chapter’s assessment, refer to Appendix A for the correct answers and detailed explanations.
The book also comes with a self-assessment exam at the beginning with 25 questions, two practice exams with a total of 100 questions, and flashcards to help you learn and retain key facts needed to prepare for the exam.
Changes to AWS services happen frequently, so you can expect that some information in this book might fall behind over time. To help you keep up, we’ve created a place where we’ll announce relevant updates and where you can also let us know of issues you encounter. Check in regularly to this resource at https://awsccp.github.io/.
This book covers topics you need to know to prepare for the Amazon Web Services (AWS) Certified Cloud Practitioner Study Guide exam:
Chapter 1: The Cloud This chapter describes the core features of a cloud environment that distinguish it from traditional data center operations. It discusses how cloud platforms provide greater availability, scalability, and elasticity and what role technologies such as virtualization and automated, metered billing play.
Chapter 2: Understanding Your AWS Account In this chapter, you’ll learn about AWS billing structures, planning and monitoring your deployment costs, and how you can use the Free Tier for a full year to try nearly any AWS service in real-world operations for little or no cost.
Chapter 3: Getting Support on AWS This chapter is focused on where to find support with a problem that needs solving or when you’re trying to choose between complex options. You’ll learn about what’s available under the free Basic Support plan as opposed to the Developer, Business, and Enterprise levels.
Chapter 4: Understanding the AWS Environment In this chapter, we discuss how, to enhance security and availability, Amazon organizes its resources in geographic regions and Availability Zones. You’ll also learn about Amazon’s global network of edge locations built to provide superior network performance for your applications.
Chapter 5: Securing Your AWS Resources The focus of this chapter is security. You’ll learn how you control access to your AWS-based resources through identities, authentication, and roles. You’ll also learn about data encryption and how AWS can simplify your regulatory compliance.
Chapter 6: Working with Your AWS Resources How will your team access AWS resources so they can effectively manage them? This chapter will introduce you to the AWS Management Console, the AWS Command Line Interface, software development kits, and various infrastructure monitoring tools.
Chapter 7: The Core Compute Services Providing an alternative to traditional physical compute services is a cornerstone of cloud computing. This chapter discusses Amazon’s Elastic Compute Cloud (EC2), Lightsail, and Elastic Beanstalk services. We also take a quick look at various serverless workload models.
Chapter 8: The Core Storage Services This chapter explores Amazon’s object storage services including Simple Storage Service (S3) and Glacier for inexpensive and highly accessible storage, and Storage Gateway and Snowball for integration with your local resources.
Chapter 9: The Core Database Services Here you will learn about how data is managed at scale on AWS, exploring the SQL-compatible Relational Database Service (RDS), the NoSQL DynamoDB platform, and Redshift for data warehousing at volume.
Chapter 10: The Core Networking Services AWS lets you control network access to your resources through virtual private clouds (VPCs), virtual private networks (VPNs), DNS routing through the Route 53 service, and network caching via CloudFront. This chapter focuses on all of them.
Chapter 11: Automating Your AWS Workloads This chapter covers the AWS services designed to permit automated deployments and close DevOps integration connecting your development processes with your Amazon-based application environments.
Chapter 12: Common Use-Case Scenarios This chapter illustrates some real-world, cloud-optimized deployment architectures to give you an idea of the kinds of application environments you can build on AWS.
Appendix A: Answers to Review Questions This appendix provides the answers and brief explanations for the questions at the end of each chapter.
Appendix B: Additional Services To make sure you’re at least familiar with the full scope of AWS infrastructure, this appendix provides brief introductions to many of the services not mentioned directly in the chapters of this book.
The authors have worked hard to create some really great tools to help you with your certification process. The interactive online learning environment that accompanies this AWS Certified Cloud Practitioner Study Guide includes a test bank with study tools to help you prepare for the certification exam—and increase your chances of passing it the first time! The test bank includes the following:
Sample tests All the questions in this book are included online, including the assessment test at the end of this introduction and the review questions printed after each chapter. In addition, there are two practice exams with 50 questions each. Use these questions to assess how you’re likely to perform on the real exam. The online test bank runs on multiple devices.
Flashcards The online text banks include 100 flashcards specifically written to hit you hard, so don’t get discouraged if you don’t ace your way through them at first. They’re there to ensure that you’re really ready for the exam. And no worries—armed with the review questions, practice exams, and flashcards, you’ll be more than prepared when exam day comes. Questions are provided in digital flashcard format (a question followed by a single correct answer). You can use the flashcards to reinforce your learning and provide last-minute test prep before the exam.
We plan to update any errors or changes to the AWS platform that aren’t currently reflected in these questions as we discover them here: https://awsccp.github.io/.
Should you notice any problems before we do, please be in touch.
Glossary A glossary of key terms from this book is available as a fully searchable PDF.
Go to www.wiley.com/go/sybextestprep to register and gain access to this interactive online learning environment and test bank with study tools.
According to the AWS Certified Cloud Practitioner Exam Guide (version 1.4), the AWS Certified Cloud Practitioner (CLF-C01) examination is “intended for individuals who have the knowledge and skills necessary to effectively demonstrate an overall understanding of the AWS Cloud, independent of specific technical roles addressed by other AWS certifications” (for example, solution architects or SysOps administrators).
To be successful, you’ll be expected to be able to describe the following:
The exam covers four domains, with each domain broken down into objectives. The following table lists each domain and its weighting in the exam, along with the chapters in the book where that domain’s objectives are covered.
| Domain | Percentage of Exam | Chapter(s) |
| Domain 1: Cloud Concepts | 28% | |
| 1.1 Define the AWS Cloud and its value proposition | 1, 12 | |
| 1.2 Identify aspects of AWS Cloud economics | 1, 12 | |
| 1.3 List the different cloud architecture design principles | 1, 9, 10, 11, 12 | |
| Domain 2: Security | 24% | |
| 2.1 Define the AWS Shared Responsibility model | 4 | |
| 2.2 Define AWS Cloud security and compliance concepts | 5, 6, 8, 10 | |
| 2.3 Identify AWS access management capabilities | 5, 8, 10, 11 | |
| 2.4 Identify resources for security support | 3, 6 | |
| Domain 3: Technology | 36% | |
| 3.1 Define methods of deploying and operating in the AWS Cloud | 6, 7, 8, 9, 10, 11, 12 | |
| 3.2 Define the AWS global infrastructure | 4, 10 | |
| 3.3 Identify the core AWS services | 6, 7, 8, 9, 10 | |
| 3.4 Identify resources for technology support | 3 | |
| Domain 4: Billing and Pricing | 12% | |
| 4.1 Compare and contrast the various pricing models for AWS | 2, 7 | |
| 4.2 Recognize the various account structures in relation to AWS billing and pricing | 2, 7 | |
| 4.3 Identify resources available for billing support | 2, 3, 6 |
Which of the following describes the cloud design principle of scalability?
Which of the following best describes the cloud service model known as infrastructure as a service (IaaS)?
How does AWS ensure that no single customer consumes an unsustainable proportion of available resources?
The AWS Free Tier is designed to give new account holders the opportunity to get to know how their services work without necessarily costing any money. How does it work?
AWS customers receive “production system down” support within one hour when they subscribe to which support plan(s)?
AWS customers get full access to the AWS Trusted Advisor best practice checks when they subscribe to which support plan(s)?
The AWS Shared Responsibility Model illustrates how AWS itself (as opposed to its customers) is responsible for which aspects of the cloud environment?
Which of these is a designation for two or more AWS data centers within a single geographic area?
How, using security best practices, should your organization’s team members access your AWS account resources?
Which of the following describes a methodology that protects your organization’s data when it’s on-site locally, in transit to AWS, and stored on AWS?
What authentication method will you use to access your AWS resources remotely through the AWS Command Line Interface (CLI)?
Which of these is the primary benefit from using resource tags with your AWS assets?
What defines the base operating system and software stack that will be available for a new Elastic Compute Cloud (EC2) instance when it launches?
Which of the following AWS compute services offers an administration experience that most closely resembles the way you would run physical servers in your own local data center?
Which of the following AWS object storage services offers the lowest ongoing charges, but at the cost of some convenience?
Which of the following AWS storage services can make the most practical sense for petabyte-sized archives that currently exist in your local data center?
Which of the following will provide the most reliable and scalable relational database experience on AWS?
What’s the best and simplest way to increase reliability of an RDS database instance?
How does AWS describe an isolated networking environment into which you can launch compute resources while closely controlling network access?
What service does AWS use to provide a content delivery network (CDN) for its customers?
What is Amazon’s Git-compliant version control service for integrating your source code with AWS resources?
Which AWS service allows you to build a script-like template representing complex resource stacks that can be used to launch precisely defined environments involving the full range of AWS resources?
What is Amazon Athena?
What is Amazon Kinesis?
What is Amazon Cognito?
A. A scalable deployment will automatically “scale up” its capacity to meet growing user demand without the need for manual interference. See Chapter 1.
C. IaaS is a model that gives customers access to virtualized units of a provider’s physical resources. IaaS customers manage their infrastructure much the way they would local, physical servers. See Chapter 1.
B. AWS applies usage limits on most features of its services. However, in many cases, you can apply for a limit to be lifted. See Chapter 2.
D. The Free Tier offers you free lightweight access to many core AWS services for a full 12 months. See Chapter 2.
B. “Production system down” support within one hour is available only to subscribers to the Business or Enterprise support plans. See Chapter 3.
D. All support plans come with full access to Trusted Advisor except for the (free) Basic plan. See Chapter 3.
B. According to the Shared Responsibility Model, AWS is responsible for the underlying integrity and security of AWS physical resources, but not the integrity of the data and configurations added by customers. See Chapter 4.
A. An Availability Zone is one of two or more physical data centers located within a single AWS Region. See Chapter 4.
C. Team members should each be given identities (as users, groups, and/or roles) configured with exactly the permissions necessary to do their jobs and no more. See Chapter 5.
A. End-to-end encryption that protects data at every step of its life cycle is called client-side encryption. See Chapter 5.
D. AWS CLI requests are authenticated through access keys. See Chapter 6.
B. Resource tags—especially when applied with consistent naming patterns—can make it easier to visualize and administrate resources on busy accounts. See Chapter 6.
C. The AMI you select while configuring your new instance defines the base OS. See Chapter 7.
C. You can administrate EC2 instances using techniques that are similar to the way you’d work with physical servers. See Chapter 7.
A. Amazon Glacier can reliably store large amounts of data for a very low price but requires CLI or SDK administration access, and retrieving your data can take hours. See Chapter 8.
D. You can transfer large data stores to the AWS cloud (to S3 buckets) by having Amazon send you a Snowball device to which you copy your data and which you then ship back to Amazon. See Chapter 8.
A. RDS offers a managed and highly scalable database environment for most popular relational database engines (including MySQL, MariaDB, and Oracle). See Chapter 9.
C. Multi-AZ will automatically replicate your database in a second Availability Zone for greater reliability. It will, of course, also double your costs. See Chapter 9.
B. A VPC is an isolated networking environment into which you can launch compute resources while closely controlling network access. See Chapter 10.
D. CloudFront is a content delivery network (CDN) that distributes content through its global network of edge locations. See Chapter 10.
A. CodeCommit is a Git-compliant version control service for integrating your source code with AWS resources. See Chapter 11.
D. CloudFormation templates can represent complex resource stacks that can be used to launch precisely defined environments involving the full range of AWS resources. See Chapter 11.
A. Amazon Athena is a managed service that permits queries against S3-stored data. See Chapter 13.
B. Amazon Kinesis allows processing and analyzing of real time video and data streams. See Chapter 13.
A. Amazon Cognito can manage authentication and authorization for your public-facing applications. See Chapter 13.