AWS Certified Cloud Practitioner CLF-C02

Explore the fundamentals of traditional IT and cloud computing, from on-prem servers and data centers to scalable cloud services, IP routing, and essential networking components.

Explore cloud computing as on-demand access to computing resources and applications, with pay-as-you-go pricing, scalable private, public, and hybrid models, and AWS as a leading cloud provider.

Explore cloud computing models—IaaS, PaaS, and SaaS—and see how AWS services like EC2 and Elastic Beanstalk replace on-premises infrastructure, while pay-as-you-go pricing scales compute, storage, and data leaving the cloud.

Explore the history and global infrastructure of AWS, from the 2002 internal launch to 2006 public services SQS, S3, and EC2, and learn about regions, availability zones, and edge locations.

Identify the shared responsibility model, detailing your security duties inside the cloud and AWS's protection of infrastructure. Review the acceptable use policy to ensure compliant, secure cloud practice.

Explore identity and access management with IAM by creating users and groups, applying least-privilege policies, and managing permissions across EC2, Elastic Load Balancing, and CloudWatch.

Learn to create iam users and an admin group with administrator access, set passwords and tags, and sign in with an account alias for secure aws account management.

Explore how IAM policies manage user access by applying group policies to DevOps and marketing teams, and use inline policies for Yasmina; cover principals, actions, resources, and conditions.

Strengthen AWS security by enforcing a strong password policy and adopting multi-factor authentication (MFA) through virtual MFA options like Google Authenticator and OFI, and UF security keys.

Set up and enforce strong password policies in the IAM console and enable multi-factor authentication for your AWS root account, using an authenticator app to generate changing codes.

Explore AWS access methods: the management console, the CLI, and the SDKs, and learn how to generate and safeguard access keys to securely use AWS APIs.

Install the AWS CLI version 2 on Linux by downloading, unzipping, and running the installer with sudo. Verify by running aws version and use the AWS CLI to manage resources.

Create AWS access keys and configure the AWS CLI with your key, secret, and a chosen region. Compare permission handling in the console and CLI, including admin access changes.

Explore AWS cloud shell, a cloud-based terminal with pre-installed AWS CLI, region options, file persistence, and easy upload/download, alongside your local terminal.

Explore IAM roles for AWS services, enabling Lambda to assume permissions and access resources like S3. Prepare to create an IAM role in upcoming lectures.

Create and configure IAM roles for EC2 and Lambda in the AWS console, attaching the IAM Read Only Access policy and defining trusted entities for each service.

Investigate IAM security tools by reviewing the IAM credentials report to assess all account users and credential statuses. Then use the Access Advisor to identify underused permissions for least-privilege access.

Generate and download the credentials report to review root and Danielle's account details, including creation date, password status, MFA, and access key status.

enforce least privilege with IAM best practices to secure AWS accounts by limiting root usage, creating IAM users and groups, enabling MFA, and using roles for resources.

Explore AWS security token service STS, which issues temporary credentials with restricted privileges to access resources and enable identity federation and cross-account access via IAM roles.

Discover how Amazon Cognito manages user identities for web and mobile apps, scales to millions of users, supports social logins, and provides seamless authentication and management on AWS.

Explore how Microsoft Active Directory centralizes users and devices and how AWS Directory Services extends or proxies this with AWS managed Microsoft AD, AD Connector, and Simple AD.

Discover how the AWS IAM Identity Center enables single sign-on for all accounts and SAML 2.0 enabled apps via a single URL, with Directory Services options.

Explore Amazon S3's storage architecture, including globally unique buckets and objects with keys, prefixes, versioning, and limitless scalability; learn its uses for backup, disaster recovery, archival, data lake, and hosting.

Learn to create and manage an amazon s3 bucket, pick the region, enable public access blocking and server-side encryption, and upload objects and folders with pre-signed URLs.

Explore how IAM policies and S3 bucket policies control access to objects, including cross-account and public access. Learn about encryption, ACLs, and the block public access safeguards.

Use the AWS policy generator to create a public S3 bucket policy that allows the get object action for everyone, then save and verify public access in the bucket.

Learn how to host a static website on Amazon S3 by creating a bucket for HTML files and images and configuring a bucket policy for public read access.

Configure an Amazon S3 bucket to host a website, upload index.html and an image, enable static website hosting, ensure public access, and verify the bucket website endpoint serves the page.

Enable bucket-level versioning in Amazon S3 to create new file versions on each upload, use delete markers, and rollback to previous versions, noting pre-versioned uploads have a null version.

Enable versioning on your S3 bucket to manage multiple file versions with version IDs and delete markers. Edit index.html, upload changes, view versions, and restore or permanently delete specific versions.

Explore Amazon S3 replication, including cross region replication (crr) and same region replication (sr), enabled by versioning and iam permissions across accounts, with batch options for existing objects.

Set up S3 cross region replication by creating origin and replica buckets, enabling versioning, applying a replication rule for all objects, and enabling delete marker replication.

Explore Amazon S3 storage classes, including standard, infrequent access, one zone infrequent access, Glacier Instant Retrieval, Glacier Flexible Retrieval, Glacier Deep Archive, and intelligent-tiering, and learn their durability and availability.

Explore AWS S3 storage classes in a hands-on lab, creating a bucket, uploading an object, and selecting standard, intelligent-tiering, one zone IA, and glacier variants; automate transitions with lifecycle rules.

Discover aws snowball, an edge data device for migrating petabytes to aws and processing data at the edge, with storage up to 210 TB or compute up to 28 TB.

Explore the AWS Snow Family and learn how to import data from S3 with Snowball Edge, or export and use edge computing, including pricing, encryption, service roles, and shipping.

Explore the shared responsibility model for Amazon S3, where AWS maintains infrastructure durability, availability, and compliance, while users configure versioning, bucket policies, verification, encryption, logging, and storage class optimization.

Discover how Amazon S3 operates in a hybrid cloud by connecting on premises storage to the cloud via the Storage Gateway, enabling disaster recovery, backup, and tiered storage.

Set up and monitor AWS budgets and alerts to manage spending. Configure IAM access to billing, review cost breakdowns, and use the free tier to prevent unexpected charges.

Explore AWS EC2 basics, where you learn about elastic compute cloud, virtual machines, scalable storage with EBS and EFS, load balancing, autoscaling, and EC2 User Data for automated setups.

Launch EC2 instance from the EC2 console with Amazon Linux 2, set up a key pair and security group for SSH and HTTP, and use user data to install httpd.

Explore the seven EC2 instance categories—general purpose, compute optimized, memory optimized, and storage optimized—and understand how instance types, naming conventions, vCPUs, memory, and cost influence your choice.

Explore how security groups act as EC2 firewalls, controlling inbound and outbound traffic with allow rules and group references. Understand ports and common configurations for SSH, HTTP, HTTPS, and RDP.

Explore security groups for your EC2 instance, focusing on inbound and outbound rules that govern ssh port 22 and http port 80, and learn how to troubleshoot timeouts.

Learn secure ssh access to Linux servers across Mac, Linux, and Windows, using built-in command line interface, Windows 10+ ssh, or PuTTY, plus EC2 instance connect via browser.

Learn to connect to an EC2 instance from a terminal by following AWS instructions, locate the SSH key, and ensure the IP address remains correct after stop and start.

Connect to your EC2 instance using EC2 Instance Connect with an SSH inbound rule in security group. Open the terminal and run commands; if SSH rule is missing, connectivity fails.

Demonstrates attaching an IAM role to an EC2 instance to grant credentials securely. Shows how IAM roles enable AWS CLI access without AWS configure or hard-coded keys.

Explore EC2 pricing models including on-demand pay-by-second, reserved instances (standard and convertible) with 1-3 year terms, savings plans, spot instances, dedicated hosts and dedicated instances, and capacity reservations.

Understand AWS IPv4 pricing: each public IPv4 address costs $0.005 per hour (about $3.60 monthly) with a 12-month free tier offering 750 hours, then charges apply for non-EC2 services.

Understand the shared responsibility model for EC2: AWS handles data centers, infrastructure, security, hardware replacement, and compliance, while you manage security groups, the VM, OS updates, software, and IAM permissions.

Explore Elastic Block Store (EBS) volumes for EC2, learning how network based drives attach to running instances, preserve data after termination, and manage availability zones, provisioning, and snapshots.

Explore elastic block store volumes (EBS) on a running EC2 instance by creating, attaching, and managing GP2 and GP3 volumes across availability zones, and observe the delete on termination behavior.

Create and copy EBS snapshots across availability zones and regions, enabling high availability and disaster recovery, with archive, recycle bin, and fast restore options.

Learn to create and manage GP2 EBS snapshots, copy snapshots across AWS regions for disaster recovery, and create volumes from snapshots, using the recycle bin with retention rules.

Explore the role of Amazon machine images (AMI) as templates for launching EC2 instances, containing software configurations and operating system setups, with public, custom, and marketplace AMIs, deployable across regions.

Launch an Amazon Linux 2 t2.micro instance, customize its network and security, provision httpd via user data, and create and deploy an AMI to speed future launches.

Learn how EC2 Image Builder automates creating, testing, and distributing AMIs with a builder EC2 instance, configurable software, automated validation, and regional deployment.

Explore the EC2 instance store, a hardware-backed option delivering high i/o performance for caching and temporary data, and know it is ephemeral; for long-term storage, use EBS.

Explore Amazon elastic file system, a managed NFS that spans multiple EC2 instances in different availability zones, with automatic scaling, Linux-based compatibility, KMS encryption, and lifecycle-driven storage classes.

Practice creating a regional EFS, enable backups, apply lifecycle management, and choose throughput modes (elastic, provisioned, bursting), then mount the shared file system on EC2 instances across multiple availability zones.

Understand the shared responsibility model for AWS storage by mapping AWS infrastructure duties, EBS/EFS replication, data security, backups and snapshots, and customer encryption responsibilities.

Explore Amazon FSx offerings, including Windows File Server, Lustre, NetApp Ontap, and Openzfs, with SMB, NTFS, AD integration, ACLs, quotas, and DFS.

Explore Amazon FSx options—Lustre, Windows File Server, NetApp Ontap, and Openzfs—covering high-level deployment, encryption, Multi-AZ or Single-AZ, and VPC placement.

Explore vertical and horizontal scalability and how elasticity enables automatic resource adjustments to maintain high availability across multiple AWS availability zones.

Explore how an elastic load balancer distributes traffic across ec2 instances, enabling high availability, and compare alb, nlb, gateway load balancers for routing, ssl termination, health checks, and session stickiness.

Launch two EC2 instances, configure an application load balancer, and route http traffic to a port 80 target group, observing health checks and traffic distribution.

Explore how an auto scaling group dynamically manages EC2 instances by scaling out and in within min, desired, and max limits, with health checks from the load balancer and self-healing.

Create an auto scaling group with a launch template, configure Amazon Linux 2023, select T2 micro, and enable EC2 and load balancer health checks for a target group.

Explore how databases organize data with relational structures and SQL, and contrast NoSQL models with flexible schemas and scalability on AWS, including managed versus self-managed deployments with backups and patching.

Discover relational databases with Amazon RDS and Aurora, supporting SQL engines like PostgreSQL and MySQL, featuring automated provisioning, backups, patching, monitoring dashboards, read replicas, and Multi-AZ high availability.

Launch a MySQL on Amazon RDS with standard create, using the free tier for a single DB instance, configure storage, VPC connectivity, public access, backups, and optional read replicas.

Explore how to deploy RDS with read replicas to scale reads, enforce writes on the primary, and implement multi-AZ failover and multi-region replication for disaster recovery, latency, and cost awareness.

Explore Amazon ElastiCache, a managed in-memory Redis or Memcached service that offloads repetitive queries from RDS, boosting performance, reducing latency, and improving scalability.

Explore dynamodb, a fully managed, serverless nosql database on AWS, replicated across three availability zones for high availability and single-digit millisecond latency. Leverage DAX for up to tenfold faster access.

Create a DynamoDB table with a user id partition key, optionally a sort key, set on-demand or provisioned read/write capacity, enable encryption at rest, and insert sample items.

Explore DynamoDB global tables to enable bidirectional replication across 1 to 10 regions, delivering low-latency read and write access and synchronized data for global applications.

Explore Amazon Redshift, a PostgreSQL-based data warehouse optimized for online analytical processing with columnar storage and a parallel engine, and learn its serverless autoscaling, pay-as-you-go pricing, and BI tool integration.

Explore how Amazon EMR provisions and configures EC2 instances to form Hadoop clusters for big data processing on AWS, enabling Apache Spark, Keybase, Presto, and Flink with auto scaling.

Explore amazon athena, a serverless sql query service that analyzes data in s3 without loading, supporting csv, json, orc, avro, and parquet formats on the presto engine.

Explore Amazon QuickSight, a serverless, machine learning powered service that visualizes data from databases and creates interactive dashboards with per-session pricing and integrations with RDS, Aurora, Athena, Redshift, and S3.

Explore DocumentDB, AWS’s MongoDB-compatible NoSQL service designed as Aurora for MongoDB users, offering fully managed high availability with replication across three availability zones and storage that scales by ten gigabytes.

Amazon Neptune is a fully managed graph database optimized for complex queries on interconnected data like social networks, with replication across three availability zones and up to 15 read replicas.

Dive into Amazon Timestream, a fully managed, serverless time series database with automatic scaling, handling trillions of events daily, offering fast, cost-effective time series analytics.

Explore Amazon QLDB, a serverless ledger for financial transactions that immutably records changes with cryptographic hashes and SQL queries, ensuring data integrity, centralized control, and replication across three availability zones.

Explore Amazon managed blockchain, enabling decentralized transactions without a central authority. Join public networks or create scalable private networks on AWS, supporting Hyperledger Fabric and Ethereum.

Explore AWS Glue, a serverless etl service that extracts data from S3 and RDS, transforms data for analytics, and loads into Redshift, with Glue Data Catalog supporting Athena and EMR.

Use the database migration service, DMs, to migrate databases to AWS via an EC2 instance, supporting homogeneous and heterogeneous migrations (Oracle to Oracle; SQL Server to Aurora) with no downtime.

Match AWS database services to use cases, covering RDS and Aurora for OLTP, DynamoDB with DAX for performance, and Redshift, Athena, and EMR for analytics.

Learn how Docker enables containerization with ECS and EKS, store images in Docker Hub or Amazon ECR, and compare containers to virtual machines for scalable, isolated deployments.

Explore Elastic Container Service and Fargate for deploying Docker containers on AWS, using ECR to store images and comparing self-managed EC2 to serverless deployments.

Explore how Amazon EKS simplifies deploying and managing Kubernetes clusters on AWS, leveraging Docker containers and pods on EC2 or Fargate, while enabling cloud-agnostic container orchestration across clouds.

Explore serverless computing with AWS Lambda, S3, DynamoDB, and Fargate, emphasizing automatic scaling and no direct server provisioning. Understand how these services enable efficient deployment without server management.

Discover how AWS Lambda runs code without servers, scales automatically, and triggers via S3 or API gateway, with serverless examples like GIF creation and cron-like tasks.

Explore aws lambda's serverless compute model, languages, custom runtimes, triggering events, scalable performance, and cost efficiency, with hands-on steps from blueprint hello world to testing and monitoring.

Amazon API Gateway exposes Lambda functions as restful and WebSocket APIs, enabling external clients to interact with serverless infrastructure, with security measures, throttling, API keys, and monitoring.

Learn to define security groups, EC2 instances, S3 buckets, and a load balancer with CloudFormation, provisioning resources in the correct sequence and at scale as infrastructure as code.

Explore creating and updating an AWS CloudFormation stack in us-east-1 to provision an EC2 instance with security groups and elastic IP, illustrating infrastructure as code.

Explore Elastic Beanstalk, a developer-centric service that automates deploying apps on AWS using EC2, ELB, ASG, RDS, and ElastiCache, with web and worker environments and scalable deployment modes.

Practice Elastic Beanstalk by creating your first web server environment for a Node.js app, configuring IAM roles, and deploying a sample application with auto scaling and a domain name.

Explore continuous integration, continuous delivery, and continuous deployment, outlining how automated builds, tests, and staging deployments ensure early error detection and rapid, reliable software delivery.

CodeBuild compiles your code in the cloud, runs tests, and creates deployable artifacts from GitHub. As a fully managed, serverless service, it scales automatically and charges only for build time.

Codepipeline links GitHub and CodeBuild to automate builds, tests, and deployments, powering CI/CD across Elastic Beanstalk and destinations. It orchestrates stages with CodeDeploy, CloudFormation, and third-party integrations for rapid delivery.

Explore AWS CodeArtifact, a secure, scalable artifact management service for storing and retrieving software dependencies like Maven, Gradle, npm, and Pip, integrated with GitHub and CodeBuild.

Explore AWS Systems Manager (SSM), a hybrid service that centrally manages EC2 instances and on-premises systems, enabling automatic patching, cross-platform command execution, and parameter store configurations.

Explore how AWS Systems Manager Session Manager enables secure shell access to EC2 and on-prem servers without SSH keys or port 22, using an SSM agent and logs to CloudWatch.

Explore the AWS Systems Manager parameter store, a secure, serverless way to store configuration settings and sensitive information with IAM control, versioning, and KMS encryption.