A
access
federated, 56–57
IaaS, 12
IAM. See identity and access management (IAM)
PaaS, 14
VPCs, 84
access control list (ACLs), 84
account onboarding for enterprise plans, 60
accounts
creating, 26–29
IAM, 48–51
user, 54–56
ACLs (access control list), 84
actions in S3, 91
administration ease in SaaS, 15
administrative core services, 80–82
Advisors
focus areas, 63
support plans, 58–59
agents in CloudWatch, 81
alarms in CloudWatch, 81
allocation tags for costs, 133
always free category, 115–116
Amazon CloudFront service, 80
content delivery, 86
free tier, 118
Amazon Machine Images (AMIs), 94–95
API gateway in free tier, 117
AppConfig service, 75
applications, cloud computing for, 6
AppStream service
overview, 103
trials category, 119
architecture support for developer plans, 59–60
Artifact service, 39
auditability, 25
auditors, 7
Aurora database, 101
authentication. See identity and access management (IAM)
auto-scaling in PaaS, 13
availability
cloud environments, 22
IaaS, 12
Availability Zones
Elastic Load Balancing, 85
overview, 76–79
reserved instances, 128
S3 storage, 88–89
B
Backup service, 93
billing and pricing domain, 115
Billing Dashboard, 130–134
billing support, 134–137
description, 4
free tier, 115–120
pricing calculator, 123–125
pricing exercises, 135–137
questions, 138–142
reserved instances, 128–129
review, 138
savings plans, 129
service pricing, 120–122
service quotas, 125–128
Billing Dashboard, 119
consolidated billing, 134
monitoring usage and costs, 130–133
viewing bills, 130–131
bring-your-own-device (BYOD) access, 8
broad network access, 8
brokers, 7
buckets in S3, 88–91
creating, 104–108
service quotas, 127–128
budgets, 132
building-block technologies, 10
Bulk option in S3 Glacier, 92
business support plans, 59–60
BYOD (bring-your-own-device) access, 8
C
calculator, pricing, 123–125
certification
benefits, 1
domain descriptions, 3–4
process, 1–3
CLI (Command Line Interface)
working with, 108–109
client-side S3 encryption, 90
Cloud Adoption Framework, 61
cloud computing
characteristics, 7–10
definitions, 6–7
overview, 5–6
roles, 7
cloud concepts domain
computing, 5–10
cost-benefit analyses, 19–21
deployment models, 16–19
description, 3
exercises, 26–31
questions, 31–36
review, 26
service categories, 11–16
universal concepts, 21–26
virtualization, 10–11
cloud deployment and operation
Management Console, 69–72
Cloud Directory in free tier, 118
cloud framework in shared responsibility model, 37–38
CloudFormation service, 102
CloudFront service
content delivery, 86
description, 80
free tier, 118
CloudTrail service, 81–82
CloudWatch service
free tier, 116
overview, 81
CodeBuild service, 74
CodeCommit service, 74
CodeDeploy service, 74
Command Line Interface (CLI)
working with, 108–109
community clouds, 18
compliance. See security and compliance domain
compute savings plans, 129
compute services
containers, 98
EC2, 94–97
Elastic Beanstalk, 98
Lambda, 98
computing
end-user, 102–103
overview, 5–10
concierge teams for enterprise plans, 60
configuration management, 74–75
consolidated billing, 134
containers, 98
content delivery, 82–83
CloudFront, 86
Elastic Load Balancing, 85
Route 53, 86
control
in cloud environments, 20–21
private clouds, 17
convertible reserve instances, 128
core services
administrative, monitoring, and security, 80–82
automation, 102
compute, 94–98
databases, 98–102
end-user computing, 102–103
networking and content delivery, 82–86
storage, 86–94
technology support, 104
cost-benefit analyses, 19–21
cost-effectiveness in PaaS, 14
Cost Explorer, 131
cost of ownership of physical hardware in IaaS, 12
cost optimization, Trusted Advisors for, 63
costs
cloud environments, 21
IaaS, 12
monitoring, 130–133
SaaS, 15
critical systems in hybrid clouds, 18
customer locations in regions, 78
customer role, 7
cyclical demands in cost-benefit analyses, 19
D
DaaS (Desktop as a Service), 102–103
DAR (data at rest)
data loss prevention, 46
encryption, 41–42
dashboards
EC2, 29–30
Elastic Beanstalk, 71
Explorer, 75
IAM, 49
insights, 75
Management Console, 69–70
Personal Health, 58–59
Trusted Advisor, 63
data anonymization, 48
data at rest (DAR)
data loss prevention, 46
encryption, 41–42
data centers
cost-benefit analyses, 19–20
IaaS, 12
data de-identification, 47–48
data in transit (DIT)
data loss prevention, 46
encryption, 40–41
data in use (DIU) loss prevention, 46–47
data loss prevention (DLP), 45–47
data portability, 6
data rights management (DRM), 42
data security
data de-identification, 47–48
data loss prevention, 45–47
encryption, 40–43
hashing, 43–44
key management, 44–45
tokenization, 45
data states
data loss prevention, 46–47
encryption, 42
Database Migration Service (DMS), 99–100
databases, 98
Aurora, 101
DMS, 99–100
DynamoDB, 101
models, 99
RDS, 100–101
Redshift, 102
shared responsibility model, 39
DDoS (Distributed Denial of Service) protection, 80, 82
de-identification, 47–48
deployment in cloud
configuration management, 74–76
developer tools, 73–74
Management Console, 69–72
deployment models, 6
community, 18
hybrid, 18–19
private, 17
public, 16
Desktop as a Service (DaaS), 102–103
developer support plans, 58–59
developer tools, 73–74
disaster recovery
hybrid clouds, 18–19
planning, 83
discussion forums, 62
Distributed Denial of Service (DDoS) protection, 80, 82
Distributor service, 76
DIT (data in transit)
data loss prevention, 46
encryption, 40–41
DIU (data in use) loss prevention, 46–47
DLP (data loss prevention), 45–47
DMS (Database Migration Service), 99–100
documentation, 61–62
DRM (data rights management), 42
dynamic masking in data de-identification, 48
DynamoDB databases
free tier, 116
overview, 101
E
EBS (Elastic Block Storage), 86–87
EC2. See Elastic Compute Cloud (EC2)
ECS (Elastic Container Service), 98
Edge locations, 79–80
EKS (Elastic Kubernetes Service), 98
Elastic Beanstalk
dashboard, 71
overview, 98
Elastic Block Storage (EBS), 86–87
Elastic Compute Cloud (EC2)
AMIs, 94–95
free tier, 117
instance types, 95–97
pricing calculator, 123–125
savings plan instances, 129
Elastic Container Service (ECS), 98
Elastic Kubernetes Service (EKS), 98
Elastic Load Balancing, 85
encryption, 40
challenges, 42–43
data at rest, 41–42
data in transit, 40–41
data states, 42
implementation, 43
key management, 44–45
S3, 90
end-user computing, 102–103
endpoints in regions, 78
enterprise support plans, 60
environments in PaaS, 13
Expedited option in S3 Glacier, 92
expiration actions in S3, 91
Explorer service, 75
F
fault tolerance, Trusted Advisors for, 63
Federal Information Security Management Act (FISMA), 23
federated access, 56–57
FedRAMP, 39
file gateways in Storage Gateway, 92
FISMA (Federal Information Security Management Act), 23
flexibility
hybrid clouds, 18
PaaS, 13–14
focus change in cost-benefit analyses, 20
foreign language forums, 62
free tier
categories, 115–119
services beyond, 119–120
G
Git repositories, 74
Glacier Deep storage, 91–92
global infrastructure
Availability Zones, 78–79
Edge locations, 79–80
regions, 76–78
glossary of terms, 183–191
governance, 25
green data centers in IaaS, 12
groups
IAM, 54–56
pricing calculator, 125
resource, 75
VPC, 83–84
GuardDuty service in trials category, 118
H
hard disk drives (HDDs) for EBS, 87
hardware costs in IaaS, 12
hashing, 43–44
HDDs (hard disk drives) for EBS, 87
Health Insurance Portability and Accountability Act (HIPAA), 23
high availability in IaaS, 12
host environments in PaaS, 13
hybrid clouds, 18–19
I
IaaS (Infrastructure as a Service), 11–12
description, 6
key features and benefits, 12
shared responsibility model, 38
identity and access management (IAM)
dashboard, 49
federated access, 56–57
multifactor authentication, 50–51
root accounts, 48–50
user groups and roles, 54–56
user password policies, 51–53
independence in IaaS, 12
information rights management (IRM), 42–43
Infrastructure as a Service (IaaS), 11–12
description, 6
key features and benefits, 12
shared responsibility model, 38
insights dashboard, 75
Inspector service in trials category, 119
instances in EC2
savings plans, 129
types, 95–97
Intelligent-Tiering S3 storage class, 88
interoperability, 21
Inventory service, 75
IQ service, 134
IRM (information rights management), 42–43
ISO/IEC 17788 cloud computing definitions, 6–7
K
key management, 44–45
Knowledge Center, 62
L
Lambda service
description, 98
free tier, 116
Lambda@Edge service, 80
licensing
PaaS, 14
SaaS, 15
Lightsail service
description, 97
trials category, 118
limits, service, 125–128
load balancing, 85
location independence in IaaS, 12
logical security requirements in IaaS, 12
logs in CloudTrail, 81–82
M
maintenance, 25–26
Maintenance Window, 75
managed resources in shared responsibility model, 39
Management Console
services, 69–72
working with, 29–31
Marketplace, 94–95
masking in data de-identification, 47–48
MDM (mobile device management) utilities, 103
metered services, 6
IaaS, 12
overview, 10
MFA (multifactor authentication), 50–51
mobile device management (MDM) utilities, 103
monitoring
core services, 80–82
usage and costs, 130–133
multifactor authentication (MFA), 50–51
multiple host environments in PaaS, 13
multitenancy
description, 6
overview, 10
N
National Institute of Standards and Technology (NIST) definitions
cloud, 5–6
community clouds, 18
hybrid clouds, 18
IaaS, 12
PaaS, 13
private clouds, 17
public clouds, 16
SaaS, 14
network access in cloud computing, 8
networking and content delivery, 82–83
CloudFront, 86
Elastic Load Balancing, 85
Route 53, 86
NIST. See National Institute of Standards and Technology (NIST) definitions
nonrelational databases, 99
O
object life cycle in S3, 91
One Zone-Infrequent Access S3 storage class, 89
operation expenses in cost-benefit analyses, 19–20
OpsCenter, 74–75
OpsWorks service, 76
optimization in hybrid clouds, 18
ownership
cloud environments, 20–21
private clouds, 17
P
PaaS (Platform as a Service)
key features and benefits, 13–14
shared responsibility model, 38
Parameter Store, 76
Partner Network, 61
partners, 7
password policies, 51–53
Patch Manager, 75
Payment Card Industry Data Security Standard (PCI DSS), 23
performance, 22
permissions in S3, 89–90
Personal Health Dashboard, 58–59
physical hardware costs in IaaS, 12
physical security requirements in IaaS, 12
plans, AWS support for, 57–60
Platform as a Service (PaaS)
key features and benefits, 13–14
shared responsibility model, 38
policies
password, 51–53
S3 security, 89–90
pooling, resource
cloud computing, 8–9
cost-benefit analyses, 19
description, 7
portability
cloud applications, 6
cloud environments, 23
practice exam, 145–177
pricing. See billing and pricing domain
privacy concerns, 24–25
private clouds, 17
proactive support programs for enterprise plans, 60
Professional Services group, 61
proprietary data and software control in private clouds, 17
providers, 7
public clouds, 16
Q
quotas, service, 125–128
R
rapid elasticity, 9
RDS (Relational Database Service)
free tier, 117
overview, 99–101
shared responsibility model, 39
Redshift databases, 102
regions
resources, 76–78
S3, 88
viewing, 71–72
regulatory requirements and compliance
regions, 78
Relational Database Service (RDS)
free tier, 117
overview, 99–101
shared responsibility model, 39
relational databases, 99
reports
budget, 132
federated access, 57
reserved instances
budgets, 132
overview, 128–129
resiliency, 22
resource groups, 75
resource pooling
cloud computing, 8–9
cost-benefit analyses, 19
description, 7
resources
public clouds, 16
regions, 76–78
shared responsibility model, 39
reversibility in cloud computing, 7, 26
right-sizing resources in public clouds, 16
roles
cloud computing, 7
IAM, 54–56
root accounts, 48–51
Run command, 75
S
S3. See Simple Storage Service (S3)
SaaS (Software as a Service), 14
description, 7
features and benefits, 15–16
shared responsibility model, 38
SAML for federated access, 57
savings plans
budgets, 132
types, 129
scalability
hybrid clouds, 19
IaaS, 12
overview, 21–22
PaaS, 13
public clouds, 16
SDKs (Software Development Kits), 73–74
security
billing, 134
core services, 80–82
IaaS requirements, 12
overview, 24
regions, 78
S3, 89–90
Trusted Advisors, 63
security and compliance domain, 37
data security. See data security
description, 3
IAM. See identity and access management (IAM)
questions, 64–68
regulatory compliance, 39
review, 63
shared responsibility model, 37–39
support, 57–63
security groups in VPC, 83–84
Server Migration Service in free tier, 116
server-side S3 encryption, 90
service brokers, 7
service categories
IaaS, 11–12
PaaS, 13–14
SaaS, 14–16
service endpoints in regions, 78
service level agreements (SLAs)
metered service, 10
overview, 23
service limits, Trusted Advisors for, 63
Service Organization Controls (SOC) audit reports, 39
services
Management Console, 69–70
pricing, 120–122
quotas, 125–128
setup for public clouds, 16
shared responsibility model, 37–39
Simple Storage Service (S3), 88
encryption, 90
free tier, 117
Glacier, 91–92
object life cycle, 91
permissions, 89–90
pricing, 121–125
service quotas, 127–128
storage classes, 88–89
versioning, 90–91
SLAs (service level agreements)
metered service, 10
overview, 23
Snow storage, 93–94
SOC (Service Organization Controls) audit reports, 39
Software as a Service (SaaS), 14
description, 7
features and benefits, 15–16
shared responsibility model, 38
Software Development Kits (SDKs), 73–74
solid-state drives (SSDs) for EBS, 87
Special Publication (SP) 800-145 definitions
cloud, 5–6
community clouds, 18
hybrid clouds, 18
IaaS, 12
PaaS, 13
private clouds, 17
public clouds, 16
SaaS, 14
split systems in hybrid clouds, 18
SSDs (solid-state drives) for EBS, 87
SSL technology for encryption, 41
Standard-Infrequent Access S3 storage class, 88
Standard option in S3 Glacier, 92
standard reserve instances, 128
standard S3 storage class, 88
standardization in SaaS, 16
startups forum, 62
State Manager, 76
static masking for data de-identification, 48
storage, 86
Backup, 93
EBS, 86–87
S3, 88–92
Snow, 93–94
structured databases, 99
subnets in VPC, 84–85
support costs and efforts in SaaS, 15
support model and options
discussion forums, 62
documentation, 61–62
Knowledge Center, 62
plans, 58–60
Professional Services, 61
Systems Manager, 74–75
tags in cost allocation, 133
T
TAMs (Technical Account Managers) for enterprise plans, 60
tape gateways for Storage Gateway, 92
TCO (total cost of ownership), 123
Technical Account Managers (TAMs) for enterprise plans, 60
technical support
business plans, 59–60
enterprise plans, 60
technology domain
cloud deployment and operation, 69–76
core services. See core services
description, 3
global infrastructure, 76–80
questions, 110–114
review, 104–109
support, 104
tenants, 7
third-party software support
applications, 104
business plans, 60
TLS technology for encryption, 41
tokenization, 45
total cost of ownership (TCO), 123
transition actions in S3, 91
trials category, 118–119
Trusted Advisors
focus areas, 63
support plans, 58–59
12 months free category, 117–118
U
unmanaged resources in shared responsibility model, 39
unstructured databases, 99
upgrades in PaaS, 14
usage monitoring, 130–133
use ease in SaaS, 15
user groups and roles in IAM, 54–56
user reporting in federated access, 57
users
description, 7
password policies, 51–53
V
VDI (virtual desktop infrastructure) solutions, 103
versioning
overview, 25–26
S3, 90–91
virtual desktop infrastructure (VDI) solutions, 103
Virtual Private Clouds (VPCs), 83
ACLs, 84
pricing exercises, 135–136
security groups, 83–84
subnets, 84–85
virtual private networks (VPNs)
pricing exercises, 135–136
WorkLink service, 103
virtualization, 10–11
volume gateways for Storage Gateway, 93
W
Web Application Firewall (WAF), 80, 82
Web Site & Resources forum, 62
WorkLink service, 103
Workspaces, 102–103