I recently completed my AWS Certified Cloud Practitioner.

I took the exam the 23rd of August 2020.

Check out the course content for more information!

Disclaimer: This page is intended for educational purposes only and subject to the Fair Use Act.


My background

Prior to doing this certificate I had already completed my BSc, eWPT Certification and had some professional work experience as a Penetration Tester. AWS recommends to have the following background:

  • Six months of exposure to the AWS Cloud;
  • Basic understanding of IT services and their uses in the AWS Cloud platform;
  • Knowledge of core AWS services and use cases, billing and pricing models, security concepts, and how cloud impacts your business.

I’d definitely confirm that this would be beneficial but with an IT background you should be fine without much exposure to the cloud in general, granted you are willing to study these concepts.


Preparation

I prepared two days to study for this certificate because I thought this would be sufficient because of my background. The time that is required is dependent on the individual but I’d suggest scheduling in less time than you may think because you do go through this certificate quickly.

Most of my time was spent into going through the course content from AWS, they offer this for free! Check out the course content. You can enroll for free and it has about 14 hours of useful content.

Since this is a theoretical exam, I took notes of pretty much everything to ensure that I’d memorise the core concepts. I don’t think it’s necessary to know all the details by hard to pass this exam but you should definitely be able to differentiate different services and products from each other.


Study Material

There are various concepts and properties that you should really understand, they are listed below (note that this is an incomplete list - refer to AWS for more comprehensive resources)

Services

You will be asked questions to assess your foundational knowledge across a bunch of products and services. They basically assess your breadth of knowledge.

It’s very example that you can differentiate between EC2 and S3 instances and their use-cases - but also against other ‘random’ services like EBS since it’s a multiple choice exam. The use-cases are also important and knowing how you are charged for the services - in most cases you pay for the capacity you use but this is not always the case. Since AWS is all about scaling to the moon, it’s beneficial to understand how you could scale the services, i.e., by adding RAM or by scaling horizontally with more services.

For common services like S3 you should know a little bit more than just knowing that it’s used for storing and retrieving data. Knowing how to control access with IAM and S3 bucket policies and that you have per-object access control lists should be sufficient. You can also use S3 to host static websites, take this website for example.

AWS Global Infrastructure

Understanding the way the global AWS infrastructure is constructed - regions, availability zones and edge locations - is considered foundational knowledge.

  • Regions (Geographic areas that host two or more availability zones) are used to reduce latency and offer segragation of resources.
  • Availability Zones (collection of data centers in a specific region) are used to logically seperate resources. Each having their own power supply to protect against failures and offer redundancy.
  • Edge Locations (host a Content Delivery Network (CDN)) to deliver content to customers quicker by automatically routing to edge locations.

Another imperative concept is Virtual Private Cloud (VPC) which is used to create private networks within AWS and allows for a complete control of the network and supports various layers of security. It lives within a region and an example is illustrated below that includes a private and public subnet:

You should know a little bit about security groups - which act as firewall - providing full control in terms of the accessibility of your instances. You can for example allow or deny specific traffic based on various properties, such as, but not limited to, the protocol.

Integrated Services

You should know the basics about the integrated services that AWS offered. They are actually quite cool to learn about. For example, how application load balancers work and how easily you can integrate this in front of EC2 instances.

Since AWS allows you to scale indefinitely you should know about auto scaling and how you can use CloudWatch to trigger an auto scaling event to scale out (or in), EC2 instances.

Route 53 is Amazon’s DNS service that routes end users to endpoints, which requires a hosted zone to configure.

Another important concept is CloudFront which is the CDN that enables caching content in edge locations to deliver resources quicker and more efficiently. By utilising CloudFront, you can serve content in Asia from an edge location in Asia to significantly reduce the latency.

Well-Architectured Framework

This is a recurring topic in the course. It’s all about discussing the five pillars imperative when designing an architecture within AWS:

  • Security
  • Reliability
  • Performance Efficiency
  • Cost Optimization
  • Operational Excellence

AWS also significantly contributes towards the efficiency of your architectures by offering fault tolerancy and guaranteeing high availability (think of the 11x9 scale). You should understand how different services are able to achieve this.

Security

A very important concept is the shared responsibility model, which states who is responsible for what part of the stack. For example, AWS is responsible for the physical, network and hypervisor aspect while clients are typically responsible for the Guest OS, application and user data.

You should also understand the basics of Identity and Access Management - since everything in AWS is an API - authentication and authorisation are important. Permissions happen through policy docs, so these serve as the authorisation aspect. The user, group, and role serve as authentication. When the credentials are approved, the policy docs associated with that user, group or role are evaluated.

You can use Amazon Inspector to improve your security by automatically performing security assessments to identify vulnerabilities or deviations from best practices.

AWS also offers AWS Shield which is a DDOS protection service that protects on an application level against infrastructure and application layer attacks (botnets etc.).

Pricing & Support

I found that this certification specifically emphasises questions in relation to Pricing & Support. Not surprisingly, since this is vital when operating AWS services to avoid unexpected costs. The fundamentals state that you only pay for services that you consume (pay as you go). You can pay up front which typically results in a discount.

There are three main things you pay for:

  • Compute
  • Storage
  • Outbount data transfer

Each service handles this a little bit differently, understand which ones deviate. You can use Trusted Advisor to see on what services you can save, for example when you have unused snapshots.


Udemy Courses

There’s an extensive amount of courses on Udemy that have quite realistic practice exams that go for under $25. I highly recommend doing these because they will really prepare you well for the exam. It’s also good to use as a reflection to understood how well you understood the material that was discussed by AWS in their course.


Exam

The exam consists of 65 questions that must be completed within 90 minutes. This means that you do not have a lot of time to think about all the questions. For that reason, you should not overthink your answers to prevent running out of time and try to answer the ones you know as quickly as possible. A good strategy for this is to rule out certain answers that are irrelevant to the question (which is a common occurence).


Conclusion

I thought the exam was fun and fair (no trick questions), it’s definitely a good introduction towards understanding how the cloud works and the abundant services AWS offers. Prior to doing this course I didn’t quite realise how immense AWS really is, and how well their range of services integrate with each other. Since most other certificates in the security field are more practically oriented, this was a nice theoretical break.