AWS Cloud Practitioner Study Session Five

December 30, 2025

I am taking the AWS Cloud Practitioner Exam in approximately five days and want to ensure I am prepared. This series will serve as non-exhaustive note taking for the information that I am internalizing as I go.

ChatGPT Summary:

AWS Certified Cloud Practitioner – Infrastructure, Networking & Global Services Summary

This section ties together how you build, secure, connect, and globally deliver AWS resources. The exam heavily tests architecture choices, networking fundamentals, and global vs regional services.

AWS CloudFormation (Infrastructure as Code)

What It Is

• CloudFormation lets you model and provision AWS resources using code (templates)
• Treats infrastructure like software

Why It Matters

• Consistency
• Repeatability
• Automation
• Version control

🧠 Memory Tip:
CloudFormation = “Blueprints for AWS infrastructure”

📝 Exam Clue

• “Infrastructure as Code”
• “Repeatable deployments”
• “Automated provisioning” → CloudFormation

Ways to Interact with AWS Resources

AWS questions often test how you manage AWS, not just what service you use.

1. Programmatic Access

• Tools: AWS CLI, AWS SDKs
• Best for:
  • Automation
  • Scripts
  • CI/CD pipelines
  • Calling AWS APIs from applications

🧠 Memory Tip:
CLI / SDK = Code talks to AWS

2. AWS Management Console

• Web-based UI
• Visual and interactive
• Best for:
  • Billing
  • Monitoring
  • Quick configuration
  • Learning AWS

🧠 Memory Tip:
Console = Clicks

3. Infrastructure as Code (IaC)

• Example: CloudFormation
• Best for:
  • DevOps
  • Scaling to multiple Regions
  • Consistent environments

🧠 Memory Tip:
IaC = No clicking, only code

Edge Locations (CDN Concept)

• Edge locations are part of AWS’s Content Delivery Network
• Used to cache content closer to users
• Improves:
  • Latency
  • Performance
  • User experience

🧠 Memory Tip:
Edge = Close to users

📝 Exam Clue

• “Low latency”
• “Global users”
• “Cached content” → Edge locations / CloudFront

Choosing an AWS Region (Very Testable)

Primary Factors

1. Compliance – Legal and regulatory requirements
2. Proximity – Lower latency for customers
3. Feature availability – Not all services are in all Regions
4. Pricing – Costs vary by Region

🧠 Memory Trick:
C-P-F-P → Compliance, Proximity, Features, Pricing

📝 Exam Tip

• Compliance always overrides cost or latency

Amazon VPC (Virtual Private Cloud)

What It Is

• A logically isolated virtual network in AWS
• You control:
  • IP ranges
  • Subnets
  • Routing
  • Security

Why It’s Used

• Organize resources
• Share public resources
• Isolate sensitive resources

🧠 Memory Tip:
VPC = Your private AWS network

Subnets

• Subnet = A subdivision of a VPC

Public Subnet

• Internet-facing resources
• Example:
  • Web servers
  • Load balancers

Private Subnet

• No direct internet access
• Example:
  • Databases
  • Internal services

🧠 Memory Tip:
Public = Website, Private = Database

VPN Connectivity

Site-to-Site VPN

• Encrypted tunnel between:
  • On-prem network ↔ VPC
• Uses a Virtual Private Gateway on AWS side

Client VPN

• Secure connection from:
  • Individual device ↔ VPC

🧠 Memory Tip:

• Client VPN = Person
• Site-to-Site VPN = Network

AWS PrivateLink

What It Is

• Secure, private connectivity between VPCs and services
• Traffic stays on the AWS network

Why Use It

• Improved security
• Simplified networking
• No public internet exposure

🧠 Memory Tip:
PrivateLink = Private service access

AWS Direct Connect

What It Is

• Dedicated private connection between on-premises and AWS

Use Cases

• Low latency
• Large data transfers
• Hybrid cloud architectures

Benefits

• Reduced network costs
• Increased bandwidth
• More consistent performance

🧠 Memory Tip:
Direct Connect = Physical cable to AWS

📝 Exam Comparison

• VPN = Encrypted over internet
• Direct Connect = Dedicated private line

AWS Transit Gateway

What It Is

• Central hub to connect:
  • Multiple VPCs
  • On-prem networks

🧠 Memory Tip:
Transit Gateway = Network hub-and-spoke

NAT Gateway (Outbound Internet for Private Subnets)

What It Does

• Allows instances in private subnets to:
  • Access the internet
• Prevents the internet from:
  • Initiating connections back

🧠 Memory Tip:
NAT = Private out, not public in

📝 Exam Clue

• “Private subnet needs updates” → NAT Gateway

Amazon API Gateway

What It Is

• Fully managed service for:
  • Creating
  • Publishing
  • Securing
  • Monitoring APIs

🧠 Memory Tip:
API Gateway = Front door for APIs

Network Security Controls (Highly Testable)

Network ACLs (NACLs)

• Operate at the subnet level
• Stateless
• Support:
  • Allow rules
  • Deny rules

🧠 Memory Tip:
NACL = Neighborhood rules

Stateless Packet Filtering

• No memory of previous packets
• Every inbound and outbound packet checked

🧠 Memory Tip:
Stateless = No memory

Security Groups

• Operate at the instance level
• Stateful
• Allow rules only
• Automatically allow return traffic

🧠 Memory Tip:
Security Group = Bodyguard for EC2

Security Groups vs Network ACLs

🧠 One-Line Trick:

SG remembers, NACL forgets

Global Networking & Traffic Management

AWS Global Accelerator

• Improves performance using AWS global network
• Routes traffic based on:
  • Endpoint health
  • User location
  • Policies

🧠 Memory Tip:
Global Accelerator = Fast lanes on the internet

📝 Exam Use Cases

• Gaming
• Financial services
• Global low-latency apps

Amazon Route 53

• DNS service
• Translates domain names to IP addresses
• Routes traffic based on routing policies
• Works with CloudFront

🧠 Memory Tip:
Route 53 = GPS for the internet

Amazon CloudFront

• AWS Content Delivery Network (CDN)
• Uses edge locations worldwide
• Improves performance for:
  • Websites
  • Videos
  • Images
  • Applications

🧠 Memory Tip:
CloudFront = Content, closer to users

End-to-End Example (Exam-Style)

Goal: Deliver content with low latency across multiple Regions

Flow:

1. Users access application via custom domain
2. Route 53 resolves DNS and applies routing policy
3. Traffic is sent to nearest CloudFront edge location
4. CloudFront fetches content from origin server in selected Region

🧠 Memory Tip:
Route 53 decides, CloudFront delivers

Final Exam Takeaways

• CloudFormation = Infrastructure as Code
• Edge locations improve global performance
• Choose Regions based on compliance first
• VPC = private network
• NAT allows outbound-only internet access
• Security Groups are stateful; NACLs are stateless
• Route 53 = DNS
• CloudFront = CDN
• Global Accelerator = faster network paths

Study materials:

• Free Code Camp Preparation
• AWS Certified Solutions Architect Practice Tests
• AWS Cloud Practitioner Essentials
• AWS Documentation
  • What is Cloud Computing?
  • Shared Responsibility Model
  • Regions and Availability Zones
  • Containers on AWS
  • Amazon Elastic Container Registry
  • Amazon Elastic Container Service
  • Amazon Elastic Kubernetes Service
  • AWS Fargate
  • AWS Elastic Beanstalk
  • AWS Batch
  • What is Amazon Lightsail?
  • What is AWS Outposts?
  • Choosing a modern application strategy
  • AWS Global Infrastructure
  • AWS for the Edge
  • AWS CloudFormation
  • Amazon Virtual Private Cloud
  • Subnet
  • Internet gateway
  • Virtual private gateway
  • AWS Client VPN
  • AWS Site-to-Site VPN
  • AWS PrivateLink
  • AWS Direct Connect
  • Network Access Control List (network ACL)
  • Security groups
  • Domain Name System (DNS)
  • Amazon Route 53
  • Amazon CloudFront
  • AWS Global Accelerator
  • Amazon Transit Gateway
  • NAT Gateway
  • API Gateway
• ChatGPT

Raw Input Notes:

Cloud Formation - Helps model and set up AWS resources (Infra as Code).

Ways to interact with AWS Resources

• Programmatic Access - AWS CLI, AWS SDKs, Good for automate routine tasks, Invoke APIs for one part of an application process
• AWS Management Console - Web interface for quick access to services, Good for billing, services focused on graphical representation
• Infrastructure as Code - Ex. Cloud Formation, Good for managing infrastructure with DevOps such as CI/CD pipelines, scaling resources such as EC2 to multi-Region applications in a consistent, repeatable way

Edge locations: Part of the AWS content delivery network (CDN), designed for caching content to improve delivery speed.

Primary Factors in Region Selection: (1) Compliance (does the Region meet the use case’s legal / regulatory requirements) (2) Proximity to customers to reduce latency (3) Feature availability (4) Pricing (varies by region)

VPCs: Logically isolated section of AWS Cloud to provision AWS resources in virtual network

• Use Cases: Used to share public resources, used to organize resources, used to isolate resources and keep them private.
• Subnet: Organizes resources publically or privately
• Private Subnet: Commonly used to contain resources like a database storing customer or transactional information.
• Public Subnet: Commonly used for resources like a customer-facing website.

VPN: Encrypts traffic between on-premise network and VPC. A Virtual Private Gateway is the VPN on the AWS side. Client VPN: From an individual device to private network. Site to Site VPN: Between two networks, not individual users.

AWS PrivateLink:

• Use Case: Used for connecting clients in your VPC to resources (other VPCs, endpoints)
• Benefit: Helps secure traffic and connect with simplified management rules

AWS Direct Connect

• Use Case: Makes it possible to establish dedicated private connection between network and VPC in cloud. Good for latency-sensitive applications, large-scale data migration / transfer, hybrid cloud architectures.
• Benefit: Reduces network costs, increases bandwidth

AWS Transit Gateway

• Used to connect Amazon VPCs and on-prem networks through central hub.

Network Address Translation (Nat) Gateway

• Can use a NAT gateway so that instances in a private subnet can connect to services outside VPC but external services can’t initiate a connection with those instances.

Amazon API Gateway

• AWS service for creating, publishing, maintaining, monitoring, securing APIs at any scale.

Network ACL

• Virtual firewall that controls inbound / outbound traffic at the subnet level.

Stateless Packet Filtering

• Remembering nothing and check packets that cross the subnet border both inbound and outbound.
• Network ACLs perform stateless packet filtering.

Security Groups

• Component of VPC that checks packet permissions for an EC2 instance.
• Virtual firewall that controls inbound / outbound traffic for specific AWS resources, like Amazon EC2.

Comparing Security Groups and Network ACLs

AWS Global Accelerator

• Networking service. Analogy: acts as express lanes on internet highway. Result: Faster and more reliable application network traffic.
• Takes into account endpoint health, user location, and policies.
• Use case examples: Global gaming company, financial services application

Amazon Route 53

• Connects user requests to infrastructure running on AWS and elsewhere.
• Manages DNS records (translates human readable into machine readable) for domain names through a single service.
• Works with CloudFront

Amazon CloudFront

• Content delivery network (CDN) service. Analogy: acts as a network of delivery trucks that quickly bring web content to users around the world.
• Impact: Websites, videos, images, applications load much faster, no matter where customers are located. So look for media-rich, global, low-latency use cases.

Example Delivering content with low latency for a seamless experience across multiple Regions.

Users -> Access through custom domain sent to Route 53 DNS record -> Route 53 uses routing policy to determine region closest to user, directs to appropriate CloudFront edge location. -> Web content is fetched from the designated origin server in chosen Region.

I found digesting the material on this one more intensive than past modules. Probably one to return to.