AWS Cloud Practitioner Study Session Five
December 30, 2025
I am taking the AWS Cloud Practitioner Exam in approximately five days and want to ensure I am prepared. This series will serve as non-exhaustive note taking for the information that I am internalizing as I go.
Study materials:
- Free Code Camp Preparation
- AWS Certified Solutions Architect Practice Tests
- AWS Cloud Practitioner Essentials
- AWS Documentation
- What is Cloud Computing?
- Shared Responsibility Model
- Regions and Availability Zones
- Containers on AWS
- Amazon Elastic Container Registry
- Amazon Elastic Container Service
- Amazon Elastic Kubernetes Service
- AWS Fargate
- AWS Elastic Beanstalk
- AWS Batch
- What is Amazon Lightsail?
- What is AWS Outposts?
- Choosing a modern application strategy
- AWS Global Infrastructure
- AWS for the Edge
- AWS CloudFormation
- Amazon Virtual Private Cloud
- Subnet
- Internet gateway
- Virtual private gateway
- AWS Client VPN
- AWS Site-to-Site VPN
- AWS PrivateLink
- AWS Direct Connect
- Network Access Control List (network ACL)
- Security groups
- Domain Name System (DNS)
- Amazon Route 53
- Amazon CloudFront
- AWS Global Accelerator
- Amazon Transit Gateway
- NAT Gateway
- API Gateway
- ChatGPT
Notes:
Cloud Formation - Helps model and set up AWS resources (Infra as Code).
Ways to interact with AWS Resources
- Programmatic Access - AWS CLI, AWS SDKs, Good for automate routine tasks, Invoke APIs for one part of an application process
- AWS Management Console - Web interface for quick access to services, Good for billing, services focused on graphical representation
- Infrastructure as Code - Ex. Cloud Formation, Good for managing infrastructure with DevOps such as CI/CD pipelines, scaling resources such as EC2 to multi-Region applications in a consistent, repeatable way
Edge locations: Part of the AWS content delivery network (CDN), designed for caching content to improve delivery speed.
Primary Factors in Region Selection: (1) Compliance (does the Region meet the use case’s legal / regulatory requirements) (2) Proximity to customers to reduce latency (3) Feature availability (4) Pricing (varies by region)
VPCs: Logically isolated section of AWS Cloud to provision AWS resources in virtual network
- Use Cases: Used to share public resources, used to organize resources, used to isolate resources and keep them private.
- Subnet: Organizes resources publically or privately
- Private Subnet: Commonly used to contain resources like a database storing customer or transactional information.
- Public Subnet: Commonly used for resources like a customer-facing website.
VPN: Encrypts traffic between on-premise network and VPC. A Virtual Private Gateway is the VPN on the AWS side. Client VPN: From an individual device to private network. Site to Site VPN: Between two networks, not individual users.
AWS PrivateLink:
- Use Case: Used for connecting clients in your VPC to resources (other VPCs, endpoints)
- Benefit: Helps secure traffic and connect with simplified management rules
AWS Direct Connect
- Use Case: Makes it possible to establish dedicated private connection between network and VPC in cloud. Good for latency-sensitive applications, large-scale data migration / transfer, hybrid cloud architectures.
- Benefit: Reduces network costs, increases bandwidth
AWS Transit Gateway
- Used to connect Amazon VPCs and on-prem networks through central hub.
Network Address Translation (Nat) Gateway
- Can use a NAT gateway so that instances in a private subnet can connect to services outside VPC but external services can’t initiate a connection with those instances.
Amazon API Gateway
- AWS service for creating, publishing, maintaining, monitoring, securing APIs at any scale.
Network ACL
- Virtual firewall that controls inbound / outbound traffic at the subnet level.
Stateless Packet Filtering
- Remembering nothing and check packets that cross the subnet border both inbound and outbound.
- Network ACLs perform stateless packet filtering.
Security Groups
- Component of VPC that checks packet permissions for an EC2 instance.
- Virtual firewall that controls inbound / outbound traffic for specific AWS resources, like Amazon EC2.
Comparing Security Groups and Network ACLs
| Feature | Security Group | Network ACLs |
|---|---|---|
| Scope | Instance level | Subnet level |
| State | Stateful | Stateless |
| Rule Types | Only allow rules | Allow and deny rules |
| Return traffic | Automatically allowed if inbound traffic allowed | Return traffic must be implicitly allowed |
| Uses | Fine-grained control of traffic for EC2 instances | Broad control of traffic in and out of subnets |
AWS Global Accelerator
- Networking service. Analogy: acts as express lanes on internet highway. Result: Faster and more reliable application network traffic.
- Takes into account endpoint health, user location, and policies.
- Use case examples: Global gaming company, financial services application
Amazon Route 53
- Connects user requests to infrastructure running on AWS and elsewhere.
- Manages DNS records (translates human readable into machine readable) for domain names through a single service.
- Works with CloudFront
Amazon CloudFront
- Content delivery network (CDN) service. Analogy: acts as a network of delivery trucks that quickly bring web content to users around the world.
- Impact: Websites, videos, images, applications load much faster, no matter where customers are located. So look for media-rich, global, low-latency use cases.
Example Delivering content with low latency for a seamless experience across multiple Regions.
Users -> Access through custom domain sent to Route 53 DNS record -> Route 53 uses routing policy to determine region closest to user, directs to appropriate CloudFront edge location. -> Web content is fetched from the designated origin server in chosen Region.
I found digesting the material on this one more intensive than past modules. Probably one to return to.