AWS Cloud Practitioner

Before any service makes sense, the shift underneath it does. Cloud computing means renting IT resources over the internet on demand and paying for what you use, instead of buying and running your own machines. That one change is what every AWS benefit flows from.

AWS has hundreds of services, but a handful carry almost every workload and show up in almost every later lab. Meet the core five, EC2, S3, IAM, RDS, and Lambda, with a one-sentence definition for each and a sense of when you reach for which.

AWS is not one big computer. It is dozens of Regions around the world, each split into isolated Availability Zones. This is the first thing to understand about AWS, because every service you use lives somewhere on this map.

AWS secures the cloud, you secure what you put in it. The line between those two jobs is the first thing to get right in any cloud security conversation, and it moves depending on how much of the stack a service manages for you.

IAM is the gate in front of everything in AWS. It decides who can do what to which resource, using five building blocks, the root user, IAM users, groups, roles, and policies. Get these straight and most of AWS security follows.

Beyond IAM, AWS runs a set of managed services that watch for threats, scan for vulnerabilities, find exposed data, and block attacks at the edge. You turn them on rather than build them. Knowing which one does which job is the goal here.

Encryption scrambles data so only the holder of the key can read it, and it applies in two places, data at rest and data in transit. AWS manages the keys with KMS, the certificates with ACM, and application secrets with Secrets Manager. Knowing what protects what is the goal.

Governance is proving and enforcing that an account meets the rules. AWS inherits its own certifications, hands you the reports through Artifact, records every API call with CloudTrail, and tracks resource configuration over time with Config. Together they answer who did what and whether it is still compliant.

Past a certain size, one AWS account is not enough. Organizations groups many accounts under one roof for isolation, central control, and a single bill. Service control policies set guardrails, IAM Identity Center handles sign-in, and consolidated billing pools usage. Knowing why teams run many accounts is the goal.

Compute is where your code runs, and AWS offers it along a spectrum from a full server you manage to a function you just hand over. EC2, containers, Lambda, Elastic Beanstalk, and Lightsail each sit at a different point. Knowing which fits a workload is the goal.

AWS storage comes in three shapes, object, block, and file, plus archival and hybrid options. S3 holds objects, EBS gives an instance a disk, EFS shares a file system, and Glacier archives cheaply. Knowing which shape a workload needs is the goal.

AWS offers purpose-built databases rather than one for everything. RDS and Aurora are relational, DynamoDB is NoSQL at scale, ElastiCache keeps hot data in memory, and Redshift is for analytics. Matching the database to the data shape and access pattern is the goal.

Networking is how your resources connect and how users reach them. A VPC is your private network, subnets divide it, Route 53 is DNS, load balancers spread traffic, CloudFront caches at the edge, and Direct Connect links a data center in. Knowing the path a request takes is the goal.

Every action in AWS is an API call underneath. The console, the CLI, the SDKs, and infrastructure-as-code tools are four front doors to that same API, and knowing which door to use when is most of working with AWS day to day.

AWS publishes a single framework for judging whether a design is sound, organized into six pillars from security to cost to sustainability. It is the shared language teams use to review architectures and name the trade-offs they are making on purpose.

AWS pricing rests on a few principles and, for compute, four ways to pay that trade commitment for a discount. On-demand asks nothing and costs the most, spot costs the least but can be taken back, and a free tier lets you learn for nothing. Matching the model to the workload is where the savings live.

AWS has no subscription fee. Every charge is usage times a unit price, and the units differ by service. Understand how a small bill is assembled, which unit each service bills in, and why data transfer out is the line that surprises almost everyone.

Every AWS account comes with a support plan and a set of billing tools. The plan decides how fast you can get help and from whom, and the tools decide whether you see a cost problem coming or get surprised by the bill. Knowing both is the practical side of running an account.