CCP Variation Study

Variation Study

Cloud* Services

CloudFormation - infrastructure as code, sets up services via templates and scripts. eg. yml, json

CloudTrail - logs all api calls between aws services (who can we blame). eg. aws s3api create-bucket --bucket test-123

CloudFront - Content Distribution Network. it creates a cached copy of our website to edge locations servers and copies to servers located near people trying to download our website

CloudWatch - is a collection of multiple services

CW Logs - any custom log data, memory usage, rails logs, Nginx Logs

CW Metrics - metrics that are based off of logs eg. Memory usage

CW Events - trigger an event based on a condition eg. every hour take snapshot of server.

CW Alarms - triggers notifications based on metrics

CW Dashboard - create visualizations based on metrics

CloudSearch - search engine, we have an ecommerce website and we want to add a search bar.

*Connect Service

Direct Connect - Dedicated Fiber optics connections from datacenter to AWS

Amazon Connect - Call Center Service - Get a toll free number, accept inbound and outbound calls, setup automated phone systems.

Media Connect - New Version of Elastic Transcoder - Coverts videos to different video types.

Elastic Transcoder Vs Media Convert

Elastic Transcoder transcodes videos to streaming formats

AWS Elemental MediaConvert

  • Transcodes videos to streaming formats
  • Overlays images
  • Insert videos clips
  • Extracts captions data
  • Robust UI


Simple Notification Service (SNS)

Pusher, PubNub

  • Send Notifications to subscribers of topics via multiple protocol. eg. HTTP, Email, SQS, SMS
  • SNS is generally used for sending plain text emails which is triggered via other AWS services. The best example of this is billing alarms.
  • Can retry sending in case of failure for HTTPS
  • Really good for webhooks, simple internal emails, triggering lambda functions.

Simple Queue Service (SQS) - RabbitMQ, Sidekiq

  • Places messages into a queue. Applications pull queue using AWS SDK
  • Can retain a message for up to 14 days
  • Can send them in sequential order or in parallel
  • Can ensure only one message is sent
  • Can ensure messages are delivered at least once
  • Really good for delayed tasks, queuing up emails.

Inspector Vs Trusted Advisor

Both are security tools and perform audits

Amazon Inspector

  • Audits a single EC2 instance.
  • Generates a report from a long list of security check.

Trusted Advisor

  • Trusted Advisor does not generate out a PDF report
  • Gives us a holistic view of recommendations across multiple services and best practices. eg. we have open ports on these security groups OR we should enable MFA on our root account when using trusted advisor.


Application Load Balancer processes Layer 7 request

  • HTTP and HTTPs traffic
  • Routing Rules, more usability from one load balancer
  • Can attach WAF

Network Load Balancer processes Layer 3,4 TCP/IP data

  • TCP and TLS traffic where extreme performance is required
  • Capable of handling millions of requests per second while maintaining ultra-low latencies.
  • Optimized for sudden and volatile traffic patterns while using a single static IP address per Availability Zone

Classic Load Balancer processes Layer 4 and Layer 7. It is old balancer.

  • Intended for applications tat were built within the EC2 Classic Network
  • Does not use Target Groups
  • All Load Balancers can attached Amazon Certification Manager (ACM) SSL certificate.


Both send Emails

Simple Notification Service

  • Send notifications to subscribers of topics via multiple protocol. eg. HTTP, Email, SQS, SMS
  • SNS is generally used for sending plain text emails which is triggered via other AWS Services. The best example of this is billing alarms.
  • Most exam questions are going to be talking about SNS because lots of services can trigger SNS for notifications.
  • We need to know what are topics and subscriptions regarding SNS

Simple Email Service

  • A cloud based email service eg. SendGrid
  • SES sends html emails. SNS cannot.
  • SES can receive inbound emails.
  • SES can create Email templates.
  • Custom domain name email
  • Monitor our email reputation.

Artifact Vs Inspector

Both compile our PDFs.

AWS Artifact

  • Why should an enterprise trust AWS?
  • Generates a security report that is based on global compliance frameworks such as;
  • Service Organization Control (SOC)
  • Payment Card Industry (PCI)

AWS Inspector

  • How do we know this EC2 Instance is Secure?
  • Runs a script that analyzes EC2 instance then generates a PDF report telling us which security checks passed.