diff --git a/certificates/aws-cloud-practitioner.md b/certificates/aws-cloud-practitioner.md
index 80f70ecb5..4409d1476 100644
--- a/certificates/aws-cloud-practitioner.md
+++ b/certificates/aws-cloud-practitioner.md
@@ -8,13 +8,15 @@ A summary of what you need to know for the exam can be found [here](https://aws.
What is cloud computing?
[Wikipedia](https://en.wikipedia.org/wiki/Cloud_computing): "Cloud computing is the on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user"
+
+Cloud computing also allows you to scale resources up or down as needed, paying only for what you use.
What types of Cloud Computing services are there?
-IAAS
-PAAS
+IAAS
+PAAS
SAAS
@@ -24,11 +26,12 @@ SAAS
* IAAS
* PAAS
* SAAS
- - IAAS - Infrastructure As A Service is a cloud computing service where a cloud provider rents out IT infrastructure such as compute, networking resources and storage over the internet.
-
- - PAAS - Platform As A Service is a cloud hosting platform with an on-demand access to ready-to-use set of deployment, application management and DevOps tools.
-
- - SAAS - Software As A Service is a software distribution model in which services are hosted by a cloud service provider.
+
+- IAAS - Infrastructure As A Service is a cloud computing service where a cloud provider rents out IT infrastructure such as compute, networking resources and storage over the internet (e.g., AWS EC2).
+
+- PAAS - Platform As A Service is a cloud hosting platform with an on-demand access to ready-to-use set of deployment, application management and DevOps tools (e.g., AWS Elastic Beanstalk).
+
+- SAAS - Software As A Service is a software distribution model in which services are hosted by a cloud service provider (e.g., AWS WorkSpaces or any web-based email service).
@@ -46,12 +49,13 @@ SAAS
* Hybrid
* Private
-- Public - Public cloud is when you leverage cloud services over the open internet on hardware owned by the cloud provider, but its usage is shared by other companies.
+- Public - Public cloud is when you leverage cloud services over the open internet on hardware owned by the cloud provider, but its usage is shared by other companies. It offers cost-effectiveness and ease of scaling.
-- Hybrid - A hybrid cloud is a cloud computing environment that uses a mix of combining a public and private cloud environment, like an on-premises data center, and public CSPs.
+- Hybrid - A hybrid cloud is a cloud computing environment that uses a mix of combining a public and private cloud environment, like an on-premises data center, and public CSPs. It provides greater flexibility and more deployment options.
-- Private - Private cloud means that the cloud infrastructure is provisioned for exclusive use by a single organization.
- [Read more](https://aws.amazon.com/types-of-cloud-computing/)
+- Private - Private cloud means that the cloud infrastructure is provisioned for exclusive use by a single organization. Resources are not shared with others, so it offers more control over security and data.
+
+[Read more](https://aws.amazon.com/types-of-cloud-computing/)
#### AWS Global Infrastructure
@@ -65,9 +69,9 @@ SAAS
AWS regions are data centers hosted across different geographical locations worldwide, each region is completely independent of one another.
-Within each region, there are multiple isolated locations known as Availability Zones. Multiple availability zones ensure high availability in case one of them goes down.
+Within each region, there are multiple isolated locations known as Availability Zones. Multiple availability zones ensure high availability in case one of them goes down. Each Availability Zone is physically separated from others, with its own power, networking, and connectivity.
-Edge locations are basically content delivery network which caches data and insures lower latency and faster delivery to the users in any location. They are located in major cities in the world.
+Edge locations are basically content delivery network endpoints which cache data and ensure lower latency and faster delivery to the users in any location. They are located in major cities around the world.
#### AWS Networking
@@ -75,20 +79,22 @@ Edge locations are basically content delivery network which caches data and insu
What is VPC?
-"A logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define"
+"A logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define".
Read more about it [here](https://aws.amazon.com/vpc).
+
+A VPC spans all the Availability Zones within a single region.
True or False? VPC spans multiple regions
-False
+False. A VPC is region-specific and cannot span multiple regions.
True or False? Subnets belong to the same VPC, can be in different availability zones
-True. Just to clarify, a subnet must reside entirely in one AZ.
+True. Just to clarify, a subnet must reside entirely in one AZ, but a single VPC can contain subnets across multiple AZs.
@@ -96,6 +102,8 @@ True. Just to clarify, a subnet must reside entirely in one AZ.
"component that allows communication between instances in your VPC and the internet" (AWS docs).
Read more about it [here](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html)
+
+It scales horizontally and is highly available, allowing inbound and outbound traffic to flow without imposing availability risks or bandwidth constraints.
@@ -113,14 +121,14 @@ False. Only one internet gateway can be attached to a single VPC.
True or False? Route Tables used to allow or deny traffic from the internet to AWS instances
-False.
+False. Route tables are used to direct traffic to the right destination (e.g., Internet Gateway, NAT Gateway, etc.), not to allow or deny traffic.
Explain Security Groups and Network ACLs
-* NACL - security layer on the subnet level.
-* Security Group - security layer on the instance level.
+* NACL - security layer on the subnet level. They are stateless, meaning inbound and outbound rules are evaluated separately.
+* Security Group - security layer on the instance level. They are stateful, meaning if you allow inbound traffic, outbound traffic is automatically allowed, and vice versa.
Read more about it [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html) and [here](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html)
@@ -128,7 +136,7 @@ Read more about it [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec
What is AWS Direct Connect?
-Allows you to connect your corporate network to AWS network.
+Allows you to connect your corporate network to AWS network. It provides a dedicated network connection that can offer more consistent performance than internet-based connections.
#### AWS Compute
@@ -138,6 +146,8 @@ Allows you to connect your corporate network to AWS network.
"a web service that provides secure, resizable compute capacity in the cloud".
Read more [here](https://aws.amazon.com/ec2)
+
+EC2 allows you to quickly scale up or down to match resource needs, paying only for the compute time you consume.
@@ -145,14 +155,18 @@ Read more [here](https://aws.amazon.com/ec2)
Amazon Machine Images is "An Amazon Machine Image (AMI) provides the information required to launch an instance".
Read more [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)
+
+An AMI typically includes an operating system, application server, and applications, so you can quickly spin up new instances with the same configuration.
What are the different source for AMIs?
* Personal AMIs - AMIs you create
-* AWS Marketplace for AMIs - Paid AMIs usually with bundled with licensed software
+* AWS Marketplace for AMIs - Paid AMIs usually bundled with licensed software
* Community AMIs - Free
+
+You can also share AMIs across accounts if needed.
@@ -160,6 +174,8 @@ Read more [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)
"the instance type that you specify determines the hardware of the host computer used for your instance"
Read more about instance types [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html)
+
+Instance types vary by CPU, memory, storage, and networking capacity, e.g., t2.micro, c5.large, etc.
@@ -169,7 +185,7 @@ Read more about instance types [here](https://docs.aws.amazon.com/AWSEC2/latest/
* Network optimized
* Web optimized
-False. From the above list only compute optimized is available.
+False. From the above list only compute optimized is available. There's no "Web optimized" or "Network optimized" instance type. You do have memory optimized, storage optimized, etc.
@@ -177,15 +193,17 @@ False. From the above list only compute optimized is available.
"provides block level storage volumes for use with EC2 instances. EBS volumes behave like raw, unformatted block devices."
More on EBS [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html)
+
+EBS volumes are tied to an Availability Zone. They can be snapshotted to Amazon S3 for durability and can be detached/reattached between EC2 instances in the same AZ.
What EC2 pricing models are there?
-On Demand - pay a fixed rate by the hour/second with no commitment. You can provision and terminate it at any given time.
-Reserved - you get capacity reservation, basically purchase an instance for a fixed time of period. The longer, the cheaper.
-Spot - Enables you to bid whatever price you want for instances or pay the spot price.
-Dedicated Hosts - physical EC2 server dedicated for your use.
+On Demand - pay a fixed rate by the hour/second with no commitment. You can provision and terminate at any time.
+Reserved - you get capacity reservation, basically purchase an instance for a fixed time period (1 or 3 years). The longer, the cheaper.
+Spot - Enables you to bid whatever price you want for instances or pay the spot price. Ideal for workloads that can be interrupted.
+Dedicated Hosts - physical EC2 server dedicated for your use. Helps you address compliance requirements and use your own software licenses.
@@ -193,22 +211,28 @@ Dedicated Hosts - physical EC2 server dedicated for your use.
"A security group acts as a virtual firewall that controls the traffic for one or more instances"
More on this subject [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)
+
+They are stateful, so any rule applied for inbound automatically applies to outbound, and vice versa (if the inbound rule is allowed).
What can you attach to an EC2 instance in order to store data?
EBS
+
+Additionally, some instance types support Instance Store (ephemeral storage), and you can also mount EFS (file storage) if you need a shared filesystem across multiple instances.
What EC2 RI types are there?
-Standard RI - most significant discount + suited for steady-state usage
-Convertible RI - discount + change attribute of RI + suited for steady-state usage
+Standard RI - most significant discount + suited for steady-state usage
+Convertible RI - discount + change attribute of RI + suited for steady-state usage
Scheduled RI - launch within time windows you reserve
Learn more about EC2 RI [here](https://aws.amazon.com/ec2/pricing/reserved-instances)
+
+Some RIs also offer different payment options (no upfront, partial upfront, or all upfront) affecting the discount level.
#### AWS Containers
diff --git a/scripts/question_utils.py b/scripts/question_utils.py
index a51fc3304..830a085f8 100644
--- a/scripts/question_utils.py
+++ b/scripts/question_utils.py
@@ -22,7 +22,11 @@ def get_file_content() -> str:
def get_question_list(file_content: str) -> List[str]:
details = DETAILS_PATTERN.findall(file_content)
- return [SUMMARY_PATTERN.search(detail).group(1) for detail in details if SUMMARY_PATTERN.search(detail)]
+ return [
+ SUMMARY_PATTERN.search(detail).group(1)
+ for detail in details
+ if SUMMARY_PATTERN.search(detail)
+ ]
def get_answered_questions(file_content: str) -> List[str]:
@@ -31,7 +35,12 @@ def get_answered_questions(file_content: str) -> List[str]:
for detail in details:
summary_match = SUMMARY_PATTERN.search(detail)
b_match = B_PATTERN.search(detail)
- if summary_match and b_match and summary_match.group(1).strip() and b_match.group(1).strip():
+ if (
+ summary_match
+ and b_match
+ and summary_match.group(1).strip()
+ and b_match.group(1).strip()
+ ):
answered.append(summary_match.group(1))
return answered
@@ -56,11 +65,17 @@ def get_random_question(question_list: List[str], with_answer: bool = False) ->
"""Use this question_list. Unless you have already opened/worked/need the file, then don't or
you will end up doing the same thing twice.
eg:
-#my_dir/main.py
+# my_dir/main.py
from scripts import question_utils
-print(question_utils.get_answered_questions(question_utils.get_question_list(question_utils.get_file_content()))
+
+print(
+ question_utils.get_answered_questions(
+ question_utils.get_question_list(
+ question_utils.get_file_content()
+ )
+ )
+)
>> 123
- # noqa: E501
"""
if __name__ == "__main__":
diff --git a/topics/git/solutions/squashing_commits.md b/topics/git/solutions/squashing_commits.md
index 3876196f1..891f60564 100644
--- a/topics/git/solutions/squashing_commits.md
+++ b/topics/git/solutions/squashing_commits.md
@@ -1,24 +1,27 @@
## Git - Squashing Commits - Solution
-
-1. In a git repository, create a new file with the content "Mario" and commit the change
+1. In a git repository, create a new file with the content "Mario" and commit the change:
```
+echo "Mario" > new_file
git add new_file
-echo "Mario" -> new_file
-git commit -a -m "New file"
+git commit -m "New file"
```
-2. Make change to the content of the file you just created so the content is "Mario & Luigi" and create another commit
+2. Make a change to the content of the file you just created so it becomes "Mario & Luigi," then create another commit:
```
echo "Mario & Luigi" > new_file
git commit -a -m "Added Luigi"
```
-3. Verify you have two separate commits - `git log`
+3. Verify you have two separate commits by running:
+
+```
+git log
+```
-4. Squash the two commits you've created into one commit
+4. Squash the two commits you've created into one commit:
```
git rebase -i HEAD~2
@@ -31,19 +34,25 @@ pick 5412076 New file
pick 4016808 Added Luigi
```
-Change `pick` to `squash`
-
+Change `pick` to `squash`:
```
pick 5412076 New file
squash 4016808 Added Luigi
```
-Save it and provide a commit message for the squashed commit
+Save it and provide a commit message for the squashed commit.
+
+> **Note**: If running `git rebase -i HEAD~2` returns a fatal error (e.g., "invalid upstream 'HEAD~2'"), that usually means your second commit is actually the root commit and there's no valid parent before it. In that case, you can either:
+> * Use `git rebase -i --root` to allow rewriting the root commit, **or**
+> * Create an initial commit before these two commits so that `HEAD~2` points to valid commits.
### After you complete the exercise
-Answer the following:
+**Answer the following:**
+
+* **What is the reason for squashing commits?**
+ History becomes cleaner and it's easier to track changes without many small commits like "removed a character," for example.
-* What is the reason for squashing commits? - history becomes cleaner and it's easier to track changes without commit like "removed a character" for example.
-* Is it possible to squash more than 2 commits? - yes
+* **Is it possible to squash more than 2 commits?**
+ Yes.
diff --git a/topics/security/README.md b/topics/security/README.md
index a4eb9fbbe..f1d151fa6 100644
--- a/topics/security/README.md
+++ b/topics/security/README.md
@@ -640,3 +640,31 @@ You can’t. You will always be exposed to security risk once you start using op
- Network: Modify network devices and their configuration to create microsegmentation
+
+
+What are ephemeral environments in the context of Microsegmentation?
+
+- These are short-lived resources like containers or serverless functions that start and stop quickly.
+- Because they don’t last long, they need security rules that can change just as fast.
+- Microsegmentation helps by giving each one exactly the network access it needs — nothing more.
+
+
+
+
+How does Microsegmentation help prevent lateral movement?
+
+- It sets tight rules for how services or systems can talk to each other.
+- If one system gets hacked, the attacker can’t easily move to others.
+- By dividing systems into smaller zones, it makes the whole network harder to break into.
+
+
+
+
+What challenges arise when scaling Microsegmentation?
+
+- As more systems get added, managing all the rules becomes harder.
+- It’s tough to keep security rules consistent when everything’s changing all the time.
+- You also have to be careful not to slow things down while keeping everything secure.
+
+
+