Welcome back to the deep dive. We are we're doing something a little bit different today.
Yeah, definitely a pivot from the usual stuff.
Right, Usually we grab a business book or you know, a piece of long form journalism and just pull it apart. But today we are staring straight into the abyss of the cloud.
The abyss. I like that, it really is.
Right. Specifically, we are unpacking the AWS Certified Cloud Practitioner CLF COO two cert dyed by Anthony Sakira.
Which I'll be honest, that title sounds a bit dry. Sounds exactly like homework.
It totally sounds like homework. But here is the hook and why I wanted to do this today. The cloud is this term you hear every single day, oh constantly. Right, It's in the cloud, upload it to the cloud.
It's on our.
Phones, our TVs probably are refrigerators by.
Now, almost certainly your refrigerator.
And if I stop you on the street and ask what is it physically and how does it actually work? I mean most people, even really smart people, can't answer that.
That's entirely fair. It's it's become a black box. We trust it, but we don't understand the mechanics at all, and frankly, a lot of businesses are writing massive checks for it without really understanding what they're buying exactly.
So our mission today isn't just to help someone pass a multiple choice test, though, hey, if you are taking the CLFCO two, this is going to be gold for you, absolutely, But the real goal is to look at the blueprints of the modern Internet. We're going to look at the actual definitions from NIST, the National Institute of Standards and Technology.
The official rules basically right.
And we're going to break down the economics of why companies are actively shutting down their own data centers. Plus, we're going to spend a good chunk of time on the well architected framework.
Which is essentially Amazon's secret sauce, their philosophy for how to build systems that don't just instantly crash exactly. And honestly, that framework is arguably more important than the tech itself. You know, you can have the best power tools in the world, but if you don't know how to frame a house, it's just going to collapse.
That is a great way to put it. So let's start with the definition. Because the cloud feels, I don't.
Know, fluffy, very fluffy.
It implies it's up in the sky, completely ephemeral. But NIST, which is the government body that defines standards for measurements in time, they have a very concrete, very unfluffy definition they do.
They totally strip away the marketing speak. They define cloud computing as ubiquitous, convenient, on demand network access to a shared pool of configurable computing resources.
Okay, shared pool is the phrase that really jumps out of me.
There it should, it's the core of it. And NIST actually breaks this down into five essential characteristics. If you don't have these five, you aren't really doing cloud computing. You're just doing remote computing. Right. So the first one is on demand self service.
Which is basically the vending machine model.
Right, that's the best way to think about it. In the pre cloud era, let's just call it the legacy era, if you were a developer and you needed a server to test a new app, what did you do?
You filled out a ticket, you begged the it manager, you waited what three weeks.
For shipping exactly, and then someone had to physically rack it and cable it up. It was a completely friction heavy process. Yeah, but on demand cell service means you remove that human gatekeeper entirely. You click a button or run a script, and the server just appears. You don't need permission to innovate anymore. It changes the speed of business from weeks to literally minutes.
Which pairs perfectly with the second characteristic broad network access. I mean I can get to it from my laptop, my phone, a tablet, it's all standard web product.
Well, it's accessible anywhere.
But the third one is where the engineering gets interesting and maybe a little scary for some people. Resource pooling. This is that multi tenant model.
This is probably the most misunderstood part of the cloud. Think of a massive apartment complex. Everyone has their own key, their own private space, but behind the walls, you are all sharing the same plumbing, the same electrical grid, the exact same foundation.
So just to be completely clear here, my company's data might be sitting on the exact same physical hard drive as my competitor's data.
It is very likely through virtualization, AWS basically slices up that physical hardware into secure, isolated chunks. You are tenants in the same building. You can't see each other, you can't hear each other, but you are leveraging the massive efficiency of sharing that core infrastructure.
I can totally see why banks used to be terrified of that.
Oh they were, But the security of that isolation layer the hypervisor is now generally considered way stronger than what most companies can build in their own private basements. Anyway, makes sense, and that sharing drives the fourth characteristic rapid elasticity.
This is the one that feels like absolute magic.
It's the rubber band effect. In a traditional data center, if you buy ten servers, you have ten servers period. If you have a traffic spike and you suddenly need eleven, your website crashes.
And if you only need two, you're just burning money on the other eight exactly.
But with a plasticity, the system breaths, It scales out when demand creates the need, and this is crucial, it scales back in when the demand drops to the user, the resources appear completely unlimited. You never hit a sold outsign.
And that leads right into the fifth one, which is what makes the CFO happy. Measured service.
The utility bill, you pay for electricity by the kilabot hour. Right in the cloud, you pay for compute by the second and storage by the gigabyte.
So it changes it from a fixed cost to a variable cost.
Precisely, you stop paying for just in case capacity.
Okay, so we know what it is, but we also need to talk about how it's actually delivered. The guide breaks this down into those famous as the service acronyms SaaS pass iss. I feel like these get thrown around in corporate meetings just to sound smart, But there is a distinct hierarchy here.
There really is. It's all about control versus convenience. The shared responsibility model dictates this. As you move down the stack, you get more control, but you also inherit a lot more work.
Let's start at the top, the one everyone uses SaaS software as a service.
This is Gmail, it's Salesforce Zoom. As a user, you have zero control over the infrastructure. You don't patch the servers, you don't worry about the code updates. You just log in and use the tool.
The convenience is high, control is low.
Exactly. Then we step down to pays Platform as a service. The source guy actually mentions this is the sweet spot for developers.
Why is that?
Think of PAS as a fully furnished workshop. You bring your own project, your code, but the workshop owner maintains all the tools, the operating system, and the runtime environment.
Like Microsoft Azure in the early days.
Right, Microsoft Azure actually started out here. You don't want to manage Windows updates. You just want your dot net application to run.
And finally we hit the basement. I as infrastructure as a service.
This is for the control freaks, and I say that with love, because sometimes you really need to be a control freak. This is aws EC two Elastic compute cloud.
You get the virtual barre metal yep.
You are responsible for the operating system, the security patches, configuring the firewalls. It's the most work, but it gives you the granular control to configure the system exactly how your application needs it.
The guide uses the analogy of housing for this, which I loved. Sauce is like staying in a hotel. Room made services included paths is renting a house. You mow the lawn, but the landlord fixes the roof. And is is buying an empty lot and building the house yourself.
It holds up perfectly, and knowing which one to pick is really half the battle. In architecture. Don't build a house from scratch if you just need a place to sleep for the night.
Good point Now, before we get into the money, because the economics here are fascinating, we have to touch on where this stuff lives. The guide discusses deployment models public, private, and hybrid.
So public is AWS or Azure or Google. Anyone with a credit card can join. Private is your own data center or a dedicated cloud just for you. This is often used by governments or agencies who are paranoid about that multi tenant thing we discussed earlier, and hybrid is the messy reality For most big companies, they have legacy mainframes they just can't get rid of. Maybe they're running some core banking software from nineteen eighty, which happens a
lot all the time. So they connect that old mainframe to the modern public cloud. It's binding the old world and the new world together.
Okay, let's talk cash. The source text really emphasizes this shift from CAPEX to op X capitaled expenditures versus operating expenditures. Why is this such a game changer? It sounds like total accounting boredom.
It does sound boring until you realize it changes entire business strategies. CAPEX is buying a house. You need a massive down payment. You are locked in if the market crashes, you lose big time. Op X is renting.
There is a story in the sorce material that perfectly illustrates this, and I have to share it. It's about a university that needed to do some massive AI testing.
Oh yes, the university AI story. This is a classic example.
So they needed this massive compute power. In the old capex world, they would have had to apply for a grant, buy millions of dollars of hardware, wait for it to arrive, install it. I mean the project would take years.
So once the project was finally done, they just have a basement full of depreciating servers doing absolutely nothing right.
But instead they went to aws. They spun up millions of CPUs on EC two instances. They basically rented a supercomputer.
They ran their calculation for about forty eight hours and then, and this is the absolute key, they turn it off.
They deleted the super exactly.
They paid for two days of usage. That is opex. It completely democratizes power. A college student with a credit card can access the exact same computing power as a Fortune five hundred company as long as they can pay the hourly rate.
That is agility right there, That is the ability to fail fast because if the experiment didn't work, they were out a few hundred bucks, not a few million.
And because Amazon is buying these servers by the shipping container load, they achieve incredible economies of scale. A single company can never negotiate the hardware prices that Amazon can, and theoretically those savings get passed down to you in lower rates over time.
Theoretically, yes, But let's ground this in physical reality for a second, because despite the name cloud, this data has to live somewhere. It's not actually floating in the ether. It's in a building somewhere.
It is very terrestrial. It's dirt, concrete, copper, and fiber optics. AWS divides the planet up into regions like.
US East and Northern Virginia or the EU region in London.
Right, And choosing a region isn't just about personal preference. It's about physics. If your customers are in London, you don't put your servers in Tokyo. The speed of light is fast, but it is not instant. You want to minimize latency, you want to reduce that delay.
But inside a region there are availability zones or azs. The guide makes a really big deal out of the difference between a region and an AZ.
This is a crucial concept both for the examine for real life and AZ is not necessarily one building, and AZ is a cluster of data centers. But and here's the kicker e Each AZY is physically separated from the others in that region by miles one miles.
Why don't just put the next door to save on cabling.
Floodplains, power grids, tectonic plates. If a massive hurricane hits AZA, you want AZB to be on a completely different power grid and maybe sitting on higher ground. They're connected by high speed fibers, so they act like one single unit, but they fail separately.
So if I'm a bank, I don't just put my data in Virginia. I put it in Virginia AZY one and Virginia AZY two exactly.
That is called high availability. If one building literally goes dark, the other takes over instantly. You don't put all your eggs in one basket, and you definitely don't put all your servers in one ASY.
We also have edge locations. These are different from regions, right, Yes, there.
Are way more edge locations all over the globe. These power Amazon cloud Front, which is a content delivery network. Just think of them as local caches.
Like a seven to eleven versus a supermarket.
That is a very good analogy. If the main Netflix server is the giant supermarket in California, the edge location is the seven eleven in your neighborhood. It stocks the most popular items like the latest hit movie, right down the street from your house, so you don't have to drive all the way to California to get it. It speeds up delivery massively.
Okay, so we have the definition, the money, and the map. Now we get to the philosophy the well architected framework. This feels like the most deep dive part of the text. It's not just here as a tool, it's here is how you need to think it really is.
AWS realized early on that people were moving to the cloud and building terrible systems. They were just copying their old, fragile data center practices and pasting them into AWS. So Amazon released this framework six pillars to basically say, here is what the highly successful people do.
Let's run through these pillars because this is the real blueprint. Pillar one is operational excellence, which.
Sounds like pure management speak, but the core technical concept here is infrastructure as code or IAC translate that for me. Don't let humans click buttons in the management console to build servers. Humans are terrible at competitive tasks. We get tired, we make typos, we forget crucial security steps. Instead, define your entire infrastructure in a script, a text file. You run the script, and AWS builds the environment perfectly. You want to update a server, you update the script.
So your entire data center exists as code that can be version controlled, reviewed by peers, and rolled back if needed exactly.
The framework also heavily preaches small reversible changes. Don't do the massive big bang release on a Friday night. Do tiny incremental updates that you can undo instantly if they happen to break something.
Makes total sense. Pillar two Security. Now, obviously the goal is don't get hacked, but the framework gets very specific. It talks a lot about imidentity and access management.
The main principle here is least privilege, and it's shocking how many companies still fail at this. If you hire a plumber to fix your sink, you don't give them the combination to your wall, say, if you give them access to the kitchen. In AWS, you give a user or a program to do exactly what they need to do and absolutely nothing more.
The guide also really leans into traceability.
That's cloud trail. It is a service that logs every single API call made in your account. If a hacker or honestly just a clumsy employee deletes a production database, you know exactly who did it, from what IP address and at what exact millisecond. It's a flight recorder for your business.
There's also an interesting distinction here on where you secure things security groups versus network acls.
This is a classic exam question, but it matters deeply for real defense. A security group is stateful. It acts like a bouncer at the club door. If the bouncer checks your ID and lets you in, he automatically lets you out. A network ACL, on the other hand, is stateless. It operates at the subnet level, and it's like a border guard. Just because you got in doesn't mean you automatically get out. You get checked both ways. You really need to understand these layers to build proper defense in depth.
Got it Moving to pillar three reliability. The big quote here is stop guessing capacity.
We touched on this with elasticity. In the old days, you had to guess if your website would get one hundred visitors or ten thousand. Guess wrong on the low side, and you crash during your biggest sale. In the cloud, you use auto scaling. The system watches the load. If CPU usage hits seventy percent, it automatically adds a server. If it drops to twenty percent at night, it kills a server to save money.
The guide also emphasizes horizontal versus vertical scaling. I love the analogy of TETs versus cattle. That gets used here a lot.
It's a bit morbid if you think about it too much, but it works perfectly. Vertical scaling is making your one existing server bigger, adding more RAM, adding a faster CPU. That server is a pet. You name it, You nurse it back to health if it gets sick, because it is unique and incredibly valuable.
And horizontal scaling.
Horizontal scaling is adding more servers alongside it. These are cattle. You don't name them. If one gets sick, you don't log in and try to fix it. You just terminate and spin up a brand new one in second.
You replace the server.
You don't fix it right. Because in the cloud, servers are meant to be disposable. You want to scale horizontally add more small servers rather than vertically because it prevents a single point of failure. If your pet dies, your whole app is down. If one cow dies, well the herd just keeps moving.
Pillar four is performance efficiency. This is really about using the right.
Tool for the job and democratizing advanced technologies.
That isn't mouthful.
It just means you don't need a PhD in advanced mathematics to run machine learning anymore. You just use an AWS service like Amazon sage maker. AWS has already done the hard math. You just bring your company's data. It makes truly high tech stuff accessible to normal developers.
And this is where serverleist comes in again. Right Services like Lambda.
Yes, we mentioned undifferentiated heavy lifting earlier. That is Amazon's favorite phrase. It basically means stop doing work that doesn't make your specific product unique. Racking servers is heavy lifting, but it doesn't differentiate you from your competitor at all. Writing brilliant code for your app does differentiate you. So use serverless architectures like Lambda. You just upload your code
and AWS runs it. You manage absolutely zero servers. You focus one hundred percent of your time on business.
Value, which flows nicely into Pillar five cost optimization.
This pillar treats cost as a functional requirement. Think about it. If your app is incredibly fast and perfectly secure, but it costs ten thousand dollars a day to run when it should only cost one hundred, it is not well architected.
And there are tricks here to fix that. Like spot instances, that is.
A great example. AWS always has massive spare capacity sitting around doing nothing. They sell that spare compute power at a massive discount, sometimes up to ninety percent off, but with a huge catch, they can take it back from you with just two minutes. Notice if they need it for a full paying.
Customer, so you obviously wouldn't run your main customer database on.
That never that would be a complete disaster. But for batch processing crunching a massive backlog of no numbers where it doesn't matter if the job stops and restarts, it's an absolute gold mine. Using the right pricing model is a core part of being a cloud architect.
Finally, we arrive at the newest pillar number six, sustainability.
This one is becoming critical. The cloud consumes a massive amount of global electricity data centers are hot, power hungry.
Beasts, and there is a totally counterintuitive tip in the guide here. The expert advice is to maximize utilization.
It sounds odd to traditional IT folks. Usually we think running a server at one hundred percent CPU is dangerous it might crash, But for sustainability, running a server at ten percent is a crime. You are burning electricity and generating heat to keep the lights on for a machine that is doing almost nothing.
So right sizing, which is using the smallest possible server for the job, isn't just cheap, it's actually green exactly.
Every idle resource is just wasted carbon. If you aren't actively using it, turn it off.
This brings us back to the shared responsibility model, but applied to the environment.
Yes, AWS is responsible for the sustainability of the cloud. They cool the data centers efficiently, they buy renewable energy to power the grid. But you, the customer, are responsible for sustainability in the cloud. Yeah, I have to write efficient code, delete unused data, and literally turn off your test environments at night.
It really changes the role of the IT professional, doesn't it. We aren't just mechanics anymore.
No, you are an architect of value. You have to balance cost, speed, security, and now environmental impact. You have to think holistically about the whole system.
That is a heavy takeaway. It really proves this isn't just about passing the COLFC two exam. It's about a complete mindset shift.
The exam might ask you to define the cloud, but the real answer is that the cloud is a capability. It allows you to move from capex to opex, from guessing your traffic to knowing it, and from constant maintenance to actual.
Innovation, and from pets to cattle, and from.
Pets to cattle, always cattle.
I want to leave the listener with that thought on sustainability you mentioned.
It's the concept that really sticks with me the most. In the next decade, the best coders in the world won't just be the ones who write the fastest algorithms, they will be the ones who write the most efficient ones. Ask yourself right now, how much energy is your bad code consuming?
Your messy code is literally heating up.
The planet in a tiny measurable way. Yes, it is, so be well architected, not just to pass the test, but for the future of the digital environment.
I love that. Thanks for unpacking all this with us. Good luck to everyone taking the serd and for the rest of you, hopefully the cloud is a little less foggy today. Catch you on the next deep dive.