🧱 Prerequisites: Before You Start Your AWS Journey#

This chapter covers everything you need to know before diving into AWS. If you’re from a non-technical background or need a refresher on networking, computing, and IT fundamentals — start here. These concepts are essential for understanding AWS services and for the SAA-C03 exam.

🎯 Learning Objectives#

• Understand IP addressing, CIDR notation, and subnetting
• Learn the OSI model and common network protocols
• Grasp virtualization concepts — the foundation of cloud computing
• Distinguish between block, file, and object storage
• Understand relational vs NoSQL databases
• Learn security fundamentals (encryption, hashing, certificates)
• Differentiate cloud service models (IaaS, PaaS, SaaS)

1. Networking Fundamentals#

1.1 IP Addressing#

Every device on a network needs an IP address — like a home address for your computer.

IPv4 (most common): 192.168.1.1 — 4 numbers, each 0–255, separated by dots IPv6 (newer, larger): 2001:0db8:85a3:0000:0000:8a2e:0370:7334 — hexadecimal, 8 groups

Public vs Private IPs:

• Public IP: Reachable from the internet (e.g., your home router’s WAN IP)
• Private IP: Only accessible within a private network. RFC 1918 defines these ranges:
  • 10.0.0.0/8 (big networks — AWS uses this for VPCs)
  • 172.16.0.0/12 (medium networks)
  • 192.168.0.0/16 (small networks — your home WiFi)

📝 Exam Tip: AWS VPCs always use private IPs from RFC 1918. If you see 10.0.0.0/16 in a question, that’s a VPC CIDR.

1.2 CIDR Notation Explained#

CIDR (Classless Inter-Domain Routing) tells you how many IP addresses a network has.

10.0.0.0/16 → The /16 means "first 16 bits are fixed"
              Remaining 16 bits = 2^16 = 65,536 IPs

Quick formula: Available IPs = 2^(32 - prefix) - 2

Why subtract 2? The first IP is the network address and the last is the broadcast address — they can’t be assigned to devices.

📝 Exam Tip: You’ll need to calculate subnet sizes for VPC exam questions. Know that /16 = 65,536, /24 = 256, /28 = 16 IPs.

1.3 Subnetting#

Subnetting means dividing a large network into smaller ones. AWS does this when you create subnets inside a VPC.

Example: You have 10.0.0.0/16 (65,536 IPs). You want 4 subnets:

• Subnet 1: 10.0.0.0/18 → 16,384 IPs (10.0.0.0 – 10.0.63.255)
• Subnet 2: 10.0.64.0/18 → 16,384 IPs (10.0.64.0 – 10.0.127.255)
• Subnet 3: 10.0.128.0/18 → 16,384 IPs
• Subnet 4: 10.0.192.0/18 → 16,384 IPs

1.4 The OSI Model#

The OSI model is a layered framework for understanding network communication. Think of it like sending a package:

📝 Exam Tip: For SAA, focus on Layer 3 (IP), Layer 4 (TCP/UDP), and Layer 7 (HTTP/HTTPS). Security Groups are stateful (Layer 3-4), NACLs are stateless (Layer 3-4).

1.5 TCP vs UDP — The Key Difference#

The TCP 3-Way Handshake: SYN → SYN-ACK → ACK (this is how connections are established)

sequenceDiagram
    participant Client
    participant Server
    
    Note over Client,Server: Step 1 - Connection Establishment
    Client->>Server: SYN (Synchronize) - Hi, can we talk?
    Server->>Client: SYN-ACK (Synchronize-Acknowledge) - Sure, I'm ready!
    Client->>Server: ACK (Acknowledge) - Great, let's start!
    Note over Client,Server: Connection Established ✓
    
    Client->>Server: HTTP GET /index.html (Data Transfer)
    Server->>Client: HTTP 200 OK + HTML Response
    
    Note over Client,Server: Step 3 - Connection Teardown
    Client->>Server: FIN (Finish)
    Server->>Client: ACK
    Server->>Client: FIN
    Client->>Server: ACK

Why TCP matters for AWS: ALB operates at Layer 7 (HTTP/HTTPS) and uses TCP as its underlying transport. NLB operates at Layer 4 (TCP/UDP) and preserves the client IP. Understanding TCP helps you debug connectivity issues with Security Groups, NACLs, and load balancers.

📝 Exam Tip: ALB operates at Layer 7 (HTTP), NLB at Layer 4 (TCP/UDP). If you need ultra-low latency or static IPs, pick NLB.

1.6 Common Network Ports (Memorize These!)#

1.7 DNS — The Internet’s Phonebook#

DNS (Domain Name System) translates human-readable domain names (like aws.amazon.com) into IP addresses.

DNS resolution flow:

1. You type aws.amazon.com in your browser
2. Your computer asks the DNS resolver (e.g., 8.8.8.8 — Google DNS)
3. The resolver asks the root DNS server → TLD server (.com) → authoritative server (amazon.com)
4. The authoritative server returns the IP: 176.32.103.205
5. Your browser connects to that IP

Common DNS record types:

📝 Exam Tip: In Route53, Alias records (free) can map to AWS resources (ALB, CloudFront). CNAME records cannot point to root domains (e.g., you can’t CNAME example.com). This is a common exam question!

1.8 HTTP/HTTPS#

HTTP (Hypertext Transfer Protocol) is how web browsers and servers communicate.

HTTP Request Methods:

• GET — Retrieve data (read-only)
• POST — Create new data
• PUT — Update/replace data
• PATCH — Partial update
• DELETE — Remove data

HTTP Status Codes (Memorize These):

1.9 Firewalls — Stateful vs Stateless#

A firewall controls what traffic is allowed in/out of a network.

graph LR
    SG[Security Group - Stateful] --> IN[Allow TCP 22 Inbound]
    SG --> OUT[Auto Allow Return Traffic]

    NACL[NACL - Stateless] --> IN2[Allow TCP 22 Inbound]
    NACL --> OUT2[Explicitly Allow Ephemeral Ports Outbound]

📝 Exam Tip: If you see “return traffic is automatically allowed” → Security Group. If you see “must explicitly allow inbound and outbound” → NACL. This is guaranteed to appear on the exam!

2. Operating Systems & Compute Concepts#

2.1 Linux Basics for AWS#

Most AWS services run on Linux. You’ll need to know these basics:

File System Hierarchy:

Essential Commands:

# File operations
ls -la            # List files with details
cd /path          # Change directory
pwd               # Print working directory
cp source dest    # Copy file
mv source dest    # Move/rename file
rm file           # Remove file
mkdir dir         # Create directory
chmod 755 file    # Change permissions
chown user:group  # Change owner

# Viewing files
cat file          # Print file content
less file         # View file with scroll
tail -f file      # Follow file (logs)
head -n 10 file   # First 10 lines
grep "pattern"    # Search for text

# Process management
ps aux            # List running processes
top               # Interactive process viewer
kill PID          # Kill process
kill -9 PID       # Force kill

# Networking
netstat -an       # Show network connections
curl http://url   # Make HTTP request
ping host         # Test connectivity
ssh user@host     # Connect to remote server

2.2 SSH — Secure Shell#

SSH lets you securely connect to a remote Linux machine (like EC2) using key pairs:

How SSH key pairs work:

• Private key (mykey.pem) — Keep secret, never share
• Public key (mykey.pub) — Put on the server (~/.ssh/authorized_keys)

# Generate key pair
ssh-keygen -t rsa -b 2048 -f mykey

# Connect to EC2
ssh -i mykey.pem ec2-user@54.123.45.67

# Permissions matter! (SSH refuses too-open permissions)
chmod 400 mykey.pem

2.3 Virtualization Concepts (Critical for AWS!)#

Virtualization is the technology that makes cloud computing possible. A single physical server runs multiple Virtual Machines (VMs), each thinking it has its own hardware.

Hypervisor Types:

AWS Nitro System:

• AWS’s custom-built virtualization platform
• Offloads virtualization functions to dedicated hardware (Nitro cards)
• Benefits: Near bare-metal performance, improved security, faster innovation
• Powers all modern EC2 instances

How VMs Work:

┌──────────────────────────────────────────────┐
│           Physical Server (Hardware)          │
├──────────────────────────────────────────────┤
│  ┌─────────┐ ┌─────────┐ ┌─────────┐        │
│  │  VM 1   │ │  VM 2   │ │  VM 3   │  ...   │
│  │ (Web)   │ │ (DB)    │ │ (App)   │        │
│  │ Ubuntu  │ │ CentOS │ │ Windows │        │
│  ├─────────┤ ├─────────┤ ├─────────┤        │
│  │  Nitro Hypervisor (AWS)                  │
│  └──────────────────────────────────────────┘

Containers vs VMs:

📝 Exam Tip: If you need strong isolation (multi-tenant, compliance), use VMs/EC2. If you want fast startup and efficiency, use containers (ECS/Fargate). Lambda is “serverless” — no VMs or containers to manage.

3. Storage Concepts#

3.1 Block vs File vs Object Storage#

This is critical for AWS — all storage services fall into one of these categories:

Simple Analogy:

• Block = A notebook with pages you can write on any page
• File = A shared whiteboard everyone can see and edit
• Object = A photo album where you add/remove entire photos

3.2 IOPS vs Throughput vs Latency#

Relationship: Throughput = IOPS × I/O size

📝 Exam Tip: For databases → high IOPS. For streaming/large files → high throughput.

4. Database Fundamentals#

4.1 Relational Databases (SQL)#

Data organized in tables with rows and columns. Think of a spreadsheet.

Key concepts:

• Table: Collection of related data (e.g., Customers)
• Row/Record: A single entry (e.g., one customer)
• Column/Field: A single attribute (e.g., Name, Email)
• Primary Key: Uniquely identifies each row
• Foreign Key: References a primary key in another table
• Index: Speeds up searches (like a book’s index)
• SQL: Language to query data (SELECT * FROM Customers WHERE City = 'New York')

ACID Properties:

AWS Services: Amazon RDS (MySQL, PostgreSQL, Oracle, SQL Server, MariaDB), Amazon Aurora

4.2 NoSQL Databases#

Non-relational databases designed for scale, flexibility, and performance at the cost of some consistency guarantees.

Types of NoSQL databases:

BASE Model (opposite of ACID):

• Basically Available — system is always accepting data
• Soft state — data might change over time
• Eventual consistency — data will be consistent eventually (not immediately)

📝 Exam Tip: If the question mentions “high traffic, low latency, serverless, flexible schema” → DynamoDB. If it mentions “complex queries, joins, transactions” → RDS/Aurora.

5. Security Foundations#

5.1 Encryption: Symmetric vs Asymmetric#

AES-256: The standard for encrypting data at rest in AWS (S3, EBS, RDS all use it).

5.2 TLS/SSL — How HTTPS Works#

TLS (Transport Layer Security) is what makes HTTPS secure. Here’s how it works:

1. Client connects to server (e.g., https://aws.amazon.com)
2. Server sends its SSL certificate (includes public key)
3. Client verifies the certificate against a trusted CA (Certificate Authority)
4. Client generates a symmetric session key
5. Client encrypts the session key with the server's public key
6. Server decrypts with its private key
7. Now both sides have the same symmetric key → secure communication

Result: 🔒 Encrypted tunnel for the rest of the session

Key terms:

• Certificate Authority (CA): Trusted organization that issues certificates (Amazon Trust Services, DigiCert, Let’s Encrypt)
• ACM: AWS Certificate Manager — free SSL/TLS certificates for AWS services

5.3 Hashing vs Encryption#

📝 Exam Tip: Passwords should be hashed (never encrypted). Data should be encrypted for confidentiality. CloudTrail logs use hashing for integrity.

6. Cloud Computing Concepts#

6.1 IaaS vs PaaS vs SaaS#

Analogy: Pizza as a Service 🍕

• On-prem: You make everything (dough, sauce, toppings, bake)
• IaaS: Buy pre-made dough (EC2 + your OS + your app)
• PaaS: Buy a frozen pizza (RDS — just add your data)
• SaaS: Order delivery (use the app)

6.2 Public vs Private vs Hybrid Cloud#

6.3 HA, Fault Tolerance, Scalability, Elasticity#

Availability “9s”:

• 99% (“two 9s”) = ~3.65 days downtime/year
• 99.9% (“three 9s”) = ~8.76 hours downtime/year
• 99.99% (“four 9s”) = ~52.56 minutes downtime/year
• 99.999% (“five 9s”) = ~5.26 minutes downtime/year

6.4 Disaster Recovery: RTO and RPO#

Example: RTO = 1 hour, RPO = 15 minutes

• If disaster strikes at 2:00 PM, you must be back online by 3:00 PM
• You can lose at most 15 minutes of data (last backup at 1:45 PM)

The Relationship: Lower RTO/RPO = More cost and complexity

6.5 CAPEX vs OPEX#

📝 Exam Tip: Cloud computing = OPEX model. No upfront hardware costs. This is a fundamental advantage of cloud.

✅ Chapter Quiz#

1. A solutions architect needs to design a VPC with a CIDR of 10.0.0.0/16 and create 8 equal-sized subnets. What is the subnet mask and how many usable IP addresses does each subnet provide?

   • A) /19 — 8,190 usable IPs
   • B) /20 — 4,094 usable IPs
   • C) /24 — 254 usable IPs
   • D) /18 — 16,382 usable IPs

2. Which AWS firewall is STATEFUL and automatically allows return traffic?

   • A) Network ACL (NACL)
   • B) Security Group
   • C) AWS WAF
   • D) AWS Shield

3. A company is migrating a production database to EC2 and is concerned about performance interference from other tenants. Which EC2 tenancy option provides dedicated physical server isolation?

   • A) Shared tenancy
   • B) Dedicated Instance
   • C) Dedicated Host
   • D) Spot Instance

4. Which storage type is best for a shared filesystem that multiple EC2 instances need to access simultaneously?

   • A) S3 (object storage)
   • B) EBS (block storage)
   • C) EFS (file storage)
   • D) Instance Store

5. In the shared responsibility model, what does AWS secure?

   • A) Customer applications
   • B) Customer data
   • C) Security OF the cloud (physical infrastructure, hypervisor)
   • D) Customer IAM policies

6. Which database type uses ACID transactions and is best for complex queries with joins?

   • A) DynamoDB
   • B) Amazon RDS (relational)
   • C) ElastiCache
   • D) S3

7. A security auditor requires all traffic between an ALB and EC2 web servers to be encrypted. Which protocol and port combination should the security group allow from the ALB to the instances?

   • A) TCP 80
   • B) TCP 443
   • C) TCP 22
   • D) TCP 3389

8. A company needs to encrypt data at rest in S3. Compliance requires them to manage their own keys with annual rotation. Which S3 encryption option should be used?

   • A) SSE-S3
   • B) SSE-KMS with customer managed key
   • C) SSE-C
   • D) Client-side encryption

9. A company needs RTO of 15 minutes and RPO of 5 minutes. Which DR strategy is most appropriate?

   • A) Backup & Restore
   • B) Pilot Light
   • C) Warm Standby
   • D) Multi-Site Active-Active

10. Which AWS service provides VIRTUAL MACHINES in the cloud?

    • A) AWS Lambda
    • B) Amazon EC2
    • C) Amazon ECS
    • D) AWS Fargate

11. A company wants to use 10.0.0.0/22 as their VPC CIDR. How many usable IP addresses does this provide?

    • A) 1022
    • B) 1024
    • C) 4094
    • D) 4096

12. An application requires the lowest possible network latency between multiple EC2 instances. Which placement group strategy should be used?

    • A) Spread
    • B) Partition
    • C) Cluster
    • D) Distributed

13. Which S3 encryption option allows the customer to provide their own encryption keys?

    • A) SSE-S3
    • B) SSE-KMS
    • C) SSE-C
    • D) Client-side encryption

14. Which of the following is a characteristic of Amazon RDS over DynamoDB? (Select TWO)

    • A) Supports complex JOIN queries
    • B) Provides ACID transactions across multiple tables
    • C) Scales serverless to zero
    • D) Handles millions of requests per second
    • E) Stores unstructured JSON documents

15. What is the key difference between a Security Group and a Network ACL?

    • A) Security Groups are stateless; NACLs are stateful
    • B) Security Groups are stateful; NACLs are stateless
    • C) Both are stateful
    • D) Both are stateless

16. A company uses an Auto Scaling group across three Availability Zones. The minimum instance count is 3. If one AZ becomes unavailable, how many instances will remain healthy?

• A) 1
• B) 2
• C) 3
• D) 0

17. An organization needs an RTO of less than 15 minutes and an RPO of less than 1 minute. Which DR strategy is most appropriate?

    • A) Backup & Restore
    • B) Pilot Light
    • C) Warm Standby
    • D) Multi-Site Active-Active

18. Which OSI layer is responsible for routing packets between different networks?

    • A) Layer 2 — Data Link
    • B) Layer 3 — Network
    • C) Layer 4 — Transport
    • D) Layer 7 — Application

19. An EC2 instance needs to access an S3 bucket without storing long-term credentials on the instance. What is the BEST approach?

    • A) Store IAM access keys in a config file
    • B) Attach an IAM Role to the EC2 instance profile
    • C) Use an S3 bucket policy that allows public access
    • D) Hardcode credentials in the application code

20. Which is an advantage of horizontal scaling over vertical scaling?

    • A) Simpler application architecture
    • B) No theoretical limit to scaling capacity
    • C) Lower per-instance licensing costs
    • D) Easier to implement for stateful workloads

21. Which cloud model connects on-premises infrastructure to a public cloud provider via dedicated private networking?

    • A) Public Cloud
    • B) Private Cloud
    • C) Hybrid Cloud
    • D) Community Cloud

22. A company wants no upfront costs and the flexibility to stop using resources at any time. Which AWS pricing model should they choose?

    • A) Reserved Instances
    • B) Savings Plans
    • C) On-Demand
    • D) Spot Instances

23. Which statement accurately describes hashing compared to encryption?

    • A) Hashing is reversible; encryption is one-way
    • B) Encryption is reversible with a key; hashing is one-way
    • C) Both are reversible with the correct key
    • D) Both are one-way functions

24. A solutions architect needs block storage with the highest possible IOPS for a latency-sensitive database. Which option is BEST?

    • A) S3 Standard
    • B) EBS io2 Block Express
    • C) EFS General Purpose
    • D) S3 Glacier Deep Archive

25. In the shared responsibility model, which of the following is the customer’s responsibility?

    • A) Physical security of AWS data centers
    • B) Patching the EC2 instance operating system
    • C) Network cable maintenance
    • D) Hypervisor security

📚 Additional Resources#

• AWS Cloud Practitioner Essentials
• Subnet Calculator — practice CIDR calculations
• Linux Journey — free Linux basics course
• Networking Basics (Cisco)

Next → 🚀 Start Here: Your AWS Learning Journey