Fixed punctuation, spelling

docs/10_Deployment_and_Operations/10a_Monitoring/CloudWatch.md

@@ -17,4 +17,4 @@
     * CWAgent.
     * Route 53 Logging:
       * Only works for public hosted zones.
-    * S3 Logging:
+    * S3 Logging

docs/10_Deployment_and_Operations/10a_Monitoring/Trusted_Advisor.md

@@ -10,4 +10,4 @@
     * MFA on Root account.
     * EBS public snapshots.
     * RDS public snapshots.
-    * 50 service limit checks.
+    * 50 service limit checks.

docs/10_Deployment_and_Operations/10b_Systems_Manager/Patch_Manager.md

@@ -12,18 +12,18 @@
           AWS-WindowsPredefinedPatchBaseline-OS - Critical and security updates
           AWS-WindowsPredefinedPatchBaseline-OS-Applications - Critical and security updates + MS app updates
     * Patch Groups
-      * Groups of resources in SSM, which resources to patch
+      * Groups of resources in SSM, which resources to patch.
     * Maintenance Windows
-      * When to apply patches
+      * When to apply patches.
     * Run Command
-      * How patches are actually installed
+      * How patches are actually installed.
     * Concurrency & Error Threshold
-      * How many to patch and how many errors to tolerate before   failing.
+      * How many to patch and how many errors to tolerate before failing.
     * Compliance
       * Is it compliant with a set of standards?
   * **Architecture:**
-    * (1) Define Patch Baselines - What gets installed
+    * (1) Define Patch Baselines - What gets installed.
     * (2) Create Patch groups - Targets for patch tasks.
     * (3) Maintenance windows - Define schedule, duration, targets and tasks.
     * (4) AWS-RunPatchBaseline runs with a baseline and targets.
-    * (5) Checks for compliance using Systems Manager Inventory
+    * (5) Checks for compliance using Systems Manager Inventory.

docs/10_Deployment_and_Operations/10b_Systems_Manager/SSM_Parameters_Store.md

@@ -3,5 +3,5 @@
 * [Return to table of contents](../../../README.md)
 
 * **Exam Tips:**
-  * Store data hierarchically
-  * Serverless, resilient, and scalable
+  * Store data hierarchically.
+  * Serverless, resilient, and scalable.

docs/10_Deployment_and_Operations/10c_CloudFormation/CloudFormation_DR.md

@@ -10,4 +10,4 @@
     * Backup and Restore
     * Pilot light
     * Warm standby
-  * CloudFormation can be used to do this
+  * CloudFormation can be used to do this.

docs/10_Deployment_and_Operations/10d_Elastic_Beanstalk/Elastic_Beanstalk_Overview.md

@@ -15,13 +15,13 @@
       * Go, Java SE, Tomcat
       * .NET Core (Linux) & .NET (Windows)
       * Node.js, PHP, Python & Ruby
-      * Single container Docker & multicontainer Docker
+      * Single container Docker & multicontainer Docker.
       * Preconfigured Docker
     * Hashicorp Packer = Custom EB
   * Focus on code, low infrastructure.
   * Fully customizable - uses AWS products under the covers.
   * Will require app changes.
-  * Keep databases outside of Elastic Beanstalk
+  * Keep databases outside of Elastic Beanstalk.
   * **Application:**
     * Container of environments, versions, environment configurations.
     * An application can have Web Server or Worker environments.

docs/10_Deployment_and_Operations/10e_OpsWorks/OpWorks_Overview.md

@@ -15,7 +15,7 @@
 
 * **Exam Tips:**
   * Pretty much only choose when you need Chef or Puppet.
-    * When you already have one
+    * When you already have one.
     * Requirement to automate
     * If Recipes, Cookbook or Manifests are mentioned.
   * Global service, but you can choose the region to deploy into.
@@ -26,7 +26,7 @@
   * **Recipes and Cookbooks:**
     * Github
   * **Stacks:**
-    * Top level construct
+    * Top level construct.
     * Type (Dev, Prod) or function (Finance, Management) of a system.
     * Can run custom chef cookbooks but need to point it at a repository.
     * Uses instance roles for the instances it creates.

docs/11_Migrations_and_Hybrid_Architectures/11b_AWS_Snow/Snowball_Snowmobile.md

@@ -11,22 +11,22 @@
 * **Exam Tips:**
   * **Snowball:**
     * 50 TB or 80 TB per device.
-    * Use when transferring more than 10 TB
+    * Use when transferring more than 10 TB.
     * Can chain together to get more capacity.
-    * Faster than internet/Direct Connect/VPN
+    * Faster than internet/Direct Connect/VPN.
   * **Snowball Edge:**
-    * Up to 100 TB per device - Storage Optimized
+    * Up to 100 TB per device - Storage Optimized.
     * Provide local computer services, running processes at the edge:
       * Lambda functions
       * EC2 Instances
     * **Three versions:**
-      * Storage Optimized - 100 TB with 80 TB usable
-      * Compute Optimized - Super fast nvme SSD
-      * Compute Optimized with GPU - Analytics
+      * Storage Optimized - 100 TB with 80 TB usable.
+      * Compute Optimized - Super fast nvme SSD.
+      * Compute Optimized with GPU - Analytics.
   * **Snowmobile:**
     * 100 PB per Snowmobile, can be used in parallel.
-    * Mobile data center
-    * Data center migrations
+    * Mobile data center.
+    * Data center migrations.
     * Use when transferring more than 10 PB.
       * Less than 10 PB use one or more Snowball/Snowball Edge.
       * Multiple locations - Same as above.

docs/12_Application_Intergration/12a_SQS/SQS_Overview.md

@@ -7,7 +7,7 @@
   * Messages up to 256KB in size - link to large data.
   * Received messages are hidden (VisibilityTimeout)
     * The messages either reappear (retry) or are explicitly deleted.
-  * Dead-Letter queues can be used fro problem messages.
+  * Dead-Letter queues can be used for problem messages.
   * Allows for distributed/decoupled application components.
   * ASG can grow based on queue size.
   * Lambda functions can replace the role of worker instances, polling and processing messages.

docs/12_Application_Intergration/12c_MQ/MQ_Essentials.md

@@ -15,5 +15,5 @@
   * **Use Cases:**
     * For scenarios where a messaging system is already developed and needs to be moved to the cloud.
     * Default to SNS or SQS for most new implementations.
-    * SNS or SQS if AWS integration is required (logging, permissions, encryption, service integration.)
+    * SNS or SQS if AWS integration is required (logging, permissions, encryption, service integration).
     * Used Amazon MQ if you need to use JMI API, AMQP, MQTT, OpenWire or STOMP.

docs/12_Application_Intergration/12e_Step_Functions/Step_Functions.md

@@ -1,4 +1,6 @@
+# Step Functions
+
 * [Return to table of contents](../../../README.md)
 
 * **Exam Tips:**
-  * Standard is default execution time and has a lifespan of up to 1 year.
+  * Standard is default execution time and has a lifespan of up to 1 year.

docs/2_Accounts/2c_Billing_Models/Billing.md

@@ -11,12 +11,12 @@
     * Default
     * Pay for what you consume.
     * Per second billing.
-    * no capacity reservation
-    * no discount.
-    * Use:
-      * Short term workloads
-      * Unknown workloads
-      * Apps which cannot be interrupted
+    * No capacity reservation.
+    * No discount.
+    * Usage:
+      * Short term workloads.
+      * Unknown workloads.
+      * Apps which cannot be interrupted.
   * **2. Reserved**
     * 12 or 36-month term
       * All Upfront (best cost advantages), Partial Upfront, and No Upfront.

docs/2_Accounts/2d_Advanced_Identity_in_AWS/Identity_Federation.md

@@ -10,17 +10,17 @@
   * Access console as well as cli and api:
     * Use ```AssumeRoleWithSAML```
   * **SAML 2.0:**
-    * Indirectly use on-premises IDs with AWS (Console and CLI)
-    * Used when using an Enterprise Identity Provider that is also SAML 2.0 compatible
+    * Indirectly use on-premises IDs with AWS (Console and CLI).
+    * Used when using an Enterprise Identity Provider that is also SAML 2.0 compatible.
     * Existing identity management team.
     * Desire single source of truth for users, and/or more than 5,000 users.
-    * If a question mentions Google, Facebook, Web, etc, SAML 2.0 is not the correct option.
+    * If a question mentions Google, Facebook, Web, etc, SAML 2.0 is NOT the correct option.
     * Assumes a IAM Role and used AWS Temporary Credentials which have 12 hour validity.
   * **AWS SSO:**
     * Flexible Identity source.
     * Has a built-in identity store.
     * On-Prem AD (Two way trust or AD connector)
-    * Preferred by AWS to SAML 2.0
+    * Preferred by AWS to SAML 2.0.
     * Work place vs customer identities:
       * Customer - Web Apps, Google, Twitter - Cognito
       * Workplace - AWS SSO

docs/3_Networking/3a_VPC_Essentials/Egress-Only_Gateways.md

@@ -1,4 +1,4 @@
-# Egress-Only Gateways
+# Egress-Only Internet Gateways
 
 * [Return to table of contents](../../../README.md)
 
@@ -8,6 +8,6 @@
 
 * **Exam Tips:**
   * With IPv6 all subnets are essentially public.
-  * Known when to integrate an EGW:
+  * Known when to integrate an EIGW:
     * When wanting to allow outbound only IPv6 traffic.
     * Not used for IPv4, that would be a NAT Gateway.

docs/3_Networking/3a_VPC_Essentials/NACLs.md

@@ -11,8 +11,9 @@
   * Once a rule matches, it applies the rule and stops.
 
 * **Exam Tips:**
-  * Subnets can only be associated with one NACL
+  * Subnets can only be associated with one NACL.
   * Stateless.
   * Exam gotcha, troubleshoot connectivity between EC2 instances in the same subnet, a NACL does not restrict this.
-  * Traffic within a subnet, EC2 instance to EC2 instance, would not be affected. It only affects traffic that crosses a subnet boundary.
+  * Traffic within a subnet, EC2 instance to EC2 instance, would not be affected.
+    * It only affects traffic that crosses a subnet boundary.
   * Default for custom NACLs is deny everything.

docs/3_Networking/3a_VPC_Essentials/Security_Groups.md

@@ -13,9 +13,10 @@
 * **Exam Tips:**
   * Not able to explicitly deny traffic.
   * Does not work on DNS names:
-    * Logical resources
+  * Works with:
+    * Logical resources.
     * IPs
-    * CIDR ranges
+    * CIDR ranges.
   * Unless explicitly allowed, there is a hidden implicit deny.
   * Any other logical resources can be referenced.
   * Able to add functional, role based security.

docs/3_Networking/3a_VPC_Essentials/VPC_Flow_Logs.md

@@ -26,7 +26,7 @@
   * What isn't logged:
     * DHCP.
     * AWS DNS.
-    * Meteadata.
+    * Metadata.
     * License Activation Requests.
   * Destinations:
     * CWLogs.

docs/3_Networking/3a_VPC_Essentials/VPC_Routing.md

@@ -10,6 +10,6 @@
   * The MAIN RT is the implicit and default route table for subnets.
   * Priority of Routes:
     * (1.) Longest prefix wins
-      * More specific routes always win
+      * More specific routes always win.
     * (2.) Static routes
     * (3.) Propagated routes

docs/3_Networking/3b_Advanced_VPC_Networking/Direct_Connect.md

@@ -10,7 +10,7 @@
   * [AWS Direct Connect Gateway – Inter-Region VPC Access](https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/)
 
 * **Exam Notes:**
-  * Terrabytes of data? Direct Connect.
+  * Terabytes of data? Direct Connect.
   * Remember the set up time required - Weeks to months.
   * Connections over a Direct Connect are _not_ encrypted.
   * Private VIFs are a one-to-one connection.
@@ -23,32 +23,32 @@
     * DX location
   * AWS allocates a DX port in the DX location
     * 1000-Base-LX or 10GBASE-LR
-  * Request a cross-connect into your network (You router)
+  * Request a cross-connect into your network (Your router).
   * Private VIF connects to a Virtual Private Gateway (VGW).
   * Public VIF, public zone services but not internet.
   * **From AWS:**
     * 1Gbps => 10Gbps
   * **From Partner:**
     * Ranges of speeds: 50Mbps => 10Gbps
-    * Hosted connection - a DX connection with _one_ VIF
+    * Hosted connection - a DX connection with _one_ .
     * Hosted VIF - Single VIF with shared bandwidth*
   * **MISC:**
     * Direct connect offers no encryption!
       * Any data transiting unless encrypted by an application is not encrypted.
-    * Provision DX, provision public VIF and the create a site-to-site VPN across   the VPN.
-    * No sharing internet data cap
-    * No sharing internet bandwidth
+    * Provision DX, provision public VIF and the create a site-to-site VPN across the VPN.
+    * No sharing internet data cap.
+    * No sharing internet bandwidth.
     * No transit over the internet - low/consistent latency.
-    * Cheaper data transfer / faster speeds
+    * Cheaper data transfer / faster speeds.
   * **Link Aggregation Groups (LAGS):**
     * Multiple physical connections act as one - Speed * n
       * Provide less admin overhead, more speed, but not really more resilience.
     * Max of 4 connections per LAG
       * All must be same **speed**
-      * Must terminate at same location
-    * Lag active as long as MinimumLinks attribute is healthy
+      * Must terminate at same location.
+    * Lag active as long as MinimumLinks attribute is healthy.
   * **Transit VIFS:**
-    * Public VIF can access all AWS public regions
+    * Public VIF can access all AWS public .
       * VLAN and BGP session.
     * Private VIF can only access VPC's in the same AWS region via VGWs.
   * **DX Gateway:**

docs/3_Networking/3b_Advanced_VPC_Networking/Private_Link.md

@@ -3,7 +3,7 @@
 * [Return to table of contents](../../../README.md)
 
 * **Exam Tips:**
-  * HA via multiple endpoints
+  * HA via multiple endpoints.
   * IPv4 & TCP only (IPv6 isn't supported)
   * Private DNS is supported.
-  * Direct connect, site-to-site vnp and VPC peer
+  * Direct connect, site-to-site VPN and VPC peer.

docs/3_Networking/3b_Advanced_VPC_Networking/VPC_Structure.md

@@ -8,7 +8,7 @@
       * Cost effective, cost effective, cost effective!
       * How to calculate required AZ
         * Most questions ask about designing a solution that can tolerate 1 AZ  failure, which is called the buffer AZ.
-        * AZs in region (6) minus buffer AZx (1) = 5 (Nominal AZs)
+        * AZs in region (6) minus buffer AZs (1) = 5 (Nominal AZs)
         * Min app requirements? 5 nominal instances in this example
         * Nominal instances / nominal AZs (5/5) = Optimal 1 per AZ
       * Pay attention to min AZ vs cost effective.
@@ -19,7 +19,7 @@
     * Ignore HA to start with.
     * How many subnets does your app need?
     * Public & private addressing, and security can be controlled with one subnet.
-    * Different routing = multiple subnets
+    * Different routing = multiple subnets.
     * Internet-facing ALBs can communicate with private instances.
       * Needs to run from public subnets.
     * N of app subnets * AZs = number of subnets needed.

docs/3_Networking/3b_Advanced_VPC_Networking/VPNS.md

@@ -6,11 +6,11 @@
   * [AWS VPN Solutions](https://www.youtube.com/watch?v=qmKkbuS9gRs)
 
 * **Exam Tips:**
-  * When to use a VPN
+  * When to use a VPN.
   * Know the architecture.
     * BGP required for dual vpn tunnels.
   * Can be done in minutes.
-    * As opposed to direct-connect
+    * As opposed to direct-connect.
   * Per hour cost.
   * Data cost for outbound data.
   * Generally limited by CGW.
@@ -19,14 +19,14 @@
   * Route Table Priorities
     * (1.) Local route.
     * (2.) Static routes.
-    * (3.) Direct Connect routes learned from BGP
+    * (3.) Direct Connect routes learned from BGP.
     * (4.) Statically configured VPN route.
-    * (5.) VPN routes learned from BPG
+    * (5.) VPN routes learned from BPG.
   * Quick to set up (possibly under an hour)
   * Virtual Private Gateway:
     * Actually physical
   * Max throughput of ~ 1.25Gbps
-  * Latency considerations - inconsistent, public internet
-  * Hourly cost, GB out cost, data cap (on premises)
+  * Latency considerations - inconsistent, public internet.
+  * Hourly cost, GB out cost, data cap (on premises).
   * Can be used as a backup for Direct Connect.
   * Can be used on top of Direct Connect for security, providing encryption.

docs/4_Security/4a_Account_Service_Security/Certificate_Manager_ACM.md

@@ -7,7 +7,7 @@
   * [ACM FAQs](https://aws.amazon.com/certificate-manager/faqs/)
 
 * **Exam Tips:**
-  * Certs cannot leave the region they are generated or imported in.
+  * Certs CANNOT leave the region they are generated or imported in.
   * Need to be aware of the architect of ACM, not implementation.
   * Natively integrates.
   * Cannot use on EC2 instances.

docs/4_Security/4a_Account_Service_Security/CloudHSM.md

@@ -7,7 +7,7 @@
 
 * **Exam Tips:**
   * Behind the scenes it uses Hardware Security Module (HSM)
-    * A true "single tenant" HSM
+    * A true "single tenant" HSM.
     * AWS provisioned but fully customer managed.
   * Be mindful of requirements for, CloudHSM supports them:
     * If the solution requires these services, you cannot use KMS!

docs/4_Security/4a_Account_Service_Security/Directory_Service.md

@@ -21,7 +21,7 @@
     * Native schema extensions? Microsoft AD mode.
   * **Simple AD:**
   * **AD Connector:**
-    * A pair of directory endpoints running in AWS (ENIs in a VPC)
+    * A pair of directory endpoints running in AWS (ENIs in a VPC).
     * Supports directory aware AWS products.
     * Requires a working network connection.
     * AD connector is good for proof-of-concept or fast deployment.

docs/4_Security/4a_Account_Service_Security/Key_Management_Service_KMS.md

@@ -22,6 +22,6 @@
     * Don't have to give S3 users access to decrypt.
     * FIPS 140-2 compliant service? Use KMS as it supports up to level 2.
     * Can only be managed by AWS APIs.
-    * CMKs can only be used fro up to 4KB of data.
-    * CMKs support rotation
-    * CMKs are more configurable
+    * CMKs can only be used for up to 4KB of data.
+    * CMKs support rotation.
+    * CMKs are more configurable.