AWS SUMMARY

TOPIC SUMMARY
AVAILABILITY - Physical data centres where compute, storage,
ZONES network and database resources are hosted.
- Multiple data centre forms a single AZ.
- Each AZ is geographically located within the
same are linked by highly resilient and low
latency.
- These connections are used by AWS services
to replicate data for high availability and
resilience.

HIGN - By architecting your solutions across more

AVAILABILITY than one AZ, ensures minimal to no impact in
infrastructure in case of an AZ failure.
- Best practice to use at least two AZs in a
region.

REGIONS - Collection of availability zones that are

geographically located close to one another.
- Each region will act independently and will
contain at least two AZs.
- Currently 32 regions and 102 AZ.

EDGE - Aws sites strategically deployed in major

LOCATIONS cities and highly populated areas worldwide.
- Not used to deploy infrastructure like EC2,
VPCs but rather by services like CloudFront,
Lambda@Edge to cache data and reduce
latency for end-users.
- Role of edge location is delivering seamless
and fast user experience.
 LOCAL - Positioned near highly populated areas
ZONES without an AWS Region nearby.
- These zones provide ultra-low latency and
cater data residency requirements.
- Seamlessly connected to parent regions.
- Via secure, dedicated high speed connection.

WAVELENGTH - They are embedded within 5G mobile

broadband networks and are deployed within
the data centers of large telecommunications
providers.
- Offers ultra-low latency and increased
reliability for 5g applications like live video
streaming and interactive gaming.
- Resources that can be deployed to
Wavelength are VPC subnets, EC2 and EBS
volumes.

OUTPOSTS - Brings the same hardware used by AWS

within their data centers to your on-premises
data center, allowing you to use native AWS
services including EC2, ECS, EKS, S3, RDS
and EMR on-premises.
- Connected to AWS either a Direct Connect or
VPN connection.
- Fully managed so no need of patch
management and software updates.
- To place an order, you must have either an
Enterprise or Enterprise On-Ramp support
plan.

COMPUTE - Brains and processing power required by

applications and systems to carry out
computational tasks via a series of
instructions.
- Includes common servers like CPUs and
RAM.
 - In AWS, from hundreds of EC2 to serverless
Lambda functions.
- These resources can be consumed in different
quantities and for different lengths of time,
depending on your business requirements.

EC2 - Fundamental compute services within AWS,

ELASTIC allowing you to deploy virtual servers within
CLOUD your environment.
COMPUTE - IaaS.

AMI - Templates of pre-configured ec2, enabling

AMAZON you to quickly launch new instances based on
MACHINE the defined configuration.
IMAGES - Can get from AWS Marketplace and
Community AMIs.

INSTANCE - Size of the instance based on parameters like

TYPES CPUs, memory and storage.

PURCHASING - On-demand instances

OPTIONS - Spot instances
- Reserved instances
- On-demand Capacity Reservations

EC2 TENANCY - By default, instances run with shared tenancy.

- But dedicated tenancy option like Dedicated
Instances and Dedicated Hosts are available
for specific security and compliance needs.

ECS - Allows you to run Docker-enabled

ELASTIC applications packaged as containers across a
CONTAINER cluster of EC2 instances without the need to
SERVICE manage a complex cluster management
system.
- Reduces the burden of managing your own
cluster management system by passing that
 responsibility to AWS, specifically through
the use of AWS Fargate.
- 2 deployment models: Fargate and EC2.
- Monitoring through use of CLOUDWATCH,
which monitors metrics against containers
and cluster.
- The cluster is dynamically scalable i.e. start
cluster as a single small instance but can scale
to 1000s of larger instances.

FARGATE - do not provision the infrastructure (no EC2

instances to manage)– simpler!
- Serverless

ECR - Consist of several key components, including

ELASTIC registry, authorization token, repository,
CONTAINER repository policy and image.
REGISTRY - (Private Docker Registry) Registry is where
you can host and store your docker images
and it comes with a default URL within your
AWS Account.
- Authentication: To access the registry, docker
client needs to authenticated as an AWS user
using authentication token that is obtained by
running the get login command using AWS
CLI.
- Security: Access to registry and images can
be controlled via IAM policies and repository
policies. Can Assign permissions to each
repository, controlling actions.

EKS - Kubernetes is an Open-source container

ELATIC orchestration tool designed to automate,
CONTAINER deploy, scale and operate containerized
SERVICES FOR applications.
KUBERNETES - With EKS, AWS provides managed service
allowing to run Kubernetes across AWS
 infrastructure without provisioning and
running Kubernetes management
infrastructure i.e. control plane.
- To start EKS service, you need you create
EKS Service Role, an EKS Cluster VPC,
install kubectl and AWS-IAM-Authenticator.

ELASTIC - AWS managed service that simplifies the

BEANSTLK process of deploying, provisioning,
monitoring and scaling a production
environment to run web applications.
- Handles the provisioning and deployment of
necessary AWS resources such as EC2
instances, Auto Scaling Groups, RDS
database instances and ELB.
- PaaS.
- Free but pay for underlying instances like
EC2 and ALB-Application Load Balancers.
- Core components: Environment, versions and
environment configurations.
LAMBDA - Focusing solely on your code and business
logic without the burden of infrastructure
maintenance and administration.
- 3 major parts: input, function itself, output.
- Flexibility to choose from variety of runtimes
like Java, Go, PowerShell, Node.js, python,
Ruby.
- FaaS.
- Pricing: Pay per request and compute time.
- Event-Driven: function get invoked by AWS
when needed.
- AWS Lambda offers seamless, cost-effective
solution for running your application code.

BATCH - Designed to handle batch computing

workloads that require a large amount of
compute power spread across a cluster of
 resources.
- A “batch” job is a job with a start and an end -
opposed to continuous.
- Ideal for tasks like training ML models and
conducting large scale data analysis.
- Consists of: Jobs, job definition, job Queues
and Compute environment. These
components work together to define, schedule
and execute batch computing workloads.
- Dynamically launch EC2 instances or Spot
Instances.

LIGHTSAIL - Virtual private server or VPS backed by AW

infrastructure designed to be simple, quick
and very easy to use at a low price point for
small scale use cases.
- Can run multiple LightSail instances together,
connect to other AWS resources and access it
either via AWS console or directly through
LightSail homepage.
- To create a new instance simply select your
region, platform, blueprint, script, key pair
and instance plan.
- Provides a lightweight, cost-effective solution
for small project and use cases.

AWS - Easily provision, manage, and deploy

CERTIFICATE SSL/TLS Certificates.
MANAGER - Used to provide in-flight encryption for
websites (HTTPS).
- Supports both public and private TLS
certificates.
- Free of charge for public TLS certificates.
- Automatic TLS certificate renewal.
- Integrations with (load TLS certificates on)
• Elastic Load Balancers
• CloudFront Distributions
 • APIs on API Gateway

ELB - Evenly distribute inbound requests across a

ELASTIC group of targets such as EC2, Lambda, Ip
LOAD address, Container.
BALANCER - Evenly distributes traffic across multiple
instances providing high availability and
automatic scaling.
- Types: Application load balancer, Network
load balancer, Gateway load Balancer, Classic
load balancer.
- Essential components: Listeners, Target
Groups, Rules and Health Checks.

ALB - Operates at Layer 7, the application layer of

APPLICATION OSI model.
LOAD - HTTP Routing features.
BALANCER - Static DNS (URL)

NLB - TCP or UDP protocols at Layer 4.

NETWORK - High Performance: Millions of requests per
LOAD seconds.
BALANCER - Static IP through Elastic IP.

GLB - GENEVE Protocol on IP Packets Layer 3.

GATEWAY - Route traffic to Firewalls that you manage on
LOAD EC2 instances.
BALANCER - Intrusion Detection.

CLB - Old.
CLASSIC - Supports TCP, SSL or TLS, HTTP and
LOAD HTTPS protocols
BALANCER - Best practice to use ALB over CLB unless
you have an existing application running in
EC2 – Classic network.
EC2 AUTO - Mechanism that automatically adjusts EC2
SCALING resources based on custom defined metrics
 and thresholds.
- Allows to increase or decrease your EC2 fleet
to meet demand, ensuring optimal
performance and cost efficiency.

AUTO - Manual Scaling: Update the size of an ASG

SCALING - manually.
STRATEGIES - Dynamic Scaling: Respond to changing
demand.

Simple / Step Scaling: When a CloudWatch

alarm is triggered (example CPU > 70%),
then add 2 units.
When a CloudWatch alarm is triggered
(example CPU < 30%), then remove 1.

Target Tracking Scaling: Example: I want the

average ASG CPU to stay at around 40%.

Scheduled Scaling: Anticipate a scaling based

on known usage patterns.
Example: increase the min. capacity to 10 at 5
pm on Fridays.

- Predictive Scaling: Uses Machine Learning

to predict future traffic ahead of time.
Automatically provisions the right number of
EC2 instances in advance.

ELB Elastic Load Balancer EC2 Auto Scaling

VS. Dynamically manages Elastically scales those
EC2 AUTO loads across resources target groups based on
SCALING based on target groups infrastructure demand.
and rules.
Combining ELB and Auto Scaling helps manage
and automatically scale EC2 compute resources.
When attached ELB automatically detect
 instances and distribute traffic to the resources in
the ASG.

S3 - Fully manages, Object based service provided

SIMPLE by AWS.
STORAGE - Offers unlimited storage capabilities and
SERVICE durability of 11 9’s% making data loss
extremely rare.
- When uploading data, you specify the
regional location and S3 stores and duplicates
your data across multiple availability zones
within that region.

BUCKETS - Amazon S3 allows people to store objects

(files) in “buckets” (directories).
- Buckets must have a globally unique name
(across all regions all accounts).
- Buckets are defined at the region level.
- S3 looks like a global service but buckets are
created in a region.
- Naming convention:
• No uppercase, No underscore
• 3-63 characters long
• Not an IP
• Must start with lowercase letter or number
• Must NOT start with the prefix xn--
• Must NOT end with the suffix -s3alia
OBJECTS - Objects (files) have a Key.
- The key is the FULL path:
s3://my-bucket/my_folder1/folder2/
my_file.txt
- The key is composed of prefix + object name.
- There’s no concept of “directories” within
buckets although the UI will trick you to
think otherwise.
- Just keys with very long names that contain
slashes.
S3 STORAGE - S3 Standard:
CLASSES a. 99.99 percent Availability.
b. Used for frequent accessed data.
c. Low latency and high throughput.
d. Sustain 2 concurrent facility failure.
e. Use cases: Big Data analytics, content
distribution.

- S3 Infrequent Access:
Lower cost than S3 standard.
a. S3 Standard-IA:
i. 99.99 percent Availability
ii. Use cases: Disaster recovery,
Backups.
b. S3 One Zone-IA:
i. High Durability 99.999999999
percent in a single AZ; data lost
when AZ is destroyed
ii. 99.5 percent Availability.

- S3 Intelligent Tiering:
a. Small monthly monitoring and auto-tiering
fee.
b. Perfect for unpredictable data access
patterns.
c. Moves objects automatically between
Access Tiers based on usage
d. There are no retrieval charges in S3
Intelligent-Tiering.

- S3 Glacier:
Pricing- price of storage + object retrieval
cost.
a. S3 Glacier Instant Retrieval:
i. Millisecond retrieval, great for data
accessed once a quarter.
ii. Minimum storage duration of 90 days
 b. S3 Glacier Flexible Retrieval:
i. Expedited ~ 1 to 5 minutes, Standard
~ 3 to 5 hours, Bulk ~ 5 to 12 hours –
free.
ii. Minimum storage duration of 90 days
c. Glacier Deep Archive:
i. Standard ~ 12 hours, Bulk ~ 48
hours.
ii. Minimum storage duration of 180
days.

EBS - Provides persistent and durable block level

ELASTIC storage offering flexibility in managing data.
BLOCK STORE - EBS volumes are attached to your EC2
instances and are used for rapidly changing
data that may require a specific Input/Output
Operations per second rate – IOPS.
- EBS offers point in time backups known as
SNAPSHOTS.
- 2 Types of EBS volumes: SSD, HDD.
- Security through encryption using AES-256
encryption algorithm and interacting with
KMS for encryption process.

EFS - Fully managed, highly available and durable

ELASTIC FILE service that provide simple, scalable file
SYSTEM storage for use with EC2 instances.
- Linux based.
- Supports access by multiple instances at once.
- Designed to maintain high level throughput
and low latency access.

THROUGH - Bursting throughput:

PUT MODES Scales as your file system grows.
- Provisioned throughput:
Allows you to burst above your allocated
allowance based on your file system size.
 EFS - Standard:
STORAGE Default storage used when using EFS.
CLASS - Infrequent access:
Used for data i.e. rarely accessed offering a
cost-effective reduction on your storage.
- 92 percent lower cost.
- Enable EFS-IA with a Lifecycle Policy.

FSX - Windows:
Highly scalable, fully managed file storage
solution i.e. accessible over SMB protocol.
- Linux: Lustre
Build for high performance computing
providing extremely fast file storage with up
to 100 GB per second of throughput.

CLOUD - If your data is located on premises but you

BURSTING lack necessary compute resources, FSx can
help you seamlessly burst into the cloud for
additional resources you need.
- With FSx you can find perfect file system
solution tailored to your specific use case.

STORAGE - The gateway can be deployed as a VM, a

GATEWAY hardware appliance or in AWS environment
as an EC2 instance.
- 4 types:
a. S3 File Gateway
b. FSx File Gateway
c. Tape Gateway
d. Volume Gateway

ELASTIC - Service that enables you to recover from

DISASTER application failures in physical or virtual
RECOVERY servers hosted in on-premises data centers or
cloud providers.
 - Allows to save cost by utilizing AWS
resources in the cloud instead of maintaining
an expensive physical disaster recovery site.
- With DRS, you only pay for recovery site
resources when they are in use either during a
drill or actual failover.
- It fully integrates with AWS Management
Console and supports integration with other
AWS services like IAM, CLOUDWATCH,
CLOUDTRAIL.

VERTICAL - Means increasing the size of the instance.

SCALABILITY - Example: t2.micro ----- t2.large.
- Common for non-distributed system like
database.

HORIZONTAL - means increasing the number of instances or

SCALAILITY systems for your application.
- implies distributed systems.
- common for web applications or modern
applications.

OLTP VS. Operation application Analytical application

OLAP OLTP OLAP
Centered around Run-on demand for
regular repeatable things like business
business processes. intelligence workloads
and data analysis.
RDS - Managed service that simplifies the
RELATIONAL provisioning and scaling of relational
DATABSE databases with AWS.
- OLTP.
- Fixed Schema
- Vertical Scaling.
- MySQL, MariaDB, PostgreSQL, Oracle…
 RDS - Read replica:
DEPLOYMENT • Scale the read workload of your DB
• Can create up to 15 Read Replicas
• Data is only written to the main DB
- Multi-AZ:
• Failover in case of AZ outage (high
availability)
• Data is only read/written to the main
database
• Can only have 1 other AZ as failover
- Multi-Region:
• Disaster recovery in case of region
issue
• Local performance for global reads
• Replication cost

AURORA - 5x MySQl, 3x ProstgreSQl

- Serverless
- No capacity planning needed
- Pay per second can be more cost effective.

ELASTIC - In-memory database.

CACHE - ElastiCache is to get managed Redis or
Memcached
- Provide ultra-fast, low-latency access to data
storage in memory

DYNAMO DB - Key/value DB.

- Serverless, fully managed.
- NoSQL.
- Horizontal Scaling
- Schemaless.

REDSHIFT - OLAP
- Data Warehouse
 EMR - Hadoop Cluster

ATHENA - Query data on S3

- Serverless
- SQL

QUICKSIGHT - Dashboards on your data

- Serverless

DOCUMENTDB - Aurora for MongoDB

- Json – NoSQL data DB

MANAGED - Managed Hyperledger Fabric and Ethereum

BLOACKCHAI blockchains.
N
GLUE - Manages ETL – Extract Transform Load
- Data Catalog Service

DATABASE -
MIGRATION
NEPTUNE - Great for Graph DB, fraud detection, social
networking.
- Highly available across 3 AZ, with up to 15
read replicas
- optimized for these complex and hard queries

TIMESTREAM - Time series DB

- Automatically scales up/down to adjust
capacity.
- Store and analyse trillions of events per day.

VPC - Own isolated segment of AWS Cloud,

providing a secure environment for deploying
resources like compute, storage, databases
and network infrastructure.
- When you create a VPC, its completely
 isolated, accessible only by your own AWS
account.
- Each AWS account can have up to 5 VPCs
per region.

SUBNETS - Subnets reside inside you VPC allowing you

to segment your VPC infrastructure into
multiple different networks.
- PUBLIC SUBNETS:
Accessible from outside the VPC. To make
subnet public you need to add an INTERNET
GATEWAY and configure the route table to
allow the subnet access the internet.
- To define access to the internet and between
subnets, we use Route Tables.
- PRIVATE SUBNETS:
Considered private and inaccessible by
default from the internet.

NACL - Operates at subnet level.

NETWORK - They act as virtual network level firewalls for
ACCESS each subnet controlling both inbound and
CONTROL outbound traffic.
LISTS - Filter traffic at network layer.
- Can have ALLOW and DENY rules.
- Rules only include IP address.

SECURITY - Operate at instance level.

GROUPS - Allowing you to control traffic to and from
specific instances.
- They are more specific and flexible compared
to NACL, therefore ideal for controlling
access to DB and other resources.
- Can only have ALLOW rules.
- Rules only include IP address and other
security groups.
 INTERNET - Helps VPC instances connect with the
GATEWAYS internet.
- Public subnets.
NAT - In AWS VPC, NAT GATEWAY allows
GATEWAYS instances within a private subnet to access the
AND internet while blocking all incoming
NAT initiations from the internet.
INSTANCE - NAT INSTANCES is self-managed.
- Private subnets.

VPN - VPN is a secure way of connecting 2 remote

VIRTUAL networks across the internet.
PRIVATE - It is a powerful tool for enabling secure
NETWORK communication between resources in a
private subnet and on-premise data centers.
- To setup VPN, you will need to create a
VIRTUAL GATEWAY in VPC and a
CUSTOMER GATEWAY in data center.

DIRECT - Direct connect doesn’t uses internet i.e.

CONNECT Establish a physical connection between on-
premises and AWS.
- Goes over private network.
- Takes at least a month to establish.
- It is a method of connecting your remote
location directly to your AWS environment
using private infrastructure.

SITE TO SITE - Connect on-premise VPN to AWS.

VPN - The connection automatically encrypted.
- Goes over public internet.
VPC PEERING - Allows to connect 2 VPCs together, enabling
communication between resources in each
VPC whether they are in same region or
different regions.
- One-to-one connection i.e. each VPC can
 only be connected to one other VPC
- Ip address should not overlap during
connection.

TRANSIT - You can connect all your VPCs and remote

GATEWAY location through a central hub, reducing the
complexity of managing multiple
connections.
- This centralization allows for easier
monitoring of network traffic and
connectivity through single dashboards.

DNS - It is like a phonebook of the internet,

DOMAIN translating domain names to IP addresses.
NAME
SYSTEM
ROUTE 53: - Amazon’s highly available and scalable
DNS domain name system, offering secure and
reliable routing of requests.
- It is managed through a global network of
authorization DNS servers reducing latency
and providing secure routing.

CLOUDFRONT - Designed to speed up the distribution of your

: CDN static and dynamic content through a network
of edge locations worldwide.
- CloudFront routes the request to the closest
edge location reducing latency and delivery
the best performance through cached data.
- DDoS protection, integration with shield,
AWS web application firewall.
GLOBAL - Efficiently routes UDP and TCP traffic from
ACCELATOR end user clients to applications leveraging
AWSs global infrastructure and specific
endpoints.
CLOUD - Accelerates digital
ADOPTION - transformation to the AWS cloud, offering
FRAMEWORK benefits like reduced business risk and
improved operational efficiency.
- 6 perspectives:
a. Business
b. People
c. Governance
d. Platform
e. Security
f. Operations

7 R’S - Rehosting
- Repurchasing
- Refactoring or Rearchitecting
- Relocating
- Retiring
- Retaining
- Whether you are moving a whole data center
or just one application to AWS 7Rs help
evaluates the most efficient migration strategy
that align with your business requirements.
-
APPLICATION - Plan migration projects by gathering
DISCOVERY information about on premise data centers.
SERVICE - Server utilization and data mapping are
important for migrations.
- Resulting data can be viewed with AWS
Migration HUB
-
APPLICATION - Lift and shift solution which simplify
MIGRATION migrating applications to AWS.
SERVICE - Converts your physical, virtual and
MGN cloudbased servers to run natively on AWS.
-
DATABASE - Quickly and securely migrate DB to AWS
MIGRATION resilient and self healing.
SERVICE DMS - The source DB remains available during
migration.
 - Supports:
a. Homogeneous migrations: example- oracle
to oracle
b. Heterogeneous migrations: example-
Microsoft SQL server to Aurora

MIGRATION - Central location to collect servers and

HUB applications inventory data for the
assessment, planning, and tracking of
migrations to AWS
- Helps accelerate your migration to AWS,
automate lift-and-shift
- AWS Migration Hub Orchestrator – provides
pre-built templates to save time and effort
migrating enterprise apps
SCHEMA -
CONVERSION
TOOL
SNOW FAMILY - Consists of various physical hardware devices
that enables the transfer of data into AWS
from the edge or beyond the cloud such as
data center.
- Also used to transfer out data of AWS.
- Snowball Edge:
a. Storage Optimized: 80TB of HDD
b. Compute Optimized: 42TB of HDD or 28
gf of NVMe
- Snowcone: 8TB of HDD
Snowcone SSD: 14TB of SSD
- Snowmobile:
a. 100PB of capacity
b. Better than snowball if you transfer more
than 10 PB.

TRANSFER - Fully managed service that allows secure file

FAMILY transfers into and out of AWS storage.
 - Support protocols like FTP, FTPS, SFTP and
AS2.
- Pricing: pay an hourly rate along with fixed
per gigabyte rate.

DECOUPLED - Allows different components to operate

ARCHITECTU independently without being closely tied to
RE each other which means changes to one
component wont affect the other.
EVENTDRIVE - Services are triggered by events that occur
N within the infrastructure.
ARCHITECTU - 3 components: a producer, an event router and
RE consumer.
- The event router between producer and
consumer ensures that each component is
decouple and can operate independently.

SNS - One-to many message distribution model

SIMPLE allowing a single message to be published to
NOTIFICATIO a topic and then pushed to one or more
N SERVICE subscribers.
- Subscribers:
Can be HTTP URL endoints, email address,
AWS Lambda functions or even text message
to phone numbers for clients in over 200
countries.
- Message filtering:
SNS enables topic subscribers to selectively
receive only a subset of the messages that
interest them using a subscription filter policy
in JSON format.

KINESIS DATA - Designed to handle large datasets for data

STREAMS streaming in real time maintaining a copy of
all received data up to 365 days.

SERVERLESS - AWS Lambda

 COMPUTE - Fargate
SERVICES
APPLICATION - SQS
INTEGRATION - SNS
SERVICES - EventBridge: Trigger Lambda functions, send
SQS/SNS messages
- Step Function: visual flowchart or workflow
to orchestrate lambda functions.

SERVERLESS - S3
DATABASE - DynamoDB
SERVICES - RDS Proxy
- Aurora

CLOUDTRAIL - Service designed to record and track events

including API request and non API requests
made within AWS account.3 types of event:
management, data, cloudtrail insight.
- By default it is enabled for all AWS account.
CONFIG - Helps with auditing and recording
compliance of your AWS resources. captures
resources changes.
- Helps record configurations and changes over
time
- Questions that can be solved by AWS Config:
• Is there unrestricted SSH access to my
security groups?
• Do my buckets have any public access?
• How has my ALB configuration changed
over time?
CLOUDWATCH - Global service designed to monitor and
review performance of your resources
providing insights that can trigger automated
responses or manual operational changes.
- Components:
a. Metrics:
Monitors specific elements over time
 b. CloudWatch Dashboards:
Build and customize dashboards with
different visuals widgets.
c. Anomaly detection:
Helps detect abnormal activity.
d. Alarms:
Implement automatic actions based on
specific thresholds
e. EventBridge:
Real time monitoring and event driven
architecture.
f. Logs:
Centralises log data from various AWS
services
g. Insights:
Ability to analyse and visualize log data,
container metrics and lambda metrics.

AWS - Need for multiple AWS accounts becomes

ORGANIZATIO apparent.
N - Beneficial: cost optimization, security,
governance, workload management
- Master account that manages multiple
accounts from one single AWS ccount.

SCP - Set a boundary of permissions for AWS

SERVICE account.
CONTROL - SCP do not grant permission themselves like
POLICIES identity-based and resource-based policies.
- Need to enable them from root account.
- Do not affect identity-based and resource-
based policies only affect principals managed
by your accounts in the org.
CONTROL - Service that offers larger and more controlled
TOWER method of creating, distributing, managing
and auditing multiple accounts.
- Simplifies the process of setting up multi
 account architecture that follows security and
compliance best practices.

ARTIFACT - Self service portal that provides immediate

access to AWS security and compliance
reports.
- AWS: underlying security
- Customer: system and application security in
the cloud.

TRUSTED - Service that provides recommendations to

ADVISOR optimize AWS environment based on best
practices.
- 5 categories: cost optimization, performance,
security fault tolerance and service limits.
- Accessible to all: Notifications, Exclude
items, Action links, Access management.

WAF - Delivering web content through CloudFront

distributions, API Gateway, REST APIs, ALB
or AWS AppSync GraphQl APIs. Gives
additional security layer.
- Components: ACLs, Rules and Rules Groups.

INSPECTOR - Offers a knowledge base with 100s of rules

mapped to common security compliance
standards and vulnerabilities definitions.
- Rules regulated by AWS security experts.
- Aloso install agent in OS of EC2 instance to
monitor behavior.

MACIE - Macie helps identify and alert you to sensitive

data, such as personally identifiable
information PII, credit card numbers, API
keys.
- Fully managed data security and data privacy
service that uses machine learning and pattern
 matching to discover and protect your
sensitive data in AWS.

TCO - Total cost of ownership, Its total cost over

time – key aspect of cost savings
- Companies have seen 50 percent reduction in
TCO

COST - Find in billing dashboard

EXPLORER - Visualize usage patterns overtime, identify
underlying cost drivers and detect anomalies.

COST AND - Capture AWS billing data

USAGE - Track monthly AWS costs and usage
REPORT associalted with your account.
- Store report files in S3 buckets update report
automatically

REKOGNITIO - Face detection, labeling, celebrity recognition

N
TRANSCRIBE - Audio to text

POLLY - Text to audio

TRANSLATE - Language Translations

LEX - Build conversational bots – chatbots,

Automatic speech Recognition

CONNECT - Cloud contact center, receives calls, create

contact flow

COMPREHEND - Natural language processing NLP, serverless

SAGEMAKER - Build ML models for every developer and

data scientist
 FORECAST - Built highly accurate forecasts, 50% more
accurate

KENDRA - ML-powered document search engine,

incremental learning

PERSONALIZE - Real time personalized recommendations

TEXTRACT - Detect text and data in documents ( PDFs,

images…)

X-RAY - Distributed tracing system that helps

developers analyse and debug production and
distributed application

CODEDEPLOY - Hybrid.
- Deploy and upgrade any application onto
servers.

SYSTEMS - Hybrid.
MANAGER - Patch, configure and run commands at scale.

SSM SESSION - No SSH access

MANAGER - No Port 22 needed (better security)
- Send session logs to S3 or CloudWatch logs

CODECOMMIT - Store code in private git repository

CODEBUILD - Build and test code in AWS

CODEPIPELIN - Orchestration of CI/CD pipeline (from code

E to build to deploy) different steps to have the
code automatically pushed to production.

CODEARTIFAC - Store software packages or dependencies

 T called artifact management on AWS.

CODESTAR - Unified view for allowing developers to do

CICD and code in one place

CLOUD9 - Cloud IDE with collab

APPSTREAM - Fully managed end-user computing service

2.0 that securely streams application and
provisions virtual desktops to users
worldwide.
- Supports windows and linux.

WORKSPACES - Provides users with persistent virtual

desktops allowing to provision windows,
linux, ubuntu linux desktops
- Robust replacement for traditional desktops
without expensive and labor required to
maintain own VDI solution
- Automatically install packages and updates
during pre-defined maintanence.

DEVICE FARM - Offers flexible testing methods including

tests using build in test or custom scripts and
manual testing with remote access option