Professional Documents
Culture Documents
DOC-20240625-WA0000.
DOC-20240625-WA0000.
Analytics:
Amazon Athena : analyze S3 data
Amazon Opensearch Service: Real-time application monitoring and log analysis, website
search, and more
Simple: Simple DNS response providing the IP address associated with a name
Weighted: Uses the relative weights assigned to resources to determine which to route to
Amazon CloudFront is a content delivery network (CDN) that allows you to store (cache)
your content at “edge locations”
Cloudfront has built in AWS shield for DDoS attack. Also, Global accelerator has AWS
shield
S3
Uses of S3:
Backup and Storage – Provide data backup and storage services for others.
Application Hosting – Provide services that deploy, install, and manage web applications.
Media Hosting – Build a redundant, scalable, and highly available infrastructure that hosts
video, photo, or music uploads and downloads.
Software Delivery – Host your software applications that customers can download.
Static Website – you can configure a static website to run from an S3 bucket.
Storage classes:
S3 One Zone-IA (lower cost for infrequently accessed data with less resilience).
S3 Glacier Instant Retrieval (data that is rarely accessed and requires retrieval in
milliseconds).
S3 Glacier Deep Archive (lowest cost storage class for long term retention).
Lifecycle management – set rules to transfer objects between storage classes at defined
time intervals.
AWS Snowball →Bulk data transfer, edge storage, and edge compute
AWS Snowmobile→A literal shipping container full of storage (up to 100PB) and a truck to
transport it
AWS Snowcone → The smallest device in the range that is best suited for outside the data
center
Instance store: its like internal memory that deletes on EC2 termination
AWS Backup service : Centralized backup management for AWS services and on-premises
data.
Amazon FSx: SMB protocol, Managed file storage for Windows and high-performance
workloads.
AWS Inspector is an automated security assessment service that helps you identify security
vulnerabilities and compliance issues in your AWS resources.
AWS WAF: Web Application Firewall for protecting applications deployed on AWS.
AWS Shield: safeguards applications running on AWS against DDoS attacks. In cloudfront.
AWS Key Management Service (KMS) is AWS's managed service for creating and controlling
encryption keys used to secure your data.
AWS CloudHSM is a managed hardware security module (HSM) service for secure key storage
and cryptographic operations in the cloud.
AWS Certificate Manager (ACM) is a managed service that simplifies the process of
provisioning, managing, and deploying SSL/TLS certificates for your AWS resources and
applications.
Amazon Cognito is a managed service that provides authentication, authorization, and user
management for web and mobile applications. Uses SSO, SAML, gmail, fb login, etc
AWS Systems Manager is a management service that helps you automate operational tasks and
manage your AWS resources efficiently at scale.
AWS Secrets Manager is a managed service that helps you securely store, retrieve, and manage
sensitive information such as API keys, passwords, and database credentials.
AWS Artifact is a centralized repository that provides access to security and compliance reports
AWS Trusted Advisor is an automated service that inspects your AWS environment and
provides recommendations to help optimize security, improve performance, reduce costs, and
maintain reliability
Cost Optimization.
Performance.
Security.
Fault Tolerance.
Service Limits.
• Users.
• Groups.
• Access policies.
• Roles.
• User credentials.
• User password policies.
• Multi-factor authentication (MFA).
• API keys for programmatic access (CLI).
An IAM user is an entity that represents a person or service. User has password, can
have access keys for api, cli, sdk.
An access key ID and secret access key are assigned to IAM users and used for
programmatic access using the API or CLI.
Groups are collections of users and have policies attached to them. Groups can’t be
nested
Policies are documents that define permissions and can be applied to users, groups,
and roles.
A role defines a set of permissions and access policies that determine what actions a
user or AWS service can take. Attached to user.
Overall, roles are used to grant access to specific resources or services, policies are
used to define the permissions for those resources or services, and groups are used
to organize and manage multiple users with similar permissions. Overall, roles,
policies, and groups are all critical components of AWS IAM, each serving a unique
purpose in managing user access to AWS resources.
ROLES == GRANTING THE PERMISSION/ACCESS
POLICY: DEFINING THE PERMISSION/ACCESS
• IAM roles can be used for granting applications running on EC2 instances
permissions to AWS API requests using instance profiles.
• IAM ROLES HAS POLICIES
• You don’t apply the policy to the service, you apply it to the role.
AWS Security Token Service (AWS STS): This service is used for gaining temporary
security credentials.
AWS Global Infrastructure
Each Amazon Region is designed to be completely isolated from the other Amazon Regions.
Availability Zones are physically separate and isolated from each other.
AZs span one or more data centers and have direct, low-latency, high throughput, and redundant
network connections between each other.
AZs are physically separated within a typical metropolitan region and are in lower risk flood
plains
AWS Local Zones place compute, storage, database, and other select AWS services closer to
end-users. There is local zones in boston, new York where there is no regions
AWS Outpost: take aws server to on premise and customer can access aws service like ec2 from
outpost which is in-premise
Amazon RDS is a managed relational database service that simplifies database setup, operation,
and scaling, while providing high availability, durability, and security for your applications.
Amazon Aurora: Amazon database, very fast, supports mysql and postgres SQL
Scalability: only scale up. Can’t scale down (as data lost if scale down)
RDS provides multi-AZ for disaster recovery which provides fault tolerance across availability
zones.
Amazon DynamoDB is a fully managed NoSQL database service. Provides low read and write
latency.
Amazon DynamoDB global tables provides a fully managed solution for deploying a multi-
region, multi-master database.
ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-
compliant server nodes in the cloud.
Amazon EC2 instances can run the Windows, Linux, or MacOS operating systems.
Amazon Machine Image (AMI) is a special type of virtual appliance that is used to create a
virtual machine
Community AMIs – free to use, generally you just select the operating system you want.
AWS Marketplace AMIs – pay to use, generally come packaged with additional, licensed
software.
Amazon LightSail provides developers compute, storage, and networking capacity and
capabilities to deploy and manage websites, web applications, and databases in the cloud.
Amazon LightSail includes everything you need to launch your project quickly – a virtual
machine, SSD-based storage, data transfer, DNS management, and a static IP.
Amazon LightSail provides preconfigured virtual private servers (instances) that include
everything required to deploy and application or create a database.
AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on
AWS
Developers simply upload their application code, and the service automatically handles all the
details such as resource provisioning, load balancing, auto-scaling, and monitoring.
AWS Batch enables developers, scientists, and engineers to run hundreds of thousands of batch
computing jobs easily and efficiently on AWS.
AWS organizations allows you to consolidate multiple AWS accounts into an organization that
you create and centrally manage.
AWS Control Tower
AWS Config is a fully managed service that provides you with an AWS resource inventory,
configuration history, and configuration change notifications to enable security and regulatory
compliance.
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are
approved for use on AWS.
AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is
experiencing events that may impact you
AWS OpsWorks is a configuration management service that provides managed instances of Chef
and Puppet.
Revise pricing:
https://digitalcloud.training/aws-billing-and-pricing/
AWS Cost Explorer is a free tool that allows you to view charts of your costs.
You can view cost data for the past 13 months and forecast how much you are likely to spend
over the next three months
AWS Pricing Calculator is a web-based service that you can use to create cost estimates to suit
your AWS use cases.
AWS Cost & Usage Report: detailed cost and usage report, in S3, cost explorer is UI high level
AWS Budgets
Used to track cost, usage, or coverage and utilization for your Reserved Instances and Savings
Plans, across multiple dimensions, such as service, or Cost Categories.
Alerting through event-driven alert notifications for when actual or forecasted cost or usage
exceeds your budget limit, or when your RI and Savings Plans’ coverage or utilization drops
below your threshold.
Amazon EC2 Auto Scaling automates the process of launching (scaling out) and terminating
(scaling in) Amazon EC2 instances based on the traffic demand for your application.
ELB automatically distributes incoming application traffic across multiple targets, such as
Amazon EC2 instances, containers, and IP addresse
ALB is best suited for load balancing of HTTP and HTTPS traffic and provides advanced
request routing targeted at the delivery of modern application architectures, including
microservices and containers. Layer 7
NLB is best suited for load balancing of TCP traffic where extreme performance is
required.(layer 4)
AWS pillar:
Simple Queue Service (SQS) store and forward patterns Building distributed / decoupled
applications
Simple Notification Service (SNS) Set up, operate, and send notifications from the cloud
Send email notification when CloudWatch alarm is triggered
Step Functions Out-of-the-box coordination of AWS service components with visual workflow
Order processing workflow
Simple Workflow Service (SWF) Need to support external processes or specialized execution
logic Human-enabled workflows like an order fulfilment system or for procedural requests
Amazon MQ Message broker service for Apache Active MQ and RabbitMQ Need a
message queue that supports industry standard APIs and protocols; migrate queues to AWS
AWS Rekognition: Identify objects, people, text, scenes, and activities in images and videos.
Amazon SageMaker : Helps data scientists and developers to prepare, build, train, and deploy
high-quality machine learning (ML) models
AWS CodeStar provides a unified user interface, enabling you to easily manage your
software development activities in one place
AWS CodeCommit is a fully managed source control service that hosts secure Git-based
repositories.
AWS CodeBuild is a fully managed continuous integration service that compiles source
code, runs tests, and produces software packages that are ready to deploy.