AWS Notes Last minutes:

Analytics:
Amazon Athena : analyze S3 data

Amazon EMR: Elastic Map reduce, Hadoop, big data

Amazon CloudSearch: Full-text search for websites or applications.

Amazon Opensearch Service: Real-time application monitoring and log analysis, website
search, and more

Amazon Kinesis : analyze real-time, streaming data

Amazon QuickSight : Quick visualization of business data

AWS Glue : Fully managed ETL (Extract, transform, load)

Amazon MSK : Managed Kafka

Amazon Redshift: data warehouse

AWS Monitoring and Logging Services

Cloudwatch: Monitoring and observability for AWS resources and applications.

CloudWatch is for performance monitoring (CloudTrail is for auditing).

Cloudtrail: Governance and compliance auditing for AWS account activity.

Cloudtrail: user activity, api calls and details of api calls

AWS Content Delivery and DNS Services

Amazon Route 53 is the AWS Domain Name Service.

Route 53 Routing Policies:

Simple: Simple DNS response providing the IP address associated with a name

Failover: If primary is down (based on health checks), routes to secondary destination

Geolocation: Uses geographic location you’re in (e.g. Europe) to route you to the closest
region

Geoproximity : Routes you to the closest region within a geographic area

Latency: Directs you based on the lowest latency route to resources

Weighted: Uses the relative weights assigned to resources to determine which to route to

Amazon CloudFront is a content delivery network (CDN) that allows you to store (cache)
your content at “edge locations”

Cloudfront has built in AWS shield for DDoS attack. Also, Global accelerator has AWS
shield

S3

Uses of S3:

Backup and Storage – Provide data backup and storage services for others.

Application Hosting – Provide services that deploy, install, and manage web applications.

Media Hosting – Build a redundant, scalable, and highly available infrastructure that hosts
video, photo, or music uploads and downloads.

Software Delivery – Host your software applications that customers can download.

Static Website – you can configure a static website to run from an S3 bucket.

S3 has unlimited storage

Storage classes:

S3 Standard (durable, immediately available, frequently accessed).

S3 Intelligent-Tiering (automatically moves data to the most cost-effective tier).

S3 Standard-IA (durable, immediately available, infrequently accessed).

S3 One Zone-IA (lower cost for infrequently accessed data with less resilience).
S3 Glacier Instant Retrieval (data that is rarely accessed and requires retrieval in
milliseconds).

S3 Glacier Flexible Retrieval (archived data, retrieval times in minutes or hours).

S3 Glacier Deep Archive (lowest cost storage class for long term retention).

Lifecycle management – set rules to transfer objects between storage classes at defined
time intervals.

Encryption can be enabled for bucket.

Data is secured using ACLs and bucket policies.

AWS Snowball →Bulk data transfer, edge storage, and edge compute

AWS Snowmobile→A literal shipping container full of storage (up to 100PB) and a truck to
transport it

AWS Snowcone → The smallest device in the range that is best suited for outside the data
center

EBS: block storage volumes for use with Amazon EC2

Available in 1 Availability zone, snapshot to move to different AZ

Attach to 1 EC2 instance

Both root and additional volume can be encrypted.

Root volume by default is deleted on termination. We must click don’t delete on

termination

EBS is like pen drive that goes into EC2.

We should reserve the volume in Gb. It is not elastic.

Instance store: its like internal memory that deletes on EC2 termination

Ephemeral: Data is lost when ec2 is terminated

Used for temporary storage

EFS: it is NFS based file storage

It is elastic, grows and shrinks

Can attach to 1000s of EC2 in multiple AZs inside the region

Can be accessed from in-premise using DIRECT CONNECT

AWS Storage Gateway: Hybrid cloud storage service. On-premise to cloud

AWS Backup service : Centralized backup management for AWS services and on-premises
data.

Amazon FSx: SMB protocol, Managed file storage for Windows and high-performance
workloads.

AWS Security Services

AWS Artifact: Compliance and audit document repository for AWS.

Amazon GuardDuty: Threat detection and continuous security monitoring.

AWS Inspector is an automated security assessment service that helps you identify security
vulnerabilities and compliance issues in your AWS resources.

AWS WAF: Web Application Firewall for protecting applications deployed on AWS.

AWS Shield: safeguards applications running on AWS against DDoS attacks. In cloudfront.

AWS Key Management Service (KMS) is AWS's managed service for creating and controlling
encryption keys used to secure your data.

AWS CloudHSM is a managed hardware security module (HSM) service for secure key storage
and cryptographic operations in the cloud.

AWS Certificate Manager (ACM) is a managed service that simplifies the process of
provisioning, managing, and deploying SSL/TLS certificates for your AWS resources and
applications.
Amazon Cognito is a managed service that provides authentication, authorization, and user
management for web and mobile applications. Uses SSO, SAML, gmail, fb login, etc

AWS Directory Services: Microsoft Active directory

AWS Systems Manager is a management service that helps you automate operational tasks and
manage your AWS resources efficiently at scale.

AWS Secrets Manager is a managed service that helps you securely store, retrieve, and manage
sensitive information such as API keys, passwords, and database credentials.

AWS Artifact is a centralized repository that provides access to security and compliance reports

AWS Trusted Advisor is an automated service that inspects your AWS environment and
provides recommendations to help optimize security, improve performance, reduce costs, and
maintain reliability

Trusted Advisor provides:

Cost Optimization.

Performance.

Security.

Fault Tolerance.

Service Limits.

Core Check: 7 core checks (Basic, and developer)

Full check (Business and above)

AWS Identity and Access Management (IAM)

IAM can be used to manage:

• Users.
• Groups.
• Access policies.
• Roles.
 • User credentials.
• User password policies.
• Multi-factor authentication (MFA).
• API keys for programmatic access (CLI).

An IAM user is an entity that represents a person or service. User has password, can
have access keys for api, cli, sdk.

An access key ID and secret access key are assigned to IAM users and used for
programmatic access using the API or CLI.

Groups are collections of users and have policies attached to them. Groups can’t be
nested

Policies are documents that define permissions and can be applied to users, groups,
and roles.
A role defines a set of permissions and access policies that determine what actions a
user or AWS service can take. Attached to user.
Overall, roles are used to grant access to specific resources or services, policies are
used to define the permissions for those resources or services, and groups are used
to organize and manage multiple users with similar permissions. Overall, roles,
policies, and groups are all critical components of AWS IAM, each serving a unique
purpose in managing user access to AWS resources.
ROLES == GRANTING THE PERMISSION/ACCESS
POLICY: DEFINING THE PERMISSION/ACCESS

• IAM roles can be used for granting applications running on EC2 instances
permissions to AWS API requests using instance profiles.
• IAM ROLES HAS POLICIES
• You don’t apply the policy to the service, you apply it to the role.

AWS Security Token Service (AWS STS): This service is used for gaining temporary
security credentials.
AWS Global Infrastructure

A region is a geographical area. Each region consists of 3 or more availability zones.

Each Amazon Region is designed to be completely isolated from the other Amazon Regions.

Availability Zones are physically separate and isolated from each other.

AZs span one or more data centers and have direct, low-latency, high throughput, and redundant
network connections between each other.

Each AZ is designed as an independent failure zone.

AZs are physically separated within a typical metropolitan region and are in lower risk flood
plains

AWS Local Zones place compute, storage, database, and other select AWS services closer to
end-users. There is local zones in boston, new York where there is no regions

AWS Outpost: take aws server to on premise and customer can access aws service like ec2 from
outpost which is in-premise

AWS Database Services

We can deploy database in EC2 if we need access to OS, With RDS, we don’t have access to OS.

Amazon RDS is a managed relational database service that simplifies database setup, operation,
and scaling, while providing high availability, durability, and security for your applications.

Amazon Aurora: Amazon database, very fast, supports mysql and postgres SQL

Scalability: only scale up. Can’t scale down (as data lost if scale down)

AWS Charge for RDS:

 • DB instance hours (partial hours are charged as full hours).
• Storage GB/month.
• I/O requests/month – for magnetic storage.
• Provisioned IOPS/month – for RDS provisioned IOPS SSD.
• Egress data transfer.
• Backup storage (DB backups and manual snapshots).

RDS provides multi-AZ for disaster recovery which provides fault tolerance across availability
zones.

Read Replicas – provide improved performance for reads

Amazon DynamoDB is a fully managed NoSQL database service. Provides low read and write
latency.

Amazon DynamoDB global tables provides a fully managed solution for deploying a multi-
region, multi-master database.

Amazon RedShift: Data warehouse

ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-
compliant server nodes in the cloud.

Memory DB: for redis/cache

Amazon EC2 instances can run the Windows, Linux, or MacOS operating systems.

Amazon Machine Image (AMI) is a special type of virtual appliance that is used to create a
virtual machine

AMIs come in three main categories:

Community AMIs – free to use, generally you just select the operating system you want.

AWS Marketplace AMIs – pay to use, generally come packaged with additional, licensed
software.

My AMIs – AMIs that you create yourself.

AWS Lambda is a serverless computing technology

Amazon LightSail provides developers compute, storage, and networking capacity and
capabilities to deploy and manage websites, web applications, and databases in the cloud.

Amazon LightSail includes everything you need to launch your project quickly – a virtual
machine, SSD-based storage, data transfer, DNS management, and a static IP.

Amazon LightSail provides preconfigured virtual private servers (instances) that include
everything required to deploy and application or create a database.

AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on
AWS

Developers simply upload their application code, and the service automatically handles all the
details such as resource provisioning, load balancing, auto-scaling, and monitoring.

AWS Batch enables developers, scientists, and engineers to run hundreds of thousands of batch
computing jobs easily and efficiently on AWS.

AWS organizations allows you to consolidate multiple AWS accounts into an organization that
you create and centrally manage.
AWS Control Tower

Simplifies the process of creating multi-account environments.

Sets up governance, compliance, and security guardrails for you.

AWS Config is a fully managed service that provides you with an AWS resource inventory,
configuration history, and configuration change notifications to enable security and regulatory
compliance.

AWS Service Catalog allows organizations to create and manage catalogs of IT services that are
approved for use on AWS.

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is
experiencing events that may impact you

Service Health Dashboard : AWS publishes up-to-the-minute information on service availability.

AWS OpsWorks is a configuration management service that provides managed instances of Chef
and Puppet.

AWS CloudFormation: Infrastructure as code

Revise pricing:

https://digitalcloud.training/aws-billing-and-pricing/

AWS Cost Explorer is a free tool that allows you to view charts of your costs.

You can view cost data for the past 13 months and forecast how much you are likely to spend
over the next three months

AWS Pricing Calculator is a web-based service that you can use to create cost estimates to suit
your AWS use cases.

AWS Cost & Usage Report: detailed cost and usage report, in S3, cost explorer is UI high level

AWS Budgets
Used to track cost, usage, or coverage and utilization for your Reserved Instances and Savings
Plans, across multiple dimensions, such as service, or Cost Categories.
Alerting through event-driven alert notifications for when actual or forecasted cost or usage
exceeds your budget limit, or when your RI and Savings Plans’ coverage or utilization drops
below your threshold.

Auto Scaling: only for EC2

Amazon EC2 Auto Scaling automates the process of launching (scaling out) and terminating
(scaling in) Amazon EC2 instances based on the traffic demand for your application.

ELB automatically distributes incoming application traffic across multiple targets, such as
Amazon EC2 instances, containers, and IP addresse

ALB is best suited for load balancing of HTTP and HTTPS traffic and provides advanced
request routing targeted at the delivery of modern application architectures, including
microservices and containers. Layer 7

NLB is best suited for load balancing of TCP traffic where extreme performance is
required.(layer 4)

AWS pillar:

1. Operational Excellence: Operational Excellence focuses on running and monitoring

systems to deliver business value and continually improving processes and procedures.
Key considerations include automation, documentation, incident response, and
performance efficiency.
2. Security: Security pillar emphasizes the importance of protecting data, systems, and
assets. It involves implementing best practices for identity and access management
(IAM), data protection, detective controls, infrastructure protection, and incident
response.
3. Reliability: Reliability pillar ensures a system can recover from failures and meet its
required uptime. This includes designing for fault tolerance, monitoring, scaling, and
implementing disaster recovery strategies to minimize downtime and ensure business
continuity.
4. Performance Efficiency: Performance Efficiency focuses on using computing resources
efficiently to meet system requirements and maintain efficiency as demand changes and
technologies evolve. This includes selecting the right resource types and sizes,
monitoring performance, and optimizing performance as needed.
 5. Cost Optimization: Cost Optimization involves avoiding unnecessary costs and
optimizing spending to maximize the value delivered to stakeholders. This includes
understanding and controlling where money is being spent, selecting the most appropriate
and cost-effective resources, and scaling to meet business needs without overspending.

Application Integration/ Loose coupling services

Simple Queue Service (SQS) store and forward patterns Building distributed / decoupled
applications

Simple Notification Service (SNS) Set up, operate, and send notifications from the cloud
Send email notification when CloudWatch alarm is triggered

Step Functions Out-of-the-box coordination of AWS service components with visual workflow
Order processing workflow

Simple Workflow Service (SWF) Need to support external processes or specialized execution
logic Human-enabled workflows like an order fulfilment system or for procedural requests

Amazon MQ Message broker service for Apache Active MQ and RabbitMQ Need a
message queue that supports industry standard APIs and protocols; migrate queues to AWS

AI/ Machine learning:

AWS Rekognition: Identify objects, people, text, scenes, and activities in images and videos.

Amazon Transcribe: Add speech to text capabilities to applications.

Amazon Translate: language translation

Amazon Textract: Automatically extract printed text

Amazon SageMaker : Helps data scientists and developers to prepare, build, train, and deploy
high-quality machine learning (ML) models

Amazon Comprehend: Natural-language processing (NLP) service.

Amazon Lex: Conversational AI for Chatbots.

Amazon Polly : Turns text into lifelike speech.

Amazon Forecast : Time-series forecasting service.

Amazon Neptune: Graph database

AWS CodeStar provides a unified user interface, enabling you to easily manage your
software development activities in one place

AWS CodeCommit is a fully managed source control service that hosts secure Git-based
repositories.

AWS CodeBuild is a fully managed continuous integration service that compiles source
code, runs tests, and produces software packages that are ready to deploy.

AWS CodeDeploy is a fully managed deployment service that automates software

deployments

AWS CodePipeline is a fully managed continuous delivery service

AWS X-Ray helps developers analyze and debug production