0% found this document useful (0 votes)
70 views57 pages

AWS Services List and CLF02 Content - Services and Usage-1

The document provides a comprehensive list of AWS services categorized by their functionalities, including analytics, application integration, business applications, cloud financial management, compute, containers, customer engagement, and support. Each service is described with its usage, features, and benefits, showcasing how they facilitate data processing, application deployment, customer service, and cost management. Key services highlighted include Amazon Athena, AWS Glue, Amazon Kinesis, Amazon EC2, and AWS Support, among others.

Uploaded by

vrjoger
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
70 views57 pages

AWS Services List and CLF02 Content - Services and Usage-1

The document provides a comprehensive list of AWS services categorized by their functionalities, including analytics, application integration, business applications, cloud financial management, compute, containers, customer engagement, and support. Each service is described with its usage, features, and benefits, showcasing how they facilitate data processing, application deployment, customer service, and cost management. Key services highlighted include Amazon Athena, AWS Glue, Amazon Kinesis, Amazon EC2, and AWS Support, among others.

Uploaded by

vrjoger
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 57

AWS Services List and Usage

Categary Service name Usage Features, Work


Serverless: No infrastructure to set up or manage
Auto-scaling: Automatically scales to accommodate any data size
Cost-effective: Users are charged for the queries they run
Supports multiple data sources: Can analyze data from S3 and other cloud systems, including on-
Amazon Athena is a serverless query service that allows users to analyze premises data sources
data in Amazon Simple Storage Service (S3) using SQL. It's a tool for quick Supports multiple data types: Can process structured, semi-structured, and unstructured datasets
1 Analytics AWS Athena data exploration and in-depth analysis Built on Presto: Built on the open-source distributed SQL query engine Presto
What it does

Runs big data frameworks like Apache Spark and Apache Hadoop
Processes data for analytics and business intelligence
Moves data into and out of other AWS data stores and databases
Automates tasks like provisioning capacity and tuning clusters

How it works

Uses open-source tools like Apache Hive, Apache Flink, and Apache HBase
Amazon EMR (Elastic MapReduce) is a cloud-based platform that allows Processes data across a Hadoop cluster of virtual servers on Amazon Elastic Compute Cloud (EC2) and
users to process and analyze large amounts of data. It's a tool from Amazon Amazon Simple Storage Service (S3)
AWS EMR Web Services (AWS). Allows users to increase or reduce resources based on their needs
AWS Data Exchange makes it easy to find, subscribe to, and use third-party
AWS Data exchange data in the cloud.

Features:

Data catalog: A central repository for data that can be read using the AWS console or API.
ETL engine: Automatically generates Python code to extract, transform, and load data
Scheduler: Handles job monitoring, dependency resolution, and retries
AWS Glue is a serverless data integration service that helps users prepare, Custom visual transforms: Allows users to define, reuse, and share ETL logic
move, and integrate data from multiple sources. It's used for analytics, Pay-as-you-go billing: Scales for any data size without the need to manage infrastructure
AWS Glue machine learning, and application development. Open-source: Uses Deequ, an open-source framework built by Amazon

What it does

Captures, processes, and stores large amounts of data


Allows users to ingest large volumes of data per second from thousands of sources
Provides a way to process and analyze data almost immediately
Allows users to build applications that can consume and process data from multiple sources
simultaneously
What it's used for Video playback, Security monitoring, Face detection, Machine learning (ML), and Other
analytics.
How it works

Amazon Kinesis is a cloud-based service that processes and analyzes large Acts as a middleman between data generating sources and other applications or services
amounts of streaming data in real time. It's a family of services that allows
developers to build applications that can consume data from multiple sources Stores data in shards within data streams
Amazon Kinesis at once Allows users to replay and consume data as needed during the retention period
Amazon Managed Streaming for Apache Kafka (Amazon MSK) is a
streaming data service that manages Apache Kafka infrastructure and
operations, making it easier for developers and DevOps managers to run
Apache Kafka applications and Apache Kafka Connect connectors on
AWS—without becoming experts in operating Apache Kafka. Amazon MSK
operates, maintains, and scales Apache Kafka clusters, provides enterprise-
grade security features out of the box, and has built-in AWS integrations that
Amazon MSK accelerate development of streaming data applications.
Amazon OpenSearch Service (OpenSearch Service) makes it easy to
deploy, secure, operate, and
scale OpenSearch to search, analyze, and visualize data in real-time. With
Amazon OpenSearch
Service, you get easy-to-use APIs and real-time analytics capabilities to
power use-cases such as
log analytics, full-text search, application monitoring, and clickstream
analytics, with enterprise-
Amazon Opensearch service grade availability, scalability, and security.
Amazon QuickSight is a fast, cloud-powered business intelligence (BI)
service that makes it easy
for you to deliver insights to everyone in your organization. QuickSight lets
you create and publish
interactive dashboards that can be accessed from browsers or mobile
AWS quicksight devices.
Amazon Redshift is the most widely used cloud data warehouse. It makes it
fast, simple and cost-
effective to analyze all your data using standard SQL and your existing
Business Intelligence (BI)
tools. It allows you to run complex analytic queries against terabytes to
petabytes of structured
and semi-structured data, using sophisticated query optimization, columnar
storage on high-
AWS Redshift performance storage, and massively parallel query completion.

Amazon EventBridge is a serverless event bus that makes it easier to build


event-driven
applications at scale using events generated from your applications,
integrated Software-as-
a-Service (SaaS) applications, and AWS services. EventBridge delivers a
stream of real-time
data from event sources such as Zendesk or Shopify to targets such as AWS
Application Lambda and other
2 Integration Amazon EventBridge SaaS applications
Amazon Simple Notification Service (Amazon SNS) is a highly available,
durable, secure, fully
managed pub/sub messaging service that enables you to decouple
microservices, distributed
Amazon SNS systems, and serverless applications
Amazon Simple Queue Service (Amazon SQS) is a fully managed message
queuing service that
enables you to decouple and scale microservices, distributed systems, and
serverless applications.
SQS eliminates the complexity and overhead associated with managing and
operating message
oriented middleware, and empowers developers to focus on differentiating
work. Using Amazon
SQS, you can send, store, and receive messages between software
components at any volume,
Amzon SQS without losing messages or requiring other services to be available.
AWS Step Functions is a fully managed service that makes it easy to
coordinate the components
of distributed applications and microservices using visual workflows. Building
applications from
individual components that each perform a discrete function lets you scale
easily and change
applications quickly. Step Functions is a reliable way to coordinate
components and step through
the functions of your application. Step Functions provides a graphical
console to arrange and
AWS step function visualize the components of your application as a series of steps

Features

Real-time and asynchronous communication: Customers and agents can interact through chat, SMS,
and messaging

Toll-free and direct call numbers: Users can host both types of phone numbers in a single instance
AI-powered customer interactions: Amazon Connect uses AI to help with customer interactions
Task automation: Managers can use workflows to automate tasks that don't require agent interaction
Amazon Connect is a self-service, omnichannel cloud contact center service Integration with core systems: Amazon Connect can integrate with other core systems
that makes it easy
for any business to deliver better customer service at lower cost. Amazon Benefits
Connect is based on
the same contact center technology used by Amazon customer service Cost-effective: Amazon Connect offers pay-as-you-go pricing
associates around the Scalable: Amazon Connect is tailored for scalability
Business world to power millions of customer conversations. It provides tools for Security and compliance: Amazon Connect offers uncompromising security and compliance
Application setting up and running a contact center, including chat, SMS, and messaging Data-driven insights: Amazon Connect provides data-driven insights
3 s Amazon Connect capabilities. Continuous updates: Amazon Connect is continuously updated and innovated
Amazon Simple Email Service (Amazon SES) is a cost-effective, flexible,
and scalable email service
that enables developers to send mail from within any application. You can
configure Amazon
SES quickly to support several email use cases, including transactional,
marketing, or mass email
Amazon SES communications.
AWS Billing Conductor is a fully managed service that can support the
showback and chargeback
workflows of AWS Solution Providers and Enterprise customers. Using AWS
Billing Conductor, you
can customize your monthly billing data. The console models the billing
Cloud relationship between you
Financial and your customers or business units. You can also customize a pro forma
Managemen version of your billing
4 t AWS Billing Conductor data each month to accurately show or charge back your customers.
AWS Budgets gives you the ability to set custom budgets that alert you when
your costs or usage
exceed (or are forecasted to exceed) your budgeted amount. You can also
use AWS Budgets to set
RI utilization or coverage targets and receive alerts when your utilization
drops below the threshold
you define. RI alerts support Amazon EC2, Amazon RDS, Amazon Redshift,
and Amazon ElastiCache
AWS Budgets reservations.
The AWS Cost and Usage Report is a single location for accessing
comprehensive information
about your AWS costs and usage.
The AWS Cost and Usage Report lists AWS usage for each service category
used by an account
and its IAM users in hourly or daily line items, as well as any tags that you
have activated for cost
allocation purposes. You can also customize the AWS Cost and Usage
Report to aggregate your
AWS Cost and Usage Report usage data to the daily or monthly level.
AWS Cost Explorer has an easy-to-use interface that lets you visualize,
understand, and manage your AWS costs and usage over time. Get started
quickly by creating custom reports that analyze cost and usage data.
Analyze your data at a high level (for example, total costs and usage across
all accounts), or dive deeper into your cost and usage data to identify trends,
AWS Cost Explorer pinpoint cost drivers, and detect anomalies.
AWS Marketplace is a curated digital storefront helping companies of all
sizes find, try, buy, deploy, and manage solutions from AWS Partners.
Speed up product evaluation, improve governance, enhance cost
transparency, and reduce SaaS sprawl with centralized billing and
AWS Marketplace management on AWS.

AWS Batch enables developers, scientists, and engineers to easily and


efficiently run hundreds
of thousands of batch computing jobs on AWS. AWS Batch dynamically
provisions the optimal
quantity and type of compute resources (such as CPU or memory-optimized
instances) based
on the volume and specific resource requirements of the batch jobs
submitted. AWS Batch
plans, schedules, and runs your batch computing workloads across the full
range of AWS compute
5 Compute AWS Batch services and features, such as Amazon EC2 and Spot Instances
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that
provides secure, resizable
compute capacity in the cloud. It is designed to make web-scale computing
Amazon EC2 easier for developers.
AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling
web applications and
services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and
Docker on familiar servers
such as Apache, Nginx, Passenger, and Internet Information Services (IIS).
You can simply upload your code, and AWS Elastic Beanstalk automatically
handles the
deployment, from capacity provisioning, load balancing, and auto scaling to
application health
monitoring. At the same time, you retain full control over the AWS resources
powering your
Amazon elastic Beanstalk application and can access the underlying resources at any time.
Amazon Lightsail is designed to be the easiest way to launch and manage a
virtual private server
with AWS. Lightsail plans include everything you need to jumpstart your
project – a VM, SSD-based
storage, data transfer, DNS management, and a static IP address – for a
AWS Lightsail low, predictable price.

Run applications that require single-digit millisecond latency or local data


processing by bringing AWS infrastructure closer to your end users and
business centers. Meet data residency requirements for regulatory and
Amazon Local zone compliance-sensitive workloads.
AWS Outposts is a family of fully managed solutions delivering AWS
infrastructure and services to virtually any on-premises or edge location for a
truly consistent hybrid experience. With AWS Outposts, you can run some
AWS services locally and connect to a broad range of services available in
the local AWS Region. Run applications and workloads on premises using
familiar AWS services, tools, and APIs. Outposts supports workloads and
devices requiring low latency access to on-premises systems, local data
processing, data residency, and application migration with local system
AWS Outpost interdependencies.
AWS Wavelength helps you build and deploy applications that meet your
data residency, security, and low-latency requirements leveraging AWS
services and APIs for digital transformation and using familiar tools for
automation, deployments, security, and operational consistency enabling you
to support telecom, finance, public sector, healthcare, and gaming use
AWS Wavelength cases.

Amazon Elastic Container Registry (Amazon ECR) is a fully managed


Docker container registry that
Amazon Elastic Container makes it easy for developers to store, manage, and deploy Docker container
6 Containers Registry (Amazon ECR) images.
Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-
performance container
orchestration service that supports Docker containers and allows you to
easily run and scale
containerized applications on AWS. Amazon ECS eliminates the need for
you to install and operate
your own container orchestration software, manage and scale a cluster of
Amazon Elastic Container virtual machines (VMs),
Service (Amazon ECS) or schedule containers on those VMs
Amazon Elastic Kubernetes Service (Amazon EKS) makes it easy to deploy,
manage, and scale
containerized applications using Kubernetes on AWS.
Amazon EKS runs the Kubernetes management infrastructure for you across
multiple AWS
Availability Zones to eliminate a single point of failure. Amazon EKS is
certified Kubernetes
conformant so you can use existing tooling and plugins from partners and the
Kubernetes
community. Applications running on any standard Kubernetes environment
Amazon Elastic Kubernetes are fully compatible
Service (Amazon EKS) and can be easily migrated to Amazon EKS.

AWS Activate is a free program that helps startups get started on AWS and
grow their business. It provides startups with:

AWS credits: Up to $100,000 in credits to use on AWS services

Technical support: Expert advice and guidance on architecture and technical


issues
Training: Resources and training to help startups build and launch their
products
Discounts: Special deals on services, tools, memberships, and free products
Pre-made templates: Templates to help startups build new infrastructure
Customer quickly
Engagemen Access to the AWS Activate Console: A place to find information and
7 t AWS Activate for Startups support, including guidance and details about AWS credits
AWS IQ connects you to AWS Certified experts for hands-on help for your
AWS projects. You create a request and choose from experts who respond.
Before you agree to any payments, compare and chat with experts about
your project. After you agree to an expert's proposal including project
AWS IQ milestones, maximum payment, and terms, the expert can get started.
AWS Managed Services (AMS) helps you operate AWS more efficiently and
securely. Leveraging AWS services and a growing library of automations,
configurations, and run books, AMS can augment and optimize your
AWS Managed Services (AMS) operational capabilities in both new and existing AWS environments.
What does AWS Support offer?

Technical support: One-on-one support from experienced engineers for technical issues and operational
problems

Proactive planning: Help with planning and communications to help customers achieve their business
goals
Best practices: Guidance on best practices for using AWS products and services
Troubleshooting: Help with troubleshooting issues
Workload reviews: Reviews of cloud operations to help customers optimize costs and scale workloads
AWS Trusted Advisor: Checks for security gaps, service limits, and other issues to help customers
improve performance and save money

What are the AWS Support plans?

Basic Support: Free access to the Resource Center, Service Health Dashboard, Product FAQs, and
Discussion Forums

Developer: Support via email Monday through Friday


Amazon Web Services (AWS) Support is a service that provides technical Business: Support 24/7 via phone, chat, and email
assistance and guidance for using AWS cloud products and features. AWS Enterprise On-Ramp: Support 24/7 via phone, chat, and email
AWS Support Support offers a variety of plans to meet different needs. Enterprise: Support 24/7 via phone, chat, and email, plus proactive services

Features:

Compatibility
Aurora is compatible with MySQL and PostgreSQL, so existing applications and tools can run without
modification

Storage engine
Aurora's storage engine is distributed across multiple AWS Availability Zones (AZs)
Global database
Amazon Aurora is a relational database service from Amazon Web Services Aurora Global Database can span multiple AWS Regions, allowing for disaster recovery
(AWS) that combines the speed of commercial databases with the cost- Serverless
effectiveness of open-source databases. It's available as part of the Amazon Aurora DSQL is a serverless distributed SQL database with high availability and no infrastructure
8 Database AWS Aurora Relational Database Service (RDS). management
Features:

Scalability: DynamoDB scales to zero and has limitless scalability


Performance: DynamoDB offers single-digit millisecond performance
Availability: DynamoDB offers up to 99.999% availability
Security: DynamoDB offers a broad set of security controls and compliance standards
Reliability: DynamoDB offers managed backups, point-in-time recovery, and more
Flexibility: DynamoDB is flexible and easy for users to get started
Low cost: DynamoDB is affordable for users as they start and grow

Benefits:

Amazon DynamoDB is a fully managed, serverless, NoSQL database DynamoDB allows customers to offload administrative burdens to AWS
service from Amazon Web Services (AWS). It's designed to support high- DynamoDB allows customers to develop modern applications at any scale
Amazon Dynamo DB performance applications at any scale. DynamoDB allows customers to pay only for what they use
Features

Microsecond read latency


Achieves microsecond read latency and single-digit millisecond write latency
Multi-AZ durability
Stores data across multiple Availability Zones for fast failovers, database recovery, and node restarts
High throughput
Enables high throughput for applications that require low latency and high scalability
Flexible data structures and APIs
Uses Redis's flexible data structures and APIs to make development agile and easy

Use cases

Amazon MemoryDB for Redis is a fully managed, in-memory database Building high-performance applications for microservices architectures
service that's compatible with Redis OSS. It's designed to provide high Building applications that require low latency, high throughput, and durability
Amazon MemoryDB for Redis performance, durability, and scalability for modern applications. Building applications that require microsecond read and single-digit millisecond write performance

Features:

Graph database engine: A high-performance engine that can store billions of relationships and query
them quickly

Graph analytics database engine: Analyzes large amounts of graph data to find trends and insights
Graph machine learning (ML): Uses the Deep Graph Library (DGL) to automatically train and choose the
best ML model for a workload
Visualization tools: Helps users visualize graph data
Built-in security: Includes continuous backups and the ability to encrypt data at rest
Scalability: Supports fast-failover, point-in-time recovery, and Multi-AZ deployments

Use cases:
recommendation engines, fraud detection, knowledge graphs, drug discovery, network security, and social
Amazon Neptune is a fully managed graph database service from Amazon networking.
Web Services (AWS). It's designed to help users work with graph data, such Query languages: Gremlin, openCypher, and SPARQL.
Amazon Neptune as relationships between datasets Compatibility: HIPAA eligible, PCI compliance, and ISO certification
Features

Scalability
Users can scale the compute resources or storage capacity of their database instance

Replication
Users can use replication to improve data durability, enhance database availability, or scale beyond the
capacity of a single database instance
Automated backups
Users can specify the time and duration of the backup process, and choose how long to retain backups
Automated patching
Users can maintain the database's high performance, reliability, and security
Cost-efficient
Users only pay for the resources they use, with no upfront investments required

Supported databases

RDS for PostgreSQL


RDS for MySQL
Amazon Relational Database Service (RDS) is a managed database service RDS for MariaDB
that allows users to set up, operate, and scale relational databases in the RDS for SQL Server
cloud. It automates many database management tasks, such as backing up, RDS for Oracle
Amazon RDS patching, and provisioning. RDS for Db2

Key points about AWS AppConfig:

Centralized configuration management:


Store and manage application configurations in a single place, separate from your application code.

Feature flag management:


Easily control feature rollout by using feature flags within your configuration.
AWS AppConfig is a service within AWS Systems Manager that enables Validation and monitoring:
users to centrally manage and deploy application configurations across Validate configuration changes before deployment using JSON schema or custom Lambda functions, and
different environments, allowing for safe and controlled updates to feature set up CloudWatch alarms to monitor deployments for potential issues.
flags and settings within applications without requiring code re-deployment, Controlled deployment:
all while providing validation checks and monitoring capabilities to ensure Deploy configuration updates gradually to different environments or subsets of users to minimize risks.
smooth deployment processes; essentially, it helps you manage application Integration with other AWS services:
Developer configurations at scale by providing a central location to store and distribute Access configuration data from various AWS services like EC2 instances, Lambda functions, containers,
9 Tools AWS appconfig configuration data to your applications across various environments. and IoT devices.

Features

Automate tasks: Run scripts to automate tasks across your AWS resources

Access AWS services: Use the CLI to perform the same functions you can do through the AWS
Management Console
Use from any operating system: Run commands on Linux, macOS, and Windows
Run remotely: Use a remote terminal program like PuTTY or SSH to run commands on Amazon EC2
The AWS Command Line Interface (CLI) is an open-source tool that lets you instances
AWS CLI manage your AWS services using commands in your terminal
Features:

Code editing: Supports many programming languages, including JavaScript, Python, PHP, Ruby, Go,
and C++
Debugging: Includes runtime debuggers and breakpoints
Terminal: Provides access to a terminal when using a Cloud9 environment
Syntax highlighting: Automatically highlights syntax for different languages
Code completion: Automatically completes code snippets and identifiers
Line numbers: Displays line numbers, errors, and warnings
Real-time language analysis: Analyzes JavaScript code in real-time
Code reformatting: Reformats JavaScript code
Refactoring: Refactors JavaScript code

Benefits:

AWS Cloud9 is a cloud-based integrated development environment (IDE) No need to install programs or configure a development machine
that allows users to write, run, and debug code. It's available through a Full sudo privileges and a preauthenticated AWS Command Line Interface (AWS CLI)
AWS cloud9 browser on any machine Integrates with AWS CodeStar, which provides tools for deploying applications to AWS
AWS CloudShell is a browser-based shell that lets you manage and interact
with AWS resources. You can use it to run scripts, experiment with APIs, and
AWS cloudshell more.
What can you do with AWS CodeArtifact?

Store packages
Store an unlimited number of packages of any size in a CodeArtifact repository
Share packages
Publish private packages to share proprietary software components with other teams
Consume open-source packages
Connect a private CodeArtifact repository to a public repository, like npmjs.com, to fetch and store
packages on demand
Use with build tools and package managers
Use CodeArtifact with build tools like Maven, Gradle, and npm

How does it work?

CodeArtifact automatically fetches and stores packages from public repositories when requested by a
package manager

You can use the AWS Command Line Interface (AWS CLI) to manage the process
AWS CodeArtifact is a service that allows organizations to store, share, and
publish software packages for application development. It's a fully managed What types of packages can you store?
AWS Codeartifact artifact repository that works with popular package managers and build tools. npm/Yarn, pip/twine, Maven/Gradle, NuGet, RubyGems, SwiftPM, Generic, and Cargo.
Features:

Scalability: CodeBuild automatically scales up and down to accommodate your build volume.

Parallel builds: CodeBuild can process multiple builds simultaneously.


Prepackaged environments: CodeBuild offers prepackaged environments for various versions of Linux and
Microsoft Windows.
Custom build environments: You can use your own build tools by creating custom build environments as
Docker containers.
Integration with open source tools: CodeBuild integrates with open source tools like Jenkins and
Spinnaker.
Test reports: CodeBuild can create reports for unit, functional, or integration tests.
Build in an Amazon Virtual Private Cloud (Amazon VPC): You can run the build process in an Amazon
VPC.

How it works:
AWS CodeBuild is a cloud-based service that compiles source code, runs
tests, and packages the code for deployment. It's a fully managed Specify the location of your source code.
continuous integration service, so you don't need to manage or scale your Choose your build settings.
AWS Codebuild own build servers. CodeBuild runs build scripts to compile, test, and package your code.
Features

Collaboration: Helps teams work together on code


Encryption: Protects stored assets
Access control: Manages who can access stored assets
Scalability: Can handle growing amounts of data
Integration: Works with existing Git tools

How it works

You can use CodeCommit to store source code, documents, and binary files

You can create a commit by making changes to your code on your local computer and then running a
command at the terminal or command line
CodeCommit can be used with AWS CodePipeline and AWS CodeBuild to automatically deploy code
changes

Benefits
AWS CodeCommit is a service that helps teams collaborate on code by
storing and managing source code in the cloud. It's a managed source Eliminates the need to operate your own source control system
control service that's part of Amazon Web Services' (AWS) developer tools Reduces the need to provision and scale hardware
AWS Codecommit suite. Reduces the need to install, configure, and operate software
Benefits

Avoids downtime: Rolling updates and deployment health tracking help avoid downtime during
deployments.

Scales with infrastructure: Can be used to deploy to one instance or thousands.


Centralized control: Can be launched, controlled, and monitored through the AWS Management Console,
AWS CLI, SDKs, or APIs.
Tracks deployment history: Tracks and stores the recent history of deployments.
Works with any application: Can be used with any application, including code, serverless functions, and
configuration files.

How to use

Specify the files to copy and the scripts to run on each instance during the deployment.

Integrate application deployments with existing software delivery processes or into a continuous delivery
toolchain.

AWS CodeDeploy is a service that automates the deployment of applications Related services
to Amazon EC2 instances, on-premises instances, and other compute AWS CodeDeploy can be used in conjunction with other AWS deployment services such as AWS
AWS Codedeploy services. It can also be used to update applications. CodeStar and AWS CodePipeline.
How does it work?

You model and configure the stages of your software release process
You define a release model
CodePipeline automatically builds, tests, and deploys code whenever there's a code change

What are the main components of a pipeline?

Source: The location of your application code


Build: The stage where the source code is compiled into an executable application
Test: The stage where the built application is validated to find bugs or issues

How do I use CodePipeline?

You can use the AWS CLI or the Amazon Console to build, test, and deploy code

Why use CodePipeline?

AWS CodePipeline is a service that automates the process of building, It helps you accelerate software development and release cycles
testing, and deploying code. It's part of a set of AWS tools that help with It automates the CI/CD process
AWS Codepipeline continuous integration and continuous delivery (CI/CD) It provides flexibility and integration capabilities
Features:

Project templates: Pre-configured templates for common development platforms


Integrated development toolchain: Automatically deploys changes
Project dashboard: Includes issue tracking and a unified user interface
Security: Built-in, role-based security policies and encryption
Version control: Integrates with version control systems
Continuous integration and deployment: Automates code integration, testing, and deployment
Collaboration tools: Facilitates teamwork with code reviews, issue tracking, and project management

Benefits:
AWS CodeStar is a cloud-based service that helps users develop, build, and
deploy applications on AWS. It provides a unified user interface and project Helps development teams release applications faster
templates to simplify the process of setting up and managing software Makes it easy for teams to work together securely
AWS Codestar development. Integrates with other AWS services, like AWS Lambda and Amazon EC2

How it works

X-Ray collects data about requests made to an application

It groups requests into traces, which are then used to generate a service graph
The service graph provides a visual representation of the application
Developers can use the graph to identify issues and opportunities for optimization

What it can be used for

Analyzing applications in development and production


Identifying performance issues and errors
Pinpointing where issues are occurring
Tracing requests as they pass through each service or tier in an application

What it supports

Applications running on Amazon Elastic Compute Cloud (Amazon EC2)


Applications running on Amazon Elastic Beanstalk
Applications running on AWS Lambda
Applications running on Amazon EC2 Container Service (Amazon ECS)

How to get started

AWS X-Ray is a service that helps developers analyze and debug Instrument your application to send trace data for incoming and outbound requests
applications by providing a view of how requests move through an Use SDKs, agents, and tools to instrument your application
AWS x-ray application. It can be used to identify and fix performance issues and errors Choose a trace sampling rate
Features

Centralized management: Manage desktop applications in one place and securely deliver them to users

Multi-session capability: Provision multiple user sessions on a single instance


Auto-scaling: Scale to any number of users without managing infrastructure
Secure access: Use security policies to control access to applications
Virtual machines: Applications run on virtual machines (VMs) optimized for use cases
Amazon DCV protocol: Automatically adjusts streaming sessions to network conditions

Amazon AppStream 2.0 is a cloud-based service that allows users to access Benefits Simplifies application management, Improves security, Reduces costs, Supports a wide range of
desktop applications and software-as-a-service (SaaS) applications from any user types, and Can be used to convert desktop applications to SaaS.
End User computer. It's a fully managed service that's built on Amazon Web Services Use cases Streaming 3D design and engineering apps, Providing virtual test drives and demo
10 Computing Amazon AppStream 2.0 (AWS) environments, Delivering training for software applications, and Helping students with remote learning

Features:

Virtual desktops: Users can access virtual desktops from any supported device, including web browsers.

Operating systems: WorkSpaces can run Microsoft Windows, Amazon Linux 2, Ubuntu Linux, Rocky
Linux, or Red Hat Enterprise Linux.
Cost: Users pay only for the WorkSpaces they deploy, either monthly or hourly.
Scalability: Organizations can quickly scale to provide thousands of desktops to workers across the world.
Security: WorkSpaces is a secure cloud desktop service.

Types of WorkSpaces:

WorkSpaces Personal
A persistent virtual desktop for users who need a highly-personalized desktop
WorkSpaces Pools
Amazon WorkSpaces is a cloud-based virtual desktop infrastructure (VDI) A non-persistent virtual desktop for users who need access to a curated desktop environment
service that provides users with access to applications and data. It's a fully
managed service that allows organizations to provision virtual desktops for Benefits: Eliminates the need for hardware procurement and deployment, Simplifies desktop delivery
Amazon WorkSpaces users based on their needs. strategy, and Helps optimize costs and maximize productivity.
Features

Secure
WorkSpaces Web isolates websites in an AWS container and streams pixels to the user's browser. This
prevents potentially compromised devices from connecting to internal servers.

Pay-as-you-go
WorkSpaces Web has low, predictable pricing, with no up-front costs, licenses, or long-term commitments.
Accessible from any device
Users can access WorkSpaces Web from a variety of devices, including desktops and mobile devices.

Use cases

Accessing internal websites


Accessing the company intranet
Accessing SaaS web applications
Accessing desktop resources
Accessing internal knowledge bases
Accessing other product and service information

How to get started

Amazon WorkSpaces Web is a service that allows users to access internal Add a free trial to your AWS account
websites and software-as-a-service (SaaS) apps through a web browser. It's Visit the Amazon WorkSpaces Secure Browser Console
Amazon WorkSpaces Web a part of Amazon WorkSpaces, a cloud-based virtual desktop service. Create a web portal

What it does

Simplifies development
AWS Amplify helps developers focus on creating user experiences and features instead of infrastructure
management.

Accelerates development
AWS Amplify includes built-in CI/CD workflows to speed up the application release cycle.
Connects front-end and back-end
AWS Amplify provides a seamless bridge between front-end and back-end development.
Stores data
AWS Amplify allows developers to store user files on AWS, such as photos, audio, and video.

What it includes

Open-source framework: Includes libraries, UI components, and a command line interface (CLI)

Visual development environment: Allows developers to build an app backend


Fully managed hosting service: Allows developers to deploy and host fullstack web applications
Built-in CI/CD workflows: Accelerates the application release cycle
Storage: Allows developers to store user files on AWS, such as photos, audio, and video

What it's used for

Developing web and mobile apps


Frontend AWS Amplify is a set of tools and services that help developers build and Deploying server-side rendered and static frontend apps
Web and deploy web and mobile apps on AWS. It includes an open-source framework, Adding features like auth and storage
11 Mobile AWS Amplify a visual development environment, and a fully managed hosting service. Connecting to real-time data sources
Features

Serverless: A serverless offering from AWS


Real-time: Supports real-time data queries, synchronization, and communications
Offline: Includes offline programming features
Pub/Sub APIs: Connects applications and services to data and events
Event APIs: Supports authentication mechanisms like API key, IAM, Amazon Cognito, OIDC, and
Lambda authorizers

Use cases

Retrieve or modify data from multiple data sources


Synchronize data between mobile and web applications and the cloud
Create real-time collaboration and chat applications
Manage IoT data

Benefits

Reduces the complexity of web applications


Improves the experience for website visitors with faster load times
AWS AppSync is a fully managed service that lets developers create APIs to Supports Cognito group-based authorization
access, manipulate, and combine data from multiple sources. It uses Includes built-in request and response validation
GraphQL, a query language, to make it easier for applications to get the data Integrates with other AWS services like Amazon CloudWatch Logs, CloudWatch metrics, and AWS
AWS Appsync they need WAF

How it works

Developers can upload their apps and test scripts to Device Farm

They can run automated tests in parallel on multiple devices


Device Farm generates videos, screenshots, and performance data
Developers can also remotely access devices to interact with apps in real time

What it can test

Web applications: Developers can test their web apps on desktop browsers using Selenium

Mobile applications: Developers can test their apps on real Android and iOS devices

Benefits
AWS Device Farm is a service that allows developers to test their web and
mobile applications on real devices hosted by Amazon Web Services (AWS). Developers can save time by running tests in parallel
It helps developers improve the quality of their apps, and speed up time to Developers can quickly identify issues with their apps
AWS Device Farm market. Developers can debug and reproduce customer issues
Features

Device Shadow: Creates a virtual version of each device, including its current and expected future
states. This allows applications to interact with devices even when they're offline.

Registry: Assigns a unique identity to each device and tracks metadata about it.
Message broker: Uses a publish/subscribe model to send and receive data from devices.
Protocols: Supports protocols like MQTT, HTTP 1.1, and WebSockets.

Use cases

Industrial IoT
Monitor and manage industrial operations, and build applications for maintenance, quality, and remote
operation
Home automation
Create connected applications for home security, networking, and automation
Automotive
Develop solutions for connected, autonomous, shared, and electric vehicles
Commercial applications
Design applications for traffic monitoring, health monitoring, and public safety

Pricing

You only pay for the components you use.


AWS IoT Core is a cloud-based service that allows connected devices to There are no minimum or mandatory usage fees.
communicate with other devices and cloud applications. It's a managed You're billed separately for connectivity, messaging, Device Shadow usage, registry usage, and rules
12 IoT AWS IoT Core platform that can support billions of devices and trillions of messages. engine usage.

Features:

Local processing: Devices can process data locally, and only send necessary information to the cloud

Machine learning: Devices can use machine learning models to make predictions
Secure communication: Devices can communicate securely with other devices and AWS services
Remote management: Software can be remotely managed and operated without needing a firmware
update
Prebuilt components: Prebuilt components can be used to speed up application development
AWS IoT Greengrass is a cloud service and open source edge runtime that
helps users build, deploy, and manage software for Internet of Things (IoT) Benefits: Build modular components faster, Program devices to transmit high-value data, React
devices. It enables devices to collect, analyze, and act on data locally, and autonomously to local events, and Export IoT data to the AWS Cloud.
AWS IoT Greengrass communicate with other devices and AWS services. Supported runtimes: Python, Node.js, and Java.
Amazon Comprehend is a natural language processing (NLP) service that
uses machine learning (ML) to extract insights from text. It provides pre-
trained and custom APIs that can be used to: How it works

Recognize entities Call the Amazon Comprehend APIs in your application


Classify entities Provide the location of the source document or text
Extract key phrases The APIs output entities, key phrases, sentiment, and language in a JSON format
Analyze sentiment
Identify and redact personally identifiable information (PII) Use cases
Detect toxicity
Classify prompt safety Businesses can use Amazon Comprehend to enhance customer service and streamline operations
Detect events
Machine Detect language Amazon Comprehend Medical is a HIPAA Eligible Service that can be used to process, store, and transmit
13 Learning Amazon Comprehend Analyze syntax protected health information (PHI)

Features:

Natural language processing: Uses semantic and contextual similarity to understand the meaning of a
query

Advanced deep learning: Uses ranking capabilities to return relevant results


Document metadata: Can be used to create customized search experiences
GenAI index: Can be used to build generative AI applications
Connectors: Can connect to multiple data repositories, including Amazon S3, Microsoft SharePoint, and
Salesforce

Use cases:

Finding information in manuals, research reports, FAQs, and more


Creating digital assistants
Building intelligent search experiences

How it works:

Create an index
Add data sources
Test search
Deploy search in your application
Amazon Kendra is a search service that uses machine learning to help users Use natural language to ask a question
find information across their organization. It's designed to help developers Receive relevant results
Amazon Kendra add search capabilities to their applications. Refine results using filters or feedback
How it works

Amazon Lex uses the same conversational engine as Amazon Alexa

It uses Generative AI and Large Language Models (LLMs) to enhance the customer experience
It uses deep learning to convert speech to text

What it's used for

Building self-service voice assistants and chatbots


Creating informational bots that answer questions
Building application or transactional bots, such as pizza ordering agents or travel bots

How to set it up

Log into your AWS account


Navigate to the Amazon Lex section
Enter initial bot details
Create your intent
Amazon Lex is a service from Amazon Web Services (AWS) that allows Add slot types
developers to create conversational interfaces for applications using voice Add multiple slots to the intent
Amazon Lex and text. It uses machine learning (ML) to understand natural language Build and test the bot

What it's used for

Accessibility: Amazon Polly can be used to create accessibility applications for people who are visually
impaired.

Learning: Amazon Polly can be used to create eLearning platforms.


News: Amazon Polly can be used to create newsreaders for mobile applications.
Games: Amazon Polly can be used to create games with speech-activated features.
Internet of Things (IoT): Amazon Polly can be used to create applications for the IoT.

How it works

Amazon Polly uses deep learning technologies to convert text into speech.

It offers a variety of voices in multiple languages.


You can customize the pronunciation using lexicons.
You can change the speaking style, such as using a Newscaster or Conversational style.
You can cache and replay the generated speech at no additional cost.

What you can use it with

Amazon Polly is a cloud service that converts text into speech. It's used to You can integrate the Amazon Polly API into your existing applications.
Amazon polly create speech-enabled applications and products You can use it to convert articles, web pages, and PDF documents.
Here are some ways Amazon Rekognition can be used:

Identity verification: Verify identities in real time without human intervention

Content moderation: Flag inappropriate, offensive, or unwanted content


Workplace safety: Analyze work camera footage to identify people, their paths, and used equipment
Face recognition: Identify faces in images and videos, and search for specific faces
Text detection: Detect text in images and videos, including parking signs
Celebrity recognition: Identify celebrities in images and videos
Scene recognition: Identify objects, scenes, and landscapes in images and videos
Activity recognition: Identify activities in images and videos

Amazon Rekognition's features include:

Pre-trained and customizable computer vision capabilities


A confidence score for each identified item
Amazon Rekognition is a computer vision service that uses machine learning Bounding box coordinates for detected faces
(ML) to analyze images and videos. It can identify objects, people, text, Labels for objects, scenes, and landscapes
Amazon Rekognition scenes, and activities, and detect inappropriate content Face verification and search

What it does

Prepares data: Users can prepare large amounts of structured and unstructured data

Trains models: Users can train models using built-in training algorithms or custom algorithms
Deploys models: Users can deploy models for predictive analytics applications
Automates model creation: Users can use SageMaker Autopilot to automatically inspect data, select
algorithms, and train models
Manages access: Users can control access to data, models, and development artifacts

Who uses it Data scientists, Business analysts, and Companies looking for a managed environment for ML
workloads.
Amazon SageMaker is a managed service in Amazon Web Services (AWS) How it's used
that helps users build, train, and deploy machine learning (ML) models. It's
used for predictive analytics applications, such as advanced analytics for Companies like Elevance Health and JPMorgan Chase & Co. use SageMaker for ML and data science
Amazon SageMaker customer data and back-end security threat detection. platforms
What it does

Extracts text, handwriting, and data from documents and images


Identifies fields of interest and their values
Extracts data from tables and forms
Returns a confidence score for each element it identifies
Returns bounding box coordinates for each piece of data identified

How it works

Uses machine learning models trained on millions of documents

Uses optical character recognition (OCR) technology to identify characters, words, and letters
Uses advanced machine learning to identify the contents of fields in forms and information stored in tables

Where it's used Extracting information from tax documents, Generating marketing materials, and
Generating flash reports.
How to access it
Amazon Textract is a machine learning (ML) service that extracts text,
handwriting, and data from documents and images. It's used to analyze You can access Amazon Textract with the Amazon Textract API, in the AWS Management Console, or
Amazon Textract documents, identify fields of interest, and extract data from tables and forms using the AWS command-line interface (CLI).

Use cases

Contact centers
Transcribe customer calls to identify insights and improve customer experience

Content production
Automatically generate subtitles for videos and media to improve accessibility
Privacy
Filter content to ensure customer privacy and audience-appropriate language
Accessibility
Increase the accessibility and discoverability of audio and video content

Features

Custom vocabularies: Create custom vocabularies using lists or tables


Custom language models: Create custom language models
Automatic punctuation: Automatically add punctuation to transcripts
Automatic language identification: Automatically identify the language of the speech
Speaker diarization: Partition the speech of individual speakers
Word-level confidence scores: Provide confidence scores for each word in the transcript

Transcription types
Amazon Transcribe is a service that converts speech to text using machine
learning. It can be used to add speech-to-text capabilities to applications, or Real time: Transcribe media in real time (streaming)
Amazon Trabscribe as a standalone transcription service. Batch: Transcribe media files located in an Amazon S3 bucket
Amazon Translate is a service that translates text between languages. It's
used to:

Translate content: Translate company and user-authored content, such as


websites, applications, and user-generated content

Build multilingual applications: Build applications that support multiple You can use Amazon Translate:
languages
Localize content: Localize content for users in different parts of the world Via an API to enable real-time or batch translation
Analyze large volumes of text: Analyze large volumes of text to enable cross-
lingual communication Using the console to test translation quality
With other AWS services, such as Amazon Polly, Amazon S3, and Amazon Lex
Amazon Translate uses deep learning models to provide high-quality
translations. These models are trained on a variety of content across You can get started with Amazon Translate using the free tier, which allows you to translate up to 2 million
Amazon Translate different use cases and domains. characters per month for the first 12 months.

How it works

AWS Auto Scaling monitors application performance and tracks metrics like CPU usage
It automatically adds or removes capacity to meet the target value for the metric
It can predict application resource demand
It can automatically remove unhealthy instances
It can keep the preferred capacity even when hardware fails

Benefits

Maintains application availability: Ensures that applications are accessible and responsive

Reduces costs: Only pays for the resources that are actually needed
Optimizes utilization: Allocates servers that are not needed to other companies
Supports lower energy consumption: Shuts down servers when traffic is low
Managemen The purpose of AWS Auto Scaling is to automatically adjust the capacity of
t and AWS services to meet application demand. This helps to maintain application Features Unified scaling, Automatic resource discovery, Built-in scaling strategies, Predictive scaling, and
14 Governance AWS Auto Scaling availability and reduce costs Smart scaling policies
What can AWS CloudFormation do?

Create resources: Create resources like databases and compute


Provision resources: Provision resources quickly and consistently
Manage resources: Manage resources throughout their lifecycles
Update resources: Update resources as needed
Delete resources: Delete resources as needed
Detect drift: Detect if resources have drifted from their expected configuration
Roll back resources: Roll back resources automatically if needed

How does AWS CloudFormation work?

Users create templates that describe the resources they want to create
AWS CloudFormation uses the templates to provision and configure the resources as a stack
Users can manage the stack as a single unit, instead of managing each resource individually

What can users do with the templates?


AWS CloudFormation is a service that helps developers and businesses
create, provision, and manage resources on Amazon Web Services (AWS). Reuse templates to replicate infrastructure in multiple environments
It allows users to treat infrastructure as code, which means they can model, Customize stacks using parameters, mappings, and conditions
AWS CloudFormation provision, and manage resources in a consistent way Save templates locally or in an S3 bucket
It's used for:

Auditing
Tracking user activity and API usage to help you ensure compliance with internal policies and regulatory
standards

Security monitoring
Recording user activity and API calls to help you identify and respond to unusual activity
Operational troubleshooting
Recording user activity and API calls to help you track changes and troubleshoot operational issues

How it works

CloudTrail records events for actions taken in the AWS Management Console, AWS Command Line
Interface, and AWS SDKs and APIs

CloudTrail records important information about each action, including who made the request, the services
used, and the actions performed
You can create custom trails to capture one or more types of events
You can configure trails to deliver events to an S3 bucket or AWS CloudWatch Logs

Benefits

CloudTrail helps you improve security posture and consolidate activity records across Regions and
accounts
AWS CloudTrail is a service that records user activity and API calls in your CloudTrail provides visibility into user activity, which can help you track changes and troubleshoot
AWS Cloudtrail AWS account. operational issues
You can use it to:

Monitor performance: Track application performance and resource use in real time

Detect issues: Identify and troubleshoot operational issues


Optimize resources: Use insights to optimize resource use and reduce mean time to resolution (MTTR)
Set alarms: Set alarms to automatically react to changes in performance
Collect and analyze logs: Monitor log files to detect anomalies and respond to issues
Gain visibility: Get a unified view of system-wide performance

You can use CloudWatch to monitor: Amazon EC2 instances, Amazon DynamoDB tables, Amazon RDS
DB instances, Amazon Elastic Block Store (EBS) volumes, and Elastic Load Balancing.
You can also use CloudWatch to monitor custom metrics generated by your applications and services.
You can use CloudWatch to monitor your AWS account and resources. You can: Set alarms and actions
Amazon CloudWatch is a monitoring service that helps you observe and for certain scenarios, Take automated actions, Respond to changes in performance, Optimize resource
AWS cloudwatch manage applications and resources on AWS. use, and Gain insights into operational health.
What it does

Analyzes your AWS resources' configuration and utilization metrics


Reports whether your resources are optimal
Generates recommendations to reduce costs and improve performance
Provides graphs showing recent utilization metric history data
Helps you decide when to move or resize your running resources

What it recommends

Optimal Amazon Elastic Compute Cloud (EC2) instance types


Optimal Amazon Elastic Block Store (EBS) volume configurations
AWS Compute Optimizer is a service that helps you reduce costs and Optimal task sizes for Amazon Elastic Container Service (ECS) on AWS Fargate
improve performance by optimizing your AWS resources. It analyzes your Optimal AWS Lambda function memory sizes
AWS compute Optimizer resource utilization and configuration to make recommendations. Optimal license recommendations for commercial software running on Amazon EC2
What does AWS Config do?

Records configurations for custom resource types and third-party resources


Provides a detailed view of the configuration of AWS resources
Tracks resource relationships
Provides a history of resource and software configurations
Allows users to create and customize rules
Allows users to create conformance packs
Aggregates data across multiple accounts and regions
Allows users to query configuration state

How does AWS Config work?

Users can create conformance packs by authoring a YAML template

Users can deploy the template using the AWS Config console or the AWS CLI
Users can see how the configurations and relationships change over time

What is the difference between AWS Config and CloudTrail?


AWS Config is a tool that helps users record, assess, and audit the
configurations of their AWS resources. It can also be used to ensure AWS Config focuses on the configuration of AWS resources
AWS config compliance with regulatory requirements and internal policies. CloudTrail focuses on the events that drive changes to AWS resources
What it does

Provision new accounts


Users can quickly provision new accounts using configurable templates

Monitor compliance
Central administrators can monitor that accounts are compliant with company-wide policies
Automate account creation
AWS Control Tower can automatically create accounts with built-in governance
Enforce best practices
AWS Control Tower can enforce best practices, standards, and regulatory requirements
Integrate third-party software
AWS Control Tower can integrate third-party software into the AWS environment
Provide a consolidated view
AWS Control Tower provides a consolidated view of controls, compliance status, and controls evidence
across multiple accounts

How it works

AWS Control Tower is a tool that helps cloud architects and administrators AWS Control Tower uses blueprints to automate the setup of a new landing zone
set up and manage a secure, multi-account environment on Amazon Web
Services (AWS). It uses controls to enforce policies and ensure that AWS Control Tower applies controls to enforce policies and ensure compliance
AWS Control Tower accounts are compliant with AWS best practices. AWS Control Tower provides updated controls as requirements and AWS services evolve

What does the AWS Health Dashboard provide?

Event-based alerts: Provides automatic alerts when the health of AWS services changes

Proactive notifications: Provides notifications about scheduled activities, such as infrastructure changes
Guidance: Provides detailed information and guidance to help you take action
Resource performance visibility: Provides visibility into the performance of your resources
Service availability visibility: Provides visibility into the availability of your AWS services and accounts
Planned activity awareness: Helps you be aware of and prepare for planned activities

How can you access the AWS Health Dashboard?

You can sign into your AWS Health Dashboard to view account-specific health information
You can receive AWS Health event updates using Amazon EventBridge
You can access AWS Health programmatically using AWS Health API

The AWS Health Dashboard provides information about the performance Who can use the AWS Health Dashboard?
and availability of AWS services. It also provides alerts and notifications
AWS Health Dashboard about events that may impact your AWS resources All AWS customers can use the AWS Health Dashboard at no additional cost
What it does

Recommends resources
AWS Launch Wizard suggests the right AWS resources to meet an application's needs, such as EC2
instance types and EBS volumes

Deploys resources
AWS Launch Wizard provisions and configures the selected resources to create a production-ready
application
Estimates costs
AWS Launch Wizard provides an estimated cost of deployment, and users can modify the resources to
see an updated cost assessment
Creates templates
AWS Launch Wizard provides reusable AWS CloudFormation code templates that can be used for
subsequent deployments
AWS Launch Wizard is a service that helps users deploy third-party
applications on Amazon Web Services (AWS). It automates the process of What it's used for Deploying Microsoft SQL Server applications, Deploying SAP systems, and Deploying
AWS Launch Wizard selecting and configuring resources, which can save time and money. other third-party applications.

What it does:

License management: Tracks and manages licenses from software vendors like Microsoft, Oracle, IBM,
and SAP

License usage control: Enforces license usage limits, blocks new launches, and sets hard or soft limits on
license consumption
License cost savings: Helps users save money by reusing existing licenses with their cloud resources
AWS License Manager is a service that helps users manage software License compliance: Helps users ensure license compliance by providing built-in controls
licenses across AWS and on-premises environments. It provides visibility License migration: Helps users migrate from on-premises workloads to Amazon EC2
and control over license usage, which can help reduce the risk of non- License sharing: Allows users to create license configurations in one account and share them across other
AWS License Manager compliance and licensing overages. accounts

What you can do with the AWS Management Console

Access services: Access all AWS services from one place

Manage resources: Manage compute, storage, and other cloud resources


View information: Access information about your account and billing
Discover services: Use tools to discover new services
Customize: Customize the home page with widgets to organize options by theme
Manage metadata: Use the Tag Editor tool to manage metadata for your resources
Create resource groups: Use tags to create resource groups to manage your resources collectively

How you can use the AWS Management Console

Sign in to the AWS Management Console


Go to the Console Home page
Use the Unified Navigation to search for services, view notifications, and more
Add, remove, and rearrange widgets on the home page
Use the Tag Editor tool to manage metadata
The AWS Management Console is a web application that helps you manage
your AWS resources. You can use it to access, monitor, and interact with You can also use the AWS Management Console to review and monitor resources created using
AWS Management Console your AWS services developer tools like AWS CloudFormation templates and the AWS Command Line Interface (CLI).
What it's used for

Centralized management: Users can create, manage, and govern their AWS accounts from a single
place

Simplified billing: Users can set up a single payment method for all accounts
Resource sharing: Users can share resources across accounts, both within and outside of their
organization
Policy enforcement: Users can enforce policies for identity and access management
Audit trail: Users can maintain an audit trail of all accounts
Cost management: Users can track, manage, and optimize usage across all accounts

How it works

Users create an AWS Organization from an AWS master account

AWS Organizations is a service that helps organizations manage their AWS Users can create groups of accounts called Organizational Units (OUs)
accounts, resources, and policies. It allows users to create groups of Users can attach policies to OUs to control access to services
AWS Organizations accounts, apply policies, and share resources Users can apply Identity and Access Management (IAM) policies to users, groups, or roles

What are AWS Resource Groups used for?

Organizing resources: Group resources based on tags to model, manage, and automate tasks

Creating custom consoles: Create a custom console for each project that organizes and consolidates
information
Sharing resources: Share resources between identities within an AWS account

What is AWS Tag Editor used for?

Adding tags: Add tags to resources to organize them by purpose, owner, environment, or other criteria

Editing tags: Edit tags on multiple resources


Deleting tags: Delete tags on multiple resources

How to use AWS Resource Groups and Tag Editor?

AWS Resource Groups and Tag Editor are tools used to organize and Access AWS Resource Groups through the AWS Management Console, AWS SDK APIs, and the AWS
AWS Resource Groups and manage AWS resources. They are used for centralized resource CLI
Tag Editor management, cost tracking, and compliance enforcement. Access Tag Editor through the AWS Management Console
What it provides

Centralized management
Organizations can centrally manage IT services, applications, resources, and metadata

Versioning
Organizations can manage multiple versions of products, including adding new versions based on
software updates or configuration changes
Portfolios
Organizations can create customized portfolios for each type of user, and selectively grant access to the
appropriate portfolio
Templates
Organizations can use templates that include the resources and dependencies required by an application
Self-service
End users can quickly find and deploy approved IT services they need from a personalized portal

Benefits

Increased agility: End users can find and launch only the products they need

Reduced costs: End users can find and launch only the products they need
AWS Service Catalog allows organizations to create, manage, and distribute Improved governance: Organizations can improve governance over resources across multiple accounts
catalogs of approved IT services. This helps organizations meet compliance Streamlined workflows: Organizations can streamline workflows by connecting to ServiceNow and Jira
AWS Service Catalog requirements while reducing costs and increasing agility. Service Management
You can use it to:

View and manage nodes: Get a centralized view of your nodes across accounts and regions

Automate tasks: Automate common tasks like software and patch installations, registry edits, and user
management
Manage nodes remotely: Securely manage nodes without opening inbound ports or managing SSH keys
Detect and resolve issues: Run automatic diagnoses to identify issues
Apply patches: Apply security updates and operating system updates to nodes
Manage applications: Manage applications and dependencies
Perform health checks: Perform application-specific health checks

You can use AWS Systems Manager to manage nodes in the following environments:

Amazon Elastic Compute Cloud (Amazon EC2) instances


Non-EC2 machines
Hybrid servers
Multicloud environments
On-premises

You can use tools like:

Patch Manager: Apply patches to nodes


Session Manager: Securely manage nodes
AWS Systems Manager helps you manage and operate your Amazon Web Run Command: Remotely manage node configurations
AWS Systems Manager Services (AWS) infrastructure. Amazon Q Developer: Query node metadata using natural language
What it does

Evaluates your environment


Trusted Advisor checks your AWS environment for deviations from best practices

Makes recommendations
Trusted Advisor provides recommendations to improve performance, security, and cost
Provides real-time guidance
Trusted Advisor provides real-time guidance to help you provision resources
Helps you optimize cloud deployments
Trusted Advisor helps you optimize cloud deployments, improve resilience, and address security gaps

What it can help you with

Saving money
Improving system performance and reliability
Closing security gaps
Maximizing utilization of Reserved Instances
Optimizing cloud deployments
Improving resilience
Addressing security gaps

You can access Trusted Advisor in the AWS Management Console.


How it works

AWS Trusted Advisor is an online tool that analyzes your AWS environment Trusted Advisor uses a green check to indicate that there are no problems
and provides recommendations to improve performance, security, and cost. Trusted Advisor uses a red exclamation mark to indicate that you should take action
It uses best practices learned from hundreds of thousands of AWS Trusted Advisor uses an orange exclamation mark to indicate that you should make specific changes
AWS Trusted Advisor customers after further investigation
What it does

Reviews workloads against AWS best practices


Identifies areas for improvement
Creates plans for improving workloads
Helps users document decisions
Helps users make workloads more reliable, secure, efficient, and cost-effective

How it works

Users define their workload and answer questions about it


The tool provides a plan for improvements
The plan includes recommendations for addressing high-risk issues

What it's based on

The AWS Well-Architected Framework, which is based on six pillars


The six pillars are:
Operational excellence
Security
Reliability
Performance efficiency
The AWS Well-Architected Tool (WA Tool) is a free tool that helps users Cost optimization
review their workloads against AWS best practices. It's used to identify areas Sustainability
for improvement, and to create plans for making workloads more secure,
AWS Well-Architected Tool efficient, and cost-effective. You can use the AWS Well-Architected Tool in the AWS Management Console.
ADS offers two ways to collect data:

Agentless discovery
Uses the AWS Application Discovery Service Agentless Collector to gather server information without
installing an agent on each host
Agent-based discovery
The AWS Application Discovery Service (ADS) helps you plan the migration Uses the AWS Application Discovery Agent to collect a richer set of data by installing an agent on one
of your applications to the AWS cloud. It collects data about your on- or more hosts
premises servers and databases, including their configuration, usage, and
behavior. You can use this data to: You can use the collected data to:

Plan migrations: Identify servers and dependencies, and size AWS Tag and group servers into applications
resources Export data for analysis in Excel or other cloud migration analysis tools
Understand dependencies across servers
Track migrations: Group servers into applications and track their migration Measure server performance
Migration status View discovered servers in the Migration Hub console
and AWS Application Discovery Establish performance baselines: Measure server performance to compare
15 Transfer Service against after migrating to AWS ADS is integrated with AWS Migration Hub and AWS Database Migration Service Fleet Advisor.
What it does

Migrates applications from on-premises or other cloud environments to AWS


Replicates source servers into your AWS account
Automatically converts and launches your servers on AWS

Benefits Reduces the cost of migrating applications, Simplifies the process of migrating applications,
Expedites the process of migrating applications, Minimizes downtime, and Maintains data integrity.
How to use it

Evaluate your migration needs


Use AWS Application Migration Service to migrate workloads
AWS Application Migration Service (AWS MGN) is a tool that helps move Migrate to fully managed AWS databases
AWS Application Migration applications from other environments to AWS. It automates the process to
Service reduce downtime and maintain data integrity. You can access AWS Application Migration Service through the AWS Console.

What you can do with AWS DMS

Migrate databases: Move databases from on-premises, Amazon RDS, or Amazon EC2 to AWS

Replicate data: Continuously replicate data from a source to a target database


Assess databases: Use Fleet Advisor to inventory your data sources and get recommendations for target
endpoints
Convert schemas: Use built-in schema assessment and conversion tools

Features of AWS DMS

Supports homogeneous and heterogeneous migrations


Minimizes downtime by keeping the source database operational during migration
Can handle complex migrations, including migrating hundreds of workloads at once
Supports many use cases, including geographic database distribution and test environment
synchronization
AWS Database Migration Service (AWS DMS) is a cloud service that helps
you move databases and analytics workloads to AWS. You can use it to Supported databases
AWS Database Migration migrate data to and from a variety of databases, including relational AWS DMS supports many commercial and open-source databases, including Oracle, MySQL,
Service (AWS DMS) databases, data warehouses, and NoSQL databases. PostgreSQL, Amazon Redshift, and Amazon DocumentDB.
What does AWS Migration Hub do?

Discover servers: Helps users find their existing servers

Plan migrations: Helps users plan how to migrate their servers and applications to AWS
Track migration status: Helps users monitor the progress of their migrations
Automate migrations: AWS Migration Hub Orchestrator can automate the migration of servers and
applications using predefined workflow templates
AWS Migration Hub is a tool that helps users plan and track the migration of
their servers and applications to AWS. It provides a central location to What are some benefits of using AWS Migration Hub?
discover existing servers, plan migrations, and monitor the status of each Provides visibility into the application portfolio, Streamlines planning and tracking, and Simplifies and
AWS Migration Hub migration. automates the migration process.

What it does

Automatically converts a database schema and most of its code objects to a format compatible with the
target database

Converts relational OLTP schemas or data warehouse OLAP schemas


Converts code objects like stored procedures, views, and functions
Supports industry standards like Federal Information Processing Standards (FIPS)
Compliant with Federal Risk and Authorization Management Program (FedRAMP)

What it's used for

Migrating databases to the cloud


Migrating from one database engine to another
Migrating from a relational OLTP schema to an Amazon RDS
Migrating from a data warehouse OLAP schema to an Amazon Aurora or Amazon Redshift

When it's useful


The AWS Schema Conversion Tool (AWS SCT) converts a database
schema from one engine to another. It can be used to migrate commercial When rearchitecting an application
AWS Schema Conversion Tool databases and data warehouses to AWS-native services or open-source When the source and target database engines are different
(AWS SCT) engines When the current database schema uses packages and features that can't be directly converted
It's used for:

Data migration
Moving large amounts of data to AWS for cloud migration, disaster recovery, and data center relocation

Remote data collection


Capturing data from sensors in remote locations, such as construction sites or ships
Processing data at the edge
Running compute and processing workloads locally, such as processing point of sale data or security
camera footage

My journey to AWS Solution Architect Exam — Part 46 — AWS ...


AWS Snow Family includes physical devices called Snowcone, Snowball, and Snowmobile. These devices
can transfer up to exabytes of data.
Benefits of AWS Snow Family

Cost effective: Allows users to access AWS storage and compute power in places where internet
connectivity might not be available

Secure: Uses automatic 256-bit encryption to protect transferred data


Convenient: Provides convenient management and monitoring, and simple device tracking

AWS Snow Family is a service that allows users to move data to and from You can use the AWS Snow Family console to order devices, download unlock credentials, and monitor
AWS Snow Family AWS, or to run compute and processing workloads locally. the status of your Snow jobs.
You can use it to:

Migrate workloads: Seamlessly move workloads without changing third-party clients or configurations

Automate workflows: Set up automated workflows for file transfers


Monitor transfers: Track file transfers
Provide a secure portal: Give users a branded portal to browse, upload, and download data
Enable browser-based transfers: Allow non-technical users to transfer files using a web browser
Increase trading partner connectivity: Improve connectivity with trading partners
Automate EDI document transformation: Accelerate data integrations into ERP and SCM systems
Expand content distribution: Reach more subscribers with multiple connectivity options
Protect revenue: Apply access controls to protect revenue

You can use AWS Transfer Family with:

SFTP, AS2, FTPS, FTP, and web browsers


Amazon EFS file systems
Secure Shell (SSH)
File Transfer Protocol Secure (FTPS)
File Transfer Protocol (FTP)

AWS Transfer Family is a service that lets you transfer files into and out of Centralize data access using AWS Transfer Family and AWS ...
AWS Transfer Family Amazon S3 or Amazon EFS. You can use AWS Transfer Family to integrate with Amazon S3 for storing file data.
Key points about Amazon API Gateway:

API creation: Enables building both RESTful APIs and WebSocket APIs for real-time communication.
Amazon API Gateway is a fully managed AWS service that acts as a "front
door" for applications to access data and functionality from backend services Traffic management: Can handle large volumes of concurrent API calls, including throttling to prevent
like AWS Lambda or EC2, essentially allowing developers to create, publish, overwhelming backend services.
manage, monitor, and secure APIs at scale by handling incoming API Security: Implements authorization and access control features to secure your APIs.
Networking requests, managing traffic, authentication, and authorization, all without Monitoring and logging: Provides insights into API usage with monitoring capabilities.
and Content needing to manage the underlying infrastructure; effectively acting as a Integration with other AWS services: Easily connects to other AWS services like Lambda functions, S3
16 Delivery Amazon API Gateway single entry point for your backend systems buckets, and DynamoDB

What it does

Distributes content
CloudFront delivers content to users through a network of edge locations around the world.

Reduces latency
CloudFront routes requests to the edge location with the lowest latency, so content is delivered quickly.
Caches content
CloudFront caches content in edge locations, which improves availability and reliability.
Streams media
CloudFront can stream pre-recorded files and live events to any device.

Use cases

Delivering static website content, such as photos, style sheets, and JavaScript

Serving video on demand (VOD) in common formats, such as MPEG DASH, Apple HLS, Microsoft Smooth
Streaming, and CMAF
Delivering live video streaming

Benefits

Low latency and high data transfer speeds


Developer-friendly environment
Amazon CloudFront is a content delivery network (CDN) that delivers content High security with the "Content Privacy" feature
to users globally. It's used to distribute static, dynamic, and streaming web GEO targeting service for content delivery to specific end-users
Amazon CloudFront content, such as images, videos, applications, and APIs Less expensive, as it only charges for the data transfer
How it works

An Ethernet cable connects the internal network to an AWS Direct Connect location.

One end of the cable connects to the internal network router, and the other end connects to an AWS Direct
Connect router.
The connection bypasses internet service providers.

Benefits

Reduced costs
Private network connections can reduce costs compared to internet-based connections.

Increased bandwidth
Private network connections can increase bandwidth throughput.
More consistent network experience
Private network connections can provide a more consistent network experience than internet-based
connections.
Greater reliability
Direct Connect connections can provide greater reliability than internet-based connections.
Higher security
Direct Connect connections can provide higher security than internet-based connections.

What it's used for

Establishing dedicated connections from an on-premises network to one or more VPCs

Creating virtual interfaces directly to public AWS services, such as Amazon S3

Security features

AWS Direct Connect is a networking service that connects an internal MACsec security on Direct Connect connections
network to Amazon Web Services (AWS) using a private network CloudTrail Integration to track Direct Connect API calls
AWS Direct Connect connection. It's an alternative to using the internet to connect to AWS CloudWatch Metrics and Alarms to monitor key metrics like bandwidth usage and latency
It helps you:

Improve performance: Improve network performance by up to 60%

Deliver highly available applications: Provide fast failover for multi-Region and multi-AZ architectures
Protect applications from DDoS attacks: Protect applications from DDoS attacks closer to the source
Route traffic to optimal endpoints: Route traffic to the endpoint that delivers the best performance and
availability
React to changes in application health: Instantly react to changes in the health or configuration of your
endpoints
Maintain state: Build applications that require maintaining state

How it works

AWS Global Accelerator monitors the health of your application endpoints using TCP, HTTP, and
HTTPS health checks

It directs traffic to the endpoint that delivers the best performance and availability
It provides static IP addresses that act as a fixed entry point to application endpoints

AWS Global Accelerator is a networking service that improves the You can use AWS Global Accelerator to improve the performance of front-end web applications, API
AWS Global Accelerator performance and availability of applications for global users. endpoints, or microservices.
What it does

Domain registration: Register domain names like example.com


DNS service: Translate domain names into IP addresses
Health checking: Monitor applications to ensure they're available and functional
Resolver: Forward DNS queries between VPCs and networks

How it works

Uses a global network of DNS servers to reduce latency


Allows users to create and manage DNS records for their domains
Allows users to define health checks for their resources
Monitors resources and takes action if any fail

Amazon Route 53 is a Domain Name System (DNS) service that helps users Who uses it
route traffic to websites and applications. It translates domain names like Developers and businesses can use Route 53 to: Route users to applications, Access web applications,
Amazon Route 53 www.example.com into IP addresses like 192.0.2.1. and Provide a reliable and cost-effective way to route traffic.

What can you do with Amazon VPC?

Create a virtual network: You can define your own network space and control how your network is
exposed to the internet.

Launch AWS resources: You can launch AWS resources like Amazon Elastic Compute Cloud (EC2) and
Amazon Relational Database Service (RDS) instances into your virtual network.
Connect to the internet: You can connect your VPC to the internet by adding an Internet Gateway.
Connect to other VPCs: You can connect your VPC to other VPCs using private IP addresses.
Amazon Virtual Private Cloud (VPC) is a service that allows users to create Connect to data centers: You can connect your VPC to your own data centers using a hardware virtual
virtual networks within the Amazon Web Services (AWS) cloud. It gives private network connection.
users full control over their virtual network, including security, connectivity, Route traffic: You can use route tables to control how network traffic is directed inside your VPC.
Amazon VPC and resource placement. Control security: You can associate security groups with your VPC

Key points about AWS VPN:

Secure remote access:


Enables employees to securely access AWS resources from any location using a VPN client.

AWS VPN, which stands for Amazon Web Services Virtual Private Network, Site-to-site connectivity:
is used to securely connect remote users or on-premises networks to AWS Creates encrypted connections between different physical locations like data centers and branch offices to
cloud resources, allowing them to access data and applications within the communicate securely with AWS.
AWS environment over a private, encrypted connection, essentially creating Managed service:
a "virtual private network" across the internet; it primarily consists of two AWS fully manages the VPN infrastructure, simplifying setup and maintenance.
services: AWS Site-to-Site VPN for connecting data centers to AWS, and OpenVPN based:
AWS VPN AWS Client VPN for remote user access. AWS Client VPN utilizes the OpenVPN protocol for client connections.
What can AWS Artifact be used for?

Download compliance documents


Access and download reports on compliance with ISO, PCI, and SOC standards
Download certifications
Access and download certifications from accreditation bodies that validate the effectiveness of AWS
security controls
Review agreements
Review, accept, and track the status of agreements with AWS, such as the Business Associate
Addendum (BAA)
Submit audit artifacts
Submit AWS Artifact documents to auditors or regulators to demonstrate the security and compliance of
AWS services

How to use AWS Artifact?

Security, AWS Artifact is a service that provides access to AWS security and Go to the AWS Artifact console
Identity, and compliance documents and agreements. It can be used to review, accept, Download and accept legal agreements
17 Compliance AWS Artifact and track agreements, and to download compliance documents Subscribe to notifications about AWS Artifact documents

Key features of AWS Audit Manager:

Automated evidence collection:


Automatically gathers evidence from various AWS services like CloudTrail logs, AWS Config, and
Security Hub to support compliance assessments.

Framework mapping:
Allows you to map your AWS usage to pre-built compliance frameworks like NIST, ISO 27001, and PCI
DSS, or create custom frameworks.
Control assessment:
Review and manage individual controls within a framework, including the ability to upload manual evidence
when needed.
Report generation:
Generate comprehensive audit reports with evidence attached, simplifying the process of sharing
compliance information with auditors.
Collaboration tools:
Facilitate collaboration between different teams involved in compliance assessments, including security,
operations, and compliance personnel.

Important points to remember about AWS Audit Manager:

Not a compliance solution itself:


While it helps collect evidence for compliance, it does not automatically assess your compliance status;
you still need to interpret the evidence and take corrective actions.
AWS Audit Manager is a service used to continuously monitor and assess
compliance with industry regulations and standards by automating the Integrates with other AWS services:
process of collecting evidence from your AWS environment, allowing you to Works seamlessly with other AWS services like Security Hub to gather additional security insights.
easily verify if your cloud infrastructure is adhering to specific security Best suited for:
controls and frameworks, significantly reducing manual effort in audit Organizations looking to streamline the compliance audit process by automating evidence collection and
AWS Audit Manager preparation. reporting.
What ACM does

Provision certificates: Request public and private certificates through ACM

Manage certificates: Centrally manage certificates through the AWS Management Console, AWS CLI, or
ACM APIs
Deploy certificates: Deploy certificates to AWS resources like Amazon CloudFront, Elastic Load Balancers,
and API Gateway
Renew certificates: Automatically renew certificates before they expire
Protect private keys: Use strong encryption and key management best practices to protect private keys

How ACM works

ACM uses Amazon Trust Services (ATS) to issue public certificates

ACM uses AWS Private Certificate Authority (AWS Private CA) to issue private certificates
ACM certificates are X.509 SSL/TLS certificates that bind your website's identity to a public key

You can also import third-party certificates into ACM.


Benefits of ACM

Saves time by eliminating the need to manually purchase, upload, and renew certificates
AWS Certificate Manager AWS Certificate Manager (ACM) is a service that helps you manage and
(ACM) secure SSL/TLS certificates for your AWS applications and resources. Makes it easy to manage certificates for your AWS applications and resources

What it's used for

Data encryption
AWS CloudHSM can be used to encrypt databases, digital content, and payment applications

Digital signatures
AWS CloudHSM can be used to support secure message transmissions and digital signatures
Certificate management
AWS CloudHSM can be used for certificate management and public key infrastructure (PKI)
Identity and auditing
AWS CloudHSM can be used for identity and auditing

How it works

AWS CloudHSM uses tamper-resistant hardware devices to securely store cryptographic key material

The key material is only accessible by the user


AWS CloudHSM can be used to complement existing data protection solutions

Benefits
AWS CloudHSM is a cloud-based hardware security module (HSM) that
allows users to generate, store, and manage encryption keys. It's used to AWS CloudHSM can help users meet corporate, contractual, and regulatory compliance requirements
AWS CloudHSM protect sensitive data and meet compliance requirements. AWS CloudHSM can help users protect their encryption keys
What can you do with Amazon Cognito?

Authenticate users: Users can sign in with usernames and passwords, or with third-party providers like
Google, Facebook, Amazon, or Apple

Authorize users: You can map users to different roles and permissions
Control access: You can control access to your backend AWS resources and APIs
Federate identities: You can federate identities from social identity providers
Synchronize data: You can synchronize data across multiple devices and applications

How does Amazon Cognito work?

It uses risk-based adaptive authentication to evaluate the risk of a sign-in attempt

It checks user credentials against a database of compromised credentials


It generates tokens that contain claims about the identity of the user
It stores passwords securely and meets major compliance standards
Amazon Cognito is a service that helps you manage user identity and access
for your web and mobile apps. It can be used for user sign-up, sign-in, Why use Amazon Cognito?
Amazon Cognito access control, and more. It helps you create branded customer experiences, improve security, and adapt to your customers' needs.

What it does

Analyzes log data


Automatically collects log data from AWS resources

Generates visualizations
Uses machine learning, statistical analysis, and graph theory to create visualizations
Builds finding groups
Creates a graph model that distills information into a single finding group
Provides profiles
Helps analysts determine if a finding is a false positive or a genuine concern
Provides detailed visualizations
Allows users to focus on specific resources, such as IP addresses, AWS accounts, VPCs, and EC2
instances
Builds custom security analytics
Includes a managed Jupyter notebook environment to create custom security analytics

What it can help with

Identifying potential indicators of compromise (IoCs)


Identifying patterns and which resources are impacted by security events
Determining if IAM entities have been compromised
Amazon Detective is a tool that helps identify and investigate security issues Identifying suspicious activity
in Amazon Web Services (AWS). It uses machine learning, statistical Identifying the root cause of security issues
Amazon Detective analysis, and graph theory to analyze log data from AWS resources. Conducting threat hunting
It's used to:

Migrate Active Directory to the cloud


AWS Directory Service allows organizations to move their Active Directory-dependent workloads to the
cloud.

Manage access
Administrators can use AWS Directory Service to manage access to information and resources.
Enhance security and compliance
AWS Directory Service offers robust security features, including end-to-end encryption and compliance
with industry standards.
Streamline cloud migration
AWS Directory Service allows organizations to leverage their existing AD investments, skills, and
applications.
Provide single sign-on (SSO)
AWS Directory Service allows organizations to provide SSO to cloud applications such as Microsoft Office
365.
Manage password policies
AWS Directory Service allows organizations to assign password policies to their users and delegate who
can manage those policies.
Enable multi-factor authentication
AWS Directory Service allows organizations to enable multi-factor authentication.

AWS Directory Service offers multiple directory choices, including:

AWS Microsoft AD (Standard Edition): A primary directory for small and midsize businesses
AWS Directory Service is a managed service that stores information about AWS Microsoft AD (Enterprise Edition): A directory for enterprise organizations
AWS Directory Service an organization's users, groups, computers, and other resources. Simple AD: A standalone managed directory

Key features of AWS Firewall Manager:

Centralized Policy Management:


Define and manage security policies for AWS WAF, VPC security groups, AWS Network Firewall, and
other security services in a single location.

Cross-Account Deployment:
Automatically apply security policies across all accounts within your AWS Organization, even as new
AWS Firewall Manager is a security management service used to centrally accounts and resources are added.
configure and manage firewall rules across multiple AWS accounts within an Compliance Enforcement:
organization, allowing you to define a single set of security policies that are Simplify compliance by enforcing consistent security rules across your entire infrastructure.
automatically applied to all your applications and resources, ensuring Auditing and Monitoring:
AWS Firewall Manager consistent security across your entire infrastructure. Monitor and audit firewall rules across accounts to identify potential security issues.
What does GuardDuty do?

Monitors AWS accounts, workloads, and data for malicious activity

Analyzes data sources like AWS CloudTrail logs, Amazon VPC Flow Logs, and DNS query logs
Generates security findings for visibility and remediation
Uses threat intelligence feeds like lists of malicious IP addresses and domains

What can GuardDuty detect? Anomalous behavior, Credential exfiltration, and Command and control
infrastructure (C2) communication.
How can GuardDuty help?

Helps protect AWS resources, including accounts and access keys


Amazon GuardDuty is a threat detection service that monitors AWS accounts
and workloads for malicious activity. It uses artificial intelligence (AI), Can add insights into DDoS attacks to help AWS Shield fight them
Amazon GuardDuty machine learning (ML), and other methods to identify suspicious activity. Can automatically block DNS threat alerts by deploying a new list on Route 53 Resolver DNS Firewall

Key points about AWS IAM:

Access control:
IAM enables fine-grained control over who can access which AWS services and resources by defining
specific permissions for users, groups, and roles.

User management:
Create and manage user accounts, including their access keys and passwords, to authenticate users
accessing AWS services.
Role-based access:
AWS Identity and Access Management (IAM) is used to securely control who Assign roles to users or applications to grant specific permissions based on their function, allowing for
can access which AWS services and resources within an AWS account, easier access management.
allowing administrators to centrally manage user identities, security Security best practices:
AWS Identity and Access credentials, and permissions to ensure only authorized users can access Promote least-privilege access by defining granular permissions for users and roles to minimize potential
Management (IAM) specific resources on the platform security risks.
What it does

Create or connect user identities in AWS


Manage access to multiple AWS accounts and applications
Scale workforce access within AWS
Support SSO-enabled applications, including AWS accounts, organizations, and third-party applications

How it works

Users can access their assigned AWS accounts and applications with one click

Administrators can establish federation with an identity provider once and manage access to AWS

Supported identity sources


Active Directory, CyberArk, Google Workspace, JumpCloud, Microsoft Entra ID, Okta, OneLogin, and Ping
Identity.
Benefits of SSO

AWS IAM Identity Center (successor to AWS SSO) is used to centrally Reduced password-related security risks
AWS IAM Identity Center manage user access to AWS accounts and applications. It allows users to Centralized authentication, making phishing attacks less effective
(AWS Single Sign-On) log in to all their AWS accounts and applications with one set of credentials. Eliminates password fatigue and lowers IT management overheads
What it scans

Amazon EC2 instances: Scans for vulnerabilities in the operating system and applications

Container images: Scans for vulnerabilities in container images in Amazon ECR


Lambda functions: Scans for vulnerabilities in Lambda function application code

What it does

Identifies vulnerabilities like injection flaws, data leaks, and weak cryptography
Compares system configurations against CIS Benchmarks
Applies security best practices to recommend fixes
Creates detailed reports about issues, called findings

How it works

Uses automated reasoning and machine learning to analyze code

Uses an agent installed in the EC2 instance to scan and report findings

You can manage findings in the Amazon Inspector console or API.


Amazon Inspector is a service that scans AWS workloads for software Limitations
vulnerabilities and unintended network exposure. It's designed to help
Amazon Inspector identify and fix security issues in your AWS organization Amazon Inspector is not a fully comprehensive solution. You may need additional security tools.
You can use AWS KMS to:

Encrypt data stored in AWS services


Digitally sign data in your applications
Control access to keys that decrypt data
Audit who uses which keys and when
Add encryption or digital signature functionality to your applications

AWS KMS integrates with other AWS services, including: Amazon RDS, Amazon S3, and AWS
CloudTrail.
AWS KMS features include: Centralized control over key lifecycle and permissions, Protection of root keys,
Creation of new keys, Separation of key management and key usage, and FIPS 140-2 validated hardware
security modules (HSM).
You can use AWS KMS to:

Create key policies


Monitor keys with CloudWatch
Monitor keys with Amazon EventBridge
AWS Key Management AWS Key Management Service (AWS KMS) helps you create and manage Control access to keys using aliases and tags
Service (AWS KMS) encryption keys to protect your data. Use the AWS Encryption SDK to encrypt and decrypt data locally
What does Amazon Macie do?

Discovers sensitive data


Macie uses built-in criteria and techniques to identify sensitive data in S3 objects. It can also detect
sensitive data in many different formats, including compression and archive formats.

Monitors data security


Macie automatically monitors S3 buckets for security and access control. It generates findings when it
detects potential issues, such as a bucket that becomes publicly accessible.
Provides visibility into risks
Macie provides insights into data access and movement. It also generates findings that categorize issues
as policy findings or sensitive data findings.
Automates protection
Macie can automatically protect against data security risks.

Who can use Amazon Macie?

Enterprises handling sensitive data: Organizations that handle sensitive customer or proprietary
business information, such as financial services, healthcare, and legal firms

How can you use Amazon Macie with other resources?

Amazon Macie is a data security service that helps organizations discover, You can temporarily or permanently move data to Amazon S3 to discover sensitive data stored
monitor, and protect sensitive data in Amazon S3. It uses machine learning elsewhere.
and pattern matching to identify sensitive data and provide automated
Amazon Macie protection. You can use Macie with Komprise to detect sensitive content in on-premises data.

Key points about AWS Network Firewall:

Managed service: You don't need to manage underlying infrastructure, making it easy to deploy and
scale.

AWS Network Firewall is a managed service used to filter and monitor Stateful inspection: Can analyze traffic based on the context of previous packets, providing more granular
network traffic within your Amazon Virtual Private Cloud (VPC), providing a control.
security layer by allowing you to define fine-grained rules to control which Deep packet inspection: Allows examination of the content of packets to identify malicious traffic.
traffic can enter or leave your network, effectively protecting your VPC from Customizable rules: Create specific rules to filter traffic based on your needs.
malicious activity by inspecting and blocking unwanted traffic based on Intrusion prevention system (IPS): Leverages Suricata to detect and block potential attacks.
specific criteria like IP addresses, protocols, and port numbers; essentially Integration with other AWS services: Works seamlessly with other AWS services like Transit Gateway for
AWS Network Firewall acting as a perimeter firewall for your VPC managing cross-VPC traffic.
You can use AWS RAM to:

Share resources: Share resources like subnets, Transit Gateways, and Amazon Route 53 Resolver
rules

Reduce operational overhead: Avoid creating duplicate resources in multiple accounts


Centralize resource management: Create resources in one place and share them across accounts
Manage AWS AppSync GraphQL APIs: Share AWS AppSync GraphQL APIs with other accounts or your
organization

You can use AWS RAM to:

Share resources with other AWS accounts


Share resources with organizational units (OUs)
Share resources with IAM users and roles
Create and manage resource shares from within your Amazon Virtual Private Cloud (VPC)
Transfer resources among accounts

You can get started with AWS RAM by:

Visiting the AWS Resource Access Manager Console


Creating a Resource Share
Specifying resources
Specifying accounts
Sharing your resources
AWS Resource Access AWS Resource Access Manager (AWS RAM) is a service that lets you
Manager (AWS RAM) securely share AWS resources across accounts, organizations, and users. You can also use the AWS CLI and AWS Tools for PowerShell to access AWS RAM.

Key features of AWS Secrets Manager:

Secure storage: Secrets are encrypted using AWS KMS (Key Management Service) for robust security.

Access control: You can define who has access to specific secrets using IAM policies.
Secret rotation: Automate the process of regularly changing passwords and other sensitive credentials.
Versioning: Track changes to secrets with versioning capabilities.
Integration with other AWS services: Easily access secrets from other AWS services like Lambda
functions and EC2 instances.

Common use cases for AWS Secrets Manager:


AWS Secrets Manager is a service used to securely store and manage
sensitive information like passwords, API keys, database credentials, and Storing database credentials for your applications
other confidential data, allowing you to easily rotate and retrieve these Managing API keys for third-party services
secrets throughout their lifecycle without exposing them directly within your Protecting access keys for cloud services
applications or infrastructure; essentially, it helps you centralize and control Securing sensitive configuration settings
AWS Secrets Manager access to your critical secrets across your AWS environment. Implementing a centralized secret management system for your entire AWS environment
Key features of AWS Security Hub:

Automated security checks:


Continuously monitors your AWS environment for misconfigurations and potential security vulnerabilities
based on industry standards and best practices.

Centralized view of security findings:


Aggregates security alerts from various AWS services like GuardDuty, Config, Inspector, and even third-
party security tools into a single dashboard for easier analysis.
Prioritization of security issues:
Helps prioritize security findings based on severity and potential impact.
AWS Security Hub is a cloud security posture management (CSPM) service Compliance checks:
used to provide a centralized view of your AWS security posture by Enables you to assess your compliance against various regulatory frameworks by running automated
automatically checking your resources against security best practices, checks against defined controls.
aggregating security alerts from various AWS services and third-party tools, Integration with other tools:
and presenting them in a standardized format to help you easily identify, Can integrate with ticketing systems, SIEMs, and other security tools to streamline incident response
AWS Security Hub investigate, and remediate security issues across your AWS accounts. workflows.

Features

Automatic detection: AWS Shield automatically detects DDoS events

Inline mitigation: AWS Shield automatically applies pre-configured mitigation strategies to block malicious
traffic
Visibility: AWS Shield provides visibility into DDoS events, including request rates, blocked or allowed
requests, and the effectiveness of specific rules
Support: AWS Shield provides 24/7 support from the Shield Response Team
Integration: AWS Shield integrates with AWS WAF, a web application firewall, to defend against Layer 7
attacks

Tiers

AWS Shield Standard


Automatically enabled for all AWS customers at no additional cost. It provides protection against most
common DDoS attacks
AWS Shield Advanced
An optional paid service that provides additional protection against larger and more sophisticated
AWS Shield is a managed service that protects applications running on AWS attacks
from Distributed Denial of Service (DDoS) attacks. It provides automatic
detection and mitigation of DDoS events, reducing application downtime and Benefits Minimizes application downtime and latency, Provides cost savings for DDoS events, and Allows
AWS Shield latency you to customize application protection.
You can use AWS WAF to:

Block malicious traffic: Create rules to block requests based on conditions like IP addresses, HTTP
headers, or custom URIs

Prevent attacks: Protect against attacks like cross-site scripting (XSS), SQL injection, and cross-site
request forgery
Monitor web requests: Count or monitor web requests based on conditions you define
Prevent account takeover fraud: Monitor login pages for unauthorized access to user accounts
Integrate with other AWS services: Control how Amazon CloudFront, Amazon API Gateway, Application
Load Balancer, or AWS AppSync GraphQL API responds to web requests

You can create custom rules to:

Block requests based on the presence of SQL injection or XSS strings


Block requests based on the length of a request or query string
Block requests that contain a specific string in the User-Agent header or query string parameter

AWS WAF (Web Application Firewall) protects web applications and APIs You can enable AWS WAF protections using: One-click protection in the CloudFront console, A
AWS WAF from attacks by blocking requests before they reach your servers. preconfigured web access control list (ACL), and The AWS WAF APIs.

Benefits of AWS Fargate

Cost: You pay for what you use, and you can save money with spot and compute savings plans.
Agility: You can scale applications up and down quickly.
Focus: You can focus on writing code instead of managing servers.
Scalability: You can scale applications up and down quickly.
Observability: You can integrate with other AWS services like Amazon CloudWatch Container Insights.

How Fargate works

Fargate provisions and manages resources on demand.


Fargate automatically scales resources up and down.
Fargate launches and scales compute resources to match the requirements you specify for the
container.

Fargate compatibility

AWS Fargate is a serverless compute engine that lets you run containers Fargate is compatible with both Amazon ECS and Amazon EKS.
without managing servers. You can use Fargate to build and manage cloud
18 Serverless AWS Fargate applications You can use Fargate with AWS Batch to run containers.
What can AWS Lambda be used for?

App development: Create and run code for apps, websites, and other services

Database management: Manage databases using Lambda functions


Real-time data processing: Process large amounts of streaming data in real time
Backup and restore: Back up and restore data using Lambda functions
E-commerce: Run code for e-commerce websites, such as when a user adds an item to their cart
IoT: Use Lambda functions for Internet of Things (IoT) devices
Big data analytics: Analyze large amounts of data using Lambda functions
Chatbots: Create chatbots using Lambda functions

How does AWS Lambda work?

You upload your code as a ZIP file or container image

Lambda runs your code in response to events, such as HTTP requests or changes to objects in Amazon
S3
AWS Lambda is a serverless compute service that runs code in response to Lambda automatically manages the compute resources, including server maintenance, capacity
events. It's used to create and run backend services and extend other AWS provisioning, and scaling
AWS Lambda services. You only pay for the compute time you use

Key points about AWS Backup:

Centralized management:
You can manage backups for multiple AWS services like EC2 instances, EBS volumes, RDS
databases, DynamoDB tables, and more from a single console.

Automated backup policies:


Set up scheduled backup policies to automatically create backups at regular intervals.
AWS Backup is a fully managed service used to centrally and automatically Backup vaults:
create backups of your various AWS cloud resources, allowing you to easily Backups are stored in secure "backup vaults" which can be encrypted using AWS Key Management
restore data from your cloud services in case of an issue or accidental Service (KMS) keys.
deletion, effectively acting as a data protection solution for your entire AWS Easy restoration:
19 Storage AWS Backup environment. Quickly restore data from backups to your desired state
What it's used for

Long-term data storage


EBS is ideal for data that needs to be available persistently, even when the EC2 instance is shut down.

Scalable storage
EBS allows users to dynamically increase capacity, tune performance, and change the type of volumes.
High availability
EBS offers high availability and low-latency performance within the selected availability zone.

Features

EBS volumes: EBS volumes can be attached, detached, and scaled with any EC2 instance.

EBS snapshots: EBS snapshots are incremental data backups that save on storage costs.
Encryption: EBS volumes can be encrypted transparently to workloads on the attached instance.
Volume types: EBS volumes can be SSD-backed or HDD-backed.

How it works

Amazon Elastic Block Store (EBS) is a cloud-based storage service that Define the configuration of the EBS volume, such as the volume size and type.
Amazon Elastic Block Store stores persistent data for applications, databases, and file systems. It's used Provision the EBS volume.
(Amazon EBS) with the Amazon Web Services (AWS) EC2 cloud service. Attach the EBS volume to an EC2 instance.

Key points about Amazon EFS:

Shared file storage:


The primary function of EFS is to provide a shared file system that can be accessed by multiple AWS
instances simultaneously.

Scalability:
EFS automatically scales storage capacity based on your data needs, growing or shrinking as required
without disrupting applications.
Serverless operation:
You don't need to provision or manage storage capacity with EFS, making it a serverless file storage
solution.
Integration with AWS services:
EFS can be easily integrated with other AWS services like EC2 instances, ECS, EKS, Lambda, and
Fargate.
NFS protocol support:
EFS uses the Network File System (NFS) protocol, which allows existing applications to seamlessly
access data stored on EFS.

Common use cases for Amazon EFS:

Application development environments: Sharing code and configuration files between developers in a
Amazon Elastic File System (Amazon EFS) is a cloud-based file storage team
service used to provide shared, scalable file access across multiple AWS
compute instances, allowing applications to store and access data from a Web server farms: Storing website content and assets accessible by multiple web servers
centralized location without needing to manage storage capacity manually, Content management systems: Managing and storing website content
making it ideal for use cases like application development, content Big data analytics: Providing a central file system for large data sets to be processed by analytics tools
Amazon Elastic File System management systems, big data analytics, and sharing files between servers Home directories: Storing user home directories for a distributed computing environment
(Amazon EFS) within a network. Database backups: Backing up database data to a centralized storage location
What it does

Replicates data: Continuously replicates applications and databases from any supported source to AWS

Automates recovery: Automates the replication of virtual machines and ensures data is continually
synchronized
Enables failover: Enables rapid failover to the AWS cloud when disasters occur
Converts servers: Automatically converts servers to boot and run natively on AWS

Benefits

Saves costs by removing idle recovery site resources


Minimizes downtime and data loss
Allows you to recover applications within minutes

How it works

AWS Elastic Disaster Recovery (DRS) is a service that helps protect critical Uses block-level replication of the underlying server
IT systems by replicating applications and databases to AWS. It's used for
AWS Elastic Disaster Recovery cloud-based disaster recovery of virtual and physical servers. Replicates objects as frequently as every second, providing a nearly up-to-the-minute backup

Use cases

Migrating data: Move data from on-premises to AWS, or migrate Windows file servers to AWS

Accelerating workloads: Consolidate on-premises storage in the cloud to improve performance and data
protection
Building applications: Store data for machine learning, analytics, and HPC applications
Simplifying business continuity: Provide storage for user profiles that can be accessed from Amazon
WorkSpaces and Amazon AppStream 2.0

Features

Scalability
Create file systems that can span multiple availability zones (AZs)

High performance
Provide consistent sub-millisecond latencies and high levels of throughput and IOPS
Security
Integrate with Microsoft Active Directory (AD) and provide administrative features like user quotas and
end-user file restore
Compatibility
Access file systems from Windows, Linux, and MacOS compute instances and devices
Amazon FSx is a file storage service that allows users to store and manage
data in the cloud. It can be used for a variety of purposes, including migrating Amazon FSx can integrate with other Amazon Web Services services, including Amazon S3, Amazon
Amazon FSx data, accelerating workloads, and building applications CloudWatch, and Amazon KMS.
Use cases

Data lakes: Store shared datasets that can be accessed by different applications, teams, and individuals
Cloud applications: Store data for cloud-native applications
Mobile apps: Store data for mobile and gaming applications
Big data analytics: Store data for big data analytics tools
Media hosting: Store images, videos, and music files
Website hosting: Store data for websites
Data backup: Store data for data backup and disaster recovery
Log file storage: Store log files
Data archiving: Store data for data archiving

Features

Scalability: Store any amount of data


Security: Set permissions on objects and metadata
Performance: High throughput and low latency
Availability: Designed to deliver 99.99% availability
Cost-effective: Cost-effective storage classes
Easy to use: Easy-to-use management features

Amazon Simple Storage Service (S3) is used to store, manage, and retrieve How it works
data. It's an object storage service that can be used for a variety of purposes, S3 stores data as objects within buckets. You can upload a file to a bucket, set permissions, and control
Amazon S3 including data lakes, cloud applications, and mobile apps. access to the bucket.

Use cases

Image hosting: Store images that are rarely accessed but need immediate access

Online file sharing: Store files that are rarely accessed but need immediate access
Medical imaging: Store medical imaging and health records that are rarely accessed but need immediate
access
News media: Store news media assets that are rarely accessed but need immediate access
Genomics: Store genomics data that is rarely accessed but need immediate access
Video quality content: Store video quality content that has unpredictable access patterns

Features

Data durability: Designed for 99.999999999% (11 nines) of data durability

Scalability: Virtually unlimited scalability


Storage classes: Includes Instant Retrieval and Deep Archive storage classes
Amazon S3 Glacier is a cloud storage service that archives data. It's S3 Object Lock: Store objects using a write-once-read-many (WORM) model
designed to provide low-cost, high-performance storage with flexible retrieval Vaults: Create containers for archives, which can be controlled through IAM policies
Amazon S3 Glacier options. Archives: Store large amounts of data up to 40TB in size
What it does:

Stores data: Users can store data in the cloud or on-premises.

Runs applications: Users can run applications in a hybrid environment.


Backs up data: Users can back up data to the cloud.
Optimizes data transfer: Users can send only changed data and compress data.
Secures data: Users can encrypt data at rest in the cloud.
Manages access: Users can manage access to services and resources.

How it works:

Storage Gateway can be deployed as a virtual machine (VM) or as an Amazon EC2 instance.

Storage Gateway integrates with standard storage protocols like iSCSI, SMB, and NFS.
Storage Gateway caches frequently accessed data on-premises for low-latency access.

Benefits:

Storage Gateway can reduce costs by using existing on-premises hardware and software.

AWS Storage Gateway is a hybrid cloud storage service that allows users to Storage Gateway can be integrated into existing IT environments.
access cloud storage from their on-premises infrastructure. It's used to store Storage Gateway can provide consistent and predictable performance.
AWS Storage Gateway and retrieve data, run applications, and back up data.
The AWS Knowledge Center is a resource that answers common questions
from AWS customers. It covers topics across all AWS services.
What it's used for

Finding answers
The Knowledge Center helps customers find answers to common
questions about AWS services.

Learning
The Knowledge Center provides information on how to troubleshoot issues,
resolve errors, and more.
Sharing feedback
Users can provide feedback on articles, upvote or downvote them, and share
their comments with the community.

Where to find it

The Knowledge Center is now part of AWS re:Post, a cloud knowledge


service.
You can access the Knowledge Center by visiting re:Post.

What it includes

Articles and videos on common questions and requests

Content in multiple languages, including English, French, German, Italian,


Japanese, Korean, Portuguese, Simplified Chinese, Spanish, and Traditional
AWS knowledge Center Chinese

The AWS Partner Network (APN) is a global community of businesses that


utilize Amazon Web Services (AWS) technologies and expertise to develop
and sell cloud-based solutions to customers, essentially allowing companies
to leverage AWS services to build and market their own products while
accessing support and benefits from AWS to enhance their offerings and
reach new clients.
Key points about AWS Partner Network:

Building solutions with AWS:


Partners can use AWS services like compute, storage, database, and
machine learning to create customized solutions for their clients.

Market reach and customer access:


AWS provides partners with access to its customer base through marketing
initiatives and a partner directory, helping them reach potential clients.
Technical support and training:
AWS offers partners with training and technical support to ensure they can
effectively implement and utilize its services.
Partner tiers and competencies:
Partners can achieve different tiers based on their expertise and commitment
to AWS, unlocking additional benefits like marketing funds and access to
AWS Partner Network exclusive programs.
AWS Prescriptive Guidance is a framework of tools, strategies, and best
practices to help organizations migrate to the cloud, modernize their
systems, and optimize their operations. It can also help with other initiatives,
such as security projects and cloud-native initiatives.
What it includes

Strategies
Business perspectives, methodologies, and frameworks for cloud
migration and modernization
Guides
Guidance for planning and implementing strategies, with a focus on best
practices and tools
Patterns
Steps, architectures, tools, and code for implementing common migration,
optimization, and modernization scenarios

How it can be used

Improve IT staff skills


Build confidence with methodology, processes, and tooling to improve IT
staff's skill and competency for migration

Define and automate security policies


Define and automate security, risk, and compliance policies to accommodate
operational controls
Establish a cloud operating model
Establish your cloud operating model and run applications in production
capacity
Accelerate cloud adoption
AWS Prescriptive Guidance Accelerate cloud adoption through culture, change, and leadership

AWS Pricing Calculator is a free web-based planning tool that you can use to
create cost estimates for using AWS services. You can use AWS Pricing
Calculator for the following use cases:

Model your solutions before building them

Explore AWS service price points

Review the calculations behind your estimates

Plan your AWS spend

AWS Pricing Calculator Find cost saving opportunities


AWS Professional Services helps customers adopt and optimize cloud
solutions. It provides expertise in areas such as architecture, design,
development, and implementation.
What AWS Professional Services can help with?

Cloud adoption
AWS Professional Services helps customers achieve specific outcomes
related to cloud adoption.

Security
AWS Professional Services helps customers secure applications and data
within the cloud.
Performance
AWS Professional Services helps customers improve the performance of
their cloud environment.
Risk management
AWS Professional Services helps customers reduce risk by providing robust
cloud security architectures and risk management practices.
Time to value
AWS Professional Services helps customers shorten their time to value by
providing best practices and documentation.

How AWS Professional Services works?

AWS Professional Services works with customers and AWS partners.


AWS Professional Services provides strategic advice, technical proof of
concepts, and engagement frameworks.
AWS Professional Services helps customers clarify business objectives
AWS Professional Services and balance customer needs with team needs.

AWS re:Post is a question and answer (Q&A) service that helps AWS
customers solve technical issues, innovate, and operate efficiently. It's a
community-driven service that provides expert-reviewed answers to
questions about AWS.
What can you use AWS re:Post for?

Ask questions
You can ask questions about designing, building, deploying, and operating
workloads on AWS.

Get answers
You can get answers from community experts, including AWS customers,
partners, and employees.
Build an organization-specific cloud community
You can use AWS re:Post Private to build a private space for your
AWS re:Post organization to share knowledge resources.
AWS SDKs (Software Development Kits) are used to easily integrate
Amazon Web Services (AWS) functionalities into your applications by
providing a set of libraries and tools that allow you to interact with various
AWS services like S3, EC2, DynamoDB, etc., directly within your preferred
programming language, simplifying the process of building cloud-based
applications without having to write complex low-level API calls directly.
Key points about AWS SDKs:

Accessibility:
They provide a user-friendly interface to access AWS services, making it
easier for developers to work with the cloud.

Language-specific:
AWS offers SDKs for various programming languages like Python (Boto3),
Java, JavaScript, C#, etc., allowing developers to use familiar syntax and
constructs.
Feature-rich:
Each SDK includes functionalities for managing credentials, handling error
scenarios, retry mechanisms, and data serialization, streamlining
development.
Common operations:
You can perform operations like creating instances, uploading files to S3,
querying databases, managing user access, and more using AWS SDKs.

Example use cases:

Building a web application:


Use the AWS SDK for Python to store user data in DynamoDB from your
web application.

Data processing pipeline:


Develop a script using the AWS SDK for Java to automatically transfer data
from S3 to a Redshift database.
Serverless function:
Leverage the AWS SDK for JavaScript to interact with various AWS services
AWS SDK within a Lambda function.

The AWS Security Blog provides information about AWS security and
compliance. It includes content from AWS team members on a variety of
topics, such as security best practices, how-to guides, and compliance
milestones.
What you can learn from the AWS Security Blog

Security best practices: Learn how to secure AWS services like Amazon
EC2, Amazon S3, and AWS IAM

How-to guides: Learn how to perform specific tasks related to AWS security
Compliance milestones: Learn about compliance milestones for AWS
services
Customer and partner stories: Learn about the experiences of AWS
customers and partners
Real-world solutions: Learn how AWS security specialists solve real-world
problems
AWS Security Blog Event coverage: Learn about AWS security events
AWS Security Hub is a cloud security posture management (CSPM) service
that helps you assess and improve the security of your AWS resources. It
does this by:

Performing security checks: AWS Security Hub automatically checks your


AWS resources against security best practices and industry standards

Aggregating alerts: It collects security alerts from AWS and third-party


services
Prioritizing alerts: It prioritizes alerts so you can investigate and remediate
them more easily
Suggesting remediation steps: It suggests steps you can take to improve
your security
Helping you identify misconfigurations: It helps you identify misconfigurations
in your AWS resources
Helping you identify compromised accounts: It helps you identify
compromised accounts by comparing predicted and actual risk scores
Helping you reduce false positives: It helps you reduce false positives by
filtering out known good behavior

You can use AWS Security Hub to: Assess your security state, Identify
security issues, Manage your security state, Automate remediation, and
AWS Security Center Integrate with other AWS services.

The AWS Support Center provides technical support and guidance for
Amazon Web Services (AWS) customers. It helps customers with technical
issues and operating their AWS cloud infrastructures.
Features

Basic Support
Includes 24/7 access to one-on-one responses, support forums, service
health checks, and documentation

Trusted Advisor
Allows users to request Trusted Advisor checks, view results, and refresh
checks
Incident Detection and Response
An add-on to Enterprise Support that offers 24/7 proactive monitoring and
incident management

How to access

Sign in to the AWS Management Console


Use your AWS account email address and password

Support tools

AWS Support tools use API calls to gather information about AWS
resources
AWS Support uses an AWS Identity and Access Management (IAM)
service-linked role to increase transparency and auditability of support
AWS support center activities
Amazon Web Services (AWS) Support plans provide customers with
technical support and guidance for using AWS products and services.
What do AWS Support plans include?

Technical support: One-on-one support from experienced technical


support engineers

Architectural support: Guidance on how to use AWS products, features, and


services together
Customer service: Access to customer service, documentation, whitepapers,
and support forums
Incident detection and response: Proactive monitoring and incident
management for selected workloads
Environment health management: Tools and technology to automatically
manage the health of a customer's environment

What are the different AWS Support plans?

Basic: A basic support plan


Developer: A support plan that includes enhanced technical support and
architectural support
Business: A support plan for businesses
Enterprise: A support plan that includes 24/7 technical support and
environment health management

Customers can choose a support plan tier that meets their specific
AWS Support plans requirements.
The AWS Well-Architected Framework is a crucial resource for designing,
building, and operating secure, reliable, performant, and cost-effective
systems in the AWS Cloud. It provides a consistent approach to evaluating
architectures and implementing best practices. It's not a checklist, but rather
a set of guiding principles and questions to help you make informed
decisions.

Five Pillars of the Well-Architected Framework:

Operational Excellence: Focuses on running and monitoring systems to


deliver business value and continually improve processes. 1 Key aspects
include:
Automation: Automating changes, testing, and deployments.
Monitoring: Gaining insight into your systems through logs, metrics, and
alerts.
Change Management: Implementing controlled processes for changes.
Incident Management: Effectively responding to and recovering from
incidents.

Security: Focuses on protecting information and systems. Key aspects


include:
Confidentiality: Protecting data from unauthorized access.
Integrity: Ensuring data is accurate and complete.
Availability: Ensuring systems are available when needed.
Access Control: Managing who has access to what resources.
Security Best Practices: Implementing security best practices across all
layers.

Reliability: Focuses on the ability of a system to recover from disruptions


and continue operating as intended. Key aspects include:
Fault Tolerance: Designing systems to withstand component failures.
Recovery: Quickly recovering from failures.
Testing: Regularly testing recovery procedures.

Performance Efficiency: Focuses on using computing resources efficiently


to meet requirements and maintain performance as demand changes. Key
aspects include:
Selection: Choosing the right resources for the job.
Review: Regularly reviewing resource utilization.
Trade-offs: Understanding performance trade-offs.

Cost Optimization: Focuses on avoiding unnecessary costs while still


delivering business value. Key aspects include:
Expenditure Awareness: Understanding where your money is being
spent.
Cost-Effective Resources: Selecting the most cost-effective resources.
Matching Supply and Demand: Scaling resources to match demand.
Optimizing Over Time: Continuously improving cost efficiency.

Key Concepts and Best Practices (Across Pillars):

Principle of Least Privilege: Grant only the necessary permissions.


Defense in Depth: Employ multiple layers of security controls.
Automation: Automate as much as possible.
Monitoring and Logging: Implement comprehensive monitoring and
logging.
Infrastructure as Code (IaC): Manage infrastructure through code.
Regular Reviews: Regularly review your architectures.
Continuous Improvement: Continuously improve your systems based on
feedback and data.

How to Use the Well-Architected Framework:

AWS Well-Architected Tool: This free tool helps you review your
workloads against the Well-Architected Framework. It provides a series of
questions and generates a report with recommendations.
Well-Architected Reviews: Engage with AWS Solutions Architects or Well-
Architected Partners to conduct in-depth reviews of your architectures.

You might also like