AWS Services List and CLF02 Content - Services and Usage-1
AWS Services List and CLF02 Content - Services and Usage-1
Runs big data frameworks like Apache Spark and Apache Hadoop
Processes data for analytics and business intelligence
Moves data into and out of other AWS data stores and databases
Automates tasks like provisioning capacity and tuning clusters
How it works
Uses open-source tools like Apache Hive, Apache Flink, and Apache HBase
Amazon EMR (Elastic MapReduce) is a cloud-based platform that allows Processes data across a Hadoop cluster of virtual servers on Amazon Elastic Compute Cloud (EC2) and
users to process and analyze large amounts of data. It's a tool from Amazon Amazon Simple Storage Service (S3)
AWS EMR Web Services (AWS). Allows users to increase or reduce resources based on their needs
AWS Data Exchange makes it easy to find, subscribe to, and use third-party
AWS Data exchange data in the cloud.
Features:
Data catalog: A central repository for data that can be read using the AWS console or API.
ETL engine: Automatically generates Python code to extract, transform, and load data
Scheduler: Handles job monitoring, dependency resolution, and retries
AWS Glue is a serverless data integration service that helps users prepare, Custom visual transforms: Allows users to define, reuse, and share ETL logic
move, and integrate data from multiple sources. It's used for analytics, Pay-as-you-go billing: Scales for any data size without the need to manage infrastructure
AWS Glue machine learning, and application development. Open-source: Uses Deequ, an open-source framework built by Amazon
What it does
Amazon Kinesis is a cloud-based service that processes and analyzes large Acts as a middleman between data generating sources and other applications or services
amounts of streaming data in real time. It's a family of services that allows
developers to build applications that can consume data from multiple sources Stores data in shards within data streams
Amazon Kinesis at once Allows users to replay and consume data as needed during the retention period
Amazon Managed Streaming for Apache Kafka (Amazon MSK) is a
streaming data service that manages Apache Kafka infrastructure and
operations, making it easier for developers and DevOps managers to run
Apache Kafka applications and Apache Kafka Connect connectors on
AWS—without becoming experts in operating Apache Kafka. Amazon MSK
operates, maintains, and scales Apache Kafka clusters, provides enterprise-
grade security features out of the box, and has built-in AWS integrations that
Amazon MSK accelerate development of streaming data applications.
Amazon OpenSearch Service (OpenSearch Service) makes it easy to
deploy, secure, operate, and
scale OpenSearch to search, analyze, and visualize data in real-time. With
Amazon OpenSearch
Service, you get easy-to-use APIs and real-time analytics capabilities to
power use-cases such as
log analytics, full-text search, application monitoring, and clickstream
analytics, with enterprise-
Amazon Opensearch service grade availability, scalability, and security.
Amazon QuickSight is a fast, cloud-powered business intelligence (BI)
service that makes it easy
for you to deliver insights to everyone in your organization. QuickSight lets
you create and publish
interactive dashboards that can be accessed from browsers or mobile
AWS quicksight devices.
Amazon Redshift is the most widely used cloud data warehouse. It makes it
fast, simple and cost-
effective to analyze all your data using standard SQL and your existing
Business Intelligence (BI)
tools. It allows you to run complex analytic queries against terabytes to
petabytes of structured
and semi-structured data, using sophisticated query optimization, columnar
storage on high-
AWS Redshift performance storage, and massively parallel query completion.
Features
Real-time and asynchronous communication: Customers and agents can interact through chat, SMS,
and messaging
Toll-free and direct call numbers: Users can host both types of phone numbers in a single instance
AI-powered customer interactions: Amazon Connect uses AI to help with customer interactions
Task automation: Managers can use workflows to automate tasks that don't require agent interaction
Amazon Connect is a self-service, omnichannel cloud contact center service Integration with core systems: Amazon Connect can integrate with other core systems
that makes it easy
for any business to deliver better customer service at lower cost. Amazon Benefits
Connect is based on
the same contact center technology used by Amazon customer service Cost-effective: Amazon Connect offers pay-as-you-go pricing
associates around the Scalable: Amazon Connect is tailored for scalability
Business world to power millions of customer conversations. It provides tools for Security and compliance: Amazon Connect offers uncompromising security and compliance
Application setting up and running a contact center, including chat, SMS, and messaging Data-driven insights: Amazon Connect provides data-driven insights
3 s Amazon Connect capabilities. Continuous updates: Amazon Connect is continuously updated and innovated
Amazon Simple Email Service (Amazon SES) is a cost-effective, flexible,
and scalable email service
that enables developers to send mail from within any application. You can
configure Amazon
SES quickly to support several email use cases, including transactional,
marketing, or mass email
Amazon SES communications.
AWS Billing Conductor is a fully managed service that can support the
showback and chargeback
workflows of AWS Solution Providers and Enterprise customers. Using AWS
Billing Conductor, you
can customize your monthly billing data. The console models the billing
Cloud relationship between you
Financial and your customers or business units. You can also customize a pro forma
Managemen version of your billing
4 t AWS Billing Conductor data each month to accurately show or charge back your customers.
AWS Budgets gives you the ability to set custom budgets that alert you when
your costs or usage
exceed (or are forecasted to exceed) your budgeted amount. You can also
use AWS Budgets to set
RI utilization or coverage targets and receive alerts when your utilization
drops below the threshold
you define. RI alerts support Amazon EC2, Amazon RDS, Amazon Redshift,
and Amazon ElastiCache
AWS Budgets reservations.
The AWS Cost and Usage Report is a single location for accessing
comprehensive information
about your AWS costs and usage.
The AWS Cost and Usage Report lists AWS usage for each service category
used by an account
and its IAM users in hourly or daily line items, as well as any tags that you
have activated for cost
allocation purposes. You can also customize the AWS Cost and Usage
Report to aggregate your
AWS Cost and Usage Report usage data to the daily or monthly level.
AWS Cost Explorer has an easy-to-use interface that lets you visualize,
understand, and manage your AWS costs and usage over time. Get started
quickly by creating custom reports that analyze cost and usage data.
Analyze your data at a high level (for example, total costs and usage across
all accounts), or dive deeper into your cost and usage data to identify trends,
AWS Cost Explorer pinpoint cost drivers, and detect anomalies.
AWS Marketplace is a curated digital storefront helping companies of all
sizes find, try, buy, deploy, and manage solutions from AWS Partners.
Speed up product evaluation, improve governance, enhance cost
transparency, and reduce SaaS sprawl with centralized billing and
AWS Marketplace management on AWS.
AWS Activate is a free program that helps startups get started on AWS and
grow their business. It provides startups with:
Technical support: One-on-one support from experienced engineers for technical issues and operational
problems
Proactive planning: Help with planning and communications to help customers achieve their business
goals
Best practices: Guidance on best practices for using AWS products and services
Troubleshooting: Help with troubleshooting issues
Workload reviews: Reviews of cloud operations to help customers optimize costs and scale workloads
AWS Trusted Advisor: Checks for security gaps, service limits, and other issues to help customers
improve performance and save money
Basic Support: Free access to the Resource Center, Service Health Dashboard, Product FAQs, and
Discussion Forums
Features:
Compatibility
Aurora is compatible with MySQL and PostgreSQL, so existing applications and tools can run without
modification
Storage engine
Aurora's storage engine is distributed across multiple AWS Availability Zones (AZs)
Global database
Amazon Aurora is a relational database service from Amazon Web Services Aurora Global Database can span multiple AWS Regions, allowing for disaster recovery
(AWS) that combines the speed of commercial databases with the cost- Serverless
effectiveness of open-source databases. It's available as part of the Amazon Aurora DSQL is a serverless distributed SQL database with high availability and no infrastructure
8 Database AWS Aurora Relational Database Service (RDS). management
Features:
Benefits:
Amazon DynamoDB is a fully managed, serverless, NoSQL database DynamoDB allows customers to offload administrative burdens to AWS
service from Amazon Web Services (AWS). It's designed to support high- DynamoDB allows customers to develop modern applications at any scale
Amazon Dynamo DB performance applications at any scale. DynamoDB allows customers to pay only for what they use
Features
Use cases
Amazon MemoryDB for Redis is a fully managed, in-memory database Building high-performance applications for microservices architectures
service that's compatible with Redis OSS. It's designed to provide high Building applications that require low latency, high throughput, and durability
Amazon MemoryDB for Redis performance, durability, and scalability for modern applications. Building applications that require microsecond read and single-digit millisecond write performance
Features:
Graph database engine: A high-performance engine that can store billions of relationships and query
them quickly
Graph analytics database engine: Analyzes large amounts of graph data to find trends and insights
Graph machine learning (ML): Uses the Deep Graph Library (DGL) to automatically train and choose the
best ML model for a workload
Visualization tools: Helps users visualize graph data
Built-in security: Includes continuous backups and the ability to encrypt data at rest
Scalability: Supports fast-failover, point-in-time recovery, and Multi-AZ deployments
Use cases:
recommendation engines, fraud detection, knowledge graphs, drug discovery, network security, and social
Amazon Neptune is a fully managed graph database service from Amazon networking.
Web Services (AWS). It's designed to help users work with graph data, such Query languages: Gremlin, openCypher, and SPARQL.
Amazon Neptune as relationships between datasets Compatibility: HIPAA eligible, PCI compliance, and ISO certification
Features
Scalability
Users can scale the compute resources or storage capacity of their database instance
Replication
Users can use replication to improve data durability, enhance database availability, or scale beyond the
capacity of a single database instance
Automated backups
Users can specify the time and duration of the backup process, and choose how long to retain backups
Automated patching
Users can maintain the database's high performance, reliability, and security
Cost-efficient
Users only pay for the resources they use, with no upfront investments required
Supported databases
Features
Automate tasks: Run scripts to automate tasks across your AWS resources
Access AWS services: Use the CLI to perform the same functions you can do through the AWS
Management Console
Use from any operating system: Run commands on Linux, macOS, and Windows
Run remotely: Use a remote terminal program like PuTTY or SSH to run commands on Amazon EC2
The AWS Command Line Interface (CLI) is an open-source tool that lets you instances
AWS CLI manage your AWS services using commands in your terminal
Features:
Code editing: Supports many programming languages, including JavaScript, Python, PHP, Ruby, Go,
and C++
Debugging: Includes runtime debuggers and breakpoints
Terminal: Provides access to a terminal when using a Cloud9 environment
Syntax highlighting: Automatically highlights syntax for different languages
Code completion: Automatically completes code snippets and identifiers
Line numbers: Displays line numbers, errors, and warnings
Real-time language analysis: Analyzes JavaScript code in real-time
Code reformatting: Reformats JavaScript code
Refactoring: Refactors JavaScript code
Benefits:
AWS Cloud9 is a cloud-based integrated development environment (IDE) No need to install programs or configure a development machine
that allows users to write, run, and debug code. It's available through a Full sudo privileges and a preauthenticated AWS Command Line Interface (AWS CLI)
AWS cloud9 browser on any machine Integrates with AWS CodeStar, which provides tools for deploying applications to AWS
AWS CloudShell is a browser-based shell that lets you manage and interact
with AWS resources. You can use it to run scripts, experiment with APIs, and
AWS cloudshell more.
What can you do with AWS CodeArtifact?
Store packages
Store an unlimited number of packages of any size in a CodeArtifact repository
Share packages
Publish private packages to share proprietary software components with other teams
Consume open-source packages
Connect a private CodeArtifact repository to a public repository, like npmjs.com, to fetch and store
packages on demand
Use with build tools and package managers
Use CodeArtifact with build tools like Maven, Gradle, and npm
CodeArtifact automatically fetches and stores packages from public repositories when requested by a
package manager
You can use the AWS Command Line Interface (AWS CLI) to manage the process
AWS CodeArtifact is a service that allows organizations to store, share, and
publish software packages for application development. It's a fully managed What types of packages can you store?
AWS Codeartifact artifact repository that works with popular package managers and build tools. npm/Yarn, pip/twine, Maven/Gradle, NuGet, RubyGems, SwiftPM, Generic, and Cargo.
Features:
Scalability: CodeBuild automatically scales up and down to accommodate your build volume.
How it works:
AWS CodeBuild is a cloud-based service that compiles source code, runs
tests, and packages the code for deployment. It's a fully managed Specify the location of your source code.
continuous integration service, so you don't need to manage or scale your Choose your build settings.
AWS Codebuild own build servers. CodeBuild runs build scripts to compile, test, and package your code.
Features
How it works
You can use CodeCommit to store source code, documents, and binary files
You can create a commit by making changes to your code on your local computer and then running a
command at the terminal or command line
CodeCommit can be used with AWS CodePipeline and AWS CodeBuild to automatically deploy code
changes
Benefits
AWS CodeCommit is a service that helps teams collaborate on code by
storing and managing source code in the cloud. It's a managed source Eliminates the need to operate your own source control system
control service that's part of Amazon Web Services' (AWS) developer tools Reduces the need to provision and scale hardware
AWS Codecommit suite. Reduces the need to install, configure, and operate software
Benefits
Avoids downtime: Rolling updates and deployment health tracking help avoid downtime during
deployments.
How to use
Specify the files to copy and the scripts to run on each instance during the deployment.
Integrate application deployments with existing software delivery processes or into a continuous delivery
toolchain.
AWS CodeDeploy is a service that automates the deployment of applications Related services
to Amazon EC2 instances, on-premises instances, and other compute AWS CodeDeploy can be used in conjunction with other AWS deployment services such as AWS
AWS Codedeploy services. It can also be used to update applications. CodeStar and AWS CodePipeline.
How does it work?
You model and configure the stages of your software release process
You define a release model
CodePipeline automatically builds, tests, and deploys code whenever there's a code change
You can use the AWS CLI or the Amazon Console to build, test, and deploy code
AWS CodePipeline is a service that automates the process of building, It helps you accelerate software development and release cycles
testing, and deploying code. It's part of a set of AWS tools that help with It automates the CI/CD process
AWS Codepipeline continuous integration and continuous delivery (CI/CD) It provides flexibility and integration capabilities
Features:
Benefits:
AWS CodeStar is a cloud-based service that helps users develop, build, and
deploy applications on AWS. It provides a unified user interface and project Helps development teams release applications faster
templates to simplify the process of setting up and managing software Makes it easy for teams to work together securely
AWS Codestar development. Integrates with other AWS services, like AWS Lambda and Amazon EC2
How it works
It groups requests into traces, which are then used to generate a service graph
The service graph provides a visual representation of the application
Developers can use the graph to identify issues and opportunities for optimization
What it supports
AWS X-Ray is a service that helps developers analyze and debug Instrument your application to send trace data for incoming and outbound requests
applications by providing a view of how requests move through an Use SDKs, agents, and tools to instrument your application
AWS x-ray application. It can be used to identify and fix performance issues and errors Choose a trace sampling rate
Features
Centralized management: Manage desktop applications in one place and securely deliver them to users
Amazon AppStream 2.0 is a cloud-based service that allows users to access Benefits Simplifies application management, Improves security, Reduces costs, Supports a wide range of
desktop applications and software-as-a-service (SaaS) applications from any user types, and Can be used to convert desktop applications to SaaS.
End User computer. It's a fully managed service that's built on Amazon Web Services Use cases Streaming 3D design and engineering apps, Providing virtual test drives and demo
10 Computing Amazon AppStream 2.0 (AWS) environments, Delivering training for software applications, and Helping students with remote learning
Features:
Virtual desktops: Users can access virtual desktops from any supported device, including web browsers.
Operating systems: WorkSpaces can run Microsoft Windows, Amazon Linux 2, Ubuntu Linux, Rocky
Linux, or Red Hat Enterprise Linux.
Cost: Users pay only for the WorkSpaces they deploy, either monthly or hourly.
Scalability: Organizations can quickly scale to provide thousands of desktops to workers across the world.
Security: WorkSpaces is a secure cloud desktop service.
Types of WorkSpaces:
WorkSpaces Personal
A persistent virtual desktop for users who need a highly-personalized desktop
WorkSpaces Pools
Amazon WorkSpaces is a cloud-based virtual desktop infrastructure (VDI) A non-persistent virtual desktop for users who need access to a curated desktop environment
service that provides users with access to applications and data. It's a fully
managed service that allows organizations to provision virtual desktops for Benefits: Eliminates the need for hardware procurement and deployment, Simplifies desktop delivery
Amazon WorkSpaces users based on their needs. strategy, and Helps optimize costs and maximize productivity.
Features
Secure
WorkSpaces Web isolates websites in an AWS container and streams pixels to the user's browser. This
prevents potentially compromised devices from connecting to internal servers.
Pay-as-you-go
WorkSpaces Web has low, predictable pricing, with no up-front costs, licenses, or long-term commitments.
Accessible from any device
Users can access WorkSpaces Web from a variety of devices, including desktops and mobile devices.
Use cases
Amazon WorkSpaces Web is a service that allows users to access internal Add a free trial to your AWS account
websites and software-as-a-service (SaaS) apps through a web browser. It's Visit the Amazon WorkSpaces Secure Browser Console
Amazon WorkSpaces Web a part of Amazon WorkSpaces, a cloud-based virtual desktop service. Create a web portal
What it does
Simplifies development
AWS Amplify helps developers focus on creating user experiences and features instead of infrastructure
management.
Accelerates development
AWS Amplify includes built-in CI/CD workflows to speed up the application release cycle.
Connects front-end and back-end
AWS Amplify provides a seamless bridge between front-end and back-end development.
Stores data
AWS Amplify allows developers to store user files on AWS, such as photos, audio, and video.
What it includes
Open-source framework: Includes libraries, UI components, and a command line interface (CLI)
Use cases
Benefits
How it works
Developers can upload their apps and test scripts to Device Farm
Web applications: Developers can test their web apps on desktop browsers using Selenium
Mobile applications: Developers can test their apps on real Android and iOS devices
Benefits
AWS Device Farm is a service that allows developers to test their web and
mobile applications on real devices hosted by Amazon Web Services (AWS). Developers can save time by running tests in parallel
It helps developers improve the quality of their apps, and speed up time to Developers can quickly identify issues with their apps
AWS Device Farm market. Developers can debug and reproduce customer issues
Features
Device Shadow: Creates a virtual version of each device, including its current and expected future
states. This allows applications to interact with devices even when they're offline.
Registry: Assigns a unique identity to each device and tracks metadata about it.
Message broker: Uses a publish/subscribe model to send and receive data from devices.
Protocols: Supports protocols like MQTT, HTTP 1.1, and WebSockets.
Use cases
Industrial IoT
Monitor and manage industrial operations, and build applications for maintenance, quality, and remote
operation
Home automation
Create connected applications for home security, networking, and automation
Automotive
Develop solutions for connected, autonomous, shared, and electric vehicles
Commercial applications
Design applications for traffic monitoring, health monitoring, and public safety
Pricing
Features:
Local processing: Devices can process data locally, and only send necessary information to the cloud
Machine learning: Devices can use machine learning models to make predictions
Secure communication: Devices can communicate securely with other devices and AWS services
Remote management: Software can be remotely managed and operated without needing a firmware
update
Prebuilt components: Prebuilt components can be used to speed up application development
AWS IoT Greengrass is a cloud service and open source edge runtime that
helps users build, deploy, and manage software for Internet of Things (IoT) Benefits: Build modular components faster, Program devices to transmit high-value data, React
devices. It enables devices to collect, analyze, and act on data locally, and autonomously to local events, and Export IoT data to the AWS Cloud.
AWS IoT Greengrass communicate with other devices and AWS services. Supported runtimes: Python, Node.js, and Java.
Amazon Comprehend is a natural language processing (NLP) service that
uses machine learning (ML) to extract insights from text. It provides pre-
trained and custom APIs that can be used to: How it works
Features:
Natural language processing: Uses semantic and contextual similarity to understand the meaning of a
query
Use cases:
How it works:
Create an index
Add data sources
Test search
Deploy search in your application
Amazon Kendra is a search service that uses machine learning to help users Use natural language to ask a question
find information across their organization. It's designed to help developers Receive relevant results
Amazon Kendra add search capabilities to their applications. Refine results using filters or feedback
How it works
It uses Generative AI and Large Language Models (LLMs) to enhance the customer experience
It uses deep learning to convert speech to text
How to set it up
Accessibility: Amazon Polly can be used to create accessibility applications for people who are visually
impaired.
How it works
Amazon Polly uses deep learning technologies to convert text into speech.
Amazon Polly is a cloud service that converts text into speech. It's used to You can integrate the Amazon Polly API into your existing applications.
Amazon polly create speech-enabled applications and products You can use it to convert articles, web pages, and PDF documents.
Here are some ways Amazon Rekognition can be used:
What it does
Prepares data: Users can prepare large amounts of structured and unstructured data
Trains models: Users can train models using built-in training algorithms or custom algorithms
Deploys models: Users can deploy models for predictive analytics applications
Automates model creation: Users can use SageMaker Autopilot to automatically inspect data, select
algorithms, and train models
Manages access: Users can control access to data, models, and development artifacts
Who uses it Data scientists, Business analysts, and Companies looking for a managed environment for ML
workloads.
Amazon SageMaker is a managed service in Amazon Web Services (AWS) How it's used
that helps users build, train, and deploy machine learning (ML) models. It's
used for predictive analytics applications, such as advanced analytics for Companies like Elevance Health and JPMorgan Chase & Co. use SageMaker for ML and data science
Amazon SageMaker customer data and back-end security threat detection. platforms
What it does
How it works
Uses optical character recognition (OCR) technology to identify characters, words, and letters
Uses advanced machine learning to identify the contents of fields in forms and information stored in tables
Where it's used Extracting information from tax documents, Generating marketing materials, and
Generating flash reports.
How to access it
Amazon Textract is a machine learning (ML) service that extracts text,
handwriting, and data from documents and images. It's used to analyze You can access Amazon Textract with the Amazon Textract API, in the AWS Management Console, or
Amazon Textract documents, identify fields of interest, and extract data from tables and forms using the AWS command-line interface (CLI).
Use cases
Contact centers
Transcribe customer calls to identify insights and improve customer experience
Content production
Automatically generate subtitles for videos and media to improve accessibility
Privacy
Filter content to ensure customer privacy and audience-appropriate language
Accessibility
Increase the accessibility and discoverability of audio and video content
Features
Transcription types
Amazon Transcribe is a service that converts speech to text using machine
learning. It can be used to add speech-to-text capabilities to applications, or Real time: Transcribe media in real time (streaming)
Amazon Trabscribe as a standalone transcription service. Batch: Transcribe media files located in an Amazon S3 bucket
Amazon Translate is a service that translates text between languages. It's
used to:
Build multilingual applications: Build applications that support multiple You can use Amazon Translate:
languages
Localize content: Localize content for users in different parts of the world Via an API to enable real-time or batch translation
Analyze large volumes of text: Analyze large volumes of text to enable cross-
lingual communication Using the console to test translation quality
With other AWS services, such as Amazon Polly, Amazon S3, and Amazon Lex
Amazon Translate uses deep learning models to provide high-quality
translations. These models are trained on a variety of content across You can get started with Amazon Translate using the free tier, which allows you to translate up to 2 million
Amazon Translate different use cases and domains. characters per month for the first 12 months.
How it works
AWS Auto Scaling monitors application performance and tracks metrics like CPU usage
It automatically adds or removes capacity to meet the target value for the metric
It can predict application resource demand
It can automatically remove unhealthy instances
It can keep the preferred capacity even when hardware fails
Benefits
Maintains application availability: Ensures that applications are accessible and responsive
Reduces costs: Only pays for the resources that are actually needed
Optimizes utilization: Allocates servers that are not needed to other companies
Supports lower energy consumption: Shuts down servers when traffic is low
Managemen The purpose of AWS Auto Scaling is to automatically adjust the capacity of
t and AWS services to meet application demand. This helps to maintain application Features Unified scaling, Automatic resource discovery, Built-in scaling strategies, Predictive scaling, and
14 Governance AWS Auto Scaling availability and reduce costs Smart scaling policies
What can AWS CloudFormation do?
Users create templates that describe the resources they want to create
AWS CloudFormation uses the templates to provision and configure the resources as a stack
Users can manage the stack as a single unit, instead of managing each resource individually
Auditing
Tracking user activity and API usage to help you ensure compliance with internal policies and regulatory
standards
Security monitoring
Recording user activity and API calls to help you identify and respond to unusual activity
Operational troubleshooting
Recording user activity and API calls to help you track changes and troubleshoot operational issues
How it works
CloudTrail records events for actions taken in the AWS Management Console, AWS Command Line
Interface, and AWS SDKs and APIs
CloudTrail records important information about each action, including who made the request, the services
used, and the actions performed
You can create custom trails to capture one or more types of events
You can configure trails to deliver events to an S3 bucket or AWS CloudWatch Logs
Benefits
CloudTrail helps you improve security posture and consolidate activity records across Regions and
accounts
AWS CloudTrail is a service that records user activity and API calls in your CloudTrail provides visibility into user activity, which can help you track changes and troubleshoot
AWS Cloudtrail AWS account. operational issues
You can use it to:
Monitor performance: Track application performance and resource use in real time
You can use CloudWatch to monitor: Amazon EC2 instances, Amazon DynamoDB tables, Amazon RDS
DB instances, Amazon Elastic Block Store (EBS) volumes, and Elastic Load Balancing.
You can also use CloudWatch to monitor custom metrics generated by your applications and services.
You can use CloudWatch to monitor your AWS account and resources. You can: Set alarms and actions
Amazon CloudWatch is a monitoring service that helps you observe and for certain scenarios, Take automated actions, Respond to changes in performance, Optimize resource
AWS cloudwatch manage applications and resources on AWS. use, and Gain insights into operational health.
What it does
What it recommends
Users can deploy the template using the AWS Config console or the AWS CLI
Users can see how the configurations and relationships change over time
Monitor compliance
Central administrators can monitor that accounts are compliant with company-wide policies
Automate account creation
AWS Control Tower can automatically create accounts with built-in governance
Enforce best practices
AWS Control Tower can enforce best practices, standards, and regulatory requirements
Integrate third-party software
AWS Control Tower can integrate third-party software into the AWS environment
Provide a consolidated view
AWS Control Tower provides a consolidated view of controls, compliance status, and controls evidence
across multiple accounts
How it works
AWS Control Tower is a tool that helps cloud architects and administrators AWS Control Tower uses blueprints to automate the setup of a new landing zone
set up and manage a secure, multi-account environment on Amazon Web
Services (AWS). It uses controls to enforce policies and ensure that AWS Control Tower applies controls to enforce policies and ensure compliance
AWS Control Tower accounts are compliant with AWS best practices. AWS Control Tower provides updated controls as requirements and AWS services evolve
Event-based alerts: Provides automatic alerts when the health of AWS services changes
Proactive notifications: Provides notifications about scheduled activities, such as infrastructure changes
Guidance: Provides detailed information and guidance to help you take action
Resource performance visibility: Provides visibility into the performance of your resources
Service availability visibility: Provides visibility into the availability of your AWS services and accounts
Planned activity awareness: Helps you be aware of and prepare for planned activities
You can sign into your AWS Health Dashboard to view account-specific health information
You can receive AWS Health event updates using Amazon EventBridge
You can access AWS Health programmatically using AWS Health API
The AWS Health Dashboard provides information about the performance Who can use the AWS Health Dashboard?
and availability of AWS services. It also provides alerts and notifications
AWS Health Dashboard about events that may impact your AWS resources All AWS customers can use the AWS Health Dashboard at no additional cost
What it does
Recommends resources
AWS Launch Wizard suggests the right AWS resources to meet an application's needs, such as EC2
instance types and EBS volumes
Deploys resources
AWS Launch Wizard provisions and configures the selected resources to create a production-ready
application
Estimates costs
AWS Launch Wizard provides an estimated cost of deployment, and users can modify the resources to
see an updated cost assessment
Creates templates
AWS Launch Wizard provides reusable AWS CloudFormation code templates that can be used for
subsequent deployments
AWS Launch Wizard is a service that helps users deploy third-party
applications on Amazon Web Services (AWS). It automates the process of What it's used for Deploying Microsoft SQL Server applications, Deploying SAP systems, and Deploying
AWS Launch Wizard selecting and configuring resources, which can save time and money. other third-party applications.
What it does:
License management: Tracks and manages licenses from software vendors like Microsoft, Oracle, IBM,
and SAP
License usage control: Enforces license usage limits, blocks new launches, and sets hard or soft limits on
license consumption
License cost savings: Helps users save money by reusing existing licenses with their cloud resources
AWS License Manager is a service that helps users manage software License compliance: Helps users ensure license compliance by providing built-in controls
licenses across AWS and on-premises environments. It provides visibility License migration: Helps users migrate from on-premises workloads to Amazon EC2
and control over license usage, which can help reduce the risk of non- License sharing: Allows users to create license configurations in one account and share them across other
AWS License Manager compliance and licensing overages. accounts
Centralized management: Users can create, manage, and govern their AWS accounts from a single
place
Simplified billing: Users can set up a single payment method for all accounts
Resource sharing: Users can share resources across accounts, both within and outside of their
organization
Policy enforcement: Users can enforce policies for identity and access management
Audit trail: Users can maintain an audit trail of all accounts
Cost management: Users can track, manage, and optimize usage across all accounts
How it works
AWS Organizations is a service that helps organizations manage their AWS Users can create groups of accounts called Organizational Units (OUs)
accounts, resources, and policies. It allows users to create groups of Users can attach policies to OUs to control access to services
AWS Organizations accounts, apply policies, and share resources Users can apply Identity and Access Management (IAM) policies to users, groups, or roles
Organizing resources: Group resources based on tags to model, manage, and automate tasks
Creating custom consoles: Create a custom console for each project that organizes and consolidates
information
Sharing resources: Share resources between identities within an AWS account
Adding tags: Add tags to resources to organize them by purpose, owner, environment, or other criteria
AWS Resource Groups and Tag Editor are tools used to organize and Access AWS Resource Groups through the AWS Management Console, AWS SDK APIs, and the AWS
AWS Resource Groups and manage AWS resources. They are used for centralized resource CLI
Tag Editor management, cost tracking, and compliance enforcement. Access Tag Editor through the AWS Management Console
What it provides
Centralized management
Organizations can centrally manage IT services, applications, resources, and metadata
Versioning
Organizations can manage multiple versions of products, including adding new versions based on
software updates or configuration changes
Portfolios
Organizations can create customized portfolios for each type of user, and selectively grant access to the
appropriate portfolio
Templates
Organizations can use templates that include the resources and dependencies required by an application
Self-service
End users can quickly find and deploy approved IT services they need from a personalized portal
Benefits
Increased agility: End users can find and launch only the products they need
Reduced costs: End users can find and launch only the products they need
AWS Service Catalog allows organizations to create, manage, and distribute Improved governance: Organizations can improve governance over resources across multiple accounts
catalogs of approved IT services. This helps organizations meet compliance Streamlined workflows: Organizations can streamline workflows by connecting to ServiceNow and Jira
AWS Service Catalog requirements while reducing costs and increasing agility. Service Management
You can use it to:
View and manage nodes: Get a centralized view of your nodes across accounts and regions
Automate tasks: Automate common tasks like software and patch installations, registry edits, and user
management
Manage nodes remotely: Securely manage nodes without opening inbound ports or managing SSH keys
Detect and resolve issues: Run automatic diagnoses to identify issues
Apply patches: Apply security updates and operating system updates to nodes
Manage applications: Manage applications and dependencies
Perform health checks: Perform application-specific health checks
You can use AWS Systems Manager to manage nodes in the following environments:
Makes recommendations
Trusted Advisor provides recommendations to improve performance, security, and cost
Provides real-time guidance
Trusted Advisor provides real-time guidance to help you provision resources
Helps you optimize cloud deployments
Trusted Advisor helps you optimize cloud deployments, improve resilience, and address security gaps
Saving money
Improving system performance and reliability
Closing security gaps
Maximizing utilization of Reserved Instances
Optimizing cloud deployments
Improving resilience
Addressing security gaps
AWS Trusted Advisor is an online tool that analyzes your AWS environment Trusted Advisor uses a green check to indicate that there are no problems
and provides recommendations to improve performance, security, and cost. Trusted Advisor uses a red exclamation mark to indicate that you should take action
It uses best practices learned from hundreds of thousands of AWS Trusted Advisor uses an orange exclamation mark to indicate that you should make specific changes
AWS Trusted Advisor customers after further investigation
What it does
How it works
Agentless discovery
Uses the AWS Application Discovery Service Agentless Collector to gather server information without
installing an agent on each host
Agent-based discovery
The AWS Application Discovery Service (ADS) helps you plan the migration Uses the AWS Application Discovery Agent to collect a richer set of data by installing an agent on one
of your applications to the AWS cloud. It collects data about your on- or more hosts
premises servers and databases, including their configuration, usage, and
behavior. You can use this data to: You can use the collected data to:
Plan migrations: Identify servers and dependencies, and size AWS Tag and group servers into applications
resources Export data for analysis in Excel or other cloud migration analysis tools
Understand dependencies across servers
Track migrations: Group servers into applications and track their migration Measure server performance
Migration status View discovered servers in the Migration Hub console
and AWS Application Discovery Establish performance baselines: Measure server performance to compare
15 Transfer Service against after migrating to AWS ADS is integrated with AWS Migration Hub and AWS Database Migration Service Fleet Advisor.
What it does
Benefits Reduces the cost of migrating applications, Simplifies the process of migrating applications,
Expedites the process of migrating applications, Minimizes downtime, and Maintains data integrity.
How to use it
Migrate databases: Move databases from on-premises, Amazon RDS, or Amazon EC2 to AWS
Plan migrations: Helps users plan how to migrate their servers and applications to AWS
Track migration status: Helps users monitor the progress of their migrations
Automate migrations: AWS Migration Hub Orchestrator can automate the migration of servers and
applications using predefined workflow templates
AWS Migration Hub is a tool that helps users plan and track the migration of
their servers and applications to AWS. It provides a central location to What are some benefits of using AWS Migration Hub?
discover existing servers, plan migrations, and monitor the status of each Provides visibility into the application portfolio, Streamlines planning and tracking, and Simplifies and
AWS Migration Hub migration. automates the migration process.
What it does
Automatically converts a database schema and most of its code objects to a format compatible with the
target database
Data migration
Moving large amounts of data to AWS for cloud migration, disaster recovery, and data center relocation
Cost effective: Allows users to access AWS storage and compute power in places where internet
connectivity might not be available
AWS Snow Family is a service that allows users to move data to and from You can use the AWS Snow Family console to order devices, download unlock credentials, and monitor
AWS Snow Family AWS, or to run compute and processing workloads locally. the status of your Snow jobs.
You can use it to:
Migrate workloads: Seamlessly move workloads without changing third-party clients or configurations
AWS Transfer Family is a service that lets you transfer files into and out of Centralize data access using AWS Transfer Family and AWS ...
AWS Transfer Family Amazon S3 or Amazon EFS. You can use AWS Transfer Family to integrate with Amazon S3 for storing file data.
Key points about Amazon API Gateway:
API creation: Enables building both RESTful APIs and WebSocket APIs for real-time communication.
Amazon API Gateway is a fully managed AWS service that acts as a "front
door" for applications to access data and functionality from backend services Traffic management: Can handle large volumes of concurrent API calls, including throttling to prevent
like AWS Lambda or EC2, essentially allowing developers to create, publish, overwhelming backend services.
manage, monitor, and secure APIs at scale by handling incoming API Security: Implements authorization and access control features to secure your APIs.
Networking requests, managing traffic, authentication, and authorization, all without Monitoring and logging: Provides insights into API usage with monitoring capabilities.
and Content needing to manage the underlying infrastructure; effectively acting as a Integration with other AWS services: Easily connects to other AWS services like Lambda functions, S3
16 Delivery Amazon API Gateway single entry point for your backend systems buckets, and DynamoDB
What it does
Distributes content
CloudFront delivers content to users through a network of edge locations around the world.
Reduces latency
CloudFront routes requests to the edge location with the lowest latency, so content is delivered quickly.
Caches content
CloudFront caches content in edge locations, which improves availability and reliability.
Streams media
CloudFront can stream pre-recorded files and live events to any device.
Use cases
Delivering static website content, such as photos, style sheets, and JavaScript
Serving video on demand (VOD) in common formats, such as MPEG DASH, Apple HLS, Microsoft Smooth
Streaming, and CMAF
Delivering live video streaming
Benefits
An Ethernet cable connects the internal network to an AWS Direct Connect location.
One end of the cable connects to the internal network router, and the other end connects to an AWS Direct
Connect router.
The connection bypasses internet service providers.
Benefits
Reduced costs
Private network connections can reduce costs compared to internet-based connections.
Increased bandwidth
Private network connections can increase bandwidth throughput.
More consistent network experience
Private network connections can provide a more consistent network experience than internet-based
connections.
Greater reliability
Direct Connect connections can provide greater reliability than internet-based connections.
Higher security
Direct Connect connections can provide higher security than internet-based connections.
Security features
AWS Direct Connect is a networking service that connects an internal MACsec security on Direct Connect connections
network to Amazon Web Services (AWS) using a private network CloudTrail Integration to track Direct Connect API calls
AWS Direct Connect connection. It's an alternative to using the internet to connect to AWS CloudWatch Metrics and Alarms to monitor key metrics like bandwidth usage and latency
It helps you:
Deliver highly available applications: Provide fast failover for multi-Region and multi-AZ architectures
Protect applications from DDoS attacks: Protect applications from DDoS attacks closer to the source
Route traffic to optimal endpoints: Route traffic to the endpoint that delivers the best performance and
availability
React to changes in application health: Instantly react to changes in the health or configuration of your
endpoints
Maintain state: Build applications that require maintaining state
How it works
AWS Global Accelerator monitors the health of your application endpoints using TCP, HTTP, and
HTTPS health checks
It directs traffic to the endpoint that delivers the best performance and availability
It provides static IP addresses that act as a fixed entry point to application endpoints
AWS Global Accelerator is a networking service that improves the You can use AWS Global Accelerator to improve the performance of front-end web applications, API
AWS Global Accelerator performance and availability of applications for global users. endpoints, or microservices.
What it does
How it works
Amazon Route 53 is a Domain Name System (DNS) service that helps users Who uses it
route traffic to websites and applications. It translates domain names like Developers and businesses can use Route 53 to: Route users to applications, Access web applications,
Amazon Route 53 www.example.com into IP addresses like 192.0.2.1. and Provide a reliable and cost-effective way to route traffic.
Create a virtual network: You can define your own network space and control how your network is
exposed to the internet.
Launch AWS resources: You can launch AWS resources like Amazon Elastic Compute Cloud (EC2) and
Amazon Relational Database Service (RDS) instances into your virtual network.
Connect to the internet: You can connect your VPC to the internet by adding an Internet Gateway.
Connect to other VPCs: You can connect your VPC to other VPCs using private IP addresses.
Amazon Virtual Private Cloud (VPC) is a service that allows users to create Connect to data centers: You can connect your VPC to your own data centers using a hardware virtual
virtual networks within the Amazon Web Services (AWS) cloud. It gives private network connection.
users full control over their virtual network, including security, connectivity, Route traffic: You can use route tables to control how network traffic is directed inside your VPC.
Amazon VPC and resource placement. Control security: You can associate security groups with your VPC
AWS VPN, which stands for Amazon Web Services Virtual Private Network, Site-to-site connectivity:
is used to securely connect remote users or on-premises networks to AWS Creates encrypted connections between different physical locations like data centers and branch offices to
cloud resources, allowing them to access data and applications within the communicate securely with AWS.
AWS environment over a private, encrypted connection, essentially creating Managed service:
a "virtual private network" across the internet; it primarily consists of two AWS fully manages the VPN infrastructure, simplifying setup and maintenance.
services: AWS Site-to-Site VPN for connecting data centers to AWS, and OpenVPN based:
AWS VPN AWS Client VPN for remote user access. AWS Client VPN utilizes the OpenVPN protocol for client connections.
What can AWS Artifact be used for?
Security, AWS Artifact is a service that provides access to AWS security and Go to the AWS Artifact console
Identity, and compliance documents and agreements. It can be used to review, accept, Download and accept legal agreements
17 Compliance AWS Artifact and track agreements, and to download compliance documents Subscribe to notifications about AWS Artifact documents
Framework mapping:
Allows you to map your AWS usage to pre-built compliance frameworks like NIST, ISO 27001, and PCI
DSS, or create custom frameworks.
Control assessment:
Review and manage individual controls within a framework, including the ability to upload manual evidence
when needed.
Report generation:
Generate comprehensive audit reports with evidence attached, simplifying the process of sharing
compliance information with auditors.
Collaboration tools:
Facilitate collaboration between different teams involved in compliance assessments, including security,
operations, and compliance personnel.
Manage certificates: Centrally manage certificates through the AWS Management Console, AWS CLI, or
ACM APIs
Deploy certificates: Deploy certificates to AWS resources like Amazon CloudFront, Elastic Load Balancers,
and API Gateway
Renew certificates: Automatically renew certificates before they expire
Protect private keys: Use strong encryption and key management best practices to protect private keys
ACM uses AWS Private Certificate Authority (AWS Private CA) to issue private certificates
ACM certificates are X.509 SSL/TLS certificates that bind your website's identity to a public key
Saves time by eliminating the need to manually purchase, upload, and renew certificates
AWS Certificate Manager AWS Certificate Manager (ACM) is a service that helps you manage and
(ACM) secure SSL/TLS certificates for your AWS applications and resources. Makes it easy to manage certificates for your AWS applications and resources
Data encryption
AWS CloudHSM can be used to encrypt databases, digital content, and payment applications
Digital signatures
AWS CloudHSM can be used to support secure message transmissions and digital signatures
Certificate management
AWS CloudHSM can be used for certificate management and public key infrastructure (PKI)
Identity and auditing
AWS CloudHSM can be used for identity and auditing
How it works
AWS CloudHSM uses tamper-resistant hardware devices to securely store cryptographic key material
Benefits
AWS CloudHSM is a cloud-based hardware security module (HSM) that
allows users to generate, store, and manage encryption keys. It's used to AWS CloudHSM can help users meet corporate, contractual, and regulatory compliance requirements
AWS CloudHSM protect sensitive data and meet compliance requirements. AWS CloudHSM can help users protect their encryption keys
What can you do with Amazon Cognito?
Authenticate users: Users can sign in with usernames and passwords, or with third-party providers like
Google, Facebook, Amazon, or Apple
Authorize users: You can map users to different roles and permissions
Control access: You can control access to your backend AWS resources and APIs
Federate identities: You can federate identities from social identity providers
Synchronize data: You can synchronize data across multiple devices and applications
What it does
Generates visualizations
Uses machine learning, statistical analysis, and graph theory to create visualizations
Builds finding groups
Creates a graph model that distills information into a single finding group
Provides profiles
Helps analysts determine if a finding is a false positive or a genuine concern
Provides detailed visualizations
Allows users to focus on specific resources, such as IP addresses, AWS accounts, VPCs, and EC2
instances
Builds custom security analytics
Includes a managed Jupyter notebook environment to create custom security analytics
Manage access
Administrators can use AWS Directory Service to manage access to information and resources.
Enhance security and compliance
AWS Directory Service offers robust security features, including end-to-end encryption and compliance
with industry standards.
Streamline cloud migration
AWS Directory Service allows organizations to leverage their existing AD investments, skills, and
applications.
Provide single sign-on (SSO)
AWS Directory Service allows organizations to provide SSO to cloud applications such as Microsoft Office
365.
Manage password policies
AWS Directory Service allows organizations to assign password policies to their users and delegate who
can manage those policies.
Enable multi-factor authentication
AWS Directory Service allows organizations to enable multi-factor authentication.
AWS Microsoft AD (Standard Edition): A primary directory for small and midsize businesses
AWS Directory Service is a managed service that stores information about AWS Microsoft AD (Enterprise Edition): A directory for enterprise organizations
AWS Directory Service an organization's users, groups, computers, and other resources. Simple AD: A standalone managed directory
Cross-Account Deployment:
Automatically apply security policies across all accounts within your AWS Organization, even as new
AWS Firewall Manager is a security management service used to centrally accounts and resources are added.
configure and manage firewall rules across multiple AWS accounts within an Compliance Enforcement:
organization, allowing you to define a single set of security policies that are Simplify compliance by enforcing consistent security rules across your entire infrastructure.
automatically applied to all your applications and resources, ensuring Auditing and Monitoring:
AWS Firewall Manager consistent security across your entire infrastructure. Monitor and audit firewall rules across accounts to identify potential security issues.
What does GuardDuty do?
Analyzes data sources like AWS CloudTrail logs, Amazon VPC Flow Logs, and DNS query logs
Generates security findings for visibility and remediation
Uses threat intelligence feeds like lists of malicious IP addresses and domains
What can GuardDuty detect? Anomalous behavior, Credential exfiltration, and Command and control
infrastructure (C2) communication.
How can GuardDuty help?
Access control:
IAM enables fine-grained control over who can access which AWS services and resources by defining
specific permissions for users, groups, and roles.
User management:
Create and manage user accounts, including their access keys and passwords, to authenticate users
accessing AWS services.
Role-based access:
AWS Identity and Access Management (IAM) is used to securely control who Assign roles to users or applications to grant specific permissions based on their function, allowing for
can access which AWS services and resources within an AWS account, easier access management.
allowing administrators to centrally manage user identities, security Security best practices:
AWS Identity and Access credentials, and permissions to ensure only authorized users can access Promote least-privilege access by defining granular permissions for users and roles to minimize potential
Management (IAM) specific resources on the platform security risks.
What it does
How it works
Users can access their assigned AWS accounts and applications with one click
Administrators can establish federation with an identity provider once and manage access to AWS
AWS IAM Identity Center (successor to AWS SSO) is used to centrally Reduced password-related security risks
AWS IAM Identity Center manage user access to AWS accounts and applications. It allows users to Centralized authentication, making phishing attacks less effective
(AWS Single Sign-On) log in to all their AWS accounts and applications with one set of credentials. Eliminates password fatigue and lowers IT management overheads
What it scans
Amazon EC2 instances: Scans for vulnerabilities in the operating system and applications
What it does
Identifies vulnerabilities like injection flaws, data leaks, and weak cryptography
Compares system configurations against CIS Benchmarks
Applies security best practices to recommend fixes
Creates detailed reports about issues, called findings
How it works
Uses an agent installed in the EC2 instance to scan and report findings
AWS KMS integrates with other AWS services, including: Amazon RDS, Amazon S3, and AWS
CloudTrail.
AWS KMS features include: Centralized control over key lifecycle and permissions, Protection of root keys,
Creation of new keys, Separation of key management and key usage, and FIPS 140-2 validated hardware
security modules (HSM).
You can use AWS KMS to:
Enterprises handling sensitive data: Organizations that handle sensitive customer or proprietary
business information, such as financial services, healthcare, and legal firms
Amazon Macie is a data security service that helps organizations discover, You can temporarily or permanently move data to Amazon S3 to discover sensitive data stored
monitor, and protect sensitive data in Amazon S3. It uses machine learning elsewhere.
and pattern matching to identify sensitive data and provide automated
Amazon Macie protection. You can use Macie with Komprise to detect sensitive content in on-premises data.
Managed service: You don't need to manage underlying infrastructure, making it easy to deploy and
scale.
AWS Network Firewall is a managed service used to filter and monitor Stateful inspection: Can analyze traffic based on the context of previous packets, providing more granular
network traffic within your Amazon Virtual Private Cloud (VPC), providing a control.
security layer by allowing you to define fine-grained rules to control which Deep packet inspection: Allows examination of the content of packets to identify malicious traffic.
traffic can enter or leave your network, effectively protecting your VPC from Customizable rules: Create specific rules to filter traffic based on your needs.
malicious activity by inspecting and blocking unwanted traffic based on Intrusion prevention system (IPS): Leverages Suricata to detect and block potential attacks.
specific criteria like IP addresses, protocols, and port numbers; essentially Integration with other AWS services: Works seamlessly with other AWS services like Transit Gateway for
AWS Network Firewall acting as a perimeter firewall for your VPC managing cross-VPC traffic.
You can use AWS RAM to:
Share resources: Share resources like subnets, Transit Gateways, and Amazon Route 53 Resolver
rules
Secure storage: Secrets are encrypted using AWS KMS (Key Management Service) for robust security.
Access control: You can define who has access to specific secrets using IAM policies.
Secret rotation: Automate the process of regularly changing passwords and other sensitive credentials.
Versioning: Track changes to secrets with versioning capabilities.
Integration with other AWS services: Easily access secrets from other AWS services like Lambda
functions and EC2 instances.
Features
Inline mitigation: AWS Shield automatically applies pre-configured mitigation strategies to block malicious
traffic
Visibility: AWS Shield provides visibility into DDoS events, including request rates, blocked or allowed
requests, and the effectiveness of specific rules
Support: AWS Shield provides 24/7 support from the Shield Response Team
Integration: AWS Shield integrates with AWS WAF, a web application firewall, to defend against Layer 7
attacks
Tiers
Block malicious traffic: Create rules to block requests based on conditions like IP addresses, HTTP
headers, or custom URIs
Prevent attacks: Protect against attacks like cross-site scripting (XSS), SQL injection, and cross-site
request forgery
Monitor web requests: Count or monitor web requests based on conditions you define
Prevent account takeover fraud: Monitor login pages for unauthorized access to user accounts
Integrate with other AWS services: Control how Amazon CloudFront, Amazon API Gateway, Application
Load Balancer, or AWS AppSync GraphQL API responds to web requests
AWS WAF (Web Application Firewall) protects web applications and APIs You can enable AWS WAF protections using: One-click protection in the CloudFront console, A
AWS WAF from attacks by blocking requests before they reach your servers. preconfigured web access control list (ACL), and The AWS WAF APIs.
Cost: You pay for what you use, and you can save money with spot and compute savings plans.
Agility: You can scale applications up and down quickly.
Focus: You can focus on writing code instead of managing servers.
Scalability: You can scale applications up and down quickly.
Observability: You can integrate with other AWS services like Amazon CloudWatch Container Insights.
Fargate compatibility
AWS Fargate is a serverless compute engine that lets you run containers Fargate is compatible with both Amazon ECS and Amazon EKS.
without managing servers. You can use Fargate to build and manage cloud
18 Serverless AWS Fargate applications You can use Fargate with AWS Batch to run containers.
What can AWS Lambda be used for?
App development: Create and run code for apps, websites, and other services
Lambda runs your code in response to events, such as HTTP requests or changes to objects in Amazon
S3
AWS Lambda is a serverless compute service that runs code in response to Lambda automatically manages the compute resources, including server maintenance, capacity
events. It's used to create and run backend services and extend other AWS provisioning, and scaling
AWS Lambda services. You only pay for the compute time you use
Centralized management:
You can manage backups for multiple AWS services like EC2 instances, EBS volumes, RDS
databases, DynamoDB tables, and more from a single console.
Scalable storage
EBS allows users to dynamically increase capacity, tune performance, and change the type of volumes.
High availability
EBS offers high availability and low-latency performance within the selected availability zone.
Features
EBS volumes: EBS volumes can be attached, detached, and scaled with any EC2 instance.
EBS snapshots: EBS snapshots are incremental data backups that save on storage costs.
Encryption: EBS volumes can be encrypted transparently to workloads on the attached instance.
Volume types: EBS volumes can be SSD-backed or HDD-backed.
How it works
Amazon Elastic Block Store (EBS) is a cloud-based storage service that Define the configuration of the EBS volume, such as the volume size and type.
Amazon Elastic Block Store stores persistent data for applications, databases, and file systems. It's used Provision the EBS volume.
(Amazon EBS) with the Amazon Web Services (AWS) EC2 cloud service. Attach the EBS volume to an EC2 instance.
Scalability:
EFS automatically scales storage capacity based on your data needs, growing or shrinking as required
without disrupting applications.
Serverless operation:
You don't need to provision or manage storage capacity with EFS, making it a serverless file storage
solution.
Integration with AWS services:
EFS can be easily integrated with other AWS services like EC2 instances, ECS, EKS, Lambda, and
Fargate.
NFS protocol support:
EFS uses the Network File System (NFS) protocol, which allows existing applications to seamlessly
access data stored on EFS.
Application development environments: Sharing code and configuration files between developers in a
Amazon Elastic File System (Amazon EFS) is a cloud-based file storage team
service used to provide shared, scalable file access across multiple AWS
compute instances, allowing applications to store and access data from a Web server farms: Storing website content and assets accessible by multiple web servers
centralized location without needing to manage storage capacity manually, Content management systems: Managing and storing website content
making it ideal for use cases like application development, content Big data analytics: Providing a central file system for large data sets to be processed by analytics tools
Amazon Elastic File System management systems, big data analytics, and sharing files between servers Home directories: Storing user home directories for a distributed computing environment
(Amazon EFS) within a network. Database backups: Backing up database data to a centralized storage location
What it does
Replicates data: Continuously replicates applications and databases from any supported source to AWS
Automates recovery: Automates the replication of virtual machines and ensures data is continually
synchronized
Enables failover: Enables rapid failover to the AWS cloud when disasters occur
Converts servers: Automatically converts servers to boot and run natively on AWS
Benefits
How it works
AWS Elastic Disaster Recovery (DRS) is a service that helps protect critical Uses block-level replication of the underlying server
IT systems by replicating applications and databases to AWS. It's used for
AWS Elastic Disaster Recovery cloud-based disaster recovery of virtual and physical servers. Replicates objects as frequently as every second, providing a nearly up-to-the-minute backup
Use cases
Migrating data: Move data from on-premises to AWS, or migrate Windows file servers to AWS
Accelerating workloads: Consolidate on-premises storage in the cloud to improve performance and data
protection
Building applications: Store data for machine learning, analytics, and HPC applications
Simplifying business continuity: Provide storage for user profiles that can be accessed from Amazon
WorkSpaces and Amazon AppStream 2.0
Features
Scalability
Create file systems that can span multiple availability zones (AZs)
High performance
Provide consistent sub-millisecond latencies and high levels of throughput and IOPS
Security
Integrate with Microsoft Active Directory (AD) and provide administrative features like user quotas and
end-user file restore
Compatibility
Access file systems from Windows, Linux, and MacOS compute instances and devices
Amazon FSx is a file storage service that allows users to store and manage
data in the cloud. It can be used for a variety of purposes, including migrating Amazon FSx can integrate with other Amazon Web Services services, including Amazon S3, Amazon
Amazon FSx data, accelerating workloads, and building applications CloudWatch, and Amazon KMS.
Use cases
Data lakes: Store shared datasets that can be accessed by different applications, teams, and individuals
Cloud applications: Store data for cloud-native applications
Mobile apps: Store data for mobile and gaming applications
Big data analytics: Store data for big data analytics tools
Media hosting: Store images, videos, and music files
Website hosting: Store data for websites
Data backup: Store data for data backup and disaster recovery
Log file storage: Store log files
Data archiving: Store data for data archiving
Features
Amazon Simple Storage Service (S3) is used to store, manage, and retrieve How it works
data. It's an object storage service that can be used for a variety of purposes, S3 stores data as objects within buckets. You can upload a file to a bucket, set permissions, and control
Amazon S3 including data lakes, cloud applications, and mobile apps. access to the bucket.
Use cases
Image hosting: Store images that are rarely accessed but need immediate access
Online file sharing: Store files that are rarely accessed but need immediate access
Medical imaging: Store medical imaging and health records that are rarely accessed but need immediate
access
News media: Store news media assets that are rarely accessed but need immediate access
Genomics: Store genomics data that is rarely accessed but need immediate access
Video quality content: Store video quality content that has unpredictable access patterns
Features
How it works:
Storage Gateway can be deployed as a virtual machine (VM) or as an Amazon EC2 instance.
Storage Gateway integrates with standard storage protocols like iSCSI, SMB, and NFS.
Storage Gateway caches frequently accessed data on-premises for low-latency access.
Benefits:
Storage Gateway can reduce costs by using existing on-premises hardware and software.
AWS Storage Gateway is a hybrid cloud storage service that allows users to Storage Gateway can be integrated into existing IT environments.
access cloud storage from their on-premises infrastructure. It's used to store Storage Gateway can provide consistent and predictable performance.
AWS Storage Gateway and retrieve data, run applications, and back up data.
The AWS Knowledge Center is a resource that answers common questions
from AWS customers. It covers topics across all AWS services.
What it's used for
Finding answers
The Knowledge Center helps customers find answers to common
questions about AWS services.
Learning
The Knowledge Center provides information on how to troubleshoot issues,
resolve errors, and more.
Sharing feedback
Users can provide feedback on articles, upvote or downvote them, and share
their comments with the community.
Where to find it
What it includes
Strategies
Business perspectives, methodologies, and frameworks for cloud
migration and modernization
Guides
Guidance for planning and implementing strategies, with a focus on best
practices and tools
Patterns
Steps, architectures, tools, and code for implementing common migration,
optimization, and modernization scenarios
AWS Pricing Calculator is a free web-based planning tool that you can use to
create cost estimates for using AWS services. You can use AWS Pricing
Calculator for the following use cases:
Cloud adoption
AWS Professional Services helps customers achieve specific outcomes
related to cloud adoption.
Security
AWS Professional Services helps customers secure applications and data
within the cloud.
Performance
AWS Professional Services helps customers improve the performance of
their cloud environment.
Risk management
AWS Professional Services helps customers reduce risk by providing robust
cloud security architectures and risk management practices.
Time to value
AWS Professional Services helps customers shorten their time to value by
providing best practices and documentation.
AWS re:Post is a question and answer (Q&A) service that helps AWS
customers solve technical issues, innovate, and operate efficiently. It's a
community-driven service that provides expert-reviewed answers to
questions about AWS.
What can you use AWS re:Post for?
Ask questions
You can ask questions about designing, building, deploying, and operating
workloads on AWS.
Get answers
You can get answers from community experts, including AWS customers,
partners, and employees.
Build an organization-specific cloud community
You can use AWS re:Post Private to build a private space for your
AWS re:Post organization to share knowledge resources.
AWS SDKs (Software Development Kits) are used to easily integrate
Amazon Web Services (AWS) functionalities into your applications by
providing a set of libraries and tools that allow you to interact with various
AWS services like S3, EC2, DynamoDB, etc., directly within your preferred
programming language, simplifying the process of building cloud-based
applications without having to write complex low-level API calls directly.
Key points about AWS SDKs:
Accessibility:
They provide a user-friendly interface to access AWS services, making it
easier for developers to work with the cloud.
Language-specific:
AWS offers SDKs for various programming languages like Python (Boto3),
Java, JavaScript, C#, etc., allowing developers to use familiar syntax and
constructs.
Feature-rich:
Each SDK includes functionalities for managing credentials, handling error
scenarios, retry mechanisms, and data serialization, streamlining
development.
Common operations:
You can perform operations like creating instances, uploading files to S3,
querying databases, managing user access, and more using AWS SDKs.
The AWS Security Blog provides information about AWS security and
compliance. It includes content from AWS team members on a variety of
topics, such as security best practices, how-to guides, and compliance
milestones.
What you can learn from the AWS Security Blog
Security best practices: Learn how to secure AWS services like Amazon
EC2, Amazon S3, and AWS IAM
How-to guides: Learn how to perform specific tasks related to AWS security
Compliance milestones: Learn about compliance milestones for AWS
services
Customer and partner stories: Learn about the experiences of AWS
customers and partners
Real-world solutions: Learn how AWS security specialists solve real-world
problems
AWS Security Blog Event coverage: Learn about AWS security events
AWS Security Hub is a cloud security posture management (CSPM) service
that helps you assess and improve the security of your AWS resources. It
does this by:
You can use AWS Security Hub to: Assess your security state, Identify
security issues, Manage your security state, Automate remediation, and
AWS Security Center Integrate with other AWS services.
The AWS Support Center provides technical support and guidance for
Amazon Web Services (AWS) customers. It helps customers with technical
issues and operating their AWS cloud infrastructures.
Features
Basic Support
Includes 24/7 access to one-on-one responses, support forums, service
health checks, and documentation
Trusted Advisor
Allows users to request Trusted Advisor checks, view results, and refresh
checks
Incident Detection and Response
An add-on to Enterprise Support that offers 24/7 proactive monitoring and
incident management
How to access
Support tools
AWS Support tools use API calls to gather information about AWS
resources
AWS Support uses an AWS Identity and Access Management (IAM)
service-linked role to increase transparency and auditability of support
AWS support center activities
Amazon Web Services (AWS) Support plans provide customers with
technical support and guidance for using AWS products and services.
What do AWS Support plans include?
Customers can choose a support plan tier that meets their specific
AWS Support plans requirements.
The AWS Well-Architected Framework is a crucial resource for designing,
building, and operating secure, reliable, performant, and cost-effective
systems in the AWS Cloud. It provides a consistent approach to evaluating
architectures and implementing best practices. It's not a checklist, but rather
a set of guiding principles and questions to help you make informed
decisions.
AWS Well-Architected Tool: This free tool helps you review your
workloads against the Well-Architected Framework. It provides a series of
questions and generates a report with recommendations.
Well-Architected Reviews: Engage with AWS Solutions Architects or Well-
Architected Partners to conduct in-depth reviews of your architectures.