https://dev.classmethod.

jp/articles/2021-summary-of-all-aws-services-translated/
https://digitalcloud.training/category/aws-cheat-sheets/aws-cloud-practitioner/
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
https://allcode.com/top-aws-services/
https://www.interviewbit.com/aws-cheat-sheet/
https://www.pluralsight.com/resources/blog/cloud/your-aws-terminology-cheat-sheet
https://www.passus.com/presentations/cloud-day-2018/Amazon-Web-Services-TStarzec.pdf
https://leanylabs.com/blog/aws-overview/
Amazon Web Services AWS Cheat Sheets - Tutorials Dojo
==
Overview of 30 Important AWS Services
Andriy Obrizan
The majority of modern web applications run on the cloud.
Amazon Web Services is the most popular cloud platform that offers scalable, reliable, easy-to-use, and
secure platform as a service (PaaS) and infrastructure as a service (IaaS) solutions.
The word migrated to cloud computing platforms because of the significant benefits they provide:
 Pay only for what you use, without upfront payments and long-term commitments.
 Quickly scale or downscale resources like compute power and capacity.
 Deploy apps in multiple regions around the world.
 Reduce the total cost of ownership by eliminating the need to maintain data centers.
AWS has so many services that it’s easy to get lost in the AWS console at first glance. Some of the
services are designed for specific use cases like AR & VR, IoT, machine learning, and blockchain. We’ll
focus on the ones that get commonly used in many web applications.
Table of Contents
 Computation Services
 Databases
 Analytics
 Networking and Content Delivery Services
 Integration Services
 Management & Governance
 Data Storage
 Conclusion
Computation Services

Amazon EC2 (Elastic Compute Cloud)

This service lets you rent virtual servers in the cloud. Most of them are virtual machines, ranging from tiny
two vCPU and 0.5Gb of RAM to beefy 96-core machines with 384 Gb of RAM. You can also rent physical
dedicated servers with EC2. The service is designed for any workload, although you’ll still need to choose
the best instances for your specific tasks. Besides generic ones, EC2 also offers cost-saving ARM instances
and bare metal Mac minis.
Amazon ECR (Elastic Container Registry)
ECR is a highly available and high-performance container registry for easy storage, management, and
deployment of your container images. Images can be private to your organization or shared worldwide. It
works great with Amazon ECS, AWS Lambda, and AWS Fargate, enabling fast single-click deployments.
It’s a fully managed service, and you pay only for the amount of data stored and data transferred over the
internet.
Amazon ECS (EC2 Container Service)
ECS is a fully managed container orchestration service that enables you to run, scale, and secure Docker
applications on Amazon EC2 and AWS Fargate. You can define multiple related containers and configure
their various deployment parameters in task definitions.
Being a foundational pillar for critical Amazon services, it can natively integrate with Route 53, Secrets
Manager, IAM, CloudWatch, and other services.
AWS Fargate
Fargate removes the need to manually provision and manage servers, freeing time to focus on building
your application. It’s a serverless compute engine for containers that works both with ECS and EKS
(Amazon Elastic Kubernetes Service).
It automatically allocates the right amount of isolated compute resources for each container, so there is
no additional cost for over-provisioning to handle more load. By design, running each application in
isolation also improves its security.
AWS Lambda
Lambda is a serverless compute service that enables you to run your code on the AWS platform without
worrying about provisioning, maintenance, and scaling the servers.
Your code gets automatically executed on incoming events or HTTP requests at any scale. Most popular
languages like Javascript, C#, Java, Go, and Python are supported, and deployment is effortless.
AWS Elastic Beanstack
This easy-to-use service automatically handles the deployment of web applications. It handles
provisioning, load balancing, auto-scaling, and app health monitoring without losing full control over the
underlying resources.
Elastic Beanstack the fastest and most straightforward way to deploy your application to AWS, and it
doesn’t require extensive knowledge of the platform and its services.

Databases

Amazon DynamoDB
DynamoDB is a high-performance managed NoSQL database that supports both key-value and document
store. It can handle more than 10 trillion requests per day, with peaks of more than 20 million requests
per second.
This durable and secure database with built-in in-memory caching, backups, and restore is the number
one choice for many fastest-growing startups that demand low-latency data storage at any scale.
Amazon ElastiCache
This service offers fully managed Redis and Memcached as high-throughput and low-latency in-memory
data stores for your cloud applications. ElastiCache’s primary purpose is to boost web applications’
performance by caching mission-critical data on top of slower databases. It is also suitable for session
storage, real-time analytics, and other tasks.
Amazon Aurora
Aurora is a MySQL and PostgreSQL-compatible high-performance distributed relational database. Out of
the box, it’s much faster than both MySQL and PostgreSQL and offers high security, availability, and
reliability of traditional commercial databases. On top of that, it provides replication across three
Availability Zones, point-in-time recovery, and continuous backup to Amazon S3.
Amazon RDS (Relational Database Service)
This service manages relational databases in the cloud. It takes care of hardware provisioning, database
setup, patching, and backups. Amazon RDS supports various database engines like Amazon Aurora,
PostgreSQL, MySQL, Microsoft SQL Server, Oracle Database, and MariaDB.
Analytics

Amazon Kinesis
With Kinesis, you can analyze real-time data streams with low-latency at any scale. It enables applications
to collect, buffer, and process streaming data as it arrives and react to it instantly instead of waiting hours
for data to be collected before processing begins.
Amazon Redshift
Redshift provides a cost-effective way to build a data warehouse and run standard SQL queries against it.
You can further analyze these results in various business intelligence tools to gain new insights from the
underlying data.
Amazon Athena
Athena is a serverless solution to analyze large datasets in Amazon S3 using standard SQL. It’s fast, easy
to use, and doesn’t require complex ETL processes to prepare your data before analysis. You pay only for
the amount of data scanned when running each query.

AWS Glue
With serverless AWS Glue, data integration becomes much more comfortable. It helps discover and
extract data from multiple sources, prepare this data for use, and organize it into databases, data
warehouses, and data lakes for further analysis by specialized tools and custom applications.
Networking and Content Delivery Services

Amazon Route 53
Route 53 is an advanced, highly available, and scalable DNS Service. Besides simple IP lookups, it has
sophisticated routing types like GeoDNS, Geoproximity, and Latency Based Routing. Together with health
checks and DNS failover, this enables different fault-tolerant low-latency architectures configurable with a
simple visual editor.
Amazon CloudFront
CloudFront is a fast and secure programmable content delivery network (CDN) that caches your content
and APIs on globally scaled edge locations for more rapid responses. It also offers protection against
multiple types of attacks, including network, transport, and application-layer DDoS attacks. CloudFront is
cost-effective and deeply integrated with other AWS services like S3, EC2, Route 53, and Elastic Load
Balancing.
Amazon API Gateway
API Gateway makes it easy to create, publish, monitor, and secure RESTful and WebSocket APIs. It
handles traffic management, CORS, authorization and access control, throttling, monitoring, and API
version management. API Gateway can process hundreds of thousands of concurrent API calls. It’s a fully
managed service, and you pay only for the API calls your application receives and the amount of outgoing
traffic.
AWS Elastic Load Balancing
Elastic Load Balancing distributes incoming application traffic across multiple servers, containers, or
Lambda functions. It enables the application to handle more concurrent requests without affecting
response time. Multiple request handlers are crucial to make the application highly available, reliable, and
fault-tolerant.
Amazon VPC (Virtual Private Cloud)
With Amazon VPC, you can create logically isolated virtual networks inside AWS. You have full control over
the configuration of the network, its subnets, and routing tables. It’s possible to create a public-facing
subnet with internet access for your web servers while keeping most of the backend infrastructure in a
private subnet with no internet connection, making it much more secure.
Integration Services
Amazon MQ
Amazon MQ is a managed message broker service that makes it easy to run ActiveMQ and RabbitMQ on
AWS infrastructure. It automatically handles provisioning for high availability, setup, software and security
updates, and other maintenance tasks.
Amazon SQS (Simple Queue Service)
With SQS, you can send, store, and receive messages between microservices and serverless applications.
It’s a fully managed service that has two types of message queues. Standard queues are best for
maximum throughput and at-least-once delivery, while FIFO guarantees that messages are processed
exactly once in the exact sending order.
Amazon SNS (Simple Notification Service)
Simple notification service provides high-throughput pub/sub fanout messaging to many subscribers,
including Amazon SQS, AWS Lambda functions, HTTPS endpoints, and Amazon Kinesis Data Firehose. It
can also send messages to users via email, mobile push notifications, and SMS. It’s a fully managed
service, so you pay for use.
Amazon SES (Simple Email Service)
Amazon Simple Email Service is a flexible email service that supports mass email communication,
marketing, and transactional emails at scale. It offers some analytics and calculates open and click-
through rates to measure audience engagement in your email messages.
AWS Secrets Manager
This service protects the secrets needed to access various APIs and resources required for your
application. AWS Secrets Manager provides an API to retrieve secrets, so you don’t have to hardcode
them in plain text configuration files. Access to these secrets controlled with fine-grained permissions.
Management & Governance
AWS CloudFormation
CloudFormation enables you to describe your desired resources and their dependencies with a code
template as a single stack. You can provision, manage, update, and delete these stacks as single units
without managing underlying resources individually.
AWS CloudWatch
CloudWatch provides a unified view of AWS resources and services of your application. It’s helpful to
optimize resources, detect abnormal behavior, set different alarms, monitor application health, and
troubleshoot issues by viewing logs and various metrics.
Data Storage

Amazon S3 (Simple Storage Service)

Amazon S3 is a generic object storage service designed for incredible durability, high scalability,
availability, security, and performance. It has various storage classes for different use cases. S3
automatically stores copies of objects across multiple systems. It offers a fine-grained access control
system and auditing capabilities for compliance. Using Amazon Athena, you can analyze data in S3 at any
scale with simple SQL queries.
Amazon S3 Glacier
For data archiving and long-term backups at extremely low-cost, Amazon offers S3 Glacier with extreme
durability. There are three options for access to archives. Expedited retrievals typically return data in 1-5
minutes, standard generally complete in 3-5 hours, while the cheapest bulk retrievals take 5-12 hours to
get large amounts of data.
Amazon EBS (Elastic Block Storage)
EBS is generic long-term high-performance block storage for EC2 instances. It’s designed for both
throughput and transactional workloads and can scale to petabytes of data. You can choose different
storage types with various throughput and latency suitable for your needs. The EBS replicates volumes
within the Availability Zone, and you can use EBS Snapshots to backup your volumes to S3.
Amazon EFS (Elastic File System)
Amazon Elastic File System is a fully managed scalable elastic NFS. It grows and shrinks
automatically, eliminating the need to provision and manually manage capacity. EFS is designed to
provide massively parallel shared access to thousands of EC2 instances with a high level of aggregate
throughput and IOPS, maintaining consistent latency.
Conclusion
Amazon Web Services (AWS) offers more than 175 cloud services to cover any possible need. We’ve
briefly described only the tip of this enormous iceberg. Besides general-purpose services, it has dozens of
more specialized services in machine learning, IoT, Media, and other categories. Amazon Braket even
allows you to experiment with quantum computing!
With cloud computing services like AWS, you can focus on developing your applications without too much
worrying about managing and scaling your servers. You pay for what you use with most services. The
majority of them are fully managed, drastically reducing the total cost of ownership by eliminating the
need for dedicated people to manage them.
It’s much easier to make your application highly available, reliable, and fault-tolerant while maintaining
outstanding performance and scaling worldwide.
AWS costs tend to add up with the number of services you use. For an average tech startup, they can
quickly reach uncomfortable levels. Fortunately, there’s an option to apply for up to $10k of free AWS
credits from their partners, like FounderPass.com. It’s an excellent way for startups and early-stage
founders to start with AWS.

Note from Exam Topic!

AWS
vpc
subnet
route table
internet gateway
network interface
load balancers

VPC endpoint (make private connection between VPC and supported AWS service , VPC endpoint
not require internet gateway , virtual private gateway, NAT device, VPN connection, or AWS Direct
connect connection)
==
A. AWS CodeDeploy - automates deployments of code
B. AWS CodeStar - project management based of code building process
C. AWS CodeCommit - git repo of source code.
(A company needs to store source code. The source code must be accessible over the internet)
D. Amazon CodeGuru - helps improve code for better efficiency

AWS Elastic Beanstalk vs CloudFormation

https://www.sitepoint.com/aws-elastic-beanstalk-vs-cloudformation/#:~:text=A%20Beanstalk
%20and%20CloudFormation%20Comparison&text=Elastic%20Beanstalk%20is%20suitable
%20for,automate%20their%20infrastructure%20as%20code.
AWS

What are the key differences between AWS Elastic Beanstalk and CloudFormation?
AWS Elastic Beanstalk and CloudFormation are both services offered by Amazon Web Services
(AWS), but they serve different purposes.
Elastic Beanstalk is a Platform as a Service (PaaS) that simplifies the deployment and scaling of
applications,

while CloudFormation is an Infrastructure as Code (IaC) service that allows you to manage and
provision AWS resources.

Amazon Aurora (Aurora) is a fully managed relational database engine that's compatible with
MySQL and PostgreSQL

Amazon EventBridge is a serverless event bus that ingests data from your own apps, SaaS apps,
and AWS services and routes that data to targets.

Elastic Beanstalk is ideal for developers who want to deploy their applications without worrying
about the underlying infrastructure, while CloudFormation is more suited for DevOps teams who
need to manage complex AWS environments.

Amazon AppStream 2.0 (Q: use AWS cloud to provide secure access to desktop
application are running in fully managed enviroment)
Fast and secure fully managed application streaming service
✔ Empower your remote workforce and react quickly to changing conditions with access to
applications and desktops from anywhere.
✔ Strengthen security by storing data on AWS instead of vulnerable endpoint devices.
✔ Optimize costs through on-demand cloud scalability and pay only for what you use.

Amazon WorkSpaces Web -provide the functionality of remotely accessing versual desktop
computers from the internet is Amazon Workspaces
Secure browser access to internal websites and SaaS apps starting at $7 per month (Q: need to
provide its remote employees with virtual desktops)

AWS Outposts Run AWS infrastructure and services on premises for a truly consistent hybrid
experience (migrate on premises to AWS cloud) , the company is legally obligated to retian
certain data

Support a hybrid compute architectural model- AWS wavelength, AWS outposts

==

AWS Cloud9
AWS CodeBuild
Amazon RDS = MySQL DB instance
Amazon Athena = query service
===
Availability zones is one or more discrete data centers with redundant power, networking, and
connectivity in an AWS Region.
AWS Local Zones Run applications on AWS infrastructure closer to your end users and workloads
(Q:need to remain on-premises can host this application with minimum latency)
AWS Wavelength enables developers to build applications that deliver ultra-low latencies to
mobile devices and end users. Wavelength deploys standard AWS compute and storage services to
the edge of communications service providers' (CSP) 5G networks. You can extend a virtual private
cloud (VPC) to one or more Wavelength Zones. You can then use AWS resources like Amazon
Elastic Compute Cloud (Amazon EC2) instances to run the applications that require ultra-low
latency and a connection to AWS services in the Region.
AWS outposts =ability to run AWS services on premises
AWS OpsWorks is a configuration management service that helps you configure and operate
applications in a cloud enterprise by using Puppet or Chef
EventBridge is a serverless service that uses events to connect application components together,
making it easier for you to build scalable event-driven applications. Event-driven architecture is a
style of building loosely-coupled software systems that work together by emitting and responding
to events. Event-driven architecture can help you boost agility and build reliable, scalable
applications.

AWS CodePipeline= is a continuous delivery and deployment solution

Amazon Redshift = complex analytical queries

Amazon Lightsail is the easiest way to get started with Amazon Web Services (AWS) for anyone
who needs to build websites or web applications. It includes everything you need to launch your
project quickly - instances (virtual private servers), container services, managed databases,
content delivery network (CDN) distributions, load balancers, SSD-based block storage, static IP
addresses, DNS management of registered domains, and resource snapshots (backups) - for a low,
predictable monthly price. (use to build web application with no Cloud experience) ,simplyway of
establish a website

AWS Glue is a serverless data integration service that makes it easy for analytics users to discover,
prepare, move, and integrate data from multiple sources. You can use it for analytics, machine
learning, and application development. It also includes additional productivity and data ops tooling
for authoring, running jobs, and implementing business workflows.

AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, application
credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles. Many AWS
services store and use secrets in Secrets Manager. (Q: company want to securely store amazon
RDS database credential and automtically rotate user password periodically)
==
S3 standard infrequent access (S3 standard-IA)
S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed.
S3 Standard-IA offers the high durability, high throughput, and low latency of S3 Standard, with a
low per GB storage price and per GB retrieval charge. This combination of low cost and high
performance make S3 Standard-IA ideal for long-term storage, backups, and as a data store for
disaster recovery files. You can configure S3 storage classes at the object level, and a single
bucket can contain objects stored across S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and
S3 One Zone-IA. You can also use S3 Lifecycle policies to automatically transition objects between
storage classes without any application changes.

Key features:

Infrequently accessed data that needs millisecond access

Same low latency and high throughput performance of S3 Standard
Designed to deliver 99.9% availability with an availability SLA of 99%

==
S3 one-zone infrequent access (S3 one zone-IA)
S3 One Zone-IA is for data that is accessed less frequently, but requires rapid access when needed.
Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs),
S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA. S3 One Zone-IA
is ideal for customers who want a lower-cost option for infrequently accessed data but do not
require the availability and resilience of S3 Standard or S3 Standard-IA. It’s a good choice for
storing secondary backup copies of on-premises data or easily re-creatable data. You can also use
it as cost-effective storage for data that is replicated from another AWS Region using S3 Cross-
Region Replication.

S3 One Zone-IA offers the same high throughput, and low latency of S3 Standard, with a low per
GB storage price and per GB retrieval charge. Using similar engineering designs as S3 Regional
storage classes, S3 One Zone-IA also offers 11 nines of durability, but may be susceptible to data
loss in the unlikely case of the loss or damage to all or part of an AWS Availability Zone. You can
configure S3 storage classes at the object level, and a single bucket can contain objects stored
across S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and S3 One Zone-IA. You can also use
S3 Lifecycle policies to automatically transition objects between storage classes without any
application changes.

Key features:

Re-creatable infrequently accessed data

Same low latency and high throughput performance of S3 Standard
Designed to deliver 99.5% availability with an availability SLA of 99%
==
S3 Glacier Deep archive(most cost effective in longterm)
S3 intelligent-tiering
is the first cloud storage that automatically reduces your storage costs on a granular object level
by automatically moving data to the most cost-effective access tier based on access frequency,
without performance impact, retrieval fees, or operational overhead. S3 Intelligent-Tiering delivers
milliseconds latency and high throughput performance for frequently, infrequently, and rarely
accessed data in the Frequent, Infrequent, and Archive Instant Access tiers. You can use S3
Intelligent-Tiering as the default storage class for virtually any workload, especially data lakes, data
analytics, new applications, and user-generated content.
==
S3 outpost
Amazon S3 on Outposts delivers object storage to your on-premises AWS Outposts environment.
Using the S3 APIs and features available in AWS Regions today, S3 on Outposts makes it easy to
store and retrieve data on your Outpost, as well as secure the data, control access, tag, and report
on it. S3 on Outposts provides a single Amazon S3 storage class, named 'OUTPOSTS', which uses
the S3 APIs, and is designed to durably and redundantly store data across multiple devices and
servers on your Outposts. The S3 Outposts storage class is ideal for workloads with local data
residency requirements, and to satisfy demanding performance needs by keeping data close to on-
premises applications.
Key features:

S3 Object compatibility and bucket management through the S3 SDK

Designed to durably and redundantly store data on your Outposts
Encryption using SSE-S3 and SSE-C
Authentication and authorization using IAM, and S3 Access Points
Transfer data to AWS Regions using AWS DataSync
S3 Lifecycle expiration actions

==
S3 Standard offers high durability, availability, and performance object storage for frequently
accessed data. Because it delivers low latency and high throughput, S3 Standard is appropriate for
a wide variety of use cases, including cloud applications, dynamic websites, content distribution,
mobile and gaming applications, and big data analytics.

Key features:

General purpose storage for frequently accessed data

Low latency and high throughput performance
Designed to deliver 99.99% availability with an availability SLA of 99.9%

==

Cloud transformation journey

Envision phase focuses on demonstrating how cloud will help accelerate your business outcomes. It
does so by identifying and prioritizing transformation opportunities across each of the four
transformation domains in line with your strategic business objectives. Associating your
transformation initiatives with key stakeholders (senior individuals capable of influencing and
driving change) and measurable business outcomes will help you demonstrate value as you
progress through your transformation journey.

Align phase focuses on identifying capability gaps across the six AWS CAF perspectives, identifying
cross-organizational dependencies, and surfacing stakeholder concerns and challenges. Doing so
will help you create strategies for improving your cloud readiness, ensure stakeholder alignment,
and facilitate relevant organizational change management activities.

Launch phase focuses on delivering pilot initiatives in production and on demonstrating

incremental business value. Pilots should be highly impactful and if/when successful they will help
influence future direction. Learning from pilots will help you adjust your approach before scaling to
full production.

Scale phase focuses on expanding production pilots and business value to desired scale and
ensuring that the business benefits associated with your cloud investments are realized and
sustained.

==
Amazon Personalize is a fully managed machine learning service that uses your data to generate
item recommendations for your users. It can also generate user segments based on the users'
affinity for certain items or item metadata.
==
AWS amplify build full stack web and mobile apps inhours, easy to start and to scale

AWS Control Tower offers a straightforward way to set up and govern an AWS multi-account
environment,

==
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web
content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content
through a worldwide network of data centers called edge locations. When a user requests content
that you're serving with CloudFront, the request is routed to the edge location that provides the
lowest latency (time delay), so that content is delivered with the best possible performance.

If the content is already in the edge location with the lowest latency, CloudFront delivers it
immediately.

If the content is not in that edge location, CloudFront retrieves it from an origin that you've defined
—such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server (for example, a web
server) that you have identified as the source for the definitive version of your content.

As an example, suppose that you're serving an image from a traditional web server, not from
CloudFront. For example, you might serve an image, sunsetphoto.png, using the URL
https://example.com/sunsetphoto.png.

Your users can easily navigate to this URL and see the image. But they probably don't know that
their request is routed from one network to another—through the complex collection of
interconnected networks that comprise the internet—until the image is found.

CloudFront speeds up the distribution of your content by routing each user request through the
AWS backbone network to the edge location that can best serve your content. Typically, this is a
CloudFront edge server that provides the fastest delivery to the viewer. Using the AWS network
dramatically reduces the number of networks that your users' requests must pass through, which
improves performance. Users get lower latency—the time it takes to load the first byte of the file—
and higher data transfer rates.

You also get increased reliability and availability because copies of your files (also known as
objects) are now held (or cached) in multiple edge locations around the world.(EC2 to provide low
latency static website to global users)
==
AWS compute saving plans want to optimize longterm compute cost of AWS Lamda function and
AMZ EC2 ; Q usage for 1 or 3years save up to 72%
==
Amazon Quicksight
Amazon license manager
Saving Plan
Amazon Aurora = MySQL/PostSQL
Amazon Athena
Amazon Lightsail
Amazon presonalize
==
AWS Cloud Adoption Frame Work (AWS CAF)
-Business
-people
-govenment
-platform
-security
-operation

AWS Well Architecture framework

-operational excellence (how your organization support your business objective = workload
effectively , gain insight operations, improve supporting process) Q: can be updated regularly and
so that changes can be made in small, reversible increments /answer anticipate faliure
-security
-reliability
-performance efficiency (the efficient use of computing resources,, how to maintain efficiency as
demand change and technology evolve ; Q:able take advantage advance technologies
quickly after migration )
-cost optimization (pay the resource usage to meet )
-sustainability

AWS services provide disaster recovery solution EC2 instances = AMI, Amazon EBS snapshots
Cost allocation tags are a powerful tool in AWS that allows you to categorize your resources and
track their costs. These tags act as metadata labels that you can assign to your AWS resources,
such as instances, volumes, and databases (Q: determine which business unit is using specific AWS
resources)
AWS Consulting partner (Q: lack of expertise in AWS Cloud computing, help to migrate its
workload)
AWS Service quota (Q: AWS service or tool use to centrally and track service limit increases)

AWS Artifact provides a central resource for AWS security and compliance reports. The artifacts
available in AWS Artifact include Service Organization Control (SOC) reports, Payment Card
Industry (PCI) reports, and certifications from accreditation bodies that validate the implementation
and operating effectiveness of AWS security controls. Additionally, AWS Artifact provides on-
demand access to the security and compliance documents such as ISO certifications(Q), and
Service Organization Control (SOC) reports of the Independent Software Vendors (ISVs) who sell
their products on AWS Marketplace.

Component of AWS site to site VPN connection (A: Virtual private gateway , customer
gateway)

A: Service control policies(SCPs) = company uses AWS organization to manage multiple AWS
account ,what AWS services can the company use to limit access to AWS services for member
accounts

Service Catalog enables organizations to create and manage catalogs of IT services that are
approved for AWS. These IT services can include everything from virtual machine images, servers,
software, databases, and more to complete multi-tier application architectures.(Q:Company want
to limit its employee access to a portfolio of predefined AWS resources)

A security group acts as a virtual firewall for your EC2 instances to control incoming and
outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules
control the outgoing traffic from your instance. When you launch an instance, you can specify one
or more security groups. If you don't specify a security group, Amazon EC2 uses the default
security group for the VPC. You can add rules to each security group that allow traffic to or from its
associated instances. You can modify the rules for a security group at any time. New and modified
rules are automatically applied to all instances that are associated with the security group. When
Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from
all of the security groups that are associated with the instance (Q: stateful firewall to limit
traffic to private corporate network).

AWS Global Accelerator is a service in which you create accelerators to improve the
performance of your applications for local and global users. Depending on the type of accelerator
you choose, you can gain additional benefits: (Q: aws services uses edge location)

With a standard accelerator, you can improve availability of your internet applications that are
used by a global audience. With a standard accelerator, Global Accelerator directs traffic over the
AWS global network to endpoints in the nearest Region to the client.

With a custom routing accelerator, you can map one or more users to a specific destination among
many destinations. (Q: improve overall availability and performance of its application that
are hosted on AWS)
==
IAM
AWS IAM access analyzer (Q: AWS service or feature identifies whether an Amazon S3 bucket or
an IAM role has been shared with an external entity )
(Q: AWS services check access policies and offer actionable recommendations to help users set
secure and functional policies)

A transit gateway is a network transit hub that you can use to interconnect your virtual private
clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-
Region peering connects transit gateways together using the AWS Global Infrastructure. All
network traffic between AWS data centers is automatically encrypted at the physical layer.(Q:
multiple VPC in several region need to connect and centrally manage network connectivity
between its VPC) (Q:company operate its infrastructure in a single AWS region , the company has
thousand of VPC in various AWS that it want to interconnect)

AWS Storage Gateway is a service that connects an on-premises software appliance with cloud-
based storage to provide seamless and secure integration between your on-premises IT
environment and the AWS storage infrastructure in the AWS Cloud (Q: to store data back up , the
tape library is running out of space and need to extend the tape library capactity)

AWS Snowballedge (Q: company no internet connectivity and need to collect format and process
the data at sea and move the data to AWS later)

VPC Flow Logs (Q: to capture information inbound and outbound information about inbound and
outbound traffic in Amazon VPC)

==
Q: Global edge location = (Amazon cloudfront, AWS Global accelerator)

AWS Global infrastructure = AWS regions(answer)

What is AWS Lambda (Q: the ability to process data , store data , and run application with local
system interdependencies that require low latency)
✔ Run code without provisioning or managing servers, creating workload-aware cluster scaling
logic, maintaining event integrations, or managing runtimes.
✔ Run code for virtually any type of application or backend service. Just upload your code as a ZIP
file or container image, and Lambda automatically allocates compute execution power and runs
your code based on the incoming request or event, for any scale of traffic.
✔ Write Lambda functions in your favorite language (Node.js, Python, Go, Java, and more) and use
both serverless and container tools, such as AWS SAM or Docker CLI, to build, test, and deploy your
functions.

AWS cloudtrail (Q:company need to identify the last time that a specific user accessed the AWS
management console)

AWS cost and usage reports (Q:that can breakdown cloud cost by product , by company
defined tags and by hour , day and month)
AWS X ray(Q: has a severless application include Amazon API , AWS Lamda function , Amazon
DynamoDB database)