APIs → An application programming interface (API) is a set of tools, definitions, and

protocols for integrating application software and services.

Cost Explorer → Visualize costs associated with the account.

AWS Cost and Usage Report → Tracks your AWS usage and provides estimated charges
associated with your account. You can use Cost and Usage Reports to publish your AWS billing reports
to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that
break down your costs by the hour, day, or month, by product or product resource, or by tags that you
define yourself.

AWS Command Line Interface (CLI) → To interact with AWS using a terminal.

Elastic Load Balancers → Evenly distribute loads (Requests) among available compute power
(EC2).

Amazon EC2 instance types

Reserved You can purchase Standard Reserved and Convertible Reserved Instances for a
1-year or 3-year term, and Scheduled Reserved Instances for a 1-year term. You realize greater
cost savings with the 3-year option.

Amazon EC2 Savings Plans enable you to reduce your compute costs by committing to a
consistent amount of compute usage for a 1-year or 3-year term. This term commitment results
in savings of up to 66% over On-Demand costs.

On-Demand are ideal for short-term, irregular workloads that cannot be interrupted. The
instances run continuously until you stop them, and you pay for only the compute time you use.

Spot are ideal for workloads with flexible start and end times. Used for batch data workloads,
2min time for saving data 90% discount.

Dedicated Hosts are physical servers with Amazon EC2 instance capacity that is fully
dedicated to your use.

AWS global infrastructure (for example, AWS Regions, Availability Zones)

Infrastructure as Code (IaC) → Cloud formation.

Amazon Machine Images (AMIs) → Computer configuration templates.

AWS Management Console → Visually interact With AWS beginner-friendly.

AWS Marketplace → Digital catalog of softwares provided by different 3rd party vendors.

AWS Professional Services → The AWS Profesional Services organization is a global team of
experts that can help you realize your desired business outcomes when using the AWS Cloud.

AWS Personal Health Dashboard → a tool that provides alerts and remediation guidance
when AWS is experiencing events that may affect you.

Security groups → Instance level security (State full, Deny all traffic by default).

AWS Service Catalog → create and manage a selection of AWS(Amazon Web Service)
services that are approved for use on AWS.

AWS Service Catalog (Portfolio) allows you to centrally manage deployed IT services and your
applications, resources, and metadata. This helps you achieve consistent governance and meet
your compliance requirements while enabling users to quickly deploy only the approved IT
services they need.

AWS Service Health Dashboard → publishes up-to-the-minute information on the general

status and availability of all AWS services in all the Regions of AWS Cloud.

While the Service Health Dashboard displays the general status of AWS services,
Personal Health Dashboard gives you a personalized view into the performance and
availability of the AWS services powering your AWS resources.

Service quotas → Service Quotas enable you to view and manage your quotas for AWS
services from a central location. Quotas also referred to as limits in AWS, are the
maximum values for the resources, actions, and items in your AWS account. Each AWS
service defines its quotas and establishes default values for those quotas.

AWS software development kits (SDKs) → Interact with AWS using programming languages.

AWS Support Center → AWS Support Center is the hub for managing your Support cases.

AWS Support tiers

Basic 24/7 customer support, AWS Trusted advisor (Basic), AWS personal health dashboard,
docs, whitepapers, forums.
Developer Basic + Email access to customer support. 24 hr response time.Client-side
diagnostic tools, Building-block architecture support, which consists of guidance for how to use
AWS offerings, features, and services together

Business: Phone access to cloud support engineer 4hrs normally 1hr if the production
server is down. Customers with a Business Support plan have access to additional features,
including:
● Use-case guidance to identify AWS offerings, features, and services that can best
support your specific needs
● All AWS Trusted Advisor checks
● Limited support for third-party software, such as common operating systems and
application stack components

Enterprise Application architecture guidance, which is a consultative relationship to support

your company’s specific use cases and applications, 15 min SLA for business-critical
workloads.

Infrastructure event management: A short-term engagement with AWS Support that helps your
company gain a better understanding of your use cases. This also provides your company with
architectural and scaling guidance.

The technical Account Manager is your primary point of contact at AWS. They provide guidance,
architectural reviews, and ongoing communication with your company as you plan, deploy, and
optimize your applications.

Virtual private networks (VPNs) → Private connection over the public internet.

AWS services and features Analytics:

Amazon Athena → Is an interactive query service that makes it easy to analyze data in
Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage,
and you pay only for the queries that you run.

Amazon Kinesis → Easily collect, process, and analyze video and data streams in real-time.

Amazon QuickSight → The most popular cloud-native, serverless BI service. Combines

data from cloud dB, on-premises data, 3rd party dB, and spreadsheets. ( Serverless,
managed).

Application Integration:

Amazon Simple Notification Service (Amazon SNS) → pub sub model between app, send
mails etc.
Amazon Simple Queue Service (Amazon SQS) → decoupling (store, send and receive msgs)
4days min 14 days max fails to execute requests > dead letter Q.

Compute and Serverless:

AWS Batch → AWS Batch plans, schedules, and executes your batch computing workloads
across the full range of AWS compute services and features, such as AWS Fargate, Amazon
EC2 and Spot Instances.
AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g.,
CPU or memory optimized instances) based on the volume and specific resource requirements
of the batch jobs submitted.

Amazon EC2 →

AWS Elastic Beanstalk →To provision EC2-based environments.

Provide application code and desired config to EBS.
EBS builds the environment and saves the environment for reuse.
Focus on business, not infra.
It is an orchestration service(the automated configuration, management, and coordination of
computer systems, applications, and services).
For deploying apps which orchestrate various AWS services ec2 sns CW elb etc.

AWS Lambda → Serverless compute When triggered code runs. Auto scalable, Run for 15 min
max. First 1 mil invocations free per month.

Amazon Lightsail → Launch simple web applications, Create custom websites,

Build small business applications, Spin up test environments.

Amazon Lightsail offers easy-to-use virtual private server (VPS) instances, containers, storage,
databases, and more at a cost-effective monthly price.

Amazon WorkSpaces →Global.

Is a fully managed desktop virtualization service for Windows and Linux that enables you to
access resources from any supported device.
Facilitate remote work, Run powerful desktops

Containers:
Docker containers
A container is a package of code and its dependencies, a container can run on EC2 and
Fargate(serverless).

Orchestration tools: Helps to run containerized applications at scale.

Amazon Elastic Container Service (Amazon ECS)
Amazon Elastic Kubernetes Service (Amazon EKS)

AWS Fargate → serverless platform to run Docker container-based workloads.

Database:

Amazon Aurora → Is a global-scale relational database service built for the cloud with full MySQL
and PostgreSQL compatibility. 1/10th cost compared to commercial dB. 6 copies of data
available(ity high) at any time. Continuous backups to s3. Managed by AWS.

Amazon DynamoDB → Non-relational, No SQL,key-value pairs, massive throughput, PB size

potential, high reliability and scalability. Dynamo dB accelerator DAX

Amazon ElastiCache → Adding cache on top of dB layer to improve read time of common
requests from milli sec to micro sec.

Amazon RDS → Supports MySQl, postgre SQL, oracle, ms SQL etc.

Manages Automated patching, backups, redundancy, failover, and disaster recovery.

Amazon Redshift → Warehouse data, Big data, BI.

Developer Tools:
AWS CodeBuild → compiles source code, runs tests, and produces software packages that are
ready to deploy.

is a fully managed continuous integration service that compiles source code, runs tests, and
produces software packages that are ready to deploy.
charged by the minute for the compute resources you use.

AWS CodeCommit → hosts private Git repositories.

Is a secure, highly scalable, managed source control service that hosts private Git repositories.
It makes it easy for teams to securely collaborate on code with contributions encrypted in transit
and at rest.

AWS CodeDeploy → automates software deployments to a variety of compute services such

as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers.

is a fully managed deployment service that automates software deployments to a variety of

compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises
servers. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you
avoid downtime during application deployment, and handles the complexity of updating your
applications. You can use AWS CodeDeploy to automate software deployments, eliminating the
need for error-prone manual operations. The service scales to match your deployment needs.

AWS CodePipeline → "Continuous delivery service for fast and reliable application updates"
This enables you to rapidly and reliably deliver features and updates.
Is a fully managed continuous delivery service that helps you automate your release pipelines
for fast and reliable application and infrastructure updates. CodePipeline automates the build,
test, and deploy phases of your release process every time there is a code change, based on
the release model you define.

AWS CodeStar → AWS CodeStar enables you to quickly develop, build, and deploy
applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily
manage your software development activities in one place.

Customer Engagement:

Amazon Connect → Is an omnichannel cloud contact center. You can set up a contact
center in a few steps, add agents who are located anywhere, and start engaging with
your customers.
Amazon Connect is an open platform that you can integrate with other enterprise
applications, such as Salesforce.
Management, Monitoring, and Governance:

AWS Auto Scaling → Increase or decrease compute resources with changing demand.
Dynamic scaling, Predictive scaling.

AWS Budgets → Review

Allows you to set custom budgets to track your cost and usage from the simplest to the
most complex use cases. With AWS Budgets, you can choose to be alerted by email or
SNS notification when actual or forecasted cost and usage exceed your budget threshold.

AWS CloudFormation → Infrastructure as code.

AWS CloudTrail → Record every API call by a user. Track user activity and API usage.

Amazon CloudWatch → enables you to monitor and manage various metrics and configure
alarms based on metrics data. Creates graphs automatically.
Access all metrics from one central location.
Gain visibility into your app, infra, and services.
CW alarms are integrated with SNS.

AWS Config → configurations of your AWS resources. assess, audit, and evaluate the
configurations of your AWS resources.

Is a service that enables you to assess, audit, and evaluate the configurations of your AWS
resources. Config continuously monitors and records your AWS resource configurations and
allows you to automate the evaluation of recorded configurations against desired configurations.

AWS Cost and Usage Report → Deliver report files to your Amazon S3 bucket.
Update the report up to three times a day.
Create, retrieve, and delete your reports using the AWS CUR API Reference.

You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon
Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that
break down your costs by the hour, day, or month, by product or product resource, or by
tags that you define yourself. AWS updates the report in your bucket once a day in
comma-separated value (CSV) format. You can view the reports using spreadsheet
software such as Microsoft Excel or Apache OpenOffice Calc, or access them from an
application using the Amazon S3 API.

Amazon EventBridge (Amazon CloudWatch Events) →

AWS License Manager → lets administrators create customized licensing rules that mirror the
terms of their licensing agreements. Administrators can use these rules to help prevent licensing
violations, such as using more licenses than an agreement stipulates.

AWS Managed Services → Operate your AWS infrastructure for you.

AWS Organizations → You can use AWS Organizations to consolidate and manage multiple
AWS accounts within a central location.

In AWS Organizations, you can centrally control permissions for the accounts in your
organization by using service control policies (SCPs). SCPs enable you to place restrictions
on the AWS services, resources, and individual API actions that users and roles in each account
can access. Scp applies to individual users or OU.

you can group accounts into organizational units (OUs) to make it easier to manage accounts
with similar business or security requirements.

AWS Secrets Manager → Easily rotate, manage , and retrieve database credentials, API keys,
and other secrets through their lifecycle.

AWS Systems Manager →

AWS Systems Manager Parameter Store →

AWS Trusted Advisor → Inspects AWS environment and provides real-time recommendations
in accordance with AWS best practices.

AWS Best practices

Cost optimization
Performance
Security
Fault tolerance
Service limits.

Networking and Content Delivery:

Amazon API Gateway → Amazon API Gateway is a fully managed service that makes it easy
for developers to create, publish, maintain, monitor, and secure APIs at any scale.

Amazon CloudFront → Securely deliver content with low latency and high transfer speeds.

AWS Direct Connect → A service that allows a customer to establish a dedicated network
connection between one of Amazon's Direct Connect locations and the customer's data center.

Amazon Route 53 → Amazon Route 53 is a highly available and scalable cloud Domain Name
System (DNS) web service.
Amazon Route 53 effectively connects user requests to infrastructure running in AWS – such as
Amazon EC2 instances

Amazon VPC → Is a service that lets you launch AWS resources in a logically isolated
virtual network that you define

Security, Identity, and Compliance:

AWS Artifact → No cost. Compliance reports done by 3rd party, and AWS security reports on
demand.

AWS Certificate Manager (ACM) → Easily provision, manage, and deploy public and private
SSL/TLS certificates for use with AWS services and your internal connected resources.

AWS CloudHSM → Is a cloud-based hardware security module (HSM) that enables you to
easily generate and use your own encryption keys on the AWS Cloud.

Amazon Cognito → Amazon Cognito lets you add user sign-up, sign-in, and access control to
your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and
supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon,
and enterprise identity providers via SAML 2.0 and OpenID Connect.

Amazon Detective → Analyze and visualize security data to rapidly get to the root cause of
potential security issues.

Amazon GuardDuty → Account level. Protect your AWS accounts with intelligent threat
detection.
Continuously analyzes n/w and account activity ( metadata ).
security monitoring service that analyzes and processes data sources, such as AWS CloudTrail
data events for Amazon S3 logs, CloudTrail management event logs, DNS logs, Amazon EBS
volume data, Kubernetes audit logs, Amazon VPC flow logs, and RDS login activity.
Amazon Inspector → Amazon Inspector is an automated vulnerability management service
that continually scans AWS workloads for software vulnerabilities and unintended network
exposure.
Only for EC2, ECR (container images), Lambda.

AWS Identity and Access Management (IAM) → Provides fine-grained access control across
all of AWS. With IAM, you can specify who can access which services and resources, and under
which conditions. With IAM policies, you manage permissions to your workforce and systems to
ensure least-privilege permissions.

AWS License Manager → AWS License Manager makes it easier to manage your software
licenses from vendors such as Microsoft, SAP, Oracle, and IBM across AWS and on-premises
environments.

Amazon Macie → Amazon Macie is a fully managed data security and data privacy service
that uses machine learning and pattern matching to discover and protect your sensitive data in
AWS.

AWS Shield → Is a managed Distributed Denial of Service (DDoS) protection service that
safeguards applications running on AWS.

AWS WAF → Is a web application firewall that helps protect your web applications or APIs
against common web exploits and bots that may affect availability, compromise security, or
consume excessive resources.

Storage:

AWS Backup → enables you to centralize and automate data protection across AWS services
and hybrid workloads.

Amazon Elastic Block Store (Amazon EBS) → provides block-level storage volumes for use
with EC2 instances.
AZ level. Instance, EBS must be in the same az.
Regular incremental snapshots are taken.
It is an HDD.
No auto-scaling.

Amazon Elastic File System (Amazon EFS) → Region level

Linux file system
Multiple instances can read &write simultaneously.
Autoscaling.
Connect directly with on-premises data center.

Amazon S3 →
Connects with on-premises data center through storage gateway.

Amazon S3 Glacier →

AWS Snowball Edge →

AWS Storage Gateway →

The Amazon Simple Workflow Service (Amazon SWF) makes it easy to build
applications that coordinate work across distributed components.

penetration testing → BALL RACE kjjj

track and categorize spending on a detailed level → cost allocation tags, not budgets.

example of using loose coupling when designing an information system → DNS name
usage.

What is ephemeral storage?

Ephemeral storage is the volatile temporary storage attached to your instances

which is only present during the running lifetime of the instance.

→ AWS Lambda natively supports Java, Go, PowerShell, Node. js, C#, Python, and
Ruby code, and provides a Runtime API which allows you to use any additional
programming languages to author your functions.

Amazon namespace is used to uniquely identify AWS(Amazon Web Service) resources

→ ARN
To optimize pricing or ensure capacity is available reservations can be applied to
which of the following services → RDS EC2

Reduced Redundancy option in Amazon S3 → Less redundancy for low cost.

What are the Amazon EC2 API tools? → command line tools to the amazon ec2
services

Which of the following aspects when creating an EC2 Instance defines the underlying
CPU and Memory allocated to the instance

● Instance Type

The 6 Pillars of the AWS Well-Architected Framework | AWS Partner Network (APN)

VPC Peering

DR.Strategy →
Backup & Restore strategy - Backup and Restore is associated with higher RTO
(recovery time objective) and RPO (recovery point objective). This results in longer
downtimes and greater loss of data between when the disaster event occurs and
recovery. However, backup and restore can still be the right strategy for workloads
because it is the easiest and least expensive strategy to implement.

Pilot Light strategy- Pilot Light, like Warm Standby strategy, replicates data from the
primary Region to data resources in the recovery Region, such as Amazon Relational
Database Service (Amazon RDS) DB instances or Amazon DynamoDB tables. But, the
DR Region in a pilot light strategy (unlike warm standby) cannot serve requests until
additional steps are taken. A pilot light in a home furnace does not provide heat to the
home. It provides a quick way to light the furnace burners that then provide heat.

Warm standby can handle traffic at reduced levels immediately. Pilot light requires you
to first deploy infrastructure and then scale out resources before the workload can
handle requests.
Multi-site active-active strategy This strategy uses AWS Regions as your active sites,
creating a multi-Region active/active architecture. Generally, two Regions are used. Each
Region hosts a highly available, multi-Availability Zone (AZ) workload stack. In each
Region, data is replicated live between the data stores and also backed up. This
protects against disasters that include data deletion or corruption since the data backup
can be restored to the last known good state. Each regional stack serves production
traffic effectively. But, this strategy is cost involving and should only be used for
mission-critical applications.
Warm Standby strategy When selecting your DR strategy, you must weigh the benefits
of lower RTO (recovery time objective) and RPO (recovery point objective) vs the costs
of implementing and operating a strategy. The pilot light and warm standby strategies
both offer a good balance of benefits and cost.

This strategy replicates data from the primary Region to data resources in the recovery
Region, such as Amazon Relational Database Service (Amazon RDS) DB instances or
Amazon DynamoDB tables. These data resources are ready to serve requests. In
addition to replication, this strategy requires you to create a continuous backup in the
recovery Region. This is because when "human action" type disasters occur, data can be
deleted or corrupted, and replication will replicate the bad data. Backups are necessary
to enable you to get back to the last known good state.

The warm standby strategy deploys a functional stack, but at reduced capacity. The DR
endpoint can handle requests, but cannot handle production levels of traffic. It may be
more, but is always less than the full production deployment for cost savings. If the
passive stack is deployed to the recovery Region at full capacity, however, then this
strategy is known as “hot standby.” Because warm standby deploys a functional stack to
the recovery Region, this makes it easier to test Region readiness using synthetic
transactions.
● AWS Transit Gateway connects 2 vpc s of the same organization
● AWS Transit Gateway connects VPCs and on-premises networks through a
central hub. This simplifies your network and puts an end to complex peering
relationships. It acts as a cloud router – each new connection is only made once.
As you expand globally, inter-Region peering connects AWS Transit Gateways
using the AWS global network. Your data is automatically encrypted and never
travels over the public internet.
● VPC Peering between vpc s
● Site to Site VPN - AWS Site-to-Site VPN creates a secure connection between
your data center or branch office and your AWS cloud resources. This connection
goes over the public internet. Site to Site VPN cannot be used to interconnect
VPCs.
● VPC Endpoint - A VPC endpoint enables you to privately connect your VPC to
supported AWS services and VPC endpoint services powered by AWS PrivateLink
without requiring an internet gateway, NAT device, VPN connection, or AWS
Direct Connect connection. You cannot connect two VPCs using a VPC endpoint.
The AWS Abuse team can assist you when AWS resources are used to engage in the
following types of abusive behavior: spam from AWS-owned IP addresses or AWS
resources, port scanning, Denial-of-service (DoS) or DDoS from AWS-owned IP
addresses, intrusion attempts, hosting objectionable or copyrighted content, distributing
malware.