While I was studying for my AWS CPC certification, the sheer number of AWS services within its ecosystem is difficult to absorb in one go. Below is a summary of all of the AWS services. Along with this, I'll provide some clarification on the subjects that I had trouble with too. Take note, I may mention an AWS service more than once because it serves mutliple services and AWS services work in conjunction with each other.
Credit goes to BackSpace Academy's Udemy course for making all of this easier to learn, Udemy.
A special section has been carved out for AWS' CLI services. AWS' API that enables us to use the CLI. The API enables us to communicate with from a remote server to the AWS services in the AWS cloud (all tracked in CloudTrail).
The Management Console makes HTTP requests to the AWS backend. Same for when we use CLI, it makes HTTP requests. Wrapped around this API are different SDK’s. These are turned into libraries that can be used with different coding languages. All of API calls need to be auth’d by username and password.
Service | Description |
---|---|
AWS CLI applicaton | This is AWS's CLI that is available for Windows, Mac, or Linux |
AWS Shell | This is a cross-platform, standalone integrate shell environment written in Python. |
AWS Tools | This is the equivalent to Windows Powershell. |
AWS CloudShell | This service provides shell environment access through the AWS Management Console. It has AWS CLI pre-installed. Thi ss more secure than just AWS CLI because the AWS Management Console requires username, password, and MFA. |
AWS Cloud9 IDE | This runs on EC2 access through the AWS Management Console with AWS CLI pre-installed. It allows for a tree view of files, enables drag and drop SFTP transfer of files. It is more secure since the IAM is not saved locally on a machine. |
Concept | Details |
---|---|
Shared Responsibility Model | AWS is responsible for the "Security of the Cloud" and Customers are responsible for
"Security in the Cloud". AWS takes care of the physical infrastructure. The customer is
responsible for the services within that physical infrastructure.
|
Cloud Computing Models |
|
Cloud Deployment models |
|
AWS Well-Architected Six Pillars |
|
Operational Excellence Pillars when designing AWS infrastructure |
|
Availability, Durability, Elasticity, vs Resiliency |
Each AWS service satisfies one of the following properties. Know the difference between each
of
them.
|
Operational Excellence Pillars when designing AWS infrastructure |
|
Cloud Computing Models |
|
Cloud Deployment models |
|
IAM Access Levels |
From the highest to the lowest level of access controlled by the Identity Access Management
(IAM)
|
Global Infrastructure: Regions vs Availability Zones vs Local Zones vs Edge Locations |
|
Cloud Computing Models |
|
Cloud Deployment models |
|
AWS Resource Groups | Throughout the Management Console, the admin is able to tag EC2, RDS, and S3 instances. This tagging allows resource groups to be created. These resource groups are a collection of resources. From there, automated management tasks can be ran from the AWS Systems Manager Automation. It can monitored in Systems Manager for AWS Config compliance and other data. By default, the Management Console is organized by service, but this can be customized to organize by the resource group (tags). |
AWS Outposts | This service extends AWS infrastructure, services, API's, and tools to any data center (including on-prem). This service supports the hybrid cloud deployment model. |
Service | Description |
---|---|
Elastic Map Reduce (EMR) | This is a Hadoop framework as a service used for big data analysis of S3 or DynamoDB data stores. Other frames that can be used too, such as Apache Spark, Hive, HBase, Presto and Flink. |
Athena | This service analyses date stored in S3 using SQL |
FinSpace | This is a petabyte scale data management and analytics service built for the financial industry. It includes a library of over 1000 financial analysis functions. |
Kinesis | This service collects, processes, and analyses real-time streaming data. |
QuickSight | This is a business-intelligence (BI) reporting tool like Tableau or Bert. |
CloudSearch | This is a search engine service that supports up to 34 languages. It provides a search solution for your website or application. |
OpenSearch (formerly ElastiSearch) | This is a fully managed service for Elastic.Co's ElasticSearch framework (another search engine solution). |
Service | Description |
---|---|
Step Functions | This service provides a visual workflow that coordinates components of distributed applications and microservices. This visualizes the workflow to define the steps to deploying an application. It is recommended for new applications. |
Simple Workflow (SFW) | This service coordinates multiple components of business applications. Similar to Step Functions. |
Simple Notification Service (SNF) | This is a fully managed pub-sub (publication-subscription) messaging service. For example, a user creates a topic on your application, other users subscribe to the topic, and they may publish a message to that topic. Subscribed users will receive the message. This service pushes notifications to mobile devices too. |
Simple Queue Service (SQS) | This is a fully managed message queuing service that decouples applications from demand requests. This allows messages to build up in a queue until the processing server is ready for the demand load. |
Six advantages or benefits of AWS Cloud Computing:
There are four key values for building a business case for an organization to migrate to AWS:
The Business Case services below help an organization to plan a migration and see AWS' values.
Service | Description |
---|---|
Cost Explorer | This service allows you to visualize, understand, and manage costs and usage of the AWS resource over time. It is a subset of the Budget service. Reports can be created from here. |
Pricing Calculator | This service calculates the monthly and annual cost of potentially using AWS resources. Formerly called, 'Simple Monthly Calculator' |
Price List API |
There are two API's used to query prices of your AWS resources:
AWS Price List Bulk (query API) - This is a bulk pull of all AWS services. It's output is a JSON/CSV file. It retains a history of versions of the price list. AWS Price List Query API (bulk API) - This API can pull information about specific AWS resources that the query API above cannot, such as EC2 instances with 64 vCPUs, 256 GB of memory, installed on SQL Server in Mumbai. It doesn't retain historical prices |
Total Cost of Ownership (TCO) | This service estimates all of the expenses involved in purchasing and operating
equipment
over
its life cycle. This includes:
server (software, licensing) storage (hardware, backware, and administrative) network (load balancing, administrative costs) IT labor costs (Server Admin. and Virtualization Admin) power and space |
Migration Evaluator (formerly TSO Logic) | This is a complimentary service. It logs all of an organization's on-prem systems. The logs are then used to to create data-driven business case for migrating to AWS. An AWS server is setup on-prem, collects real-time data. It stores it in a MongoDB. Those packages are sent to a S3 bucket. Migration Evaluator will produce a TCO and compares it to AWS solutions. |
Prescriptive Guidance | This service provides strategies and guides from AWS and AWS partners on how to speed up a migration. |
Inspector | This is an automated security assessment service. It reduces cost and increases effectiveness of security assessment and compliance. Discounts are applied when used in volume. |
Compliance | This is a suite of compliance and compliant enabling services (notice the distinction). AWS supports Compliant (SOC1, SOC2, SOC3, ISO, etc) and Compliance (HIPAA) standards. |
Config | This is a Configuration Management Service (CMS) service that assesses, audits, evalulates the configuration of AWS resources based on pre-built rules. After the rules are set it continues to monitor and record. It can be applied to network and software. The rules are organized into a conformance pack. We can check the Cloud Governance Dashboard for changes across accounts and regions. It integrates with AWS Organizations. |
Support Plans |
There are four levels that will certainly will appear on the exam.
|
Professional | This is a collaboration between the client, AWS experts, AWS Partner Network (APN), and the AWS Professional Services team. This service offers practical, technical expertise on the AWS services. |
Managed | This services helps with migration and operational assistance by AWS Cloud experts. It leverages a library of autoamtions, configurations and run books. It enhances security and cost optimization. |
IQ for Expert | This is an on-demand job board for AWS certified practitioners where they can pick up customer jobs. |
For a summary of the cost management tools see: https://aws.amazon.com/blogs/publicsector/tco-cost-optimization-best-practices-for-managing-usage/
Service | Description |
---|---|
WorkDocs | This is a secure, fully managed file collaboration and management document service. This web client allows you to view and provide feedback on 35+ file types including Microsoft Office and .pdf. It is similar to Google Drive and Google Docs. |
WorkMail | This is a secure, fully managed business email and calendar service. |
Chime | This is an online meeting service like Microsoft Teams, Zoom, or Google Meeting. |
WorkSpaces | This is a secure desktop-as-a-service. This provisions streaming, cloud-based Microsoft Windows desktops. This is the equivalent to Remote Desktop Services (RDS, not to be confused with AWS) of Citrix Xenapp. |
AppStream | This is a secure streaming service that allows you to stream desktop applications from AWS to an HTML5 browser. |
Connect | This is a self-service contact center from AWS. It has a pay-as-you-go pricing model. You can build this contact center with a drag and drop GUI. This GUI can be used to create process flows that define customer interactions without coding. |
Pinpoint | This service sends email, SMS, and mobile push notifications for marketing campaigns or direct messages to customers. For example, if your application receives an order for your business this service would send a message to the customer as confirmation. |
Simple Email Service (SES) | This service sends to bulk of customers email, such as notifications about discounts on business' services. |
Service | Description | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Marketplace | This service is a place where vendors share their own enviornment build images and that you can use to build your application. Things like Wordpress with Linux builds are pre-fabricated for you. | |||||||||||||||||||||||||||
Elastic Compute Cloud (EC2) | Cloud Compute (2) => EC2. This service provides virtual servers upt to thousands of servers
at a
time. Pay-as-you-use.
Session Manager is a functionality within AWS Systems Manager that manages EC2 instances, onprem instances and VM's EC2 Instance Connect - this service connects Linux instances using a browser-based client. |
|||||||||||||||||||||||||||
EC2 Instance Purchasing Options (Pricing Models) |
|
|||||||||||||||||||||||||||
EC2 Autoscaling | This service scales the number of servers based on set parameters and demand. It also does monitoring, tearing down, and spinning up of EC2 servers as-needed. | |||||||||||||||||||||||||||
LightSail | Provides compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud. It includes everything you need to launch your project quickly – virtual machines, containers, databases, CDN, load balancers, DNS management etc | |||||||||||||||||||||||||||
Elastic Container Service (ECS) | This is a container management service using Docker. | |||||||||||||||||||||||||||
Lambda | serverless service that runs code (think functions) in the AWS cloud. You either upload or write some code and it will run it for you. This is similar to Google Scripts. |
Service | Description |
---|---|
RDS | This provides AWS-hosted relational databases, which you can pick to use MySQL, PostgreSQL, Microsoft SQL Server, Oracle, and/or Aurora. Aurora is AWS' own homegrown SQL database engine. It is also the most expensive option. |
DynamoDB | AWS's NoSQL database-as-a-service. It is a serverless service like Amazon S3, and as such, you don't need to worry about the underlying infrastructure behind it. |
Redshift | This is a fast, fully-managed, petabyte-scale data warehouse that is based upon the PostgreSQL database engine. This is meant for big data |
ElastiCache | This is an in-memory data store that is cached on the cloud. It allows you to quickly retrieve data that is often requested. |
Neptune | This is a graph database service. It has a purpose-built, high-performance graph database engine optimized for storing billions of relationships and traversing the graph in milliseconds. |
Service | Description |
---|---|
Cloud9 | This is an integrated development environment. It deploys servers directly to AWS from an integrated dev environment. If you pursue the Associate Developer certification, then Cloud9 is used extensively. |
Codestar | This service develop and deploy applicatons to AWS. It manages the continuous integration and continuous delivery/deployment (CI/CD) pipeline. It comes with JIRA tracking |
X-Ray | This service analyzes and debugs applications. It monitors app performance and the services the app relies on. |
CodeCommit | This is AWS' git repository. |
CodePipeline | This is a CI/CD service. It builds, tests and deploys code changes as they happen. This automates and reduces chances of errors happening. |
CodeBuild | This service compiles source code, runs tests, produces software packages that can be deployed. |
CodeDeploy | This automates software deployments for compute services, like EC2 and Lambda. This service can be used for on-premises instances. |
Services | Description |
---|---|
Compute | Outposts, Wavelength, Local Zones, Snow, ECS Anywhere, EKS Anywhere |
Storage | Storage Gateway, Backup, DataSync, Transfer for SFTP | >
Networking | Direct Connect, Route53 Resolver |
Management | Directory Service, IAM, Systems Manager, OpsWorks, Code Deploy, CloudWatch, X-Ray |
VMware | VMWare Cloud on AWS, RDS on VMware |
Service | Description |
---|---|
Internet-of-Things (IoT) | This is a cloud platform that lets embedded devices, such as microcontrollers and Raspberry Pi securely interact with cloud applications. |
FreeROTS | This is an operating system for microcontrollers, such as the PIC32 microchip. It allows for small, low-cost, low-power devices to connect to the AWS IoT. |
GreenGrass | This software allows you to run local AWS Lambda functions, messaging data caching sync, and ML apps on AWS IoT. It extends services to deivces so they can act locally. |
GameLift | This service deploys, manage, and scale dedicated game services. |
Lumberyard | This is a game development environment and cross-platform AAA game engine. |
Service | Description |
---|---|
CloudFormation | This service uses text files to define infrastructure and these files are used to deploy resources on the AWS cloud. Version control tools can be used to manage the code. |
CloudTrail | This service monitors and logs AWS account activity for governance, compliance, operational
and
risk auditing purposes. Users', roles', and/or AWS services' are recorded as events. You can
create trails to track any of these events. Note: This service monitors all of the API calls
made from inside and outside of the cloud. It can be used to detect bad actors inside trying
to
damage the cloud infrastructure. It could automatically restrict their access.
The difference. CloudWatch monitors performance and CloudTrail monitors actions. |
CloudWatch | This service monitors deployed cloud resources and applications. This service can trigger scaling operations and provide insight about deployed resources. |
Services Catalog | This service is a catalog of resources that can be deployed to the cloud. It allows a company to govern and control compliance of its IT resources. It defines what is allowed to be deployed to the cloud which helps with compliance. |
Systems Manager | This service allows you to view operational data about multiple AWS services and automates tasks. This reduces detection time and resolves operational problems. |
Config | This service allows you to assess, audit, and evaluate the AWS resources' configurations. It uses includes auditing, security analysis, change management and control. |
OpsWorks | This service provides managed instances of Chef and Puppet (IT software automation). Both Chef and Puppet can be used to configure and automate the deployment of AWS resources. |
Trusted Advisor | This is service analyses an AWS account and resources then it advises
you
on how to optimize:
|
Personal Health Dashboard - This service is free for all support tiers. It provides alerts and guidance for AWS events. Service Health DaShboard shows the general status of AWS services. PHI is more proactive. This allows you to quickly diagnose and resolve issues. |
Service | Description |
---|---|
DeepLens | This is a deep learning enabled video camera (hardware). It has a SDK that is integrated AWS ML services. |
SageMaker | This service is used to build and train ML models and deploy them to the cloud. It can be used as a backend to your application. |
Rekognition | This service offers deep learning analysis of images and videos |
Lex | This service builds conversational chatbots. It is used for things like level 1 customer support. |
Polly | This service provides natural-sounding text-to-speech for your applications. |
Comprehend | This service analyses text for insights and relationships, like customer data or advanced searching of documents. |
Translate | This is service that provides machine learning for translating different languages. |
Transcribe | This is service that provides automatic speech recognition that analyses audio files stored on S3 and returns transcribed text. |
Service | Description |
---|---|
Elemental MediaConvert | This is a file-based video transcoding service. It converts video formats. |
MediaTailor | This service prepares video content for delivery over the internet and prevents piracy through digital rights management. |
MediaLive | This service provides broadcast-grade live video processing. It creates video streams for delivery to TV's and internet devices. |
MediaStore | This is a AWS media-optimized storage service. |
Kinesis Video Streams | This service streams video from devices connected to the AWS clooud for analytics ML and other processing applications. |
Service | Description |
---|---|
Mobile Hub | This service allows you to configure AWS for mobile applications. It generates a cloud configuration file which stores information the s used to run the application. |
Device Farm | This is a mobile application testing service for Android, iOS, and web application. It can be used to test for a range of physical devices in the cloud. |
AppSync | This is a GraphQL backend for mobile and web applications. |
WaveLength | This service allows your application to be stored on a local mobile ISP's data center. Enabling you to use the 5G network and reduce latency of your applications. The data center your application is stored at becomes a wavelength zone |
Service | Description |
---|---|
Application Discovery Service | This service gathers information about an organizaton's on-prem data center to help plan a migration to AWS. The data is encrypted and stored on the Discovery Service's data store. |
Database Migration Service | This service orchestrates migrations of databases to AWS. It can migrate from one database type to another, too, like an Oracle db to Aurora. |
Server Migration Service | This automates the migration of thousands of on-prem workloads to the cloud. It reduces cost and minimizes downtime. |
Snowball | This is a portable, petabyte scale storage device used to migrate on-prem data to AWS. |
Service | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
CloudFront | This is a global content delivery network (CDN) that has over 100 endpoints all over the world. It also protects against DDOS attacks. This service caches your data or application at an endpoint closer to your users. It does so by caching static content at data centers closer to users. It also supports pre-recorded and live events at low-latency, so it's not just static content. | ||||||||||
Virtual Private Cloud (VPC) | This service provisions logically, isolated sections of the AWS cloud. AWS
resources/services
can be launched within the VPC. This is how the services stay secure because they're all
encapsulated from the world wide web in these VPC's.
VPC Peering is a service that is used to connect two or more VPC's. |
||||||||||
Direct Connect | This is a dedicated, highspeed, fiber optic internet connection that enterprise businesses requiring stability and security can use. Data stays in AWS' cloud and never touches the public internet. | ||||||||||
Elastic Load Balancing (ELB) | This service automatically distributes network traffic (incoming HTTP/HTTPS requests) across
EC2
compute instances and across multiple availability zones. This is highly available and
increases
fault tolerances by balancing network volume. This service is not to be confused
with
EC2 Autoscaler. ELB distributes network traffic (and checks for the health of the
server
it's sending traffic to). Autoscaler manages the servers by spinning them up or
tearing
them down.
|
||||||||||
Route53 | This is a highly available, scalable Domain Name System (DNS) service. It routes network traffic to the AWS cloud | ||||||||||
API Gateway | This service creates and secures API's. It can handle thousands of concurrent API calls and is serverless. APIs act as the "front door" for applications to access data, business logic, or functionality from your backend services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. AWS website | ||||||||||
Internet Gateway | This component of the VPC allows resources to communicate with each other inside the VPC and the internet. It serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. |
Service | Description |
---|---|
Artifact | This service provides guidance on compliance and security documentation. |
Certificate Manager | This service issues Secure Socket Layer (SSL)'s for HTTPS websites. This is used as part of Route53. |
Cloud Directory | This is AWS' cloud-based directory service that offers hierarchies in multiple dimensions. Unlike LDAP-based directories that have a single hierarchy. Similar services are Microsoft Active Directory. |
Directory Service | This is a fully managed Microsoft Active Directory in the AWS Cloud. |
Cloud HSM (hardware security module) | This is a dedicated hardware security module in the AWS cloud. It is fully managed by AWS, so it reduces the costs instead of managing a HSM. |
Cognito | This service adds single-sign on (SSO) authentication to your application. |
Identity and Access Management (IAM) | This service manages user access to your AWS services/resources on your account. Users, roles, and groups have individual permissions. |
Organizations | This offers policy-based management for multiple AWS accounts. This service works for large organizations with multiple accounts that want to manage them centrally. |
Inspector | This is an automated security assessment service. It helps identify vulnerabilities within your AWS account. |
Key Management Services (KMS) | This service creates and controls encryption keys for your data. It uses the HSM's to secure your keys. It used with S3, Redshift, and EBS. |
Shield | This service protects a customer against distributed denial of service (DDoS) attacks. The standard version is automatically implemented on all AWS accounts. |
Web Application Firewall (WAF) | This service provides a firewall that sits in front of a customers application to protect it against SQL injections and cross-site scripting. Firewall rules can be configured across accounts and application in AWS Organizations. It allows for consistency since a single rule can be applied as new applicatons are created. |
Service | Description |
---|---|
Backup | This service centralizes and automates data protection across the AWS services and hybrid workloads. A single policy can be applied across the services ensuring that your in compliance when new services are brought on and protects your data. |
S3 | This is a serverless storage service that is hosted on the cloud. S3 buckets store objects and objects are simply files. S3 is not storage alone, but it is a service that handles the movement of files around, deletions, and manages the files overall |
S3 - Glacier | This is where S3 objects are moved to for long-term storage. Its purpose is to archive content. This is not a great option if retrieval performance is required in an application. As a developer you can create life-cycle rules to move S3 objects to Glacier. This is the cheapest of the storage services. |
Elastic Block Storage (EBS) | This is a low-latency, highly available, block-type storage. It is purpose is to connect to
EC2
compute servers.
More on block storage: Block storage, sometimes referred to as block-level storage, is a technology that is used to store data files on Storage Area Networks (SANs) or cloud-based storage environments. Developers favor block storage for computing situations where they require fast, efficient, and reliable data transportation. Block storage breaks up data into blocks and then stores those blocks as separate pieces, each with a unique identifier. The SAN places those blocks of data wherever it is most efficient. That means it can store those blocks across different systems and each block can be configured (or partitioned) to work with different operating systems. IBM Block Storage |
Elastic File System (EFS) | This is a network-attached storage (NAS). Meaning that multiple servers can connect to the
same
data source. NAS' are storage devices that can be access by multiple devices. There is
usually
some target drive like E:// or F://
Here's the difference between EBS (SAN) vs EFS (NAS). SAN's is a cloud of multiple storage devices where blocks of data stored. NAS' are a single storage device that can be access across a network. |
Storage Gateway | This is a hybrid storage environment. Meaning it is a mix between on-premise data centers and cloud data centers. This service systematically moves data from the "on-prem" data center to the cloud. |
Snowball | This is a petabytes, portable storage device used to physically migrate on-prem data to the
cloud. A customer of AWS would download the data and then send it to AWS for upload to a
desired
AWS storage service
Note: This is not be confused with Snowmobile (exabyte). It is a vehicle can move larger amounts of data and provides AWS personnel. Snowball (petabyte) is a single hardware device. |
Use Cases for AWS | Description |
---|---|
Hybrid Storage Deployment Model |
|
Trusted Advisor | This service requires a business, enterprise account to be able to use it. It is a service that provides advice on cost, performance, fault tolerance, and service limits across all of an accounts resources and regions. We can have specific Trusted Advisors setup for different parts of an AWS Organization. We just have to create the organizations and setup Trusted Advisors corresponding to it. |
Last updated: 2022-01-30