P H O N G N G U Y E N

Github Projects Blog Email Linkedin Home

AWS Cloud Practitioner Certification

While I was studying for my AWS CPC certification, the sheer number of AWS services within its ecosystem is difficult to absorb in one go. Below is a summary of all of the AWS services. Along with this, I'll provide some clarification on the subjects that I had trouble with too. Take note, I may mention an AWS service more than once because it serves mutliple services and AWS services work in conjunction with each other.

Credit goes to BackSpace Academy's Udemy course for making all of this easier to learn, Udemy.

A special section has been carved out for AWS' CLI services. AWS' API that enables us to use the CLI. The API enables us to communicate with from a remote server to the AWS services in the AWS cloud (all tracked in CloudTrail).

The Management Console makes HTTP requests to the AWS backend. Same for when we use CLI, it makes HTTP requests. Wrapped around this API are different SDK’s. These are turned into libraries that can be used with different coding languages. All of API calls need to be auth’d by username and password.

Service Description
AWS CLI applicaton This is AWS's CLI that is available for Windows, Mac, or Linux
AWS Shell This is a cross-platform, standalone integrate shell environment written in Python.
AWS Tools This is the equivalent to Windows Powershell.
AWS CloudShell This service provides shell environment access through the AWS Management Console. It has AWS CLI pre-installed. Thi ss more secure than just AWS CLI because the AWS Management Console requires username, password, and MFA.
AWS Cloud9 IDE This runs on EC2 access through the AWS Management Console with AWS CLI pre-installed. It allows for a tree view of files, enables drag and drop SFTP transfer of files. It is more secure since the IAM is not saved locally on a machine.
Concept Details
Shared Responsibility Model AWS is responsible for the "Security of the Cloud" and Customers are responsible for "Security in the Cloud". AWS takes care of the physical infrastructure. The customer is responsible for the services within that physical infrastructure.
  • Inherited Controls - the customer fully inherits controls that AWS manages like the physical and environmental controls.
  • Shared Controls - AWS provides the infrastructure and the customer is responsible for the implementation of those AWS sservices. Things like patching, configuration, and training are shared because AWS must patch, configure, and train their own employees to maintain the infrastructure. The customer is responsible for patching, configuration, and training on the services within that infrastructure.
  • Customer specific - Service, Communications Protection, or Zone security which requires routing or zone data specific specific within those environments.
Cloud Computing Models
  • Software-as-a-Service - End-users - subscribe to software apps available over the internet. (Gmail)
  • Platform-as-a-Service - Software Developer - platform for clients to deploy/host their own applications. No need to setup the infrastructure.
  • Infrastructure-as-a-Service - Infrastructure Architects - subscribe to hardware and network
Cloud Deployment models
  • On-premises - data centers are onsite. We'll see this in legacy systems or where security precludes them from going cloud (government)
  • Hybrid - a hybrid between hybrid and cloud. Financial institutions.
  • Cloud - all applications and data services are on the Internet.
AWS Well-Architected Six Pillars
  • Operational Excellence Pillar -
  • Automation through Infrastructure as Code - Cloudformation
  • Observability - monitoring through collection, analytics, and action.
    • Collection: Infrastructure (Cloudwatch, Cloudwatch Logs), Application (CloudWatch Custom Metrics), Account-level (CloudTrail)
    • Analytics: CloudWatch Logs Insight, Athena (S3), RDS (structured data), RedShift (peta-byte-scale datawarehouse), ElastiSearch (log-based data).
    • Action: Monitoring & Alarming (CloudWatch Alarms), Dashboards (CloudWatch dashboards), and KPI's to make data-driven decisions.
  • Security Pillar - protect information and systems. Maintain confidentiality and integrity of data by managing user permissions and detect security events. The shared responsibility model talks about how AWS is responsible for the of the cloud. The customer is responsible for the security in thecloud. Think of zero trust when thinking about security where everything is a threat and so we should secure the cloud at all levels.
    • IAM - grant the least privileges to principals (who), actions (what), and resources (which) in the IAM policies. Policies can be broken down by identity-based (IAM users, groups) and resource-based (S3, KMS, and SES only). There are more types of policies but these are the main ones discussed.
    • Network Security - defense in depth approach is taken where security of the network is taken at all levels internally and externally. Network level security - VPC (subnets, route tables, and Internet Gateway - component that allows communication between internal resources inside the VPC and the internet). Included here are ALB's and the WAF. ALB's can act like a proxy service that handles internet-facing traffic and cuts off direct connections from public access. Resource level security - use security groups to create virtual firewalls to enforce ingress and egress of traffic for resources. Security groups can be applied to EC2 instances, RDS and Lambda.
    • Data encryption - data encryption is applied in transit and at rest. In transit is when data is passing between systems (HTTPS). At rest are within systems through the use of AWS Key Management Service (KMS).
  • Reliability Pillar - recover quickly from failure through distributed system design, recovery planning and adapting to changes.
    • Fault Isolation - isolate issues through the use of redundant, independent components through the use of fault isolation zones. This can be applied through:
      • Resource and Request - partitioning of resources and requests into cells that are independent of each other. It can be partitioned by dimensions like resource ID's. Shuffle sharding is applied here.
      • AZ - independent data centers that contain redundant deployments of your services across AZ's.
      • Region - This is most isolated of all. It's a completely autonomous data center. Redundant copies of your services are deployed across regions. Regions has more overhead when redundant because there is no shared infrastructure between regions. With the use of Route53, DynamoDB Global Tables and S3 Cross-Region replication can be applied to achieve redundancy.
  • Performance Efficiency Pillar - structure and streamline allocation of IT/computing resources by selecting the optimized resource types and sizes required for your workload. Monitor and maintain efficiency of your business.
    • Selection
    • Scaling
  • Cost Optimization Pillar - Avoid excess costs by understanding spend, controlling fund allocation, and selecting the right type and quantity of resources.
  • Sustainability Pillar - minimize environment impact of running cloud workloads through the used of the shared responsibility model and maximizing utilization to minimize required resources.
Operational Excellence Pillars when designing AWS infrastructure
  • Perform operations as code
  • Make frequent, small, reversible changes
  • Refine operations procedures frequently
  • Anticipate failure
  • Learn from all operational failures
Availability, Durability, Elasticity, vs Resiliency Each AWS service satisfies one of the following properties. Know the difference between each of them.
  • Availability - this is about having access to resources when we need them. We have multiple AZ's where data can be stored on that serves our customers in their locale.
  • Durability - this is the replication of resources in the event of a critical failure. There will be backups.
  • Elasticity - this is the ability to acquire resources as you need them and release when you no longer need them. This can be automatically be achieved with Elastic Load Balancers or the Autoscaler.
  • Resiliency - this is the ability to recover from failures quickly.
Operational Excellence Pillars when designing AWS infrastructure
  • Perform operations as code
  • Make frequent, small, reversible changes
  • Refine operations procedures frequently
  • Anticipate failure
  • Learn from all operational failures
Cloud Computing Models
  • Software-as-a-Service - End-users - subscribe to software apps available over the internet. (Gmail)
  • Platform-as-a-Service - Software Developer - platform for clients to deploy/host their own applications. No need to setup the infrastructure.
  • Infrastructure-as-a-Service - Infrastructure Architects - subscribe to hardware and network
Cloud Deployment models
  • On-premises - data centers are onsite. We'll see this in legacy systems or where security precludes them from going cloud (government)
  • Hybrid - a hybrid between hybrid and cloud. Financial institutions.
  • Cloud - all applications and data services are on the Internet.
IAM Access Levels From the highest to the lowest level of access controlled by the Identity Access Management (IAM)
  • Organizations - single organization can have multiple accounts
  • Account - accounts consists of below. It's usually localized to a single AZ
  • User Groups
  • User Roles
  • Users
Global Infrastructure: Regions vs Availability Zones vs Local Zones vs Edge Locations
  • A region is a cluster of data centers in a geographic location. For example, three regions in the U.S.: U.S. East Virginia, East Ohio, and West California. Within these regions can have multiple AZ's. These are AZ's are equivocal to data centers. A region must consist of at least two AZ's. It's further expanded when external partner data centers act as endpoint extensions of the AWS cloud. Note some services are only available to specific regions and AZ's.
  • AZ - one or more discrete data centers within a Region.
  • Local Zones - extensions of an AWS region that is geographically close to your users.
  • Edge Location - think of this as an endpoint closest to your users. It requests data from a regional edge data cache. Like a distribution center sending out packages.
  • Wavelength zone - mobile 5G enabled area where an AWS application is stored.
Cloud Computing Models
  • Software-as-a-Service - End-users - subscribe to software apps available over the internet. (Gmail)
  • Platform-as-a-Service - Software Developer - platform for clients to deploy/host their own applications. No need to setup the infrastructure.
  • Infrastructure-as-a-Service - Infrastructure Architects - subscribe to hardware and network
Cloud Deployment models
  • On-premises - data centers are onsite. We'll see this in legacy systems or where security precludes them from going cloud (government)
  • Hybrid - a hybrid between hybrid and cloud. Financial institutions.
  • Cloud - all applications and data services are on the Internet.
AWS Resource Groups Throughout the Management Console, the admin is able to tag EC2, RDS, and S3 instances. This tagging allows resource groups to be created. These resource groups are a collection of resources. From there, automated management tasks can be ran from the AWS Systems Manager Automation. It can monitored in Systems Manager for AWS Config compliance and other data. By default, the Management Console is organized by service, but this can be customized to organize by the resource group (tags).
AWS Outposts This service extends AWS infrastructure, services, API's, and tools to any data center (including on-prem). This service supports the hybrid cloud deployment model.
Service Description
Elastic Map Reduce (EMR) This is a Hadoop framework as a service used for big data analysis of S3 or DynamoDB data stores. Other frames that can be used too, such as Apache Spark, Hive, HBase, Presto and Flink.
Athena This service analyses date stored in S3 using SQL
FinSpace This is a petabyte scale data management and analytics service built for the financial industry. It includes a library of over 1000 financial analysis functions.
Kinesis This service collects, processes, and analyses real-time streaming data.
QuickSight This is a business-intelligence (BI) reporting tool like Tableau or Bert.
CloudSearch This is a search engine service that supports up to 34 languages. It provides a search solution for your website or application.
OpenSearch (formerly ElastiSearch) This is a fully managed service for Elastic.Co's ElasticSearch framework (another search engine solution).
Service Description
Step Functions This service provides a visual workflow that coordinates components of distributed applications and microservices. This visualizes the workflow to define the steps to deploying an application. It is recommended for new applications.
Simple Workflow (SFW) This service coordinates multiple components of business applications. Similar to Step Functions.
Simple Notification Service (SNF) This is a fully managed pub-sub (publication-subscription) messaging service. For example, a user creates a topic on your application, other users subscribe to the topic, and they may publish a message to that topic. Subscribed users will receive the message. This service pushes notifications to mobile devices too.
Simple Queue Service (SQS) This is a fully managed message queuing service that decouples applications from demand requests. This allows messages to build up in a queue until the processing server is ready for the demand load.

Six advantages or benefits of AWS Cloud Computing:

  1. Trade capital expense for variable expense.
  2. Benefit from massive economies of scale.
  3. Stop guessing capacity.
  4. Increase speed and agility.
  5. Stop spending money on running and maintaining data centers
  6. Go global in minutes.

There are four key values for building a business case for an organization to migrate to AWS:

  1. Cost Savings - an organization's budget could be used for other elsewhere
  2. Staff productivity - an organization's IT team can work on higher-value objectives
  3. Operational resilience - AWS is more reliable, available and secure
  4. Business agility - AWS allows an organization more time to innovate and reduce the time to go-to-market with these innovations.

The Business Case services below help an organization to plan a migration and see AWS' values.

Service Description
Cost Explorer This service allows you to visualize, understand, and manage costs and usage of the AWS resource over time. It is a subset of the Budget service. Reports can be created from here.
Pricing Calculator This service calculates the monthly and annual cost of potentially using AWS resources. Formerly called, 'Simple Monthly Calculator'
Price List API There are two API's used to query prices of your AWS resources:
AWS Price List Bulk (query API) - This is a bulk pull of all AWS services. It's output is a JSON/CSV file. It retains a history of versions of the price list.
AWS Price List Query API (bulk API) - This API can pull information about specific AWS resources that the query API above cannot, such as EC2 instances with 64 vCPUs, 256 GB of memory, installed on SQL Server in Mumbai. It doesn't retain historical prices
Total Cost of Ownership (TCO) This service estimates all of the expenses involved in purchasing and operating equipment over its life cycle. This includes:
server (software, licensing)
storage (hardware, backware, and administrative)
network (load balancing, administrative costs)
IT labor costs (Server Admin. and Virtualization Admin)
power and space
Migration Evaluator (formerly TSO Logic) This is a complimentary service. It logs all of an organization's on-prem systems. The logs are then used to to create data-driven business case for migrating to AWS. An AWS server is setup on-prem, collects real-time data. It stores it in a MongoDB. Those packages are sent to a S3 bucket. Migration Evaluator will produce a TCO and compares it to AWS solutions.
Prescriptive Guidance This service provides strategies and guides from AWS and AWS partners on how to speed up a migration.
Inspector This is an automated security assessment service. It reduces cost and increases effectiveness of security assessment and compliance. Discounts are applied when used in volume.
Compliance This is a suite of compliance and compliant enabling services (notice the distinction). AWS supports Compliant (SOC1, SOC2, SOC3, ISO, etc) and Compliance (HIPAA) standards.
Config This is a Configuration Management Service (CMS) service that assesses, audits, evalulates the configuration of AWS resources based on pre-built rules. After the rules are set it continues to monitor and record. It can be applied to network and software. The rules are organized into a conformance pack. We can check the Cloud Governance Dashboard for changes across accounts and regions. It integrates with AWS Organizations.
Support Plans There are four levels that will certainly will appear on the exam.
  1. Basic - offers basic customer service only, no technical support.
  2. Developer - available during business hours for technical support, < 12 hrs response to critical failures.
  3. Business - 24/7 technical support, < 1 hr response to critical failures. Includes a TAM
  4. Enterprise - 24/7 technical support from a Senior Engineer, < 15 min. response to critical failures Includes a TAM and Concierge support
These services are available at all support levels for free:
  1. AWS Discussion Forums
  2. Customer Service and Communities
  3. Trusted Advisor
  4. Personal Health Dashboard
Professional This is a collaboration between the client, AWS experts, AWS Partner Network (APN), and the AWS Professional Services team. This service offers practical, technical expertise on the AWS services.
Managed This services helps with migration and operational assistance by AWS Cloud experts. It leverages a library of autoamtions, configurations and run books. It enhances security and cost optimization.
IQ for Expert This is an on-demand job board for AWS certified practitioners where they can pick up customer jobs.

For a summary of the cost management tools see: https://aws.amazon.com/blogs/publicsector/tco-cost-optimization-best-practices-for-managing-usage/

Service Description
WorkDocs This is a secure, fully managed file collaboration and management document service. This web client allows you to view and provide feedback on 35+ file types including Microsoft Office and .pdf. It is similar to Google Drive and Google Docs.
WorkMail This is a secure, fully managed business email and calendar service.
Chime This is an online meeting service like Microsoft Teams, Zoom, or Google Meeting.
WorkSpaces This is a secure desktop-as-a-service. This provisions streaming, cloud-based Microsoft Windows desktops. This is the equivalent to Remote Desktop Services (RDS, not to be confused with AWS) of Citrix Xenapp.
AppStream This is a secure streaming service that allows you to stream desktop applications from AWS to an HTML5 browser.
Connect This is a self-service contact center from AWS. It has a pay-as-you-go pricing model. You can build this contact center with a drag and drop GUI. This GUI can be used to create process flows that define customer interactions without coding.
Pinpoint This service sends email, SMS, and mobile push notifications for marketing campaigns or direct messages to customers. For example, if your application receives an order for your business this service would send a message to the customer as confirmation.
Simple Email Service (SES) This service sends to bulk of customers email, such as notifications about discounts on business' services.
Service Description
Marketplace This service is a place where vendors share their own enviornment build images and that you can use to build your application. Things like Wordpress with Linux builds are pre-fabricated for you.
Elastic Compute Cloud (EC2) Cloud Compute (2) => EC2. This service provides virtual servers upt to thousands of servers at a time. Pay-as-you-use.
Session Manager is a functionality within AWS Systems Manager that manages EC2 instances, onprem instances and VM's
EC2 Instance Connect - this service connects Linux instances using a browser-based client.
EC2 Instance Purchasing Options (Pricing Models)
  1. On-demand instances (Least commitment)- pay-by-the-second or by the hour. Good for spiky, unpredicted workloads. Lowest commitment good for MVPs and cannot be interrupted.
    • Pay-as-you-go (PAYG) model. Pay for what is used by hour or second. This is the default when launching an EC2 instance
    • per-second: Linux, Windows, Windows w/ SQL Enterprise, Windows w/ SQL Standard, and Windows with SQL Web instances
    • per-hour: all other EC2 instance types
    • Capacity Reservations - you can reserve capacity for your EC2 instances in a specific AZ for any length of time.
  2. Spot instances (Biggest savings - 90% savings)- request un-used EC2 instances. Your application should be able to handle interruptions since higher priority customers will pull away resources. Good for non-critical background jobs.
  3. Reserved instances (Best long-term - 75% off)- best for long-term savings, good for steady/predictable usage. Commit to a fixed price for 1 or 3 years. Unused reserved instances can be sold.
    • aka, RI
    • Reduced pricing = Term * Class Offering * RI Attributes * Payment option
    • Term: 1) Non-renewable, must set new terms, existing instances roll back to Pay-as-you-go (on-demand) and 2) The longer the term, the greater the savings
    • Class: the less flexible the EC2 class, the greater the savings: 1) Standard class offers up to 75% savings compared to on-demand and the RI attributes are modifiable. 2) Convertible class offers up to 54% savings compared to on-demand. RI's can be exchanged based on RI attributes if greater than or equal value.
    • Payment options: greater upfront payments the greater the savings. 1) All upfront 2) Partial upfront - portion upfront, the remaining hours are billed at discounted rate through the term 3) No upfront - billed discounted hourly rate for every hour in term even if RI is unused.
    • RI can be shared between multiple accounts in an AWS organization and they can be sold on the AWS Reserved Instance Marketplace.
    • RI Attributes or Instance Attributes are limited based on class offering and affect the final price.
      1. Instance type: m4.large which is composed of the instance family and instance size.
      2. Region: Region where the RI is purchased
      3. Tenancy: shared (default) or single-tenant (dedicated) hardware
      4. Platform: the OS, e.g. Windows or Linux
    • Standard vs Convertible RI
      • Standard RI Convertible RI
      Are RI attributes modifiable? Yes - change AZ within same region, scope of the zonal RI to Regional or vice versa,, instance size, network from EC2-CLassic to VPC and vice versa No
      Can the RI be exchanged? No Yes - During the term, it can be for one convertible RI to another with new RI attributes, e.g. instance family, type, platform, scope, tenancy
      Sold on the RI marketplace? Yes No
    • RI Marketplace - unused RIs can be sold after being active for 30 days.
    • Regional vs. Zonal RI
      RI Feature Regional Zonal
      Does it reserve capacity? No Yes, in the specified AZ
      Where are the RI discounts applied? To the instance usage in any AZ in the region To the instance in the selected AZ (no AZ flexibility)
      What instance types receive discounts respective to each scope? To the instance family, regardless of size and only applies to linux/unix RI with default tenancy. No instance size flexibility. Discounts applied to the specific instance type and size only.
      Can RI instances be queued? Yes No
      • Regional or Zonal is also called the scope of the RI. Scope isn't factored into the price.
      • Regional - purchase for a region. Capacity is not reserved.
      • Zonal - purchase for an AZ. Capacity is reserved in specificed AZ.
  4. Dedicated Hosts (Most expensive) - pay, by the hour, for instances that are fully dedicated to you. This hardware is single-tenant meaning that it is for you only. The hardware is not shared.
  5. Savings Plans- pay an agreed rate (USD per hour) for a term of 1 or 3 years. This is optimal if you know what your demand will be.
EC2 Autoscaling This service scales the number of servers based on set parameters and demand. It also does monitoring, tearing down, and spinning up of EC2 servers as-needed.
LightSail Provides compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud. It includes everything you need to launch your project quickly – virtual machines, containers, databases, CDN, load balancers, DNS management etc
Elastic Container Service (ECS) This is a container management service using Docker.
Lambda serverless service that runs code (think functions) in the AWS cloud. You either upload or write some code and it will run it for you. This is similar to Google Scripts.
Service Description
RDS This provides AWS-hosted relational databases, which you can pick to use MySQL, PostgreSQL, Microsoft SQL Server, Oracle, and/or Aurora. Aurora is AWS' own homegrown SQL database engine. It is also the most expensive option.
DynamoDB AWS's NoSQL database-as-a-service. It is a serverless service like Amazon S3, and as such, you don't need to worry about the underlying infrastructure behind it.
Redshift This is a fast, fully-managed, petabyte-scale data warehouse that is based upon the PostgreSQL database engine. This is meant for big data
ElastiCache This is an in-memory data store that is cached on the cloud. It allows you to quickly retrieve data that is often requested.
Neptune This is a graph database service. It has a purpose-built, high-performance graph database engine optimized for storing billions of relationships and traversing the graph in milliseconds.
Service Description
Cloud9 This is an integrated development environment. It deploys servers directly to AWS from an integrated dev environment. If you pursue the Associate Developer certification, then Cloud9 is used extensively.
Codestar This service develop and deploy applicatons to AWS. It manages the continuous integration and continuous delivery/deployment (CI/CD) pipeline. It comes with JIRA tracking
X-Ray This service analyzes and debugs applications. It monitors app performance and the services the app relies on.
CodeCommit This is AWS' git repository.
CodePipeline This is a CI/CD service. It builds, tests and deploys code changes as they happen. This automates and reduces chances of errors happening.
CodeBuild This service compiles source code, runs tests, produces software packages that can be deployed.
CodeDeploy This automates software deployments for compute services, like EC2 and Lambda. This service can be used for on-premises instances.
>
Services Description
Compute Outposts, Wavelength, Local Zones, Snow, ECS Anywhere, EKS Anywhere
Storage Storage Gateway, Backup, DataSync, Transfer for SFTP
Networking Direct Connect, Route53 Resolver
Management Directory Service, IAM, Systems Manager, OpsWorks, Code Deploy, CloudWatch, X-Ray
VMware VMWare Cloud on AWS, RDS on VMware
Service Description
Internet-of-Things (IoT) This is a cloud platform that lets embedded devices, such as microcontrollers and Raspberry Pi securely interact with cloud applications.
FreeROTS This is an operating system for microcontrollers, such as the PIC32 microchip. It allows for small, low-cost, low-power devices to connect to the AWS IoT.
GreenGrass This software allows you to run local AWS Lambda functions, messaging data caching sync, and ML apps on AWS IoT. It extends services to deivces so they can act locally.
GameLift This service deploys, manage, and scale dedicated game services.
Lumberyard This is a game development environment and cross-platform AAA game engine.
Service Description
CloudFormation This service uses text files to define infrastructure and these files are used to deploy resources on the AWS cloud. Version control tools can be used to manage the code.
CloudTrail This service monitors and logs AWS account activity for governance, compliance, operational and risk auditing purposes. Users', roles', and/or AWS services' are recorded as events. You can create trails to track any of these events. Note: This service monitors all of the API calls made from inside and outside of the cloud. It can be used to detect bad actors inside trying to damage the cloud infrastructure. It could automatically restrict their access.
The difference. CloudWatch monitors performance and CloudTrail monitors actions.
CloudWatch This service monitors deployed cloud resources and applications. This service can trigger scaling operations and provide insight about deployed resources.
Services Catalog This service is a catalog of resources that can be deployed to the cloud. It allows a company to govern and control compliance of its IT resources. It defines what is allowed to be deployed to the cloud which helps with compliance.
Systems Manager This service allows you to view operational data about multiple AWS services and automates tasks. This reduces detection time and resolves operational problems.
Config This service allows you to assess, audit, and evaluate the AWS resources' configurations. It uses includes auditing, security analysis, change management and control.
OpsWorks This service provides managed instances of Chef and Puppet (IT software automation). Both Chef and Puppet can be used to configure and automate the deployment of AWS resources.
Trusted Advisor This is service analyses an AWS account and resources then it advises you on how to optimize:
  • costs - advise you on deleting unused and idle resources, or use reserved capacity
  • performance - check on service quota, monitor overutilized EC2 instances, and provisioned throughput
  • security - like examining permissions, enabling AWS security features, or identify security gaps
  • fault tolerance - increase availability and redundancy, such as Auto Scaling, health checks, multiple AZ's, backups
  • service limits - check services that use more than 80 percent of a service quota. Check results based on a snapshot. There may be a 24 latency because of this snapshot.
Personal Health Dashboard - This service is free for all support tiers. It provides alerts and guidance for AWS events. Service Health DaShboard shows the general status of AWS services. PHI is more proactive. This allows you to quickly diagnose and resolve issues.
Service Description
DeepLens This is a deep learning enabled video camera (hardware). It has a SDK that is integrated AWS ML services.
SageMaker This service is used to build and train ML models and deploy them to the cloud. It can be used as a backend to your application.
Rekognition This service offers deep learning analysis of images and videos
Lex This service builds conversational chatbots. It is used for things like level 1 customer support.
Polly This service provides natural-sounding text-to-speech for your applications.
Comprehend This service analyses text for insights and relationships, like customer data or advanced searching of documents.
Translate This is service that provides machine learning for translating different languages.
Transcribe This is service that provides automatic speech recognition that analyses audio files stored on S3 and returns transcribed text.
Service Description
Elemental MediaConvert This is a file-based video transcoding service. It converts video formats.
MediaTailor This service prepares video content for delivery over the internet and prevents piracy through digital rights management.
MediaLive This service provides broadcast-grade live video processing. It creates video streams for delivery to TV's and internet devices.
MediaStore This is a AWS media-optimized storage service.
Kinesis Video Streams This service streams video from devices connected to the AWS clooud for analytics ML and other processing applications.
Service Description
Mobile Hub This service allows you to configure AWS for mobile applications. It generates a cloud configuration file which stores information the s used to run the application.
Device Farm This is a mobile application testing service for Android, iOS, and web application. It can be used to test for a range of physical devices in the cloud.
AppSync This is a GraphQL backend for mobile and web applications.
WaveLength This service allows your application to be stored on a local mobile ISP's data center. Enabling you to use the 5G network and reduce latency of your applications. The data center your application is stored at becomes a wavelength zone
Service Description
Application Discovery Service This service gathers information about an organizaton's on-prem data center to help plan a migration to AWS. The data is encrypted and stored on the Discovery Service's data store.
Database Migration Service This service orchestrates migrations of databases to AWS. It can migrate from one database type to another, too, like an Oracle db to Aurora.
Server Migration Service This automates the migration of thousands of on-prem workloads to the cloud. It reduces cost and minimizes downtime.
Snowball This is a portable, petabyte scale storage device used to migrate on-prem data to AWS.
Service Description
CloudFront This is a global content delivery network (CDN) that has over 100 endpoints all over the world. It also protects against DDOS attacks. This service caches your data or application at an endpoint closer to your users. It does so by caching static content at data centers closer to users. It also supports pre-recorded and live events at low-latency, so it's not just static content.
Virtual Private Cloud (VPC) This service provisions logically, isolated sections of the AWS cloud. AWS resources/services can be launched within the VPC. This is how the services stay secure because they're all encapsulated from the world wide web in these VPC's.
VPC Peering is a service that is used to connect two or more VPC's.
Direct Connect This is a dedicated, highspeed, fiber optic internet connection that enterprise businesses requiring stability and security can use. Data stays in AWS' cloud and never touches the public internet.
Elastic Load Balancing (ELB) This service automatically distributes network traffic (incoming HTTP/HTTPS requests) across EC2 compute instances and across multiple availability zones. This is highly available and increases fault tolerances by balancing network volume. This service is not to be confused with EC2 Autoscaler. ELB distributes network traffic (and checks for the health of the server it's sending traffic to). Autoscaler manages the servers by spinning them up or tearing them down.
Types of Load Balancers Description
Application Load Balancer Routes decisions at the application layer (HTTP/HTTPS) requests, supports path-based routing, and can route requests to multiple ports in cluster of a container instance.
Network Load Balancer Routes decisions at the transport layer (TCP/SSL). After a load balancer connects, it selects a target from the target group for the defrault rule using a flow hash routing algorithm. It establishes a TCP connection with the selected target port specified in the listener configuration. It forwards the requests with the headers being left intact.
Classic Load Balancer A Classic Load Balancer makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). Classic Load Balancers currently require a fixed relationship between the load balancer port and the container instance port.
Gateway Load balancer Gateway Load Balancers allow you to deploy, scale, and manage virtual appliances, such as firewalls, intrusion detection and prevention systems, and deep packet inspection systems. It combines a transparent network gateway (that is, a single entry and exit point for all traffic) and distributes traffic while scaling your virtual appliances with the demand. A Gateway Load Balancer operates at the third layer of the Open Systems Interconnection (OSI) model, the network layer.
Route53 This is a highly available, scalable Domain Name System (DNS) service. It routes network traffic to the AWS cloud
API Gateway This service creates and secures API's. It can handle thousands of concurrent API calls and is serverless. APIs act as the "front door" for applications to access data, business logic, or functionality from your backend services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. AWS website
Internet Gateway This component of the VPC allows resources to communicate with each other inside the VPC and the internet. It serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
Service Description
Artifact This service provides guidance on compliance and security documentation.
Certificate Manager This service issues Secure Socket Layer (SSL)'s for HTTPS websites. This is used as part of Route53.
Cloud Directory This is AWS' cloud-based directory service that offers hierarchies in multiple dimensions. Unlike LDAP-based directories that have a single hierarchy. Similar services are Microsoft Active Directory.
Directory Service This is a fully managed Microsoft Active Directory in the AWS Cloud.
Cloud HSM (hardware security module) This is a dedicated hardware security module in the AWS cloud. It is fully managed by AWS, so it reduces the costs instead of managing a HSM.
Cognito This service adds single-sign on (SSO) authentication to your application.
Identity and Access Management (IAM) This service manages user access to your AWS services/resources on your account. Users, roles, and groups have individual permissions.
Organizations This offers policy-based management for multiple AWS accounts. This service works for large organizations with multiple accounts that want to manage them centrally.
Inspector This is an automated security assessment service. It helps identify vulnerabilities within your AWS account.
Key Management Services (KMS) This service creates and controls encryption keys for your data. It uses the HSM's to secure your keys. It used with S3, Redshift, and EBS.
Shield This service protects a customer against distributed denial of service (DDoS) attacks. The standard version is automatically implemented on all AWS accounts.
Web Application Firewall (WAF) This service provides a firewall that sits in front of a customers application to protect it against SQL injections and cross-site scripting. Firewall rules can be configured across accounts and application in AWS Organizations. It allows for consistency since a single rule can be applied as new applicatons are created.
Service Description
Backup This service centralizes and automates data protection across the AWS services and hybrid workloads. A single policy can be applied across the services ensuring that your in compliance when new services are brought on and protects your data.
S3 This is a serverless storage service that is hosted on the cloud. S3 buckets store objects and objects are simply files. S3 is not storage alone, but it is a service that handles the movement of files around, deletions, and manages the files overall
S3 - Glacier This is where S3 objects are moved to for long-term storage. Its purpose is to archive content. This is not a great option if retrieval performance is required in an application. As a developer you can create life-cycle rules to move S3 objects to Glacier. This is the cheapest of the storage services.
Elastic Block Storage (EBS) This is a low-latency, highly available, block-type storage. It is purpose is to connect to EC2 compute servers.
More on block storage: Block storage, sometimes referred to as block-level storage, is a technology that is used to store data files on Storage Area Networks (SANs) or cloud-based storage environments. Developers favor block storage for computing situations where they require fast, efficient, and reliable data transportation. Block storage breaks up data into blocks and then stores those blocks as separate pieces, each with a unique identifier. The SAN places those blocks of data wherever it is most efficient. That means it can store those blocks across different systems and each block can be configured (or partitioned) to work with different operating systems. IBM Block Storage
Elastic File System (EFS) This is a network-attached storage (NAS). Meaning that multiple servers can connect to the same data source. NAS' are storage devices that can be access by multiple devices. There is usually some target drive like E:// or F://
Here's the difference between EBS (SAN) vs EFS (NAS). SAN's is a cloud of multiple storage devices where blocks of data stored. NAS' are a single storage device that can be access across a network.
Storage Gateway This is a hybrid storage environment. Meaning it is a mix between on-premise data centers and cloud data centers. This service systematically moves data from the "on-prem" data center to the cloud.
Snowball This is a petabytes, portable storage device used to physically migrate on-prem data to the cloud. A customer of AWS would download the data and then send it to AWS for upload to a desired AWS storage service
Note: This is not be confused with Snowmobile (exabyte). It is a vehicle can move larger amounts of data and provides AWS personnel. Snowball (petabyte) is a single hardware device.
Use Cases for AWS Description
Hybrid Storage Deployment Model
  • An on-prem data center that uses sends data to the cloud and stores it on S3 for durability and availability in case of disaster recovery.
  • This same on-prem data center goes down, then a Snowball device can be sent to move the data over to the final place, S3.
  • Storage Gateway, this service systematically moves data from on-prem to the cloud via the Direct Connect Service (AWS' high-speed internet)
Trusted Advisor This service requires a business, enterprise account to be able to use it. It is a service that provides advice on cost, performance, fault tolerance, and service limits across all of an accounts resources and regions. We can have specific Trusted Advisors setup for different parts of an AWS Organization. We just have to create the organizations and setup Trusted Advisors corresponding to it.

Last updated: 2022-01-30