AWS_CPE_Terms (1).docx
What is Cloud?
Cloud computing is the on-demand delivery of IT resources through a cloud services platform over the Internet with pay-as-you-go pricing
In short, it is quick access to flexible, low-cost IT resources
Cloud Service Models
Infrastructure as a Service (IaaS) delivers infrastructure and resources to its users
Platform as a Service (PaaS) delivers a software creation platform to its users
Software as a Service (SaaS) delivers applications over the Internet to its users
Cloud Deployment Models
Cloud deployment is a model in which resources are cloud-native or migrated to the cloud
Hybrid deployment is a model in which cloud resources and on-premises resources are used together
On-premises deployment is a model in which on-premises resources are used exclusively
Cloud Advantages
Variable cost structure
Economies of scale
Capacity handling
Speed and agility
Less infrastructure investment
Global reach
Global Infrastructure
A region is a geographic area that hosts two or more availability zones
Organizing level for AWS
An availability zone (AZ) is a physically isolated group of data centers
AZs connected in-region by a fast, low-latency network (makes synchronous replication of data possible)
Interfaces
The AWS Command Line Interface (CLI) is a unified tool to manage AWS
The AWS Management Console is a simple web interface for AWS
AWS Tools and Software Development Kits (SDKs) is a framework that integrates code with AWS
Analytics Services
Amazon Athena is an interactive query service
Analyze data in S3 using SQL
Amazon Kinesis is a stream processing service
Collect, process, and analyze streaming data and videos
Amazon Kinesis Data Firehose loads streams into data stores
Amazon Kinesis Data Analytics analyzes data streams
Amazon Kinesis Data Streams captures data streams
Amazon QuickSight is a BI service
Create and publish dashboards
AWS Glue is an ETL service
Catalog, clean, enrich, and move data between data stores
Automatic data discovery, data profiling, and code generation
AWS Glue Data Catalog stores metadata to make data searchable, query-able, and available for ETL
Amazon Elastic MapReduce (EMR) is a MapReduce service
Run and scale a managed Hadoop framework
MapReduce is a method to process vast sums of data in parallel
AWS CloudSearch is a search engine service
Search structured and unstructured data in applications
AWS Data Pipeline is an orchestration service
Schedule data movement and data processing activities
Amazon Elasticsearch Service is an Elasticsearch service
Search, analyze, and visualize log data
Elasticsearch is a search and analytics engine
Application Integration Services
Amazon Simple Queue Service (SQS) is a message queuing service
Send, store, and receive messages between pieces of software without losing messages or requiring other services to be available
AWS Step Functions is a component coordination service
Design and run workflows that stitch together services
Amazon Simple Notification Service (SNS) is a notification service
Pub/sub (publisher/subscriber), mobile push, and SMS
Coordinate and manage messages to subscribing endpoints
Business Application Services
Amazon Chime is a communication service
Meet, chat, and place business calls
Amazon WorkDocs is a content collaboration service
Create, edit, and share business content
Amazon WorkMail is an email and calendar service
Access business email, contacts, and calendars from client applications (e.g., Outlook)
Computing Services
Amazon Elastic Compute Cloud (EC2) is a computing service
Obtain and configure computing capacity
An instance is a virtual server
An instance type is a configuration of CPU, memory, storage, and networking capacity for an instance
Instance type options include general purpose, compute optimized, storage optimized, and memory optimized
A tag is metadata that can be assigned to an instance
A key pair is a public-private key combination for secure login
An instance store is a storage volume for temporary data when an instance is stopped or terminated, operation systems, no personal info should be stored here
An Elastic IP address is an IPv4 address that can be attached to an instance
An On-Demand Instance is an instance used on demand
Charged per hour/second
Short term
Unpredictable workloads
A Spot Instance is an unused instance reserved in advance for flexible workloads, (i.e., workload can handle interruptions)
Spare AWS capacity for up to 90% discount
Apps with flexible start and end times
Urgent computing needs for large amounts of capacity
A Reserved Instance (RI) is an instance reserved in advance for continuous workloads (standard, convertible, and scheduled)
Discount for 1-3 year commitments
Apps with steady state usage
A Scheduled Instance is an instance reserved in advance for scheduled, noncontinuous workloads
A Dedicated Instance is an instance that allows the use of software licenses from other vendors and is physically isolated at the hardware level
Dedicated host is a physical server dedicated to you
Apps with specific cloudce requirements
A security group is a set of firewall rules for inbound and outbound instance traffic
An Amazon Machine Imagine (AMI) is a template that contains the software configuration required to launch an instance
Can self-host a relational database instead of using RDS
Linux/Ubuntu instances bill by second, all others bill by hour rounded up (e.g., 4.5 hours of compute = 5 hours billed)
Amazon EC2 Auto Scaling is a scaling service
Scale EC2 in or out to handle application load
Scheduled scaling scales activity based on known traffic patterns
Dynamic scaling scales activity based on current traffic patterns
Predictive scaling scales activity based on predicted traffic patterns
An Auto Scaling Group is a logical grouping of instances for a desired level of capacity
A launch configuration is a configuration template used to launch an instance
AWS Lambda is a serverless computing service, without managing servers you can run code
Write event-driven code without overhead considerations
Supports many programming languages
A Lambda function is the uploaded code
Amazon Lightsail is a private computing service
Preconfigured bundles of compute, storage, and networking capacity for a low, predictable price
Ideal for developers, students, and inexperienced cloud users
AWS Batch is a batch computing service
Plan, schedule, and run batch workloads
AWS Elastic Beanstalk is a web application service
Deploy, monitor, and scale applications quickly and easily
Emphasis on writing code, so many application stacks and programming languages are supported
Container Services
Amazon Elastic Container Service (ECS) is a container management service
Run containerized applications
A container is a standard unit of software that packages code with its dependencies
Amazon Elastic Container Registry (ECR) is a container registry service
Store, manage, and deploy container images (e.g., Docker)
Docker is a containerization platform
Amazon Elastic Kubernetes Service (EKS) is a Kubernetes service
Deploy, scale, and manage containerized applications
Kubernetes (K8s) is a container orchestration service
AWS Fargate is a serverless compute service for containers
Build applications and deploy them with ECS or EKS
Cost Management Services
AWS Budgets is a budgeting service
Get alerts when cost or usage budgets are exceeded
AWS Cost & Usage Reports is a cost and usage reporting service
Access granular reports on cost and usage
AWS Cost Explorer is a cost exploration service
Visualize, understand, and manage cost and usage over time
Forecast costs based on past usage
Savings Plans is a flexible pricing model on compute usage
The Total Cost of Ownership (TCO) Calculator allows customers to evaluate the savings from using AWS products and services
Match your current infrastructure to the most cost-effective AWS offering
Considers indirect cost of datacenter operations, such as cooling and power consumption, physical space, real estate, labor, and IT costs
The AWS Pricing Calculator estimates the cost of AWS products and services
Model solutions and explore price points
Also known as the AWS Simple Monthly Calculator
Customer Engagement Services
Amazon Simple Email Service (SES) is an email messaging service
Amazon Connect is a contact center service
Database Services
Amazon Aurora is a relational database engine service
Akin to a custom fork of RDS with an optimized storage layer
Supports MySQL and PostgreSQL
Open source simplicity with commercial grade performance
Amazon Aurora Serverless is an on-demand, auto-scaling configuration of Amazon Aurora
Amazon DynamoDB is a non-relational database service
Supports key-value and document data models
Ideal for high-performance, Internet-scale applications
Global Tables are tables replicated across desired regions for globally distributed applications
DynamoDB Accelerator (DAX) is an in-memory cache that reduces response time to microseconds
Point-in-time recovery (PITR) provides continuous backups of tables and protects data against accidental changes
Amazon ElastiCache is an in-memory caching service
Retrieve information quickly from in-memory data stores
Querying a database is always slower and more expensive than locating a copy of that data in a cache
Supports Redis and Memcached
Amazon Neptune is a graph database service
Amazon Redshift is a data warehouse service
Query structured data using familiar SQL clients and BI tools
A data warehouse is a repository of organized, processed data from many sources
Amazon Relational Database Service (RDS) is a relational database service
A DB instance is a database environment with specified compute and storage resources
DB instance type options are general purpose, memory optimized, and burstable performance
Supports MySQL, PostgreSQL, MariaDB, SQL Server, Oracle, and Aurora
Developer Services
AWS CodeCommit is source control service
Version code in secure repositories
AWS CodeBuild is a continuous integration service
Automate build and test processes
Continuous integration (CI) is a software development practice where developers regularly merge their code changes into a central repository
AWS CodeDeploy is a continuous deployment service
Automate the release process
Continuous deployment (CD) is a software development practice where code changes are automatically prepared for a release to production
AWS CodePipeline is a CI/CD service
Automate build, test, and release processes
Combination of CodeCommit, CodeBuild, and CodeDeploy
AWS X-Ray is a distributed tracing service
Debug and monitor distributed applications
Distributed tracing is a diagnostic technique for understanding how a set of services coordinate to handle user requests
A distributed application is software that is executed or run on multiple computers within a network
End User Computing Services
Amazon AppStream 2.0 is an application streaming service
Deliver desktop applications to any computer
Amazon WorkSpaces is a desktop delivery service
Provision virtual desktops
Machine Learning Services
Amazon Lex is a conversational interface service
Build voice and text chatbots
Amazon Polly is a speech-enablement service
Turn text into lifelike speech
Amazon Rekognition is an image and video recognition service
Identify objects and perform visual analysis
Amazon SageMaker is a ML service
Build, train, and deploy ML models
Management & Governance Services
AWS Config is a configuration monitoring service
Simplify compliance auditing, security analysis, change management, and operational troubleshooting
AWS Service Catalog is a catalog management service
Create and use standardized products
Amazon CloudWatch is a resource monitoring service
Collect data across resources in the form of logs, metrics, and events, and visualize it with dashboards
Alarms and automated actions trigger on predefined thresholds or anomalous behavior in metrics
Use cases include application monitoring, log analytics, infrastructure monitoring, and resource optimization
AWS CloudFormation is a resource modeling service
allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
Provision resources as code in templates
A stack is a collection of resources managed as a single unit
AWS Organizations is a management and governance service
Control billing, account resources, and security and compliance
Consolidated billing aggregates billing, payment, and usage for multiple accounts which allows the sharing of volume discounts, Savings Plans, and RI discounts
AWS CloudTrail is an activity logging service
Track user and account activity
Event history allows for simpler auditing and troubleshooting
AWS Trusted Advisor is a resource optimization service
Provision resources following AWS best practices
Performance, security, fault tolerance, service limits, and cost recommendations
AWS Systems Manager is a systems management service
Gain operational insights and take action on resources
A resource group is a collection of resources that can be managed as a single unit (i.e., tagging or CloudFormation stack)
AWS Managed Services is a resource implementation service
Get experts to operate and manage enterprise resources
AWS Personal Health Dashboard is a remediation guidance tool
Get personalized views of health, proactive notifications, and detailed troubleshooting information
AWS OpsWorks is a configuration management service
Supports Chef and Puppet
Use code to automate server configuration
Media Services
Amazon Elastic Transcoder is a media transcoding service
Convert audio and video files into formats for supported devices
Migration & Transfer Services
AWS Database Migration Service (DMS) is a database migration service
AWS Server Migration Service (SMS) is a server migration service
AWS Snowmobile is an exabyte-scale data migration service
Move massive amounts of data physically via shipping container
AWS Snowball is a petabyte-scale data transfer service
Move data with physical storage appliances
AWS Snowball Edge is a data transfer service for edge computing
Move data with physical storage appliances and support local workloads in remote or offline environments
Edge computing is computing done at or near the data source
Good when data generation is decentralized, data volumes are significant, and network connectivity is intermittent
AWS Application Discovery Service (ADS) is an application discovery service
Discover on-premises resources, group into applications, and plan migrations
AWS Migration Hub is an application migration service
Track all resources in migrations from a single location
Mobile Services
AWS Device Farm is an application testing service
Test applications across browsers and devices
Amazon Pinpoint is a user engagement service
Communicate with end users and measure engagement across channels (e.g., A/B testing, campaign management, etc.)
Networking & Content Delivery Services
Amazon Route 53 is a DNS service
Route end users to applications, purchase domain names, and monitor endpoint health
A domain name system (DNS) connects URLs with IP addresses
Amazon Global Accelerator is a global networking service
Improve application availability and performance and route users to optimal endpoints
AWS VPN is a VPN service
Set up secure connections to VPC or on-premises networks
Amazon CloudFront is a CDN service
Deliver content across massively scaled and globally available network
Deliver content quickly and securely to end users
Use cases include static asset caching, live and on-demand video streaming, customizable content delivery, security, software distribution, and dynamic content and API acceleration
A content delivery network (CDN) is a distributed network of servers and data centers
An edge location is a localized cache that lives close to end users
Lambda@Edge is a feature that allows code to run closer to end users (i.e., in response to CDN events)
Amazon Virtual Private Cloud (VPC) is a private networking service
My personal space within the aws cloud can put single or multiple AZ , within those AZ carve out subnets: collection of available space within VPC , subnet where create instances ( subnets can be public or private)
Provision a logically isolated section of the cloud to launch and manage resources
A subnet is a subset of a VPC network which can house isolated resources
An Internet gateway is the VPC side of an Internet connection
A network access control list (NACL) is a layer of security for VPC that acts as a firewall for inbound and outbound subnet traffic
AWS Direct Connect is a network connection service
Establish a direct network connection on-premises to AWS
Amazon API Gateway is an API service
Create, maintain, and secure APIs
Elastic Load Balancing (ELB) is a traffic distribution service
The Load Balancer serves as the point of contact for client requests, routing traffic across multiple targets
The Listener forwards requests to targets with the appropriate protocol and port configurations
The Network Load Balancer routes traffic for applications with performance requirements or volatile traffic patterns
The Application Load Balancer routes traffic for modern application architectures
The Classic Load Balancer routes traffic for legacy options (i.e., EC2 instances launched prior to VPC)
Security, Identity & Compliance Services
Amazon Inspector is a security assessment service
Analyzes applications for exposure, vulnerabilities, and deviation from best practices
Amazon Cognito is an application identity management service
Add user sign-up, sign-in, and access control to applications
AWS Artifact is a compliance reporting service
Access compliance reports, accreditations, and agreements (e.g., ISO certifications, NDAs, etc.)
AWS Shield is a DDoS protection service
Protect resources against web traffic overflows
A distributed denial of service (DDoS) is a malicious attempt to crash an application, service, or network with excessive traffic
AWS Firewall Manager is a firewall management service
Simplify WAF administration and security rules across resources
AWS Key Management Service is a key management service
Create and control keys to encrypt or digitally sign data
Amazon Cloud Directory is a directory service
Organize and manage application resources and relationships between them
AWS Secrets Manager is a secret management service
Rotate, manage, and retrieve database credentials and API keys
AWS Certificate Manager is a certificate management service
Provision, manage, and deploy digital certificates (i.e., SSL/TLS)
A digital certificate creates a secure link between a web browser and a web server
AWS CloudHSM is an HSM service
Generate and use encryption keys
A hardware security module (HSM) provides secure key storage and cryptography on a tamper-resistant hardware device
AWS Web Application Firewall (WAF) is a firewall security service
Create security rules to block common attack patterns and exploits (e.g., SQL injection)
AWS Identity and Access Management (IAM) is a resource access service
Control resource authentication and authorization
A user is an operator with permanent credentials
A group is a collection of users
A role is an operator with temporary credentials
A policy document is attached to a user, group, or role and defines permissions via JSON
Multi-factor authentication (MFA) is a best practice that adds another layer of security to a username and password
Least privilege is a best practice in which users are granted only the permissions necessary to do particular tasks
An access key is a long-term credential that allows for programmatic access to the AWS CLI or AWS API
Security bulletins notify customers of security and privacy events
Penetration testing is the practice of testing a network or web application for security vulnerabilities
Allowed by the client on eight select services without permission (e.g., Elastic Beanstalk)
Storage Services
Amazon Simple Storage Service (S3) is an object storage service
Unlimited storage (buckets)
Single object limited to 5 TB
Common Scenarios: backup and store, application hosting, media hosting, software delivering
Retrieve any amount of data from anywhere via Internet
Foundational for serverless computing, user-driven content, backup and recovery, and data lakes
A data lake is a repository of raw, unstructured data
Object storage stores data in distinct units consisting of the data itself, associated metadata, and a unique identifier
A bucket is a container for objects
Transfer acceleration enables fast and secure bucket transfers using CloudFront edge locations
Cross-region replication enables the copying of objects across buckets in different regions
S3 Standard is a storage class for frequently accessed data, replicated over all AZ if 3+ AZ
S3 Intelligent-Tiering is a storage class for data with changing or unknown access patterns
S3 Reduced Redundancy is a storage class for frequently accessed, non-critical data
S3 Standard-IA/One Zone-IA is for long-lived, infrequently accessed data
Amazon Elastic Block Store (EBS) is a block storage service
If building database applications use EBS and high throughput volumes , faster than s3
Mount a storage volume (i.e., hard disk) to an instance
Foundational for mission-critical systems, such as databases, enterprise applications, and operating systems
Encryption occurs on both data-at-rest and data-in-transit
Block storage stores data as fixed-size units, each with a unique address
A snapshot is an incremental backup
EBS Provisioned IOPS is an SSD volume type for latency-sensitive transactional workloads
EBS General Purpose is an SSD volume type for a wide range of transactional workloads
EBS Throughput Optimized is an HDD volume type for frequently accessed, throughput-intensive workloads
EBS Cold is an HDD volume type for less frequently accessed workloads
Persistent block storage for instances (EC2)
Protected through replication
Different Drive Types : SSD (faster, perform better) and HDD (physical media)
Scale up or down in minutes
Pay for only what provision still pay for storage in EBS
Snapshot functionality
Encryption available
Amazon Elastic File System (EFS) is a file storage service
Set up a Linux file system
Amazon S3 Glacier is a data archiving and long-term backup service
Store infrequently accessed data inexpensively
Expedited Retrieval returns data in a 1-5 minutes
Standard Retrieval returns data in 3-5 hours
Bulk Retrieval returns data in 5-12 hours
AWS Storage Gateway is a hybrid storage service
Get on-premises access to virtually unlimited cloud storage
Shared Responsibility Model
The Shared Responsibility Model states that security and compliance are shared responsibilities between AWS and the customer
Security in the cloud is the responsibility of the customer
Security of the cloud is the responsibility of AWS
Shared Controls apply to the infrastructure layer and customer layer (e.g., awareness and training)
Inherited Controls include physical and environmental controls
Customer Specific Controls include service and communication protection and zone security
Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations.
Pricing
Storage is paid at the GB level
Inbound data transfer is free
Outbound data transfer is paid at the GB level
Compute is paid by the minute or hour
In general, pay only when you use, pay less when you reserve, and pay less as you use more
Well-Architected Framework
Operational excellence
Perform operations as code
Annotate documentation
Make frequent, small, reversible changes
Refine procedures frequently
Anticipate failure
Learn from operational failures
Security
Implement a strong identity foundation
Enable traceability
Apply security at all layers
Automate security best practices
Protect data in transit and at rest
Prepare for security events
Reliability
Test recovery procedures
Automatically recover from failure
Scale horizontally to reduce single points of failure
Stop estimating capacity
Manage change in automation
Performance efficiency
Consumed advanced technologies as services
Go global in minutes
Use serverless architectures
Experiment more often
Align the approach to the desired results
Cost optimization
Adopt a consumption model
Measure overall efficiency
Eliminate datacenter spend
Analyze and attribute expenditures
Use managed and application level services
Support Plans
The Basic plan is free and offers support for account and billing questions, service quota increases, documentation, and forums
The Developer plan offers additional features, such as best practice guidance, basic architecture support, and AWS IAM
The Business plan offers additional features, such as use-case guidance, AWS Trusted Advisor, the AWS Support API, and third-party software support
The AWS Support API is an interface for programmatic case management
The Enterprise plan offers additional features, such as a technical account manager, infrastructure event management, in-depth architectural and operational guidance with SMEs, the AWS Abuse Team, and the AWS Support Concierge Team
A technical account manager (TAM) is a technical point of contact with AWS expertise
Infrastructure event management (IEM) provides strategic planning assistance before major events (e.g., launches)
a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers.
The AWS Abuse Team provides assistance when AWS resources are compromised by abusive or illegal means
The AWS Support Concierge Team provides assistance with account and billing subjects
Miscellaneous Services
AWS Marketplace is a digital catalog service
Find, test, buy, and deploy AWS-compatible software
AWS Quick Starts is an accelerated deployment service
Get automated, gold-standard enterprise solutions
A reference deployment includes an architectural outline, CloudFormation templates, and an implementation guide
AWS Partner Network (APN)
APN Consulting Partners are professional services firms that help customers design, build, and manage their workloads on AWS
APN Technology Partners provide hardware, connectivity services, or software solutions that or hosted on or integrated with AWS
Extra
Patching—updates to operating system to fix bug or security issue (client responsibility) (operating system level) except if a managed service
Hypervisor – allows multiple virtual instance to run on physical server through code.
Customer Inherit from AWS – Physical and Environment Controls
EC2 pricing:
EC2 instance pricing varies depending on many variables:
- The buying option (On-demand, Reserved, Spot, Dedicated)
- Selected AMI
- Selected instance type
- Region
- Data Transfer in/out
- Storage capacity.
The 5 Pillars of the AWS Well-Architected Framework:
1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.
Tips
Read the Questions thoroughly
Try eliminate 2 answers then look to see if clues
WizLab
Practice Practice Practice
Practice exams – 80-100% every time
AWS Organizations has five main benefits:
Centrally manage access polices across multiple AWS accounts.
Automate AWS account creation and management.
Control access to AWS services.
Consolidate billing across multiple AWS accounts.
Configure AWS services across multiple accounts.
To estimate the costs of Amazon EBS consider the following:
1- Volume type.
2- Input/output operations per second(IOPS).
3- Snapshots.
4- Data Transfer.
To estimate the costs of an Amazon CloudFront distribution consider the following:
- Data Transfer Out.
- Traffic distribution.
- Number of requests.
What is Cloud?
Cloud computing is the on-demand delivery of IT resources through a cloud services platform over the Internet with pay-as-you-go pricing
In short, it is quick access to flexible, low-cost IT resources
Cloud Service Models
Infrastructure as a Service (IaaS) delivers infrastructure and resources to its users
Platform as a Service (PaaS) delivers a software creation platform to its users
Software as a Service (SaaS) delivers applications over the Internet to its users
Cloud Deployment Models
Cloud deployment is a model in which resources are cloud-native or migrated to the cloud
Hybrid deployment is a model in which cloud resources and on-premises resources are used together
On-premises deployment is a model in which on-premises resources are used exclusively
Cloud Advantages
Variable cost structure
Economies of scale
Capacity handling
Speed and agility
Less infrastructure investment
Global reach
Global Infrastructure
A region is a geographic area that hosts two or more availability zones
Organizing level for AWS
An availability zone (AZ) is a physically isolated group of data centers
AZs connected in-region by a fast, low-latency network (makes synchronous replication of data possible)
Interfaces
The AWS Command Line Interface (CLI) is a unified tool to manage AWS
The AWS Management Console is a simple web interface for AWS
AWS Tools and Software Development Kits (SDKs) is a framework that integrates code with AWS
Analytics Services
Amazon Athena is an interactive query service
Analyze data in S3 using SQL
Amazon Kinesis is a stream processing service
Collect, process, and analyze streaming data and videos
Amazon Kinesis Data Firehose loads streams into data stores
Amazon Kinesis Data Analytics analyzes data streams
Amazon Kinesis Data Streams captures data streams
Amazon QuickSight is a BI service
Create and publish dashboards
AWS Glue is an ETL service
Catalog, clean, enrich, and move data between data stores
Automatic data discovery, data profiling, and code generation
AWS Glue Data Catalog stores metadata to make data searchable, query-able, and available for ETL
Amazon Elastic MapReduce (EMR) is a MapReduce service
Run and scale a managed Hadoop framework
MapReduce is a method to process vast sums of data in parallel
AWS CloudSearch is a search engine service
Search structured and unstructured data in applications
AWS Data Pipeline is an orchestration service
Schedule data movement and data processing activities
Amazon Elasticsearch Service is an Elasticsearch service
Search, analyze, and visualize log data
Elasticsearch is a search and analytics engine
Application Integration Services
Amazon Simple Queue Service (SQS) is a message queuing service
Send, store, and receive messages between pieces of software without losing messages or requiring other services to be available
AWS Step Functions is a component coordination service
Design and run workflows that stitch together services
Amazon Simple Notification Service (SNS) is a notification service
Pub/sub (publisher/subscriber), mobile push, and SMS
Coordinate and manage messages to subscribing endpoints
Business Application Services
Amazon Chime is a communication service
Meet, chat, and place business calls
Amazon WorkDocs is a content collaboration service
Create, edit, and share business content
Amazon WorkMail is an email and calendar service
Access business email, contacts, and calendars from client applications (e.g., Outlook)
Computing Services
Amazon Elastic Compute Cloud (EC2) is a computing service
Obtain and configure computing capacity
An instance is a virtual server
An instance type is a configuration of CPU, memory, storage, and networking capacity for an instance
Instance type options include general purpose, compute optimized, storage optimized, and memory optimized
A tag is metadata that can be assigned to an instance
A key pair is a public-private key combination for secure login
An instance store is a storage volume for temporary data when an instance is stopped or terminated, operation systems, no personal info should be stored here
An Elastic IP address is an IPv4 address that can be attached to an instance
An On-Demand Instance is an instance used on demand
Charged per hour/second
Short term
Unpredictable workloads
A Spot Instance is an unused instance reserved in advance for flexible workloads, (i.e., workload can handle interruptions)
Spare AWS capacity for up to 90% discount
Apps with flexible start and end times
Urgent computing needs for large amounts of capacity
A Reserved Instance (RI) is an instance reserved in advance for continuous workloads (standard, convertible, and scheduled)
Discount for 1-3 year commitments
Apps with steady state usage
A Scheduled Instance is an instance reserved in advance for scheduled, noncontinuous workloads
A Dedicated Instance is an instance that allows the use of software licenses from other vendors and is physically isolated at the hardware level
Dedicated host is a physical server dedicated to you
Apps with specific cloudce requirements
A security group is a set of firewall rules for inbound and outbound instance traffic
An Amazon Machine Imagine (AMI) is a template that contains the software configuration required to launch an instance
Can self-host a relational database instead of using RDS
Linux/Ubuntu instances bill by second, all others bill by hour rounded up (e.g., 4.5 hours of compute = 5 hours billed)
Amazon EC2 Auto Scaling is a scaling service
Scale EC2 in or out to handle application load
Scheduled scaling scales activity based on known traffic patterns
Dynamic scaling scales activity based on current traffic patterns
Predictive scaling scales activity based on predicted traffic patterns
An Auto Scaling Group is a logical grouping of instances for a desired level of capacity
A launch configuration is a configuration template used to launch an instance
AWS Lambda is a serverless computing service, without managing servers you can run code
Write event-driven code without overhead considerations
Supports many programming languages
A Lambda function is the uploaded code
Amazon Lightsail is a private computing service
Preconfigured bundles of compute, storage, and networking capacity for a low, predictable price
Ideal for developers, students, and inexperienced cloud users
AWS Batch is a batch computing service
Plan, schedule, and run batch workloads
AWS Elastic Beanstalk is a web application service
Deploy, monitor, and scale applications quickly and easily
Emphasis on writing code, so many application stacks and programming languages are supported
Container Services
Amazon Elastic Container Service (ECS) is a container management service
Run containerized applications
A container is a standard unit of software that packages code with its dependencies
Amazon Elastic Container Registry (ECR) is a container registry service
Store, manage, and deploy container images (e.g., Docker)
Docker is a containerization platform
Amazon Elastic Kubernetes Service (EKS) is a Kubernetes service
Deploy, scale, and manage containerized applications
Kubernetes (K8s) is a container orchestration service
AWS Fargate is a serverless compute service for containers
Build applications and deploy them with ECS or EKS
Cost Management Services
AWS Budgets is a budgeting service
Get alerts when cost or usage budgets are exceeded
AWS Cost & Usage Reports is a cost and usage reporting service
Access granular reports on cost and usage
AWS Cost Explorer is a cost exploration service
Visualize, understand, and manage cost and usage over time
Forecast costs based on past usage
Savings Plans is a flexible pricing model on compute usage
The Total Cost of Ownership (TCO) Calculator allows customers to evaluate the savings from using AWS products and services
Match your current infrastructure to the most cost-effective AWS offering
Considers indirect cost of datacenter operations, such as cooling and power consumption, physical space, real estate, labor, and IT costs
The AWS Pricing Calculator estimates the cost of AWS products and services
Model solutions and explore price points
Also known as the AWS Simple Monthly Calculator
Customer Engagement Services
Amazon Simple Email Service (SES) is an email messaging service
Amazon Connect is a contact center service
Database Services
Amazon Aurora is a relational database engine service
Akin to a custom fork of RDS with an optimized storage layer
Supports MySQL and PostgreSQL
Open source simplicity with commercial grade performance
Amazon Aurora Serverless is an on-demand, auto-scaling configuration of Amazon Aurora
Amazon DynamoDB is a non-relational database service
Supports key-value and document data models
Ideal for high-performance, Internet-scale applications
Global Tables are tables replicated across desired regions for globally distributed applications
DynamoDB Accelerator (DAX) is an in-memory cache that reduces response time to microseconds
Point-in-time recovery (PITR) provides continuous backups of tables and protects data against accidental changes
Amazon ElastiCache is an in-memory caching service
Retrieve information quickly from in-memory data stores
Querying a database is always slower and more expensive than locating a copy of that data in a cache
Supports Redis and Memcached
Amazon Neptune is a graph database service
Amazon Redshift is a data warehouse service
Query structured data using familiar SQL clients and BI tools
A data warehouse is a repository of organized, processed data from many sources
Amazon Relational Database Service (RDS) is a relational database service
A DB instance is a database environment with specified compute and storage resources
DB instance type options are general purpose, memory optimized, and burstable performance
Supports MySQL, PostgreSQL, MariaDB, SQL Server, Oracle, and Aurora
Developer Services
AWS CodeCommit is source control service
Version code in secure repositories
AWS CodeBuild is a continuous integration service
Automate build and test processes
Continuous integration (CI) is a software development practice where developers regularly merge their code changes into a central repository
AWS CodeDeploy is a continuous deployment service
Automate the release process
Continuous deployment (CD) is a software development practice where code changes are automatically prepared for a release to production
AWS CodePipeline is a CI/CD service
Automate build, test, and release processes
Combination of CodeCommit, CodeBuild, and CodeDeploy
AWS X-Ray is a distributed tracing service
Debug and monitor distributed applications
Distributed tracing is a diagnostic technique for understanding how a set of services coordinate to handle user requests
A distributed application is software that is executed or run on multiple computers within a network
End User Computing Services
Amazon AppStream 2.0 is an application streaming service
Deliver desktop applications to any computer
Amazon WorkSpaces is a desktop delivery service
Provision virtual desktops
Machine Learning Services
Amazon Lex is a conversational interface service
Build voice and text chatbots
Amazon Polly is a speech-enablement service
Turn text into lifelike speech
Amazon Rekognition is an image and video recognition service
Identify objects and perform visual analysis
Amazon SageMaker is a ML service
Build, train, and deploy ML models
Management & Governance Services
AWS Config is a configuration monitoring service
Simplify compliance auditing, security analysis, change management, and operational troubleshooting
AWS Service Catalog is a catalog management service
Create and use standardized products
Amazon CloudWatch is a resource monitoring service
Collect data across resources in the form of logs, metrics, and events, and visualize it with dashboards
Alarms and automated actions trigger on predefined thresholds or anomalous behavior in metrics
Use cases include application monitoring, log analytics, infrastructure monitoring, and resource optimization
AWS CloudFormation is a resource modeling service
allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.
Provision resources as code in templates
A stack is a collection of resources managed as a single unit
AWS Organizations is a management and governance service
Control billing, account resources, and security and compliance
Consolidated billing aggregates billing, payment, and usage for multiple accounts which allows the sharing of volume discounts, Savings Plans, and RI discounts
AWS CloudTrail is an activity logging service
Track user and account activity
Event history allows for simpler auditing and troubleshooting
AWS Trusted Advisor is a resource optimization service
Provision resources following AWS best practices
Performance, security, fault tolerance, service limits, and cost recommendations
AWS Systems Manager is a systems management service
Gain operational insights and take action on resources
A resource group is a collection of resources that can be managed as a single unit (i.e., tagging or CloudFormation stack)
AWS Managed Services is a resource implementation service
Get experts to operate and manage enterprise resources
AWS Personal Health Dashboard is a remediation guidance tool
Get personalized views of health, proactive notifications, and detailed troubleshooting information
AWS OpsWorks is a configuration management service
Supports Chef and Puppet
Use code to automate server configuration
Media Services
Amazon Elastic Transcoder is a media transcoding service
Convert audio and video files into formats for supported devices
Migration & Transfer Services
AWS Database Migration Service (DMS) is a database migration service
AWS Server Migration Service (SMS) is a server migration service
AWS Snowmobile is an exabyte-scale data migration service
Move massive amounts of data physically via shipping container
AWS Snowball is a petabyte-scale data transfer service
Move data with physical storage appliances
AWS Snowball Edge is a data transfer service for edge computing
Move data with physical storage appliances and support local workloads in remote or offline environments
Edge computing is computing done at or near the data source
Good when data generation is decentralized, data volumes are significant, and network connectivity is intermittent
AWS Application Discovery Service (ADS) is an application discovery service
Discover on-premises resources, group into applications, and plan migrations
AWS Migration Hub is an application migration service
Track all resources in migrations from a single location
Mobile Services
AWS Device Farm is an application testing service
Test applications across browsers and devices
Amazon Pinpoint is a user engagement service
Communicate with end users and measure engagement across channels (e.g., A/B testing, campaign management, etc.)
Networking & Content Delivery Services
Amazon Route 53 is a DNS service
Route end users to applications, purchase domain names, and monitor endpoint health
A domain name system (DNS) connects URLs with IP addresses
Amazon Global Accelerator is a global networking service
Improve application availability and performance and route users to optimal endpoints
AWS VPN is a VPN service
Set up secure connections to VPC or on-premises networks
Amazon CloudFront is a CDN service
Deliver content across massively scaled and globally available network
Deliver content quickly and securely to end users
Use cases include static asset caching, live and on-demand video streaming, customizable content delivery, security, software distribution, and dynamic content and API acceleration
A content delivery network (CDN) is a distributed network of servers and data centers
An edge location is a localized cache that lives close to end users
Lambda@Edge is a feature that allows code to run closer to end users (i.e., in response to CDN events)
Amazon Virtual Private Cloud (VPC) is a private networking service
My personal space within the aws cloud can put single or multiple AZ , within those AZ carve out subnets: collection of available space within VPC , subnet where create instances ( subnets can be public or private)
Provision a logically isolated section of the cloud to launch and manage resources
A subnet is a subset of a VPC network which can house isolated resources
An Internet gateway is the VPC side of an Internet connection
A network access control list (NACL) is a layer of security for VPC that acts as a firewall for inbound and outbound subnet traffic
AWS Direct Connect is a network connection service
Establish a direct network connection on-premises to AWS
Amazon API Gateway is an API service
Create, maintain, and secure APIs
Elastic Load Balancing (ELB) is a traffic distribution service
The Load Balancer serves as the point of contact for client requests, routing traffic across multiple targets
The Listener forwards requests to targets with the appropriate protocol and port configurations
The Network Load Balancer routes traffic for applications with performance requirements or volatile traffic patterns
The Application Load Balancer routes traffic for modern application architectures
The Classic Load Balancer routes traffic for legacy options (i.e., EC2 instances launched prior to VPC)
Security, Identity & Compliance Services
Amazon Inspector is a security assessment service
Analyzes applications for exposure, vulnerabilities, and deviation from best practices
Amazon Cognito is an application identity management service
Add user sign-up, sign-in, and access control to applications
AWS Artifact is a compliance reporting service
Access compliance reports, accreditations, and agreements (e.g., ISO certifications, NDAs, etc.)
AWS Shield is a DDoS protection service
Protect resources against web traffic overflows
A distributed denial of service (DDoS) is a malicious attempt to crash an application, service, or network with excessive traffic
AWS Firewall Manager is a firewall management service
Simplify WAF administration and security rules across resources
AWS Key Management Service is a key management service
Create and control keys to encrypt or digitally sign data
Amazon Cloud Directory is a directory service
Organize and manage application resources and relationships between them
AWS Secrets Manager is a secret management service
Rotate, manage, and retrieve database credentials and API keys
AWS Certificate Manager is a certificate management service
Provision, manage, and deploy digital certificates (i.e., SSL/TLS)
A digital certificate creates a secure link between a web browser and a web server
AWS CloudHSM is an HSM service
Generate and use encryption keys
A hardware security module (HSM) provides secure key storage and cryptography on a tamper-resistant hardware device
AWS Web Application Firewall (WAF) is a firewall security service
Create security rules to block common attack patterns and exploits (e.g., SQL injection)
AWS Identity and Access Management (IAM) is a resource access service
Control resource authentication and authorization
A user is an operator with permanent credentials
A group is a collection of users
A role is an operator with temporary credentials
A policy document is attached to a user, group, or role and defines permissions via JSON
Multi-factor authentication (MFA) is a best practice that adds another layer of security to a username and password
Least privilege is a best practice in which users are granted only the permissions necessary to do particular tasks
An access key is a long-term credential that allows for programmatic access to the AWS CLI or AWS API
Security bulletins notify customers of security and privacy events
Penetration testing is the practice of testing a network or web application for security vulnerabilities
Allowed by the client on eight select services without permission (e.g., Elastic Beanstalk)
Storage Services
Amazon Simple Storage Service (S3) is an object storage service
Unlimited storage (buckets)
Single object limited to 5 TB
Common Scenarios: backup and store, application hosting, media hosting, software delivering
Retrieve any amount of data from anywhere via Internet
Foundational for serverless computing, user-driven content, backup and recovery, and data lakes
A data lake is a repository of raw, unstructured data
Object storage stores data in distinct units consisting of the data itself, associated metadata, and a unique identifier
A bucket is a container for objects
Transfer acceleration enables fast and secure bucket transfers using CloudFront edge locations
Cross-region replication enables the copying of objects across buckets in different regions
S3 Standard is a storage class for frequently accessed data, replicated over all AZ if 3+ AZ
S3 Intelligent-Tiering is a storage class for data with changing or unknown access patterns
S3 Reduced Redundancy is a storage class for frequently accessed, non-critical data
S3 Standard-IA/One Zone-IA is for long-lived, infrequently accessed data
Amazon Elastic Block Store (EBS) is a block storage service
If building database applications use EBS and high throughput volumes , faster than s3
Mount a storage volume (i.e., hard disk) to an instance
Foundational for mission-critical systems, such as databases, enterprise applications, and operating systems
Encryption occurs on both data-at-rest and data-in-transit
Block storage stores data as fixed-size units, each with a unique address
A snapshot is an incremental backup
EBS Provisioned IOPS is an SSD volume type for latency-sensitive transactional workloads
EBS General Purpose is an SSD volume type for a wide range of transactional workloads
EBS Throughput Optimized is an HDD volume type for frequently accessed, throughput-intensive workloads
EBS Cold is an HDD volume type for less frequently accessed workloads
Persistent block storage for instances (EC2)
Protected through replication
Different Drive Types : SSD (faster, perform better) and HDD (physical media)
Scale up or down in minutes
Pay for only what provision still pay for storage in EBS
Snapshot functionality
Encryption available
Amazon Elastic File System (EFS) is a file storage service
Set up a Linux file system
Amazon S3 Glacier is a data archiving and long-term backup service
Store infrequently accessed data inexpensively
Expedited Retrieval returns data in a 1-5 minutes
Standard Retrieval returns data in 3-5 hours
Bulk Retrieval returns data in 5-12 hours
AWS Storage Gateway is a hybrid storage service
Get on-premises access to virtually unlimited cloud storage
Shared Responsibility Model
The Shared Responsibility Model states that security and compliance are shared responsibilities between AWS and the customer
Security in the cloud is the responsibility of the customer
Security of the cloud is the responsibility of AWS
Shared Controls apply to the infrastructure layer and customer layer (e.g., awareness and training)
Inherited Controls include physical and environmental controls
Customer Specific Controls include service and communication protection and zone security
Under the shared responsibility model, AWS is responsible for the hardware and software that run AWS services. This includes patching the infrastructure software and configuring infrastructure devices. As a customer, you are responsible for implementing best practices for data encryption, patching guest operating system and applications, identity and access management, and network & firewall configurations.
Pricing
Storage is paid at the GB level
Inbound data transfer is free
Outbound data transfer is paid at the GB level
Compute is paid by the minute or hour
In general, pay only when you use, pay less when you reserve, and pay less as you use more
Well-Architected Framework
Operational excellence
Perform operations as code
Annotate documentation
Make frequent, small, reversible changes
Refine procedures frequently
Anticipate failure
Learn from operational failures
Security
Implement a strong identity foundation
Enable traceability
Apply security at all layers
Automate security best practices
Protect data in transit and at rest
Prepare for security events
Reliability
Test recovery procedures
Automatically recover from failure
Scale horizontally to reduce single points of failure
Stop estimating capacity
Manage change in automation
Performance efficiency
Consumed advanced technologies as services
Go global in minutes
Use serverless architectures
Experiment more often
Align the approach to the desired results
Cost optimization
Adopt a consumption model
Measure overall efficiency
Eliminate datacenter spend
Analyze and attribute expenditures
Use managed and application level services
Support Plans
The Basic plan is free and offers support for account and billing questions, service quota increases, documentation, and forums
The Developer plan offers additional features, such as best practice guidance, basic architecture support, and AWS IAM
The Business plan offers additional features, such as use-case guidance, AWS Trusted Advisor, the AWS Support API, and third-party software support
The AWS Support API is an interface for programmatic case management
The Enterprise plan offers additional features, such as a technical account manager, infrastructure event management, in-depth architectural and operational guidance with SMEs, the AWS Abuse Team, and the AWS Support Concierge Team
A technical account manager (TAM) is a technical point of contact with AWS expertise
Infrastructure event management (IEM) provides strategic planning assistance before major events (e.g., launches)
a short-term engagement with AWS Support, included in the Enterprise-level Support product offering, and available for additional purchase for Business-level Support subscribers.
The AWS Abuse Team provides assistance when AWS resources are compromised by abusive or illegal means
The AWS Support Concierge Team provides assistance with account and billing subjects
Miscellaneous Services
AWS Marketplace is a digital catalog service
Find, test, buy, and deploy AWS-compatible software
AWS Quick Starts is an accelerated deployment service
Get automated, gold-standard enterprise solutions
A reference deployment includes an architectural outline, CloudFormation templates, and an implementation guide
AWS Partner Network (APN)
APN Consulting Partners are professional services firms that help customers design, build, and manage their workloads on AWS
APN Technology Partners provide hardware, connectivity services, or software solutions that or hosted on or integrated with AWS
Extra
Patching—updates to operating system to fix bug or security issue (client responsibility) (operating system level) except if a managed service
Hypervisor – allows multiple virtual instance to run on physical server through code.
Customer Inherit from AWS – Physical and Environment Controls
EC2 pricing:
EC2 instance pricing varies depending on many variables:
- The buying option (On-demand, Reserved, Spot, Dedicated)
- Selected AMI
- Selected instance type
- Region
- Data Transfer in/out
- Storage capacity.
The 5 Pillars of the AWS Well-Architected Framework:
1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.
2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.
Tips
Read the Questions thoroughly
Try eliminate 2 answers then look to see if clues
WizLab
Practice Practice Practice
Practice exams – 80-100% every time
AWS Organizations has five main benefits:
Centrally manage access polices across multiple AWS accounts.
Automate AWS account creation and management.
Control access to AWS services.
Consolidate billing across multiple AWS accounts.
Configure AWS services across multiple accounts.
To estimate the costs of Amazon EBS consider the following:
1- Volume type.
2- Input/output operations per second(IOPS).
3- Snapshots.
4- Data Transfer.
To estimate the costs of an Amazon CloudFront distribution consider the following:
- Data Transfer Out.
- Traffic distribution.
- Number of requests.
