AWS Services
1.- EC2: Elastic Cloud Computing: Virtual Server in the Cloud continuously running with limited by RAM
and CPU assigned based on the image selected.
2.- AWS AMI: Amazon Machine Intances: An Amazon Machine Image (AMI) provides the information
required to launch an instance. You must specify an AMI when you launch an instance. You can launch
multiple instances from a single AMI when you need multiple instances with the same configuration. You
can use different AMIs to launch instances when you need instances with different configurations.
3.- AWS Cloudshell: A key benefit of AWS CloudShell is that you can use it to manage your AWS services
from the command line interface. This means that you don’t need to download and install tools or configure
your credentials locally beforehand. When you launch AWS CloudShell, a compute environment is created
that has the following AWS command line tools already installed: AWS CLI, AWS Elastic Beanstalk CLI,
Amazon ECS CLI, AWS SAM.
4.- IAM: Identity Access Manager: AWS Identity and Access Management (IAM) enables you to manage
access to AWS services and resources securely. Using IAM, you can create and manage AWS users and
groups, and use permissions to allow and deny their access to AWS resources.
5- Amazon SSO: Single Sign-On: Centrally manage single sign-on to access multiple accounts and 3rd
party business applications. AWS SSO integrates with AWS Organization. It does support SAML 2.0,
integrates with on-premises Active Directory, it allows you to have centralized permission management and
audit with CloudTrail.
6.- AWS Directory Service: Is a tool to basically manage Active Directory in AWS. AWS Directory Service
for Microsoft Active Directory, also known as AWS Managed Microsoft Active Directory (AD), enables your
directory-aware workloads and AWS resources to use managed Active Directory (AD) in AWS. AWS
managed Microsoft AD is built on actual Microsoft AD and does not require you to synchronize or replicate
data from your existing Active Directory to the cloud. You can use the standard AD administration tools and
take advantage of the built-in AD features, such as Group Policy and single sign-on. With AWS Managed
Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to your domain
and use AWS End User Computing (EUC) services, such as Amazon Workspaces, with AD users and
groups.
7.- AWS RAM: Resource Access Manager: Share AWS resources with other AWS accounts. For example:
Sharing subnets on a VPC with the accounts of your Org.
8.- AWS Organization: Helps you centrally manage and govern your environment as you grow and scale
your AWS resources. Using AWS Organizations, you can create accounts and allocate resources, group
accounts to organize your workflows, apply policies for governance, and simplify billing by using a single
payment method for all of your accounts. AWS Organizations is integrated with other AWS services so you
can define central configurations, security mechanisms, audit requirements, and resource sharing across
accounts in your organization. AWS Organizations is available to all AWS customers at no additional
charge.
9.- ElastiCache: Amazon ElastiCache (in-memory key / value store database) database allows you to
seamlessly set up, run, and scale popular open-source compatible in-memory data stores in the cloud.
Build data-intensive apps or boost the performance of your existing databases by retrieving data from high
throughput and low latency in-memory data stores. Amazon ElastiCache is a popular choice for real-time
use cases like Caching, Session Stores, Gaming, Geospatial Services, Real-Time Analytics, and Queuing.
Security is done through IAM. It will be a defined EC2 instance for ElastiCache.
10.- Nepture: Is a fully manage graphs database. For social networking use-cases where user comment
to each other, like the pictures, etc. Is not a joins or SQL database. Operation is similar to RDS. Security is
based on IAM, KMS, SSL. Reliability is on Multi AZ, clustering is available. The performance is best suited
for Graphs.
11.- Amazon S3: Single Storage Service: Is an Object Storage solution that can be used as a database
and work on one region or multiple regions at the same time. It allows you to store up to 5TB of data per
Object. Is a key value to store for object. S3 is serverless and the security is managed by IAM, bucket
policies, ACL, encryption for client/server, SSL. There are multiple ways to encrypt the data on S3. AWS
takes care of the operations. Very reliable 99.9999999 and with a great performance.
12.- Athena: Is a fully serverless SQL database with SQL service. The results of Athena can be stored in
S3. The security is handled by IAM + S3 Security. Athena also helps you to query data that is store on the
S3 buckets.
13.- Amazon S3 Glacier: Will help you to backup and archive data stored from your S3 buckets for a long
period of time that has not being used. With Glacier you can set your retention policy of data for archive or
backups.
14.- Amazon Cloudwatch: Cloudwatch provides metric for every service in AWS. Metric is a variable to
monitor (CPU-Utilization, Network-Links, etc). Metrics belong to namespaces. Dimension is an attribute of
a metric (instance-id, environment, etc). Up to 10 dimensions per metric. Metrics have timestamps and you
can create dashboards of the metrics. Is good to remember that Dashboards created for Cloudwatch
metrics are global but each account on a specific region can have his own dashboard.
15.- Amazon EventBridge: Is the next evolution of your CloudWatch events. You can setup event bus
(generated by AWS services (CloudWatch Events). Partner event bus (receive events from SaaS service
or applications (Example: ZenDesk, DataDog, Segment, Auth0, etc). Custom event buses: for your own
applications.
16.- AWS CloudTrail: Is enabled by default. Continuously log your AWS accounts activity. Use CloudTrail
to meet your governance, compliance, and auditing needs for your AWS accounts. You can get a history
of events of all your console, SDK, CLI, AWS Services. Logs can be send to CloudWatch or S3 Buckets. It
can be done for one single region or multiple regions. In case somebody do any change, you can track and
know what and when of anything that happens on the network. On Cloudtrail you have Management
Events (what changes has been done from all users/services), Data Events (where the data should be
send, example S3. This will help you to keep events for long period of time) and Insight Events (analyze
the events and make sure is detecting unusual patterns of anomalies and issues that might be impacting
your services).
17.- AWS Config: Helps with auditing and recording compliance of your AWS resources. Helps record
configurations and changes over time. Questions that can be solved by AWS config: Is there unrestricted
SSH access to my security groups? Do my buckets have any public access? How has my ALB configuration
changed over time? - You can receive alerts (SNS notifications) for any changes. AWS Config is per-region
service. Can be aggregated across regions and accounts and is possible to store all the configurations data
on S3 to be analyzed by Athena. You can use AWS managed config rules, or you can create your own
config rules.
18.- Amazon EFS: Elastic File System: Simple, serverless, set-and-forget, elastic file system. Amazon
Elastic File System (Amazon EFS) provides a simple, scalable, fully managed, elastic NFS file system for
use with AWS Cloud services and on-premises resources. Amazon EFS is easy to use and offers a simple
interface that allows you to create and configure file systems quickly and easily.
19.- FSx for Windows: Amazon FSx for Windows File Server provides fully managed, highly reliable, and
scalable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol. It
is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-
user file restore, and Microsoft Active Directory (AD) integration. It offers single-AZ and multi-AZ
deployment options, fully managed backups, and encryption of data at rest and in transit. You can optimize
cost and performance for your workload needs with SSD and HDD storage options; and you can scale
storage and change the throughput performance of your file system at any time. Amazon FSx file storage
is accessible from Windows, Linux, and MacOS compute instances and devices running on AWS or on
premises.
20.- FSx for Lustre: Amazon FSx for Lustre is a fully managed service that provides cost-effective, highperformance, scalable storage for compute workloads. Many workloads such as machine learning, high
performance computing (HPC), video rendering, and financial simulations depend on compute instances
accessing the same set of data through high-performance shared storage. Powered by Lustre, the world’s
most popular high-performance file system, FSx for Lustre offers sub-millisecond latencies, up to hundreds
of gigabytes per second of throughput, and millions of IOPS. It provides multiple deployment options and
storage types to optimize cost and performance for your workload requirements. FSx for Lustre file systems
can also be linked to Amazon S3 buckets, allowing you to access and process data concurrently from both
a high-performance file system and from the S3 API.
21.- AWS EBS: Elastic Block Store: Amazon Elastic Block Store (Amazon EBS) is an easy-to-use,
scalable, high-performance block-storage service designed for Amazon Elastic Compute Cloud (Amazon
EC2). EBS is Amazon’s block-level storage solution used with the EC2 cloud service to store persistent
data. This means that the data is kept on the AWS EBS servers even when the EC2 instances are shut
down
22.- RDS: Relational Database Service: Is a service that allow you to manage your PostgreSQL, MySQL,
Oracle, SQL Server, MariaDB and Aurora databases. It supports read replica and multi-AZ. The uses cases
are mostly around RDBMS / OLTP) to perform SQL queries, transactional inserts, updates and delete. AWS
is responsible of the EC2 instances where the RDS database run. No SSH access is allowed. It also allows
the integration of EBS for more storage.
23.- RDS Aurora: Is an SQL database compatible with postgresql and mysql. Data is held in 6 replicas
across 3 AZ. Auto healing capability. It allows multi AZ and auto-scalling read replicas. Read replicas can
be globally. Aurora database can be global for DR or latency purposes. Auto scalling of storage can be
from 10GB to 128TB. There are defined EC2 instances type for Aurora. Security is managed by IAM. Same
security features as RDS.
24.- AWS Lambda: Virtual Function that doesn’t require a server to manage and is limited by time (meaning
short executions) and runs on-demand. The scaling is completely automated. Lambda allow you to use
multiple programming languages (Javascript, Python, Java, C#, Golan, Ruby, Custom Runtime API,
Powershell. ECS/Fargate can run on Lambda.
25.- DynamoDB: Fully Managed (~JSON), highly available with replication across multiple AZs. Is a
serverless noSQL database - not a relational database. It scales to massive workloads and is a distributed
database. Fast and consistent in performance (low latency on retrieval) and it can be fully integrated with
IAM for security, authorization, and administration. DynamoDB is made of Tables and each table has a
primary key. Each table can have infinite number of items (rows) defined as attributes. Max size of an item
is 400KB. You can use a caching technology in front of it called: DAX to improve the performance to read
on the database. Can only query on primary key, sort key or indexes.
26.- ASG: Auto Scaling Groups: An Auto Scaling group contains a collection of Amazon EC2 instances
that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto
Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check
replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and
automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service. The size of an Auto
Scaling group depends on the number of instances that you set as the desired capacity. You can adjust its
size to meet demand, either manually or by using automatic scaling. An Auto Scaling group starts by
launching enough instances to meet its desired capacity. It maintains this number of instances by
performing periodic health checks on the instances in the group. The Auto Scaling group continues to
maintain a fixed number of instances even if an instance becomes unhealthy. If an instance becomes
unhealthy, the group terminates the unhealthy instance and launches another instance to replace it.
27.- ELB: Elastic Load Balance: There are 4 type of load balances that can be created. Application Load
Balance (Mostly for HTTP Traffic). Network Load Balance (Mostly for TCP/UDP traffic). Gateway Load
Balance (Mostly for IP-to-IP traffic) and Classic Load Balance (The very traditional load balance that was
created by AWS, but this one is not being used often). You can load balance on multiple ways, but the more
commons are by: instances, by ports, by stickiness, authentication, round robin, etc.
28.- VPC: Virtual Private Cloud: Define and launch AWS resources in a logically isolated virtual network.
Amazon Virtual Private Cloud (VPC) gives you complete control over your virtual networking environment,
including resource placement, connectivity, and security. The first step is to create your VPC. Then you can
add resources to it, such as Amazon Elastic Compute Cloud (EC2) and Amazon Relational Database
Service (RDS) instances. Finally, you can define how your VPCs communicate with each other across
accounts, Availability Zones (AZs), or Regions.
29.- Snowball / Snowmobile: Snowball is a petabyte-scale data transport solution that uses secure
appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses
common challenges with large-scale data transfers including high network costs, long transfer times, and
security concerns.
30.- Amazon CloudFront: Securely deliver content with low latency and high transfer speeds. Amazon
CloudFront is a content delivery network (CDN) service built for high performance, security, and developer
convenience. Start streams quickly, play them with consistency, and deliver high-quality video to any device
with AWS Media Service and AWS Elemental integration. Scale automatically to deliver software, game
patches, and IoT over-the-air (OTA) updates at scale with high transfer rates. Optimize dynamic web
content delivery with the purpose-built and feature-rich AWS global network infrastructure supporting edge
termination and WebSockets. Reach viewers across the globe in milliseconds with built-in data
compression, edge compute capabilities, and field-level encryption.
31.- AGA AWS Global Accelerator: AGA is a networking service that improves the performance of your
users’ traffic by up to 60% using Amazon Web Services’ global network infrastructure. When the internet is
congested, AWS Global Accelerator optimizes the path to your application to keep packet loss, jitter, and
latency consistently low. With Global Accelerator, you are provided two global static public IPs that act as
a fixed entry point to your application, improving availability. On the back end, add or remove your AWS
application endpoints, such as Application Load Balancers, Network Load Balancers, EC2 Instances, and
Elastic IPs without making user facing changes. Global Accelerator automatically re-routes your traffic to
your nearest healthy available endpoint to mitigate endpoint failure.
32.- Amazon SQS: Single Queue Service: SQS is a fully managed message queuing service that enables
you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates
the complexity and overhead associated with managing and operating message-oriented middleware and
empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive
messages between software components at any volume, without losing messages or requiring other
services to be available.
33.- Amazon SNS: Simple Notification Service: SNS is a fully managed pub/sub messaging, SMS, email,
and mobile push notifications. Amazon Simple Notification Service (Amazon SNS) is a fully managed
messaging service for both application-to-application (A2A) and application-to-person (A2P)
communication. The A2A pub/sub functionality provides topics for high-throughput, push-based, many-tomany messaging between distributed systems, microservices, and event-driven serverless applications.
Using Amazon SNS topics, your publisher systems can fanout messages to a large number of subscriber
systems including Amazon SQS queues, AWS Lambda functions and HTTPS endpoints, for parallel
processing, and Amazon Kinesis Data Firehose. The A2P functionality enables you to send messages to
users at scale via SMS, mobile push, and email
34.- Amazon QuickSight: A BI tool that allow you to quickly visualize the data into an S3 bucket or a Data
Warehouse.
35.- Amazon Redshift: Is based on PostgreSQL and it use OLTP (Online Analytical Processing) - OLTP
is good for analytics, BI and data warehousing. 10x better performance than other data warehouses, scale
to PBs of data. Has a SQL interface for performing the queries. It does integrate with BI tools such as AWS
QuickSight or Tableau Software.
36.- AWS Glue: is a fully managed ETL (extract, transform, and load) service that makes it simple and
cost-effective to categorize your data, clean it, enrich it, and move it reliably between various data stores
and data streams. Useful to prepare and transform data for analytics. Fully serverless service. Glue has a
Catalog of datasets. You can connect it to S3, RDS, DynamoDB or any JDBC database.
37.- Kinesis: Collect, process, and analyze data streams in real time. Kinesis Data Streams: Collect and
store data streams. Collect gigabytes of data per second and make it available for processing and analyzing
in real time. Kinesis Data Firehose: Process and deliver data streams. Prepare and load real-time data
streams into data stores and analytics tools. Kinesis Data Analytics: Analyze streaming data. Get
actionable insights from streaming data in real time.
38.- Amazon MQ: Is a fully managed service for open-source message brokers. Amazon MQ is a managed
message broker service for Apache MQ and RabbitMQ that makes it easy to set up and operate message
brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning,
setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current
applications with industry-standard APIs and protocols, you can easily migrate to AWS without having to
rewrite code.
39.- Amazon Redshift: Fast, simple, cost-effective data warehouse that can extend queries to your data
lake.
40.- Amazon ElasticSearch: Is a search engine based on JSON that allow you to search for text,
unstructured searches. With ElasticSearch you can search any field, even partially matches. It’s common
to use it as a complement to another database. It has built-in integrations with Amazon Kinesis Data
Firehose, AWS IoT and Amazon CloudWatch Logs for data ingestion. Security can be done through Cognito,
IAM, KMS Encryption, SSL and VPC. It comes with Kibana (visualization) & Logstash (log ingestion). Is
great for search and indexing capabilities.
41.- ECS: Elastic Container Service: To launch docker container on AWS. Help you to start/stop container
and have full integration with ELB. ECS agent will run on all the instances where you are running containers,
and this will allow you to scale in/out new instances and containers on your instances.
42.- ECR (Elastic Container Registry): Store, Manage and Deploy your container images. Its fully
integrated with ECS and IAM for security and is backed by Amazon S3.
43.- Fargate: Amazon’s own serverless container platform that allow you to launch docker containers on
AWS. No need to create EC2 instances and Fargate will only create containers based on services and
tasks with different ENI (Elastic Network Interfaces).
43.- Amazon EvenBridge: Allow you to run ECS task to take actions. is a serverless event bus that makes
it easier to build event-driven applications at scale using events generated from your applications,
integrated Software-as-a-Service (SaaS) applications, and AWS services. EventBridge delivers a stream
of real-time data from event sources such as Zendesk or Shopify to targets like AWS Lambda and other
SaaS applications. You can set up routing rules to determine where to send your data to build application
architectures that react in real-time to your data sources with event publisher and consumer completely
decoupled
44.- EKS: Elastic Kubernetes Service: Launch and Manage Kubernetes clusters on AWS. Kubernetes is
an OpenSource system for automatic deploy, scale and manage your containers (dockers) applications.
The use-case of K8s will be when you are using it on other clouds or on-premises DC.
45.- AWS Cognito: It a way to give to users an identity (user/pass) so that they can interact with our
applications. For example, using logins of Facebook/Google to authenticate to specific services. For
example: A Facebook validated user to login temporary to an S3 bucket to write data.
46.- AWS KMS: Key Management Service): Anytime you hear “encryption” for an AWS service, its most
likely KMS. Its an easy way to control access to your data, AWS manages keys for us. Fully integrated with
IAM for authorization. Seamlessly integrated into: EBS, S3, Redshift, RDS, SSM, etc. KMS can also use
the CLI / SDK. KMS have symmetric keys (AES-256 keys) and asymmetric keys (RSA & ECC key pairs).
47.- AWS API Gateway: Is a full serverless service that helps creating a rest-api, http or websocket API to
invoke multiple functions using different aws services, such as lambda, sqs, etc. Some of the features of
API Gateways are: Support for the webhook protocol, handle API versioning, can handle different
environments (dev, test, prod), can handle security (authentication and authorization), create API keys, can
generate SDK and API specifications, can cache API responses.
48.- AWS SAM: Server Application Model: Is a framework for developing and deploying serverless
applications. It helps you to deploy all the configuration needed on a YAML code for: Lambda functions,
DynamoDB tables, API Gateways and Cognito User Pools. On top of that SAM can help you to run the
services above locally.
49.- AWS STS: Security Token Service: AWS provides STS as a web service that enables you to request
temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users you
authenticate (federated users).
50.- Amazon SES: Simple Email Service: It’s a service that allow you to send emails in a serverless way.
51.- AWS SSM: Systems Manager Agent (SSM Agent): Is a software that can be installed and configured
on an EC2 instance, an on-premises server, or a virtual machine (VM). SSM Agent makes it possible for
Systems Manager to update, manage, and configure these resources. The agent processes requests from
the Systems Manager service in the AWS Cloud, and then runs them as specified in the request. SSM
Agent then sends status and execution information back to the Systems Manager service by using the
Amazon Message Delivery Service (service prefix: ec2messages). It can be integrated with CloudWatch
Events for notifications. It can also be integrated with CloudFormation.
52.- AWS Secret Manager: Use Secrets Manager to store, rotate, monitor, and control access to secrets
such as database credentials, API keys, and OAuth tokens. Enable secret rotation using built-in integration
for MySQL, PostgreSQL, and Amazon Aurora on Amazon RDS. You can also enable rotation for arbitrary
secrets using AWS Lambda functions. To retrieve secrets, you simply replace hardcoded secrets in
applications with a call to Secrets Manager APIs, eliminating the need to expose plaintext secrets.
53.- AWS CloudHSM Hardware Security Module: provides cloud-based Hardware Security Modules
(HSMs) for generating and using your own encryption keys in the AWS Cloud. With CloudHSM, you can
manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs and integrate with your
applications using industry-standard APIs. AWS CloudHSM runs in your own Amazon Virtual Private Cloud
(VPC), so that you can easily use your HSMs with applications that run on your Amazon EC2 instances.
With CloudHSM, you can use standard VPC security controls to manage access to your HSMs. Your
applications connect securely and with better performance.
54.- AWS Shield: Free service that is activated for every AWS customer. Provides protection from attacks such as
SYN/UDP floods, Reflection attacks, and other layer 3/4 attacks. There is another service called AWS Shield
Advanced that is optional, but it provides DDoS mitigration service (3k per month per Org) and helps you to protect
against more sophisticated attacks on Amazon EC2, ELBs, CloudFront, Route53, Global Accelerator. It 24/7 access to
AWS DDoS response team (DRP). Protects against higher fees during usage spikes due to DDoS.
55.- AWS WAF: Web Application Firewall: Protects your web applications from common web exploits
(Layer 7). Layer 7 is HTTP (vs Layer 4 is TCP). Deploy on Application Load Balancer, API Gateway,
CloudFront. Define Web ACL (Web Access Control List): Rules can include IP Addresses, HTTP headers,
HTTP body, or URI strings. Protect from common attacks - SQL Injections and Cross-Site Scripting (XSS).
Size constraints, geo-match (block countries), Rate-based rules (to count occurrences of events) - for DDoS
protection (events per IP that can be attacking your infrastructure and be detected with WAF).
56.- AWS Firewall Manager: Manage all rules in all accounts of an AWS Organization. Common set of
security rules. WAF rules (Application Load Balancer, API Gateways, CloudFront), AWS Shield Advanced
(ALB, CLB, Elastic IP, CloudFront). Security Groups for EC2 and ENI resources in VPC.
57.- Amazon GuardDuty: With one-click Amazon GuardDuty reduces risk using intelligent and continuous
threat detection of your AWS accounts, data, and workloads. Intelligent Threat discovery to protect AWS
Account. Uses Machine Learning algorithms, anomaly detection, 3rd party data, one click to enable (30
days trial), no need to install software. Work on detecting unusual API calls, internal traffic, IP Address,
compromised EC2 and also protect against cryptocurrency attacks. It will analyze VPC Flow Logs,
CloudTrail Logs and DNS Logs.
58.- Amazon Inspector: Is an agent that must be installed on OS in EC2 instances (it works only on EC2
instances). Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you
identify potential security issues. It automates Security Assessments for the EC2 instances, Analyze the
running OS against known vulnerabilities, analyze against unintended network accessibility. It can integrate
with SNS for notifications.
59.- Amazon Macie: is a fully managed data security and data privacy service that uses machine learning
and pattern matching to discover and protect your sensitive data in AWS. Machine helps identify and alert
you to sensitive data, such as personally identifiable information (PII).
60.- VPC Peering: Privately connect 2 VPCs using AWS Network. Make them behave as if they were on
the same network. Most not have overlapping CIDRs. VPC Peering connection is NOT transitive (most be
established for each VPC that need to communicate with one another). Last, you must update route tables
in EACH VPC subnets to ensure EC2 instances can communicate with each other. You can create VPC
peering connection between VPCs in different AWS accounts/regions. You can reference a security group
in a peering VPC (work cross accounts - same region).
61.- VPC Endpoint (AWS Private Network): Every AWS service is publicly exposed (Public URL) but with
VPC Endpoint you can connect to an AWS service using a private link/network instead of using the public
Internet. The private links are redundant and scale horizontally. The private links remove the need of IGW,
NETGW, etc to access AWS services. There are 2 ways of connecting: Interface Endpoints: that assign
an Elastic Network Interface, ENI to the EC2 instances and Gateway Endpoints: Provision a gateway and
must be used as a target in a route table. It supports both S3 and DynamoDB but it can be more complicate
to maintain.
62.- VPC Flow Logs: Capture information about IP Traffic going into your interfaces: VPC Flow Logs,
Subnet Flow Logs, Elastic Network Interface (ENI) Flow Logs. It helps to monitor & troubleshoot connectivity
issues. Flow logs data can go to S3 / CloudWatch Logs. Capture Network Information from managed
interfaces too: ELB, RDS, ElastiCache, RedShift, WorkSpace, NATGW, Transit Gateway, etc.
63.- VPC VPN Connection: Site-to-Site VPN Connection. Virtual Private Gateway (VGW): VPN
Concentrator on the AWS side of the VPN Connection. VGW is created and attached to the VPC from
which you want to create the Site-to-Site VPN connection. Possibility to customer ASN (Autonomous
System Number).
64.- AWS VPN CloudHub: Provide secure communication between multiple sites if you have multiple VPN
connections. Low-cost hub-and-spoke model for primary and secondary network connectivity between
different locations (VPN only). It’s a VPN connection so it goes over the public Internet. To set it up, connect
multiple VPN connections on the VGW, setup dynamic routing and configure route tables.
65.- Direct Connect (DX): Provides a dedicated private connection from a remote network to your VPC.
Dedicated connection must be setup between your DC and AWS Direct Connect locations. You need to
setup a Virtual Private Gateway on your VPC. Access Public resources (S3) and private (EC2) on same
connection. It helps to get a better connectivity to your on-premises Data Centers.
66.- AWS PrivateLink (VPC Endpoint Services): Most secure & scalable way to expose service to 1000s
of VPC (own or other accounts). Does not require VPC peering, Internet Gateway, Nat, routing tables, etc.
Require a network load-balancer (Service VPC) and ENI (Customer VPC) or GWLB. If the NLB is in multiple
AZ, and the ENIs are in multiple AZ, the solution is fault tolerant.
67.- Transit Gateway: For having transitive peering between thousands of VPCs and on-premises, huband-spoke (star) connection. Is a regional resource, can work cross-region. Share cross-account using
Resource Access Manager (RAM). You can peer Transit Gateways across regions. Route Tables: limit
which VPC can talk with other VPC. Works with Direct Connect Gateway, VPN connections. Support IP
Multicast (NOT supported by any other AWS service).
68.- VPC Traffic Mirroring: Allows you to capture and inspect network traffic in your VPC. Route the traffic
to security appliances that you manage. Capture the traffic from (Source) - ENIs to (Target) - an ENI or a
Network load Balancer. Capture all packets or capture the packets of your interest (optional, truncate
packets). Source and target can be in the same VPC or different VPC (VPC Peering). Use cases: Connect
inspection, threat monitoring, troubleshooting.
69.- VPC Egress Only Internet Gateways: Is like a NAT Gateway but for IPv6. Allow the Instances with
IPv6 Address to access the Internet but not to be reachable from the Internet.
70.- AWS DMS: Database Migration Service: Quickly and Securely migrate databases to AWS, resilient,
self-healing. The source database remains available during the migration. Supports homogeneous
migrations: Oracle to Oracle and heterogeneous migrations: Microsoft SQL Server to Aurora. There is a
continuous data replication using CDC. For this service you most create an EC2 instance to perform the
replication task.
71.- AWS Schema Conversion Tool (SCT): Convert your Database Schema from one engine to another.
Example: OLTP: (SQL Server or Oracle) to MySQL, PostgreSQL, Aurora. Example OLAP: (Teradata or
Oracle) to Amazon Redshift. Note: You don’t need SCT if you are migrating the same DB engine.
72.- AWS DataSync: Move large amount of data from on-premises to AWS. Can synchronize to: Amazon
S3 (any storage classes- including Glacier), Amazon EFS, Amazon FSx Windows. It can move data from
your NAS or file system via NFS or SMB. it can do replication tasks that can be scheduled hourly, daily,
weekly. It can leverage the DataSync agent to connect to your systems. Can setup bandwidth limits.
73.- AWS Backup: Fully managed service. Centrally manage and automate backups across AWS services.
No need to create scripts and manual process. Supported services: Amazon FSx, Amazon EFS, Amazon
DynamoDB, Amazon EC2, Amazon EBS, Amazon Aurora, AWS Storage Gateway (Volume Gateway).
Support cross-region backups. Support cross-accounts backups.
74.- AWS Batch: For Automation and Orchestration. Supports multi-node parallel jobs, which enables you
to run single jobs that span multiple EC2 instances. Easily schedule and launch EC2 instances accordingly.
75.- AWS ParallelCluster: For Automation and Orchestration. OpenSource cluster management tool to
deploy HPC (High Performance Compute) on AWS. Configuration with text files and automate creation of
VPCs, Subnets, Cluster type and instance type.
76.- AWS CodeCommit: To push new code and keep developing multiple people81. at the same time.
similar to github or other 3rd party code repository.
77.- AWS CodeBuild: To build and test the code. Similar to Jenkins CI or 3rd party CI server.
78.- AWS Elastic Beanstalk: To Deploy and Provision the code on production. You can also use with
Elastic Beanstalk AWS CodeDeploy.
79.- AWS CodePipeline: To orchestrate all the tools together: AWS CodeCommit, AWS Code Build, AWS
Elastic Beanstalk.
80.- AWS CloudFormation: Is an infrastructure as a code service. Is a declarative way of outlining your
AWS Infastructure, for any resources (most of them are supported). For example: within a CloudFormation
template, you say: I want a security group, I want 2 EC2 instances using this security group, I want 2 Elastic
IP for the 2 EC2 instances, I want an S3 bucket, I want a load balancer (ELB) in front of these EC2 instances.
CloudFormation can create all the resources I need in the right order with the exact configuration that I
specify.
81.- AWS Step Functions: Orchestrator that makes it easy to sequence AWS Lambda functions and
multiple AWS services into business-critical applications. Through its visual interface, you can create and
run a series of checkpointed and event-driven workflows that maintain the application state.
82.- Amazon EMR: Elastic MapReduce: Amazon Elastic MapReduce (Amazon EMR) is a web service
that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process
for vast amounts of data. EMR helps creating Hadoop clusters (BIG DATA) to analyze and process vast
amount of data. The cluster can be made of hundreds of EC2 instances. Also support Apache Spark, HBase,
Presto, Flik. EMR takes care of all the provisioning and configuration. Auto-Scaling and integrated with Spot
instances. Some uses cases: Data processing, machine learning, web indexing, big data.
83.- AWS OpsWorks: Chef and Puppet help you perform server configuration automatically, or repetitive
actions. They work great with EC2 & On-Premises VMs. AWS OpsWorks = Managed Chef and Puppet. It’s
an alternative for AWS SSM.
84.- AWS WorkSpaces: Is a manage, Secure Cloud Desktop. Great to eliminate management of onpremises VDI (Virtual Desktop Infrastructure). On demand, pay per usage. Secured, Encrypted, Network
Isolation. Integrated with Microsoft Active Directory.
85.- AWS AppSync: Is a service that store and sync data across mobile and webapp in real-time. Makes
use of GraphQL (mobile technology from Facebook). Client code can be integrated automatically.
Integration with DynamoDB / Lambda. Real-time subscription. Offline data synchronization (replace
Cognito Sync). FIne Grained Security.
86.- AWS Cost Explorer: Visualize, understand, and manage your AWS costs and usage over time. Create
custom reports that analyze cost and usage data. Analyze your data at a high level: total cost and usage
across all accounts. Or monthly, hourly, resource level granularity. Choose an optimal Saving Plan (to lower
prices on your bill). Forecast usage up to 12 months based on previous usage.
87.- AWS Well Architected Tool: The AWS Well-Architected Tool helps you review your workloads against
current AWS best practices and provides guidance on how to improve your cloud architectures. This tool is
based on the AWS Well-Architected Framework.
88.- AWS X-Ray: AWS X-Ray makes it easy for developers to analyze the behavior of their distributed
applications by providing request tracing exception collection, and profiling capabilities.
89.- AWS Trusted Advisor: Use the Trusted Advisor dashboard to get an overview of the check results in
your AWS account. Choose a check name or category to view the recommended actions or potential issues
that Trusted Advisor has identified. Each check provides more information about how to address any issues.
You can also download a summary of all check results. You can get Programmatic Access to this tool using
AWS Support API. Some of the check it will do: Cost Optimization (low utilization on your EC2 instances,
load-balances), Performance (high utilizations, CDN optimizations), Security (MFA enabled or not, IAM
key rotations, exposed access key), Fault Tolerance (EBS snapshot age, availability zones) and last
Service Limits. Note: You will need to upgrade your AWS Support plan to get all Trusted Advisor checks