AWS Services

Define: APN Technology Partners APN Consulting Partners APN Training Partners

APN Technology Partners: provides hardware, software, and connectivity APN Consulting Partners: assistance from professional service firm to help build on AWS APN Training Partners: find who can help you learn AWS

AWS Batch

AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. It is not used to automate operations on his on-premises environment using Chef and Puppet.

AWS Snowball

AWS Snowball is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS services using storage devices designed to be secure for physical transport. You cannot use Snowball to provide AWS Cloud based storage access to on-premises applications.

AWS Business Support

AWS recommends Business Support if you have production workloads on AWS and want 24x7 access to technical support and architectural guidance in the context of your specific use-cases.

Amazon Elastic Container Service (ECS)

Elastic Container Service: Launch Docker container on AWS. *YOU must provision + maintain infrastructure(EC2 instances). *AWS takes care of starting/stopping containers. A highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines. With simple API calls, you can launch and stop Docker-enabled applications, query the complete state of your application, and access many familiar features such as IAM roles, security groups, load balancers, Amazon CloudWatch Events, AWS CloudFormation templates, and AWS CloudTrail logs. **has integrations with application load balancers :)

Amazon CloudFront

Is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers **globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS - both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. **anytime you see "CDN" (Content Delivery Network) think "CloudFront". Best for STATIC content. Low latency + high transfer speed. **You use S3 for the content hosting and CloudFront as the content delivery network.

Amazon Redshift

Is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake. Redshift delivers ten times faster performance than other data warehouses by using machine learning, massively parallel query execution, and columnar storage on high-performance disk. You can setup and deploy a new data warehouse in minutes, and run queries across petabytes of data in your Redshift data warehouse, and exabytes of data in your data lake built on Amazon S3. You can start small for just $0.25 per hour and scale to $250 per terabyte per year, less than one-tenth the cost of other solutions. **scalable data warehouse

Amazon DynamoDB

Is a key-value and document database that delivers single-digit millisecond performance at any scale. It's a fully managed, multiregion, multimaster database with built-in security, backup and restore, and in-memory caching for internet-scale applications. DynamoDB can handle more than 10 trillion requests per day and support peaks of more than 20 million requests per second.

AWS Shield

Is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced.

Amazon ElastiCache

Is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying entirely on slower disk-based databases.

Amazon Elastic Compute Cloud (EC2)

Is a web service that provides both a secure and a resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. Capable of renting virtual machines (EC2), storing data on virtual drives (EBS), distributing loads across machines (ELB), and scaling services using an auto-scaling group (ASG). *instances: virtual servers that we rent from AWS *(is an IaaS) *Purchasing Options: On-demand(), Reserved(~75%) (convertible/scheduled RI, non interrupt-able), Spot(~90%, interruptible + infrequent), and Dedicated Hosts(key word: physical isolation)

AWS Quick Starts references

Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately. Each Quick Start includes AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.

Amazon Polly

Turn text into lifelike speech using deep learning to assist with creating applications that talk. **uses advanced deep learning

Amazon Machine Image (AMI)

**An EC2 feature that enables a user to launch pre-configured Amazon EC2 instances

Amazon Storage Service (S3)

*Great durability (how often you would lose a file) and availability (how readily available the service is). An object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides easy-to-use management features so you can organize your data and configure finely-tuned access controls to meet your specific business, organizational, and compliance requirements. Amazon S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world. **You use S3 for the content hosting and CloudFront as the content delivery network.

6 Advantages of Cloud Computing

1. Trade capital expense for variable expense 2. Benefit from massive economies of scale 3. Stop guessing capacity 4. Increase speed and agility 5. Stop spending money running and maintaining data centers 6. Go global in minutes

AWS Basic Support

A basic support plan is included for all AWS customers.

AWS Fargate

A compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters. You no longer have to provision, configure, and scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing. AWS Fargate removes the need for you to interact with or think about servers or clusters. Fargate lets you focus on designing and building your applications instead of managing the infrastructure that runs them. Is a purpose-built serverless compute engine for containers. It scales and manages the infrastructure required to run your containers. **A way to launch Docker containers on AWS. *You DO NOT need to provision + maintain infrastructure, and AWS takes care of running containers for you based on the CPU/RAM needed.

AWS Elastic Beanstalk

A developer centric view of deploying an application on AWS. Provisions servers so it is NOT a serverless server. 1. all-in-one view w/all components 2. PaaS**(which allows you to model and provision resources needed for an application) 3. FREE --> but you do pay for underlying instances You can simply upload your code, and AWS Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services. You simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. Beanstalk provisions servers so it is not a serverless service. **can automate application deployments.

AWS Marketplace

A digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.

Amazon Route 53

A managed DNS (Domain Name System) It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating human readable names, such as www.example.com, into the numeric IP addresses, such as 192.0.2.1, that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well. *DNS: A collection of rules + records to help clients understand how to reach a server through URL's *weighted routining policy: route traffic to multiple resources and choose how much traffic in each resource. (know all the other routining policies) *global

AWS CodeDeploy (hybrid)

A service that automates code deployments to any instance, including EC2 instances and instances running on premises. It does not use Chef and Puppet, and does not deal with infrastructure configuration and orchestration. *remember that it allows you to upgrade both your EC2 instance applications + your on-premise servers applications from v1 to v2 automatically from a single interface. *AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers.

AWS Step Functions

A service that lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. Using Step Functions, you can design and run workflows that stitch together services such as AWS Lambda and Amazon ECS into feature-rich applications. Workflows are made up of a series of steps, with the output of one step acting as input into the next. Application development is simpler and more intuitive using Step Functions, because it translates your workflow into a state machine diagram that is easy to understand, easy to explain to others, and easy to change.

Amazon Trusted Advisor

A tool to analyze your AWS accounts and provide recommendations. Comes in 2 tiers, the "Core Checks and recommendations" for all customers, or the "Full Trusted Advisor" available for *Business & Enterprise support Plans. AWS Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices **With full capability you can set CloudWatch alarms and *Programmatic Access using AWS Support API. It is NOT used to get operational insights of AWS resources. Can locate under utilized EBS volumes. ** best practice assessments

AWS Budgets

A tool to create *budgets and *send alarms when costs exceeds the budget. Gives the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Budgets can be created at the monthly, quarterly, or yearly level, and you can customize the start and end dates. There are 3 types of budgets, Usage, Cost, and Reservation. You receive up to 5 SNS notifications per budget, and 2 budgets are free, then it's $0.02/day/budget. **Navigate by going to "Billing", "Budgets", and then "create Budget"

AWS Artifact

AWS Artifact is your central resource for compliance-related information on AWS Cloud. It provides on-demand access to AWS' security and compliance reports and select online agreements. Reports available in AWS Artifact include the Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies. Agreements available in AWS Artifact also include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

AWS Compliance

AWS Compliance enables customers to establish and operate in an AWS security control environment ✑ The shared responsibility model is part of AWS Compliance program ✑ The Security of the cloud is managed by Amazon AWS provider ✑ The Security in the cloud is responsibility of the customer ✑ The customer is responsible for their information and data, their secure transmission, integrity, and encryption ✑ Also, the customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2 ✑ AWS customers retain control and ownership of their data ✑ The AWS network provides significant protection against traditional network security issues and the customer can implement further protection

AWS Config

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. Think resource-specific history, audit, and compliance; think Config. **auditing of changes to configurations

AWS Direct Connect

AWS Direct Connect creates a dedicated private connection from a remote network to your VPC. This is a private connection and does not use the public internet. Takes at least a month to establish this connection. Direct Connect is a connectivity service and you cannot use it to provide AWS Cloud based storage access to on-premises applications. **For example, SSH keys are needed to direct connect and login into an EC2 instance.

AWS Directory Service

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. It is not used to deploy resources.

AWS Enterprise Support

AWS Enterprise Support provides customers with concierge-like service where the main focus is on helping the customer achieve their outcomes and find success in the cloud. With Enterprise Support, you get access to online training with self-paced labs, 24x7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance, a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts.

Amazon Glue

AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics. AWS Glue job is meant to be used for batch ETL data processing. It cannot be used to discover and protect your sensitive data in AWS.

3 Forms of Interacting with AWS Services

AWS MGMT CONSOLE Graphical interface to access AWS features COMMAND LINE INTERFACE (CLI) Lets you control AWS services from command line SOFTWARE DEVELOPMENT KITS (SDKs) Enable you to access AWS using a variety of popular programming languages

AWS OpsWorks

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments. **you would only use this if "Chef & Puppet" was already being used before migrating to the Cloud. Paired great with EC2 + on-premise VM **OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

AWS Service Catalog

AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. Service Catalog cannot be used to review the compliance and governance-related documents on AWS.

AWS Web Application Firewall (AWS WAF)

AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to an Amazon CloudFront distribution, an Amazon API Gateway API, or an Application Load Balancer. AWS WAF charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive (it is not a free service).

AWS Developer Support

AWS recommends Developer Support if you are testing or doing early development on AWS and want the ability to get technical support during business hours as well as general architectural guidance as you build and test.

Amazon Cognito

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. With Amazon Cognito, you also have the option to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. It is an identity management solution for customers/developers building B2C or B2B apps for their customers.

Amazon EBS Volumes

Amazon EBS volumes are not encrypted, by default. You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create.

Amazon ECR

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (Amazon ECS), simplifying your development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications. Integration with AWS Identity and Access Management (IAM) (p. 56) provides resource-level control of each repository. With Amazon ECR, there are no upfront fees or commitments. You pay only for the amount of data you store in your repositories and data transferred to the Internet. **private Docker Registry, where you store your Docker Images.

Amazon Macie

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII).

Amazon Pinpoint

Amazon Pinpoint is a flexible and scalable outbound and inbound marketing communications service. You can connect with customers over channels like email, SMS, push, or voice. Amazon Pinpoint is easy to set up, easy to use, and is flexible for all marketing communication scenarios.

Amazon S3 Glacier

Amazon S3 Glacier (S3 Glacier), is a storage service optimized for infrequently used data, or "cold data. Data at rest stored in S3 Glacier is automatically server-side encrypted using 256-bit Advanced Encryption Standard (AES-256) with keys maintained by AWS. *encryption is automatically enabled

Amazon SageMaker

Amazon SageMaker is a fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high-quality models.

Amazon Simple Notification Service (SNS)

Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.

Amazon Transcribe

An AWS tool used to automatically convert speech to text quickly and accurately. It uses a deep learning process called "automatic speech recognition" (ASR). ** uses cases: transcribe customer service calls, automate closed captioning and subtitling, and generate metadata for media assets to create a fully searchable archive. Or subtitles for movies.

Amazon Inspector

An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. **automated security assessment

Auto Scaling

Elasticity for applications, scaling EC2 instances, replace anything "unhealthy", and will automatically integrate with Load Balancers. Helps you maintain application availability and allows you to automatically add or remove EC2 instances according to conditions you define. You can use the fleet management features of Amazon EC2 Auto Scaling to maintain the health and availability of your fleet. **automatically adjusts the number of Amazon EC2 instances to support incoming traffic

AWS X-Ray

Get a visual analysis of the entire application. You can use AWS X-Ray to analyze and debug serverless and distributed applications such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. Advantages: troubleshoot/debug performance, understand dependencies in a microservice architecture, pinpoint service issues, review request behaviors, and find errors and exceptions.

AWS CloudFormation

Gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. You can use the AWS CloudFormation sample templates or create your own templates to describe your AWS resources, and any associated dependencies or runtime parameters, required to run your application. You don't need to figure out the order for provisioning AWS services or the subtleties of making those dependencies work. CloudFormation takes care of this for you. After the AWS resources are deployed, you can modify and update them in a controlled and predictable way, in effect applying version control to your AWS infrastructure the same way you do with your software. *It can be used to automate code deployment.

Amazon EC2 Systems Manager

Gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. With Systems Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and take action on your groups of resources

Amazon SWF

Helps developers build, run, and scale background jobs that have parallel or sequential steps. You can think of Amazon SWF as a fully-managed state tracker and task coordinator in the cloud. If your application's steps take more than 500 milliseconds to complete, you need to track the state of processing. If you need to recover or retry if a task fails, Amazon SWF can help you.

AWS Secrets Manager

Helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation with built-in integration for Amazon RDS for MySQL, PostgreSQL, and Amazon Aurora. Also, the service is extensible to other types of secrets, including API keys and OAuth tokens. In addition, Secrets Manager enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises.

Amazon Aurora (Cloud Optimized)

Is a MySQL and PostgreSQL compatible *relational database engine that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Amazon Aurora is up to five times faster than standard MySQL databases and three times faster than standard PostgreSQL databases. It provides the security, availability, and reliability of commercial databases at 1/10th the cost. Amazon Aurora is fully managed by Amazon Relational Database Service (RDS), which automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups. **$$$ more than RDS by 20% :( but way more efficient. Does not support Microsoft SQL Server databases.

AWS CloudHSM

Is a cloud-based hardware security module that enables you to easily generate and use your own encryption keys on the AWS Cloud. You can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. Offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries.

Amazon Simple Email Service (SES)

Is a cost-effective, flexible, and scalable email service that enables developers to send mail from within any application. You can configure Amazon SES quickly to support several email use cases, including transactional, marketing, or mass email communications.

AWS CodeBuild

Is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don't need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue. You can get started quickly by using prepackaged build environments, or you can create custom build environments that use your own build tools.

AWS CodePipeline

Is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates. You can easily integrate CodePipeline with third-party services such as GitHub or with your own custom plugin. With AWS CodePipeline, you only pay for what you use. There are no upfront fees or long-term commitments. *It cannot be used to automate code deployment.

Amazon SQS

Is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

Amazon API Gateway

Is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a "front door" for applications to access data, business logic, or functionality from your back-end services, such as workloads running on Amazon EC2, code running on AWS Lambda, or any web application.

AWS CodeCommit

Is a fully managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. AWS CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use AWS CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools. *It cannot be used to automate code deployment. *AWS CodeCommit is a version control service hosted by Amazon Web Services that you can use to privately store and manage assets (such as documents, source code, and binary files) in the cloud.

AWS Storage Gateway

Is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiering, and migration. Your applications connect to the service through a virtual machine or hardware gateway appliance using standard storage protocols, such as NFS, SMB and iSCSI. The gateway connects to AWS storage services, such as Amazon S3, S3 Glacier, and Amazon EBS, providing storage for files, volumes, and virtual tapes in AWS. The service includes a highly-optimized data transfer mechanism, with bandwidth management, automated network resilience, and efficient data transfer, along with a local cache for low-latency on-premises access to your most active data. *encryption is automatically enabled.

Amazon VPC

Lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. You can easily customize the network configuration for your VPC. For example, you can create a publicfacing subnet for your web servers that has access to the Internet, and place your backend systems, such as databases or application servers, in a private-facing subnet with no Internet access. You can leverage multiple layers of security (including security groups and network access control lists) to help control access to EC2 instances in each subnet. **A private network to deploy resources (regional resource). **subnets: allow you to partitiion your network inside your VPC[2 subnets, private(NOT accessible from internet) + public(accessible from internet)] **VPC dashboard = can configure Security Groups and Subnets

Amazon LightSail

Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, plus a cost-effective, monthly plan. Lightsail offers several preconfigured, one-click-to-launch operating systems, development stacks, and web applications, including Linux, Windows OS, and WordPress. Is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project - a virtual machine, SSDbased storage, data transfer, DNS management, and a static IP address - for a low, predictable price.

AWS Key Management Service (KMS)

Makes it easy for you to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses FIPS 140-2 validated hardware security modules to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. *KMS cannot be used as a Hardware Security Module for data encryption operations in AWS Cloud.

Amazon Kinesis

Makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. Amazon Kinesis offers key capabilities to cost effectively process streaming data at any scale, along with the flexibility to choose the tools that best suit the requirements of your application. With Amazon Kinesis, you can ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications. Amazon Kinesis enables you to process and analyze data as it arrives and respond instantly instead of having to wait until all your data is collected before the processing can begin.

Amazon Elastic Kubernetes

Makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Amazon EKS runs the Kubernetes management infrastructure for you across multiple AWS availability zones to eliminate a single point of failure. Amazon EKS is certified Kubernetes conformant so you can use existing tooling and plugins from partners and the Kubernetes community. Applications running on any standard Kubernetes environment are fully compatible and can be easily migrated to Amazon EKS.

Amazon Relational Database Service (RDS)

Makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. *advantage over using RDS versus deploying DB on EC2 + *cross-region read replicas to create globally redundant databases *Read Replicas allow you to create read-only copies that are synchronized with your master database. Read Replicas are used for improved read performance. You can also place your read replica in a different AWS Region closer to your users for better performance. Read Replicas are an example of horizontal scaling of resources.

Amazon Translate

Natural and accurate language translation. Can help with allowing you to localize content-such as websites and applications for international users.

AWS Organizations

Offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts, automate account creation, apply and manage policies for those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes. **share reserved instance with other AWS accounts + discounts based on EC2 & S3 aggregated across member AWS accounts. **use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services ✑ One bill "" You get one bill for multiple accounts. ✑ Easy tracking "" You can track the charges across multiple accounts and download the combined cost and usage data. ✑ Combined usage "" You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts. For more information, seeVolume Discounts. ✑ No extra fee "" Consolidated billing is offered at no additional cost.

Amazon EFS

Provides a simple, scalable, elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need - when they need it. It is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies. **Amazon EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at rest

AWS Personal Health Dashboard

Provides alerts and remediation guidance when AWS is experiencing events that may impact you. Displays relevant and timely information to help you manage events in progress + provides proactive notification to help plan scheduled activities.

AWS CloudTrail

Provides governance, compliance, and audit for your AWS account (enabled by default). CloudTrail provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. Is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. *CloudTrail cannot be used to centralize the server logs for EC2 instances or on-premises servers.

Amazon CloudWatch

Provides metrics for every service. Is a monitoring and management service built for developers, system operators, site reliability engineers (SRE), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. Important "Metrics" to know: EC2 instances: EBS Volumes: S3 buckets: Billing: Service Limits: **Metric: a variables to monitor + contain time stamps *performance monitoring

Amazon Elastic Block Store (EBS)

Provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low-latency performance needed to run your workloads. With Amazon EBS, you can scale your usage up or down within minutes—all while paying a low price for only what you provision. *You cannot use EBS to provide AWS Cloud based storage access to on-premises applications. *works with Snapshot

AWS Service Health Dashboard

Shows all regions and service health, historical information for each day, and has a RSS feed you can subscribe to. *RSS: a web feed that allows users and applications to access updates to websites in standardized-computer readable format... whatever tf that means T_T

AWS Identity and Access Management (IAM)

Some AWS services need to perform actions on your behalf, so a solution is to assign *permissions using IAM roles. Enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM allows you to do the following: 1. Manage IAM users + their access 2. Manage IAM roles + permissions 3. Manage federated users + permissions

AWS Command Line Interface (CLI)

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. It is not a central user portal.

AWS Cost and Usage Report

The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour or month, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in a comma-separated value (CSV) format. AWS Cost and Usage Reports cannot forecast your AWS account cost and usage. **cannot be used to locate under utilized EC2 instances

AWS Acceptable Use Policy

The Acceptable Use Policy describes prohibited uses of the web services offered by Amazon Web Services, Inc. and its affiliates (the "Services") and the website located at http://aws.amazon.com (the "AWS Site"). This policy is present at https://aws.amazon.com/aup/ and is updated on a need basis by AWS.

AWS Total Cost of Ownership (TCO) Calculator

This is a calculator/tool to help *reduce the need to invest in large capital expenditures and provide a "pay-as-you-go" model. Can also allow you to estimate/compare cost savings if you were to switch from on-premise to the AWS:Server, Storage, Network, IT Labor (great for executive presentations). **awstcocalculator.com, Data Security costs are also included

Elastic Load Balancing (ELB)

This is a managed load balancer. AWS guarantees that it'll be working and will take care of upgrades, maintenance, high availability. 3 types of LB 1. Application LB (HTTP/HTTPS only, layer 7) 2. Network LB (ultra high performance, layer 4) 3. Classic LB (layer 4+7) *retiring slowly *load balancers: servers that forwards internet traffic to multiple servers (EC2 instances) downstream (allowing a better backend). *fault tolerance + high availability

AWS Cost Explorer

This is a visual tool to help manage your AWS cost/usage over time. You can also select an optimal *Savings Plan. Includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown of all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends. Also supports forecasting to get a better idea of what your costs and usage may look like in the future so that you can plan. **If you are asked how to forecast usage bill up to 3 months based on previous usage then think no longer, it's "Cost Explorer". :) **low key looks similar to looking at the usage of a pge bill....

AWS Simple monthly Calculator

This is a way to estimate the cost for your entire architecture solution per month. It helps customers and prospects estimate their monthly AWS bill more efficiently. Simple Monthly Calculator CANNOT forecast your AWS account cost and usage. **calculator.aws

AWS Lambda

With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app. AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running.

AWS Professional Services

is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives. Our team provides assistance through a collection of offerings which help you achieve specific outcomes related to enterprise cloud adoption. We also deliver focused guidance through our global specialty practices, which cover a variety of solutions, technologies, and industries. In addition to working alongside our customers, we share our experience through tech talk webinars, White Papers, and blog posts that are available to anyone. The most recent contributions are listed below.