Are you Ready for AWS Certified

Cloud Practitioner exam?

Self-assess yourself with “Whizlabs
FREE TEST”

AWS Certified Cloud Practitioner

(CLF-C02) Cheat Sheet
Quick Bytes for you before the exam!

The information provided in the Cheat Sheet is for educational purposes only;
created in our efforts to help aspirants prepare for the AWS Certified Cloud
Practitioner certification exam. Though references have been taken from AWS
documentation, it’s not intended as a substitute for the official docs. The document
can be reused, reproduced, and printed in any form; ensure that appropriate
sources are credited and required permissions are received.
 Index
Analytics ....................... 4 Compute…………………26 Developer Tools………..48
Amazon Athena........................ 5 AWS EC2………………27 AWS CodeBuild……..49
Amazon Elasticsearch Service............. 6 AWS EC2 Auto Scaling…….28 AWS CodeDeploy…..50
Amazon EMR......... 7 AWS Batch………………30 AWS X-Ray…………..51
AWS Kinesis Data Streams....................... 8 AWS Elastic Beanstalk……..31 Amazon Workspaces……..52
Amazon Kinesis Data Firehose........... 9 AWS Lambda………………..32
Amazon Managed Streaming for Apache AWS Serverless Application Repository….33 Front-End Web and Mobile……..53
Kafka........................ 10 AWS Outpost……………………………34
Amazon API Gateway…….54
Amazon Redshift.......................... 11
AWS Glue......................12 Containers……………………………..35
Internet of Things…………55
AWS LakeFormation .......................13 Amazon Elastic Container Registry….36
AWS IoT Core……………….56
Amazon Elastic Container Service….37
Application Integration……………………14 AWS IoT Events…….57
Amazon Elastic Kubernetes Service…..38
AWS Step Functions…………15 AWS IoT Greengrass……58
AWS Fargate…..39
AWS EventBridge…………….16 FreeRTOS……59
AWS SNS…………………………17 Database…………………..40
AWS SQS………………………..18 Amazon Aurora……..41
AWS AppSync…………………19
Amazon DocumentDB………42
AWS Simple Workflow Service…..20
Amazon DynamoDB……….43
Amazon ElastiCache…….44
AWS Cost Management……….21
Amazon Keyspaces………45
AWS Cost Explorer…….22
Amazon Neptune……….46
AWS Budgets………………23
Amazon RDS…………47
AWS Cost and Usage Report………24
Reserved Instance Reporting………25
 Index
Machine Learning…………..60 Networking and Content Delivery……..83
Amazon VPC…………..84 Storage…………………100
Amazon SageMaker…..61
Amazon CloudFront……..85 Amazon S3…………101
Amazon Polly…………62
Amazon Route 53……….86 Amazon Elastic Block Storage…..102
Amazon Transcribe……..63
AWS Direct Connect…….87 Amazon Elastic File System ……..104
Amazon Comprehend……64
AWS PrivateLink…………….88 Amazon FSx for Lustre……….105
Amazon Lex ………………65
AWS Transit Gateway…..89 Amazon FSx for Windows File Server……….106
Amazon Translate…………66
Elastic Load Balancing …….90 Amazon S3 Glacier…………107
Amazon Kendra……………67
Amazon Backup……………..108
Security, Identity, and Compliance……..91 AWS Snowball…………………..109
Management and Governance………68
Amazon IAM……….92 AWS Storage Gateway……………110
Amazon CloudWatch………69
AWS CloudFormation….70 Amazon Cognito………..93
AWS CloudTrail……...71 AWS Certificate Manager…….94
AWS Config…………….72 AWS Directory Service………….95
AWS License Manager……73 AWS Key Management Service.......96
AWS Management Console…..74 AWS Resource Access Manager………….97
AWS Organizations………………75 AWS Secrets Manager………….98
AWS Systems Manager…………….76 AWS Security Hub……………..99

Migration and Transfer………….77

AWS Database Migration Service….78
AWS Data Sync………………..79
AWS Migration Hub…………..80
AWS Transfer Family…………..81
AWS Snow Family……………...82
Analytics
 Amazon Athena
What is Amazon Athena?
Functions of Athena:
Amazon Athena is an interactive serverless
It helps to analyze different kinds of data (unstructured,
service used to analyze data directly in
semi-structured, and structured) stored in Amazon S3.
Amazon Simple Storage Service using
standard SQL ad-hoc queries.
Using Athena, ad-hoc queries can be executed using ANSI SQL
without actually loading the data into Athena.
Pricing Details:
It can be integrated with Amazon Quick Sight for data visualization
and helps to generate reports with business intelligence tools.
Charges are applied based on the amount of data scanned by
each query at standard S3 rates for storage, requests, and data
transfer. It helps to connect SQL clients with a JDBC or an ODBC driver.
Canceled queries are charged based on the amount of data
scanned.
No charges are applied for Data Definition Language (DDL)
It executes multiple queries in parallel, so no need to worry about
statements.
compute resources.
Charges are applied for canceled queries also based on the
amount of data scanned.
Additional costs can be reduced if data gets compressed,
It supports various standard data formats, such as CSV, JSON, ORC,
partitioned, or converted into a columnar format. Avro, and Parquet.
 Amazon OpenSearch Service

What is Amazon ES?

Amazon Elasticsearch Service (Amazon ES) is
OpenSearch Service is a free and open-source search engine for all
a managed service that allows users to
types of data like textual, numerical, geospatial, structured, and
deploy, manage, and scale Elasticsearch
unstructured.
clusters in the AWS Cloud. Amazon ES
provides direct access to the Elasticsearch
Amazon OpenSearch Service can be integrated APIs.
with following services:

Amazon CloudWatch ✔ Amazon OpenSearch Service with Kibana (visualization) &

Logstash (log ingestion) provides an enhanced search
Amazon CloudTrail
experience for the applications and websites to find relevant
Amazon Kinesis data quickly.
Amazon S3
AWS IAM ✔ Amazon OpenSearch Service launches the Elasticsearch
cluster’s resources and detects the failed Elasticsearch nodes
AWS Lambda and replaces them.
Amazon DynamoDB
✔ The OpenSearch Service cluster can be scaled with a few
clicks in the console.

● Charges are applied for each hour of use of EC2 instances and storage volumes attached to the instances.
Pricing Details:
● Amazon OpenSearch Service does not charge for data transfer between availability zones.
 Amazon EMR
What is Amazon EMR? It offers basic functionalities for maintaining clusters such as
Amazon EMR (Elastic Map Reduce) is a Monitoring
service used to process and analyze large Replacing failed instances
amounts of data in the cloud using Apache Bug fixes
Hive, Hadoop, Apache Flink, Spark, etc.

✔ The main component of EMR is a cluster that collects Amazon EC2 instances
(also known as nodes in EMR).

✔ It decouples the compute and storage layer by scaling independently and

storing cluster data on Amazon S3.

✔ It also controls network access for the instances by configuring instance

firewall settings.

✔ It offers basic functionalities for maintaining clusters such as monitoring, Amazon EMR storage layers
replacing failed instances, bug fixes, etc.

✔ It analyzes machine learning workloads using Apache Spark MLlib and Amazon EMR can be accessed in the following ways:
TensorFlow, clickstream workloads using Apache Spark and Apache Hive, and EMR Console
real-time streaming workloads from Amazon Kinesis using Apache Flink.
AWS Command Line Interface (AWS CLI)
✔ It provides more than one compute instances or containers to process the Software Development Kit (SDK)
workloads and can be executed on the following AWS services:
Web Service API
Amazon EC2 Amazon EKS AWS Outposts
 Amazon Kinesis Data Streams
What are Amazon Kinesis Data Streams?
Amazon Kinesis Data Streams (KDS) is a
scalable real-time data streaming service. It Amazon Kinesis is a service used to collect, process,
captures gigabytes of data from sources like and analyze real-time streaming data. It can be an
website clickstreams, events streams alternative to Apache Kafka.
(database and location-tracking), and social
media feeds. Amazon Kinesis Data
Streams

❑ Kinesis family consists of Kinesis Data Streams, Kinesis

Data Analytics, Kinesis Data Firehose, and Kinesis Video
Streams.

❑ The Real-time data can be fetched from Producers that

are Kinesis Streams API, Kinesis Producer Library (KPL),
and Kinesis Agent.

❑ It allows building custom applications known as Kinesis

Data Streams applications (Consumers), which reads Amazon Kinesis Data Streams
data from a data stream as data records.

Data Streams are divided into Shards / Partitions whose data Each shard provides a capacity of 1MB per second input data
retention is 1 day (by default) and can be extended to 7 days and 2MB per second output data.
 Amazon Kinesis Data Firehose
What is Amazon Kinesis Data
Firehose? It delivers streaming data to the following services:
Amazon Kinesis Data Firehose is a serverless
service used to capture, transform, and load Amazon S3
streaming data into data stores and analytics
services. Amazon Redshift

Amazon Elasticsearch Service

❖ It synchronously replicates data across three AZs while
AWS Kinesis
delivering them to the destinations. Splunk
Data Firehose
❖ It allows real-time analysis with existing business intelligence
tools and helps to transform, batch, compress and encrypt
the data before delivering it.

❖ It creates a Kinesis Data Firehose delivery stream to send

data. Each delivery stream keeps data records for one day.

❖ It has 60 seconds minimum latency or a minimum of 32 MB

of data transfer at a time.

❖ Kinesis Data Streams, CloudWatch events can be considered

as the source(s) to Kinesis Data Firehose.

AWS Kinesis Data Firehose

 Amazon Managed Streaming for Apache Kafka

What is Amazon MSK?

It provides multiple kinds of security
It helps to populate machine learning for Apache Kafka clusters, including:
Amazon MSK is a managed cluster
applications, analytical applications,
service used to build and execute
data lakes, and stream changes to and AWS IAM for API Authorization
Apache Kafka applications for
from databases using Apache Kafka
processing streaming data.
APIs.
Encryption at Rest
✔ It easily configures applications by removing all the
manual tasks used to configure. Apache Kafka Access Control
Lists (ACLs)
The steps which Amazon MSK manages are:

❖ Replacing servers during failures

AWS Glue: To execute Apache Spark job on
❖ Handling server patches and upgrades with no downtime Amazon MSK cluster

❖ Maintenance of Apache Kafka clusters Amazon Kinesis Data Analytics: To execute Apache
Flink job on Amazon MSK cluster
❖ Maintenance of Apache ZooKeeper
Amazon MSK
Lambda Functions
❖ Multi-AZ replication for Apache Kafka clusters Integrates with:

❖ Planning scaling events

 Amazon Redshift
What is Amazon Redshift?
Functions of Redshift:
Amazon Redshift is a fast and petabyte-scale,
SQL based data warehouse service used to
It supports Online Analytical Processing (OLAP) type of DB
analyze data easily.
workloads and analyzes them using standard SQL and existing
Business Intelligence (BI) tools (AWS QuickSight or Tableau).

It is used for executing complex analytic queries on semi-structured

Pricing Details: and structured data using query optimization, columnar-based
storage, and Massively Parallel Query Execution (MPP).

It offers on-demand pricing that will charge by the hour with

no commitments and no upfront costs. Redshift Spectrum helps to directly query from the objects (files)
on S3 without actually loading them.
Charges are applied based on the type and number of nodes
used in the Redshift Cluster.

Charged based on the number of bytes scanned by Redshift It has the capability to automatically copy snapshots (automated
Spectrum, rounded up to 10MB minimum per query. or manual) of a cluster to another AWS Region
 AWS Glue
What is AWS Glue?
Properties of AWS Glue:
AWS Glue is a serverless ETL (extract,
transform, and load) service used to It supports data integration, preparing and combining data for
categorize data and move them between analytics, machine learning, and other applications’ development.
various data stores and streams.

It has a central repository known as the AWS Glue Data Catalog

AWS Glue works with the following services: that automatically generates Python or Scala code.

It processes semi-structured data using a simple ‘dynamic’ frame in

● Redshift - for data warehouses
the ETL scripts similar to an Apache Spark data frame that
● S3 - for data lakes
organizes data into rows and columns.
● RDS or EC2 instances - for data stores
It helps execute the Apache Spark environment’s ETL jobs by
discovering data and storing the associated metadata in the AWS Glue
Data Catalog.

AWS Glue and Spark can be used together by converting dynamic

frames and Spark data frames to perform all kinds of analysis.

It allows organizations to work together and perform data

integration tasks, like extraction, normalization, combining,
loading, and running ETL workloads.
 AWS Lake Formation
What is AWS Lake Formation?
A data lake is a secure repository that stores all the data in its
original form and is used for analysis.
AWS Lake Formation is a cloud service that
is used to create, manage and secure data
lakes. It automates the complex manual
AWS Lake Formation integrates with: steps required to create data lakes.

Amazon CloudWatch
Amazon CloudTrail Lake Formation is pointed at the data sources, then crawls
Amazon Glue: Both use same Data Catalog the sources and moves the data into the new Amazon S3
Amazon Redshift Spectrum data lake.
Amazon EMR
It integrates with AWS Identity and Access Management
AWS Key Management Service (IAM) to provide fine-grained access to the data stored in
Amazon Athena: Athena's users can query those AWS Glue data lakes using a simple grant/revoke process
catalog which has Lake Formation permissions on them.

Pricing Details: ● Charges are applied based on the service integrations (AWS Glue, Amazon S3, Amazon EMR, Amazon
Redshift) at a standard rate
Application Integration
 AWS Step Functions
What is AWS Step Functions?
AWS Step Functions resembles state machines and tasks. Each step in a
AWS Step Functions is a serverless orchestration service that workflow is a state. The output of one step signifies an input to the next
converts an application's workflow into a series of steps by results in functions orchestration.
combining AWS Lambda functions and other AWS services. It helps to execute each step in an order defined by the business logic of
the application.
It provides some built-in functionalities like sequencing, error handling,
timeout handling, and removing a significant operational overhead from
the team.
It can control other AWS services, like AWS Lambda (to perform tasks),
Standard Express
processing machine learning models, AWS Glue (to create an extract,
Workflows Workflows
transform, and load (ETL) workflows), and automated workflows that
● It executes once in a workflow ● It executes at-least-once in a workflow
execution for up to one year. execution for up to five minutes. require human approval.
● They are ideal for long-running and ● They are ideal for high-processing It provides multiple automation features like routine deployments,
auditable workflows. workloads, such as streaming data
upgrades, installations, migrations, patch management, infrastructure
processing and IoT data ingestion.
selection, and data synchronization
Executions are the instances where workflow runs to perform
tasks.

Dynamic Parallelism using Functions Orchestration using AWS Step Function

AWS Step Functions
 Amazon EventBridge
Functions of Amazon EventBridge:
What is Amazon EventBridge?

Amazon EventBridge is a serverless event bus An event bus is an entity that receives events, and rules get
service that connects applications with data attached to that event bus that matches the events received.
from multiple sources.

It helps to build loosely coupled and distributed event-driven

architectures.
Amazon EventBridge integrates with the following
services:
It connects applications and delivers the events without the need
to write custom code.
AWS CloudTrail
It delivers a stream of real-time data from SaaS applications or other
AWS CloudFormation AWS services and routes that data to different targets such as
AWS Config Amazon EC2 instances, Amazon ECS tasks, AWS CodeBuild projects,
AWS Identity and Access Management (IAM) etc
AWS Kinesis Data Streams It sets up routing rules that determine the targets to build
application architectures that react according to the data sources.
AWS Lambda
The EventBridge schema registry stores a collection of event
structures (schemas) and allows users to download code for those
schemas in the IDE representing events as objects in the code.
 Amazon SNS
What is Amazon SNS?
Amazon Simple Notification Service (Amazon SNS helps to publish messages to many subscriber
SNS) is a serverless notification service that endpoints:
Amazon SQS Queues
offers message delivery from publishers to
subscribers. AWS Lambda Functions
Email
✔ It creates asynchronous communication between publishers Amazon Kinesis Data Firehose
and subscribers by sending messages to a ‘topic.’ Mobile push
SMS
✔ It supports application-to-application subscribers that
include Amazon SQS and other AWS services and
Application-to-person subscribers that include Mobile SMS,
Email, etc.
• The producer sends one message to one SNS topic.
• Multiple receivers (subscribers) listen for the notification of
messages.
• All the subscribers will receive all the messages.

Example:
1 message, 1 topic, 10 subscribers so that a single message will be
notified to 10 different subscribers.
Amazon SNS
 Amazon Simple Queue Service (SQS)
What are Amazon Simple There are two SQS Queue types:
Queue Service (SQS)? Standard Queue -
Amazon Simple Queue Service (SQS) is a ❖ The unlimited number of transactions per second.
serverless service used to decouple (loose ❖ Messages get delivered in any order.
couple) serverless applications and ❖ Messages can be sent twice or multiple times.
components. FIFO Queue -
❖ 300 messages per second.
❑ The queue represents a temporary repository between ❖ Support batches of 10 messages per operation, results in
the producer and consumer of messages. 3000 messages per second.
❑ It can scale up to 1-10000 messages per second. ❖ Messages get consumed only once.
❑ The default retention period of messages is four days
and can be extended to fourteen days. Dead-Letter Queue is a queue for those messages that are not
❑ SQS messages get automatically deleted after being consumed successfully. It is used to handle message failure.
consumed by the consumers.
❑ SQS messages have a fixed size of 256KB.

Visibility Timeout is the amount of time during which SQS prevents

Delay Queue is a queue that allows users to postpone/delay the
other consumers from receiving (poll) and processing the messages.
delivery of messages to a queue for a specific number of seconds.
Default visibility timeout - 30 seconds
Messages can be delayed for 0 seconds (default) -15 (maximum)
Minimum visibility timeout - 0 seconds
minutes.
Maximum visibility timeout - 12 hours
 AWS AppSync
What is AWS AppSync? The different data sources supported by AppSync
AWS AppSync is a serverless service used to are:
build GraphQL API with real-time data GraphQL is a data language built to allow Amazon DynamoDB tables
synchronization and offline programming apps to fetch data from servers. RDS Databases
features.
Amazon Elasticsearch
AWS Lambda Functions
It replaces the functionality of Cognito Sync by providing Third Party HTTP Endpoints
offline data synchronization.

It improves performance by providing data caches, provides Queries: For fetching data from the API
subscriptions to support real-time updates, and provides
client-side data stores to keep off-line clients in sync.
Mutations: For changing data via API
It offers certain advantages over GraphQL, such as enhanced
coding style and seamless integration with modern tools and
frameworks like iOS and Android AWS AppSync Subscriptions: The connections for streaming
data from API
AppSync interface provides a live GraphQL API feature that
allows users to test and iterate on GraphQL schemas and
data sources quickly.

Along with AppSync, AWS provides an Amplify Framework

that helps build mobile and web applications using GraphQL
APIs.
AWS AppSync
 Amazon Simple Workflow Service

What is Amazon Simple Amazon SWF stores tasks and assigns them to workers
Workflow Service? during execution.

Amazon Simple Workflow Service (Amazon

SWF) is used to coordinate work amongst It controls task implementation and coordination, such as
distributed application components. tracking and maintaining the state using API.

It helps to create distributed asynchronous applications and

A task is a logical representation of work performed by a supports sequential and parallel processing.
component of the application.

Tasks are performed by implementing workers and execute It is best suited for human-intervened workflows.
either on Amazon EC2 or on on-premise servers (which
means it is not a serverless service).
Amazon SWF is a less-used service, so AWS Step Functions
is the better option than SWF.
AWS Cost Management
 AWS Cost Explorer

What is AWS Cost Explorer?

✔ The first time the user signs up for Cost Explorer, it
AWS Cost Explorer is a UI-tool that enables users to directs through the console’s main parts.
analyze the costs and usage with a graph, the Cost
Explorer cost and usage reports, and the Cost ✔ It prepares the data regarding costs & usage and
Explorer RI report. It can be accessed from the Billing displays up to 12 months of historical data (might be
and Cost Management console.
less if less used), current month data, and then
calculates the forecast data for the next 12 months.

The default reports provided by Cost Explorer are:

Reserved Instance
Cost and Usage Reports Reports

AWS Cost Explorer

 AWS Budgets
What is AWS Budgets?
AWS Budgets enables the customer to Users can set up five alerts for each budget. But the most
set custom budgets to track cost and important are:
usage from the simplest to the complex i. Alerts when current monthly costs exceed the budgeted
use cases. amount.
ii. Alerts when current monthly costs exceed 80% of the
budgeted amount.
AWS Budgets can be used to set reservation utilization or iii. Alerts when forecasted monthly costs exceed the budgeted
coverage targets allowing you to get alerts by email or SNS amount.
notification when the metrics reach the threshold.

AWS Budgets can now be created monthly, quarterly, or annual budgets

Reservation Alerts feature is provided to: for the AWS resource usage or the AWS costs.
Amazon EC2
Amazon RDS
Types of Budgets:
Amazon Redshift
• Cost budgets
Amazon Elasticache
Amaxon ElasticSearch • Usage budgets
• RI utilization budgets
❑ AWS Budgets can be accessed from the AWS Management
Console’s service links and within the AWS Billing Console. • RI coverage budgets
❑ Budgets API or CLI (command-line interface) can also be used
• Savings Plans utilization budgets
to create, edit, delete and view up to 20,000 budgets per
payer account. • Savings Plans coverage budgets
 AWS Cost & Usage Report

What is AWS Cost and Usage

Report?
✔ For viewing, reports can be downloaded from the Amazon
AWS Cost & Usage Report is a service that allows S3 console; for analyzing the report, Amazon Athena can
users to access the detailed set of AWS cost and be used, or upload the report into Amazon Redshift or
usage data available, including metadata about Amazon QuickSight.
AWS resources, pricing, Reserved Instances, and
Savings Plans. ✔ Users with IAM permissions or IAM roles can access and
view the reports.

✔ If a member account in an organization owns or creates a

Cost and Usage Report, it can have access only to billing
❑ AWS Cost & Usage Report is a part of AWS Cost Explorer. data when it has been a member of the Organization.

AWS Cost and Usage Reports functions: ✔ If the master account of an AWS Organization wants to
block access to the member accounts to set-up a Cost and
❑ It sends report files to your Amazon S3 bucket. Usage Report, Service Control Policy (SCP) can be used.

❑ It updates reports up to three times a day.

 Reserved Instance Reporting
What is Reserved Instance Reporting?
Reserved Instance Reporting is a service used RI Utilization reports can be visualized by exporting to
to summarize Reserved Instance (RIs) both PDF and CSV formats.
usage over a while.

RI coverage reports: RI utilization reports:

Reserved Instance RI utilization report is used to visualize daily RI
RI coverage report is used to visualize RI
Reporting
coverage and monitor against a RI coverage threshold. utilization.

Target utilization (threshold utilization) of RI utilization

reports are represented with the dotted line in the chart
with different colored status:
❖ Red bar - RIs with no hours used.
❖ Yellow bar - Under the utilization target.
❖ Green bar - Reached utilization target.
❖ Gray bar - instances not using reservations.

RI Coverage Report RI Utilization Report

Along with AWS Cost Explorer, it increases cost savings as
compared to On-Demand instance prices.
Compute
 Amazon EC2
What is Amazon EC2?
Amazon Elastic Compute Cloud (Amazon EC2) is a It provides different compute platforms and instance types based on price, CPU,
service that provides secure and scalable operating system, storage, and networking, and each instance type consists of one
or more instance sizes. Eg., t2.micro, t4g.nano, m4.large, r5a.large, etc.
compute capacity in the AWS cloud. It falls under
the category of Infrastructure as a Service (IAAS). It provides pre-configured templates that package the operating system and
other software for the instances. This template is called Amazon Machine
It provides the different type of instances based on the pricing models: Images (AMIs).

On-Demand Instances
✔ Useful for short-term needs, unpredictable workloads. It helps to login into the instances using key-pairs, in which AWS manages the
✔ No advance payment, no prior commitment. public key, and the user operates the private key.

Spot Instances
It also provides firewall-like security by specifying IP ranges, type, protocols (TCP),
✔ No advance payment, no prior commitment. port range (22, 25, 443) using security groups.
✔ Useful for cost-sensitive compute workloads.
It provides temporary storage volumes known as instance store volumes, which
Reserved Instances
are deleted if the instance gets stopped, hibernated, or terminated. It also offers
✔ Useful for long-running workloads and predictable usage. non-temporary or persistent volumes known as Amazon EBS volumes.
✔ Offer to choose from No upfront, Partial upfront, or All upfront.
It enables users to write scripts under the option ‘User data,’ used at the
Dedicated Instances instances’ launch.
✔ Instances run on hardware dedicated to a single user.
✔ Other customers can not share the hardware.
It offers to choose from three IP addresses, which are Public IP address (Changes
Dedicated Hosts when the instance is stopped or refreshed), Private IP address (retained even if the
model is stopped), Elastic IP address (static public IP address).
✔ A whole physical server with an EC2 instance allocates to an organization.
 Amazon EC2 Auto Scaling
What is Amazon EC2 Auto Scaling?
Amazon EC2 Auto Scaling is a region-specific
Launch Configuration Launch Template
service used to maintain application
availability and enables users to A launch configuration is a A launch template is similar to
automatically add or remove EC2 instances configuration file used by an Auto launch configuration with extra
according to the compute workloads. Scaling group to launch EC2 features as below
instances
❖ The Auto Scaling group is a collection of the minimum number of
EC2 used for high availability. It launches any one of the Spot or It launches both Spot and
On-Demand instances On-Demand instances.
❖ It enables users to use Amazon EC2 Auto Scaling features such as It specifies single instance types. It specifies multiple instance types
fault tolerance, health check, scaling policies, and cost management.
It specifies one launch It specifies multiple launch
❖ The scaling of the Auto Scaling group depends on the size of the configuration at a time templates.
desired capacity. It is not necessary to keep DesiredCapacity and
MaxSize equal.

E.g., It scales across multiple Availability Zones within the

DesiredCapacity: '2' - There will be total 2 EC2 same AWS region.
instances
MinSize: '1'
MaxSize: ‘2

❖ EC2 Auto Scaling supports automatic Horizontal Scaling (increases or

decreases the number of EC2 instances) rather than Vertical Scaling
(increases or decreases EC2 instances like large, small, medium).
 Amazon EC2 Auto Scaling

The ways to scale Auto Scaling Groups are as follows:

The Cooldown period is the time during
which an Auto Scaling group doesn’t
launch or terminate any instances before
Scheduled Scaling
Manual Scaling the previous scaling activity completes.
This scaling policy adds Example:
Update the desired
or removes instances Scale-out on every
capacity of the Auto
based on predictable Tuesday or Scale in
Scaling Group
traffic patterns of the on every Saturday
manually.
application.

Dynamic Scaling Amazon EC2 Auto Scaling using CloudWatch Alarm

Target tracking scaling policy: This scaling policy adds or removes instances
to keep the scaling metric close to the specified target value.
Simple Scaling Policy: This scaling policy adds or removes instances when
the scaling metric value exceeds the threshold value.
Step Scaling Policy: This scaling policy adds or removes instances based on
step adjustments (lower bound and upper bound of the metric value).
 AWS Batch

What is AWS Batch?

AWS Batch is a fully managed and regional
batch processing service that allows It submits a job to a particular job queue and
developers, scientists, and engineers to schedules them in a computing environment.
execute large amounts of batch computing
workloads on AWS.
A job is a work unit such as a shell script, a Linux
executable, or a Docker container image.

It provides a correct amount of memory and can

efficiently execute 100,000s of batch computing AWS Batch can be integrated with AWS data stores like
workloads across AWS compute services such
Amazon S3 or Amazon DynamoDB to retrieve and
as:
1. AWS Fargate write data securely.
2. Amazon EC2
3. Spot Instances
.

AWS Elastic Beanstalk

What is AWS Elastic Beanstalk?
AWS Elastic Beanstalk is a service used to It supports web applications coded in popular languages and
quickly deploy, scale, and manage applications frameworks such as Java, .NET, Node.js, PHP, Ruby, Python,
Go, and Docker.
in the AWS Cloud with automatic infrastructure
management.
It uses Elastic Load Balancing and Auto Scaling to scale the
application based on its specific needs automatically.

It falls under the category of Platform as a Service (PaaS)

It is also defined as a developer-centric view of deploying an application It provides multiple deployment policies such as:
on AWS. The only responsibility of the developer is to write, and Elastic All at once, Rolling
Beanstalk handles code and the infrastructure
Rolling with an additional batch
An Elastic Beanstalk application comprises components, including Immutable
environments, versions, platforms, and environment configurations.
Traffic splitting

AWS CloudFormation vs. AWS Elastic Beanstalk

AWS CloudFormation AWS Elastic Beanstalk

It deploys infrastructure using It deploys applications on EC2.
The workflow of Elastic Beanstalk YAML/JSON template files.
It cannot deploy Cloud
Elastic Beanstalk console offers users to perform deployment and Formation templates.
It can deploy Elastic Beanstalk
management tasks such as changing the size of Amazon EC2 instances,
environments.
monitoring (metrics, events), and environment status.
 AWS Lambda
What is AWS Lambda? Amazon
Amazon EC2
EC2 Amazon Lambda
Amazon Lambda
AWS Lambda is a serverless computing service They are termed virtual servers They are
They are termed
termed virtual
virtual functions.
that allows users to run code as functions in the AWS cloud. functions.
without provisioning or managing servers.
It
It is
is limited
limited to
to instance
instance types
types Limited by
Limited by time
time (less
(less execution
execution
(RAM and CPU).
(RAM and CPU). time of
time of 300
300 seconds).
seconds).
It runs continuously. It runs on demand.
It runs continuously. It runs on demand

Scaling computing
Scaling computing resources
resources is
is ItIt has
has automated
automated scaling.
scaling.
manual
manual.
✔ The memory allocated to AWS ✔ The default execution time
It helps to run the code on Using AWS Lambda, one can buildd Lambda for computing is for AWS Lambda is 3
highly-available computing serverless applications composed of 128MB (minimum) to 3008MB seconds, and the
infrastructure and performs Lambda functions triggered by (maximum). Additional maximum is 15 minutes
administrative tasks like server events and can be automatically memory can be requested in (900 seconds).
maintenance, logging, capacity deployed using AWS CodePipeline an increment of 64MB
provisioning, and automatic scaling and AWS CodeBuild. between 128MB - 3008MB.
and code monitoring.

Lambda Functions supports the following languages:

Pricing details:
Charges are applied based on
Java Go Python Node.js Ruby C# Power the number of requests for the
shell functions and the time taken to
execute the code AWS Lambda
 AWS Serverless Application Repository
What is AWS Serverless Application
Repository? There are two ways to work with the AWS Serverless Application
AWS Serverless Application Repository is a
managed repository used by developers
and organizations to search, assemble,
publish, deploy and store serverless
architectures.

It helps share reusable serverless application architectures

Publishing Applications: Deploying Applications:
and compose new serverless architectures using AWS
Upload and publish applications Search for applications with their
Serverless Application Model (SAM) template.
to be used by other developers. required files and deploy them.
It uses pre-built applications in serverless deployments,
eliminating the need to re-build and publish code to AWS. AWS Serverless Application Repository can be accessed in the
following ways:
It discovers and offers best practices for serverless
architectures to provide consistency within the AWS Management Console
organizations or provide permissions to share applications
with specific AWS accounts. AWS SAM command-line interface (AWS SAM CLI)

It integrates with AWS Lambda that allows developers of all

levels to work with serverless computing by using re-usable AWS SDKs
architectures.
 AWS Outpost
What is AWS Outpost?
Hybrid Cloud: Deploy AWS services on-premises
AWS Outposts enables running AWS services to meet low-latency and data residency needs,
locally and accessing a variety of services while leveraging AWS cloud features.
within the local AWS Region. Host
applications on-premises using familiar AWS
tools and APIs, ensuring seamless
integration. It supports low-latency access Edge Computing: Enable real-time data processing
for workloads needing local data processing, closer to data sources with AWS infrastructure at the
data residency compliance, and migration of edge.
applications with local system dependencies.

Remote Data Processing: Process data locally in remote

areas, synchronizing with the cloud when connectivity is
Features available.
Deploy Locally for Low Latency: AWS services delivered
on-premises to meet latency and data residency needs.
App Modernization: Simplify legacy application
Fully Managed Infrastructure: Reduces IT management time,
migration by using consistent infrastructure across
resources, and risk. on-premises and AWS environments.
Consistent Hybrid Experience: Offers uniform hardware, APIs,
and tools both on-premises and in the cloud.
Local Gateway with BGP: Uses Border Gateway Protocol for
network connectivity.
Easy Rack Installation: Pre-assembled AWS racks only need
power and network connections.
Containers
 Amazon Elastic Container Registry
What is Amazon Elastic Container Registry?
AWS Identity and Access Management (IAM) enables resource-level
Amazon Elastic Container Registry (ECR) is a
control of each repository within ECR.
managed service that allows users to store,
manage, share, and deploy container images .Amazon Elastic Container Registry (ECR) supports public and private
and other artifacts. container image repositories. It allows sharing container applications
privately within the organization or publicly for anyone to download.
It stores both the containers which are created, and any
container software bought through AWS Marketplace. Images are encrypted at rest using Amazon S3 server-side encryption or
using customer keys managed by AWS Key Management System (KMS).

It is integrated with the following services:

Amazon Elastic Container Registry (ECR) is integrated with continuous
integration, continuous delivery, and third-party developer tools.
Amazon Elastic Container Service(ECS)
Image scanning allows identifying vulnerabilities in the container images.
Amazon Elastic Kubernetes Service(EKS)
It ensures that only scanned images are pushed to the repository
AWS Lambda

Docker CLI

AWS Fargate for easy deployments

Amazon ECR example

 Amazon Elastic Container Service
What is Amazon Elastic
Two main use cases of Amazon ECS are:
Container Service?
Amazon Elastic Container Service is a
regional and docker-supported service
that allows users to manage and scale
containers on a cluster.
Microservices are built by the Batch Jobs - Batch jobs
architectural method that are short-lived packages
ECS cluster is a combination of tasks or services executed
decouples complex applications that can be executed
on EC2 Instances or AWS Fargate.
into smaller and independent using containers.
services.
It offers to scale ECS clusters using Autoscaling based on
CPU usage and other Autoscaling rules.

Using Application Load Balancer, ECS enables dynamic

port mapping and path-based routing.

It provides Multi-AZ features for the ECS clusters.

Amazon ECS with Application Load Balancer

 Amazon Elastic Kubernetes Service(EKS)
What is Amazon Elastic
Kubernetes Service?
Amazon Elastic Kubernetes Service
(Amazon EKS) is a service that enables users
to manage Kubernetes applications in the Using Amazon EKS, Kubernetes clusters and applications
AWS cloud or on-premises. can be managed across hybrid environments without
altering the code.
The EKS cluster consists of two components: Amazon EKS
❑ Amazon EKS control plane
❑ Amazon EKS nodes

The Amazon EKS control plane consists of nodes that run the Users can execute batch workloads on the EKS cluster using the
Kubernetes software, such as etcd and the Kubernetes API Kubernetes Jobs API across AWS compute services such as
server. Amazon EC2, Fargate, and Spot Instances.
To ensure high availability, Amazon EKS runs Kubernetes The two methods for creating a new Kubernetes cluster with
control plane instances across multiple Availability Zones. nodes in Amazon EKS:
It automatically replaces unhealthy control plane instances o eksctl - A command-line utility that consists of kubectl for
and provides automated upgrades and patches for the new creating/managing Kubernetes clusters on Amazon EKS.
control planes. o AWS Management Console and AWS CLI

Amazon Elastic Kubernetes Service is integrated with many AWS services for unique capabilities:
❖ Images - Amazon ECR for container images ❖ Authentication - AWS IAM
❖ Load distribution - AWS ELB (Elastic Load Balancing) ❖ Isolation - Amazon VPC
 AWS Fargate
What is AWS Fargate?
AWS Fargate is a serverless compute
service used for containers by Amazon In the AWS Management Console, ECS
Elastic Container Service (ECS) and Amazon clusters containing Fargate and EC2 tasks Storage Types supported
Elastic Kubernetes Service (EKS). are displayed separately. for Fargate Tasks

It executes each task of Amazon ECS or pods of Amazon

EKS in its kernel as an isolated computing environment
and improves security. Amazon EFS volume for Ephemeral Storage for
persistent storage non-persistent storage
It packages the application in containers by just
specifying the CPU and memory requirements with IAM
policies. Fargate task does not share its underlying
kernel, memory resources, CPU resources, or elastic
network interface (ENI) with another task.
AWS Fargate
It automatically scales the compute environment that
matches the resource requirements for the container.

Security groups for pods in EKS cannot be used when pods

are running on Fargate.
Difference between EC2 instance and AWS Fargate
Database
 Amazon Aurora
What is Aurora? Amazon Aurora replicates 2 copies of data in each availability zone (minimum
Amazon Aurora is a MySQL and of 3 AZ). So a total of 6 copies per region.
PostgreSQL-compatible, fully managed Data Replication : 2 Types
relational database engine built to enhance
traditional enterprise databases’
performance and availability.

Is a part of the fully managed Amazon Relational

Database Service (Amazon RDS).

Aurora replica (in-region) MySQL Read Replica (cross-region)

Features include:
It can provide 15 read replicas. It can provide 5 read replicas.

RDS Management Console

Amazon Aurora Cross-Region read replicas help to improve disaster
recovery and provide fast reads in regions closer to the application users.
CLI commands and API operations for patching
Backup
Recovery
Database Setup
Failure Detection and repair

Performance 5x greater than 3x greater than

MySQL on RDS
PostgreSQL on RDS
 Amazon DocumentDB

What is Amazon DocumentDB?

Amazon DocumentDB is a fully managed It provides 99.99% availability by copying the cluster's data in
NoSQL database service that manages three different Availability Zones.
MongoDB databases in AWS.

It helps to scale storage and compute services independently.

❖ It is a non-relational database service and supports
document data structures.

It provides automatic failover either to one of up to 15 replicas

❖ Using DocumentDB with Amazon CloudWatch helps to created in other Availability Zones or to a new instance if no
monitor the health and performance of the instances in a replicas have been provisioned.
cluster.

It provides backup capability and point-in-time recovery for the

❖ It works by building clusters that consist of 0 - 16 cluster. It has a backup retention period of up to 35 days.
database instances (1 primary and 15 read replicas) and a
cluster storage volume.
It is best suited for TTL and Timeseries Workloads and supports ACID
properties based on transactions across one or more documents.
 Amazon DynamoDB
What is Amazon DynamoDB?
It provides a push button scaling feature, signifying that DB can
Amazon DynamoDB is a serverless NoSQL scale without any downtime.
database service that provides fast and
predictable performance with single-digit
It is a multi-region cloud service that supports key-value and
millisecond latency.
document data structure.

It provides high availability and data durability by replicating data

synchronously on solid-state disks (SSDs) across 3 AZs in a region.

It helps to store session states and supports ACID transactions for

business-critical application

It provides the on-demand backup capability of the tables for

long-term retention and enables point-in-time recovery from
accidental write or delete operations.
Amazon DynamoDB Accelerator (DAX) is a highly available in-memory
cache service that provides data from DynamoDB tables. DAX is not
used for strongly consistent reads and write-intensive workloads.
It supports Cross-Region Replication using DynamoDB Global
Amazon DynamoDB example Tables. Global Tables helps to deploy a multi-region database and
provide automatic multi-master replication to AWS regions.
 Amazon Keyspaces
What is Amazon Keyspaces? Functions of Keyspaces:

Amazon Keyspaces (for Apache Cassandra)

is a serverless service used to manage It helps to run existing Cassandra workloads on AWS without
Apache Cassandra databases in AWS. making any changes to the Cassandra application code.

It provides the following throughput capacity modes for reads It eliminates the developers’ operational burden such as scaling,
and writes: patching, updates, server maintenance, and provisioning.

It offers high availability and durability by maintaining three copies

of data in multiple Availability Zones.

It implements the Apache Cassandra Query Language (CQL) API for

Provisioned using CQL and Cassandra drivers similar to Apache Cassandra.
On-demand Charges are minimized by
Charges are applied for the specifying the number of
reads and write performed. reads and writes per second It helps to build applications that can serve thousands of requests
in advance. with single-digit-millisecond response latency.

It continuously backups hundreds of terabytes of table data and

Using Amazon Keyspaces, tables can be scaled automatically, provides point-in-time recovery in the next 35 days.
and read-write costs can be optimized by choosing either
on-demand or provisioned capacity mode.
 Amazon Neptune

What is Amazon Neptune? Functions of Amazon Neptune:

Amazon Neptune is a graph database service

used as a web service to build and run It is highly available across three AZs and automatically fails over
applications that require connected datasets any of the 15 low latency read replicas.

It provides fault-tolerant storage by replicating two copies of data

The graph database engine helps to store billions of across three availability zones.
connections and provides milliseconds latency for querying
them.
It provides continuous backup to Amazon S3 and point-in-time
It offers to choose from graph models and languages for recovery from storage failures.
querying data.
It automatically scales storage capacity and provides encryption at
Property Graph (PG) model with Apache TinkerPop
rest and in transit.
Gremlin graph traversal language.

W3C standard Resource Description Framework (RDF)

model with SPARQL Query Language.
 Amazon RDS
What is Amazon RDS?
RDS provides read replicas of reading Read replicas feature is not
Amazon Relational Database Service (Amazon replicas and can also read replicas as available for SQL Server.
RDS) is a service used to build and operate a standby DB like Multi-AZ.
relational databases in the AWS Cloud

It is best suited for structured data and Online Transaction ✔ If there is a need for unsupported RDS database engines, DB can
Processing (OLTP) types of database workloads such as InnoDB. be deployed on EC2 instances.
It supports the following database engines:
SQL Server The following tasks need to be taken care of manually.
PostgreSQL
Encryption and Security Updates and Backups Disaster Recovery
Amazon Aurora
MYSQL
MariaDB
Oracle
AWS KMS provides encryption at rest for RDS instances, DB snapshots, DB instance
storage, and Read Replicas. The existing database cannot be encrypted.

Amazon RDS only scales up for compute and storage, with no option for decreasing
allocated storage

It provides Multi-AZ and Read Replicas features for high availability, disaster
recovery, and scaling.
• Multi-AZ Deployments - Synchronous replication
Amazon RDS
• Read Replicas - Asynchronous replication.
Developer Tools
 AWS CodeBuild
What is AWS CodeBuild?
❑ Charges are applied based on the amount of time taken by AWS
AWS CodeBuild is a continuous CodeBuild to complete the build.
integration service in the cloud used to
compile source code, run tests, and build ❑ The following ways are used to run CodeBuild:
packages for deployment.
AWS CodeBuild
AWS CodePipeline console
❑ AWS Code Services family consists of AWS CodeBuild, AWS AWS Command Line Interface (AWS CLI)
CodeCommit, AWS CodeDeploy, and AWS CodePipeline that AWS SDKs
provide complete and automated continuous integration and
delivery (CI/CD).

❑ It provides prepackaged and customized build environments for

many programming languages and tools.

❑ It scales automatically to process multiple separate builds

concurrently.

❑ It can be used as a build or test stage of a pipeline in AWS

CodePipeline.

❑ It requires VPC ID, VPC subnet IDs, and VPC security group IDs to
access resources in a VPC to perform build or test.

AWS CodeBuild
 AWS CodeDeploy
What is AWS CodeDeploy?
❑ Using Amazon EKS, Kubernetes clusters and applications
AWS CodeDeploy is a service that helps to
can be managed across hybrid environments without
automate application deployments to a variety
altering the code.
of compute services such as Amazon EC2, AWS ❑ It can fetch the content for deployment from Amazon S3
Fargate, AWS ECS, and on-premises instances. buckets, Bitbucket, or GitHub repositories.
AWS CodeDeploy ❑ It can deploy different types of application content such
It provides the following deployment type to choose from: as Code, Lambda functions, configuration files, scripts
and even Multimedia files.
❑ It can scale with the infrastructure to deploy on multiple
In-place deployment: instances across development, test, and production
● All the instances in the deployment group are stopped, updated with environments.
new revision and started again after the deployment is complete. ❑ It can integrate with existing continuous delivery
● Useful for EC2/On-premises compute platform. workflows such as AWS CodePipeline, GitHub, Jenkins.
Blue/green deployment:
● The instances in the deployment group of the original environment
are replaced by a new set of instances of the replacement
environment.
● Using Elastic Load Balancer, traffic gets rerouted from the original
environment to the replacement environment and instances of the
original environment get terminated after the deployment is
complete.
● Useful for EC2/On-Premises, AWS Lambda and Amazon ECS compute
platform AWS CodeDeploy
 AWS X-Ray
What is AWS X-Ray? It works with the following AWS services:
AWS EC2 (Applications deployed on Instances)
AWS X-Ray is a service that allows visual AWS Elastic Load Balancer
analysis or allows to trace microservices
AWS Elastic BeanStalk
based applications.
AWS Lambda
Amazon ECS (Elastic Container Service)
✔ It provides end-to-end information about the request, Amazon API Gateway
response and calls made to other AWS resources by travelling
through the application's underlying components consisting The X-Ray SDKs are available for the following languages:
of multiple microservices. Go
Java
✔ It creates a service graph by using trace data from the AWS Node.js
resources. Python
Ruby
The graph shows the information about front-end and .Net
backend services calls to process requests and continue
the flow of data.

The graph helps to troubleshoot issues and improve the

performance of the applications.
 Amazon WorkSpaces

What is Amazon WorkSpaces?

Amazon WorkSpaces is a managed service It helps to eliminate the management of on-premise VDIs
used to provision virtual Windows or Linux (Virtual Desktop Infrastructure).
desktops for users across the globe.

It offers to choose PCoIP protocols (port 4172) or WorkSpaces Streaming

Protocol (WSP, port 4195) based on user’s requirements such as the type
❖ Amazon WorkSpaces can be accessed with the following of devices used for workspaces, operating system, and network conditions.
client application for a specific device:

Amazon WorkSpaces Application Manager (Amazon WAM) helps to

✔ Android devices, iPads manage the applications on Windows WorkSpaces.

✔ Windows, macOS, and Ubuntu Linux computers

Multi-factor authentication (MFA) and AWS Key Management Service
✔ Chromebooks
(AWS KMS) is used for account and data security.
✔ Teradici zero client devices -supported only with
PCoIP
Each WorkSpace is connected to a virtual private cloud (VPC) with
❖ For Amazon WorkSpaces, billing takes place either monthly or two elastic network interfaces (ENI) and AWS Directory Service.
hourly.
Front-End Web and Mobile
 Amazon API Gateway
What is Amazon API Gateway?
Amazon API Gateway:
Amazon API Gateway is a service that ✔ Acts as a front door for real-world applications to access data, business logic
maintains and secures APIs at any scale. It is from the back-end services, such as code running on AWS Lambda, or any
categorized as a serverless service of AWS. web application.
✔ Handles the processing of hundreds of thousands of existing API calls,
including authorization, access control, different environments (dev, test,
API Gateway consists of: production), and API version management.
Stages ✔ Helps to create web APIs that route HTTP requests to Lambda functions
Resources
Example:
Methods
Integrations
Amazon API When a request is sent through a browser or HTTP client to the
Gateway public endpoint, API Gateway API broadcasts the request and sends
integrates it to the Lambda function. The Function calls the Lambda API to get
the required data and returns it to the API.

Outside of VPC with: Inside of VPC with:

Any AWS EC2 Load AWS Lambda EC2 Endpoints

AWS Lambda End Balancers
service points AWS Lambda + API Gateway = No need to manage infrastructure
Internet of Things
 AWS IoT Core
What is AWS IoT Core?
AWS IoT Core is a cloud service that enables
users to connect IoT devices (wireless
devices, sensors, and smart appliances) to ❑ It provides secure and bi-directional communication with all the
the AWS cloud without managing servers. devices, even when they aren’t connected.

❑ It consists of a device gateway and a message broker that helps

It supports devices and clients that use the following
connect and process messages and routes those messages to
protocol:
other devices or AWS endpoints.
MQTT (Message Queuing and Telemetry
Transport) - publish and subscribe
messages ❑ It helps developers to operate wireless LoRaWAN (low-power
MQTT over WSS protocols - publish and long-range Wide Area Network) devices.
subscribe messages

AWS IoT Core HTTPS protocol - publish messages ❑ It helps to create a persistent Device Shadow (a virtual version of
devices) so that other applications or devices can interact.

It integrates with Amazon services like Amazon CloudWatch, AWS CloudTrail,

Amazon S3, Amazon DynamoDB, AWS Lambda, Amazon Kinesis, Amazon
SageMaker, and Amazon QuickSight to build IoT applications.
 AWS IoT Events

What is AWS IoT Events?

AWS IoT Events is a monitoring It builds event monitoring
service that allows users to monitor applications in the AWS Cloud that
and respond to devise fleets’ events can be accessed through the AWS
in IoT applications. IoT Events console.

It detects events from IoT sensors It helps to create event logic using
such as temperature, motor voltage, conditional statements and trigger
motion detectors, humidity. alerts when an event occurs.

AWS IoT Events accepts data from many IoT sources like sensor devices,
AWS IoT Core, and AWS IoT Analytics.
 AWS IoT Greengrass
What is AWS IoT Greengrass?
AWS IoT Greengrass is a cloud service that ❖ The Greengrass Core is a device that enables the
groups, deploys, and manages software for communication between AWS IoT Core and the AWS IoT
all devices at once and enables edge devices Greengrass.
to communicate securely.

❖ Devices with IoT Greengrass can process data streams without

being online.
❖ It is used on multiple IoT devices in homes, vehicles, factories,
and businesses.
❖ It provides different programming languages, open-source
software, and development environments to develop and test
❖ It provides a pub/sub message manager that stores messages IoT applications on specific hardware.
as a buffer to preserve them in the cloud

It synchronizes data on the device using the following AWS services: ❖ It provides encryption and authentication for device data for
cloud communications.
Amazon Simple Storage Service (Amazon S3)
Amazon Kinesis
❖ It provides AWS Lambda functions and Docker containers as an
AWS IoT Core
environment for code execution.
AWS IoT Analytics
 FreeRTOS

What is FreeRTOS?
FreeRTOS is an open-source operating It helps securely connect small
system for microcontrollers that devices to AWS IoT Core or the
enables devices to connect, manage, devices running AWS IoT Greengrass.
program, deploy and scale.

The microcontroller is a kind of It acts as a multitasking scheduler and

processor available in many devices provides multiple memory allocation
like industrial automation, options, semaphore, task notifications,
automobiles, sensors, appliances. message queues, and message buffers.
Machine Learning
 Amazon SageMaker

What is Amazon SageMaker?

Amazon SageMaker is a cloud service
that allows developers to prepare, It scales up to petabytes level to train models and
build, train, deploy and manage manages all the underlying infrastructure.
machine learning models.

Amazon SageMaker notebook instances are created using

Jupyter notebooks to write code to train and validate the
models.
❖ It provides a secure and scalable environment to
deploy a model using SageMaker Studio or the
SageMaker console. Amazon SageMaker gets billed in seconds based on the
amount of time required to build, train, and deploy
❖ It has pre-installed machine learning algorithms to machine learning models.
optimize and deliver 10X performance.
 Amazon Polly

What is Amazon Polly?

It supports many different languages,
Amazon Polly is a cloud service and Neural Text-to-Speech (NTTS)
used to convert text into speech. voices to create speech-enabled
applications.

It offers caching and replays of

It requires no setup costs, only pay
Amazon Polly’s generated speech in a
for the text converted.
format like MP3.
 Amazon Transcribe

What is Amazon Transcribe?

Amazon Transcribe is a service used to Amazon Transcribe Medical is used to
convert audio (speech) to text using a convert medical speech to text for
Deep Learning process known as clinical documentation.
automatic speech recognition (ASR).

It automatically matches the text

It is best suited for customer quality similar to the manual
service calls, live broadcasts, and transcription. For transcribe, charges
media subtitling. are applied based on the seconds of
speech converted per month.
 Amazon Comprehend

What is Amazon Comprehend?

Text Insights and Document Processing
Amazon Comprehend employs natural
with AI
language processing (NLP) to extract
insights from document content. It ● Extract Insights: Derive valuable insights
from various text sources, including
generates insights by identifying documents, emails, product reviews, and
entities, key phrases, language, social media.
● Streamline Workflows: Automate
sentiments, and other common document processing by extracting text,
elements within documents. Utilize x key phrases, sentiment, and topics—ideal
for insurance claims and other
Amazon Comprehend to develop new document-heavy tasks.
products that leverage document ● Custom Document Classification: Build
models to classify and recognize specific
structure understanding. terms without requiring machine learning
expertise.
● Data Security: Protect sensitive data by
identifying and redacting Personally
Identifiable Information (PII) in documents.
 Amazon Lex

Simplified AI Integration for Conversational

What is Amazon Lex? Applications

Amazon Lex, an AWS service, enables ● Understand Intent and Context: Effortlessly
developers to build chatbots with integrate AI that comprehends user intent,
natural conversation capabilities, maintains conversation flow, and automates
leveraging the technology behind routine tasks in multiple languages.
Alexa. With seamless integration and ● Omnichannel Deployment: Quickly design
advanced language understanding, and deploy conversational AI across platforms
Lex simplifies speech recognition and x with one-click setup, avoiding hardware or
facilitates the creation of engaging infrastructure management.
chatbots for intuitive user ● AWS Service Integration: Connect seamlessly
interactions. with other AWS services for data access,
business logic execution, performance
monitoring, and more.
● Cost-Efficiency: Pay only for usage based on
speech and text requests, with no upfront or
minimum fees.
 Amazon Translate

Features & Benefits

What is Amazon Translate? ● High-quality translations - Provide precise
and evolving translations across various
Neural Machine Translation: Uses
applications.
neural networks for accurate and
● Batch and real-time translations - Integrate
natural text translations.
batch and real-time translation into your
Language Pairs: Translates text
applications seamlessly using a single API call.
between English and multiple other
● Customization - Customize your
languages.
ML–translated output to define brand names,
Source-Target Conversion: Converts
x model names, and other unique terms.
text from a source language to a
● Translate user-generated content:
target language based on selected
Automatically translate user-generated
language pairs.
content, including social media posts,
profiles, and comments, instantly in
real-time.
 Amazon Kendra

Features & Benefits

What is Amazon Kendra? ● Contextual Search: Kendra handles both
simple and complex questions, from factual
Amazon Kendra is a cutting-edge
queries (e.g., "Where is the nearest service
search solution powered by AI,
center?") to detailed ones (e.g., "How do I set
utilizing natural language processing
up my device?").
(NLP) and machine learning to provide
● Machine Learning: Kendra improves search
highly accurate and context-aware
accuracy over time through continuous
search results. Unlike traditional
learning.
search engines that rely on keyword
x ● Easy Integration: Connects with third-party
matching, Kendra understands the
repositories (e.g., Microsoft SharePoint) for a
reason of the user queries, provind
unified search experience.
relevant and precise answers in such a
● Security: It ensures that search results are
way that it more like interacting with a
filtered based on user access, making it ideal
knowledgeable expert.
for enterprise use.
● Simplicity: Kendra features an easy-to-use
console and API, making it simple to integrate
into applications.
Management and Governance
 Amazon CloudWatch
What is Amazon CloudWatch? AWS CloudWatch monitors AWS resources such as
Amazon CloudWatch is a service that Amazon RDS DB instances, Amazon EC2 instances,
monitors based on multiple metrics of AWS Amazon DynamoDB tables, and any log files generated
and on-premises resources. by the applications.

Amazon CloudWatch

Collects and correlates monitoring data in logs, metrics, and Alarms can be created using CloudWatch Alarms that monitors
events from AWS resources, applications, and services that metrics and send notifications.
run on AWS and on-premises servers.
CloudWatch Agent or API can be used to monitor hybrid cloud
Offers dashboards and creates graphs to visualize cloud architectures.
resources.
CloudWatch Container Insights and Lambda Insights both
Visualizes logs to address issues and improve performance provide dashboards to summarize the performance and errors
by performing queries. for a selected time window.

Amazon CloudWatch is used alongside the following applications:

❖ Amazon Simple Notification Service (Amazon SNS) ❖ AWS CloudTrail
❖ Amazon EC2 Auto Scaling ❖ AWS Identity and Access Management (IAM)
 AWS CloudFormation
What is AWS CloudFormation?
Template:
AWS CloudFormation is a service that collects ❑ A template is used to create, update, and delete an
AWS and third-party resources and manages entire stack as a single unit without managing
them throughout their lifecycles by launching resources individually.
them together as a stack. AWS CloudFormation ❑ CloudFormation provides the capability to reuse the

Stacks: template to set the resources easily and repeatedly.

❑ Stacks can be created using the AWS CloudFormation console

and AWS Command Line Interface (CLI). Example: CloudFormation template for creating EC2 instance

❑ Nested Stacks are stacks created within another stack by using EC2Instance:
the ‘AWS::CloudFormation::Stack’ resource attribute. Type: AWS::EC2::Instance
Properties:
❑ The main stack is termed as parent stack, and other belonging ImageId: 1234xyz
stacks are termed as child stack, which can be implemented by KeyName: aws-keypair
InstanceType: t2.micro
using ref variable ‘! Ref’. SecurityGroups:
- !Ref EC2SecurityGroup
BlockDeviceMappings:
AWS does not charge for using AWS CloudFormation, and - DeviceName: /dev/sda1
charges are applied for the CloudFormation template services. Ebs:
VolumeSize: 50
 AWS CloudTrail
What is AWS CloudTrail? Records": [{
AWS CloudTrail is a service that gets "eventVersion": "1.0",
"userIdentity": {
enabled when the AWS account is created
"type": "IAMUser",
and is used to enable compliance and "principalId": "PR_ID",
auditing of the AWS account. "arn":
"arn:aws:iam::210123456789:user/Rohit",
"accountId": "210123456789",
✔ It offers to view, analyze, and respond to activity across the AWS
"accessKeyId": "KEY_ID",
infrastructure. "userName": "Rohit"
},
✔ It records actions as an event by an IAM user, role, or an AWS service. "eventTime": "2021-01-24T21:18:50Z",
"eventSource": "iam.amazonaws.com",
✔ CloudTrail records can download Cloud Trial events in JSON or CSV file. "eventName": "CreateUser",
"awsRegion": "ap-south-2",
"sourceIPAddress": "176.1.0.1",
✔ CloudWatch monitors and manages the activity of AWS services and "userAgent": "aws-cli/1.3.2 Python/2.7.5
resources, reporting on their health and performance. Whereas Windows/7",
CloudTrail resembles logs of all actions performed inside the AWS "requestParameters": {"userName": "Nayan"},
environment. "responseElements": {"user": {
"createDate": "Jan 24, 2021 9:18:50 PM",
"userName": "Nayan",
✔ IAM log file -
"arn": "arn:aws:iam::128x:user/Nayan",
The below example shows that the IAM user Rohit used the AWS "path": "/",
Management Console to call the AddUserToGroup action to add Nayan to "userId": "12xyz"
the administrator group. }}
}]}
 AWS Config
What is AWS Config?
Functions of AWS Config:
AWS Config is a service that allows users to
determine the quality of a resource's
configuration in the AWS account. It helps to monitor configuration changes performed over a specific
period using AWS Config console and AWS CLI and generates
notifications about changes.

It offers a dashboard to view compliance status for an account

across regions.

It uses Config rules to evaluate configuration settings of the AWS

resources.

It captures the history of configurations and tracks relationships of

resources before making changes.

Using AWS CloudTrail, AWS Config helps to identify and troubleshoot

issues by capturing API calls as events.

AWS Config in action

 AWS License Manager
What is AWS License Manager?

AWS License Manager is a service used to

centralize the usage of software licenses
across the environment. It allows administrators to specify Dedicated Host management
preferences for allocation and capacity utilization.

AWS License Manager’s managed entitlements provide built-in

❖ It supports Bring-Your-Own-License (BYOL) feature, which
controls to software vendors (ISVs) and administrators so that
means that users can manage their existing licenses for
they can assign licenses to approved users and workloads.
third-party workloads (Microsoft Windows Server, SQL
Server) to AWS.
AWS Systems Manager can manage licenses on physical or virtual
servers hosted outside of AWS using AWS License Manager.
❖ It enables administrators to create customized licensing
rules that help prevent licensing violations (using more
licenses than the agreement). AWS Organizations and AWS License Manager help to allow
cross-account disclosure of computing resources in the organization.
❖ It provides a dashboard to control the visibility of all the
licenses to the administrators.
 AWS Management Console
What is AWS Management Console? There is a Search box on the navigation bar to search for AWS services by
entering all or part of the name of the service
AWS Management Console is a web console
with multiple wizards and services used to
manage Amazon Web Services.

It can be visible when a user first-time signs in. It provides access

to other service consoles and a user interface for exploring AWS.

AWS Services Console

On the navigation bar,

AWS Management Console
there is an option to
AWS Management Console provides a Services option on the navigation bar that select Regions from.
allows choosing services from the Recently visited list or the All services list.

A GUI Console is available as an app for Android and iOS for a better experience. AWS Regions
 AWS Organizations
What are AWS Organizations?
It includes account management and combined billing
AWS Organizations is a service that allows
capabilities to meet the business’s budgetary and
users to manage multiple AWS accounts
security needs.
grouped into a single organization.

AWS Organizations Service Control Policies

❑ It easily shares critical common Service Control Policies (SCPs) can be created
resources across the accounts. to provide governance boundaries for the
OUs. SCPs ensure that users in the accounts
❑ It organizes accounts into only perform actions that meet security
organizational units (OUs), which are requirements.
groups of accounts that serve
specified applications.

The master account is responsible for paying

charges of all resources used by the accounts
in the organization.
 AWS Systems Manger
What is AWS Systems Manager?
AWS Systems Manager (SSM) is a service that
allows users to centralize or group It helps to manage servers without actually logging into the
operational data using multiple services and server using a web console known as Session Manager.
automate operations across AWS
infrastructure.

✔ It simplifies maintenance and identifies issues in the resources It helps to automate repetitive operations and management tasks
that may impact the applications. using predefined playbooks.

✔ It displays the operational data, system and application

configurations, software installations, and other details on a It connects with Jira Service Desk and ServiceNow to allow ITSM
single dashboard known as AWS Systems Manager Explorer. platform users to manage AWS resources.

✔ It manages secrets and configuration data and separates them

from code using a centralized store known as Parameter Store. Systems Manager Distributor helps to distribute software packages on
hosts along with versioning.
✔ It helps to communicate with the Systems Manager agent
installed on AWS servers and in an on-premises environment.
Agents are installed to manage resources on servers using
different operating systems.
Migration and Transfer
 AWS Database Migration Service
What is AWS Database
Migration Service?
AWS Database Migration Service is a cloud
service used to migrate relational databases AWS DMS does not stop the running application while
from on-premises, Amazon EC2, or Amazon performing the migration of databases, resulting in
RDS to AWS securely. downtime minimization.

Amazon Database
Management Service

Homogeneous migration Heterogeneous migration

AWS DMS supports the following data sources and targets engines ❑ It performs all the management steps required during the
for migration: migration, such as monitoring, scaling, error handling, network
❑ Sources: Oracle, Microsoft SQL Server, PostgreSQL, Db2 LUW, connectivity, replicating during failure, and software patching.
SAP, MySQL, MariaDB, MongoDB, and Amazon Aurora.
❑ Targets: Oracle, Microsoft SQL Server, PostgreSQL, SAP ASE, ❑ AWS DMS with AWS Schema Conversion Tool (AWS SCT) helps to
MySQL, Amazon Redshift, Amazon S3, and Amazon DynamoDB. perform heterogeneous migration.
 AWS DataSync

What is AWS DataSync?

Key Features
AWS DataSync is a secure, reliable,
● Efficient Data Transfer: Supports scheduling,
managed migration Service that
bandwidth throttling, and task filtering.
automates the movement of data
● Fast Transfers: Utilizes compression and parallel
online between storage systems. AWS
transfer for high-speed performance.
DataSync provides the capability to
● Secure: In-flight TLS encryption and encryption
move data between AWS storage,
at rest.
On-premises File Systems, Edge
● Integrity Verification: Ensures data is correctly
locations, and other Cloud Storage
transferred.
services like Azure. AWS DataSync helps
● AWS Integration: Works with CloudWatch,
you simplify your migration planning
CloudTrail, and EventBridge.
and reduce costs associated with the
● Cost-Effective: Pay only for transferred data with
data transfer.
no minimum fees.
● Broad Compatibility: Transfers data to/from S3,
EFS, and FSx.
● Transfer Options: Supports Internet, VPN, and
Direct Connect.
 AWS Migration Hub

What is AWS Migration Hub?

Key Features
AWS Migration Hub (Migration Hub) ● Streamlined process: Discover, Assess, Analyze,
offers a centralized platform for Plan, Execute, and Manage all from one central
discovering current servers, planning location.
migrations, and monitoring application ● Guided expertise: Speed up migration and
migration progress. It provides visibility modernization projects with tailored journey
templates.
into application portfolios, streamlining
● Effective resources: Utilize specialized services
planning and tracking. Migration Hub proven to align with your transformation
allows visualization of connections and objectives.
status regardless of the migration tool ● No cost: Begin your migration planning or
used. You can start migrating tracking for free using AWS Migration Hub.
immediately or first discover servers,
organizing them into applications, and
monitor progress from within the hub.
 AWS Transfer Family

What is AWS Transfer Family? Key Features

● Fully Managed Service: Transfers files to/from S3
AWS Transfer Family is a fully managed
and EFS.
& secure service that enables transfer ● Protocols Supported:
of files using SFTP, FTPS & FTP. The ● SFTP: Secure file transfer over SSH.
destination storage services to which ● FTPS: FTP over a TLS-encrypted channel.
files are transferred are S3, and EFS. It ● FTP: Standard FTP without encryption.
helps you to seamlessly migrate File ● High Availability: Global service coverage.
Transfer workloads to AWS without ● Compliance: Meets regional regulatory
having any impact on existing requirements.
application integrations or ● Cost-Effective: Pay-as-you-use model.
configuration. ● Custom Identity Providers: Integrates with API
Gateway & Lambda.
 AWS Snow Family
What is AWS Snow Family?
Key Features
The AWS Snow Family includes devices
● Simple Management: Easily manage and
for transferring large datasets to and
monitor devices via the AWS console.
from AWS and enabling data processing
● NFS Endpoint: Compatible with Network File
at the edge, even in rugged or remote
System (NFS) for straightforward data transfer.
locations. These devices streamline
● On-board Computing: Some devices offer
data migration and allow edge
on-board compute capabilities for real-time data
computing, making them ideal for use
processing.
cases with limited connectivity or
● High Security: Includes encrypted data handling,
demanding environmental conditions.
tamper-resistant features, and secure data
erasure.
● End-to-End Tracking: Provides tracking from
Snow Family Devices deployment to return, ensuring
● AWS Snowcone: Portable, lightweight (4.5 lbs), rugged, ideal for
remote use with SSD or HDD storage.
● AWS Snowball: Tamper-resistant, designed for extreme
environments, supports large data transfer and on-device computing.
● AWS Snowblade: Compact, high-performance for tactical edge,
capable of handling analytics, ML, and edge workloads.
● AWS Snow Edge: Supports large, complex edge workloads, ideal for
disconnected or intermittent connectivity scenarios.
Networking and Content
Delivery
 Amazon VPC
What is Amazon VPC? ❑ It includes many components such as Internet gateways, VPN
Amazon Virtual Private Cloud is a service that tools, CIDR, Subnets, Route tables, VPC endpoint, NAT
allows users to create a virtual dedicated instances, Bastion servers, Peering Connection, and others.
network for resources. ❑ It spans across multiple Availability Zones (AZs) within a region.
❑ The first four IP and last one IP addresses are reserved per
Private subnet - A subnet that does not have internet access is subnet.
termed a private subnet. ❑ It creates a public subnet for web servers that uses internet
Public subnet - A subnet that has internet access is termed a public access and a private subnet for backend systems, such as
subnet. databases or application servers.
VPN only subnet - A subnet that does not have internet access but ❑ It can monitor resources using Amazon CloudWatch and Auto
has access to the virtual private gateway for a VPN connection is Scaling Groups.
termed a VPN-only subnet.

❖ Every EC2 instance is launched within a default VPC with equal security and control like normal Amazon VPC. Default VPC has no private
subnet.
❖ It uses Security Groups and NACL (Network Access Control Lists) for multi-layer security.
❖ Security Groups (stateful) provide instance-level security, whereas NACLs (stateless) provide subnet-level security.
❖ VPC sharing is a component that allows subnets to share with other AWS accounts within the same AWS Organization.
 Amazon CloudFront
What is Amazon CloudFront? Amazon CloudFront Access Controls:
Signed URLs:
Amazon CloudFront is a content delivery network
● Use this to restrict access to individual files.
(CDN) service that securely delivers any kind of
Signed Cookies:
data to customers worldwide with low latency,
● Use this to provide access to multiple restricted files.
low network, and high transfer speeds.
● Use this if the user does not want to change current URLs.
Geo Restriction:
● Use this to restrict access to the data based on the geographic location of the
It makes use of Edge locations (worldwide network of data centers) to deliver website viewers.
the content faster. Origin Access Identity (OAI):
Without edge locations, it retrieves data from an origin such as an Amazon S3
● Outside access is restricted using signed URLs and signed cookies, but what if
bucket, a Media Package channel, or an HTTP server.
someone tries to access objects using Amazon S3 URL, bypassing CloudFront signed
URL and signed cookies. To restrict that, OAI is used.
CloudFront provides some security features such as:
● Use OAI as a special CloudFront user and associate it with your CloudFront
❖ Field-level encryption with HTTPS - Data remains encrypted
distribution to secure Amazon S3 content.
throughout starting from the upload of sensitive data.
CloudFront Signed URL: S3 Pre-Signed URL:
❖ AWS Shield Standard - Against DDoS attacks.
○ It allows access to a path, no matter what is o It issues a request as the
❖ AWS Shield Standard + AWS WAF + Amazon Route 53 - Against
the origin person who pre-signed the
more complex attacks than DDoS.
○ It can be filtered by IP, path, date, expiration URL.
CloudFront is integrated with AWS Services such as: ○ It leverages caching features
Amazon S3
Amazon EC2
Elastic Load Balancing
Amazon Route 53
AWS Essential Media Services

CloudFront Signed URL S3 Pre-Signed URL

 Amazon Route 53
The most common records supported in Route 53 are:
What is Route 53?
A: hostname to IPv4
Route 53 is a managed DNS (Domain Name System)
service where DNS is a collection of rules and records AAAA: hostname to IPv6
intended to help clients/users understand how to CNAME: hostname to hostname
reach any server by its domain name.
Alias: hostname to AWS resource
Route 53 hosted zone is a collection of records for a specified
domain that can be managed together.
There are two types of zones:
Route 53 Routing Policies:
Simple:
Public Hosted Zone - Determines how traffic is routed on the Internet.
Private Hosted Zone - Determines how traffic is routed within VPC. ❖ It is used when there is a need to redirect traffic to a single resource.
❖ It does not support health checks.
Route 53 CNAME Route 53 Alias Weighted:
It points a hostname to any other It points a hostname to an AWS ❖ It is similar to simple, but you can specify a weight associated with resources.
hostname.(app.mything.com -> Resource.(app.mything.com -> ❖ It supports health checks.
abc.anything.com) abc.amazonaws.com) Failover:
It works only for the non-root It works for the root domain and non-root ❖ If the primary resource is down (based on health checks), it will route to a secondary
domains.(abcxyz.maindomain.com) domain. (maindomain.com) destination.
❖ It supports health checks.
It charges for CNAME queries. It doesn’t charge for Alias queries. Geo-location:
It points to any DNS record that is It points to an ELB, CloudFront distribution, ❖ It routes traffic to the closest geographic location you are in.
hosted anywhere. Elastic Beanstalk environment, S3 bucket as a Geo-proximity:
static website, or another record in the same ❖ It routes traffic based on the location of resources to the closest region within a
hosted zone. geographic area.
Latency based:
❖ It routes traffic to the destination that has the least latency.
Amazon Route 53 Multi-value answer:
❖ It distributes DNS responses across multiple IP addresses.
 AWS Direct Connect
What is AWS Direct Connect?
✔ With the help of industry-standard 802.1Q virtual LANs (VLANs), the dedicated
AWS Direct Connect is a cloud service that connection can be partitioned into multiple virtual interfaces.
helps to establish a dedicated connection
from an on-premises network to one or more ✔ Virtual interfaces can be reconfigured at any time to meet the changing needs.
VPCs and other services in the same region.

Public virtual
interface:
Private virtual It helps to connect
interface: AWS services located
It helps to connect an in any AWS region
Amazon VPC using (except China) from
private IP addresses. your on-premises data
center using public IP
addresses.

Pricing details:
Port hours - charges are determined by capacity and
connection type Amazon Direct Connect
Outbound data transfer
 AWS PrivateLink

What is PrivateLink?
AWS PrivateLink is a network service used
to connect to AWS services hosted by other Types of VPC End Points
AWS accounts (referred to as endpoint
services) or AWS Marketplace.

It is used for scenarios where the source VPC acts as a

service provider, and the destination VPC acts as a service Interface Endpoints Gateway Endpoints
consumer.

So, service consumers use an interface endpoint to access It serves as an entry point It is a gateway in the
the services running in the service provider. for traffic destined to an route-table that routes
AWS service or a VPC traffic only to Amazon S3
It provides security by not allowing the public internet and endpoint service and DynamoDB
reducing the exposure to threats, such as brute force and
DDoS attacks.
 AWS Transit Gateway Transit Gateway vs. VPC Peering
What is AWS Transit Gateway? Transit Gateway VPC Peering
AWS Transit Gateway is a network hub used It has an hourly charge per It does not charge for data transfer.
to interconnect multiple VPCs. It can be used attachment in addition to the data
to attach all hybrid connectivity by controlling transfer fees.
your organization's entire AWS routing Multicast traffic can be routed Multicast traffic cannot be routed to
configuration in one place between VPC attachments to a peering connections.
Transit Gateway.
It provides Maximum bandwidth
(burst) of 50 Gbps per Availability It provides no aggregate bandwidth.
It can be more than one per region but can not be Zone per VPC connection.
peered within a single region. It supports attaching Security groups feature does not Security groups feature works with
Amazon VPCs with IPv6 CIDRs. currently work with Transit intra-Region VPC peering.
Gateway
It helps to solve the problem of complex VPC peering
connections.

Transit Gateway reduces the complexity of maintaining

VPN connections with hundreds of VPCs, which
become very useful for large enterprises.

AWS Transit Gateway

 Elastic Load Balancing (ELB)
What is Elastic Load Balancing?
Elastic Load Balancing is a managed service that allows
traffic to get distributed across EC2 instances,
containers, and virtual appliances as target groups.

Elastic Load Balancer types are as follows:

Classic Load Balancer: Elastic Load Balancing
▪ Oldest and less recommended load balancer.
▪ Routes TCP, HTTP, or HTTPS traffic at layer 4 and layer 7.
▪ They are used for existing EC2-Classic instances.
Application Load Balancer:
▪ Routes HTTP and HTTPS traffic at layer 7. Classic Load Balancer (Internal)
▪ Offers path-based routing, host-based routing, query-string,
parameter-based routing, and source IP address-based routing.
Network Load Balancer: ▪ ELB integrates with every AWS service throughout the
▪ Routes TCP, UDP, and TLS traffic at layer 4. applications.
▪ Suitable for high-performance and low latency applications. ▪ It is tightly integrated with Amazon EC2, Amazon ECS/EKS.
Gateway Load Balancer: ▪ ELB integrates with Amazon VPC and AWS WAF to offer extra
▪ Suitable for third-party networking appliances. security features to the applications.
▪ It simplifies tasks to manage, scale, and deploy virtual appliances. ▪ It helps monitor the servers’ health and performance in real-time
using Amazon CloudWatch metrics and request tracing.
▪ ELB can be placed based on the following aspects:
▪ Internet-facing ELB:
Classic Load o Load Balancers have public IPs.
Balancer ▪ Internal only ELB:
(Internet-Facing) o Load Balancers have private IPs.
▪ ELB offers the functionality of Sticky sessions. It is a process to
route requests to the same target from the same client.
Security, Identity, and
Compliance
 Amazon Identity and Access Management (IAM)
What is Amazon IAM ?
Amazon Identity and Access Management allows:
AWS Identity and Access Management is a free ❖ users to analyze access and provide MFA (Multi-factor
service used to define permissions and manage authentication) to protect the AWS environment.
users to access multi-account AWS services. ❖ managing IAM users, IAM roles, and federated users.
Amazon Identity and
Access Management

IAM Policies
IAM Users
Policies are documents written in JSON (key-value pairs) used to
User can be a person or service.
define permissions.

IAM Groups IAM Roles

Groups are collections of users, and policies are attached to IAM users or AWS services can assume a role to obtain
them. It is used to assign permissions to users. temporary security credentials to make AWS API calls.
 Amazon Cognito
What is Amazon Cognito?
Amazon Cognito User Pools is a standards-based Identity
Amazon Cognito is a service used for Provider and supports Oauth 2.0, SAML 2.0, and OpenID
authentication, authorization, and user Connect. Amazon Cognito identity pools are useful for both
management for web or mobile applications. authenticated and unauthenticated identities.

Amazon Cognito allows customers to sign in through social identity Amazon Cognito is capable enough to allow usage of user pools
providers such as Google, Facebook, and Amazon, and through and identity pools separately or together
enterprise identity providers such as Microsoft Active Directory via
SAML.

The two main components of Amazon Cognito are as follows:

User pools are user Identity pools are user

repositories (where user profile repositories of an account, which
details are kept) that provide provide temporary and
sign-up and sign-in options for limited-permission AWS credentials
your app users. to the users so that they can access
other AWS resources without
re-entering their credentials.
 AWS Certificate Manager
What is AWS Certificate Manager? :
The types of SSL certificates are:
Extended Validation Certificates (EV SSL)
AWS Certificate Manager is a service that
Most expensive SSL certificate type
allows a user to protect AWS applications by
storing, renewing, and deploying public and
Organization Validated Certificates (OV SSL)
private SSL/TLS X.509 certificates.
Validates a business’ creditably.

HTTPS transactions require server certificates X.509 that bind the Domain Validated Certificates (DV SSL)
public key in the certificate to provide authenticity. Provides minimal encryption

The certificates are signed by a certificate authority (CA) and Wildcard SSL Certificate
contain the server’s name, the validity period, the public key, the Secures base domain and subdomains.
signature algorithm, and more.
Multi-Domain SSL Certificate (MDC)
It centrally manages the certificate lifecycle and helps to automate Secure up to hundreds of domain and subdomains.
certificate renewals.

SSL/TLS certificates provide data-in-transit security and authorize Unified Communications Certificate (UCC)
the identity of sites and connections between browsers and Single certificate secures multiple domain names.
applications.
Ways to deploy managed X.509 certificates:
The certificates created by AWS Certificate Manager for using AWS Certificate Manager (ACM)
ACM-integrated services are free. Useful for customers who need a secure and public web
presence.
With AWS Certificate Manager Private Certificate Authority,
monthly charges are applied for the private CA operation and the ACM Private CA
private certificates issued. Useful for customers that are intended for private use within an
organization.
 AWS Directory Service
What is AWS Directory Service?
Simple AD
AWS Directory Service, also known as AWS
● It is an inexpensive Active Directory-compatible service
Managed Microsoft Active Directory (AD),
driven by SAMBA 4.
enables multiple ways to use Microsoft Active
● It can be used when there is a need for less than 5000
Directory (AD) with other AWS services.
users.
● It does not support Multi-factor authentication (MFA).
Using AWS Managed Microsoft AD, it becomes easy to migrate
AD-dependent applications and Windows workloads to AWS.
A trust relationship can be created between AWS Managed
Amazon Cognito
Microsoft AD and existing on-premises Microsoft Active using single
● It is a user directory type that provides sign-up and sign-in for the
sign-on (SSO).
application using Amazon Cognito User Pools.
AWS Directory Service provides the following directory types
to choose from:
AD Connector
Simple AD
● It is like a gateway used for redirecting directory requests to the
on-premise Active Directory.
Amazon Cognito ● For this, there must be an existing AD, and VPC must be
connected to the on-premise network via VPN or Direct
Connect.
AWS Directory AD Connector ● It supports multi-factor authentication (MFA) via existing
Service RADIUS-based MFA infrastructure.
 AWS Key Management Service
What is AWS Key Management Service? ❑ Provides data security at rest using encryption keys
AWS Key Management Service is a global and provides access control for encryption,
service that creates, stores, and manages decryption, and re-encryption.
encryption keys. ❑ Offers SDKs for different languages to add digital
signature capability in the application code.
AWS Key Management
Encryption using AWS KMS Service ❑ Allows rotation of master keys once a year using
previous versions of keys.
❑ AWS KMS produces new cryptographic data for the
KMS key once a year, when automatic key rotation is
turned on for a KMS key.
❑ AWS KMS preserves all previous iterations of the
cryptographic information so that you can decrypt
any data that has been encrypted using that KMS
key. Until the KMS key is deleted, AWS KMS does not
remove any rotated key material.

Customer Managed CMKs: AWS Managed CMKs:

The CMKs created, managed, and used by users are termed as The CMKs created, managed, and used by AWS services on the
Customer managed CMKs and support cryptographic operations. user’s behalf are termed AWS-managed CMKs.
 AWS Resource Access Manager

What is AWS Resource Access

Manager?
AWS Resource Access Manager (RAM) is a
service that allows resources to be shared The resource sharing feature of AWS RAM reduces customers’ need
through AWS Organizations or across AWS to create duplicate resources in each of their accounts.
accounts.
It controls the consumption of shared resources using existing policies
and permissions.

It can be integrated with Amazon CloudWatch and AWS CloudTrail to

provide detailed visibility into shared resources and accounts.

Access control policies in AWS IAM and Service Control Policies in

AWS Organizations provide security and governance controls to AWS
Resource Access Manager (RAM).

AWS Resource Access Manager

 AWS Secrets Manager
What is AWS Secrets Manager? AWS Secrets Manager:
❑ Ensures in-transit encryption of the secret between
AWS Secrets Manager is a service that prevents
AWS and the system to retrieve the secret.
secret credentials from being hardcoded in the
❑ Rotates credentials for AWS services using the
source code.
Lambda function that instructs Secrets Manager to
AWS Secrets Manager
interact with the service or database.
Secrets Manager can be accessed using the following ways: ❑ Stores the encrypted secret value in SecretString or
▪ AWS Management Console SecretBinary field.
▪ AWS Command Line Tools ❑ Uses open-source client components to cache secrets
▪ AWS SDKs and updates them when there is a need for rotation.
▪ HTTPS Query API

❑ It provides security and compliance facilities by rotating Secret rotation is supported with the below Databases:

secrets safely without the need for code deployment. ▪ MySQL, PostgreSQL, Oracle, MariaDB, Microsoft SQL Server, on

❑ It integrates with AWS CloudTrail and AWS CloudWatch to log Amazon RDS

and monitor services for centralized auditing. ▪ Amazon Aurora on Amazon RDS

❑ It integrates with AWS Config and facilitates tracking of ▪ Amazon DocumentDB

changes in Secrets Manager. ▪ Amazon Redshift

 AWS Security Hub
What is AWS Security Hub?
It collects findings or alerts from multiple AWS accounts. Then it
AWS Security Hub is a service that offers analyzes security trends and identifies the highest priority
security aspects to protect the environment security issues.
using industry-standard best practices.
AWS Security Hub provides an option to aggregate, organize, and
prioritize the security alerts or findings from multiple AWS
services.
AWS Security Hub helps the Payment Card Industry Data
Security Standard (PCI DSS) and the Center for Internet It automatically checks the compliance status using CIS AWS
Security (CIS) AWS Foundations Benchmark with a set of Foundations Benchmark.
security configuration best practices for AWS.

The security alerts or findings can be investigated using Amazon

Enabling (or disabling) Can quickly do AWS Security Hub Detective or Amazon CloudWatch Event rules.
through:
It collects data from AWS services across accounts and reduces the
AWS Management Console
need for time-consuming data conversion efforts
AWS CLI
It uses integrated dashboards to show the current security and
By using Infrastructure-as-Code tools -- Terraform compliance status.

Charges are applied only for the current Region, not for all Regions
in which Security Hub is enabled.
Storage
 Amazon Simple Storage Service (S3)
What is Amazon Simple Storage Service? Amazon S3 uses the following ways for security:
Amazon S3 is a simple service used to provide key-based object User-based security
storage across multiple availability zones (AZs) in a specific region. ▪ IAM policies

❑ S3 is a global service with region-specific buckets. Resource-Based

❑ It is also termed a static website hosting service. ▪ Bucket Policies

Amazon S3 ▪ Bucket Access Control List (ACL)
❑ It provides 99.999999999% (11 9's) of content durability.
❑ S3 offers strong read-after-write consistency for any object. ▪ Object Access Control List (ACL)

❑ Objects (files) are stored in a region-specific container known as Bucket. Amazon S3 provides the following storage classes used to maintain the integrity
❑ Objects that are stored can range from 0 bytes - 5TB. of the objects:
▪ It provides ‘Multipart upload’ features that upload objects in parts, suitable ❑ S3 Standard - offers frequent data access.
for 100 MB or larger objects. ❑ S3 Intelligent-Tiering - automatically transfer data to other cost-effective
▪ It offers to choose ‘Versioning’ features to retain multiple versions of access tiers.
objects, must enable versioning at both source and destination. ❑ S3 Standard-IA - offers immediate and infrequent data access.
▪ Amazon S3 Transfer Acceleration allows fast and secure transfer of objects ❑ S3 One Zone-IA - infrequent data access.
over long distances with minimum latency using Amazon CloudFront’s Edge ❑ S3 Glacier - long-term archive data, cheap data retrieval.
Locations. ❑ S3 Glacier Deep Archive - used for long-term retention.
▪ Amazon S3 uses access control lists (ACL) to control access to the objects
Amazon S3 offers to choose from the following ways to replicate objects:
and buckets.
▪ Cross-Region Replication - used to replicate objects in different AWS Regions.
▪ Amazon S3 provides Cross-Account access to the objects and buckets by
▪ Same Region Replication - used to replicate objects in the same AWS Region.
assuming a role with specified privileges.
 Amazon Elastic Block Store
What is Amazon Elastic
Block Store?
Amazon Elastic Block Store is a service that By default, the non-root EBS volume does not get affected when
provides the block-level storage drive to store the instance is terminated.
persistent data.

Amazon EBS can be attached and detached to an instance and

can be reattached to other EC2 instances.
❖ Multiple EBS volumes can be attached to a single EC2 instance in
the same availability zone.
Amazon EBS easily scales up to petabytes of data storage.
❖ A single EBS volume can not be attached to multiple EC2
instances.
Amazon EBS volumes are best suited for database servers with high
❖ Amazon EBS Multi-Attach is a feature used to attach a single reads and write and throughput-intensive workloads with continuous
Provisioned IOPS SSD (io1 or io2) volume to multiple instances in reads and write.
the same Availability Zone.
Amazon EBS uses AWS KMS service with AES-256 algorithm to
❖ EBS volumes persist independently after getting attached to an support encryption.
instance, which means the data will not be erased even if it
terminates. Amazon EBS offers point-in-time snapshots for volumes to migrate
to other AZs or regions.
❖ By default, the root EBS volume gets terminated when the
instance is terminated.
EBS snapshots are region-specific and are incrementally stored in
Amazon S3.
 Amazon Elastic Block Store
EBS volumes types are as follows:

SSD (Solid-state drives) Provisioned IOPS SSD:

General Purpose SSD: Useful for I/O-intensive database workloads and
Useful for low-latency applications, provide sub-millisecond latency.
development, and test environments. Supports volume size from 4 GiB to 64 TiB.
Supports volume size from 1 GiB to 16 TiB. Allows 256,000 as maximum IOPS per volume.
Allows 16,000 as maximum IOPS per volume. Allows 4,000 MiB/s as maximum throughput per
Allows 1000 MiB/s as maximum throughput per volume.
volume. The multi-Attach feature is supported for io1 and
io2

Cold HDD:
HDD (Hard disk drives)
Useful for infrequently accessed data and
Throughput Optimized HDD:
lowest cost workloads.
Useful for Big data and Log processing workloads.
Supports volume size from 125 GiB to 16 TiB.
Supports volume size from 125 GiB to 16 TiB.
Allows 250 as maximum IOPS per volume.
Allows 500 as maximum IOPS per volume.
Allows 250 MiB/s as maximum throughput per
Allows 500 MiB/s as maximum throughput per
volume.
volume.
 Amazon Elastic File System (EFS)
What is Amazon Elastic File System?
It offers the following storage classes for file storage:
Amazon Elastic File System is a managed
▪ EFS Standard storage class
service used to create and scale file storage
▪ EFS Infrequent Access storage class - can store less
systems for AWS and on-premises resources.
frequently accessed files.
Amazon EFS
It offers the following modes to ease the file storage system:
❑ It spans multiple availability zones and regions.
❑ Performance modes -
❑ It uses EFS Mount Target to share a file system with multiple
General Purpose performance mode: Useful for
availability zones and VPCs.
low-latency workloads.
❑ It is best suited for Linux-based workloads and applications.
Max I/O mode: High throughput workloads.
❑ Multiple instances can access it at the same time leads to high
❑ Throughput modes -
throughput and low latency IOPS.
Bursting Throughput mode: Throughput increases based
❑ It automatically scales storage capacity up to petabyte.
on the file system storage.
❑ It supports file locking and strong data consistency.
Provisioned Throughput mode: Throughput changes are
❑ It offers data encryption at rest and in-transit using AWS KMS
independent of the file system storage.
and TLS, respectively.
❑ It provides EFS lifecycle management policies based on the
❑ It uses POSIX permissions to control access to files and
number of days ranges from 7-90 days to automatically move
directories.
files from Standard storage class to EFS IA storage class.
 Amazon FSx for Lustre
What is Amazon FSx?
Amazon FSx for Lustre is an FSx solution that
offers scalable storage for the Lustre system
(parallel and high-performance file storage
system). Amazon FSx

❖ Supports fast processing workloads like custom electronic design automation (EDA) and
high-performance computing (HPC).

❖ Offers to choose between SSD and HDD for storage.

❖ Stores datasets in S3 as files instead of objects and automatically updates with the
latest data to run the workload.

❖ Offers to select unreplicated file systems for shorter-term data processing.

❖ FSx can be used with existing Linux-based applications without any changes. Using Amazon FSx

❖ Offers network access control using POSIX permissions or Amazon VPC Security
Groups.

❖ FSx easily provides data-at-rest and in-transit encryption. AWS Backup can also be used to backup Lustre file systems.
 Amazon FSx for Windows File Server
What is Amazon FSx for
Windows File Server??
Amazon FSx for Windows File Server is an
FSx solution that offers a scalable and
shared file storage system on the
Microsoft Windows server. Amazon FSx

Using the Server Message Block (SMB) protocol with

FSx provides high availability (Multi-AZ deployments) with
Amazon FSx Can access file storage systems from multiple
an active and standby file server in separate AZs.
windows servers.

It automatically and synchronously replicates data in the

Using SMB protocol, Amazon FSx can connect file systems
standby Availability Zone (AZ) to manage failover.
to Amazon EC2, Amazon ECS, Amazon WorkSpaces, Amazon
AppStream 2.0 instances, and on-premises servers using
Using AWS DataSync with Amazon FSx helps to migrate
AWS Direct Connect or AWS VPN.
self-managed file systems to Windows storage systems.

Amazon FSxuses
Amazon FSx offers
SSD identity-based
storage, offers highauthentication
throughput and Amazon
AmazonFSx
FSx offers identity-based
offers identity-based authentication
authentication using
IOPS with sub-millisecond Microsoft Active
using Microsoft Directory
Active (AD). (AD).
Directory
using Microsoft latencies for Windows(AD).
Active Directory workloads.
 Amazon S3 Glacier

S3-Standard, S3 Standard-IA, and S3 Glacier storage classes,

What is Amazon S3 Glacier? objects, or data are automatically stored across availability
zones in a specific region.
Amazon S3 Glacier is a web service with
vaults that offer long-term data archiving and
data backup. A vault is a place for storing archives with a unique address.

It is the cheapest S3 storage class and offers 99.999999999% of data Amazon S3 Glacier jobs are the select queries that execute to
durability. retrieve archived data. It uses Amazon SNS to notify when the jobs
complete.
S3 Glacier provides the following data retrieval options:
Amazon S3 Glacier does not provide real-time data retrieval of the
Expedited retrievals - archives.
• It retrieves data in 1-5 minutes.

Standard retrievals - Amazon S3 Glacier uses ‘S3 Glacier Select’ to query archive objects
• It retrieves data between 3-5 hours. in uncompressed CSV format and store the output to the S3 bucket.

Bulk retrievals - Amazon S3 Glacier Select uses common SQL statements like
• It retrieves data between 5-12 hours. SELECT, FROM, and WHERE.

It offers only SSE-KMS and SSE-S3 encryption.

 Amazon Backup
What is Amazon Backup?

AWS Backup is a secure service that

automates and governs data backup
(protection) in the AWS cloud and
Amazon Backup
on-premises.

AWS Backup provides the following features:

❖ Scheduled backup plans (policies) to automate backup of AWS resources across AWS accounts and regions.

❖ Incremental backup to minimize storage costs.

❖ Backup retention plans to retain and expire backups automatically.

❖ Dashboard in the AWS Backup console to monitor backup and restore activities.

❖ Different encryption keys for encrypting multiple AWS resources.

❖ Lifecycle policies configured to transition backups from Amazon EFS to cold storage automatically.
 AWS Snowball
What is AWS Snowball?
AWS Snowball is a data transfer service that ❖ If data transfers involve large files and multiple jobs, you might
uses storage gadgets to transfer a huge separate the data into several smaller data segments. Parallelization
amount of data ranging from 50TB - 80TB helps to transfer data with Snowball at a faster rate.
between Amazon Simple Storage Service and E.g., ten segments of 7 TB each in a size of 80 TB Snowball.
onsite data storage location at high speed.
❖ AWS Snowball is integrated with other AWS services such as AWS
CloudTrail to capture all API calls as events and with Amazon Simple
It makes use of AWS Key Management Service to protect data in
Notification Service (Amazon SNS) to notify about data transfer.
transit securely.

❖ AWS Snowball Edge is a type of Snowball device that can transport

If data transfer is less than 10 TB, no need to use Snowball.
data faster and process edge-computing workloads between the local
environment and the AWS Cloud.
The Snowball client and the Amazon S3 Adapter for Snowball are used
to perform data transfers on the Snowball device locally.
❖ Using Snowball Edge devices, one can execute EC2 AMIs and deploy
AWS Lambda code on the devices to perform processing and analysis
Snowball’s size - 50 TB (42 usable) and 80 TB (72 usable). To move
with the applications.
a petabyte (1024 TB) of data, 14 Snowballs can be used.
 AWS Storage Gateway
What is AWS Storage
Gateway?
AWS Storage Gateway is a virtual device Volume Gateway -
installed as a hypervisor or VM at the It uses block storage (EBS volumes) as a storage interface.
on-premises data center to integrate with It supports the iSCSI block protocol.
AWS storage services.
Stored Volumes:
■ It stores the entire data locally.
It offers secure, scalable, and cost-effective storage management. ■ It offers low-latency access to the entire data and backup.
■ It can use 32 volumes with size ranges from 1 GiB - 16 TiB
It offers the following types of storage gateways:
Cached Gateway:
File Gateway ■ It stores the most recent data locally in the storage gateway
It uses S3 Standard, S3 Standard-IA, and S3 One Zone-IA as storage and the rest of the data in Amazon S3.
interfaces. ■ It can use 32 volumes with size ranges from 1 GiB - 32 TiB.
It supports NFS and SMB protocol to store and retrieve files.
It supports the WORM (Write Once Read Many) based file system.

Tape Gateway -
It uses Amazon Glacier to archive backup data.
It stores data on virtual tape cartridges using VTL (virtual tape library)
interface with an iSCSI connection.
It supports WORM based file system.
AWS Storage Gateway