AWS Services Flashcards
AWS Trusted Advisor
Trusted Advisor checks security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity, such as hacking, denial-of-service attacks, or loss of data.
AWS Config
AWS Config continuously monitors and records changes to your AWS resources, but it does not identify security groups that allow unrestricted access.
Amazon CloudWatch
CloudWatch is a monitoring service that collects and tracks metrics for AWS resources. It does not identify security groups that allow unrestricted access.
AWS Cloud Trail
CloudTrail provides an audit record of API calls. It does not identify security groups that allow unrestricted access.
You can use CloudTrail to log, monitor and retain account activity related to actions across your AWS infrastructure. CloudTrail provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
AWS Cloud Map
AWS Cloud Map creates and maintains a map of backend services. AWS Cloud Map will not address governance or payment consolidation.
AWS Organizations
Organizations provides centralized governance and billing for an AWS environment, including multiple accounts.
AWS Systems Manager OpsCenter
OpsCenter provides a central location for IT professionals to view, investigate, and resolve operational work items. OpsCenter does not consolidate billing
AWS Billing and Cost Management
This solution consolidates the billing in a report, but it will work only for the individual accounts (without cross-account billing). This solution does not address central governance.
Amazon Inspector
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on Amazon EC2 instances. Amazon Inspector does not perform S3 data classification and automatic discovery.
Amazon Macie
Macie is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
Amazon GuardDuty
GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. GuardDuty does not perform S3 data classification.
AWS Secrets Manager
Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. Secrets Manager does not perform S3 data classification and automatic discovery.
Amazon S3
Amazon S3 is an object storage service and a durable object storage service
AWS Elastic Beanstalk
Elastic Beanstalk is a service to deploy and scale web applications and services developed with common programming languages on automatically deployed infrastructure with capacity management, load balancing, auto scaling, and monitoring. Elastic Beanstalk makes it easier to provision and support an application. Elastic Beanstalk does not reduce website latency.
Amazon DynamoDB Accelerator (DAX)
DAX is used to reduce response times from a DynamoDB table from single-digit milliseconds to microseconds. DynamoDB tables cannot host static websites.
Amazon Route 53
Route 53 is a highly available and scalable DNS web service. The three main functions of Route 53 are registering domain names, routing internet traffic to the resources for your domain, and checking the health of those resources. Route 53 can direct traffic to S3 buckets.
Amazon CloudFront
CloudFront is a web service that speeds up the distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. Content is cached in edge locations. Content that is repeatedly accessed can be served from the edge locations instead of the source S3 bucket.
AWS Direct Connect
Direct Connect links your internal network to a Direct Connect location over a network connection. One end of the connection attaches to your on-premises router. The other end connects to a Direct Connect router. With this connection, you can bypass the ISPs in your network path. However, the company must use an existing internet connection in this scenario.
Amazon Connect
Amazon Connect is an omnichannel cloud contact center. Amazon Connect helps you provide customer service at a low cost. Amazon Connect uses an omnichannel design to provide a seamless experience across voice and chat for your customers and agents. Amazon Connect does not provide a network connection.
AWS Site-to-Site VPN
Site-to-Site VPN creates an encrypted network path between your on-premises network and your AWS Cloud network. This connection between your on-premises network and your AWS Cloud network uses the internet.
AWS Client VPN
Client VPN is a managed client-based VPN service that gives you the ability to securely access your AWS resources and the resources in your on-premises network. With Client VPN, you can access your resources from any location through an OpenVPN-based VPN client. You would use Client VPN to connect individual laptops to AWS, not an entire data center.
AWS CodeArtifact
CodeArtifact is a managed artifact repository service that stores and shares software that is ready for deployment. CodeArtifact is not a source code management service.
AWS CodeBuild
CodeBuild is a service that helps users to automatically compile source code, run unit tests, and produce software packages that are ready for deployment. CodeBuild is not a code management service.
AWS CodePipeline
CodePipeline is a service that manages the movement of code between the individual services. CodePipeline is not a source code storage service.