Services Flashcards
IAM - Identity and Access Management
- Manage users, groups and security groups
- password policies, Access types (CLI, SDK, Cloudshell)
EC2 - Elastic Compute Cloud
IaaS, renting virtual machinse (instances)
Instance types / IAM roles /
On demand / reserved / spot/ saving plans
EBS - Elastic Block Store
Network drive / mounted to 1 instance at a time
AZ / Snapshots / Provisioned Capacity /
AMI - Amazon Machine Image
- Custom of instance / by region
- Public AMI / Custom / Marketplace
EC2 Image Builder (overview)
- Automate creation, maintain, validate and test EC2 AMIs
- Can schedule / free service
EC2 Instance Store
- high-performance hardware disk
- ephemeral / storage lost when instance stop
- Backups and Replication are your responsibility
EFS - Elastic File System
- Managed NFS (Network file system) can be mounted on 100s of EC2
- Works with Linux multi AZ
- EFS-IA (Infrequent Access) / cost-optimized / config to automatically move your files to EFS-IA
Amazon FSx
- Launch 3rd party high-performance file systems on AWS
- FSx for Lutre, FSx for Windows File Server, FSx for NetApp ONTAP
- Windows: native shared file system / windows file server / integrate with active directory
- FSx for Lustre: High performance, scalable file storage for HIGH PERFORMANCE COMPUTING
- Lustre = Linux + Cluster
ELB - Elastic Load Balancing
- Servers that forward internet traffic to multiple servers
- 1 Application Load Balancer (HTTP/HTTPS only) L7
- 2 Network Load Balancer (ultra-high performance, TCP/UDP) L4 / High Performance
- 3: Gateway Load Balancer - Layer 3 / Route traffic to firewalls
ASG - Auto Scaling Groups
- Scale out / Scale in / Replace unhealthy instances
- Automatically register new instances to load balancer
- Strategies: When a cloudwatch alarm is triggered / average ASG CPU / Scheduled / Predictive
S3 - Simple Storage Service
- backup, storage, disaster recovery, hosting (app, media), data lakes & big data analytics, software delivery, static website
- Buckets must have globally unique name
- Region level
- Bucket policies: EC2 access / cross acc access /
- Website Hosting / Versioning / Replication (cross-region / same)
- Storage Classes: Standard / IA / Glacier
- Encryption: Server-side (enabled) / User-side
AWS Snowball
- Data migration or edge computing
- portable devices to collect and process data at the edge
- Helps migrate up to Petabytes of data
- If it takes more than a week to transfer over network, useSnowball devices
Storage Gateway
- “hybrid cloud”
- expose S3 data on-premise
- Bridge between on-premise data and cloud data in S3
- Hybrid storage service / Works with EBS, S3, Glacier
RDS - Relational Database Service
- relational database service
- CANNOT SSH into the instances
Aurora
- Proprietary tech from AWS
- PostgreSQL and MySQL are supported as Aurora DB
Elaticache
DynamoDB
Redshift
EMR - Elastic MapReduce
Athena
Quicksight
DocumentDB
Neptune
Timestream
QLDB - Quantum Ledger Database
Glue ETL - (extract, transform, load)
DMS - Database Migration Service
ECS - Elastic Container Service
Fargate
ECR - Elastic Container Registry
EKS - Elastic Kubernetes Service
Lambda
API Gateway
AWS batch
Lightsail
CloudFormation
Terraform
CDK - Cloud Development Kit
Beanstalk
CodeDeploy
CodeCommit
CodeBuild
CodePipeline
CodeArtifact
SSM - Systems Manager
SSM - Session Manager
SSM - Paramenter Store
Route 53
Cloudfront
Origin Access Control
S3 Transfer Accelerator
Global Accelerator
Outposts
WaveLength
Local Zones
SQS - Simple Queue Service
Kinesis Datastream
SNS - Simple Notification Service
Amazon MQ
Data Firehose
Cloudwatch Metrics/Alarms
Cloudwatch Logs
EventBridge
Cloudtrail
X-Ray
CodeGuru
AWS Health Dashboard
VPC - Virtual Private Cloud
Elastic IP
Subnet, Internet Gateway, NAT Gateways
NACL (Network ACL)
VPC Flow Logs
VPC Peering
VPC Endpoint (Gateway/Interface)
Site to Site VPN x Direct Connect (DX)
CGW - Customer Gateway
VGW - Virtual Private Gateway
Client VPN
Transit Gateway
Shared Responsibility Model
WAF - Web Application Firewall
Shield Standard/Advanced
Network Firewall
Firewall Manager
Penetration Testing
KMS - Key Management Service
CloudHSM - Cloud Hardware Security Module
ACM - AWS Certificate Manager
Secrets Manager
AWS Artifact
AWS GuardDuty
AWS Inspector
AWS Config
AWS Macie
Security Hub
Amazon Detective
AWS Abuse
Root User Privileges
IAM Access Analyzer
AWS Rekognition
AWS Transcribe
AWS Polly
AWS Translate
AWS Lex
AWS Connect
AWS Comprehend
AWS Sagemaker
AWS Forecast
AWS Kendra
AWS Personalize
AWS Textract
AWS Organizations
SCP - Service Control Policies
Organization Units
Consolidated Billing
AWS Guardrails
Control Tower
RAM - Resource Access Manager
AWS Service Catalog
Pricing Models
Savings Plan
Compute Optimizer
Estimate costs
Track Costs
Monitor Costs
AWS Budget
Cost Anomaly
Service Quotas
Trusted Advisor
Support Plans
STS - Security Token Service
AWS Cognito
Directory Services
IAM Identity Center
Amazon Workspaces
AppStream 2.0
IoT Core
Elastic Transcoder
AppSync
Amplify
Infrastructure Composer
Device Farm
AWS Backup
Disaster Recover Strategies
DRS - Elastic Disaster Recovery
AWS DataSync
Cloud Migrations Strategies - The 7Rs
Application Discovery
Application Migration Service
Migration Evaluator
Migration Hub
FIS - Fault Injection Simulator
Step Functions
Ground Station
AWS Pinpoint
Whitepapers Well-Architected Framework
The 6 Pillars
AWS Well Architected Tool
AWS Customer Carbon Footprint Tool
CAF - Cloud Adoption Framework
AWS IQ
AWS re:Post
Knowledge Center
Managed Services
AWS Partner Network
