Cloud Concepts > AWS Global Infrastructure > AWS networking services > AWS compute services > AWS Storage Services > AWS database services > Others Services > Migration > Security > Machine Learning > Billing and Pricing > AWS Well-Architected > Support > Some Shots > Conclusion</p>

AWS has a lot of certifications and a set of them together defines a Role. You can see all the journeys here. As soon as you are prepared, you can schedule your exam here. Two important benefits are 30 minutes more if you are not a native English speaker, and 50% in your next test.

The first test must be the AWS Certified Cloud Practitioner (CLF-C01), and this post is regarding that one.

The first step to start your journey is creating your account to do your tests. AWS has a HowTo for it. Don't forget to not use the root to do your tasks. You have to create an AWS IAM service by AWS Management Console. The default region available to the user is North Virginia.

The course used fot this was:



Cloud Concepts

Definition: Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing.

Cloud vs Traditional:

  • Cloud: On-demand, Broad network access, Resource pooling, Rapid elasticity, Measured Service.
  • Traditional: Requires human involvement, Internal accessibility, limited public presence, Single-tenant, can be virtualized, Limited scalability, Usage is not typically measured

Problems solved: Flexibility; Cost-Effectiveness, Scalability, Elasticity, Agility, High-availability and fault-tolerance

Benefits: Agility, Elasticity, Cost saving (trade fixed expenses for variable expenses), deploy globally in minutes

Advantages of cloud computing

  • On-Demand: Pay only when you consume computing resources, and pay only for how much you consume
  • Economies of scale: lower pay as-you-go prices
  • Elasticity: Scale up and down as required with only a few minutes
  • Increase speed and agility: the cost and time it takes to experiment and develop is significantly lower; speed to create resources; experiment quickly; scalable compute capacity
  • Stop spending money running and maintaining data centers
  • Go global in minutes

Cloud Computing Models

  • IaaS (Infrastructure as a Service): not responsible by the underline hardware and hypervisor but by the operating system (OS), Data and Application. Ex: EC2, CloudFormation.
  • PaaS (Platform as a Service): responsible for the applications and data. The customers only need upload their code/data to create the application. Ex: AWS Elastic Beanstalk; Azure WebApps; Compute App Engine.
  • SaaS (Software as a Service): Not manage anything, only use the service (Facebook, Salesforce). Signup an account.

Cloud Computing Deployment Models

  • Public Cloud (AWS, Azure, GCP): the resources are owned and operatad by the provider, and the services delivered by internet
  • Hybrid Cloud: keep some services on primise. It has the control of sensitive assets and flexibility of the public.
  • Private Cloud (on-premise): not exposed; it allows automatize some process but all the management of the stack is responsability of the company. It must incluse self-service, multi-tenancy, metering, and elasticity. Benefits: Complete control, security (keep the data and application in house)
  • Multicloud - use private/public from multiple providers

Scalability

  • Handle greater loads by adapting
  • Scale Up: scale by adding more power (CPU/RAM) to existent machine/node. Operation running on only one computer.
  • Scale Out: scale by adding more instance to existent pool of resources. Fault Tolerance is achieved by scale out operation.
  • Vertical: inscrease the size of the instance. Common for non distributed system. Limited, e.g, by hardware.
  • Horizontal: increase the number of instances. Distributed system. Common for web applications. Auto Scaling Group and Load Balancer
  • High Availability: Direct relatioship with horizontal scalability. No interruption even with failover. Run across multi AZ, at least in 2 AZ

ASG (Auto Scaling Group):

  • ASG contains a collection of EC2 instance (logical group)
  • Monitors and automatically adjusts the capacity; predictable performance at the lowest possible cost. It, e.g, add/remove (Scale out/in) EC2 instances when the load is increased/decreased.
  • Replace unhealthy instances.
  • Only run at an optimal capacity.
  • AWS EC2 Auto Scaling provides elasticity and scalability.
  • A scheduled scaling policy can be configured for known increase in app traffic (predictable load changes)
  • Predictive scaling: uses daily and weekly trends to determine when scale
  • Step scaling policy: launch resources in response to demand. It's not a guarantee the resources are ready when necessary
  • Strategy: Manual or Dynamic (1. SimpleStep Scaling (CloudWatch); 2.Target Tracking Scaling; 3. Scheduled Scaling
  • DigitalCloud Summary

Serverless: technologies for running code, managing data, and integrating applications, all without managing servers. Serverless technologies feature automatic scaling, built-in high availability, and a pay-for-use billing model to increase agility and optimize costs. It eliminates infrastructure management tasks like capacity provisioning, patching and OS maintenance. It not mean no server.

Aditional References:

  • DigitalCloudSummary
  • (DigitalCloud) Auto Scaling and Elastic Load Balancing
  • AWS - What is cloud computing?


    • AWS Global Infrastructure

    AWS Global Infrastructure: make possible a global application (decrease latency, disaster recovery, attack protection)

    • Availability Zones (AZ): one or more discrete data centers with redundant power, networking, and connectivity. Each AZ has independent power, cooling, and physical security and is connected via redundant, ultra-low-latency networks. AZs give customers the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center. All traffic between AZs is encrypted. AZs are physically separated by a meaningful distance.. Minimum of two AZ to achieve high availability.
    • AWS Regions: physical location around the world where we cluster data centers. Each AWS Region is isolated, and physically separate AZs within a geographic area. Minimum of three AZs by region. Criterias to choose the region: Compliance, Proximity to the customer, available service (List of AWS Services Available by Region) and pricing.
    • Local Zones: place compute, storage, database, and other select AWS services closer to end-users. Each AWS Local Zone location is an extension of an AWS Region.
    • Edge Locations: Content Delivery Network (CDN) endpoints for CloudFront. Delivery content closer the user.
    • Regional Edge Caches: between your CloudFront Origin servers and the Edge Locations
    • Architecture: Single Region + SingleAZ; Single Region + Multi AZ; Multi Region + Active-Passive; Multi Region + Active-Active
    • In Active-Passive failover is possible to apply the routing policy Failover routing

    Amazon CloudFront: Global Content Delivery Network (CDN)

    • Replicate part of your application to AWS Edge Locations (content is served at the edge).
    • It can use cache at the edge to reduce latency. Improves read performance.
    • DDoS protection, integration with Shield, Firewall
    • S3 bucket: distribute files and caching at the edge, security with OAC (Origing Access Control)
    • Customer origin: ALB, EC2 instance, S3 website
    • Great for static content that must be available everywhere; in oposite of S3 Cross Region Replication that is great for dynamic content that needs to be available at low latency in few regions
    • Pricing: Traffic distribution; Requests; Data transfer out. Price is different for region

    S3 Transfer Acceleration

    • Accelerate global uploads & downloads into Amazon S3
    • Increase transfer speed to Edge Location

    AWS Global Accelerator

    • Improve global application availability and performance
    • Optimize the rote
    • Use Edge Locations to the traffic
    • Global Network
    • Integration with Shield for DDoS protection
    • No caching and has proxy packets at the edge
    • Improve performance over TCP/UDP
    • Good when use static IP and need determinist and fast regional failover.

    AWS Outspots

    • virtually any on-premises or edge location
    • Hybrid cloud
    • Server racks -> customer is responsible for that
    • Low latency, local data, data residency, easier migration, fully managed service

    AWS WaveLength: Infrastructure embedded within the telecommunication provides datacenters at 5G network

    Cloud Integration (the services can be scale)

    • SQS (cloud native service): queue model. Retention os message (4-14 days) and deleted after to be read. Decouple. Distributed application. Pay-as-you-go pricing.
    • SNS (cloud native service): pub/sub model. It can send a message to many receivers. Publisher -> SNS topic. Subscriber -> get all messages from the topic
    • Amazon MQ: message broker. Good when migrating to the cloud
    • Kinesis: real-time data streaming model

    Cloud Monitoring

    • CloudWatch (Metrics, Logs, Alarms, Events): It is a monitoring and observability service. Provide metrics and insights (interactively search and analyze log data). The alarms trigger notifications for metric. The CloudWatch Logs enable real-time monitoring, can store and access customers log file from EC2 instance, CloudTrail, etc. Centralize logs, quering logs, audit, etc. It cannot provide the status of the customer resources. Adjustable retention.
    • EventBridge (CloudWatch Events): serverless, build event-driven applications at scale, schedule (cron jobs), event pattern, trigger lambda functions,send SQS/SNS message, etc. Schema Registry, Archive events, replay archive events
    • CloudTrail: track events (history events/API calls). Log, monitoring and retain account activity (Who, What, When)(track user activities and API requests and filter logs to assist with operational analysis and troubleshooting). Governance, compliance, audit for AWS account. It can be applied to all regions or one. It has encryptation enabled as default. Enabling the insights allows CloudTrail detect automatically unusual API activities in the customer account.
    • AWS X-Ray: Debugging in Production. Benefits: performance, uderstand dependencies, review request, find errors, identify users, trace request across microservice/AWS Service.
    • CodeGuru: automated code review and application performance recommendations
    • AWS Helth Dashboard: service history (Service health Dashboard) for all regions or by your account (Account Helth Dashboard). It shows general status.
    • AWS Personal Health Dashboard: personalized view of the status of the AWS services that are part of customer Cloud architecture. Alerts are triggered by changes in the health of your AWS resources, giving event visibility, and guidance to help quickly diagnose and resolve issues and. Customer can quickly assess the impact on your business when AWS service(s) are experiencing issues. It gives a personalized view of performance and availability of the services used by customer.

    Aditional References:

  • DigitalCloud Summary
  • DigitalCloud - AWS Application Integration Services
  • Regions and Availability Zones


    • AWS networking services

    VPC (Virtual Private Cloud): your own isolated network in AWS cloud

    • VPC Peering - connect two VPC. Private addresses.
    • VPC Endpoint - connect to AWS services using private Network (Gateway [S3 and DynamoDB]; Interface [the rest]). Use AWS PrivateLink (provides private connectivity between VPCs, AWS services, and your on-premises networks, without exposing your traffic to the public internet).
    • VPC Flow Logs: capture information about the IP traffic going to and from network interfaces in your VPC
    • When the VPC is created is defined the range of IP

      • Elastic IP: static IP to a public IP to EC2 instance

    • High avalilability with VPC:two subnets configured in one AZ
    • Subnet: partition the network inside the VPC and AZ. The public is accessible from the internet. Route Tables make possible the access of the internet and between subnets.
    • Security Group: instance level, virtual firewall to ENI/EC2 instance (ALLOW rule -IP and other security groups). Stateful. Protect against low level network attack like UDP floods.
    • Network ACL (Access Control List): subnet level, firewall to subnets (ALLOW and DENY rules - only IP). Stateless. Customer is responsible for configure it.
    • Internet Gateways: helps VPC to connect to internet. The public subnet has a route to the internet gateway, but private subnet does NOT have a route to Internet Gateway.
    • NAT Gateway (AWS-managed) and NAT instance (self-managed): allows the instance inside the private Subnets to access the internet. But denying inbound traffic from internet

    Virtual Private Network (VPN):

    • Establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network
    • Site to Site VPN: connect (encrypted) on premises VPN to AWS. Over the public internet
    • AWS Managed VPN: Tunnels from VPC to on premises
    • VPN Gateway: connect one VPC to customer network
    • Customer Gateway: installed in customer network
    • Client VPN: connect to your computer using OpenVPN. Connect to EC2 instance over a private IP.

    Direct Connect (DX): physical connection (private) between on premises and AWS. No public internet. The company should use AWS Transit Gateway (connect VPC and on-primise network through a central hub - acts like a cloud router)

    Route 53: Global Managed DNS. Helth check. Reliability and cost-effective way to route end users. Weighted routing policy is used to route traffic to multiple resources (associated with a single domain/subdomain) and to choose how much traffic is routed to each resource. It can be used, e.g, for load balancing purpose. It is a hybrid architecture.

    Aditional References:

  • DigitalCloud Summary</li>
  • (DigitalCloud) AWS Content Delivery and DNS Services


    • AWS compute services

    Amazon EC2 (Elastic Compute Cloud):

    • IaaS (Infrastructure as a service)
    • It can run virtual server instances in the cloud
    • Each instance can run Windows/Linux/MacOS
    • It can storing data (EBS/EFS), distributing load (ELB), scaling services (ASG)
    • It's possible to run commands when the machine starts (EC2 User data scripts): install updates, softwares, etc. Those scripts run with root user.
    • Instance metadata is information about the instance. User data and metadata are not encrypted. The metadata is available at http://169.254.169.254/latest/meta-data
    • When the instance is stopped and started again the public IP will change. The private IP not change.
    • If you have a legacy, the EC2 instance is a good solution to migrate to cloud that is right-sized (right amount of resources for the application)
    • Shared Responsability
      • AWS: Infrastructure (global network security), Isolation on physical hosts, Replacing hoardware, Compliance Validation
      • Customer: Security Groups rules, OS patches and updates, Software and utilities installed on the EC2 instance, IAM Roles assigned to EC2 and IAM user access management, Data security on your instance.

    Amazon EC2 Spot Instances

    • Let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and test & development workloads.
    • Useful for workloads resilient to failure (batch, data analysis, Image processing, distributed workload). However, it is not suitable for critical jobs or databases.
    • Useful when workload is not immediate and can be stopped for a moment and continue from that point after

    Amazon AMI (Amazon Machine Image)

    • Launch EC2 one or more pre-configured instance
    • It can be customized
    • it is build for a specific region. The AMI must be in the same region as that of the EC2 instance to be launched; but can be copied to another one where want to create another instance.
    • An EBS snapshot is created when an AMI is builded

    EC2 Image Builder

    • It creates Virtual Machine or container images
    • Automate the creation, maintain, validate and test EC2 AMIs
    • The execution can be scheduled and after the process the AMI can be distributed (multiple regions)

    Amazon Lambda

    • FaaS
    • Virtual functions
    • Serverless
    • Run on-demand
    • Scaling automatically
    • Event-driven
    • Can be monitoring through CloudWatch
    • Integrated with Load balancer (ELB)
    • Pricing: Pay per call (request) and duration (time of execution)

    Docker

    • Amazon ECS (Elastic Container Service)
      • Launch Docker containers on AWS (inside the EC2 instance)
      • It has integration with ALB (Application Load Balancer)
      • A ECS cluster can have ECS Container instances in different AZ
      • It is not fully managed service and the customer can manage the underlying servers.
      • Shared responsibility
        • AWS start and stop the containers
        • Customer has to provision and maintain the infrastructure (EC2 instance).
    • Fargate
      • Launch Docker container on AWS.
      • Serverless
      • Works with ECS and EKS
      • Charged for running tasks
      • No EFS and EBS integrations
      • Shared responsibility
        • AWS: Automatically provision resources. AWS runs the containers for the customer.
        • The customer don't need provision the infrastructure.
      • Pricing: pay for vCPU and memory allocated
    • ECR - Elastic Container Registry
      • Private Docker Registry
      • Store customer docker images to be runned by ECS or Fargate

    EBL - Elastic Load Balancer

    • Servers that handle the traffic and distribute it across, e.g., EC2 instance, containers and IP address. Single AZ or Multiple AZ.
    • It has only one point of access (DNS).
    • Single Region
    • Benefits: High availability across zones, automatic scaling and Fault Tolerance.
    • Types:
      • ALB (Application Load Babancer): HTTP/S; Static DNS (URL); Layer 7; It is a single point of contact for client. Distributes incoming application traffic across multiple targets in multiple AZ.
      • NLB (Network Load Balancer): high performance/low latency (TCP/UDP); static IP throught Elastic IP; layer 4. It distributes traffic.
      • GLB (Gateway Load Balancer): route traffic to firewalls managing in EC2 instance (Layer 3); Classic Load Balancer (Layer 4 and 7)
    • Shared responsibility: AWS is responsable to keep it working, upgrade, maintain, and provide only few configurations.

    Aditional References:

  • DigitalCloud Summary
  • Instance Types
  • Scheduled scaling for Amazon EC2 Auto Scaling
  • Right Sizing
  • Instance Types - Vantage


    • AWS Storage Services

    There are three categories to storage services:

    • File storage: storage files in a hierarchy
    • block storage: storage in a fixed sze blocks. Any change only a block is changed
    • object storage: storage as a object. Any change then all the opject is changed

    S3 - Amazon Simple Storage Service

    • Object store and global file system.
    • Used to store any files until 5TB without limits in buckets (directories/containers)
    • These objects have a key.
    • You can have version of the objects (bucket level)
    • Virtually unlimited amount of online highly durable object storage.
    • Each bucket is inside of a region
    • Classes:
      • Standard: frequently accessed
      • Standard-IA: infrequently accessed but require rapid access. Low per GB storage price and per GB retrieval fee
      • Intelligent-Tiering: optimize costs by automatically moving data to the most cost-effective access tier, without performance impact or operational overhead. One tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. More expensive than Standard-IA.
      • One Zone-IA: lower cost
      • Glacier: archived data; pay for what you need. Read and write
      • Glacier Deep Archive: lower cost for long term retention. Also can be used to backup and disaster recovery. Retrieval time of 12-48 hours. Financial Service, Health care and Public sectors.
    • Features: Transfer acceleration (CloudFront), Requester payes, Events (SNS, SQS, Lambda), Static website hosting, Encryptation, Replication (Cross-Region Replication - CRR; Same-Region Replication - SRR)
    • Write-once-read-many (WORM) - prevention of deletion or overwritten
    • Use cases: backup, disaster recovery, archive, application hosting, media hosting, Software delivery, static website
    • Security: User-Based (IAM Policies), Resource-Based (Bucket Polices), Object/Bucket Access Control List (ACL), Encryptation
    • Shared Responsibility
      • AWS: Infrastructure (global security, durability, availability), Configuration and vulnerability analysis, Compliance validation, AWS employees can't not access the customer data, separation between customers
      • Customer: version, bucket policies, replication, logging and monitoring, storage class, data encryptation, IAM user and roles
    • Pricing: Depends the storage class; storage quantity; number of request; transition request; data transfer.

    EBS - Amazon Elastic Block Store (Amazon EBS)

    • EBS Volume: attached to one instance.
    • The EBS volumes not need to be attached to an instance.
    • The EBS volumes cannot be accessed simultaneously by multiple EC2 instance (only with constrains)
    • Attach a volume to multiple instances with Amazon EBS Multi-Attach: Same AZ, only to SSD volume, allowed only in some regions, and others restrictions
    • It allows the instance to persist data even after termination, however, Root EBS volumes are deleted on termination by default
    • It can be mounted to one instance at a time and can be attached and detached from EC2 instance to another quickly. However it is locked to an AZ. To move to another AZ is necessary to create a snapshot and it can be copy across AZ or Region.
    • A snapshot is a backup of the EBS Volume at a point in time. The snapshots are stored on Amazon S3 and they are incremental. EBS Snapshot features are EBS Snapshot Archive and Recycle Bin for EBS Snapshot. The process with snapshots (creating, deletion, updates) can be automated with DLM (Data Lifecycle Manager).
    • It has a limited performance.
    • Pricing: Volumes type (performance); storage volume in GB per month provisioned; Snapshots (data storage per month); Data Transfer (OUT)

    EC2 Instance Store is an alternative to EBS with a high-performance hardware disk, better I/O performance. However, it lose their storage when they stop. So, the best scenarios to be used are, e.g, buffer, cache, temporary content.

    EFS - Amazon Elastic File System

    • Shared File storage service for use with EC2.
    • Managed NFS and works with Linux instance in multi-AZ. It is considered highly available, scalable, expensive, pay per use.
    • Different AZ can share the same EFS.
    • EFS Infrequent Access (EFS-IA) is a storage class that is cost-optimized for files not accessed and has lower cost than EFS standard. It is based on the last access. You can use a policy to move a file from EFS Stanrd to EFS-IA.

    Storage Gateway

    • It is a hybrid cloud storage service: a bridge between on-premise data and cloud data in S3.
    • Simplify storage management and reduce costs for key hybrid cloud storage use cases
    • Virtually unlimited cloud storage
    • Cannot be used to data archival
    • Types: File Gateway, Volume Gateway and Tape Gateway
    • Ex: moving backups to the cloud, low latency access, disaster recovery

    Amazon FSx for Windows File Server provides fully managed Microsoft Windows file servers, backed by a fully native Windows file system. Amazon FSx supports a broad set of enterprise Windows workloads with fully managed file storage built on Microsoft Windows Server. Amazon FSx has native support for Windows file system features and for the industry-standard Server Message Block (SMB) protocol to access file storage over a network

    Aditional References:

  • DigitalCloud Summary
  • Best Practices: Root Device Storage for Instances
  • Bucket policies and user policies


    • AWS database services

    It's possible to install database in EC2 instance. It can be necessary when is needed full control over instance and database; and using a third-party database engine

    RDS - Amazon Relational Database Service

    • Use EC2 instance
    • Benefits to deploy database on RDS instead EC2: hardware provision, database setup, Automated backup and software patching. It reduce the database administration tasks. There is no need to manage OS
    • Aurora, MySQL and PostgreSQL compatible
    • It's possible encrypt the RDS instances using AWS Key Management Service (KMS) and snapshot
    • Sales up by increaing instance size (compute and storage)
    • Replics is only to ready. It improves database scalability.
    • It can use Auto scaling to add replicas
    • Serveless
    • You can't use SSH to access instances.
    • It is suited for OLTP workloads
    • Shared Responsibility
      • AWS: Manage the underlyning EC2 instance, disable ssh access; Automated DB and OS patching, guarantee the hardware
      • Consutmer: Check ports, IP, Security groups inbound rules; users and permissions for database; create database (public/private access); config DB to only allow SSL connection; database encryptation setting; createing schema (table, indexes,etc), Schema Optimization.
    • Pricing: Depends the Clock hours of server uptime; Database characteristics (size, mem); Database purchase type (on demand, reserved instance); Number of database instances; Provisioned storage; Additional storage; Requests; Deployment type; Data transfer (OUT); Reserved Instances.

    Aurora

    • Relational DB from AWS fully managed.
    • Faster, auto-scales (up 128 TB), automatic backup enabled
    • Compatible with MySQL, PostgreSQL, Oracle, Microsoft SQL Server
    • You can also deploy replics for read scaling within and across Regions

    Amazon ElastiCache

    • Manage Mem cached
    • Service that adds caching layers on top of your databases
    • In-Memory databases with high performance and low latency (under a millisecond)
    • Shared Responsibility: AWS takes care of OS maintenance / patching, optimizations, setup, configuration, monitoring, failure recovery and backups

    Amazon DynamoDB

    • Highly available with replication across 3 AZ.
    • Multi-Region replication. Ative-Active with cross region support. The global tables replicate data automatically across the customer choise of regions
    • NoSQL database
    • Distributed serverless database
    • Hight performance
    • Low latency retrieval
    • Integrated with IAM for security, authorization and administration
    • Low cost and auto scaling
    • Horizontal Scaling
    • Standard and IA (Infrequent Access) Table class
    • DynamoDB Accelarator (DAX) is fully managed in memory cache, the performance is improved, highly scalable and available. Only used with DynamoDB
    • Considering a point-in-time recovery (PITR)(continuous backup) for DynamoDB, the customer is responsible to configure (turn on) and AWS is responsible for the backup. Amazon RDS database instance can be restored to a specific point in time with a granularity of 5 minutes
    • Pricing: throughput; Indexed data storage; Data tranfer; Global tables; reserved capacity; On-demand capacity mode; Provisioned capacity mode

    Amazon Redshift

    • Based on PostgreSQL (but not OLTP)
    • Relational database for a analytic purpose
    • OLAP - online analytical processing (analytics and data warehouseing)
    • Parallel Query
    • Run SQL against data warehouse
    • Redshift Spectrum run queries against Amazon S3 without loading the data from Amazon S3 into data warehousing solution
    • Pricing: Pay as you go
    • BI tools: AWS Quicksight or Tableau

    Amazon Glue

    • extract, transform, and load (ETL) service
    • serverless service
    • prepare and load their data for analytics
    • The AWS Glue Data Catalog is a central repository to store structural and operational metadata for all your data assets.

    Amazon EMR (Elastic MapReduce)

    • Helps to create Hadoop clusters (Big Data)
    • Take care of all the provisioning and configuration
    • Auto Scaling
    • Ex: machine learn and big data

    DocumentDB: Implementation of MongoDB, Ex: User profile.

    QLDB(Quantum Ledger Database): Fully managed graph database; no decentralization component; immutable ledger database. Ex: review a complete history of all the changes

    Managed Blockchain: create and manage blockchain networks with open-source frameworks

    Analyses

      Neptune: Fully managed graph database. Good to app with highly connected datasets, as fraud detection and knowledge grapns</li>
    • QuickSight: scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service
    • Athena: Analyze data in S3 using SQL; it is serverless (no infrastructure to manage); Pricing: you pay only for the queries that you run. Ex: BI, analytics, reporting

    Aditional References:

  • DigitalCloud Summary
  • Amazon EMR features
  • AwS Database


    • Others Services

    Amazon Batch

    • Fully managed batch process
    • Batch will dynamically launch EC2 instances or Spot instances
    • AWS provisions the compute and memory. Customer only need submit or schedule the batch job.
    • Batch jobs are defines as Docker images and run on ECS

    Amazon CloudFormation

    • declarative way of outlining your AWS Infrastructure, for any resources
    • It uses template to create the stack (security group, EC2 instancesm S3 bucket, ELB, etc)
    • Infrastructure as a Code (IaaC)
    • Productivity: fast to destroy and re-create an infrastructure
    • Automated generation of diagrams
    • Declarative programming
    • Free to use
    • JSON/YAML

    AWS Cloud Development Kit (CDK)

    • Open-source software development framework.
    • Define your cloud infrastructure using a familiar language.
    • The code is compiled into a CloudFormation template
    • Provisions the resources using CloudFormation

    AWS Elastic Beantalk

    • Integrate with VPC and IAM
    • ZIP, WAR, Git
    • Plataform as a Service (PaaS)
    • Wasy-to-use service for deploying (on EC2) and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
    • Shared Responsibility
      • Aws: performe the deployment strategy, OS, capacity, load balancing, auto-scaling, health-monitoring and responsiveness
      • Customer: deployment strategy configuration, application code
    • Pricing: Free but you pay for the underlying instances

    AWS CodeDeploy

    • Deploy automatically
    • Works with EC2 instanes, On-Premises servers
    • CodeDeploy Agent is responsable to provision and configure Servers and Instances

    AWS CodeCommit: Same of Git technology

    AWS CodePipeline: Orchestrate the steps until production

    AWS CodeStar: UI to manage Software Development activities.

    AWS Cloud9: Cloud IDE

    AWS CodeBuild

    • Compile code, run tests and packaged to be deployed by CodeDeploy
    • Pay-as-you-go pricing. Pay for build time
    • Like Jenkins

    AWS CodeArtifact

    • Artifacts: dependencies
    • It is an artifact management
    • Like maven, gradle, npm, yarn
    • Developers and CodeBuild retrieve the dependencies using it.

    AWS Systems Manager (SSM) Session Manager

    • Provides an operations console and APIs for centralized application and resource management in hybrid environments
    • A hybrid service that manage EC2 and OnPremises system at scale
    • Operations insights about state of infrastructe.
    • Provides interactive browser-based shell and CLI experience
    • Run commands and apply patches on EC2 instance
    • Manage the OS and Database patches
    • Provide secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, and manage SSH keys
    • Centralize operational data from multiple AWS services, automate tasks, create logical groups of resources
    • Track and resolve operational issues across your AWS applications and resources from a central place

    AWS OpsWorks

    • Like Chef and Puppet - perform server configuration automatically.
    • Alternative to SSM

    Amazon API Gateway: Fully managed service for developers, Serverless and scalable, Restful and WeSocket

    Amazon LightSail: Low cost, easy, preconfigured virtual servers, good to beginners. However, it not possible to deploy a scalable node.js application into a VPC

    Amazon WorkSpaces: Managed Desktop as a Service (DaaS). Integrated with KMS. Pay-as-you-go.

    Amazon AppStream: Desktop Application Streaming Service (web browser)

    AWS IoT: connect devices to the cloud

    Amazon Elastic Transcoder: convert media files in S3 into different formats of media files

    AWS AppSync: store and sync data between mobile and web app

    AWS Amplify: develop and deploy scalable full stack web and mobile application

    AWS Devise Farm: service to test web application and mobile

    AWS Backup: set on demand and scheduled backups. Cross-Region/Cros-Account backups

    AWS Elastic Disaster Recovery(DRS): recover physical, virtual and cloud-based servers into AWS

    AWS DataSync: Move large amount of data from on-premises to AWS

    AWS Application Discovery Service: Move large amount of data from on-premises to AWS

    AWS Fault Inject Simulator (FIS): based on chaos engineering. stressing test.

    AWS Step Functions: workflow to lambda function.

    AWS Ground Station: control satellite communication

    AWS Pinpoint: marketing communication service (email, sms, voice)

    Amazon Elastic Container Service for Kubernetes (EKS)

    Aditional References:

  • DigitalCloud Summary
  • Tools to Build on AWS
  • AWS Data Pipeline
  • Amazon OpenSearch Service Features


    • Migration

    AWS Cloud Adoption Framework (AWS CAF) AWS experience and best practices to help migrate your business outcomes through innovative use of AWS. Perspective: Business, People, Governance, Platform, Security and Operations.

    Strategy:

    • Rehosting: moving applications without changes (lift-and-shift)
    • Replatforming: few cloud optimizations to realize a tangible benefit(lift, tinker, and shift)
    • Refactoring/re-architecting: reimagining how an application is architected and developed by using cloud-native features
    • Repurchasing: moving from a traditional license to a software-as-a-service model
    • Retaining: keeping applications that are critical for the business in the source environment
    • Retiring: removing applications that are no longer needed

    DMS (Database Migration Service): Migrate to AWS. With this is possible do continuous replication (ex: send to data warehouse)

    AWS Migration Hub: single location to track the progress of application migrations

    AWS Server Migration Service (SMS) is a fast agentless service easy to migrate thousands of on-premises workloads to AWS

    AWS Application Migration Service (MGN): Migrating to native AWS

    Snow Family

    • Highly-secure, portable devices to collect and process data at the edge, and migrate data into and out of AWS
    • Data migration:
      • Snowcone: less size of storage, it is a small device, send data to AWS offline or using AWS DataSync
      • Snowball Edge (Storage Optimized (80TB) /Compute Optimized (42TB)): data transfer throught the network, pay per data transfer job (Ex: disaster revovery), can have Storage Clustering (up to 15 nodes.) EC2 does this natively support. EC2 compute instance can be hosted on a Snowball.
      • Snowmobile: More capacity (100PB - exabytes), high security
    • Edge computing: Snowcone, Snowball Edge. Process data while it's being create on an edge location (Ex: process data, machine learning, transcoding media streams)
    • OpsHub manage Snow Family device.
    • Snowball Pricing: per data transfer job

    AWS Application Discovery Service helps you plan your migration to the AWS cloud by collecting usage and configuration data about your on-premises servers.



    Security

    Users are accounts without permissions by default. They are create with NO access to any AWS services, only login to the AWS console. They log in using user name and password. They can change some configurations or delete resources in your AWS account.

    Groups are a way to organize the users (only) and apply policies (permissions) to a collection of users in the same time. A user can belong to multiple groups. Only users and cannot be nested.

    Roles delegate permissions. Roles are assumed by users, applications, and services. It provides temporary security credentials for customer role session

    The policies can be applied to users, groups and roles. It is a document written in JSON. Policy main elements:

    • Version
    • Effect: allow/deny
    • Action: type of action that should be allowed or denied
    • Resource: specifies the object or objects that the policy statement covers
    • Condition: circumstances under which the policy grants permission
    • Principal: account, user, role, or federated user

    AWS Organization is a feature to control many accounts

    • Service Control Policies (SCPs) is in AWS Organization and can control a lot of available permissions in AWS account, but NOT grant permissions.
    • To remove an account from the AWS Organization that should be as standalone

    Access keys are used to programmatic access (API/SDK). It is generated through thr AWS Console

    SSH key is an IAM feature to allow developer to access AWS services through the AWS CLI.

    Identify AWS access management (IAM) capabilities

    • IAM is a Global service used to control the access to AWS resources (authentication/authorization).
    • Root has full permissions and complete access to all AWS services and resource. Actions allowed only to root: change account setting, close account, restore IAM permission, change or cancel AWS support paln, register as a seller, config S3 bucket to enable MFA, edit/delete S3 bucket policies.
    • IAM Security Tool:
      • IAM Credential Report (account-level): account's users and their credential status. Access it by IAM menu Credential Report
      • IAM Access Advisor (user-level): services permissions and last access. Access it by IAM User menu. Using it is possible to identify unnecessary permissions that have been assigned to users.

    Best Practices

    • Use IAM user instead of root user in regular activities
    • Add user into groups
    • Strong password
    • Use MFA
    • Create roles for permissions to AWS services
    • User Access Keys for programmatic access (CLI/SDK)
    • Audit permissions through IAM Credential Reports and IAM Access Advisor
    • Protectect you access key
    • Prefer customer managed policies (managed policies cannot be edited)
    • Use roles for applications that run EC2 and to delegate permissions
    • Rotate credentials
    • Give only credentials that is really needed (Least privilege)

    Security Groups

    • It operates at instance level (can be attached to multiple instances) and are applied to the network security, controlling the traffic into or out of the EC2 instance, acting like a firewall (by default, inbound traffic is blocked and outbound traffic is authorised).
    • It contains only rules and these rules can reference by IP or by security group. They are stateful and locked down to a region/VPC combination.
    • They regulate access to Ports and authorised IP ranges.
    • A good practices is to create a separate security group for SSH access.
    • Tips: errors with time out is a security group issue; error of connection refused can be an application error.

    Shared Responsibility has the customer responsible for security IN the cloud (data, access, authentication, configuration, encryptation, network traffic protection). AWS is responsible for the security OF the cloud, protecting/mnaging all AWS Global infrastructure (Software [compute, storage, database, networking], and hardware [regions, AZ, Edge Locations])

    • EC2 Storage:
      • AWS: Infrastructure, Replication for data for EBS volumes and EFS drives, replacing faulty hardware, Ensuring their emploees cannot access your data.
      • Customer: backups and snapshot procesures, data encryptation, data on the drives, analysis the risk
    • Databases
      • Customer: resiliency, backup, patching, high availability, fault tolerance, scaling, etc.
    • Shared Controls
      • Patch Management, Configuration Management, Awareness and Training

    DDos: Distributed Denial-of-Service

    • AWS Shield Standard: free for every customer, protect websites and applications (SYN/UDP fllds, reflection attacks).
    • AWS Shield Advanced: protection 24/7, optional DDoS migration services; protection on EC2, ELB, CloudFront, GLobal Acceleator, Route 53. Detection and mitigation for network layer (layer 3), transport layer (layer 4) and application layer (layer 7) attacks
    • AWS WAF (Web Application Firewall): filter specific requests based on rules, protection on layer 7 (HTTP), ALB, API Gateway, CloudFront, Define Web ACL (Web Access Control List - protect SQL Injection and Cross-Site Scripting(XSS), rate-based rules). Protecting a website that is hosted outside of AWS (the on-premise IP is added to a target group).
    • Configuring a firewall in front of resources is a good practice to protect against DDoS
    • Mitigate

    Penetration Testing

    • Against customer AWS infrastructure without prior approval, e.g. EC2 instances, NAT Gateway, ELB, RDS, CloudFront, Aurora, API Gateway, Lambda, Beanstalk environment and LightSail resources
    • It cannot: Dos, Port flooding, etc

    Encryptation

    • AWS KMS - Key Management Service
      • Encryptation for Software
      • AWS manage the encryptation keys
      • Sometimes is necessary to encrypt the data in rest(data stored or archived on device) or in transit(being moved from an origin to a destiny throgh network)
      • Encryptation is possible in all storage and database: EBS Volume, S3 bucket, Redshift, RDS, EFS
      • Encryptation is automatically enabled to: CloudTrail Logs, S3 Glacier, Storage Gateway
    • The AWS encryption SDK is a client-side encryption library that is separate from the languageā€“specific SDKs
    • Amazon S3 Managed Keys (SSE-S3) is a server-side encryption where each object is encrypted with a unique key. As an additional safeguard, it encrypts the key itself with a root key that it regularly rotates.
    • Server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) is similar to SSE-S3, but using this service. It provides audit trail.
    • CloudHSM: Hardware Security Module. Encryptation for Hardware; The customer manages the encryptation keys; use HSM device (level 3 compliance)

    CMK - Customer Master Keys

    • AWS managed CMK: create, managed and used on the customers behalf by AWS; used by AWS services
    • Customer Managed CMK: create, manage, use, enable or disable; rotation policy
    • AWS owned CMK: collections of CMKs owned by AWS to use in multiple accounts. The customer cannot see those keys.
    • CloudHSM Keys: created by the device

    ACM - AWS Certificate Manager

    • Customer can provise, manage and deploy SSL/TSL certiticates
    • Provide encryptation for websites (HTTPS)
    • Free charge for TLS certificate
    • Integration with ELB, CloudFront, APIs

    AWS Secrets Manager

    • Storing secrets
    • Rotation of secrets
    • Integration with RDS
    • Secrets encrypted using KMS

    AWS Artifact: Artifact reports (AWS security and compliance document) and Artifact Agreements (AWS agreements). Ex: Service Organization Control (SOC) reports, Payment Card Industry (PCI)

    Amazon GuardDuty: it is an intelligent Threat discovery to protect AWS account. Monitor suspicious activity It uses Machine Learning and check Logs. Identify potential security issues. Analyse CloudTrail events, VPC Flow Logs, etc.

    Amazon Inspector:

    • Automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
    • Inspect running operating systems (OS) against known vulnerabilities
    • Analyze against unintended network accessibility
    • Exposure, vulnerabilities, and deviations from best practices
    • Automated Security Assessments for EC2 instances, Container images, Lambda Functions.
    • Reports and Integration with AWS security Hub
    • Send findings to Amazon Event Bridge.
    • Continous scanning of the infrastructure when it is needed
    • Can use an agent to monitoring
    • Cannot be used to prevent Distributed Denial-of-Service (DDoS) attack

    AWS Config:

    • Enables customer to assess, audit, and evaluate the configurations of their AWS resources.
    • Continuous monitoring.
    • Track all changes in the resources
    • Auditing and recording compliance, configurations
    • Allows automating the evaluation of recorded configurations
    • Per region service; can be aggregated across regions and accounts

    AWS Macie: fully managed data security and data privacy service. It uses machine learning and pattern matching to discover and protect customers sensitive data in AWS. Identify potential security issues.

    AWS Security Hub: Central Security Hub. For AWS Account. Automate security Checks. Create a dashboard. Identify potential security issues.

    AWS Detective: deep analyses to isolate the root cause of the security issues or suspicious activities (ML/graphs)

    AWS Abuse: Report suspected AWS resources used for abusive or illegal purposes (spam, port scanning, DoS, DDoS, etc)

    AWS STS - Security Token Service: temporary (short-term credentials), limited privileges credentials

    AWS Cognito - Alternative to IAM. Identity for your Web and Mobile applications users (sign-up/sign-in; social identity like Facebook)

    AWS Directory Service: AWS Managed Microsoft Active Directory (Database of objects (user, accounts, computers, etc). Centralized security management)

    AWS IAM Identify Center: One loging like SSO.

    AWS IAM Access Analyzer: identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk.

    Aditional References:

  • (DigitalCloud) Summary
  • (DigitalCloud) AWS Cloud Management Services
  • AWS Cloud Security
  • AWS WAF features


    • Machine Learning

    Amazon Rekognition: find objects, people, text in images and videos. Create "familiar faces" database or compare against celebrities.

    Amazon Transcribe: Convert speech to text.(deep learning process. Automatically remove Personal Identifiable Information (PII)

    Amazon Polly: Turn text into lifelike speech. Deep learning.

    Amazon Translate: Natural and accurate language translation

    Amazon Lex: Automatic Speech Recognition (ASR) - speech to text (chatbots, call center bots)

    Amazon Connect: receive calls, create contact flows

    Amazon Comprehend: Natural Language Processing (NLP), serverless service; analyses and organize text; identify positive/negative experience

    Amazon SageMaker: service for build, train and deploy machine models.

    Amazon Forecast: predict future sales, reduce forecasting time. Ex. Financial planning.

    Amazon Kendra: document search service. Extract answers from docs. Natural Language search.

    Amazon Personalize: build apps with real-time personalized recommendation

    Amazon Texttract: automatically extract text, handwriting and data from documents using AI and ML.



    Billing and Pricing

    Notes:

    • AWS: Operational expenses (OpEx): Pay as you go, tax deductible in same year
    • Traditional: capital expenses (CapEx): Purchase server, tax deductible over depreciation lifetime
    • Cloud: Trade CapEx for OpEx
    • AWS Total Cost of Ownership (TCO) comparing with in-premises TCO: include labor costs for activities that will be reduced or eliminated.
    • Free services: IAM, VPC, Consolidated Billing (one bill, easy tracking, combined usege, no extra fee). Elastic Beantalk, CloudFormation and Auto Scaling Group are payed for created resources
    • Free Tiers:
      • Always free: DynamoDB, Lambda, SNS, SQS, ClaudWatch, CloudFront, Cognito, CodeXXX, Glue, Storage Gateway, X-Ray, CloudTrail, Service Catalog, CloudFormation, Control Tower, AWS Organization
      • 12 months free: EC2, S3, RDS, API Gateway, EFS, EBS, ELB, ElastiCache, Lex, Polly, Rekognition, Transcribe, Translate, Amazon MQ, IoT, OpsWork, AppSync
      • Trials: ECS, SageMaker, Redshift, AppStram, Lightsail, Comprehend Medical, Inspector, QuickSight, Macie, GuardDuty, Detective, Secrets Manager, DocumentDB, Neptune

    Pricing Models

    • Pay-as-you-go pricing: Pay for compute time; for data stored in cloud; for data transfer OUT of the cloud (Massive economies of scale)
    • Save when you reserve: up to 75%. The more you pay upfront the greater the discount
    • Pay less by using more: valume-based discount
    • Pay less as AWS grows

    EC2 Pricing: the price for it depends the instance (number, type), load balance, IP adreess, etc.

    • On-Demand: short workload, predictable pricing, billing per second/hour, pay for what you use, no long-term commitment, highest cost, no discount. Best use to short-term and un-interrupted worloads.
    • Reservations (1-3 years): predicted workload. various services like Ec2, DynamoDB, ElastiCache, RDS and RedShift. Discount up 72%.
      • Reserved instances (RI): long workloads; has a big discount and has as scope Regional or Zonal. Indicated for steady-state usage application. It cannot be interrupted.
      • Convertible Reserved Instances long workload with flexible instances; gives a big discount. This model change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value
    • EC2 Savings Plain: reduce compute cost based on long term (1-3y). Locked to a specific instance family and region. Lot of flexibility (EC2, Fargate, Lambda). No Upfront or Partial Upfront or All Upfront Payments
    • Spot Instance: High discount (up to 90%). It is the most cost-efficient instanves in AWS.
    • Dedicated host (single customer, your VPC): physical server with EC2 instance dedicated, can use your own licenses. It can be purchasing On-Demand or Reserved. It is the most expensive.
    • Dedicated Instance: single customer, isolated hardware dedicated to your application, but this hardware can be shared with other instances in the same account.</b>
    • Minimum charge: one-minute for Linux based EC2 instances.

    AWS Organization

    • provides volume discounts or EC2 and S3 aggregated across the member AWS account.
    • Consolidate billing: bill for multiple accounts and volume discounts as usage in all accounts is combined, easy to tracking or charges across accounts, combined usege across accounts and sharing of volume pricing discounts, reserved instance discounts and saving plans.

    Costing Tools:

    • Pricing calculator: Estimating costs
    • Tools for Tracking cost:
      • Billing dashboard
      • Cost Allocation Tags: Tracking cost. Tags are used to organized resources.
      • Cost and Usage Reports: set of cost and usage data available - can publish the reports to S3. Tracking cost
      • Cost Explorer: Tracking costs. Visualize data as graph, understand, and manage your AWS costs and usage over time. Future cost projection. Filter by Region, AZ, tags etc.
    • Billing Alarms and Budgets: Monitoring against cost plans. The AWS Budget allows companies to track and categorize spending on a detailed level.
    • AWS Cost Anomaly Detection: Continuously monitor your cost and usage using ML to detect unusual spends
    • AWS Service Quotas: Notify when a service is close of the quota (maximum value for the resources, actions and item in account) value is achieved
    • AWS Trust Advisor: Analyse account and provide real-time best practices recommentation (Cost, performance, Security, Falt tolerance and Service limits). Ex: Checks security groups for rules that allow unrestrictec access to specific port.
    • AWS Control Tower: set up and govern a secure and compliant multi-account AWS environment. Monitor compliance through a dashboard. It run on top of AWS Organization
    • AWS Compute Optimizer: Reduce costs and improve performance. Use ML. Helps the customer to choose optimal configuration and right size workload, including the CPU utilization and memory utilization. It delivers recommentations to EC2 instance, EC2 Scaling groups, EBS volumes and AWS lambda functions.

    AWS Service Catalog: stacks of authorized products

    Aditional References

  • DigitalCloud Summary
  • Using AWS cost allocation tags
  • Cloud Financial Management with AWS


    • AWS Architecture and Ecosystem

    AWS Well-Architectured Framework helps to build secure, high-performing, resilient, and efficient infrastructure

    AWS Best Practices - Design Principles

    • Scalability (vertical and horizontal)
    • Disposable Resources
    • Automation (serverless, IaaS,etc)
    • Loose Coupling
    • Services not Server
    • Design for failure -> Distributing workloads across multiple Availability Zones
    • Provision capacity for peak load

    Principles

    • Stop guessing the capacity needs
    • Test systems at production scale
    • Automate
    • Evolutionary architecture
    • Drive architecture using data
    • Simulate applications for flash sale days

    Pillars:

    • Operational Excellence: run and monitor system
      • Design Principles: IaaC annotate doc; frequent, small, reversible changes; refine operations; anticipate failure; learn with failures
      • Best Practices: creates, use procedures and validate; collect metrics; continuous change
    • Security: protect information, systems and assets
      • Design Principles: strong identity foundation; traceability; apply at all layers; automate; protect data in transit and at rest; keep people away from data; prepare for security events
      • Best Practice: control who do what; identify incidents; maintain confidentiality and integrity of data
    • Reliability: system recover from infra or service disruptions
      • Design Principles: test recovery procedures; automatically recover from failure; scale horizontally; stop guessing capacity; manage change in automation
      • Best Practices: Foundations, Change Management, Failure Management
      • Foundation Services: Amazon VPC, AWS Service Quotas; AWS Trust Advisor
      • Change management: CloudWatch, CloudTrail, AWS Config
    • Performance Efficiency: use compute resources efficiently
      • Design Principles: democratize advanced technology; go global in minutes; experiment more often; Mechanical sympathy
      • Best practices: Data-driven approach; review the choices;make trade-offs;
    • Cost Optimization: run system to delivery value at the loest price
      • Design Principles: adopt a consumption mode, measure overall efficinecy; stop spending money on data center operations; analyze and attribute expenditure; use managed and application level services to reduce cost
      • Best Practices: using the appropriate services, resources, and configurations for the specific workloads
    • Sustainability (shared responsibility): minimizing the environmental impacts of running cloud workloads
      • Design Principles: understand impacts; establish sustainability goals; maximize utilization; anticipate and adopt new solutions; use managed services; reduce downstream impact

    Aditional References

  • DigitalCloud Summary
  • AWS Well-Architected
  • The 6 Pillars of the AWS Well-Architected Framework


    • Supports

    Security-related actions are available at no cost:

    • AWS Blogs
    • AWS Forums
    • AWS Whitepapers
    • AWS Partner Solutions (formerly Quick Starts): Partner Solutions are built by Amazon Web Services (AWS) solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability

    APN Consulting Partner: The AWS Partner Network (APN) is the global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers. So, if a company does not have expertise in-house and need to design and build a new workload on AWS Cloud, this program can be the ideal.

    APN Technology Partner provide hardware, connectivity services, or software solutions that are either hosted on or integrated with, the AWS Cloud. It does not help a migration process.

    AWS Professional Services assistis customers with accelerating cloud adoption through paid engagements in any speciality area. It can help on migration.

    AWS Managed Services (AMS): Provides infrastructure and application support on AWS; AMS business hours are 24/365; it takes care of underlyning instance or compute and therefore patching and hardening. It helps you adopt AWS at scale and operate more efficiently and securely. We leverage standard AWS services and offer guidance and execution of operational best practices with specialized automations, skills, and experience that are contextual to your environment and applications. You can easily leave a lot of the heavy lifting to AWS when you are using managed services

    AWS Marketplace is a digital catalog list of software that runs on AWS. It can be sell as Image (AMI) or SaaS.

    AWS Support Plans

      AWS Basic Support
    • Customer Service & Communities - 24x7
    • Documentation, Whitepapers, Support Forums
    • Core checks from the AWS Trusted Advisor Best Practice Checks
    • AWS Personal Health Dashboard
      AWS Developer Support
    • The same of the Basic
    • Email access to customer Support: 24 hour response time on any question and 12 hours if the customer system is impaired
    • When: testing or doing early development on AWS
    • Best practices guidance
    • Building-block architecture support
    • Client side diagnotic tool
      AWS Business Support
    • The same of the Basic and Developer
    • When: you have production workloads on AWS
    • 24x7 phone, email, and chat access to Cloud Support Engineers
    • Production system impaired: < 4 hours
    • Production system down: < 1 hour
    • Full access to AWS Trusted Advisor Best Practice Checks.
    • AWS Health API
    • Guidance, configuration and troubleshooting of AWS interoperability with third-party software
      AWS Enterprise Support
    • The same of Basic, Developer and Business
    • Technical Account Manager (TAM)
    • Concierge Support Team for billing and account best practices. Experts that specialize in working with enterprise accounts. Focus on help customer achieve their outcomes.
    • Business-critical system down: < 15 minutes (15 minutes SLA for business critical workload)
    • Online training with self-paced labs
    • 24/7 technical support
    • Consultative Architectural guidance
      AWS Enterprise On-Ramp Support
    • When: you have production/business critical workloads in AWS
    • Business-critical system down: < 30 minutes
    • Expert guidance to grow and optimize in the Cloud.
    • Workshop to cost optimization


    Some Shots

    Computing Service: Batch, EC2, EC2 Image Builder, Elastic Beanstalk, Lambda, Lightsail, AWS Outspots, Serverless Application Repository, AWS SimSpace Weaver, AWS App Runner

    Serverless:

    • Compute: Lambda (Infra), Fargate
    • Application Integration: EventBridge, Step Function (orchestration), SQS, SNS, API Gateway (Infra), AppSync
    • Data Store: S3, EFS, DynamoDB, RDS, Aurora, Redshift, Neptune, OpenSearch

    Aditionally types there are:

    • FaaS (Function as a Service): Lambda.
    • DaaS (Desktop as a Service): Amazon WorkSpace.

    Hybrid: Storage Gateway, Outspots, SSM, Route 53, Virtual Private Gateway

    Audit: CloudWatch, CloudTrail, SSE-KMS, AWS Config

    Encryptation: AZ traffic (Default), CloudTrail (default), Site-To-Site VPN (default), all storage (RDS, S3, EBS, Redshift, EFS)



    Conclusion

    The exam is not a big deal; however, there are a lot of services to remember what they mean. Generally, the exam will test you not so deeply but to see if you know what the services are and have a basic idea of where to use them.

    The courses I added here I consider complementary, so I recommend doing both. After that, do a lot of simulations. The simulation will help you understand what the exam is really trying to test you on.

    Good luck!