首页  思维导图  详情

AWS Practitioner Exam

2025-04-18 15:33:41   1  举报





AI智能生成

AWS CLF-C02

AWS CCP

作者其他创作

大纲/内容

Cloud Concepts

AWS Cloud and its value proposition

Advantages

Pay as you go

Benefit from massive economies of scale

AWS aggregates usage from hundreds of thousands of customers in the cloud, which leads to higher economies of scale. This translates into lower pay-as-you-go prices.

Stop guessing capacity

When you make a capacity decision prior to deploying an application, you often end up either sitting on expensive idle resources or dealing with limited capacity. With cloud computing, you can access as much or as little capacity as you need, and scale up and down as required with only a few minutes notice.

Increase speed and agility

IT resources are only a click away, which means that you reduce the time to make resources available to your developers from weeks to minutes. This dramatically increases agility for the organization, because the cost and time it takes to experiment and develop is significantly lower.

Realize cost savings

Companies can focus on projects that differentiate their business instead of maintaining data centers. With cloud computing, you can focus on your customers, rather than on the heavy lifting of racking, stacking, and powering physical infrastructure.

Go global in minutes

Applications can be deployed in multiple Regions around the world with a few clicks. This means that you can provide lower latency and a better experience for your customers at a minimal cost.

Concept

Cloud computing is the on-demand delivery of compute power, database, storage, applications, and other IT resources through a cloud services platform through the internet with pay-as-you-go pricing.

How the AWS cloud allows users to focus on business value

Shifting technical resources to revenue-generating activities as opposed to managing
infrastructure

Security and Compliance

AWS shared responsibility model

AWS responsibility “Security of the Cloud”

AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

Customer responsibility “Security in the Cloud”

Inherited Controls

Physical and Environmental controls

Shared Controls

Patch Management

AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.

Configuration Management

AWS maintains the configuration of its infrastructure devices
Customer is responsible for configuring their own guest operating systems, databases, and applications.

Awareness & Training

AWS trains AWS employees, but a customer must train their own employees.

AWS Cloud security and compliance concepts

AWS Cloud Compliance

Helps you understand the robust controls in place at AWS for security and data protection in the cloud

Security

Benefits of AWS security

Keep Your data safe — The AWS infrastructure puts strong safeguards in place to help protect your privacy. All data is stored in highly secure AWS data centers.
Meet compliance requirements — AWS manages dozens of compliance programs in its infrastructure. This means that segments of your compliance have already been completed.
Save money: —Cut costs by using AWS data centers. Maintain the highest standard of security without having to manage your own facility
Scale quickly — Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.

AWS Artifact

Provides on-demand access to select security reports, compliance reports, and agreements with AWS.

Use cases

Understand AWS security and compliance posture

Manage select online agreements at scale

Assess third-party security and compliance

AWS Audit Manager

Helps continually audit your AWS usage to simplify how you manage risk and compliance with regulations and industry standards

AWS Certificate Manager(ACM)

Use AWS Certificate Manager (ACM) to provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources.

ACM removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates.

AWS CloudHSM

Is a cryptographic service for creating and maintaining hardware security modules (HSMs) in your AWS environment

Provides total access management control and protection for your encryption keys with secure and compliant hardware security modules (HSMs).

Amazon Cognito

Is an identity platform for web and mobile apps

It’s a user directory, an authentication server, and an authorization service for OAuth 2.0 access tokens and AWS credentials.

Can authenticate and authorize users from the built-in user directory, from your enterprise directory, and from consumer identity providers like Google and Facebook.

Amazon Detective

Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities

Detective automatically collects log data from your AWS resources. It then uses machine learning, statistical analysis, and graph theory to help you visualize and conduct faster and more efficient security investigations.

AWS Directory Service

Provides multiple ways to use Microsoft Active Directory (AD) with other AWS services.

AWS Directory Service provides multiple directory choices for customers who want to use existing Microsoft AD or Lightweight Directory Access Protocol (LDAP)–aware applications in the cloud.

AWS Firewall Manager

AWS Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced, Amazon VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall.

With Firewall Manager, you set up your protections just once and the service automatically applies them across your accounts and resources, even as you add new accounts and resources.

AWS Identity and Access Management(IAM)

Is a web service that helps you securely control access to AWS resources.

Centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

AWS IAM Identity Center(AWS Single Sign On)

Centrally manage workforce access to multiple AWS accounts and applications

AWS Key Management Service(AWS KMS)

Create and control keys used to encrypt or digitally sign your data

Amazon Macie

Is a data security service that uses machine learning (ML) and pattern matching to discover and help protect your sensitive data.

AWS Network Firewall

Is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you create in Amazon Virtual Private Cloud (Amazon VPC).

AWS Resource Access Management(AWS RAM)

Helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs), and with AWS Identity and Access Management (IAM) roles and users for supported resource types.

AWS Secrets Manager

Centrally manage the lifecycle of secrets

AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles. Many AWS services store and use secrets in Secrets Manager.

AWS Security Hub

Is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation.

Provides you with a comprehensive view of your security state within AWS and your compliance with security standards and best practices.

AWS Shield

Is a managed DDoS protection service that safeguards applications running on AWS.

AWS WAF

Is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.

Amazon GuardDuty

Is a threat detection service that monitors for malicious activity and anomalous behavior to protect AWS accounts, workloads, and data.

Continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, Amazon Elastic Compute Cloud (EC2) workloads, container applications, Amazon Aurora databases, and data stored in Amazon Simple Storage Service (S3).

Amazon Inspector

Is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.

Automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.

AWS Abuse team

Technology

ways of provisioning and operating in the AWS cloud

Cloud deployment models

Cloud-based deployment

On-premises deployment

Deploying resources on-premises, using virtualization and resource management tools, is sometimes called “private cloud”.

Does not provide many of the benefits of cloud computing but is sometimes sought for its ability to provide dedicated resources.

Legacy IT infrastructure while using application management and virtualization technologies to try and increase resource utilization.

Hybrid deployment

Is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud.

The most common method of hybrid deployment is between the cloud and existing on-premises infrastructure to extend, and grow, an organization's infrastructure into the cloud while connecting cloud resources to internal system.

Computing models

Platform as a Service (PaaS)

Remove the need for organizations to manage the underlying infrastructure (usually hardware and operating systems)

Allow you to focus on the deployment and management of your applications.

Infrastructure as a Service (IaaS)

Contains the basic building blocks for cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space.

Provides you with the highest level of flexibility and management control over your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with today.

Software as a Service (SaaS)

Provides you with a completed product that is run and managed by the service provider.

connectivity options

AWS global infrastructure

AWS Region

a physical location around the world where we cluster data centers, where we have multiple Availability Zones.
Factors affeacting Region selection:

Compliance
Proximmity
Available features within a Region
Pricing

Availability Zones

Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. These Availability Zones offer you the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center.

Local Zones

AWS Local Zones place compute, storage, database, and other select AWS services closer to end-users. With AWS Local Zones, you can easily run highly-demanding applications that require single-digit millisecond latencies to your end-users such as media & entertainment content creation, real-time gaming, reservoir simulations, electronic design automation, and machine learning.

Each AWS Local Zone location is an extension of an AWS Region where you can run your latency sensitive applications using AWS services such as Amazon Elastic Compute Cloud, Amazon Virtual Private Cloud, Amazon Elastic Block Store, Amazon File Storage, and Amazon Elastic Load Balancing in geographic proximity to end-users. AWS Local Zones provide a high-bandwidth, secure connection between local workloads and those running in the AWS Region, allowing you to seamlessly connect to the full range of in-region services through the same APIs and tool sets.

Wavelength Zones

Deliver ultra-low-latency applications for 5G devices.

AWS Wavelength embeds AWS compute and storage services within 5G networks, providing mobile edge computing infrastructure for developing, deploying, and scaling ultra-low-latency applications.

AWS Edge Locations

A site that CloudFront uses to cache copies of your content for faster delivery to users at any location.

Regional Edge Caches

Regional Edge Caches, in addition to improving performance, also help reduce the load on your origin resources, minimizing operational burden associated with scaling your origin and reducing your origin costs. Regional Edge Caches are turned on by default for your CloudFront distributions; you do not need to make any changes to your distributions to take advantage of this feature.

AWS Outposts

AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.

AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and services to virtually any on-premises or edge location for a truly consistent hybrid experience.

With AWS Outposts, you can run some AWS services locally and connect to a broad range of services available in the local AWS Region. Run applications and workloads on premises using familiar AWS services, tools, and APIs. Outposts supports workloads and devices requiring low latency access to on-premises systems, local data processing, data residency, and application migration with local system interdependencies.

AWS services

Compute

AWS Batch

AWS Batch is a set of batch management capabilities that enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS.

Amazon EC2

Instance Types

General purpose instances

provide a balance of compute, memory, and networking resources.

application servers
gaming servers
backend servers for enterprise applications
small and medium databases

Compute optimized

high-performance web servers

compute-intensive applications servers

dedicated gaming servers

batch processing workloads

Memory optimized

deliver fast performance for workloads that process large datasets in memory.

high-performance database
a workload that involves performing real-time processing of a large amount of unstructured data

Accelerated computing

use hardware accelerators, or coprocessors, to perform some functions more efficiently

floating-point number calculations
graphics processing
data pattern matching
graphics applications
game streaming
application streaming

Storage optimized

designed for workloads that require high, sequential read and write access to large datasets on local storage

distributed file systems
data warehousing applications
high-frequency online transaction processing (OLTP) systems
application with a high IOPS requirement

EC2 instance pricing

On-Demand Instances

ideal for short-term, irregular workloads that cannot be interrupted.

Reserved Instances

Standard Reserved Instances

Reserved Instances require you to state the following qualifications:

Instance type and size
Platform description (operating system)
Tenancy

have the option to specify an Availability Zone for your EC2 Reserved Instances

Convertible Reserved Instances

run EC2 instances in different Availability Zones or different instance types

Savings Plans

make an hourly spend commitment
EC2 instance within an EC2 instance family in a chosen Region
don't need to specify up front what EC2 instance type and size (for example, m5.xlarge), OS, and tenancy
don't need to commit to a certain number of EC2 instances over a 1-year or 3-year term
don't include an EC2 capacity reservation option

Spot Instances

ideal for workloads with flexible start and end times, or that can withstand interruptions.

Dedicated Hosts

physical servers with Amazon EC2 instance capacity that is fully dedicated to your use.
You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance.

Elastic Load Balancing

automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances.

Amazon Elastic Beanstalk

AWS Elastic Beanstalk helps you deploy and manage web applications with capacity provisioning, app health monitoring, and more.

Amazon Lightsail

offers easy-to-use virtual private server (VPS) instances, containers, storage, databases, and more at a cost-effective monthly price.

best suited for projects that require a few virtual private servers and users who prefer a simple management interface.
Launch simple web applications
Create custom websites
Blogs
Build small business applications
Simple software
Spin up test environments

Amazon Local Zone

A type of AWS infrastructure deployment that place compute, storage, database, and other select services closer to large population, industry, and IT centers, enabling you to deliver applications that require single-digit millisecond latency to end-users.

Amazon Outposts

AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises. By providing local access to AWS managed infrastructure, AWS Outposts enables customers to build and run applications on premises using the same programming interfaces as in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs.

Amazon Wavelength

Amazon SQS

send, store, and receive messages between software components at any volume

Amazon SNS

a publish/subscribe service

Amazon MQ

is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers in the cloud.

End User Computing

Amazon AppStream 2.0

a fully managed application streaming service that provides users with instant access to their desktop applications from anywhere.

Amazon Workspace

Enables you to provision virtual, cloud-based Microsoft Windows, Amazon Linux, or Ubuntu Linux desktops for your users

Amazon WorkSpaces Web

Is an on-demand, fully managed, Linux-based service designed to facilitate secure browser access to internal websites and software-as-a-service (SaaS) applications.

Storage

Elastic Block Store

Provides block-level storage volumes that you can use with Amazon EC2 instances
Take incremental backups of EBS volumes by creating Amazon EBS snapshots.

Volumes attach to EC2 instances
Availability Zone level resource
Volumes do not automatically scale

Object-level storage
Offers unlimited storage space
Maximum file size for an object in Amazon S3 is 5 TB

Storage classes

S3 Standard

Designed for frequently accessed data
Stores data in a minimum of three Availability Zones

S3 Standard-IA

Ideal for infrequently accessed data
Similar to Amazon S3 Standard but has a lower storage price and higher retrieval price
ideal for data infrequently accessed but requires high availability when needed

S3 One Zone-IA

Stores data in a single Availability Zone
Has a lower storage price than Amazon S3 Standard-IA

S3 Intelligent-Tiering

Ideal for data with unknown or changing access patterns
Requires a small monthly monitoring and automation fee per object

S3 Glacier Instant Retrieval

Works well for archived data that requires immediate access
Can retrieve objects within a few milliseconds

S3 Glacier Flexible Retrieval

Low-cost storage designed for data archivingAble to retrieve objects within a few minutes to hours

S3 Glacier Deep Archive

Lowest-cost object storage class ideal for archivingAble to retrieve objects within 12 hours

AWS Snowball

Is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud.

Amazon Elastic File System

Multiple instances reading and writing simultaneously
Linux file system
Regional resource
Automatically scales

AWS Storage Gateway

is a set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage
Storage Gateway provides a standard set of storage protocols such as iSCSI, SMB, and NFS, which allow you to use AWS storage without rewriting your existing applications.

Use cases

Hybrid cloud workflows store

Migrate application data to EBS

Back up data to the cloud

AWS Backup

is a fully-managed service that makes it easy to centralize and automate data protection across AWS services, in the cloud, and on premises. Using this service, you can configure backup policies and monitor activity for your AWS resources in one place.

AWS Elastic Disaster Recovery

minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery.

Set up AWS Elastic Disaster Recovery on your source servers to initiate secure data replication.

AWS Elastic Disaster Recovery automatically converts your servers to boot and run natively on AWS when you launch instances for drills or recovery.

Amazon FSx

Amazon FSx makes it easy and cost effective to launch, run, and scale feature-rich, high-performance file systems in the cloud.

Amazon FSx is built on the latest AWS compute, networking, and disk technologies to provide high performance and lower TCO

Handles hardware provisioning, patching, and backups

Widely-used file systems

NetApp ONTAP
OpenZFS
Windows File Server,
Lustre

Database

Amazon RDS

is a service that enables you to run relational databases in the AWS Cloud.

is a managed service that automates tasks such as hardware provisioning, database setup, patching, and backups.

Amazon Aurora
PostgreSQL
MySQL
MariaDB
Oracle Database
Microsoft SQL Server

Amazon Relational Database Service (Amazon RDS) is a SQL managed service that makes it easy to set up, operate, and scale a relational database in the cloud.
It is suited for OLTP workloads

Amazon Aurora

an enterprise-class relational database. It is compatible with MySQL and PostgreSQL relational databases.

It replicates six copies of your data across three Availability Zones and continuously backs up your data to Amazon S3.

Amazon DynamoDB

serverless database

automatically scales to adjust for changes in capacity while maintaining consistent performance.

millisecond response time

stores this data redundantly across availability zones

Scaling up to 10 trillion requests per day

Amazon MemoryDB for Redis

is a durable, in-memory database service that delivers ultra-fast performance

It is purpose-built for modern applications with microservices architectures.

Amazon Neptune

graph database service

build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.

Amazon Redshift

a data warehousing service that you can use for big data analytics

offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.

Amazon DocumentDB(with MongoDB compatibility)

a document database service that supports MongoDB workloads.

a fully managed native JSON document database

Use cases

Store and query content management data

Manage user profiles, preferences, and requests

Scale mobile and web applications

Amazon Quantum Ledger Database (Amazon QLDB)(opens in a new tab)

a ledger database service.

Amazon Managed Blockchain

is a service that you can use to create and manage blockchain networks with open-source frameworks.

is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.

Amazon ElastiCache

is a service that adds caching layers on top of your databases to help improve the read times of common requests.

Supports two types of data stores: Redis and Memcached.

Amazon DynamoDB Accelerator (DAX)

an in-memory cache for DynamoDB

Analytics

Amazon Athena

Is an interactive query service that makes it easy to analyze data directly in Amazon S3 using standard SQL

Serverless and has SQL capabilities

AWS Data Exchange

Is a service that makes it easy for AWS customers to find, subscribe to, and use third-party data in the AWS Cloud.

Amazon EMR

Amazon EMR is a web service that makes it easy to process vast amounts of data efficiently using Apache Hadoop and services offered by Amazon Web Services.

AWS Glue

is a serverless data integration service that makes it easier to discover, prepare, move, and integrate data from multiple sources for analytics, machine learning (ML), and application development.

Use cases

Simplify ETL pipeline development

Discover data efficiently

Interactively explore, experiment on, and process data

Support various processing frameworks and workloads

AWS Glue Data Catalog

is a central repository to store structural and operational metadata for all your data assets.

Amazon Kinesis

Collect, process, and analyze real-time video and data streams

cost-effectively processes and analyzes streaming data at any scale as a fully managed service. With Kinesis, you can ingest real-time data, such as video, audio, application logs, website clickstreams, and IoT telemetry data, for machine learning (ML), analytics, and other applications.

Amazon QuickSight

Is a fast, cloud-powered business intelligence (BI) service that makes it easy for you to deliver insights to everyone in your organization.
You can create and publish interactive dashboards.

Amazon MSK(Amazon Managed Streaming for Apache Kafka)

Securely stream data with a fully managed, highly available Apache Kafka service

Amazon MSK makes it easy to ingest and process streaming data in real time with fully managed Apache Kafka.

Use cases

Ingest and process log and event streams

Run centralized state or data buses

Power your event-driven systems

Amazon OpenSearch Service

Securely unlocks real-time search, monitoring, and analysis of business and operational data for use cases like application monitoring, log analytics, observability, and website search.

Makes it easy for you to perform interactive log analytics, real-time application monitoring, website search, and more

Use cases

Monitor and debug applications and infrastructure

Manage security and event information (SIEM)

Enable seamless, personalized search

Observability

Amazon Redshift

Is a fast, fully managed cloud data warehouse that makes it simple and cost-effective to analyze all your data.

Lets you access and analyze data without all of the configurations of a provisioned data warehouse.

Is a fully managed, petabyte-scale data warehouse service in the cloud.

Application Integration

Amazon EventBridge

is a serverless service that uses events to connect application components together, making it easier for you to build scalable event-driven applications

Amazon Step Functions

lets you orchestrate multiple AWS services into serverless workflows

Business Applications

Amazon Connect

is an omnichannel cloud contact center

Amazon Simple Email Service(Amazon SES)

Containers

Amazon ECR

Amazon ECS

Amazon EKS

Customer Engagement

Amazon Activate for Startups

AWS IQ

enables customers to quickly find, engage, and pay AWS Certified third-party experts for on-demand project work

makes it easy for you to use your AWS Certifications to help AWS customers

AWS Managed Service(AMS)

is an enterprise service that provides ongoing management of your AWS infrastructure.

reduce your operational overhead and risk

AWS Support

is one-on-one, fast-response support from experienced technical support engineers.

helps customers use AWS's products and features.

With pay-by-the-month pricing and unlimited support cases, customers are freed from long-term commitments.

Developer Tools

AWS AppConfig

AWS AppConfig feature flags and dynamic configurations help software builders quickly and securely adjust application behavior in production environments without full code deployments.

AWS AppConfig is a capability of AWS Systems Manager.

Improve efficiency and release changes faster

Avoid unintended changes or failures with built-in safety features

Secure and scalable feature flag deployments

AWS CLI

an open source tool that enables you to create and configure AWS services using commands in your command-line shell.

SDKs

Software Development Kits (SDKs) are tools that allow you to interact with the AWS API programmatically.

AWS Cloud9

is an integrated development environment, or IDE

AWS CloudShell

is a browser-based shell that makes it easier to securely manage, explore, and interact with your AWS resources.

CloudShell is pre-authenticated with your console credentials.

AWS CodeArtifact

is a secure, highly scalable, managed artifact repository service that helps organizations to store and share software packages for application development.

AWS CodeBuild

is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.

AWS CodeCommit

is a secure, highly scalable, managed source control service that hosts private Git repositories.

AWS CodeDeploy

is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon Elastic Compute Cloud (Amazon EC2), AWS Fargate , AWS Lambda, and your on-premises servers.

Automate code deployment to maintain application uptime

AWS CodePipeline

is a continuous delivery service that enables you to model, visualize, and automate the steps required to release your software.

AWS CodeStar

is a cloud-based service for creating, managing, and working with software development projects on AWS.

You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project

AWS X-Ray

helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture

Can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

can use X-Ray to analyze both applications in development and in production

provides a complete view of requests as they travel through your application and filters visual data across payloads, functions, traces, services, APIs, and more with no-code and low-code motions.

CodeGuru

provides intelligent recommendations to improve code quality and identify an application’s most expensive lines of code.

Frontend Web and Mobile

AWS Amplify

is a set of purpose-built tools and features that enables frontend web and mobile developers to quickly and easily build full-stack applications on AWS.

Amplify Hosting

provides a git-based workflow for hosting full-stack serverless web apps with continuous deployment.

Amplify Studio

is a visual development environment that simplifies the creation of scalable, full-stack web and mobile apps.

AWS AppSync

enables developers to connect their applications and services to data and events with secure, serverless and high-performing GraphQL and Pub/Sub APIs.

AWS Device Farm

is an application testing service that lets you improve the quality of your web and mobile apps by testing them across an extensive range of desktop browsers and real mobile devices; without having to provision and manage any testing infrastructure.

Internet of Things(IoT)

AWS IoT Core

is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices.

AWS GreenGrass

is an Internet of Things (IoT) open source edge runtime and cloud service that helps you build, deploy, and manage device software.

Machine Learning

Amazon Comprehend

NLP

Amazon Kendra

Document searching service

Amazon Lex

Chatbot

Amazon Polly

Convert text to speech

Amazon Rekognition

Amazon SageMaker

ML model training

Amazon Translate

Translation

Management and Governance

AWS Auto Scaling

Amazon EC2 Auto Scaling enables you to automatically add or remove Amazon EC2 instances in response to changing application demand.

Dynamic scaling
Predictive scaling

AWS CloudFormation

Is an infrastructure as code (IaC) service that allows you to easily model, provision, and manage AWS and third-party resources.

Speed up cloud provisioning with infrastructure as code

You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation takes care of provisioning and configuring those resources for you.

AWS CloudTrail

Monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.

Provides visibility into user activity by recording actions taken on your account.

Is a web service that records API activity in your AWS account.

Monitors actions in the AWS environment.

Is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account.

AWS CloudWatch

Observe and monitor resources and applications on AWS, on premises, and on other clouds

Is a service that monitors applications, responds to performance changes, optimizes resource use, and provides insights into operational health.

CloudWatch gives visibility into system-wide performance and allows users to set alarms, automatically react to changes, and gain a unified view of operational health.

Proactively monitor and get actional insights to enhance end user experiences

Troubleshoot operational problems with actionable insights derived from logs and metrics in your CloudWatch dashboards

Monitor application performance

Perform root cause analysis

Optimize resources proactively

Test website impacts

AWS Compute Optimizer

Is a service that analyzes the configuration and utilization metrics of your AWS resources.

Recommends more efficient AWS compute resources for your workloads to reduce costs and improve performance.

AWS Config

Is a config tool that helps you assess, audit, and evaluate the configurations and relationships of your resources

Helps you record configuration changes to software within EC2 instances in your AWS account and also virtual machines (VMs) or servers in your on-premises environment. The configuration information recorded by AWS Config includes Operating System updates, network configuration, and installed applications.

AWS Control Tower

Offers a straightforward way to set up and govern an AWS multi-account environment, following prescriptive best practices.

AWS Control Tower orchestration extends the capabilities of AWS Organizations.

AWS Health Dashboard

AWS Health is the authoritative data source for events and changes affecting your AWS cloud resources.

AWS Health notifies you about service events, planned changes, and account notifications to help you manage and take actions.

Provides alerts and remediation guidance when AWS is experiencing events that may impact you.

AWS Service Health Dashboard

AWS Personal Health Dashboard

AWS Launch Wizard

Provides an estimated cost of deployment, and lets you modify your resources to instantly view an updated cost assessment.

Provides you a guided point-and-click experience to deploy applications

AWS License Manager

Is a service that makes it easier for you to manage your software licenses from software vendors (for example, Microsoft, SAP, Oracle, and IBM) centrally across AWS and your on-premises environments.

AWS Management Console

a web-based console that you log in to through a browser. The console comprises a broad collection of service consoles for managing AWS resources.

AWS Organization

Is an account management service that lets you consolidate multiple AWS accounts into an organization that you create and centrally manage.

AWS Resource Group and Tag Editor

can consolidate and view data for applications that consist of multiple services, resources, and Regions in one place.

AWS Service Catalog

enables organizations to create and manage catalogs of IT services that are approved for AWS.

AWS Systems Manager

AWS Systems Manager allows you to safely automate common and repetitive IT operations and management tasks.

is a management service that helps you automatically collect software inventory, apply OS patches, create system images, and configure Windows and Linux operating systems.

Manage your resources on AWS and in multicloud and hybrid environments

gives you visibility and control of your infrastructure on AWS.

provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.

can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and take action on your groups of resources.

AWS Trusted Advisor

is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits and performance improvement.

AWS Well-Architected Framework

describes key concepts, design principles, and architectural best practices for designing and running workloads in the cloud.

Operational Excellence

Focuses on running and monitoring systems, and continually improving processes and procedures

automating changes
responding to events
defining standards to manage daily operations.

Performance Efficiency

focuses on structured and streamlined allocation of IT and computing resources.

selecting resource types and sizes optimized for workload requirements
monitoring performance
maintaining efficiency as business needs evolve

Security

focuses on protecting information and systems.

confidentiality and integrity of data
managing user permissions
establishing controls to detect security events

Reliability

focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands.

distributed system design
recovery planning
adapting to changing requirements

Cost Optimization

focuses on avoiding unnecessary costs.

understanding spending over time and controlling fund allocation
selecting resources of the right type and quantity
scaling to meet business needs without overspending

Sustainability

focuses on minimizing the environmental impacts of running cloud workloads.

a shared responsibility model for sustainability
understanding impact and maximizing utilization to minimize required resources
reduce downstream impacts.

Migration and Transfer

AWS Application Discovery Service

AWS Application Migration Service

AWS Data Migration Service

AWS Migration Hub

AWS Schema Conversion Tool(AWS SCT)

AWS Snow Family

AWS Snowcone

Features 2 CPUs, 4 GB of memory, and up to 14 TB of usable storage.

AWS Snowball

Snowball Edge Storage Optimized

well suited for large-scale data migrations and recurring transfer workflows, in addition to local computing with higher capacity needs.

Storage: 80 TB of hard disk drive (HDD) capacity

Compute: 40 vCPUs, and 80 GiB of memory

Snowball Edge Compute Optimized

provides powerful computing resources for use cases such as machine learning, full motion video analysis, analytics, and local computing stacks.

Storage: 80-TB usable HDD capacity

Compute: 104 vCPUs, 416 GiB of memory, and an optional NVIDIA Tesla V100 GPU

AWS Snowmobile

Exabyte-scale data transfer service used to move large amounts of data to AWS.

Transfer up to 100 petabytes of data per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi trailer truck.

AWS Transfer Family

Is a secure transfer service that enables you to transfer files into and out of AWS storage services

Securely scales your recurring business-to-business file transfers to AWS Storage services using SFTP, FTPS, FTP, and AS2 protocols

Networking and Centent Delivery

Amazon API Gateway

an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale

Amazon CloudFront

A content delivery network (CDN) service built for high performance, security, and developer convenience.

AWS Direct Connect

Lets you to establish a dedicated private connection between your data center and a VPC

AWS Global Accelerator

Networking service that simplifies traffic management and improves performance by up to 60%.
helps you improve the availability, performance, and security of your public applications.
provides two global static public IPs that act as a fixed entry point to your application endpoints

Amazon Route 53

A highly available and scalable cloud domain name system (DNS) service.
It gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.
Enables to customize DNS routing policies to reduce latency
Manage the DNS records for domain names

Weighted routing policy

lets you associate multiple resources with a single domain name (example.com) or subdomain name (acme.example.com) and choose how much traffic is routed to each resource.

Failover routing policy

This routing policy is used when you want to configure active-passive failover.

Simple routing policy

With simple routing, you typically route traffic to a single resource, for example, to a web server for your website.

Latency routing policy

This routing policy is used when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the best latency.

Virtual Private Gateway

To access private resources in a VPC
enables you to establish a virtual private network (VPN) connection between your VPC and a private network

AWS VPN

Creates a private network connection between devices through the internet

Used to safely and anonymously transmit data over public networks

Work by masking user IP addresses and encrypting data so it's unreadable by anyone not authorized to receive it.

Network Access Control Lists

is a virtual firewall that controls inbound and outbound traffic at the subnet level
By default, your account’s default network ACL allows all inbound and outbound traffic
For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic to allow.
is stateless

Security groups

a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance
By default, a security group denies all inbound traffic and allows all outbound traffic
Is stateful

Amazon VPC

A networking service that you can use to establish boundaries around your AWS resources

enables you to provision an isolated section of the AWS Cloud
can launch resources in a virtual network
can organize your resources into subnets

Amazon VPC NAT gateway

use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances

Give internet access to private subnet

allow your instances in your private subnets to access the Internet while remaining private, and are managed by AWS.

VPC Peering

is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.

Elastic IP

is a static, public IPv4 address designed for dynamic cloud computing, ongoing cost if not in-use

VPC endpoints

enables customers to privately connect to supported AWS services and VPC endpoint services powered by AWS PrivateLink.

Gateway endpoints

Amazon DynamoDB

Amazon S3

Gateway endpoints do not enable AWS PrivateLink.

Interface endpoints

enable connectivity to services over AWS PrivateLink.

AWS PrivateLink

provides private connectivity between VPCs, AWS services, and on-premises applications securely on AWS.

AWS Site to Site VPN

is a fully-managed service that creates a secure connection between your data center or branch office and your AWS resources using IP Security (IPSec) tunnels.

Is public connection

AWS Client VPN

is a fully-managed remote access VPN solution used by your remote workforce to securely access resources within both AWS and your on-premises network.

AWS Transit Gateway

is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks.

Serverless

AWS Fargate

serverless compute platform for ECS or EKS

AWS Lambda

run code without needing to provision or manage servers
run code under 15 minutes

Billing and Pricing

AWS Billing Conductor

Is a custom billing service that can support the showback and chargeback workflows of AWS Solution Providers and Enterprise customers.

AWS Budgets

Lets you set custom cost and usage budgets that alert you when your budget thresholds are exceeded (or forecasted to exceed).

AWS Cost and Usage Report

The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available

You can receive reports that break down your costs by the hour, day, or month, by product or product resource, or by tags that you define yourself.

AWS Cost Explorer

Helps you visualize, understand, and manage your AWS costs and usage over a daily or monthly granularity.

Visualize, understand, and manage your AWS costs and usage over time

Forecast your costs

identify under-utilized EC2 instances

understand the potential impact on your AWS bill by taking into account your RIs and Savings Plans.

offers recommendations for all commercial regions

AWS Compute Optimizer

look at instance type recommendations beyond downsizing within an instance family

get downsizing recommendations within or across instance families, upsizing recommendations to remove performance bottlenecks, and recommendations for EC2 instances that are parts of an Auto Scaling group.

understand the performance risks

how your workload would perform on various EC2 instance options to evaluate the price-performance trade-off for your workloads.

AWS Marketplace

Is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS.

Out-of-scope AWS services and features

Game Tech

Amazon GameLift

Amazon Lumberyard

Media Services

AWS Elemental Appliances and Software

AWS Elemental MediaConnect

AWS Elemental MediaConvert