AWS Cert Prep - Cloud Essentials

AWS Certification Prep

Cloud Practitioner Essentials - Terms

GENERAL

Client/Server = Client requests and server responds.
Containers = Faster and lighter than VMs, since they do not have their own OS.
Networking = Infrastructure and services working together to host your apps, data, and resources .

Virtual private network encrypts your internet traffic.
Content Delivery Network (CDN) caches web content close to its end-users.
No SQL DBs = key-value pairs.
Authentication verifies who. Uses locking (encryption) and unlocking (decryption) data.
Authorization verifies can do action
Principle of Least Privilege

Id Mgmt Types: Federated (across orgs), Id Provider, Single Sign-On (across apps), MFA, Zero Trust

Multi-factor Authentication (MFA) = Requires 2+ verification methods to get access.

Distributed denial of service (DDOS) = multiple computers attacking

On-Premise (empty lot), IaaS (built house), PaaS (rent furnished apartment), vs. SaaS (check into hotel).

Serverless = fully managed (provider does all infrastructure, SaaS) like hotel rental. auto scales number of resources on demand.  We do no provisioning or patching.

GENERAL - AI

ML model = makes predictions or decisions.

Foundation models (FMs) = large data models, pre-trained on lots of data. adapted to do multiple tasks.

GENERAL - AMAZON WRONG

Loosely-Coupled Components - Build interfaces on dependencies to different app parts so ease of swapping out a part. 

Decoupled Components - Operate entirely independently with no direct knowledge of each other, often via asynchronous messaging. Amazon incorrectly believes this is Loosely-Coupled.

AWS TERMS

Cloud 

    Concepts: scalability (ability to add chairs and tables if lots of customers), high availability (backup kitchen), agility (ability to change to Taco Tuesday), pay-as-you-go (only pay for electricity used), elasticity (hiring extra waiters for lunch rush only), rightsizing (buying the needed amount).

    Advantages: Fixed capital expenses becomes variable operating expenses, Economies of scale, Stop guessing capacity, Increase speed and agility, Stop money on data centers, Instant global infrastructure.

Region = Physical region each with 3+ AZ. Examples = Japan and US. Choose based on: 1) Comply, 2) Proximity, 3) Features, and 4) Price.  

Availability Zones (AZ) = In a region. Good way for scalability if 2+ AZs. 

Command Line Interface = Advantages: scripting which needs access key to access programs.

Mgmt. Console = GUI tool 
Accelerated computing = GPU acceleration
Endpoints = cache resources such as images.
Object store vs. File store = File is hierarchy folders while object store is not.
"Well architected" solution = Pillars: security (protect, detect, and mitigate), performance efficiency (using right resources), reliability (recovery, adapt to changes), operational excellence ( run and monitoring, automating to changes, I as code ), cost, and environmental sustainability.  

Service Control Policies (SCPs) = policy that restricts services, resources, and individual API actions.

Bring Your Own License (BYOL) = Use existing licenses for on-premise software (such as Windows OS) to use on Amazon's cloud.

RESPONSIBILITY

Responsibility: We: Security in the cloud. AWS: Security of the cloud. We responsible for OS patches + config + managing OS + network + client encryption + installing third party software. AWS responsible for physical/infrastructure  security + hardware maintenance + creating hypervisors + data center operations. Shared is security and compliance. RDS and Lambda is AWS on patches + scaling. 

OVERALL

DIAGRAM

VPC is parent to:

    1) Subnets (secured by NACL)

    2) EC2 (created by AIM, secured by security groups) is parent to

          2.1) EFS

          2.2) EBS

    3) VPC endpoints => S3

    4) NAT Gateway (blocks inbound traffic, allows AWS services inside VPC out to outside services)

    5) Internet Gateway (allows VPC services to access external internet)

    6) Virtual Private Gateway (allows VPC services to access your on-premise network) 

GOVERNANCE

Organizations manages entire org (including solo members and org units). Links accounts. Consolidates billing (cheaper from volume discounts) and creates hierarchy. Making orgs needs root.

Control Tower enforces security, ops, and compliance rules across orgs and existing and new accounts. CT's landing zone is home for all under. Applies SCPs and Config.  Can stop creation of EC2 instances. 

Service Catalog creates, shares, and organizes a curated catalog of resources.

License Manager manages licenses and licensing costs. Enforces license usage limits and blocking new launches.

Health Dashboard = account-specific health info and troubleshooting of events impacting resources.

Trusted Advisor monitors real-time cost, performance, resilience, security, and service quotas. 

IAM Access Analyzer verifies your policy permissions match your security standards.

COST AND SUPPORT

Total Cost of Ownership (TCO) - Shifts capital expenses for more on-demand operational expenses.

Pricing is: 1) "Pay As You Go", 2) Commit for cheaper, 3) Use more for bulk pricing.

Cost factors are: compute, storage, and outbound data transfer.

Billing and Cost Mgmt. dashboard = Inside it is:

     Bills = shows invoices and payments 

     Budgets = set budgets and alerts when costs, usage, or Savings Plans and RIs exceed limits. 

     Cost Explorer dashboard of costs and usage with interactive graphs, reports, and forecasts. Shows spending patterns, trends, and RI recommendations.

Pricing Calculator is web-based cost estimating and planning tool. To create you input instance types, storage options, and data transfer volumes. Then get cost details for your resource allocation.

Professional Services offers deep technical expertise, security audits, best practices, and guidance.

Partners benefits: 1) funding, 2) partner events, 3) partner-focused certs and training.

All support plans provide 24x7 access to call customer support.

Benefit of tagging strategy is cost breakdown and resources used on projects.

Billing done down to second on Windows and Linux EC2 instances and full hour on other OS.

AWS PRODUCTS

Elastic Beanstalk = deploy, manage, scale PaaS web apps. Sets up infrastructure, load balancing + app health. Allows for "lift and shift" strategy for .NET, PHP, or Java. Hosts lots of computer languages.
Batch = batch workloads. auto schedule, manages + scales. Parallel work. Compute.

Lightsail = Think makes small businesses soar. Simple, pre-configured VPS hosting kit with compute, storage, DBs, and networking for a low, predictable price. No need for Mgmt console. Key features include easy setup, built-in firewalls, and load balancing. For blogs, etc.

Outpost = hybrid with hardware on premise, but cloud mgmt.
Ground Station = control satellites.
Device Farm - for testing web and mobile apps across browsers and mobile devices.

Cloud Formation = Create JSON/YAML templates which are I as code so can start anew quickly in disaster recovery situation or setup your preferred AWS environment.
Virtual Private Cloud (VPC) run public or private resources in your virtual network. Most control over infrastructure.

   Components of VPC:
      Virtual private gateway lets protected internet traffic to enter the VPC. For hybrid. However, has narrow bandwidth. Can isolate parts of the VPC in a given account.
      Subnet = sub of VPC, group resources based on security or operational needs. Subnets can be public or private. A private subnet has no direct route to the internet.

      EC2 instances = VPC hosts any of the EC2 instances you want.

CONNECTIONS
Client VPN = Fully managed, auto scales VPN for your remote workers so advanced authentication.

Site-to-Site VPN connects securely your data center or branch offices and cloud. Narrow bandwidth.

Private Link = highly available, scalable. Connects you to VPCs and services via private IP so not over internet so runs over Amazon's backbone, but not special cabling.

Direct Connect = Dedicated fiber optic cables connect you and AWS that is not over the internet. Large bandwidth and good security. 

Route 53 = DNS that does geographic control by routing over to edge and to Cloud Front. Stateless. Restartable.  Route 53 has alias records which could be used for root domain names. Does health monitoring of regions and will do failover routing if region is down. Validates CNAME on SSL certs.

Cloud Front = cached CDN on edge with fast loading times, cost savings, and reliability. Helps with lower latency. Create CloudFront distribution centers in multiple regions. Good for videos or uploads.

Global Accelerator uses intelligent traffic routing and fast failover. Handles static IP addresses, global network traffic, and routing to optimal endpoints based on health, user location, and policies.

Network Address Translation = Connects instances in your AWS private subnet to services outside your VPC but external services can't initiate a connection with those instances.

CONNECTION SECURITY

Network Access Control Lists (NACL) = Optional, stateless (remember nothing) security firewall for controlling traffic for 1+ subnets.  Subnet level on VPC. allow and deny type rules. Allows classless inter-domain routing notation for IP ranges. 

Security groups are stateful at instance level on VPC and only allow type rules. Allows classless inter-domain routing notation for IP ranges. 

CONNECTION RESPONSIBILITIES

Penetration testing can do on your own instances with prior clearance from Amazon.

INSTANCES

A. Machine Image (AMI) = creates EC2 instances (which are virtual servers) with consistent image with OS + software setup. Good for disaster recovery.

Elastic Compute Cloud (EC2) 

Think HAS/HAS:  

      Hosting (Multi-tenancy (VMs isolated but share host resources)); Auto Scaling;  Setup ( 1) AMI for the OS/Software, 2) Instance Type: Pick your "T-shirt size" (General, Memory, etc.), 3) Storage  (Instance Store for temp data, EBS for DBs); 

      Hosts (Dedicated give you the whole physical server); Availability (Capacity Reservations guarantee you have space in a specific AZ when needed); Security ( 1) of Security Groups act as firewalls for instances and 2) IAM Roles secure EC2 from API and let EC2 talk to S3 securely); 

 EC2 Types:

       General Purpose = flexible + cost effective 

       Memory Optimized = good for real time, large data, or data analytics
       Storage Optimized = has high-disk throughput & low latency. Good for data analysis.
       Dedicated Host = full machine + physical server. Supports BYOL.
       Spot Instance = Stop(able think rearrange letters) batch operations. Unused EC2 w/ 90% savings. 

       On Demand = w/o commitment for unpredictable and mission critical or for "short" (6- mths)
       “Reserved Instance” (RI) = for predictable work. 1 or 3 years commitment for a discounted rate on compute usage (like EC2 or RDS) in specific AZ + 70% cost savings when you agree to use a specific instance config. Good for 90% to 100% utilized. If on-demand matches RI then auto billing discount. Consolidated billing with RI gives hourly benefits to all attached accounts. 

             Types: 1) Standard - Inflexible, but cheap

              2) Convertible - Exchangeable for another type.

              3) Scheduled - Reserves capacity for time windows.

              RI Payment Options: 1) No Upfront = high hourly, 30% save from on-demand. Good for limited budget, uncertain on 3 years, max flexibility. 

             2) Partial Upfront = low upfront, no hourly, 41% save from on-demand. Good for balanced, optimal price point, moderate predict.

             3) Total Upfront = high upfront, low hourly, 44% save from on-demand. Good for max cost savings, unpredictable, budget availability.       

    

   Capacity Reservation = Capacity only. You paying for that instance so that it can always launch if not used, but guaranteed to you. Types:

       Instance = instance in AZ.

       Fleet = For lots of multiple types of EC2.

   Savings Plan = Committing to usage rate $/hr. Types:

       Instance = critical steady state. for discounts in a single region.

       Compute = for discounts in different regions.

    Auto Scaling Groups = scales EC2s in many AZ to improve availability and fault tolerance.

        

EC2 Cost Savings Benefit: Billing only what used down to the second.

S3 Cost Savings Benefit:  Offers volume discounts.

EC2 INSTANCES CONTENT

Data:

    1) Instance Store = Ephemeral block-level and memory-based data with no snapshots. Cost-effective, super high performance. For buffers, caches, and scratch data.

    2) Elastic Block Store (EBS) = Features are PASSE: Persists, AZ, Same as E2, Snapshots, Elastic.

Overall low-latency, low cost. Manual set of volume size. High availability by auto replicating in same AZ. We do data encryption at rest and snapshots. 

          EBS Snapshots - Incremental point-in-time backups. Good for data protection, cross-region data migration, disaster recovery, volume resizing or cloning, sharing data across accounts and low cost.

          EBS Types: SSD (general purpose such as gp2, gp3) or (input output such io1, io2 for mission critical, lowest latency, heavy read-write) for speed good for self-hosted DBs and boot volumes OR HDD (std1, sc1) for large, sequential streaming data (such as server logs, sensor data, stock prices, etc.).

          EBS How Encrypt steps: Only manual by 1) create snapshot, 2) copy snapshot turning on encryption, 3) create volume from new encrypted, 4) attach to EC2.

          EBS How Backup steps: 1) Pick volume, 2) Create snapshot, 3) Store in S3.
Data Lifecycle Manager = create, delete, retain EBS snapshots.

EC2 CONTAINERS

1) EC2 Self Managed = full infrastructure control (provisioning, OS updates, patches)

2) Elastic Container Service (ECS) = partially managed. we kick off patching. we config scaling. 

         Fargate ECS = think "far-away servers".  Serverless.

3) Elastic Kubernetes Service (EKS) = partially managed. we kick off patching. we config scaling.

         Fargate EKS = think "far-away servers".  Serverless.

Elastic Container Registry = managed. Hands Docker and OCI (Open container initiative) containers to ECS and EKS. Uses IAM security.

EC2 ROUTING

Elastic Load Balancing (ELB) = allocates EC2 instances by: 1) Round Robin, 2) Least Connections, 3) IP Hash, and 4) Least Response Time. Good way to fight DDOS. Ensures only healthy get traffic.
Event Bridge = event routing + store events. Could use to decouple apps.
Simple Queue Service (SQS) = message queuing. Could use to decouple apps.

Simple Notification Service (SNS) = pub/sub service that stores until 2nd service is up. Real time. Multi-target simultaneous. Email and texting (via SMS).

Message Queue (MQ) = managed message broker for ActiveMQ and RabbitMQ

Global Accelerator =  Routes HTTP, TCP, and UDP traffic over AWS private backbone using static IPs.

Lambda = serverless compute that responds to SQS or SNS events. We manage rights via IAM, our code, triggering event, and run times. AWS is responsible for capacity and OS mgmt.

DATA

DATA FILES

Simple Storage Service (S3) = Think BOUTS, BOUTS.  Bucket storage & Block public access, Objects (structured) & Objects (unstructured), Unlimited (nearly) storage & URLs (pre-signed), Tiered (like Glacier) & Transitional (lifecycle rules to auto-move objects for cost savings), Secure (via IAM policies and APIs) & Serverless (highly available). Used for CDN, hosting static websites, media files (even for CloudFront), app data storage, archiving, data lakes, and compliance-driven data retention. 11 9's of data durability.

       S3 Transfer Acceleration - Fast file transfers to S3 buckets using distributed edges by sending traffic over AWS rather not the internet.

       Lifecycle in S3 - Create a lifecycle rule to predictably transition to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days, transition to S3 Glacier after 90 days. Used to define rules to auto move between different storage classes, or delete based on age or usage. Transition fee. 

       S3 Intelligent Tiering - Auto tiering. Anything less than 128k is never auto tiered. Charges per object monitoring fee. Good for unpredictable.

       S3 Storage classes offer different performance, availability, and cost.

       S3 bucket policies decide who can use. Rules are written in JSON.  1) Version. 2) Effect, 3) Principal, 4) Action, 5) Resource, 6) Condition.

Elastic File System (EFS) = Linux, Elastic size, POSIX permissions, Multi-connections. Shared network file system for many EC2 instances simultaneously on many servers in even different AZs, fully managed, auto scalable file storage, scales as number of files changes. For containers. Great for images and legacy apps.

        Storage classes in EFS: Auto moves. Standard, Infrequent (30 days later), 1 Zone, 1 Zone Infrequent, and Archive (90 days later).         

File System X (FSx) = Windows and Lustre (which is file system on Linux), Static size. A fully managed service that provides cost-effective, scalable file storage built on widely used file systems. Supports multiple file system protocols (such as Windows File Server, Lustre, OpenZFS, and NetAPP ONTAP).  Windows version: SMB support, Active Directory integration, and Windows features like data deduplication.

Storage Gateway = Extends AWS storage to your on-premise location.

     Benefits: 1) Integration, 2) Better mgmt. 3) Local caching, 4) Low Cost.

     Types: 1) S3 file gateway -  low-latency local via local caching and fits existing file-based workflows, 2) cached volume gateway - cache local, store backup on cloud, 3) shared volume gateway, 4) tape gateway. Good for hybrid.

Elastic Disaster Recovery = Continuous block-level data replication, auto disaster recovery, cost optimization. Uses affordable storage, minimal compute, and point-in-time recovery.

DB 

Relational DB Service (RDS) = Managed Service. Connects to different Relational DBs, including Aurora, MySQL, PostgreSQL, MS SQL Server, MariaDB, and Oracle. Auto backups and read replicas. Multi-AZ. Cost effective. VPC isolation as well as encryption at rest and in transit. Auto patches. We build schema and do database settings. Start with Mgmt. Console or Cloud Formation.

    RDS Read Replicas - Of RDS instance for redundancy and scalability for cross region or cross AZ, or same AZ.

    Aurora = Mnemonic: "Aurora Makes Perfect Database Relationships" (MySQL, PostgreSQL, DB, Relational) (so DB replacement for MySQL or PostgreSQL). Auto grows storage. Auto detect hardware failures and redirects traffic. Auto backups. Multi-AZ. Low cost.  

        Aurora serverless = Serverless DB version.
Dynamo DB = Think Keys and KMaps (Key/Value (so No-SQL), Managed, Availability of Data and Auto-Scaling, Provisioned, Dynamic Schema). Serverless. Encrypted prior to storage. For unpredictable traffic. 

Elasti Cache is fully managed in-memory caching. auto detect and failover on nodes. Good for Redis, Valkey, or Memcached tools, for 2-tier web apps, and for read heavy apps.
Document DB = For JSON data or MongoDB. Good for semi-structured data like product catalogs.

DB SERVICES
Backup - Works with EBS volumes, EFS files, and DBs. Across multi accounts and regions.
Neptune.  Think Neptune, Roman god of sea. Sea of interconnected currents and fish so highly connected graph DB service.

   Neptune serverless : Serverless.

DB Migration Service minimizes downtime to apps when migrating.

DATA MIGRATION

Cloud Adoption Framework = 6 perspectives: business, people, governance, platform, security, and operations. People perspective supports change mgmt strategy. The governance perspective connects technology and business. 

   Phases: Assess, Mobilize, and Migrate & Modernize. 

   Migration Strategies are Relocate (lift and shift VMs), Rehost (lift and shift, no changes, speed), Replatform (lift and refactor (optimize)), Refactor (change for cloud, transform), Repurchase (switch to different SaaS), Retain (keep in source environment), and Retire (decommission old apps). Effort and time from easiest:  1) Repurchase, 2) Rehost, 3) Replatform, 4) Refactor.

   Benefits- Reduced business risk; improved environmental, social, and governance; increased revenue; increased operational efficiency.

Migration Evaluator = Gives business case for migrating using data-driven approach.

App Discovery Service discovers on-premises server inventory and connections.

Migration Hub is a centralized hub takes you through the migration phases. No cost tool. Tracks migration. Shows progress.

App Migration Service = Moves on-premise apps. Suggests ways to modernize and reduce costs.

DB Migration Service (DMS) = Migrates DBs and replicates live DBs and data warehouses.

Schema Conversion Tool = Convert DBs from one DB engine to another.

Data Sync = auto fast internet data transfer to S3, EFS, and FsX for Windows File Server. Progress  checking and task reporting.

Transfer Family shares data with simple, secure, and scalable physical file transfers using SFTP.

Data Pipelines

Kinesis Data Streams for real-time data from apps, streams + sensors. Auto provisioning and scaling in on-demand mode. Kinesis is for real time streaming event data and instant analytics/metrics over those streams.

Data Firehose for near real-time data. Fully managed service. Auto provisioning and scaling. Gives data to storage and services.

Data Processing

Glue is serverless ETL.

     Glue Data Catalog = Centralized, scalable, and managed metadata repo.

Elastic MapReduce (EMR) = Auto provisioning, cluster mgmt, and scaling. Managed. Apache Spark, Apache Hadoop, and Apache Hive. Reads mass data and maps to key value pairs and reduces dups.

Data Analysis & Visualization

Quick Sight = Interactive dashboards and reports over data. 

     Athena = serverless SQL on S3 for ad-hoc queries and data lake analysis. cost-effective. Does SQL in parallel.

     Redshift - Think Oracle was "Big Red" and shifting away from Oracle data warehouses. Fully managed. Structured or semi-structured data. scalability and pay-as-you-go pricing model. SQL across data warehouses, data lakes, and operational DBs. Can run either with provisioning OR stateless unprovisioned. 

Data Security

How protect data at rest?  A: Versioning and Permissions.

SECURITY

USER AND SECURITY MONITORING

Cloud Watch visualizes real time and system wide the resource use, app speed, and operational health. Alerts. CW collects metrics on EC2, has dashboards, sets thresholds alarms (including budget alarms). Like neighborhood watch. Views logs from Cloud Trail, VPC Flow Logs, and Guard Duty.

Cloud Trail logs tracking user activity and API usage even on stopped EC2 instances. No UI. Helps with governance, compliance, and operational and risk auditing.

VPC Flow Logs troubleshoots connectivity issues between EC2 instances.

Macie = monitors secure data at rest. Uses ML. Monitors content (data in S3).

Guard Duty =  24/7 intelligent threat detection across your infrastructure and resources. Agentless. Creates security logs. Monitors behavior (attacking).

SECURITY CONFIG

IAM Identity Center = federated identity mgmt. Single sign on. Managed by Amazon.

IAM role is id to gain temp access to permissions for a single session.

IAM functionality composed of roles and users and is set using CLI or APIs.

Secrets Manager = Manage passwords and API keys. SM is a butler that fetches the secret for app. Think chest of jewels with chains around it and lock. Has lifecycle of credentials.

Key Mgmt Service (KMS) = Create and manage crypto keys. AWS (same account) and Customer managed keys (for cross-account). Think physical key.

Systems Manager provides a centralized view of detailed nodes such as ID and operating system details. Auto registry edits, user mgmt, and patching. Operational insights.

Certificate Manager (ACM) = Buy and deploy SSL/TLS certs. Encrypts data in transit.

Security Token Service = Issues temp, limited privilege token credentials for authentication. 

 

SECURITY BLOCKING

Security Hub = Overall security and compliance state. Not security vulnerability.

Shield = Auto. 

      Standard = Protects against external common security issues

      Advanced = Protects against external DDOS

Web Application Firewall (WAF) = Protects your web apps and APIs against SQL injection and cross-site scripting (XSS), DDOS, bot traffic and unauthorized access attempts. Monitors and filters incoming HTTP/HTTPS traffic.

SECURITY TOOLS

Inspector = Monitors vulnerabilities, for storage of EC2 and containers, and Lambda functions. Like building inspector.

Detective = investigate the root cause of threat.

Web App Framework are dev tools for security.

Block DDOS?  1) Security groups stops bad users in EC2, 2) Elastic Load Balancing.  3) Shield, 4) Cloudfront. 5) WAF helps a tad.

COMPLIANCE

Artifacts = Think museum artifacts. Portal to see 1) compliance reports 2) and agreements. No cost. Compliance reports are ISO, PCI, SOC 1, SOC 2, and BSI C5.  Helps with compliance and security reports on third party products.

Customer Compliance Center publishes stories, Q&A, whitepapers, and educational content.

AUDIT

Config audits configurations of resources. Managed. Monitors config changes for compliance, security, and change mgmt. Works in the control tower's landing zone.  

Audit Manager = continually audits your usage.

Customers can do U2F security keys for MFA access to better protect things. 

AI

AL/ML

    Image

1) Rekognition is auto image and video analysis for your apps without ML experience. Think eyes. Outputs labels, text, and data.

    AI Language

1) Comprehend uses NL to get insights from docs.

2) Polly converts text into speech/audio. Think Polly Anna Parrot. 

3) Transcribe converts speech into text. 

4) Translate is a text translation to different language.

    Vision/Search

1) Kendra uses NL to get answers from searching data. Think Knowledge Engine, Natural-language Discoveries, Retrieval & Answers.

2) Textract extracts typed and written text from cursive.

    Conversation

1) Lex = Think Lexicon.  Conversational brain for speech and text to apps. Such as chatbot, voice controlled menu, powers Alexia, etc. Outputs intent.

2) Personalize recommends.

    Developer

SageMaker - IDE plugin that builds repeatable ML with "No code" and without worrying about infrastructure. Think makes sages out of data scientists. Full ML lifecycle from data prep to production endpoints.

    Gen AI

SageMaker JumpStart—ML hub with FMs and pre-built MLs (vision, NLP, and tabular data) deployable with a few clicks.

Bedrock—Fully managed service for FMs in GenAI such as Claude. Think Base of Enterprise Deep learning, Reasoning, Orchestration & Custom Knowledge. Single API. 

Q Business - Answers questions using in your company's expert knowledge data.

Q Developer - Helps developers with code recommendations and snippets

   Search

OpenSearch Service = Search via keyword and NL matching.

MISC

ARCHITECTURE

Code Build = fully managed CI.

Cloud 9 =  cloud-based Linux IDE.

Code Pipeline = fully managed CI/CD service to build, test, and deploy.

X-Ray = visual dashboard of tracing, debugging, and performance analysis tool. Xray is eXamine Requests, Analyze path, Yield trace.

App Sync = Syncs apps to data via fully managed GraphQL with real-time.

Amplify eases building React, React Native, iOS, Android, and Flutter full-stack apps on AWS.

App Stream 2.0 = fully managed service that streams app to compatible device. SaaS apps.

Work Spaces = fully managed cloud-based persistent Windows or Linux virtual desktops computing service. Requires internet connection.

Work Spaces Secure Browser = fully managed remote enterprise Linux browser. Protected environment for employees to access private websites, SaaS applications, and the public internet.

IoT Core = managed cloud service to securely connect physical devices with cloud apps. 1) Smart security cameras, 2) Smart bird feeder, 3) Smart irrigation system

Connect = AI powered call center. Connect connects customers to your contact center.

Simple Email Service (SMS) = scalable and cost-effective email service.

Well-Architected Tool = free. Offers workload reviews, milestone tracking, and custom lenses for tailored evaluations and improvement plans.

Event Bridge = bridge for events: it routes events between services, your apps, and SaaS targets.

Remember patching and configuration are shared.

Quick Starts = set of recommended product deployments of other vendors to be on AWS.

Infrastructure Event Mgmt = With Enterprise support. Architectural reviews.

 

DISASTER RECOVERY OPTIONS

1) Backup Restore: Slowest method because nothing is running in the secondary region.

2) Pilot light: Only critical core (like DBs) are kept running.

3) Warm standby: Mini version of your entire stack is always active. Scales up and redirects traffic.

HARDWARE FOR DATA
Snowball = OBSOLETE = 1 petabyte-scale suitcase data transport service that uses secure devices to transfer large amounts of data into and out of the cloud.

Snowmobile = OBSOLETE = 100 petabyte-scale container-on-wheels data transport service that uses secure devices to transfer large amounts of data into and out of the cloud.