Aws General

distinctInstance

Place each task on a different container instance. For example, there will never be two tasks on the same instance

memberOf

Place tasks on container instances that satisfy an expression

AWS Lambda

Lambda@Edge

DynamoDB

API Gateway

Amazon Cognito

AWS Serverless Application Model

Performance Modes

General Pupose & Max I/O

Storage Classes

Standard & Standard-IA

Temporary physically attached storage for your instance. It provides high performance / IOPS.

GP2/GP3 SSD

General Purpose SSD volumes

IO1/IO2 SSD

Highest performance. They support EBS Multi-Attach (attach IO1 or IO2 volume to multiple EC2 instances in the same AZ)

ST1 HHD

Frequently accessed, throughput-intensive workloads

SC1 HHD

Lowest cost per GB

Block-storage service for EC2. It's a network storage drive, and you pay for the capacity you provision. You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time incremental snapshots.

You will also need to create snapshots to migrate an EBS between AWS Regions. You'll have to restore the snapshot in the Region where you want to copy it.

Inbound Traffic

Traffic that tries to access the instance.

Outbound Traffic

Traffic that leaves the instance

R

Application requires RAM

C

Application requires CPU

M

Balanced Applications Medium

I

Application requires I/O

G

Application requires GPU

T2/T3

Burstable instances

T2/T3 Unlimited

Burstable instances that you can pay more to not lose performance

EC2 is a web service to provide compute capacity in the cloud. It's one of the core services of AWS, including processor, storage, networking, operating system, and purchase model. It's composed of Virtual machines (EC2), Block-storage service (EBS), Load Balancer (ELB) and Elasticity of the resources (Auto Scaling Group)

CodeBuild

buildspec.yml

CodeDeploy (Lambda/ECS)

appspec.yaml

CodeDeploy (EC2/On-premise)

appspec.yml

Elastic Beanstalk

ebextensions

Elastic Beanstalk (Docker)

dockerrun.aws.json

HTTPS

AWS Access Key

HTTPS

GIT credentials generated with IAM

SSH

SSH keys associated with IAM user

Edge Location

Each Edge Location has its own cache

Cache Key

Unique identifier for an object in the cache

Cache Policies

Based on HTTP headers, Cookies, or Query Strings. Automatically included in the origin request. You can use TTL

Cache Invalidations

Entire Refresh (invalidating all files) or Partial Refresh (invalidating a set of files) of the cache

Cache Behaviors

Settings that describes how CloudFront processes requests

Monitor and record account activity across your AWS infrastructure. For example, you can check the account that deleted an EC2 instance. There are two types of events:

- Data events: Visibility into the resource operations performed on or within a resource.
- Management events: Visibility into management operations performed in our AWS accounts.

Server Side Encryption - S3

Amazon S3 manages the encryption key

Server Side Encryption - KMS

AWS KMS manages the encryption key

Server Side Encryption - C

The customer provides the encryption keys

Client Side Encryption

Encrypting data before sending it to Amazon S3

Dual-layer Server Side Encryption - DSSE-KMS

It applies two layers of encryption to objects when they are uploaded to Amazon S3

Effect

Allow/Deny

Principal

Who can perform an action over the bucket/object

Action

What the user can do over the bucket/object

Resource

Object/bucket affected

Object Storage Service. It will allow us to store objects in buckets, and each object can have a maximum of 5TB. Each object has a key, value, metadata, access control information and version ID.

On-Premise

You are the owner of the infrastructure

Cloud

Someone owns the servers, you are responsible for setting up the cloud services and the code

Hybrid

Mix of the previous approaches

# Gather instance details

# ID of the AMI (Amazon Machine Image) that the VM will use for OS

`# This is the ami for Window Server 2012 R2 64-bit

ami_id = ami-3d787d57

# IDs of the Security Groups to be assign to the VM

security_group_ids = []

# Single subnet id in which VM will be started

subnet_id = 

# Key file that will be used to decrypt the administrator password

keyfile_name = 

# ARN of the IAM instance profile to be assigned to the VM

iam_profile_arn = 'arn:aws:iam::123456789012:instance-profiel/myprofile

# VM instance type / instance size

instance_type = 't2.micro'

# Disk drive capacity in GB

disk_size = 120

# UserData. Code block to execute on first instance launch

user_data = ' '

# Create the instance

ec2.create_instances(

  ImageId = ami_id,

  MinCount = 1,

  MaxCount = 1,

  KeyName = keyfile_name,

  SecurityGroupIds = security_group_ids,

  InstanceType = instance_type,

  BlockDeviceMappings = [

    {

    'DeviceName': '/dev/sda1',

    'Ebs': {

      'VolumeSize': disk_size,

      'DeleteOnTermination': True,

      'VolumeType': 'gp2', 

    }

  ],

  IamInstanceProfile = {

    'Arn': arn_profile

  },

  SubnetId = subnet_id,

  UserData = user_data

)

Connect to EC2
To create an EC2 resource object

import boto3

ec2 = boto3.resource('ec2')

instances = ec2.instances.all()

# Print raw list of instances

for instance in instances:

  print( instance )

# Print list of instances by name tag

for instance in instances:

  print( [tag['Value'] for tag in instance.tags if tag.get('Key') == 'Name'] )

# Print list of instances by state

states = (

  { 'Code' : 0, 'state' : 'pending' },

  { 'Code' : 16, 'state' : 'running' },

  { 'Code' : 32, 'state' : 'shutting-down' },

  { 'Code' : 48, 'state' : 'terminated' },

  { 'Code' : 64, 'state' : 'stopping' },

  { 'Code' : 80, 'state' : 'stopped' },

)

instance_states = {

  'pending': [],

  'running': [],

  'shuttingdown' : [],

  'terminated' : [],

  'stopping' : [],

  'stopped' : [],

}

for instance in instances:

  instance_name=[tag['Value'] for tag in instance.tags if tag.get('Key') == 'Name']

  instance_states[instance.state['Name']].append( instance_name[0] )

for i in instance_states:

  instance_states[i].sort()

  print(i + ' instances\n--')

  for name in instance_states[i]: print( name )

  print('')

boto3 includes access to almost all of the AWS services. To interact with these services, you create a resource or client object that connects to a particular service. Then you can use the service using boto3's api for that object.

For instance, to create a new EC2 instance, you will create a resource object that is connected to 'ec2.' Then with that object, you will call a function to create the instance and pass the appropriate parameters to the function.

To use boto3, you must first install python. There are a number of distributions available; among the most popular are Anaconda3, ActivePython, and PyPy.

I prefer Anaconda3 because of the large number of pre-installed packages. This does however also mean it is one of the largest distributions. But as the saying goes, "It is better to have and not need than to need and not have."

Once you have installed your Python of choice, use the pip installer to install boto3.

pip install boto3

Once boto3 is installed, install the Amazon AWS CLI tools and run aws configure to set your credentials and default region.

aws configure

Now you are ready to roll.

nat

NAT Server

web

Web Server

app

Application Server

db

Database Server

ds

Directory Services/LDAP Server

dc

Active Directory/Domain Controller

log

Logging Server

Servers shall be named using the following schema: <server type><incrementing number>.<environment>.<TBD "private" domain">. For example, app1.prod.ihc.ninja or web2.qa.ihcdevops.net.

Zone 1

172.16.1.0

172.16.1.127

Zone 2

172.16.1.128

172.16.1.255

Public

172.16.0.0

172.16.0.255

Web

172.16.1.0

172.16.1.255

Authentication

172.16.2.0

172.16.2.255

Application

172.16.3.0

172.16.3.255

Database

172.16.4.0

172.16.4.255

Security

172.16.5.0

172.16.5.255

Infinity HealthCare

172.16.0.0

172.16.31.255

Infinity-MEDS

172.16.32.0

172.16.63.255

Dev

172.16.0.0

172.16.255.255

dev

QA/Test

172.17.0.0

172.17.255.255

qa

Prod

172.18.0.0

172.18.255.255

prod

IP addresses can provide insight into what environment a server is in, what the server does, which company it belongs to and where it's located.

aws ec2 describe-key-pairs

aws ec2 create-key-pair --key-name <value> --output text

ssh-keygen -t rsa -b 4096

aws ec2 import-key-pair --key-name keyname_test --public-key-material file:///home/rkumar/id_rsa.pub

aws ec2 delete-key-pair --key-name <value>

aws ec2 describe-security-groups

aws ec2 create-security-group --vpc-id vpc-1a2b3c4d --group-name web-server --description "web server access"

aws ec2 describe-security-groups --group-id sg-0000000

aws ec2 authorize-security-group-ingress --group-id sg-0000000 --protocol tcp --port 80 --cidr 0.0.0.0

my_ip=$(dig +short myip.opendns.com @resolver1.opendns.com); echo $my_ip

aws ec2 authorize-security-group-ingress --group-id sg-0000000 --protocol tcp --port 80 --cidr $my_ip/24

aws ec2 revoke-security-group-ingress --group-id sg-0000000 --protocol tcp --port 80 --cidr 0.0.0.0/24

aws ec2 delete-security-group --group-id sg-00000000

aws ec2 describe-tags

aws ec2 create-tags --resources "ami-1a2b3c4d" --tags Key=name,Value=debian

aws ec2 delete-tags --resources "ami-1a2b3c4d" --tags Key=Name,Value=

aws ec2 describe-images --filter "Name=is-public,Values=false" --query 'Images[].[ImageId, Name]' --output text

aws ec2 deregister-image --image-id ami-00000000

aws ec2 describe-instances

aws ec2 describe-instances --filters Name=instance-state-name,Values=running

aws ec2 run-instances --image-id ami-a0b1234 --instance-type t2.micro --security-group-ids sg-00000000 --dry-run

aws ec2 terminate-instances --instance-ids <instance_id>

aws ec2 describe-instance-status

aws ec2 describe-instance-status --instance-ids <instance_id>

aws ec2 describe-instances --filters Name=instance-state-name,Values=running --query 'Reservations[].Instances[].[PublicIpAddress, Tags[?Key==

Name

].Value | [0] ]' --output text

1) Advanced RDS ỏ database admin => simplifies

2) VPC include multiple AZ

3) AWS Trust Advisior: Tool realtime guilidance help you provision your resource

4) AWS Health Dashboard: show issue impact your resource

5) AWS Cost Exploere: is used for view cost

6) S3 Store virtual unlimited

7) Cost Allocation Tags => categories and track resource after run view billing cost Explorer

8) Elasticity to resolve the issue of under utilization

9) AWS Direct Connect: provide private connect from data center to AWS

10) AWS Transit gateway: used for optimizing the network VPC and on-premise network.

11) EC2 hosts # Ec2 instance

12) Continually reduce price => economies of scale

13) Quick Start => deploy popular technologies on AWS

14) Cloud Formation => deploy infrastructure from template

15) AWS Artifact =>provide access AWS security and compliance report.

16) AWS Config: used for compliance relating config AWS resource.

17) IAM grant for S3 bucket => update principal

18) Launch EC2 Instance behind Elastic Load Balance => accross multi AZ in a single AWS Region

19) Database access operating system => EC2

20) Dynamo DB => config (customer), backup (AWS)

21) A sole manage reponsibility AWS => AZ manager

22) Agility - (fast, quick) in one click

23) Elasticity - Infrastructure scale base on demand.

24) Fault tolerance - Ensuring app stay available in the event of a fault.

25) CTO Calculator - estimat cost saving on AWS compare on-premise

26) AWS Pricing Calculator - Estiamte a month bill resource use

27) IAM Roles not have standard long-term credentials

28) AWS Storage Gateway - hyrid cloud storage servies

29) VPC establish connect between your on-premise network

30) AWS Budgets - set custom budgets to trck your cost and usage

31) AWS config keep track all change your resource

32) In a higher avalable system the failer of a single component should not affect the app.

33) Quick Sight - bussiness intellient (BI) service

34) Elastic Beanstalk - Easy to user service deploy

35) Access key contain 2 part: an access key ID and a secret access key

36) Trust Advisor - check security group for rules allow unrestricted access

37) Service control policy (SCPs) - are a type of organization policy that you can use to manage permission iyour organization

38) Network ACL: chặn IP cụ thể (block IP)

39) Access Analyzer: ideatity resource ễtrnal

40) AWS System Manager: UI view operational data.

41) IAM user have an access key ID and secret access key

42) Sheild => in a edge location

43) Amazon Cognito can add user sign-up, sign-in and access control web & mobile (SAML) and OpenID

44) GuardDuty: account continous for malicious activity and unauthorized behavior.

45) AWS site-to-site VPN: encrypt traffic arcoss your network + Amazon workspace

46) Amazon App Stream 2.0: is non-persistent desktop and application services for remotely access your work

47) AWS managed services (AMS): adopt scale and operate more efficiently and securely. Easily leave a lot of the heavy lifting to AWS.

48) FSX - has standard server message block (SMB) protocol to access file over a network

49) Facility operation and hardware procurement cost are something you no longer to pay for in AWS cloud.

50) AWS Technical Account Mnager: provide expert monitoring and optimization for your environment and cordinates access to other pgram and experts

51) The company is resonsible for enabling encryptiion on the buckets S3

52) AWS ApplicatioDiscovery Service: help you plan your migrate AWS, collect usage and cofig data.

53) AWS Resource Groups: manage and auto task on large number of resource in one place.

54) AWS Service Catalog: reate and manage catalog IT services

55) SQS and Step Function: provide asynchonous itergrate

56) Amazon EC2 Dedicate host: allow use your iligoble software licenses from vendors.

57) Consolidated billing benefit: onebill, easy tracking, conbined usage, no extra fee.

58) AWS Health API is available to bussiness, Enterprise On-Ramp, Enterprise Support

59) AWS Storgae & Gateway has gateway virtual Tape library to backup software.

60) Resource performance monitor, event and leart => Cloudwatch

61) Account - specific activity and audit => CloudTrail

62) Resource - specific change history, audit, compliance => Config

63) Service Health Dashboard display the general status personal Health Daboard personal view.

64) Cloudformatio => same AWS infrastructure across multiple AWS Account and regions

65) Elastic Load Balance - high availibility, auto scleing and rebust security.

66) U2F security key - use USB port on yr compute

67) Virtual MFA Sservice - software app

68 ) Hardwrae MFA Device - hardware device generate six-digital

69) SMS text message - SMS

70) AWS Computed Optimizer: provide EC2, ELB, Lamda, Auto Scaling; not provide EFS, S3.

71) Cloudwatch enable central log on-premise and cloud.

72) IAM Credential Report: là loại báo cáo liệt kê all user và trạng thái thông tin đăng nhập của họ.

73) IAM Access Advisor: là 1 cố vấn truy cập, show ra các quyền dịch vụ được cấp cho user và thời điểm dịch vụ đó truy cập lần cuối.

74) AMI: là loại thiết bị ảo để tạo 1 máy áo

75) EFS: dịch vụ lưu trữ tệp

76) OpsHub: software quản lý Snow Family

77) AWS Storage gateway: hyrid access on-premise to AWS

78) AWS EMR: dịch vụ Hadoop (big data), kiểm soát cụm và phần mềm cài trên nó

79) Althena: analyze data S3

80) AWS Batch: run job batch trên nhiều AZ trong 1 region

81) Lightsail: tạo server cho người ít kinh nghiệm

82) Elastic Beanstalk: dịch vụ Paas giúp dễ dàng triển khai và mở rộng ứng dụng web và dịch vụ

83) AWS Code pipeline: tự động hóa quy trình deploy cho các bản cập nhật nhanh chống và ổn định.

84) CodeStar: Unifed UI in one place manage.

85) Quicksight: machine leaning, trực quan hóa dữ liệu business itelligent.

86) AWS System manager: cung cấp cho người dùng khả năng hiển thị và kiểm soát cơ sở hạ tầng trên AWS

87) OpsWorks: quản lý Chef & Puppet, sử dụng mã tự động cấu hình máy chủ.

88) Outpost: khách hàng truy cập cơ sở hạ tầng AWS, hyrid nhất quán.

89) Amazon Event Bridge: truy cập realtime những thay đổi trong dịch vụ AWS dưới dạng Saas

90) AWS CloudTrail: ghi lại lệnh gọi API

91) AWS Service Heath Dashboard: hiển thị tình trạng chung của ác dịch vụ Ắ

92) NAT gateway: mạng private connect internet nhưng ngăn không cho internet kết nối đến Server đó.

93) NACL: lớp bảo mật như firewall kiểm soát ra vào của 1 hoặc nhiều subnet.

94) VPC Flow log: cho phép nắm bắt thông tin traffic đến và đi

95) AWS Private Link: là cách an toàn để kết nối VPC tới các dịch vụ AWS khác.

96) Forecast: dự báo chuỗi thời gian dựa trên máy học xây dựng phục vụ mục đích phân tích chỉ số kinh doanh

97) Artifact: Truy cập báo cáo trên thư và bảo mật.

98) GuardDuty: phát hiện mói đe dọa, inteligent protect

99) AWS Inspector: phát hiện lỗ hổng bảo mật tự động, phát hiện lỗ hổng bảo mật và khả năng xâm nhập qua mạng

100) AWS Security Hub: cảnh báo bảo mật ưu tiên cao và trạng thái tuân thủ trên các tài khoản AWS.

101) AWS Step Function: luồng công việc cho Lamda

102) AWS Pinpoint: marketing

103) Direct connect

104) Transit gateway

105) AWS Detective: root cause

Quickstart

- Deploy popular technologies

AWS Storage gateway

- Hyrid cloud storage service

Services control policy (SCPS)

Are a type of organization policy you can use manage permission in your organization.

Service controll policy (SCP)

Retrict acount privileage

AWS Control Tower

Easy way to setup govern a secure and complant AWS enviroment base on best practice

AWS Compute Optimizer

Recomment optimizer resource your workload

AWS Analyzer

Identity resource external

SWF (Simple Workflow services)

is a web services easy to coordinate work across distribute application component

AWS Well-Architecture Tool

Review your architect 6 pillas

AWS Right Sizing

Process matching instance type size your requirement

AWS Marketplace

Digital catalog with thousand of software

AWS Training

AWS Professional Services & Partner Network

- Is global team of export
- APN = AWS Partner Network

AWS Knowlege Center

Most frequently & Common question

AWS IQ

Quicky find help

AWS re:post

Question and Answer Services

Amazon Workspace

- Virtual Desktop Computing
- Manage desktop as services (DAAS) Solutions.

Amazon Appstream 2.0

App streaming allow access vitual desktop

Amazon sumerian

VR, AR

Amazon IoT Core

IoT

AMazon Elastic transcoder

Convert media file S3 to media file

AWS Appsync

Service allow developer build app with realtime or offline synced data.

AWS Device Form

Test web and mobile in browser

AWS Backup

Auto backup

DRS - Elastic Disaster Recovery

Quickly and easily recover your physical and cloud

AWS DataSync

Move large data on-premise to AWS

MGW
AWS Application Migrate Service

lift and sift solution simle migrate app to AWS

FIS
AWS Fault Injection Simulator

Run test fault injection

AWS StepFunction

Build workflow order to lamda

AWS GroudStation

Controll Sattelite Communicator

AWS Pinpoint

Scale 2 way (outbound/invound markerting)

AWS STS
Security Token Services

Create temporary, limit privilege credentials

AWS Cognito (Simplified)

- Identity for web and mobile
- Sign up, sign in (SAML & OpenID)
- You can create user by Cognito

AWS Directory Service

Manage Microsoft Active Directory

AWS Trust Advisor

- Tool realtime guildance help you provision your resource
- Check security group for rules allow urestrical aross

AWS Cost Explorer

View cost

Cost Allocation Tag

Categories and track resource view billing

CTO Calculator

Estimate cost save between AWS and on-premise

AWS Pricing Calculator

Estimate a month bill resource use

AWS Budgets

Set custm budgets to track your cost and usage.

Cost And Usage Report

Dive Deeper in your AWS cost and usage

Billing Alarm

- Simple alarm cost
- Not powerfull as AWS budget

AWS Basic Support Plan

AWS Business Support Plan (24/7)

- Production workload
- Phone, email, chat to Cloud Support Engineer

AWS Enterprise Support Plan (24/7)

- Production or bussiness critaical workload
- Mission critical workload
- Access Techinical Account Manage (TAM)
- Concierge Support Team
- Infrastructure event manage, well-architect & opertationo reviews

Rekognition

Find object, people, text, ...

Transcribe

Convert speech to text

Polly

Convert text to speech

Translate

Translate

Lex

Chatbot

Connect

Recieve call, message SMS

Comprehend

Natual language pocessing - NLP

SageMarker

Developer build ML Model

Forecast

Use ML to Forecast

Kendra

Document search (text, pdf, ...)

Amazon Personalize

Buil app realtime personal

Textract

Extract text, hand writing

WAF (Web Application Firewall)

- Protect your web app (layer 7)
- Protect SQL Injection, cross site scripting

Penetration Testing

Customer test infrastructure AWS

AWS KMS

Encryption

Cloud HSM

Encrypt hardware

ACM (AWS Certificate Manager)

SSL/TLS Certificate

AWS Secret Manager

Store secret

AWS Artifact

Customer access AWS compliance/Security document and AWS agreement

AWS GuardDuty

- Inteligent protect
- Against crypto currency attack.

AWS Inspector

Auto security assetment

AWS Config

- Audit & recording compliance your AWS resource
- Config AWS resources
- Keep track change your resources
- Have Service AWS Config Resources

AWS Macie

Protect your sensitive data

AWS Security Hub

Cental security tool across several AWS account and auto security check

AWS Detective

Analyze, quickly identifies root cause of security issue

AWS abuse

Report AWS resource use for abuse or illiegal purpose

Internet Gateway

Help VPC Connect internet

NAT Gateway

- Private subnet to access internet
- AWS manage

NAT Instance

- Private subnet to access internet
- Self manage

NACL (Network ACL)

Firewall controls traffic to subnet

VPC Flow Logs

Capture info IP

VPC Peering

Connect two VPC

VPC Endpoint

Allow connect AWS Service use private network

AWS PrvateLink

Most secure & scalable way to expose a service to 1000s of VPCs.

DX (Direct connect)

- Make easy establish a declicate connect form on-premise network to one or more VPC in same region
- Private connect form data center to AWS

Client VPN

Connect your compute to private netwowrk user open VPC

Transit Gateway

Transitive peering between thousand of VPC and on-premise, optimized network

Amazon CloudWatch

- Metrics: various monitor
- Alarm: Trigger notify for metric
- Logs: Realtime monitor log

Amazon EventBridge

Service allow access realtime change of AWS Service under SaaS

CloudTrail

- Govermance, complance and audit your account
- Resource deleted => view CloudTrail
- Record API your account

AWS X-Ray

- Debug in production

CloudTrail Insight

Auto analysis cloudtrail event

Amazon Code Guru

- Code review and recommand
- 2 function: Code Guru Reviewer and Code Guru Profier

AWS Personal Health Dashboard

Remendiation guide when AWS experiency may impact you

AWS Services Health Dashboard

Status all AWS service across all regions

SQS

Queue

SNS

Push notifier

Kinesis

- Streaming
- Type:
+ Data stream
+ Data Fire house
+ Data analytic
+ Video streaming

Amazon MQ

- For RabbitMQ, ActiveMQ
- have SNS & SQS feature.

Route53

is a manage DNS

CloudFront

- Content delivery network (CDN)
- DDos protect
- File cacshe
- Static content

S3 Cross Region Relication

- File update realtime
- Read only, dynamic content

S3 Transfer Acceleration

Upload and download file to S3 bucket

AWS Global Accelerator

- Improve global app and performance
- 2 any cast ip
- Integrate Sheild
- No cache
- Improve TCP or UDP

AWS Outposts

- Hyrid
- Server racks
- Access AWS Infrastructure on -premise

AWS Warelength

5G Network

AWS LocalZones

place sesrvices closer to user

Cloud Formation

- Is a declarative way of outlining your AWS Infrastructure
- Repeat across region & account.

CDK (Cloud Developer Kit)

Defind infrastructure by language program

Elastic Beanstalk

- Developer centric view of deploy app on AWS
- Easy to user service deploy
- Paas
- Free

AWS Code Deploy

- Deploy app auto
- Hyrid service
- Config CodeDeploy Agent

AWS Code Commit

git repository

AWS Code Build

Complies source code, run test

Code Artifact

Manage depend on software package (npm, ...))

Code Star

- Unified UI manage software in one place
- Can edit Cloud 9

Cloud 9

Cloud IDE

SSM (Amazon System Manager)

- Manage EC2 and on-premise
- SSM sission manager: start shell on EC2 not SSH not port
- UI view operational data

Opswork

chef & puppet

ECS

- Launch docker container
- not serverless
- Intergrate Application load balacer

Fargate

- launch docker container
- Serverless

ECR (Elastic Container Registry)

Store docker image

AWS Lamda

- You only upload code, lamda will run code deploy for you
- Java, Nodejs, Python

Amazon API Gateway

- Build a serverless API

AWS Batch

- Launch EC2 or Spot Instance
- Run by docker image & run on ECS

Lightsail

Simple create server for people little experience

AWS RDS

- Multi AZ
- Scale verticle and horizontal
- Store blocked by EBS
- Simlify for database admin

Amazon Aurora

Amazon Elastic Cache

Cache for RDS

DynamoDB

- 100TB
- Type:
 + standard
 + Infrequent Access (IA)
- Integrate IAM

DynamoDB Accelerator (DAX)

Cache for DynamoDB

Redshift

Warehourse

EMR (Elastic MapReduce)

Big data, hadoop

Athena

analyze data S3

QuickSight

- Machine learning
- Bussiness intelligent (BI) service

DocumentDB

For mongoDB

Neptune

- Graph database
- For social network

QLDB (Quantum ledger database)

book (ledger)

Amazon manage blockchain

blockchain

AWS Glue

extract, move S3

DMS (Database migrate service)

- Migrate
- Support:
 + Homogenerous migrates
 + Heterogenerous migrates

Elastic Load Balancer

- 3 kind:
 + Application load balancer (HTTP/HTTPS - layer 7)
 + Network load balancer (TCP - layer 4)
 + Classic load balancer (layer 4 & layer 7)

Auto Scaling Group

- Ensure min max instance run
- Register new instance
- Replace unhealthy instance
- Scaleing strategies:
 + Manual Scaling
 + Dynamic Scaling
   => Simple/Step scaling
   => Target tracking scaling
   => Schedule scaling
 + predictive scaling

S3

- unit name
- S3 global, bucket region
- S3 contain:
 + bucket
 + Object

Snow Family

- Data migrate:
 + Snowcone (8TB)
 + Snowball Edge (80TB) (TB or PB)
 + Snow mobile (EB) better > 10 PB
- Edge computing

OpsHub

- Software manage snow family

AWS Storage Gateway

- Connect on-premise and cloud
- Type:
 + File gateway
 + Volumn gateway
 + Tape gateway

EBS

- Persist data if terminate
- Mount one instance at time
- Bound specific AZ

EBS Snapshot

- Backup EBS
- Copy across AZ or region
- Feature:
 + Archive
 + Recycle Bin for EBS Snapshot

AMI

- Customization EC2
- Launch instace From (public AMI, private AMI and AWS Marketplace AMI)

EC2 Image Builder

- Create, maintain, validate, test EC2 AMI
- Can run schedule
- Free service

EC2 Instance Store

- Lose storage if stop
- For buffer or cache

EFS

- Can mounted 100 EC2
- Work linux-multi AZ
- EFS-IA (Infrequent Access): Auto move file EFS to EFS-IA
- FSx:
 + Launch 3rd party
 + Build on Window File Server
 + Integrate Microsoft Active Derectory