Domain 1: Cloud Concepts (24%)
What is Cloud Computing?
Cloud computing is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing
6 Benefits of Cloud Computing
- Trade upfront expense for variable expense
- Stop spending money to run and maintain data centers
- Stop guessing capacity
- Benefit from massive economies of scale
- Increase speed and agility
- Go global in minutes
AWS Well-Architected Framework
- Operational Excellence
- Perform operations as code
- Make frequent, small, reversible changes
- Refine operations procedures frequently
- Anticipate failure
- Learn from all operational failures
- Use managed services
- Implement observability for actionable insights
- Security
- Implement a strong identity foundation
- Maintain traceability
- Apply security at all layers
- Automate security best practices
- Protect data in transit and at rest
- Keep people away from data
- Prepare for security events
- Reliability
- Automatically recover from failure
- Test recovery procedures
- Scale horizontally to increase aggregate workload availability
- Stop guessing capacity
- Manage change through automation
- Performance Efficiency
- Democratize advanced technologies
- Go global in minutes
- Use serverless architectures
- Experiment more often
- Consider mechanical sympathy
- Cost Optimization
- Implement cloud financial management
- Adopt a consumption model
- Measure overall efficiency
- Stop spending money on undifferentiated heavy-lifting
- Analyze and attribute expenditure
- Sustainability
- Understand your impact
- Establish sustainability goals
- Maximize utilization
- Anticipate and adopt new, more efficient hardware and software offerings
- Use managed services
- Reduce the downstream impact of your cloud workloads
AWS Cloud Adoption Framework (AWS CAF)
- Cloud Transformation Journey
- Envision Phase
- Focuses on demonstrating how cloud will help
accelerate
yourbusiness outcomes
- Focuses on demonstrating how cloud will help
- Align Phase
- Focuses on
identifying capability gaps
across the 6 AWS CAF perspectives, identifying cross-organizational dependencies, and surfacing stakeholder concerns and challenges
- Focuses on
- Launch Phase
- Focuses on
delivering pilot initiatives in production
and ondemonstrating incremental business value
- Focuses on
- Scale Phase
- Focuses on
expanding production pilots and business value
to desired scale and ensuring that the business benefits associated with your cloud investments are realized and sustained
- Focuses on
- Envision Phase
- Foundational Capabilities
- Business Capabilities
- Business Perspective
- Strategy Management
- Portfolio Management
- Innovation Management
- Product Management
- Strategic Partnership
Data Monetization
- Business Insights
- Data Science
- People Perspective
- Culture Evolution
- Transformational Leadership
Cloud Fluency
- Workforce Transformation
- Change Acceleration
- Organization Design
- Organizational Alignment
- Governance Perspective
- Program & Project Management
Benefits Management
- Risk Management
- Cloud Financial Management
- Application Portfolio Management
- Data Governance
- Data Curation
- Business Perspective
- Technical Capabilities
- Platform Perspective
- Platform Architecture
Data Architecture
- Platform Engineering
- Data Engineering
- Provisioning and Orchestration
- Modern App Development
- CI/CD
- Security Perspective
- Security Governance
- Security Assurance
- Identity & Access Management
- Threat Detection
- Vulnerability Management
Infrastructure Protection
- Data Protection
- Application Security
Incident Response
- Operations Perspective
- Observability
- Event Management
- Incident and Problem Management
- Change & Release Management
- Performance and Capacity Management
- Configuration Management
- Patch Management
- Availability and Continuity Management
- Application Management
- Platform Perspective
- Business Capabilities
Migration Strategies
- The 6 Rโs of migration
- Rehosting
- Moving applications without changes
- Replatforming
- Making a few
cloud optimizations
to realize a tangible benefit
- Making a few
- Refactoring/re-architecting
- Reimagining how an application is architected and developed by using cloud-native features
- Repurchasing
- Moving from a
traditional license
to asoftware-as-a-service model
- Moving from a
- Retaining
- Keeping applications that are critical for the business in the source environment
- Retiring
- Removing applications that are no longer needed
- Rehosting
Domain 2: Security and Compliance (30%)
AWS Shared Responsibility Model
- Customers: Security
in
the cloud- IaaS such as EC2
- Guest OS management (Update, security patch)
- Application software installed on the EC2
- Security group configuration
- Updating and patching Amazon WorkSpaces virtual Windows desktop
- S3, DynamoDB
- Customer Data
- IAM
- Amazon RDS
- Manage connections to the DB
- Establish a regular maintenance window that tells AWS when to patch the DB instance operating system
- AWS Lambda
- Creating versions of Lambda
- IaaS such as EC2
- AWS: Security
of
the cloud- Responsible for
OS installations
when a company hosts its DB on EC2 instances
- Responsible for
- AWS & Customer shared responsibility
- Patch Management
- Configuration Management
- Awareness & Training
Domain 3: Cloud Technology and Services (34%)
Ways to interact with AWS services
- AWS Management Console
- AWS CLI, AWS SDKs, AWS API
- Allows users to connect with and deploy AWS services programmatically
- Programmatic access requires an
access key ID
and asecret access key
that can be assigned to an AWS user
AWS Global Infrastructure
- AWS Region
- When selecting a Region, consider the following 4 business factors
Compliance
with data governance and legal requirementsProximity
to your customersAvailable services
within a RegionPricing
- When selecting a Region, consider the following 4 business factors
- Availability Zone
- A single data center or a group of data centers within a Region
- AWS Local Zones
- AWS infrastructure deployment that places AWS services
closer to large population
, industry, and IT centers where no AWS Region exists today - Are
connected to the parent AWS Region
via Amazonโs private network that provide fast, secure, and seamless access to other AWS services
- AWS infrastructure deployment that places AWS services
- Edge Location
- A site that Amazon
CloudFront
uses to store cached copies of your content closer to your customers for faster delivery - Also runs
Route 53
&AWS Global Accelerator
- A site that Amazon
- AWS Wavelength
- Enables customers to use AWS services at the edge of the
5G network
- Enables customers to use AWS services at the edge of the
Disaster Recovery Strategies
- Backup & Restore
- active/passive
- RPO/RTO: Hours
- Cost
$
- Pilot Light: A small version of the app is always running in the cloud which is useful for critical core.
- active/passive
- RPO/RTO: 10s of minutes
- Cost
$$
- Warm Standby: The full system is up and running, but at minimum size. Upon disaster, we can scale to production load.
- active/passive
- RPO/RTO: Minutes
- Cost
$$$
- Multi-site: Full Production Scale is running AWS and On-Premise.
- active/active
- RPO/RTO: Real-time
- Cost
$$$$
Domain 4: Billing, Pricing, and Support (12%)
AWS Support Plans
- Require AWS account root user credentials to change the AWS support plan
- Basic (Free)
- 24/7 Customer Service
- AWS Trusted Advisor limited access
- AWS Health
- Developer (Charged)
- General architectural guidance
- Support automation workflows
- Access to
technical support
duringbusiness hours
Email access
to customer support
- Business (Charged)
AWS Trusted Advisor
provides full set ofbest practice checks
- Direct
phone access
to cloud support engineers - Provides
programmatic case management
through theAWS Support API
Limited support
forthird-party software
AWS Health API
AWS Shield Response Team (SRT)
supportAWS Infrastructure Event Management (IEM)
withadditional fee
- Guide how the company should scale its architecture and operational support during the event
- Enterprise(On-Ramp) (Charged)
Concierge Support
team for primary point of contact for AWS Billing and AWS Support- Proactive support services by Designated(or A pool of)
Techincal Account Managers (TAMs)
- Consultative review and architecture guidance(one per year)
Infrastructure Event Management (IEM)
support(one per year)- A Cost Optimization workshop(one per year) and tools
15(or 30) minutes
or less response time for business-critical issues
AWS Knowledge Center
- To review answers to
frequently asked questions
about security in the AWS Cloud
AWS Abuse
- When discovered
unauthorized requests
originatedfrom AWS resource
AWS Professional Services
- A
global team of experts
to complete the migration faster and more reliably in accordance with AWS internal best practices
In-scope AWS services and features
Compute
- Amazon EC2
- Runs on top of physical host machines managed by AWS using virtualization technology
- A hypervisor running on the host machine is responsible for:
- Sharing the underlying physical resources between the virtual machines
- Coordinating this multitenancy
- Isolating the virtual machines from each other as they share resources from the host
- DR features: AMIs, EBS snapshots
- Advantages
- Integration with VPC, CloudTrail, IAM
- Flexible, pay-as-you-go pricing model
- Amazon EC2 Pricing
- On-Demand: You pay for only the compute time you use
- Reserved Instances:
1-year or 3-year term
- Standard: Fixed EC2 type & Region
- Convertible: Unfixed EC2 type & Region
- EC2 Instance Savings Plans
- Provides a discount when you make an
hourly spend commitment
to an instance family and Region for a1-year or 3-year term
- Provides a discount when you make an
- Spot Instances
- Use unused EC2 computing capacity and offer you cost savings at up to 90% off of On-Demand prices
- Dedicated Hosts
Physical servers
with EC2 instance capacity that is fully dedicated to your use
- Amazon Elastic Block Store (EBS)
- A service that provides
block-level
storage volumes that you can use with Amazon EC2 instances AZ level resource
- Need to be in the same AZ to attach EC2
- Volumes do not automatically scale
- A service that provides
- Elastic Load Balancer
- Service that automatically distributes incoming application traffic across multiple resources
- Application Load Balancer (L7: HTTP/HTTPS Routing)
- Network Load Balancer (L4: TCP Routing)
- Amazon Lightsail
- AWS ์์ ๊ฐ์ ํ๋ผ์ด๋น ์๋ฒ๋ฅผ ์์ํ๊ณ ๊ด๋ฆฌํ ๋ ์ฌ์ฉ ๊ฐ๋ฅํ ๊ฐ์ฅ ๊ฐํธํ ๋ฐฉ๋ฒ
- AWS Lambda
- A
serverless
service that lets you run code without needing to provision or manage servers - Cannot run more than
15 minutes
- AWS Lambda Pricing
- Charged based on the
number of requests
for your functions and thetime that it takes
for them to run
- Charged based on the
- A
- AWS Batch
- ์ฝ์ด๊ฐ ๋ง์ด ํ์ํ ๋ฐฐ์น ์ปดํจํ ์์ ์ ํจ์จ์ ์ผ๋ก ์คํ ๊ฐ๋ฅ
- AWS Elastic Beanstalk (EB)
- Application Code ๋ง์ผ๋ก ๊ฐ๋จํ๊ฒ ์๋ฒ ๋ฐฐํฌ ๊ฐ๋ฅ
- Elastic Beanstalk์ ์ฉ๋ ๊ด๋ฆฌ, ๋ก๋ ๋ฐธ๋ฐ์ฑ, ์๋ ํฌ๊ธฐ ์กฐ์ ๋ฐ ๋ชจ๋ํฐ๋ง์ ํตํด ์๋์ผ๋ก ๋ฐฐํฌ๋ ์ธํ๋ผ์ ๊ณตํต ํ๋ก๊ทธ๋๋ฐ ์ธ์ด๋ก ๊ฐ๋ฐ๋ ์น ์ ํ๋ฆฌ์ผ์ด์ ๋ฐ ์๋น์ค๋ฅผ ๋ฐฐํฌํ๊ณ ํฌ๊ธฐ ์กฐ์ ํ๋ ์๋น์ค์ ๋๋ค. Elastic Beanstalk์ ์ฌ์ฉํ๋ฉด ์ ํ๋ฆฌ์ผ์ด์ ์ ๋ณด๋ค ์ฝ๊ฒ ํ๋ก๋น์ ๋ํ๊ณ ์ง์ํ ์ ์์ต๋๋ค. Elastic Beanstalk์ ์น ์ฌ์ดํธ ์ง์ฐ ์๊ฐ์ ์ค์ด์ง๋ ์์ต๋๋ค.
- AWS Outposts
- Supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co- location environments, or on-premises facilities
- Allows the company to
run AWS services locally
on Outposts with the same APIs, tools, and hardware as in the AWS Cloud
Containers
- Amazon Elastic Container Registry (ECR)
- Docker Container Image ๋ฅผ ์ ์ฅ, ๊ด๋ฆฌ ๋ฐ ๋ฐฐํฌํ ์ ์๋ Registry
- AWS IAM ๊ณผ ํตํฉํ์ฌ ๊ฐ Repository ๋ฅผ ๋ฆฌ์์ค ์์ค์์ ์ ์ด ๊ฐ๋ฅ
- ์ ์๊ธ์ด๋ ์ฝ์ ์์ด ์ ์ฅํ ๋ฐ์ดํฐ์ ์ธํฐ๋ท์ผ๋ก ์ ์กํ ๋ฐ์ดํฐ์ ๋ํ ์๊ธ๋ง ์ง๋ถ
- Amazon Elastic Container Service (ECS)
- A highly scalable, high-performance container management system that enables you to run and scale containerized applications on AWS
- Amazon Elastic Kubernetes Service (EKS)
- A fully managed service that you can use to run Kubernetes on AWS
- AWS Fargate
- A
serverless
compute engine for containers that works with both Amazon ECS and Amazon EKS Eliminates
the need toprovision and manage the container hosts
- A
Storage
- Amazon S3
- A
Regional resource
service that providesobject-level storage
- Tag the objects in the S3 bucket to restrict access to the objects
- Amazon S3 Storage Classes
- S3 Standard
- ์ผ๋ฐ์ ์ธ ์ ์ฅ ๋ชฉ์
- ์ ๊ทผ์ด ๋น๋ฒํ ์คํ ๋ฆฌ์ง
- S3 Standard IA
- ๋ฐ์ดํฐ๋ฅผ ์ค๋ ๋ณด์ ํ๊ธฐ ์ํ ๋ชฉ์
- ์ ๊ทผ ๋น๋ ๋ฎ์
- 3๊ฐ ์ด์์ AZ ์ ์ ์ฅ๋จ
- S3 Standard ๋ณด๋ค ์ ๋ ด
- S3 One Zone IA
- S3 Standard IA ์ ๊ฐ์ง๋ง ์ค์ง 1๊ฐ์ AZ ์ ์ ์ฅ๋จ
- S3 Standard IA ๋ณด๋ค 20% ์ ๋ ด
- S3 Standard
- Amazon S3 Pricing
- Storage - Charged based on objectsโ sizes, storage classes, and how long you have stored each object during the month
- Requests and Data Retrievals - Charged based on requests made to Amazon S3 objects and buckets
- Data Transfer - You pay for data that you transfer into and out of Amazon S3
- Management and Replication - You pay for the storage management features that you have enabled on your accountโs Amazon S3 buckets
- A
- Amazon Elastic File System (EFS)
- A
scalable file storage service
that provides shared file storage formultiple Amazon EC2 instances
- Allows you to handle data that changes frequently and enables multiple users to access and modify the data simultaneously
- Multiple instances reading and writing simultaneously
- Linux file system
Regional resource
- Automatically scales
- A
- Amazon FSx
- A fully managed Windows file server
- A fully managed, highly reliable, and scalable file storage that is accessible over the
Server Message Block (SMB) protocol
- Amazon S3 Glacier
- S3 ์ ๊ฐ์ ๋ด๊ตฌ์ฑ, ์ฑ๋ฅ ๋ฐ ๊ฐ์ฉ์ฑ
- ์์นด์ด๋น, ์ฅ๊ธฐ๊ฐ ๋ฐฑ์ ๋ฐ ์ค๋๋ ๋ก๊ทธ ๋ฐ์ดํฐ ๋ณด๊ด ์ฉ๋
- ํ์ผ์ ๋ก๋ํ ๋ ๋น์ฉ ๋ฐ์
- ๋ค๋ฅธ S3 ์ ๋น๊ตํด์ ์ ์ผ ์ ๋ ด
- AWS Storage Gateway
- A
hybrid cloud storage service
that provides on-premises users access to virtually unlimited cloud storage - To extend the on-premise data storage capacity to the AWS Cloud
- Helps on-premises applications connect to AWS Cloud-based storage and caches the data locally for low-latency access
- Amazon S3 File Gateway
- Can store and retrieve objects in Amazon S3 using industry-standard file protocols such as
Network File System (NFS)
and Server Message Block (SMB)
- Can store and retrieve objects in Amazon S3 using industry-standard file protocols such as
- Amazon FSx File Gateway
- Provides low latency and efficient access to in-cloud FSx for Windows File Server file shares from your on-premises facility
- Tape Gateway
- Volume Gateway
- A
- AWS Backup
- AWS Elastic Disaster Recovery
Database
- Amazon RDS
- A service that enables you to run relational databases in the AWS Cloud
- Available on 6 database engines, which optimize for memory, performance, or input/output (I/O)
- Amazon Aurora
- PostgreSQL
- MySQL
- MariaDB
- Oracle Database
- Microsoft SQL Server
- Amazon Aurora
- An enterprise-class relational database service
- Compatible with MySQL and PostgreSQL
- Replicates six copies of your data across three Availability Zones
Continuously backs up
your data to Amazon S3
- Amazon ElastiCache (?)
- An
in-memory data store service
that addscaching layers on top of your databases
to help improve the read times of common requests - Supports
two types of data stores
:Redis
andMemcached
- An
- Amazon Neptune
- A graph database service that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs
- Amazon Quantum Ledger Database (QLDB) (?)
- A ledger database service that can be used to review a complete history of all the changes that have been made to your application data
- Amazon DocumentDB (?)
- A document database service that supports MongoDB workloads
- Amazon DynamoDB
- A fully managed serverless NoSQL database service that
replicates
data automatically acrossthree Availability Zones in a single region
to ensure high availability and durability with asingle-digit millisecond
performance Server-side encryption at rest is enabled
on all DynamoDB table data and cannot be disabled- Amazon DynamoDB Accelerator (DAX)
- An in-memory cache for DynamoDB that helps improve response times from single-digit milliseconds to microseconds
- A fully managed serverless NoSQL database service that
- Amazon MemoryDB for Redis
Migration & Transfer
- AWS Migration Hub
- ์ ํ๋ฆฌ์ผ์ด์ ๋ง์ด๊ทธ๋ ์ด์ ์ ๊ณํํ๊ณ ์ถ์ ํ๋ ๋ฐ ๋์์ด ๋๋ ์๋น์ค
- AWS Application Migration Service
- AWS MGN์ ์๋ํ๋ ๋ฆฌํํธ ์ค ์ํํธ ์๋ฃจ์ ์ ๋๋ค. ์ด ์๋ฃจ์ ์ ๋ฌผ๋ฆฌ์ ์๋ฒ์ ํด๋น ์๋ฒ์์ ์คํ๋๋ ๋ชจ๋ ๋ฐ์ดํฐ๋ฒ ์ด์ค ๋๋ ์ ํ๋ฆฌ์ผ์ด์ ์ AWS์ EC2 ์ธ์คํด์ค๋ก ๋ง์ด๊ทธ๋ ์ด์ ํ ์ ์์ต๋๋ค.
- AWS Application Discovery Service
- Application Discovery Service๋ ์จํ๋ ๋ฏธ์ค ์๋ฒ์ ์ฌ์ฉ ๋ฐ ๊ตฌ์ฑ์ ๋ํ ์ ๋ณด๋ฅผ ์์งํ์ฌ AWS๋ก์ ๋ง์ด๊ทธ๋ ์ด์ ์ ๊ณํํ๋ ๋ฐ ๋์์ด ๋ฉ๋๋ค.
- Gathering
information about its on-premises infrastructure
and requires information such as the hostname, IP address, and MAC address
- AWS Database Migration Service (DMS)
- Enables you to migrate relational databases, nonrelational databases, and other types of data stores
- Other use cases
- Development and test database migrations
- Database consolidation
- Continuous replication
- AWS Schema Conversion Tool (AWS SCT)
- AWS Transfer Family
- AWS Snow Family
- A collection of physical devices that help to physically transport up to exabytes of data into and out of AWS
- AWS Snowcone
- A small, rugged, and secure edge computing and data transfer device
- It features
2 CPUs
,4 GB of memory
, and up to14 TB of usable storage
- AWS Snowball
- Snowball Edge Storage Optimized
- Storage:
80 TB of hard disk drive (HDD)
capacity for block volumes and Amazon S3 compatible object storage, and1 TB of SATA solid state drive (SSD)
for block volumes - Compute:
40 vCPUs
, and80 GiB of memory
to support Amazon EC2 sbe1 instances (equivalent to C5)
- Storage:
- Snowball Edge Compute Optimized
- Storage:
80-TB usable HDD
capacity for Amazon S3 compatible object storage or Amazon EBS compatible block volumes and28 TB of usable NVMe SSD
capacity for Amazon EBS compatible block volumes - Compute:
104 vCPUs
,416 GiB of memory
, and an optional NVIDIA Tesla V100 GPU
- Storage:
- Snowball Edge Storage Optimized
- AWS Snowmobile
- An exabyte-scale data transfer service used to move large amounts of data to AWS
- Can transfer up to
100 petabytes
of data per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi trailer truck
Networking & Content Delivery
- Amazon VPC
- User-defined logically isolated virtual network
- Requires internet gateway to access services such as S3, DynamoDB from VPC
- VPC Flow Logs
- To capture information about inbound and outbound traffic in an Amazon VPC
- VPC Endpoints
- Gateway VPC endpoints provide reliable connectivity to
Amazon S3
andDynamoDB
without requiring an internet gateway or a NAT device for your VPC
- Gateway VPC endpoints provide reliable connectivity to
- VPC Peering
- To establish a connection between
2 VPCs
- To establish a connection between
- Network ACLs
- A
Stateless
virtual firewall that controls inbound and outbound traffic for thesubnet
- Process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic
Default
network ACLallows all inbound and outbound
traffic
- A
- Security Groups
- A
Stateful
virtual firewall that controls inbound and outbound traffic for anEC2
- By
default
, itdenies all inbound
traffic andallows all outbound
traffic
- A
- Network Firewall
- To prevent employees from using their Amazon Workspaces virtual desktops to visit specific websites that are known to be malicious
- Virtual Private Gateway
- Allows protected internet traffic to enter into the VPC
- Enables you to establish a VPN connection between your VPC and a private network
- AWS Site-to-Site VPN
- Creates an
encrypted network path
between on-premises network and AWS Cloud network - This
connection uses the internet
, so you cannot expect consistency - Even though the traffic is encrypted, the connection is
not private
because the internet is a shared resource - Composed of
Virtual Private Gateway
andCustomer Gateway
- Creates an
- AWS Client VPN
- A managed client-based VPN service
- To securely access AWS resources and the resources in on-premises network
- Can access resources from any location through an OpenVPN-based VPN client
- To connect individual laptops to AWS, not an entire data center
- Transit Gateway
- To connect and centrally manage network connectivity between
multiple VPCs
in several AWS Regions around the world
- To connect and centrally manage network connectivity between
- Amazon CloudFront
- ์ ์ธ๊ณ ์ฃ์ง ๋ก์ผ์ด์ ์ ์ปจํ ์ธ ๋ฅผ ์บ์ฑํ์ฌ ์ฑ๋ฅ์ด ํฅ์๋ CDN ์๋น์ค
- DDoS ๋ฐฉ์ด ๋ฌด๋ฃ ์ ๊ณต (AWS Shield Standard)
- CloudFront๋ ์ ์ ๋ฐ ๋์ ์น ์ฝํ ์ธ ๋ฅผ ์ฌ์ฉ์์๊ฒ ๋น ๋ฅด๊ฒ ๋ฐฐํฌํ๋ ์น ์๋น์ค
- CloudFront๋ ์ฃ์ง ๋ก์ผ์ด์ ์ด๋ผ๊ณ ํ๋ ๋ฐ์ดํฐ ์ผํฐ์ ์ ์ธ๊ณ ๋คํธ์ํฌ๋ฅผ ํตํด ์ฝํ ์ธ ๋ฅผ ์ ๊ณต
- CloudFront๋ฅผ ํตํด ์ ๊ณตํ๋ ์ฝํ ์ธ ๋ฅผ ์ฌ์ฉ์๊ฐ ์์ฒญํ๋ฉด ํด๋น ์์ฒญ์ ์ง์ฐ ์๊ฐ์ด ๊ฐ์ฅ ์งง์ ์ฃ์ง ๋ก์ผ์ด์ ์ผ๋ก ๋ผ์ฐํ ๋จ
- ์ฝํ ์ธ ๋ ์ฃ์ง ๋ก์ผ์ด์ ์์ ์บ์๋์ด ๋ฐ๋ณต์ ์ผ๋ก ์ก์ธ์ค๋๋ ์ฝํ ์ธ ๋ ์์ค S3 ๋ฒํท ๋์ ์ฃ์ง ๋ก์ผ์ด์ ์์ ์ ๊ณต๋จ
- Amazon Route 53
- DNS responses come directly from the edge locations
- Route 53์ ๊ฐ์ฉ์ฑ๊ณผ ํ์ฅ์ฑ์ด ๋ฐ์ด๋ DNS ์น ์๋น์ค
- Route 53์ 3๊ฐ์ง ์ฃผ์ ๊ธฐ๋ฅ
- ๋๋ฉ์ธ ์ด๋ฆ ๋ฑ๋ก
- ์ธํฐ๋ท ํธ๋ํฝ์ ๋๋ฉ์ธ์ ๋ฆฌ์์ค๋ก ๋ผ์ฐํ
- ํด๋น ๋ฆฌ์์ค์ ์ํ๋ฅผ ํ์ธ
- Amazon API Gateway
- To publish and manage web services that provide REST APIs
- AWS Direct Connect
- Links internal network to a Direct Connect location through a standard
Ethernet fiber-optic cable
to create aprivate connection
between anon-premises
and anAWS Cloud
workload - One end of the cable connects to your router and the other end of the cable connects to a Direct Connect router
Consistent
andprivate
because your company is theonly user of the cable
- Links internal network to a Direct Connect location through a standard
- AWS Global Accelerator
- To
improve
the overallavailability and performance
of its applications that are hosted on AWS - To route requests for key resources through Amazonโs global network
- Request is initially routed to the closest
edge location
and then travels through Amazonโs network
- To
Developer Tools
- AWS CodeStar
- A cloudโbased development service that provides the tools you need to quickly develop, build, and deploy applications on AWS
- To set up an
entire development and continuous delivery toolchain
for coding, building, testing, and deploying code
- AWS CodeCommit
- A secure, highly scalable, fully managed
source control service
that hosts private Git repositories
- A secure, highly scalable, fully managed
- AWS CodeBuild
- ์ฌ์ฉ์๊ฐ ์์ค ์ฝ๋๋ฅผ ์๋์ผ๋ก
์ปดํ์ผ
ํ๊ณ ,๋จ์ ํ ์คํธ
๋ฅผ ์คํํ๊ณ , ๋ฐฐํฌ ์ค๋น๊ฐ ๋์ํํธ์จ์ด ํจํค์ง
๋ฅผ ์์ฑํ ์ ์๋๋ก ๋์์ฃผ๋ ์๋น์ค
- ์ฌ์ฉ์๊ฐ ์์ค ์ฝ๋๋ฅผ ์๋์ผ๋ก
- AWS CodeDeploy
- A service that
automates code deployments
to any instance, including Amazon EC2 instances and instances running on-premises
- A service that
- AWS CodePipeline
- A
continuous delivery service
you can use to model, visualize, and automate the steps required to release your software
- A
- AWS Cloud9
- A cloud-based integrated development environment (IDE)
- AWS CloudShell
- AWS CLI ์ปค๋งจ๋๋ก ๋ฆฌ์์ค์ ์ก์ธ์คํ ์ ์์
- AWS X-Ray
- To
trace user requests
as they move through the applicationโs components - To view end-to-end performance metrics and troubleshoot distributed applications
- To
- AWS CodeArtifact
- ๋ฐฐํฌ ์ค๋น๊ฐ ๋ ์ํํธ์จ์ด๋ฅผ ์ ์ฅํ๊ณ ๊ณต์ ํ๋ ๊ด๋ฆฌํ ์ํฐํฉํธ ๋ฆฌํฌ์งํ ๋ฆฌ ์๋น์ค
- AWS AppConfig
- Speeds up
software release
frequency, improves application resiliency, and helps you address emergent issues more quickly
- Speeds up
Customer Enablement
- AWS IQ
- Connects you to AWS Certified experts for hands-on help for your AWS projects
- AWS Managed Services (AMS)
- Helps you adopt AWS at scale and operate more efficiently and securely
- AWS Activate for Startups
- Provides startups with the resources they need to build, launch, and scale on AWS
- AWS Support
Management & Governance
- AWS Organizations
- A central location to manage multiple AWS accounts
- Consolidated Billing
- To receive a single bill for all AWS accounts in the organization
- Organizational Units (OUs)
- Hierarchical groupings of accounts to meet security, compliance, or budgetary needs
- Service Control Policies (SCPs)
- To place
restrictions
on the AWS services, resources, and individual API actions that users and rolesin each account
can access - Can be applied to
individual member accounts
andOUs
- To place
- Amazon CloudWatch
- A web service that enables you to
monitor and manage various metrics
and configure alarm actions based on data from those metrics - CloudWatch Dashboard
- Enables you to access all the metrics for your resources from a single location
- CloudWatch Alarms
- Can create alarms(opens in a new tab) that automatically perform actions if the value of your metric has gone above or below a predefined threshold
- CloudWatch Logs Insights
- To perform queries and interactively search and analyze log data
- A web service that enables you to
- AWS Auto Scaling
- Monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost
- AWS CloudFormation
- To deploy a service to the AWS Cloud by using infrastructure-as-code (IaC) principles
- AWS Config
- A fully managed service that provides you with resource inventory,
configuration history
, andconfiguration change notifications
to use security and governance - To assess, audit, and evaluate the configurations of your AWS resources
- An example of AWS Well-Architected Framework
Security
pillar
- A fully managed service that provides you with resource inventory,
- AWS Service Catalog
- To limit its employeesโ AWS access to a portfolio of predefined AWS resources
- To
manage
deployed IT services and govern itsinfrastructure as code (IaC) templates
- AWS Systems Manager
- Session Manager
- Allows you to start interactive sessions with your instances directly from the AWS Management Console or through the AWS CLI
- It provides secure and auditable
access
to instanceswithout
the need to open inboundSSH ports
and managingSSH keys
- Session Manager
- AWS Trusted Advisor
- A web service that
inspects your AWS environment
and providesreal-time recommendations
in accordance with AWS best practices in 5 categories- Cost Optimization
- Performance
- Security
- Fault Tolerance
- Service Limits
- A web service that
- AWS Control Tower
- AWS License Manager
- AWS Well-Architected Tool
- AWS Health Dashboard
Alerts
when anAWS event
may impact a companyโs AWS resources- To learn about AWS service availability and operations
- AWS Launch Wizard
- AWS Compute Optimizer
- Can identify
rightsizing
opportunities for Amazon EC2 instances
- Can identify
- AWS Resource Groups & Tag Editor
- AWS CloudTrail
- Records AWS API calls and events for
audit
and compliance purposes- To see if the security group was changed
- To identify the last time that a specific user accessed the AWS Management Console
- CloudTrail Insights
- Allows CloudTrail to automatically detect unusual API activities in your AWS account
- Records AWS API calls and events for
Machine Learning
- Amazon SageMaker
- To quickly build, train, and deploy machine learning models at scale
- Amazon Comprehend
- Discover patterns in text through NLP
- Amazon Kendra
- An
intelligent search service
that uses natural language processing and advanced machine learning algorithms to return specific answers to search questions from your data
- An
- Amazon Polly
- ํ ์คํธ๋ฅผ ์์ฑ์ผ๋ก ๋ณํํ๋ ๊ธฐ๊ณ ํ์ต ์๋น์ค
- Amazon Rekognition
- ์ด๋ฏธ์ง, ๋น๋์ค ๋ถ์ ์๋น์ค
- ์ฌ์ง์ ๋ํ๋๋ ๊ฐ์ฒด๋ฅผ ์๋์ผ๋ก ๊ฐ์ง
- Amazon Textract
- Extracting text and data from documents
- Amazon Transcribe
- Convert speech to text
- Amazon Translate
- ๊ธฐ๊ณ ํ์ต ์ธ์ด ๋ฒ์ญ ์๋น์ค
- Amazon Lex
- Interactive chat bot (Alexa)
Analytics
- Amazon Athena
- To
query
the data in an AmazonS3 bucket
by usingstandard SQL
- To
- Amazon Redshift
- A
petabyte-scale data warehousing service
to perform complex analytical queries
- A
- Amazon OpenSearch Service
- Amazon Kinesis
- Data Analytics
- To analyze streaming user data and respond to customer queries in real time
- Data Analytics
- Amazon QuickSight
- Supports the creation of
visual
reports from AWS Cost and Usage Report data
- Supports the creation of
- AWS Data Exchange
- Amazon Managed Streaming for Apache Kafka (MSK)
- AWS Glue
- ๋ถ์์ ์ํ ๋ฐ์ดํฐ๋ฅผ ์ฝ๊ฒ ์ค๋นํ๋๋ก ํด์ฃผ๋ ์๋น์ค
- Amazon Elastic MapReduce (EMR)
- EC2 ์์ ๋๋์ ๋ฐ์ดํฐ๋ฅผ ์ฝ๊ณ ๋น ๋ฅด๊ฒ ๋น์ฉ ํจ์จ์ ์ผ๋ก ์ฒ๋ฆฌํ ์ ์๋ AWS ๊ด๋ฆฌํ Hadoop ํ๋ ์์ํฌ
- Elastic MapReduce: ๋ถ์ฐ ์ฒ๋ฆฌ ํ ํฉ์น๋ ๊ณผ์ ์ MapReduce ๋ผ๊ณ ํจ
Security, Identity, & Compliance
- AWS Resource Access Manager (RAM)
- Amazon Cognito
- An identity platform for web and mobile apps
- A user directory, an authentication server, and an authorization service for
OAuth 2.0
access tokens and AWS credentials - To implement
identity management
for a fleet of mobile apps that are running in the AWS Cloud
- AWS Secrets Manager
- To establish a schedule for
rotating
databaseuser credentials
with the LEAST amount of operational overhead - To design a
centralized storage system
tomanage
the configuration data andpasswords
for its critical business applications
- To establish a schedule for
- Amazon GuardDuty
- A service that provides intelligent
threat detection
for your AWS infrastructure and resources
- A service that provides intelligent
- Amazon Inspector
- A service that checks applications for
security vulnerabilities
and deviations from security best practices - Helps to improve the security and compliance of applications by running automated
security assessments
- A service that checks applications for
- Amazon Macie
- Uses
machine learning
to help discover, monitor, and protectsensitive data
such asPII
that is stored in Amazon S3 buckets
- Uses
- AWS IAM Identity Center (AWS Single Sign-On)
- A central user portal that users can log in to
third-party business applications
that supportSecurity Assertion Markup Language (SAML) 2.0
- A central user portal that users can log in to
- AWS Certificate Manager (ACM)
- To secure web application by using SSL/TLS to encrypt traffic
- AWS Key Management Service (KMS)
- Enables you to perform encryption operations through the use of cryptographic keys for both
encryption at rest
andencryption in transit
- Enables you to perform encryption operations through the use of cryptographic keys for both
- AWS CloudHSM
- AWS Directory Service
- AWS WAF & Shield
- Filter traffic in edge locations
- AWS WAF
- A web application firewall that lets you monitor network requests that come into your web applications
- Works with
CloudFront
,API Gateway
,Application Load Balancer
- SQL Injection, XSS protection
- AWS Shield
- DDoS protection
- AWS Firewall Manager
- AWS Artifact
- A service that provides
on-demand
access to AWSsecurity and compliance reports
and select online agreements - Provides AWS ISO certifications
- A service that provides
- Amazon Detective
- Uses
machine learning
to identifysuspicious activities
in its AWS account
- Uses
- AWS Security Hub
- A
cloud security posture management (CSPM) service
that aggregates alerts from various AWS services and partner products in a standardized format
- A
- AWS Audit Manager
Automates evidence collection
so you can more easily assess whether your policies, procedures, and activities are operating effectively
- AWS Identity and Access Management (IAM)
- Enables you to manage access to AWS services and resources securely
- AWS account root user
- The first sign-in identity that is available when an AWS account is created
- IAM User Groups
- A collection of IAM users
- IAM Users
- An identity that you create in AWS
- By default, it has no permissions associated with it
- IAM Roles
- An identity that you can assume to gain
temporary access
to permissions - Ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term
- To grant users in one AWS account access to resources in another AWS account
- An identity that you can assume to gain
- IAM Policies
- A document that allows or denies permissions to AWS services and resources
- Follow the security principle of
least privilege
when granting permissions
- IAM Access Analyzer
Identifies
whether an Amazon S3 bucket or an IAM role has beenshared
with anexternal entity
such asanother AWS account
- Checks access policies and offers actionable recommendations to help users set secure and functional policies
- IAM Credential Report
- To
audit
its password and access key rotation details forcompliance
purposes
- To
- AWS Security Token Service (STS)
- To request
temporary
,limited-privilege
credentials for users
- To request
Cloud Financial Management
- AWS Marketplace Subscriptions
- A digital catalog that includes thousands of software listings from independent software vendors such as AWS WAF - Fortinet OWASP Top 10
- AWS Billing Conductor
- A
customizable billing service
, allowing you to customize your billing data to match your desired showback or chargeback business logic
- A
- AWS Billing and Cost Management
- Cost Explorer
- A tool that lets you visualize, understand, and manage your AWS costs and usage over time
- To forecast future costs and usage of AWS resources based on past consumption
- Reserved Instances ๊ณต์ ๋ฅผ ์ํด AWS ๊ณ์ ์ ๊ด๋ฆฌํ๋ ๊ณณ
- Cost Allocation Tags
- To determine which business unit is using specific AWS resources
- Budgets
- To plan your service usage, service costs, and instance reservations
Alerts
when your usage exceeds (or is forecasted to exceed) the budgeted amount
- Cost and Usage Report
- Cost Explorer
Front-end Web & Mobile
- AWS Amplify
- A
set of purpose-built tools and features
that enables frontend web and mobile developers toquickly and easily build
full-stack applications on AWS
- A
- AWS AppSync
- Enables developers to connect their applications and services to data and events with secure, server-less, and high-performing GraphQL and Pub/Sub APIs
- AWS Device Farm
- An
application testing service
that lets you improve the quality of your web and mobile apps by testing them across an extensive range ofdesktop browsers and real mobile devices
- An
Application Integration
- AWS Step Functions
- A low-code,
visual workflow service
that developers can use to builddistributed applications
, automate processes,orchestrate microservices
, and create data and machine learning (ML) pipelines
- A low-code,
- Amazon EventBridge
- Amazon Simple Notification Service (SNS)
- A publish/subscribe service
- To send both text and email messages from distributed applications
- Amazon Simple Queue Service (SQS)
- A message queuing service
- To decouple applications
- Helps developers use loose coupling and reliable messaging between microservices
Business Applications
- Amazon Connect
- An omnichannel
cloud contact center
that helps you provide superior customer service at a lower cost - Amazon Connect provides a seamless experience across voice and chat for your customers and agents
- An omnichannel
- Amazon Simple Email Service (SES)
End User Computing
- Amazon WorkSpaces
- Virtual Windows desktop for
entire working environment
- Virtual Windows desktop for
- Amazon AppStream 2.0
- To use the AWS Cloud to provide secure access to
individual desktop applications
that are running in a fully managed environment
- To use the AWS Cloud to provide secure access to
- Amazon WorkSpaces Web
- An on-demand, fully managed, Linux-based service designed to facilitate secure
browser access
to internal websites and software-as-a-service (SaaS) applications
- An on-demand, fully managed, Linux-based service designed to facilitate secure
Internet of Things
- AWS IoT Greengrass
- Enables local processing, messaging, data management, ML inference, and offers prebuilt components to accelerate application development
- Provides a secure way to seamlessly
connect
youredge devices
to anyAWS service
as well as to third-party services
- AWS IoT Core
- A managed cloud service that lets connected devices
easily and securely interact
with cloud applications and other devices
- A managed cloud service that lets connected devices