What is AWS basic support?

● AWS basic support offers AWS customers access to the AWS resource Center, service
health dashboard, Product FAQ, Discussion forums, and provide health checks for no
additional charge.

What is AWS trusted Advisor?: AWS Trusted Advisor is a tool that provides best practice
recommendations in your AWS account.

What is an AWS Technical account manager?: They advise and guide you on building a
plan, create solutions, and make sure you use AWS best practices, as well as give you insight
on all things AWS.

What are AWS Discussion Forums?: You can post operational issues or technical
questions at AWS Discussion Forums and get technical assistance from the AWS
community. The discussion forums allow the community to exchange thoughts and
ideas they may have with each other.

What is AWS Concierge Support?: provides you with a concierge-like service where
the main focus is helping you achieve your outcomes and find success in the cloud.

What is AWS Snowmobile?: It’s a Physical product that makes an easy way for you to
move massive amounts of data to the cloud. YOu can transfer up to 100PB of data per
snowmobile. And has lots of layers of security. Such as 24/7 surveillance, and data
encryption.

AWS Snowcone: is the smallest member of the AWS Snow Family of edge computing,
edge storage, and data transfer devices, weighing in at 4.5 pounds (2.1 kg) with 8
terabytes of usable storage. Snowcone is ruggedized, secure, and purpose-built for use
outside of a traditional data center. Its small form factor makes it a perfect fit for tight
spaces or where portability is a necessity and network connectivity is unreliable.

AWS Snowball Edge: is a data migration and edge computing device that comes in two
options. Snowball Edge Storage Optimized provides both block storage and Amazon S3-
compatible object storage, and 24 vCPUs. It is well suited for local storage and large
scale data transfer. Snowball Edge Compute Optimized provides 52 vCPUs, block and
object storage, and an optional GPU for use cases such as advanced machine learning
and full-motion video analysis in disconnected environments. accelerates moving
terabytes to petabytes of data into and out of AWS using appliances with on-board
storage and compute capabilities
What is AWS Data Exchange? : it is a service that makes it easy for millions of AWS
customers to securely find, subscribe to, and use third-party data in the cloud.

What is AWS Data Pipeline?: lets you provision pipelines and remove the
development and maintenance effort required to manage your daily data operations,
letting you focus on generating insights from that data.

AWS Firewall Manager?:

● is a security management service that allows you to centrally configure and
manage firewall rules across your accounts and applications in AWS
Organizations. As new applications are created, the Firewall Manager makes it
easy to bring new applications and resources into compliance by enforcing a
common set of security rules.
● Geo Match conditions block countries from access that you don't give
permission to

AWS Shield:
● A managed DDOS protection service
● Provides Detection and automatic mitigation that minimize application
downtime and latency
● Mitigates Various types of flood attacks

Amazon Guard Duty:

● Threat Service
● Identifies Malicious or unauthorized Activities
● Also, detects potentially compromised Amazon EC2 instances
● Produces security reports called” findings”
● Able to send notifications using cloudWatch events
● Is not capable of actually preventing attacks and is only used for discovering threats.

What is Amazon ElastiCache? offers fully managed Redis and Memcached. Seamlessly
deploy, run, and scale popular open source compatible in-memory data stores. With this
service, you can build data-intensive apps or improve the performance of your existing apps
by retrieving data from high throughput and low latency in-memory data stores. is the most
suitable one to use to store the results of I/O-intensive SQL database queries to improve
application performance.

The different types of ElastiCache services are:

ElastiCache for Redis – it is a blazing fast in-memory data store that provides sub-
millisecond latency to power internet-scale real-time applications.

ElastiCache for Memcached- a Memcached-compatible in-memory key-value store

service that can be used as a cache or a data store.

ElastiCache for Redis Global Database – you can write to your ElastiCache for Redis
cluster in one region and have the data available to be read from two other cross-region
replica clusters, thereby enabling low-latency reads and disaster recovery across regions.

Amazon Macie: is a security service that uses machine learning to automatically discover,
classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data such
as personally identifiable information (PII) or intellectual property and provides you with
dashboards and alerts that give visibility into how this data is being accessed or moved. The
fully managed service continuously monitors data access activity for anomalies and
generates detailed alerts when it detects the risk of unauthorized access or inadvertent data
leaks.

AWS Web Application Firewall (WAF): is a web application firewall that helps protect your
web applications from common web exploits that could affect application availability,
compromise security, or consume excessive resources. You can use AWS WAF to create
custom rules that block common attack patterns, such as SQL injection or cross-site
scripting, and rules that are designed for your specific application. Is a global service.
gives you control over how traffic reaches your applications by enabling you to create
security rules that block common attack patterns, such as SQL injection or cross-site
scripting, and rules that filter out specific traffic patterns you define.

What is Amazon CloudFront? is a content delivery network service that securely delivers
data, videos, applications, and APIs to customers globally with low latency, high transfer
speeds, all within a developer-friendly environment.

AWS Application Migration Service (MGN): Service simplifies and expedites your migration
to AWS by automatically converting your source servers from physical, virtual, or cloud
infrastructure to run natively on AWS. It further simplifies your migration and reduces costs
by enabling you to use the same automated process for a wide range of applications.
is the most suitable one to use to store the results of I/O-intensive SQL database queries to
improve application performance
Technical Account Manager (TAM): provides advocacy and guidance to help plan and build
solutions using best practices, coordinates access to subject matter experts and product
teams, and proactively keeps your AWS environment operationally healthy.

AWS Personal Health Dashboard A personalized view of the health of AWS services, and
alerts when your resources are impacted. Also includes the Health API for integration with
your existing management systems. used to notify you when AWS is experiencing events
that may impact you. h provides ongoing visibility into your resource performance and the
availability of your AWS services and accounts. You can use AWS Health events to learn
how service and resource changes might affect your applications running on AWS. AWS
Health provides relevant and timely information to help you manage events in progress.
AWS Health also helps you be aware of and to prepare for planned activities. The service
delivers alerts and notifications triggered by changes in the health of AWS resources so that
you get near-instant event visibility and guidance to help accelerate troubleshooting.

AWS Support API: WS Support Center features to create, manage, and close your support
cases, and operationally manage your Trusted Advisor check requests and status.

Amazon AppStream 2.0: provides users with instant access to their desktop applications
from anywhere. AppStream 2.0 manages the AWS resources required to host and run your
applications, scales automatically, and provides access to your users on demand.
AppStream 2.0 provides users access to the applications they need on the device

Amazon Kinesis Data Streams: is the service used to ingest real-time data such as video,
audio, application logs, website clickstreams, and IoT telemetry data for machine learning,
analytics, and other applications. Amazon Kinesis enables you to process and analyze data
as it arrives and responds instantly instead of having to wait until all your data is collected
before the processing can begin.

AWS AppSync: mainly used to develop GraphQL APIs

AWS Resource Groups: lets you organize AWS resources such as Amazon EC2
instances, Amazon Relational Database Service databases, and Amazon S3 buckets into
groups using criteria that you define as tags. organize and consolidate information based on
criteria specified in tags or resources in AWS

Amazon CloudWatch Dashboard: is a customizable home page in the CloudWatch

console that you can use to monitor your resources in a single view. This service is not
suitable for organizing AWS resources. You only use CloudWatch Dashboards if you need
to monitor your services’ performance in a single view.
AWS IAM Group: This is just a collection of IAM users. To manage common access
permissions Attach the necessary policies or permissions required to a new IAM Group then
afterwards, add the IAM Users to the IAM group. To improve user security Configure a
strong password policy for your users and Enable Multi-Factor Authentication (MFA).A
group can contain many users, and a user can belong to multiple groups. Is a global
service. You should lock away your AWS account root user access keys. AWS account
alias in IAM is A substitute for an account ID in the web address for your account

IAM Users: Can be used to create an account that will be used for long-term programmatic
access to AWS.are long-term credentials for an IAM user or the AWS account root user.
You can use access keys to sign programmatic requests to the AWS CLI or AWS API
(directly or using the AWS SDK).

Access keys: Access keys consist of two parts: an access key ID and a secret access key.
You can use access keys to sign programmatic requests to the AWS CLI or AWS API. Use
also to upload SSL certifications. AWS make use of access keys for long-term
programmatic credentials

AWS Quick Starts: are built by AWS solutions architects and partners to help you deploy
popular technologies on AWS, based on AWS best practices for security and high
availability. These accelerators reduce hundreds of manual procedures into just a few
steps, so you can build your production environment quickly and start using it immediately.

AWS Directory Service: this provides directories that contain information about your
organization, users, groups, computers, and other resources. This service is not capable of
organizing a collection of resources.

Elasticity: is the ability to acquire resources as you need them and release resources when
you no longer need them. In the cloud, you want to do this automatically.

Decouple your components: Tells us that we should build components that do not have
tight dependencies on each other, so that if one component were to die (fail), sleep (not
respond) or remain busy (slow to respond) for some reason, the other components in the
system are built so as to continue to work as if no failure is happening. The cloud reinforces
the Service-Oriented Architecture (SOA) design principle

Amazon MQ: is a managed message broker service for Apache ActiveMQ that makes it
easy to set up and operate message brokers in the cloud. Amazon MQ manages the
administration and maintenance of ActiveMQ, a popular open-source message broker. You
can also get direct access to the ActiveMQ console and industry-standard APIs and
protocols for messaging, including JMS, NMS, AMQP, STOMP, MQTT, and WebSocket.
Multipart upload(api): allows you to upload a single object as a set of parts. Each part is a
contiguous portion of the object’s data. You can upload these object parts independently
and in any order. If transmission of any part fails, you can retransmit that part without
affecting other parts. After all parts of your object are uploaded, Amazon S3 assembles
these parts and creates the object.

Lifecycle policy: You can use lifecycle policies in S3 to automatically move your
infrequently accessed data to a more cost-effective storage class such as S3-IA or Glacier.
Have the customer directly upload the sprites to S3 Standard – Infrequent Access.

Amazon API Gateway: is a fully managed service that makes it easy for developers to
create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the "front
door" for applications to access data, business logic, or functionality from your backend
services. This is a serverless platform

AWS Outposts: is a fully managed service that extends AWS infrastructure, AWS services,
APIs, and tools to virtually any data center, co-location space, or on-premises facility for a
truly consistent hybrid experience. AWS Outposts is ideal for workloads that require low
latency access to on-premises systems, local data processing, or local data storage.

AWS Wavelength: this is not a service for hybrid infrastructure. Wavelength only brings
AWS services to the edge of the 5G network, minimizing the latency to connect to an
application from a mobile device.

AWS Database Migration Service: helps you migrate databases to AWS quickly and
securely. The source database remains fully operational during the migration, minimizing
downtime to applications that rely on the database. The AWS Database Migration Service
can migrate your data to and from most widely used commercial and open-source
databases.

AWS Lambda: this is simply an event-driven, serverless computing platform. It helps you
run code without managing any servers or clusters

Availability Zone and a Local Zone?: An Availability Zone is an isolated location

within an AWS region. A Local Zone is an extension of an AWS Region in
geographic proximity to your users.

Amazon Redshift: is a fast, fully managed data warehouse that makes it simple and cost-
effective to analyze all your data using standard SQL and your existing Business Intelligence
(BI) tools. It allows you to run complex analytic queries against petabytes of structured data,
using sophisticated query optimization. use to run complex analytic queries against terabytes to
petabytes of structured data

AWS Global Accelerator: is a service that improves the availability and performance
of your applications with local or global users. It provides you with static IP addresses that
serve as a fixed entry point to your applications hosted in one or more AWS Regions. These
IP addresses are anycast from AWS edge locations, so they’re announced from multiple
AWS edge locations at the same time. This enables traffic to ingress onto the AWS global
network as close to your users as possible. Also helps decrease latency in accessing
applications hosted in AWS

Amazon Route 53: Route 53 is a highly available and scalable Domain Name System
(DNS), domain name registration, and health-checking web services. Also, Route 53 is
mainly used to translate specific domain names into their corresponding IP addresses. will
be able to reroute traffic to your secondary EC2 instances in another region during disaster
recovery. DNS Resolution is also a capability

Amazon Comprehend: is a natural language processing service that uses machine

learning to find meaning and insights in text. Natural Language Processing is a way for
computers to analyze, understand, and derive meaning from textual information in a smart
and useful way. By utilizing NLP, you can extract important phrases, sentiment, syntax, key
entities such as brand, date, location, person, etc., and the language of the text.

Amazon Elastic Compute Cloud (Amazon EC2): provides scalable computing capacity in
the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest
in hardware upfront, so you can develop and deploy applications faster. You can use
Amazon EC2 to launch as many or as few virtual servers as you need, configure security
and networking, and manage storage. use if there is a need to launch a customized self-
hosted database that requires a scheduled shutdown every night to save on cost.
Customers should use it to launch new databases. Can host SQL server databases. If a
client reaches a limit they should Create a case in the AWS Support Center page and
request a service limit increase. AWS charges you for data transferred between two
different Regions. EC2 is an infrastructure as a service (IaaS). is a zonal service

Amazon Elastic File System (Amazon EFS): provides simple, scalable file storage for
use with Amazon EC2. With Amazon EFS, storage capacity is elastic, growing and
shrinking automatically as you add and remove files, so your applications have the storage
when they need it. Amazon EFS has a simple web services interface that allows you to
create and configure file systems quickly and easily. able to support massive parallel
access. Is a regional service
HIPAA (Health Insurance Portability and Accountability Act): is United States legislation
that provides data privacy and security provisions for safeguarding medical information.
AWS enables covered entities and their business associates subject to the HIPAA to use
the secure AWS environment to process, maintain, and store protected health information.

Systems Manager: is a fully managed AWS Systems Manager capability that lets you
manage your EC2 instances, on-premises instances, and virtual machines (VMs) through
an interactive one-click browser-based shell or through the AWS CLI. allows me to patch
my Windows EC2 instances without having to RDP into them

AWS Management Console: a simple web interface for Amazon Web Services. You can
log in using your AWS account name and password. can use to launch a new Amazon
RDS database cluster to your VPC

AWS Resource Groups: this lets you organize AWS resources such as Amazon EC2
instances, Amazon Relational Database Service databases, and Amazon S3 buckets into
groups using criteria that you define as tags.

AWS Billing Console: Contains the Cost explorer

AWS Config: is a service that enables you to assess, audit, and evaluate the configurations
of your AWS resources. Config continuously monitors and records your AWS resource
configurations and allows you to automate the evaluation of recorded configurations against
desired configurations. can monitor the compliance status of your AWS resources
against a set of compliance guidelines

AWS Systems Manager: allows you to centralize operational data from multiple AWS
services and automate tasks across your AWS resources. You can create logical groups of
resources such as applications, different layers of an application stack, or production versus
development environments. can monitor the compliance status of your AWS resources
against a set of compliance guidelines

AWS Artifact: go-to, central resource for compliance-related information that matters to
you. provides on-demand access to AWS’ security and compliance reports and select
online agreements. Reports available in AWS Artifact include our Service Organization
Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from
accreditation bodies across geographies and compliance verticals that validate the
implementation and operating effectiveness of AWS security controls.
Advantage of using managed services like RDS, ElastiCache, and CloudSearch in
AWS?: Simplifies all of your OS patching and backup activities to help keep your resources
current and secure

Amazon Relational Database Service: makes it easy to set up, operate, and scale a
relational database in the cloud. It provides cost-efficient and resizable capacity
while automating time-consuming administration tasks such as hardware
provisioning, database setup, patching, and backups. Oracle is an RDS engine

AWS Organizations: Organizations help you to centrally manage billing; control access,
compliance, and security; and share resources across your AWS accounts. helps you
centrally govern your environment as you grow and scale your workloads on AWS. Whether
you are a growing startup or a large enterprise. Use AWS Organizations and enable the
consolidated billing feature. Service Control Policy can restrict which AWS services,
resources, and individual API actions the users and roles in each member account can
access. You can also define conditions for limiting access to AWS services, resources, and
API actions. Automate AWS account creation and management. Centrally manage policies
across multiple AWS accounts. Centrally manage policies across multiple AWS accounts

Amazon Route 53: highly available and scalable cloud Domain Name System (DNS) web
service. It is designed to give developers and businesses an extremely reliable and cost-
effective way to route end users to Internet applications by translating names like
www.tutorialsdojo.com into the numeric IP addresses like 192.0.2.1 that computers use to
connect to each other. Is a global service.

Amazon Rekognition: makes it easy to add image and video analysis to your applications.
You just provide an image or video to the Rekognition API, and the service can identify the
objects, people, text, scenes, and activities, as well as detect any inappropriate content.
Amazon Rekognition also provides highly accurate facial analysis and facial recognition on
images and videos that you provide. You can detect, analyze, and compare faces for a wide
variety of user verification, people counting, and public safety use cases.

AWS CodePipeline: is a fully managed continuous delivery service that helps you
automate your release pipelines for fast and reliable application and infrastructure updates.
AWS CodePipeline automates the build, test, and deploy phases of your release process
every time there is a code change, based on the release model you define.

Amazon FSx : makes it easy and cost-effective to launch and run popular file systems.
With Amazon FSx, you can leverage the rich feature sets and fast performance of widely-
used open source and commercially licensed file systems, while avoiding time-consuming
administrative tasks like hardware provisioning, software configuration, patching, and
backups. It provides cost-efficient capacity and high levels of reliability, and it integrates with
other AWS services so that you can manage and use the file systems in cloud-native ways.
can be used as a centralized Windows File Server for multiple EC2 instances.

Virtual Private Gateway: virtual private gateway because the VPN connection consists of
two tunnels to provide increased availability for the Amazon VPC service. To launch a RDS
database cluster to your vpc you can use AWS CloudFormation or AWS Management
Console. A VPN gateway in your VPC connected to the Customer Gateway in your on-
premises network. Inbound HTTP rule with security group ID as source. Inbound
RDP rule with an address range as source. connect your AWS VPC network to
your local network via an IPsec tunnel with A VPN gateway in your VPC
connected to the Customer Gateway in your on-premises network

AWS Professional Services: a collection of offerings to help you achieve specific

outcomes related to enterprise cloud adoption. Each offering delivers a set of activities, best
practices, and documentation reflecting our experience supporting hundreds of customers
in their journey to the AWS Cloud

AWS Financial Benefit: a broad set of global cloud-based products including compute,
storage, databases, analytics, networking, mobile, developer tools, management tools, IoT,
security, and enterprise applications: on-demand, available in seconds, with pay-as-you-go
pricing. From data warehousing to deployment tools, directories to content delivery, over
140 AWS services are available. (CAPEX) Opportunity to replace upfront capital expenses
(CAPEX) with low variable costs.

Convertible RI(Convertable Resevered Instance): provide you with a significant discount

(up to 54%) compared to On-Demand Instances and can be purchased for a 1-year or 3-
year term. Is good for when you want to change quickly or at an exact time (3 months). Has
the capability to change the attributes of the RI as long as the exchange results in the
creation of Reserved Instances of equal or greater value. Allows the change of instance
family, operating system, tenancy, and payment option

Reserved Instances: provide you with a significant discount compared to On-Demand

instance pricing. In addition, when Reserved Instances are assigned to a specific
Availability Zone, they provide a capacity reservation, giving you additional confidence in
your ability to launch instances when you need them. they provide a capacity reservation,
giving you additional confidence in your ability to launch instances when you need them.

Standard Reserved Instances: Same as Reserved Instances but, Customers have the
flexibility to change the Availability Zone, the instance size, and networking type of their
Standard Reserved Instances. is the most cost-effective instance purchasing option for
hosting an application that will run non-interruptible workloads for a period of three years

On-Demand instances: you only pay for EC2 instances you use. The use of On-Demand
instances frees you from the costs and complexities of planning, purchasing, and
maintaining hardware and transforms what are commonly large fixed costs into much
smaller variable costs. best type of instance purchasing option to choose if you will run an
EC2 instance for 3 months to perform a job that is uninterruptible

Instance store: provides temporary block-level storage for your instance. This storage is
located on disks that are physically attached to the host computer. Instance store is ideal for
the temporary storage of information that changes frequently, such as buffers, caches,
scratch data, and other temporary content, or for data that is replicated across a fleet of
instances, such as a load-balanced pool of web servers.

AWS Partner Network Consulting Partners: are professional services firms that help
customers of all sizes design, architect, migrate, or build new applications on AWS

AWS Partner Network Technology Partners(APN): is focused on helping partners build

successful AWS-based businesses to drive superb customer experiences. This is
accomplished by developing a global ecosystem of Partners with specialties unique to each
customer’s needs.

AWS SDK: interact with your AWS services. SDKs take the complexity out of coding by
providing language-specific APIs for AWS services to enable you to develop cloud
applications much faster

AWS Command Line Interface (AWS CLI): an open-source tool that enables you to
interact with AWS services using commands in your command-line shell. With minimal
configuration, you can start using functionality equivalent to that provided by the browser-
based AWS Management Console from the command prompt in your favorite terminal
program such as Linux shell or the Windows command line.

AWS Cost and Usage Report : your one-stop shop for accessing the most granular data
about your AWS costs and usage. You can also load your cost and usage information into
Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice.allows you to
track your Amazon EC2 Reserved Instance (RI) usage and view the discounted RI rate that
was charged to your resources.

How can you apply and easily manage the common access permissions to a large
number of IAM users in AWS?: Attach the necessary policies or permissions required to a
new IAM Group then afterwards, add the IAM Users to the IAM group.
AWS Support: offers a range of plans that provide access to tools and expertise that
support the success and operational health of your AWS solutions. All support plans provide
24×7 access to customer service, AWS documentation, whitepapers, and support forums.
For technical support and more resources to plan, deploy, and improve your AWS
environment

AWS Enterprise Support : provides you with a concierge-like service where the main
focus is helping you achieve your outcomes and find success in the cloud. Provides
customers with Proactive Technical Account Management, and Access to online self-paced
labs. Infrastructure Event Management, Well-Architected Reviews and Operations Reviews
features in AWS.

AWS X-Ray: helps developers analyze and debug production, and distributed applications,
such as those built using a microservices architecture. With X-Ray, you can understand
how your application and its underlying services are performing to identify and troubleshoot
the root cause of performance issues and errors. provides tracing and monitoring
capabilities for your Lambda function

Amazon Relational Database Service (Amazon RDS): makes it easy to set up, operate,
and scale a relational database in the cloud. It provides cost-efficient and resizable capacity
while automating time-consuming administration tasks such as hardware provisioning,
database setup, patching, and backups. It frees you to focus on your applications so you
can give them the fast performance, high availability, security, and compatibility they need.
Simplifies the management of time-consuming database administration tasks. Makes it easy
to set up, operate, and scale a relational database. Good to test new Microsoft SQL
servers. And has low latencies. Multi-AZ deployments provide enhanced availability and
durability for database instances. When you provision a Multi-AZ DB Instance, Amazon
RDS automatically creates a primary DB Instance and synchronously replicates the data to
a standby instance in a different Availability Zone (AZ). RDS is a better choice than a local
database when you want to offload administration responsibilities from yourself

Decrease your TCO: Eliminate many of the costs related to building and maintaining a data
center or colocation deployment. Pay for only the resources you consume.

Reduce time to market: Design and develop new IT projects faster.

OpsWorks: AWS OpsWorks is a configuration management service that helps customers

configure and operate applications, both on-premises and in the AWS Cloud, using Chef
and Puppet. Puppet Enterprise is a configuration management service that provides
managed instances of Puppet. Puppet is an automation platform that allows you to use
code to automate the configurations of your servers. use to deploy and easily rollback a
web application from your Git repository to your on-premises server. has a hybrid cloud
architecture where their on-premises data center interacts with their cloud resources in
AWS

Amazon WorkSpaces: is a managed, secure Desktop-as-a-Service (DaaS) solution where

you provision either Windows or Linux desktops in just a few minutes and quickly scale to
provide thousands of desktops to workers across the globe. or both Windows and Amazon
Linux WorkSpaces, each WorkSpace is associated with a virtual private cloud (VPC), and a
directory to store and manage information for your WorkSpaces and users. Directories are
managed through the AWS Directory Service, which offers the following options: Simple
AD, AD Connector, or AWS Directory Service for Microsoft Active Directory, also known as
AWS Managed Microsoft AD.

CodeDeploy: AWS CodeDeploy automates code deployments to any instance, including

Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it
easier to rapidly release new features, avoids downtime during application deployment, and
handles the complexity of updating applications. CodeDeploy can deploy application
content that runs on a server and is stored in Amazon S3 buckets, GitHub repositories, or
Bitbucket repositories. CodeDeploy can also deploy a serverless Lambda function.

AWS CodeStar: enables you to quickly develop, build, and deploy applications on AWS.
AWS CodeStar provides a unified user interface, enabling you to easily manage your
software development activities in one place. With AWS CodeStar, you can set up your
entire continuous delivery toolchain in minutes, allowing you to start releasing code faster.
AWS CodeStar makes it easy for your whole team to work together securely, allowing you
to easily manage access and add owners, contributors, and viewers to your projects.

Amazon CloudFront: is a web service that speeds up the distribution of your static and
dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront
delivers your content through a worldwide network of data centers called edge locations
does this with the lowest possible latency.Edge Locations are utilized to speed up content
delivery to customers Is a global service. A good disaster recovery precaution is to Launch
applications in two different AWS Regions to prevent downtime during regional outages. Is
a global service. will allow you to serve your dynamic web content to users globally. Origin
Access Identity is used for sharing private content through CloudFront. The OAI is a virtual
user identity that will be used to give your CloudFront distribution permission to fetch a
private object from your origin server.

AWS Step Functions: provides serverless orchestration for modern applications.

Orchestration centrally manages a workflow by breaking it into multiple steps, adding flow
logic, and tracking the inputs and outputs between the steps. As your applications execute,
Step Functions maintains application state, tracking exactly which workflow step your
application is in, and stores an event log of data that is passed between application
components.

Edge Location.: an Edge location is just a site that CloudFront uses to cache copies of
your content for faster delivery to users at any location. Provides caching which reduces the
load on your origin servers. Improves application performance by delivering content closer
to your users. How can you improve its performance and cost efficiency? Apply a
caching mechanism that stores frequently accessed content

AWS Control Tower: offers the easiest way to set up and govern a secure, multi-account
AWS environment. It establishes a landing zone that is based on best-practices blueprints
and enables governance using guardrails you can choose from a pre-packaged list. The
landing zone is a well-architected, multi-account baseline that follows AWS best practices.

AWS Organizations: helps you centrally govern your environment as you grow and scale
your workloads on AWS. Whether you are a growing startup or a large enterprise,
Organizations helps you to centrally manage billing; control access, compliance, and
security; and share resources across your AWS accounts.

Customer Specific: Controls which are solely the responsibility of the customer based on
the application they are deploying within AWS services. Examples include:
Service and Communications Protection or Zone Security which may require a customer to
route or zone data within specific security environments. Hence, the correct answer is
Service and Communications Protection or Zone Security. The customer also fully inherits
physical and environmental controls.

Consolidated billing Benefits:

One bill – You get one bill for multiple accounts.

Easy tracking – You can track the charges across multiple accounts and download the
combined cost and usage data.

Combined usage – You can combine the usage across all accounts in the organization to
share the volume pricing discounts and Reserved Instance discounts. This can result in a
lower charge for your project, department, or company than with individual standalone
accounts.

No extra fee – Consolidated billing is offered at no additional cost.

CloudEndure Disaster Recovery: this is a tool that minimizes downtime and data loss by
providing fast, reliable recovery of physical, virtual, and cloud-based servers into AWS
Cloud. You can also use CloudEndure Disaster Recovery to protect your most critical SQL
databases thanks to the continuous replication of your machines into a low-cost staging
area in your target AWS account and preferred Region.

AWS Trusted Advisor Tools:

Cost Optimization – recommendations that can potentially save you money by highlighting
unused resources and opportunities to reduce your bill.

Security – identification of security settings that could make your AWS solution less secure.

Fault Tolerance – recommendations that help increase the resiliency of your AWS solution
by highlighting redundancy shortfalls, current service limits, and over-utilized resources.

Performance – recommendations that can help to improve the speed and responsiveness of
your applications.

Service Limits – recommendations that will tell you when service usage is more than 80% of
the service limit.

Amazon DynamoDB: is a fully managed NoSQL database service that provides fast and
predictable performance with seamless scalability. DynamoDB lets you offload the
administrative burdens of operating and scaling a distributed database so that you don’t
have to worry about hardware provisioning, setup, and configuration, replication, software
patching. Scalable, fast, and flexible non-relational database. can be used to store JSON
documents. Database size scales automatically so you won’t have to worry about capacity,
ou can store different kinds of unstructured data that would normally not be suitable for
relational databases

AWS CodeCommit: a fully managed source control service that makes it easy for
companies to host secure and highly scalable private Git repositories. AWS CodeCommit
eliminates the need to operate your own source control system or worry about scaling its
infrastructure. You can use AWS CodeCommit to securely store anything from source code
to binaries, and it works seamlessly with your existing Git tools.

AWS CodeBuild: is a fully managed continuous integration service that compiles source
code, runs tests, and produces software packages that are ready to deploy. With
CodeBuild, you don’t need to provision, manage, and scale your own build servers.
CodeBuild scales continuously and processes multiple builds concurrently, so your builds
are not left waiting in a queue. fully managed continuous integration service that compiles
source code, runs tests, and produces software packages that are ready to deploy
AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises
access to virtually unlimited cloud storage. Your applications connect to the service through
a virtual machine or hardware gateway appliance using standard storage protocols, such as
NFS, SMB, and iSCSI. The gateway connects to AWS storage services, such as Amazon
S3, Amazon S3 Glacier, Amazon S3 Glacier Deep Archive, Amazon EBS, and AWS
Backup, providing storage for files, volumes, snapshots, and virtual tapes in AWS.

An Amazon EC2 Dedicated Host: allow you to use your existing per-socket, per-core, or
per-VM software licenses, including Microsoft Windows Server, Microsoft SQL Server,
SUSE Linux Enterprise Server, Red Hat Enterprise Linux, or other software licenses that
are bound to VMs, sockets, or physical cores, subject to your license terms.an help you
address compliance requirements and reduce costs by allowing you to use your existing
server-bound software licenses

Amazon Relational Database Service (Amazon RDS): makes it easy to set up, operate,
and scale a relational database in the cloud. It provides cost-efficient and resizable capacity
while automating time-consuming administration tasks such as hardware provisioning,
database setup, patching and backups. It frees you to focus on your applications so you can
give them the fast performance, high availability, security and compatibility they need.
Simplifies the management of time-consuming database administration tasks. Does not
need approval for penetration testing

AWS Device Farm: is an application testing service that lets you improve the quality of your
web and mobile apps by testing them across an extensive range of desktop browsers and
real mobile devices; without having to provision and manage any testing infrastructure.

AWS Mobile Hub: is a service that enables even a novice to easily deploy and configure
mobile app backend features using a range of powerful AWS services.

AWS Auto Scaling: enables you to configure automatic scaling for the AWS resources that
are part of your application in a matter of minutes. The AWS Auto Scaling console provides
a single user interface to use the automatic scaling features of multiple AWS services. You
can configure automatic scaling for individual resources or for whole applications. Is great
for cost optimization.

AWS Support: offers a range of plans that provide access to tools and expertise that
support the success and operational health of your AWS solutions. All support plans provide
24×7 access to customer service, AWS documentation, whitepapers, and support forums.
For technical support and more resources to plan, deploy, and improve your AWS
environment, you can select a support plan that best aligns with your AWS use case.
AWS Business Support Plan allows access to AWS API Support, while still being
cheaper than Enterprise. is used if you have production workloads on AWS and want 24×7
access to technical support and architectural guidance in the context of your specific use-
cases. is the MOST affordable AWS Support plan that provides users access to the AWS
Support API. You will have access to Architecture Support

Developer support plan has limited access to the 7 core trusted advisor checks, and has
no access to the AWS support API. is the lowest support plan that allows an unlimited
number of technical support cases to be opened.

Amazon Aurora: built for the cloud that combines the performance and availability of
traditional enterprise databases with the simplicity and cost-effectiveness of open source
databases. is up to five times faster than standard MySQL databases and three times
faster than standard PostgreSQL databases. Is highly scalable for MySQL OLTP
database. Does not need approval for penetration testing. is capable of self-healing and
has a high throughput. use if you need to launch a highly scalable MySQL OLTP
database

AWS Professional Services:a collection of offerings to help you achieve specific outcomes
related to enterprise cloud adoption. Each offering delivers a set of activities, best practices,
and documentation reflecting our experience supporting hundreds of customers in their
journey to the AWS Cloud.

Amazon Detective: makes it easy to analyze, investigate, and quickly identify the root
cause of potential security issues or suspicious activities. Amazon Detective automatically
collects log data from your AWS resources and uses machine learning, statistical analysis,
and graph theory to build a linked set of data that enables you to easily conduct faster and
more efficient security investigations.

AWS Global Infrastructure: delivers a cloud infrastructure companies can depend on—no
matter their size, changing needs, or challenges. The AWS Global Infrastructure is
designed and built to deliver the most flexible, reliable, scalable, and secure cloud
computing environment with the highest quality global network performance available today.

Amazon Elastic Compute Cloud (Amazon EC2): is a web service that provides secure,
resizable compute capacity in the cloud. It is designed to make web-scale cloud computing
easier for developers. Since you have more control over your EC2 instance

Availability Zones: offer you the ability to operate production applications and databases
that are more highly available, fault-tolerant, and scalable than would be possible from a
single data center. A VPC spans all the Availability Zones in the region. After creating a
VPC, you can add one or more subnets in each Availability Zone. Each subnet must reside
entirely within one Availability Zone and cannot span zones. They are as far away from
each other as they can To keep them as far apart from each other in case of a
disaster. correlates to a VPC’s subnet. A VPC spans all the Availability Zones in
the region. After creating a VPC, you can add one or more subnets in each
Availability Zone.

Amazon CloudWatch: is basically a metrics and logs repository. An AWS service, such as
Amazon EC2, puts metrics and monitoring logs into Cloudwatch, and you can view statistics
based on those metrics. If you put your own custom metrics into the service, you can
retrieve statistics on these metrics as well. Lets you mojito application logs from Amazon
Ec2 instances, and adjust the retention policy for each log group

AWS Command Line Interface (AWS CLI): is an open-source tool that enables you to
interact with AWS services using commands in your command-line shell. With minimal
configuration, you can start using functionality equivalent to that provided by the browser-
based AWS Management Console

Software Development Kits (SDKs): to interact with your AWS services. SDKs take the
complexity out of coding by providing language-specific APIs for AWS services to enable
you to develop cloud applications much faster.

Amazon EC2 Spot Instances: let you take advantage of unused EC2 capacity in the AWS
cloud. Spot Instances are available at up to a 90% discount compared to On-Demand
prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible
applications such as big data, containerized workloads. pricing construct adjusts its price
based on supply and demand of EC2 instances

IAM user: is an entity that you create in AWS. The IAM user represents the person or
service who uses the IAM user to interact with AWS. The primary use for IAM users is to
give people the ability to sign in to the AWS Management Console. To improve security
Enable Multi-Factor Authentication (MFA) and Configure a strong password policy for your
users. most secure way to provide applications temporary access to your AWS resources is
Create an IAM role and have the application assume the role. best practices in securing
your AWS account is Create an IAM user with admin privileges instead of using root. When
you have outside entities that need to perform specific actions in your AWS account. When
you want to provide AWS services permissions to do certain actions

IAM Roles: are a secure way to grant permissions to entities you trust without creating
dedicated user accounts. A role does not have any long-term credentials associated with it,
such as a password or access keys. Instead, when you assume a role, you are given
temporary security credentials for the duration of your role session. delegate permissions to
access resources without using permanent credentials. It netter to use roles than user when
you want to provide AWS services permissions to do certain actions and When you have
outside entities that need to perform specific actions in your AWS account

IAM policy simulator: can use to test and troubleshoot IAM and resource-based policies?
evaluates the policies that you choose and determines the effective permissions for each of
the actions that you specify. The simulator uses the same policy evaluation engine that is
used during real requests to AWS services. is responsible for enforcing privileges and
access controls in your AWS environment?

AWS Access Key ID and AWS Secret Access Key: are your AWS credentials. They are
associated with an AWS Identity and Access Management (IAM) user or role that
determines what permissions you have.is a web service that helps you securely control
access to AWS resources. You use IAM to control who is authenticated (signed in) and
authorized (has permissions) to use resources. The most secure way to provide
applications temporary access to your AWS resources is to Create an IAM role and have
the application assume the role

Amazon Simple Storage Service (Amazon S3): is an object storage service that offers
industry-leading scalability, data availability, security, and performance with virtually
unlimited storage space. This means customers of all sizes and industries can use it to
store and protect any amount of data for a range of use cases, such as websites, mobile
applications, backup and restore, archive, enterprise applications, IoT devices, and big data
analytics. Highly Durable object storage infrastructure. Data transfer costs for uploading
objects into your S3 bucket does not affect costs. They charge per GB used in your bucket.
Is good for static content

Amazon S3 Block Public Access: provides settings that override these policies and
permissions so that you can limit public access to these resources.

Amazon S3 Transfer Acceleration: can speed up content transfers to and from Amazon
S3 by as much as 50% – 500% for long-distance transfer of larger objects. Customers who
have either web or mobile applications with widespread users or applications hosted far
away from their S3 bucket can experience long and variable upload and download speeds
over the Internet.

Amazon Relational Database Service(RDS): is a managed service that takes care of all
the maintenance, backups, and patching for you.

Elastic Load Balancing(ELB): automatically distributes incoming application traffic across

multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda
functions. It can handle the varying load of your application traffic in a single Availability
Zone or across multiple Availability Zones. will help you create a highly available and
scalable web app in the cloud.

ELB Health Check: Your Application Load Balancer periodically sends requests to its
registered targets to test their status. These tests are called health checks. it must pass one
health check to be considered healthy. After each health check is completed, the load
balancer node closes the connection that was established for the health check.

Throughput Optimized HDD: volumes provide low-cost magnetic storage that defines
performance in terms of throughput rather than IOPS. This volume type is a good fit for
large, sequential workloads such as Amazon EMR, ETL, data warehouses, and log
processing.

Amazon Elastic Container Service (Amazon ECS): is a highly scalable, high-performance

container orchestration service that supports Docker containers and allows you to easily run
and scale containerized applications on AWS.

Amazon Elastic Container Registry (ECR): is a fully-managed Docker container registry

that makes it easy for developers to store, manage, and deploy Docker container images.
Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your
development to production workflow.

AWS Architecture Center: provides a collection of technical resources to help you build
more effectively and efficiently in the AWS Cloud.

Technology domains:

Analytics & Big Data – build secure, reliable, cost-effective data-processing architectures.

Compute & HPC – develop, deploy, run, and scale your applications.

Containers – secure, reliable, and scalable way to run containers.

Databases – choose the right database for your use case and access patterns.

Machine Learning – build effective and efficient ML architectures.

Migration – move existing applications to the AWS Cloud.

Security, Identity, & Compliance – meet your security and compliance goals using AWS
infrastructure and services.
Storage – design reliable, scalable, and secure data storage architectures.

Application Load Balancer: This is best suited for load balancing of HTTP and HTTPS
traffic and provides advanced request routing targeted at the delivery of modern application
architectures, including microservices and containers. supports path-based routing, host-
based routing, and bi-directional communication channels using WebSockets. allows you to
forward the incoming request to a target group with a Lambda function as a target

AWS Transit Gateway: connects VPCs and on-premises networks through a central hub.
This simplifies your network and puts an end to complex peering relationships. It acts as a
cloud router – each new connection is only made once.

Network Load Balancer: This is best suited for load balancing of Transmission Control
Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic
where extreme performance is required. connects VPCs and on-premises networks through
a central hub

Classic Load Balancer: This provides basic load balancing across multiple Amazon EC2
instances and operates at both the request level and connection level. Classic Load
Balancer is intended for applications that were built within the EC2-Classic network.

Gateway Load Balancer: This provides both Layer 3 gateway and Layer 4 load balancing
capabilities. It is a transparent bump-in-the-wire device that does not change any part of the
packet.

Cloud computing: is the on-demand delivery of computing power, database, storage,

applications, and other IT resources via the internet with pay-as-you-go pricing.
AWS lessens the time to provision your IT resources and provides various ways to
programmatically provision IT resources. Focus your valuable IT resources on developing.
applications that differentiate your business rather than managing infrastructure and data
centers. an advantage of cloud computing when it comes to equipment expenditures is
AWS introduces cost reductions each year in their services.

Bucket policy: to grant other AWS accounts or IAM users permissions for the bucket and
the objects in it. Any object permissions apply only to the objects that the bucket owner
creates. Bucket policies supplement, and in many cases, replace ACL-based access
policies. Can be configured with Multi-factor authentication

AWS Elastic Load Balancing: automatically distributes incoming application traffic across
multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda
functions. It can handle the varying load of your application traffic in a single Availability
Zone or across multiple Availability Zones.

Application Load Balancer: This is best suited for load balancing of HTTP and HTTPS
traffic and provides advanced request routing targeted at the delivery of modern application
architectures, including microservices and containers.

AWS Single Sign-On (SSO) : is an AWS service that enables you to makes it easy to
manage access to multiple AWS accounts and business applications centrally. It also
provides users with single sign-on access to all their assigned accounts and applications
from one place.

Network Load Balancer: This is best suited for load balancing of Transmission Control
Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic
where extreme performance is required. Operating at the connection level (Layer 4),
Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud
(Amazon VPC) and is capable of handling millions of requests per second while maintaining
ultra-low latencies.

Classic Load Balancer : This provides basic load balancing across multiple Amazon EC2
instances and operates at both the request level and connection level. Classic Load
Balancer is intended for applications that were built within the EC2-Classic network.

Gateway Load Balancer: This provides both Layer 3 gateway and Layer 4 load balancing
capabilities. It is a transparent bump-in-the-wire device that does not change any part of the
packet. It is architected to handle millions of requests/second, volatile traffic patterns, and
introduces extremely low latency.

Amazon Elastic Block Store: provides raw block-level storage that can be attached to
Amazon EC2 instances and is used by Amazon Relational Database Service.

CloudWatch Logs: enables you to centralize the logs from all of your systems,
applications, and AWS services that you use, in a single, highly scalable service.
enables you to see all of your logs, regardless of their source, as a single and consistent
flow of events ordered by time, and you can query them and sort them based on other
dimensions,

AWS Batch: is a regional service that simplifies running batch jobs across multiple
Availability Zones within a region. You can create AWS Batch compute environments within
a new or existing VPC. After a compute environment is up and associated with a job queue.
run hundreds of thousands of fully managed batch computing jobs on AWS
Amazon Elastic File System (EFS): Is a regional service storing data within and across
multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances
can access your file system across AZs, regions, and VPCs, while on-premises servers can
access using AWS Direct Connect or AWS VPN. Low latency access.

AWS Direct Connect: is a cloud service solution that makes it easy to establish a
dedicated network connection from your premises to AWS. With the help of Direct Connect
Partners, you can extend your preexisting data center or office network to a Direct Connect
location. All AWS services can be used with Direct Connect. can establish a connection
from your on-premises environment and resources hosted on AWS?

AWS Site-to-Site VPN : creates a secure connection between your data center or branch
office and your AWS cloud resources. For globally distributed applications, the Accelerated
Site-to-Site VPN option provides even greater performance by working with AWS Global
Accelerator.

Amazon Connect: provides a seamless experience across voice and chats for your
customers and agents. This includes one set of tools for skills-based routing, powerful real-
time and historical analytics, and easy-to-use intuitive management tools – all with pay-as-
you-go pricing, which means Amazon Connect simplifies contact center operations,
improves agent efficiency, and lowers costs. You can set up a contact center in minutes that
can scale to support millions of customers. simplifies contact center operations, improves
agent efficiency, lowers costs, and can scale to support millions of customers

Hybrid Architecture: Hybrid cloud architectures help organizations integrate their on-
premises and cloud operations to support a broad spectrum of use cases using a common
set of cloud services, tools, and APIs across on-premises and cloud environments.

Cost allocation tags: use these tags to organize your resource costs on your cost
allocation report, to make it easier for you to categorize and track your AWS costs.

Amazon Virtual Private Cloud (Amazon VPC) : lets you provision a logically isolated
section of the AWS Cloud where you can launch AWS resources in a virtual network that
you define. A VPC spans all the Availability Zones in the region. After creating a VPC, you
can add one or more subnets in each Availability Zone. Each subnet must reside entirely
within one Availability Zone and cannot span zones.

Amazon S3 Glacier: are designed to be the lowest-cost Amazon S3 storage classes,

allowing you to archive large amounts of data at a very low cost. A storage service with
virtually unlimited space. A highly durable object storage infrastructure
 – S3 Glacier Instant Retrieval: for archiving data that might be needed once per
quarter and needs to be restored quickly (milliseconds)

– S3 Glacier Flexible Retrieval: for archiving data that might infrequently need to
be restored, once or twice per year, within a few hours

– S3 Glacier Deep Archive: for archiving long-term backup cycle data that might
infrequently need to be restored within 12 hours. Is the lowest cost storage class and
supports long term retention

S3 One Zone-IA: is for data that is accessed less frequently but requires rapid access
when needed. Unlike other S3 Storage Classes which store data in a minimum of three
Availability Zones, Amazon S3 stores the object data in only one Availability Zone, making it
less expensive than S3 Standard-IA. However, the data is not resilient to the physical loss
of the Availability Zone resulting from disasters, such as earthquakes and floods.

S3 Intelligent-Tiering: storage class is designed to optimize costs by automatically moving

data to the most cost-effective access tier, without performance impact or operational
overhead. It works by storing objects in two access tiers: one tier optimized for frequent
access and another lower-cost tier optimized for infrequent access.

Amazon EBS: provides durable, block-level storage volumes that you can attach to a
running instance. You can use Amazon EBS as a primary storage device for data that
requires frequent and granular updates. use to store rapidly changing data with low read
and write latencies When launching an EC2 instance, you are not required to provide an
Elastic IP address. is a zonal service. use to store rapidly changing data with low read and
write latencies. use to store rapidly changing data with low read and write

AWS Secrets Manager: helps you protect secrets needed to access your applications,
services, and IT resources. The service enables you to easily rotate, manage, and retrieve
database credentials, API keys, and other secrets throughout their lifecycle. Users and
applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to
hardcode sensitive information in plain text.

Elastic IP Address: a reserved public IP address that you can assign to any EC2 instance
in a particular region, until you choose to release it

AWS Partner Network (APN): is focused on helping partners build successful AWS-based
businesses to drive superb customer experiences. This is accomplished by developing a
global ecosystem of Partners with specialties unique to each customer’s needs.
APN Consulting Partners: are professional services firms that help customers of all sizes
design, architect, migrate, or build new applications on AWS. can instead help the company
design, architect, build, migrate, and manage their workloads and applications on AWS

volume pricing: give you lower prices the more you use the service. With consolidated
billing, AWS combines the usage from all accounts to determine which volume pricing (How
much is used is how much is charged)

Cost Explorer: is a tool that enables you to view and analyze your costs and usage. You
can explore your usage and costs using the main graph, the Cost Explorer cost and usage
reports, or the Cost Explorer RI reports. You can view data for up to the last 13 months,
forecast how much you’re likely to spend for the next three months if you set the detail level
to at least daily and next twelve months if you set the detail level to at least monthly, and get
recommendations for what Reserved Instances to purchase. track the costs you’ve incurred
so far in your AWS account with a graphical visualization. provides you access to Reserved
Instance (RI) purchase recommendations based on your past usage and indicate potential
opportunities for savings as compared to On-Demand usage

AWS Savings Plan: is a flexible pricing model that saves up to 72 percent on Amazon
EC2, AWS Fargate, and AWS Lambda usage. Savings Plans provides you lower prices for
your Amazon EC2 usage, Fargate, and Lambda in exchange for a commitment to a
consistent usage amount (measured in $/hour) for a one or three-year term. eliminates the
need to manage containers manually

AWS Personal Health Dashboard: Provides alerts and remediation guidance when AWS
is experiencing events that may impact you. While the Service Health Dashboard displays
the general status of AWS services, Personal Health Dashboard gives you a personalized
view into the performance and availability of the AWS services underlying your AWS
resources.

AWS Service Health Dashboard: displays the general status of AWS services. It also
provides the flexibility of displaying the history of a specific service within a geographical
area. It is useful for determining whether a failure has had effects that you might have never
encountered inside your own network. AWS keeps this history of service interruptions for a
year. displays the general status of all available AWS Services and informs you if a service
is experiencing availability issues

AWS CloudTrail: is a service that enables governance, compliance, operational auditing,

and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor,
and retain account activity related to actions across your AWS infrastructure. CloudTrail
provides event history of your AWS account activity. provides event history of your AWS
account activity, including actions taken through the AWS Management Console, AWS
SDKs, command line tools, and other AWS services. best way to keep track of all activities
made in your AWS account is by creating a multi-region trail in AWS CloudTrail. When you
create a trail in the AWS Management Console, the trail applies to all AWS Regions by
default

AWS Budgets: Gives you the ability to set custom budgets that alert you when your costs
or usage exceed (or are forecasted to exceed) your budgeted amount.

AWS Management Console: provides a web-based way to administer AWS services. You
can sign in to the console and create, list, and perform other tasks with AWS services for
your account.

AWS CloudFormation: provides a common language for you to describe and provision all
the infrastructure resources in your cloud environment. can use to launch a new Amazon
RDS database cluster to your VPC. allows you to create and deploy infrastructure-as-code
templates

Amazon Cognito Identity Pool: Provides temporary AWS credentials for users who are
guests (unauthenticated) and for users who have been authenticated and received a token.
An identity pool is a store of user identity data specific to your account.

Amazon Cognito: lets you add user sign-up, sign-in, and access control to your web and
mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports
sign-in with social identity providers, such as Facebook, Google, and Amazon, and
enterprise identity providers via SAML 2.0.

Amazon Simple Queue Service (SQS): is a fully managed message queuing service that
enables you to decouple and scale microservices, distributed systems, and serverless
applications. SQS eliminates the complexity and overhead associated with managing and
operating message-oriented middleware, and empowers developers to focus on
differentiating work. Using SQS, you can send, store, and receive messages between
software components at any volume, without losing messages or requiring other services to
be available. Use SQS when you require a durable storage for your application events or
messages or If you need to decouple certain parts of your system for better fault tolerance

Amazon Pinpoint: is AWS’s Digital User Engagement Service that enables AWS
customers to effectively communicate with their end-users and measure user engagement
across multiple channels including email, Text Messaging (SMS) and Mobile Push
Notifications.
Amazon Chime: is a high-quality communications service that transforms online meetings
with an easy-to-use app that works seamlessly across all your devices. With Amazon
Chime, you can schedule and attend online meetings and video conferences, and chat, call,
and collaborate, inside and outside your organization, all with a single app. Now you can
work productively from wherever you are. Amazon Chime is also integrated with Microsoft
Outlook Calendar and Google Calendar for easy scheduling of meetings.

Amazon Connect: is an easy-to-use omnichannel cloud contact center that helps

companies provide superior customer service across voice, chat, and tasks at a lower cost
than traditional contact center systems. You can create different channels and integrations
with other AWS services such as Amazon Lex and Amazon Polly to create multiple types of
actions and responses for customers who contact you.

Instance metadata: the data about your instance that you can use to configure or manage
the running instance. You can get the instance ID, public keys, public IP address and many
other information from the instance metadata by entering the following URL in your
instance.

Pillars of well architected framework: 1. Operational Excellence 2. Security 3. Reliability

4. Performance Efficiency 5. Cost Optimization 6. Sustainability

best practices that you can follow which can help you build an application in the
cloud: 1. Design for failure 2. Decouple your components 3. Implement elasticity
4. Think parallel

Think Parallel: the Think Parallel best practice accentuates the use of parallelization when
designing architectures in the AWS cloud. It is advisable to not only implement
parallelization wherever possible but also automate it because the cloud allows you to
create a repeatable process very easily.
When it comes to accessing (retrieving and storing) data, the cloud is designed to handle
massively parallel operations. In order to achieve maximum performance and throughput,
you should leverage request parallelization. The use of multi-threading in your Amazon S3
requests via the Multipart Upload API

benefits of using cloud computing: Focus your valuable IT resources on developing

applications that differentiate your business rather than managing infrastructure and data
centers. Trade capital expense for variable expense. Increase speed and agility. Benefit
from massive economies of scale
Amazon Relational Database Service (Amazon RDS): Makes it easy to set up, operate,
and scale a relational database, Simplifies the management of time-consuming database
administration tasks

Customer responsibility: service and communications protection or Zone security

Which two services are used for VPC security and can be found in the VPC
dashboard in the AWS Console? Network ACLs and Security Groups and are used to
secure your VPC network

Security Group: acts as a virtual firewall for your instance to control inbound and outbound
traffic. When you launch an instance in a VPC, you can assign up to five security groups to
the instance.

Amazon Simple Notification Service (SNS): is a highly available, durable, secure, fully
managed pub/sub messaging service that enables you to decouple microservices,
distributed systems, and serverless applications. Amazon SNS provides topics for high-
throughput, push-based, many-to-many messaging.

Amazon Simple Email Service(SES): is a highly scalable and cost-effective service for
sending and receiving emails. Amazon SES eliminates the complexity and expense of
building an in-house email solution or licensing, installing, and operating a third-party email
solution. You can use the SMTP interface or one of the AWS SDKs to integrate Amazon
SES directly into your existing applications. You can also embed the email sending
capabilities of Amazon SES into the software you already use, such as ticketing systems
and email clients.

AWS Fargate: is a serverless compute engine for containers. Fargate makes it easy for
you to focus on building your applications. Fargate removes the need to provision and
manage servers, lets you specify and pay for resources per application, and improves
security through application isolation by design. eliminates the need to manage containers
manually. needs to install their application in Docker containers

AWS KMS: is a managed service that easily enables you to create and control the keys
used for cryptographic operations. The service provides a highly available key generation,
storage, management, and auditing solution for you to encrypt or digitally sign data within
your own applications or control the encryption of data across AWS services.

AWS CloudHSM: is standards-compliant and enables you to export all of your keys to most
other commercially available HSMs, subject to your configurations. It is a fully managed
service that automates time-consuming administrative tasks for you, such as hardware
provisioning, software patching, high availability, and backups. CloudHSM also enables you
to scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.
have exclusive control over how its keys are used via an authentication mechanism
independent from AWS

AWS Directory Service: for Microsoft Active Directory, also known as AWS Managed
Microsoft AD, enables your directory-aware workloads and AWS resources to use managed
Active Directory in the AWS Cloud. AWS Managed Microsoft AD is built on actual Microsoft
Active Directory and does not require you to synchronize or replicate data from your existing
Active Directory to the cloud.

Amazon EMR: is a web service that enables businesses, researchers, data analysts, and
developers to easily and cost-effectively process vast amounts of data. It utilizes a hosted
Apache Hadoop framework running on the web-scale infrastructure of Amazon EC2 and
Amazon S3. Amazon EMR lets you focus on crunching or analyzing your data without
having to worry about time-consuming set-up, management, or tuning of Hadoop clusters or
the compute capacity upon which they sit.

Internet Gateway: used to enable instances in the public subnet to connect to the public
Internet? An Internet gateway is a horizontally scaled, redundant, and highly available VPC
component that allows communication between instances in your VPC and the internet. An
internet gateway serves two purposes: to provide a target in your VPC route tables for
internet-routable traffic and to perform network address translation (NAT) for instances that
have been assigned public IPv4 addresses.

Vertical Scaling: Scaling vertically takes place through an increase in the specifications of
an individual resource, such as upgrading a server with a larger hard drive or a faster CPU.
With Amazon EC2, you can stop an instance and resize it to an instance type that has more
RAM, CPU, I/O, or networking capabilities. This way of scaling can eventually reach a limit,
and it is not always a cost-efficient or highly available approach. However, it is very easy to
implement and can be sufficient for many use cases, especially in the short term. Upgrading
to a higher EC2 instance type is an example of Vertical Scaling

Horizontal Scaling: Scaling horizontally takes place through an increase in the number of
resources, such as adding more hard drives to a storage array or adding more servers to
support an application. This is a great way to build internet-scale applications that leverage
the elasticity of cloud computing. Take note that not all architectures are designed to
distribute their workload to multiple resources. Adding more EC2 instances to your resource
pool is an example of Horizontal Scaling

What does AWS charge for?: AWS charges you for data transferred between two different
Regions. This is similar to the costs incurred from the data transfer between the AWS
network and the public internet.
 the most convenience and flexibility to determine the best database size while still
being cost-effective?: Use a Windows Server with SQL Server Standard bundled AMI so
you won’t need to buy and manage your own license. AWS offers multiple AMI
configurations for Amazon EC2 – from community AMIs to AMIs sold by customers in the
AWS Marketplace. If you launch an EC2 instance using a Windows AMI with a bundled MS
SQL Server Standard, you won’t need to purchase your own licenses from Microsoft. And
since this is an EC2 instance, you can freely resize it to a different instance type or class of
your choosing.

Amazon Inspector: is an automated security assessment service that helps improve the
security and compliance of applications deployed on AWS. Amazon Inspector automatically
assesses applications for exposure, vulnerabilities, and deviations from best practices. After
performing an assessment, Amazon Inspector produces a detailed list of security findings
prioritized by level of severity.

AWS KMS: is a managed service that enables you to create and control the keys used for
cryptographic operations easily. The service provides a highly available key generation,
storage, management, and auditing solution for you to encrypt or digitally sign data within
your own applications or control the encryption of data across AWS services.

AWS Elastic Beanstalk: is an easy-to-use service for deploying and scaling web
applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and
Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You can simply
upload your code and Elastic Beanstalk automatically handles the deployment, from
capacity provisioning, load balancing, auto-scaling to application health monitoring. At the
same time, you retain full control over the AWS resources powering your application and
can access the underlying resources at any time. will allow you to quickly deploy your
application into the AWS Cloud without having to build or launch the individual resources
yourself

Amazon Lightsail: is a PaaS solution for users who need a simple virtual private server
(VPS) solution. Lightsail provides developers compute, storage, and networking capacity
and capabilities to deploy and manage websites and web applications in the cloud. Lightsail
includes everything you need to launch your project quickly – a virtual machine, SSD-based
storage, data transfer, DNS management, and a static IP – for a low, predictable monthly
price.

Amazon EBS: provides the following volume types, which differ in performance
characteristics and price so that you can tailor your storage performance and cost to the
needs of your applications:
AWS Athena: is an interactive query service that makes it easy to analyze data in Amazon
S3 using standard SQL. Athena is serverless, so there is no infrastructure to set up or
manage, and you can start analyzing data immediately. You don’t even need to load your
data into Athena, it works directly with data stored in S3. allows you to quickly query data in
S3 using SQL without having to set up and manage any servers

VPC Peering: connection is a networking connection between two VPCs that enables you
to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in
either VPC can communicate with each other as if they are within the same network. You
can create a VPC peering connection between your own VPCs, or with a VPC in another
AWS account. The VPCs can be in different regions (also known as an inter-region VPC
peering connection). establish a private connection between two virtual private clouds
(VPCs) without using additional software.

Amazon Redshift Spectrum: allows you to query and retrieve structured and
semistructured data from files in Amazon S3 without having to load the data into Amazon
Redshift tables. Much of the processing occurs in the Redshift Spectrum layer, and most of
the data remain in Amazon S3. Multiple clusters can concurrently query the same dataset in
Amazon S3 without the need to make copies of the data for each cluster. you use to run
complex analytic queries against terabytes to petabytes of structured data

General Purpose SSD – Recommended for most workloads; Can be used as system boot
volumes; Best for development and test environments

Provisioned IOPS SSD – Meant for critical business applications that require sustained
IOPS performance; Best used for large database workloads

Throughput Optimized HDD – Meant for streaming workloads requiring consistent, fast
throughput at a low price, big data, data warehouses, and log processing. It cannot be a
boot volume

Cold HDD – Meant for throughput-oriented storage for large volumes of data that are
infrequently accessed, or in scenarios where the lowest storage cost is important. It cannot
be a boot volume

Platform as a Service, sometimes abbreviated as PaaS, removes the need for

organizations to manage the underlying infrastructure (usually hardware and operating
systems) and allow you to focus on the deployment and management of your applications.

Amazon RDS and ECS are considered PaaS because you don’t need to worry about setting
up servers, storage, and network. You only manage the application and the data.
Hence, the correct answer is: PaaS.

IAAS, or infrastructure as a service,sometimes abbreviated as IaaS, contains the basic

building blocks for cloud IT and typically provides access to networking features, computers
(virtual or on dedicated hardware), and data storage space. Amazon EC2 is considered
IaaS because you have total control over what could be done within the instances. You are
borrowing the server infrastructure of AWS to fulfill your business needs, and you are
charged at a rate for this service.

SaaS, or software as a service, is incorrect. Software as a Service provides you with a

completed product that is run and managed by the service provider. With a SaaS offering,
you only need to think about how you will use that particular piece of software. RDS and
ECS are not a complete products since you are still managing the application and the data.

FaaS, or function as a service, is incorrect. Amazon RDS and ECS are not serverless
computing services that execute modular pieces of code.