0% found this document useful (0 votes)

54 views186 pages

AWS Certified Data Engineer

Uploaded by

morgasss

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

54 views186 pages

AWS Certified Data Engineer

Uploaded by

morgasss

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 186

INTRODUCTION

With over 200 fully featured services available in Amazon Web Services (AWS), it
can be a daunting task if you want to know about every service. Each AWS
Service has its own Overview Page, Use Case, Documentation, FAQs, and Pricing
pages, which can also contain detailed explanations of how each service works,
coupled with its interdependencies with other services. This can lead to your
learning focus being derailed into multiple technological areas that you may not
have been initially aiming for.

This series is an attempt to cut down on that complication. You will find Service
Summary Cards (SSC) describing all the W questions (What, Why, When, Where,
Who, How, How much?) organized based on services covered in an AWS
Certification Exam.

These cards are designed to provide the key information and can be useful to
anyone who wants to learn about different AWS services, including someone who
is not preparing for a certification exam.

◆ ◆ ◆
DISCLAIMER
Views shared are my own, not those of my employer

The information provided within this book is for general informational

purposes only. While author try to keep the information up-to-date
and correct, there are no representations or warranties, express or
implied, about the completeness, accuracy, reliability, suitability or
availability with respect to the information, products, services, or
related graphics contained in this book for any purpose. Any
information described within this book is the author’s personal
thoughts. They are not intended to be a definitive set of instructions.

The author does not claim any copyright on content, images, web
links, or any other material in the book. All the information is
compiled from the AWS official documentation. The purpose of this
book is to present the detailed information available on the AWS
official website in a concise, bite-sized information and answer
common questions related to an AWS service or a feature. The
author understands how important it is to provide accurate
information to readers, but even with the author's best efforts an
error may occur. If you believe you've found a mistake in this book,
please bring it to the author's attention. You can contact the author
by scanning the QR Code on the back of this book.

The advice and strategies contained herein may not be suitable for
every situation. This work is sold with the understanding that the
publisher is not engaged in rendering legal, accounting, or other
professional services. If professional assistance is required, the
services of a competent professional person should be sought.
Neither the publisher nor the author shall be liable for any damages
arising here from. The fact that an organization or Website is
referred to in this work as a citation and/or a potential source of
further information does not mean that the author or the publisher
endorses the information the organization or Website may provide or
recommendations it may make.

Further, readers should be aware that the information presented in

the book may have changed between when this work was written
and when it is read. AWS Services are always evolving, so in case of
conflicting or confusing information please refer to AWS
documentation.
AWS CERTIFIED DATA
ANALYTICS -
SPECIALTY (DAS-C01)
EXAM DOMAINS
Domain 1: Collection
1.1 Determine the operational characteristics of the collection system.
1.2 Select a collection system that handles the frequency, volume, and the source
of data
1.3 Select a collection system that addresses the key properties of data, such as
order, format, and compression

Domain 2: Storage and Data Management

2.1 Determine the operational characteristics of the storage solution for analytics
2.2 Determine data access and retrieval patterns
2.3 Select appropriate data layout, schema, structure, and format
2.4 Define data lifecycle based on usage patterns and business requirements
2.5 Determine the appropriate system for cataloging data and managing metadata

Domain 3: Processing
3.1 Determine appropriate data processing solution requirements
3.2 Design a solution for transforming and preparing data for analysis
3.3 Automate and operationalize data processing solutions

Domain 4: Analysis and Visualization

4.1 Determine the operational characteristics of the analysis and visualization
solution
4.2 Select the appropriate data analysis solution for a given scenario
4.3 Select the appropriate data visualization solution for a given scenario

Domain 5: Security
5.1 Select appropriate authentication and authorization mechanisms
5.2 Apply data protection and encryption techniques
5.3 Apply data governance and compliance controls
CONTENTS

Introduction
Disclaimer
AWS Certified Data Analytics - Specialty (DAS-C01)
Exam Domains
Analytics
Application Integration
Compute
Customer Engagement
Database
Management And Governance
Machine Learning
Migration and Transfer
Networking and Content Delivery
Security, Identity, and Compliance
Storage
Additional Resources
Books By This Author
Reference
ANALYTICS

Amazon Athena
Serverless, interactive query service

Amazon CloudSearch
Managed Search Service

Amazon OpenSearch Service

(Previously Amazon Elasticsearch Service)
Run and Scale OpenSearch and Elasticsearch Clusters

Amazon EMR
Managed Hadoop framework

AWS Glue
Fully managed ETL (extract, transform, and load) service

Amazon Kinesis
Work with real-time streaming data

AWS Lake Formation

Build, secure, and manage your data lake

Amazon MSK
Fully managed service for Apache Kafka

Amazon QuickSight
Fast, easy to use business analytics

Amazon Redshift
Fully managed, Petabyte-scale data warehouse service
Amazon Athena

What?
• Amazon Athena is an interactive query service that makes it easy
to analyze data in Amazon S3 using standard SQL.
• Amazon Athena uses Presto with ANSI SQL support and works
with a variety of standard data formats, including CSV, JSON, ORC,
Avro, and Parquet.

Why?
• Athena is serverless, you don’t need to worry about configuration,
software updates, failures or scaling your infrastructure as your
datasets and number of users grow.
•With Athena Federated Query, you can run SQL queries across
data stored in relational, non-relational, object, and custom data
sources.

When?
• You want to tap into your data without setting up complex
processes to extract, transform, and load the data (ETL).
• You want to process logs, perform data analytics, and run
interactive queries.

Where?
• Amazon Athena is a regional service, but it can access data in
other regions or other AWS accounts.
• Athena works directly with data stored in S3.
• It also natively supports the AWS Glue Data Catalog.

Who?
• Athena is serverless service, so you don’t have to setup or manage
any infrastructure.
• Amazon Athena allows you to control access to your data by using
AWS IAM policies, Access Control Lists (ACLs), and Amazon S3
bucket policies.

How?
• To get started, Just point to your data in Amazon S3, define the
schema, and start querying using the built-in query editor.
• Results are displayed in the console, and automatically written to a
location of your choice in S3. You can also download them to your
desktop.

How much?
• Amazon Athena is priced per query and charges based on the
amount of data scanned by the query.
• It queries data directly from Amazon S3, so your source data is
billed at S3 rates.

Link to Service FAQs:

FAQs
Amazon CloudSearch

What?
• Amazon CloudSearch makes it easy to set up, manage, and scale
a search solution for your website or application.
• With Amazon CloudSearch you can search large collections of
data such as web pages, document files, forum posts, or product
information. You can use it to index and search both structured data
and plain text.

Why?
• CloudSearch hides all of the complexity and all of the search
infrastructure from you. You simply provide it with a set of
documents and decide how you would like to incorporate search
into your application.
• You don’t have to write your own indexing, query parsing, query
processing, results handling, or any of that other stuff.

When?
• You want to quickly add rich search capabilities to your website or
application and don’t want to worry about hardware provisioning,
setup, and maintenance.
• You don’t want to keep rewriting your code to add more features.

Where?
• Amazon CloudSearch is a regional service. When Multi-AZ is
enabled, it provisions and maintains resources for a search domain
in two Availability Zones to ensure high availability.
• Search traffic is distributed across both Availability Zones and the
instances in either zone are capable of handling the full load in the
event of a failure.

Who?
• Amazon CloudSearch is a managed service. As your volume of
data and traffic fluctuates, it seamlessly scales to meet your needs.
• It stores data and processes searches using search instances. As
your data expands, CloudSearch will automatically launch
additional search instances and/or scale to larger instance types.

How?
• Create and configure a search domain. A search domain includes
your searchable data and the search instances that handle your
search requests. Then upload the data you want to search to your
domain so Amazon CloudSearch indexes your data. Afterwards,
you can send a search request to your domain's search endpoint
as an HTTP/HTTPS GET request.
How much?
• Customers are billed according to their monthly usage across the
following dimensions: Search instances (per hour), Document batch
uploads (per 1,000 Batch Upload Requests), IndexDocuments
requests (per GB of data stored in your search domain) and
standard AWS data transfer charges.

Link to Service FAQs:

FAQs
Amazon OpenSearch Service

What?
• Amazon OpenSearch Service (successor to Amazon Elasticsearch
Service) is a managed service to deploy, operate, and scale
OpenSearch clusters in the AWS Cloud.
• OpenSearch is a fully open-source search and analytics engine for
log analytics, real-time application monitoring, and clickstream
analysis.

Why?
• OpenSearch Service provisions all the resources for your cluster,
reducing the overhead of self-managed infrastructures.
• It is also bundled with a dashboard visualization tool, OpenSearch
Dashboards, which helps visualize log and trace data, machine-
learning powered results for anomaly detection and search
relevance ranking.

When?
• You want to securely unlock real-time search, monitoring, and
analysis of business and operational data for use cases like
application monitoring, log analytics, observability, and website
search.
• You want to use machine learning to detect anomalies, autotune
your clusters, and personalize your search results.

Where?
• Amazon OpenSearch Service is a regional service.
• It offers customers the option to deploy their instances across one,
two, or three AZs.

Who?
• Amazon OpenSearch Service manages the work involved in
setting up a domain, from provisioning infrastructure capacity in the
network environment to installing the OpenSearch or Elasticsearch
software.
• Once your domain is running, it automates common administrative
tasks, such as performing backups, monitoring instances, and
patching software.

How?
• You can create a new Amazon OpenSearch Service domain with
the Domain Creation Wizard in the console.
While creating a new domain, you can specify the number of
instances, instance types, and EBS volumes you want allocated to
your domain.
How much?
• You are charged based on three dimensions: instance hours
(number of hours an instance is available to you for use); the
amount of storage; and for data transferred in and out of service.
• Storage pricing depends on the storage tier and type of instance
you choose.

Link to Service FAQs:

FAQs
Amazon EMR

What?
• Amazon EMR (Amazon Elastic MapReduce) is a managed cluster
platform that simplifies running big data frameworks, such as
Apache Hadoop and Apache Spark, on AWS to process and
analyze vast amounts of data.
• Using these frameworks and related open-source projects, you can
process data for analytics purposes and business intelligence
workloads.

Why?
• Amazon EMR simplifies building and operating big data
environments and applications.
• It enables you to quickly and easily provision as much capacity as
you need, and automatically or manually add and remove capacity.
This is very useful if you have variable or unpredictable processing
requirements.

When?
• You want to instantly provision as much or as little capacity as you
like on Amazon EC2 and set up scaling rules to manage changing
demand.
• You want to focus on transforming and analyzing your data without
having to worry about infrastructure provisioning, cluster setup,
configuration, open-source applications, or tuning.

Where?
• Amazon EMR launches all nodes (Master, Core, Optional Task
nodes) for a given cluster in the same Availability Zone of an AWS
Region.
• Amazon EMR clusters with multiple master nodes are not tolerant
to Availability Zone failures. In the case of an Availability Zone
outage, you lose access to the Amazon EMR cluster.

Who?
• Amazon EMR is a managed cluster platform.
• After you've launched your cluster, you can monitor and manage it.
Amazon EMR provides several tools you can use to connect to and
control your cluster.

How?
• You can launch a cluster by specifying the name of your cluster, the
location in Amazon S3 of your input data, your processing
application, your desired data output location, and the number and
type of Amazon EC2 instances you’d like to use.

How much?
• Customers pay for Amazon EMR charges (billed per-second, with
a one-minute minimum) plus backend compute charges (Amazon
EC2, Amazon EKS, AWS Outposts, Amazon EMR Serverless).

Link to Service FAQs:

FAQs
AWS Glue

What?
• AWS Glue is a fully managed ETL (extract, transform, and load)
service to categorize your data, clean it, enrich it, and move it
reliably between various data stores and data streams.
• It consists of a central metadata repository known as the AWS Glue
Data Catalog, an ETL engine, and a flexible job scheduler.

Why?
• AWS Glue automates much of the effort required for data
integration. AWS Glue crawls your data sources, identifies data
formats, and suggests schemas to store your data.
• It automatically generates the code to run your data
transformations and loading processes.

When?
• You want to organize, cleanse, validate, and format data for
storage in a data warehouse or data lake.
• You need a unified catalog to find data across multiple data stores;
explore data with self-service visual data preparation, or create,
run, and monitor ETL jobs without coding.

Where?
• AWS Glue is a regional service.
• A Glue Data Catalog is a regional component, but it can store
metadata information from data sources in different regions and
also from on-premises.

Who?
• AWS Glue is serverless, so there’s no infrastructure to set up or
manage.
• AWS Glue provisions, configures, and scales the resources
required to run your data integration jobs.

How?
• You define jobs in AWS Glue to accomplish the work that's required
to extract, transform, and load (ETL) data from a data source to a
data target.
• AWS Glue can generate a script to transform your data. Or, you
can provide the script in the AWS Glue console or API.

How much?
• With AWS Glue, you pay an hourly rate, billed by the second, for
crawlers and ETL jobs.
• For the AWS Glue Data Catalog, you pay a monthly fee for storing
and accessing the metadata.
• For development endpoint, you pay an hourly rate, billed per
second.

Link to Service FAQs:

FAQs
Amazon Kinesis

What?
• Amazon Kinesis makes it easy to collect, process, and analyze
real-time, streaming data.
• Amazon Kinesis capabilities - Amazon Kinesis Data Streams,
Amazon Kinesis Data Firehose, Amazon Kinesis Data Analytics
and Kinesis Video Streams.

Why?
• Amazon Kinesis enables you to process and analyze data as it
arrives and respond instantly.
• It can handle any amount of streaming data and process data from
hundreds of thousands of sources with very low latencies.

When?
• When you want to ingest real-time data such as video, audio,
application logs, website clickstreams, and IoT telemetry data for
machine learning, analytics, and other applications.
Where?
• Amazon Kinesis is a regional service.
• Kinesis Data Streams and Kinesis Data Firehose synchronously
replicate data across three Availability Zones, providing high
availability and data durability.

Who?
• Amazon Kinesis is fully managed and runs your streaming
applications without requiring you to manage any infrastructure.

How?
• After you create a Kinesis Data Firehose delivery stream or a
Kinesis Data Streams, configure your data producers to
continuously add data to your data stream.
• You can process streaming data through Kinesis Data Analytics
using SQL or Apache Flink.

How much?
• Amazon Kinesis Data Streams - on-demand and provisioned
option.
• Amazon Kinesis Data Firehose - pay for the volume of data you
ingest.
• Amazon Kinesis Data Analytics - hourly rate based on the number
of Kinesis Processing Units (or KPUs) used.

Link to Service Overview:

Overview
AWS Lake Formation

What?
• AWS Lake Formation is a fully managed service that makes it easy
to build, secure, and manage data lakes.
• A data lake is a centralized, curated, and secured repository that
stores all your data, both in its original form and prepared for
analysis.

Why?
• It simplifies and automates many of the complex manual steps
(collecting, cleansing, moving, and cataloging data, and securely
making that data available for analytics and machine learning) that
are usually required to create data lakes.

When?
• You want to build data lakes quickly, provide self-service access to
data and simplify security management.
• You need a single place to define and enforce access controls
through a simple grant or revoke mechanism that operate at the
table, column, row, and cell-level for all the users and services that
access your data.

Where?
• AWS Lake Formation is a regional service.
• Lake Formation uses the AWS Glue Data Catalog to store
metadata about data lakes, data sources, transforms, and targets.
Each AWS account has one Data Catalog (your persistent
metadata store) per AWS Region.

Who?
• Lake Formation provides its own permissions model that augments
the IAM permissions model.
• A data lake administrator can grant any principal any permission on
any Data Catalog resource or data location.

How?
• First, identify existing data stores in S3 or relational and NoSQL
databases, and move the data into your data lake. Then crawl,
catalog, and prepare the data for analytics. Next, provide your
users with secure self-service access to the data through their
choice of analytics services. It uses AWS Glue to orchestrate jobs
and crawlers.

How much?
• AWS Lake Formation provides database, table, column and tag-
based access controls, and cross-account sharing at no charge.
• Lake Formation charges a fee for data filtering (per TB of data
scanned), data processed by the storage optimizer, metadata
storage and the API requests.

Link to Service FAQs:

FAQs
Amazon MSK

What?
• Amazon Managed Streaming for Apache Kafka (Amazon MSK) is a
fully managed service to build and run applications that use open-
source versions of Apache Kafka to process streaming data without
needing infrastructure management expertise.

Why?
• Amazon MSK eliminates operational overhead, including the
provisioning, configuration, and maintenance of highly available
Apache Kafka and Kafka Connect clusters.
• Amazon MSK detects and automatically recovers from the most
common failure scenarios for clusters.

When?
• You want to operate, maintain, and scale Apache Kafka clusters;
provide enterprise-grade security features out of the box, and need
built-in AWS integrations that accelerate development of streaming
data applications.
• You want to use applications and tools built for Apache Kafka out of
the box without making any code changes.

Where?
• Amazon MSK provides open-source, highly secure Apache Kafka
clusters distributed across multiple Availability Zones (AZs), giving
you resilient, highly available streaming storage.

Who?
• Amazon MSK is a fully managed service.
• Amazon MSK provides the control-plane operations, such as those
for creating, updating, and deleting clusters. It lets you use Apache
Kafka data-plane operations, such as those for producing and
consuming data.

How?
• An Amazon MSK cluster is the primary Amazon MSK resource that
you can create in your account. Amazon MSK deploys a best
practice cluster configuration for Apache Kafka by default. Once
your Apache Kafka cluster has been created, you can create topics
using the Apache Kafka APIs.

How much?
• MSK - Broker instance charges, amount of storage, storage
throughput (optional), data transferred in and out of clusters.
• MSK Serverless - hourly rate for your serverless clusters and an
hourly rate for each partition that you create, storage you consume
data transferred in and out of clusters.

Link to Service FAQs:

FAQs
Amazon QuickSight

What?
• Amazon QuickSight is a cloud-powered business analytics service
that makes it easy to build visualizations, perform ad-hoc analysis,
and quickly get business insights from data.

Why?
• You can connect to any of the data sources discovered by Amazon
QuickSight and get insights from this data in minutes.
• Amazon QuickSight lets you quickly embed interactive dashboards
and visualizations into your applications without needing to build
your own analytics capabilities.

When?
• You want to ask business questions in natural language and
receive accurate answers with relevant visualizations to gain
insights from the data.
• You want to gain deeper insights through ad-hoc analysis and
machine learning capabilities such as anomaly detection,
forecasting, and natural language queries.

Where?
• Amazon QuickSight is a regional service but you can also explicitly
connect to other AWS data sources that are not in your account or
in a different region by providing connection details for those
sources.

Who?
• Amazon QuickSight is a fully managed service.
• It supports native IAM permissions for Amazon S3 and Amazon
Athena with fine-grained access control for serverless data
exploration.

How?
• Create a new analysis. Add new or existing datasets then choose
fields to create the first chart.
• QuickSight automatically suggests the best visualization or you can
add more charts, tables, or insights to the analysis.
• Publish the analysis as a dashboard to share it with other people.

How much?
• You pay month-to-month pricing for Authors and Readers.
• You pay for SPICE (Super-fast, Parallel, In-memory Calculation
Engine) capacity used.
• Accounts enabled with Q are charged a $250/month Q base fee
plus Q questions capacity pricing.

Link to Service FAQs:

FAQs
Amazon Redshift

What?
• Amazon Redshift is a fully managed, petabyte-scale data
warehouse, designed to analyze data and run complex queries.
• Amazon Redshift supports client connections with many types of
applications, including business intelligence (BI), reporting, data,
and analytics tools.

Why?
• The compute and storage capacity of on-premises data
warehouses are limited by the constraints of the on-premises
hardware. Amazon Redshift gives you the ability to scale compute
and storage independently.
• Amazon Redshift is a fully managed service, making it easy for you
to run and scale analytics without having to manage your data
warehouse.

When?
• You want to get real-time insights and predictive analytics on all
your data across your operational databases, data lake, data
warehouse, and third-party datasets.
• You want the benefit of massively parallel processing (MPP),
columnar data storage, and columnar data compression.

Where?
• Amazon Redshift is a regional service, but the Amazon Redshift
cluster is created in a Single AZ which consists of a leader node
and one or more compute nodes.
• Clusters can also be relocated to alternative AZs without any data
loss or application changes.

Who?
• Amazon Redshift service manages all of the work of setting up,
operating, scaling a data warehouse, provisioning capacity,
monitoring, backing up the cluster, applying patches, and upgrades
to the Amazon Redshift engine.
• You can use the default database to load data and run queries on
your data or you can create additional databases as needed.

How?
• As a first step, you launch a set of nodes, called an Amazon
Redshift cluster. Each cluster runs an Amazon Redshift engine and
contains one or more databases.
• Afterwards, you can upload your data set and then perform data
analysis queries using the same SQL-based and BI tools.
How much?
• Simply pay an hourly rate based on the chosen instance type
(Reserved or On-Demand) and number of nodes in your cluster.
• When you choose on-demand pricing, you can use the pause and
resume feature to suspend on-demand billing when a cluster is not
in use.

Link to Service FAQs:

FAQs
APPLICATION INTEGRATION
Amazon MQ
Managed Apache ActiveMQ and RabbitMQ

Amazon SNS
Managed message topics for Pub/Sub

Amazon SQS
Managed message queues

AWS Step Functions

Serverless function orchestrator
Amazon MQ

What?
• Amazon MQ is a managed message broker service.
• A message broker allows software applications and components to
communicate using various programming languages, operating
systems, and formal messaging protocols.
• Amazon MQ supports Apache ActiveMQ and RabbitMQ engine
types.

Why?
• Amazon MQ reduces your operational responsibilities by managing
the provisioning, setup, and maintenance of message brokers for
you.
• It simplifies the migration of brokers, such as IBM MQ and TIBCO
Enterprise Management Service (EMS), to the cloud.

When?
• You want to move to a fully managed cloud service without
rewriting the messaging code in your applications.
• You want to get direct access to the ActiveMQ and RabbitMQ
consoles and industry-standard APIs and protocols for messaging,
including JMS, NMS, AMQP 1.0 and 0.9.1, STOMP, MQTT, and
WebSocket.

Where?
• Amazon MQ is a regional service.
• It stores messages redundantly across multiple Availability Zones
(AZ) within an AWS region.

Who?
• Amazon MQ is a fully managed service.
• Amazon MQ manages administrative tasks such as hardware
provisioning, broker setup, software upgrades, and failure detection
and recovery.

How?
• You can create an Apache ActiveMQ or RabbitMQ broker and
connect your producers and consumers to Amazon MQ.
• You can select deployment mode (Single-instance broker or
Active/standby broker), storage type (Durability optimized or
Throughput-optimized), broker instance type and create access
credentials.

How much?
• You pay for the time your message broker instance runs (hourly
instance usage), the storage you use monthly (GB-Months), and
standard data transfer fees.

Link to Service FAQs:

FAQs
Amazon Simple Notification Service
(Amazon SNS)

What?
• Amazon Simple Notification Service (Amazon SNS) is a fully
managed push-based messaging service for both application-to-
application (A2A) and application-to-person (A2P) communication.
• It provides message delivery from publishers to subscribers (also
known as producers and consumers).

Why?
• Amazon SNS is a highly available, durable, secure, fully managed
pub/sub messaging service that enables you to decouple
microservices, distributed systems, and event-driven serverless
applications.
• Amazon SNS provides topics for high-throughput, push-based,
many-to-many messaging.

When?
• You can use Amazon SNS to support a wide variety of needs
including event notification, monitoring applications, workflow
systems, time-sensitive information updates, mobile applications,
and any other application that generates or consumes notifications.

Where?
• Amazon SNS is a regional service.
• A2A destinations - Amazon Kinesis Data Firehose, AWS Lambda,
Amazon SQS, AWS Event Fork Pipelines, HTTP/S.
• A2P destinations – SMS, Email, Platform endpoint, AWS Chatbot,
PagerDuty

Who?
• Amazon SNS is a fully managed service.
• Amazon SNS has its own resource-based permissions system that
uses policies written in the same language used for IAM policies.
This means that you can achieve similar things with Amazon SNS
policies and IAM policies.

How?
• Developers must first create a topic which is identifying a specific
subject or event type for publishing messages and allowing clients
to subscribe for notifications. Topic owner can set policies for it,
such as limiting who can publish messages or subscribe, or
specifying which protocols will be supported (i.e. HTTP/HTTPS,
email, SMS).

How much?
• Standard topic - number of monthly API requests made, and the
number of deliveries to various endpoints.
• FIFO topic - pricing is based on the number of published
messages, the number of subscribed messages, and their
respective amount of payload data.

Link to Service FAQs:

FAQs
Amazon Simple Queue Service
(Amazon SQS)

What?
• Amazon Simple Queue Service (SQS) is a fully managed message
queuing service that enables you to decouple and scale
microservices, distributed systems, and serverless applications.

Why?
• SQS eliminates the complexity and overhead associated with
managing and operating message-oriented middleware, and
empowers developers to focus on differentiating work.
• SQS scales elastically with your application so you don’t have to
worry about capacity planning and pre-provisioning.

When?
• You want to send, store, and receive messages between software
components, without requiring other services to be available.
• Use SQS standard queues for maximum throughput, best-effort
ordering, and at-least-once delivery. Use SQS FIFO queues to
guarantee that messages are processed exactly once, in the exact
order.

Where?
• Amazon SQS is a regional service.
• Amazon SQS stores all message queues and messages within a
single, highly-available AWS region with multiple redundant
Availability Zones (AZs), so that no single computer, network, or AZ
failure can make messages inaccessible.

Who?
• AWS manages the backend for Amazon SQS service, including
scaling and durability.
• Customers can control who can send messages to a message
queue and who can receive messages from a message queue.
Amazon SQS has its own resource-based permissions system.

How?
• Messages are sent from producers (applications, microservices,
and other AWS services) to SQS Queue.
• It stores messages and waits for consumer to poll.
• Consumer applications (Lambda Functions, EC2 Instances and
other AWS services) pull/poll the messages and process it.

How much?
• The cost of Amazon SQS is calculated per request, plus data
transfer charges for data transferred out of Amazon SQS.
• Each 64 KB chunk of a payload is billed as 1 request (for example,
an API action with a 256 KB payload is billed as 4 requests).

Link to Service FAQs:

FAQs
AWS Step Functions

What?
• AWS Step Functions is a serverless function orchestrator that
makes it easy to sequence AWS Lambda functions and multiple
AWS services into business-critical applications.
• AWS Step Functions state machines (workflows) are defined in
JSON using the declarative Amazon States Language.

Why?
• Through its visual interface, you can create and run a series of
checkpointed, event-driven workflows and build distributed
applications.
• Workflows manage failures, retries, parallelization, service
integrations, and observability so developers can focus on higher-
value business logic.

When?
• You want to create end-to-end workflows to manage jobs with
interdependencies for common use cases like, Data processing,
DevOps and IT automation, E-commerce, Web applications.
• You want to focus on application tasks rather than building complex
state management into all of your tasks.

Where?
• AWS Step Functions is a regional service.
• It has built-in fault tolerance and maintains service capacity across
multiple Availability Zones in each region to protect applications
against individual machine or data center failures.

Who?
• AWS Step Functions is a fully managed service. It manages
operations and underlying infrastructure to ensure your application
is available at any scale.
• You can run tasks on AWS, your own servers, or any system that
has access to AWS.

How?
• Using AWS Step Functions, you define state machines that
describe your workflow as a series of steps, their relationships, and
their inputs and outputs. States can perform work, make choices,
pass parameters, initiate parallel execution, manage timeouts, or
terminate your workflow with a success or failure.

How much?
•Step Functions counts a state transition each time a step of your
workflow is executed. You are charged for the total number of state
transitions across all your state machines, including retries.
•You may incur additional charges if your application workflow
utilizes other AWS services or transfers data.

Link to Service FAQs:

FAQs
COMPUTE
Amazon EC2
Virtual servers in the Cloud

Elastic Load Balancing (ELB)

Automatically distributes incoming application traffic across multiple
targets

AWS Lambda
Run code without thinking about servers
Amazon EC2

What?
• Amazon Elastic Compute Cloud (Amazon EC2) is a web service
that provides resizable computing capacity—literally, servers in
Amazon's data centers—that you use to build and host your
software systems.
• An Amazon EC2 instance is a virtual server in the AWS Cloud.

Why?
• Amazon EC2 reduces the time required to obtain and boot new
server instances to minutes, allowing you to quickly scale capacity,
both up and down, as your computing requirements change.
• Amazon EC2 changes the economics of computing by allowing you
to pay only for capacity that you actually use.

When?
• You want to run cloud-native and enterprise applications, scale for
High Performance Computing (HPC) applications, develop for
Apple platforms.
• You want complete control of your computing resources and run it
on Amazon’s proven computing environment.
• You want to import your virtual machine images to Amazon EC2.

Where?
• Amazon EC2 is a regional service.
• Amazon EC2 instances run in an Availability Zone.
• You can protect your applications from failure of a single location
by launching instances in separate Availability Zones.

Who?
• Customer must take care of OS patches, high availability, and
scaling.
• AWS provides tools and services for patch management, auto-
scaling, monitoring, backup and vulnerability scanning.
• AWS maintains the underlying system powering your instances.

How?
• Get started by selecting an Amazon Machine Image (AMI) followed
by Instance Type selection.
• You can also select additional settings like, disk size, security
group, network, start-up script etc.

How much?
• On-Demand Instance – Pay per second / hour.
• Reserved Instances / Savings Plan – Commitment for 1-year / 3-
year term.
• Spot Instances – Supply and Demand based pricing.

Link to Service FAQs:

FAQs
Elastic Load Balancing (ELB)

What?
• Elastic Load Balancing automatically distributes your incoming
traffic across targets, such as EC2 instances, containers, and IP
addresses, in one or more Availability Zones.
• You can deploy four types of load balancers – Application,
Network, Gateway, and Classic Load Balancer.

Why?
• Using a load balancer increases the availability and fault tolerance
of your applications.
• You can configure ELB to monitor the health of its registered
targets, and route traffic only to the healthy targets.
• ELB scales your load balancer as your incoming traffic changes
over time.

When?
• Application Load Balancer (ALB) to load balance HTTP/HTTPS
requests.
• Network Load Balancer (NLB) to load balance TCP, UDP, TLS
traffic.
• Gateway Load Balancer to use third-party virtual appliances that
support the GENEVE protocol.
• Classic Load Balancer for application running in the EC2-Classic
network.

Where?
• Elastic Load Balancing is a regional service.
• When you enable an Availability Zone for your load balancer, ELB
creates a load balancer node in the Availability Zone.
• AWS recommends enabling multiple Availability Zones for all load
balancers.

Who?
• ELB is a managed service and supports high availability, automatic
scaling, and robust security.
• With a Gateway Load Balancer, the customer is responsible for
choosing and qualifying software from appliance vendors.

How?
• You configure one or more listeners to accept incoming traffic and
register targets in target groups.
• ALB supports IP, Instance, Lambda as target group. NLB supports
IP, Instance, ALB as target group. GLB supports IP, Instance as
target group. Classic Load Balancers support Instances as target
group.

How much?
•You are charged for each hour or partial hour that a Load Balancer
is running. Plus there are per hour charges for Load Balancer
Capacity Units (LCU) for ALB, Network Load Balancer Capacity
Units (NLCU) for NLB and Gateway Load Balancer Capacity Units
(GLCU) for GLB. For CLB you are charged for each hour or partial
hour and for each GB of data transferred.

Link to Service FAQs:

FAQs
AWS Lambda

What?
• AWS Lambda is a serverless, event-driven compute service that
lets you run code for virtually any type of application or backend
service without provisioning or managing servers.
• AWS Lambda functions run for a maximum of up to 15 minutes per
invocation.

Why?
• With Lambda, you can run your code with zero administration
overhead.
• AWS Lambda takes care of everything required to run and scale
your code with high availability.
• You can set up your code to automatically trigger from other AWS
services or call it directly from any web or mobile app.

When?
• Lambda is best suited for shorter, event-driven workloads, such as
processing streaming data stored in Amazon Kinesis, or custom
events generated by your applications.
• You want to build data-processing triggers for AWS services such
as Amazon S3 and Amazon DynamoDB.

Where?
• AWS Lambda is a regional service. It runs your code on high
availability compute infrastructure in a region.
• It maintains compute capacity across multiple AZs in each AWS
Region to help protect your code against individual machine or data
center facility failures.

Who?
• Lambda performs all the administration of your compute resources
including server and operating system maintenance, capacity
provisioning and automatic scaling, code and security patch
deployment, and code monitoring and logging.
• All you need to do is supply the code.

How?
• The code you run on AWS Lambda is uploaded as a Lambda
function.
• Each function has associated configuration information, such as its
name, description, entry point, and resource requirements.
• Lambda will run your function by launching and managing compute
resources as needed based on incoming requests.
How much?
• Billing is metered in increments of one millisecond. You are
charged based on the number of requests for your functions and
the duration it takes for your code to execute.
• With Provisioned Concurrency, you pay for the amount of
concurrency you configure and the duration that you configure it.

Link to Service FAQs:

FAQs
CUSTOMER ENGAGEMENT
Amazon Simple Email Service
Email sending and receiving service
Amazon Simple Email Service

What?
• Amazon Simple Email Service (SES) is a cost-effective, flexible,
and scalable cloud-based email service that enables developers to
send mail from within any application.
• With Amazon SES, you can send email securely, globally, and at
scale to keep in contact with your customers through email.

Why?
• Building a large-scale email solution can be a complex and costly
challenge for a business: you have to build your infrastructure,
configure your network, warm up your IP addresses and protect
your sender reputation or use a third-party email solutions which
may require contract negotiations and significant up-front costs.
Amazon SES eliminates these challenges.

When?
• You want to send bulk communications (notifications,
announcements to large communities, and track results), marketing
emails (to promote your products and services, special offers,
newsletters) and transactional emails (trigger-based
communications from your application to customers, such as
purchase confirmations or password resets).

Where?
• Amazon SES is a regional service.
• All of the AWS resources (except S3 buckets) that you use for
receiving email have to be in the same AWS Region. For example,
if you use Amazon SES in the Oregon Region, then any Amazon
SNS topics, AWS KMS keys, and Lambda functions that you use
also have to be in the Oregon Region.

Who?
• Amazon SES is a managed service.
• You can configure Amazon SES quickly to support several email
use cases, including transactional, marketing, or mass email
communications.

How?
• Before you can send email from your email address through
Amazon SES, you must show Amazon SES that you own the email
address by verifying it.
• You can then send an email with Amazon SES using the SES
console, the Amazon SES SMTP interface, or the Amazon SES
API. To send bulk emails, you use either the SMTP interface or the
API.

How much?
• With Amazon SES, you pay based on the volume of emails sent
and received.

Link to Service FAQs:

FAQs
DATABASE

Amazon DocumentDB
Fully-managed MongoDB-compatible database service

Amazon DynamoDB
Managed NoSQL database

Amazon ElastiCache
Managed caching service for Redis and Memcached
Amazon Neptune
Fast, reliable graph database built for the cloud

Amazon RDS
Managed relational database service

Amazon Redshift
Fully managed, Petabyte-scale data warehouse service

Amazon Timestream
Fast, scalable, and serverless time series database
Amazon DocumentDB

What?
• Amazon DocumentDB (with MongoDB compatibility) is a fast,
scalable, highly available, and fully managed document database
service that supports MongoDB workloads, and makes it easy to
store, query, and index JSON data.
• Amazon DocumentDB is compatible with MongoDB 3.6 and 4.0.

Why?
• Self-managing MongoDB databases is difficult, time-consuming,
and expensive. With Amazon DocumentDB, you can set up,
secure, and scale MongoDB-compatible databases in the cloud
without worrying about manually setting up and securing database
clusters, running cluster management software, configuring
backups, and monitoring.

When?
• You want to migrate your MongoDB workloads to AWS Cloud and
run the same application code and use the same drivers and tools
that you use with MongoDB.
• You want to support millions of document read requests per second
by scaling compute and storage independently.

Where?
• Amazon DocumentDB is a regional service. It supports launching
instances for a cluster in multiple Availability Zones.
• For the storage layer, Amazon DocumentDB replicates six copies
of your data across three Availability Zones.
• Automated backups are stored in Amazon S3.

Who?
• Amazon DocumentDB is a fully managed document database
service which automates hardware provisioning, patching, setup,
and other database management tasks.
• It automatically grows the size of your storage volume as your
database storage needs grow.

How?
• You begin by creating an Amazon DocumentDB cluster.
• A cluster consists of zero or more database instances and a cluster
volume that manages the data for those instances. You can
connect a cluster by specifying its cluster endpoint.

How much?
• Amazon DocumentDB provides per second billing for instances,
with a 10-minute minimum billing period.
• It is priced in four dimensions: On-demand instances, Database
I/O, Database storage, Backup storage. You can temporarily stop
compute instances for up to seven days when you don’t need to
access your cluster.

Link to Service FAQs:

FAQs
Amazon DynamoDB

What?
• Amazon DynamoDB is a fully managed, serverless, NoSQL
database designed to support key-value and document data
models.
• DynamoDB has a flexible schema, to easily adapt the tables as
your business requirements change, without having to redefine the
table schema as you would in relational databases.

Why?
• DynamoDB offers built-in security, continuous backups, automated
multi-Region replication, in-memory caching, and data export tools.
• You can scale up or scale down your tables' throughput capacity
without downtime or performance degradation.

When?
• You want to build internet-scale applications supporting user-
content metadata and caches that require high concurrency and
connections for millions of users, and millions of requests per
second.
• You want to support high-traffic, extreme-scaled events, encryption
at rest with no operational overhead.

Where?
• DynamoDB is a regional service.
• All of your data is stored on SSDs and is automatically replicated
across multiple Availability Zones in an AWS Region.
• You can use global tables to keep DynamoDB tables in sync
across AWS Regions.

Who?
• Amazon DynamoDB is a fully managed service.
• It automatically scales tables to adjust for capacity and maintains
performance with zero administration.
• Availability and fault tolerance are built in and it also provides on-
demand backup capability.

How?
• DynamoDB stores data in a table. A table is a collection of items,
and each item is a collection of attributes. An attribute is a
fundamental data element, which does not need to be broken down
further.
• It uses primary keys to uniquely identify each item in a table and
secondary indexes to provide more querying flexibility.

How much?
• DynamoDB charges are calculated for reading, writing, and storing
data in tables, along with any optional features you choose to
enable.
• DynamoDB has two capacity modes, which come with specific
billing options for processing reads and writes on your tables: on-
demand and provisioned.

Link to Service FAQs:

FAQs
Amazon ElastiCache

What?
• Amazon ElastiCache is a fully managed, in-memory caching
service supporting flexible, real-time use cases.
• Amazon ElastiCache makes it easy to deploy and run Memcached
or Redis protocol-compliant server nodes in the cloud.

Why?
• Amazon ElastiCache improves the performance of web
applications by allowing you to retrieve information from a fast,
managed, in-memory system, instead of relying entirely on slower
disk-based databases.
• Amazon ElastiCache automates common administrative tasks and
eliminates the operational overhead of self-managed caching.

When?
• Use Amazon ElastiCache for Memcached for simplest model
possible, large nodes with multiple cores or threads.
• Use Amazon ElastiCache for Redis for complex data types (strings,
hashes, lists, sets, and bitmaps); sort or rank in-memory datasets,
persistence, automatic failover, pub/sub capabilities, backup and
restore capabilities.

Where?
• Amazon ElastiCache is a regional service.
• When creating a cluster or adding nodes to an existing cluster, you
can choose the availability zones for the new nodes.

Who?
• Amazon ElastiCache is a fully managed service. You do not need
to perform management tasks such as hardware provisioning,
software patching, setup, configuration, monitoring, failure recovery,
and backups.
• You have access to monitoring metrics of your nodes, enabling you
to diagnose and react to issues quickly.

How?
• You start using Amazon ElastiCache by creating a cluster. A cluster
is a collection of one or more cache nodes, all of which run an
instance of the cache engine software (either Redis or
Memcached).
• Your application connects to your cluster using endpoints. An
endpoint is a node or cluster's unique address.

How much?
• You are charged hourly based on the number of nodes, node type,
and pricing model you select.
• ElastiCache supports both on-demand nodes (pay by hour), and
reserved nodes (commit to either one-year or three-year terms).

Link to Service FAQs:

FAQs
Amazon Neptune

What?
• Amazon Neptune is a fast, scalable graph database service.
• Graph databases are optimized to store and query relationships
between data items.
• Neptune’s engine is optimized for storing billions of relationships
and querying the graph with milliseconds latency.

Why?
• Amazon Neptune provides high performance through the open and
standard APIs for graph frameworks.
• SQL queries for highly connected data are complex. Instead, with
Amazon Neptune you can use open and popular graph query
languages to execute queries that are easy to write and perform
well on connected data.

When?
• You have some of these use cases - Social networking, Knowledge
graphs, Life Sciences, Network / IT operations.
• You want to use graph query languages like Apache TinkerPop
Gremlin, the W3C’s SPARQL, and Neo4j's openCypher and don’t
want to worry about database management tasks such as software
patching, setup etc.

Where?
• Amazon Neptune is a regional service. It replicates six copies of
your data across three Availability Zones.
• It operates in a VPC and supports Multi-AZ Deployments with
Read Replicas.

Who?
• Amazon Neptune is a fully managed service.
• Neptune's storage is fault-tolerant and self-healing. It scales
storage automatically, growing storage and rebalancing I/Os to
provide consistent performance without the need for over-
provisioning.

How?
• Neptune uses graph structures such as nodes (data entities),
edges (relationships), and properties to represent and store data.
• You can create a database using pre-built configurations or choose
your own configurations. You can load data in CSV or Resource
Description Framework (RDF) formats and begin writing graph
queries.
How much?
• You pay for your database by the hour, using On-Demand
instances. You storage cost is calculated based on data stored,
number of I/O operations (requests) and backup storage. You also
pay for data transfer.
• Neptune notebook instance is priced per instance hour running in
Ready State.

Link to Service FAQs:

FAQs
Amazon RDS

What?
• Amazon Relational Database Service (Amazon RDS) is a
managed service that makes it easy to set up, operate, and scale a
relational database in the cloud.
• Amazon RDS supports Amazon Aurora, MySQL, MariaDB, Oracle,
SQL Server, and PostgreSQL database engines.

Why?
• You want to focus on your applications and business instead of
managing time-consuming database administration tasks.
• Once your database is up and running, Amazon RDS automates
common administrative tasks, such as performing backups and
patching the software that powers your database.

When?
• You need the capabilities of a familiar MySQL, MariaDB, Oracle,
SQL Server, PostgreSQL or Amazon Aurora database
• You want the flexibility of being able to easily scale the compute
resources or storage capacity associated with your relational
database instance.

Where?
• Amazon RDS can be deployed in a Single AZ or Multi-AZ. When
you provision a Multi-AZ database instance, Amazon RDS
synchronously replicates your data to a standby instance in a
different AZ.
• Amazon RDS Read Replica can be deployed in the same or
different AWS Region than the Amazon RDS Instance.

Who?
• Amazon RDS is a managed service.
• It manages the work involved in setting up a database, from
provisioning the infrastructure capacity you request to installing the
database software.
•You manage the database settings that are specific to your
application.

How?
• The basic building block of Amazon RDS is the DB instance. You
can get started by creating a DB instance that can contain one or
more databases.
• You can access your DB instance by using the same tools and
applications that you would use with a standalone database
instance.
How much?
• You are billed based on: DB instance hours, Storage (per GB per
month), Provisioned IOPS per month, Backup Storage and Data
transfer.
• Either you could use a on-demand instance and pay hourly rate or
purchase reserved instances (commit to either one-year or three-
year terms).

Link to Service FAQs:

FAQs
Amazon Redshift

Link to Service FAQs:

FAQs
Amazon Timestream

What?
• Amazon Timestream is a fast, scalable, fully managed, purpose-
built time series database service.
• Time series data is a sequence of data points recorded over a time
interval. This type of data is used for measuring events that change
over time like stock prices, temperature measurements, EC2
instance CPU utilization etc.

Why?
• Amazon Timestream saves you time and cost in managing the
lifecycle of time series data by keeping recent data in memory and
moving historical data to a cost optimized storage tier based upon
user defined policies.
• With Amazon Timestream, you don’t have to configure, monitor,
and manage the underlying infrastructure and a complex data
archival process.
When?
• You want to use an adaptive query engine that allows you to
access data across storage tiers using a single SQL statement.
• You want to use built-in time series analytics functions, helping you
identify trends and patterns in your data in near real-time for use
cases like IoT applications, DevOps applications, Analytics
applications.

Where?
• Amazon Timestream is a regional service. It replicates your data
across three different Availability Zones.
• It simplifies your data lifecycle management with a memory store
for recent data and a magnetic store for historical data through
configurable rules to automatically move data.

Who?
• Amazon Timestream is a fully managed serverless service and
automatically scales up or down to adjust capacity and
performance.
• Rather than pre-defining the schema at table creation time, a
Timestream table’s schema is dynamically created based on the
attributes of the incoming time series data.

How?
• You first start by creating a database in Amazon Timestream and
then you can send data to using data collection services such as
AWS IoT Core, Amazon Kinesis Data Analytics for Apache Flink,
and Telegraf, or through the AWS SDKs. You can use SQL to
access your time series data with your preferred business
intelligence tools using the JDBC driver.

How much?
• Amazon Timestream charges for usage based on the following
dimensions: Writes - the amount of data written from your
applications into a table. Queries - the amount of data scanned by
distributed query engine. Memory store, and Magnetic store - the
amount of data stored in the magnetic store of each table.

Link to Service FAQs:

FAQs
MANAGEMENT AND
GOVERNANCE

AWS Auto Scaling

Scale your entire application on AWS

AWS CloudFormation
Create and manage resources with templates

AWS CloudTrail
Track user activity and API usage

Amazon CloudWatch
Monitor resources and applications

AWS Trusted Advisor

Optimize performance and security
AWS Auto Scaling

What?
• AWS Auto Scaling enables you to quickly discover all of the
scalable resources underlying your application and set up
application scaling in minutes using built-in scaling
recommendations.
• AWS Auto Scaling automatically creates all of the scaling policies
and sets targets for you based on your preferences.

Why?
• It simplifies the scaling experience and enables unified scaling for
multiple resources, and has predefined guidance to configure
scaling.
• You can quickly see the average utilization of all of your scalable
resources without having to navigate to other consoles.

When?
• You should use AWS Auto Scaling if you have an application that
uses one or more scalable resources and experiences, variable
load. A good example would be an e-commerce web application
with ELB for distributing incoming traffic, Amazon EC2 for the
compute layer, and DynamoDB for the data layer.

Where?
• AWS Auto Scaling is a regional service.
• It supports automatic scaling for Amazon EC2, Amazon EC2 Spot
Fleets, Amazon ECS, Amazon DynamoDB and Amazon Aurora.

Who?
• AWS Auto Scaling scans your environment and automatically
discovers the scalable cloud resources underlying your application,
so you don’t have to manually identify these resources.
• You can optimize for availability, for cost, or a balance of both.

How?
• With AWS Auto Scaling, you configure and manage scaling for
your scalable AWS resources through a scaling plan. It lets you
choose scaling strategies to define how to optimize your resource
utilization.
• It creates target tracking scaling policies for all of the resources in
your scaling plan, using your selected scaling strategy.

How much?
• AWS Auto Scaling is free.
• AWS Auto Scaling is enabled by Amazon. Service fees for your
application resources and Amazon CloudWatch apply.

Link to Service FAQs:

FAQs
AWS CloudFormation

What?
• AWS CloudFormation is a convenient provisioning mechanism for
a broad range of AWS and third-party resources.
• It allows you to manage your provisioned resources in an orderly
and predictable fashion by treating infrastructure as code (IaC).

Why?
• You can use a template to create, update, and delete an entire
stack as a single unit, as often as you need to, instead of managing
resources individually.
• You can build your own resource providers and provision third-
party resources too.

When?
• You want to use a declarative way to scale your infrastructure
worldwide and manage resources across all AWS accounts and
regions through a single operation.
• You want a predictable, controlled approach for managing
resources across your application portfolio.

Where?
• AWS CloudFormation is a regional service, but it can deploy stacks
across multiple accounts and regions using StackSets.
• A CloudFormation template is stored in an Amazon S3 bucket.

Who?
• When you use AWS CloudFormation, you work with templates and
stacks. You create templates to describe your AWS resources and
their properties.
• Whenever you create a stack, AWS CloudFormation makes
underlying service calls to AWS to provision and configure
resources.

How?
• Use the AWS CloudFormation Designer or your own text editor to
create or modify a CloudFormation template in JSON or YAML
format that describes all the AWS resources that you need, and
CloudFormation takes care of provisioning and configuring those
resources (stack) for you.

How much?
• There is no additional charge for using AWS CloudFormation, you
pay for AWS resources created by it as if you had created them
manually.
Link to Service FAQs:
FAQs
AWS CloudTrail

What?
• AWS CloudTrail records actions taken by a user, role, or an AWS
service as events across your AWS infrastructure.
• When activity occurs in your AWS account, that activity is recorded
in a CloudTrail event. Events include actions taken in the AWS
Management Console, AWS Command Line Interface, and AWS
SDKs and APIs.

Why?
• Visibility into your AWS account activity is a key aspect of security
and operational best practices. AWS CloudTrail monitors and
records account activity, giving you control over storage, analysis,
and remediation actions.
• You can use CloudTrail to view, search, download, archive,
analyze, and respond to account activity across your AWS
infrastructure.
When?
• You want to identify who or what took which action, what resources
were acted upon, when the event occurred, and other details.
• You want to capture and consolidate user activity and API usage
across AWS Regions and accounts on a single, centrally controlled
platform.

Where?
• Activity information for services with regional end points (EC2, RDS
etc.) is captured and processed in the same region as the action is
made, and delivered to the region associated with your Amazon S3
bucket.
• You can create two types of trails - A trail that applies to all regions
and a trail that applies to one region.

Who?
• CloudTrail is enabled on your AWS account when you create it.
• If you have created an organization in AWS Organizations, you can
create a trail that will log all events for all AWS accounts in that
organization.
• CloudTrail publishes log files multiple times an hour, about every
five minutes.

How?
• You can view and search the last 90 days of events recorded by
CloudTrail in the CloudTrail console or by using the AWS CLI
without setting up a trail.
• For an ongoing record of activity and events in your AWS account,
create a trail. A trail is a configuration that enables delivery of
CloudTrail events to an Amazon S3 bucket, CloudWatch Logs, and
CloudWatch Events.

How much?
• You can deliver one copy of your ongoing management events to
Amazon S3 for free by creating a trail. You are charged for data
events or additional copies of management events.
• Once a CloudTrail trail is set up, Amazon S3 charges apply based
on your usage.

Link to Service FAQs:

FAQs
Amazon CloudWatch

What?
• Amazon CloudWatch allows you to collect, access, and correlate
metrics, logs, and events data on a single platform from across all
your AWS resources, applications, and services running on AWS
and on-premises.
• It breaks down data silos to better understand the health and
performance of your resources.

Why?
• Amazon CloudWatch helps you detect anomalous behavior in your
environments, set alarms, visualize logs and metrics side by side,
take automated actions, troubleshoot issues, and discover insights
to keep your applications running smoothly.

When?
• You want to use a single platform for observability and to collect
metrics for AWS and on-premises resources.
• You want to improve operational performance and resource
optimization, get operational visibility and insight to derive
actionable insights from logs.

Where?
• Amazon CloudWatch is a regional service.
• It supports creation of cross-account, cross-region dashboards too.
• You can also collect metrics from on-premises systems by
deploying an agent.

Who?
• It natively integrates with more than 70 AWS services.
• You can create alarms based on metric value thresholds, or use
alarms that can watch for anomalous metric behavior.
• You can install a unified CloudWatch agent to collect logs and
metrics.

How?
• CloudWatch is basically a metrics repository. It correlates your
metrics and logs to better understand the health and performance
of your resources.
• You can create alarms based on metric value thresholds, or alarms
for anomalous metric behavior based on ML algorithms.

How much?
• Charges are calculated for number of Metrics (including detailed
and custom metrics), APIs, Logs Ingested, Log Storage/Archival,
Logs Insights Queries (analyze Log Data), Events, dashboards,
alarms, Contributor Insights, Lambda Insights and Canaries.

Link to Service FAQs:

FAQs
AWS Trusted Advisor

What?
• AWS Trusted Advisor provides recommendations that help you
follow AWS best practices.
• Trusted Advisor evaluates your account using checks. These
checks are performed for cost optimization, performance, security,
fault tolerance, and service limits.

Why?
• Trusted Advisor draws upon best practices learned from serving
hundreds of thousands of AWS customers.
• The Trusted Advisor notification feature helps you stay up-to-date
with your AWS resource deployment.

When?
• You want recommendations to optimize your AWS infrastructure,
improve security and performance, reduce costs, and monitor
service quotas.
Where?
• AWS Trusted Advisor is a global service.
• You can set up the organizational view feature to create a report for
all member accounts in your AWS organization.

Who?
• AWS Trusted Advisor performs automated weekly refresh of
checks for accounts with AWS Business Support, AWS Enterprise
On-Ramp, and AWS Enterprise Support.
• You need to trigger these checks for accounts with AWS Developer
Support and AWS Basic Support.

How?
• Trusted Advisor scans your AWS infrastructure, compares it to
AWS best practices. You can use the Trusted Advisor console to
review check results for your AWS account and then follow the
recommended steps to fix any issues.

How much?
• There are no additional charges for Trusted Advisor.
• AWS Basic Support and AWS Developer Support customers can
access core security checks and checks for service quotas.
• AWS Business Support and AWS Enterprise Support customers
can access all checks.

Link to Service FAQs:

FAQs
AWS Well-Architected Tool

What?
• The AWS Well-Architected Tool helps you review the state of your
workloads and compare them to the latest AWS architectural best
practices. You can use AWS WA Tool to document and measure
your workload using the best practices from the AWS Well-
Architected Framework. It is based on the AWS Well-Architected
Framework (WAF).

Why?
• The AWS Well-Architected Framework provides a consistent
approach to evaluate architectures, and provides guidance to help
implement designs that scale with application needs over time.

When?
• You want to get guidance on how to design and operate workloads
that are reliable, secure, efficient, and cost-effective.
• You want to apply a consistent process to review and measure
your cloud architectures, want to understand potential risks in your
workloads, and use the results to identify next steps for
improvement.

Where?
• AWS Well-Architected Tool is a regional service.

Who?
• In addition to the standard guidance provided by the AWS Well-
Architected Framework and AWS-developed lenses, the AWS Well-
Architected Tool allows you to add specific best practice guidance
using custom lenses.

How?
• Define a workload - A workload is the collection of resources and
code that makes up a cloud application.
• Review workloads - against best practices across the Well-
Architected Framework, AWS-provided lenses, and custom lenses.
• Apply best practices – by following the provided step-by-step
guidance.

How much?
• There is no additional charge for the AWS Well-Architected Tool.

Link to Service FAQs:

FAQs
MACHINE LEARNING

Amazon SageMaker
Build, train, and deploy machine learning models
Amazon SageMaker

What?
• Amazon SageMaker is a fully managed Machine Learning (ML)
service. With SageMaker you can build and train machine learning
models, and then directly deploy them into a production-ready
hosted environment.
• It also provides common ML algorithms to run efficiently against
extremely large data in a distributed environment.

Why?
• SageMaker removes the heavy lifting from each step of the ML
process to make it easier to develop high-quality models.
• SageMaker provides all of the components used for ML in a single
toolset so models get to production faster with much less effort and
at lower cost.

When?
• You want more people to innovate with ML through a choice of
tools—integrated development environments for data scientists and
no-code visual interfaces for business analysts.
• You want to use popular deep-learning frameworks such as
TensorFlow, Apache MXNet, PyTorch without manual setup.

Where?
• Amazon SageMaker is a regional service.
• SageMaker APIs run in Amazon’s proven, high-availability data
centers, with service stack replication configured across three
facilities in each AWS Region to provide fault tolerance in the event
of a server failure or Availability Zone outage.

Who?
• Amazon SageMaker is a fully managed service. There are no
maintenance windows or scheduled downtimes.
• With native support for bring-your-own-algorithms and frameworks,
SageMaker offers flexible distributed training options that adjust to
your specific workflows.

How?
• 1. Generate example data – fetch, clean, prepare, or transform the
data.
• 2. Train and evaluate the model – use one of the algorithms that
SageMaker provides or build your own.
• 3. Deploy the model – you can deploy your model independently,
decoupling it from your application code.
How much?
• You have two choices for payment: an On-Demand Pricing that
offers no minimum fees and no upfront commitments, and the
SageMaker Savings Plans that offer a flexible, usage-based pricing
model in exchange for a commitment to a consistent amount of
usage.
• Different SageMaker components have different pricing
dimensions.

Link to Service FAQs:

FAQs
MIGRATION AND TRANSFER

AWS DMS
Managed database migration service

AWS DataSync
Simplifies, automates, and accelerates moving data

AWS Snow Family

A collection of physical devices that help migrate large amounts of
data
AWS Transfer Family
Fully managed file transfer into and out of AWS over SFTP, FTPS
and FTP automates, and accelerates moving data
AWS DMS

What?
• AWS Database Migration Service (DMS) helps you migrate
relational databases, data warehouses, NoSQL databases, and
other types of data stores into the AWS Cloud or between
combinations of cloud and on-premises setups.

Why?
• AWS DMS supports homogeneous migrations as well as
heterogeneous migrations between different database platforms.
• During migration DMS keeps the source database fully operational,
minimizing downtime.

When?
• You want to complete the migration process without installing any
drivers or applications.
• You want to perform one-time migrations and/or replicate ongoing
changes to keep sources and targets in sync without managing
complexities of migration process.

Where?
• AWS DMS replication instance is deployed in a region. It supports
Multi-AZ deployment and automatically provisions and maintains a
standby replica of the replication instance in a different Availability
Zone.
• At least one of the endpoint (source or destination) must be on an
AWS service.

Who?
• AWS DMS automatically manages the deployment, management,
and monitoring of all hardware and software needed for your
migration.
• You can scale up (or scale down) your migration resources as
needed to match your actual workload.

How?
• AWS DMS uses a replication instance (a managed EC2 instance
that runs replication software) for migration.
• At a high level, you create a replication server, create source and
target endpoints to connect to your data stores, and create one or
more migration tasks to migrate data between the source and
target data stores.

How much?
• You pay for your replication instances (by the hour) and any
additional log storage.
• All data transfer into AWS DMS is free, and data transferred
between AWS DMS and databases in Amazon RDS and Amazon
EC2 instances in the same AZ is also free. Any other data transfer
is billed separately at regular rates.

Link to Service FAQs:

FAQs
AWS DataSync

What?
• AWS DataSync is an online data transfer service to copy large
amounts of data between on-premises storage systems and AWS
Storage services.
• It also supports data transfer between AWS Storage services
including NFS, SMB file servers, HDFS, self-managed object
storage, AWS Snowcone, Amazon S3 buckets, Amazon EFS, and
Amazon FSx.

Why?
• DataSync removes many of the infrastructure and management
challenges you face when writing, optimizing, and managing your
own copy scripts, or deploying and tuning heavyweight commercial
transfer tools.
• It uses a purpose-built network protocol and scale-out architecture
to accelerate data transfer.
When?
• You want to migrate active data to AWS, archive data to free up on-
premises storage capacity; replicate data to AWS for business
continuity, or transfer data to the cloud for analysis and processing.

Where?
• AWS DataSync service is a regional service.
• It works through an agent which can be deployed on VMware
ESXi, KVM, Microsoft Hyper-V hypervisors, or it can be launched
as an Amazon EC2 instance.

Who?
• You manage DataSync Agent deployment and migration tasks.
• DataSync automates both the management of data-transfer
processes and the infrastructure required for high performance and
secure data transfer.

How?
• For on-premises to AWS transfer, first deploy and activate the
DataSync agent, then create and run a migration task by specifying
source, destination and required custom settings.
• When transferring data between AWS Storage services in the
same AWS account, you don’t need to deploy an agent.

How much?
• Pay only for the amount of data that you migrate based on a flat,
per-gigabyte fee according to your region. This fee covers the use
of network acceleration technology, managed cloud infrastructure,
data validation, and automation capabilities. With DataSync, there
are no resources to manage, no upfront costs, and no minimum
charge.

Link to Service FAQs:

FAQs
AWS Snow Family

What?
• The AWS Snow Family is a collection of purpose-built physical
devices that help you migrate large amounts of data into and out of
the cloud, offline (without depending on networks).
• The Snow Family, comprised of AWS Snowcone, AWS Snowball,
and AWS Snowmobile.

Why?
• It can take a long time to transfer large amounts of data over the
wire, and some locations don't have any connectivity at all. The
Snow Family helps expedite data transfers in a more secure and
cost-effective way.
• Each Snow Family device has a pre-set storage capacity level and
computing resources to collect and process data at the edge.

When?
• You want to migrate large amounts of data in the shortest, and
most cost-effective way for cloud migration, disaster recovery, data
center relocation, and/or remote data collection projects.
• You need computing resources closer to the data source to
enhance analysis and deliver real-time results.

Where?
• Snow Family services are available for use in specific AWS
Regions. The imported data is transferred into Amazon S3 bucket
in a selected region.
• You can install AWS OpsHub (a graphical user interface to manage
AWS Snow Family devices) on a client computer to perform tasks
such as unlocking and configuring single or clustered devices, and
transferring files.

Who?
• AWS prepares and ships the device to you as per your selection.
• Once the data migration job is complete and verified, AWS
performs a software erasure of the device that follows the National
Institute of Standards and Technology (NIST) guidelines for media
sanitization.

How?
• In the AWS Snow Family console, select your preferred device.
AWS prepares and ships the device to you.
• Once the device arrives, power it up and use AWS OpsHub to
unlock it. Use AWS OpsHub to manage the device, transfer data, or
use its compute resource. When done, shut down and return the
device to AWS.

How much?
• You pay a service fee per job, which includes a few days of device
use and a per-day fee for every additional day you use the device.
The service fee and per-day fee may vary by AWS Region and
device type.
• Depending on device type, a committed upfront pricing and
monthly rental options are also available.

Link to Service FAQs:

FAQs
AWS Transfer Family

What?
• AWS Transfer Family is a secure transfer service that enables you
to transfer files into and out of AWS storage services.
• It supports transferring data over Secure Shell (SSH) File Transfer
Protocol (SFTP), File Transfer Protocol Secure (FTPS), File
Transfer Protocol (FTP) from or to Amazon S3 and Amazon EFS.

Why?
• Transfer Family simplifies the migration of file transfer workflows to
AWS.
• It provides you with a fully managed, highly available file transfer
service with auto-scaling capabilities, eliminating the need for you
to manage file transfer related infrastructure.

When?
• You want to migrate your file transfer-based workflows to AWS
while maintaining your end users' clients and configurations as is.
• You want to keep on using commonly used file transfer clients such
as WinSCP, FileZilla, Cyberduck, OpenSSH and scripts.

Where?
• AWS Transfer Family allows you to create a regional endpoint (a
file transfer protocol-enabled server) for data transfer.
• It supports up to 3 Availability Zones and is backed by an auto
scaling, redundant fleet for your connection and transfer requests.
You get full redundancy across multiple Availability Zones within an
AWS Region.

Who?
• AWS operates and manages all of the compute, storage, and other
infrastructure necessary for your endpoint.
• You can access the endpoint using a hostname provided by the
service, or if you already have a domain name, you can use
Amazon Route 53 or any DNS service to route your users’ traffic to
the server endpoint in AWS.

How?
•First, you select the protocol(s) you want to enable your end users
to connect to your endpoint.
• Next, you configure user access using built-in authentication
manager or other identity provider.
• Finally, select the server to access S3 buckets or EFS file systems.

How much?
• You pay an hourly rate for an endpoint and charge for data uploads
and downloads.
• You are also charged standard request, storage, and data transfer
rates to read to and write from Amazon S3 or Amazon EFS.

Link to Service FAQs:

FAQs
NETWORKING AND CONTENT
DELIVERY
Amazon API Gateway
Build, Deploy and Manage APIs

AWS Direct Connect

Dedicated network connection to AWS

Amazon VPC
Logically isolated virtual network
Amazon API Gateway

What?
• Amazon API Gateway acts as a "front door" for applications to
access data, business logic, or functionality from your backend
services.
• Amazon API Gateway allows developers to create, publish,
maintain, monitor, and secure REST, HTTP, and WebSocket APIs.

Why?
• Amazon API Gateway provides developers with a service that
handles all aspects of creating and operating robust APIs for
application back ends.
• With API Gateway, you can launch new services faster and with
reduced investment so you can focus on building your core
business services.

When?
•You want to use a managed service to save the undifferentiated
heavy lifting involved in securely and reliably running APIs.
•You want to save effort on API development and API management
and generate client SDKs for a number of languages.

Where?
• Amazon API Gateway is a regional service.
• An API endpoint refers to the hostname of the API. For the REST
APIs the API endpoint type can be edge-optimized, regional, or
private, depending on where the majority of your API traffic
originates from.

Who?
• Amazon API Gateway is a fully managed service that.
• It handles all of the tasks involved in accepting and processing
concurrent API calls, including traffic management, authorization
and access control, monitoring, and API version management.

How?
• You can get started by creating and publishing an API or by
importing a supported API.
• Depending on the use case of your API, you can decide on a
number of characteristics of your API. For example, you might want
an API call to execute a Lambda function, make a database query,
or call an application.

How much?
• For HTTP and REST APIs, you pay only for the API calls you
receive and the amount of data transferred out. For WebSocket
APIs, you pay for messages sent and received and for the time a
user/device is connected to the API.
• API Gateway caching is charged at an hourly rate based on the
cache size.

Link to Service FAQs:

FAQs
AWS Direct Connect

What?
• AWS Direct Connect (DX) establishes a dedicated network
connection between your on-premises network and AWS. It links
your internal network to a DX location over a standard Ethernet
fiber-optic cable.
• With this connection in place, you can create virtual interfaces
directly to the AWS Cloud, bypassing the public internet.

Why?
• The AWS Direct Connect service is the shortest path to your AWS
resources.
• While in transit, your network traffic remains on the AWS global
network and never touches the public internet. This reduces the
chance of hitting bottlenecks or unexpected increases in latency.

When?
• You want to build hybrid applications that span AWS and on-
premises networks.
• You want to ensure smooth and reliable data transfers at massive
scale for large datasets and need predictable performance.

Where?
• AWS Direct Connect is a global service and available at locations
worldwide.
• An AWS Direct Connect location provides access to AWS in the
region with which it is associated.

Who?
• You need to make connections between the local service providers
used at your on-premises locations, or work with an AWS Direct
Connect Delivery Partner, to connect to AWS Direct Connect
locations.
• AWS does not act as your "first mile" or "last mile" provider.

How?
• After deciding on an AWS Direct Connect location and connection
size, create your connection request on the AWS management
console. Download Letter of Authorization (LoA) and provide it to
an APN partner and ask them to establish the connection on your
behalf.

How much?
• There are three factors that determine pricing: capacity (measured
in Mbps/Gbps), port hours (measured in the time that a port is
provisioned), and data transfer out (DTO) (charged per GB).
• AWS Direct Connect data transfer-in is free.

Link to Service FAQs:

FAQs
Amazon VPC

What?
• Amazon Virtual Private Cloud (Amazon VPC) enables you to
provision a logically isolated section of the AWS Cloud where you
can launch AWS resources in a virtual network that you have
defined.
• This virtual network closely resembles a traditional network that
you would operate in your own data center.

Why?
• You can define your own network space, and control how your
network and the resources inside your network are exposed to the
Internet.
• You can also leverage more granular access to and from the
Amazon EC2 instances in your virtual network.

When?
• You want to launch AWS resources in a logically isolated virtual
network and spend less time setting up, managing, and validating
your virtual network.
• You want to use multiple layers of security, including security
groups and network access control lists.

Where?
• VPC is a regional entity and spans across all of the Availability
Zones in the region.
• Each subnet must reside entirely within one Availability Zone and
cannot span zones. You can launch AWS resources, such as EC2
instances, into a specific subnet.

Who?
• Your AWS resources are automatically provisioned in a ready-to-
use default VPC or you can create additional VPCs.
• You can connect your VPC to other VPCs and on-premises
networks.

How?
• When you create a VPC, you must specify an IPv4 CIDR block for
the VPC.
• Afterwards, you can add subnets, route tables, security groups,
network access control lists, an internet gateway, and other
gateways as necessary.

How much?
• There is no additional charge for using a VPC.
• There are charges for some VPC components, such as NAT
gateways, Reachability Analyzer, and traffic mirroring. Usage
charges for other services still apply at published rates, including
data transfer charges.

Link to Service FAQs:

FAQs
SECURITY, IDENTITY, AND
COMPLIANCE

AWS AppSync
Real-Time Data Sync Using GraphQL

AWS Artifact
AWS compliance reports and agreements
AWS Certificate Manager (ACM)
Provision, manage, and deploy SSL/TLS certificates

AWS CloudHSM
Managed hardware security modules in the cloud

AWS IAM
Identity and access management for AWS resources

AWS KMS
Securely generate and manage AWS encryption keys

Amazon Macie
Automatically discover, classify, and protect sensitive data in AWS

AWS Secrets Manager

Rotate, manage, and retrieve secrets throughout their lifecycle

AWS Single Sign-On

SSO access to AWS accounts and business applications
AWS AppSync

What?
• AWS AppSync enables developers to interact with their data by
using a managed GraphQL service.
• GraphQL offers many benefits over traditional gateways,
encourages declarative coding style, and works seamlessly with
modern tools and frameworks, including React, React Native, iOS,
and Android.

Why?
• AWS AppSync offers simplified data access and querying, real-
time data access and updates, offline data synchronization, data
querying, caching, fine-grained access control, and custom domain
names.
• It lets you specify which portions of your data should be available in
a real-time manner using GraphQL Subscriptions.

When?
• You want to provide a single endpoint to securely query or update
data from multiple databases, microservices, and APIs.
• You want to automatically publish data updates to subscribed API
clients via serverless WebSockets connections by using AppSync
Pub/Sub APIs.

Where?
• AWS AppSync is a regional service.
• AWS AppSync SDKs support iOS, Android, and JavaScript.
• Using AWS AppSync, you can combine data from multiple sources,
including Amazon DynamoDB, AWS Lambda, and HTTP APIs.

Who?
• AppSync is a managed service, administration, auto-scaling, and
high-availability is built-in to the service.
• Amazon Amplify leverages AWS AppSync and other AWS services
to help you build more robust, powerful web and mobile apps with
less work.

How?
• AWS AppSync uses GraphQL, a data language that enables client
apps to fetch, change, and subscribe to data from servers.
• It provides a guided schema creation wizard, or you can import
from an existing Amazon DynamoDB table to create a real-time and
offline GraphQL API or build the entire backend with or without a
pre-existing schema.

How much?
• AWS AppSync is priced based on millions of requests and updates.
Caching costs an additional fee.
• You are billed separately for query and data modification
operations, and for performing real-time updates on your data.

Link to Service FAQs:

FAQs
AWS Artifact

What?
• AWS Artifact, is a compliance documents (also known as audit
artifacts) retrieval portal for AWS’ compliance documentation and
AWS agreements.
• An audit artifact is a piece of evidence that demonstrates that an
organization is following a documented process or meeting a
specific requirement.

Why?
• You can provide the AWS audit artifacts to your auditors or
regulators as evidence of AWS security controls.
• You can also use these documents as guidelines to evaluate your
own cloud architecture and assess the effectiveness of your
internal controls.

When?
• Use AWS Artifact Reports - to download AWS security and
compliance documents, such as AWS ISO certifications, Payment
Card Industry (PCI), and System and Organization Control (SOC)
reports.
• Use AWS Artifact Agreements - to review and accept of AWS
agreements such as the Business Associate Addendum (BAA).

Where?
• AWS Artifact is a global service.

Who?
• All AWS Accounts have access to AWS Artifact.
• Root users and IAM users with admin permissions can download
all audit artifacts available to their account by agreeing to the
associated terms and conditions.

How?
• AWS Artifact provides a self-service portal that provides customers
with on-demand access to compliance documentation and
agreements.
• You can review, accept, and manage agreements for individual
accounts or for all accounts in your AWS Organizations.

How much?
• There is no cost for using AWS Artifact.

Link to Service FAQs:

FAQs
AWS Certificate Manager (ACM)

What?
• AWS Certificate Manager (ACM) makes it easy to provision,
manage, deploy, and renew SSL/TLS certificates for use with AWS
services and your internal connected resources.
• SSL/TLS are industry standard protocols for encrypting network
communications and establishing the identity of websites.

Why?
• AWS Certificate Manager can help you meet regulatory and
compliance requirements for encryption of data in transit.
• It removes many of the time-consuming and error-prone steps to
acquire an SSL/TLS certificate.

When?
• You need free public certificates for ACM-integrated services, such
as Elastic Local Balancing (ELB), Amazon CloudFront, and API
Gateway.
• You want to automate renewal and deployment of certificates.
• You need to create private certificates for your internal resources
and manage the certificate lifecycle centrally.

Where?
• AWS Certificate Manager (ACM) is a regional service.
• Certificates generated by it can be used for ACM-integrated
services which could be global such as Amazon CloudFront
distribution.

Who?
• You can provide certificates for your integrated AWS services either
by issuing them directly with ACM or by importing third-party
certificates into the ACM management system.
• With ACM Private CA, you can create your own certificate authority
(CA) hierarchy and issue certificates.

How?
• Step 1 - Request or import a TLS/SSL certificate.
• Step 2 - Validate domain ownership for your requested certificate
using DNS or email validation to complete certificate issuance.
• Step 3 - Use your newly issued or imported certificates in
supported AWS services.

How much?
• Public and private certificates provisioned through ACM for use
with ACM-integrated services are free.
• For AWS Certificate Manager Private Certificate Authority (CA),
you pay monthly for the operation of the private CA and for the
private certificates you issue.

Link to Service FAQs:

FAQs
AWS CloudHSM

What?
• AWS CloudHSM provides single-tenant, tamper-resistant hardware
security modules (HSM) in your own Amazon VPC.
• An HSM is a special physical device that processes cryptographic
operations and provides secure storage for cryptographic keys.

Why?
• AWS CloudHSM automates time-consuming HSM administrative
tasks for you, such as hardware provisioning, software patching,
high availability, and backups.
• You can scale your HSM capacity quickly by adding and removing
HSMs from your cluster on-demand.

When?
• You need HSMs that comply with the U.S. Government’s FIPS 140-
2 Level 3 standard for cryptographic modules.
• You want to integrate with custom applications using industry-
standard APIs, such as PKCS#11, Java Cryptography Extensions
(JCE), and Microsoft CryptoNG (CNG) libraries.

Where?
• AWS CloudHSM is a regional service.
• It is recommended to use at least two HSMs across multiple AZs.
• You can also transfer your keys to other commercial HSM solutions
to make it easy for you to migrate keys on or off of AWS.

Who?
• AWS CloudHSM is a fully managed service.
• The encryption keys that you generate and use with CloudHSM are
accessible only by the HSM users that you specify. Separation of
duties and role-based access control is inherent in the design of the
service.

How?
•You start by creating a CloudHSM Cluster. Clusters can contain a
single HSM or multiple HSMs.
•HSMs in a cluster are automatically synchronized and load-
balanced. Each HSM appears as a network resource in your
Amazon VPC.

How much?
• You are charged an hourly fee for each hour (or partial hour) that
an HSM is provisioned to a CloudHSM Cluster.
• A cluster with no HSMs in it is not billed; you are also not billed for
automatic storage of encrypted backups.

Link to Service FAQs:

FAQs
Amazon Cognito

What?
• Amazon Cognito provides authentication, authorization, and user
management for your web and mobile apps.
• Your users can sign in directly with a user name and password, or
through a third party such as Facebook, Amazon, Google or Apple.
The two main components of Amazon Cognito are user pools and
identity pools.

Why?
• With Amazon Cognito, you can focus on creating great app
experiences instead of worrying about building, securing, and
scaling a solution to handle user management, authentication, and
sync across devices.
• You can use Android, iOS, and JavaScript SDKs for Amazon
Cognito to add user sign-up and sign-in pages to your apps.

When?
• Use User pools when you need a user directory that provides sign-
up and sign-in options for your users.
• Use Identity pools when you want your users to obtain temporary
AWS credentials to access AWS services, such as Amazon S3 and
DynamoDB.
• You can use identity pools and user pools separately or together.

Where?
• Amazon Cognito is a regional service.
• Cognito works with external identity providers that support SAML or
OpenID Connect, social identity providers (such as Facebook,
Twitter, Amazon) and you can also integrate your own identity
provider.

Who?
• Amazon Cognito is a fully managed service.
• Cognito exposes server-side APIs. You can create your own
custom interface to Cognito by calling these APIs directly.

How?
• Once you have created a user pool for user management or an
identity pool for federated identities or sync operations, you can
download and integrate the AWS Mobile SDK with your app.
• Alternatively, you can call the Cognito server-side APIs directly,
instead of using the SDK.

How much?
• You pay based on your monthly active users (MAUs).
• If you have enabled advanced security features for Amazon
Cognito, additional prices apply.
• Separate pricing applies for sending SMS messages for Multi-
Factor Authentication (MFA) and phone number verification.

Link to Service FAQs:

FAQs
AWS Identity and Access
Management (IAM)

What?
• AWS Identity and Access Management (IAM) provides fine-grained
access control across all AWS Services. With IAM, you can specify
who can access which services and resources, and under which
conditions.
• With IAM policies, you manage permissions to your workforce and
systems to ensure least-privilege permissions.

Why?
• You use IAM to control who is authenticated (signed in) and
authorized (has permissions) to use resources.
• You can grant other people permission to administer and use
resources in your AWS account without having to share your
password or access key.

When?
• You want to grant different fine-grained permissions to different
people for different resources.
• You need to use existing corporate identities to grant secure
access to AWS resources using Identity Federation.

Where?
• IAM is a global service.
• You use IAM to control access to tasks that are performed using
the AWS Management Console, the AWS Command Line Tools, or
service API operations using the AWS SDKs.

Who?
• You manage access to AWS by creating policies and attaching
them to IAM identities (users, groups of users, or roles) or AWS
resources.
• You can create multiple IAM users under your AWS account or
enable temporary access through identity federation. You can
delegate access to users or AWS services to operate within your
AWS account.

How?
• With IAM, you define who can access what by specifying fine-
grained permissions. IAM then enforces those permissions for
every request. Access is denied by default and access is granted
only when permissions specify an “Allow”.

How much?
• There is no charge to use IAM.
Link to Service FAQs:
FAQs
AWS KMS

What?
• AWS Key Management Service (KMS) is a managed service that
enables you to easily create and control the keys used for
cryptographic operations.
• The service provides a highly available key generation, storage,
management, and auditing solution to encrypt or digitally sign data
within your applications or control the encryption of data across
AWS services.

Why?
• AWS KMS presents a single control point to manage keys and
define policies consistently across integrated AWS services and
your own applications.
• It reduces your licensing costs and operational burden by providing
a scalable key management infrastructure.

When?
• You want to centrally create, import, rotate, delete, and manage
permissions on keys that control access to your data.
• You want to perform digital signing operations using asymmetric
key pairs to ensure the integrity of your data.

Where?
• AWS KMS is a regional service. KMS keys are never shared
outside the AWS region in which they were created.
• AWS KMS supports multi-Region keys, which are AWS KMS keys
in different AWS Regions that can be used interchangeably – as
though you had the same key in multiple regions.

Who?
• AWS KMS is a fully managed service.
• You control access to your encrypted data by defining permissions
to use keys, while AWS KMS enforces your permissions and
handles the durability and physical security of your keys.

How?
• AWS KMS uses hardware security modules (HSM) to protect and
validate your AWS KMS keys. An HSM is a physical device that
provides extra security for sensitive data. To protect data at rest,
integrated AWS services use envelope encryption, where a data
key is used to encrypt data, and is itself encrypted under a KMS
key.

How much?
• You pay US $1/month to store any key that you create. You also
pay for the number of API requests made to the AWS KMS.
• AWS managed keys that are created on your behalf by AWS
services are free to store. You are charged per-request when you
use or manage your keys beyond the free tier.

Link to Service FAQs:

FAQs
Amazon Macie

What?
• Amazon Macie is a fully managed data security and data privacy
service that uses machine learning and pattern matching to help
you discover, monitor, and protect sensitive data in your AWS
environment.
• Amazon Macie gives you constant visibility of the data security and
data privacy of your data stored in Amazon S3.

Why?
• Macie automates the discovery of sensitive data, such as
personally identifiable information (PII) and financial data, to
provide you with a better understanding of the data you store in
Amazon S3.
• It also allows you to define your own custom sensitive data types
using a regular expression (regex).

When?
• You want to automate discovery and reporting of sensitive data by
creating and running sensitive data discovery jobs using different
options for scheduling your data analysis, such as one-time, daily,
weekly, or monthly.
• You want to get an inventory of your S3 buckets, and automatically
evaluate and monitor those buckets for security and access
control.

Where?
• Amazon Macie is a regional service and provides multi-account
support.
• Macie also gives you the flexibility to identify sensitive data residing
in other data stores by temporarily moving it to S3. For example,
you can initiate Amazon RDS snapshots to Amazon S3 where it
can be evaluated by Macie.

Who?
• Amazon Macie is a fully managed service.
• If Macie detects sensitive data or potential issues, it creates
detailed findings for you to review and remediate as necessary.
• You can review and analyze these findings directly in Macie, or
monitor and process them by using other services, applications,
and systems.

How?
• Macie automatically provides an inventory of Amazon S3 buckets,
including a list of unencrypted buckets, publicly accessible buckets,
and buckets shared with AWS accounts outside those you have
defined in AWS Organizations. Then, Macie applies ML and pattern
matching techniques to the buckets you select to identify and alert
you to sensitive data.

How much?
• Cost is determined by two dimensions: You are charged based on
the total number of buckets evaluated and data processed for a
sensitive data discovery job (charged per GB per month).
• Apart from this, you will also incur the standard Amazon S3
charges for GET and LIST requests

Link to Service FAQs:

FAQs
AWS Secrets Manager

What?
• AWS Secrets Manager is a secret management service that
rotates, manages, and retrieves secrets throughout their lifecycle.
• A secret can be a password, a set of credentials such as a user
name and password, an OAuth token, or other secret information
that you store in an encrypted form in Secrets Manager.

Why?
• Secrets Manager enables you to replace hardcoded credentials in
your code, including passwords, with an API call to Secrets
Manager to retrieve the secret programmatically.
• It eliminates the investment and on-going maintenance costs of
operating your own secrets management infrastructure.

When?
• You want to easily rotate secrets and enable users and applications
to retrieve the secret without a code deployment.
• You need to audit and monitor secrets usage through integration
with AWS logging, monitoring, and notification services such as
AWS CloudTrail and Amazon CloudWatch.

Where?
• AWS Secrets Manager is a regional service.
• It allows you to replicate secrets in multiple AWS regions to support
your multi-region applications and disaster recovery scenarios.

Who?
• AWS Secrets Manager is a fully managed service.
• You can attach AWS IAM permission policies to your users, groups,
and roles that grant or deny access to specific secrets, and restrict
management of those secrets.

How?
• You can get started by storing a secret in Secrets Manager. To
retrieve secrets, you simply replace secrets in plain text in your
applications with code to pull in those secrets programmatically
using APIs.
• For rotation you can use a ready-to-use feature for supported AWS
services or write a custom AWS Lambda function.

How much?
• You pay for the number of secrets managed in Secrets Manager
(per secret per month ) and the number of Secrets Manager API
calls made (per 10,000 API calls).
• A replica secret is considered a distinct secret and charged
accordingly.

Link to Service FAQs:

FAQs
AWS Single Sign-On

What?
• AWS Single Sign-On is a cloud-based single sign-on (SSO) service
that makes it easy to centrally manage SSO access to all of your
AWS accounts, popular business applications, such as Salesforce,
and custom applications that support Security Assertion Markup
Language 2.0 (SAML).
• AWS Single Sign-On (AWS SSO) is now AWS IAM Identity Center.

Why?
• You should use AWS SSO to grant your employees access to AWS
accounts and business cloud applications, without writing custom
scripts or investing in general-purpose SSO solutions.
• It improves security by eliminating individual passwords needed for
each AWS account or cloud business application.

When?
• You want to create and manage user identities in AWS SSO’s
identity store, or connect to your existing identity source, including
Microsoft Active Directory, Okta Universal Directory, and Azure
Active Directory (Azure AD).
• You want to easily manage access and user permissions to all of
your accounts in AWS Organizations centrally.

Where?
• AWS SSO is a regional service.
• It provides you a directory by default that you can use to create
users and organize them into groups.
• You can control SSO access and user permissions across all your
AWS accounts in AWS Organizations.

Who?
• AWS SSO is for administrators who want to centralize user access
management across multiple AWS accounts and business
applications.e.

How?
• Enable AWS Single Sign-on and choose your identity source -
AWS SSO, Active Directory, or SAML 2.0, then manage user
permissions centrally for AWS Accounts, AWS Applications and
SAML Application. Afterwards, users can sign-on via their
personalized web user portal, AWS CLI, AWS SDKs, or Mobile
Console App.

How much?
• AWS SSO is offered at no extra charge.

Link to Service FAQs:

FAQs
STORAGE
Amazon EBS
Block storage for use with EC2 instances

Amazon S3
Scalable object storage in the cloud

Amazon S3 Glacier
Archive storage in the cloud
Amazon Elastic Block Store
(Amazon EBS)

What?
• Amazon Elastic Block Store (Amazon EBS) is a block-storage
service designed for Amazon EC2.
• Once an Amazon EBS volume is attached to Amazon EC2
instance, you can create a file system on top of it, run a database,
or use it for any other block storage need.

Why?
• Amazon EBS allows you to right-size your storage for performance
and capacity by dynamically increasing capacity, tuning the
performance, and changing the type of volumes with no downtime
or performance impact.
• Data stored on an Amazon EBS volume can persist independently
of the life of the instance.

When?
• Use Amazon EBS SSD-backed storage volume (io2, io2 Block
Express, io1, gp3, gp2) for transactional workloads (performance
depends primarily on IOPS, latency, and durability).
• Use HDD-backed storage volumes (st1 and sc1) for throughput-
intensive workloads (performance depends primarily on throughput
- MB/s).

Where?
• Amazon EBS volumes are placed in a specific Availability Zone
(AZ) within a Region.
• Volume in an AZ can only be attached to an instance in the same
AZ.
• Data stored on an Amazon EBS volume can persist independently
of the life of the instance.

Who?
• Amazon EBS volumes are auto replicated within AZs. You can
dynamically change the configuration of a volume attached to an
instance.
• You can snapshot an Amazon EBS volume and then restore it to
another AZ. Amazon EBS Snapshots (not volumes) can be copied
across regions and can be shared publicly or with specific AWS
accounts.

How?
• Create an Amazon EBS volume based on your application's needs
and attach it to either a new or existing EC2 instance. Once
attached, it will appear as a mounted device similar to any hard
drive or other block device.
• Afterwards, the instance can interact with the volume as it would
with a local drive, formatting it with a file system or installing
applications on it.

How much?
• Pricing for Amazon EBS Volumes is based on the amount of GB
you provision, additional input/output operations per second (IOPS)
and throughput beyond baseline performance.
• Amazon EBS snapshots charges are based on storage pricing
(GB-month), restore pricing (GB of data retrieved) and API calls.

Link to Service FAQs:

FAQs
Amazon Simple Storage Service
(Amazon S3)

What?
• Amazon Simple Storage Service (Amazon S3) is object storage
built to store and retrieve virtually any amount of data from
anywhere using a simple web service interface .
• It’s a simple storage service that offers durability, availability,
performance, security, and virtually unlimited scalability at very low
costs.

Why?
• Amazon S3 offers scalable storage to meet fluctuating needs with
99.999999999% (11 9s) of data durability without an upfront
investment.
• You want developers to build applications that make use of cloud-
native storage and focus on innovation instead of figuring out how
to store and manage their data.
When?
• You can use Amazon S3 for a range of use cases, such as data
lakes, websites, mobile applications, backup and restore, archive,
enterprise applications, IoT devices, and big data analytics.
• You need a storage that offers durability, availability, performance,
security, and virtually unlimited scalability at very low costs.

Where?
• Amazon S3 stores data as objects within buckets. A bucket is
created in an AWS Region and requires a globally unique name.
• With S3 Replication, you can replicate objects to one or more
destination buckets across regions, across accounts.

Who?
• Upon creation, only you have access to Amazon S3 buckets that
you create, and you have complete control over who has access to
your data.
• You can optimize costs, organize data, and configure fine-tuned
access controls to meet specific business, organizational, and
compliance requirements.

How?
• You can get started by creating a bucket in a specific region and
start storing objects in it. An object is composed of a file and any
metadata that describes that file.
• When you store data, you assign a unique object key (to retrieve
the data later), and can define access control and management
options.
How much?
• There are six Amazon S3 cost components to consider when
storing and managing your data— storage pricing, request and data
retrieval pricing, data transfer and transfer acceleration pricing, data
management and analytics pricing, replication pricing, and the price
to process your data with S3 Object Lambda.

Link to Service FAQs:

FAQs
Amazon S3 Glacier

What?
• Amazon S3 Glacier is one of the many different storage classes for
Amazon Simple Storage Service (Amazon S3), which is optimized
for infrequently used data, or "cold data".
• S3 Glacier provides durable and extremely low-cost storage with
security features for data archiving and long-term backup.

Why?
• Amazon S3 Glacier enables you to offload the administrative
burdens of operating and scaling storage to AWS, so you don't
have to worry about capacity planning, hardware provisioning, data
replication, hardware failure detection and recovery, or time-
consuming hardware migrations.

When?
• You want to store your data cost-effectively for months, years, or
even decades.
• You need to use query-in-place functionality, allowing you to run
powerful analytics directly on your archived data at rest.

Where?
• Amazon S3 Glacier is a regional service.
• Data is redundantly stored across multiple Availability Zones that
are physically separated within an AWS Region.

Who?
• Data stored in S3 Glacier is automatically encrypted by AWS.
• For storing your data, you can choose from three storage classes
optimized for different access patterns and storage duration - S3
Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, S3 Glacier
Deep Archive.

How?
• An archive is the base unit of storage in S3 Glacier. An archive is
any object, such as a photo, video, or document that you want to
store. Archives are stored in a Vault (a container for storing
archives).
• After you create a vault, you can upload archives directly into the
vault or use S3 lifecycle rules to transition data into it.

How much?
• S3 Glacier charges are calculated based on monthly storage (GB-
Month), number of requests (based on the request type), and data
retrievals (per GB). Incoming transfers are free.
• Amazon S3 Glacier has minimum capacity charges for objects
depending on the storage class you use.

Link to Service Overview:

Overview
ADDITIONAL RESOURCES

Check additional resources on Analogies Cloud Website

(YouTube Channel / Udemy Training / AWS Architecture Drag-and-drop Exercise /

Additional Books / PDFs of Service Summary Card / Become a Solutions Architect
Program)

https://analogiescloud.com/
About the Author

Ashish Prajapati

Ashish is a technical professional currently based in London, UK.

He is passionate about helping individuals and enterprises in learning the cloud

skills in an easy and fun way.

His deep background as a virtualization and cloud migration expert allows him to
leverage his field knowledge into the classroom by bringing real world examples to
learners.

His work has helped many cloud enthusiasts get started with the cloud, learn the
fundamentals, and achieve cloud certifications.

You can reach out to him through his LinkedIn profile for any feedback,
suggestions, or criticism.
BOOKS BY THIS AUTHOR
Cloud Computing Concepts And Tech Analogies
This book makes understanding cloud computing easy by providing
relatable examples that simplify the complex technology. By drawing
parallels between cloud concepts and everyday scenarios, we will
demystify cloud tech, and once you start to understand it, learning
cloud computing will be more enjoyable.

This book will help you learn about cloud computing in general and
AWS specifically, as you follow the journey of TrendyCorp—a
fictitious company gearing up to move from traditional IT to cloud
computing. You'll shape your understanding of the cloud through
scenarios of interactions between TrendyCorp's new hires, seasoned
IT professionals, external consultants, and the board of directors
engaged in modernizing their applications. These characters'
discussions and actions are focused on learning about cloud
services by drawing comparisons between the technology and
examples taken from real life. Through this book, you'll realize that
cloud computing concepts have more in common with your day-to-
day scenarios and situations than you've ever imagined.

This book offers a conversational and entertaining narrative that

anyone working in IT and looking to understand how the cloud works
will be able to follow. By the end of it, you'll have developed a clear
and simplified perspective of cloud technologie
REFERENCE

AWS Documentation
https://docs.aws.amazon.com/

AWS Pricing Calculator

https://calculator.aws/

AWS Architecture Icons

https://aws.amazon.com/architecture/icons/

AWS Management Console

https://aws.amazon.com/console/
AWS Official Website
https://aws.amazon.com/

AWS Certified Data Engineer
No ratings yet
AWS Certified Data Engineer
693 pages
AWS Cheatbook For Dummies
No ratings yet
AWS Cheatbook For Dummies
172 pages
Module 0
No ratings yet
Module 0
37 pages
1605192076066-614 DAS-C01 Study Guide
No ratings yet
1605192076066-614 DAS-C01 Study Guide
18 pages
Introduction To AWS
No ratings yet
Introduction To AWS
149 pages
WhizCard CLF C02 Cheat Sheet Nov 2024
No ratings yet
WhizCard CLF C02 Cheat Sheet Nov 2024
110 pages
FAANG Preparation Roadmap LMTS
No ratings yet
FAANG Preparation Roadmap LMTS
3 pages
Unit 7 by M P Patel
No ratings yet
Unit 7 by M P Patel
49 pages
PluralSight Ans and Ques Exam 1
No ratings yet
PluralSight Ans and Ques Exam 1
35 pages
Cheat Sheet AWS Solutions Architect Professional
No ratings yet
Cheat Sheet AWS Solutions Architect Professional
177 pages
Cheat Sheet AWS Data Engineer Associate
No ratings yet
Cheat Sheet AWS Data Engineer Associate
117 pages
Advanced Data Analytics with AWS
From Everand
Advanced Data Analytics with AWS
Joseph Conley
No ratings yet
Knowledge Graphs For Explainable Artificial Intelligence Foundations Applications and Challenges Studies On The Semantic Web Pascal Hitzler Eds Instant Download
No ratings yet
Knowledge Graphs For Explainable Artificial Intelligence Foundations Applications and Challenges Studies On The Semantic Web Pascal Hitzler Eds Instant Download
84 pages
AWS Solutions Architect Lesson 1
No ratings yet
AWS Solutions Architect Lesson 1
184 pages
AWS Services List and CLF02 Content - Services and Usage-1
No ratings yet
AWS Services List and CLF02 Content - Services and Usage-1
57 pages
AWS-New PPTS
100% (1)
AWS-New PPTS
110 pages
AWSomeDay 2021 2. Introduction To AWS Services - Compute.storage - Database
No ratings yet
AWSomeDay 2021 2. Introduction To AWS Services - Compute.storage - Database
32 pages
Aws de
No ratings yet
Aws de
75 pages
Aws Solution Architect
No ratings yet
Aws Solution Architect
27 pages
DevOps - Module 2 Notes
No ratings yet
DevOps - Module 2 Notes
49 pages
Data Analyst Certification
No ratings yet
Data Analyst Certification
10 pages
Clase 6 Diseñando El Data Mart
No ratings yet
Clase 6 Diseñando El Data Mart
57 pages
CIS Oracle Database 11g R2 Benchmark v2.2.0
No ratings yet
CIS Oracle Database 11g R2 Benchmark v2.2.0
161 pages
RSTR Addccptopics en
No ratings yet
RSTR Addccptopics en
25 pages
Handout Introduction To AWS Services Compute, Storage, Databases
No ratings yet
Handout Introduction To AWS Services Compute, Storage, Databases
32 pages
Final PPT Project
No ratings yet
Final PPT Project
26 pages
Seminar Report Final
No ratings yet
Seminar Report Final
23 pages
SAA 03 Notes
No ratings yet
SAA 03 Notes
32 pages
WhizCard AWS Certified Developer Associate (DVA C02)
No ratings yet
WhizCard AWS Certified Developer Associate (DVA C02)
87 pages
Read Building Conduit - Leanpub
No ratings yet
Read Building Conduit - Leanpub
93 pages
Cloud AWS - Introduction To AWS
No ratings yet
Cloud AWS - Introduction To AWS
55 pages
AWS Solutions Architect Lesson 1
No ratings yet
AWS Solutions Architect Lesson 1
150 pages
AWS Cloud Practitioner Essentials (CLF-C01)
0% (1)
AWS Cloud Practitioner Essentials (CLF-C01)
55 pages
Cinema Database
No ratings yet
Cinema Database
34 pages
Hunt CTI Indicators
No ratings yet
Hunt CTI Indicators
23 pages
AWS White Paper
No ratings yet
AWS White Paper
6 pages
Data Storage and AWS
No ratings yet
Data Storage and AWS
24 pages
Normalization Update2
No ratings yet
Normalization Update2
16 pages
Unit 6 - CC
No ratings yet
Unit 6 - CC
40 pages
ER Diagram (DB)
No ratings yet
ER Diagram (DB)
57 pages
WhizCard CLF C01 06 09 2022
No ratings yet
WhizCard CLF C01 06 09 2022
111 pages
Cloud Computing Activity - Unit 3
No ratings yet
Cloud Computing Activity - Unit 3
18 pages
Localhost - 127.0.0.1 - Dbintellectlink - PhpMyAdmin 5.2.1
No ratings yet
Localhost - 127.0.0.1 - Dbintellectlink - PhpMyAdmin 5.2.1
3 pages
AWS
100% (2)
AWS
115 pages
What Is Cloud Computing
No ratings yet
What Is Cloud Computing
67 pages
AWS Short Notes
100% (1)
AWS Short Notes
161 pages
Unity University Department of Computer Science: AWS (Amazon Web Service)
No ratings yet
Unity University Department of Computer Science: AWS (Amazon Web Service)
8 pages
Sanford N. AWS Certified Solutions Architect Associate (SAA-C02) 2021
100% (1)
Sanford N. AWS Certified Solutions Architect Associate (SAA-C02) 2021
378 pages
Data Warehousing: Assignment # 01
No ratings yet
Data Warehousing: Assignment # 01
16 pages
SRDC Rman Dbinfo
0% (1)
SRDC Rman Dbinfo
3 pages
AWS Certified Cloud Practitioner 03-09-2021
100% (1)
AWS Certified Cloud Practitioner 03-09-2021
111 pages
Sample VB Solution
No ratings yet
Sample VB Solution
15 pages
AWS Sheet - 2024
No ratings yet
AWS Sheet - 2024
13 pages
AWS Sheet
No ratings yet
AWS Sheet
15 pages
Triggers & Active Data Bases
No ratings yet
Triggers & Active Data Bases
10 pages
AWS Cheat Sheets
100% (5)
AWS Cheat Sheets
30 pages
Part 3 - Amazon Web Services
No ratings yet
Part 3 - Amazon Web Services
10 pages
BI Lecture 2 - Data Warehousing - Data Integration
No ratings yet
BI Lecture 2 - Data Warehousing - Data Integration
18 pages
Course Outline AWS
No ratings yet
Course Outline AWS
5 pages
A Survey On AWS Cloud Computing Security Challenges Amp Solutions
No ratings yet
A Survey On AWS Cloud Computing Security Challenges Amp Solutions
4 pages
Aws
No ratings yet
Aws
4 pages
AWS Solutions Architect: Associate Level
No ratings yet
AWS Solutions Architect: Associate Level
69 pages
Document 1
No ratings yet
Document 1
15 pages
Import Excel File Using PHPSpreadsheet Library in CodeIgniter 3 Using AJAX
No ratings yet
Import Excel File Using PHPSpreadsheet Library in CodeIgniter 3 Using AJAX
8 pages
AWSome Day - EN 1
No ratings yet
AWSome Day - EN 1
41 pages
Unit 3 - Notes
No ratings yet
Unit 3 - Notes
20 pages
AWS Sheet - 2024
No ratings yet
AWS Sheet - 2024
11 pages
18CSL58-DBMS LAB Excercise-1 Library Database
No ratings yet
18CSL58-DBMS LAB Excercise-1 Library Database
9 pages
AWS CPP CLF-C02 CheatSheet
100% (1)
AWS CPP CLF-C02 CheatSheet
21 pages
AWS Services - Analytics and ML
No ratings yet
AWS Services - Analytics and ML
2 pages
hw444 1
No ratings yet
hw444 1
1 page
AWS Report
No ratings yet
AWS Report
23 pages
Hana System Replication
No ratings yet
Hana System Replication
5 pages
MYSQL Day1
No ratings yet
MYSQL Day1
4 pages
AWS Cloud Practitioner (CLF C02)
100% (1)
AWS Cloud Practitioner (CLF C02)
102 pages
What Is AWS? Amazon Cloud (Web) Services Tutorial
No ratings yet
What Is AWS? Amazon Cloud (Web) Services Tutorial
10 pages
Maximo Install
No ratings yet
Maximo Install
3 pages
Chapter 5 - Recovery Techniques
No ratings yet
Chapter 5 - Recovery Techniques
24 pages
SAAC03-Services Summary
No ratings yet
SAAC03-Services Summary
8 pages
Amazon Web Services
No ratings yet
Amazon Web Services
7 pages
AWS Solution Architect Certification Exam Practice Paper 2019
From Everand
AWS Solution Architect Certification Exam Practice Paper 2019
Tech Interviews
3.5/5 (3)
HANA Question SAP
No ratings yet
HANA Question SAP
27 pages
Amazon Web Services (AWS) Interview Questions and Answers
From Everand
Amazon Web Services (AWS) Interview Questions and Answers
Tech Interviews
4.5/5 (3)
AWS Certified Cloud Practitioner - Practice Paper 4: AWS Certified Cloud Practitioner, #4
From Everand
AWS Certified Cloud Practitioner - Practice Paper 4: AWS Certified Cloud Practitioner, #4
Tech Interviews
No ratings yet
AWS Certified Cloud Practitioner - Practice Paper 1: AWS Certified Cloud Practitioner, #1
From Everand
AWS Certified Cloud Practitioner - Practice Paper 1: AWS Certified Cloud Practitioner, #1
Tech Interviews
4.5/5 (2)
IP Project Class 12th Anupriya
No ratings yet
IP Project Class 12th Anupriya
22 pages
AWS Certified Cloud Practitioner - Practice Paper 3: AWS Certified Cloud Practitioner, #3
From Everand
AWS Certified Cloud Practitioner - Practice Paper 3: AWS Certified Cloud Practitioner, #3
Tech Interviews
5/5 (1)
AWS Certified Cloud Practitioner - Practice Paper 2: AWS Certified Cloud Practitioner, #2
From Everand
AWS Certified Cloud Practitioner - Practice Paper 2: AWS Certified Cloud Practitioner, #2
Tech Interviews
5/5 (2)
Cooperative Process: Prepared & Presented By: Abdul Rehman & Muddassar Ali
No ratings yet
Cooperative Process: Prepared & Presented By: Abdul Rehman & Muddassar Ali
18 pages
LinuxCBT DBMS Edition Updates Notes
No ratings yet
LinuxCBT DBMS Edition Updates Notes
4 pages

AWS Certified Data Engineer

Uploaded by

AWS Certified Data Engineer

Uploaded by

INTRODUCTION

The information provided within this book is for general informational

Further, readers should be aware that the information presented in

Domain 2: Storage and Data Management

Domain 4: Analysis and Visualization

Amazon OpenSearch Service

AWS Lake Formation

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service Overview:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

AWS Step Functions

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Elastic Load Balancing (ELB)

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

AWS Auto Scaling

AWS Trusted Advisor

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

AWS Snow Family

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

AWS Direct Connect

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

AWS Secrets Manager

AWS Single Sign-On

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service FAQs:

Link to Service Overview:

Check additional resources on Analogies Cloud Website

(YouTube Channel / Udemy Training / AWS Architecture Drag-and-drop Exercise /

Ashish is a technical professional currently based in London, UK.

He is passionate about helping individuals and enterprises in learning the cloud

This book offers a conversational and entertaining narrative that

AWS Pricing Calculator

AWS Architecture Icons

AWS Management Console

You might also like