Region- geographically distinct, and physically isolated, represent geo locations,

minimum 2 AZs, 22 in number, biggest is US-EAST, billing info- US-EAST-1

AZ-Avai. zones, datacenters owned by AWS in region, represented as US-EAST-1a,
where a represents 1st AZ of US-EAST-1 region , <10ms latency between AZs, 69 in
number, fault isolation
Edge Locations- 158, owned by AWS or partner for fast content delivery, CDN, direct
connection to AWS nw, serves request for CloudFront, Route 53,,, S3 Transfer
acceln, API gateway traffic also use EL network, low latency, delivers
content(language converted) based on access region
auto scaling grp--- automatically spins instances as per conf, need to create
launch conf with AMI to create instance, needs minimum and max instance num.
deleting grp deletes created instances
elastic load balancer- balance traffic within instances, needs instances from diff
AZs, create target group with list of target instances, listener will listen to
port and move request to target based on configuration. does not kill instances on
termination
s3---- simple storage ser---- is global but buckets are region specific, can hold
data in key-value, can host static website, charged per gb and data out and not for
bucket count.
cloudFront----- Content Distrib Nw--- moves static data over nearest edge location
to user. fast content delivery
RDS--- Reln DB Service--- Postgres, SQLserver, Oracle, MySQL, MariaDB, Amazon
Aurora--- manages instances of MySQL and PostgreSQL---- automated backups as
default conf.
DynamoDB---- NoSQL cassandra like db, fully managed, scale at a push of a button
without incurring downtime
Lambda--- serverless functions--billed for num of requests and run time--can run
only upto 15 mins-- can be triggered from any event
Inspector---- vulnarability checks on EC2 machines, puts agent on on machines and
scans for vulnarabilities, how hardened is EC2 instance
trusted adviser---- advices on security, saving money, performance, service limits
and fault tolerence, free and developer support-7 checks, business and enterprise-
all checks, no report, real time guidance
consolidated billing------ One bill for all org members, it helps in volume
discounts(higher usage higher discount) by aggregating usage from all accounts, use
cost explorer to see member usages, those who left org wont be visible in explorer
cost-explorer------ visualize,understand and manage aws costs for org, also
provides forecasting full cost, provides reports, make ur own report,
Budgets--- 2 free, plan ur spendings and get notified for exceeds or approaching,
cost, usage, reservation budgets,
tags---- a key value pair used for grouping resources together
resource groups---- group of resources tagged together, should not be tagged from
different projects and with no connection
s3-glacier------ long term, slow retrieval mins to hours, 7-10 years, archieves,
backups,
storage gateway---- extension of on-prem storage to cloud, store at cloud with
local caching, hybrid solution from on-prem to cloud storage
SNS----simple notif service(SMS, emails(plain text), SQS,HTTP), practical and
internal AWS use cases, pub-sub and topic based,
SES----- Simple email service-- marketing emails, developer(app integration for
emails notif) emails, (supports html emails), professional, marketing emails, cloud
based email service, receive inbound emails, email templates, monitor emails
reputation, custom domain name emails
cloudFormation(CFN)-- Infrastructure as a code , configuration (JSON, YAML),
typically 30 mins deployment
Direct Connect --- Dedicated Fibre connection from on-prem data center to AWS
AWS Personal health dashboard----- provides alerts and remediation guidance when
AWS is experiencing events that may impact you, personalized view into the
performance and availability of the AWS services underlying your AWS resources.
alerts, notifications to plan for scheduled activities, alarms on resource health,
event visiility, guidance to dignose and resolve issues
AWS Service health dashboard------The dashboard provides access to current status
and historical data about each and every AWS service, displays the general status
of AWS services
cloud9----- Browser based IDE for fast and shared coding, prepackaged with 40+
programming language resources, real time sharing of IDE with team allows multiple
people to code together, supports serverless coding with included SDKs and testing,
provides direct CLI access to AWS compute servers, dev env on any ec2 server or any
ssh enabled machine
x-ray------ Analyze and debug production, distributed applications,identify
performance bottlenecks, edge case errors, and other hard to detect issues
AWS service catalog----- a central place to manage IT services and org provides, be
it may AWS services or any, manage versions, available updates, permissions and
authorizations, IT approved list, can integrate with ITMS tools like serviceNow,
JIRA,
Lightsail----easy to use cloud platform with pre-configured compute, storage,
static IP packages, choose package and deploy.ideal for simpler workloads, quick
deployments, and getting started on AWS, up scalable, preconfigured deployment
stacks like MEAN, LAMP, Nginx
code star--- integrating pipeline with Project mgmt tools(eg, JIRA), issue
tracking, continuous delivery
code pipeline--- automating CI, CodeCommit+codeBuild+codeDeploy,
codecommit---- git repository for AWS, code checkins, version management,
codedeploy---- deploys builds in instances, environment
code build----- building the checked code with build tools like maven, does unit
testing too, produces build files like binaries, .exe,
cognito---- web and mobile user management, authentication with third party logins
vpc peering----- connectivity service between 2 vpcs, connected privately, no need
of public/internet facing subnets, connection by aws managed backbone network, 2
vpcs can be from different regions or from different aws accounts, non transitive
routing- meaning in order to connect any vpc must have direct connection to other
vpc (eg. a-b and b-c doesnt mean a-c, there should be dedicated a-c connection)
transit gateway---- vpc peering causes issues in case of maze connections (due to
non transitive property), TG acts a hub to connect all vpcs to each other, this
also allows any on-prem data center to connect o vpc network via vpn or direct
connect
privateLink---- service level access to VPC resource from other VPC, full VPC is
not exposed, unlike TG,VPC peering, can be out of region VPC too
VPC endpoint (gateway)---- used to connect s3 or DynamoDB (Internet exposed) to VPC
private subnet directly without going thruogh public subnet and IGW., need same
region
VPC endpoint (interface)---- to connect other AWS internet based services like
SNS,SES, cloudWatch, SQS, routes traffic through Elastic Network Interface (ENI) to
private VPC subnet directly, needs same region
cloudHSM---- cloud-based hardware security module (HSM) that enables you to easily
generate and use your own encryption keys, meaning user has control over keys, can
set it as a keystore for KMS
Elastic mapReduce---- Spark/hadoop, aggregation, sorting distributed jobs, spark
jobs, managed hadoop cluster
Elasticache---- db caching for faster retrieval and less db calls
Rekognition---- Content filtering, Objectionable content finding and filtering
Kinesis---- click stream analysis, capture user web/app clicks for future
recommendations(ads),
glue---- ETL operations
Redshift----- data warehouse service(petabytes), columner db, can be analyzed using
SQL and BI tools
Athena---- SQL query interface for s3,
QuickSight---- BI, reporting, visualization
API Gateway---- managed API service, code APIs and deploy
KMS----key mgmt service, encrypt data stored anywhere, fully managed
ACM---- Amazon Certi Manager--- manage digital certificates (SSL/HTTPS), at
cloudfront or ELB level,
WAF---- Web Appl Firewall, at cloudfront or ALB level, cross sight scripting, SQL
injection, DDoS(sometimes) etc...
route tables----vpc/subnet level tables to keep all posssible routing info, entries
in route tables will decide inbound/outbound/intra communication
security groups----instance level access and security, protocol and port level
security, set of rules to filter incoming and outgoing traffic, be default
everything is denied, set rules to allow
NAT---- nw address translation, used when a private subnet needs outbound internet
connection, resides in public subnet and communicates between private subnet and
internet.
fargate----serverless compute engine for containers it works with both ECS and EKS,
no need to worry about instances in container, auto scaling and load balancing
AWS Calculator/AWS monthly Calculator----- monthly estimate of all services u use.
TCO----- cost of moving to AWS, enviroment,server type, compute and storage
comparison
opsWorks---- Conf management service providing managed instances of chef and
puppet, chef and puppet are automation platforms allowing to use code to automate
server configurations.
appSync----fully managed service that makes it easy to develop GraphQL APIs by
handling the heavy lifting of securely connecting to data sources like AWS
DynamoDB, Lambda, and more, auto-scale to meet api request volumes
AWS Amplify----end-to-end solution that enables mobile and front-end web developers
to build and deploy secure, scalable full stack applications, powered by AWS,
configure app backends in minutes, connect them to your app in just a few lines of
code, and deploy static web apps in three steps
S3 Transfer accln---- fast, easy and secure file transfer over long distance
between client and s3 bucket
ElasticSearch---- fully managed amazon search service based on open-source software
CloudTrail---- logging communication between services, monitor API activity within
account
Neptune----- create sophesticated interactive graph application
AWS Systems Manager----service allows an organization to view operational data from
multiple AWS services through a unified user interface and automate operational
tasks