18SE02CE051

Amazon Web Services

Amazon Inspector

What is Amazon Inspector?

Amazon Inspector is an AWS service to test network accessibility of EC2 instance. It helps
you to identify vulnerabilities within your EC2 instances and applications. And allows you
to make security testing more regular occurrence as part of the development and IT
operations.
Amazon Inspector provides a clear list of security and compliance findings assigned a
priority by the severity level. Moreover, these findings can be analysed directly or as part
of comprehensive assessment records available via the API or AWS Inspector console.
AWS Inspector security assessments help you check for unintended network accessibility
of EC2 instances and vulnerabilities on those EC2 instances.

Features of AWS Inspector

Amazon inspector is a safe and reliable service we can use for security purpose in our
services, deployed applications etc. It’s an automated and managed service. Let’s see
some key benefits of AWS Inspector.
 Automated Service
 Regular Security Monitoring
 Leverage Aws Security Expertise
 Integrate Security Into DevOps

How Amazon Inspector Works?

Amazon Inspector performs an automatic assessment and generates a findings report
containing steps to keep the environment safe. To use this service, you need to define the
collection of AWS all the resources that complete the application to proceed and tested.
It is followed by adding and performing the security practices. You can also set the
duration of that assessment which can vary from 15 Min to 12 Hrs or last for one day.

An Inspector Agent runs on the EC2 machines hosting the application that monitors the
network, file system, and process activity. After collecting all the required data, it is
compared with the built-in security rules to identify security or compliance issues.
18SE02CE051

Amazon Inspector pricing

Amazon Inspector is a security assessment service for your Amazon EC2 instances and
the applications running on those instances. Pricing is based on two dimensions, the
number of EC2 instances included in each assessment, and the type(s) of rules package
you select. An Inspector assessment can have any combination of two rules package types
- host assessment rules packages and/or the network reachability rules package. Host
assessment rules packages include Common Vulnerabilities and Exposures (CVE), Center
for Internet Security (CIS) benchmarks, Security Best Practices, and Runtime Behavior
Analysis. If your assessments include both host rules packages and the network
reachability rules package, you will be billed for both separately.
With Amazon Inspector, there are no upfront investments required, no additional
software licenses or maintenance fees, and no need to purchase expensive hardware.
Flexible pricing based on assessment type and the number of instances included in each
assessment is ideal for applications deployed in the cloud. You only pay for what you use,
and it provides the flexibility to support popular dynamic use cases like continuous
deployment or auto scaling, where per-host or per-IP licensing models can be difficult to
manage due to dynamic changes in your cloud environment.

Amazon Chime

What is Amazon Chime?

Amazon Chime is a real-time audio, video conferencing and collaboration service hosted
by Amazon Web Services (AWS). Chime replaced Biba, an online meeting service acquired
by Amazon.
Amazon Chime enables business professionals to schedule online meetings and attend
them using audio or visual services. A Chime end user receives an automated notification
from Amazon Chime prior to the beginning of the meeting. An end user can mute or
unmute his or her microphone at any time, and the service provides an auto-generated
list of meeting attendees.

Amazon Chime features

 Online Meetings
 Video Conferencing
 Team Collaboration
 Business Calling
 Security and Administration
18SE02CE051

How Amazon Chime Works?

Amazon Chime pricing tiers

There are three different Amazon Chime subscription options:
Basic is free and includes one-on-one audio and video calls and group chat;
Plus costs $2.50 per user per month and includes all Basic features along with screen
sharing, remote desktop control, 1 GB of message history per user and integrates with
Active Directory;
Pro costs $15 per user per month and includes all Plus features. Pro also enables business
professionals to schedule and host meetings for three or more people -- up to 100
attendees -- record meetings, integrate with Outlook and use other features.
Amazon offers a free, 30-day trial of Pro features. Basic and Plus users can join meetings
that are hosted by Pro users, which allows a business to combine different license levels
to reduce costs.

Amazon SageMaker

What is Amazon SageMaker?

Amazon SageMaker is a managed service in the Amazon Web Services (AWS) public
cloud. It provides the tools to build, train and deploy machine learning (ML) models for
predictive analytics applications. The platform automates the tedious work of building a
production-ready artificial intelligence (AI) pipeline.
Machine learning has a range of uses and benefits. Among them are advanced analytics
for customer data and back-end security threat detection.
Deploying ML models is challenging, even for experienced application developers.
Amazon SageMaker aims to simplify the process. It uses common algorithms and other
tools to accelerate the machine learning process.
18SE02CE051

How does Amazon SageMaker work?

AWS SageMaker simplifies ML modeling into three steps: preparation, training and
deployment.
 Prepare and build AI models
Amazon SageMaker creates a fully managed ML instance in Amazon Elastic
Compute Cloud (EC2). It supports the open source Jupyter Notebook web
application that enables developers to share live code. SageMaker runs Jupyter
computational processing notebooks.
 Train and tune
Developers doing model training specify the location of the data in an Amazon S3
bucket and the preferred instance type. They then initiate the training process.
SageMaker Model Monitor provides continuous automatic model tuning to find
the set of parameters, or hyperparameters, to best optimizes the algorithm.
During this step, data is transformed to enable feature engineering.
 Deploy and analyze
When the model is ready for deployment, the service automatically operates and
scales the cloud infrastructure. It uses a set of SageMaker instance types that
include several graphics processing unit accelerators optimized for ML
workloads.
SageMaker deploys across multiple availability zones, performs health checks,
applies security patches, sets up AWS Auto Scaling and establishes secure HTTPS
endpoints to connect to an app. A developer can track and trigger alarms for
changes in production performance via Amazon CloudWatch metrics.

What features does SageMaker have?

Amazon has rolled out extra features in SageMaker since its 2017 launch. The features
are accessible in AWS SageMaker Studio, an integrated development environment (IDE)
that consolidates all the capabilities.
Users have two ways to create a Jupyter notebook:
1. as an Amazon EC2-powered ML instance directly in Amazon SageMaker; or
2. as a web-based IDE instance in SageMaker Studio.
The automation tools in AWS SageMaker Studio help users to automatically debug,
manage and track ML models. These SageMaker tools include the following:
 Autopilot enables AI models to be trained for a given data set and ranks each
algorithm by accuracy.
 Clarify flags potential bias that could skew ML models.
 Data Wrangler is used to speed up data preparation.
 Debugger monitors the metrics of neural networks to simplify the debugging
process.
 Edge Manager extends ML monitoring and management to edge devices.
 Experiments makes it easier to track different ML iterations, including how
changes degrade or improve a model's accuracy.
18SE02CE051

 Ground Truth speeds up data labeling and helps to lower labeling costs when
processing large AI training samples.
 JumpStart offers a set of customizable, predesigned AWS CloudFormation
templates.
 Model Monitor is an AWS-enabled ML tool to spot application-level deviations that
negatively affect the accuracy of predictions.
 Notebook creates Jupyter notebooks with one click and transfers the content of a
notebook for collaborative use.
 Pipelines offer developers ML services for continuous delivery and continuous
integration.

How does SageMaker's pricing work?

Historically, AWS charged each SageMaker user for the compute, storage and data
processing resources used to build, train, perform and log ML models and predictions.
Customers also paid for the S3 resources used to store the data sets for training and
ongoing predictions.
Today, there are two payment options: on-demand pricing and flexible pricing. Amazon's
on-demand pricing is billed by the second and does not require an upfront commitment
or a minimum fee.
In April 2021, Amazon announced flexible pricing with the Amazon SageMaker Savings
Plan for eligible SageMaker ML instance types. With the savings plan, customers can cut
costs by 64% compared with buying capacity on demand, Amazon said. To qualify for the
discount, customers must agree to consume a set amount of capacity, measured in dollars
per hour, for at least one year.
SageMaker is free on the AWS Free Tier. Customers pay only for Amazon services used
within SageMaker Studio.

Amazon Simple Queue Service (SQS)

What is Amazon Simple Queue Service (SQS)?

Amazon Simple Queue Service (SQS) is a managed message queuing service technical
professionals and developers use to send, store and retrieve multiple messages of various
sizes asynchronously.
The service enables users to decouple individual microservices, distributed systems and
serverless applications from one another and to scale them without requiring the user to
establish and maintain their own message queues.

How is Amazon SQS used?

Developers can use Amazon SQS to safely exchange messages between different software
components. Amazon SQS provides a standard web services application program
interface that users can access via common programming languages.
18SE02CE051

Amazon SQS supports tasks that process asynchronously. This means that rather than a
single application needing to invoke another one directly, the app can simply send a
message into a queue, where it waits. Other applications can then access the message
later.
There are two types of Amazon SQS queues: first-in, first-out (FIFO) and standard queues.

How Amazon SQS works

Amazon SQS is a distributed queue system that allows applications to queue messages
that are generated by one component and consumed by another component. SQS acts as
a temporary repository for messages and is used in situations where the messages are
produced at a higher rate but get processed at a lower rate.
There are three parts to the SQS messaging system - components of a distributed system,
a queue, and messages in the queue.
From the given image, you can see that a system consists of many producers (components
that generate messages and send it to the queue) and consumers (components that
retrieve messages from the queue and process them). Stay tuned with the AWS SQS
tutorial to learn more concepts of SQS.

Features of Amazon SQS

 No Data Loss
 Confidential data
 Each Request is handled independently
 Message Locking
 Two queue types
 Unlimited queues and messages
 Payload size

Amazon SQS Pricing

For the first 1 million, monthly requests are free. But after that, the user will be charged
which may vary depending upon the region. For eg. for the region, US (east), Amazon SQS
pricing is as follows-

 Standard queue - $0.40 ($0.0000004 per request)

 FIFO queue - $0.50 ($0.0000005 per request)

Amazon SQS does not require any upfront cost, and there is no need to buy, deploy, build
or maintain any supporting infrastructure. Amazon SQS' pricing structure is usage-based,
which can help provide substantial cost savings over self-managed messaging
middleware alternatives available on the market that have always-on pricing.
The AWS Free Tier enables Amazon SQS users to make up to 1 million Amazon SQS
requests for free each month.
18SE02CE051

Amazon Cognito

Amazon Cognito is an Amazon Web Services product that controls user authentication
and access for mobile applications on internet-connected devices. The service saves and
synchronizes end-user data, which enables an application developer to focus on writing
code instead of building and managing the back-end infrastructure. This can accelerate
the mobile application development process.

What is Amazon Cognito used for?

Amazon Cognito enables simple, secure user authentication, authorization and user
management for web and mobile apps. With Cognito, a user or visitor can sign in with a
username and password through Amazon, or through a third party like Facebook, Google
or Apple.

How Amazon Cognito authentication works: A 4-step process:

Here is how authentication works when identity pools and user pools are used together:
 User signs in through a user pool.
 Once successfully authenticated, they receive a user pool token.
 The app exchanges the token for AWS credentials through an identity pool.
 User can use these authenticated AWS credentials to access other services in the
AWS cloud.

Features of AWS Cognito

Here we discuss the top five features of AWS Cognito that makes it as an ideal choice of
the business owners. They are as follow.
 Scalable and secure user directory
 Social identity federation
 Multiple factor authentication
 Built-in customizable UI
 Access control

Amazon Cognito pricing

Monthly active users (MAUs) determine pricing for Amazon Cognito. A user is an MAU if
there is a sign-up, sign-in, token refresh, or password change operation related to that
user within a calendar month.
The first 50,000 MAUs are free. Thereafter, the pricing is based on a tiered model based
on the number of MAUs.
Charges for Cognito Sync are based on the number of synchronization operations and the
amount of data in the Cognito sync store. With the AWS free tier, an enterprise can store
10 GB of data and perform 1,000,000 sync operations in a month, for up to 12 months.
Once the free tier is exhausted, Amazon Cognito charges 15 cents per GB of sync storage
per month, and 15 cents for every 10,000 sync operations.