Cloud computing, also known as serverless computing, is a technique that uses the internet to store and manage data on remote servers, and then allows users to access the data via the internet. Cloud computing customers do not own physical properties; they rent them out to third-party service providers.
Cloud services include on-demand self-service, broad network connectivity, resource sharing, and elasticity. Cloud computing has been so successful because of its simplicity in its usage. They are a cost-effective solution for enterprises. Optimal Server Utilisation, On-demand cloud services (satisfying clients), and Dynamic Scaling, among other things, are all included in this package. Google Cloud, for example, includes a suite of public cloud services offered by Google.
Types of Cloud:
- There are three cloud types: Public, Private, and Hybrid.
- The public cloud is where services provided by third-party vendors are available online.
- Private clouds are managed in-house or by third parties exclusively for a particular business.
- A hybrid cloud combines the features of both public and private clouds.
The sensitivity of the data and applications, industry certifications and standards, and other factors may determine whether to run services on public or private clouds.
What is AWS?
Amazon Web Services, Inc. (AWS) provides cloud computing platforms and APIs to individuals, organisations, and governments. These web services offer distributed computing processing capacity and software tools via AWS server farms. Amazon Elastic Compute Cloud (EC2), on which users can create a virtual cluster of computers at any time, provides computing resources that mimic almost all of a real computer's attributes, including hardware central processing units (CPUs) and graphic processing units (GPUs). It includes local/RAM memory, hard-disk/SSS storage, operating systems, networking, and preloaded application software such as web servers, databases, and customer relationship management (CRM).
1. Compute
| Category | Service | Description |
|---|---|---|
Instances(Virtual machines)
| EC2 | Web-scale cloud computing is simplified using It. |
| EC2 Spot | Up to 90% off fault-tolerant workloads are run by using this. | |
| EC2 Autoscaling | To meet changing demand, automatically add or remove compute capacity. | |
| Lightsail | To create & operate a virtual private server with AWS using the simplest method available. A cloud platform that includes everything you need to create an application or website. | |
| Batch | Allows developers, scientists, and engineers to create and run hundreds of thousands of batch processing jobs on Amazon Web Services (AWS) | |
Containers
| Elastic Container Service (ECS) | A scalable, secure, and highly efficient way to run containers. |
| Elastic Container Registry (ECR) | You can store, manage, and deploy container images easily. | |
| Elastic Kubernetes Service (EKS) | A fully managed service. | |
| Fargate | Its is used as Serverless compute for containers | |
| Serverless | Lambda | Pay only for the compute time you consume, instead of running code without thinking about servers. |
Edge and hybrid
| Outposts | You can have a truly consistent hybrid experience with AWS infrastructure and services on your own premises. |
| Snow Family | Formalise, process, and store data in rugged or disconnected edge environments. | |
| Wavelength | It is used to deliver ultra-low latency application in devices using 5G | |
| VMware Cloud on AWS | Work faster by innovating faster, rapidly shifting to the cloud, and securely working from anywhere. | |
| Local Zones | It runs latency-sensitive applications closer to the end-users. |
2. Storage
| Service | Description |
|---|---|
| AWS S3 | S3 is a distributed database that is connected to every device in the network through the Internet. It uses a peer-to-peer model, meaning that data is not stored on a central server. Instead, data is stored directly between the user and the service that the user is trying to access. This provides a faster and more reliable service than a traditional database would because it does not have to be transferred when a change is made. |
| AWS Backup | AWS Backup automates the entire backup process from storage to delivery — removing the need to manually input and process backup data. It provides end-to-end encryption of your backup data to help keep your data secure. AWS Backup is a highly efficient and cost-effective way to protect your business data. |
| Amazon EBS | Amazon Elastic Block Store provides block-level storage volumes. These storage volumes are created and managed from the web service's dashboard and can be used to backup your application data and store your logs. By providing storage volumes for your applications, you can create a controlled, low-cost way to backup your application data and store your application logs in the cloud. You can also use the Elastic Block Store as a way to automatically rotate your application data to prevent data loss in the case of a hard or software failure. |
| Amazon EFS Storage | EFS is a blob Storage. Amazon EC2 instances can store files in EFS. You can think of it as a hosting service that offers you cloud storage for free. You can store any type of file with this cloud storage, and it's very fast. You can get up to 2 TB storage for free. You can increase this storage limit by purchasing more space. EFS provides an option to encrypt your files. |
| Amazon FSx | FSx for Windows Server and Lustre (fully managed high-performance file systems built on Windows Server) offer native compatibility and characteristic sets for workloads. FSx for Windows Server (favourite storage built on Windows Server) and Lustre (favourite file system integrated with S3) are available as FSx for Windows Server. |
| AWS Storage Gateway | A storage gateway enables an on-premise software appliance to communicate with cloud-based storage. It provides an edge-led, no-premium, high-speed connection between the software and storage provider, allowing for a more cost-effective and efficient delivery of software and data to customers. The service can be accessed via a mobile device or web browser and eliminates the need for customers to maintain large, expensive on-premises data centres. Some of the benefits of using a data centre as opposed to a cloud provider include lower costs, longer operational flexibility due to lower operational costs, and availability of human resources for support. A data centre can be more than just a place to park servers. It can be a hub for other business processes, enabling a higher level of integration between the data and the applications that generate it. |
| AWS DataSync | DataSync is simple and efficient data transfer between on-premises storage and S3, EFS, or FSx for Windows File Server. DataSync can also be used to migrate your on-premises data to S3 and other cloud storage providers. DataSync offers both a server software and client software option. With the client software, you can create a disconnected storage pool and then connect the server to the storage pool using DataSync. With the server software, you can create a disconnected storage pool and then connect the storage pool to the on-premises data hub using DataSync. |
| AWS Transfer Family | Transfer Family is designed to provide seamless file transfers into & out of S3. |
| AWS Snow Family | Snow Family devices are highly-secured, portable computers that collect and transmit data at the edge, and migrate data between AWS and other systems. |
3. Database
Database type | Use cases | Service | Description |
|---|---|---|---|
| Relational | Ecommerce websites, Traditional sites etc. | Aurora, Redshift, RDS | RDS enables you to easily set up, control, and scale a relational database in the cloud. |
| Key-value | Ecommerce Websites, gaming websites etc. | DynamoDB | DynamoDB is a highly-scalable, real-time database that provides advanced features such as automatic ETL (Extract, Transform, Load) and real-time analytics. It is also a non-relational database, which means it does not store query results.DynamoDB is engineered with low latency and high availability in mind. It combines the scalability and performance of a database with the flexibility of a JavaScript application store. |
| In-memory | Coding Leadeboards | ElastiCache for Memcached & Redis | ElastiCache is a tool for web application accelerating the process of setting up and populating an in-memory cache with data. You can use it to speed up page loads and to make your application more responsive. ElastiCache is a centralised tool for setting up and populating an in-memory cache with data. You can use it to speed up page loads and to make your application more responsive. |
| Document | Content Management | DocumentDB | DocumentDB provides a complete turnkey solution for building data-based apps at scale, with the ability to scale up or down as needed to meet the needs of your business. It can be used to store almost any data, including big data, as well as run serverless SQL query against the data. It's scalable, efficient, and easy to use. It's also open source and community driven, so if you have any suggestions or feedback, don't be afraid to drop a line. |
| Wide column | Fleet management system | Keyspaces (for Apache Cassandra) | Keyspacesis is designed to be used in tandem with Apache Cassandra as the primary database for high-throughput workloads. The key to using Key Spaces is the isolation of data between the different applications that use it. The data is held in a single database instance, but applications can use different databases (such as Redis or CouchDB) to store their data in a different system. Key Spaces is a highly available database service, which means that if there is a failure in the primary database, other key spaces can continue to operate with minimal impact to the application. |
| Graph | Recommender Engines | Neptune | Neptune uses a hybrid database model that stores data in the form of graphs and allows users to query data in a variety of ways, such as by using a SQL-like query language. Users can choose how their data is stored, and how it is accessed, by using Neptune’s Storage & Access Management (SAM) tool. Neptune is available in a private and open-source version, as well as a closed-source version. The open-source version is licensed under the Apache 2.0 licence, and the closed-source version is licensed under the GPL licence. |
| Time series | IoT devices and applications | Timestream | With Timestream, you can record, manage, and analyse billions of events per day in a fast, simple, and serverless manner. |
| Ledger | Transaction Management | Quantum Ledger Database (QLDB) | A QLDB is a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority. It provides a transparent, incorrupt, and cryptologuement verified record. |
4. Developer Tools
| Service | Description |
|---|---|
| Cloud9 | Cloud9 is a cloud-based IDE that allows developers to write, run, and debug code. |
| CodeArtifact | CodeArtifact is a secure storage, publishing, and sharing of software code packages used in a development process organisation's software development. CodeArtifact makes it easy for small organisations to store, publish, and share software packages. |
| CodeBuild | CodeBuild is a code creation service that also produces code artefacts upon request. |
| CodeGuru | CodeGuru is a machine learning tool that recommends improved code quality and safe code by analysing the frequency of certain lines of code. |
| Cloud Development Kit | AWS CDK is an open source software development framework that defines cloud application resources using familiar programming languages. |
| CodeCommit | CodeCommit is a Git repository service that supports storing and managing Git archives on the Amazon Web Services cloud with CodeCommit. |
| CodeDeploy | CodeDeploy, a professionally managed deployment service, automates software installations on a variety of EC2, Fargate, Lambda, and on-premises servers. |
| CodePipeline | CodePipeline is a high-quality, automated release pipeline that helps automate app and infra update release pipelines. |
| CodeStar | With AWS CodeStar, you can create, manage, and scale automated code reviews with a single click. You can also monitor the performance and scalability of your code review process with the built-in metrics dashboard. |
| CLI | AWS CLI is a command tool that helps you manage multiple AWS services and automate them using scripts. It offers a simple yet powerful interface for managing multiple AWS services and a set of built-in commands that enables you to easily create and delete EC2 instances, cancel auto-scaling, and more. |
| X-Ray | X-Ray allows software engineers to view the state of a system at a glance, identify potential bottlenecks, and make informed operational decisions to improve performance and reliability. X-Ray inspects application code using a combination of machine and customer-provided data to identify potential bottlenecks and analyse performance and performance trends for each test scenario. |
5. Network and Content Delivery
| Use Case | Service | Description |
|---|---|---|
| Build a cloud network | VPC | VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. |
| Transit Gateway | Transit Gateway simplifies network and peering relationships by connecting VPCs & on-premises networks through a central hub. | |
| PrivateLink | PrivateLink is a great way to securely connect your on-premises workloads with the cloud, while still maintaining full control over who can access your data and application. You can use PrivateLink to securely connect your on-premises data center to your AWS data lake, while providing the full tenant control and regulatory compliance of an on-premises data center. | |
| Route 53 | Route 53 is a dedicated, real-time DNS service that allows you to focus on building an incredible Internet experience for your customers, partners, and vendors. It is a highly available, enterprise grade cloud DNS solution that provides load balancing, failover, high availability and performance monitoring to ensure optimal service for your customers and partners. | |
| Scale your network design | Elastic Load Balancing | Elastic Load Balancing is a best practice to assign incoming traffic to a single target, such as an EC2 Instance, and then distribute the rest of the traffic across the target's resources. An elastic load balancer distributes traffic across an arbitrary number of targets. |
| Global Accelerator | Global Accelerator connects Amazon's global infrastructure to the global traffic-generation network of Global Accelerator, improving internet performance by up to 60%. | |
| Secure your network traffic | Shield | Shield inspects the source and destination IP addresses of every request to a protected resource, and blocks malicious requests from either IP address if it suspects them to be from the same source. This helps to prevent DoS attacks, and also safeguards your sensitive data from being leaked on a public website by refusing to provide a response to requests from maliciously IPed websites. |
| WAF | WAF is a web application firewall that protects your API endpoints by blocking malicious requests and whitelisting trusted requests. It can be run as a service on your favourite cloud hosting provider or as a task on your favourite work-from-home platform. | |
| Firewall Manager | Firewall Manager provides centralised control, auditing, and visibility over your AWS security policies and rules. It can be used to monitor, limit the usage of specific services for security purposes, or to enforce specific policies on specific traffic. | |
| Build a hybrid IT network | (VPN) - Client | VPNs protect your privacy online, and also provide a secure way to access network resources when needed. For example, your corporate VPN provides a secure connection to the company intranet when needed, but doesn’t typically expose your online activity to the public internet.. AWS provides a rich set of tools for building and managing VPNs, and it’s easy to get started with the AWS VPN Service. |
| (VPN) - Site to Site | Site-to-Site VPN makes a secure connection between a data centre or branch office and AWS cloud resources. | |
| Direct Connect | Direct Connect allows you to set up and manage a secure, private, and fault-tolerant network connection between your AWS and on-premises devices. | |
| Content delivery networks | CloudFront | CloudFront is a distributed content delivery network (CDN) that enables easy delivery of web content to end users from a pool of web servers around the globe |
| Build a network for microservices architectures | App Mesh | AWS microservice-based App Mesh makes it possible to guide and control App Mesh-based microservices on AWS. |
| API Gateway | API Gateway provides the opportunity to create and expand your own REST and WebSocket APIs at any size. | |
| Cloud Map | The cloud map handles the name and addresses of the clouds. |
6. Security, Identity, & Compliance
| Category | Service | Description |
|---|---|---|
| Identity & access management | Identity & Access Management (IAM) | IAM provides secure and controlled access to AWS services. |
| Single Sign-On | SSO simplifies, manages, and provides access to AWS accounts & business applications. | |
| Cognito | Cognito helps in storing user sign-up data in the same database as your other web & mobile app data and manage user access controls such as read permissions, roles, and identity management | |
| Directory Service | AWS Managed Microsoft Active Directory (MMAD) enables you to use Active Directory across your entire enterprise with an emphasis on security and regulatory compliance. | |
| Resource Access Manager | Resource Access Manager (RAM)allows you to assign access control rules to resources so that only authorised users can access them. You can also set rules to assign specific users access to resources based on topic, role, or condition. | |
| Organisations | As your environment grows and scales, organisations help you centrally manage your environment. | |
| Detection | Security Hub | AWS IoT Security Hub can help you improve your security posture by monitoring the state of your applications and devices, and alerting you to any potential issues. You can view the state of your applications and devices, as well as receive notifications on potential issues, via a dashboard. |
| GuardDuty | GuardDuty reduces the risk of malicious activity and data breaches by proactively monitoring the AWS accounts, workloads, and storage in the cloud. AWS GuardDuty continuously watches for malicious activity, like unusual activity in the source IP address list, or abnormal activity in the number of notification emails received. It can also be used to proactively detect unauthorised behaviour, like a large influx of traffic to a particular AWS account or a significant increase in the number of notifications about an unauthorised change in access controls. | |
| Inspector | It scans your AWS environment for potential security vulnerabilities, and offers remediation suggestions. It includes detailed analysis, including vulnerability severity, impact, and recommended action. You can use the online survey at the start of the report to rate the severity of the vulnerability. Inspectors can be used for every type of AWS service, but our researchers found that most of them are useful for VPCs and EC2 instances. Once an Inspector has been launched, you can get the details about the vulnerability, including the details about the root cause such as the AWS SDKs, the processes that were vulnerable and the actions that were taken. | |
| Config | It is a free service that allows you to monitor, bill for, and adjust the settings of Amazon Web Services (AWS) resources from the comfort of your own desk. The service works by detecting and recording metadata about every action that a resource takes, like creation, modification, or removal. This information is then analysed to determine the impact that each action has on other resources. You can use this monitoring data to: Assess the health of your AWS resources and identify areas for rapid development and transformation. | |
| CloudTrail | It records all the actions that a given AWS account has been taken in a given period of time. It provides a historical record of the actions taken by a given AWS account in a given period of time, allowing you to view which accounts have been accessing your resources, who has been accessing your resources, and for how long. You can also generate detailed spending reports for your account and see which spenders are making the biggest impacts on your bottom line. You can view a detailed report of all your actions taken within a given time period or drill down into the data to view actions taken by an account within a specific period of time. | |
| IoT Device Defender | It monitors and secures connected devices from a security standpoint. It proactively blocks malicious or unsafe apps from being installed on connected devices, and controls the data that is being transmitted between the device and the cloud. It tracks the usage of connected devices, and ensures that data privacy is protected. | |
| Infrastructure protection | Shield | Apps protected with Shield are continuously monitored for unusual traffic patterns, such as high-latency or unusual traffic patterns. When an abnormal pattern is detected, Shield automatically detects the attack, identifies the origin of the traffic, and identifies the threat vector. It then applies a variety of mitigations to prevent or reduce the impact of the attack. |
| Web Application Firewall (WAF) | WAF provides a set of rules that can be configured to block or allow requests based on their set of rules. Rules can be configured as either Whitelists or Blacklists. Whitelists allow for greater control and transparency while Blacklists are limited in their ability to adapt to changes in threat patterns. An API can be made subject to WAF rules through an API Management Gateway (AGW) or an Application Firewall (AFW) can be implemented within the hosting provider's infrastructure. | |
| Firewall Manager | It provides a single point of access to view, manage, and control the whole AWS WAF lifecycle from the user's perspective. It provides an overview of the current state of the WAF, as well as a list of maintenance steps the user can take to adjust the configuration or launch a fresh audit. Once the user has accepted the terms and conditions, the plugin will create a new instance of Firewall Manager on the user's behalf. This instance includes all the necessary AWS services to enable the WAF and provide a secure environment. | |
| Data protection | Macie | It is a one-stop-shop for your data protection needs. Macie monitors data at rest and in process, as well as in motion, across your organisation’s networks, devices and apps. It continuously scans the data it receives for patterns that indicate the presence of malicious or objectionable content, and notifies the user when it detects such content. Macie also provides you with a host of other data protection services, like data encryption, data integrity, data profiling, data governance, data auditing, data erasure, data shredding, data melting, data harvest, data collation, data transformation, and data rental. |
| Key Management Service (KMS) | Key management on AWS is a broad range of activities from creating & storing public & private keys to creating, managing, and authorising access to AWS services with digital keys. This guide explains the key management solution on AWS that is easiest to use, most secure, and provides the most flexibility for you to create and manage your keys the way you need them. | |
| CloudHSM | This is particularly useful for mobile devices and other unsecured, remote-accessed devices. CloudHSM is a blockchain-based smart contract that secures and manages your data, identity, and access control. It comes with a host of features including a one-click setup, cloud storage, SaaS solution, and a mobile app. | |
| Certificate Manager | Certificate Manager provides a single, easy-to-use interface for managing and deploying TLS/SSL certificates. Manage certificates with a single click from the dashboard or from the command line with certificate manager-cli . Automate certificate renewals with the built-in cron jobs. You can also manage certificates through the API or the command line interface. Certificate Manager can be deployed as a cloud-based service or on-premises with a virtual machine. Once up and running, you can manage and deploy certificates through the web interface or the API. | |
| Secrets Manager | Secrets Manager allows you to securely store, access, & share secrets with a single-click. It is a flexible tool that allows you to set permissions for storing and accessing secrets. It can be used to store and share secrets between your services, between your apps, or between your backend & frontend code. | |
| Incident response | Detective | Detectives can easily look at, investigate, and quickly identify potential security problems or suspicious activities. |
| CloudEndure Disaster Recovery | It can be used to protect your data from power outages, network outages, or any other disaster. It can also be used for disaster recovery for your business data centers. Disaster recovery can also be used to restore a server to its previous state to avoid the loss of data in the event of a server crash or other external causes. In order to be used for disaster recovery, a server must be provisioned with the appropriate hardware and software, and must be properly configured for disaster recovery. | |
| Compliance | Artifact | You can use the Artifact web service to view and download AWS security and compliance records. The service returns an XML response that includes information about the record such as the AWS access and identity credentials that was used to create the record, the version of the record, the AWS Security Token used to access the record, the AWS Security Group used to protect the record and other metadata. |
7. Migration & Transfer services
| Service | Description |
|---|---|
| Migration Evaluator | To start using AWS, you need to first build a case for why the service is useful to your organisation. An easy way to do that is to build a Migration Evaluator, which is a detailed analysis of your current infrastructure and recommendations for how to best move forward. |
| Migration Hub | The migration hub tracks each app's effort to migrate to a new solution, such as a new solution release or a new partner. The migration hub not only tracks the app’s progress toward its goal, but records each action taken to get the app to the new solution, such as uploading a new solution package. Migration Hub includes an easy-to-use dashboard for monitoring the progress of each app’s migrations. Once you’ve set up the dashboard, you can view the status of each migration and any action taken to get the app to the new solution. You can also view a list of all partners the app is connected to and view the progress of each partner’s migration. |
| Application Discovery Service | The service makes it easier for enterprises to collect data, analyse it, and create insight with real-time dashboarding that visualises data-driven decisions. By using AI and machine learning to predict user behaviour, businesses can save time and money by eliminating unplanned outages and rework caused by changes to app or IT servers. |
| Server Migration Service (SMS) | With SMS, you can move millions of pieces of business data across clouds, without needing to learn new technologies or hiring new staff. SMS works by relocating your apps from your on-premises data centre to the cloud, then tunnelling back between clouds as needed. SMS makes it easier to scale since there’s no need to add new hardware or change software. |
| Database Migration Service (DMS) | A DMS solution provides a set of tools that allows a data manager to: create an account, select aAWS region, create a service account, and create aAWS Identity & Access Management (IAM) role. Once a DMS solution is selected, the data manager can create an account and assign a role to the DMS solution. The data manager can then create a database, select aAWS region, and select aAWS Availability Zone (AZ). The data manager should select a unique name for the database, such as my_cool_app. This name is used throughout the AWS ecosystem and will be visible to other AWS users. The data manager can then create tables in the database and assign permissions to objects in the tables. The data manager can then enable the migration of data to the new database, by selecting the migration option. This allows other AWS users to view the new database and migrate data to the new database. |
| CloudEndure Migration | Cloud Endure Migration simplifies the task of deploying new software in the cloud by removing the need to transfer data from one location to another. With Cloud Endure Migration, you can: - Simplify the inventory process by tagging and tracking your assets with custom metadata. - Reduce the cost of relocation by streamlining the transfer of data with a minimum of effort. |
| VMware Cloud on AWS | Refer to the compute section. It has already been explained there. |
| DataSync | Refer to the storage section. It has already been explained there. |
| Transfer Family | Refer to the storage section. It has already been explained there. |
| Snow Family | Refer to the storage section. It has already been explained there. |
8. Cost Management
| Use Cases | Capabilities | Description |
|---|---|---|
| Organize | Construct cost allocation & governance foundation with your own tagging strategy | Cost Categories helps you to segment your AWS platform and process usage data to better understand costs and develop cost-effective infrastructure and operations. |
| Report | Provide users with information about their cloud costs by providing detailed allocable cost data | You can use this report to get a quick and detailed view of the AWS ecosystem and its infrastructure. You can also use this report to get a deeper understanding of AWS services and their cost & usage. You can use this data to help you make informed decisions about which AWS services to use and which to ignore. You can also use the data to make customized reports. This data is publicly available and made freely available by the AWS Repo. The AWS Repo is the primary source of this data, and the data is updated frequently. |
| Access | In a unified view, track billing information is tracked across the organisation. | The amount of credits an account pays to a service provider in order to cover its costs is known as its billing obligation. |
| Control | Set up effective governance mechanisms with the right guardrails in place | A central authority is established and managed to govern an AWS environment as it grows and scales workloads on the platform. |
| Forecast | Create estimated resource usage and forecast dashboards | You can create a forecast for the next 90 days, one month, two months, or even for the lifetime of your account. The forecast will show how much data you will need to store, how much you will use each month, and how much you will spend on AWS during the forecast month. You can view a history of your forecasts or create a new one. You can also get a breakdown of your costs and usage by region, country, or by describing your business needs in more detail. You can create a forecast for any length of time, but a short one will give you the most up-to-date information and save you the time of creating a new forecast each month. |
| Budget | Set custom budget threshold, auto alert notification on spend higher than threshold, and keep track of keep spend in check with a custom budget threshold. | Budgets can be set to track cost and usage in any manner from the simplest to the most challenging applications. |
| Purchase | Use free trials and programmatic discounts based on workload pattern and need to leverage free trials and programmatic discounts. | A reserved instance provides up to 75% off on-demand pricing |
| Elasticity | Devise plans to meet or exceed consumer demand by understanding and responding to its patterns and needs. | When you're setting up a new AWS account and want to start experimenting with Amazon's platform, you can trust that the experience provided by this website will help you get the most out of your experience. This includes getting the best domain name, choosing the right location for your testing site, and choosing a secure hosting solution. By following these tips, you can feel confident that your experience with the AWS platform is as smooth as possible. |
| Rightsize | Prioritize workload allocation size to meet demand. | AWS offers a variety of options for optimizing your compute resources - from on-premises equipment to cloud solutions - to help you get the best possible performance from your infrastructure. For example, you can use virtual machines with vMotion capability to transfer your workloads between data centers more efficiently. You can also use cloud metering to collect and report performance metrics on your use of compute resources. |
| Inspect | To keep up-to-date on resource deployment and cost offsetting opportunities | Cost Explorer helps you understand your current and future cost structure by automatically detecting and outlining your current & future spend on cloud services such as Amazon Web Services and more. You can also create a detailed report that breaks down your spending by month, by asset, or by location — making it easy to understand and visualizing your cloud costs. |
9. SKDs and Toolkits
| Service | Description |
|---|---|
| CDK | It was designed to solve the common problem of building mobile apps with a low level of abstraction. This reduces the need to manually code up elaborate logic and keeps the focus on developing apps using high-level language features. Familiarity with the syntax of your favorite language increases the ease of use of your app, as well as its chances of adoption by users. The more familiar your audience with your app, the more likely they are to install it. |
| Corretto | It is a free and open source software distribution, which can be used for both desktop and mobile apps. The goal of the project is to make it as compact and lightweight as possible, while at the same time striking a balance between speed and power. The project is led by SBase, an open source Java project, and collaborates with the other major OpenJDK project members |
| Crypto Tools | The AWS Crypto Tools libraries help you do your research andSolidity, Serpent, or Vyper are examples of popular JavaScript cryptographics libraries. The AWS Crypto Tools libraries are based on the open source Shepherds project. Shepherds is a widely-used and well-regarded implementation of the Diffie-Helman key-exchange algorithm in the Go programming language. |
| Serverless Application Model (SAM) | You can use SAM to create serverless apps that work with data from within your current application code. You can also use SAM to write serverless code that can be used in other applications. It can be used to create serverless applications that work with data from within your current application code. It can also be used to create serverless code that can be used in other applications. |
10. Data Lakes & Analytics
| Category | Service | Description |
|---|---|---|
| Analytics | Athena | Athena is a free service with no ads or hidden charges. You can use this service to analyze your data in real-time or query past data with a predefined set of rules. You can also run reports and drill-downs that let you explore data in more detail. When using Athena, don’t limit yourself to looking at the numbers. Think about what you’re analyzing and find a way to make sense of the data. |
| EMR | EMR is a data management engine that helps enterprises collect and analyze data from their data warehouses and other sources. It provides a common platform for data collection and analysis, and can be used to create real-time and historical reports. The term EMR is also used to refer to any software or platform that provides a similar set of benefits. | |
| Redshift | It helps you store, process, and analyze your data with a data warehouse. It stores data in a relational database, and provides a set of tools for manipulating data and creating reports. | |
| Kinesis | Kinesis makes it easy to collect data using any of the following options: web sites, email, text messages, sensors, or even in-app purchase data. One can then process the collected data with tools such as SQL or NoSQL, integrate the data with tools such as artificial intelligence, and display the data in a variety of ways. Kinesis also makes it easy to analyze the data with tools such as artificial intelligence, machine learning, and blockchain technology. By providing the ability to process and analyze data in real-time, Kinesis allows businesses to react to changing situations and market trends faster than before. | |
| Elasticsearch Service | Elasticsearch Service is simple to set up, deploy, and operate at large scale. Elasticsearch Service is a managed service that makes it simple to operate, secure, and maintain Elasticsearch at a high level of efficiency. | |
| Quicksight | QuickSight makes it simple to send information to everyone in your company by utilizing the cloud-based business intelligence service QuickSight. | |
| Data movement | 1) Amazon Managed Streaming for Apache Kafka (MSK) 2) Kinesis Data Streams 3) Kinesis Data Firehose 4) Kinesis Data Analytics 5) Kinesis Video Streams 6) Glue | MSK is a simple framework that makes it simple to build and run Apache Kafka applications. |
| Data lake | 1) S3 2) Lake Formation | Setting up a data lake is simple with Lake Formation. It makes it straightforward to create a secure data lake in minutes. A data lake is a centralized, curated, and secured repository for all data, both in its original form and prepped for analysis. |
1) S3 Glacier 2) Backup | These S3 cloud storage classes are designed for small- and medium-sized businesses that need a cost-effective and high-performance cloud storage solution for their data archives & long-term backup purposes. These S3 cloud storage classes are designed for small- and medium-sized businesses that need a cost-effective and high-performance cloud storage solution for their data archives & long-term backup purposes. | |
1) Glue 2) Lake Formation | Refer as above. | |
| Data Exchange | Data Exchange is a cloud-based software that provides a simple and easy-to-use interface for handling data interactions with a view to increasing your data’s scalability and optimizing your business. It allows you to: - Find, list, search, and subscribe to data - Store data in the cloud - Query data - Process data - Export data Data Exchange is a cloud-based software that provides a simple and easy-to-use interface for handling data interactions with a view to increasing your data’s scalability and optimizing your business. It allows you to: Find, list, search, and subscribe to data Store data in the cloud Query data Process data Export data | |
| Predictive analytics & machine learning | Deep Learning AMIs | Deep learning is a machine learning field of study that applies artificial intelligence and iterative learning algorithms to large data sets to generate new knowledge. AI and ML are being used in a variety of industries, including finance, retail, and manufacturing, to name a few. By using AMI’s, AI researchers can train their models on any of the many Cloud Storage resources, provided they have access to the right storage format. |
| SageMaker | SageMaker automates all the necessary steps to build, test, deploy, and scale your models including: model selection, preprocessing, meta-learning, visualization, and inference. SageMaker provides a full end-to-end solution for data analysis, data preparation, model training, and real-time visualizations of your data. |
11. Containers
| Use Cases | Service | Description |
|---|---|---|
| Store, encrypt, and manage container images | ECR | Refer to the compute section. It has already been explained there. |
| Run containerized applications or build microservices | ECS | Refer to the compute section. It has already been explained there. |
| Manage containers with Kubernetes | EKS | Refer to the compute section. It has already been explained there. |
| Run containers without managing servers | Fargate | The Fargate stack consists of a number of components which work together to create a highly available, low-cost, and secure business-grade application. It is designed to work with both ECS & EKS. We will cover the different components of the Fargate stack and the best practices to maintain a successful Fargate stack. |
| Run containers with server-level control | EC2 | Refer to the compute section. It has already been explained there. |
| Containerize and migrate existing applications | App2Container | A2C helps you to: - Minimise the risk of security flaws by generating a self-signed certificate for every application. - Minimise the cost of installing customised java and .NET applications by generating the same unique code signing key for every application that is installed. - Automate application upgrades by generating the same code signing key for every application that is installed. - Generate a single update for all your apps to download and install. - Reduce the overall cost of maintaining your apps by using the same code signing key for every app. |
| Quickly launch and manage containerized applications | Copilot | It helps you manage your application’s life cycle from development to deployment, and enables you to make smarter and faster decisions during the application life-cycle. The interface is based on a set of common operations such as creating, deploying, and managing application containers, creating and terminating IAM permissions, and creating and listing clusters. It also provides support for common use cases such as batch processing, AI and ML, and secure data storage. This dashboard provides information about your clusters and applications, such as memory usage, CPU usage, and how long each application took to provision. The info helps you identify bottlenecks, optimise application performance, and create high-performing clusters. |
12. Serverless
| Category | Service | Description |
|---|---|---|
| Compute | Lambda | Lambda is a cloud-based service that functions as a sort of middleman. Data flows through the middleman and is processed at a data centre of your choice. The code running on the server is only responsible for processing request data, not generating it. This code is called the “backend” and is what most people think of when they think of “serverless.” It’s not a “server” at all. The code running on the serverless platform is purely “blackbox” in that it does not know what data it receives and it does not manage or store any of the data it receives or emit any data of its own. The backend code receives requests from clients and processes them accordingly. |
| Lambda@Edge | Amazon CloudFront provides Lambda@Edge, which allows you to run code closer to users of your application, which improves performance and reduces latency. | |
| Fargate | Refer to the containers section. It has already been explained there. | |
| Storage | S3 | Refer to the storage section. It has already been explained there. |
| EFS | Refer to the storage section. It has already been explained there. | |
| Data stores | DynamoDB | DynamoDB is a NoSQL database that is designed to work with JavaScript. It is a highly scalable database that can be used to store huge amounts of data and still be fast. As more data is added to the database, the performance of the database also increases. In order to use this database, you must first create a database account and sign up for a free trial. |
| Aurora Serverless | Aurora Serverless is a serverless computing platform that eliminates the need for manually managing infrastructure and automates critical steps of a serverless infrastructure implementation, such as creating a configuration blueprint and selecting a provider. It helps you scale your software without scaling infrastructure. You can use Serverless to create an entire development and test environment, or you can use it to create a production-level application with the same codebase and same data, with the same engineers, testing in the same environment, and deployments across the same clusters. | |
| RDS Proxy | The RDS Proxy can be used to: Manage a single database across multiple clusters Reduce costs by reducing the number of nodes in your RDS infrastructure Enable high availability of your RDS clusters Enable self managed storage for your RDS clusters Speed up your application deployments | |
| API Proxy | API Gateway | API Gateway works with any language or platforms that can communicate with the Google Cloud Platform. It can be used to create APIs both for internal and external clients, as well as absorb & route traffic if desired. It is a perfect fit for growing businesses or teams that need to build and manage an API programmatically. |
| Application integration | SNS | SNS facilitates the exchange of data between apps and devices using standardized APIs. You can create SNS topics and send and receive messages using SNS clients and servers. SNS provides security and control over messages that are not tagged with certain topics or sent from certain clients. With SNS, you can: Send and receive messages with a simple interface Control which devices can send messages, who can read them, etc. Access and view messages and conversations from different clients & devices at the same time. |
| SQS | With SQS, you can send messages between applications and services, route them to the right recipient, and keep track of the source & target addresses. It’s similar to Slack or Hipchat but it’s not a replacement for those popular chatting apps. SQS is a message queuing solution that enables you to decouple microservices, distributed systems, & serverless applications. | |
| AppSync | It's simple to create GraphQL APIs with AppSync, which handles the hard work of securely connecting to data sources such as AWS DynamoDB, Lambda. | |
| EventBridge | It is a low-cost alternative to building a new backend infrastructure for every new app. With Serverless EventBridge, you can connect your existing apps with a few lines of code. You don’t have to build a new backend for every new app you want to connect to. You can use existing infrastructure as a provider of event data, and connect your apps using Serverless EventBridge. | |
| Orchestration | Step Functions | Step Functions is an easy-to-use function orchestra that makes it possible to string Lambda functions and multiple AWS services into business-critical applications. |
| Analytics | Kinesis | Kinesis enables one to get timely insights by collecting, processing, and analyzing real-time, streaming data. |
| Athena | Athena provides a high-level language that allows users to quickly and easily set up and operate their S3 data analysis. With Athena, you can view data in Amazon S3 using standard SQL queries. This allows you to save time by not having to learn a new data analytics software. |
13. Application Integration
| Category | Service | Integration |
|---|---|---|
| Messaging | SNS | Reliable high- throughput pub/sub, SMS, email, and mobile push notifications |
| SQS | Application companies may use a message queue that send, store, and receive messages between application parts at any volume to send, store, and retrieve messages between application parts. | |
| MQ | The broker that allows for easy and hybrid architectures in Apache ActiveMQ is what makes migrating easy and hybrid architectures possible. | |
| Workflows | Step Functions | Serverless workflows let you create and update apps from code without handling requests from clients. When you’re working with serverless, you can create one serverless process that handles requests from your clients and another that updates the app logic. Serverless workflows are a great way to keep your code simple while still letting you respond to requests from clients. You can use serverless to build your apps without worrying about scalability, performance, or security. |
| API management | API Gateway | Build a secure API that allows users to manipulate, manipulate, & combine data from one or more data sources. |
| AppSync | Create a flexible API to securely access, manipulate, & combine data from one or more data sources | |
| Event bus | EventBridge | Connect application data from your own apps, SaaS, & AWS services through an event-driven architecture. |
| AppFlow | Easy to implement, seamless data flow between SaaS applications and AWS services at any scale, without code. |
14. Management and Governance
| Category | Service | Description |
|---|---|---|
| Enable | Control Tower | The simplest method to set up and govern a new, secure Multi-account AWS environment |
| Organizations | As your AWS workloads grow and scale, organizations can assist in centrally governing the environment by helping to centralise governing operations. | |
| Well-Architected Tool | Well-architected means that the resources and data are properly separated and accessed sequentially, with low latency between requests. You can use the well-architected tool to help determine if your workloads are well-architected and to monitor their performance and scalability. When you have well-architected apps, you can focus on building great experiences, not infrastructure. | |
| Budgets | To track costs and usage in specific applications, budgets allow for precise control. | |
| License Manager | License Manager makes it easier to manage software licenses from software vendors such as Microsoft, SAP, Oracle, & IBM across AWS & on-premises environments. | |
| Provision | CloudFormation | CloudFormation enables the user to design & provision AWS infrastructure deployments predictably & repeatedly. |
| Service Catalog | A service catalog provides a common interface for managing the lifecycle of AWS services and for securely provisioning, migrating to the latest version, deleting, and upgrading services. Service catalogs allow you to manage your AWS resources like a cloud Drujo - and maintain compliance with regulatory specifications. | |
| OpsWorks | Creating and maintaining stacks and applications with OpsWorks is simple and flexible. | |
| Marketplace | In addition to thousands of independent software listings that can be found, tested, purchased, and deployed on AWS, Marketplace is a digital catalog with software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. | |
| Operate | CloudWatch | CloudWatch can provide a dependable, scalable, & flexible monitoring solution that is simple to set up. |
| CloudTrail | It enables governance, compliance, operational auditing, & risk auditing of AWS accounts. | |
| Systems Manager | it helps you manage your applications and infrastructure running in AWS | |
| Cost & usage report | Refer to the cost management section. It has already been explained there. | |
| Cost explorer | Refer to the cost management section. It has already been explained there. | |
| Managed Services | It helps in Operating the AWS infrastructure on our behalf. |
Conclusion
The AWS Well-Architected Framework provides a set of standards that helps you build a scalable, secure, and efficient cloud infrastructure. The AWS Well-Architected Framework consists of best practices for the architecture of the cloud systems and processes. It does not limit itself to creating a structure for a set of functions and resources. It is also a process that you can iterate. AWS provides a set of tools for the analysis, planning, and building of cloud systems. We’ve provided the Cheat Sheet for AWS. Now, it’s time for you to head out and try what we’ve covered here and more.
AWS MCQ Questions
1.
What is the full form of AWS
2.
In which of the following cloud-computing categories does AWS fall into?
3.
What is Authentication in AWS?
4.
Amazon s3 is an example of ________.
5.
Which of the following is not an AWS cloud platform service?
6.
EC2 stands for?
7.
Which of the following is a web service that manages the memory cache in the cloud?
8.
Which of the following is not an IAM best practice?
0 Comments