Unlocking the Potential of AWS: A Comprehensive Guide to Essential Cloud Services

Exploring AWS, it's essential to familiarize yourself with these handy services that simplify the tech world, particularly from a certification point of view for AWS Cloud Practitioner.

Analytics :

AWS Global Services :- IAM, CloudFront, Route53, WAF.

AWS Region Scoped Service :- EC2, Elastic Beanstalk, Lambda, Rekognition.

by default encryption enabled :- S3 Glacier, CloudTrail Logs, KMS.

Athena :- running SQL queries on data in S3

Kinesis :- real time streaming data.

QuickSight :- machine learning power BI service.

Compute and Serverless :

Batch :- automate operations, developers & programmers, run 1000s of batch jobs.

EC2 :- IaaS, resizable compute capacity, per-second billing.

Lambda :- app facing component, example- thumbnail creation, serverless.

Elastic Beanstalk & RDS :- PaaS, just upload code it handles everything.

Lightsail :- platform to build an apps or website, one-click-to-launch OS etc.

WorkSpaces :- Managed Desktop As Service-DaaS, Win/Linux desktops.

Containers :

Elastic Container Service (ECS) :- highly scalable, fast, container management service, makes it easy to run, stop & manage Docker containers on a cluster.

ECR :- registry, docker images.

Elastic Kubernetes Service(EKS) :- runs on AWS & on-premise, manage apps, auto deploy, scales.

Fargate :- serverless compute for containers.

Amazon Serverless Services :- Lambda, S3, DynamoDB, SNS, Step Functions, Kinesis, Glue, EFS.

Amazon Elastic Compute Cloud (Amazon EC2) :

Create Virtual Machines :- Amazon EC2 provides virtual machines known as EC2 instances in the AWS cloud.

OS Control :- You have complete control over the operating system (OS) of each instance. Choose between Microsoft Windows or Linux.

Global Availability :- Launch instances of any size in different parts of the world, known as Availability Zones. This allows flexibility in placing resources closer to users or in specific regions.

Launch from Images :- Instances can be launched from Amazon Machine Images (AMIs), which are pre-configured templates including necessary software and settings.

Easy Launch :- Start instances with simplicity. Use a few clicks in the AWS Management Console or execute a line of code. Instances become operational within minutes.

Traffic Control :- You can manage incoming and outgoing traffic to and from your instances. This control is vital for securing and optimizing application performance.

Storage :

Backup :- on demand, point-in-time recovery, cross origin and account backups.

Elastic Block Store (EBS) :- high-performance storage service for both throughput & transaction-intensive workloads at any scale, network drive, 1 instance at a time, specific to one AZ.

Elastic File System(EFS) :-simple, serverless, set & forget, elastic file system, any provision throughput.

S3 :- obj storage service offers industry - leading scalability, data availability, security & performance.

S3 Glacier :- secure, durable, and extremely low-cost, data archiving & long-term backup, retrieval time (first byte latency) of minutes or a few hours.

S3 Transfer Acceleration :- transferring files to edge locations for speed

Snowball Edge :- storage - 80TB, compute - 42TB,

Snowball Cone :- portable, small device - 8TB

Snowball Mobile :- 1EB- better than 10PB, truck, GPS, 24/7 video surveillance, security, temp ctrl.

Storage Gateway :- hybrid storage between on-premise and AWS, automatic data encryption.

Database :

Amazon Aurora :- It is a proprietary, paid database service offered by AWS, compatible with MySQL and PostgreSQL. It features automatic scaling capabilities, allowing storage to grow from 10GB up to 64TB as needed.

DynamoDB :- It offers key-value and document database capabilities, delivering single-digit millisecond latency, built-in security, and automated backup and restore functionalities.

DynamoDB Global Table :- It enables active-active replication for read-write operations across multiple AWS regions.

ElastiCache :- It caches data from in-memory databases.

DocumentDB :- is a fully managed NoSQL database service provided by Amazon Web Services (AWS), compatible with MongoDB.

RDS :- It is a relational database service requiring a well-defined schema.

QLDB (Amazon Quantum Ledger Database) :- is a ledger database service tailored for managing financial transactions.

Redshift :- It is a cloud-based data warehousing service by AWS used for analyzing data using SQL and Business Intelligence (BI) tools, catering to Online Transaction Processing (OLTP) and Online Analytical Processing (OLAP) workloads.

Glue :- It is a serverless Extract, Transform, and Load (ETL) service provided by AWS, designed for data analytics and enabling users to prepare and transform data for analysis without managing infrastructure.

Neptune :- It is a highly available graph database service provided by AWS, optimized for storing and querying highly connected data, making it suitable for social network applications and other use cases involving complex relationships.

Managed Blockchain :- It is a service provided by AWS for creating and managing scalable blockchain networks using popular frameworks like Ethereum and Hyperledger Fabric, enabling decentralized applications and solutions.

EMR or Amazon Elastic MapReduce :- It is a cloud-based big data processing service provided by AWS, utilizing the Hadoop framework for distributed processing and analysis of large datasets.

Developer Tools :

CodeBuild :- code build serverless, high scalable and available,secure.

CodeCommit :- secure Git-based repositories and source control system.

CodeDeploy :- automates code deploy on any instances, EC2, on-premises.

CodePipeline :- continuous delivery with model,visualize,automate steps, CICD.

CodeStar :- unified UI, in one place.

Cloud9 :- online code editor, IDE.

OpsWorks :- chef and puppet.

CodeArtifact :- code dependencies, Maven, Gradle, npm, yarn, twine, pip and NuGet.

Personal Health Dashboard :-provides alerts, remediation guidance, events, proactive notification.

Service Health Dashboard :- shows all region, all services health, info each day, e.g. RSS feeds.

Customer Engagement :

Rekognition :- add image and video analysis to app, SaaS.

Comprehend :- identity text, phrase, speech etc. NLP (Natural Language Processing).

Transcribe :- ASR automatic speech reg. Speech-to-text (Automatic Speech Recognition).

Polly :- ASR automatic text-to-speech.

Translate :- language translate, localization.

Connect :- chatbots, call centers.

Lex :- Alexa service, speech record.

Kendra :- document search service, extract info from html,pdf,word,FAQs etc.

Forecast :- ML forecast, financial/resource, discounts planning, forecasting model.

SageMaker :- service for developers or data scientist to build ML model.

Personalized :- ML service for building real-time personalized recommendations.

Textrack :- extract text, handwriting data from scanned docs by AI and ML.

Management, Monitoring, and Governance :

Auto Scaling :- groups monitor, handle app load automatically of EC2 instances.

Budgets :- set custom budgets for forecasted to usage exceed.

CloudFormation :- model & provision by prog lang or a simple txt file.

CloudTrail :- governance, compliance, operational auditing, risk auditing, log, continuously monitor, retain account related to actions of infrastructure.

CloudTrail Logs :- by default encryption enabled.

X-Ray :- developers to visual analysis, troubleshoot of your app.

CloudWatch :- monitoring & observe, insights to monitor apps, heath checks.

CloudWatch -> CWAlarm:- trigger alarms.

CWLogs :- for logs

CodeGuru :- automatic code review.

AMI :- Amazon Machine Image- info to launch EC2’s.

Config :- assess, audit, evaluate, continuously compliance monitors the configs, records, stores configs.

AWS Estimating Cost :

Pricing calculator :- estimating cost in cloud.

Total Cost of Ownership (TCO) Calculator :- calculate cost of running app.

AWS Tracking Cost :

Billing Dashboard :- billing dashboard/month usage.

Cost Allocation Tags :- detail level cost report by tags Cost and Usage Report- set of cost, usage data for publish billing reports.

Cost Explorer :- visualize-graphs, charts, understand and manage your cost and usage overtime, forecast usage up to 12 month from your usage.

AWS Monitoring against costs :

Budgets :- send alarms when cost/forecasts exceeds the budget,usage, cost.

Billing Alarm :- billing data metrics, monitoring against cost plans, us-east-I.

EventBridge (CloudWatch Events) :- schedule scripts, corn jobs events.

License Manager :- manage your software licenses, aws and on-prem, MS, SAP, Oracle, IBM.

Managed Services :- automates moving infra & compute like S3, DynamoDB, RDS etc.

Organizations :- allow to manage multiple aws accounts, master and child, consolidated billing, aggregate usage, billing discounts.

Service Control Policy (SCP) :- restricts account privileges, whitelist and blacklist IAM actions.

Control Tower :- setup for govern, secure, compliant multiple account environments.

Secrets Manager :- storing, managing, rotating secrets.

Customer Managed CMK :- mgt by cust,m.key

AWS Managed CMK :- mgt your a/c by AWS

AWS Owned CMK :- mgt for multiple a/cs, its AWS a/c.

Systems Manager :- operational insights, visibility, controls, patching UI for EC2 and on-prem servers.

Systems Manager Parameter Store :- secure parameter store of hierarchical data, pwd, id, IAM..

Trusted Advisor :- provides real-time guidelines, reduce cost/workloads, instant performance, improve security.

Application Integration :

Simple Notification Service (SNS) :- notification service, It follows publish/subscribe (pub/sub) messaging paradigm.

Simple Queue Service (SQS) :- Amazon SQS guarantees at-least-once delivery, SQS requires the recipient to provide the receipt in order to delete a message. This feature is new as of 2008 where only the message ID was required for message deletion.

Simple Email Service (SES) :- email service.

Simple Workflow Service (SWF/SWS) :- workflow, tracking the state of tasks.

Amazon MQ :- RabbitMQ, ActiveMQ, managed message broker service.

Security, Identity, and Compliance :

Artifact :- compliance related issue, HIPAA, on-demand, AWS agreements

AWS Certificate Manager (ACM) :- provision, manage and deploy SSL/TLS Certificates

CloudHSM :- hardware security module, encryption key

Cognito :- scale million users and support sign-up, sign-in via Google, Facebook, Twitter etc.

Directory Services :- MS to integrate Active Directory, centralized printers, computers, file share.

Security Hub :- dashboard, quick view to show security and complains status.

Detective :- analyze ,investigate and quickly identify root cause of security issues, DDos Abuse :- report suspected AWS service abuse or illegal purpose, spams, DDos, malware attacks

GuardDuty :- Threat detection, security monitoring for malicious and unauthorized behavior, crypto currency attacks, inputs - logs of CloudTrail Event, VPC flow, DNS, Kubernetes

IAM :- users you trust and belongs to your organization.

Identity and Access Management Center (IAMC) :- one login, single sign-on

Inspector :- uses agen: automated security assessment, o/s against knows vulnerabilities

Macie :- sensitive data, machine learning, pattern matching to S3 (PII)

Shield :- protect DDos attacks

Key Management Service (KMS) :- encryption

Web Application Firewall (WAF) :- web app firewall, 7 layer

NACL :- firewall at subnet level, allow & deny rule

Site-to-Site :- secure connection b/w data, can’t for VPC’s

AWS Transit Gateway :- connects multiple VPC’s, central hub

Penetration Test :- security assessment without prior approval of AWS on services

Compute Optimizer :- optimal resource, reduce cost, improve performance by recommend your workload

Security Token Service (STS) :- to access temp/limited privileges credentials.

Networking and Content Delivery :

API Gateway :- app facing component

CloudFront :- Improves read performance, content cached at edge, DDos

Direct Connect (DX) :- DC to AWS, bypass internet, lower-latency, privately.

Site-to-Site VPN :- connect publicly but encrypted communications

Route 53 :- DNS, cost-effective, cannot provide secure shell access to EC2.

Virtual Private Cloud (VPC) :- privately connect resources within your AWS environment, only S3 and DynamoDB support VPC Endpoint Gateway.

VPC Flow Logs :- capture info of IP traffic going to instances

Private Subnet :- not accessible from internet, using NAT Gateways/Instances allows internet

Public Subnet :- accessible from internet

Subnets :- part/partition of your network

VPC Peering :- connects two VPC’s privately, is not transitive

Transit Gateway :- connect multiple VPC and on-prem to single gateway

Gateway virtual tape library :- popular backup software

APN Consulting Partner :- AWS professional services, helps customers

APN Technology Partner :- providing hardware, connectivity and software

APN Training Partner :- help you learn AWS

APN Navigate Program :- helps partner become better partner

AWS IQ :- quickly find professionals help for your project.

Architecture :

Well Architecture 6 pillars :- Operations excellence, Security, Reliability, Performance efficiency, Cost optimization, Sustainability.

Well Architected Framework Principles :- stop guessing capacity needs, prod test system, automate for architectural experimental, allow for evolutionary architecture, drive architecture using data, improve via game days.

Cloud Best Practices :- Design Principles- scalability, disposable resources, automations, loose coupling, leveraged services.

1 pillar: Operations Excellence :- IaaS, refine and reversible changes, anticipate failure, learn

2 pillar: Security :- protect info, systems, integrate logs, apply/automate security data, events

3 pillar: Reliability :- auto scaling, automatically failure recovery, manage automation

4 pillar: Performance Efficiency :- technology, go global in minute, serverless infra, experimental

5 pillar: Cost Optimization :- adopt consumption mode, measure efficiency, tags, lower costs

6 pillar: Sustainability :- impacts, sustainability goals, maximize utilizations, adopt infra changes

Other Services and miscellaneous :

AppStream 2.0 :- app streaming service

Sumerian :- creating and deploying virtual reality (VR), augmented reality (AR), and 3D applications

IoT (Internet of Things) :- support billions of odd devices and messages, connected car, refrigerators etc.

Elastic Transcoder :- convert media files from S3 to user require formats

AppSync :- store realtime mobile, web data, GraphQL

Ground Station :- control and communicate with satellites

Amplify :- set of tools develop and deploy scalable mobile and web apps

Device Farm :- test your mobile/apps like browser developer tools

Step Functions :- orchestration, to build business critical apps

Backups :- involve managing and automating the process of creating copies of important data and systems to ensure their availability and integrity.

Disaster Recovery Strategy :- involves planning for the backup and restoration of critical data and systems.

FIS (Fault Injection Simulator) :- conducting chaos engineering experiments.

Data Sync :- on prem to AWS data movement, incremental

Elastic Disaster Recovery :- quickly and easily recover

Pinpoint :- multiple messaging channel, push notifications, bulk sms.

Conclusion :

In this blog, we've explored a wide array of AWS services spanning across analytics, compute, storage, databases, developer tools, security, networking, architecture, and more. These services play a crucial role in simplifying and optimizing cloud computing, enabling businesses to innovate, scale, and operate more efficiently in the digital age. Whether you're a seasoned AWS practitioner or just starting your journey in the cloud, understanding these essential services is key to harnessing the full power of AWS. By leveraging these services effectively, businesses can drive innovation, enhance security, improve reliability, and ultimately achieve their goals in the rapidly evolving landscape of cloud computing.