Embed Size (px)
Citation preview
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Comp ute
Cate ‐gory
Serv ‐ice
Desc rip tion
Inst ‐ances(Virtualmachin es)
EC2 Provides secure,resizable computecapacity in the cloud. Itmakes web-scale cloudcomputing easier fordevelo pers. EC2
EC2Spot
Run fault- tol erantworkloads for up to90% off. EC2Spot
EC2Autosc aling
Automa tically add orremove computecapacity to meetchanges in demand.EC2_AustoScaling
Comp ute (cont)
Lightsail Designed to be theeasiest way to launch& manage a virtualprivate server withAWS. An easy-t o-usecloud platform thatoffers everything needto build an applic ationor website. Lightsail
Batch Enables develo pers,scient ists, & engineersto easily & effici entlyrun hundreds ofthousands of batchcomputing jobs onAWS. Fully managedbatch processing atany scale. Batch
Cont ain ‐ers
ElasticContainerService(ECS)
Highly secure, reliable,& scalable way to runcontai ners. ECS
Comp ute (cont)
ElasticContainerRegistry(ECR)
Easily store,manage, & deploycontainer images.ECR
ElasticKubernetesService(EKS)
Fully managedKubernetesservice. EKS
Fargate Serverlesscompute for contai ‐ners. Fargate
Serv ‐erl ess
Lambda Run code withoutthinking aboutservers. Pay onlyfor the computetime you consume.Lamda
Edgeandhybrid
Outposts Run AWS infras tru ‐cture & services onpremises for a trulyconsistent hybridexperi ence.Outposts
SnowFamily
Collect and processdata in rugged ordiscon nected edgeenviro nments.SnowFamily
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 1 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Comp ute (cont)
Wavelength Deliver ultra-low latencyapplic ation for 5G devices.Wavelenth
VMwareCloud onAWS
Innovate faster, rapidlytransition to the cloud, &work securely from anylocation. VMware_On_AWS
LocalZones
Run latency sensitive applic ‐ations closer to end-users.LocalZones
Storage
Serv ‐ice
Desc rip tion
AWSS3
S3 is the storehouse for theinternet i.e. object storage built tostore & retrieve any amount ofdata from anywhere S3
AWSBackup
AWS Backup is an extern all y-a ‐cce ssible backup provider thatmakes it easier to align &optimize the backup of dataacross AWS services in thecloud. AWS_Backup
Storage (cont)
AmazonEBS
Amazon Elastic Block Store is aweb service that providesblock- level storage volumes.EBS
AmazonEFSStorage
EFS offers file storage for theuser’s Amazon EC2 instances.It's kind of blob Storage. EFS
AmazonFSx
FSx supply fully managed 3rd-party file systems with the nativecompat ibility & charac ter isticsets for workloads. It's availableas FSx for Windows server(Fully managed file storage builton Windows Server) & Lustre(Fully managed high-p erf ‐ormance file system integratedwith S3). FSx_WindowsFSx_Lustre
AWSStorageGateway
Storage Gateway is a servicewhich connects an on-pre misessoftware appliance with cloud- ‐based storage.Storage_Gateway
Storage (cont)
AWSDataSync
DataSync makes it simple &fast to move large amounts ofdata online between on-pre ‐mises storage & S3, EFS, orFSx for Windows File Server.DataSync
AWSTransferFamily
The Transfer Family providesfully managed support for filetransfers directly into & out ofS3. Transfer_Family
AWSSnowFamily
Highly -se cure, portabledevices to collect & processdata at the edge, and migratedata into and out of AWS.Snow_Family
Clas sif ica tion:Object storage: S3File storage servic es: Elastic File System,FSx for Windows Servers & FSx for LustreBlock storage: EBSBack up: AWS BackupData transf er:Storage gateway --> 3 types: Tape, File,Volume.Transfer Family --> SFTP, FTPS, FTP.Edge computing and storage and SnowFamily --> Snowcone, Snowball,Snowmobile
Data bases
Databasetype
Usecases
Serv ‐ice
Desc rip ‐tion
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 2 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Data bases (cont)
Rela ‐tio ‐nal
Tradit ionalapplic ‐ations,ERP,CRM, e-commerce
Aurora,RDS,Redshift
RDS is awebservice thatmakes iteasier toset up,control,and scale arelationaldatabasein thecloud.AuroraRDSRedshift
Key- ‐value
High-t ‐raffic webapps, e-commercesystems,gamingapplic ‐ations
DynamoDB DynamoDBis a fullyadmini ‐steredNoSQLdatabaseservice thatoffers quickand reliableperfor ‐mance withintegratedscalab ility.DynamoDB
Data bases (cont)
In-m ‐emory
Caching,sessionmanage ‐ment,gamingleader ‐boards,geospatialapplic ‐ations
Elasti CacheforMemcached& Redis
Elasti Cache helps insetting up, managing,and scaling in-memorycache condit ions.Memcached Redis
Docu ‐ment
Contentmanage ‐ment,catalogs,userprofiles
DocumentDB DocumentDB (withMongoDB compat ibi lity)is a quick, depend able,and fully- manageddatabase service thatmakes it easy for you toset up, operate, andscale MongoD B-c omp ‐atibledatabases.DocumentDB
Data bases (cont)
Widecolumn
Highscaleindustrialapps forequipmentmainte ‐nance,fleetmanage ‐ment, androuteoptimi ‐zation
Keyspaces(for ApacheCassandra)
Graph Frauddetection,socialnetwor ‐king,recomm ‐end ationengines
Neptune
By irohitpawarcheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 3 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. Finish Yours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Data bases (cont)
Timeseries
IoTapplic ‐ations,DevOps,industrialtelemetry
Timestream Timestreamis a fast,scalable,andserverlesstime seriesdatabaseservice forIoT andoperat ionalapplic ationsthat makesit easy tostore andanalyzetrillions ofevents perday.Timestream
Data bases (cont)
Ledger Systemsofrecord,supplychain,regist ‐rat ions,bankingtransa ‐ctions
QuantumLedgerDatabase(QLDB)
QLDB is afullymanagedledgerdatabasethatprovides atransp ‐arent,immutable,andcrypto gra ‐phi callyverifiabletransa ctionlog ownedby acentraltrustedauthority.QLDB
Deve loper Tools
Serv ‐ice
Desc rip tion
Cloud9 Cloud9 is a cloud- based IDE thatenables the user to write, run, anddebug code. Cloud9
CodeAr tifact
CodeAr tifact is a fully managedartifact repository service thatmakes it easy for organi zations ofany size to securely store, publish,& share software packages usedin their software develo pmentprocess. CodeArtifact
Deve loper Tools (cont)
CodeBuild CodeBuild is a fullymanaged service thatassembles sourcecode, runs unit tests, &also generatesartefacts ready todeploy. CodeBuild
CodeGuru CodeGuru is adeveloper tool poweredby machine learningthat provides intell igentrecomm end ations forimproving code quality& identi fying an applic ‐ation’s most expensivelines of code.CodeGuru
CloudDevelo ‐pment Kit
Cloud Develo pment Kit(AWS CDK) is an opensource softwaredevelo pmentframework to definecloud applic ationresources using familiarprogra mminglanguages. CDK
CodeCommit CodeCommit is aversion control servicethat enables the user topersonally store &manage Git archives inthe AWS cloud.CodeCommit
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 4 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Deve loper Tools (cont)
CodeDeploy CodeDeploy is a fullymanaged deploymentservice that automatessoftware deploy ments to avariety of compute servicessuch as EC2, Fargate,Lambda, & on-pre misesservers. CodeDeploy
CodePi ‐peline
CodePi peline is a fullymanaged continuousdelivery service that helpsautomate release pipelinesfor fast & reliable app & infraupdates. CodePipeline
CodeStar CodeStar enables to quicklydevelop, build, & deployapplic ations on AWS.CodeStar
CLI AWS CLI is a unified tool tomanage AWS services &control multiple servicesfrom the command line &automate them throughscripts. CLI
X-Ray X-Ray helps developersanalyze & debug produc tion,distri buted applic ations, suchas those built using amicros ervices archit ecture.X-Ray
Migration & Transfer services
Serv ice Desc rip tion
MigrationEvaluator
Build a data-d riven businesscase for AWS. ME
MigrationHub
Migration Hub provides asingle location to track theprogress of app migrationsacross multiple AWS & partnersolutions. MigrationHub
Applic ‐ationDiscoveryService
Applic ation Discovery Servicehelps enterprise customersplan migration projects bygathering inform ation abouttheir on-pre mises data centers.ADS
ServerMigrationService(SMS)
SMS is an agentless servicewhich makes it easier & fasterto migrate thousands of on-pre mises workloads to AWS.SMS
DatabaseMigrationService(DMS)
DMS helps migrate databasesto AWS quickly & securely.DMS
Migration & Transfer services (cont)
CloudE ‐ndureMigration
CloudE ndure Migration simpli ‐fies, expedites, & reduces thecost of cloud migration byoffering a highly automated lift-&-shift solution. CloudEndure
VMwareCloud onAWS
Refer compute section.
DataSync Refer storage section.
TransferFamily
Refer storage section.
SnowFamily
Refer storage section.
Cost Management
Usecases
Capa bil ‐ities
Serv ‐ice
Desc rip ‐tion
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 5 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Cost Management (cont)
Organize Constructcostallocation &governancefoundationwith yourowntaggingstrategy
1) CostAllocationTags 2)CostCategories
Cost Categories isa feature withinAWS CostManagementproduct suite thatenables group cost& usage inform ‐ation intomeaningfulcategories basedon needs.CostAllocationTagsCostCategories
Cost Management (cont)
Report Raiseawareness& accoun ‐tab ility ofyour cloudspend withthedetailed,allocablecost data
1) CostExplorer2) Cost&UsageReport
Cost & UsageReport containsthe most compre ‐hensive set ofAWS cost & usagedata available,including additionalmetadata aboutAWS services,pricing, & reserv ‐ations.CostExplorer CUR
Access Trackbillinginform ‐ationacross theorgani ‐zation in aconsol ‐idatedview
1)Consol ‐idatedBilling2)Credits
credits are appliedto bills to helpcover costs thatare associatedwith eligibleservices.ConsolidatedBillingCredits
Cost Management (cont)
Control Establisheffectivegovernancemechanismswith the rightguardrails inplace
By irohitpawarcheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 6 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. Finish Yours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Cost Management (cont)
Forecast Estimateresourceutiliz ‐ation &spendwithforecastdashbo ‐ards.
1) CostExplorer(Self- ‐Ser vice)2)Budgets(Event -Dr iven)
A forecast is aprediction of howmuch you will useAWS services overthe forecast timeperiod that youselected, based onyour past usage.ForecastingEventDrivenBudgets
Budget Keepspend incheckwithcustombudgetthreshold& autoalertnotifi ‐cation
1)Budgets2)BudgetAlertsviaChime& Slack3)ServiceCatalog
Budgets allows toset custom budgetsto track cost &usage from thesimplest to the mostcomplex use cases.BudgetsBudgetAlertsServiceCatalog
Cost Management (cont)
Purchase Leveragefree trials& progra ‐mmaticdiscountsbased onworkloadpattern &needs
1) FreeTier 2)ReservedInstances3) SavingsPlans 4)SpotInstances5)DynamoDBOn-demand
RI provide asignif icantdiscount (up to75%) compared toOn-Demandpricing. RIFreeTierSavingsPlanSpotEC2DynamoDBOD
Elasticity Scale &scheduleservicesbased onexpectedutiliz ationpattern &needs
1) InstanceScheduler2) Redshiftpause &resume 3)EC2 AutoScaling 4)TrustedAdvisor
Trusted Advisor isan online tool thatprovides real timeguidance to helpprovisionresourcesfollowing AWSbest practices.InstanceSchedulerRedshiftP&REC2ASGTrustedAdvisor
Cost Management (cont)
Rightsize Alignserviceallocationsize toactualworkloaddemand
Inspect Stay up-to-date withresourcedeployment& costoptimi ‐zationopport ‐unities
By irohitpawarcheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 7 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. Finish Yours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
SDKs & Toolkits
Serv ice Desc rip tion
CDK CDK uses the famili arity &expressive power of progra ‐mming languages formodeling apps. CDK
Corretto Corretto is a no-cost, multip ‐lat form, produc tio n-readydistri bution of the OpenJDK.Corretto
CryptoTools
Crypto graphy is hard to dosafely & correctly. The AWSCrypto Tools libraries aredesigned to help everyone docrypto graphy right, evenwithout special expertise.Crypto Tools
ServerlessApplic ‐ationModel(SAM)
SAM is an open-s ourceframework for buildingserverless applic ations. Itprovides shorthand syntax toexpress functions, APIs,databases, & event sourcemappings. SAM
SDKs & Toolkits (cont)
Tools for developingand managing applic ‐ations on AWS
Complete list oftools can be foundhere: Tools
Netw orking & Content Delivery
Usecases
Func tio ‐nal ity
Serv ice
Desc rip ‐tion
Build acloudnetwork
Defineandprovisiona logicallyisolatednetworkfor yourAWSresources
VPC VPC letsyouprovision alogicallyisolatedsection ofthe AWSCloudwhere youcan launchAWSresourcesin a virtualnetworkthat youdefine.VPC
Netw orking & Content Delivery (cont)
ConnectVPCs andon-pre ‐misesnetworksthrough acentral hub
TransitGateway
Transit Gatewayconnects VPCs& on-pre misesnetworks througha central hub.This simplifiesnetwork & putsan end tocomplex peeringrelati ons hips.TransitGateway
Provideprivateconnec ‐tivitybetweenVPCs,services,and on-pre misesapplic ‐ations
Privat ‐eLink
Privat eLinkprovides privateconnec tivitybetween VPCs &services hostedon AWS or on-pre mises,securely on theAmazonnetwork.PrivateLink
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 8 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Netw orking & Content Delivery (cont)
Routeusers toInternetapplic ‐ations withamanagedDNSservice
Route 53 Route 53 is a highlyavailable & scalablecloud DNS webservice. Route53
Scaleyournetworkdesign
Automa ‐ticallydistributetrafficacross apool ofresources,such asinstances,contai ners,IPaddresses,andLambdafunctions
ElasticLoadBalancing
Elastic LoadBalancing automa ‐tically distri butesincoming applic ationtraffic across multipletargets, such asEC2's, contai ners, IPaddresses, &Lambda functions.ElasticLoadBalancing
Netw orking & Content Delivery (cont)
Directtrafficthroughthe AWSGlobalnetwork toimproveglobalapplic ‐ationperfor ‐mance
GlobalAccele rator
Global Accele ‐rator is anetworkingservice thatsends user’straffic throughAWS’s globalnetwork infras tru ‐cture, improvinginternet userperfor mance byup to 60%.GlobalAccelerator
Secureyournetworktraffic
Safeguardapplic ‐ationsrunningon AWSagainstDDoSattacks
Shield Shield is amanaged Distri ‐buted Denial ofService (DDoS)protection servicethat safeguardsapplic ationsrunning on AWS.Shield
Netw orking & ContentDelivery (cont)
Protectyourwebapplic ‐ationsfromcommonwebexploits
WAF WAF is aweb applic ‐ationfirewall thathelpsprotect yourweb applic ‐ations orAPIsagainstcommonweb exploitsthat mayaffectavaila bility,compromisesecurity, orconsumeexcessiveresources.WAF
By irohitpawarcheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 9 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. Finish Yours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Netw orking & Content Delivery (cont)
Centrallyconfigureandmanagefirewallrules
FirewallManager
FirewallManager is asecuritymanagementservicewhich allowsto centrallyconfigure &managefirewall rulesacrossaccounts &apps in AWSOrgani ‐zation. linktext
Build ahybridITnetwork
Connectyourusers toAWS oron-pre ‐misesresourcesusing aVirtualPrivateNetwork
(VPN) -Client
VPNsolutionsestablishsecureconnec tionsbetween on-pre misesnetworks,remoteoffices, clientdevices, &the AWSglobalnetwork.VPN
Netw orking & Content Delivery(cont)
Create anencryptedconnectionbetweenyournetworkand yourAmazonVPCs orAWSTransitGateways
(VPN) -Site toSite
Site-t o-SiteVPN createsa secureconnectionbetween datacenter orbranch office& AWS cloudresources.site_to_site
Establisha private,dedicatedconnectionbetweenAWS andyourdatace ‐nter,office, orcolocationenviro ‐nment
DirectConnect
DirectConnect is acloud servicesolution thatmakes it easyto establish adedicatednetworkconnectionfrom yourpremises toAWS.DirectConnect
Netw orking & Content Delivery (cont)
Contentdeliverynetworks
Securelydeliverdata,videos,applic ‐ations, andAPIs tocustomersgloballywith lowlatency,and hightransferspeeds
CloudFront CloudFrontexpeditesdistri butionof static &dynamicwebcontent.CloudFront
Build anetworkformicros ‐ervicesarchit ‐ect ures
Provideapplic ati ‐on- levelnetworkingforcontainersandmicros ‐ervices
App Mesh App Meshmakes itaccessibleto guide &controlmicros ‐ervicesoperating onAWS.AppMesh
Create,maintain,andsecureAPIs atany scale
APIGateway
APIGatewayallows theuser todesign &expand theirown RESTandWebSocketAPIs at anyscale.APIGateway
By irohitpawarcheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 10 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. Finish Yours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Netw orking & Content Delivery (cont)
Discover AWSservicesconnected toyour applic ations
CloudMap
Cloud Map permitsthe name & handlesthe cloud resources.CloudMap
Security, Identity, & Compliance
Cate ‐gory
Usecases
Serv ice Desc rip ‐tion
Identity&accessmanage ment
Securelymanageaccess toservicesandresources
Identity &AccessManagement(IAM)
IAM is awebservicefor safelycontro ‐llingaccess toAWSservices.IAM
Securelymanageaccess toservicesandresources
Single Sign-On
SSOhelps insimpli ‐fying,managingSSOaccess toAWSaccounts&businessapplic ‐ations.SSO
Security, Identity, & Compliance (cont)
Identitymanagementfor apps
Cognito Cognito lets youadd user sign-up, sign-in, &access controlto web & mobileapps quicklyand easily.Cognito
ManagedMicrosoftActiveDirectory
DirectoryService
AWS ManagedMicrosoft ActiveDirectory (AD)enables yourdirect ory -awareworkloads &AWS resourcesto use managedActive Directory(AD) in AWS.DirectoryService
Security, Identity, & Compliance(cont)
Simple,secureservice toshare AWSresources
ResourceAccessManager
ResourceAccessManager(RAM) is aservicethatenablesyou toeasily &securelyshare AWSresourceswith anyAWSaccount orwithinAWSOrgani ‐zation.RAM
Centralgovernanceandmanagementacross AWSaccounts
Organi ‐zations
Organi ‐zationshelps youcentrallygovernyourenviro ‐nment asyou growand scaleyourworkloadson AWS.Orgs
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 11 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Security, Identity, & Compliance (cont)
Dete ction
Unifiedsecurityandcompliancecenter
SecurityHub
SecurityHub gives acompre ‐hensiveview ofsecurityalerts &securitypostureacross AWSaccounts.SecurityHub
Managedthreatdetectionservice
GuardDuty GuardDutyis a threatdetectionservice thatcontin ‐uouslymonitors formaliciousactivity &unauth ‐orizedbehavior toprotectAWSaccounts,workloads,& datastored inS3.GuardDuty
Security, Identity, & Compliance (cont)
Analyzeapplic ‐ationsecurity
Inspector Inspector is asecurity vulner ‐abilityassessmentserviceimproves thesecurity &compliance ofthe AWSresources.Inspector
Recordandevaluateconfig ura ‐tions ofyour AWSresources
Config Config is aservice thatenables toassess, audit, &evaluate theconfig ura tionsof AWSresources.Config
Security, Identity, & Compliance (cont)
Track useractivity andAPI usage
CloudTrail CloudTrail isa servicethat enablesgovern ance,compli ance,operat ionalauditing, &risk auditingof AWSaccount.CloudTrail
Securitymanagementfor IoTdevices
IoTDeviceDefender
IoT DeviceDefender isa fullymanagedservice thathelps securefleet of IoTdevices.IoTDD
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 12 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Security, Identity, & Compliance (cont)
Infr ast ‐ructureprotec ‐tion
DDoSprotection
Shield Shield is amanagedDDoSprotectionservicethatsafeguardsappsrunning. Itprovidesalways-ondetection&automaticinlinemitiga tionsthatminimizeapplic ationdowntime& latency.Shield
Security, Identity, & Compliance (cont)
Filtermaliciousweb traffic
WebApplic ‐ationFirewall(WAF)
WAF is a webapplic ationfirewall thathelps protectweb apps orAPIs againstcommon webexploits thatmay affectavaila bility,compromisesecurity, orconsumeexcessiveresources. WAF
Centralmanagementof firewallrules
FirewallManager
FirewallManager easesthe user AWSWAF admini str ‐ation & mainte ‐nance activitiesover multipleaccounts &resources.FirewallManager
Security, Identity, & Compliance (cont)
Dataprotec tion
Discover andprotect yoursensitivedata at scale
Macie Macie isa fullymanageddata(security&privacy)servicethat usesML &patternmatchingtodiscover& protectsensitivedata.Macie
Key storageandmanagement
KeyManagementService(KMS)
KMSmakes iteasy forto create&managecrypto ‐graphickeys &controltheir useacross awiderange ofAWSservices& in yourapplic ‐ations.KMS
By irohitpawarcheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 13 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. Finish Yours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Security, Identity, & Compliance(cont)
Hardwarebased keystorage forregulatorycompliance
CloudHSM CloudHSMis acloud- ‐basedhardwaresecuritymodule(HSM) thatenablesyou toeasilygenerate &use yourownencryptionkeys.CloudHSM
Provision,manage,and deploypublic andprivateSSL/TLScertif icates
Certif icateManager
Certif icateManageris aservicethat easilyprovision,manage, &deploypublic andprivateSSL/TLScerts foruse withAWSservices &internalconnectedresources.ACM
Security, Identity, & Compliance (cont)
Rotate,manage,andretrievesecrets
SecretsManager
SecretsManager assistthe user tosafely encode,store, & recovercreden tials forany user’sdatabase &other services.SecretsManager
Incidentresponse
Invest ‐igatepotentialsecurityissues
Detective Detective makesit easy toanalyze, invest ‐igate, & quicklyidentify the rootcause ofpotentialsecurity issuesor suspiciousactivi ties.Detective
Security, Identity, & Compliance (cont)
Fast,automated,cost-effectivedisasterrecovery
CloudE ‐ndureDisasterRecovery
Providesscalable,cost-e ffe ‐ctivebusinesscontinuity forphysical,virtual, &cloudservers.CloudEndure
Comp lia ‐nce
No cost,self-s erviceportal foron-demandaccess toAWS’compliancereports
Artifact Artifact is aweb servicethat enablesthe user todownloadAWSsecurity &compliancerecords.Artifact
Data Lakes & Analytics
Cate ‐gory
Usecases
Serv ‐ice
Desc rip tion
By irohitpawarcheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 14 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. Finish Yours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Data Lakes & Analytics (cont)
Anal ytics
Intera ctiveanalytics
Athena Athena isan intera ‐ctive queryservice thatmakes iteasy toanalyzedata in S3usingstandardSQL.Athena
Big dataprocessing
EMR EMR is theindust ry- ‐leadingcloud bigdataplatform forprocessingvastamounts ofdata usingopen sourcetools suchas ApacheSpark, Hive,HBase, ‐Flink, Hudi,& Presto.EMR
Data Lakes & Analytics (cont)
Datawareho ‐using
Redshift The most popular &fastest cloud datawarehouse. Redshift
Real-timeanalytics
Kinesis Kinesis makes iteasy to collect,process, & analyzereal-time, streamingdata so one can gettimely insights.Kinesis
Data Lakes & Analytics (cont)
Operat ionalanalytics
Elasti ‐csearchService
Elasti csearchService is afully managedservice thatmakes it easyto deploy,secure, & runElasti csearchcost effect ivelyat scale. ES
Dashboards& visual iza ‐tions
Quicksight QuickSight is afast, cloud- ‐poweredbusiness intell ‐igence servicethat makes iteasy to deliverinsights toeveryone inorgani zation.QuickSight
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 15 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Data Lakes & Analytics (cont)
Datamovement
Real-timedatamovement
1)AmazonManagedStreamingforApacheKafka(MSK) 2)KinesisDataStreams3) KinesisDataFirehose4) KinesisDataAnalytics5) KinesisVideoStreams6) Glue
MSK is afullymanagedservicethatmakes iteasy tobuild &runapplic ‐ationsthat useApacheKafka toprocessstreamingdata.MSKKDS KDFKDA KVSGlue
Data Lakes & Analytics (cont)
Datalake
Objectstorage
1) S3 2)LakeFormation
LakeFormation is aservice thatmakes it easyto set up asecure datalake in days. Adata lake is acentra lized,curated, &securedrepository thatstores all data,both in itsoriginal form &prepared foranalysis. S3LakeFormation
Data Lakes & Analytics (cont)
Backup&archive
1) S3Glacier 2)Backup
S3 Glacier &S3 GlacierDeep Archiveare a secure,durable, &extremely low-cost S3 cloudstorageclasses fordata archiving& long-termbackup.S3Glacier
Datacatalog
1) Glue2)) LakeFormation
Refer asabove.
Third- ‐partydata
DataExchange
Data Exchangemakes it easyto find,subscribe to, &use third- partydata in thecloud.DataExchange
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 16 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Data Lakes & Analytics (cont)
Pred ‐ictiveanalytics&&machinelearning
Frameworks& interfaces
DeepLearningAMIs
Deep LearningAMIs providemachine learningpracti tioners &resear chers withthe infras tru cture &tools to acceleratedeep learning inthe cloud, at anyscale.DeepLearningAMIs
Data Lakes & Analytics (cont)
Platformservices
SageMaker SageMakeris a fullymanagedservice thatprovideseverydeveloper& datascientistwith theability tobuild, train,& deploymachinelearning(ML)modelsquickly.SageMaker
Containers
Use cases Serv ice
Desc ‐rip tion
Store, encrypt,and managecontainer images
ECR Refercomputesection
Run contai nerizedapplic ations orbuild micros ‐ervices
ECS Refercomputesection
Managecontainers withKubernetes
EKS Refercomputesection
Containers (cont)
Runcontainerswithoutmanagingservers
Fargate Fargate is aserverlesscomputeengine forcontainers thatworks withboth ECS &EKS. Fargate
Runcontainerswithserver -levelcontrol
EC2 Refer computesection
Contai ‐nerize andmigrateexistingapplic ‐ations
App2Co ntainer
App2Co ntainer(A2C) is acomman d-linetool formodern izing.NET & Javaapplic ationsinto contai ‐nerized applic ‐ations.App2Container
Quicklylaunchandmanagecontai ‐nerizedapplic ‐ations
Copilot Copilot is acommand lineinterface (CLI)that enablescustomers toquickly launch& easilymanagecontai nerizedapplic ations onAWS. Copilot
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 17 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Serverless
Cate ‐gory
Serv ice Desc rip tion
Comp ute
Lambda Lambda letsyou run codewithout provis ‐ioning ormanagingservers. Youpay only for thecompute timeyou consume.
Lambda@Edge Lambda @Edgeis a feature ofAmazonCloudFront thatlets you runcode closer tousers of yourapplic ation,which improvesperfor mance &reduceslatency.
Fargate Refercontainerssection
Stor ‐age
S3 Refer storagesection
EFS Refer storagesection
Datastores
DynamoDB DynamoDB is akey-value &documentdatabase thatdelivers single -digit millis econdperfor mance atany scale.
Serverless (cont)
AuroraServerless
Aurora Serverless isan on-demand, auto-s caling config urationfor Amazon Aurora(MySQL & Postgr ‐eSQ L-c omp atibleeditions), where thedatabase willautoma tically startup, shut down, &scale capacity up ordown based on yourapplic ation's needs.
RDSProxy
RDS Proxy is a fullymanaged, highlyavailable databaseproxy for RDS thatmakes applic ationsmore scalable,resilient to databasefailures, & moresecure.
APIProxy
APIGateway
API Gateway is afully managedservice that makes iteasy for developersto create, publish,maintain, monitor, &secure APIs at anyscale.
Serverless (cont)
Appl ‐icationintegr ‐ation
SNS SNS is a fullymanaged messagingservice for bothsystem -to -system &app-to -person (A2P)commun ica tion.
SQS SQS is a fullymanaged messagequeuing service thatenables to decouple& scale micros erv ‐ices, distri butedsystems, & serverlessapplic ations.
AppSync AppSync is a fullymanaged service thatmakes it easy todevelop GraphQLAPIs by handling theheavy lifting ofsecurely connectingto data sources likeAWS DynamoDB,Lambda.
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 18 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Serverless (cont)
EventBridge EventB ridge is aserverless event busthat makes it easy toconnect applic ationstogether using datafrom apps,integrated SaaSapps, & AWSservices.
Orch est ‐rat ‐ion
StepFunctions
Step Functions is aserverless functionorches trator thatmakes it easy tosequence Lambdafunctions & multipleAWS services intobusine ss- cri ticalapplic ations.
Anal ytics
Kinesis Kinesis makes iteasy to collect,process, & analyzereal-time, streamingdata so one can gettimely insights.
Athena Athena is an intera ‐ctive query servicethat makes it easy toanalyze data inAmazon S3 usingstandard SQL.
Applic ation Integr ation
Cate ‐gory
Serv ice Desc rip tion
Mess ‐aging
SNS Reliable highthroughputpub/sub, SMS,email, and mobilepush notifi cations
SQS Message queuethat sends, stores,and receivesmessages betweenapplic ationcomponents at anyvolume
MQ Message broker forApache ActiveMQthat makesmigration easy andenables hybridarchit ectures
Work ‐flows
StepFunctions
Coordinate multipleAWS services intoserverlessworkflows so youcan build andupdate appsquickly
APImanage ment
APIGateway
Create, publish,maintain, monitor,& secure APIs atany scale forserverlessworkloads & webapps
AppSync Create a flexibleAPI to securelyaccess, manipu ‐late, & combinedata from one ormore data sources
Applic ation Integr ation (cont)
Eventbus
EventBridge Build an event- ‐driven archit ecturethat connectsapplic ation datafrom your ownapps, SaaS, &AWS services
AppFlow Automate the flowof data betweenSaaS applic ations& AWS services atnearly any scale,without code.
Management & Governance
Cate ‐gory
Serv ‐ice
Desc rip tion
Enable ControlTower
The easiest way to setup and govern a new,secure multi- accountAWS enviro nment.ControlTower
Organi zations
Organi zations helpscentrally govern enviro ‐nment as you grow &scale workloads onAWS Organizations
Well-A rch ‐itectedTool
Well-A rch itected Toolhelps review the stateof workloads &compares them to thelatest AWS archit ‐ectural best practices.WATool
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 19 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Management & Governance (cont)
Budgets Budgets allows to setcustom budgets to trackcost & usage from thesimplest to the mostcomplex use cases.Budgets
LicenseManager
License Managermakes it easier tomanage softwarelicenses from softwarevendors such asMicrosoft, SAP, Oracle,& IBM across AWS &on-pre mises enviro ‐nments.LicenseManager
Prov ision
CloudF ‐orm ation
CloudF orm ationenables the user todesign & provision AWSinfras tru cture deploy ‐ments predic tably &repeat edly.CloudFormation
ServiceCatalog
Service Catalog allowsorgani zations to create& manage catalogs ofIT services that areapproved for use onAWS. ServiceCatalog
Management & Governance (cont)
OpsWorks OpsWorks presentsa simple and flexibleway to create andmaintain stacks andapplic ations.OpsWorks
Market place Market place is adigital catalog withthousands ofsoftware listingsfrom indepe ndentsoftware vendorsthat make it easy tofind, test, buy, &deploy software thatruns on AWS.Marketplace
Oper ate
CloudWatch CloudWatch offers areliable, scalable, &flexible monitoringsolution that caneasily start.CloudWatch
CloudTrail CloudTrail is aservice that enablesgovern ance, compli ‐ance, operat ionalauditing, & riskauditing of AWSaccount. CloudTrail
Config Config
Management & Governance (cont)
SystemsManager
Systems Manager to plan,proctor, & automate admini str ‐ation tasks on the AWSresources. SystemsManager
Cost &usagereport
Refer cost managementsection
Costexplorer
Refer cost managementsection
ManagedServices
Operate your AWS infras tru ‐cture on your behalf.ManagedServices
X Ray X-Ray
Recommend security best practices
Turn on multif actor authen tic ation for the“root” account
Turn on CloudTrail log file valida tion.
Enable CloudTrail multi- region logging.
Integrate CloudTrail with CloudW atch.
Enable access logging for CloudTrail S3buckets.
Enable access logging for Elastic LoadBalancer (ELB).
Enable Redshift audit logging.
Enable Virtual Private Cloud (VPC) flowlogging.
Require multif actor authen tic ation (MFA) todelete CloudTrail buckets
Enable CloudTrail logging across all AWS.
Turn on multi- factor authen tic ation for IAMusers.
Enable IAM users for multi-mode access.
Attach IAM policies to groups or roles
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 20 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
AWS Services Cheat Sheetby irohitpawar via cheatography.com/127546/cs/24837/
Recommend security best practices(cont)
Rotate IAM access keys regularly, andstanda rdize on the selected number of days
Set up a strict password policy.
Set the password expiration period to 90days and prevent reuseC ustomer Visual ‐force pages with standard headers
Don’t use expired SSL/TLS certif icates
User HTTPS for CloudFront distri butions
Restrict access to CloudTrail bucket.
Encrypt CloudTrail log files at rest
Encrypt Elastic Block Store (EBS) database.
Provision access to resources using IAMroles.
Ensure EC2 security groups don’t havelarge ranges of ports open
Configure EC2 security groups to restrictinbound access to EC2.
Avoid using root user accounts.
Use secure SSL ciphers when connectingbetween the client and ELB.
Use secure SSL versions when connectingbetween client and ELB.
Use a standard naming (tagging)convention for EC2.
Encrypt RDS.
Ensure access keys are not being used withroot accounts.
Use secure CloudFront SSL versions.
Enable the requir e_ssl parameter in allRedshift clusters.
Rotate SSH keys period ically.
Recommend security best practices(cont)
Minimize the number of discrete securitygroups.
Reduce number of IAM groups.
Terminate unused access keys
Disable access for inactive or unused IAMusers
Remove unused IAM access keys
Delete unused SSH Public Keys
Restrict access to AMIs.
Restrict access to EC2 security groups.
Restrict access to RDS instances.
Restrict access to Redshift clusters.
Restrict outbound access.
Disallow unrest ricted ingress access onuncommon ports.
Restrict access to well-known ports such asCIFS, FTP, ICMP, SMTP, SSH, Remotedesktop
Inventory & categorize all existing customapps by the types of data stored,compliance requir ements & possible threatsthey face.
Involve IT security throughout the develo ‐pment process.
Grant the fewest privileges as possible forapplic ation users
Enforce a single set of data loss preventionpolicies across custom applic ations and allother cloud services.
Encrypt highly sensitive data such asprotected health inform ation (PHI) orpersonally identi fiable inform ation (PII).
By irohitpawar
cheatography.com/irohitpawar/
Published 17th October, 2020.Last updated 18th October, 2020.Page 21 of 21.
Sponsored by ApolloPad.comEveryone has a novel in them. FinishYours!https://apollopad.com
