All Services Flashcards by Bobbi January

Offer maximum savings, but require full payment upfront — not ideal if you want to avoid high initial costs.

All Upfront Standard Ris (AURI)

How well did you know this?

Not at all

Perfectly

Provides a dedicated network connection between on-premises and AWS. It improves reliability/latency for private connections, not for serving static content to global users.
can be used to provide an on-demand, cloud-based contact center.

AWS Direct Connect

How well did you know this?

Not at all

Perfectly

Used for hybrid STORAGE integration between on-premises environments and AWS, unrelated to application performance.

AWS Storage Gateway

How well did you know this?

Not at all

Perfectly

is the least costly support plan that provides access to the complete list of Trusted Advisor checks. You can call or chat with technical support

Business Support

How well did you know this?

Not at all

Perfectly

Real-time data streaming and analytics platform

Amazon Kinesis

How well did you know this?

Not at all

Perfectly

Automatically adjust EC2 capacity based on demand

Amazon EC2 Auto Scaling

How well did you know this?

Not at all

Perfectly

Migrates databases, not petabytes of raw data files. Used for migrating databases quickly and securely to AWS.

It supports both:
Homogeneous migrations (Oracle → Oracle)
Heterogeneous migrations (Oracle → PostgreSQL, SQL Server → Aurora, etc.).
Perfect when the migration involves databases, not raw data files.

AWS Database Migration Service

How well did you know this?

Not at all

Perfectly

Provides the most detailed billing data but in raw format (CSV).
Best for exporting to tools like Athena or QuickSight, not for quick visual analysis.

AWS Cost and Usage Report (CUR)

How well did you know this?

Not at all

Perfectly

Recommendations for optimization, best practices

Trusted Advisor

How well did you know this?

Not at all

Perfectly

Provision AWS infrastructure using code (Infrastructure as Code)

AWS CloudFormation

How well did you know this?

Not at all

Perfectly

Focuses on best practice recommendations like cost optimization, security, performance, and fault tolerance.
It doesn’t provide detailed cost trend visualization.

AWS Trusted Advisor

How well did you know this?

Not at all

Perfectly

Connects two VPCs privately, NOT TO THE INTERNET. CONNECTS TWO VPCs privately using AWS’s internal backbone network.
Resources (like EC2s, RDS) in each VPC can communicate with each other as if they were in the same network.
Traffic never traverses the public internet.

VPC Peering

How well did you know this?

Not at all

Perfectly

lets you run containers without having to provision or manage Amazon EC2 instances

AWS Fargate

How well did you know this?

Not at all

Perfectly

Set custom cost and usage budgets

AWS Budgets

How well did you know this?

Not at all

Perfectly

applied at the interface level of resources that are deployed within a VPC

Security Groups

How well did you know this?

Not at all

Perfectly

JSON DOCUMENTS that DEFINE PREMISSIONS

IAM Policies

How well did you know this?

Not at all

Perfectly

Cheaper than standard S3, but more expensive than Deep Archive. Retrieval times are faster (minutes to hours), but here cost is the main factor. For archival data, not frequent access

Amazon S3 Glacier Flexible Retrieval

How well did you know this?

Not at all

Perfectly

Detailed data about AWS usage and costs (cvs)

AWS Cost & Usage Report

How well did you know this?

Not at all

Perfectly

is designed to set up, operate, and scale a relational database in the cloud easily. It supports multiple database engines such as MySQL, PostgreSQL, Oracle, SQL Server, and MariaDB.

Amazon RDS

How well did you know this?

Not at all

Perfectly

This CAF perspective helps you achieve the confidentiality, integrity, and availability of your data and cloud workloads.

Security

Cloud Adoption Framework

How well did you know this?

Not at all

Perfectly

is a cloud-based contact center service that you can use to set up an on-demand contact center.

Amazon Connect

How well did you know this?

Not at all

Perfectly

monitors workloads for software vulnerabilities or network exposure. Automated vulnerability management for EC2 and containers automated security assessment service that helps improve the security and compliance of workloads on AWS

Amazon Inspector

How well did you know this?

Not at all

Perfectly

Run code in response to events without managing servers. charges are dependent on the number of requests for your functions. Vcharges are dependent on the amount of time it takes to run the code.

AWS Lambda

Lambda provides compute capabilities.

How well did you know this?

Not at all

Perfectly

is designed for frequently accessed data.

Provides:
Low latency
High durability (11 nines)
Multi-AZ replication automatically.
It’s the go-to class for general-purpose object storage.

S3 Standard (Simple Storage Service)

How well did you know this?

Not at all

Perfectly

Managed file storage for use with EC2

Amazon EFS

OBSERVE and MONITOR resources and applications on AWS, on premises, and on other clouds

CloudWatch / CloudWatch Alarms

to encrypt data across your AWS workloads, digitally sign data, encrypt within your applications using AWS Encryption SDK, and generate and verify message authentication codes (MACs)

AWS KMS (Key Management Service)

15 minutes for business-critical system down

Enterprise Support Plans Response Time

Connect Amazon VPCs, AWS accounts, and on-premises networks to a single gateway

Transit Gateway.

Cheaper than Convertible but locked into a specific instance type and configuration. If your analytics requirements change, you’d lose flexibility. Best for steady, predictable workloads with no planned changes. Offer the highest cost savings — up to 72% off On-Demand pricing when committing to a 3-year term. Ideal when you know instance type, OS, and region won’t change.

Standard Reserved Instances

Automate CI/CD pipelines for release processes

AWS CodePipeline

designed for **debugging** and **analyzing** distributed applications like microservices. It provides: End-to-end request tracing Service maps showing how components interact Performance **bottleneck** detection

AWS X-Ray | Perfect for understanding microservices architecture.

Cheapest option only if you can tolerate interruptions. Not ideal for predictable, recurring workloads like weekly data entry Spot Instances are discounted more heavily when there is more capacity available in the Availability Zones.

Spot Instances

For running containers (requires more setup than Elastic Beanstalk for a POC). It runs Docker containers at scale, with integration into EC2 or Fargate (serverless containers). Best for managing microservices architectures or containerized apps.

Amazon ECS (Elastic Container Service)

is a service that is used to create, store, and renew public and private SSL/TLS CERTIFICATES. You can use it to implement encryption in transit and at rest by using a protocol, such as TLS.

AWS Certificate Manager (ACM)

ervice helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud.

AWS CloudHSM (Hardware Security Module)

Designed for long-term data retention (up to decades). Retrieval times: up to 12 hours (fits this case). Perfect for compliance and archival storage like healthcare, finance, or government records. cheapest storage class in AWS.

Amazon S3 Glacier Deep Archive

Security assessment for EC2 and containers, focused only on vulnerabilities, not cost/performance.

Amazon Inspector

no one in the company knows how to do this “No expertise / need guidance” consulting help APN partners can help customers with cloud migrations.

AWS Partner Network (APN) Consulting Partners

Route end users to your site reliably with globally-dispersed Domain Name System (DNS) servers and automatic scaling.

Amazon Route 53

can help you with migrations to the AWS Cloud.

AWS Professional Services

Centralized ACCESS for multiple AWS accounts and business applications can be used for SSO integration to access the AWS Management Console.

AWS IAM Identity Center

Provides block storage for EC2

Amazon EBS

Automated S3 storage management Automatically transition data between storage classes Expire (delete) OLD objects after a certain time This is ideal for infrequently accessed data that you still want to RETAIN but at a lower cost Data movement/RETENTION automation

S3 Lifecycle Policy

Controls traffic at the VPC subnet level, not at the S3 bucket level. Subnet-level firewall, not instance-level

Network Access Control List (NACL)

No guaranteed response time

Basic (Free) Support Plans Response Time

Temporary credentials, but you still need a federation or IAM setup behind it.IAM Roles are the correct way to provide temporary security credentials

Security Token

Message queuing service to decouple and scale microservices

Amazon SQS

Run Kubernetes on AWS without managing the control plane

Amazon EKS (Elastic Kubernetes Service)

Fully managed Pub/Sub service for A2A and A2P MESSAGING

Amazon SNS

Exposes APIs to applications, not used for general EC2 internet access. used to create, publish, maintain, monitor, and secure APIs at any scale.

API Gateway

Automatically distributes incoming traffic across multiple targets

Elastic Load Balancing

Store, rotate, and retrieve secrets such as database credentials securely

AWS Secrets Manager

This CAF perspective helps you **build** an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions.

Platform | Cloud Adoption Framework

allows you to test and validate IAM POLICIES BEFORE applying them. SIMULATE API requests to see if users, roles, or groups have the required permissions TROUBLESHOOT access-denied issues without impacting production resources Ensure policies are configured correctly and securely

IAM Policy Simulator

Build and test CODE with automatic scaling. you don’t need to provision, manage, and scale your own build servers. You just specify the location of your source CODE and choose your build settings, and it will run your build scripts for compiling, testing, and packaging your CODE.

AWS CodeBuild | Compiling and packaging code

Provision a logically ISOLATED section of the AWS cloud

Amazon VPC

Defines rules for Cross-Origin Requests to S3 buckets

CORS

gives customers access to the seven core Trusted Advisor checks.

Developer Support

uses machine learning to automatically extract text, handwriting, and data from scanned documents. You can use it to extract data from documents. does not analyze documents or generate insights from the text.

Amazon Textract

is the hub used by users to request and manage s requests from AWS

AWS Support

Lets IT administrators create and manage pre-approved internal products for an organization. Not for discovering third-party pre-built solutions.

AWS Service Catalog

Flexible but expensive for continuous, long-term usage. Best for short-term or unpredictable workloads.

On-Demand Instances

to convert text into lifelike speech.

Amazon Polly

Programmatic access requires an access key ID can be assigned to an AWS user.

secret access key

Distributes traffic across multiple EC2 instances but doesn’t provide elasticity by itself. It helps improve availability and performance by balancing incoming requests, but the number of instances stays fixed unless combined with Auto Scaling.

Elastic Load Balancing (ELB)

provides a number of operational services to manage a customer's AWS infrastructure and services on their behalf.

AWS Managed Services

is a service that is used to share resources across your AWS accounts. You cannot use it to implement encryption of data in transit.

AWS RAM

Lets you subscribe to and share third-party datasets, not migrate your own.

AWS Data Exchange

Business intelligence service to build visualizations and dashboards

Amazon QuickSight

Object storage that automatically replicates data across multiple AZs in a Region by default, ensuring 11 nines (99.999999999%) durability. provides object storage. Additionally, you can use Amazon S3 to host static website content, including HTML, JavaScript, and CSS files. With Amazon S3, you do not need an always-running EC2 instance.

Amazon S3 (Simple Storage Service) | provides object storage

Serverless, fully managed, distributed NoSQL database with single-digit millisecond performance at any scale non-relational database that can automatically scale tables for both storage and throughput while still maintaining performance.

Amazon DynamoDB

Designed for moving large amounts of data (terabytes to petabytes) into AWS without using the internet. Data is loaded onto physical devices shipped to AWS.

AWS Snowball

Designed for workloads that run only during specific recurring schedules (e.g., every Monday 5–10 PM). While flexible in scheduling, they are more expensive than Standard RIs and are being phased out by AWS in favor of Savings Plans.

Scheduled Ris

Used for caching data, not for database migrations.

Amazon ElastiCache

Monitors metrics, performance, and logs, not AWS costs or billing trends

Amazon CloudWatch

Store and retrieve Docker container images

Amazon ECR (Elastic Container Registry)

enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.

AWS CloudTrail | Track all API activity

Message queuing, buffering, decoupling applications Amazon SQS is a fully managed message queuing service that allows decoupling between different components of an application.

Amazon SQS

Automates deployments

AWS CodeDeploy | Automating deployments

This pillar describes how to take advantage of cloud technologies to protect **data**, systems, and assets in a way that can improve your security posture.

Security | Well Architected Framework

Managed DDoS protection

AWS Shield

Reserved Instances purchased via the AWS Marketplace from other customers, but pricing varies and isn’t always cheaper than Standard RIs. Through the AWS Reserved Instance Marketplace, you can sell unused Standard or Convertible RIs to other AWS customers. This allows you to recover part of your upfront or unused commitment cost. Buyers benefit by often getting RIs at discounted prices compared to purchasing directly from AWS.

Third-party Ris

Designed for compliance and licensing You require HARDWARE visibility for compliance audits. You want full control over instance placement on the host.

Dedicated Hosts

offer the most cost-effective pricing model when you can commit to a consistent amount of usage over 1 or 3 years. is the best choice for a 24/7, long-term workload when you want predictable billing and cost savings. By committing to a 1- or 3-year term, you can save up to 72% compared to On-Demand pricing.

Savings Plans

Provides real-time guidance to help provision resources following AWS best practices identify cost savings by locating idle Amazon EC2 resources

AWS Trusted Advisor

Centrally manage multiple AWS accounts

AWS Organizations

Allows private subnet instances to reach the internet OUTBOUND ONLY, but they can’t be accessed from the internet. Prevents the internet from initiating connections inbound to those instances. This ensures security + internet access for private resources.

NAT Gateway (Network Address Translation Gateway)

<1 hour for production system down

Business Support Plans Response Time

fully managed service that streamlines the deployment, management, and scaling of web applications. Developers can upload their code, and Elastic Beanstalk automatically handles the provisioning of infrastructure, scaling, load balancing, and application health monitoring Easily migrate, deploy, and scale full-stack applications on. (Apache, Node.js, Python) Designed for developers who don't want to manage infrastructure

AWS Elastic Beanstalk ## Footnote Elastic Beanstalk also includes functionality to monitor the health of your application.

The ability to support development and run workloads effectively, gain **insight into their operations**, and to continuously improve supporting processes and procedures to deliver **business value.**

Operational excellence | Well Architected Framework

controls access for users/roles. JSON documents that define permissions (what actions are allowed or denied, on which resources, under what conditions). IAM (Identity and Access Management) policies let you: Control access to specific S3 buckets Allow or deny specific actions like uploads, deletions, and downloads Assign policies to users, groups, or roles Policies are JSON documents that define who can do what on which resources.

IAM Policy

Used to set up a **data lake**, not for long-term storage.

Amazon Lake Formation

Tracks configuration changes for compliance

AWS Config

Desktop as a Service (DaaS) solution

Amazon WorkSpaces

Build, train, and deploy machine learning models at scale

Amazon SageMaker

Intelligent threat detection and continuous monitoring ontinuously monitors: AWS account activity EC2 instance behavior VPC flow logs, CloudTrail logs, and DNS logs

Amazon GuardDuty ## Footnote end notifications via Amazon SNS or CloudWatch Events

CloudWatch, Config, X-Ray

Regional

Discover, prepare, and integrate all your data at any scale (not for reporting or dashboards.)

AWS Glue

Visualize and manage AWS costs and usage over time

AWS Cost Explorer

Access compliance reports and agreements

AWS Artifact

Create, manage, and work on software development projects in one place.

CodeStar

<12 hours for general guidance

Developer Support Plans Response Time

Fully managed Pub/Sub service for A2A and A2P messaging

SNS (Simple Notification Service)

Allow you to change instance families, OS types, and tenancies, but cost more than Standard RIs because of that flexibility. Provide flexibility to change instance families, OS, or tenancy, but cost more than Standard RIs. Convertible RIs allow you to: Switch instance families (e.g., m5 → c5) Change operating systems Change tenancy You keep the same commitment term while adapting to changing business needs. Slightly more expensive than Standard RIs but offer maximum flexibility.

Convertible Ris

Good if you need specific recurring schedules, but AWS is phasing them out in favor of Savings Plans.

Scheduled Reserved Instances

Event bus to connect application data from internal or SaaS apps

Amazon EventBridge

Continuously AUDIT AWS usage to simplify risk assessments

AWS Audit Manager

This CAF perspective helps ensure that your cloud investments accelerate your digital transformation ambitions and business outcomes.

Business | Cloud Adoption Framework

Orchestrates batch data movement (ETL jobs), not real-time streaming.

AWS Data Pipeline

is an interactive QUERY SERVICE that makes it easy to analyze data in Amazon S3 using standard SQL. Serverless, so there is no infrastructure to setup or manage, and you pay only for the queries you run.

Amazon Athena

Securely host highly scalable private Git repositories and collaborate on code

AWS CodeCommit

Legacy, supports HTTP/HTTPS and TCP, but largely replaced by ALB/NLB.

Classic Load Balancer (CLB)

Provides user sign-up, sign-in, and authentication (identity federation). provides authentication, authorization, and user management for web and mobile apps. Features: User sign-up & sign-in Identity federation (Google, Facebook, Apple, SAML, etc.) Access control with IAM integration

Amazon Cognito

is an automatic speech recognition (ASR) service. It converts spoken language into text using machine learning. Common use cases include: Subtitling videos Transcribing customer support calls Capturing meeting notes automatically Building voice-enabled apps

Amazon Transcribe

Used for MANAGING AWS RESOURCES and automation, not providing DESKTOPS

AWS Systems Manager

is AWS’s business intelligence (BI) and data visualization service. Features: Creates interactive dashboards and visual reports Supports ad hoc queries for deeper insights Integrates with various AWS data sources like S3, Redshift, RDS, and Athena Uses machine learning-powered analytics to identify trends and anomalies Best suited for analysts and decision-makers who need fast, visual insights.

Amazon QuickSight

Protects web applications from common exploits like SQL injection and XSS

AWS WAF

Run virtual servers in the cloud

Amazon EC2 ## Footnote When using EC2, you are responsible for everything inside the instance

creates an encrypted network path between your on-premises network and your AWS Cloud network. This connection between your on-premises network and your AWS Cloud network uses the internet.

Site-to-Site VPN

Data warehouse for big data analytics

Amazon Redshift

is a speech recognition service that you can use to convert audio to text. does not analyze documents or generate insights from the text.

Amazon Transcribe

Set custom cost and usage budgets Receive alerts when your spending or usage approaches or exceeds thresholds Track both actual and forecasted costs in real-time

AWS Budgets

is designed to handle HTTP/HTTPS traffic (Layer 7). Best suited for web applications running on ports 80 and 443. Supports advanced features like host/path-based routing, SSL termination, and WebSockets. Supports advanced routing features: Path-based (/api, /images) Host-based (e.g., app.example.com) WebSockets This makes it ideal for modern web applications.

Application Load Balancer

document database service, designed to store and query JSON documents. It is MongoDB-compatible, so it’s ideal for applications that need flexible schemas and JSON AWS’s fully managed NoSQL key-value and document database. It provides: Single-digit millisecond performance Automatic scaling to any workload size Features like DAX (caching), Global Tables, and Point-in-time recovery Amazon DynamoDB DAX → In-memory cache for DynamoDB, improves read performance, but not for streaming data.

Amazon DocumentDB

Used for data visualization and BI dashboards, not for managing approved products.

AWS QuickSight

is a service that helps plan and track application migrations. Migration Hub does not perform system migrations.

Migration Hub

Interact with AWS services using command-line tools

AWS Command Line Interface (CLI)

tools include tools such as Cost Explorer and AWS Budgets. Cost Explorer provides an interface that you can use to visualize, understand, and manage your AWS costs and usage over time. Cost Explorer can break down costs by day, service, and linked accounts.

Billing and Cost Management

A data warehouse for analytics (structured data, OLAP), not JSON document storage. Amazon Redshift is AWS’s data warehouse service, designed for: Handling petabytes of structured data Running complex SQL queries Powering business intelligence (BI) dashboards and analytics Optimized for OLAP (Online Analytical Processing) workloads, not transactional. A data warehouse designed for analytical queries on large datasets, not day-to-day relational workloads

Amazon Redshift

gives customers access to the full list of Trusted Advisor checks. However, Business Support provides this access at a lower cost.

Enterprise Support

Run and manage Docker containers on a cluster

Amazon ECS (Elastic Container Service)

is an AWS-side VPN concentrator used to establish a Site-to-Site VPN between your on-premises network and your Amazon VPC. It allows secure communication over an encrypted VPN connection. It is specifically designed for Site-to-Site VPN setups.A Virtual Private Gateway is an AWS-side VPN concentrator used to establish a Site-to-Site VPN between your on-premises network and your Amazon VPC. It allows secure communication over an encrypted VPN connection. It is specifically designed for Site-to-Site VPN setups.

Virtual Private Gateway (VGW)

Users can tag resources to allocate costs.Tags can help you manage, identify, organize, search for, and filter resources. You can create tags to categorize resources by purpose, owner, environment, or other criteria.

tagging

uses a pre-trained model to gain insights about the content of documents. You can use Amazon Comprehend to analyze documents and generate valuable insights from the text.

Amazon Comprehend

shared **file** system that gives EC2 instances the ability to share access to data in different Availability Zones in the same AWS Region.

Amazon EFS

The ability to run systems to deliver business value at the **lowest price point.**

Cost optimization | Well Architected Framework

Content Delivery Network (CDN). It caches content (like images, videos, or web pages) in edge locations worldwide. Users are served from the nearest edge location → reduces latency and improves performance.

CloudFront | edge locations, low latency for global users, content caching ## Footnote content delivery

are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK)

Access keys

Used for search, log analytics, and monitoring, not BI visualizations.

Amazon OpenSearch Service

Protects applications from common web exploits, but doesn’t deliver content. AWS WAF protects your web applications from common web exploits like: **SQL injection** Cross-site scripting (XSS) Bot attacks & malicious IP requests Features: Lets you define custom security rules Integrates with Amazon CloudFront, Application Load Balancer (ALB), and API Gateway

AWS WAF (Web Application Firewall) | Monitors real-time traffic and blocks malicious patterns automatically

You can use AWS SCT to convert an existing database schema from one database engine to another.

AWS Schema Conversion Tool

This CAF perspective serves as a bridge between technology and business, accelerating the cloud journey to help organizations more rapidly evolve to a culture of continuous growth, learning, and where change becomes business-as-normal, with focus on culture, organizational structure

People | Cloud Adoption Framework

This pillar encompasses the ability of a workload to perform its intended **function correctly and consistently** when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle.

Reliability | Well Architected Framework

lets you add user sign-up, sign-in, and access control to your web and mobile applications within minutes.

Amazon Cognito

is a service that gives you the ability to securely share AWS resources with any AWS account or within your AWS Organization. not used to host web applications.

AWS Resource Access Manager (AWS RAM)

allows resources in your VPC (like EC2 instances in a public subnet) to: Send traffic to the internet Receive traffic from the internet Without an IGW, EC2 instances can’t be publicly accessible. allows you to expose RESTful APIs, WebSocket APIs, or HTTP APIs to external clients and manage them securely

Internet Gateway (IGW)

DNS service, directs traffic but doesn’t speed up content delivery A DNS service. It routes users to AWS resources (like S3, EC2, or CloudFront), but it does not cache or speed up content delivery itself. It supports routing policies like: A DNS service that routes users to endpoints but doesn’t balance traffic between EC2 instances directly. Geolocation routing → Send users to resources based on their location. Latency-based routing → Send users to the region with the lowest latency. Failover routing → Send users to backup endpoints if primary fails. gives you the ability to deploy and manage applications in AWS Cloud without you having to understand or manage the underlying infrastructure. Elastic Beanstalk also includes functionality to monitor the health of your application.

Amazon Route53 | If the question mentions routing users based on DNS or geographic locati

Review and improve workloads based on AWS best practices

AWS Well-Architected Tool

Used for migrating databases, not S3 objects Database Migration Service (DMS) helps you migrate databases quickly and securely into AWS. Supports homogeneous migrations (Oracle → Oracle) and heterogeneous migrations (Oracle → PostgreSQL). It can also keep the source and target in sync until the cutover, minimizing downtime

AWS DMS (Database Migration Service)

Store and retrieve any amount of data with high durability

Amazon S3 Simple Storage Service

is an online store for finding, testing, buying, and deploying pre-built software solutions on AWS. It’s perfect for non-developers or small startups that want ready-to-use solutions without building apps from scratch. Includes software like: Security tools Databases Analytics platforms Preconfigured machine images

AWS Marketplace

Commit to a 1-year or 3-year term Pay nothing upfront Get discounted hourly rates compared to On-Demand pricing Ideal when you want predictable savings without a large upfront investment.

No Upfront Standard Ris (NURI)

Operates at Layer 4 (TCP/UDP). Best for extremely high performance/low latency needs, not general HTTP/HTTPS traffic.

Network Load Balancer (NLB)

uses machine learning to automatically discover, classify, and protect sensitive data in S3 Detects unauthorized access and potential data exfiltration risks.

Amazon Macie

lets you define AWS infrastructure as code using templates (YAML/JSON). You can deploy resources like EC2, RDS, Load Balancers, VPCs, etc., in a repeatable, consistent, and automated way. Perfect for multi-tier applications or environments (e.g., dev, test, prod).Automated deployment of infrastructure Automates infrastructure provisioning, not issuing operational commands. Infrastructure-as-code (you still define and manage servers/resources).

CloudFormation

Managed GraphQL service, not for running full applications. AWS AppSync is a fully managed service for building applications with GraphQL APIs. It provides: Real-time data sync across devices Offline access support Integration with DynamoDB, Lambda, and other AWS data sources Ideal for mobile/web apps needing real-time updates.

AWS AppSync

used to allow or deny specific traffic to a VPC at the subnet level. operates at the subnet level and meet the requirements to add a layer of security that acts as a firewall.

Network ACL

The ability to continually improve sustainability impacts by reducing **energy consumption** and increasing efficiency across all components of a workload by maximizing the benefits from the provisioned resources and minimizing the total resources required.

Sustainability | Well Architected Framework

These are credentials used by IAM users to programmatically access AWS. By themselves, they don’t control access — policies do. Authentication credentials used with CLI / SDK

Access Keys

Fully managed message queuing service that allows decoupling between different components of an application. Message queuing, buffering, decoupling applications It acts as a buffer between producers (sending messages) and consumers (processing messages). This improves scalability, fault tolerance, and application reliability.

Answer SQS

Query tool to analyze data stored in S3 using SQL, but doesn’t build dashboards.

Amazon Athena

Gives some flexibility and partial upfront savings but costs more per hour than No Upfront Standard RIs.

Partial Upfront Convertible Ris (PURI)

is a content delivery network (CDN) service that helps you distribute your STAIC and dynamic content quickly and reliably with high speed performance, security, and developer ease-of-use.

Amazon CloudFront

A graph database optimized for relationship-based queries (e.g., social networks).

Amazon Neptune

Helps set and track spending against a budget, but does not give optimization recommendations.

AWS Budgets

**Who can access the bucket** Controls access permissions, not data movement. Access control They allow you to grant access to: IAM users or roles in your account IAM users or roles in other AWS accounts Even anonymous/public access (if configured, though usually discouraged) This makes them perfect for cross-account access or granting specific permissions on a bucket

Bucket Policy

Act as virtual firewalls for EC2 instances. Control inbound and outbound traffic at the instance level. Stateful: If you allow inbound traffic, the outbound response is automatically allowed.

Security Groups

linking an external identity system (like Active Directory, Google Workspace, Okta, or the other company’s identity provider) with AWS IAM.

Federated identities

This CAF perspective helps ensure that your cloud services are delivered at a level that meets the needs of your business.

Operations | Cloud Adoption Framework

Automates multi-account setup and governance, unrelated to finding or deploying marketplace software.Creating new accounts Setting up organizational units (OUs) Applying governance guardrails for security and compliance Integrates with AWS Organizations for centralized control Ideal for enterprises scaling multi-account environments.

AWS Control Tower

the service that provides on-demand access to AWS compliance reports and agreements. Examples: ISO certifications, SOC reports, PCI reports, etc. Organizations use it to demonstrate compliance during audits.

AWS Artifact

Manage ACCESS to AWS services and resources securely

AWS IAM

Assess, audit, and evaluate CONFIGurations of your AWS resources

AWS Config

AWS Systems Manager (SSM) lets you manage fleets of EC2 instances (and other resources). With SSM Run Command, you can: Run scripts or commands across multiple instances at once Group instances logically (using tags or resource groups) Do all this without needing SSH access This is the best solution for fleet-wide remote administration. Manages fleets of AWS resources (like EC2) inside AWS, not from a developer’s laptop.

AWS Systems Manager

is a managed VPN service that allows remote employees to securely connect their laptops, desktops, or mobile devices directly to AWS resources and on-premises networks. Perfect for companies without a data center, because the connection terminates in AWS, not on-premises. Supports OpenVPN-based clients and integrates with AWS IAM and Active Directory for authentication.

AWS Client VPN

Scalable **file storage** for EC2, but far more expensive and not meant for archival.

Amazon EFS

is a network service that is designed to improve the availability and performance of applications for global users. It does this by providing static IP addresses, directing traffic over the AWS global network, and routing to optimal endpoints based on health, user location, and policies.

AWS Global Accelerator ## Footnote IMPROVES GLOBAL routing performance for applications, but does not cache or deliver content like CloudFront.

This CAF perspective helps you orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related **risks**.

Governance | Cloud Adoption Framework

a relational database management system (RDBMS) built for the cloud with full MySQL and PostgreSQL compatibility.

Amazon Aurora

Web interface for MANAGING AWS services

AWS Management Console

defines who (IAM users, roles, or accounts) can access an S3 BUCKET and what ACTIONS they can perform (Cross-account or BUCKET-wide rules)

Bucket Policy

Protects against (**Distributed Denial of Service** ) DDoS attacks used to detect and prevent distributed denial of service attacks against cervices hosted on AWS

AWS Shield

Deploying 3rd-party appliances (firewalls, intrusion detection) If you see virtual appliances/firewalls, it’s GWLB

Gateway Load Balancer (GWLB)

Low-cost archival storage with retrieval times from minutes to hours

Amazon S3 Glacier

Visualize current and historical costs Identify usage trends Forecast future charges Analyze service-level spending It’s designed specifically for cost monitoring and optimization.

AWS Cost Explorer

Helps centrally manage WAF rules and FIREWALL policies across accounts, but by itself doesn’t directly stop SQLi/XSS (it uses WAF under the hood).

AWS Firewall Manager

Manages APIs Gateway allows you to create, publish, maintain, and secure APIs at scale. It acts as a front door for applications (mobile, web, IoT) to securely access backend services like: Lambda EC2 DynamoDB Handles security (IAM, Cognito), throttling, caching, and monitoring.

API Gateway

provides resizable compute capacity in the AWS Cloud. You can use it to host a MySQL database similar to one that runs on premises. The company will have full control over the operating system, database installation, and configuration

Amazon EC2 | EC2 is a web service, provides secure, resizable compute capacity in clo ## Footnote When using EC2, you are responsible for everything inside the instance (OS updates Application patching Firewall settings IAM roles)

ML for analyzing images and videos (faces, labels, text). Amazon Rekognition uses machine learning to analyze images and videos. Capabilities include: Face detection and recognition Object and scene detection Text extraction from images Unsafe content detection

Amazon Rekognition

gives users the ability within the same bill to take advantage of discounts, such as Amazon S3 or Reserved Instances.

Consolidated Billing

is a free AWS tool that helps companies analyze their existing on-premises workloads and compare them to AWS cloud costs. It collects data on: Server utilization Software and hardware costs Licensing expenses Performance metrics Produces a detailed report showing potential cost savings and right-sizing recommendations for migrating to AWS.

Migration Evaluator

Monitor AWS resources and applications in real time

AWS CloudWatch

The ability to use computing **resources** efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Performance efficiency | Well Architected Framework

provides persistent block-level storage volumes for use with Amazon EC2 instances Offers high performance, persistent storage, and automatic replication within the same Availability Zone for durability.

Elastic Block Store

Securely manage identities and access to AWS services and resources

IAM roles

Used to move data

AWS DataSync

collects usage and configuration data about your on-premises servers to help plan a migration.

Discovery Service

is a generative artificial intelligence (AI) powered conversational assistant that can help you understand, build, extend, and operate AWS applications.

Amazon Q Developer

is a managed information retrieval and intelligent search service that uses natural language processing and advanced deep learning model

Amazon Kendra

A managed cluster platform that simplifies running big data frameworks on AWS to process and analyze vast amounts of data

Amazon EMR (Elastic MapReduce)

Automated cost anomaly detection and root cause analysis

AWS Cost Anomaly detection

third-party storage integration makes it easy for you to modernize your on-premises infrastructure and realize the full potential of your on-premises data.

AWS Outposts

entralized dashboard that: Aggregates findings from multiple AWS security services (e.g., GuardDuty, Inspector, IAM Access Analyzer) Consolidates security alerts (called findings) into a single view Supports multiple accounts and integrates with third-party tools Helps you check compliance against security standards (e.g., CIS AWS Foundations Benchmark, PCI DSS)

AWS Security Hub

is a fully managed service that you can use to run batch computing workloads on AWS. It automatically schedules, manages, and scales compute resources for batch jobs, optimizing resource allocation based on job requirements.

AWS Batch ## Footnote Good for: Processing large-scale, parallel workloads in areas like scientific computing, financial risk analysis, media transcoding, big data processing, machine learning training, and genomics research

is a cloud service offering virtual private servers (VPSs), storage, databases, and networking at a predictable monthly price. It’s ideal for small businesses, basic workloads, and developers seeking a straightforward AWS experience without the complexity of the full AWS Management Console.

Lightsail | Good for: Basic web applications, low-traffic websites, development and

is a fully managed hybrid cloud solution that extends AWS infrastructure and services to on-premises data centers. It provides a consistent experience between on premises and the AWS Cloud, offering compute, storage, and networking components.

Outposts ## Footnote Good for: Low-latency applications, data processing in remote locations, migrating and modernizing legacy applications, and meeting regulatory compliance or data residency requirements

AWS Transit Gateway acts as a hub that interconnects multiple VPCs and on-premises networks. Regional service Instead of managing many point-to-point VPC peering connections, you can connect everything through a central hub. Works across multiple regions."

Transit Gateway

is a data storage architecture that manages data as objects in a flat address space.

Object storage ## Footnote The following is the primary AWS object storage service: Amazon Simple Storage Service (S3)

storage services provide shared file systems accessible over networks, so multiple users and applications can access the same data simultaneously

File storage | AWS offers two primary file storage services: Amazon Elastic File System

provides persistent, low-latency block-level storage volumes that attach to EC2 instances like physical hard drives.

Block storage ## Footnote WS offers two primary block storage services: Amazon EC2 instance store and Amazon Elastic Block Store (EBS)

point-in-time backups of EBS volume. can be used to create multiple new volumes, and new volumes created from a snapshot are an exact copy of the original volume at the time the snapshot was taken

EBS Snapshots

THhs instance type uses hardware accelerators, like graphics processing units (GPUs), to efficiently handle tasks, such as floating-point calculations, graphics processing, and machine learning.

Accelerated computing

This instance type provides a balanced mix of compute, memory, and networking resources.

General purpose | ideal for diverse workloads, like web services, code repositories, and

This Instance type are used for memory-intensive tasks like processing large datasets, data analytics, and databases.

Memory optimized | They provide fast performance for memory-heavy workloads.

This instance type is ideal for compute-intensive tasks, such as gaming servers, high performance computing (HPC), machine learning, and scientific modeling.

Compute optimized

This instance type is designed for workloads that require high performance for locally stored data, such as large databases, data warehousing, and I/O-intensive applications.

Storage optimized

All Services Flashcards

(218 cards)