AWS Cloud

Traditional Data Centers

• Large up front investment – Organization needs to plan on the capacity and location of the data center, whether they re-use the existing data center and upgrade them or build new
• Forecasting demand is difficult
• Slow to deploy new data centers and servers – difficult to meet the demand overnight
• Maintaining data centers is expensive
• You own all of the security and compliance burden to ensure against hacker attacks

Benefits of Cloud Computing

• Trade capital expenses for variable expenses – instead of capital investment into a new data center, you can purchase server space on the cloud and only pay as long as you use it and throw it off once not needed
• Benefit from massive economies of scale – Amazon buys the data centers and infrastructure needed for maintenance when available at lowest price and passes on this pricing to consumers
• Stop guessing capacity – you can grow or shrink the space needed based on demand
• Increase speed and agility
• Stop spending money maintaining data centers
• Go global in minutes

Why AWS Cloud?

• Elasticity – ability to acquire resources as you need them and release resources when you no longer need them.
• Reliability – ability to provide functionality for its users when it is needed
• Agility –
  • Cloud lowers the cost of trying new ideas or business processes
  • Reduces time required to maintain infrastructure
  • Reduces risk for organization around security and compliance
  • Provides access to emerging technology

AWS Interfaces

• Three ways to use AWS
  • AWS Management Console – Easy to use graphical interface that supports majority of Amazon Web services
    1. Navigation
    2. Usability
    3. Convenient mobile app
  • Command Line Interface (CLI) – Access through discrete command
    1. Programming language agnostic
    2. Flexibility to create scripts
  • Software Development Kits (SDKs) – Incorporate connectivity and functionality into your code
    1. Ability to use AWS in existing applications
    2. flexibility to create applications

AWS Cloud Core Services

• Infrastructure as a Service products (IaaS) – Services that give you direct control over underlying compute and storage resources
• Platform as a Service products (PaaS) – Services that hide infrastructure complexity behind a simple interface
• Software as a Service products (SaaS) – Services that provide a service to end users through a public network
• Serverless architectures (AWS Lambda) – Platforms that allow developers to run their code over short periods on cloud servers

AWS EC2 – Amazon Elastic Cloud Compute

• Compute – Refers to the server resources that are being presented
• Cloud – Refers to Cloud hosted compute resources
• Elastic – Refers to scale up or down compute resources as required
• Amazon EC2 instances:
  • Pay as you go
  • Broad selection of Hardware / Software – based on different storage requirements
  • Global hosting

Amazon EBS – Elastic Block Store

• EBS volumes are used when you want to increase the disk space – choose between HDD and SSD types – you can delete them when you don’t need them and stop paying for it
• Persistent and customizable block storage for EC2 instances
• Replicated in the same Availability Zone
• Backup using Snapshots
• Easy and transparent Encryption
• Elastic volumes – Scale up or down as needed, you can change between available drive types

Amazon S3 – Simple Storage Service

• Fully managed cloud storage service
• Store virtually unlimited number of objects
• Access any time, from anywhere
  • Using HTTP or HTTPS, access the data
  • URL is made of three sections: https://awsexamplebucket/s3-us-west-2.amazonaws.com/docs/hello.txt
    • Bucket name eg. awsexamplebucket
    • Region-specific endpoint eg. s3-us-west-2.amazonaws.com
    • Object key eg. docs/hello.txt
• Rich security controls
• Common Use cases for S3:
  • Storing Application assets such as user generated media files, server logs or other files or applications on common location
  • Static Web Hosting
  • High durability making easier backup and disaster recovery, cross region replication
  • Staging area for Big Data – Scalable

AWS Global Infrastructure

• Regions – Optimize latency, minimize costs and adhere to regulatory requirements such as GDPR, HIPAA and PCI DSS.
• Availability Zones –
  • Collection of data centers in a specific region.
  • Multiple, isolated locations within one geographic area
  • Each Availability Zone is physically isolated from others but connected together by a fast low-latency network.
• Edge locations – host the Content Delivery Network (CDN) called Amazon CloudFront. CloudFront is used to deliver content to the customers. Edge locations help Quicker content delivery.

• A region is not a collection of VPCs, it is composed of at least 2 AZs. VPCs exist within accounts on a per region basis
• Availability Zones (not regions) have direct, low-latency, high throughput and redundant network connections between each other
• Edge locations are (not regions) are Content Delivery Network (CDN) endpoints for CloudFront

Amazon VPC – Virtual Private Cloud

• VPC is the networking AWS service
• A private, virtual network in the AWS Cloud – uses same concepts as on-premise networking
• Allows complete control of network configuration – ability to isolate and expose resources inside VPC
• Offers several layers of security controls – ability to allow and deny specific internet and internal traffic
• Other AWS services deploy into VPC – Services inherent security built into network
• Features:

AWS Integrated Services

Application Load Balancer

• Elastic Load Balancing supports three types of load balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers.
• Classic Load Balancers:
  • A load balancer distributes incoming application traffic across multiple EC2 instances in multiple Availability Zones. This increases the fault tolerance of your applications. Elastic Load Balancing detects unhealthy instances and routes traffic only to healthy instances.
  • Your load balancer serves as a single point of contact for clients. This increases the availability of your application. You can add and remove instances from your load balancer as your needs change, without disrupting the overall flow of requests to your application. Elastic Load Balancing scales your load balancer as traffic to your application changes over time. Elastic Load Balancing can scale to the vast majority of workloads automatically.
  • Using a Classic Load Balancer instead of an Application Load Balancer has the following benefits:
    1. Support for EC2-Classic
    2. Support for TCP and SSL listeners
    3. Support for sticky sessions using application-generated cookies

• Network Load Balancers:
  • A Network Load Balancer functions at the fourth layer of the Open Systems Interconnection (OSI) model. It can handle millions of requests per second. After the load balancer receives a connection request, it selects a target from the target group for the default rule. It attempts to open a TCP connection to the selected target on the port specified in the listener configuration.
  • Using a Network Load Balancer instead of a Classic Load Balancer has the following benefits:
    1. Ability to handle volatile workloads and scale to millions of requests per second.
    2. Support for static IP addresses for the load balancer. You can also assign one Elastic IP address per subnet enabled for the load balancer.
    3. Support for registering targets by IP address, including targets outside the VPC for the load balancer.
    4. Support for routing requests to multiple applications on a single EC2 instance. You can register each instance or IP address with the same target group using multiple ports.
    5. Support for containerized applications. Amazon Elastic Container Service (Amazon ECS) can select an unused port when scheduling a task and register the task with a target group using this port. This enables you to make efficient use of your clusters.
    6. Support for monitoring the health of each service independently, as health checks are defined at the target group level and many Amazon CloudWatch metrics are reported at the target group level. Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand.

• Application Load Balancers:
  • Offers most of the features provided by Classic Load Balancer, adds some newly enhanced features for unique use cases
    1. enhanced Supported protocols – HTTP, HTTPS, HTTP/2 and WebSockets
    2. CloudWatch Metrics
    3. Access logs – additional details in access logs
    4. More target Health checks
  • Additional features:
    1. Ability to enable additional routing mechanisms using path and host-based routing –
       • Path-based provides rules that forward requests to different target groups based on the URL in the request
       • Host-based can be used to define rules that forward requests to different target groups based on host name/ domain requested
    2. Native IPv6 support in VPC
    3. AWS Web Application Firewall (WAF) support
    4. Dynamic ports
    5. Deletion protection and request tracing
  • Why use Application Load Balancers?
    • ability to use containers to host your micro-services

Auto Scaling

• Auto scaling helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application
• For monitoring resource performance you use Amazon CloudWatch. CloudWatch by itself does NOT add or remove EC2 instances for auto scaling
• Auto scaling enables two AWS best practices:
  • Scalability – Making environment scalable
  • Automation – Automating EC2 resource provisioning to occur on-demand
• Auto scaling can scale the number of EC2 instances based on the conditions you define – eg: CPU utilization over 80%
• What is Scaling?
  • Scaling Out – when auto scaling launches new instances
  • Scaling In – when auto scaling terminates instances

• Auto Scaling Components:

• AMI – Amazon Machine Image

Amazon Route 53

• Is a Domain Name System (DNS) service.
• Global, reliable and highly scalable service used to route users to the desired endpoints (applications).
• Public and private DNS names
• Compliant with both IPv4 and IPv6
• Amazon Route 53 is an authoritative Domain Name System (DNS) service. DNS is the system that translates human-readable domain names (example.com) into IP address (192.0.2.0). With authoritative name servers in data centers all over the world, Route 53 is reliable, scalable and fast.
• Offers several other DNS resolution strategies
  • Simple routing
  • Geo-location
  • Failover
  • Weighted round robin
  • Latency based
  • Multi-value answer

Amazon Relational Database Service (RDS)

• Challenges of running your own Relational Databases:
  • Server maintenance and energy footprint
  • Software install and patches
  • Database backups and high availability
  • Limits on scalability
  • Data security
  • OS install and patches
• Amazon RDS is a managed service that sets up and operates a relational database in the cloud.
  • Sets up
  • operates
  • scales your relational database without any administration
  • provides cost-efficient and resizable capacity
• Amazon RDS frees you to focus on your applications so you can give them the performance, security and capability they need.
• With Amazon RDS –
  • you manage application optimization
  • AWS manages:
    1. OS installation and patches
    2. Database software install and patches
    3. Database backups
    4. High availability
    5. Scaling
    6. Power and rack & stack
    7. Server maintenance

• One of the powerful features of Amazon RDS you can have your relational DB with high availability multi-AZ deployment
  • With HA Multi AZ deployment, another stand alone instance is stood up by Amazon RDS and it is synchronous with the Master. On failover of master, the Application automatically makes Slave as the new master and thus ensures HA.

• Read replicas with asynchronous replication features, available only when configured
• Use cases:

• Amazon RDS benefits
  • Highly scalable – no downtime
  • High performance – OLTP
  • Easy to administer
  • Available and durable
  • Secure and compliant

AWS Lambda

• fully-managed serverless compute
• event-driven execution
• sub-second metering
• multiple languages supported

• Use cases:
  • Automated backups
  • Processing objects uploaded to S3 buckets
  • event-driven log analysis
  • event-driven transformations
  • Internet of Things (IoT)
  • Operating Serverless websites

Amazon Elastic Beanstalk

• to get your application into the cloud quickly
• it’s a Platform as a Service (PaaS)
• allows quick deployment of your applications
• reduces management complexity
• keeps control in your hands
  • choose your instance type
  • choose your database
  • set and adjust Auto Scaling
  • update your application
  • access server log files
  • enable HTTPS on load balancer
• Supports a large range of platforms
  • Packer builder
  • Single Container, Multicontainer or Preconfigured Docker
  • Go
  • Java SE
  • Java with Tomcat
  • .NET on Windows server with IIS
  • Node.js
  • PHP
  • Python
  • Ruby
• Easily implemented – your focus is only on your code
• Update your application as easily as you deployed it – Once the application is deployed for the first time, all new versions just need you to update version and then deploy the new version.

Amazon Simple Notification Service (SNS)

• Flexible, fully-managed pub/ sub messaging and mobile communications service
• Coordinates the delivery of messages to subscribing endpoints and clients
• Easy to setup, operate and send reliable communications
• Decouple and scale microservices, distributed systems and serverless applications

Amazon CloudWatch

• Monitoring service
• Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real time
• Some of the features:
  • Collect and track metrics – CPU, Disk utilizations
  • Collect and monitor log files
  • Set alarms
  • Automatically react to changes
• Amazon CloudWatch Architecture:

• Use cases:
  • Respond to state changes in your AWS resources
  • Automatically invoke an AWS Lambda function to update DNS entries when an event notifies that Amazon EC2 instance enters the Running state
  • Direct specific API records from CloudTrail to a Kinesis stream for detailed analysis of potential security or availability risks
  • Take a snapshot of an Amazon EBS volume on a schedule
  • Log S3 Object Level Operations using CloudWatch events
• Components:
  • Metrics – represents a time-ordered set of data points that are published to CloudWatch, data about the performance of the systems
  • Alarms – Watches a single metric, performs one or more actions (eg: Amazon EC2 action – stop/ terminate / reboot or recover, Auto Scaling action, A notification sent to an Amazon SNS topic) based on the value of metric relative to a threshold over a number of time periods, Invokes actions for sustained state changes only
  • Events – Near real-time stream of system events that describe changes in AWS resources, use simple rules to match events and route them to one or more target functions or streams
  • Logs – monitor logs for specific phrases, values or patterns, includes an installable agent for Ubuntu, Amazon Linux and Windows at no additional cost
  • Dashboards – Customizable home page in CloudWatch console to monitor your resources in a single view even those resources that are spread across different regions

Amazon CloudFront

• is a Content Delivery Network (CDN)
• Global, growing network – Low latency
• Secure content at the Edge locations
• Deep integration with key AWS services
• High performance
• Cost effective
• Easy to use
• Content is still served from cache when the service deployed on the actual region has crashed
• Use cases:
  • Static Asset Caching
  • Live and On-demand video streaming
  • Security and DDoS Protection
  • Dynamic and customized content
  • API Acceleration
  • Software distribution

Amazon CloudFormation

• Amazon CloudFormation simplifies the task of repeatedly and predictably creating groups of related resources that power your applications
• Fully-managed service – no infrastructure
• create, update and delete resources in stacks
• CloudFormation reads template file, lists resources on stack
• Can be controlled through AWS management console, AWS CLI or AWS SDK/ API
• Stacks – Resources generated, unit of deployment, create, update, delete Stack
• Templates – resources to provision, text file – JSON or YAML format, self-documenting environment, each template is an example of Infrastructure as a Code
• CloudFormation requirements:
  • Templates
  • Permissions to all the services specified in the template

AWS Cloud Architecture

AWS Well-Architected Framework – Five Pillars

• Security –
  • encompasses the ability to protect your information, assets and systems in five areas
    1. Identity and access management (IAM) – ensures only authorized and authenticated users are able to access your resources and only in manner you intend
    2. Detective controls – can be used to identify a potential security incident by capturing and analyzing logs and integrating auditing controls
    3. Infrastructure protection – protection against unintended and unauthorized access
    4. Data protection – encryption, data backup, recovery, replication
    5. Incident response – respond and mitigate the incident
  • Design principles:
    1. Implement security at all layers
    2. Enable traceability
    3. Apply principle of least privilege
    4. Focus on securing your system
    5. Automate security best practices
• Reliability
  • Areas:
    1. Recover from issues/ failures
    2. Apply best practices in:
       • Foundations
       • Change management
       • Failure management
    3. Anticipate, respond and prevent failures
  • Design principles:
    1. Test recovery procedures
    2. Automatically recover
    3. Scale horizontally
    4. Stop guessing capacity
    5. Manage change in automation
• Performance efficiency
  • Areas:
    1. Select customizable solutions
    2. Review to continually innovate
    3. Monitor AWS services
    4. Consider the trade-offs
  • Design principles:
    1. Democratize advanced technologies
    2. Go global in minutes
    3. Use serverless architectures
    4. Experiment more often
    5. Have mechanical sympathy – use the technological approach to best align with the goal you want to achieve
• Cost optimization
  • Areas:
    1. Use cost-effective resources
    2. Matching supply with demand – leverage elasticity to meet the demand
    3. Increase expenditure awareness
    4. Optimize over time
  • Design principles:
    1. Adopt a consumption model
    2. Measure overall efficiency
    3. Reduce spending on data center operations
    4. Analyze and attribute expenditure
    5. Use managed services
• Operational excellence
  • Areas:
    1. Manage and automate changes
    2. Respond to events
    3. Define the standards to manage daily operations
  • Design principles:
    1. Prepare
    2. Operate
    3. Evolve

Fault Tolerance

• Ability of a system to remain operational even if some of the components fail
• Built-in redundancy of an application’s components
• Fault Tolerant tools:
  • Amazon Simple Queue Service (SQS) – highly reliable, distributed messaging service, ensures that your queue is always available
  • Amazon Simple Storage Service (S3) – highly durable, fault tolerant storage
  • Amazon Relational Database Service (RDS) – set up, operate and scale your relational DBs

High Availability

• ensures that Systems are generally functioning and accessible
• downtime is minimized
• minimal human intervention is required
• minimal up-front financial investment
• High Availability Service Tools:
  • Elastic Load Balancers – distributes incoming traffic (load), sends metrics to Amazon CloudWatch, triggers / notifies high latency and over-utilization
  • Elastic IP addresses – static IP addresses, mask failures if they were to occur, continues to access applications if an instance fails
  • Amazon Route 53 – Authoritative DNS service
  • Auto Scaling – launches / terminates instances based on specific conditions based on customer demand
  • Amazon CloudWatch – distributed statistics gathering system, collects and tracks metrics of your infrastructure, used with Auto scaling

Web Hosting

• fast, easy to deploy, cost efficient

AWS Cloud Security

Scaled quickly

Shared Responsibility model

• AWS 100% responsible – Physical, Network and Hypervisor
• Customer 100% responsible – Guest OS, Application and User data

• AWS are responsible for the “security of the cloud”. This includes protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
• The customer is responsible for “security in the cloud”. Customer responsibility depends on the service consumed but includes aspects such as Identity and Access Management (includes password policies), encryption of data, protection of network traffic, and operating system, network and firewall configuration.

• Shared Controls– Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives
• Patch Management– AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications
• Configuration Management– AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications
• Service and Communications Protection is an example of a customer specific control
• Storage system patching is an AWS responsibility
• Physical and Environmental controls is an example of an inherited control (a customer fully inherits from AWS)

Identity and Access Management (IAM)

• User – Permanent named operator, stay with the user until forced rotation, authentication mechanism
• Group – Collections of users
• Role – NOT permissions, it is authentication mechanism. Credentials with the role are temporary
• Policy documents – JSON document containing the permissions -> Authorization

Amazon Inspector

• Assesses applications for vulnerabilities and deviations from best practices
• produces a detailed report with security findings and prioritized steps for remediation
• agent based, API driven service

AWS Shield

• a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS
• Difference between Denial of Service (DoS) vs DDoS attack:
  • DoS attack – A deliberate attempt to make your website or application unavailable to users like flooding it with network traffic
  • DDoS attack – Multiple sources are used to attack target, infrastructure and application layers can be affected
• DDoS mitigation challenges:
  • Complex setup and implementation
  • Bandwidth limitations
  • Manual intervention
  • Time consuming
  • Degraded performance
  • Expensive
• AWS Shield tiers: two options to mitigate DDoS challenges
  • Standard: Automatic protections available for all AWS customers at no additional charge
    1. Automatic protection for any AWS resource at any AWS region,
    2. quick detection of DDoS attack by always-on network flow monitoring,
    3. automated mitigation service avoids latency impact,
    4. self-service – no need to engage AWS support
  • Advanced: Paid 24×7 service for higher levels of protection, features and benefits
    1. 24×7 DDoS Response Team (DRT) support – they can be engaged before, during or after the DDoS attack
    2. Advanced attack mitigation
    3. Visibility and attack notification
    4. Always-on monitoring – Amazon Route 53, Amazon CloudFront, Elastic Load Balancer (ELB), Elastic IP
    5. Enhanced detection
    6. DDoS cost protection
• AWS Shield benefits:
  • Cost efficient
  • Seamless integration and deployment
  • Customizable protection for mitigating Application layer attacks

Security Compliance

• AWS Compliance includes three components:
  • Risk management: Re-evaluated at least biannually
  • Control environment: includes policies, processes and control activities to secure the delivery of AWS service offerings – operative effectiveness of AWS control framework
  • Information security: Designed to protect Confidentiality, Integrity and Availability

Pricing and Support

• Pay only for the services you consume and once you stop using them, there is no additional charge for terminating
• Pay as you go pricing
• EC2 and RDS – Reserve space with all or little up-front investment
  • All Up-front – AURI – largest discount
  • Partial Up-front – PURI – small discount
  • No up-front – NURI – no discount
  • To maximize savings, the larger amount you pay up-front, the more discount you get
• S3 and EC2 – tiered pricing – pay per GB
• Custom pricing
• Free usage tier for a year

AWS Cost fundamentals

• Pay for:
  • Compute capacity
  • Storage
  • Outbound data transfer (aggregated)
• No charge for inbound data transfer
• Consolidated billing has the following benefits:
  • One bill – You get one bill for multiple accounts.
  • Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.
  • Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts.
  • No extra fee – Consolidated billing is offered at no additional cost
• The only services that do not incur cost in this list are IAM and VPC
• Free tier includes offers that expire after 12 months and offers that never expire.
• Pricing policies include:
  • Pay as you go.
  • Pay less when you reserve.
  • Pay even less per unit when using more.
  • Pay even less as AWS grows.
  • Custom pricing (enterprise customers only).

Free services include:

• Amazon VPC.
• Elastic Beanstalk (but not the resources created).
• CloudFormation (but not the resources created).
• Identity Access Management (IAM).
• Auto Scaling (but not the resources created).
• OpsWorks.
• Consolidated Billing.

• Amazon EC2 – Provides resizable compute capacity in the cloud, charges only for capacity used
  • Cost factors:
    1. Clock-second billing – Resources incur charges only when running
    2. Instance configuration: Physical capacity of the instance, price varies with AWS region, OS, instance type and instance size
  • Purchase types:
    1. On-demand instances: Compute capacity by seconds – minimum of 60 seconds
    2. Reserved instances: Low or no up-front payment instances reserved, discount on hourly charge for that instance
    3. Spot instances: Bid for unused Amazon EC2 capacity
• Amazon S3 – Object storage built to store and retrieve any amount of data from anywhere. Pricing depends on –
  • Storage classes:
    1. Standard storage: 99.999999999% durability, 99.99% availability
    2. Standard-Infrequent Access (S-IA): 99.999999999% durability, 99.9% availability
    3. Storage cost: Number and size of objects, type of storage
  • Cost factors:
    1. Requests: Number of requests, type of requests – different rates for GET requests when compared to PUTs and COPY
    2. Data transfer: Amount of data transferred out of Amazon S3 region
• Amazon Elastic Block Store (EBS) – Block-level storage for instances, volumes persist independently form the instance, analogous to virtual disks in the cloud, three volume types – General Purpose (SSD), Provisioned IOPS (SSD) and Magnetic
  • Cost factors:
    1. Volumes: All types charged by the amount provisioned per month
    2. IOPS: (Input/Output Operations Per Second)
       • General purpose (SSD) – included in price
       • Magnetic – Charged by number of requests
       • Provisioned IOPS (SSD): Charged by the amount you provision in IOPS
    3. Snapshots: added cost per GB per month of the data stored
    4. Data transfer – tiered pricing
• Amazon RDS – Relational database in the cloud, cost-efficient, resizable capacity, management of time-consuming administrative tasks
  • Cost factors:
    1. Clock-hour billing: Resources incur charges when running
    2. Database characteristics: Engine, size, memory class impacts cost
    3. DB purchase type:
       • On-demand database instances are charged by hour
       • Reserved DB instances require up-front payment
       • Provision multiple DB instances to handle peak loads
    4. Provisioned storage:
       • No charge for backup storage of up to 100% of Database storage
       • Backup storage for terminated DB instances billed at per GB per month
    5. Additional storage: Backup storage in addition to provisioned storage billed at per GB per month
    6. Deployment type:
       • Storage and I/O charges variable
       • Single Availability Zones
       • Multiple Availability Zones
    7. Data transfer:
       • No charge for inbound data transfer
       • Tiered charges for outbound data transfer
• Amazon CloudFront – Web service for content delivery
  • Cost factors:
    1. Pricing varies across geographic regions
    2. Based on requests and outbound data transfer

AWS Trusted Advisor

• provides best practices or checks in four categories – security, cost optimization, fault tolerance and performance

AWS Support plans

• Basic support
• Developer support
• Business support
• Enterprise support – Only plan that comes with a TAM

AWS Services at a glance

1. AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring
2. AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories
3. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers
4. Amazon Elastic Container Service (ECS) is a managed service for running Docker containers
5. Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications. Integration with AWS Identity and Access Management (IAM) provides resource-level control of each repository. With Amazon ECR, there are no upfront fees or commitments. You pay only for the amount of data you store in your repositories and data transferred to the Internet.
6. AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
7. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.
8. AWS Config is a fully-managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and regulatory compliance.
9. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You use CloudWatch for performance monitoring, not automating operational tasks.
10. Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instance
11. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
12. ElastiCache is a data caching service that is used to help improve the speed/performance of web applications running on AWS. AWS Elasticache provides in-memory cache and database services.
13. Amazon RDS is Amazon’s relational database and is primarily used for transactional workloads
14. Amazon S3 is used for object storage, an object-based storage system that stores objects that are comprised of key, value pairs
15. Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0
16. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud
17. AWS Artifact is your go-to, central resource for compliance-related information that matters to you
18. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud
19. Amazon DynamoDB is a fully managed database services, NoSQL Database, stores items, not objects, based on key, value pairs
20. Amazon EBS is a block-based storage system. Can be used to run an ever changing database in an EC2 instance.
21. Amazon EFS is a file-based storage system
22. Amazon ELB distributes incoming requests to EC2 instances. It can be used in conjunction with Auto Scaling
23. Amazon Glacier is a reliable, secure, and inexpensive service to backup and archive data. Priced at $0.004 per GB.
24. Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application. Amazon CloudSearch supports 34 languages and popular search features such as highlighting, autocomplete, and geospatial search.
25. Amazon Elasticsearch Service is a fully managed service that makes it easy for you to deploy, secure, and run Elasticsearch cost effectively at scale. You can build, monitor, and troubleshoot your applications using the tools you love, at the scale you need. The service provides support for open source Elasticsearch APIs, managed Kibana, integration with Logstash and other AWS services, and built-in alerting and SQL querying.
26. AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF (Web Application Firewall) services can help protect your web applications from SQL injection and other vulnerabilities in your application code. AWS WAF can be used to monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront.
27. AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control customer master keys (CMKs), the encryption keys used to encrypt your data. AWS KMS CMKs are protected by hardware security modules (HSMs) that are validated by the FIPS 140-2 Cryptographic Module Validation Program except in the China (Beijing) and China (Ningxia) Regions.
28. AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
29. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections (on-premise to AWS)
30. AWS Snowball is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using storage appliances designed to be secure for physical transport.
31. AWS tagging makes it easier for you to manage and filter your resources – A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment.
32. Amazon Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, plus a cost-effective, monthly plan. It is the easiest way to launch and manage a virtual private server in AWS.
33. To improve the user experience, AWS Global Accelerator directs user traffic to the nearest application endpoint to the client, thus reducing internet latency and jitter. It routes the traffic to the closest edge location via Anycast, then by routing it to the closest regional endpoint over the AWS global network.
34. Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second. DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management. 
35. Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
36. Amazon Redshift is a fast, simple, cost-effective data warehousing service.
37. Amazon VPC is the networking layer for Amazon EC2, create virtual network
38. AWS Marketplace enables customers to find, buy and immediately start using software solutions in their AWS environment.

• You can have configured subnets and endpoints within the VPC section of AWS management console
• EBS volumes and ELB must be configured in the EC2 section of the AWS management console
• DNS records must be configured in Amazon Route 53
• AWS provides excellent cloud-based disaster recovery services utilizing their multiple regions.