AWS-SAA-C03

AWS Whitepaper - Amazon Web Services Cloud (opens in a new tab)

  • AWS Service Catalog

Analytics (opens in a new tab)

Data Exchange

AWS Data Exchange (ADX) (opens in a new tab)

Data Exchange for S3

AWS Data Exchange for Amazon S3 (opens in a new tab)

AWS Data Pipeline (opens in a new tab)

  • AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals.

Amazon Kinesis Data Firehose (opens in a new tab)

  • Similar to Kafka Connector

Amazon Kinesis Data Analytics (opens in a new tab)

  • Process and analyze streaming data using Apache Flink.
  • SQL users can easily query streaming data or build entire streaming applications using templates and an interactive SQL editor.
  • Java developers can quickly build sophisticated streaming applications using open source Java libraries and AWS integrations to transform and analyze data in real-time.

Amazon Kinesis Data Streams (opens in a new tab)

  • Real-time data streaming

Amazon Managed Streaming for Apache Kafka (MSK) (opens in a new tab)

  • AWS managed Kafka service

Amazon EMR (opens in a new tab)

  • Batch processing
  • Managed cluster platform that simplifies running big data frameworks, such as Hadoop and Spark

Amazon Redshift (opens in a new tab)

  • Fully managed, PB-scale data warehouse service, an Redshift data warehouse is a collection of computing resources called nodes, which are organized into a group called a cluster. Each cluster runs an Redshift engine and contains one or more databases.

Application Integration (opens in a new tab)

Amazon AppFlow (opens in a new tab)

  • AppFlow is a fully managed API integration service that you use to connect your SaaS applications to AWS services, and securely transfer data. Use AppFlow flows to manage and automate your data transfers without needing to write code.

EventBridge (opens in a new tab)

Amazon MQ (opens in a new tab)

  • AWS managed message broker service for Apache ActiveMQ and RabbitMQ

Machine Learning (ML) and Artificial Intelligence (AI) (opens in a new tab)

Amazon Rekognition (opens in a new tab)

  • Image recognition and video analysis with machine learning

Amazon Comprehend (opens in a new tab)

  • Sentiment analysis
  • Not part of the Alexa suite of services.

Amazon Kendra (opens in a new tab)

  • Enterprise search service that helps you search across different content repositories with built-in connectors, powered by machine learning.

Amazon Textract (opens in a new tab)

  • OCR using machine learning

Amazon Lex (opens in a new tab)

  • Build conversational interfaces in your applications (such as chatbots) using natural-language models.
  • Part of the Alexa suite of services.

Amazon Transcribe (opens in a new tab)

  • Speech recognition using machine learning (audio to text)
  • Use case: generate subtitles.
  • Part of the Alexa suite of services.

Amazon Polly (opens in a new tab)

  • Speech synthesis (TTS / Text to Speech)
  • Part of the Alexa suite of services.

Containers (opens in a new tab)

Amazon EKS (opens in a new tab)

Compute Services (opens in a new tab)

App Runner (opens in a new tab)

  • A fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs, at scale and with no prior infrastructure experience required.
  • Start with your source code or a container image.

AWS Outposts (opens in a new tab)

  • AWS Outposts rack

    • An Outpost form factor that is an industry-standard 42U rack. Outpost racks include rack-mountable servers, switches, a network patch panel, a power shelf and blank panels.

  • AWS Outposts servers

    • An Outpost form factor that is an industry-standard 1U or 2U server, which can be installed in a standard EIA-310D 19 compliant 4 post rack. Outpost servers provide local compute and networking services to sites that have limited space or smaller capacity requirements.

AWS Wavelength (opens in a new tab)

  • Wavelength Zones are AWS infrastructure deployments that embed AWS compute and storage services within communications service providers (CSP) datacenters at the edge of the 5G network, so application traffic from 5G devices can reach application servers running in Wavelength Zones without leaving the telecommunications network.

  • Avoids the latency that would result from application traffic having to traverse multiple hops across the Internet to reach their destination, enabling customers to take full advantage of the latency and bandwidth benefits offered by modern 5G networks.

Migration and Transfer (opens in a new tab)

AWS Application Migration Service / MGN (opens in a new tab)

  • Automated lift-and-shift (rehost) solution that simplifies, expedites, and reduces the cost of migrating applications to AWS.

AWS DataSync

AWS DataSync (opens in a new tab)

  • Simplifies data migration and helps you quickly, easily, and securely transfer your file or object data to, from, and between AWS storage services.

  • Use cases

    • Discover data
    • Migrate data
    • Archive cold data
    • Replicate data
    • Move data for timely in-cloud processing

AWS Database Migration Service (opens in a new tab)

AWS Schema Conversion Tool (opens in a new tab)

Migration Hub

AWS Migration Hub (opens in a new tab)

  • Provides a single location to track the progress of application migrations across multiple AWS and partner solutions.

Transfer Family

AWS Transfer Family (opens in a new tab)

  • AWS Transfer Family provides fully managed support for file transfers directly into and out of S3 or EFS. With support for SFTP, FTPS, and FTP.

Snow Family

Snow Family (opens in a new tab)

Snowcone

Snowcone (opens in a new tab)

  • 22 TB, 4 vCPU, 4 GB RAM
  • A portable, rugged, and secure device for edge computing and data transfer
  • You can use a Snowcone device to collect, process, and move data to the AWS Cloud, either offline by shipping the device to AWS, or online by using AWS DataSync.

Snowball

Snowball (opens in a new tab)

  • Uses physical storage devices to transfer large amounts of data between S3 and your onsite data storage location at faster-than-internet speeds.
Snowball Edge

Snowball Edge (opens in a new tab)

  • Snowball Edge can do local processing and edge-computing workloads in addition to transferring data between your local environment and the AWS Cloud.

  • Device configurations

    • Storage Optimized

      • 80 TB, 40 vCPU, 80 GB RAM

    • Compute Optimized

      • 42 TB, 52 vCPU, 208 GB RAM

    • Compute Optimized with GPU

    • Import virtual tapes into AWS Storage Gateway

Front-End Web and Mobile Services (opens in a new tab)

AWS AppSync

AWS AppSync (opens in a new tab)

  • Access data from one or more data sources from a single GraphQL API endpoint.
  • Combine multiple source GraphQL APIs into a single, merged GraphQL API.
  • Publish real-time data updates to your applications.
  • Leverage built-in security, monitoring, logging, and tracing, with optional caching for low latency.
  • Only pay for API requests and any real-time messages that are delivered.

Amazon Pinpoint

Amazon Pinpoint (opens in a new tab)

  • Amazon Pinpoint makes it easy to send targeted messages to your customers through multiple engagement channels. Examples of targeted campaigns are promotional alerts and customer retention campaigns, and transactional messages are messages such as order confirmations and password reset messages.

Management and Governance (opens in a new tab)

AWS Compute Optimizer

AWS Compute Optimizer (opens in a new tab)

  • AWS Compute Optimizer recommends optimal AWS resources for your workloads to reduce costs and improve performance by using machine learning to analyze historical utilization metrics.

AWS Control Tower

AWS Control Tower (opens in a new tab)

  • AWS Control Tower automates the set-up of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment. The configuration of the landing zone is based on best practices that have been established by working with thousands of enterprise customers to create a secure environment that makes it easier to govern AWS workloads with rules for security, operations, and compliance.

AWS Health Dashboard

AWS Health Dashboard (opens in a new tab)

  • Provides alerts and remediation guidance when AWS is experiencing events that might affect you.
  • The single place to learn about the availability and operations of AWS services.

AWS Organizations

AWS Organizations (opens in a new tab)

AWS Proton

AWS Proton (opens in a new tab)

  • AWS Proton provides automated Infrastructure as Code provisioning and deployment of serverless and container-based applications for developers.

AWS Trusted Advisor

AWS Trusted Advisor (opens in a new tab)

  • A AWS Support feature
  • Inspects your AWS environment, and then makes recommendations when opportunities exist to save money, improve system availability and performance, or help close security gaps.

AWS Well-Architected Tool

AWS Well-Architected Tool (opens in a new tab)

  • The AWS Well-Architected Tool helps you review the state of your workloads and compares them to the latest AWS architectural best practices. The tool is based on the AWS Well-Architected Framework.

Media Services (opens in a new tab)

Amazon Elastic Transcoder

Amazon Elastic Transcoder (opens in a new tab)

  • Convert media files that you have stored in S3 into media files in the formats required by consumer playback devices.

Security, Identity, and Compliance (opens in a new tab)

Identity and access management

Identity and access management (opens in a new tab)

AWS Directory Service

AWS Directory Service (opens in a new tab)

  • AWS Managed Microsoft AD
  • Active Directory Connector
  • Simple Active Directory

AWS Resource Access Manager

AWS Resource Access Manager (opens in a new tab)

AWS IAM Identity Center (successor to AWS Single Sign-On)

AWS IAM Identity Center (successor to AWS Single Sign-On) (opens in a new tab)

  • AWS IAM Identity Center is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications.

Detection

Detection (opens in a new tab)

AWS Security Hub

AWS Security Hub (opens in a new tab)

  • A comprehensive view of your security state in AWS and helps you check your environment against security industry standards and best practices.

  • Benefits

    • Reduced effort to collect and prioritize findings
    • Automatic security checks against best practices and standards
    • Consolidated view of findings across accounts and providers
    • Ability to automate remediation of findings

GuardDuty (opens in a new tab)

  • A security monitoring service that analyzes and processes data sources, mostly logs, such as CloudTrail data events for S3 logs, CloudTrail management event logs, DNS logs, EBS volume data, Kubernetes audit logs, VPC flow logs, and RDS login activity.
  • It uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment.
  • This can include issues like escalation of privileges, use of exposed credentials, or communication with malicious IP addresses, domains, presence of malware on your EC2 instances and container workloads, or discovery of unusual patterns of login events on your database.
  • Continuous monitoring
  • Scoped at the entire AWS account
  • Uses machine learning

Amazon Inspector (opens in a new tab)

  • Continuous monitoring
  • A vulnerability management service that continuously scans your AWS workloads for software vulnerabilities and unintended network exposure.
  • Amazon Inspector automatically discovers and scans:
    • running EC2 instances (need agent installation)
    • container images in ECR
    • Lambda functions

Network and application protection (opens in a new tab)

AWS Firewall Manager (opens in a new tab)

AWS Shield (opens in a new tab)

  • Protection against DDoS attacks
AWS Shield Standard (opens in a new tab)
  • Operates at L3 and L4.
AWS Shield Advanced (opens in a new tab)

  • Operates at L7

  • Include

    • Shield Standard
    • Certain AWS WAF usage for Shield protected resources

  • DDoS cost protection

    • If any of these protected resources scale up in response to a DDoS attack, you can request Shield Advanced service credits through your regular AWS Support channel.

AWS WAF (opens in a new tab)

  • AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources.

  • Define a Web ACL and then associating it with one or more web application resources that you want to protect.

  • Components

    • Web ACL

      • AWS WAF resource

    • Rules

    • Rule groups

      • AWS WAF resource

Data protection (opens in a new tab)

Macie (opens in a new tab)

  • Automate discovery, logging, and reporting of sensitive data in S3 buckets.

Incident response (opens in a new tab)

Amazon Detective (opens in a new tab)

  • Detective automatically extracts time-based events such as login attempts, API calls, and network traffic from CloudTrail and VPC flow logs. It also ingests findings detected by GuardDuty.

  • Uses machine learning, statistical analysis, and graph theory to generate visualizations that help you to conduct faster and more efficient security investigations. The Detective prebuilt data aggregations, summaries, and context help you to quickly analyze and determine the nature and extent of possible security issues.

Compliance (opens in a new tab)

AWS Artifact (opens in a new tab)

  • No cost, self-service portal for on-demand access to AWS compliance reports

AWS Audit Manager (opens in a new tab)

  • Continually audit your AWS usage to simplify risk and compliance assessment
  • Automated evidence collection

Storage (opens in a new tab)

FSx for Lustre (opens in a new tab)

  • FSx makes it easier for you to use Lustre for workloads where storage speed matters.

  • Use Lustre for workloads where speed matters, such as machine learning, high performance computing (HPC), video processing, and financial modeling.

  • Deployment options (opens in a new tab)

    • scratch

      • Scratch file systems are designed for temporary storage and shorter-term processing of data. Data isn't replicated and doesn't persist if a file server fails. Scratch file systems provide high burst throughput of up to six times the baseline throughput of 200 MBps per TiB of storage capacity.

    • persistent

      • Persistent file systems are designed for longer-term storage and workloads. The file servers are highly available, and data is automatically replicated within the same Availability Zone in which the file system is located. The data volumes attached to the file servers are replicated independently from the file servers to which they are attached.

AWS Storage Gateway (opens in a new tab)

  • AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the AWS storage infrastructure.

S3 File Gateway (opens in a new tab)

  • Store and retrieve objects in S3 using industry-standard file protocols such as NFS and SMB

FSx File Gateway (opens in a new tab)

  • Provides access to in-cloud FSx for Windows File Server shares from on-premises facilities.

Tape Gateway (opens in a new tab)

  • With a Tape Gateway, you can cost-effectively and durably archive backup data in S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive.

Volume Gateway (opens in a new tab)

  • Provides cloud-backed storage volumes that you can mount as iSCSI devices from your on-premises application servers.

  • Volume configurations

    • Cached volumes

      Store your data in S3 and retain a copy of frequently accessed data subsets locally.

    • Stored volumes

      If you need low-latency access to your entire dataset, first configure your on-premises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to S3.

Networking and Content Delivery (opens in a new tab)

AWS Global Accelerator (opens in a new tab)

  • AWS Global Accelerator is a service that helps improve the performance and latency of global applications by routing user traffic to the optimal Region. It uses Anycast IP addresses and the AWS global network to provide low-latency and high-performance for users, regardless of their location.

Amazon VPC Connectivity Options (opens in a new tab)

AWS VPN (opens in a new tab)

AWS Site-to-Site VPN (opens in a new tab)

  • Features

    • IPsec
    • IKEv2
    • NAT traversal

  • Concepts

    • Virtual private gateway

      A virtual private gateway is the VPN endpoint on the Amazon side of your Site-to-Site VPN connection that can be attached to a single VPC.

AWS Client VPN (opens in a new tab)

Direct Connect (opens in a new tab)

  • Features

    • IEEE 802.1Q (VLANs on an Ethernet network)

    • Reduce network costs

      By establishing a dedicated network connection, you can potentially reduce the costs associated with transferring large amounts of data over the Internet.

    • Increase bandwidth throughput

      More consistent network experience than Internet-based connections

    • Bypasses the public Internet and establishes a secure, dedicated connection from an on-premises network to one or more VPCs.

  • Connection Types

    • Dedicated connections

      A physical ethernet connection is associated with a single customer

    • Hosted connections

      A physical ethernet connection is provisioned by an AWS Direct Connect Partner and shared with you.

  • Direct Connect gateway

  • Virtual interfaces (VIF)

Transit Gateway (opens in a new tab)

AWS Support (opens in a new tab)

  • Support Plans (opens in a new tab)

    • Basic

      • Free with every AWS account

      • One-on-one responses to account and billing questions

      • Support forums

      • Service health checks

      • Documentation, technical papers, and best practice guides

    • Developer

      • Features of Basic Support

      • Best practice guidance

      • Client-side diagnostic tools

      • Building-block architecture support: guidance on how to use AWS products, features, and services together

      • Supports an unlimited number of support cases that can be opened by one primary contact, which is the AWS account root user.

    • Business

      • Features of Developer Support

      • Use-case guidance – What AWS products, features, and services to use to best support your specific needs.

      • Trusted Advisor – A feature of AWS Support, which inspects customer environments and identifies opportunities to save money, close security gaps, and improve system reliability and performance. You can access all Trusted Advisor checks.

      • The AWS Support API to interact with Support Center and Trusted Advisor. You can use the AWS Support API to automate support case management and Trusted Advisor operations.

      • Third-party software support – Help with EC2 instance operating systems and configuration. Also, help with the performance of the most popular third-party software components on AWS. Third-party software support isn't available for customers on Basic or Developer Support plans.

      • Supports an unlimited number of IAM users who can open technical support cases.

    • Enterprise On-Ramp

    • Enterprise

Service Quotas (opens in a new tab)

  • Service Quotas is an AWS service that helps you manage your quotas for many AWS services, from one location. Along with looking up the quota values, you can also request a quota increase from the Service Quotas console.
AWS-MLS-C01LDAP