AWS Whitepaper - Amazon Web Services Cloud (opens in a new tab)
- AWS Service Catalog
Analytics (opens in a new tab)
Data Exchange
AWS Data Exchange (ADX) (opens in a new tab)
-
For AWS customers to securely exchange and use
third-party dataon AWS -
A
single global product catalogoffered by providers available from any supportedAWS Region. -
Resources
Data Exchange for S3
AWS Data Exchange for Amazon S3 (opens in a new tab)
AWS Data Pipeline (opens in a new tab)
AWS Data Pipelineis a web service that helps you reliably process and move data between differentAWScompute and storage services, as well as on-premises data sources, at specified intervals.
Amazon Kinesis Data Firehose (opens in a new tab)
- Similar to
Kafka Connector
Amazon Kinesis Data Analytics (opens in a new tab)
- Process and analyze streaming data using
Apache Flink. - SQL users can easily query streaming data or build entire streaming applications using templates and an interactive SQL editor.
- Java developers can quickly build sophisticated streaming applications using open source Java libraries and AWS integrations to transform and analyze data in real-time.
Amazon Kinesis Data Streams (opens in a new tab)
- Real-time data streaming
Amazon Managed Streaming for Apache Kafka (MSK) (opens in a new tab)
- AWS managed
Kafkaservice
Amazon EMR (opens in a new tab)
- Batch processing
- Managed cluster platform that simplifies running big data frameworks, such as
HadoopandSpark
Amazon Redshift (opens in a new tab)
- Fully managed,
PB-scaledata warehouseservice, anRedshiftdata warehouse is a collection of computing resources called nodes, which are organized into a group called a cluster. Each cluster runs anRedshiftengine and contains one or more databases.
Application Integration (opens in a new tab)
Amazon AppFlow (opens in a new tab)
AppFlowis a fully managed API integration service that you use to connect yourSaaSapplications to AWS services, and securely transfer data. UseAppFlowflows to manage and automate your data transfers without needing to write code.
EventBridge (opens in a new tab)
-
Serverless -
Work as an event bus like
Kafka, to implement different functions, need to resort to various targets, similar toKafkaconnectors. -
Resources
Amazon MQ (opens in a new tab)
- AWS managed message broker service for Apache
ActiveMQandRabbitMQ
Machine Learning (ML) and Artificial Intelligence (AI) (opens in a new tab)
Amazon Rekognition (opens in a new tab)
Image recognitionandvideo analysiswithmachine learning
Amazon Comprehend (opens in a new tab)
Sentiment analysis- Not part of the
Alexasuite of services.
Amazon Kendra (opens in a new tab)
- Enterprise search service that helps you search across different content repositories with built-in connectors, powered by machine learning.
Amazon Textract (opens in a new tab)
OCRusingmachine learning
Amazon Lex (opens in a new tab)
- Build
conversational interfaces in your applications(such as chatbots) using natural-language models. - Part of the
Alexasuite of services.
Amazon Transcribe (opens in a new tab)
Speech recognitionusingmachine learning(audio to text)- Use case: generate subtitles.
- Part of the
Alexasuite of services.
Amazon Polly (opens in a new tab)
Speech synthesis(TTS/ Text to Speech)- Part of the
Alexasuite of services.
Containers (opens in a new tab)
Amazon EKS (opens in a new tab)
-
Amazon EKS Distro (opens in a new tab)
EKS Distro(EKS-D) is aKubernetesdistribution based on and used byEKSto create reliable and secureKubernetesclusters.
Compute Services (opens in a new tab)
App Runner (opens in a new tab)
- A fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs, at scale and with no prior infrastructure experience required.
- Start with your source code or a container image.
AWS Outposts (opens in a new tab)
-
AWS Outpostsrack- An
Outpostform factor that is an industry-standard42U rack.Outpostracks include rack-mountable servers, switches, a network patch panel, a power shelf and blank panels.
- An
-
AWS Outpostsservers- An
Outpostform factor that is an industry-standard1Uor2U server, which can be installed in a standard EIA-310D 19 compliant 4 post rack.Outpostservers provide local compute and networking services to sites that have limited space or smaller capacity requirements.
- An
AWS Wavelength (opens in a new tab)
-
Wavelength ZonesareAWSinfrastructure deployments that embedAWScompute and storage services withincommunications service providers(CSP) datacenters at the edge of the5Gnetwork, so application traffic from5Gdevices can reach application servers running inWavelength Zoneswithout leaving the telecommunications network. -
Avoids the latency that would result from application traffic having to traverse multiple hops across the Internet to reach their destination, enabling customers to take full advantage of the latency and bandwidth benefits offered by modern
5Gnetworks.
Migration and Transfer (opens in a new tab)
AWS Application Migration Service / MGN (opens in a new tab)
- Automated lift-and-shift (rehost) solution that simplifies, expedites, and reduces the cost of migrating applications to
AWS.
AWS DataSync
AWS DataSync (opens in a new tab)
-
Simplifies data migration and helps you quickly, easily, and securely transfer your file or object data to, from, and between
AWSstorage services. -
Use cases
- Discover data
- Migrate data
- Archive cold data
- Replicate data
- Move data for timely in-cloud processing
AWS Database Migration Service (opens in a new tab)
AWS Schema Conversion Tool (opens in a new tab)
Migration Hub
AWS Migration Hub (opens in a new tab)
- Provides a single location to track the progress of application migrations across multiple
AWSand partner solutions.
Transfer Family
AWS Transfer Family (opens in a new tab)
AWS Transfer Familyprovides fully managed support for file transfers directly into and out ofS3orEFS. With support forSFTP,FTPS, andFTP.
Snow Family
Snow Family (opens in a new tab)
Snowcone
- 22 TB, 4 vCPU, 4 GB RAM
- A portable, rugged, and secure device for edge computing and data transfer
- You can use a
Snowconedevice to collect, process, and move data to the AWS Cloud, either offline by shipping the device to AWS, or online by using AWS DataSync.
Snowball
- Uses
physical storage devicesto transfer large amounts of data betweenS3and your onsite data storage location at faster-than-internet speeds.
Snowball Edge
Snowball Edge (opens in a new tab)
-
Snowball Edgecan do local processing and edge-computing workloads in addition to transferring data between your local environment and the AWS Cloud. -
Device configurations
-
Storage Optimized
- 80 TB, 40 vCPU, 80 GB RAM
-
Compute Optimized
- 42 TB, 52 vCPU, 208 GB RAM
-
Compute Optimized with GPU
-
Import virtual tapes into AWS Storage Gateway
-
Front-End Web and Mobile Services (opens in a new tab)
AWS AppSync
AWS AppSync (opens in a new tab)
- Access data from one or more data sources from a single
GraphQLAPI endpoint. - Combine multiple source
GraphQLAPIs into a single, mergedGraphQLAPI. - Publish real-time data updates to your applications.
- Leverage built-in security, monitoring, logging, and tracing, with optional caching for low latency.
- Only pay for
APIrequests and any real-time messages that are delivered.
Amazon Pinpoint
Amazon Pinpoint (opens in a new tab)
Amazon Pinpointmakes it easy to send targeted messages to your customers through multiple engagement channels. Examples of targeted campaigns are promotional alerts and customer retention campaigns, and transactional messages are messages such as order confirmations and password reset messages.
Management and Governance (opens in a new tab)
AWS Compute Optimizer
AWS Compute Optimizer (opens in a new tab)
AWS Compute Optimizerrecommends optimalAWSresources for your workloads to reduce costs and improve performance by using machine learning to analyze historical utilization metrics.
AWS Control Tower
AWS Control Tower (opens in a new tab)
AWS Control Towerautomates the set-up of a baseline environment, or landing zone, that is a secure, well-architected multi-accountAWSenvironment. The configuration of the landing zone is based on best practices that have been established by working with thousands of enterprise customers to create a secure environment that makes it easier to governAWSworkloads with rules for security, operations, and compliance.
AWS Health Dashboard
AWS Health Dashboard (opens in a new tab)
- Provides alerts and remediation guidance when
AWSis experiencing events that might affect you. - The single place to learn about the availability and operations of
AWSservices.
AWS Organizations
AWS Organizations (opens in a new tab)
AWS Proton
AWS Proton (opens in a new tab)
AWS Protonprovides automatedInfrastructure as Codeprovisioning and deployment ofserverlessandcontainer-based applicationsfor developers.
AWS Trusted Advisor
AWS Trusted Advisor (opens in a new tab)
- A
AWS Supportfeature - Inspects your AWS environment, and then makes recommendations when opportunities exist to save money, improve system availability and performance, or help close security gaps.
AWS Well-Architected Tool
AWS Well-Architected Tool (opens in a new tab)
- The
AWS Well-Architected Toolhelps you review the state of your workloads and compares them to the latestAWSarchitectural best practices. The tool is based on theAWS Well-Architected Framework.
Media Services (opens in a new tab)
Amazon Elastic Transcoder
Amazon Elastic Transcoder (opens in a new tab)
- Convert media files that you have stored in
S3into media files in the formats required by consumer playback devices.
Security, Identity, and Compliance (opens in a new tab)
Identity and access management
Identity and access management (opens in a new tab)
AWS Directory Service
AWS Directory Service (opens in a new tab)
- AWS Managed Microsoft AD
- Active Directory Connector
- Simple Active Directory
AWS Resource Access Manager
AWS Resource Access Manager (opens in a new tab)
AWS IAM Identity Center (successor to AWS Single Sign-On)
AWS IAM Identity Center (successor to AWS Single Sign-On) (opens in a new tab)
AWS IAM Identity Centeris a cloudSSOservice that makes it easy to centrally manageSSOaccess to multipleAWSaccounts and business applications.
Detection
Detection (opens in a new tab)
AWS Security Hub
AWS Security Hub (opens in a new tab)
-
A comprehensive view of your security state in
AWSand helps you check your environment against security industry standards and best practices. -
Benefits
- Reduced effort to collect and prioritize findings
- Automatic security checks against best practices and standards
- Consolidated view of findings across accounts and providers
- Ability to automate remediation of findings
GuardDuty (opens in a new tab)
- A security monitoring service that analyzes and processes data sources, mostly logs, such as
CloudTraildata events forS3logs,CloudTrailmanagement event logs,DNSlogs,EBSvolume data,Kubernetesaudit logs,VPCflow logs, andRDSlogin activity. - It uses threat intelligence feeds, such as lists of malicious
IPaddresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within yourAWSenvironment. - This can include issues like escalation of privileges, use of exposed credentials, or communication with malicious
IPaddresses, domains, presence of malware on yourEC2instances and container workloads, or discovery of unusual patterns of login events on your database. Continuous monitoring- Scoped at the entire
AWSaccount - Uses
machine learning
Amazon Inspector (opens in a new tab)
Continuous monitoring- A vulnerability management service that
continuouslyscans your AWS workloads for software vulnerabilities and unintended network exposure. Amazon Inspectorautomatically discovers and scans:- running
EC2instances (need agent installation) - container images in
ECR Lambdafunctions
- running
Network and application protection (opens in a new tab)
AWS Firewall Manager (opens in a new tab)
-
Simplifies administration and maintenance tasks across multiple accounts and resources for a variety of protections, including
AWS WAFAWS Shield AdvancedAmazon VPC security groupsAWS Network FirewallAmazon Route 53 Resolver DNS Firewall
-
Resources
AWS Shield (opens in a new tab)
- Protection against
DDoSattacks
AWS Shield Standard (opens in a new tab)
- Operates at
L3andL4.
AWS Shield Advanced (opens in a new tab)
-
Operates at
L7 -
Include
Shield Standard- Certain
AWS WAFusage forShieldprotected resources
-
DDoScost protection- If any of these protected resources scale up in response to a
DDoSattack, you can requestShield Advancedservice credits through your regularAWS Supportchannel.
- If any of these protected resources scale up in response to a
AWS WAF (opens in a new tab)
-
AWS WAFis a web application firewall that lets you monitor theHTTP(S)requests that are forwarded to your protected web application resources. -
Define a
Web ACLand then associating it with one or more web application resources that you want to protect. -
Components
-
Web ACLAWS WAFresource
-
Rules
-
Rule groups
AWS WAFresource
-
Data protection (opens in a new tab)
Macie (opens in a new tab)
- Automate discovery, logging, and reporting of sensitive data in
S3buckets.
Incident response (opens in a new tab)
Amazon Detective (opens in a new tab)
-
Detectiveautomatically extracts time-based events such as login attempts,APIcalls, and network traffic fromCloudTrailandVPCflow logs. It also ingests findings detected byGuardDuty. -
Uses machine learning, statistical analysis, and graph theory to generate visualizations that help you to conduct faster and more efficient security investigations. The
Detectiveprebuilt data aggregations, summaries, and context help you to quickly analyze and determine the nature and extent of possible security issues.
Compliance (opens in a new tab)
AWS Artifact (opens in a new tab)
- No cost, self-service portal for on-demand access to
AWScompliance reports
AWS Audit Manager (opens in a new tab)
- Continually audit your
AWSusage to simplify risk and compliance assessment - Automated evidence collection
Storage (opens in a new tab)
FSx for Lustre (opens in a new tab)
-
FSxmakes it easier for you to useLustrefor workloads where storage speed matters. -
Use
Lustrefor workloads where speed matters, such asmachine learning,high performance computing (HPC),video processing, andfinancial modeling. -
Deployment options (opens in a new tab)
-
scratchScratchfile systems are designed for temporary storage and shorter-term processing of data. Data isn't replicated and doesn't persist if a file server fails. Scratch file systems provide high burst throughput of up to six times the baseline throughput of 200 MBps per TiB of storage capacity.
-
persistentPersistentfile systems are designed for longer-term storage and workloads. The file servers are highly available, and data is automatically replicated within the same Availability Zone in which the file system is located. The data volumes attached to the file servers are replicated independently from the file servers to which they are attached.
-
AWS Storage Gateway (opens in a new tab)
AWS Storage Gatewayconnects anon-premises software appliancewithcloud-based storageto provide seamless integration with data security features between your on-premises IT environment and theAWSstorage infrastructure.
S3 File Gateway (opens in a new tab)
- Store and retrieve objects in
S3using industry-standard file protocols such asNFSandSMB
FSx File Gateway (opens in a new tab)
- Provides access to in-cloud
FSx for Windows File Servershares from on-premises facilities.
Tape Gateway (opens in a new tab)
- With a
Tape Gateway, you can cost-effectively and durably archive backup data inS3 Glacier Flexible RetrievalorS3 Glacier Deep Archive.
Volume Gateway (opens in a new tab)
-
Provides
cloud-backed storage volumesthat you can mount asiSCSIdevices from your on-premises application servers. -
Volume configurations
-
Cached volumesStore your data in
S3and retain a copy of frequently accessed data subsets locally. -
Stored volumesIf you need low-latency access to your entire dataset, first configure your on-premises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to
S3.
-
Networking and Content Delivery (opens in a new tab)
AWS Global Accelerator (opens in a new tab)
AWS Global Acceleratoris a service that helps improve the performance and latency of global applications by routing user traffic to the optimalRegion. It usesAnycast IP addressesand the AWS global network to providelow-latencyandhigh-performancefor users, regardless of their location.
Amazon VPC Connectivity Options (opens in a new tab)
AWS VPN (opens in a new tab)
AWS Site-to-Site VPN (opens in a new tab)
-
Features
IPsecIKEv2NATtraversal
-
Concepts
-
Virtual private gateway
A
virtual private gatewayis theVPNendpoint on theAmazonside of yourSite-to-Site VPNconnection that can be attached to a singleVPC.
-
AWS Client VPN (opens in a new tab)
Direct Connect (opens in a new tab)
-
Features
-
IEEE 802.1Q (VLANs on an Ethernet network)
-
Reduce network costs
By establishing a dedicated network connection, you can potentially reduce the costs associated with transferring large amounts of data over the Internet.
-
Increase bandwidth throughput
More consistent network experience than Internet-based connections
-
Bypasses the public Internet and establishes a secure, dedicated connection from an
on-premises networkto one or moreVPCs.
-
-
Connection Types
-
Dedicated connections
A physical ethernet connection is associated with a
single customer -
Hosted connections
A physical ethernet connection is provisioned by an
AWS Direct Connect Partnerand shared with you.
-
-
Direct Connect gateway
-
Virtual interfaces (
VIF)-
Private virtual interfaceUsed to access an
VPCusingprivate IPaddresses -
Public virtual interfaceCan access all
AWSpublic services usingpublic IPaddresses -
Transit virtual interfaceUsed to access one or more
VPC Transit Gatewaysassociated withDirect Connect gateways
-
Transit Gateway (opens in a new tab)
-
An AWS managed high availability and scalability regional network transit hub used to interconnect
VPCsand customer networks. -
Features
AWS Support (opens in a new tab)
-
Support Plans (opens in a new tab)
-
Basic-
Freewith every AWS account -
One-on-one responses to account and billing questions
-
Support forums
-
Service health checks
-
Documentation, technical papers, and best practice guides
-
-
Developer-
Features of
Basic Support -
Best practice guidance
-
Client-side diagnostic tools
-
Building-block architecture support: guidance on how to use
AWSproducts, features, and services together -
Supports an unlimited number of support cases that can be opened by one primary contact, which is the
AWSaccount root user.
-
-
Business-
Features of
Developer Support -
Use-case guidance – What
AWSproducts, features, and services to use to best support your specific needs. -
Trusted Advisor– A feature ofAWS Support, which inspects customer environments and identifies opportunities to save money, close security gaps, and improve system reliability and performance. You can access allTrusted Advisorchecks. -
The
AWS Support APIto interact withSupport CenterandTrusted Advisor. You can use theAWS Support APIto automate support case management andTrusted Advisoroperations. -
Third-party software support – Help with
EC2instance operating systems and configuration. Also, help with the performance of the most popular third-party software components onAWS. Third-party software support isn't available for customers onBasicorDeveloper Supportplans. -
Supports an unlimited number of
IAMusers who can open technical support cases.
-
-
Enterprise On-Ramp -
Enterprise
-
Service Quotas (opens in a new tab)
Service Quotasis an AWS service that helps you manage your quotas for many AWS services, from one location. Along with looking up the quota values, you can also request a quota increase from theService Quotasconsole.