|Compute||EC2||Elastic Compute Cloud. Each computing environment is called an EC2 instance.|
|Compute||ENI||Elastic Network Interface for EC2. This is the basic network interface for an EC2.|
|Compute||ENA||High Performance Network Interface for Amazon EC2. This type of network interface has higher performance. It requires specific types of EC2 and underlying OS and driver support to use it. It could be used if the EC2 require higher bandwidth (up to 100G bps) and lower latency.|
|Compute||EFA||Elastic Fabric Adapter is type of a network interface for Amazon EC2. It enables the EC2 to have very high performance inter-node communications. It is usually used for HPC (High Performance Computing), ML (Machine Learning) applications.|
|Compute||VPC||Virtual Private Network. It is the network infrastructure that you can define your own isolated private network in the cloud. You have control and design your own private network, including private network addresses, subnets, network ACL, routing and etc. Then you can add resources like EC2 instances, databases and other services inside the private network to build your infrastructure.|
|Compute||ECS||Elastic Container Service is a modified version of Docker. ECS is a managed container orchestration service. You can use ECS if the client or solution needs to access or control the Container Cluster|
|Compute||EKS||Elastic Kubernetes Service is a modified version of Kubernetes. EKS is a service to run Kubernetes applications|
|Compute||ECR||Elastic Container Registry is a managed service for storing, sharing and managing containers|
|Compute||ASG||Auto Scaling Groups is a grouping of EC2 instances for scaling out or scaling in. It can only span across AZ, it cannot span across regions|
|Serverless||AWS Lambda||It is the AWS serverless computing platform. It is used for computation with a short execution time (less than 15 minutes)|
|Serverless||Lambda@Edge||With Lambda at Edge, customers, could run serverless code globally, at CDN level.|
|Containers and serverless service||Fargate||AWS Fargate is a serverless compute engine. It can run on ECS or EKS. With Fargate, users do not need to setup or maintain EC2 compute instances to run containers. If the applications need longer execution time and more processing power, consider Fargate instead of Lambda.|
|Storage||S3||Amazon S3 (Simple Storage Service) is a highly scalable object storage solution|
|Storage||EFS||Elastic File System is a POSIX compliant shared file system, like NFS|
|Storage||Storage Gateway||AWS Storage Gateway is a hybrid cloud storage service. It allows users to have on-premises access AWS cloud storage. The service provides four different types of gateways: Tape Gateway, S3 File Gateway, Amazon FSx Gateway and Volume Gateway|
|Storage||FSx for Windows||FSx for Windows is a scalable file storage for Windows clients over SMB (Server Message Block)|
|Storage||FSx for Lustre||FSx for Lustre is a POSIX compliant file system for Linux based system. It provides sub-milliseconds response and is highly scalable|
|Storage||FSx for OpenZFS||FSx for OpenZFS is a fully managed file system, it is backed by the OpenZFS file system. OpenZFS supports taking snapshots and compression. This is unique to other FSx storage solutions provided by AWS.|
AWS Backup is a cost-effective and centralized backup service. Users should create backup polices or backup plans, it defines parameters about what and when to backup, the retention period of the backups and etc. AWS Backup supports backup of EC2 instances, EFS file systems, Amazon FSx file systems, RDS databases, DynamoDB tables and Storage Gateway volumes.
Here is the AWS Backup FAQ.
|Database||RDS||Amazon Relational Database Service (RDS) supports several database engines: PostgreSQL, MySQL, MariaDB, Oracle database, MSSQL database and Amazon Aurora. Amazon RDS is a highly scalable, secure and cost effective solution. It is easy to manage because users do not need to install or host their own databases|
|Database||Amazon Aurora||Amazon Aurora database has two types of databases: MySQL compatible and PostgreSQL compatible database. Aurora databases are high performance databases, highly scalable and highly available. Aurora databases are cost effective compared with commercial databases|
|Database||Aurora Serverless||Amazon Aurora Serverless is like Amazon Aurora database but it is serverless. So, customers do not need to specify the storage or capacity of the database when it is provisioned. It could be used for dynamic workload, workload with short duration, or testing environment. Amazon Aurora Serverless is high performance, highly scalable and highly available. The billing is per second basis, so it is a cost effective solution|
|Database||Athena||Amazon Athena is an interactive query service for analyzing data directly in Amazon S3 using standard query language. Athena is serverless, so there is no service to setup or manage in the customer perspective.|
|Database||Neptune||Amazon Neptune is a high performance, highly scalable, reliable and fully managed graph database service. It could work with applications that have highly connected datasets. Graph database are good at evaluating relationships. Uses cases of graph database are fraud detection, real time recommendation, social network analysis and etc.|
|Database||Redshift||Amazon Redshift can analyze large amount of structured or semi-structured data sets using standard SQL. Use cases of Amazon Redshift are online analytic processing (OLAP), business intelligence (BI) applications and predictive analysis.|
|Database||DMS||Amazon Database Migration Service is a reliable and cost effective database migration service for migrating different databases to the Amazon platform. It supports migrating database with the same database product (homogeneous) or migrating across different database products with schema conversion (heterogeneous).|
Amazon DynamoDB is a key-value and document database (NoSQL). It is serverless and supports ACID database operations. It supports replication across AWS regions. It delivers single-digit millisecond performance and yet highly scalable.
The maximum file size for JSON is 400KB.
|NoSQL||DAX||Amazon DynamoDB Accelerator. It serves as the caching layer for DynamoDB. It could speed up read access for DynamoDB from milliseconds to microseconds (in-memory), but it is not great for write access. DAX is highly available and highly scalable.|
|Analytics||Amazon Kinesis||Amazon Kinesis is highly scalable, high performance system to ingest data, such as website click streams, video streams, IoT telemetry data and etc. It could process and analyze data streams in real-time. The result could be sent to S3, Amazon Redshift, Amazon ElasticSearch Service and other supported service for storage.|
|Analytics||Kinesis Data Streams||Amazon Kinesis Data Streams is a highly scalable data streaming service. The service is and durable and supports real-time data streaming. Some of the use case include real-time data analysis, real-time metrics, reporting and etc.|
|Analytics/BI||Amazon QuickSight||Amazon QuickSight is a highly scalable and embeddable Business Intelligence service for the cloud. It utilizes AWS machine learning capabilities. It is also a serverless service. Use cases include dashboards for business or enterprise applications, embeddable analytics service, connect to AWS RedShift analytics warehouse or data lakes for analytics service.|
|In memory Key-value store||Amazon ElasticCache||Amazon ElasticCache is a fully managed in-memory data store service. It has two engines, Redis (support persistent store or in-memory) and Memcached (support in-memory only). It could launch in clusters, it could auto detect and replace failed nodes. Use cases include real-time transactions, sessions store, caching, queuing and etc.|
|In memory||Amazon Timestream||
Amazon Timestream is a fast, highly scalable, and serverless time series database service. It could process and store lots of time series events per day, with speed could be up to one thousand times faster than a relational database, where as the cost could be one-tenth of the relational database.
Use cases are IoT applications, DevOps applications, analytics applications and etc. Data collection agents and analytics applications like AWS Lambada and Kinesis could pass data to the Timestream. Then Timestream passes the result to the BI (e.g. QuickSight), AI applications (e.g. SageMaker) or other visualization applications (e.g. Grafana).
|Searching||OpenSearch (ElasticSearch) service||
Amazon OpenSearch Service is the successor to Amazon Elasticsearch Service.
AWS OpenSearch service is a highly scalable and fully managed searching service. It is cost effective because it is pay as you go. Users do not need to pay upfront. It could search input data such as log files, documents, metrics and etc.
Use cases include searching in data-lake catalogs, application monitoring, infrastructure monitoring and SIEM (security information and event management).
|Messaging||SQS||Amazon SQS (Simple Queue Service) a fully managed message queuing service. It could be used to decouple and scale microservices, distributed systems, and serverless applications.|
|Messaging||SNS||Amazon SNS (Simple Notification Service) is a fully managed, highly available and secure pub/sub messaging service. It could be used for both A2A (application to application) and A2P (application to person) communication. It enables developers to decouple applications into small components, so it is easier to deploy and maintain. Amazon SNS is durable, it could be used to deliver email, SMS or mobile push notifications to many users in more than 200 different countries.|
|Messaging||SES||Amazon Simple Email Service is a cloud based system for sending email for marketing, mail lists and transactional email (such as password resets notification).|
|Data science||EMR||Amazon Elastic MapReduce is a highly scalable, secure and low cost big data platform running in code for processing large amounts of data using open source tools (like Apache Spark, Apache Hive and etc.) It is more cost effective than running a big data platform on-premise.|
Amazon Glue a fully managed ETL (extract, transform, and load) service. It is serverless and allows fast data integration with for customers for loading their data for analytics.
Some of the use cases include: Scheduling ETL jobs to transform data from AWS Lambda and send to Amazon Redshift or Amazon Cloudwatch. Act as a bridge between data sources (RDS/S3/Redshift) and analytic systems (Athena/EMR), analytics system can access the data in Amazon Glue immediately for quick access. By having a Amazon Glue studio, developers can use drag and drop editing instead of writing codes for managing ETL task.
|Networking||NAT instance||NAT instance is deprecated. For new setup should use NAT Gateway instead. NAT instance serve as a network device for EC2 instances in private VPC to access internet by NAT.|
|Networking||NAT Gateway||NAT Gateway is a network device for EC2 instances in private VPC to access internet. NAT Gateways support high availability but the HA is within a single AZ only.|
|Networking||IGW||Amazon Internet Gateways. There is one IGW for each VPC. This is the network routing device that route traffic from EC2 instances and NAT gateways to the Internet.|
|Networking||Egress-Only Internet Gateway||Egress-Only Internet Gateway is an internet gateway for IPv6 outgoing network connections only.|
|Networking||VPC peering||To connect between two VPCs, a VPC peering connection is needed. It enables routing of two private networks. It supports both IPv4 and IPv6. A VPC can be created between your own VPCs or between VPC in different AWS accounts. VPC peering is not transitive.|
|Networking||AWS Direct Connect||AWS Direct Connect is a network solution that enables customers to have a network connection from their premise network to AWS. Customers would made request to AWS and it is setup by AWS partners. It usually took one month for setting up. Direct Connect is not a VPN and you cannot create a private interface in it.|
|Networking||AWS Transit Gateway||AWS Transit Gateway is a network solution that enables customers to connect their VPCs and their on-premises networks to a single network gateway. Without Transit Gateway, each connection between a VPC would need a VPC peering connection, this is not scalable and would add complexity for large scale networks.|
|Networking||AWS PrivateLink||AWS PrivateLink is similar to Transit Gateway. The main difference is that PrivateLink does not transit the network traffic over public internet. So, the communication between VPCs and on-premise network is secure.|
VPC Endpoints enable network connection between your VPCs and AWS services. It is powered by AWS PrivateLink.
There are two types of VPC endpoints:
|Networking||Amazon CloudFront||Amazon CloudFront is a fast and global content delivery network.|
|Networking||CLB||Classic Load Balancer is usually used for previous generation of AWS EC2 instances or services. For new setup, it should use NLB or ALB instead.|
|Networking||NLB||Network Load Balancer operates at TCP Layer 4. It has more functionality and is faster than a CLB. It does not support security group.|
|Networking||ALB||Application Load Balancer operates at TCP Layer 7. So, it is aware of the data inside the network connections. So it could perform path condition routing, host condition routing, URL redirection and etc. Check out this link for comparison of different types of AWS load balancers.|
|Networking||AWS Gateway Load Balancer (GWLB)||
With GWLB, it provides network connectivity by use of network service from third party virtual appliances. Customers can test and buy third party appliances from AWS marketplace.
|Networking||AWS Global Accelerator||AWS Global Accelerator is a network service. It utilizes the AWS global network infrastructure, so network traffic does not need to go through multiple network providers in the Internet. It could speed up internet performance up to 60%. The routing optimization from AWS could reduce the network packet loss and having a low connection latency.|
|Security||RAM||AWS Resource Access Manager is a service that enables customers to securely share AWS resources (e.g. Amazon Aurora, AWS License Manager and etc.) across AWS accounts, within your AWS Organization or OU inside your AWS Organization.|
|Security||KMS||AWS Key Management Service is a fully managed, secure and low cost key management service. It provides cryptographic key services for your applications or AWS service. Please note KMS is a global service but the keys are regional.|
|Security||AWS STS||You can use AWS Security Token Services for granting trusted users to have temporary security credentials that can access AWS resources.|
|Security||SSM||AWS Systems Manager is a free service. Customers can use SSM to manage EC2 in AWS and on-premise systems. Customers can manage their systems in scale, gain operation insights, patching systems with automation.|
|Security||SSM Parameter Store||SSM Parameter Store provides a secure storage for configuration data, such as password, database connection strings, licenses keys and parameters. It also integrates with Systems Manager, so customers can retrieve the credentials from the SSM parameter store through AWS Systems Manager.|
|Security||GuardDuty||Amazon GuardDuty is a threat detection service. It utilizes AI and threat detection feeds from third party partners. It monitors for malicious activities and unauthorized behavior in your AWS services, such as VPC flow logs, CloudTrail events, DNS logs and etc. It protects your AWS accounts, resources and your data stored in Amazon S3. It can use the notify or event-driven approach.|
|Security||Amazon Inspector||It only checks EC2. It checks the configuration, EC2 instance, network configuration, security groups and etc. It looked for vulnerabilities, security exposure and deviation periodically. It is agentless and also supports using agents (optional).|
|Security||Amazon Macie||Amazon Macie is data security and data privacy service. It utilizes ML (machine learning) and pattern matching to discover sensitive data, such as PII (personal identifiable information). Once sensitive data is detected, it sends findings to CloudWatch events. Users are notified via workflows for remediation.|
|Security/Compliance||AWS Artifact||AWS Artifact is a no cost service. Customers access self-service portal for on-demand access to security and AWS compliance reports. Sample reports include Payment Card Industry (PCI) reports and other accreditation bodies such as AWS ISO certifications and etc.|
|IAM||AWS IAM Identity Center (successor to AWS SSO)||AWS IAM Identity Center allows multiple AWS accounts to have centralized accesses and management within an AWS Organization, by using a single identity provider.|
Amazon Cognito is an Identity and Access management service. It allows you to integrate your web applications and sign-in via Cognito. It supports major social identity providers and also supports industry standards such as SAML 2.0 and OpenID Connect.
User pools are for authentication (identify verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP).
Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.
|Orchestrating and automation||Amazon OpsWork||
Amazon OpsWork is a code based configuration management service. OpsWorks has three offerings:
|Orchestrating and automation||AWS CloudFormation||AWS CloudFormation is an infrastructure as code service. Engineers make use of CloudFormation templates to create or manage their resources and services in AWS. CloudFormation templates are written in YAML or JSON format. By using CloudFormation, it could be used to duplicate existing the settings from an AWS infrastructure to another AWS infrastructure.|
|Orchestrating and automation||AWS Elastic Beanstalk||Elastic Beanstalk is a service for deploying and scaling web applications. It supports web applications written in different programming framework such as Java, NodeJS, PHP, Python and etc. We can think of it as a PAAS tool, but it is not used as an infrastructure deployment tool.|
|Orchestrating and automation||Amazon SWF||Amazon Simple Workflow Service is a workflow system for managing or orchestrating an application by its state. It make use of steps for controlling the workflow logic (such as task retry or recovery). It acts as a managed state tracker and task coordinator running in the cloud platform.|
|Orchestrating and automation||AWS Step Functions||Step Functions aims to replace Amazon SWF, it makes use of state machine.|
|Monitoring and Logging, config items||Amazon CloudWatch||Amazon CloudWatch is a system for monitoring performance metrics, logs, events and alarms for both applications and your AWS infrastructure. It also has dashboards.|
|Monitoring and Logging, config items||Amazon CloudWatch Log Insights||It enables customers to search CloudWatch Logs interactively by using a query language. It allows customers to analyze their collected data and logs sending from AWS CloudTrail, Amazon VPC, Route 53, Lambda and etc.|
|Monitoring and Logging, config items||AWS CloudTrail||AWS CloudTrail is a security service. It allows customers to use the system for security compliance, auditing and API usage. Other use cases include troubleshooting operational issues and detection of unusual activities.|
|Monitoring and Logging, config items||AWS Config||AWS Config is a service for recording configuration changes. Customers can audit and evaluate configuration changes of AWS resources. Some of the use cases include change management, inventory and configuration monitoring, assessment, compliance checking and for troubleshooting operation problems.|
|Tracing||AWS X-Ray||AWS X-Ray collects debug and tracing information from applications. It provides graphical service map for visualization. It supports AWS applications like AWS EC2, AWS ECS, AWS Lambada and etc. It helps developers for troubleshooting application problems, latency and performance problems.|
|Software development||CodeDeploy||AWS CodeDeploy is a scalable and fully automated service for deploying applications. It supports deploying codes to EC2, Lambda, Fargate and even customer on-premises servers.|
|Software development||Amazon API Gateway||Amazon API Gateway is a fully managed and highly scalable API service for software applications. It allows developers to create, manage and monitor APIs. It supported Restful API and WebSocket API. API Gateway supports web applications, serverless applications and containerized applications.|
|Availability||AWS Trusted Advisor||
AWS Trusted Advisor mainly monitors these five metrics: Cost optimization, Performance, Security, Fault Tolerance and Service Limits (the last one is not free).
Basic and Developer plans only support some of the features. It needs to have a business or enterprise account to fully use this product.
|Migration||AWS Snowball Family||AWS Snowball family consists of Snowcone, Snowball, Snowball Edge and Snowball Mobile. It is a secure data transportation or data migration service from AWS. Customers can move large amount of data from their premise to AWS.|
|Multimedia converter||Amazon Elastic Transcoder||It is a media transcoding service running in the AWS cloud. It converts video recordings to other formats suitable for media delivery.|
|Multimedia converter||AWS Elemental MediaConvert||MediaConvert converts video content for broadcasting and media delivery. Check out this AWS blog about Elastic Transcode and MediaConvert.|
|Contact center||AWS Connect||Amazon Connect is a contact center service in the cloud. It allows companies to operate a contact center (customer services) with a much lower cost than having a traditional contact center solution.|