Show Menu
Cheatography

AWS Services Cheat Sheet by

AWS Certification comprehends a lot of topics & a broad array of services. Further, these also include every tiny detail for features, patterns, anti-patterns & their integration with other services. This is just a quick synopsis of all the services category-wise & key points for a quick glance before you appear for the exam along with recommended security best practices.

Comp­ute

Category
Service
Descri­ption
Instances (Virtual machines)
EC2
Provides secure, resizable compute capacity in the cloud. It makes web-scale cloud computing easier for develo­pers. EC2
 
EC2 Spot
Run fault-­tol­erant workloads for up to 90% off. EC2Spot
 
EC2 Autosc­aling
Automa­tically add or remove compute capacity to meet changes in demand. EC2_Au­sto­Scaling
 
Lightsail
Designed to be the easiest way to launch & manage a virtual private server with AWS. An easy-t­o-use cloud platform that offers everything need to build an applic­ation or website. Lightsail
 
Batch
Enables develo­pers, scient­ists, & engineers to easily & effici­ently run hundreds of thousands of batch computing jobs on AWS. Fully managed batch processing at any scale. Batch
Containers
Elastic Container Service (ECS)
Highly secure, reliable, & scalable way to run contai­ners. ECS
 
Elastic Container Registry (ECR)
Easily store, manage, & deploy container images. ECR
 
Elastic Kubernetes Service (EKS)
Fully managed Kubernetes service. EKS
 
Fargate
Serverless compute for contai­ners. Fargate
Serverless
Lambda
Run code without thinking about servers. Pay only for the compute time you consume. Lamda
Edge and hybrid
Outposts
Run AWS infras­tru­cture & services on premises for a truly consistent hybrid experi­ence. Outposts
 
Snow Family
Collect and process data in rugged or discon­nected edge enviro­nments. SnowFamily
 
Wavelength
Deliver ultra-low latency applic­ation for 5G devices. Wavelenth
 
VMware Cloud on AWS
Innovate faster, rapidly transition to the cloud, & work securely from any location. VMware­_On_AWS
 
Local Zones
Run latency sensitive applic­ations closer to end-users. LocalZones

Storage

Service
Descri­ption
AWS S3
S3 is the storehouse for the internet i.e. object storage built to store & retrieve any amount of data from anywhere S3
AWS Backup
AWS Backup is an extern­all­y-a­cce­ssible backup provider that makes it easier to align & optimize the backup of data across AWS services in the cloud. AWS_Backup
Amazon EBS
Amazon Elastic Block Store is a web service that provides block-­level storage volumes. EBS
Amazon EFS Storage
EFS offers file storage for the user’s Amazon EC2 instances. It's kind of blob Storage. EFS
Amazon FSx
FSx supply fully managed 3rd-party file systems with the native compat­ibility & charac­ter­istic sets for workloads. It's available as FSx for Windows server (Fully managed file storage built on Windows Server) & Lustre (Fully managed high-p­erf­ormance file system integrated with S3). FSx_Wi­ndows FSx_Lustre
AWS Storage Gateway
Storage Gateway is a service which connects an on-pre­mises software appliance with cloud-­based storage. Storag­e_G­ateway
AWS DataSync
DataSync makes it simple & fast to move large amounts of data online between on-pre­mises storage & S3, EFS, or FSx for Windows File Server. DataSync
AWS Transfer Family
The Transfer Family provides fully managed support for file transfers directly into & out of S3. Transf­er_­Family
AWS Snow Family
Highly­-se­cure, portable devices to collect & process data at the edge, and migrate data into and out of AWS. Snow_F­amily
Classi­fic­ation:
Object storage: S3
File storage services: Elastic File System, FSx for Windows Servers & FSx for Lustre
Block storage: EBS
Backup: AWS Backup
Data transfer:
Storage gateway --> 3 types: Tape, File, Volume.
Transfer Family --> SFTP, FTPS, FTP.
Edge computing and storage and Snow Family --> Snowcone, Snowball, Snowmobile

Data­bases

Database type
Use cases
Service
Descri­ption
Relational
Tradit­ional applic­ations, ERP, CRM, e-commerce
Aurora, RDS, Redshift
RDS is a web service that makes it easier to set up, control, and scale a relational database in the cloud. Aurora RDS Redshift
Key-value
High-t­raffic web apps, e-commerce systems, gaming applic­ations
DynamoDB
DynamoDB is a fully admini­stered NoSQL database service that offers quick and reliable perfor­mance with integrated scalab­ility. DynamoDB
In-memory
Caching, session manage­ment, gaming leader­boards, geospatial applic­ations
Elasti­Cache for Memcached & Redis
Elasti­Cache helps in setting up, managing, and scaling in-memory cache condit­ions. Memcached Redis
Document
Content manage­ment, catalogs, user profiles
DocumentDB
DocumentDB (with MongoDB compat­ibi­lity) is a quick, depend­able, and fully-­managed database service that makes it easy for you to set up, operate, and scale MongoD­B-c­omp­atible databases.DocumentDB
Wide column
High scale industrial apps for equipment mainte­nance, fleet manage­ment, and route optimi­zation
Keyspaces (for Apache Cassandra)
Keyspaces is a scalable, highly available, and managed Apache Cassan­dra­–co­mpa­tible database service. Keyspaces
Graph
Fraud detection, social networ­king, recomm­end­ation engines
Neptune
Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applic­ations that work with highly connected datasets. Neptune
Time series
IoT applic­ations, DevOps, industrial telemetry
Timestream
Timestream is a fast, scalable, and serverless time series database service for IoT and operat­ional applic­ations that makes it easy to store and analyze trillions of events per day. Timestream
Ledger
Systems of record, supply chain, regist­rat­ions, banking transa­ctions
Quantum Ledger Database (QLDB)
QLDB is a fully managed ledger database that provides a transp­arent, immutable, and crypto­gra­phi­cally verifiable transa­ction log ‎owned by a central trusted authority. QLDB

Deve­loper Tools

Service
Descri­ption
Cloud9
Cloud9 is a cloud-­based IDE that enables the user to write, run, and debug code. Cloud9
CodeAr­tifact
CodeAr­tifact is a fully managed artifact repository service that makes it easy for organi­zations of any size to securely store, publish, & share software packages used in their software develo­pment process. CodeAr­tifact
CodeBuild
CodeBuild is a fully managed service that assembles source code, runs unit tests, & also generates artefacts ready to deploy. CodeBuild
CodeGuru
CodeGuru is a developer tool powered by machine learning that provides intell­igent recomm­end­ations for improving code quality & identi­fying an applic­ation’s most expensive lines of code. CodeGuru
Cloud Develo­pment Kit
Cloud Develo­pment Kit (AWS CDK) is an open source software develo­pment framework to define cloud applic­ation resources using familiar progra­mming languages. CDK
CodeCommit
CodeCommit is a version control service that enables the user to personally store & manage Git archives in the AWS cloud. CodeCommit
CodeDeploy
CodeDeploy is a fully managed deployment service that automates software deploy­ments to a variety of compute services such as EC2, Fargate, Lambda, & on-pre­mises servers. CodeDeploy
CodePi­peline
CodePi­peline is a fully managed continuous delivery service that helps automate release pipelines for fast & reliable app & infra updates. CodePi­peline
CodeStar
CodeStar enables to quickly develop, build, & deploy applic­ations on AWS. CodeStar
CLI
AWS CLI is a unified tool to manage AWS services & control multiple services from the command line & automate them through scripts. CLI
X-Ray
X-Ray helps developers analyze & debug produc­tion, distri­buted applic­ations, such as those built using a micros­ervices archit­ecture. X-Ray

Migration & Transfer services

Service
Descri­ption
Migration Evaluator
Build a data-d­riven business case for AWS. ME
Migration Hub
Migration Hub provides a single location to track the progress of app migrations across multiple AWS & partner solutions. Migrat­ionHub
Applic­ation Discovery Service
Applic­ation Discovery Service helps enterprise customers plan migration projects by gathering inform­ation about their on-pre­mises data centers. ADS
Server Migration Service (SMS)
SMS is an agentless service which makes it easier & faster to migrate thousands of on-pre­mises workloads to AWS. SMS
Database Migration Service (DMS)
DMS helps migrate databases to AWS quickly & securely. DMS
CloudE­ndure Migration
CloudE­ndure Migration simpli­fies, expedites, & reduces the cost of cloud migration by offering a highly automated lift-&-shift solution. CloudE­ndure
VMware Cloud on AWS
Refer compute section.
DataSync
Refer storage section.
Transfer Family
Refer storage section.
Snow Family
Refer storage section.

Cost Management

Use cases
Capabi­lities
Service
Descri­ption
Organize
Construct cost allocation & governance foundation with your own tagging strategy
1) Cost Allocation Tags 2) Cost Categories
Cost Categories is a feature within AWS Cost Management product suite that enables group cost & usage inform­ation into meaningful categories based on needs. CostAl­loc­ati­onTags CostCa­teg­ories
Report
Raise awareness & accoun­tab­ility of your cloud spend with the detailed, allocable cost data
1) Cost Explorer 2) Cost & Usage Report
Cost & Usage Report contains the most compre­hensive set of AWS cost & usage data available, including additional metadata about AWS services, pricing, & reserv­ations. CostEx­plorer CUR
Access
Track billing inform­ation across the organi­zation in a consol­idated view
1) Consol­idated Billing 2) Credits
credits are applied to bills to help cover costs that are associated with eligible services. Consol­ida­ted­Billing Credits
Control
Establish effective governance mechanisms with the right guardrails in place
1) IAM 2) Organi­zations 3) Control Tower 4) Service Catalog
Organi­zations helps centrally govern enviro­nment as you grow & scale workloads on AWS. Control tower is the easiest way to set up & govern a new, secure multi-­account AWS enviro­nment. Contro­lTower
Forecast
Estimate resource utiliz­ation & spend with forecast dashbo­ards.
1) Cost Explorer (Self-­Ser­vice) 2) Budgets (Event­-Dr­iven)
A forecast is a prediction of how much you will use AWS services over the forecast time period that you selected, based on your past usage. Foreca­sting EventD­riv­enB­udgets
Budget
Keep spend in check with custom budget threshold & auto alert notifi­cation
1) Budgets 2) Budget Alerts via Chime & Slack 3) Service Catalog
Budgets allows to set custom budgets to track cost & usage from the simplest to the most complex use cases. Budgets Budget­Alerts Servic­eCa­talog
Purchase
Leverage free trials & progra­mmatic discounts based on workload pattern & needs
1) Free Tier 2) Reserved Instances 3) Savings Plans 4) Spot Instances 5) DynamoDB On-demand
RI provide a signif­icant discount (up to 75%) compared to On-Demand pricing. RI FreeTier Saving­sPlan SpotEC2 DynamoDBOD
Elasticity
Scale & schedule services based on expected utiliz­ation pattern & needs
1) Instance Scheduler 2) Redshift pause & resume 3) EC2 Auto Scaling 4) Trusted Advisor
Trusted Advisor is an online tool that provides real time guidance to help provision resources following AWS best practices. Instan­ceS­che­duler Redshi­ftP­&R EC2ASG Truste­dAd­visor
Rightsize
Align service allocation size to actual workload demand
1) Cost Explorer Right Sizing Recomm­end­ations 2) Compute Optimizer 3) Redshift resize 4) S3 Intell­igent Tiering
Compute Optimizer recommends optimal AWS Compute resources for your workloads to reduce costs & improve perfor­mance by using ML to analyze historical utiliz­ation metrics. CO
Inspect
Stay up-to-date with resource deployment & cost optimi­zation opport­unities
Cost Explorer
Cost Explorer has an easy-t­o-use interface that lets you visualize, unders­tand, & manage AWS costs & usage over time. CostEx­plorer

SDKs & Toolkits

Service
Descri­ption
CDK
CDK uses the famili­arity & expressive power of progra­mming languages for modeling apps. CDK
Corretto
Corretto is a no-cost, multip­lat­form, produc­tio­n-ready distri­bution of the OpenJDK. Corretto
Crypto Tools
Crypto­graphy is hard to do safely & correctly. The AWS Crypto Tools libraries are designed to help everyone do crypto­graphy right, even without special expertise. Crypto Tools
Serverless Applic­ation Model (SAM)
SAM is an open-s­ource framework for building serverless applic­ations. It provides shorthand syntax to express functions, APIs, databases, & event source mappings. SAM
Tools for developing and managing applic­ations on AWS
Complete list of tools can be found here: Tools
 

Netw­orking & Content Delivery

Use cases
Functi­onality
Service
Descri­ption
Build a cloud network
Define and provision a logically isolated network for your AWS resources
VPC
VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. VPC
 
Connect VPCs and on-pre­mises networks through a central hub
Transit Gateway
Transit Gateway connects VPCs & on-pre­mises networks through a central hub. This simplifies network & puts an end to complex peering relati­ons­hips. Transi­tGa­teway
 
Provide private connec­tivity between VPCs, services, and on-pre­mises applic­ations
Privat­eLink
Privat­eLink provides private connec­tivity between VPCs & services hosted on AWS or on-pre­mises, securely on the Amazon network. Privat­eLink
 
Route users to Internet applic­ations with a managed DNS service
Route 53
Route 53 is a highly available & scalable cloud DNS web service. Route53
Scale your network design
Automa­tically distribute traffic across a pool of resources, such as instances, contai­ners, IP addresses, and Lambda functions
Elastic Load Balancing
Elastic Load Balancing automa­tically distri­butes incoming applic­ation traffic across multiple targets, such as EC2's, contai­ners, IP addresses, & Lambda functions. Elasti­cLo­adB­ala­ncing
 
Direct traffic through the AWS Global network to improve global applic­ation perfor­mance
Global Accele­rator
Global Accele­rator is a networking service that sends user’s traffic through AWS’s global network infras­tru­cture, improving internet user perfor­mance by up to 60%. Global­Acc­ele­rator
Secure your network traffic
Safeguard applic­ations running on AWS against DDoS attacks
Shield
Shield is a managed Distri­buted Denial of Service (DDoS) protection service that safeguards applic­ations running on AWS. Shield
 
Protect your web applic­ations from common web exploits
WAF
WAF is a web applic­ation firewall that helps protect your web applic­ations or APIs against common web exploits that may affect availa­bility, compromise security, or consume excessive resources. WAF
 
Centrally configure and manage firewall rules
Firewall Manager
Firewall Manager is a security management service which allows to centrally configure & manage firewall rules across accounts & apps in AWS Organi­zation. link text
Build a hybrid IT network
Connect your users to AWS or on-pre­mises resources using a Virtual Private Network
(VPN) - Client
VPN solutions establish secure connec­tions between on-pre­mises networks, remote offices, client devices, & the AWS global network. VPN
 
Create an encrypted connection between your network and your Amazon VPCs or AWS Transit Gateways
(VPN) - Site to Site
Site-t­o-Site VPN creates a secure connection between data center or branch office & AWS cloud resources. site_t­o_site
 
Establish a private, dedicated connection between AWS and your datace­nter, office, or colocation enviro­nment
Direct Connect
Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Direct­Connect
Content delivery networks
Securely deliver data, videos, applic­ations, and APIs to customers globally with low latency, and high transfer speeds
CloudFront
CloudFront expedites distri­bution of static & dynamic web content. CloudFront
Build a network for micros­ervices archit­ectures
Provide applic­ati­on-­level networking for containers and micros­ervices
App Mesh
App Mesh makes it accessible to guide & control micros­ervices operating on AWS. AppMesh
 
Create, maintain, and secure APIs at any scale
API Gateway
API Gateway allows the user to design & expand their own REST and WebSocket APIs at any scale. APIGateway
 
Discover AWS services connected to your applic­ations
Cloud Map
Cloud Map permits the name & handles the cloud resources. CloudMap

Security, Identity, & Compliance

Category
Use cases
Service
Descri­ption
Identity & access management
Securely manage access to services and resources
Identity & Access Management (IAM)
IAM is a web service for safely contro­lling access to AWS services. IAM
 
Securely manage access to services and resources
Single Sign-On
SSO helps in simpli­fying, managing SSO access to AWS accounts & business applic­ations. SSO
 
Identity management for apps
Cognito
Cognito lets you add user sign-up, sign-in, & access control to web & mobile apps quickly and easily. Cognito
 
Managed Microsoft Active Directory
Directory Service
AWS Managed Microsoft Active Directory (AD) enables your direct­ory­-aware workloads & AWS resources to use managed Active Directory (AD) in AWS. Direct­ory­Service
 
Simple, secure service to share AWS resources
Resource Access Manager
Resource Access Manager (RAM) is a service that enables you to easily & securely share AWS resources with any AWS account or within AWS Organi­zation. RAM
 
Central governance and management across AWS accounts
Organi­zations
Organi­zations helps you centrally govern your enviro­nment as you grow and scale your workloads on AWS. Orgs
Detection
Unified security and compliance center
Security Hub
Security Hub gives a compre­hensive view of security alerts & security posture across AWS accounts. Securi­tyHub
 
Managed threat detection service
GuardDuty
GuardDuty is a threat detection service that contin­uously monitors for malicious activity & unauth­orized behavior to protect AWS accounts, workloads, & data stored in S3. GuardDuty
 
Analyze applic­ation security
Inspector
Inspector is a security vulner­ability assessment service improves the security & compliance of the AWS resources. Inspector
 
Record and evaluate config­ura­tions of your AWS resources
Config
Config is a service that enables to assess, audit, & evaluate the config­ura­tions of AWS resources. Config
 
Track user activity and API usage
CloudTrail
CloudTrail is a service that enables govern­ance, compli­ance, operat­ional auditing, & risk auditing of AWS account. CloudTrail
 
Security management for IoT devices
IoT Device Defender
IoT Device Defender is a fully managed service that helps secure fleet of IoT devices. IoTDD
Infras­tru­cture protection
DDoS protection
Shield
Shield is a managed DDoS protection service that safeguards apps running. It provides always-on detection & automatic inline mitiga­tions that minimize applic­ation downtime & latency. Shield
 
Filter malicious web traffic
Web Applic­ation Firewall (WAF)
WAF is a web applic­ation firewall that helps protect web apps or APIs against common web exploits that may affect availa­bility, compromise security, or consume excessive resources. WAF
 
Central management of firewall rules
Firewall Manager
Firewall Manager eases the user AWS WAF admini­str­ation & mainte­nance activities over multiple accounts & resources. Firewa­llM­anager
Data protection
Discover and protect your sensitive data at scale
Macie
Macie is a fully managed data (security & privacy) service that uses ML & pattern matching to discover & protect sensitive data. Macie
 
Key storage and management
Key Management Service (KMS)
KMS makes it easy for to create & manage crypto­graphic keys & control their use across a wide range of AWS services & in your applic­ations. KMS
 
Hardware based key storage for regulatory compliance
CloudHSM
CloudHSM is a cloud-­based hardware security module (HSM) that enables you to easily generate & use your own encryption keys. CloudHSM
 
Provision, manage, and deploy public and private SSL/TLS certif­icates
Certif­icate Manager
Certif­icate Manager is a service that easily provision, manage, & deploy public and private SSL/TLS certs for use with AWS services & internal connected resources. ACM
 
Rotate, manage, and retrieve secrets
Secrets Manager
Secrets Manager assist the user to safely encode, store, & recover creden­tials for any user’s database & other services. Secret­sMa­nager
Incident response
Invest­igate potential security issues
Detective
Detective makes it easy to analyze, invest­igate, & quickly identify the root cause of potential security issues or suspicious activi­ties. Detective
 
Fast, automated, cost- effective disaster recovery
CloudE­ndure Disaster Recovery
Provides scalable, cost-e­ffe­ctive business continuity for physical, virtual, & cloud servers. CloudE­ndure
Compliance
No cost, self-s­ervice portal for on-demand access to AWS’ compliance reports
Artifact
Artifact is a web service that enables the user to download AWS security & compliance records. Artifact
 

Data Lakes & Analytics

Category
Use cases
Service
Descri­ption
Analytics
Intera­ctive analytics
Athena
Athena is an intera­ctive query service that makes it easy to analyze data in S3 using standard SQL. Athena
 
Big data processing
EMR
EMR is the indust­ry-­leading cloud big data platform for processing vast amounts of data using open source tools such as Apache Spark, Hive, HBase,­Flink, Hudi, & Presto. EMR
 
Data wareho­using
Redshift
The most popular & fastest cloud data warehouse. Redshift
 
Real-time analytics
Kinesis
Kinesis makes it easy to collect, process, & analyze real-time, streaming data so one can get timely insights. Kinesis
 
Operat­ional analytics
Elasti­csearch Service
Elasti­csearch Service is a fully managed service that makes it easy to deploy, secure, & run Elasti­csearch cost effect­ively at scale. ES
 
Dashboards & visual­iza­tions
Quicksight
QuickSight is a fast, cloud-­powered business intell­igence service that makes it easy to deliver insights to everyone in organi­zation. QuickSight
Data movement
Real-time data movement
1) Amazon Managed Streaming for Apache Kafka (MSK) 2) Kinesis Data Streams 3) Kinesis Data Firehose 4) Kinesis Data Analytics 5) Kinesis Video Streams 6) Glue
MSK is a fully managed service that makes it easy to build & run applic­ations that use Apache Kafka to process streaming data. MSK KDS KDF KDA KVS Glue
Data lake
Object storage
1) S3 2) Lake Formation
Lake Formation is a service that makes it easy to set up a secure data lake in days. A data lake is a centra­lized, curated, & secured repository that stores all data, both in its original form & prepared for analysis. S3 LakeFo­rmation
 
Backup & archive
1) S3 Glacier 2) Backup
S3 Glacier & S3 Glacier Deep Archive are a secure, durable, & extremely low-cost S3 cloud storage classes for data archiving & long-term backup. S3Glacier
 
Data catalog
1) Glue 2)) Lake Formation
Refer as above.
 
Third-­party data
Data Exchange
Data Exchange makes it easy to find, subscribe to, & use third-­party data in the cloud. DataEx­change
Predictive analytics && machine learning
Frameworks & interfaces
Deep Learning AMIs
Deep Learning AMIs provide machine learning practi­tioners & resear­chers with the infras­tru­cture & tools to accelerate deep learning in the cloud, at any scale. DeepLe­arn­ingAMIs
 
Platform services
SageMaker
SageMaker is a fully managed service that provides every developer & data scientist with the ability to build, train, & deploy machine learning (ML) models quickly. SageMaker

Containers

Use cases
Service
Descri­ption
Store, encrypt, and manage container images
ECR
Refer compute section
Run contai­nerized applic­ations or build micros­ervices
ECS
Refer compute section
Manage containers with Kubernetes
EKS
Refer compute section
Run containers without managing servers
Fargate
Fargate is a serverless compute engine for containers that works with both ECS & EKS. Fargate
Run containers with server­-level control
EC2
Refer compute section
Contai­nerize and migrate existing applic­ations
App2Co­ntainer
App2Co­ntainer (A2C) is a comman­d-line tool for modern­izing .NET & Java applic­ations into contai­nerized applic­ations. App2Co­ntainer
Quickly launch and manage contai­nerized applic­ations
Copilot
Copilot is a command line interface (CLI) that enables customers to quickly launch & easily manage contai­nerized applic­ations on AWS. Copilot

Serverless

Category
Service
Descri­ption
Compute
Lambda lets you run code without provis­ioning or managing servers. You pay only for the compute time you consume.
 
Lambda­@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your applic­ation, which improves perfor­mance & reduces latency.
 
Refer containers section
Storage
Refer storage section
 
Refer storage section
Data stores
DynamoDB is a key-value & document database that delivers single­-digit millis­econd perfor­mance at any scale.
 
Aurora Serverless is an on-demand, auto-s­caling config­uration for Amazon Aurora (MySQL & Postgr­eSQ­L-c­omp­atible editions), where the database will automa­tically start up, shut down, & scale capacity up or down based on your applic­ation's needs.
 
RDS Proxy is a fully managed, highly available database proxy for RDS that makes applic­ations more scalable, resilient to database failures, & more secure.
API Proxy
API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, & secure APIs at any scale.
Applic­ation integr­ation
SNS is a fully managed messaging service for both system­-to­-system & app-to­-person (A2P) commun­ica­tion.
 
SQS is a fully managed message queuing service that enables to decouple & scale micros­erv­ices, distri­buted systems, & serverless applic­ations.
 
AppSync is a fully managed service that makes it easy to develop GraphQL APIs by handling the heavy lifting of securely connecting to data sources like AWS DynamoDB, Lambda.
 
EventB­ridge is a serverless event bus that makes it easy to connect applic­ations together using data from apps, integrated SaaS apps, & AWS services.
Orches­tration
Step Functions is a serverless function orches­trator that makes it easy to sequence Lambda functions & multiple AWS services into busine­ss-­cri­tical applic­ations.
Analytics
Kinesis makes it easy to collect, process, & analyze real-time, streaming data so one can get timely insights.
 
Athena is an intera­ctive query service that makes it easy to analyze data in Amazon S3 using standard SQL.

Applic­ation Integr­ation

Category
Service
Descri­ption
Messaging
Reliable high throughput pub/sub, SMS, email, and mobile push notifi­cations
 
Message queue that sends, stores, and receives messages between applic­ation components at any volume
 
Message broker for Apache ActiveMQ that makes migration easy and enables hybrid archit­ectures
Workflows
Coordinate multiple AWS services into serverless workflows so you can build and update apps quickly
API management
Create, publish, maintain, monitor, & secure APIs at any scale for serverless workloads & web apps
 
Create a flexible API to securely access, manipu­late, & combine data from one or more data sources
Event bus
Build an event-­driven archit­ecture that connects applic­ation data from your own apps, SaaS, & AWS services
 
Automate the flow of data between SaaS applic­ations & AWS services at nearly any scale, without code.

Management & Governance

Category
Service
Descri­ption
Enable
Control Tower
The easiest way to set up and govern a new, secure multi-­account AWS enviro­nment. Contro­lTower
 
Organi­zations
Organi­zations helps centrally govern enviro­nment as you grow & scale workloads on AWS Organi­zations
 
Well-A­rch­itected Tool
Well-A­rch­itected Tool helps review the state of workloads & compares them to the latest AWS archit­ectural best practices. WATool
 
Budgets
Budgets allows to set custom budgets to track cost & usage from the simplest to the most complex use cases. Budgets
 
License Manager
License Manager makes it easier to manage software licenses from software vendors such as Microsoft, SAP, Oracle, & IBM across AWS & on-pre­mises enviro­nments. Licens­eMa­nager
Provision
CloudF­orm­ation
CloudF­orm­ation enables the user to design & provision AWS infras­tru­cture deploy­ments predic­tably & repeat­edly. CloudF­orm­ation
 
Service Catalog
Service Catalog allows organi­zations to create & manage catalogs of IT services that are approved for use on AWS. Servic­eCa­talog
 
OpsWorks
OpsWorks presents a simple and flexible way to create and maintain stacks and applic­ations. OpsWorks
 
Market­place
Market­place is a digital catalog with thousands of software listings from indepe­ndent software vendors that make it easy to find, test, buy, & deploy software that runs on AWS. Market­place
Operate
CloudWatch
CloudWatch offers a reliable, scalable, & flexible monitoring solution that can easily start. CloudWatch
 
CloudTrail
CloudTrail is a service that enables govern­ance, compli­ance, operat­ional auditing, & risk auditing of AWS account. CloudTrail
 
Config
 
Systems Manager
Systems Manager to plan, proctor, & automate admini­str­ation tasks on the AWS resources. System­sMa­nager
 
Cost & usage report
Refer cost management section
 
Cost explorer
Refer cost management section
 
Managed Services
Operate your AWS infras­tru­cture on your behalf. Manage­dSe­rvices
 
X Ray

Recommend security best practices

Turn on multif­actor authen­tic­ation for the “root” account
Turn on CloudTrail log file valida­tion.
Enable CloudTrail multi-­region logging.
Integrate CloudTrail with CloudW­atch.
Enable access logging for CloudTrail S3 buckets.
Enable access logging for Elastic Load Balancer (ELB).
Enable Redshift audit logging.
Enable Virtual Private Cloud (VPC) flow logging.
Require multif­actor authen­tic­ation (MFA) to delete CloudTrail buckets
Enable CloudTrail logging across all AWS.
Turn on multi-­factor authen­tic­ation for IAM users.
Enable IAM users for multi-mode access.
Attach IAM policies to groups or roles
Rotate IAM access keys regularly, and standa­rdize on the selected number of days
Set up a strict password policy.
Set the password expiration period to 90 days and prevent reuseC­ustomer Visual­force pages with standard headers
Don’t use expired SSL/TLS certif­icates
User HTTPS for CloudFront distri­butions
Restrict access to CloudTrail bucket.
Encrypt CloudTrail log files at rest
Encrypt Elastic Block Store (EBS) database.
Provision access to resources using IAM roles.
Ensure EC2 security groups don’t have large ranges of ports open
Configure EC2 security groups to restrict inbound access to EC2.
Avoid using root user accounts.
Use secure SSL ciphers when connecting between the client and ELB.
Use secure SSL versions when connecting between client and ELB.
Use a standard naming (tagging) convention for EC2.
Encrypt RDS.
Ensure access keys are not being used with root accounts.
Use secure CloudFront SSL versions.
Enable the requir­e_ssl parameter in all Redshift clusters.
Rotate SSH keys period­ically.
Minimize the number of discrete security groups.
Reduce number of IAM groups.
Terminate unused access keys
Disable access for inactive or unused IAM users
Remove unused IAM access keys
Delete unused SSH Public Keys
Restrict access to AMIs.
Restrict access to EC2 security groups.
Restrict access to RDS instances.
Restrict access to Redshift clusters.
Restrict outbound access.
Disallow unrest­ricted ingress access on uncommon ports.
Restrict access to well-known ports such as CIFS, FTP, ICMP, SMTP, SSH, Remote desktop
Inventory & categorize all existing custom apps by the types of data stored, compliance requir­ements & possible threats they face.
Involve IT security throughout the develo­pment process.
Grant the fewest privileges as possible for applic­ation users
Enforce a single set of data loss prevention policies across custom applic­ations and all other cloud services.
Encrypt highly sensitive data such as protected health inform­ation (PHI) or personally identi­fiable inform­ation (PII).
       
 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          awsReference Cheat Sheet
          AWS Services by Nir Elbaz
          Core Cloud Concepts with AWS Cheat Sheet