Show Menu

HaoDT-AWS Cheat Sheet by

Cheat sheet for AWS By HaoDT

EC2 Instance Store

- Persist data if terminate
- Mount one instance at time
- Bound specific AZ
EBS Snapshot
- Backup EBS
- Copy across AZ or region
- Feature:
 + Archive
 + Recycle Bin for EBS Snapshot
- Custom­ization EC2
- Launch instace From (public AMI, private AMI and AWS Market­place AMI)
EC2 Image Builder
- Create, maintain, validate, test EC2 AMI
- Can run schedule
- Free service
EC2 Instance Store
- Lose storage if stop
- For buffer or cache
- Can mounted 100 EC2
- Work linux-­multi AZ
- EFS-IA (Infre­quent Access): Auto move file EFS to EFS-IA
- FSx:
 + Launch 3rd party
 + Build on Window File Server
 + Integrate Microsoft Active Derectory

Elastic Load Balancing & Auto Scaling Group

Elastic Load Balancer
- 3 kind:
 + Applic­ation load balancer (HTTP/­HTTPS - layer 7)
 + Network load balancer (TCP - layer 4)
 + Classic load balancer (layer 4 & layer 7)
Auto Scaling Group
- Ensure min max instance run
- Register new instance
- Replace unhealthy instance
- Scaleing strategies:
 + Manual Scaling
 + Dynamic Scaling
   => Simple­/Step scaling
   => Target tracking scaling
   => Schedule scaling
 + predictive scaling
- unit name
- S3 global, bucket region
- S3 contain:
 + bucket
 + Object
Snow Family
- Data migrate:
 + Snowcone (8TB)
 + Snowball Edge (80TB) (TB or PB)
 + Snow mobile (EB) better > 10 PB
- Edge computing
- Software manage snow family
AWS Storage Gateway
- Connect on-premise and cloud
- Type:
 + File gateway
 + Volumn gateway
 + Tape gateway


- Multi AZ
- Scale verticle and horizontal
- Store blocked by EBS
- Simlify for database admin
Amazon Aurora
Amazon Elastic Cache
Cache for RDS
- 100TB
- Type:
 + standard
 + Infrequent Access (IA)
- Integrate IAM
DynamoDB Accele­rator (DAX)
Cache for DynamoDB
EMR (Elastic MapReduce)
Big data, hadoop
analyze data S3
- Machine learning
- Bussiness intell­igent (BI) service
For mongoDB
- Graph database
- For social network
QLDB (Quantum ledger database)
book (ledger)
Amazon manage blockchain
AWS Glue
extract, move S3
DMS (Database migrate service)
- Migrate
- Support:
 + Homoge­nerous migrates
 + Hetero­gen­erous migrates

Other Compute

- Launch docker container
- not serverless
- Intergrate Applic­ation load balacer
- launch docker container
- Serverless
ECR (Elastic Container Registry)
Store docker image
AWS Lamda
- You only upload code, lamda will run code deploy for you
- Java, Nodejs, Python
Amazon API Gateway
- Build a serverless API
AWS Batch
- Launch EC2 or Spot Instance
- Run by docker image & run on ECS
Simple create server for people little experience

Deploying and Managing Infras­tru­cture at scale

Cloud Formation
- Is a declar­ative way of outlining your AWS Infrastructure
- Repeat across region & account.
CDK (Cloud Developer Kit)
Defind infras­tru­cture by language program
Elastic Beanstalk
- Developer centric view of deploy app on AWS
- Easy to user service deploy
- Paas
- Free
AWS Code Deploy
- Deploy app auto
- Hyrid service
- Config CodeDeploy Agent
AWS Code Commit
git repository
AWS Code Build
Complies source code, run test
Code Artifact
Manage depend on software package (npm, ...))
Code Star
- Unified UI manage software in one place
- Can edit Cloud 9
Cloud 9
Cloud IDE
SSM (Amazon System Manager)
- Manage EC2 and on-premise
- SSM sission manager: start shell on EC2 not SSH not port
- UI view operat­ional data
chef & puppet

Global Infras­tru­cture

is a manage DNS
- Content delivery network (CDN)
- DDos protect
- File cacshe
- Static content
S3 Cross Region Relication
- File update realtime
- Read only, dynamic content
S3 Transfer Accele­ration
Upload and download file to S3 bucket
AWS Global Accele­rator
- Improve global app and performance
- 2 any cast ip
- Integrate Sheild
- No cache
- Improve TCP or UDP
AWS Outposts
- Hyrid
- Server racks
- Access AWS Infras­tru­cture on -premise
AWS Warelength
5G Network
AWS LocalZones
place sesrvices closer to user

Cloud Interg­ration

Push notifier
- Streaming
- Type:
+ Data stream
+ Data Fire house
+ Data analytic
+ Video streaming
Amazon MQ
- For RabbitMQ, ActiveMQ
- have SNS & SQS feature.

Cloud Monitoring

Amazon CloudWatch
- Metrics: various monitor
- Alarm: Trigger notify for metric
- Logs: Realtime monitor log
Amazon EventB­ridge
Service allow access realtime change of AWS Service under SaaS
- Goverm­ance, complance and audit your account
- Resource deleted => view CloudTrail
- Record API your account
- Debug in production
CloudTrail Insight
Auto analysis cloudtrail event
Amazon Code Guru
- Code review and recommand
- 2 function: Code Guru Reviewer and Code Guru Profier
AWS Personal Health Dashboard
Remend­iation guide when AWS experiency may impact you
AWS Services Health Dashboard
Status all AWS service across all regions


Internet Gateway
Help VPC Connect internet
NAT Gateway
- Private subnet to access internet
- AWS manage
NAT Instance
- Private subnet to access internet
- Self manage
NACL (Network ACL)
Firewall controls traffic to subnet
VPC Flow Logs
Capture info IP
VPC Peering
Connect two VPC
VPC Endpoint
Allow connect AWS Service use private network
AWS PrvateLink
Most secure & scalable way to expose a service to 1000s of VPCs.
DX (Direct connect)
- Make easy establish a declicate connect form on-premise network to one or more VPC in same region
- Private connect form data center to AWS
Client VPN
Connect your compute to private netwowrk user open VPC
Transit Gateway
Transitive peering between thousand of VPC and on-pre­mise, optimized network

Security and Compliance

WAF (Web Applic­ation Firewall)
- Protect your web app (layer 7)
- Protect SQL Injection, cross site scripting
Penetr­ation Testing
Customer test infras­tru­cture AWS
Cloud HSM
Encrypt hardware
ACM (AWS Certif­icate Manager)
SSL/TLS Certif­icate
AWS Secret Manager
Store secret
AWS Artifact
Customer access AWS compli­anc­e/S­ecurity document and AWS agreement
AWS GuardDuty
- Inteligent protect
- Against crypto currency attack.
AWS Inspector
Auto security assetment
AWS Config
- Audit & recording compliance your AWS resource
- Config AWS resources
- Keep track change your resources
- Have Service AWS Config Resources
AWS Macie
Protect your sensitive data
AWS Security Hub
Cental security tool across several AWS account and auto security check
AWS Detective
Analyze, quickly identifies root cause of security issue
AWS abuse
Report AWS resource use for abuse or illiegal purpose

Machine Learning

Find object, people, text, ...
Convert speech to text
Convert text to speech
Recieve call, message SMS
Natual language pocessing - NLP
Developer build ML Model
Use ML to Forecast
Document search (text, pdf, ...)
Amazon Person­alize
Buil app realtime personal
Extract text, hand writing

Account Manage­ment, Billing & Support

AWS Trust Advisor
- Tool realtime guildance help you provision your resource
- Check security group for rules allow urestrical aross
AWS Cost Explorer
View cost
Cost Allocation Tag
Categories and track resource view billing
CTO Calculator
Estimate cost save between AWS and on-premise
AWS Pricing Calculator
Estimate a month bill resource use
AWS Budgets
Set custm budgets to track your cost and usage.
Cost And Usage Report
Dive Deeper in your AWS cost and usage
Billing Alarm
- Simple alarm cost
- Not powerfull as AWS budget
AWS Basic Support Plan
AWS Business Support Plan (24/7)
- Production workload
- Phone, email, chat to Cloud Support Engineer
AWS Enterprise Support Plan (24/7)
- Production or bussiness critaical workload
- Mission critical workload
- Access Techinical Account Manage (TAM)
- Concierge Support Team
- Infras­tru­cture event manage, well-a­rch­itect & operta­tiono reviews

Advanced Identity

Security Token Services
Create temporary, limit privilege creden­tials
AWS Cognito (Simpl­ified)
- Identity for web and mobile
- Sign up, sign in (SAML & OpenID)
- You can create user by Cognito
AWS Directory Service
Manage Microsoft Active Directory

Other AWS Service

Amazon Workspace
- Virtual Desktop Computing
- Manage desktop as services (DAAS) Solutions.
Amazon Appstream 2.0
App streaming allow access vitual desktop
Amazon sumerian
Amazon IoT Core
AMazon Elastic transcoder
Convert media file S3 to media file
AWS Appsync
Service allow developer build app with realtime or offline synced data.
AWS Device Form
Test web and mobile in browser
AWS Backup
Auto backup
DRS - Elastic Disaster Recovery
Quickly and easily recover your physical and cloud
AWS DataSync
Move large data on-premise to AWS
AWS Applic­ation Migrate Service
lift and sift solution simle migrate app to AWS
AWS Fault Injection Simulator
Run test fault injection
AWS StepFu­nction
Build workflow order to lamda
AWS GroudS­tation
Controll Sattelite Commun­icator
AWS Pinpoint
Scale 2 way (outbo­und­/in­vound marker­ting)

AWS Archit­ecting & Ecosystem

AWS Well-A­rch­ite­cture Tool
Review your architect 6 pillas
AWS Right Sizing
Process matching instance type size your requir­ement
AWS Market­place
Digital catalog with thousand of software
AWS Training
AWS Profes­sional Services & Partner Network
- Is global team of export
- APN = AWS Partner Network
AWS Knowlege Center
Most frequently & Common question
Quicky find help
AWS re:post
Question and Answer Services


- Deploy popular techno­logies
AWS Storage gateway
- Hyrid cloud storage service
Services control policy (SCPS)
Are a type of organi­zation policy you can use manage permission in your organi­zation.
Service controll policy (SCP)
Retrict acount privileage
AWS Control Tower
Easy way to setup govern a secure and complant AWS enviroment base on best practice
AWS Compute Optimizer
Recomment optimizer resource your workload
AWS Analyzer
Identity resource external
SWF (Simple Workflow services)
is a web services easy to coordinate work across distribute applic­ation component


1) Advanced RDS ỏ database admin => simplifies
2) VPC include multiple AZ
3) AWS Trust Advisior: Tool realtime guilidance help you provision your resource
4) AWS Health Dashboard: show issue impact your resource
5) AWS Cost Exploere: is used for view cost
6) S3 Store virtual unlimited
7) Cost Allocation Tags => categories and track resource after run view billing cost Explorer
8) Elasticity to resolve the issue of under utiliz­ation
9) AWS Direct Connect: provide private connect from data center to AWS
10) AWS Transit gateway: used for optimizing the network VPC and on-premise network.
11) EC2 hosts # Ec2 instance
12) Contin­ually reduce price => economies of scale
13) Quick Start => deploy popular techno­logies on AWS
14) Cloud Formation => deploy infras­tru­cture from template
15) AWS Artifact =>p­rovide access AWS security and compliance report.
16) AWS Config: used for compliance relating config AWS resource.
17) IAM grant for S3 bucket => update principal
18) Launch EC2 Instance behind Elastic Load Balance => accross multi AZ in a single AWS Region
19) Database access operating system => EC2
20) Dynamo DB => config (custo­mer), backup (AWS)
21) A sole manage repons­ibility AWS => AZ manager
22) Agility - (fast, quick) in one click
23) Elasticity - Infras­tru­cture scale base on demand.
24) Fault tolerance - Ensuring app stay available in the event of a fault.
25) CTO Calculator - estimat cost saving on AWS compare on-premise
26) AWS Pricing Calculator - Estiamte a month bill resource use
27) IAM Roles not have standard long-term creden­tials
28) AWS Storage Gateway - hyrid cloud storage servies
29) VPC establish connect between your on-premise network
30) AWS Budgets - set custom budgets to trck your cost and usage
31) AWS config keep track all change your resource
32) In a higher avalable system the failer of a single component should not affect the app.
33) Quick Sight - bussiness intellient (BI) service
34) Elastic Beanstalk - Easy to user service deploy
35) Access key contain 2 part: an access key ID and a secret access key
36) Trust Advisor - check security group for rules allow unrest­ricted access
37) Service control policy (SCPs) - are a type of organi­zation policy that you can use to manage permission iyour organi­zation
38) Network ACL: chặn IP cụ thể (block IP)
39) Access Analyzer: ideatity resource ễtrnal
40) AWS System Manager: UI view operat­ional data.
41) IAM user have an access key ID and secret access key
42) Sheild => in a edge location
43) Amazon Cognito can add user sign-up, sign-in and access control web & mobile (SAML) and OpenID
44) GuardDuty: account continous for malicious activity and unauth­orized behavior.
45) AWS site-t­o-site VPN: encrypt traffic arcoss your network + Amazon workspace
46) Amazon App Stream 2.0: is non-pe­rsi­stent desktop and applic­ation services for remotely access your work
47) AWS managed services (AMS): adopt scale and operate more effici­ently and securely. Easily leave a lot of the heavy lifting to AWS.
48) FSX - has standard server message block (SMB) protocol to access file over a network
49) Facility operation and hardware procur­ement cost are something you no longer to pay for in AWS cloud.
50) AWS Technical Account Mnager: provide expert monitoring and optimi­zation for your enviro­nment and cordinates access to other pgram and experts
51) The company is resonsible for enabling encryp­tiion on the buckets S3
52) AWS Applic­ati­oDi­scovery Service: help you plan your migrate AWS, collect usage and cofig data.
53) AWS Resource Groups: manage and auto task on large number of resource in one place.
54) AWS Service Catalog: reate and manage catalog IT services
55) SQS and Step Function: provide asynch­onous itergrate
56) Amazon EC2 Dedicate host: allow use your iligoble software licenses from vendors.
57) Consol­idated billing benefit: onebill, easy tracking, conbined usage, no extra fee.
58) AWS Health API is available to bussiness, Enterprise On-Ramp, Enterprise Support
59) AWS Storgae & Gateway has gateway virtual Tape library to backup software.
60) Resource perfor­mance monitor, event and leart => Cloudwatch
61) Account - specific activity and audit => CloudTrail
62) Resource - specific change history, audit, compliance => Config
63) Service Health Dashboard display the general status personal Health Daboard personal view.
64) Cloudf­ormatio => same AWS infras­tru­cture across multiple AWS Account and regions
65) Elastic Load Balance - high availi­bility, auto scleing and rebust security.
66) U2F security key - use USB port on yr compute
67) Virtual MFA Sservice - software app
68 ) Hardwrae MFA Device - hardware device generate six-di­gital
69) SMS text message - SMS
70) AWS Computed Optimizer: provide EC2, ELB, Lamda, Auto Scaling; not provide EFS, S3.
71) Cloudwatch enable central log on-premise and cloud.
72) IAM Credential Report: là loại báo cáo liệt kê all user và trạng thái thông tin đăng nhập của họ.
73) IAM Access Advisor: là 1 cố vấn truy cập, show ra các quyền dịch vụ được cấp cho user và thời điểm dịch vụ đó truy cập lần cuối.
74) AMI: là loại thiết bị ảo để tạo 1 máy áo
75) EFS: dịch vụ lưu trữ tệp
76) OpsHub: software quản lý Snow Family
77) AWS Storage gateway: hyrid access on-premise to AWS
78) AWS EMR: dịch vụ Hadoop (big data), kiểm soát cụm và phần mềm cài trên nó
79) Althena: analyze data S3
80) AWS Batch: run job batch trên nhiều AZ trong 1 region
81) Lightsail: tạo server cho người ít kinh nghiệm
82) Elastic Beanstalk: dịch vụ Paas giúp dễ dàng triển khai và mở rộng ứng dụng web và dịch vụ
83) AWS Code pipeline: tự động hóa quy trình deploy cho các bản cập nhật nhanh chống và ổn định.
84) CodeStar: Unifed UI in one place manage.
85) Quicks­ight: machine leaning, trực quan hóa dữ liệu business itelli­gent.
86) AWS System manager: cung cấp cho người dùng khả năng hiển thị và kiểm soát cơ sở hạ tầng trên AWS
87) OpsWorks: quản lý Chef & Puppet, sử dụng mã tự động cấu hình máy chủ.
88) Outpost: khách hàng truy cập cơ sở hạ tầng AWS, hyrid nhất quán.
89) Amazon Event Bridge: truy cập realtime những thay đổi trong dịch vụ AWS dưới dạng Saas
90) AWS CloudT­rail: ghi lại lệnh gọi API
91) AWS Service Heath Dashboard: hiển thị tình trạng chung của ác dịch vụ Ắ
92) NAT gateway: mạng private connect internet nhưng ngăn không cho internet kết nối đến Server đó.
93) NACL: lớp bảo mật như firewall kiểm soát ra vào của 1 hoặc nhiều subnet.
94) VPC Flow log: cho phép nắm bắt thông tin traffic đến và đi
95) AWS Private Link: là cách an toàn để kết nối VPC tới các dịch vụ AWS khác.
96) Forecast: dự báo chuỗi thời gian dựa trên máy học xây dựng phục vụ mục đích phân tích chỉ số kinh doanh
97) Artifact: Truy cập báo cáo trên thư và bảo mật.
98) GuardDuty: phát hiện mói đe dọa, inteligent protect
99) AWS Inspector: phát hiện lỗ hổng bảo mật tự động, phát hiện lỗ hổng bảo mật và khả năng xâm nhập qua mạng
100) AWS Security Hub: cảnh báo bảo mật ưu tiên cao và trạng thái tuân thủ trên các tài khoản AWS.
101) AWS Step Function: luồng công việc cho Lamda
102) AWS Pinpoint: marketing
103) Direct connect
104) Transit gateway
105) AWS Detective: root cause


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          awsReference Cheat Sheet
          AWS Services by Nir Elbaz
          AWS Services Cheat Sheet

          More Cheat Sheets by tronghao

          haodt-module Cheat Sheet
          haodt-lodash Cheat Sheet
          haodt-web-trainning-bt-01 Cheat Sheet