Each AWS Region consists of two or more Availability Zones

Each Availability Zone (AZ) consists of one or more discrete data centers
Amazon Inspector
Amazon Inspector is an automated security assessment service. Amazon Inspector
automatically assesses applications for exposure, vulnerabilities, and deviations from best
practices

Amazon GuardDuty - Amazon GuardDuty is a threat detection service that monitors

malicious activity and unauthorized behavior This service is for AWS account level
access, not for instance-level management like an EC2. GuardDuty cannot be used to
check OS vulnerabilities.
Amazon Macie - Amazon Macie is a fully managed data security and data privacy
service that uses machine learning and pattern matching to discover and protect
your sensitive data in AWS. Macie helps identify and alert you to sensitive data, such
as personally identifiable information (PII).Macie cannot be used to check OS
vulnerabilities.
AWS Shield - AWS Shield is a managed Distributed Denial of Service (DDoS)
protection service that safeguards applications running on AWS.. Shield is general
protection against DDos attacks for all resources in the AWS network, and not an
instance-level security assessment service. Shield cannot be used to check OS
vulnerabilities.
Layer 7

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS
requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or
an Application Load Balancer. HTTP and HTTPS requests are part of the Application
layer, which is layer 7.

Incorrect options:

Layer 3 - Layer 3 is the Network layer and this layer decides which physical path data
will take when it moves on the network. AWS Shield offers protection at this layer.
WAF does not offer protection at this layer.
Layer 4 - Layer 4 is the Transport layer and this layer data transmission occurs using
TCP or UDP protocols. AWS Shield offers protection at this layer. WAF does not offer
protection at this layer.
Platform as a Service (PaaS) - PaaS removes the need to manage underlying
infrastructure (usually hardware and operating systems), and allows you to focus on
the deployment and management of your applications.

Elastic Beanstalk is an example of a PaaS service.

Software as a Service (SaaS) - SaaS provides you with a complete product that is
run and managed by the service provider. AWS Rekognition is an example of a SaaS
service.
AWS Config - AWS Config is a service that enables you to assess, audit, and evaluate
the configurations of your AWS resources..
AWS CloudTrail - AWS CloudTrail is a service that enables governance, compliance,
operational auditing, and risk auditing of your AWS account. With CloudTrail, you can
log, continuously monitor, and retain account activity related to actions across your
AWS infrastructure. CloudTrail provides event history of your AWS account activity,
including actions taken through the AWS Management Console, AWS SDKs,
command-line tools, and other AWS services.
Amazon CloudWatch - Amazon CloudWatch is a monitoring and observability service
built for DevOps engineers, developers, site reliability engineers (SREs), and IT
managers.
Dedicated host

Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from
vendors such as Microsoft and Oracle on Amazon EC2.

Exam Alert:
Please review the differences between Dedicated hosts and Dedicated
instances: 

 
Dedicated instance - Dedicated Instances are Amazon EC2 instances that run in a
virtual private cloud (VPC) on hardware that's dedicated to a single customer.. You
cannot use Dedicated Instances for using server-bound software licenses.
Reserved Instance - Reserved Instances provide you with significant savings (up to
75%) on your Amazon EC2 costs compared to On-Demand Instance pricing. You can
purchase a Reserved Instance for a one-year or three-year commitment, with the
three-year commitment offering a bigger discount. You cannot use Reserved
Instances for using server-bound software licenses.
On-Demand Instance - An On-Demand Instance is an instance that you use on-
demand. You have full control over its lifecycle — you decide when to launch, stop,
hibernate, start, reboot, or terminate it. There is no long-term commitment required
when you purchase On-Demand Instances. There is no upfront payment and you pay
only for the seconds that your On-Demand Instances are running. You cannot use
On-demand Instances for using server-bound software licenses.
SQS - Amazon Simple Queue Service (SQS) is a fully managed message queuing
service that enables you to decouple and scale microservices, distributed systems,
and serverless applications.
SNS - Amazon Simple Notification Service (SNS) is a highly available, durable,
secure, fully managed pub/sub messaging service that enables you to decouple
microservices, distributed systems, and serverless applications.
Lambda - AWS Lambda lets you run code without provisioning or managing servers.
You pay only for the compute time you consume.
Step Function - AWS Step Function lets you coordinate multiple AWS services into
serverless workflows. You can design and run workflows that stitch together
services such as AWS Lambda, AWS Glue and Amazon SageMaker.

A customer master key (CMK) are created and managed by the AWS customer.
Access to these can be controlled using the AWS IAM service.

AWS Managed CMK - AWS managed CMKs are CMKs in your account that are
created, managed, and used on your behalf by an AWS service that is integrated with
AWS KMS.
AWS Owned CMK - AWS owned CMKs are a collection of CMKs that an AWS service
owns and manages for use in multiple AWS accounts.

Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for

the cloud. Amazon Aurora is fully managed by Amazon Relational Database Service
(RDS),
Elastic File Storage (EFS) - Amazon Elastic File System (Amazon EFS) provides a
simple, scalable, fully managed elastic NFS file system for use with AWS Cloud
services and on-premises resources. Amazon EFS supports two forms of encryption
for file systems, encryption of data in transit and encryption at rest.
Elastic Block Storage (EBS) - Amazon Elastic Block Store (EBS) is an easy to use,
high-performance block storage service designed for use with Amazon Elastic
Compute Cloud (EC2) instances for both throughput and transaction-intensive
workloads at any scale.
Amazon S3 - Amazon Simple Storage Service is storage for the Internet. To upload
data into S3 you need to create an S3 bucket in one of the AWS Regions. Amazon S3
default encryption provides a way to set the default encryption behavior for an S3
bucket.
AWS Management Console - The AWS Management Console is a web application
that comprises and refers to a broad collection of service consoles for managing
Amazon Web Services.
AWS Command Line Interface (CLI) - The AWS Command Line Interface (CLI) is a
unified tool to manage your AWS services.
AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides you real-
time guidance to help you provision your resources following AWS best practices on
cost optimization, security, fault tolerance, service limits, and performance
improvement.
AWS Cost AWS Cost Explorer lets you explore your AWS costs and usage at both a
high level and at a detailed level of analysis, and empowering you to dive deeper
using several filtering dimensions
AWS Systems Manager - Systems Manager provides a unified user interface so you
can view operational data from multiple AWS services and allows you to automate
operational tasks across your AWS resources. With Systems Manager, you can
group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS
instances
Contact AWS Abuse Team

The AWS Abuse team can assist you when AWS resources are used to engage in
abusive behavior.

AWS Compute Optimizer - AWS Compute Optimizer recommends optimal AWS

resources for your workloads to reduce costs and improve performance by using
machine. Compute Optimizer helps you choose optimal configurations for three
types of AWS resources: Amazon EC2 instances, Amazon EBS volumes, and AWS
Lambda functions, based on your utilization data.
AWS Systems Manager - AWS Systems Manager is the operations hub for AWS.
Systems Manager provides a unified user interface so you can track and resolve
operational issues across your AWS applications and resources from a central place.
With Systems Manager, you can automate operational tasks for Amazon EC2
instances or Amazon RDS instances.
AWS Budgets - AWS Budgets allows you to set custom budgets to track your cost
and usage from the simplest to the most complex use cases. With AWS Budgets,
you can choose to be alerted by email or SNS
AWS Cost Explorer - AWS Cost Explorer has an easy-to-use interface that lets you
visualize, understand, and manage your AWS costs and usage over time.
AWS Simple Monthly Calculator

The Simple Monthly Calculator provides an estimate of usage charges for AWS
services based on certain information you provide. It helps customers and prospects
estimate their monthly AWS bill more efficiently.

AWS Total Cost of Ownership (TCO) Calculator

TCO calculator helps to compare the cost of your applications in an on-premises or

traditional hosting environment to AWS

Access keys are long-term credentials for an IAM user or the AWS account root user.
You can use access keys to sign programmatic requests to the AWS CLI or AWS API
(directly or using the AWS SDK).
Use IAM Groups to access AWS resources programmatically - IAM Group is for
managing users and not for programmatic access to AWS resources.
Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

S3 Standard-IA is for data that is accessed less frequently, but requires rapid access
when needed.

Amazon S3 Standard - The S3 Standard offers high durability, availability, and

performance object storage for frequently accessed data.
Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) - The S3 Intelligent-Tiering
storage class is designed to optimize costs by automatically moving data to the
most cost-effective access tier,
Amazon S3 Glacier (S3 Glacier) - Amazon S3 Glacier is a secure, durable, and
extremely low-cost Amazon S3 cloud storage class for data archiving and long-term
backup. It is designed to deliver 99.999999999% durability

AWS Direct Connect

AWS Direct Connect is a cloud service solution that makes it easy to establish a
dedicated network connection from your premises to AWS.

Amazon VPC Endpoint - A VPC endpoint enables you to privately connect your VPC
to supported AWS services and VPC endpoint services powered by AWS PrivateLink
without requiring an internet gateway, NAT device, VPN connection, or AWS Direct
Connect connection.
Internet Gateway - An Internet Gateway is a horizontally scaled, redundant, and
highly available VPC component that allows communication between your VPC and
the internet
Site-to-Site VPN - AWS Site-to-Site VPN creates a secure connection between your
data center or branch office and your AWS cloud resources. This connection goes
over the public internet.
AWS Storage Gateway

AWS Storage Gateway is a hybrid cloud storage service that connects your existing
on-premises environments with the AWS Cloud. Customers use Storage Gateway to
migration, archiving, processing, and disaster recovery use cases.

AWS Storage Gateway service provides three different types of gateways – Tape
Gateway, File Gateway, and Volume Gateway – that seamlessly connect on-premises
applications to cloud storage, caching data locally for low-latency access.

"AWS Snowball" - AWS Snowball is a data transport solution that accelerates moving
terabytes to petabytes of data into and out of AWS services using storage devices

Agility

In the world of cloud computing, "Agility" refers to the ability to rapidly develop, test
and launch software applications

Elasticity - This refers to the ability to acquire resources as you need and release
when they are no longer needed is termed as Elasticity of the Cloud.
Reliability - This refers to the ability of a system to recover from infrastructure or
service disruptions, by dynamically acquiring computing resources to meet demand,
and mitigate disruptions.
Scalability - Scalability is the measurement of a system's ability to grow to
accommodate an increase in demand, or shrink down to a diminishing demand.

"S3 Glacier Deep Archive" - S3 Glacier Deep Archive is Amazon S3’s lowest-cost
storage class and supports long-term retention and digital preservation for data that
may be accessed once or twice in a year. It is designed for customers — particularly
those in highly-regulated industries, such as the Financial Services, Healthcare, and
Public Sectors — that retain data sets for 7-10 years or longer to meet regulatory
compliance requirements. S3 Glacier Deep Archive can also be used for backup and
disaster recovery use cases. It has a retrieval time (first byte latency) of 12 to 48
hours.

CloudTrail

You can use CloudTrail to log, monitor and retain account activity related to actions
across your AWS infrastructure. CloudTrail provides an event history of your AWS
account activity, including actions taken through the AWS Management Console,
AWS SDKs, command-line tools, and other AWS services.
You may see use-cases asking you to select one of CloudWatch vs CloudTrail vs
Config. Just remember this thumb rule -

Think resource performance monitoring, events, and alerts; think CloudWatch.

Think account-specific activity and audit; think CloudTrail.

Think resource-specific change history, audit, and compliance; think Config.

Amazon DynamoDB is a key-value and document database that delivers single-digit

millisecond performance at any scale. It's a fully managed, multi-Region, multi-
master, durable database with built-in security, backup and restore, and in-memory
caching for internet-scale applications.

AWS Lambda lets you run code without provisioning or managing servers.

Amazon EMR is the industry-leading cloud big data platform for processing vast
amounts of data using open source tools such as Hadoop, Apache Spark, Apache
Hive, Apache HBase, Apache Flink, Apache Hudi, and Presto.

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure,
resizable compute capacity in the cloud with support for per-second billing.

AWS Elastic Load Balancing

Elastic Load Balancing is used to automatically distribute your incoming application

traffic across all the EC2 instances that you are running.

AWS Elastic Beanstalk - AWS Elastic Beanstalk is an easy-to-use service for

deploying and scaling web applications and services developed in a variety of
programming languages. You can simply upload your code and Elastic Beanstalk
automatically handles the deployment, from capacity provisioning, load balancing,
auto-scaling to application health monitoring.
Amazon Elasticsearch - The term "Elasticsearch" is used to define a distributed, open
source search and analytics engine for all types of data, including textual, numerical,
geospatial, structured, and unstructured. Amazon Elasticsearch Service is a fully
managed service
AWS Auto Scaling - AWS Auto Scaling monitors your applications and automatically adjusts
capacity to maintain steady, predictable performance at the lowest possible cost.

AWS Artifact

AWS Artifact is your go-to, central resource for compliance-related information that
matters to your organization. It provides on-demand access to AWS’ security and
compliance reports and select online agreements. Reports available in AWS Artifact
include our Service Organization Control (SOC) reports, Payment Card Industry (PCI)
reports, and certifications from accreditation bodies across geographies and
compliance verticals that validate the implementation and operating effectiveness of
AWS security controls.. For example, the Business Associate Addendum (BAA) is
available for customers that need to comply with the Health Insurance Portability
and Accountability Act (HIPAA). It is not a service, it's a no-cost, self-service portal
for on-demand access to AWS’ compliance reports.

Redshift - Amazon Redshift is a fully-managed petabyte-scale cloud-based data

warehouse product designed for large scale data set storage and analysis.
Glue - AWS Glue is a fully managed extract, transform, and load (ETL) service that
makes it easy for customers to prepare and load their data for analytics.
Storage Gateway - AWS Storage Gateway is a hybrid cloud storage service that
connects your existing on-premises environments with the AWS Cloud.
Database Migration Service - AWS Database Migration Service helps you migrate
databases to AWS quickly and securely.

A security group acts as a virtual firewall for your instance to control inbound and
outbound traffic. Security groups act at the instance level, not at the subnet level.
You can specify allow rules, but not deny rules. You can specify separate rules for
inbound and outbound traffic.

A Network Access Control List (NACL) is an optional layer of security for your VPC
that acts as a firewall for controlling traffic in and out of one or more subnets (i.e. it
works at subnet level). A network ACL has separate inbound and outbound rules, and
each rule can either allow or deny traffic.

You can use a network address translation (NAT) gateway or a NAT Instance to
enable instances in a private subnet to connect to the internet or other AWS services,
but prevent the internet from initiating a connection with those instances. NAT
Gateway is managed by AWS but NAT Instance is managed by you.

AWS X-Ray - You can use AWS X-Ray to analyze and debug serverless and
distributed applications such as those built using a microservices architecture.
AWS Trusted Advisor - AWS Trusted Advisor is an online tool that provides you real-
time guidance to help you provision your resources following AWS best practices on
cost optimization, security, fault tolerance, service limits and performance
improvement.
Amazon Pinpoint - Amazon Pinpoint allows marketers and developers to deliver
customer-centric engagement experiences by capturing customer usage data to
draw real-time insights.
AWS CloudFormation - AWS CloudFormation allows you to use programming languages or a
simple text file to model and provision, in an automated and secure manner, all the
resources needed for your applications across all Regions and accounts. Think
infrastructure as code; think CloudFormation.

Amazon ElastiCache Reserved Nodes: Amazon ElastiCache Reserved Nodes give

you the option to make a low, one-time payment for each cache node you want to
reserve and, in turn, receive a significant discount on the hourly charge for that node.

Amazon RDS RIs: All Reserved Instance types are available for Aurora, MySQL,
MariaDB, PostgreSQL, Oracle, and SQL Server database engines.

Amazon Redshift Reserved Nodes: If you intend to keep an Amazon Redshift cluster
running continuously for a prolonged period, you should consider purchasing
reserved-node offerings. paying for those nodes for either a 1- or 3-year duration.

Business - AWS recommends Business Support if you have production workloads on AWS
and want 24x7 phone, email and chat access to technical support and architectural
guidance in the context of your specific use-cases. You get full access to AWS Trusted
Advisor Best Practice Checks. Also, you get access to Infrastructure Event Management for
an additional fee.

EC2 Instance Pricing

A "vertically scalable" system, is constrained to be running its processes on only one
computer. In such systems, the only way to increase performance is to add more
resources into one computer in the form of faster (or more) CPUs, memory or
storage. Fault tolerance is not possible on vertically scalable systems since a single
instance is prone to failure.

A "vertically scalable" system runs on a single instance. Adding power is only

possible through the addition of resources in the form of CPU, RAM, or storage to
enhance performance.
A "horizontally scalable" system is one that can increase capacity by adding more
computers to the system.
Deploy the database via Elastic Beanstalk - You cannot deploy only a database via
Elastic Beanstalk as its meant for automatic application deployment when you
upload your code. Then Elastic Beanstalk automatically handles the deployment,
from capacity provisioning, load balancing, auto-scaling to application health
monitoring. Hence this option is incorrect.
There is no standby available while using read replicas. In case of infrastructure
failure, you have to manually promote the read replica to be its own standalone DB
Instance, which means that the database endpoint would change.

AWS Budgets
AWS Budgets gives you the ability to set custom budgets that alert you when your
costs or usage exceed (or are forecasted to exceed) your budgeted amount.

You can also use AWS Budgets to set reservation utilization or coverage targets and
receive alerts when your utilization drops below the threshold you define.
Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift,
Amazon ElastiCache, and Amazon Elasticsearch reservations.

Amazon Route 53

AWS Shield Advanced provides expanded DDoS attack protection for web
applications running on the following resources: Amazon Elastic Compute Cloud,
Elastic Load Balancing (ELB), Amazon CloudFront, Amazon Route 53, AWS Global
Accelerator.

Amazon API Gateway - Amazon API Gateway is a fully managed service that makes
it easy for developers to create, publish, maintain, monitor, and secure APIs at any
scale.
AWS CloudFormation - AWS CloudFormation allows you to use programming
languages or a simple text file to model and provision, in an automated and secure
manner, all the resources needed for your applications across all regions and
accounts.
AWS Elastic Beanstalk - AWS Elastic Beanstalk is an easy-to-use service for
deploying and scaling web applications and services developed with various
programming languages. You can simply upload your code and Elastic Beanstalk
automatically handles the deployment, from capacity provisioning, load balancing,
auto-scaling to application health monitoring.

APN Consulting Partner

The AWS Partner Network (APN) is the global partner program for technology and
consulting businesses that leverage Amazon Web Services to build solutions and
services for customers.

APN Technology Partner - APN Technology Partners provide hardware, connectivity

services, or software solutions that are either hosted on or integrated with, the AWS
Cloud.
Concierge Support Team - The Concierge Support Team are AWS billing and
account experts that specialize in working with enterprise accounts. They will quickly
and efficiently assist you with your billing and account inquiries.
IAM Role - An IAM role is similar to an IAM user, in that it is an AWS identity with
permission policies that determine what the identity can and cannot do in AWS.
However, instead of being uniquely associated with one person, a role is intended to
be assumable by anyone who needs it.
IAM Group - An IAM group is a collection of IAM users. Groups let you specify
permissions for multiple users, which can make it easier to manage the permissions
for those users.
AWS Policy - You manage access in AWS by creating policies and attaching them to
IAM identities (users, groups of users, or roles) or AWS resources. A policy is an
object in AWS that, when associated with an identity or resource, defines their
permissions.

AWS Identity and Access Management (IAM) enables you to manage access to AWS
services and resources securely. Using IAM, you can create and manage AWS users
and groups, and use permissions to allow and deny their access to AWS resources.

Amazon CloudFront is a fast content delivery network (CDN) service that securely
delivers data, videos, applications, and APIs to customers globally with low latency,
high transfer speeds, all within a developer-friendly environment.

AWS Direct Connect - AWS Direct Connect is a cloud service solution that makes it
easy to establish a dedicated network connection from your premises to AWS. Using
AWS Direct Connect, you can establish private connectivity between AWS and your
datacenter, office, or colocation environment, which in many cases can reduce your
network costs, increase bandwidth throughput, and provide a more consistent
network experience than Internet-based connections.
AWS VPN - AWS Virtual Private Network (VPN) solutions establish secure
connections between on-premises networks, remote offices, client devices, and the
AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN
and AWS Client VPN. Together, they deliver a highly-available, managed, and elastic
cloud VPN solution to protect your network traffic.
Amazon VPC - Amazon Virtual Private Cloud (Amazon VPC) lets you provision a
logically isolated section of the AWS Cloud where you can launch AWS resources in
a virtual network that you define. You have complete control over your virtual
networking environment, including the selection of your IP address range, creation of
subnets, and configuration of route tables and network gateways. You cannot use
Amazon VPC to connect your on-premises network with AWS Cloud.
Internet Gateway - An Internet Gateway is a horizontally scaled, redundant, and
highly available VPC component that allows communication between instances in
your VPC and the internet. Therefore, it imposes no availability risks or bandwidth
constraints on your network traffic. You cannot use an Internet Gateway to
interconnect your on-premises network with AWS Cloud, hence this option is
incorrect.
Amazon Route 53 - Amazon Route 53 is a highly available and scalable cloud
Domain Name System (DNS) web service. It is designed to give developers and
businesses an extremely reliable and cost-effective way to route end users to
Internet applications by translating names like www.example.com into the numeric
IP addresses like 192.0.2.1 that computers use to connect. You cannot use Amazon
Route 53 to connect your on-premises network with AWS Cloud.
AWS Organizations
AWS Organizations helps you to centrally manage billing; control access,
compliance, and security; and share resources across your AWS accounts. Using
AWS Organizations, you can automate account creation, create groups of accounts
to reflect your business needs, and apply policies for these groups for governance.
You can also simplify billing by setting up a single payment method for all of your
AWS accounts. AWS Organizations is available to all AWS customers at no
additional charge.

Edge Location Management

Security and Compliance is a shared responsibility between AWS and the customer.
This shared model can help relieve the customer’s operational burden as AWS
operates, manages, and controls the components from the host operating system
and virtualization layer down to the physical security of the facilities in which the
service operates.

AWS is responsible for security "of" the cloud. This covers their global infrastructure
elements including Regions, Availability Zones, and Edge Locations.

Server-side Encryption

The customer is responsible for security "in" the cloud. Customers are responsible
for managing their data including encryption options and using Identity and Access
Management tools for implementing appropriate access control policies as per their
organization requirements. For abstracted services, such as Amazon S3 and
Amazon DynamoDB, AWS operates the infrastructure layer, the operating system,
and platforms, and customers access the endpoints to store and retrieve data.
Therefore, these three options fall under the responsibility of the customer according
to the AWS shared responsibility model.

Correct option: Elasticity

The ability to acquire resources as you need and release when they are no longer
needed is termed as Elasticity of the Cloud. With cloud computing, you don’t have to
over-provision resources upfront to handle peak levels of business activity in the
future. Instead, you provision the number of resources that you need. You can scale
these resources up or down instantly to grow and shrink capacity as your business
needs change.

What is
Elasticity: 
  
via - https://aws.amazon.com/what-is-cloud-computing/

Incorrect options:

Reliability - Refers to the ability of a system to recover from infrastructure or service

disruptions, by dynamically acquiring computing resources to meet demand, and
mitigate disruptions.
Durability - Refers to the ability of a system to assure data is stored and data
remains consistently on the system as long as it is not changed by legitimate
access, i.e. data should not get corrupt or disappear from the cloud because of a
system malfunction.
Resiliency - Describes the ability of a system to recover from a failure induced by the
load (data or network), attacks, and failures (hardware, software, or network
failures).
Amazon Elastic Container Service - Fargate launch type

AWS Fargate is a serverless compute engine for containers. It works with both
Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service
(EKS). Fargate makes it easy for you to focus on building your applications. Fargate
removes the need to provision and manage servers, lets you specify and pay for
resources per application, and improves security through application isolation by
design.

Amazon Elastic Container Service - EC2 launch type - Amazon Elastic Container
Service (Amazon ECS) is a highly scalable, fast, container management service that
makes it easy to run, stop, and manage Docker containers and allows you to easily
run applications on a managed cluster of Amazon EC2 instances. Unlike Fargate, this
is not a fully managed service and you need to manage the underlying servers
yourself.
AWS Lambda - AWS Lambda is a compute service that lets you run code without
provisioning or managing servers. AWS Lambda executes your code only when
needed and scales automatically, from a few requests per day to thousands per
second. Lambda does not support running container applications.
Amazon DynamoDB

Amazon DynamoDB is a NoSQL database that supports key-value and document

data models
Amazon RDS for PostgreSQL - Amazon RDS for PostgreSQL is an AWS service for
relational databases.
Amazon Redshift - Amazon Redshift is a fully-managed petabyte-scale cloud-based
data warehouse product designed for large scale data set storage and analysis.
Amazon Redshift does not support flexible schema.
Amazon Aurora - Amazon Aurora is an AWS service for relational databases.
Schema change on a relational database is not easy and straight-forward as it is on
a NoSQL database. Aurora does not support flexible schema.
CloudWatch - Amazon CloudWatch is a monitoring and observability service built for
DevOps engineers, developers, site reliability engineers (SREs), and IT managers.
CloudWatch provides data and actionable insights to monitor applications, respond
to system-wide performance changes, optimize resource utilization, and get a unified
view of operational health.
Lambda - AWS Lambda lets you run code without provisioning or managing servers.
You pay only for the compute time you consume. The lambda has a maximum
execution time of 15 minutes, so it can be used to run this log backup process.
AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and remediation guidance when
AWS is experiencing events that may impact you. With Personal Health Dashboard,
alerts are triggered by changes in the health of your AWS resources, giving you event
visibility, and guidance to help quickly diagnose and resolve issues.

AWS Service Health Dashboard - AWS Service Health Dashboard publishes most up-
to-the-minute information on the status and availability of all AWS services in tabular
form for all Regions that AWS is present in.
Cost Optimization

The Well-Architected Framework provides guidance on building secure, high-

performing, resilient, and efficient infrastructure for cloud based applications. Based
on five pillars — operational excellence, security, reliability, performance efficiency,
and cost optimization — the Framework provides a consistent approach for
customers and partners to evaluate architectures, and implement designs that will
scale over time.

Incorrect options:

Elasticity - Elasticity is the ability to acquire resources as you need them and release
resources when you no longer need them. In the cloud, you want to do this
automatically.
Availability - A system that is available is capable of delivering the designed
functionality at a given point in time. Highly available systems are those that can
withstand some measure of degradation while still remaining available.
Scalability - A measurement of a system's ability to grow to accommodate an
increase in demand.
AWS Marketplace

AWS Marketplace is a digital catalog with thousands of software listings from

independent software vendors that make it easy to find, test, buy, and deploy
software that runs on AWS.

AWS Config - AWS Config is a service that enables you to assess, audit, and evaluate
the configurations of your AWS resources.
AWS OpsWorks - AWS OpsWorks is a configuration management service that
provides managed instances of Chef and Puppet.
AWS Systems Manager - AWS Systems Manager gives you visibility and control of
your infrastructure on AWS.
AWS Config

AWS Config is a service that enables you to assess, audit, and evaluate the
configurations of your AWS resources. Think resource-specific history, audit, and
compliance; think Config.

With AWS Config, you can do the following: 1. Evaluate your AWS resource
configurations for desired settings. 2. Get a snapshot of the current configurations of
the supported resources that are associated with your AWS account. 3. Retrieve
configurations of one or more resources that exist in your account. 4. Retrieve
historical configurations of one or more resources. 5. Receive a notification
whenever a resource is created, modified, or deleted. 6.View relationships between
resources. For example, you might want to find all resources that use a particular
security group.

AWS Service Catalog - AWS Service Catalog allows organizations to create and
manage catalogs of IT services that are approved for use on AWS.
AWS CloudFormation - AWS CloudFormation provides a common language to model
and provision AWS and third-party application resources in your cloud environment.
AWS CloudTrail - AWS CloudTrail is a service that enables governance, compliance,
operational auditing, and risk auditing of your AWS account. With CloudTrail, you can
log, continuously monitor, and retain account activity related to actions across your
AWS infrastructure. CloudTrail provides the event history of your AWS account
activity, including actions taken through the AWS Management Console, AWS SDKs,
command-line tools, and other AWS services. Think account-specific activity and
audit; think CloudTrail.
AWS Systems Manager Session Manager

AWS SSM Session Manager is a fully-managed service that provides you with an
interactive browser-based shell and CLI experience.
Amazon EC2 Instance Connect - Amazon EC2 Instance Connect provides a simple
and secure way to connect to your Linux instances using Secure Shell (SSH).
Amazon Inspector - Amazon Inspector is an automated security assessment service
that helps improve the security and compliance of applications deployed on AWS..
Amazon Route 53 - Amazon Route 53 is a highly available and scalable cloud
Domain Name System (DNS) web service.
AWS CloudHSM - AWS CloudHSM is a cloud-based hardware security module (HSM)
that enables you to easily generate and use your encryption keys on the AWS Cloud.
AWS Trusted Advisor - AWS Trusted Advisor is an online tool that provides you real-
time guidance to help you provision your resources following AWS best practices on
cost optimization, security, fault tolerance, service limits and performance
improvement.
Amazon Inspector - Amazon Inspector is an automated security assessment service
that helps improve the security and compliance of applications deployed on AWS.
Amazon Inspector automatically assesses applications for exposure, vulnerabilities,
and deviations from best practices.

Amazon Lightsail - Lightsail is an easy-to-use cloud platform that offers you

everything needed to build an application or website, plus a cost-effective, monthly
plan. Lightsail offers several preconfigured, one-click-to-launch operating systems,
development stacks, and web applications, including Linux, Windows OS, and
WordPress. Lightsail comes with monthly payment plans and does not support per
second billing, so this option is ruled out.
Global Accelerator

AWS Global Accelerator is a service that improves the availability and performance
of your applications with local or global users. It provides static IP addresses that
act as a fixed entry point to your application endpoints in a single or multiple AWS
Regions, such as your Application Load Balancers, Network Load Balancers, or
Amazon EC2 instances. AWS Global Accelerator uses the AWS global network to
optimize the path from your users to your applications, improving the performance
of your traffic by as much as 60%.

Exam Alert:

Please review the differences between CloudFront and Global

Accelerator: 
  

AWS Batch

You can use AWS Batch to plan, schedule and execute your batch computing
workloads across the full range of AWS compute services.

Exam Alert:

Understand the difference between AWS Step Functions and AWS Batch. You may
get questions to choose one over the other. AWS Batch runs batch computing
workloads by provisioning the compute resources. AWS Step Function does not
provision any resources. Step Function only orchestrates AWS services required for
a given workflow. You cannot use Step Functions to plan, schedule and execute your
batch computing workloads by provisioning underlying resources.

Amazon MQ - Amazon MQ is a managed message broker service for Apache

ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers
on AWS.
Amazon Kinesis data stream - Amazon Kinesis Data Streams enables you to build
custom applications that process or analyze streaming data for specialized needs.
You can continuously add various types of data such as clickstreams, application
logs, and social media to an Amazon Kinesis data stream from hundreds of
thousands of sources. Within seconds, the data will be available for your Amazon
Kinesis Applications to read and process from the stream.

AWS Local Zones allow you to use select AWS services, like compute and storage
services, closer to more end-users, providing them very low latency access to the
applications running locally.

Various AWS services such as Amazon Elastic Compute Cloud (EC2), Amazon
Virtual Private Cloud (VPC), Amazon Elastic Block Store (EBS), Amazon FSx, Amazon
Elastic Load Balancing, Amazon EMR, Amazon ElastiCache, and Amazon Relational
Database Service (RDS) are available locally in the AWS Local Zones.

AWS Edge Locations - An AWS Edge location is a site that CloudFront uses to cache
copies of the content for faster delivery to users at any location.
AWS Wavelength - AWS Wavelength extends the AWS cloud to a global network of
5G edge locations to enable developers to innovate and build a whole new class of
applications that require ultra-low latency.
AWS Direct Connect - AWS Direct Connect is a cloud service that links your network
directly to AWS, bypassing the internet to deliver more consistent, lower-latency
performance.
Amazon Kendra - Amazon Kendra is an intelligent search service powered by
machine learning. Kendra reimagines enterprise search for your websites and
applications so your employees and customers can easily find the content they are
looking for, even when it’s scattered across multiple locations and content
repositories within your organization.

Kendra supports unstructured and semi-structured data in .html, MS Office

(.doc, .ppt), PDF, and text formats.

Amazon Personalize - Amazon Personalize enables developers to build applications

with the same machine learning (ML) technology used by Amazon.com for real-time
personalized recommendations.

Amazon Comprehend - Amazon Comprehend is a natural-language processing

(NLP) service that uses machine learning to uncover information in unstructured
data.

Amazon Lex - Amazon Lex is a service for building conversational interfaces into any
application using voice and text.
Penetration Testing

AWS customers can carry out security assessments or penetration tests against
their AWS infrastructure without prior approval for few common AWS services.

Network Stress Testing - AWS considers "network stress test" to be when a test
sends a large volume of legitimate or test traffic to a specific intended target
application. The endpoint and infrastructure are expected to be able to handle this
traffic.

CloudFront makes your website files (such as HTML, images, and video) available
from data centers around the world (called edge locations). When a visitor requests
a file from your website, CloudFront automatically redirects the request to a copy of
the file at the nearest edge location. This results in faster download times than if the
visitor had requested the content from a data center that is located farther away.

AWS CloudFormation allows you to use programming languages or a simple text file
to model and provision, in an automated and secure manner, all the resources
needed for your applications across all regions and accounts. CloudFormation
cannot be used to improve the performance of a static website.

AWS CodeDeploy

AWS CodeDeploy is a service that automates code deployments to any instance,

including Amazon EC2 instances and instances running on-premises.

AWS CodeCommit - AWS CodeCommit is a fully-managed source control service

that hosts secure Git-based repositories.

AWS CloudFormation - AWS CloudFormation allows you to use programming

languages or a simple text file to model and provision, in an automated and secure
manner, all the resources needed for your applications across all regions and
accounts. It cannot be used to automate code deployment.

AWS CodePipeline - AWS CodePipeline is a continuous delivery service that enables

you to model, visualize, and automate the steps required to release your software.

AWS CodePipeline integrates with AWS services such as AWS CodeCommit,

Amazon S3, AWS CodeBuild, AWS CodeDeploy, AWS Elastic Beanstalk, AWS
CloudFormation, AWS OpsWorks, Amazon ECS, and AWS Lambda.

AWS Trusted Advisor

AWS Trusted Advisor is an online tool that provides real-time guidance to help
provision your resources following AWS best practices. AWS Trusted Advisor
analyzes your AWS environment and provides best practice recommendations in five
categories: Cost Optimization, Performance, Security, Fault Tolerance, Service
Limits.

AWS Trusted Advisor checks the Amazon Elastic Compute Cloud (Amazon EC2) instances
that were running at any time during the last 14 days and alerts you if the daily CPU
utilization was 10% or less and network I/O was 5 MB or less on 4 or more days.

Snowball - AWS Snowball is a data transport solution that accelerates moving

terabytes to petabytes of data into and out of AWS services using storage devices
designed to be secure for physical transport.

Database Migration Service - AWS Database Migration Service helps you migrate
databases from on-premises to AWS quickly and securely.

Site to Site VPN - AWS Site-to-Site VPN creates a secure connection between your
data center or branch office and your AWS cloud resources. This connection goes
over the public internet.

Direct Connect - AWS Direct Connect creates a dedicated private connection from a
remote network to your VPC. This is a private connection and does not use the
public internet. Takes at least a month to establish this connection.

Transit Gateway - AWS Transit Gateway connects VPCs and on-premises networks
through a central hub.

VPC Endpoint Gateway

A VPC endpoint enables you to privately connect your VPC to supported AWS
services and VPC endpoint services powered by AWS PrivateLink without requiring
an internet gateway, NAT device, VPN connection, or AWS Direct Connect
connection..

There are two types of VPC endpoints: interface endpoints and gateway endpoints.

An interface endpoint is an elastic network interface with a private IP address from

the IP address range of your subnet that serves as an entry point for traffic destined
to a supported service. Interface endpoints are powered by AWS PrivateLink, a
technology that enables you to privately access services by using private IP
addresses.

A gateway endpoint is a gateway that you specify as a target for a route in your route
table for traffic destined to a supported AWS service. The following AWS services
are supported:
Amazon S3

DynamoDB

AWS Transit Gateway connects VPCs and on-premises networks through a central
hub.

VPC Peering - A VPC peering connection is a networking connection between two

VPCs that enables you to route traffic between them privately.

AWS Direct Connect - AWS Direct Connect creates a dedicated private connection
from a remote network to your VPC..

Site to Site VPN - AWS Site-to-Site VPN creates a secure connection between your
data center or branch office and your AWS cloud resources. This connection goes
over the public internet.

S3 Glacier Deep Archive

S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports
long-term retention and digital preservation for data that may be accessed once or
twice in a year. It is designed for customers — particularly those in highly-regulated
industries, such as the Financial Services, Healthcare, and Public Sectors — that
retain data sets for 7-10 years or longer to meet regulatory compliance
requirements. S3 Glacier Deep Archive can also be used for backup and disaster
recovery use cases. It has a retrieval time (first byte latency) of 12 to 48 hours.

S3 Glacier - Amazon S3 Glacier is a secure, durable, and extremely low-cost Amazon

S3 cloud storage class for data archiving and long-term backup. It is designed to
deliver 99.999999999% durability,

AWS Storage Gateway - AWS Storage Gateway is a hybrid cloud storage service that
gives you on-premises access to virtually unlimited cloud storage. All data
transferred between the gateway and AWS storage is encrypted using SSL (for all
three types of gateways - File, Volume and Tape Gateways).

Amazon EFS - Amazon Elastic File System (Amazon EFS) provides a simple,
scalable, fully managed elastic NFS file system for use with AWS Cloud services and
on-premises resources. It is built to scale on-demand to petabytes without disrupting
applications, growing and shrinking automatically as you add and remove files,
eliminating the need to provision and manage capacity to accommodate growth.

Security and Compliance is a shared responsibility between AWS and the customer.
This shared model can help relieve the customer’s operational burden as AWS
operates, manages and controls the components from the host operating system
and virtualization layer down to the physical security of the facilities in which the
service operates.

AWS is responsible for Security "of" the Cloud - AWS is responsible for protecting
the infrastructure that runs all of the services offered in the AWS Cloud. This
infrastructure is composed of the hardware, software, networking, and facilities that
run AWS Cloud services.

"For abstracted services like Amazon S3, AWS operates the infrastructure layer, the
operating system, and platforms" - For abstracted services, such as Amazon S3 and Amazon
DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and
customers access the endpoints to store and retrieve data.

S3 Versioning

Versioning is a means of keeping multiple variants of an object in the same bucket.

You can use versioning to preserve, retrieve, and restore every version of every object
stored in your Amazon S3 bucket. With versioning, you can easily recover from both
unintended user actions and application failures.
Versioning-enabled buckets enable you to recover objects from accidental deletion
or overwrite. For example: if you delete an object, instead of removing it permanently,
Amazon S3 inserts a delete marker, which becomes the current object version.

S3 lifecycle configuration - With S3 Lifecycle configuration rules, you can tell

Amazon S3 to transition objects to less expensive storage classes, or archive or
delete them.

S3 Storage Classes  S3 Standard for general-purpose storage of frequently

accessed data; S3 Intelligent-Tiering for data with unknown or changing access
patterns; S3 Standard-Infrequent Access (S3 Standard-IA) and S3 One Zone-
Infrequent Access (S3 One Zone-IA) for long-lived, but less frequently accessed data;
and Amazon S3 Glacier (S3 Glacier) and Amazon S3 Glacier Deep Archive (S3 Glacier
Deep Archive) for long-term archive and digital preservation.

S3 Transfer Acceleration - Amazon S3 Transfer Acceleration enables fast, easy, and secure
transfers of files over long distances between your client and an S3 bucket. Transfer
Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations.

Amazon Transcribe Use-

Cases: 

Amazon Polly
Benefits: 

Amazon Translate is used for language translation. Amazon Translate uses neural
machine translation via deep learning models to deliver more accurate and more
natural-sounding translation than traditional statistical and rule-based translation
algorithms.

VPC Peering

A VPC peering connection is a networking connection between two VPCs that

enables you to route traffic between them privately.

Site to Site VPN - AWS Site-to-Site VPN creates a secure connection between your
data center or branch office and your AWS cloud resources. This connection goes
over the public internet. Site to Site VPN cannot be used to interconnect VPCs.

AWS Direct Connect - AWS Direct Connect creates a dedicated private connection
from a remote network to your VPC. This is a private connection and does not use
the public internet. Takes at least a month to establish this connection. Direct
Connect cannot be used to interconnect VPCs.

VPC Endpoint - A VPC endpoint enables you to privately connect your VPC to
supported AWS services and VPC endpoint services powered by AWS PrivateLink
without requiring an internet gateway, NAT device, VPN connection, or AWS Direct
Connect connection. You cannot connect two VPCs using a VPC endpoint.

Warm Standby strategy

The warm standby strategy deploys a functional stack, but at reduced capacity.

DR
strategies: 

 
Amazon Lex - Amazon Lex is a service for building conversational interfaces using
voice and text.

Amazon Rekognition - With Amazon Rekognition, you can identify objects, people,
text, scenes, and activities in images and videos, as well as to detect any
inappropriate content.

Amazon SageMaker - Amazon SageMaker is a fully-managed platform that enables

developers and data scientists to quickly and easily build, train, and deploy machine
learning models at any scale.

Amazon Comprehend - Amazon Comprehend is a natural language processing

(NLP) service that uses machine learning to find meaning and insights in text.

Quick Starts are built by AWS solutions architects and partners to help you deploy
popular technologies on AWS, based on AWS best practices for security and high
availability.

AWS Forums - AWS Forums is an AWS community platform where people can help
each other.

AWS CodeDeploy - AWS CodeDeploy is a service that automates code deployments

to any instance, including EC2 instances and instances running on-premises.

AWS Whitepapers - AWS Whitepapers are technical content authored by AWS and
the AWS community to expand your knowledge of the cloud.

AWS Security Token Service (AWS STS) - AWS Security Token Service (AWS STS) is
a web service that enables you to request temporary, limited-privilege credentials for
AWS Identity and Access Management (IAM) users or for users that you
authenticate (federated users).

Amazon Cognito - Amazon Cognito is a higher level of abstraction than STS.

Amazon Cognito supports the same identity providers as AWS STS, and also
supports unauthenticated (guest) access, and lets you migrate user data when a
user signs in.

AWS Single Sign-On (SSO) - AWS Single Sign-On (SSO) makes it easy to centrally
manage access to multiple AWS accounts and business applications and provide
users with single sign-on access to all their assigned accounts and applications
from one place.

AWS Web Application Firewall (AWS WAF) - AWS WAF is a web application firewall
that helps protect your web applications or APIs against common web exploits and
bots that may affect availability, compromise security, or consume excessive
resources.

AWS Snowmobile

AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely

large amounts of data to AWS. You can transfer up to 100PB per Snowmobile, a 45-
foot long ruggedized shipping container, pulled by a semi-trailer truck

AWS Snowball Edge - Snowball Edge is an edge computing and data transfer device
provided by the AWS Snowball service. It has on-board storage and compute power
that provides select AWS services for use in edge locations. However, one Snowball
Edge only provides up to 100 TB of capacity. Therefore, to transfer 50 PBs, AWS
Snowball Edge is not the most cost-effective option.

AWS Snowball - AWS Snowball is a petabyte-scale data transport solution that uses
secure appliances to transfer large amounts of data into and out of AWS. The use of
Snowball addresses common challenges with large- scale data transfers including
high network costs, long transfer times, and security concerns. Transferring data
with Snowball is simple, fast, secure, and can be as little as one-fifth the cost of high-
speed Internet. However, one Snowball only provides up to 80 TB of capacity.
Therefore, to transfer 50 PBs, AWS Snowball is not the most cost-effective option.

AWS Storage Gateway - AWS Storage Gateway is a hybrid storage service that
enables your on-premises applications to seamlessly use AWS cloud storage. You
can use the service for backup and archiving, disaster recovery, cloud data
processing, storage tiering, and migration. However, data transfer through AWS
Storage Gateway takes longer even with great bandwidth. Moreover, to transfer 50
PBs of data, it will be more expensive than using AWS Snowmobile.

AWS Fault Injection Simulator

Fault injection experiments are used in chaos engineering, which is the practice of
stressing an application in testing or production environments by creating disruptive
events, such as a sudden increase in CPU or memory consumption, observing how
the system responds, and implementing improvements. Fault injection experiment
helps teams create the real-world conditions needed to uncover the hidden bugs,
monitoring blind spots, and performance bottlenecks that are difficult to find in
distributed systems.

AWS CloudTrail Insights - AWS CloudTrail Insights helps AWS users identify and
respond to unusual activity associated with write API calls by continuously analyzing
CloudTrail management events.
CloudTrail Insights can help you detect unusual API activity in your AWS account by
raising Insights events.

Amazon Detective - Amazon Detective simplifies the process of investigating

security findings and identifying the root cause.

AWS OpsHub - AWS OpsHub is a graphical user interface you can use to manage
your AWS Snowball devices, enabling you to rapidly deploy edge computing
workloads and simplify data migration to the cloud.

Amazon AppStream 2.0 - Amazon AppStream 2.0 is a fully managed non-persistent

application and desktop streaming service

AWS OpsWorks - AWS OpsWorks is a configuration management service that

provides managed instances of Chef and Puppet. Chef and Puppet are automation
platforms that allow you to use code to automate the configurations of your servers.
OpsWorks lets you use Chef and Puppet to automate how servers are configured,
deployed, and managed across your Amazon EC2 instances or on-premises compute
environments.

AWS Transfer Family - The AWS Transfer Family is the aggregated name of AWS
Transfer for SFTP, AWS Transfer for FTPS, and AWS Transfer for FTP. The AWS
Transfer Family offers fully managed support for the transfer of files over SFTP,
FTPS, and FTP directly into and out of Amazon S3 or Amazon EFS.

AWS CodeArtifact - AWS CodeArtifact is a fully managed artifact repository service

that makes it easy for organizations of any size to securely store, publish, and share
software packages used in their software development process. CodeArtifact can be
configured to automatically fetch software packages and dependencies from public
artifact repositories so developers have access to the latest versions. CodeArtifact
works with commonly used package managers and build tools like Maven, Gradle,
npm, yarn, twine, pip, and NuGet making it easy to integrate into existing
development workflows.

AWS CodeCommit - AWS CodeCommit is a fully-managed source control service

that hosts secure Git-based repositories.

AWS CodeBuild - AWS CodeBuild is a fully managed continuous integration service

that compiles source code, runs tests, and produces software packages that are
ready to deploy.

AWS CodeStar - AWS CodeStar is a cloud-based development service that provides

the tools you need to quickly develop, build, and deploy applications on AWS.
Each CodeStar project includes development tools, including AWS CodePipeline,
AWS CodeCommit, AWS CodeBuild, and AWS CodeDeploy, that can be used on their
own and with existing AWS applications.

Amazon S3 Object Lock - You can use S3 Object Lock to store objects using a write-
once-read-many (WORM) model. It can help you prevent objects from being deleted
or overwritten for a fixed amount of time or indefinitely.

Amazon S3 Storage Lens - S3 Storage Lens delivers organization-wide visibility into

object storage usage, activity trends, and makes actionable recommendations to
improve cost-efficiency and apply data protection best practices. S3 Storage Lens is
the first cloud storage analytics solution to provide a single view of object storage
usage and activity across hundreds, or even thousands, of accounts in an
organization, with drill-downs to generate insights at the account, bucket, or even
prefix level.

Amazon Macie - You can use Amazon Macie to discover and protect sensitive data
stored in Amazon S3. Macie automatically gathers a complete S3 inventory and
continually evaluates every bucket to alert on any publicly accessible buckets,
unencrypted buckets, or buckets shared or replicated with AWS accounts outside of
your organization. Then, Macie applies machine learning and pattern matching
techniques to the buckets you select to identify and alert you to sensitive data, such
as personally identifiable information (PII).

Amazon QLDB is a fully managed ledger database that provides a transparent,

immutable, and cryptographically verifiable transaction log owned by a central
trusted authority. Amazon QLDB can be used to track each and every application
data change and maintains a complete and verifiable history of changes over time.

, and so on.

Amazon Timestream - Amazon Timestream is a fast, scalable, and serverless time

series database service for IoT and operational applications that makes it easy to
store and analyze trillions of events per day up to 1,000 times faster and at as little
as 1/10th the cost of relational databases.

Amazon Managed Blockchain - Amazon Managed Blockchain is a fully managed

service that allows you to join public networks or set up and manage scalable private
networks using popular open-source frameworks.

AWS IoT Core - AWS IoT Core lets you connect IoT devices to the AWS cloud without
the need to provision or manage servers.

Amazon Connect - Amazon Connect is an easy to use omnichannel cloud contact

center that helps you provide superior customer service at a lower cost.
AWS Control Tower - AWS Control Tower provides the easiest way to set up and
govern a new, secure, multi-account AWS environment based on best practices
established through AWS’ experience working with thousands of enterprises as they
move to the cloud.