Learning Notes for AWS Certified Cloud Practitioner (CLF-C02)

# Learning Notes for AWS Certified Cloud Practitioner (CLF-C02) > [!Important] > This is the learning notes from [AWS Skill Builder Exam Prep Plan: AWS Certified Cloud Practitioner (CLF-C02 - English)](https://skillbuilder.aws/learning-plan/8UUCEZGNX4/exam-prep-plan-aws-certified-cloud-practitioner-clfc02--english/1J2VTQSGU2), written by me at 2025. Some details might change over time, but the core concepts and services should not. > [!Note] > This note includes additional explanations and wording refinements generated with the help of GPT, it's not entirely self-created. ## Table of contents This note covers the four domains from the course, along with some additional research and notes I made: - **<div style="color: #BE77FF">Domain 1</div>** Cloud Concepts - **<div style="color: #BE77FF">Domain 2</div>** Security and Compliance - **<div style="color: #BE77FF">Domain 3</div>** Cloud Technology and Services - **<div style="color: #BE77FF">Domain 4</div>** Billing, Pricing, and Support - **<div style="color: #BE77FF">AWS Services</div>** ## Domain 1 Cloud Concepts ### What is Cloud for - Cloud computing provides on-demand access to computing power, storage, and other IT resources through a cloud provider. - It allows us to deploy applications and services without having to manage the underlying hardware or physical infrastructure ourselves. <hr> ### The five main concepts of Cloud Computing The following are the main concepts of a Cloud Computing: - On-demand service Able to quickly get computing resources whenever needed, without waiting or long setup. - Access to the network Cloud services are reachable over the internet, we're able to use them anytime, anywhere. - Resource pooling The provider shares a pool of servers and storage among many users, while still keeping each user’s data separate. - Elasticity Resources can automatically scale up when demand increases and scale down when demand drops. - Resource usage monitored and billed The usage is tracked, and we only pay for what we actually consume. <hr> ### Proper Nouns related to Cloud Computing - High availability If one machine or service goes down, another is ready to take over, keeping downtime to a minimum. - Fault tolerance Multiple machines run together, so if the main one fails, others continue the work without interruption. - Disaster recovery A planned process to restore services and data after a major failure or outage. <hr> ### Scaling The scaling in Cloud Computing appears in two forms: vertical and horizontal. - Vertical scaling means increasing the capacity of a single machine, such as adding more CPU, RAM, or storage to handle greater workloads. - Horizontal scaling means adding more machines or instances to distribute the workload across multiple resources(using load balancer). ![Screenshot 2025-09-09 at 1.58.48 PM](https://hackmd.io/_uploads/rJPXMSp5ee.png) <hr> ### AWS Cloud Adoption Framework The benefit of migrating to AWS is that it provides 7R strategies for moving workloads to the cloud: 1. Rehosting (Lift and Shift) – Move applications to AWS without major changes. Quickest migration method. 2. Replatforming (Lift, Tinker, and Shift) – Make some optimizations (e.g., database migration) without changing the core architecture. 3. Repurchasing (Drop and Shop) – Replace existing applications with a SaaS solution. 4. Refactoring / Re-architecting – Redesign applications to take full advantage of cloud-native features. 5. Retire – Decommission applications that are no longer useful. 6. Retain (Revisit) – Keep certain applications on-premises temporarily or indefinitely. 7. Relocate – Move applications to AWS using VMware Cloud on AWS or similar tools with minimal changes. <hr> ### Cloud Economics When using AWS, there are four main types of costs: - Operational expenses(OpEx) – The day-to-day costs of running services, like paying for servers, storage, and bandwidth. - Capital expenses(CapEx) – Big upfront costs, like buying our own hardware or building a data center. - Labor costs – The money you spend on people, such as IT staff or cloud engineers, to manage and maintain your systems. - Software licensing costs – Fees for software needed to run, like databases, operating systems, or other commercial applications. > [!Tip] > By using AWS, most CapEx is already covered by AWS. <hr> ### AWS Cloud Adoption Framework(AWS CAF) CAF helps organizations adopt cloud successfully by looking at both business and technical aspects. It has six Perspectives: - Business – Align cloud adoption with business goals. - People – Build skills and manage organizational change. - Governance – Manage finance, compliance, and risk. - Platform – Plan and build the cloud infrastructure. - Security – Protect data, manage identities, and reduce risk. - Operations – Keep systems running, automate, and improve continuously. <hr> ### AWS Well-Architected Framework (AWS WAF) WAF provides best practices to design secure, reliable, and efficient systems in AWS. It has six Pillars: - Operational Excellence – Improve operations with automation and monitoring. - Security – Safeguard data, applications, and systems. - Reliability – Design for fault tolerance and quick recovery. - Performance Efficiency – Use resources effectively and scale as needed. - Cost Optimization – Avoid unnecessary costs, pay only for what you use. - Sustainability – Reduce environmental impact through efficient usage. ## Domain 2 Security and Compliance ### AWS Shared Responsibility Model In AWS, user is responsible for security IN the cloud, and AWS is responsible for security OF the cloud. ![Screenshot 2025-09-10 at 4.55.20 PM](https://hackmd.io/_uploads/HyEz6n09ex.png) - AWS is responsible for security of the cloud, which includes managing and protecting the physical infrastructure, global network, and core services like compute, storage, and databases. - Custumor are responsible for security in the cloud, which covers their data, applications, access management, system configurations, and encryption settings. > [!Important] > While AWS manages many security aspects, not all services are fully managed. For example, using Amazon EC2 requires customers to handle OS patching, firewall settings, and application security themselves. > We should check the shared responsibility model for each service to know which parts AWS covers and which parts we must managed by ourselves. <hr> ### Cloud Security, Governance, and Compliance - Cloud security ensures the protection of data, applications, and infrastructure in the cloud. - Governance provides control and visibility over cloud resources, ensuring they are used according to organizational policies. - Compliance ensures that workloads in AWS meet industry regulations and standards. <hr> ### Access Management Capabilities The most important access management capability in AWS is Identity and Access Management(IAM). IAM provides the ability to manage different users’ roles, policies, and groups, allowing them to perform corresponding actions. Here’s the definition of IAM components: - IAM user: An individual user created under IAM. - IAM group: A collection of IAM users that can be managed as a single entity. - IAM policy: A document that defines permissions and specifies what actions are allowed or denied. - IAM role: An IAM identity that can be assumed by trusted entities to gain temporary access to permissions. <hr> ### Managed & Unmanaged Policies Policies in AWS IAM contain two types: managed and unmanaged. - Managed policies are typically predefined policy sets created by AWS. - Unmanaged (inline) policies are created by an IAM administrator or root user to meet specific needs for particular users. <hr> ### Virtual Private Cloud (VPC) A Virtual Private Cloud(VPC) is a virtual network in AWS where we can launch AWS resources, such as EC2 instances, in an isolated and secure environment. It is logically isolated from other virtual networks in AWS. A VPC can be divided into subnets to organize resources. For controlling network traffic, Security Groups act as a whitelist (allow rules only), and any traffic not explicitly allowed is denied by default. If explicitly deny specific traffic is needed, we must use a Network Access Control List(NACL). <hr> ### Additional places to know better for AWS security In order to move further in AWS security, places like AWS Marketplace or AWS Knowledge Center are good for getting more information. It is also recommended to view AWS Forums to get a better understanding of real-world use cases, troubleshooting tips, and best practices shared by the AWS community. ## Domain 3 Cloud Technology and Services ### Methods of deployment and operating in AWS Cloud - Public Cloud Provides services that are **publicly available** for anyone to use, such as AWS EC2, S3, or Lambda. - Private Cloud Dedicated services that are **hosted on-premises or in a private network**, giving full control over infrastructure and security. - Hybrid Cloud A hybrid cloud is a **combination of public and private clouds**, allowing workloads to run across both environments while sharing data and applications. - Multi Cloud Multi-cloud is similar to public cloud but **uses multiple public cloud providers simultaneously**, which can improve redundancy, flexibility, and avoid vendor lock-in. <hr> ### Global Infrastructure AWS offers **globally resilient services, regional resilient services, and zonal resilient services.** - Globally resilient services Services that operate across multiple regions and are not tied to one location. Example: IAM, Route 53, CloudFront. - Regional resilient services Services that are deployed within a region and automatically spread across multiple Availability Zones for durability. Example: S3, DynamoDB, Amazon VPC. - Zonal resilient services Services that run within a single Availability Zone, and if that AZ fails, the service is impacted unless configured for redundancy. Example: EC2 instance, EBS volume. <hr> ### AWS Global Accelerator AWS Global Accelerator is a networking service that improves availability and performance of applications with users distributed globally. - Uses the AWS global network to route traffic to the nearest healthy endpoint (EC2, ALB, NLB, etc.). - Provides two static IP addresses that act as a fixed entry point to your application. - Focus on improvesing performance for non-HTTP/S applications (like TCP/UDP traffic, gaming, VoIP, IoT). > [!Important] Difference in Global Accelerator v.s. CloudFront > **CloudFront** > - Optimized for HTTP/S content delivery. > - Best for caching and accelerating web content. > - Uses changing domain names. > > **Global Accelerator** > - Works for any TCP/UDP traffic. > - Best for applications needing low-latency networking, especially non-HTTP. > - Global Accelerator → Gives two static IPs for stable entry points. <hr> ### VPC Endpoint A VPC endpoint enables private connections between VPC and supported AWS services, without requiring an internet gateway, NAT device, VPN, or Direct Connect. Traffic stays within the AWS network, not over the public internet. There are two types of endpoint: - Interface Endpoint → powered by PrivateLink, creates an ENI in the subnet. - Gateway Endpoint → target for a specific route table, currently supports Amazon S3 and DynamoDB. <hr> ### Cloud Storage AWS offers three main types of storage services, each optimized for different use cases: - Object storage: Stores data as objects (files + metadata). It is highly scalable, durable, and ideal for unstructured data. - File storag: Provides shared file-level storage that multiple instances can access via standard file protocols (NFS/SMB). - Block storage: Attaches volumes at the block level to EC2 instances (like virtual hard drives). <hr> ### AWS Storage Gateway AWS Storage Gateway is a hybrid cloud storage service that connects on-premises environments with AWS cloud storage. It allows local applications to access AWS storage in a seamless way. There are three main types of models: - File Gateway → Stores and retrieves objects in Amazon S3 using standard file protocols (NFS/SMB). - Volume Gateway → Presents cloud-backed iSCSI block storage volumes; can be cached (frequent data local, rest in AWS) or stored (entire dataset local, backup in AWS). - Tape Gateway → Replaces physical tape libraries with virtual tapes in Amazon S3/Glacier, often for backups and archiving. ## Domain 4 Billing, Pricing, and Support ### AWS cost optimization There are several most important notes for AWS cost optimization: - Right-sizing - Increasing elasticity - Choose the right pricing model ### Different pricing models in AWS The main AWS pricing models are the following, each designed for different usage patterns and workloads: - Reserved Instances (RIs): - Commit to use an instance type in a specific region for 1 or 3 years. - Up to 72% cheaper than On-Demand. - Best for steady-state workloads (e.g., databases, long-running apps). - On-Demand Instance: - Pay by the second or hour with no long-term commitment. - Flexible, easy to start/stop. - Best for short-term, unpredictable, or testing workloads. - Spot Instance: - Use spare AWS capacity at up to 90% discount. - Instance may be terminated if capacity is needed back. - Best for fault-tolerant, flexible workloads (e.g., big data, batch jobs, CI/CD). - Dedicated instances: - Run on hardware dedicated to a single customer, but may share host hardware with other instances from the same account. - Best for compliance or licensing requirements. - Capacity reaervations: - Reserve capacity in a specific AZ without long-term commitment. - Best for short-term, business-critical events that require guaranteed capacity. - Dedicated hosts: - Physical servers fully dedicated. - Provides visibility into sockets/cores → useful for software licensing (BYOL). - Best for compliance-heavy workloads requiring physical isolation. ## <div style="color: #BE77FF">AWS Services</div>  ### <img src="https://icon.icepanel.io/AWS/svg/Storage/Snowball-Edge.svg" style="min-width:15px; max-width:30px;" /> AWS Snowball Edge AWS Snowball Edge is a data transfer and edge computing device that helps organizations move large amounts of data into and out of AWS securely. It is designed to handle data migration and edge processing in environments where network connectivity is limited or unreliable. - Used for petabyte-scale data migration to and from AWS without relying solely on the internet. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Storage/Snowcone.svg" style="min-width:15px; max-width:30px;" /> AWS Snowcone A small, portable edge computing and data transfer device for rugged or constrained environments. - Smallest in the AWS Snow Family. - Storage capacity: 8TB HDD or 14TB SSD. - Data can be shipped physically or transferred online with AWS DataSync. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Storage/Snowmobile.svg" style="min-width:15px; max-width:30px;" /> AWS Snowmobile A petabyte-scale data transfer service where AWS delivers a secure truck-sized storage container to migrate extremely large amounts of data into AWS. - Used for exabyte-scale data migration (up to 100 PB per Snowmobile). - Tamper-resistant and GPS-tracked during transport. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Storage/Simple-Storage-Service.svg" style="min-width:15px; max-width:30px;" /> AWS S3 (Simple Storage Service) Amazon S3 is an object storage service that provides highly scalable, durable, and secure storage for any amount of data. It is often used for backups, static website hosting, data lakes, and application data storage. - Virtually unlimited storage capacity. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Storage/Elastic-Block-Store.svg" style="min-width:15px; max-width:30px;" /> Amazon EBS (Elastic Block Store) Amazon EBS provides block-level storage volumes for use with Amazon EC2 instances. It is designed for workloads that require persistent storage and low-latency performance. - Can create snapshots to back up volumes to Amazon S3. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Storage/EFS.svg" style="min-width:15px; max-width:30px;" /> Amazon EFS (Elastic File System) Amazon EFS provides scalable file storage that can be mounted on multiple EC2 instances at the same time. It is fully managed and grows/shrinks automatically with storage usage. - Scales automatically. - Serverless. - Gives EC2 instances the ability to share access to data in different Availability Zones in the same AWS Region. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Database/RDS.svg" style="min-width:15px; max-width:30px;" /> Amazon RDS (Relational Database Service) Amazon RDS is a managed relational database service that supports multiple database engines such as MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server. - Traditional relational database with managed operations. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Database/Aurora.svg" style="min-width:15px; max-width:30px;" /> Amazon Aurora Amazon Aurora is a MySQL-compatible and PostgreSQL-compatible relational database built by AWS for high performance and availability. - 5x faster than MySQL and 3x faster than PostgreSQL on the same hardware. - Automatically replicates data across multiple AZs. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Database/DynamoDB.svg" style="min-width:15px; max-width:30px;" /> Amazon DynamoDB Amazon DynamoDB is a fully managed NoSQL database that provides single-digit millisecond performance at any scale. - Key-value and document-based storage. - Serverless (scales automatically, no servers to manage). - The best caching product to use with DynamoDB is DAX. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Compute/Lightsail.svg" style="min-width:15px; max-width:30px;" /> AWS Lightsail Amazon Lightsail is a simplified cloud platform for small applications, offering compute, storage, and networking. - Provides easy-to-launch virtual servers with pre-configured OS and apps. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Compute/EC2.svg" style="min-width:15px; max-width:30px;" /> Amazon EC2 Amazon EC2 is a virtual machine launched on AWS hardware. AWS takes care of the hardware, whereas we focus on setting up Amazon EC2 to match the application needs. - Supports a wide range of instance types optimized for compute, memory, storage, or GPU. - Integrated with other AWS services (e.g., VPC, EBS, IAM, CloudWatch). <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Containers/Elastic-Container-Service.svg" style="min-width:15px; max-width:30px;" /> Amazon ECS (Elastic Container Service) Amazon ECS is AWS’s native container orchestration service for running and managing Docker containers. - AWS-native experience — simpler to set up and manage compared with Kubernetes. - Integrates with ALB/NLB, CloudWatch, IAM, and Service Discovery. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Containers/Elastic-Kubernetes-Service.svg" style="min-width:15px; max-width:30px;" /> Amazon EKS (Elastic Kubernetes Service) Amazon EKS is a managed Kubernetes service that provides a managed control plane for running upstream Kubernetes on AWS. It lets teams run standard Kubernetes clusters (kubectl, Helm, operators) while integrating with AWS compute (EC2 or Fargate), networking, and IAM. - Worker nodes can be EC2 instances that managed or run on Fargate for serverless node management. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Compute/Lambda.svg" style="min-width:15px; max-width:30px;" /> AWS Lambda AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. - Executes code in response to events, such as S3 uploads, DynamoDB updates, or API Gateway requests. - Integrates with many AWS services, enabling serverless architectures. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Analytics/QuickSight.svg" style="min-width:15px; max-width:30px;" /> AWS QuickSight Amazon QuickSight is a business intelligence(BI) service for creating visualizations, dashboards, and reports. - Can connect to multiple data sources (S3, RDS, Redshift, etc.). - Supports interactive dashboards and data analysis. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Analytics/Athena.svg" style="min-width:15px; max-width:30px;" /> Amazon Athena A serverless interactive query service to analyze data directly in Amazon S3 using SQL. - No infrastructure to manage, pay-per-query. - Supports standard SQL queries. - Common use case: ad-hoc analysis of S3 data (CSV, JSON, Parquet). <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Analytics/Kinesis.svg" style="min-width:15px; max-width:30px;" /> Amazon Kinesis A real-time data streaming service for collecting, processing, and analyzing streaming data. - Kinesis Data Streams → capture real-time data (logs, IoT, clickstreams). - Kinesis Data Firehose → load data into S3, Redshift, Elasticsearch - Kinesis Data Analytics → SQL queries on streaming data. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Analytics/Glue.svg" style="min-width:15px; max-width:30px;" /> AWS Glue A serverless data integration (ETL) service for preparing and transforming data. - Automates ETL (Extract, Transform, Load). - Glue Data Catalog → metadata store for analytics. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Analytics/Redshift.svg" style="min-width:15px; max-width:30px;" /> Amazon Redshift Amazon Redshift is a fully managed data warehouse service for analyzing large volumes of structured data using SQL. - Optimized for analytics and reporting, not transaction processing. - Can handle petabyte-scale data. - Integrates with business intelligence(BI) tools. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/Identity-and-Access-Management.svg" style="min-width:15px; max-width:30px;" /> Identity and Access Management(IAM) IAM is the most important access management service in AWS. It allows us to manage users, groups, roles, and policies, giving them appropriate permissions to perform specific actions. IAM is essential for security, governance, and compliance in AWS. - Access is controlled through policies attached to users, groups, or roles. - IAM roles are commonly used for cross-account access, EC2 instances, or Lambda functions. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/GuardDuty.svg" style="min-width:15px; max-width:30px;" /> AWS GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors AWS accounts, workloads, and data stored in Amazon S3 for malicious or unauthorized activity. - The ways it detect threat contains machine learning, anomaly detection, and threat intelligence. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/Macie.svg" style="min-width:15px; max-width:30px;" /> AWS Macie Amazon Macie is a data security and privacy service that uses machine learning to discover, classify, and protect sensitive data in AWS. - Focused on identifying sensitive data such as PII and financial information. - Automatically classifies data stored in Amazon S3. - Useful for compliance. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/WAF.svg" style="min-width:15px; max-width:30px;" /> AWS WAF AWS WAF helps protect web applications from common web exploits and bots. - Protects against SQL injection and cross-site scripting(XSS). - Can be deployed with Amazon CloudFront, Application Load Balancer, or API Gateway. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/Cognito.svg" style="min-width:15px; max-width:30px;" /> Amazon Cognito Amazon Cognito provides authentication, authorization, and user management for web and mobile applications. - Supports sign-in with social identity providers(Google, Facebook, etc.) and SAML-based providers. - Integrates with AWS IAM for fine-grained access control. - Provides user pools for user directories and identity pools for temporary AWS credentials. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/Security-Hub.svg" style="min-width:15px; max-width:30px;" /> AWS Security Hub AWS Security Hub gives a comprehensive view of high-priority security alerts and compliance status across AWS accounts. - Aggregates findings from GuardDuty, Inspector, Macie, and other products. - Provide dashboard view of overall sucurity issues. - Compliance checks against standards like CIS AWS Foundations, PCI DSS, and others. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/Inspector.svg" style="min-width:15px; max-width:30px;" /> Amazon Inspector Amazon Inspector is an automated vulnerability management service that scans AWS workloads. - Supports EC2 instances and container images in Amazon ECR. - Provides risk scores based on the severity of findings. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/Secrets-Manager.svg" style="min-width:15px; max-width:30px;" /> AWS Secrets Manager AWS Secrets Manager helps manage, rotate, and retrieve database credentials, API keys, and other secrets securely. - Encrypted using AWS KMS. - Eliminates the need to hardcode secrets in applications. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/Shield.svg" style="min-width:15px; max-width:30px;" /> AWS Shield AWS Shield provides DDoS(Distributed Denial of Service) protection for applications running on AWS. - Two tiers: AWS Shield Standard(automatic, free) and AWS Shield Advanced(paid, with enhanced protection). - Protects against infrastructure and application layer DDoS attacks. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Security-Identity-Compliance/Artifact.svg" style="min-width:15px; max-width:30px;" /> AWS Artifact AWS Artifact is a self-service portal that provides on-demand access to AWS compliance reports and agreements. - Includes audit reports like SOC, ISO, PCI DSS, and GDPR certifications. - Helps customers meet compliance and regulatory requirements. - Can download AWS compliance documentation for audits or internal review. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Business-Applications/Connect.svg" style="min-width:15px; max-width:30px;" /> AWS Connect Amazon Connect is a cloud-based contact center service that allows businesses to provide customer support. - Supports voice, chat, and task management. - Can integrate with CRM systems, Lambda functions, and analytics tools. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Management-Governance/Trusted-Advisor.svg" style="min-width:15px; max-width:30px;" /> AWS Trusted Advisor AWS Trusted Advisor is a tool that provides real-time guidance to help optimize the AWS environment. - Checks for cost optimization, security, fault tolerance, performance, and service limits. - Provides recommendations like deleting unused resources or enabling MFA. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Management-Governance/CloudWatch.svg" style="min-width:15px; max-width:30px;" /> AWS CloudWatch AWS CloudWatch is a monitoring and observability service for AWS resources and applications. - Monitors metrics, logs, and events from AWS resources such as EC2, RDS, Lambda. - Supports alarms, dashboards, and automated actions based on metrics thresholds. - Helps track performance, operational health, and resource utilization. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Management-Governance/CloudTrail.svg" style="min-width:15px; max-width:30px;" /> AWS CloudTrail AWS CloudTrail is a logging and auditing service that records API calls and activities in AWS account. - Records who did what, when, and from where for AWS API calls. - Logs can be delivered to S3, CloudWatch Logs, or EventBridge. - Enables tracking of changes in IAM, EC2, S3, and other services. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Management-Governance/Personal-Health-Dashboard.svg" style="min-width:15px; max-width:30px;" /> AWS Personal Health Dashboard AWS Personal Health Dashboard provides personalized alerts and guidance for AWS resources and services. - Shows account-specific events, such as service disruptions, planned maintenance, or issues affecting your resources. - Alerts can be delivered via AWS Management Console, email, or EventBridge. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Management-Governance/Organizations.svg" style="min-width:15px; max-width:30px;" /> AWS Organization AWS Organizations helps you centrally manage multiple AWS accounts and apply governance across them. - Enables centralized billing for all accounts in the organization. - Can apply Service Control Policies(SCPs) to enforce permissions across accounts. - Supports account grouping and management for large organizations. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/App-Integration/Simple-Queue-Service.svg" style="min-width:15px; max-width:30px;" /> Amazon Simple Queue Service(SQS) A fully managed message queuing service that decouples distributed systems. - Message queue model → producer sends messages to queue, consumers poll and process them. - Standard Queue → unlimited throughput, at-least-once delivery, best-effort ordering. - FIFO Queue → exactly-once processing, ordered messages. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/App-Integration/Simple-Notification-Service.svg" style="min-width:15px; max-width:30px;" /> Amazon Simple Notification Service(SNS) A fully managed pub/sub messaging service that delivers messages to multiple subscribers at once. - Publish/subscribe model → one publisher, many subscribers. - Supports multiple protocols: email, SMS, Lambda, SQS, HTTP endpoints. - Often used for fan-out messaging (one message → many targets). <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/Translate.svg" style="min-width:15px; max-width:30px;" /> Amazon Translate Neural language translation service. - Real-time or batch translation. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/Polly.svg" style="min-width:15px; max-width:30px;" /> Amazon Polly Converts text into lifelike speech. - Supports multiple languages and voices. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/Lex.svg" style="min-width:15px; max-width:30px;" /> Amazon Lex Service for building chatbots and voice assistants. - It is the same tech as Alexa. - It can be integrates with Lambda. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/Comprehend.svg" style="min-width:15px; max-width:30px;" /> Amazon Comprehend A NLP (Natural Language Processing) service. - It detects sentiment, key phrases, language, topics. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/Forecast.svg" style="min-width:15px; max-width:30px;" /> Amazon Forecast Time-series forecasting using ML. - Based on Amazon.com’s technology. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/CodeGuru.svg" style="min-width:15px; max-width:30px;" /> Amazon CodeGuru ML-powered code review and performance profiling tool. - Finds bugs, security issues, performance bottlenecks. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/Rekognition.svg" style="min-width:15px; max-width:30px;" /> Amazon Rekognition Image and video analysis with computer vision. - Detects faces, objects, inappropriate content. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/SageMaker.svg" style="min-width:15px; max-width:30px;" /> AWS SageMaker A fully managed service for building, training, and deploying ML models. - End-to-end ML pipeline. - Supports Jupyter notebooks, training, deployment. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Machine-Learning/CodeWhisperer.svg" style="min-width:15px; max-width:30px;" /> Amazon CodeWhisperer An AI coding assistant that generates code suggestions in real time. - Similar to GitHub Copilot, it's an AI code generation tool. <hr>  ### <img src="https://icon.icepanel.io/AWS/svg/Cloud-Financial-Management/Cost-Explorer.svg" style="min-width:15px; max-width:30px;" /> AWS Cost Explorer A visualization and analysis tool to view and understand AWS spending over time. - Provides interactive charts and filtering by service, region, linked accounts. - Can forecast future costs based on usage trends. - Helps identify cost drivers and usage patterns. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Cloud-Financial-Management/Cost-Explorer.svg" style="min-width:15px; max-width:30px;" /> AWS Budgets A custom budgeting tool to set cost or usage thresholds and receive alerts. - Can track costs, usage, RI/Savings Plans utilization. - Alerts sent via email or SNS when thresholds are exceeded. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Cloud-Financial-Management/Cost-and-Usage-Report.svg" style="min-width:15px; max-width:30px;" /> AWS Cost & Usage Report (CUR) The most detailed report of AWS usage and billing. - Provides hourly, daily, or monthly usage data at the line-item level. - Delivered in CSV/Parquet format to an Amazon S3 bucket. - Can be integrated with Athena, Redshift, or QuickSight for analysis. <hr> ### <img src="https://icon.icepanel.io/AWS/svg/Storage/Simple-Storage-Service-Glacier.svg" style="min-width:15px; max-width:30px;" /> Amazon S3 Glacier (and S3 Glacier Deep Archive) A low-cost archival storage class within S3 for infrequently accessed data. - Designed for long-term backup and archival. - Retrieval options: Expedited, Standard, Bulk (minutes to hours). - Even cheaper option: Glacier Deep Archive (retrieval in 12–48 hours). <hr> https://icon.icepanel.io/AWS/svg/Cloud-Financial-Management/Cost-Explorer.svg ## Notes Reference - AWS Architecture Icons (unmodified, for study purposes only). - Diagrams redrawn based on AWS Skill Builder training content.