AWS ☁️

Amazon Web Services — built from scratch with deep notes on every major service. Each section has References (homepage/docs/pricing), 2 pricing scenarios, and 5+ nuggets/gotchas.

Compute

Service	Description
EC2	Virtual machines — instance types, AMIs, security groups, auto scaling
Lambda	Serverless functions — runtimes, layers, versions, VPC, cold starts
ECS	Docker containers on EC2 — tasks, services, Fargate launch
EKS	Managed Kubernetes — node groups, IRSA, add-ons, upgrades
Batch	Batch computing — compute environments, job definitions, scheduling
LightSail	Simple VPS — pre-configured instances, DNS, storage

Storage

Service	Description
S3	Object storage — tiers, lifecycle, versioning, policies, presigned URLs
EBS	Block storage — gp2/gp3/io2, snapshots, encryption, volumes
EFS	Network file system — throughput modes, access patterns, Mount Targets
FSx	Managed file systems — FSx for Windows, Lustre, OpenZFS, NetApp
Glacier	Archive storage — vaults, retrieval options, data retrieval policies
Storage Gateway	Hybrid storage — File Gateway, Volume Gateway, Tape Gateway

Databases

Service	Description
RDS	Managed relational — Multi-AZ, read replicas, parameter groups, backups
Aurora	MySQL/PG compatible — 6-way replication, serverless v2, global database
DynamoDB	NoSQL key-value — partitions, GSI/LSI, on-demand, DAX, streams
ElastiCache	In-memory cache — Redis vs Memcached, clusters, strategies
Redshift	Data warehouse — RA3, distribution styles, spectrum, data sharing
DocumentDB	MongoDB compatible — aggregation, change streams, transactions
Neptune	Graph database — Gremlin, SPARQL, fraud detection
QLDB	Immutable ledger — cryptographically verifiable, PartiQL
Timestream	Time-series DB — hot/warm/cold tiers, scheduled queries

Networking

Service	Description
VPC	Virtual network — CIDR, subnets, routing, internet/NAT gateways
Security Groups	Stateful firewall — rules, referencing, default deny
Network ACLs	Stateless subnet firewall — rules evaluated in order
VPC Peering	Direct VPC-to-VPC — no transitive routing
Transit Gateway	Hub-and-spoke — regional or global, route tables
Load Balancing	ALB, NLB, CLB — target groups, health checks, listeners
DNS	Route 53 — hosted zones, records, routing policies, DNSSEC
CDN	CloudFront — distributions, origins, behaviors, functions
Hybrid	Direct Connect, VPN, PrivateLink, Outposts

Security & Identity

Service	Description
IAM	Identity — users, groups, roles, policies, SCPs, permission boundaries, SSO
KMS	Encryption — CMK, envelope encryption, grants, rotation
CloudTrail	API audit — trails, event history, log validation
Config	Resource inventory — change tracking, rules, conformance packs
GuardDuty	Threat detection — findings, CloudTrail/DNS/VPC analysis
Security Hub	Centralized findings — ASFF, compliance standards, cross-account
Inspector	Vulnerability scanning — EC2, ECR, Lambda, CVE, CIS
Macie	S3 data classification — PII detection, sensitive data findings
Secrets Manager	Secret rotation — Lambda functions, multi-region, resource policy
ACM	TLS certificates — public/private, DNS validation, CloudFront/ALB
Detective	Graph-based investigation — behavior profiles, GuardDuty integration

Management & Governance

Service	Description
Organizations	Multi-account — OUs, SCPs, consolidated billing
Control Tower	Landing zone — guardrails, account factory, governance
CloudFormation	IaC — templates, stacks, change sets, drift detection
CDK	Code-as-IaC — TypeScript/Python, constructs, stacks
CLI	AWS CLI — profiles, named queries, SSM session, dry-run
Systems Manager	Operations — Parameter Store, Session Manager, Run Command, Patch Manager

Monitoring

Service	Description
CloudWatch Metrics	Custom metrics — stats, dimensions, resolution, metric math
CloudWatch Logs	Log ingestion — agents, filters, Insights queries, Live Tail
CloudWatch Alarms	Alerting — thresholds, periods, actions, composite
CloudWatch Dashboards	Visualization — widgets, metrics, logs, cross-region
EventBridge	Event bus — default/custom/partner buses, rules, schedules
CloudWatch Insights	Log analytics — query language, visualizations, dashboards

Application Integration

Service	Description
SQS	Message queues — standard/FIFO, DLQ, visibility timeout, Lambda
SNS	Pub/sub — topics, subscriptions, fan-out, filtering, SMS
EventBridge	Event bus — rules, schema registry, replay, cross-account
Step Functions	Workflows — standard/express, state types, error handling
Amazon MQ	Managed brokers — ActiveMQ, RabbitMQ, clustering, TLS
AppSync	GraphQL API — DynamoDB resolvers, VTL, subscriptions

Analytics

Service	Description
Kinesis Data Streams	Streaming — shards, KPL/KCL, enhanced fan-out
Kinesis Data Firehose	Streaming delivery — destinations, buffering, transforms
Kinesis Data Analytics	Streaming SQL — windows, reference data, Flink
Athena	Serverless SQL — schema-on-read, partitions, compressed formats
Redshift	Data warehouse — RA3, distribution, spectrum, data sharing
Glue	ETL — crawlers, Data Catalog, Spark jobs, job bookmarks
OpenSearch	Search/analytics — index architecture, UltraWarm, dashboards
EMR	Big data — Spark, Hadoop, serverless, instance fleets
Lake Formation	Data lake — LF-tags, column/row security, cross-account

Machine Learning

Service	Description
AI Services	Pre-trained APIs — Rekognition, Comprehend, Polly, Translate, Textract
Bedrock	Foundation models — Claude, Llama, RAG, agents, fine-tuning
SageMaker	ML platform — Jupyter, training, inference, pipelines, Feature Store
Rekognition	Vision AI — object detection, face comparison, video analysis
Comprehend	NLP — sentiment, entities, PII, topic modeling, Comprehend Medical
SageMaker Canvas	No-code ML — classification, regression, time-series forecasting

Serverless

Service	Description
Lambda	Functions — runtimes, layers, versions, VPC, cold starts
API Gateway	APIs — REST, HTTP, WebSocket, authorizers, rate limiting
App Runner	Container web apps — from image or code, auto-scaling

Cost Management

Service	Description
Pricing Models	On-Demand, Reserved, Savings Plans, Spot, free tier
Savings Plans	Compute SP vs EC2 Instance SP, commitment, flexibility
Reserved Instances	Standard/Convertible, regional/zonal, size flexibility
EC2 Optimization	Right-sizing, Spot, ASG, Graviton, zombie resources
S3 Optimization	Storage classes, Intelligent-Tiering, lifecycle, replication
Network Optimization	AZ transfer, NAT Gateway, VPC Endpoints, CloudFront

Migration

Service	Description
DMS	Database migration — full load, CDC, heterogeneous, SCT
DataSync	Data transfer — NFS, SMB, S3, EFS, FSx, agent, scheduling
MGN	Lift-and-shift — agentless, waves, cutover, continuous replication
Migration Evaluator	TCO analysis — right-sizing, assessment, collector

AWS Certification

• Solutions Architect Professional

Related

• Kubernetes — EKS runs on AWS; see also VPC networking for cluster networking
• Bedrock and SageMaker for ML workloads
• Linux — EC2 Linux instances, SSM Session Manager