Amazon Web Services

Cheat Sheet


An AWS cloud in a specific geographical area.

  • US East (N. Virginia)
  • US West (Oregon)
  • US West (N. California)
  • EU (Ireland)
  • EU (Frankfurt)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • South America (Sao Paulo)

Availability Zone

A distinct location within a region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.  Essentially, a data center.


  • Elastic Compute Cloud
  • virtual machine
  • multiple instances
  • variable CPU, memory, network and storage attributes
  • templates available
  • tied to availability zone
  • storage is ephemeral or persistent
  • network is isolated from the rest of the AWS network
  • can connect to on-premises network
  • built-in firewall (security groups)
  • SSH access by default using key pairs
  • ip address is dynamic
  • place meta-data on instances for easier management


Family Purpose Notes
T2 General purpose build servers
M4 General purpose caching fleets
M3 General purpose medium dbs
C4 Compute Optimized web-servers
C3 Compute Optimized batch processing
R3 Memory Optimized database, cache
G2 GPU optimized NVIDIA GPUs
I2 High I/O MongoDB
D2 Dense Storage spinning disk


Model vCPU RAM Storage
t2.micro 1 1GB EBS-only
t2.small 1 2 GB EBS-only
t2.medium 2 4GB EBS-only
t2.large 2 8GB EBS-only
m4.large 2 8GB EBS-only
m4.xlarge 4 16GB EBS-only
m4.2xlarge 8 32GB EBS-only
m4.4xlarge 16 64GB EBS-only
m4.10xlarge 40 160GB EBS-only


Model vCPU RAM Storage
m3.medium 1 3.75GB 4GB (SSD)
m3.large 2 7.5 GB 32GB (SSD)
m3.xlarge 4 15GB 40GB (SSD)
m3.2xlarge 8 30GB 80GB (SSD)
c4.large 2 3.75GB EBS-only
c4.xlarge 4 7.5GB EBS-only
c4.2xlarge 8 15GB EBS-only
c4.4xlarge 16 30GB EBS-only
c4.8xlarge 36 60GB EBS-only


Model vCPU RAM Storage
c3.large 2 3.75GB 16GB (SSD)
c3.xlarge 4 7.5 GB 40GB​ (SSD)
c3.2xlarge 8 15GB 80GB​ (SSD)
c3.4xlarge 16 30GB 160GB​ (SSD)
c3.8xlarge 32 30GB 320GB​ (SSD)
r3.large 2 15.25GB 32GB (SSD)
r3.xlarge 4 30.5GB 80GB (SSD)
r3.2xlarge 8 61GB 160GB (SSD)
r3.4xlarge 16 122GB 320GB (SSD)
r3.8xlarge 32 244GB 320GB (SSD)


Model vCPU RAM Storage
g2.2xlarge 8 15GB 60GB (SSD)
g2.8xlarge 32 60 GB 120GB​ (SSD)
i2.xlarge 4 30.5GB 800GB​ (SSD)
i2.2xlarge 8 61GB 800GB​ (SSD)
i2.4xlarge 16 122GB 800GB​ (SSD)
i2.8xlarge 32 244GB 800GB (SSD)
d2.xlarge 4 30.5GB 2TB (HDD)
d2.2xlarge 8 61GB 2TB (HDD)
d2.4xlarge 16 122GB 2TBB (HDD)
d2.8xlarge 36 244GB 2TBB (HDD)


  • reactive compute service
  • functions must be written in node.js or Java
  • logic triggered by events
  • automated scaling
  • performance remains constant
  • compute capacity spread across availability zones
  • reaction usually starts within milliseconds after getting the event

EC2 Container Service

  • Docker container management
  • containers distributed across an EC2 cluster
  • load balancing provides via ELB
  • failed health check results in container restart
  • containers relocated based on resource needs, isolation policies, availability requirements
  • Docker must installed on all instances
  • Amazon agent must be installed on all instances
  • mandatory co-location of containers supported
  • single use containers (tasks)
  • long lived use (services)
  • JSON based descriptor


  • Amazon Relational Database Service
  • HA via primary and secondary instances
  • read scaling via MySQL and PostgreSQL read replicas
  • MySQL
  • Amazon Aurora DB
  • Microsoft SQL Server
  • Oracle
  • PostgreSQL
  • scale CPU, RAM, storage and IOPs independently
  • automated backups, patching and failure detection
  • storage options include magnetic, general purpose SSD and provisioned SSD 


  • NoSQL database
  • column-oriented
  • low latency
  • consistent throughput 
  • reliable
  • automated backups 


  • distributed, in-memory cache
  • Memecached
  • Redis (replication and multi-Availability Zone supported)
  • failed nodes automatically detected and replaced
  • automatic scale up and scale down
  • automated backups and snapshots

Red Shift

  • petabyte scale data warehouse solution
  • compatible with standard BI tools


  • Amazon Simple Storage Service
  • BLOB storage solution
  • up to 5TB per blob
  • unlimited storage
  • versioned
  • BLOBs stored within 'buckets'
  • buckets are assigned to regions
  • each BLOB has a user-assigned key
  • in-flight and at-rest encryption available
  • data automatically moved to 'cold storage' after a period of inactivity
  • access controlled

Storage Gateway

  • on-premises virtual appliance
  • on-premises application integration to AWS storage
  • visible as iSCSI storage volumes
  • data on-premises for low-latency access
  • asynchronously uploading data to Amazon S3


  • cold storage, aka archival storage
  • retrieval time measured in hours
  • same durability guarantees as S3
  • $0.01 per GB per month
  • SNS notifications supported

Import/Export Snowball

Petabyte data transfer device sent to your premises

Cloud Front

  • content delivery network
  • low latency
  • high data transfer speeds
  • United States
  • Europe
  • Asia
  • Australia
  • South America
  • complex pricing model  but appears to be cheap


  • Amazon Elastic File System
  • shared file system
  • auto-scales up or down
  • NFS v4
  • access data from EC2
  • replicated within a region
  • access controls


  • Amazon Virtual Private Cloud
  • virtual network dedicated to your AWS account
  • logically isolated from other virtual networks
  • can connect your VPC to your own corporate data center using an IPsec hardware VPN connection

Direct Connect

  • dedicated network connection from your premises to AWS
  • industry standard 802.1q VLANs
  • reduces bandwidth costs
  • consistent network performance
  • compatible with all AWS services
  • private connectivity to your Amazon VPC

Route 53

  • scalable Domain Name System (DNS)
  • can configure Amazon Route 53 to check the health of your resources and respond to DNS queries using only the healthy resources
  • latency-based routing

Directory Service

  • use corporate identities to access AWS services
  • simplifies deployment of directory-dependent Microsoft Windows applications
  • connect to your existing on-premises Microsoft Active Directory
  • set up and operate a new directory in the AWS cloud


  • Identity & Access Management
  • ACLs to resources
  • users
  • groups
  • permissions
  • applied to all API calls
  • very fine grained control
  • auditing via Cloud Trail
  • Active Directory integration

Trusted Advisor

  • customized cloud expert
  • cost
  • performance
  • security
  • fault tolerance

Cloud Trail

  • provides a record of your AWS API calls
  • visibility into user activity
  • troubleshoot operational and security incidents
  • help demonstrate compliance
  • store log files in S3
  • look up API history
  • get notified of specific API activity


  • inventory of your AWS resources
  • notifications of configuration changes
  • audit the history of configuration changes

Cloud Watch

  • collect and track metrics
  • cloud resources
  • applications 
  • 38 metrics currently available
  • custom metrics generated by applications
  • collect and monitor log files
  • set alarms
  • view graphs and statistics

Elastic Beanstalk

  • deploy and manage applications in the AWS cloud without worrying about the infrastructure
  • defer resource choices to Beanstalk
  • package your bits with a descriptor
  • Beanstalk provisions the required resources
  • automated software updates and patching not supported
  • limited environments
  • Docker, Java, Go, PHP, .NET, Node.js, Python, Ruby
  • environment support -- test, production, stress
  • web applications get their own ELB
  • automated deployment, monitoring and scaling


  • automated deployment, configuration, scaling and healing
  • templates for common layers
  • custom layers use Chef for provisioning
  • automated OS updates not supported
  • model your application as layers
  • pre-built layers available - Ruby, PHP, Node.js, Java, Amazon RDS, HA Proxy, MySQL, memcached
  • automatic scaling by load and time-of-day

Cloud Formation

  • templated deployment
  • from Amazon
  • derived from working deployment

Service Catalog

  • catalog of approved services and software
  • images, services, software and databases
  • enables self-service
  • fine-grain access controls and configuration
  • version controlled
  • no lawyers involved

Code Deploy

  • automated deployment
  • geared towards continuous deployment
  • rolling updates
  • platform agnostic
  • provide a deployment descriptor
  • deploy from S3
  • deploy from GitHub


  • hosted version control
  • Git based
  • secure
  • scalable
  • easy integration from other repos


  • hosted continuous delivery pipeline
  • build
  • test
  • deploy
  • GitHub
  • Jenkins
  • S3
  • Beanstalk
  • CodeDeploy
  • EC2


  • provides secure, bi-directional communication between Internet-connected things and the AWS cloud
  • collect telemetry data from multiple devices and store and analyze the data
  • create applications that enable users to control these devices
  • message broker
  • rules engine
  • thing registry
  • thing shadows
  • security and identity service


  • Amazon Elastic MapReduce
  • Hadoop based
  • data is uploaded to S3
  • results stored in S3
  • cluster automatically shuts down when job is finished

Elasticsearch Service

  • run Elasticsearch at scale
  • self-healing
  • auto-scaling
  • data replication
  • secure
  • monitoring
  • convenient


  • big data stream processing
  • process  terabytes of data per hour
  • Log and Event Data Collection
  • Application and Service Alert
  • Real-time Analytics
  • Mobile Data Capture
  • Social Data Firehose
  • Gaming Data Feed

Data Pipeline

  • automate the movement and transformation of data
  • define data-driven workflows
  • can be scheduled
  • moves data between other Amazon services
  • on-premises resources supported
  • S3, DynamoDB, Redshift, RDS, and JDBC sources
  • EMR, Hive, Pig, SQL, and Shell scripts
  • manages the pipeline execution, resources, retry logic and failure notifications

Machine Learning

  • for  building ML models
  • generating predictions


  • Amazon Simple Queue Service
  • at least once semantics
  • multiple readers
  • multiple writers
  • manual acknowledgement required
  • messages not acknowledged in time are returned to the queue
  • up to 256 KB of text in any format
  •  no guarantee of first in, first out delivery of messages
  • 120,000 limit for the number of inflight messages per queue
  • dead letter queue support


  • Amazon Simple Workflow Service
  • background jobs -- parallel or sequential steps 
  • state tracker and task coordinator
  • tracking workflow executions and logging their progress
  • holding and dispatching tasks
  • controlling which tasks each of your application hosts will be assigned to execute
  • maintaining application state


  • application streaming service
  • audio
  • video
  • multi-platform
  • variable transport based on current network conditions
  • STX streaming protocol

Elastic Transcoder

  • transcodes media from S3
  • 30 formats supported
  • common presets available
  • notifications of job status
  • caption and sub-titles supported
  • watermarks supported


  • Amazon Simple Email Service
  • trusted by ISPs
  • bounce management
  • complaint management
  • e-mail authentication


  • elastic search service
  • can search most anything
  • data is uploaded to the search service
  • geospatial support
  • 34 languages


  • securely store, manage, and sync identities and data across multiple devices, platforms, and applications
  • recognize end users across devices and platforms
  • save data to end user profiles and keep it in sync across all of the user's devices
  • Multiple Identity Providers
  • Amazon, Facebook, Google, Twitter, OpenID Connect compatible provider
  • custom providers supported
  • analytics

Mobile Hub

  • in beta
  • integrated console
  • build, test and monitor mobile apps
  • auto provisions required services
  • iOS (Objective-C) and Android (Java) supported

Mobile Analytics

  • collect and analyze app usage data
  • use RedShift for custom analysis
  • Daily Active Users (DAU), Monthly Active Users (MAU), and New Users
  • Sticky Factor (DAU divided by MAU)
  • Session Count and Average Sessions per Daily Active User
  • Average Revenue per Daily Active User (ARPDAU) and Average Revenue per Daily Paying Active User (ARPPDAU)
  • Custom Events


  • Simple Notification Service
  • push messaging service
  • to mobile devices and Amazon services
  • publication is asynchronous
  • cryptographically signed
  • consumption via multiple protocols
  • Lambda, SQS, HTTP, Email, SMS


  •  provides users with a desktop experience in the cloud that can be accessed from any connected device
  • multi-device support
  • PC, Mac, iPad, Kindle tablet, Android tablet
  • Active Directory integration
  • on-premises
  • Amazon
  • hybrid


  •  enterprise storage and sharing service
  •  selected folders on your local computer in sync with your cloud folders


  •  managed email and calendaring service
  • Outlook Compatible

API Gateway

  • publish, maintain, monitor and secure APIs
  • proxy to any internet endpoint, EC2 endpoint or Lambda function
  • versioning and stages, eg alpha, milestone
  • metering and throttling
  • caching
  • signing & authorization via AWS Signature v4
  • SDK generation, JavaScript, iOS, Android -- throttling and retries baked in
  • manages API key distribution
  • DDoS protection and latency reduction via CloudFront
  • TLS termination support

Device Farm

  • test apps on real smartphones and tablets
  • large selection of devices
  • detailed reports, searchable logs and screenshots
  • configure location, network settings, language and application data prior to running the test
  • integrate with existing development workflow
  • Android and FireOS supported (no iOS)
  • run provided tests eg. Calibash or JUnit
  • fuzzing used if you don't have your own tests
  • CPU and memory utilization captured and reported

"Amazon Sucks"

  • virtual hardware has shorter life span than physical hardware.  Have to move your bits every so often.
  • be in multiple zones or you will go down
  • multi-zone failures can occur but multi-region is expensive
  • EBS fails with the region, has poor I/O  and cause Linux boxes to lockup when unavailable
  • many AWS services are backed by EBS and will fail when EBS fails, eg. ELB and RDS
  • the same sized physical machine costs less the its virtual equivalent

Cost Estimates

AWS Cheat Sheet

By Ronald Kurr

AWS Cheat Sheet

My description

  • 2,403