Ronald Kurr
Long time software developer.
Amazon Web Services
Cheat Sheet
Region
An AWS cloud in a specific geographical area.
- US East (N. Virginia)
- US West (Oregon)
- US West (N. California)
- EU (Ireland)
- EU (Frankfurt)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
- South America (Sao Paulo)
Availability Zone
A distinct location within a region that is insulated from failures in other Availability Zones, and provides inexpensive, low-latency network connectivity to other Availability Zones in the same region. Essentially, a data center.
EC2
- Elastic Compute Cloud
- virtual machine
- multiple instances
- variable CPU, memory, network and storage attributes
- templates available
- tied to availability zone
- storage is ephemeral or persistent
- network is isolated from the rest of the AWS network
- can connect to on-premises network
- built-in firewall (security groups)
- SSH access by default using key pairs
- ip address is dynamic
- place meta-data on instances for easier management
EC2
| Family | Purpose | Notes |
|---|---|---|
| T2 | General purpose | build servers |
| M4 | General purpose | caching fleets |
| M3 | General purpose | medium dbs |
| C4 | Compute Optimized | web-servers |
| C3 | Compute Optimized | batch processing |
| R3 | Memory Optimized | database, cache |
| G2 | GPU optimized | NVIDIA GPUs |
| I2 | High I/O | MongoDB |
| D2 | Dense Storage | spinning disk |
EC2
| Model | vCPU | RAM | Storage |
|---|---|---|---|
| t2.micro | 1 | 1GB | EBS-only |
| t2.small | 1 | 2 GB | EBS-only |
| t2.medium | 2 | 4GB | EBS-only |
| t2.large | 2 | 8GB | EBS-only |
| m4.large | 2 | 8GB | EBS-only |
| m4.xlarge | 4 | 16GB | EBS-only |
| m4.2xlarge | 8 | 32GB | EBS-only |
| m4.4xlarge | 16 | 64GB | EBS-only |
| m4.10xlarge | 40 | 160GB | EBS-only |
EC2
| Model | vCPU | RAM | Storage |
|---|---|---|---|
| m3.medium | 1 | 3.75GB | 4GB (SSD) |
| m3.large | 2 | 7.5 GB | 32GB (SSD) |
| m3.xlarge | 4 | 15GB | 40GB (SSD) |
| m3.2xlarge | 8 | 30GB | 80GB (SSD) |
| c4.large | 2 | 3.75GB | EBS-only |
| c4.xlarge | 4 | 7.5GB | EBS-only |
| c4.2xlarge | 8 | 15GB | EBS-only |
| c4.4xlarge | 16 | 30GB | EBS-only |
| c4.8xlarge | 36 | 60GB | EBS-only |
EC2
| Model | vCPU | RAM | Storage |
|---|---|---|---|
| c3.large | 2 | 3.75GB | 16GB (SSD) |
| c3.xlarge | 4 | 7.5 GB | 40GB (SSD) |
| c3.2xlarge | 8 | 15GB | 80GB (SSD) |
| c3.4xlarge | 16 | 30GB | 160GB (SSD) |
| c3.8xlarge | 32 | 30GB | 320GB (SSD) |
| r3.large | 2 | 15.25GB | 32GB (SSD) |
| r3.xlarge | 4 | 30.5GB | 80GB (SSD) |
| r3.2xlarge | 8 | 61GB | 160GB (SSD) |
| r3.4xlarge | 16 | 122GB | 320GB (SSD) |
| r3.8xlarge | 32 | 244GB | 320GB (SSD) |
EC2
| Model | vCPU | RAM | Storage |
|---|---|---|---|
| g2.2xlarge | 8 | 15GB | 60GB (SSD) |
| g2.8xlarge | 32 | 60 GB | 120GB (SSD) |
| i2.xlarge | 4 | 30.5GB | 800GB (SSD) |
| i2.2xlarge | 8 | 61GB | 800GB (SSD) |
| i2.4xlarge | 16 | 122GB | 800GB (SSD) |
| i2.8xlarge | 32 | 244GB | 800GB (SSD) |
| d2.xlarge | 4 | 30.5GB | 2TB (HDD) |
| d2.2xlarge | 8 | 61GB | 2TB (HDD) |
| d2.4xlarge | 16 | 122GB | 2TBB (HDD) |
| d2.8xlarge | 36 | 244GB | 2TBB (HDD) |
Lambda
- reactive compute service
- functions must be written in node.js or Java
- logic triggered by events
- automated scaling
- performance remains constant
- compute capacity spread across availability zones
- reaction usually starts within milliseconds after getting the event
EC2 Container Service
- Docker container management
- containers distributed across an EC2 cluster
- load balancing provides via ELB
- failed health check results in container restart
- containers relocated based on resource needs, isolation policies, availability requirements
- Docker must installed on all instances
- Amazon agent must be installed on all instances
- mandatory co-location of containers supported
- single use containers (tasks)
- long lived use (services)
- JSON based descriptor
RDS
- Amazon Relational Database Service
- HA via primary and secondary instances
- read scaling via MySQL and PostgreSQL read replicas
- MySQL
- Amazon Aurora DB
- Microsoft SQL Server
- Oracle
- PostgreSQL
- scale CPU, RAM, storage and IOPs independently
- automated backups, patching and failure detection
- storage options include magnetic, general purpose SSD and provisioned SSD
DynamoDB
- NoSQL database
- column-oriented
- low latency
- consistent throughput
- reliable
- automated backups
ElastiCache
- distributed, in-memory cache
- Memecached
- Redis (replication and multi-Availability Zone supported)
- failed nodes automatically detected and replaced
- automatic scale up and scale down
- automated backups and snapshots
Red Shift
- petabyte scale data warehouse solution
- compatible with standard BI tools
S3
- Amazon Simple Storage Service
- BLOB storage solution
- up to 5TB per blob
- unlimited storage
- versioned
- BLOBs stored within 'buckets'
- buckets are assigned to regions
- each BLOB has a user-assigned key
- in-flight and at-rest encryption available
- data automatically moved to 'cold storage' after a period of inactivity
- access controlled
Storage Gateway
- on-premises virtual appliance
- on-premises application integration to AWS storage
- visible as iSCSI storage volumes
- data on-premises for low-latency access
- asynchronously uploading data to Amazon S3
Glacier
- cold storage, aka archival storage
- retrieval time measured in hours
- same durability guarantees as S3
- $0.01 per GB per month
- SNS notifications supported
Import/Export Snowball
Petabyte data transfer device sent to your premises
Cloud Front
- content delivery network
- low latency
- high data transfer speeds
- United States
- Europe
- Asia
- Australia
- South America
- complex pricing model but appears to be cheap
EFS
- Amazon Elastic File System
- shared file system
- auto-scales up or down
- NFS v4
- access data from EC2
- replicated within a region
- access controls
VPC
- Amazon Virtual Private Cloud
- virtual network dedicated to your AWS account
- logically isolated from other virtual networks
- can connect your VPC to your own corporate data center using an IPsec hardware VPN connection
Direct Connect
- dedicated network connection from your premises to AWS
- industry standard 802.1q VLANs
- reduces bandwidth costs
- consistent network performance
- compatible with all AWS services
- private connectivity to your Amazon VPC
Route 53
- scalable Domain Name System (DNS)
- can configure Amazon Route 53 to check the health of your resources and respond to DNS queries using only the healthy resources
- latency-based routing
Directory Service
- use corporate identities to access AWS services
- simplifies deployment of directory-dependent Microsoft Windows applications
- connect to your existing on-premises Microsoft Active Directory
- set up and operate a new directory in the AWS cloud
IAM
- Identity & Access Management
- ACLs to resources
- users
- groups
- permissions
- applied to all API calls
- very fine grained control
- auditing via Cloud Trail
- Active Directory integration
Trusted Advisor
- customized cloud expert
- cost
- performance
- security
- fault tolerance
Cloud Trail
- provides a record of your AWS API calls
- visibility into user activity
- troubleshoot operational and security incidents
- help demonstrate compliance
- store log files in S3
- look up API history
- get notified of specific API activity
Config
- inventory of your AWS resources
- notifications of configuration changes
- audit the history of configuration changes
Cloud Watch
- collect and track metrics
- cloud resources
- applications
- 38 metrics currently available
- custom metrics generated by applications
- collect and monitor log files
- set alarms
- view graphs and statistics
Elastic Beanstalk
- deploy and manage applications in the AWS cloud without worrying about the infrastructure
- defer resource choices to Beanstalk
- package your bits with a descriptor
- Beanstalk provisions the required resources
- automated software updates and patching not supported
- limited environments
- Docker, Java, Go, PHP, .NET, Node.js, Python, Ruby
- environment support -- test, production, stress
- web applications get their own ELB
- automated deployment, monitoring and scaling
OpsWorks
- automated deployment, configuration, scaling and healing
- templates for common layers
- custom layers use Chef for provisioning
- automated OS updates not supported
- model your application as layers
- pre-built layers available - Ruby, PHP, Node.js, Java, Amazon RDS, HA Proxy, MySQL, memcached
- automatic scaling by load and time-of-day
Cloud Formation
- templated deployment
- from Amazon
- derived from working deployment
Service Catalog
- catalog of approved services and software
- images, services, software and databases
- enables self-service
- fine-grain access controls and configuration
- version controlled
- no lawyers involved
Code Deploy
- automated deployment
- geared towards continuous deployment
- rolling updates
- platform agnostic
- provide a deployment descriptor
- deploy from S3
- deploy from GitHub
CodeCommit
- hosted version control
- Git based
- secure
- scalable
- easy integration from other repos
CodePipeline
- hosted continuous delivery pipeline
- build
- test
- deploy
- GitHub
- Jenkins
- S3
- Beanstalk
- CodeDeploy
- EC2
AWS IoT
- provides secure, bi-directional communication between Internet-connected things and the AWS cloud
- collect telemetry data from multiple devices and store and analyze the data
- create applications that enable users to control these devices
- message broker
- rules engine
- thing registry
- thing shadows
- security and identity service
EMR
- Amazon Elastic MapReduce
- Hadoop based
- data is uploaded to S3
- results stored in S3
- cluster automatically shuts down when job is finished
Elasticsearch Service
- run Elasticsearch at scale
- self-healing
- auto-scaling
- data replication
- secure
- monitoring
- convenient
Kinesis
- big data stream processing
- process terabytes of data per hour
- Log and Event Data Collection
- Application and Service Alert
- Real-time Analytics
- Mobile Data Capture
- Social Data Firehose
- Gaming Data Feed
Data Pipeline
- automate the movement and transformation of data
- define data-driven workflows
- can be scheduled
- moves data between other Amazon services
- on-premises resources supported
- S3, DynamoDB, Redshift, RDS, and JDBC sources
- EMR, Hive, Pig, SQL, and Shell scripts
- manages the pipeline execution, resources, retry logic and failure notifications
Machine Learning
- for building ML models
- generating predictions
SQS
- Amazon Simple Queue Service
- at least once semantics
- multiple readers
- multiple writers
- manual acknowledgement required
- messages not acknowledged in time are returned to the queue
- up to 256 KB of text in any format
- no guarantee of first in, first out delivery of messages
- 120,000 limit for the number of inflight messages per queue
- dead letter queue support
SWF
- Amazon Simple Workflow Service
- background jobs -- parallel or sequential steps
- state tracker and task coordinator
- tracking workflow executions and logging their progress
- holding and dispatching tasks
- controlling which tasks each of your application hosts will be assigned to execute
- maintaining application state
AppStream
- application streaming service
- audio
- video
- multi-platform
- variable transport based on current network conditions
- STX streaming protocol
Elastic Transcoder
- transcodes media from S3
- 30 formats supported
- common presets available
- notifications of job status
- caption and sub-titles supported
- watermarks supported
SES
- Amazon Simple Email Service
- trusted by ISPs
- bounce management
- complaint management
- e-mail authentication
CloudSearch
- elastic search service
- can search most anything
- data is uploaded to the search service
- geospatial support
- 34 languages
Cognito
- securely store, manage, and sync identities and data across multiple devices, platforms, and applications
- recognize end users across devices and platforms
- save data to end user profiles and keep it in sync across all of the user's devices
- Multiple Identity Providers
- Amazon, Facebook, Google, Twitter, OpenID Connect compatible provider
- custom providers supported
- analytics
Mobile Hub
- in beta
- integrated console
- build, test and monitor mobile apps
- auto provisions required services
- iOS (Objective-C) and Android (Java) supported
Mobile Analytics
- collect and analyze app usage data
- use RedShift for custom analysis
- Daily Active Users (DAU), Monthly Active Users (MAU), and New Users
- Sticky Factor (DAU divided by MAU)
- Session Count and Average Sessions per Daily Active User
- Average Revenue per Daily Active User (ARPDAU) and Average Revenue per Daily Paying Active User (ARPPDAU)
- Custom Events
SNS
- Simple Notification Service
- push messaging service
- to mobile devices and Amazon services
- publication is asynchronous
- cryptographically signed
- consumption via multiple protocols
- Lambda, SQS, HTTP, Email, SMS
WorkSpaces
- provides users with a desktop experience in the cloud that can be accessed from any connected device
- multi-device support
- PC, Mac, iPad, Kindle tablet, Android tablet
- Active Directory integration
- on-premises
- Amazon
- hybrid
WorkDocs
- enterprise storage and sharing service
- selected folders on your local computer in sync with your cloud folders
WorkMail
- managed email and calendaring service
- Outlook Compatible
API Gateway
- publish, maintain, monitor and secure APIs
- proxy to any internet endpoint, EC2 endpoint or Lambda function
- versioning and stages, eg alpha, milestone
- metering and throttling
- caching
- signing & authorization via AWS Signature v4
- SDK generation, JavaScript, iOS, Android -- throttling and retries baked in
- manages API key distribution
- DDoS protection and latency reduction via CloudFront
- TLS termination support
Device Farm
- test apps on real smartphones and tablets
- large selection of devices
- detailed reports, searchable logs and screenshots
- configure location, network settings, language and application data prior to running the test
- integrate with existing development workflow
- Android and FireOS supported (no iOS)
- run provided tests eg. Calibash or JUnit
- fuzzing used if you don't have your own tests
- CPU and memory utilization captured and reported
"Amazon Sucks"
- virtual hardware has shorter life span than physical hardware. Have to move your bits every so often.
- be in multiple zones or you will go down
- multi-zone failures can occur but multi-region is expensive
- EBS fails with the region, has poor I/O and cause Linux boxes to lockup when unavailable
- many AWS services are backed by EBS and will fail when EBS fails, eg. ELB and RDS
- the same sized physical machine costs less the its virtual equivalent
Cost Estimates
AWS Cheat Sheet
By Ronald Kurr
AWS Cheat Sheet
My description
