Skip to content

Instantly share code, notes, and snippets.

@GuillaumeFalourd

GuillaumeFalourd/aws.md

Last active January 3, 2025 11:41
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save GuillaumeFalourd/835e3879592b61f7867d8b84b824eb57 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save GuillaumeFalourd/835e3879592b61f7867d8b84b824eb57 to your computer and use it in GitHub Desktop.
Download ZIP
AWS Concepts
Raw
aws.md

Common AWS Services and their uses cases

1. Amazon S3 (Simple Storage Service)

  • Purpose: Object storage service.
  • What it allows:
    • Store and retrieve any amount of data, such as files, images, backups, or logs.
    • Host static websites or serve static assets (e.g., HTML, CSS, JavaScript).
    • Integrate with other AWS services for data pipelines, analytics, or backups.
  • Example Use Case: Storing event data from Kafka topics for long-term storage or reprocessing (e.g., EventBus Sink to S3).
  • Comparison: Similar to Google Cloud Storage or Azure Blob Storage.

2. Amazon MSK (Managed Streaming for Apache Kafka)

  • Purpose: Managed Kafka service for event streaming.
  • What it allows:
    • Publish and subscribe to real-time event streams.
    • Build event-driven architectures for microservices.
    • Process data in real-time for analytics or machine learning.
  • Example Use Case: EventBus uses MSK to manage topics and brokers for producing and consuming messages.
  • Comparison: Similar to Apache Kafka (self-managed), RabbitMQ, or Azure Event Hubs.

3. Amazon SQS (Simple Queue Service)

  • Purpose: Message queuing service.
  • What it allows:
    • Decouple components of an application by sending messages between producers and consumers.
    • Handle asynchronous communication between services.
    • Ensure reliable message delivery with retries and dead-letter queues.
  • Example Use Case: Sending messages between microservices when Kafka is not required or for simpler use cases.
  • Comparison: Similar to RabbitMQ or Azure Queue Storage.

4. Amazon RDS (Relational Database Service)

  • Purpose: Managed relational database service.
  • What it allows:
    • Store structured data in relational databases like MySQL, PostgreSQL, or SQL Server.
    • Offload database management tasks like backups, scaling, and patching.
    • Use SQL for querying and managing data.
  • Example Use Case: Storing application data, such as user profiles or transactional data.
  • Comparison: Similar to Google Cloud SQL or Azure SQL Database.

5. Amazon DynamoDB

  • Purpose: Managed NoSQL database service.
  • What it allows:
    • Store and retrieve key-value or document-based data.
    • Handle high-throughput, low-latency workloads.
    • Scale automatically to handle large amounts of data and traffic.
  • Example Use Case: Storing session data, caching, or user preferences.
  • Comparison: Similar to MongoDB, Cassandra, or Google Firestore.

6. AWS Lambda

  • Purpose: Serverless compute service.
  • What it allows:
    • Run code without provisioning or managing servers.
    • Trigger functions in response to events (e.g., S3 uploads, API Gateway requests, or Kafka events).
    • Scale automatically based on demand.
  • Example Use Case: Processing events from Kafka topics or S3 buckets.
  • Comparison: Similar to Google Cloud Functions or Azure Functions.

7. Amazon ECS/EKS (Elastic Container Service/Elastic Kubernetes Service)

  • Purpose: Container orchestration services.
  • What it allows:
    • Deploy, manage, and scale containerized applications.
    • Use ECS for AWS-native container management or EKS for Kubernetes-based orchestration.
    • Integrate with other AWS services like ALB, CloudWatch, and IAM.
  • Example Use Case: Running microservices or applications in containers.
  • Comparison: Similar to Kubernetes (self-managed), Google Kubernetes Engine (GKE), or Azure Kubernetes Service (AKS).

8. Amazon CloudFront

  • Purpose: Content delivery network (CDN).
  • What it allows:
    • Distribute content globally with low latency and high transfer speeds.
    • Cache static assets like images, videos, or HTML files closer to users.
    • Secure content delivery with HTTPS and integration with AWS WAF.
  • Example Use Case: Serving static assets for a web application hosted on S3.
  • Comparison: Similar to Akamai, Cloudflare, or Azure CDN.

9. AWS Glue

  • Purpose: Data integration and ETL (Extract, Transform, Load) service.
  • What it allows:
    • Prepare and transform data for analytics or machine learning.
    • Manage schema registries for event-driven architectures (e.g., Kafka topics with Avro schemas).
    • Automate data pipelines with serverless ETL jobs.
  • Example Use Case: Managing Avro schemas for Kafka topics in EventBus.
  • Comparison: Similar to Apache NiFi, Google Dataflow, or Azure Data Factory.

10. Amazon CloudWatch

  • Purpose: Monitoring and observability service.
  • What it allows:
    • Collect and monitor logs, metrics, and events from AWS resources and applications.
    • Set up alarms and notifications for performance or error thresholds.
    • Visualize data in dashboards for troubleshooting and optimization.
  • Example Use Case: Monitoring Kafka metrics or application logs.
  • Comparison: Similar to Prometheus (self-managed), Google Cloud Monitoring, or Azure Monitor.

11. Amazon IAM (Identity and Access Management)

  • Purpose: Access control and security management.
  • What it allows:
    • Define who can access AWS resources and what actions they can perform.
    • Use roles and policies to grant permissions to users, applications, or services.
    • Securely manage credentials and secrets.
  • Example Use Case: Granting EventBus applications access to S3 buckets or MSK clusters.
  • Comparison: Similar to Google Cloud IAM or Azure Active Directory.

12. Amazon API Gateway

  • Purpose: Managed API service.
  • What it allows:
    • Create, publish, and manage RESTful or WebSocket APIs.
    • Integrate with Lambda, DynamoDB, or other AWS services.
    • Secure APIs with authentication and rate limiting.
  • Example Use Case: Exposing EventBus Public API for external applications to send events.
  • Comparison: Similar to Google Cloud Endpoints or Azure API Management.

13. Amazon SNS (Simple Notification Service)

  • Purpose: Pub/Sub messaging service.
  • What it allows:
    • Send notifications to multiple subscribers (e.g., email, SMS, or Lambda).
    • Trigger downstream services in response to events.
    • Decouple publishers and subscribers in an event-driven architecture.
  • Example Use Case: Sending alerts or notifications when certain Kafka metrics are breached.
  • Comparison: Similar to Google Pub/Sub or Azure Event Grid.

14. AWS Secrets Manager

  • Purpose: Securely store and manage secrets.
  • What it allows:
    • Store sensitive information like database credentials, API keys, or tokens.
    • Rotate secrets automatically to enhance security.
    • Access secrets programmatically in applications.
  • Example Use Case: Storing Kafka SCRAM credentials for EventBus applications.
  • Comparison: Similar to HashiCorp Vault or Azure Key Vault.

15. Amazon Route 53

  • Purpose: Domain name system (DNS) service.
  • What it allows:
    • Manage domain names and route traffic to AWS resources.
    • Use health checks to ensure high availability.
    • Integrate with CloudFront for global content delivery.
  • Example Use Case: Routing traffic to a web application hosted on S3 or ECS.
  • Comparison: Similar to Google Cloud DNS or Azure DNS.

16. AWS WAF (Web Application Firewall)

  • Purpose: Protect web applications from common threats.
  • What it allows:
    • Block malicious traffic, such as SQL injection or cross-site scripting (XSS).
    • Define custom rules to filter traffic based on IP, headers, or query strings.
    • Integrate with CloudFront or API Gateway for enhanced security.
  • Example Use Case: Securing APIs exposed by EventBus Public API.
  • Comparison: Similar to Cloudflare WAF or Azure Application Gateway WAF.

17. Inbound/Outbound

  • Purpose: Manage network traffic to and from applications.
  • What it allows:
    • Inbound: Securely expose applications to the internet or internal networks using load balancers, certificates, and DNS configurations.
    • Outbound: Enable applications to access external resources or services securely.
    • Control traffic flow with security groups, network ACLs, and routing rules.
  • Example Use Case:
    • Configuring an inbound rule to expose a web application via HTTPS using an Application Load Balancer (ALB).
    • Setting up outbound rules for an EKS cluster to access third-party APIs or external databases.
  • Comparison: Similar to Azure Network Security Groups or Google Cloud Firewall.

18. Certificates (AWS Certificate Manager - ACM)

  • Purpose: Provision and manage SSL/TLS certificates.
  • What it allows:
    • Secure communication between clients and applications using HTTPS.
    • Automate certificate renewal and management.
    • Integrate with services like CloudFront, API Gateway, and Elastic Load Balancers.
  • Example Use Case:
    • Securing a public-facing API with an SSL certificate managed by ACM.
    • Using ACM certificates with CloudFront to serve a secure website.
  • Comparison: Similar to Let's Encrypt or Azure Key Vault Certificates.

19. VPC (Virtual Private Cloud)

  • Purpose: Isolated network environment for AWS resources.
  • What it allows:
    • Define custom IP address ranges, subnets, and route tables.
    • Control inbound and outbound traffic with security groups and network ACLs.
    • Connect securely to on-premises networks using VPN or AWS Direct Connect.
    • Enable private communication between AWS services using VPC endpoints.
  • Example Use Case:
    • Hosting a private application backend within a VPC with no public internet access.
    • Setting up a hybrid cloud environment by connecting an on-premises data center to a VPC using a VPN.
  • Comparison: Similar to Azure Virtual Network (VNet) or Google Cloud VPC.

20. Network

  • Purpose: Manage connectivity between resources within and outside AWS.
  • What it allows:
    • Set up private and public subnets for resource isolation.
    • Use NAT Gateways, Internet Gateways, and Transit Gateways for routing traffic.
    • Enable high availability with multi-AZ deployments.
    • Implement peering connections to connect multiple VPCs.
  • Example Use Case:
    • Configuring a private network for an EKS cluster with public access to a web application.
    • Using Transit Gateway to connect multiple VPCs and on-premises networks in a hub-and-spoke architecture.
  • Comparison: Similar to Azure Networking or Google Cloud Networking.

21. Subnet

  • Purpose: Subdivide a VPC into smaller network segments.
  • What it allows:
    • Create public subnets for resources that need internet access (e.g., web servers).
    • Create private subnets for internal resources (e.g., databases, application servers).
    • Associate subnets with route tables for custom traffic routing.
    • Enable high availability by distributing subnets across multiple Availability Zones (AZs).
  • Example Use Case:
    • Deploying an application with a public-facing load balancer in a public subnet and backend services in private subnets.
    • Isolating sensitive resources like RDS databases in private subnets with no direct internet access.
  • Comparison: Similar to Azure Subnets or Google Cloud Subnets.

22. Load Balancer (Elastic Load Balancing - ELB)

  • Purpose: Distribute incoming application traffic across multiple targets (e.g., EC2 instances, containers, IP addresses) to ensure high availability and fault tolerance.
  • What it allows:
    • Automatically distribute traffic to healthy targets in one or more Availability Zones.
    • Support for multiple protocols (HTTP, HTTPS, TCP, UDP, gRPC).
    • Integration with AWS Certificate Manager (ACM) for SSL/TLS termination.
    • Provide advanced routing features like host-based and path-based routing.
    • Monitor traffic and health of targets using CloudWatch metrics.
  • Example Use Case:
    • Deploying a web application with an Application Load Balancer (ALB) to route traffic to multiple EC2 instances based on URL paths.
    • Using a Network Load Balancer (NLB) to handle high-throughput, low-latency TCP traffic for a real-time application.
    • Implementing a Gateway Load Balancer (GWLB) to deploy third-party virtual appliances for traffic inspection.
  • Comparison:
    • Similar to Azure Load Balancer or Google Cloud Load Balancer.
    • ALB is comparable to Azure Application Gateway, while NLB is similar to Azure Standard Load Balancer.

23. NAT Gateway

  • Purpose: Enable instances in a private subnet to initiate outbound internet connections while preventing inbound connections from the internet.
  • What it allows:
    • Provide internet access to resources in private subnets without exposing them to inbound traffic.
    • Automatically scale to handle varying levels of traffic.
    • High availability within a single Availability Zone (can be made multi-AZ by deploying multiple NAT Gateways).
    • Simplify routing by associating the NAT Gateway with a route table.
  • Example Use Case:
    • Allowing an application running in a private subnet to download software updates or access external APIs.
    • Enabling a database in a private subnet to send logs to an external monitoring service.
  • Comparison:
    • Similar to Azure NAT Gateway or Google Cloud NAT.
    • Unlike a NAT instance, a NAT Gateway is fully managed and requires no maintenance.

24. VPN (Virtual Private Network)

  • Purpose: Establish a secure and encrypted connection between an on-premises network or another cloud provider and an AWS VPC.
  • What it allows:
    • Create a site-to-site VPN connection using AWS VPN services.
    • Securely connect remote offices, data centers, or other cloud environments to AWS.
    • Use AWS Transit Gateway to manage multiple VPN connections in a hub-and-spoke architecture.
    • Support for dynamic routing using Border Gateway Protocol (BGP).
  • Example Use Case:
    • Connecting an on-premises data center to an AWS VPC for hybrid cloud deployments.
    • Establishing a secure connection between AWS and another cloud provider (e.g., Azure or GCP).
    • Providing secure access for remote employees to AWS resources using a client VPN.
  • Comparison:
    • Similar to Azure VPN Gateway or Google Cloud VPN.
    • AWS Client VPN is comparable to Azure Point-to-Site VPN.## 1. EC2 Instances (Elastic Compute Cloud)

25. EC2 Instances (Elastic Compute Cloud)

  • Purpose: Provide scalable virtual servers in the cloud to run applications, host websites, or perform other compute-intensive tasks.
  • What it allows:
    • Launch virtual machines (instances) with customizable configurations (CPU, memory, storage, and networking).
    • Choose from a variety of instance types optimized for different workloads (e.g., compute-optimized, memory-optimized, storage-optimized).
    • Use pre-configured Amazon Machine Images (AMIs) or create custom AMIs for specific use cases.
    • Scale horizontally by adding more instances or vertically by resizing instances.
    • Integrate with other AWS services like Auto Scaling, Elastic Load Balancing, and CloudWatch for monitoring and scaling.
    • Secure instances using Security Groups, IAM roles, and Key Pairs.
  • Example Use Case:
    • Hosting a web application on a fleet of EC2 instances behind an Application Load Balancer.
    • Running a high-performance computing (HPC) workload using compute-optimized instances.
    • Deploying a database server on a storage-optimized instance with high IOPS (e.g., Amazon EC2 I3 instances).
    • Running a development or testing environment for a software project.
  • Comparison:
    • Similar to Azure Virtual Machines or Google Compute Engine.
    • EC2 offers more granular control over instance configurations compared to fully managed services like AWS Lambda or Azure App Service.

26. Transit Gateway

  • Purpose: Simplify and centralize network connectivity between multiple VPCs, on-premises networks, and other cloud environments.
  • What it allows:
    • Act as a hub to connect multiple VPCs and on-premises networks in a hub-and-spoke architecture.
    • Reduce the complexity of managing multiple VPN connections or VPC peering relationships.
    • Support for both dynamic and static routing using Border Gateway Protocol (BGP).
    • Enable inter-region peering to connect Transit Gateways across AWS regions.
    • Integrate with AWS Direct Connect for high-speed, low-latency private connections to on-premises networks.
    • Provide centralized monitoring and management of network traffic using AWS CloudWatch and VPC Flow Logs.
  • Example Use Case:
    • Connecting multiple VPCs in different AWS accounts to a single on-premises data center using a site-to-site VPN.
    • Building a multi-region architecture with inter-region peering between Transit Gateways.
    • Centralizing network connectivity for a large enterprise with multiple AWS accounts and VPCs.
    • Simplifying hybrid cloud connectivity between AWS and other cloud providers.
  • Comparison:
    • Similar to Azure Virtual WAN or Google Cloud Network Connectivity Center.
    • Transit Gateway provides a more scalable and centralized solution compared to traditional VPC peering.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment