The full range of AWS Products is listed on the AWS website.
The London AWS Summit is held in May every year.
Provision a logically isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define.
I script the creation of my VPC resources using Terraform.
I have a separate page for Amazon Compute products - EC2, ECR, ECS, EKS, Fargate, Lightsail, etc.
Using the Instance Scheduler solution can keep costs to Reduce Amazon EC2 or RDS costs.
Private subnets require Network Address Translation (NAT) for internet access.
This can be achieve with a NAT Gateway or NAT Instance.
An Elastic IP Address can be used as a fixed IP address for an EC2 instance (or other AWS resource).
They are free when attached to a running instance but cost money while the instance is shut down.
The Route 53 is Amazon’s Domain Name System (DNS).
For my personal domains, I use it to route website traffic to AWS and e-mail traffic to eUKhost.
The use of Amazon services such as S3 and ECR requires internet access but this can be avoided with VPC Endpoints. They are described in the user guide and developer guide.
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.
I have a separate page for Amazon Storage products - primarily EBS and EFS.
My EC2 instances use encrypted EBS volumes.
Amazon Relational Database Service (RDS) makes it easy to set up, operate, and scale a relational database in the cloud. Examples include Aurora, Postgres, MySQL, MariaDB, Oracle and SQL Server.
Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale.
Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open source compatible in-memory data stores.
You can use the SMTP interface to integrate Amazon SES directly into your existing applications. You can also integrate the email sending capabilities of Amazon SES into the software you already use, such as ticketing systems and email clients.
I uses SES to send the e-mail notifications from Jenkins in the event of job failures.
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.
A cheaper alternative is to use Let’s Encrypt which is a global Certificate Authority (CA). They let people and organizations around the world obtain, renew, and manage SSL/TLS certificates which can be used by websites to enable secure HTTPS connections.
The first line of defence in security are firewalls - Security Groups + Access Control Lists.
I endeavour to make both as restrictive as possible for my VPNs - “belt and braces” so to speak!
AWS WAF gives control over which traffic to allow or block to web applications by defining customizable web security rules. You can deploy AWS WAF in many different ways.
Identity and Access Management (IAM) enables management of access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
Permissions can also be granted to specific machines, thus avoiding the need for secrets to be stored on disk. I have documented some example profiles on a separate page.
Data should be encrypted when in transit and at rest.
Ensuring that data is encrypted at rest is extremely easy on AWS - e.g. EBS Encryption + S3 Encryption.
Note: For my personal projects, I just use the default AWS encryption rather than using KMS (see below).
AWS Key Management Service (KMS) makes it easy to create and manage keys and control the use of encryption across a wide range of AWS services and in your applications. These keys can be used with facilities such as EBS encryption and S3 encryption.
Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud.
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.
Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information.
I have made some notes on the AWS CLI, including an approach to building Docker images containing the “aws” command.
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers.
AWS Cost Management is a set of tools to help you to access, organize, understand, control, and optimize your AWS costs and usage.
These tools include:
AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time.
The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.