Declarative way of outlining AWS infrastructure for any resources
Creates resources in right order with exact specified configuration
Benefits:
Infrastructure as code: No manual resources created, can review through code
Cost: Resources within the stack are tagged with an identifier to see the whole stack cost
Productivity: Create and destroy infrastructure easily, declarative style means not needing to figure out orchestration and ordering
Can leverage existing templates on the web and documentation
Supports almost all AWS resources (use custom resources for non-supported resources)
CloudFormation Service Role
An IAM role allowing CloudFormation to create/update/delete stacks resources for you
Gives ability to users to create/update/delete the stack resources even if they lack permissions to work with the resources in the stack
Useful for achieving the least privilege principle but don't want to give user all required permissions to create the stack resources
User must have iam:PassRole permissions
Amazon Simple Email Service
A fully managed service to send emails securely, globally and at scale
Allows inbound/outbound emails
Supports DomainKeys Identified Mail and Sender Policy Framework
Flexible IP deployment (shared, dedicated and customer-owned IPs)
Send emails using your app using Console, APIs or SMTP
Useful for transactional, marketing and bulk email communications
Amazon Pinpoint
A scalable 2-way marketing communications service supporting email, SMS, push, voice and in-app messaging
Can segment and personalize messages with the right content to customers
Possibility to receive replies
Scales to billions of messages per day
Useful for running campaigns by sending marketing, bulk and transactional SMS messages
In SNS & SES, you manage each message's audience, context and delivery schedule, with Pinpoint, you create message templates, delivery schedules, highly-targeted segments and full campaigns
Systems Manager (SSM Session Manager)
Allows you to start a secure shell on your EC2 and on-premises servers
No SSH access, bastion hosts or SSH keys needed
No port 22 needed (improved security)
Supports Linux, macOS and Windows
Sen session log data to S3 or CloudWatch Logs
Run Command
Execute script or command which can rune across multiple instances (using resource groups)
Output can be shown in Console, sent to S3 bucket or CloudWatch Logs
Can send notifications to SNS about command status
Integrated with IAM and CloudTrail
Can be invoked using EventBridge
Patch Manager
Automates process of patching managed instances (OS updates, app updates, security updates)
Supports EC2 instances and on-premises servers
Supports Linux, macOS and Windows
Can patch on schedule or on-demand using Maintenance Windows
Can scan instances and generate patch compliance report for missing patches
Maintenance Windows
Defines a schedule for performing actions on your instances
Contains schedule, duration, set of registered instances and set of registered tasks
Automation
Simplifies common maintenance and deployment tasks of EC2 instances and other AWS resources
Automation Runbook: SSM documents to define actions performed on instances or resources
Can be triggered using Console, CLI, SDK, EventBridge, schedule via Maintenance Windows or AWS Config for rules remediations
Cost Explorer
A service to visualize, understand and manage your AWS costs and usage over time
Can create custom reports that analyze cost and usage data across all accounts
Can choose an optimal savings plan to lower bill prices and forecast usage up to 12 months based on previous usage
AWS Cost Anomaly Detection
Continuously monitor cost an usage using ML to detect unusual spends
Learns your unique, historic spend patterns to detect a one-time cost spike or continuous cost increases
Monitors services, member accounts, cost allocation tags or cost categories
Sends an anomaly detection report with root-cause analysis
Can get notified with individual alerts or daily/weekly summaries using SNS
AWS Outposts
Server racks that offer the same AWS infrastructure, services, APIs and tools to build your own apps on-premises just like in the cloud
AWS sets up and manages the racks within your on-premises infrastructure and you can leverage their services on-premises
The racks become a customer responsibility and you must ensure physical security
Benefits:
Low-latency access to on-premises systems
Local data processing
Data residency
Easier migration from on-premises to the cloud
Fully managed service
AWS Batch
Fully managed batch processing at any scale (a batch job is a job with a start and end as opposed to continuous)
Efficiently run hundreds of thousands of computing batch jobs on AWS
Dynamically launch EC2 instances or Spot Instances, provisioning the right amount of compute and memory
Can submit or schedule batch jobs
Batch jobs are defined as Docker images and run on ECS
Useful for cost optimizations and focusing less on infrastructure
Batch vs. Lambda
Lambda
Time limit
Limited runtimes
Limited temporary disk space
Serverless
Batch
No time limit
Any runtime as long as it's packaged as a Docker image
Relies on EBS or instance store for disk space
Relies on EC2 (can be managed by AWS)
Amazon AppFlow
A fully managed integration service enabling you to securely transfer data between SaaS apps and AWS
Sources include Salesforce, SAP, Zendesk, Slack and ServiceNow
Destinations include services like S3, Redshift or non-AWS services such as SnowFlake and Salesforce
Data can be transferred on a schedule, in response to events or on-demand
There are data transforming capabilities such as filtering and validation
Data is encrypted over the public internet or privately over AWS PrivateLink
Don't need to spend time writing integrations and leveraging APIs immediately
AWS Amplify
Develop and deploy scalable full stack web and mobile apps