diff --git a/01-Value_Of_AWS_Cloud.md b/01-Value_Of_AWS_Cloud.md
index 699090a..0ca4151 100644
--- a/01-Value_Of_AWS_Cloud.md
+++ b/01-Value_Of_AWS_Cloud.md
@@ -27,7 +27,7 @@ The following cloud terminology is important for the exam:
1. Durability
* AWS provides data services that offer long-term data protection and storage.
1. Latency
- * Time elapsed between a user request and reponse. Low latency is a good thing.
+ * Time elapsed between a user request and response. Low latency is a good thing.
### Cloud Computing Models
1. IaaS: Infrastructure as a Service e.g.EC2
@@ -37,7 +37,7 @@ The following cloud terminology is important for the exam:
[Click Here for details](https://aws.amazon.com/what-is-cloud-computing/?pg=TOCC)
## Cloud Hosting Models
-1. Private Cloud: On-prem virtualization as well as off-prem fully managed private cloud, also with Amazone Outpost
+1. Private Cloud: On-prem virtualization as well as off-prem fully managed private cloud, also with Outpost
1. Public Cloud: Fully publicly hosted and managed cloud.
1. Hybrid Cloud: AWS Direct Connect service connects customer's data center with Amazon.
@@ -55,12 +55,12 @@ Amazon EC2 is hosted in multiple locations world-wide. These locations are compo
* All AZs in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between AZs.
* All traffic between AZs is encrypted.
* The network performance is sufficient to accomplish synchronous replication between AZs.
- * If applications are distrbuted - deploy to multiple AZs with load balancing.
+ * If applications are distributed - deploy to multiple AZs with load balancing.
1. [Data Center](https://aws.amazon.com/compliance/data-center/data-centers/)
* Two or more data centers together are part of an AZ.
* Each data center has protections across 4 layers:
* Perimeter - secured perimeter for physical access.
- * Infrastrucutre - HVAC, power, fire suppression.
+ * Infrastructure - HVAC, power, fire suppression.
* Data - servers within the building, racked and stacked.
* Environment - site location, seismic data, flooding etc.
1. [Local Zones](https://aws.amazon.com/about-aws/global-infrastructure/localzones/)
@@ -74,7 +74,7 @@ Amazon EC2 is hosted in multiple locations world-wide. These locations are compo
1. [Global Edge Network](https://aws.amazon.com/cloudfront/features/?p=ugi&l=na&whats-new-cloudfront.sort-by=item.additionalFields.postDateTime&whats-new-cloudfront.sort-order=desc)
* Amazon CloudFront peers with thousands of Tier 1/2/3 telecom carriers globally.
* CloudFront is well connected with all major access networks for optimal performance, and has hundreds of terabits of deployed capacity.
- * CloudFront edge locations are connected to the AWS Regions through the AWS network backbone - fully redundant, multiple 100GbE parallel fiber that circles the globe and links with tens of thousands of networks for improved origin fetches and dynamic content acceleration.these are cached closest to audience.
+ * CloudFront edge locations are connected to the AWS Regions through the AWS network backbone - fully redundant, multiple 100GbE parallel fiber that circles the globe and links with tens of thousands of networks for improved origin fetches and dynamic content acceleration.these are cached closest to the audience.
* Mini-data centers created for low latency between applications and users.
* There are many more edge locations than AZs or regions.
@@ -106,7 +106,7 @@ Amazon EC2 is hosted in multiple locations world-wide. These locations are compo
* Use serverless architectures first.
* Use multi-region deployments.
* Delegate tasks to a cloud vendor.
- * Experiement with virtual resources.
+ * Experiment with virtual resources.
* Use Case: Lambda to run serverless compute workloads.
1. Cost Optimization
* Utilize consumption-based pricing.
diff --git a/02-AWS_Shared_Responsibility_Model.md b/02-AWS_Shared_Responsibility_Model.md
index 5b0c053..0130450 100644
--- a/02-AWS_Shared_Responsibility_Model.md
+++ b/02-AWS_Shared_Responsibility_Model.md
@@ -1,13 +1,13 @@
# AWS Shared Responsibility Model
-### "AWS has the responsibilty OF the cloud. Customer has the responsibility IN the cloud."
+### "AWS has the responsibility OF the cloud. Customer has the responsibility IN the cloud."
Source: https://aws.amazon.com/compliance/shared-responsibility-model/
As a customer of AWS - you are not responsible for the hardware, software, networking, and facilities that run AWS Cloud services across its regions, AZs, data centers and edge locations.
-Depending on the Cloud Model - AWS and it's customer share responsibilities for different layers. However, the customer is Never responsible for the virtualization or the underlying physical infrastructure.
+Depending on the Cloud Model - AWS and its customers share responsibilities for different layers. However, the customer is Never responsible for the virtualization or the underlying physical infrastructure.
1. Inherited Controls (AWS only)
* Controls which a customer fully inherits from AWS.
@@ -24,9 +24,9 @@ Depending on the Cloud Model - AWS and it's customer share responsibilities for
-AWS is responsible for protecting and securing their infrastructure like whatever is in their data centers. Physical security of AWS data center. AWS maintains UPS, CRAC, fire suppression systems and more. AWS is responisble for any managed service and underlying software, operating system.
+AWS is responsible for protecting and securing their infrastructure like whatever is in their data centers. Physical security of AWS data center. AWS maintains UPS, CRAC, fire suppression systems and more. AWS is responsible for any managed service and underlying software, operating system.
-You are responsible for your data and applications. Application Data including encryption options. Security configuration - rotating credentials, APIs, VPC access etc. Patching guest operating system of EC2 instances. IAM - application security, identity and access management for systems. Network traffice - you are responsible for it including group firewall configuration.
+You are responsible for your data and applications. Application Data including encryption options. Security configuration - rotating credentials, APIs, VPC access etc. Patching guest operating system of EC2 instances. IAM - application security, identity and access management for systems. Network traffic - you are responsible for it including group firewall configuration.
### Report AWS abuse resource
diff --git a/03-AWS_Security_Best_Practices.md b/03-AWS_Security_Best_Practices.md
index d6d463d..0e8f8f6 100644
--- a/03-AWS_Security_Best_Practices.md
+++ b/03-AWS_Security_Best_Practices.md
@@ -1,10 +1,11 @@
# AWS Security Best Practices
-_This is 25% of the weight of the exam_
+~~This is 25% of the weight of the exam~~
+*update 22/02/2024*: _according to [this](https://aws.amazon.com/blogs/training-and-certification/coming-soon-updates-to-aws-certified-cloud-practitioner-exam/) AWS blogpost, Security and compliance is now **30%** weight of the exams instead of 25%_
## Root User
* Automatically created when you create an AWS account.
-* Only root user can delete the account.
+* Only the **ROOT USER** can **DELETE** the account.
* There is just one root user that can exclusively:
* Change your account settings. This includes the account name, email address, root user password, and root user access keys.
* Restore IAM user permissions. If the only IAM administrator accidentally revokes their own permissions, you can sign in as the root user to edit policies and restore those permissions.
@@ -19,7 +20,7 @@ _This is 25% of the weight of the exam_
_Best Practice:_ Identity and Access Management - create a new user and provide a role. Never use the root user unless absolutely required. Protect root account with MFA (Multi-factor authentication).
-VPC - Vitual Private Cloud. Default VPC will always be created for you.
+VPC - Virtual Private Cloud. Default VPC will always be created for you.
* AWS Management Console
* Easy to navigate via web-browser.
* Good for non-technical roles.
@@ -35,7 +36,7 @@ Use the search feature for easy access.
* An identity that is verified.
* Credentials such as username and password.
1. Authorization
- * Determines which services and resources the idenitity has access to.
+ * Determines which services and resources the identity has access to.
* Permissions are granted via a policy.
1. Least Privilege
* Give a user the minimum access required to get the job done.
@@ -55,14 +56,14 @@ Use the search feature for easy access.
* Roles define access permissions and are temporarily assumed by an IAM user or service.
* DevOps role, Lambda-Execution role are examples.
* Access is assigned using policies.
- * You grant users in one AWS account access to resources in another AWS acccount using roles.
+ * You grant users in one AWS account access to resources in another AWS account using roles.
* Attach a role to an EC2 instance for access to S3. Applications running on that instance will have access to S3 via roles. This is useful because the application will not need credentials or access keys. This is most secure.
1. Policies
- * You manage persmissions for IAM users, groups, and roles by creating a policy document in JSON format and attaching it. The policy itself is decoupled from IAM identitieis.
+ * You manage permissions for IAM users, groups, and roles by creating a policy document in JSON format and attaching it. The policy itself is decoupled from IAM identities.
* User - {Policy:Access} - Resource
* Developer Group = {Policy: Resource Access} - Resource
* Role - {Policy:Allow-S3-Access} - S3
- * How to limit access to an Amazeon S3 to specific users only? You can add a bucket access policy directly to an Amazon S3 bucket to grant IAM users accesss. I wonder if there is another way, create a special bucket access group with policy to the group, and then add users to the group. Or add users to the policy directly.
+ * How to limit access to an Amazon S3 to specific users only? You can add a bucket access policy directly to an Amazon S3 bucket to grant IAM users access. I wonder if there is another way, create a special bucket access group with policy to the group, and then add users to the group. Or add users to the policy directly.
1. IAM Credentials Report
* Assistance with compliance and auditing by offering a downloadable report that lists all your IAM users in this account and the status of their various credentials including MFA devices in your account.
@@ -71,17 +72,17 @@ Use the search feature for easy access.
1. [WAF](https://aws.amazon.com/waf/) : XSS SQL-Injection
* WAF is a Web Application Firewall that can protect against common attacks such as XSS or SQL injection.
1. [Shield](https://aws.amazon.com/shield/) DDOS
- * AWS Shielf is a managed DDOS protection service. Sheild standard is free but Sheild Advanced provides access to AWS experts for a fee.
+ * AWS Shield is a managed DDOS protection service. Shield standard is free but Shield Advanced provides access to AWS experts for a fee.
* DDOS protections from CloudFront, Route53, Elastic Load Balancing, and AWS Global Accelerator.
* Receive real-time notifications of suspected DDoS incidents via CloudWatch metrics and assistance from AWS during the attack.
* Automatically scrub bad traffic at specific layers: layer 3,4 and 7. Minimize application downtime and latency. Monitor and protect up to 1000 resource types.
1. [Macie](https://aws.amazon.com/macie/) Sensitive Data
- * Helps you discover and protect sensitive data. Uses maching learning, evaluates S3 environment, uncovers PII information.
+ * Helps you discover and protect sensitive data. Uses Machine Learning, evaluates S3 environment, uncovers PII information.
* Use cases: discover passport numbers stored on S3 using Macie. Find SSNs in S3 files.
1. [Config](https://aws.amazon.com/config/) Audit config
* Assess, audit, and evaluate configurations of your resources.
- * Record and altert by storing in S3.
- * Use cases: Streamline operational troubleshooting and change management. Deploy a complicant-as-code framework. Continually audit security monitoring and analysis.
+ * Record and alert by storing in S3.
+ * Use cases: Streamline operational troubleshooting and change management. Deploy a compliance-as-code framework. Continually audit security monitoring and analysis.
1. [GuardDuty](https://aws.amazon.com/guardduty/) Threat detection
* Protect your AWS accounts with intelligent threat detection.
* Continuously monitors workload for malicious activity and delivers detailed security findings for visibility and remediation. Network and API calls.
@@ -92,29 +93,29 @@ Use the search feature for easy access.
* Use cases: Quickly discover vulnerabilities in compute workloads. Prioritize patch remediation. Meet compliance requirements. Identify zero-day vulnerabilities sooner.
1. [Artifact](https://aws.amazon.com/artifact/) Compliance Report
* Access Independent Software Vendor compliance report.
- * Use artifact to SOC and PCI compliance reports. You can generate the report. Access to the report can be provided. Self-service portal.
+ * Use Artifact to SOC and PCI compliance reports. You can generate the report. Access to the report can be provided. Self-service portal.
1. [Cognito](https://aws.amazon.com/cognito/) CIAM
- * Customer identity and acess management.
- * Delivery frictionless CIAM. Adaptive authentication, support compliance, and data residency requirements. Scale to millions of users with a fully managed, high-performantm and reliable identity store. Federate sign-in using OIDC or SAML 2.0 connect to a broad group of AWS services and products.
+ * Customer identity and access management.
+ * Delivery frictionless CIAM. Adaptive authentication, support compliance, and data residency requirements. Scale to millions of users with a fully managed, high-performant and reliable identity store. Federate sign-in using OIDC or SAML 2.0 connects to a broad group of AWS services and products.
* Use-cases: Social media accounts to log in to your application.
# Data Encryption and Secrets Management Services
1. [KMS](https://aws.amazon.com/kms/) Key Management
- * Key Management Service is multi-tenant encryption key management service.
+ * Key Management Service is a multi-tenant encryption key management service.
* Create and control encryption keys managed by AWS used to encrypt or digitally sign your data.
- * Centrally manage keys and define policies across integrated services and application from a single point.
+ * Centrally manage keys and define policies across integrated services and applications from a single point.
* Encrypt data within your applications with the AWS Encryption SDK data encryption library.
* Encrypt EBS volume using KMS.
1. [CloudHSM](https://aws.amazon.com/cloudhsm/) Encryption Key Generator.
* Manage single-tenant hardware security modules (HSMs) on AWS.
* Use case: Generate and use cryptographic keys on dedicated FIPS 140-2 Level 3 single-tenant HSM instances. Deploy workloads with high reliability and low latency, and help meet regulatory compliance. Pay by the hour, and backup and shut down HSMS when they're not needed. Manage HSM capacity and control your costs by adding and removing HSMs from your cluster.
1. [Secrets Manager](https://aws.amazon.com/secrets-manager/) Secrets Management
- * Use cases: Store secrets securely, manage acess with fine-grained policies, automate secrets rotation, audit and monitor secrets usage.
- * Database credentials, API keys, encrypt secrets at rest, integreates with RDS, DOcumentDB, Redshift.
+ * Use cases: Store secrets securely, manage access with fine-grained policies, automate secrets rotation, audit and monitor secrets usage.
+ * Database credentials, API keys, encrypt secrets at rest, integrates with RDS, DOcumentDB, Redshift.
* Retrieve database credentials needed for your application code. Secrets Manager allows you to retrieve database credentials with a call to Secrets Manager APIs, removing the need to hardcode sensitive information in plain text within your application code.
1. [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/) Certificate Manager
- * Provisiong public and private certificats for free.
+ * Provision public and private certificates for free.
* SSL/TLS certificates are supported.
* Use key management for certs and get managed certificate renewal.
* Integrates with Elastic Load Balancing, API Gateway and more.
diff --git a/04-AWS_Costs_Economics_Billing.md b/04-AWS_Costs_Economics_Billing.md
index 1fc26f0..6c1098e 100644
--- a/04-AWS_Costs_Economics_Billing.md
+++ b/04-AWS_Costs_Economics_Billing.md
@@ -1,27 +1,28 @@
# AWS Costs, Economics and Billing Practices
-_16% of the exam_questions about 8-10 questions_
+~~_16% of the exam_questions about 8-10 questions_~~
+*update 22/02/2024*: _according to [this](https://aws.amazon.com/blogs/training-and-certification/coming-soon-updates-to-aws-certified-cloud-practitioner-exam/) AWS blogpost, Billing, Pricing, and Support is now **12%** weight of the exams instead of 16%_
* [EC2 Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html) are [priced](https://aws.amazon.com/ec2/pricing/) as follows
* On-Demand: EC2 capacity billed to the second.
* Pay for what you use.
- * Use case: Applications are under development, workloads are not expected to run for more than a year, no upfront payment or long-term committment, unpredictable workloads but don't want to be interrupted.
- * On-Demand Capacity Reservation: It is possible to buy upfront capacity to mitigate against capacity contraints in an AZ.
+ * Use case: Applications are under development, workloads are not expected to run for more than a year, no upfront payment or long-term commitment, unpredictable workloads but don't want to be interrupted.
+ * On-Demand Capacity Reservation: It is possible to buy upfront capacity to mitigate against capacity constraints in an AZ.
* Spot: unused EC2 capacity on sale.
* Pay the least but no guarantee of runtimes or interruptions. A 2-minute warning is provided via instance meta-data that your application should check for and prepare for shutdown.
- * Use case: Start and stop time of the workload does not matter. 90% savings over On-Demand. When your workload is feasable only at the lowest price points.
+ * Use case: Start and stop time of the workload does not matter. 90% savings over On-Demand. When your workload is feasible only at the lowest price points.
* Spot price in effect at the beginning of each hour.
- * Reserved: Upfront capacity reservation committment for long running workloads.
+ * Reserved: Upfront capacity reservation commitment for long running workloads.
* Pay upfront with a contract to get discounts.
* Use case: Save 75% versus On-Demand and willing to pay upfront for 1 or 3 year reservation.
* Flexibility: All upfront, partial upfront or no upfront is possible. A contract is required. Provides convertible types at 54% discount - change tenancy, OS or region.
* Dedicated Instance and Dedicated Host:
* [Dedicated Host](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html): Dedicated bare metal rental and host exclusively for you to install software that have licensing tied to host size.
- * [Dedicated Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html): Instances run on VPCs on a hardware dedicated to a single customer.
+ * [Dedicated Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html): Instances run on VPCs on hardware dedicated to a single customer.
* Use Case: Save 70% off of On-Demand. Software that is licensed based on per-core, per-socket or per-VM. Regulations that require tenancy exclusivity.
- * Dedidicated host is a physical server, dedicated instance runs on a host.
- * Savings Plan: Compute usage committment for 1 or 3 years applicable across multiple compute services.
- * Save upto 72% off of On-Demand.
+ * Dedicated host is a physical server, dedicated instance runs on a host.
+ * Savings Plan: Compute usage commitment for 1 or 3 years applicable across multiple compute services.
+ * Save up to 72% off of On-Demand.
* Use Case: For flexibility across various services like Lambda, Fargate, and EC2.
* This is a billing convenience nothing to do with a capacity reservation.
* Lambda Pricing
@@ -43,7 +44,7 @@ _16% of the exam_questions about 8-10 questions_
* Deployment type - is it multi-AZ
* Outbound - data transfer
## Pricing, Billing and Governance
- Compute, storage and outbound data transfer is where the costs are for AWS. Data in flight moving between system. Data movement within the AWS region are usually not charged. Data out of AWS to end user is where the data transfer costs are.
+ Compute, storage and outbound data transfer is where the costs are for AWS. Data in flight moving between systems. Data movement within the AWS region is usually not charged. Data out of AWS to end user is where the data transfer costs are.
How AWS Pricing Works [whitepaper](https://docs.aws.amazon.com/pdfs/whitepapers/latest/how-aws-pricing-works/how-aws-pricing-works.pdf)
1. [TCO](https://docs.aws.amazon.com/whitepapers/latest/how-aws-pricing-works/aws-pricingtco-tools.html)
@@ -55,7 +56,7 @@ _16% of the exam_questions about 8-10 questions_
1. [AWS Price List API](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/price-changes.html)
* Query the price of AWS Services using JSON or CSV. Bulk price or individual APIs.
* Receive price alerts when prices change.
- 1. [Application Disovery Service](https://docs.aws.amazon.com/application-discovery/latest/userguide/what-is-appdiscovery.html)
+ 1. [Application Discovery Service](https://docs.aws.amazon.com/application-discovery/latest/userguide/what-is-appdiscovery.html)
* Determine the cost of migrating to the cloud.
* Plan migration projects and estimate TCO.
* You can view the discovered servers, group them into applications, and then track the migration status of each application from the Migration Hub console in your home Region.
@@ -68,11 +69,11 @@ _16% of the exam_questions about 8-10 questions_
* If you get a huge bill - this is where you need to find the needle in the haystack.
* Downloadable detailed and comprehensive report, list usage for each service category and aggregate usage data on a daily, hourly or monthly level.
* Cost Allocation Tags
- * Label resources using key-value pairrs.
+ * Label resources using key-value pairs.
* Track costs via the cost allocation report.
1. [Cost Explorer](https://aws.amazon.com/aws-cost-management/aws-cost-explorer/)
* Visualize, understand, and manage your AWS costs and usage over time.
- * Forecast, build custom apps that use it's apis, and use granular filtering offered by it's analytical engine.
+ * Forecast, build custom apps that use its apis, and use granular filtering offered by its analytical engine.
1. [Organizations](https://aws.amazon.com/organizations/)
* Centrally manage your environment as you scale your AWS resources. Consolidate billing, save costs via volume discounts + reserved instance sharing and govern accounts centrally.
* Programmatically create AWS accounts as you scale at no additional charge.
@@ -81,16 +82,16 @@ _16% of the exam_questions about 8-10 questions_
* You can apply Service Control Policies (SCPs) across all member accounts within the organization.
1. [Control Tower](https://aws.amazon.com/controltower/)
* Set up well-architected multi-account environments with pre-configured controls to ensure best practices.
- * Provides dashboard to help manage accounts.
+ * Provides a dashboard to help manage accounts.
* Example, if you want to disallow public write access to all S3 buckets across your accounts - you can use Control Tower to enforce this.
1. [Systems Manager](https://aws.amazon.com/systems-manager/)
* Operation insights into AWS resources, other cloud resources and on-prem resources.
* Automate configuration and ongoing management including instance compliance relative to patch, configuration and custom policies.
* Visibility and control. Group resources to take action. Patch and run commands on multiple EC2 and RDS.
- * Usecase: Deploy operating system and software patchs automatically across a large group of instances.
+ * Use case: Deploy operating system and software patches automatically across a large group of instances.
1. [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/trusted-advisor/)
* Cost, Performance, Security, Fault Tolerance, and Service Limits.
- * Checks IAM password policy (not free). RDS public snapshot, service usage greater than 80% (available to business or enterprise). Check for exposed access keys (business support) and various other checks.
+ * Check IAM password policy (not free). RDS public snapshot, service usage greater than 80% (available to business or enterprise). Check for exposed access keys (business support) and various other checks.
* Use case: check read and write capacity service limits for DynamoDB.
1. [Personal Health Dashboard](https://aws.amazon.com/premiumsupport/technology/aws-health-dashboard/)
* Alerts you on impacts to your AWS environment.
@@ -100,13 +101,13 @@ _16% of the exam_questions about 8-10 questions_
* Global community of approved partners that offer solutions and consulting services
* Help design and build a new application.
1. [Managed Services](https://aws.amazon.com/managed-services/)
- * Augment internall staff with additional resources to manage AWS.
+ * Augment internal staff with additional resources to manage AWS.
* Patch management, monitoring, event management, cost optimization etc.
- * Will not operate or configur your applications.
+ * Will not operate or configure your applications.
1. [Professional Services](https://aws.amazon.com/professional-services/)
* Move to a cloud based operating model
* Propose solutions.
- * Architect soutions.
+ * Architect solutions.
* You can quickly move from on-prem to cloud.
1. [AWS License Manager](https://aws.amazon.com/license-manager/)
* AWS and on-premise license manager.
@@ -118,7 +119,7 @@ _16% of the exam_questions about 8-10 questions_
1. Basic - free.
* Email support only and discussion forums.
1. Developer - $29 pm :
- * Fordevelopment and testing.
+ * For development and testing.
* 1 contact.
* Cloud support associate via email during business hours.
1. Business - $100 pm :
diff --git a/05-AWS_Core_Services.md b/05-AWS_Core_Services.md
index e401fbb..1de707d 100644
--- a/05-AWS_Core_Services.md
+++ b/05-AWS_Core_Services.md
@@ -4,12 +4,12 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Provides recommendations that help you follow AWS best practices.
* Benefits: cost optimization, performance, security, fault tolerance and service quotas.
- For example, a web-based enterprise application will utilize most if no all the layers and select technologies.
+ For example, a web-based enterprise application will utilize most if not all the layers and select technologies.
## Architecture
1. [Elasticity](https://www.ibm.com/cloud/blog/cloud-elasticity-vs-cloud-scalability): The ability to add or remove resources based on demand.
1. [Scalability](https://resources.sei.cmu.edu/asset_files/TechnicalNote/2006_004_001_14681.pdf): Scalability is the ability to handle increased workload by repeatedly applying a cost-effective strategy for extending a system’s capacity
-1. [Fault Tolerance](https://en.wikipedia.org/wiki/Fault_tolerance): Is the property that enables a system to continue operating properly in the event of a failure of one or more faults withing some if its components.
+1. [Fault Tolerance](https://en.wikipedia.org/wiki/Fault_tolerance): Is the property that enables a system to continue operating properly in the event of a failure of one or more faults within some of its components.
1. [High Availability](https://redis.com/blog/high-availability-architecture/): Property of a system to serve the business without failure over a given period of time.
1. [Principle of least priviledge](https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/least-privilege): Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error.
@@ -25,13 +25,13 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* AWS Network Firewall automatically scales your network firewall to protect your managed infrastructure.
* Open source rule formats and underlying rules engine easily implements policies.
1. [IAM](https://aws.amazon.com/iam/)
- * Identity and Access Managment (IAM) sets and manages guardrails and fine-grained access controls for your workforce and workloads.
+ * Identity and Access Management (IAM) sets and manages guardrails and fine-grained access controls for your workforce and workloads.
* Centrally connect identities to multiple AWS accounts.
* Grant temporary security credentials for workloads that access your AWS resources.
* Continually analyze access to right-size permissions on the journey to least privilege.
- * Usecase: "Who can access what" Who=users and workloads. Can access= Permissions with IAM policy. What=Resources within your AWS organization.
+ * Use case: "Who can access what" Who=users and workloads. Can access= Permissions with IAM policy. What=Resources within your AWS organization.
1. [Security Group (SG)](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)
- * Is a virtual firewall for EC2 instances to control incomcing and outgoing traffic.
+ * Is a virtual firewall for EC2 instances to control incoming and outgoing traffic.
1. [User Credentials](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html)
* Each identity has unique credentials within AWS.
* Identity types: Account Root User, AWS Identity and Access Management user, AWS IAM Identity Center user and Federated identity.
@@ -42,7 +42,7 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
## Networking and Content Delivery
1. [AWS Global Accelerator](https://aws.amazon.com/global-accelerator/) : Global Traffic
* Improve application availability, performance, and security using the AWS global network.
- * Usecases: global traffic manager, API acceleration, Global static IP, low-latency gaming and media workloads.
+ * Use cases: global traffic manager, API acceleration, Global static IP, low-latency gaming and media workloads.
* Global accelerator sends your users through the AWS global network when accessing your content, speeding up delivery.
1. [AWS Transit Gateway](https://aws.amazon.com/transit-gateway/) : No more peering
* AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub.
@@ -54,7 +54,7 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* VPC A and VPC B can be [peered](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) so they act as one logical VPC.You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different Regions (also known as an inter-Region VPC peering connection).
* The default VPC always exists in every region. But all new VPCs are region specific.
1. [Subnet](https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html) : One per AZ
- * A subnet is a range of IP address in the VPC. This is a sub-network which allows you to split the network inside the VPC - it is where resources such as EC2 can be launched.
+ * A subnet is a range of IP addresses in the VPC. This is a sub-network which allows you to split the network inside the VPC - it is where resources such as EC2 can be launched.
* A private subnet is a good choice for hosting a Database - it will not be accessible directly from the Internet
* A public subnet is a good choice for hosting a WebServer - however it requires a NACL, Router and IG to ensure Internet connectivity
* Each subnet must reside entirely within one Availability Zone and cannot span zones. For HA, launch EC2 instances into subnets of separate AZs
@@ -63,9 +63,9 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* VPN-only subnet: The subnet has a route to a Site-to-Site VPN connection through a virtual private gateway. The subnet does not have a route to an internet gateway.
* A subnet CIDR reservation is a range of IPv4 or IPv6 addresses that you set aside so that AWS can't assign them to your network interfaces.
1. [NACL versus Security Group](https://gocloudtech.medium.com/aws-security-groups-vs-nacl-whats-the-difference-a38b9eb6796b) Subnet and Instance traffic rules.
- * NACL is `stateless` and allow one-way traffic i.e. separatly specific inbound and outbound traffic to the subnet.
+ * NACL is `stateless` and allows one-way traffic i.e. separately specific inbound and outbound traffic to the subnet.
* NACL allow and deny rules are supported. NACLs have an implicit `deny`. NACL rules are processed in order.
- * Security Group is stateful i.e. rules for inbound and outbound to EC2 instances are same. They allow return traffic.
+ * Security Group is stateful i.e. rules for inbound and outbound to EC2 instances are the same. They allow return traffic.
* Security Group only supports `allow` rules.
1. [CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html): CDN
* A Content Delivery Network (CDN)
@@ -80,7 +80,7 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
1. [AWS Direct Connect](https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html): VLAN
* Dedicated physical network connection from your on-premises data center to AWS
* Data travels over a private network - virtual LAN from on-prem data center over ethernet fiber optic cable.
- * Supports hybrid cloud architecture e.g. host database in the private cloud and the application on the public cloud, direct connect ensures the two talk and allows for data sovereignity
+ * Supports hybrid cloud architecture e.g. host database in the private cloud and the application on the public cloud, direct connect ensures the two talk and allows for data sovereignty
* Use case: Transfer internal data directly to AWS bypassing your ISP, or, build hybrid models or transfer large data sets to AWS.
1. [AWS VPN](https://aws.amazon.com/vpn/): VPN
* Site-to-site VPN creates a secure connection between your internal network and your AWS VPCs.
@@ -96,8 +96,8 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Serverless: write functions and deploy. AWS manages the servers but no direct access.
* Scales automatically - no need to configure, patch or manage.
* Use case: Real-time file processing, sending email notifications, Backend business logic
- * Supports Java, Go, PoweShell, Node.Js, C#, Python, and Ruby. Executes code in response to events, timers or other triggers. Lambda has ’re actively hiring engineers as we respond to changing market conditr - deploy a db or web server whatever you need
- * SSH securly connects with a key pair. SSH Client uses private key, the EC2 instance uses a public key
+ * Supports Java, Go, PowerShell, Node.Js, C#, Python, and Ruby. Executes code in response to events, timers or other triggers. Lambda has ’re actively hiring engineers as we respond to changing market condition - deploy a db or web server whatever you need
+ * SSH securely connects with a key pair. SSH Client uses private key, the EC2 instance uses a public key
* EIC is EC2 Instance Connect - uses IAM polices to control SSH access to your instances
* AWS Systems Manager- use a web browser, or AWS CLI to manage EC2 instances directly
1. [ELB](https://aws.amazon.com/elasticloadbalancing/): Block Storage
@@ -112,15 +112,15 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Elastic container service.
* Run highly secure, reliable, and scalable containers.
1. [EKS](https://aws.amazon.com/eks/): Containers
- * Amazone Elastic Kubernetes Service.
+ * Amazon Elastic Kubernetes Service.
* Start, run, and scale Kubernetes.
1. [Lightsail](https://aws.amazon.com/lightsail/): IAC
- * Quickly lauch all resources you need for small projects.
+ * Quickly launch all resources you need for small projects.
* Simple for folks with no cloud experience.
* Low and predictable fees.
1. [Outpost](https://aws.amazon.com/outposts/): Hybrid Cloud
* Run AWS Infrastructure and services on premises for a consistent hybrid cloud architecture.
- * Allows cloud services in the internal data ’re actively hiring engineers as we respond to changing market conditcenter
+ * Allows cloud services in the internal data the’re actively hiring engineers as we respond to changing market conditions
* Useful for latency or data sovereignty needs
* Used for hybrid experience
1. [Batch](https://aws.amazon.com/batch/): IAC Spot
@@ -133,13 +133,13 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Launch, manage and scale relational databases on the cloud. Supports Aurora, PostgreSQL, MySQL, MariaDB, Oracle, SQLServer.
* Offers HA, fault tolerance using Multi-AZ deployment option.
* AWS manages the database with automatic software patching, automated backups, OS updates.
- * Launch read-repliccas across Regions in order to provide enhanced performance and durability.
+ * Launch read-replicas across Regions in order to provide enhanced performance and durability.
* Does not automatically add capacity or storage.
1. [Aurora](https://aws.amazon.com/rds/aurora/)
- * AWS build Aurora for the cloud compatible with MySQL and PostgreSQL - created by AWS.
- * Supported MySQL and PostgreSQL database enginges. 5x and 3x faster that native.
+ * AWS built Aurora for the cloud compatible with MySQL and PostgreSQL - created by AWS.
+ * Supported MySQL and PostgreSQL database engines. 5x and 3x faster than native.
* Scales automatically by adding capacity and storage while providing durability and high availability.
- * Backs up to S3, replication to multiple region and storage across 6 stores.
+ * Backs up to S3, replication to multiple regions and storage across 6 stores.
1. [DynamoDB](https://docs.aws.amazon.com/dynamodb/index.html)
* Fully managed serverless NoSQL key-value and document database.
* Scales automatically to massive workloads.
@@ -151,22 +151,22 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Graph database service, fully managed and serverless.
* Fast, reliable and durable.
* User profiles and social connections.
- * Usecases: Customer360, Detect fraud patterns, machine learning predictions, IT security detection and investigation.
+ * Use cases: Customer360, Detect fraud patterns, machine learning predictions, IT security detection and investigation.
1. [ElastiCache](https://aws.amazon.com/elasticache/)
* Microsecond latency and scale with in-memory caching.
* In-memory data cache compatible with [Redis and Memcache](https://aws.amazon.com/elasticache/redis-vs-memcached/).
* High-performance, low latency and no durability.
- * Usecases: Application performance, ease backend database load, low latency data retrieval needs.
+ * Use cases: Application performance, ease backend database load, low latency data retrieval needs.
## Data Migration and Transfer
1. [Database Migration Service](https://aws.amazon.com/dms/)
*
* [Feature rich tool](https://aws.amazon.com/dms/features/) that helps you migrate databases to or within AWS.
- * Homogenous and hetrogenous databases can be migrated with virtually no downtime.
+ * Homogeneous and heterogeneous databases can be migrated with virtually no downtime.
* Data is synchronized between the source and target continuously.
1. [Server Migration Service](https://aws.amazon.com/server-migration-service/): Deprecated in favor of AWS MGN (AWS Application Migration Services)
* AWS Server Migration Service will automatically replicate live server volumes to AWS and create Amazon Machine Images (AMI) as needed.
- * This is being discontiuned in favor of AWS Application Migration Service.
+ * This is being discontinued in favor of AWS Application Migration Service.
1. [Application Migration Service](https://aws.amazon.com/application-migration-service/): Lift and Shift
* Migrate applications from any source infrastructure that runs supported operating systems.
* Application Migration Service is the next generation of CloudEndure Migration
@@ -175,7 +175,7 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Snowcone: Smallest member holds 8TB of usable storage, collect process
*
* Snowball: 80TB. Cheaper And Snowball Edge used for petabyte scale data migration and has local processing when in a remote environment - supports EC2 and lambda.
- * Snowmobile: 100PB. Multi-perabyte or exabyte scale. Data loaded to S3 - securely transported with escort vehicle.
+ * Snowmobile: 100PB. Multi-Petabyte or exabyte scale. Data loaded to S3 - securely transported with escort vehicle.
1. [Data Sync](https://docs.aws.amazon.com/datasync/latest/userguide/what-is-datasync.html) Data Transfer Service
* Data transfer online with speeds are 10x faster.
* Data replication cross-region and cross-account.
@@ -200,31 +200,31 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Analyze petabyte-scale data where it lives with ease and flexibility.
* S3 SQL. Pre-configured to work with Glue.
* Query service to analyze data using SQL. It is serverless.
- * Use cases: run federated queries across relational, nonrelational, object, and custom data sources running on premises or in the cloud. Use ML models in SQL queries or Python. Build distributed big data reconciliation engines. Analyze google analytics data by using AppFlow to store in S3 to query it.
+ * Use cases: run federated queries across relational, non-relational, object, and custom data sources running on premises or in the cloud. Use ML models in SQL queries or Python. Build distributed big data reconciliation engines. Analyze google analytics data by using AppFlow to store in S3 to query it.
1. [Data Pipeline](https://aws.amazon.com/datapipeline/) :
* Helps you move data between compute and storage services running either AWS or on-premises
- * Move data based on conditions, intervals and sends notifactions
+ * Move data based on conditions, intervals and send notifictions
* Move from S3 to Redshift.
## Big Data and Search
1. [EMR](https://aws.amazon.com/emr/) Map Reduce
* Process large amounts of data via map reduce.
* Analyze data using Hadoop and Apache Spark.
- * Usecase: Perform big data analytics, build scalable data piplelines, process real-time data streams, accelerate data science and ML adoption.
+ * Use case: Perform big data analytics, build scalable data pipelines, process real-time data streams, accelerate data science and ML adoption.
2. [OpenSearch](https://aws.amazon.com/opensearch-service/) Interactive Log Analytics
* Search petabytes of unstructured data.
*
- * Open source Elastic Search, Open Search Dashboard and Kibana.
+ * Open source ElasticSearch, Open Search Dashboard and Kibana.
## Streams
-1. [Kinesis](https://aws.amazon.com/kinesis/): Stream proecessor
+1. [Kinesis](https://aws.amazon.com/kinesis/): Stream procecessor
* Easily collect, process, and analyze video and data streams in real time.
- * Usecase: Real-time video and data streams, IoT Data, Click Log, Web Stream logs are good use-cases.
+ * Use case: Real-time video and data streams, IoT Data, Click Log, Web Stream logs are good use-cases.
* Evolve from batch to real-time analytics.
1. [MSK](https://aws.amazon.com/msk/): Kafka
* Managed Streaming for Apache Kafka.
- * Usecase: Ingest and process log and event streams, run centralized state or data buses, power your event-driven systems.
+ * Use case: Ingest and process log and event streams, run centralized state or data buses, power your event-driven systems.
## Artificial Intelligence and Machine Learning
-1. [Rekognition](https://aws.amazon.com/rekognition/)usecases: Computer Vision
+1. [Rekognition](https://aws.amazon.com/rekognition/)Use cases: Computer Vision
* Automate image and video analysis
* Identify custom labels in image and video
* Use cases: Analyze pizza images to ensure toppings
@@ -234,14 +234,14 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
1. [Polly](https://aws.amazon.com/polly/): Speech-to-text
* High quality natural sounding human voices in dozens of languages.
* Customize Text to speech output with Speech Synthesis Markup Language tags.
- * Usecases: Generate speech in dozens of languages, engage customers with a natural-sounding voice, adjust speaking style, speech rate, pitch and loudness.
+ * Use cases: Generate speech in dozens of languages, engage customers with a natural-sounding voice, adjust speaking style, speech rate, pitch and loudness.
1. [SageMaker](https://aws.amazon.com/sagemaker/): ML
* Machine Learning service.
* Helps you build, train and deploy machine learning models quickly.
- * Prepare data for models, train and deploy models, provides deep learning AMIs.
+ * Prepare data for models, train and deploy models, and provides deep learning AMIs.
* Recommendation engine for movies, music etc.
1. [Translate](https://aws.amazon.com/translate/): Translate
- * Provides language tanslation and support many languages and content formats.
+ * Provides language translation and supports many languages and content formats.
* Use case: Add localization to websites and applications.
*
1. [Lex](https://aws.amazon.com/lex/): Chatbot
@@ -250,21 +250,21 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Recognize speech and understand language.
* Powers Amazon Alexa.
* Integrate voice into device.
- * Usecases: Build virtual agents and voice assistants, automate informational responses, improve productivity with application bots, maxminize the information trapped in transcripts.
+ * Use cases: Build virtual agents and voice assistants, automate informational responses, improve productivity with application bots, maximize the information trapped in transcripts.
## Storage
1. [Simple Storage Service S3](https://docs.aws.amazon.com/cli/latest/reference/s3/) - Regional Service with global namespace and bucket policies
* Unique name across all buckets in AWS
* 11 9s of durability: regional level redundancy
* 4 9s of availability
- * S3 does not automatically replicate across regions - it can be setup.
- * Usecase: Host static websites, data archivale, analytics such as redshift and athena. Upload with S3 transfer acceleration for file uploads from mobile applications.
+ * S3 does not automatically replicate across regions - it can be set up.
+ * Use case: Host static websites, data archival, analytics such as redshift and athena. Upload with S3 transfer acceleration for file uploads from mobile applications.
1. S3 Storage Class
* Standard: Durable 11-9s. 4-9s available.
* Intelligent Tiering: Unknown or changing access. Standard durability with 3-9s availability
* Infrequent Access: For Long-Lived, Infrequently Accessed, Millisecond access when needed. Durable with 3 9s availability.
* One-Zone Infrequent Access: Cost 20% less than IA. Use if data is recreatable, infrequent millisecond access, availability is 99.5%.
* Glacier: Data retrieval options 1-5 minutes, 3-5 hours, 5-12 hours. Multiple AZs. Standard durability. Cheap storage options.
- * Glacier Deep Archieve: 12hrs or 48hr retrieval options. Cheapest. Long-term data archivale accessed once or twice a year. No availability - but standard durability.
+ * Glacier Deep Archive: 12 hour or 48 hour retrieval options. Cheapest. Long-term data archival accessed once or twice a year. No availability - but standard durability.
* Outposts: Data that needs to be kept local. Demanding application performance needs.
1. Buckets: Root level 'folders' for file storage
* Folder
@@ -278,7 +278,7 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Moves data faster over longer distances.
* Shorten distance to S3 via CloudFront.
1. [EC2 Instance Storage](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Storage.html)
- * Emphemeral storage that is temporary block-level for your instance.
+ * Ephemeral storage that is temporary block-level for your instance.
* Lasts during the life of the instance.
* It is temporary block-level storage for instances.
* Provides local fastest I/O.
@@ -287,7 +287,7 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Good for database storage.
* HDD with an independent life from the instance it is attached to.
* Only one per instance.
- * Use cases: Build SAn in the cloud for I/O intensive applications, Run relational or NoSQL databases, reight-size your big-data analytic engine.
+ * Use cases: Build SAn in the cloud for I/O intensive applications, Run relational or NoSQL databases, right-size your big-data analytic engine.
1. [EFS - Elastic File System](https://aws.amazon.com/efs/) : Shared file system.
* EFS file system as a common data source for workloads and applications running on multiple instances
* Regional serverless network file system. Like dropbox.
@@ -295,8 +295,8 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* Shared directories. Expensive option.
* 11-9s durability and 4-9s availability.
1. [Storage Gateway](https://aws.amazon.com/storagegateway/): Hybrid storage
- * On-prem extends storage to cloud.
- * Some on the cloud, some local. File directory - some hosted locally some on the cloud.
+ * On-prem extends storage to the cloud.
+ * Some on the cloud, some local. File directory - some hosted locally, some on the cloud.
* Moving backups to the cloud.
* Reduce costs by being selective, opt for low latency local files.
1. [AWS Backup](https://aws.amazon.com/backup/): Backup and recovery
@@ -306,32 +306,32 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
## Messaging and Integration Services
1. [SQS](https://aws.amazon.com/sqs/): Queue
- * Fully managed message queuing for microservices, distributed systems, and servlerless applications.
- * Sends messages on a queue between publisher and a single subscriber.
+ * Fully managed message queuing for microservices, distributed systems, and serverless applications.
+ * Send messages on a queue between publisher and a single subscriber.
* Securely send sensitive data between applications and centrally manage your keys using AWS Key Management.
* Reliably deliver large volumes of data, at any level of throughput, without losing messages or needing other services to be available.
- * Usecase: architect a loosely coupled system architecture such as money transfer application. Improve performance and scalability. Requests are processed in FIFO.
+ * Use case: architect a loosely coupled system architecture such as money transfer application. Improve performance and scalability. Requests are processed in FIFO.
1. [SNS](https://aws.amazon.com/sns/): Topic
* Simple Notification Service - Fully managed Pub/Sub service for A2A and A2P messaging.
- * A2P with SMS, texts, push notifactions and email (plain text).
+ * A2P with SMS, texts, push notifictions and email (plain text).
1. [SES](https://aws.amazon.com/ses/): Email
- * Sends rich text HTML Emails from your applications.
+ * Send rich text HTML Emails from your applications.
* Get reliable, scalable email to communicate with customers at the lowest industry prices.
* Marketing campaigns, and professional richly formatted HTML text.
## Developer Tools
1. [Cloud9](https://aws.amazon.com/cloud9/): IDE
* IDE write and debug code in your browser
- * Build serverless applications - preconfigures environment.
+ * Build serverless applications - pre configured environment.
1. [CodeCommit](https://aws.amazon.com/codecommit/) : Git
* Source Control system for private Git repositories.
1. [CodeBuild](https://aws.amazon.com/codebuild/): Build Server
- * Allows you to build and test your applicaton source code.
+ * Allows you to build and test your application source code.
* Compiles source code and runs tests.
* Enables CI-CD
* Produces build artifacts ready to be deployed
1. [CodeDeploy](https://aws.amazon.com/codedeploy/) : Delivery Server
- * Automate code edeployment to maintain application uptime.
+ * Automate code deployment to maintain application uptime.
* Manage the deployment of code to on-premises as well as cloud.
* Use prepackaged build environments or your own, and encrypt artifacts with your own keys.
* Maintain application uptime, deploy to EC2, lambda, fargate and others.
@@ -352,13 +352,13 @@ AWS offers [Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/tr
* A CloudFormation template describes your desired resources and their dependencies so you can launch and configure them together as a stack.
* JSON and YAML are supported - define templates to create stacks.
* Repeatable process for provisioning of resources.
- * Usecase: automate the infrastructure-provisiong for EC2 servers
+ * Use case: automate the infrastructure-provisioning for EC2 servers
1. [Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html): IaC for dummies
* Deploy your web applications and services to AWS and not on-prem.
* Orchestration service that provisions resources.
* Automatically handles deployments, handles capacity provisioning, load balancing and auto-scaling.
* Monitors application health via a health dashboard.
- * Usecase: Quickly deploy a scalable Java-based web application to AWS.
+ * Use case: Quickly deploy a scalable Java-based web application to AWS.
1. [OpsWorks](https://aws.amazon.com/opsworks/): DevSecOps
* Automate operations with Chef and Puppet on-premises or AWS.
* OpsWorks has three offerings, AWS Opsworks for Chef Automate, AWS OpsWorks for Puppet Enterprise, and AWS OpsWorks Stacks.