Broad Network Service - multiple varians like public network, acces by VPN, or even by private fiber
Resource Pooling
Rapid Elasticity - one of the key features
Key components provided by AWS:
Compute services: EC2 (dedicated, multi-tenant, bare metal), ElasticContainerService (ECS) for running containers in Docker at AWS, or on-premises using AmazonOutposts.
Storage services: S3, ElasticFileSystem for Linux, Amazon FSx for Windows, ElasticBlockStore (EBS) for virtual block storage volumes.
Database services: RelationalDatabaseService (RDS): Amazon Aurora with compatibility with Postgres or MySQL. Or just Postgres, MySQL, Oracle or Microsoft SQL Server.
Automating AWS Infrastructure: AWS CloudFormation enables provisioning of resources using JSON or YAML configurations.
Auditing: Cloud Trail tracking all API and Auth calls, potentially storing data in S3 Glacier archive.
Monitoring: CloudWatch - service for monitoring, alarming, and carrying out actions when determined thresholds are breached.
VMware Cloud on AWS: - on-premise based VMware infrastructure can be migrated to AWS VMware Cloud.
Elastic Beanstalk: cloud service for deploying web applications. Supports many languages as Java, .NET, PHP, etc. Applications can be hosted on Apache, Nginx, Passenger or IIS.
Cloud provider responsibilities:
Most of provided at AWS services have SLA describing what level of service is to be expected, and what kind of responsibility will AWS take in case of cloud fail.
When your service fails because of cloud fail, in most cases you need to provide proof that downtime of your service is indeed caused by problems with the cloud. In most cases proof will require logs, traces and architecture of application.
Applications should be designed with HA and fail-resistant architecture, otherwise most of the cloud providers will not be responsible for the outage.
Data security
All data stores and databases can encrypt data both in place and in transfer.
Encryption keys can be provided either by user or by AWS.
AWS identity and access management permissions can be defined at very granular level. Configurations can be done globally or in any particular service.
Migrating to the cloud
Define short-term value proposition. Ideally it should be months, when results would be understandable.
Start with low-value low-risk application. Don't try to move high-value production application as first move to the cloud rarely happens without any problems.
Try starting with simple solution. As example - storing archives in S3 Glacier.
Ensure that corporate policies allow access to on-premises servers from cloud.
If application can be just moved from previous platform and restarted on EC2, it can be called "lift-and-shift" application.
AWS Migration Service is recommended for performing "lift-and-shift" migrations.
Popular AWS services
AppSync - serverless service for synchronisation data between various backends (API, different databases and so on) and various frontends (iOS, Android, web) via GraphQL or WebSockets. Can provide granular auth and access checks and restrictions.
AppFlow - service for secured transferring data from various private services like Salesforce, on-prem DB and so on to AWS data storage solutions (S3, other DBs).
Athena - query service for data stored in S3. Multiple data formats are supported, including CSV, Avro, JSON, Parquet, ORC. Also it is possible to execute queries in parallel.
Audit Manager - service for performing audit as well as map existing resources to defined security standards such as CIS AWS Foundations Benchmark, GDPR and Payment Card Industry Data Security Standard (PCI DSS).
Comprehend - NLP service which is using machine learning to extract certain data from the text documents. For example, extracting number and date of the order from the complaint email.
Cognito - identity service for users authentication using both social networks logins and enterprise identity federations.
Detective - cyber security intelligence tool. It can analyze multiple data sorces like logs, traces, audit records, network activity to investigate potential and already happened security incidents.
DeviceFarm - tool for testing web and mobile applications by running concurrent test on multiple browsers and devices hosted in AWS. Supports wide range of browsers and mobile platforms, incuding Android and iOS.
DataExchange - marketplace for 3rd party data. Providers of data (scitentists, data-grabbers and so on) can upload their data to the DataExchange. The tool helps with the billing, providing access, asserting correct usage of the data. Subscribers to data can have unified place to take additional sets of data, have one billing process and so on. Technically data is stored in S3.
DataPipeline - lightweight tool for loading data from one datasource to another between AWS storages, services, and different on-premise solutions.
EMR - BigData platform for building datalake. With EMR you can quickly setup a Hadoop cluster. Files can be stored both in S3 and in HDFS. Calculations can be performed with Spark, Hive and other Hadoop tools. Usually, users prefer to store source files and results in S3, and intermediate files in HDFS.
Forecast - provides accurate time-sensitive forecasts for retail, manufactoring, logistics and so on.
FraudDetector - service for detecting fraud. It applies machine learning to files in S3 to detect possible violations.
Glue - extensive ETL solution.
Kendra - highly accurate machine learning solution for non-structured files in AWS resources.
Kinesis - tool for real-time data analysis. It can ingest various types of data, including logs, MQ messages, video and audio streams, mail.
KinesisVideoStreams - can be used to securely video streams form cameras, phones and other devises to application running in AWS to analyze, or encrypt and store.
KinesisDataFirehose - collecting streaming data to S3, Redshift, Opensearch, custom HTTP endpoints and various 3rd party apps like Datadog or Splunk.
KinesisDataStreams - handling streams of data.
Lex - allows to implement conversational interfaces using text recognition and text understanding for building chat-bots for SMS, Facebooks Messanger and so on.
MessageStreamingForApacheKafka - fully managed cluster of Apache Kafka and Kafka Connect.
ManagedServiceForPrometheus - fully managed Prometheus instance. Analysing metrics and performance of container applications in AWS and on-premise.
ManagedGraphana - managed Graphana instance. Tool for tracing, analyzing and alerting based on metrics of application.
OpenSearch - search engine forked from one of the previous ElastiSerach versions.
Pinpoint - inbound and outbound solution for communication with customers via email, sms, push, voice messages and in-app notifications.
Polly - service for turning text into life-like voice speach. API takes text for an input and returns audio stream.
PersonalHealthDashboard - receive notifications when used from AWS services are expiriencing problems.
Proton - create rules for provisioning virtual infrastructure as a code.
AWS-managed provisioning using CloudFormation.
self-managed provisioning using Terraform.
QuickSight - hosted BI service powered by machine learning. Can provide business insights and visualisation.
Rekognition - image and video handler. Can find and recognize scenes, objects, celebrities and inapproriate content.
SecurityHub - hub for analysing data gathered from various security services of AWS.
SageMaker - build train and deploy machine learning models.
Textract - service for extracting printed and written text from images.
Transcribe - extract text from audio.
Translate - neural-network based translator.
X-Ray - allows to analyze and debug applications.
ServiceMap - builds map of services and connections.
Identify - highlighting errors and bugs by analyzing responses from services.