Definitions and pro-tips for the SAA-C03 certification.
Amazon API Gateway is a fully managed service enabling developers to create, publish, maintain, monitor, and secure APIs at any scale. It handles tasks like authentication, authorization, request validation, and traffic management, simplifying API development and deployment for microservices and serverless applications.
Amazon Athena is an interactive query service enabling analysis of data directly in Amazon S3 using standard SQL. It is serverless, meaning no infrastructure is required, and you pay only for the data scanned during query execution, making it cost-effective for ad-hoc analysis of large datasets.
Amazon Aurora is a MySQL and PostgreSQL-compatible relational database engineered for high performance and availability. It delivers up to five times the throughput of standard MySQL while offering full compatibility with existing database applications. Aurora automatically scales storage and provides point-in-time recovery.
Amazon CloudWatch is a monitoring and observability service providing metrics, logs, and events for AWS resources and applications. It enables real-time monitoring, automated actions, and anomaly detection to optimize performance and troubleshoot issues.
Amazon Cognito delivers secure user authentication, authorization, and management for web and mobile applications. It offers User Pools for managing user directories and Identity Pools for granting access to AWS resources. Cognito simplifies user sign-up, sign-in, and provides integration with social identity providers like Google and Facebook.
DynamoDB is a serverless, key-value and document database service offering single-digit millisecond performance at any scale. It is a fully managed NoSQL database designed for applications requiring consistent performance and scalability, supporting both document and key-value data models.
Amazon EBS provides persistent block storage volumes for use with EC2 instances. These volumes act as virtual hard drives, offering various types optimized for different workloads. EBS volumes can be dynamically resized and backed up, providing flexibility and data durability for your applications running on AWS.
Amazon EBS Snapshots are incremental backups of EBS volumes, stored in S3. They provide point-in-time recovery and disaster recovery capabilities. Snapshots are volume-level and can be shared between AWS accounts or regions.
EC2 Auto Scaling automatically adjusts the number of Amazon EC2 instances in your application based on defined policies and health checks. This ensures high availability and optimal performance by scaling resources in response to changing demand, reducing operational overhead.
Amazon Elastic Container Service (ECS) is a highly scalable, high-performance container orchestration service. It allows developers to easily run, stop, and manage Docker containers on a cluster of EC2 instances or using AWS Fargate, a serverless compute engine for containers, simplifying container deployment and management.
Amazon Elastic File System delivers a fully managed, scalable, and elastic NFS file system for use with AWS compute services and on-premises resources. It provides concurrent access to files from thousands of EC2 instances, simplifying application migration and eliminating the need for file server management.
Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that simplifies deploying, managing, and scaling containerized applications using Kubernetes on AWS. It is fully compatible with upstream Kubernetes, enabling portability and leveraging existing Kubernetes tooling and expertise.
Amazon ElastiCache is a fully managed, in-memory data store and caching service. It supports both Redis and Memcached engines, providing low-latency access to frequently accessed data. ElastiCache improves application performance by reducing the load on relational databases and accelerating data retrieval.
Amazon EMR is a managed cluster platform enabling big data processing using frameworks like Hadoop, Spark, and Presto. It simplifies cluster provisioning, configuration, and scaling, allowing developers to focus on data analysis rather than infrastructure management. EMR integrates with AWS data storage and analytics services.
Amazon FSx provides fully managed file systems built on popular third-party technologies, offering native compatibility and feature sets. Currently, FSx supports Windows File Server and Lustre, enabling organizations to leverage existing skills and applications without compromising performance or manageability.
Amazon Glacier is a low-cost archive storage service designed for infrequently accessed data. It provides durable and secure storage with retrieval times ranging from minutes to hours. Glacier offers different retrieval options β Expedited, Standard, and Bulk β each with varying costs and access speeds.
Amazon Kinesis is a platform for collecting, processing, and analyzing real-time, streaming data. It offers services like Kinesis Data Streams, Kinesis Data Firehose, and Kinesis Data Analytics, enabling applications to ingest, transform, and analyze data in motion with low latency.
Amazon RDS is a managed database service supporting six database engines: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Amazon Aurora. It automates administrative tasks like patching, backup, and recovery, simplifying database management and improving reliability.
Amazon RDS simplifies the setup, operation, and scaling of relational databases in the cloud. It supports multiple database engines, including MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server. RDS automates tasks like patching, backups, and recovery, reducing administrative overhead and improving database availability.
Amazon Redshift is a fully managed, petabyte-scale data warehouse service designed for complex analytical queries. Utilizing columnar storage and massively parallel processing (MPP), Redshift enables fast query performance on large datasets, supporting business intelligence and reporting applications.
Amazon Route 53 is a scalable and highly available DNS web service. It translates human-readable domain names into IP addresses, enabling users to access internet applications. Route 53 offers advanced routing policies and health checking for improved application availability.
Route 53 routing policies define how DNS queries are answered. These policies control traffic distribution based on factors like simple round-robin, weighted distribution, latency, failover, or geographic location. Understanding these policies is crucial for high availability and optimal user experience.
Amazon S3 is object storage offering high scalability, data durability, and security. It stores data as objects within buckets, accessible via a web interface or API. S3 supports various storage classes optimized for frequency of access, impacting cost and retrieval times.
Amazon S3 provides object storage with high scalability, data availability, security, and durability. It stores data as objects within buckets, offering various storage classes optimized for different access patterns and cost requirements, from frequent access to archival storage.
Amazon S3 Storage Classes provide different tiers of storage optimized for varying access patterns and cost requirements. These classes range from frequent access options like S3 Standard to infrequent access and archival solutions like Glacier and Glacier Deep Archive, offering granular control over storage costs.
Amazon SQS is a fully managed message queuing service enabling decoupled application components. It supports Standard queues (best-effort ordering, high throughput) and FIFO queues (strict ordering, lower throughput) for reliable message delivery.
Amazon SQS is a fully managed message queuing service facilitating decoupled application components. It enables asynchronous communication, improving fault tolerance and scalability. SQS supports standard queues (best-effort ordering) and FIFO queues (first-in, first-out delivery), ensuring reliable message delivery.
The Amazon SQS Extended Client Library automatically manages SQS message visibility timeouts, reducing the risk of message loss or duplicate processing. It handles timeout extensions and retries, ensuring reliable message delivery even during transient failures. This library is crucial for building robust, scalable, and fault-tolerant applications.
Amazon VPC provides a logically isolated section of the AWS Cloud, allowing you to define a virtual network with complete control over its network configuration. This includes defining IP address ranges, subnets, route tables, and network gateways for enhanced security and isolation.
An Auto Scaling Group (ASG) manages a collection of EC2 instances, automatically adjusting capacity based on defined policies. ASGs ensure high availability and application responsiveness by launching or terminating instances in response to demand, distributing them across Availability Zones for fault tolerance.
An Availability Zone is a physically distinct location within an AWS Region designed to provide fault tolerance. Each AZ operates independently, with redundant power, networking, and connectivity, ensuring high availability for applications deployed across multiple AZs within a region.
AWS CloudFormation provides infrastructure as code, allowing users to define and provision AWS resources through declarative templates. These templates automate infrastructure creation, updates, and deletion, ensuring consistency and repeatability across environments. It supports rollback capabilities and version control for reliable deployments.
AWS CloudTrail records API calls made to your AWS account, providing an audit trail of user activity and changes to resources. Logs capture details like the identity of the caller, the time of the event, and the source IP address, supporting security analysis, compliance, and troubleshooting.
AWS CloudWatch is a monitoring and observability service providing metrics, logs, and events for AWS resources and applications. It enables real-time monitoring, automated actions, and anomaly detection, facilitating performance optimization and troubleshooting within the AWS environment.
AWS CloudWatch Alarms monitor specified metrics for AWS resources and trigger actions when metric values cross defined thresholds. These actions include sending notifications via SNS, auto-scaling resources, or executing automated remediation tasks. Alarms are essential for proactive monitoring and automated incident response.
AWS CodePipeline is a fully managed continuous integration and continuous delivery (CI/CD) service. It automates the software release process by building, testing, and deploying code based on defined stages and actions. CodePipeline supports multiple source providers and deployment targets.
AWS Config continuously monitors and records the configuration of your AWS resources. It provides a detailed history of resource changes, allowing you to assess, audit, and evaluate configurations against desired standards. This supports governance and compliance requirements.
AWS Cost Explorer is a tool for visualizing, analyzing, and managing AWS costs and usage. It provides detailed reports and recommendations to identify cost optimization opportunities, forecast future spending, and track cost allocation across various AWS services and resources.
AWS Database Migration Service (DMS) facilitates secure and efficient migration of databases to AWS. It supports homogeneous migrations (e.g., Oracle to Oracle) and heterogeneous migrations (e.g., Oracle to Aurora). DMS minimizes downtime by continuously replicating data changes during the migration process.
AWS Direct Connect establishes a dedicated network connection between your on-premises infrastructure and AWS, bypassing the public internet. This provides consistent network performance, enhanced security, and potentially reduced bandwidth costs for hybrid cloud deployments.
AWS Fargate is a serverless compute engine for containerized applications, compatible with Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). It eliminates server management by automatically scaling and patching the underlying infrastructure, allowing developers to focus solely on application code.
AWS Global Accelerator is a service that directs end-user traffic to optimal endpoints based on network conditions, improving application availability and performance. It utilizes the AWS global network and provides static Anycast IP addresses for consistent access points worldwide, reducing latency and enhancing resilience.
AWS Glue is a fully managed ETL (Extract, Transform, Load) service designed to discover, prepare, and integrate data for analytics. It provides a data catalog, automatically generates ETL code, and executes ETL jobs efficiently. Glue supports various data sources and formats, simplifying data warehousing and data lake implementations.
AWS IAM Roles are identities granting temporary access to AWS services without requiring long-term credentials. They are assumed by users, applications, or AWS services to perform specific actions. Roles enhance security by eliminating the need to embed access keys directly into code or distribute them to users.
AWS Key Management Service (KMS) is a managed service that facilitates the creation and control of cryptographic keys used to encrypt your data. KMS supports symmetric and asymmetric keys, integrating with various AWS services to protect data at rest and in transit, enhancing security posture.
AWS KMS Customer Managed Keys (CMKs) provide users with complete control over their encryption keys. Customers create, own, and manage these keys, including defining access policies and rotation schedules. CMKs are used to encrypt data across various AWS services, enhancing data security and compliance.
AWS Lambda is a serverless compute service that executes code in response to events. It automatically manages the underlying infrastructure, scaling resources as needed. Developers upload code as functions, and Lambda handles provisioning, patching, and administration, enabling a pay-per-use billing model.
AWS Organizations centralizes management and governance of multiple AWS accounts. It enables consolidated billing, automated policy enforcement via Service Control Policies (SCPs), and simplified account creation. Organizations facilitates a multi-account strategy for security, compliance, and resource isolation within a single AWS environment.
AWS Secrets Manager securely stores and manages sensitive information like database credentials, API keys, and other secrets. It automates rotation, tracking, and retrieval of these credentials, reducing the risk of exposure and simplifying security management for applications and services.
AWS Step Functions is a serverless orchestration service that allows you to coordinate multiple AWS services into serverless workflows. It simplifies the development of complex applications by visually modeling state transitions and handling error conditions, improving reliability and maintainability.
AWS Storage Gateway is a hybrid cloud storage service enabling on-premises applications to seamlessly utilize AWS cloud storage. It offers four gateway types: File, Volume, Tape, and Cached, providing access to scalable, durable, and cost-effective storage without application modifications.
AWS Systems Manager provides a unified interface for managing your AWS and on-premises infrastructure. It offers capabilities for automation, patching, configuration management, and remote command execution, enhancing operational efficiency and reducing manual effort across hybrid environments.
AWS Transit Gateway simplifies network architecture by acting as a central hub for connecting multiple VPCs and on-premises networks. It eliminates the complexity of managing numerous VPC peering connections, offering centralized routing and improved network management capabilities.
AWS Trusted Advisor is an online service analyzing your AWS environment against best practices. It provides recommendations across five categories: Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits. These checks help improve efficiency, reduce risk, and ensure optimal resource utilization within your AWS infrastructure.
AWS Web Application Firewall (WAF) protects web applications from common web exploits, such as SQL injection and cross-site scripting (XSS). It filters malicious traffic based on customizable rules and managed rule sets, safeguarding application availability, security, and resource consumption.
AWS X-Ray is a distributed tracing service that helps developers analyze and debug production applications, particularly those built using microservices. It provides end-to-end visibility into requests as they traverse multiple services, identifying performance bottlenecks and errors across a complex architecture.
A Bastion Host is a hardened server deployed within a VPC to provide secure, controlled access to resources in private subnets. It acts as a single point of entry, mitigating exposure of internal instances directly to the internet and enforcing strict access controls via SSH or RDP.
CloudFront is a globally distributed content delivery network (CDN) accelerating content delivery by caching data at edge locations. It reduces latency and improves performance for static and dynamic web content, integrating with origins like S3, EC2, and load balancers.
CloudWatch is an observability service providing monitoring, logging, and alarming capabilities for AWS resources and applications. It collects and processes metrics, logs, and events, enabling performance analysis, operational insights, and automated responses to system changes.
DynamoDB is a fully managed NoSQL database service offering high performance at any scale. It supports key-value and document data models, providing predictable latency with automatic scaling. Data is stored in tables, items, and attributes, utilizing primary keys for efficient access.
EC2 Instance Metadata is a dynamic, locally accessible data source providing information about the instance itself. This includes details like instance ID, AMI ID, region, and IAM role, accessed via the 169.254.169.254 endpoint. It is crucial for secure credential retrieval.
Elastic Beanstalk is a Platform-as-a-Service (PaaS) offering simplifying the deployment and management of web applications and services. It supports multiple languages and frameworks, automatically handling infrastructure provisioning, load balancing, and auto-scaling.
Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets, improving application availability and scalability. ELB monitors the health of targets and routes traffic only to healthy instances, ensuring fault tolerance and optimal performance.
An IAM Policy is a JSON document defining permissions within AWS. It specifies what actions are allowed or denied on which resources, and is attached to IAM users, groups, or roles to control access to AWS services. Policies adhere to the principle of least privilege.
An IAM role is an AWS identity granting temporary access to services and resources. Roles are designed for applications or services, not individual users, and define permissions through policies. They are assumed by entities needing access, eliminating the need for long-term credentials.
Lambda is a serverless compute service executing code in response to events without server management. It supports multiple languages and automatically scales, charging only for actual compute time. Code is packaged as deployment packages and configured with memory and timeout settings.
A NAT Gateway is a fully managed AWS service that allows instances in a private subnet to initiate outbound connections to the internet or other AWS services, while preventing unsolicited inbound connections. It enhances security by hiding private IP addresses.
Network Access Control Lists (Network ACLs) are optional security layers operating at the subnet level that control inbound and outbound traffic. They function as stateless firewalls, evaluating traffic based on defined rules without remembering previous requests, requiring explicit allow rules for both directions.
An AWS Region is a geographically distinct area containing multiple Availability Zones. Regions offer independent infrastructure, enabling high availability, fault tolerance, and data residency for compliance requirements. Selecting a Region impacts latency, cost, and service availability.
Route 53 is a highly scalable and available DNS web service. It translates human-readable domain names into IP addresses, enabling users to access internet resources. Route 53 supports various routing policies, including simple, weighted, latency-based, and failover, optimizing application availability and performance.
An S3 Bucket Policy is a resource-based policy defining access permissions for an S3 bucket and its objects. Policies are written in JSON and grant or deny access to specific principals, controlling actions like object reads, writes, and deletions. Itβs crucial for managing data security and access control.
S3 Cross-Region Replication automatically copies objects between S3 buckets in different AWS Regions. This feature enhances data durability, supports disaster recovery strategies, and enables compliance with data residency regulations. Replication can be configured for entire buckets or specific object prefixes.
Security Groups act as virtual firewalls for EC2 instances, controlling inbound and outbound traffic at the instance level. They are stateful, meaning that if inbound traffic is permitted, corresponding outbound traffic is automatically allowed, simplifying rule configuration and enhancing security.
Serverless architecture is a cloud computing model where the cloud provider fully manages the underlying infrastructure, dynamically allocating resources as needed. Developers focus solely on writing and deploying code without provisioning or maintaining servers. This results in reduced operational overhead and cost optimization based on actual usage.
SNS is a fully managed pub/sub messaging service enabling event-driven architectures. It allows applications to publish messages to topics, which are then distributed to subscribed endpoints, including SQS queues, Lambda functions, and email addresses, facilitating real-time communication.
SQS is a fully managed message queuing service facilitating decoupled application components. It reliably stores and delivers messages, enabling scalability and resilience in distributed systems. SQS supports standard and FIFO queues, offering varying levels of message ordering and delivery guarantees.
Simple Notification Service (SNS) is a fully managed pub/sub messaging service enabling decoupling of microservices, system notifications, and event-driven architectures. It supports message delivery via topics and subscriptions to various endpoints, including SQS, Lambda, and HTTP/S.
SQS is a fully managed message queuing service enabling decoupled application components. It supports standard queues (best-effort ordering, high throughput) and FIFO queues (strict ordering, lower throughput). Messages are stored reliably until processed, improving system resilience.
A VPC Endpoint enables private connectivity to AWS services without traversing the public internet. It utilizes a network interface within your VPC, routing traffic directly to the service. This enhances security and reduces data transfer costs by keeping traffic within the AWS network.
VPC Peering enables direct network connectivity between two VPCs, allowing traffic to be routed privately using IPv4 or IPv6 addresses. This facilitates resource sharing and application integration without traversing the public internet, enhancing security and performance.
We're adding new exams every week. Let us know what you're studying for, and we'll bump it up our priority list! (Typical turnaround: 2-3 days)
Your feedback has been submitted successfully. We appreciate your help in making Cert Sensei better!