Cloud Practitioner Cheat Sheet

Essential Services Reference Guide

AWS Services Overview

Flashcard Mode:
Organizations
Concepts
Centrally govern your environment; manage multiple AWS accounts and policies.
Use Case: Consolidate billing; apply SCPs; manage services across all accounts.
Organizations
Trusted Advisor
Concepts
Provides real-time guidance to help you follow AWS best practices.
Use Case: Optimize costs; improve security; check service limit utilization now.
Trusted Advisor
Access Analyzer
Security
Identifies resources shared with external entities, ensuring least privilege access.
Use Case: Find public S3 buckets; analyze cross-account IAM role access.
Access Analyzer
CloudTrail
Security
Records AWS API calls, enabling governance, compliance, and operational auditing.
Use Case: Track resource changes; monitor API calls for security analysis.
CloudTrail
Cognito
Security
User authentication, authorization, and management for web/mobile apps easily.
Use Case: Add app user sign-up/sign-in; enable social/SAML federated login.
Cognito
Config
Security
Assess, audit, and evaluate configurations of all your AWS resources.
Use Case: Ensure S3 buckets not public; track VPC configuration changes.
Config
Credential Reports
Security
IAM report listing all users and the current status of credentials.
Use Case: Audit IAM users' MFA status; identify and remove unused keys.
Credential Reports
GuardDuty
Security
Threat detection service; monitors for malicious or unauthorized account behavior.
Use Case: Detect compromised EC2s; identify suspicious S3 data access patterns.
GuardDuty
Inspector
Security
Automated vulnerability management; continually scans AWS workloads for issues.
Use Case: Scan EC2 for CVEs; check for unintended network exposures.
Inspector
KMS
Security
Create and manage cryptographic keys to secure and protect data.
Use Case: Encrypt S3 objects; manage keys for EBS volume encryption.
KMS
Secrets Manager
Security
Protects and securely manages secrets like passwords and API keys.
Use Case: Store database credentials; auto-rotate API keys for various services.
Secrets Manager
Shield
Security
Managed DDoS protection service safeguarding your applications running on AWS.
Use Case: Protect EC2/ELB/CloudFront apps from common DDoS attack types.
Shield
Athena
Technology
Serverless interactive query service for S3 data using standard SQL.
Use Case: Query S3 logs; analyze data lake content; ad-hoc S3 data queries.
Athena
CloudWatch
Technology
Monitors resources & applications; collects metrics, logs, sets alarms.
Use Case: Track EC2 CPU; alarm on thresholds; centralize application logs.
CloudWatch
EventBridge
Technology
Serverless event bus connecting apps, SaaS, and AWS services.
Use Case: Trigger Lambda from S3; orchestrate microservices with various events.
EventBridge
Fargate
Technology
Serverless compute for containers (ECS/EKS); no server management needed.
Use Case: Run containers without managing EC2; ideal for microservice applications.
Fargate
Health Dashboard
Technology
Displays AWS service health and personalized account health status updates.
Use Case: Check global disruptions; view account-specific operational events & maintenance.
Health Dashboard
Systems Manager
Technology
Unified interface for operational data viewing and task automation.
Use Case: Automate EC2 patching; run commands remotely; manage secure parameters.
Systems Manager
Budgets
Billing
Set custom budgets to track AWS costs/usage and receive alerts.
Use Case: Monitor service costs; get notified of overspending; track RI/SP utilization.
Budgets
Billing Console
Billing
Central hub for AWS payments, invoices, and all billing information.
Use Case: View current charges; download monthly invoices; manage payment methods.
Billing Console
Cost Explorer
Billing
Visualize, understand, and manage your AWS costs and usage trends.
Use Case: Explore spending with filters; graph costs; forecast future expenses.
Cost Explorer
Cost Management
Billing
Tools (Budgets, CUR) to plan, track, analyze, optimize spending.
Use Case: Set budget alerts; analyze costs with Cost & Usage Report.
Cost Management

⚡ Fast Recall Summary

Instance Purchasing Options

On-Demand Instances

Description: Pay per hour/second; no commitment; maximum flexibility for compute.

When to use: Spiky, unpredictable workloads; apps that cannot be interrupted.

Reserved Instances (RIs)

Description: Significant discount for 1 or 3-year compute usage commitment.

When to use: Steady-state, predictable usage; specific instance type needs fixed.

Savings Plans

Description: Lower compute prices for 1/3-year spend commitment; flexible across instances/regions.

When to use: Need to reduce costs with flexibility across compute services.

Spot Instances

Description: Up to 90% off; uses spare EC2 capacity; can be interrupted.

When to use: Fault-tolerant, flexible workloads; significant cost savings desired.

S3 Storage Classes

S3 Standard

Description: General-purpose; high durability/availability for frequently accessed data.

When to use: Websites, content delivery, mobile apps, big data analytics.

S3 Standard-Infrequent Access (IA)

Description: For less frequent access, rapid retrieval. Lower storage cost, higher retrieval.

When to use: Long-term backups, disaster recovery data not often retrieved.

S3 One Zone-Infrequent Access

Description: Like Standard-IA, but single AZ; 20% cheaper. Data not resilient to AZ failure.

When to use: Recreatable data, secondary backups; cost-saving for non-critical.

S3 Glacier Instant Retrieval

Description: Archive storage with millisecond access; faster than other Glaciers.

When to use: Long-lived archives needing immediate access (e.g., medical images).

S3 Glacier Flexible Retrieval

Description: Low-cost archive; retrieval from minutes to hours. For rarely accessed data.

When to use: Backup, disaster recovery, where varied retrieval times are fine.

S3 Glacier Deep Archive

Description: Lowest AWS cost; data accessed rarely. Retrieval within 12 hours.

When to use: Long-term data retention, compliance archives, digital preservation.

S3 Intelligent-Tiering

Description: Auto-moves data between tiers based on access, optimizing costs. No retrieval fees.

When to use: Data with unknown or changing access patterns; simplify S3 lifecycle.

Support Plans

Basic Support

Description: Included for all AWS customers. Access to customer service for account/billing, documentation, whitepapers, and support forums. Limited access to AWS Trusted Advisor (core checks).

Use Case: Personal accounts, exploring AWS, or non-critical workloads where self-service is sufficient.

Developer Support

Description: Business hours email access to Cloud Support Associates. Unlimited cases. General guidance response within 24 business hours. System impaired response within 12 business hours.

Use Case: Early development, testing, or experimenting with AWS. For users who need technical support during business hours.

Business Support

Description: 24x7 phone, email, and chat access to Cloud Support Engineers. Unlimited cases. Full set of Trusted Advisor checks. Support API. Contextual guidance based on your use-case. Faster response times (e.g., <1 hour for production system down).

Use Case: Production workloads, businesses relying on AWS for critical applications that require fast support and proactive guidance.

Enterprise On-Ramp Support

Description: Access to a pool of Technical Account Managers (TAMs), concierge support team, infrastructure event management, well-architected reviews. Response times as fast as <30 minutes for business-critical systems down).

Use Case: Production or business-critical workloads needing proactive support, architectural reviews, and operational assistance. A step towards full Enterprise support.

Enterprise Support

Description: All features of Business Support plus a designated Technical Account Manager (TAM), concierge support team, white-glove account onboarding, infrastructure event management, well-architected reviews, and operational reviews. Response times as fast as <15 minutes for business-critical systems down).

Use Case: Mission-critical workloads, large enterprises with significant AWS deployments requiring dedicated proactive support and strategic guidance.

Well-Architected Framework Pillars

1. Operational Excellence

Focuses on running and monitoring systems to deliver business value and continually improve supporting processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations.

2. Security

Focuses on protecting information, systems, and assets while delivering business value through risk assessments and mitigation strategies. Key topics include identity and access management, detective controls, infrastructure protection, data protection, and incident response.

3. Reliability

Focuses on the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle. Key topics include foundations, change management, and failure management.

4. Performance Efficiency

Focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

5. Cost Optimization

Focuses on avoiding unneeded costs. Key topics include understanding and controlling where money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without overspending.

6. Sustainability

Focuses on minimizing the environmental impacts of running cloud workloads. Key topics include understanding your impact, establishing sustainability goals, maximizing utilization, adopting new, more efficient hardware and software offerings, and using managed services.