36 thẻ
highly available
Multi-AZ, ALB, ASG
tolerate region failure
Aurora Global, DynamoDB Global
most cost-effective
S3 Glacier, Spot, Lambda, Reserved
least operational overhead
Lambda, Fargate, Aurora Serverless
most secure
KMS, IAM Role, Private subnet, WAF
minimum latency
CloudFront, Global Accelerator, DAX
decouple
SQS, SNS, EventBridge
real-time
Kinesis, EventBridge, WebSocket
compliance immutable
Object Lock, Vault Lock
audit API calls
CloudTrail
detect PII
Macie
detect threats
GuardDuty
vulnerability scan
Inspector
DDoS protection
Shield (Std free) + WAF
L7 firewall
WAF
hybrid connectivity
Direct Connect or VPN
cross-account access
IAM Role with sts:AssumeRole
replace SSH
Session Manager
backup centralized
AWS Backup
cost monitoring
Cost Explorer + Budgets + Cost Anomaly
deploy without server mgmt
Lambda, Fargate, S3, DynamoDB
shared file storage Linux
EFS
shared file storage Windows
FSx for Windows
HPC parallel filesystem
FSx for Lustre
static IP for whitelist
NLB or Global Accelerator
global app low latency
CloudFront or Route 53 latency
BYOL Windows/Oracle
Dedicated Host
event-driven Lambda from S3
Async invocation
WebSocket chat
API Gateway WebSocket or AppSync
GraphQL backend mobile
AppSync
ETL pipeline
Glue + Step Functions / EMR
migrate 200 TB on-prem
Snowball Edge
force HTTPS S3
bucket policy aws:SecureTransport
prevent public S3
Block Public Access
prevent leave Org
SCP deny LeaveOrganization
GDPR EU data residency
SCP region restriction + EU regions