This is a digital copy of my physical notes taken while studying for AWS Certifications. Not all content is here since I’ve only taken notes on services which I haven’t actively used during my time with AWS. I’ve given every service a heading but notes may be terse if I am already familiar with the service.

EC2 - Elastic Compute Cloud


Security Groups


Purchasing Options

Spot Instances

Placement Groups

Elastic Network Interface


AMI - Amazon Machine Image

EC2 Instance Store

EBS - Elastic Block Store

Volume Types

EBS MultiAttach

EBS Encryption

EFS - Elastic Filesystem

ELB - Elastic Load Balancer

CLB - Classic Load Balancer

ALB - Application Load Balancer

NLB - Network Load Balancer

GWLB - Gateway Load Balancer

Sticky Sessions

Cross Zone Load Balancing


Connection Draining

ASG - Auto Scaling Groups

RDS - Relational Database Service

Read Replicas

RDS Multi AZ

RDS Custom

RDS Backups


Aurora Serverless

Global Aurora

Aurora ML

Aurora Backups

Aurora Clones

RDS Security

RDS Proxy


Elasticache Security

Route 53

Elastic Beanstalk

S3 - Simple Storage Service

S3 Replication

Requester Pays

S3 Transfer Acceleration

S3 Byte Range Fetching

S3 Encryption Options

S3 MFA Delete

S3 Glacier Vault Lock

S3 Access Points

S3 Object Lambda


Cloudfront Pricing

Global Accelerator

Amazon FSx

Hybrid Cloud

AWS Storage Gateway

AWS Transfer Family

AWS DataSync

SQS - Simple Queue Service

SQS Message visibility

Long Poling

FIFO queue


SNS - Simple Notification Service

SNS Fan Out Pattern


SNS Filters


Kinesis Data Streams

Kinesis Data Stream security

Kinesis Data Firehose

Data Streams vs Firehose

Data Streams Data Firehose
Streaming for ingest at scale Load stream data into other services
Write custom producer/consumer code Fully Managed
Real time (~200ms) Near real time
User manages sharding Auto scaling
1 to 365 days data retention No storage or data retention
Supports data replay No replay capability

Ordering Kinesis data

Kinesis vs SQS - FIFO

SQS vs SNS vs Kinesis

SQS SNS Kinesis
Consumers Pull data Push data to many subscribers Standard: 2MB per shard
Delete after consume Up to 12.5m subscribers Enhanced: 2MB per shard per consumer
Can have as many consumers as we want Data lost if not delivered Can replay data
No need to provision Up to 100k topics Meant for Real Time big data
Only Ordered if using FIFO No need to provision Shard level ordering
Supports individual message delay Integrates with SQS for “Fan out” Retention for 1 - 365 days
FIFO capability with SQS FIFO Provisioned or on demand available

Kinesis Data Analytics

Amazon MQ


Amazon ECR

Amazon ECS


ECS Load Balancing

ECS Data Volumes (EFS)

ECS Autoscaling

EC2 Launch Type Scaling

Amazon EKS

EKS Data Volumes

AWS App Runner


Lambda Limits

Lambda Snap Start

Edge Functions

Cloudfront Functions


Cloudfront Functions vs Lambda@Edge

Cloudfront Functions Lambda@Edge
Cache Key Normalisation Server ms execution time available
Header Manipulation Adjustable CPU/Memory
URL Rewriting Allows 3rd party libraries
Network access for external services
Access to request body

Lambda in a VPC

Lambda with RDS Proxy

Invoking Lambda from Aurora & RDS


DynamoDB capacity modes

DynamoDB accelerator (DAX)

DynamoDB Stream processing

Global tables

DynamoDB TTL

DynamoDB Backups

API Gateway

API Gateway endpoint types

API Gateway Security

Step Functions


Choosing the right Database

EXAM will likely ask about all of these from a high level

Amazon KeySpaces


Athena Federated Query


Redshift Spectrum

Amazon Elastic Map Reduce (EMR)


AWS Glue

Glue Crawler

Lake Formation

Amazon Managed Streaming for Apache Kafka (MSK)

Kinesis vs Kafka

Kinesis Data Streams MSK
1MB Size limit on messages 1mb default but up to 10MB
Data streams with shards Kafka topics use partitions
Shard splitting and merging Can only add patterns to topics
TLS inflight & KMS at rest Plaintext or TLS inflight & KMS at rest

Amazon Rekognition

Rekognition moderation

AWS Transcribe

AWS Polly


Lex + Connect

AWS Comprehend

Comprehend medical



Amazon Personalise


Cloudwatch Metrics

Cloudwatch Agent

Cloudwatch unified agent

Cloudwatch Alarms

Cloudwatch container insights

Cloudwatch Contributor Insights

Event Bridge


AWS Config

CloudWatch vs Cloudtrail vs Config

AWS organizations

IAM Conditions

IAM Roles vs Resource based policies

IAM Permission Boundaries

AWS IAM Identity Center

AWS Active Directory services

AWS Control tower


Multi-region KMS

S3 Replication Encryption

Sharing encrypted AMIs

SSM Parameter Store

Secrets Manager

Amazon Certificate Manager (ACM)

Web Application Firewall (WAF)

AWS Shield

AWS Firewall Manager

Guard Duty

Amazon Inspector



Default VPC


Internet Gateway

Bastion Hosts

NAT Instances

NAT Gateway

NACL & Security Groups

Security Groups vs NACLs

Security Groups NACL
Instance level Subnet level
Stateful (Return Allowed) Stateless (Always checked)
All rules evaluated Weighted Rules

VPC Peering

VPC Flow Logs

AWS Site to Site VPN

AWS VPN Cloudhub

Direct Connect (DX)

Site to Site VPN as a backup

Transit Gateway

VPC Traffic Mirroring

IPv6 for VPC

Egress Only Internet Gateway

Disaster Recovery

Database Migration Service (DMS)

AWS Backup

Elastic Network Adapter (ENA)

Elastic Fabric Adapter (EFA)

AWS Parallel Cluster

Amazon Pinpoint

© 2024 Pfych 🏳️‍⚧️