AWS Core Services Overview for AWS Cloud Practitioner CLF-C02

Compute services run your applications. EC2 (Elastic Compute Cloud) provides virtual machines you configure and manage. Lambda runs code in response to events without any server management, charging per invocation and execution duration. Elastic Beanstalk is a PaaS that deploys and manages web applications automatically, while you maintain control over the underlying resources. ECS and EKS run containerized workloads, with EKS managing Kubernetes clusters specifically.

Storage services hold your data. S3 is object storage for any file type, from images to backups to static websites. EBS is block storage for EC2 instances, similar to an attached hard drive. EFS is shared file storage accessible by multiple Linux instances simultaneously. Glacier and Glacier Deep Archive are low-cost archival storage for data you access rarely. Storage Gateway extends on-premises storage to AWS.

Database services cover relational and non-relational needs. RDS manages relational databases (MySQL, PostgreSQL, SQL Server, Oracle). Aurora is AWS's high-performance MySQL/PostgreSQL-compatible engine. DynamoDB is fully managed NoSQL for key-value and document patterns. ElastiCache provides in-memory caching with Redis or Memcached. Redshift is a data warehouse for analytical queries on large datasets.

Networking services connect your resources. VPC (Virtual Private Cloud) is your private isolated network within AWS. Route 53 is AWS's DNS service, routing users to your endpoints. CloudFront is the content delivery network that caches content at edge locations worldwide. Direct Connect provides a dedicated private physical connection from your premises to AWS. ELB (Elastic Load Balancing) distributes traffic across multiple instances.

Security services protect your environment. IAM controls who can do what in your account. KMS manages encryption keys. CloudTrail logs every API call for audit purposes. GuardDuty detects threats by analyzing CloudTrail, VPC Flow Logs, and DNS logs using machine learning. Inspector scans EC2 instances and container images for software vulnerabilities. Macie discovers sensitive data in S3. Shield protects against DDoS attacks. WAF filters malicious web requests.

Other key services: CloudWatch collects metrics and logs from AWS resources. SNS is a pub/sub notification service that pushes messages to multiple subscribers. SQS is a message queue where consumers pull messages independently. CloudFormation automates infrastructure deployment using code templates. Trusted Advisor analyzes your account against AWS best practices in cost, performance, security, fault tolerance, and service limits.

EC2: virtual machines you manage. Lambda: serverless functions, event-driven. Elastic Beanstalk: PaaS, managed app deployment.

S3: object storage, any file, unlimited scale. EBS: block storage attached to one EC2. EFS: shared NFS for multiple Linux instances.

GuardDuty: threat detection from logs (CloudTrail, VPC Flow Logs, DNS). Inspector: vulnerability scanning of instances and containers. Macie: sensitive data discovery in S3.

CloudTrail: who called which API. CloudWatch: metrics, logs, alarms for running resources.

SNS: push to multiple subscribers at once (fan-out). SQS: queue for independent consumers to pull from.

Trusted Advisor: recommendations across cost, performance, security, fault tolerance, service limits. Five pillars.

CloudFormation: infrastructure as code (IaC). Deploy entire environments from templates.