Amazon Web Services
Compute
- AWS EC2
- EC2 Instance Types
- EC2 Pricing Models
- EC2 Auto Scaling
- Elastic Load Balancing-ELB
- AWS Lambda – Serverless Computing
- Amazon Lightsail
- AWS Elastic Beanstalk
- AWS Fargate
- Amazon ECS (Elastic Container Service)
- Amazon EKS (Elastic Kubernetes Service)
Storage
- S3 vs. EBS vs. EFS
- Amazon S3 (Simple Storage Service)
- Amazon S3 Storage Classes
- Amazon EBS (Elastic Block Store)
- Amazon EFS (Elastic File System)
- AWS Storage Gateway
- AWS Snowball
- Amazon FSx
- AWS Backup
Database Services
- Amazon RDS
- Amazon Aurora
- Amazon DynamoDB
- Amazon ElastiCache
- Amazon Redshift
- AWS Database Migration Service (DMS)
- Amazon Neptune
- Amazon DocumentD
Networking and Content Delivery
- Amazon VPC
- Subnets
- Internet Gateway
- AWS Direct Connect
- AWS Route 53
- AWS CloudFront
- AWS Transit Gateway
- Elastic IP Addresses
DynamoDB
- DynamoDB Global Table vs Regular DynamoDB Table
- DynamoDB Streams
- Athena query data to DynamoDB
- Athena Query Results with DynamoDB
- PySpark DataFrame to DynamoDB
Redshift
Lambda
Glue
Lambda
Security
Difference Between AWS Control Tower and AWS Organizations
AWS Control Tower and AWS Organizations both help manage multi-account environments, but they serve different purposes.
| Feature | AWS Organizations | AWS Control Tower |
|---|---|---|
| Purpose | Centralized management and billing of AWS accounts | Automates multi-account setup and governance |
| Scope | Manages multiple accounts with policies | Provides best practices for account setup and governance |
| Management | Focuses on account structure & permissions | Provides a full governance framework |
| Guardrails | Service Control Policies (SCPs) to enforce security | Pre-configured preventive and detective guardrails |
| Customization | Highly flexible, requires manual setup | Opinionated setup with best practices |
| Use Case | Large-scale multi-account management | Automated secure multi-account setup |
1. : Managing Multiple AWS Accounts for an Enterprise
- A large enterprise has multiple AWS accounts for different departments (HR, Finance, IT).
- Solution with AWS Organizations:
- Each department gets a separate AWS account.
- SCPs ensure departments follow security and compliance rules.
- Benefit: Centralized billing, access control, and security policies.
Architecture
Root Account (AWS Organizations) ├── HR Account ├── Finance Account ├── IT Account ├── Shared Services Account2. : Automating Secure Multi-Account Setup for a Startup
- A fast-growing startup needs multiple AWS accounts but wants automated governance.
- Solution with AWS Control Tower:
- Creates pre-configured accounts (e.g., Security, Log Archive).
- Implements guardrails to enforce best practices.
- Benefit: Quick, secure, and compliant account setup.
Architecture
AWS Control Tower ├── Management Account ├── Security Account (Guardrails Applied) ├── Log Archive Account (For Compliance) ├── Workload Accounts (For Applications)3.Managing Policies Across Business Units
- A retail company operates separate AWS accounts for different regions (US, EU, APAC).
- Solution with AWS Organizations:
- Defines SCPs to enforce regional security policies.
- Centralizes IAM roles for controlled access.
- Benefit: Ensures global compliance and security.
Architecture
Root Account (AWS Organizations) ├── US Business Unit ├── EU Business Unit ├── APAC Business UnitWhen to Use AWS Organizations vs AWS Control Tower?
| Use Case | AWS Organizations | AWS Control Tower |
|---|---|---|
| Need centralized account management | ✅ Yes | ✅ Yes |
| Need automated multi-account setup | ❌ No | ✅ Yes |
| Want flexibility with policies | ✅ Yes | ❌ No (opinionated setup) |
| Require pre-configured guardrails | ❌ No | ✅ Yes |
| Manage thousands of AWS accounts | ✅ Yes | ❌ No (designed for fewer accounts) |
When NOT to Use
❌ Avoid AWS Organizations if you need automated setup – use Control Tower instead.
❌ Avoid AWS Control Tower if you need high customization – use Organizations with custom policies.