Amazon Web Services
Compute
- AWS EC2
- EC2 Instance Types
- EC2 Pricing Models
- EC2 Auto Scaling
- Elastic Load Balancing-ELB
- AWS Lambda – Serverless Computing
- Amazon Lightsail
- AWS Elastic Beanstalk
- AWS Fargate
- Amazon ECS (Elastic Container Service)
- Amazon EKS (Elastic Kubernetes Service)
DynamoDB
- DynamoDB Global Table vs Regular DynamoDB Table
- DynamoDB Streams
- Athena query data to DynamoDB
- Athena Query Results with DynamoDB
- PySpark DataFrame to DynamoDB
Redshift
Lambda
Glue
Lambda
Storage
- S3 vs. EBS vs. EFS
- Amazon S3 (Simple Storage Service)
- Amazon S3 Storage Classes
- Amazon EBS (Elastic Block Store)
- Amazon EFS (Elastic File System)
- AWS Storage Gateway
- AWS Snowball
- Amazon FSx
- AWS Backup
Security
Difference Between AWS Control Tower and AWS Organizations
AWS Control Tower and AWS Organizations both help manage multi-account environments, but they serve different purposes.
Feature | AWS Organizations | AWS Control Tower |
---|---|---|
Purpose | Centralized management and billing of AWS accounts | Automates multi-account setup and governance |
Scope | Manages multiple accounts with policies | Provides best practices for account setup and governance |
Management | Focuses on account structure & permissions | Provides a full governance framework |
Guardrails | Service Control Policies (SCPs) to enforce security | Pre-configured preventive and detective guardrails |
Customization | Highly flexible, requires manual setup | Opinionated setup with best practices |
Use Case | Large-scale multi-account management | Automated secure multi-account setup |
1. Example: Managing Multiple AWS Accounts for an Enterprise
- A large enterprise has multiple AWS accounts for different departments (HR, Finance, IT).
- Solution with AWS Organizations:
- Each department gets a separate AWS account.
- SCPs ensure departments follow security and compliance rules.
- Benefit: Centralized billing, access control, and security policies.
Architecture
Root Account (AWS Organizations) ├── HR Account ├── Finance Account ├── IT Account ├── Shared Services Account
2. Example: Automating Secure Multi-Account Setup for a Startup
- A fast-growing startup needs multiple AWS accounts but wants automated governance.
- Solution with AWS Control Tower:
- Creates pre-configured accounts (e.g., Security, Log Archive).
- Implements guardrails to enforce best practices.
- Benefit: Quick, secure, and compliant account setup.
Architecture
AWS Control Tower ├── Management Account ├── Security Account (Guardrails Applied) ├── Log Archive Account (For Compliance) ├── Workload Accounts (For Applications)
3. Example: Managing Policies Across Business Units
- A retail company operates separate AWS accounts for different regions (US, EU, APAC).
- Solution with AWS Organizations:
- Defines SCPs to enforce regional security policies.
- Centralizes IAM roles for controlled access.
- Benefit: Ensures global compliance and security.
Architecture
Root Account (AWS Organizations) ├── US Business Unit ├── EU Business Unit ├── APAC Business Unit
When to Use AWS Organizations vs AWS Control Tower?
Use Case | AWS Organizations | AWS Control Tower |
---|---|---|
Need centralized account management | ✅ Yes | ✅ Yes |
Need automated multi-account setup | ❌ No | ✅ Yes |
Want flexibility with policies | ✅ Yes | ❌ No (opinionated setup) |
Require pre-configured guardrails | ❌ No | ✅ Yes |
Manage thousands of AWS accounts | ✅ Yes | ❌ No (designed for fewer accounts) |
When NOT to Use
❌ Avoid AWS Organizations if you need automated setup – use Control Tower instead.
❌ Avoid AWS Control Tower if you need high customization – use Organizations with custom policies.
Would you like help setting up either service? 🚀