Help with infrastructure under a massive denial-of-service (DoS) attack

Help with failed and unavailable infrastructure

Help with making a bill payment to AWS

Help with accessing your infrastructure via the AWS CLI

Developer

Business

Enterprise

No plan covers this kind of support.

$120

$29

$100

$480

$4,000

$100

$1,100

$2,310

AWS Professional Services

The Basic Support plan

AWS Partner Network

The Knowledge Center

The Professional Services product helps AWS Partner Network cloud professionals work alongside your own team to help you administrate your cloud infrastructure. The TAM is a cloud professional employed by AWS to guide you through the planning and execution of your infrastructure.

The TAM is a cloud professional employed by AWS to guide you through the planning and execution of your infrastructure. The Professional Services product provides cloud professionals to work alongside your own team to help you administrate your cloud infrastructure.

The TAM is a member of your team designated as the point person for all AWS projects. The Professional Services product provides consultants to work alongside your own team to help you administrate your cloud infrastructure.

The Professional Services product is a network appliance that AWS installs in your data center to test cloud-bound workloads for compliance with best practices. The TAM is a cloud professional employed by AWS to guide you through the planning and execution of your infrastructure.

Microsoft Word (DOC)

Kindle

HTML

DocBook

https://aws.amazon.com/

premiumsupport/knowledge-center

https://aws.amazon.com/

premiumsupport/compare-plans

https://docs.aws.amazon.com

https://aws.amazon.com/

professional-services

To introduce new users to the functionality of the core AWS services

To explain how AWS deployments can be more efficient and secure than on-premises

To provide a public forum where AWS users can ask their technical questions

To present solutions to commonly encountered technical problems using AWS infrastructure

https://aws.amazon.com/

premiumsupport/knowledge-center

https://aws.amazon.com/

security/security-resources

https://docs.aws.amazon.com

https://aws.amazon.com/

security/encryption

The page URL will include the word latest.

The page URL will include the version number (i.e., 3.2).

The page will have the word Current at the top right.

There is no easy way to tell.

Performance

Service Limits

Replication

Fault Tolerance Fault Tolerance

Fault Tolerance

Performance

Security

Cost Optimization

Performance

Cost Optimization

Service Limits

Replication

An alert for a service state that was actually intentional

A green OK icon for a service state that is failed or failing

A single status icon indicating that your account is completely compliant

Textual indication of a failed state

MFA on Root Account

Load Balancer Optimization

Service Limits

IAM Access Key Rotation

us-east-1

us-west-2

us-west-2a

us-west-2b

AWS Admin

US-DOD

Asia Pacific (Tokyo)

AWS GovCloud

Service

Subnet

Availability Zone

Region

RDS

Route 53

EC2

CloudFront

us-east-1.amazonaws.com.rds

ecs.eu-west-3.amazonaws.com

rds.us-east-1.amazonaws.com

rds.amazonaws.com.us-east-1

It can make infrastructure more fault tolerant.

It can make applications available to end users with lower latency.

It can make applications compliant with local regulations.

It can bring down the price of running.

Because those resources are run on a physical device, and that device must live somewhere

Because security considerations are best served by restricting access to a single physical location

Because access to any one digital resource must always occur through a single physical gateway

Because spreading them too far afield would introduce latency issues

Launch parallel, load-balanced instances in multiple AWS Regions.

Launch parallel, load-balanced instances in multiple Availability Zones within a single AWS Region.

Launch parallel, autoscaled instances in multiple AWS Regions.

Launch parallel, autoscaled instances in multiple Availability Zones within a single AWS Region.

One or more independently powered data centers running a wide range of hardware host types

One or more independently powered data centers running a uniform hardware host type

All the data centers located within a broad geographic area

The infrastructure running within a single physical data center

The virtual limits imposed on the network access permitted to a resource instance

The block of IP addresses assigned for use within a single region

The block of IP addresses assigned for use within a single Availability Zone

The networking hardware used within a single Availability Zone

Alphabetical order

They (appear) to be displayed in random order.

Numerical order

By order of capacity, with largest capacity first

To ensure the long-term reliability of a particular physical resource

To ensure the long-term reliability of a particular virtual resource

To orchestrate the use of multiple parallel resources to direct incoming user requests

To ensure that a predefined service level is maintained regardless of external demand or instance failures

Resource isolation

Resource automation

Resource redundancy

Resource geolocation

RDS

EC2 load balancers

Elastic Block Store (EBS) or Lambda

CloudFront

Automated protection from mass email campaigns

Greater availability through redundancy

Greater security through data encryption

Reduced latency access to your content no matter where your end users live

Countering the threat of distributed denial-of-service (DDoS) attacks

Managing domain name registration and traffic routing

Protecting web applications from web-based threats

Using the serverless power of Lambda to customize CloudFront behavior

The security of the cloud

Patching underlying virtualization software running in AWS data centers

Security of what’s in the cloud

Patching OSs running on EC2 instances

Everything associated with an AWS managed service is the responsibility of AWS.

Whatever is added by the customer (like application code) is the customer’s responsibility.

Whatever the customer can control (application code and/or configuration settings) is the customer’s responsibility.

Everything associated with an AWS managed service is the responsibility of the customer.

AWS Acceptable Use Monitor

Service Status Dashboard

AWS Billing Dashboard

Service Health Dashboard

AWS User Agreement Policy

AWS Acceptable Use Policy

AWS Acceptable Use Monitor

AWS Acceptable Use Dashboard

Identity and access management

Access key management

SSH key pair management

Federated access management

Require at least one uppercase letter.

Require at least one number.

Require at least one space or null character.

Require at least one non-alphanumeric character.

Assign the root user to the “admins” IAM group.

Use the root user for day-to-day administration tasks.

Enable MFA.

Create a strong password.

Instead of an access password, users authenticate via a physical MFA device.

In addition to an access password, users also authenticate via a physical MFA device.

Users authenticate using tokens sent to at least two MFA devices.

Users authenticate using a password and also either a physical or virtual MFA device.

echo "mykey.pem ubuntu@54.7.35.103" | ssh -i

ssh -i mykey.pem ec2-user@54.7.35.103

ssh -i mykey.pem@54.7.35.103

ssh ec2-user@mykey.pem:54.7.35.103 -i

Assign users requiring similar permissions to IAM roles.

Assign users requiring similar permissions to IAM groups.

Assign IAM users permissions common to others with similar administration responsibilities.

Create roles based on IAM policies, and assign them to IAM users.

A set of permissions allowing access to specified AWS resources

A set of IAM users given permission to access specified AWS resources

Permissions granted a trusted entity over specified AWS resources

Permissions granted an IAM user over specified AWS resources

You can provide users authenticated through a third-party identity provider access to backend resources used by your mobile app.

You can use identities to guide your infrastructure design decisions.

You can use authenticated identities to import external data (like email records from Gmail) into AWS databases.

You can provide admins authenticated through AWS Microsoft AD with access to a Microsoft SharePoint farm running on AWS.

Secure Shell

SSO

SAML 2.0

Active Directory

A record of API requests against your account resources

A record of failed password account login attempts

The current state of your account security settings

The current state of security of your IAM users’ access credentials

JSON

CSV

ASCII

XML

AdministratorAccess

AmazonS3FullAccess

AmazonEC2FullAccess

AdminAccess

A password

A password and MFA

An access key ID

An access key ID and secret access key

Their username, account_number, and a password

Their username and password

Their account number and secret access key

Their username, password, and secret access key

DynamoDB

SSE-S3

A client-side master key

SSE-KMS

Existing AWS Elastic Block Store volumes

RDS databases

S3 buckets

DynamoDB databases

SSH master key

KMS master key

Client-side master key

Customer master key

SSE-KMS

FedRAMP

PCI DSS

ARPA

They can be used to help you design secure and reliable credit card transaction applications.

They attest to AWS infrastructure compliance with data accountability standards like Sarbanes–Oxley.

They guarantee that all AWS-based applications are, by default, compliant with Sarbanes–Oxley standards.

They’re an official, ongoing risk-assessment profiler for AWS-based deployments.

They can help you confirm that your deployment infrastructure is compliant with regulatory standards.

They can provide insight into various regulatory and industry standards that represent best practices.

They can provide insight into the networking and storage design patterns your AWS applications use.

They represent AWS infrastructure design policy.