us-east-2.amazonaws.com
us‐west‐1
us-west-1.amazonaws.com
us‐west‐2
us-west-2.amazonaws.com
ap‐east‐1
ap-east-1.amazonaws.com
ap‐south‐1
ap-south-1.amazonaws.com
ap‐northeast‐2
ap-northeast-2.amazonaws.com
ap‐northeast‐3
ap-northeast-3.amazonaws.com
ap‐southeast‐1
ap-southeast-1.amazonaws.com
ap‐southeast‐2
ap-southeast-2.amazonaws.com
ap‐northeast‐1
ap-northeast-1.amazonaws.com
ca‐central‐1
ca-central-1.amazonaws.com
cn‐north‐1
cn-north-1.amazonaws.com.cn
cn‐northwest‐1
cn-northwest-1.amazonaws.com.cn
eu‐central‐1
eu-central-1.amazonaws.com
eu‐west‐1
eu-west-1.amazonaws.com
eu‐west‐2
eu-west-2.amazonaws.com
eu‐west‐3
eu-west-3.amazonaws.com
eu‐north‐1
eu-north-1.amazonaws.com
me‐south‐1
me-south-1.amazon.aws.com
Endpoint addresses are used to access your AWS resources remotely from within application code or scripts. Prefixes like
ec2
, apigateway
, or cloudformation
are often added to the endpoints to specify a particular AWS service. Such an address might look like this: cloudformation.us-east-2.amazonaws.com
. You can see a complete list of endpoint addresses and their prefixes at docs.aws.amazon.com/general/latest/gr/rande.html
.
Because low‐latency access is so important, certain AWS services are offered from designated edge network locations. These services include Amazon CloudFront, Amazon Route 53, AWS Firewall Manager, AWS Shield, and AWS WAF. For a complete and up‐to‐date list of available locations, see aws.amazon.com/about-aws/global-infrastructure/regional-product-services
.
Physical AWS data centers are exposed within your AWS account as availability zones. There might be half a dozen availability zones within a region, like us‐east‐1a
and us‐east‐1b
, each consisting of one or more data centers.
You organize your resources from a region within one or more virtual private clouds (VPCs). A VPC is effectively a network address space within which you can create network subnets and associate them with availability zones. When configured properly, this architecture can provide effective resource isolation and durable replication.
AWS Reliability and Compliance
AWS has a lot of the basic regulatory, legal, and security groundwork covered before you even launch your first service.
AWS has invested significant planning and funds into resources and expertise relating to infrastructure administration. Its heavily protected and secretive data centers, layers of redundancy, and carefully developed best‐practice protocols would be difficult or even impossible for a regular enterprise to replicate.
Where applicable, resources on the AWS platform are compliant with dozens of national and international standards, frameworks, and certifications, including ISO 9001, FedRAMP, NIST, and GDPR. (See aws.amazon.com/compliance/programs
for more information.)
The AWS Shared Responsibility Model
Of course, those guarantees cover only the underlying AWS platform. The way you decide to use AWS resources is your business—and therefore your responsibility. So, it's important to be familiar with the AWS Shared Responsibility Model.
AWS guarantees the secure and uninterrupted operation of its “cloud.” That means its physical servers, storage devices, networking infrastructure, and managed services. AWS customers, as illustrated in Figure 1.3, are responsible for whatever happens within that cloud. This covers the security and operation of installed operating systems, client‐side data, the movement of data across networks, end‐user authentication and access, and customer data.
FIGURE 1.3 The AWS Shared Responsibility Model
The AWS Service Level Agreement
By