AWS

Right Sizing
Provisioning Instances to Match Workloads
Right sizing is the process of matching instance types and sizes to your workload
performance and capacity requirements at the lowest possible cost. It’s also the
process of looking at deployed instances and identifying opportunities to
eliminate or downsize without compromising capacity or other requirements,
which results in lower costs.

Amazon DynamoDB
Serverless, NoSQL, fully managed database with single-
digit millisecond performance at any scale
Amazon DynamoDB is a serverless, NoSQL, fully managed database service with
single-digit millisecond response times at any scale, enabling you to develop and
run modern applications while only paying for what you use.

Amazon Aurora
Unparalleled high performance and availability at global
scale with full MySQL and PostgreSQL compatibility
Amazon Aurora provides built-in security, continuous backups, serverless
computers, up to 15 read replicas, automated multi-Region replication, and
integrations with other AWS services.
Amazon Aurora machine learning (ML) enables you to add ML-based predictions
to applications via the familiar SQL programming language, so you don't need to
learn separate tools or have prior machine learning experience. It provides
simple, optimized, and secure integration between Aurora and AWS ML services
without having to build custom integrations or move data around. When you run
a ML query, Aurora calls Amazon Sage Maker or Amazon Bedrock for a wide
variety of ML algorithms including generative AI or Amazon Comprehend for
sentiment analysis, so your application doesn't need to call these services
directly.

Amazon Memory DB for Redis

Redis-compatible, durable, in-memory database service
for ultra-fast performance
Amazon memory DB for Redis is a durable database with microsecond reads, low
single-digit millisecond writes, scalability, and enterprise security. memory DB
delivers 99.99% availability and near instantaneous recovery without any data
loss.

Amazon Redshift
Power data driven decisions with the best price-
performance cloud data warehouse.
Amazon Redshift uses SQL to analyze structured and semi-structured data
across data warehouses, operational databases, and data lakes, using AWS-
designed hardware and machine learning to deliver the best price performance at
any scale.

AWS Well-Architected
Learn, measure, and build using architectural best
practices.
AWS Well-Architected helps cloud architects build secure, high-performing,
resilient, and efficient infrastructure for a variety of applications and workloads.
Built around six pillars—operational excellence, security, reliability, performance
efficiency, cost optimization, and sustainability—AWS Well-Architected provides a
consistent approach for customers and partners to evaluate architectures and
implement scalable designs.
Operational Excellence Pillar
The operational excellence pillar focuses on running and monitoring systems, and
continually improving processes and procedures. Key topics include automating
changes, responding to events, and defining standards to manage daily
operations.
Security Pillar
The security pillar focuses on protecting information and systems. Key topics
include confidentiality and integrity of data, managing user permissions, and
establishing controls to detect security events.
Reliability Pillar
The reliability pillar focuses on workloads performing their intended functions and
how to recover quickly from failure to meet demands. Key topics include
distributed system design, recovery planning, and adapting to changing
requirements.
Performance Efficiency Pillar
The performance efficiency pillar focuses on structured and streamlined
allocation of IT and computing resources. Key topics include selecting resource
types and sizes optimized for workload requirements, monitoring performance,
and maintaining efficiency as business needs evolve.

Cost Optimization Pillar

The cost optimization pillar focuses on avoiding unnecessary costs. Key topics
include understanding spending over time and controlling fund allocation,
selecting resources of the right type and quantity, and scaling to meet business
needs without overspending.

Sustainability Pillar
The sustainability pillar focuses on minimizing the environmental impacts of
running cloud workloads. Key topics include a shared responsibility model for
sustainability, understanding impact, and maximizing utilization to minimize
required resources and reduce downstream impacts.
 Shared Responsibility Model
Inherited Controls – Controls which a customer fully inherits from AWS.
 Physical and Environmental controls
Shared Controls – Controls which apply to both the infrastructure layer and
customer layers, but in completely separate contexts or perspectives. In a shared
control, AWS provides the requirements for the infrastructure and the customer
must provide their own control implementation within their use of AWS services.
Examples include:

 Patch Management – AWS is responsible for patching and fixing flaws within the
infrastructure, but customers are responsible for patching their guest OS and
applications.
 Configuration Management – AWS maintains the configuration of its
infrastructure devices, but a customer is responsible for configuring their own
guest operating systems, databases, and applications.
 Awareness & Training - AWS trains AWS employees, but a customer must train
their own employees.
Customer Specific – Controls which are solely the responsibility of the customer
based on the application they are deploying within AWS services. Examples
include:

 Service and Communications Protection or Zone Security which may require a

customer to route or zone data within specific security environments.
AWS Managed Services
Operational excellence in the cloud
AWS Managed Services (AMS) helps you adopt AWS at scale and operate more
efficiently and securely. We leverage standard AWS services and offer guidance
and execution of operational best practices with specialized automations, skills,
and experience that are contextual to your environment and applications.
AWS Migration Hub
Simplifying your end-to-end migration and
modernization journey
AWS Migration Hub delivers a guided end-to-end migration and modernization
journey through discovery, assessment, planning, and execution. Access the
latest guidance and tools from one location to get automated recommendations,
a prescriptive plan and cross-team collaboration and tracking to accelerate your
transformation. Simplify rehost, refactor and replat form of your applications
today with specialized services in Migration Hub built from the experience of
migrating thousands of customers to AWS.

AWS Cloud Adoption Framework (AWS CAF)

Accelerating your cloud-powered digital business transformation
The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and
best practices to help you digitally transform and accelerate your business
outcomes through innovative use of AWS. AWS CAF identifies specific
organizational capabilities that underpin successful cloud transformations. These
capabilities provide best practice guidance that helps you improve your cloud
readiness. AWS CAF groups its capabilities in six perspectives: Business, People,
Governance, Platform, Security, and Operations. Each perspective comprises a set
of capabilities that functionally related stakeholders own or manage in the cloud
transformation journey. Use the AWS CAF to identify and prioritize
transformation opportunities, evaluate and improve your cloud readiness, and
iteratively evolve your transformation roadmap.

Business

The Business perspective helps ensure that your cloud investments

accelerate your digital transformation ambitions and business
outcomes. Common stakeholders include chief executive officer
(CEO), chief financial officer (CFO), chief operations officer (COO),
chief information officer (CIO), and chief technology officer (CTO).

People

The People perspective serves as a bridge between technology and

business, accelerating the cloud journey to help organizations more
rapidly evolve to a culture of continuous growth, learning, and where
change becomes business-as-normal, with focus on culture,
organizational structure, leadership, and workforce. Common
stakeholders include CIO, COO, CTO, cloud director, and cross-
functional and enterprise-wide leaders.

Governance

The Governance perspective helps you orchestrate your cloud

initiatives while maximizing organizational benefits and minimizing
transformation-related risks. Common stakeholders include chief
transformation officer, CIO, CTO, CFO, chief data officer (CDO), and
chief risk officer (CRO).

Platform

The Platform perspective helps you build an enterprise-grade,

scalable, hybrid cloud platform, modernize existing workloads, and
implement new cloud-native solutions. Common stakeholders include
CTO, technology leaders, architects, and engineers.

Security

The Security perspective helps you achieve the confidentiality,

integrity, and availability of your data and cloud workloads. Common
stakeholders include chief information security officer (CISO), chief
compliance officer (CCO), internal audit leaders, and security
architects and engineers.

Operations

The Operations perspective helps ensure that your cloud services are
delivered at a level that meets the needs of your business. Common
stakeholders include infrastructure and operations leaders, site
reliability engineers, and information technology service managers.
Amazon Neptune
High-performance graph analytics and serverless database for superior
scalability and availability

Amazon Athena
Analyze petabyte-scale data where it lives with
ease and flexibility
Amazon Athena is a serverless, interactive analytics service built on open-
source frameworks, supporting open-table and file formats. Athena provides
a simplified, flexible way to analyze petabytes of data where it lives. Analyze
data or build applications from an Amazon Simple Storage Service (S3) data
lake and 30 data sources, including on-premises data sources or other cloud
systems using SQL or Python. Athena is built on open-source Trino and
Presto engines and Apache Spark frameworks, with no provisioning or
configuration effort required.

AWS Secrets Manager

Centrally manage the lifecycle of secrets
AWS Secrets Manager helps you manage, retrieve, and rotate database
credentials, API keys, and other secrets throughout their lifecycles .

Amazon Elasticache
Real-time performance for real-time applications

Amazon ElastiCache is a serverless, Redis- and Memcached-compatible caching

service delivering real-time, cost-optimized performance for modern applications.
ElastiCache scales to hundreds of millions of operations per second with
microsecond response times and offers enterprise-grade security and reliability.

AWS Identity and Access Management

Securely manage identities and access to AWS services
and resources
With AWS Identity and Access Management (IAM), you can specify who or what
can access services and resources in AWS, centrally manage fine-grained
permissions, and analyze access to refine permissions across AWS.

AWS Cloud Resilience

Build and run resilient, highly available applications in
the AWS cloud
Cloud resilience refers to the ability for an application to resist or recover from
disruptions, including those related to infrastructure, dependent services,
misconfigurations, transient network issues, and load spikes. Cloud resilience also
plays a critical role in an organization’s broader business
resilience strategy, including the ability to meet digital sovereignty requirements.

Machine Learning Service -

Amazon SageMaker
Build, train, and deploy machine learning models for
any use case with fully managed infrastructure, tools,
and workflows.
Extract & Analyze Data:-
Automatically extract, process, and analyze documents for more accurate
investigation and faster decision making.

Fraud Detection:-
Automate detection of suspicious transactions faster and alert your customers to
reduce potential financial loss.

Churn Prediction:-
Predict likelihood of customer churn and improve retention by honing in on likely
abandoners and taking remedial actions such as promotional offers.

Personalized Recommendations:-
Deliver customized, unique experiences to customers to improve customer
satisfaction and grow your business rapidly.

Amazon Mechanical Turk

Access a global, on-demand, 24x7 workforce
Amazon Mechanical Turk (MTurk) is a crowdsourcing marketplace that makes it
easier for individuals and businesses to outsource their processes and jobs to a
distributed workforce who can perform these tasks virtually. This could include
anything from conducting simple data validation and research to more subjective
tasks like survey participation, content moderation, and more. MTurk enables
companies to harness the collective intelligence, skills, and insights from a global
workforce to streamline business processes, augment data collection and
analysis, and accelerate machine learning development.

Amazon Transcribe
Automatically convert speech to text
Amazon Recognition

Automate and lower the cost of your image

recognition and video analysis with machine learning
Face liveness

Face compare and search

Face detection and analysis

Content moderation

Custom labels

Text detection

Video segment detection

Amazon CloudFront
Securely deliver content with low latency and high
transfer speeds.( Content delivery n/w service)

AWS Artifact
Access AWS and ISV security and compliance reports (compliance
reports)

AWS Artifact is your go-to, central resource for compliance-related

information that matters to you. It provides on-demand access to security
and compliance reports from AWS and ISVs who sell their products on AWS
Marketplace.

S3

is a object storage

AWS CloudFormation
AWS CloudFormation is a service that helps you model and set up your
AWS resources so that you can spend less time managing those
resources and more time focusing on your applications that run in
AWS. You create a template that describes all the AWS resources
that you want (like Amazon EC2 instances or Amazon RDS DB
instances), and CloudFormation takes care of provisioning and
configuring those resources for you. You don't need to individually
create and configure AWS resources and figure out what's dependent
on what; CloudFormation handles that. Deploing resources

AWS OpsWorks
Automate Operations with Chef and Puppet
AWS OpsWorks is a configuration management service that provides
managed instances of Chef and Puppet. Chef and Puppet are
automation platforms that allow you to use code to automate the
configurations of your servers.

company needs to organize its resources and track

AWS costs on a detailed level. The company needs
to categorize costs by business department,
environment, and application.
A. Access the AWS Cost Management console to
orgnize resources, set an AWS budget, and receive
notfications of unintentional usage.

B. Use tags to organize the resources. Activate

cost allocation tags to track AWS costs on a detailed
level.

C. Create Amazon CloudWatch dashboards to

visually organize and track costs individually.
D. Access the AWS Billing and Cost Management
dashboard to organize and track resource
consumption on a detailed level.

Amazon CloudWatch
Observe and monitor resources and applications on AWS, on
premises, and on other clouds

Migration Evaluator
Build a data-driven business case for aws
Fast track decision-making for cloud migration with a
customized assessment to reduce costs by up to 50%.

Amazon Macie
Discover and protect your sensitive data at
scale

AWS CloudTrail
AWS CloudTrail is an AWS service that helps you enable operational and risk
auditing, governance, and compliance of your AWS account. Actions taken by
a user, role, or an AWS service are recorded as events in CloudTrail. Events
include actions taken in the AWS Management Console, AWS
Command Line Interface, and AWS SDKs and APIs.

Amazon Cognito

Socile meidea login credentials

Implement secure, frictionless customer
identity and access management that
scales.

Aws shield – { Ddos attack }

Maximize application availability and
responsiveness with managed DDoS protection

Amazon GuardDuty
Protect your AWS accounts, workloads, and data with intelligent
threat detection
 nd
Lec 2
Q-11 A company is defining its AWS multi-
account strategy. The company needs to
control access to AWS services and needs to
consolidate billing across accounts. Which
AWS service should the company use to meet
these requirements?
A. AWS organizations
B. AWS Identity and Access Management(IAM)
C. AWS Billing and cost Management
D. Amazon Cognito

A. AWS organizations:-
Introducing AWS Organizations: AWS Organizations offers
policy-based management for multiple AWS accounts. Learn how
Organizations helps you more easily manage policies for groups of
accounts and automate account creation.
How it works: AWS Organizations lets you create new AWS accounts at
no
additional charge. With accounts in an organization, you can
easily allocate resources, group accounts, and apply governance
policies to accounts or groups.

Benefits of AWS Organizations:-

 1. Quickly scale your environment by programmatically creating new AWS
accounts for your resources and teams at no additional charge.
2. Simplify user-based permission management to give teams the
freedom to build while staying within targeted governance boundaries
3. Manage and optimize costs across yours AWS accounts and resources
4. Centrally secure and audit your environment across all of your AWS
accounts

Use Cases:
1. Automate AWS account creation
2. Enable proactive protection with a dedicated security group
3. Ensure user access to designated resources
4. Share common resources across accounts

B. AWS Identity and Access Management(IAM):-

Why use IAM?
Use AWS Identity and Access Management (IAM) to manage and scale
workload and workforce access securely supporting your agility and innovation
in AWS.
How it works:- With AWS Identity and Access Management (IAM), you can
specify who or what can access services and resources in AWS, centrally
manage fine-grained permissions, and analyze access to refine permissions
across AWS.

Benefits of IAM:-
1. Set permission guardrails and fine-grained access
2. Manage workload and workforce identities across your AWS accounts
 3. Use temporary security credentials and permission sets to access your
AWS resources
4. Analyze access and validate IAM policies as you move toward least
privilege

Use cases:-
1. Apply fine-grained permissions and scale with attribute-based access
control
2. Manage per-account access or scale access across AWS accounts and
applications
3. Establish organization-wide and preventative guardrails on AWS
4. Set, verify, and right-size permissions toward least privilege

C. AWS Billing and cost Management:-

AWS Billing and Cost Management is a web service that provides features
that helps you pay your bills and optimize your costs. Amazon Web
Services bills your account for usage, which ensures that you pay only for
what you use.

D. Amazon Cognito:-
Introduction to Amazon Cognito:- Amazon Cognito processes more than
100 billion authentications per month. The service helps you implement
customer identity and access management (CIAM) into your web and mobile
applications. You can quickly add user authentication and access control to
your applications in minutes.

Benefits of Amazon Cognito:-

1. Frictionless, customizable customer IAM
2. Advanced security features for sign-up and sign-in
3. High- performing, scalable user directory .
4. Standards-based ,federated sign-in capabilities
How it works:- With Amazon Cognito, you can add user sign-up and sign-in
features and control access to your web and mobile applications. Amazon
Cognito provides an identity store that scales to millions of users, supports
social and enterprise identity federation, and offers advanced security features
to protect your consumers and business. Built on open identity standards,
Amazon Cognito supports various compliance regulations and integrates with
frontend and backend development resources.

Use cases:-
1. Engage customers with flexible authentication
2. Managa B2B identities
3. Secure machine-to-machine authentication
4. Get role-based access to AWS resources
Q13. A company wants to migrate to the AWS Cloud. The
company needs the ability to acquire resources when the
resources are necessary. The company also needs the ability
to release those resources when the resources are no longer
necessary. Which architecture concepts of the AWS Cloud
meets these requirements.
A. Elasticity
B. Availability
C. Reliability
D. Durability

A. Elasticity:- The ability to acquire resources as you need them and release
resources when you no longer need them. In the cloud, you want to do this
automatically.
B. Availability:- The percentage of time that a workload is available for use
where “available for use” means that it performs its agreed function when
required. Availability (also known as service availability ) is a commonly
used metric to quantitatively measure reliability
C. Reliability:- The ability of a workload to perform its intended function
correctly and consistently when it’s expected to. This includes the ability to
operate and test the workload through its total lifecycle.
D. Durability:- The ability of a system to remain functional when faced with
the challenges of normal operation over its lifetime.

Q14. An ecommerce company wants to provide relevant

product recommendations to its customers. The
recommendations will include products that are frequently
purchased with other products that the customer has already
purchased. The recommendations also will include products of a
specific color and products from the customer’s favorite brand.
Which AWS service or feature should the company use to meets
these requirements with the LEAST development effort?
 A. Amazon comprehend.
B. Amazon forecast.
C. Amazon personalize.

1. Amazon comprehend:- Derive and understand valuable insights from text

within documents.

How it works:- Amazon Comprehend is a natural-language processing (NLP)

service that uses machine learning to uncover valuable insights and
connections in text.

Use cases:-

1. Mine business and call center analytics

2. Index and search product reviews
3. Legal briefs management
4. Process financial documents

2. Amazon forecast:- Forecast business outcomes easily and accurately using

machine learning.

How it works:- Amazon Forecast is a time-series forecasting service based

on machine learning (ML) and built for business metrics analysis.
Use cases:-
1. Retail and inventory forecasting
2. Workforce planning
3. Travel demand forecasting

3. Amazon personalize:-

Why Amazon Personalize?

Amazon Personalize accelerates your digital transformation with ML,
making it easier to integrate personalized recommendations into existing
websites, applications, email marketing systems, and more.
How it works:
Amazon personalize allows developer to quickly build and deploy curated
recommendation and intelligent user segmentation at scale using machine
learning (ML). because Amazon Personalize can be tailored to your
individual needs, you can deliver the right customer experience at the right
time and in the right place. You can now use Amazon Personalize and
generative AI powered capabilities to quickly create hyper-personalization
experiences for your users.
Use cases:-

1. Optimize recommendations
2 . Target customers more accurately
3 . Maximize your data’s value
4 . Promote items using business rules

Q15. Which AWS services provide encryption at rest for

Amazon RDS and for amazon Elastic Block
Store(Amazon EBS) volumes?
A. AWS Lambda
B. AWS key Management Service (AWS KMS)
C. AWS WAF

1. AWS Lambda:- Run code without thinking about servers or clusters

Why Lambda?
AWS Lambda is a compute service that runs your code in response to events
and automatically manages the compute resources, making it the fastest way
to turn an idea into a modern, production, serverless applications.
How it works:- AWS Lambda is a serverless, event-driven compute service that
lets you run code for virtually any type of application or backend service
without provisioning or managing servers. You can trigger Lambda from over
200 AWS services and software as a service (SaaS) applications, and only pay
for what you use.

AWS for every application:- AWS Lambda, a serverless compute service,

executes your code in response to events, handling compute resources for you.
Discover how AWS's comprehensive set of infrastructure capabilities and
services enables rapid and cost-effective modern applications development.
Use cases:-
1. Quickly process data at scale
2. Run interactive web and mobile backends
3. Enable powerful ML insights
4. Create event-driven applications

B. AWS key Management Service (AWS KMS):- Create and control keys used
to encrypt or digitally sign your data.
How it works:- AWS Key Management Service (AWS KMS) lets you create,
manage, and control cryptographic keys across your applications and AWS
services.
 What is AWS KMS?

Use AWS KMS to encrypt data across your AWS workloads, digitally sign data,
encrypt within your applications using AWS Encryption SDK, and generate and
verify message authentication codes (MACs).
AWS Key Management Service features:-

Overview:- AWS Key Management Service (KMS) gives you centralized control
over the cryptographic keys used to protect your data. The service is integrated
with other AWS services making it easier to encrypt data you store in these
services and control access to the keys that decrypt it. AWS KMS is also
integrated with AWS CloudTrail, which helps you audit who used which keys, on
which resources, and when. AWS KMS helps developers to more easily add
encryption or digital signature functionality to their application code either
directly or by using the AWS SDK. The AWS Encryption SDK supports AWS KMS
as a key provider for developers who need to encrypt/decrypt data locally
within their applications. इसकेआगे और भी है website से देख लेना
gandu
…

Use cases:-
1. Protect your data at rest
2. Encrypt and decrypt data
3. Sign and verify digital signatures
4. Build secure multi-tenant databases

C. AWS WAF:- Protect your web applications from common exploits

How it works:- AWS WAF helps you protect against common web exploits and
bots that can affect availability, compromise security, or consume excessive
resources.
Why AWS WAF?
With AWS WAF, you can create security rules that control bot traffic and block
common attack patterns such as SQL injection or cross-site scripting (XSS).

Q16. Which AWS service is deployed to VPCs and

provides protection from common network threats?
A. AWS shield
B. AWS WAF – हो चुका है ऊपर वाले question मे
C. AWS network firewall
D. AWS firewall manager

A. AWS shield:-
Maximize application availability and responsiveness with managed
DDoS protection
How it works:- AWS Shield is a managed DDoS protection service that
safeguards applications running on AWS.
Why AWS Shield?
AWS Shield Advanced is a tailored protection program that identifies threats
using exabyte-scale detection to aggregate data across AWS.

Use cases:-
1. Automatically scrub bad traffic at specific layers
2. Minimize application downtime and latency
3. Monitor and protect up to 1,000 resource types

C.AWS network firewall:-

Deploy network firewall security across your VPCs
Why AWS Network Firewall?
With AWS Network Firewall, you can create firewall rules that provide fine-
grained control over network traffic and easily deploy firewall security across
your VPCs.
How it works:-
With AWS Network Firewall, you can define firewall rules that provide fine-
grained control over network traffic. Network Firewall works together with
AWS Firewall Manager so you can build policies based on Network Firewall
rules and then centrally apply those policies across your virtual private clouds
(VPCs) and accounts.
Benefits of AWS Network Firewall:-
1. Automatically scale your network firewall to protect your managed
infrastructure
2. Protect your unique workloads with a flexible engine that can define
thousands of custom rules
3. Centrally manage security policies across existing accounts and VPC’s
and automatically enforce mandatory policies on new accounts
Use-cases:-
1. Inspect traffic flows using features such as inbound encrypted traffic
inspection, stateful inspection, protocol detection, and more.
2. Deploy outbound traffic filtering to prevent data loss, help meet
compliance requirements, and block known malware communications.

D. AWS firewall manager:-

Centrally configure and manage firewall rules across your accounts

How it works:-
AWS Firewall Manager is a security management service that allows you to
centrally configure and manage firewall rules across your accounts and
applications in AWS Organizations. As new applications are created, Firewall
Manager makes it easier to bring new applications and resources into
compliance by enforcing a common set of security rules.
 Use cases:-
1. Protect applications hosted on EC2 instances
2. Deploy tools at scale to protect data
3. Continually audit resources

Q17. A company has an environment that includes

Amazon EC2 instances . Amazon Lightsail , and on
premises server. The company wants to automate the
security updates for its operating system and
applications. Which solution will meet these
requirements with the LEAST operational effort?
A. Use AWS shield to identify and manage security events
B. Connect to each server by using a remote desktop connection.
Run an update script. समझ मे नह kीं आया मुझे एक बार अपने हहसाब से
देख लेना
C. Use the AWS System Manager Patch Manager capability
D. Schedule Amazon Guad Duty to run on a nightly basis

A. Use AWS shield to identify and manage security events :-

हो चुका है no 16 मे .......

C. Use the AWS System Manager Patch Manager capability

https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager.html
इस ललींक पे जाना देख लेना अपने हहसाब से

D. Schedule Amazon Guad Duty to run on a nightly basis:-

 Protect your AWS accounts, workloads, and data with
intelligent threat detection

What is Guard Duty?

Amazon guard Duty combines ML and integrated threat intelligence from
AWS and leading third parties to help protect your AWS accounts, workloads,
and data from threats.

How it works:- Amazon guard Duty is a threat detection service that

continuously monitors your AWS accounts and workloads for malicious activity
and delivers detailed security findings for visibility and remediation.

Benefits of guard Duty:-

1. Keep your accounts, workloads, and data secure by continuously
monitoring for potential threats across your AWS environment.
2. Expose threats quickly using anomaly detection, machine learning (ML),
behavioural modelling, and threat intelligence feeds from AWS and
leading third parties.
3. Accurately detect and respond to threats earlier, helping you detect
them before they escalate to broader business-impacting events.
4. Scale threat detection across all accounts in your AWS environment
without requiring manual effort or third-party tooling.
5. Safeguard your accounts, data, and resources across various AWS
compute types, spanning Amazon Elastic Compute Cloud (Amazon EC2),
 serverless workloads, and container workloads—including those on AWS
Faregate.

Guard Duty for AWS workload protection:-

1. Guard Duty S3 protection

2. Guard Duty EKS protection
3. Guard Duty EKS Runtime Monitoring
4. Guard Duty ECS Runtime Monitoring
5. Guard Duty EC2 Runtime Monitoring
6. Guard Duty Malware Protection
7. Guard Duty RDS Protection
8. Guard Duty Lambda Protection

Use cases:-

1. Detect suspicious activity in your generative AI workload

2. Accelerate investigations and automate remediation
3. Protect against ransomware and other types of malwares
4. Centralize threat detection for AWS container workloads
5. More easily meet compliance requirements, like PCI DSS