Differences

This shows you the differences between two versions of the page.

--- wiki:aws [2025/12/28 06:23] – phong2018
+++ wiki:aws [2025/12/28 07:50] (current) – phong2018
@@ Line 1: / Line 1: @@
-AWS
+====== AWS (Amazon Web Services) ======
-Là gì: Nền tảng cloud của Amazon.
+**What it is:** Amazon’s *cloud* /klaʊd/ (đám mây) platform.
-Để làm gì: Xây/chạy hệ thống mà không tự vận hành phần cứng.
+**What it’s for:** Build and run systems without managing physical hardware; many services are *managed* /ˈmænɪdʒd/ (được nhà cung cấp vận hành hộ).
-Từ khó:
+**Hard words (English + IPA + Vietnamese meaning):**
+  * *cloud* /klaʊd/: đám mây (hạ tầng qua Internet)
+  * *managed* /ˈmænɪdʒd/: được vận hành hộ
+  * *scalability* /ˌskeɪləˈbɪləti/: khả năng mở rộng
+  * *availability* /əˌveɪləˈbɪləti/: tính sẵn sàng
-cloud /klaʊd/: đám mây (hạ tầng qua Internet)
+===== Keyword Tree (click to open each child page) =====
-managed /ˈmænɪdʒd/: được nhà cung cấp vận hành hộ
+==== 1) Global Infrastructure ====
+  * [[aws:global:region|Region]]
+    * [[aws:global:regional-vs-global-services|Regional vs Global Services]]
+  * [[aws:global:availability-zone|Availability Zone (AZ)]]
+    * [[aws:global:multi-az|Multi-AZ]]
+    * [[aws:global:fault-isolation|Fault Isolation]]
+  * [[aws:global:edge-location|Edge Location]]
+    * [[aws:global:cloudfront|CloudFront (CDN)]]
-Từ khoá con (nhánh học theo cây):
+==== 2) Security, Identity & Access ====
+  * [[aws:security:iam|IAM (Identity and Access Management)]]
+    * [[aws:security:iam:user|IAM User]]
+    * [[aws:security:iam:group|IAM Group]]
+    * [[aws:security:iam:role|IAM Role]]
+    * [[aws:security:iam:policy|IAM Policy]]
+    * [[aws:security:iam:sts|STS (Security Token Service)]]
+    * [[aws:security:iam:assume-role|AssumeRole]]
+    * [[aws:security:iam:permission-boundary|Permission Boundary]]
+    * [[aws:security:iam:least-privilege|Least Privilege]]
+  * [[aws:security:mfa|MFA (Multi-Factor Authentication)]]
+  * [[aws:security:kms|KMS (Key Management Service)]]
+    * [[aws:security:kms:cmk|Customer Managed Key (CMK)]]
+    * [[aws:security:kms:key-policy|Key Policy]]
+  * [[aws:security:secrets-manager|Secrets Manager]]
+    * [[aws:security:secrets-manager:rotation|Secret Rotation]]
+  * [[aws:security:ssm-parameter-store|SSM Parameter Store]]
+  * [[aws:security:cloudtrail|CloudTrail (Audit Logs)]]
-Global Infrastructure (Hạ tầng toàn cầu)
+==== 3) Networking ====
+  * [[aws:network:vpc|VPC (Virtual Private Cloud)]]
+    * [[aws:network:subnet|Subnet]]
+      * [[aws:network:public-subnet|Public Subnet]]
+      * [[aws:network:private-subnet|Private Subnet]]
+    * [[aws:network:route-table|Route Table]]
+    * [[aws:network:internet-gateway|Internet Gateway (IGW)]]
+    * [[aws:network:nat-gateway|NAT Gateway]]
+    * [[aws:network:security-group|Security Group]]
+    * [[aws:network:nacl|Network ACL (NACL)]]
+    * [[aws:network:vpc-endpoint|VPC Endpoint]]
+  * [[aws:network:route53|Route 53 (DNS)]]
+    * [[aws:network:route53:routing-policies|Routing Policies]]
+  * [[aws:network:elb|Elastic Load Balancing (ELB)]]
+    * [[aws:network:elb:alb|Application Load Balancer (ALB)]]
+    * [[aws:network:elb:nlb|Network Load Balancer (NLB)]]
+    * [[aws:network:elb:health-check|Health Check]]
-Region /ˈriːdʒən/: khu vực đặt dịch vụ
+==== 4) Compute ====
+  * [[aws:compute:ec2|EC2 (Elastic Compute Cloud)]]
+    * [[aws:compute:ec2:instance-type|Instance Type]]
+    * [[aws:compute:ec2:ami|AMI (Amazon Machine Image)]]
+    * [[aws:compute:ec2:key-pair|Key Pair]]
+    * [[aws:compute:ec2:user-data|User Data]]
+    * [[aws:compute:ec2:instance-profile|Instance Profile]]
+  * [[aws:compute:auto-scaling|Auto Scaling]]
+    * [[aws:compute:auto-scaling:asg|Auto Scaling Group (ASG)]]
+    * [[aws:compute:auto-scaling:scaling-policy|Scaling Policy]]
+  * [[aws:compute:lambda|Lambda]]
+    * [[aws:compute:lambda:triggers|Triggers]]
+    * [[aws:compute:lambda:concurrency|Concurrency]]
+  * [[aws:compute:api-gateway|API Gateway]]
+  * [[aws:compute:step-functions|Step Functions]]
-Availability Zone (AZ) /əˌveɪləˈbɪləti zoʊn/: vùng khả dụng
+==== 5) Storage ====
+  * [[aws:storage:s3|S3 (Simple Storage Service)]]
+    * [[aws:storage:s3:bucket|Bucket]]
+    * [[aws:storage:s3:object|Object]]
+    * [[aws:storage:s3:storage-classes|Storage Classes]]
+    * [[aws:storage:s3:versioning|Versioning]]
+    * [[aws:storage:s3:lifecycle|Lifecycle Rules]]
+    * [[aws:storage:s3:encryption|Encryption (SSE-S3, SSE-KMS)]]
+    * [[aws:storage:s3:bucket-policy|Bucket Policy]]
+    * [[aws:storage:s3:pre-signed-url|Pre-signed URL]]
+  * [[aws:storage:ebs|EBS (Elastic Block Store)]]
+    * [[aws:storage:ebs:snapshot|Snapshot]]
+    * [[aws:storage:ebs:volume-types|Volume Types (gp3, io2, st1, sc1)]]
+  * [[aws:storage:efs|EFS (Elastic File System)]]
+  * [[aws:storage:glacier|S3 Glacier]]
-Edge Location /edʒ loʊˈkeɪʃn/: điểm biên (cache/CDN)
+==== 6) Database ====
+  * [[aws:database:rds|RDS (Relational Database Service)]]
+    * [[aws:database:rds:multi-az|Multi-AZ]]
+    * [[aws:database:rds:read-replica|Read Replica]]
+    * [[aws:database:rds:backup|Automated Backups]]
+  * [[aws:database:aurora|Aurora]]
+    * [[aws:database:aurora:cluster|Aurora Cluster]]
+    * [[aws:database:aurora:replicas|Aurora Replicas]]
+  * [[aws:database:dynamodb|DynamoDB]]
+    * [[aws:database:dynamodb:partition-key|Partition Key]]
+    * [[aws:database:dynamodb:sort-key|Sort Key]]
+    * [[aws:database:dynamodb:gsi|Global Secondary Index (GSI)]]
+    * [[aws:database:dynamodb:lsi|Local Secondary Index (LSI)]]
+    * [[aws:database:dynamodb:streams|DynamoDB Streams]]
+  * [[aws:database:elasticache|ElastiCache]]
+    * [[aws:database:elasticache:redis|Redis]]
+    * [[aws:database:elasticache:memcached|Memcached]]
-Security, Identity & Access (Bảo mật & truy cập)
+==== 7) Containers ====
+  * [[aws:containers:ecr|ECR (Elastic Container Registry)]]
+  * [[aws:containers:ecs|ECS (Elastic Container Service)]]
+    * [[aws:containers:ecs:task-definition|Task Definition]]
+    * [[aws:containers:ecs:service|Service]]
+    * [[aws:containers:ecs:cluster|Cluster]]
+  * [[aws:containers:eks|EKS (Elastic Kubernetes Service)]]
+    * [[aws:containers:eks:cluster|Cluster]]
+    * [[aws:containers:eks:nodegroup|Node Group]]
+    * [[aws:containers:eks:pod|Pod]]
+    * [[aws:containers:eks:service-account|Service Account]]
+    * [[aws:containers:eks:irsa|IRSA (IAM Roles for Service Accounts)]]
+    * [[aws:containers:eks:oidc|OIDC Provider]]
+  * [[aws:containers:fargate|Fargate]]
-IAM /aɪˈæm/: quản lý danh tính & quyền
+==== 8) Management & Monitoring ====
+  * [[aws:ops:cloudwatch|CloudWatch]]
+    * [[aws:ops:cloudwatch:logs|Logs]]
+    * [[aws:ops:cloudwatch:metrics|Metrics]]
+    * [[aws:ops:cloudwatch:alarms|Alarms]]
+  * [[aws:ops:cloudformation|CloudFormation]]
+    * [[aws:ops:cloudformation:stack|Stack]]
+    * [[aws:ops:cloudformation:change-set|Change Set]]
+  * [[aws:ops:ssm|Systems Manager (SSM)]]
+    * [[aws:ops:ssm:session-manager|Session Manager]]
+    * [[aws:ops:ssm:patch-manager|Patch Manager]]
+    * [[aws:ops:ssm:run-command|Run Command]]
+  * [[aws:ops:trusted-advisor|Trusted Advisor]]
-Policy /ˈpɑːləsi/: chính sách quyền
+==== 9) Cost & Billing ====
+  * [[aws:cost:pricing|Pricing Models]]
+    * [[aws:cost:on-demand|On-Demand]]
+    * [[aws:cost:reserved-instances|Reserved Instances]]
+    * [[aws:cost:savings-plans|Savings Plans]]
+    * [[aws:cost:spot|Spot Instances]]
+    * [[aws:cost:free-tier|Free Tier]]
+  * [[aws:cost:budgets|Budgets]]
+  * [[aws:cost:cost-explorer|Cost Explorer]]
+  * [[aws:cost:cost-allocation-tags|Cost Allocation Tags]]
-Role /roʊl/: vai trò/quyền tạm thời cho service
+==== 10) DevTools & CI/CD ====
+  * [[aws:devtools:codecommit|CodeCommit]]
+  * [[aws:devtools:codebuild|CodeBuild]]
+  * [[aws:devtools:codepipeline|CodePipeline]]
+  * [[aws:devtools:codedeploy|CodeDeploy]]
-MFA /ˌem ef ˈeɪ/: xác thực nhiều yếu tố
+===== Hard Words (mini glossary) =====
+  * *identity* /aɪˈdentəti/: danh tính
+  * *authorization* /ˌɔːθərəˈzeɪʃn/: cấp quyền
+  * *authentication* /ɔːˌθentɪˈkeɪʃn/: xác thực
+  * *encryption* /ɪnˈkrɪpʃən/: mã hóa
+  * *throughput* /ˈθruːpʊt/: thông lượng
+  * *latency* /ˈleɪtənsi/: độ trễ
+  * *durability* /ˌdʊrəˈbɪləti/: độ bền dữ liệu
+  * *orchestrate* /ˈɔːrkəstreɪt/: điều phối
+  * *serverless* /ˈsɝːvərləs/: không quản lý server
-KMS /keɪ em ɛs/: quản lý khóa mã hóa
-Secrets Manager /ˈsiːkrəts ˈmænɪdʒər/: quản lý bí mật
-CloudTrail /klaʊd treɪl/: log audit API
-Networking (Mạng)
-VPC /ˌviː piː ˈsiː/: mạng riêng ảo
-Subnet /ˈsʌbˌnet/: mạng con
-Route Table /ruːt ˈteɪbl/: bảng định tuyến
-Internet Gateway (IGW) /ˈɪntərnɛt ˈɡeɪtweɪ/: cổng ra Internet
-NAT Gateway /næt ˈɡeɪtweɪ/: private subnet đi ra ngoài
-Security Group /sɪˈkjʊrəti ɡruːp/: firewall mức instance
-NACL /ˈnækəl/: firewall mức subnet
-Route 53 /ruːt ˌfɪfti ˈθriː/: DNS
-Compute (Chạy ứng dụng)
-EC2 /ˌiː siː ˈtuː/: máy chủ ảo
-Auto Scaling /ˌɔːtoʊ ˈskeɪlɪŋ/: tự tăng/giảm server
-ELB (Load Balancer) /loʊd ˈbælənsər/: cân bằng tải
-Lambda /ˈlæmdə/: chạy code serverless
-Storage (Lưu trữ)
-S3 /ˌɛs ˈθriː/: lưu file dạng object
-EBS /ˌiː biː ˈɛs/: ổ đĩa gắn EC2
-EFS /ˌiː ɛf ˈɛs/: file system dùng chung
-Database (CSDL)
-RDS /ˌɑːr diː ˈɛs/: DB quan hệ managed
-Aurora /əˈrɔːrə/: DB hiệu năng cao (MySQL/Postgres compatible)
-DynamoDB /ˌdaɪnəmoʊ ˌdiː biː/: NoSQL serverless
-ElastiCache /ɪˈlæstɪ kæʃ/: cache Redis/Memcached
-Containers (Container & Kubernetes)
-ECR /ˌiː siː ˈɑːr/: kho Docker image
-ECS /ˌiː siː ˈɛs/: chạy container managed
-EKS /ˌiː keɪ ˈɛs/: Kubernetes managed
-Fargate /ˈfɑːrɡeɪt/: chạy container không quản node
-Management & Monitoring (Vận hành & giám sát)
-CloudWatch /klaʊd wɑːtʃ/: logs/metrics/alarms
-CloudFormation /klaʊd fɔːrˈmeɪʃn/: IaC tạo hạ tầng bằng template
-Systems Manager (SSM) /ˈsɪstəmz ˈmænɪdʒər/: quản trị server, Parameter Store
-Cost & Billing (Chi phí)
-Pricing model /ˈpraɪsɪŋ ˈmɑːdl/: mô hình tính phí
-Free Tier /friː tɪr/: gói miễn phí
-Cost Explorer /kɔːst ɪkˈsplɔːrər/: phân tích chi phí
-Budgets /ˈbʌdʒɪts/: đặt ngưỡng cảnh báo chi phí