| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| wiki:aws [2025/12/28 06:25] – phong2018 | wiki:aws [2025/12/28 07:50] (current) – phong2018 |
|---|
| ====== AWS (Amazon Web Services) ====== | ====== AWS (Amazon Web Services) ====== |
| |
| **Là gì:** Nền tảng *cloud* /klaʊd/ (đám mây) của Amazon. | **What it is:** Amazon’s *cloud* /klaʊd/ (đám mây) platform. |
| |
| **Để làm gì:** Xây/chạy hệ thống mà không tự vận hành phần cứng; dùng dịch vụ *managed* /ˈmænɪdʒd/ (được vận hành hộ). | **What it’s for:** Build and run systems without managing physical hardware; many services are *managed* /ˈmænɪdʒd/ (được nhà cung cấp vận hành hộ). |
| |
| **Từ khó:** | **Hard words (English + IPA + Vietnamese meaning):** |
| * *cloud* /klaʊd/: đám mây (hạ tầng qua Internet) | * *cloud* /klaʊd/: đám mây (hạ tầng qua Internet) |
| * *managed* /ˈmænɪdʒd/: được nhà cung cấp vận hành hộ | * *managed* /ˈmænɪdʒd/: được vận hành hộ |
| * *scalability* /ˌskeɪləˈbɪləti/: khả năng mở rộng | * *scalability* /ˌskeɪləˈbɪləti/: khả năng mở rộng |
| * *availability* /əˌveɪləˈbɪləti/: tính sẵn sàng | * *availability* /əˌveɪləˈbɪləti/: tính sẵn sàng |
| |
| ===== Cây keywords (click để vào trang con) ===== | ===== Keyword Tree (click to open each child page) ===== |
| |
| ==== 1) Global Infrastructure (Hạ tầng toàn cầu) ==== | ==== 1) Global Infrastructure ==== |
| * [[aws:global:region|Region]] — khu vực địa lý đặt dịch vụ | * [[aws:global:region|Region]] |
| * [[aws:global:regional-vs-global-services|Regional vs Global services]] — dịch vụ theo vùng vs toàn cầu | * [[aws:global:regional-vs-global-services|Regional vs Global Services]] |
| * [[aws:global:availability-zone|Availability Zone (AZ)]] — cụm DC độc lập trong Region | * [[aws:global:availability-zone|Availability Zone (AZ)]] |
| * [[aws:global:multi-az|Multi-AZ]] — triển khai dự phòng nhiều AZ (*failover* /ˈfeɪlˌoʊvər/: chuyển dự phòng) | * [[aws:global:multi-az|Multi-AZ]] |
| * [[aws:global:edge-location|Edge Location]] — điểm biên tăng tốc nội dung (*cache* /kæʃ/: bộ nhớ đệm) | * [[aws:global:fault-isolation|Fault Isolation]] |
| * [[aws:global:cloudfront|CloudFront]] — CDN (*content delivery network* /ˈkɑːntent dɪˈlɪvəri ˈnetwɝːk/: mạng phân phối nội dung) | * [[aws:global:edge-location|Edge Location]] |
| | * [[aws:global:cloudfront|CloudFront (CDN)]] |
| |
| ==== 2) Security, Identity & Access (Bảo mật & truy cập) ==== | ==== 2) Security, Identity & Access ==== |
| * [[aws:security:iam|IAM]] — quản lý danh tính & quyền | * [[aws:security:iam|IAM (Identity and Access Management)]] |
| * [[aws:security:iam:user|IAM User]] — user đăng nhập | * [[aws:security:iam:user|IAM User]] |
| * [[aws:security:iam:group|IAM Group]] — nhóm user | * [[aws:security:iam:group|IAM Group]] |
| * [[aws:security:iam:role|IAM Role]] — quyền tạm thời (*assume* /əˈsuːm/: nhận quyền) | * [[aws:security:iam:role|IAM Role]] |
| * [[aws:security:iam:policy|IAM Policy]] — luật quyền (*permission* /pərˈmɪʃn/: quyền) | * [[aws:security:iam:policy|IAM Policy]] |
| * [[aws:security:iam:rbac-vs-iam|IAM vs RBAC]] — phân biệt quyền AWS vs Kubernetes | * [[aws:security:iam:sts|STS (Security Token Service)]] |
| * [[aws:security:iam:sts|STS]] — cấp *temporary credentials* /ˈtɛmpəˌrɛri krəˈdɛnʃəlz/: thông tin đăng nhập tạm | * [[aws:security:iam:assume-role|AssumeRole]] |
| * [[aws:security:iam:permission-boundary|Permission Boundary]] — “trần” quyền tối đa | * [[aws:security:iam:permission-boundary|Permission Boundary]] |
| * [[aws:security:mfa|MFA]] — xác thực nhiều yếu tố (*multi-factor* /ˌmʌlti ˈfæktər/: đa yếu tố) | * [[aws:security:iam:least-privilege|Least Privilege]] |
| * [[aws:security:kms|KMS]] — quản lý khóa mã hóa (*encryption* /ɪnˈkrɪpʃən/: mã hóa) | * [[aws:security:mfa|MFA (Multi-Factor Authentication)]] |
| * [[aws:security:kms:cmk|Customer Managed Key (CMK)]] — khóa do bạn quản | * [[aws:security:kms|KMS (Key Management Service)]] |
| * [[aws:security:kms:key-policy|Key Policy]] — policy cho khóa | * [[aws:security:kms:cmk|Customer Managed Key (CMK)]] |
| * [[aws:security:secrets-manager|Secrets Manager]] — lưu secret (DB pass, API key) | * [[aws:security:kms:key-policy|Key Policy]] |
| * [[aws:security:secrets-manager:rotation|Rotation]] — xoay vòng secret (*rotate* /roʊˈteɪt/: xoay) | * [[aws:security:secrets-manager|Secrets Manager]] |
| * [[aws:security:ssm-parameter-store|SSM Parameter Store]] — lưu config/secret dạng parameter | * [[aws:security:secrets-manager:rotation|Secret Rotation]] |
| * [[aws:security:cloudtrail|CloudTrail]] — log audit API call (*audit* /ˈɔːdɪt/: kiểm toán) | * [[aws:security:ssm-parameter-store|SSM Parameter Store]] |
| | * [[aws:security:cloudtrail|CloudTrail (Audit Logs)]] |
| |
| ==== 3) Networking (Mạng) ==== | ==== 3) Networking ==== |
| * [[aws:network:vpc|VPC]] — mạng riêng ảo (*virtual* /ˈvɝːtʃuəl/: ảo) | * [[aws:network:vpc|VPC (Virtual Private Cloud)]] |
| * [[aws:network:subnet|Subnet]] — mạng con | * [[aws:network:subnet|Subnet]] |
| * [[aws:network:public-subnet|Public Subnet]] — có đường ra Internet | * [[aws:network:public-subnet|Public Subnet]] |
| * [[aws:network:private-subnet|Private Subnet]] — nội bộ (thường cho DB) | * [[aws:network:private-subnet|Private Subnet]] |
| * [[aws:network:route-table|Route Table]] — bảng định tuyến | * [[aws:network:route-table|Route Table]] |
| * [[aws:network:internet-gateway|Internet Gateway (IGW)]] — cổng ra/vào Internet | * [[aws:network:internet-gateway|Internet Gateway (IGW)]] |
| * [[aws:network:nat-gateway|NAT Gateway]] — private subnet “đi ra” Internet (*egress* /ˈiːɡres/: lưu lượng đi ra) | * [[aws:network:nat-gateway|NAT Gateway]] |
| * [[aws:network:security-group|Security Group]] — firewall mức instance (*stateful* /ˈsteɪtfəl/: có trạng thái) | * [[aws:network:security-group|Security Group]] |
| * [[aws:network:nacl|NACL]] — firewall mức subnet (*stateless* /ˈsteɪtləs/: không trạng thái) | * [[aws:network:nacl|Network ACL (NACL)]] |
| * [[aws:network:vpc-endpoint|VPC Endpoint]] — truy cập S3/DynamoDB private không qua Internet | * [[aws:network:vpc-endpoint|VPC Endpoint]] |
| * [[aws:network:route53|Route 53]] — DNS | * [[aws:network:route53|Route 53 (DNS)]] |
| * [[aws:network:route53:routing-policies|Routing Policies]] — latency/weighted/failover/geo | * [[aws:network:route53:routing-policies|Routing Policies]] |
| * [[aws:network:elb|ELB (Elastic Load Balancing)]] — cân bằng tải | * [[aws:network:elb|Elastic Load Balancing (ELB)]] |
| * [[aws:network:elb:alb|ALB]] — HTTP/HTTPS layer 7 | * [[aws:network:elb:alb|Application Load Balancer (ALB)]] |
| * [[aws:network:elb:nlb|NLB]] — TCP/UDP layer 4 | * [[aws:network:elb:nlb|Network Load Balancer (NLB)]] |
| * [[aws:network:elb:health-check|Health Check]] — kiểm tra sống | * [[aws:network:elb:health-check|Health Check]] |
| |
| ==== 4) Compute (Chạy ứng dụng) ==== | ==== 4) Compute ==== |
| * [[aws:compute:ec2|EC2]] — máy chủ ảo | * [[aws:compute:ec2|EC2 (Elastic Compute Cloud)]] |
| * [[aws:compute:ec2:instance-type|Instance Type]] — cấu hình máy | * [[aws:compute:ec2:instance-type|Instance Type]] |
| * [[aws:compute:ec2:ami|AMI]] — ảnh máy (*image* /ˈɪmɪdʒ/: ảnh hệ thống) | * [[aws:compute:ec2:ami|AMI (Amazon Machine Image)]] |
| * [[aws:compute:ec2:ebs|EBS Volume]] — ổ đĩa gắn EC2 | * [[aws:compute:ec2:key-pair|Key Pair]] |
| * [[aws:compute:ec2:security|EC2 Security]] — SG, key pair | * [[aws:compute:ec2:user-data|User Data]] |
| * [[aws:compute:ec2:userdata|User Data]] — script khởi tạo | * [[aws:compute:ec2:instance-profile|Instance Profile]] |
| * [[aws:compute:auto-scaling|Auto Scaling]] — tự tăng/giảm số lượng EC2 | * [[aws:compute:auto-scaling|Auto Scaling]] |
| * [[aws:compute:auto-scaling:asg|Auto Scaling Group (ASG)]] — nhóm scale | * [[aws:compute:auto-scaling:asg|Auto Scaling Group (ASG)]] |
| * [[aws:compute:auto-scaling:scaling-policy|Scaling Policy]] — luật scale | * [[aws:compute:auto-scaling:scaling-policy|Scaling Policy]] |
| * [[aws:compute:lambda|Lambda]] — chạy code serverless theo event | * [[aws:compute:lambda|Lambda]] |
| * [[aws:compute:lambda:triggers|Triggers]] — nguồn kích hoạt | * [[aws:compute:lambda:triggers|Triggers]] |
| * [[aws:compute:lambda:concurrency|Concurrency]] — song song (*concurrency* /kənˈkɝːənsi/: đồng thời) | * [[aws:compute:lambda:concurrency|Concurrency]] |
| | * [[aws:compute:api-gateway|API Gateway]] |
| | * [[aws:compute:step-functions|Step Functions]] |
| |
| ==== 5) Storage (Lưu trữ) ==== | ==== 5) Storage ==== |
| * [[aws:storage:s3|S3]] — object storage | * [[aws:storage:s3|S3 (Simple Storage Service)]] |
| * [[aws:storage:s3:bucket|Bucket]] — thùng chứa | * [[aws:storage:s3:bucket|Bucket]] |
| * [[aws:storage:s3:object|Object]] — file + metadata | * [[aws:storage:s3:object|Object]] |
| * [[aws:storage:s3:storage-classes|Storage Classes]] — Standard/IA/Glacier… | * [[aws:storage:s3:storage-classes|Storage Classes]] |
| * [[aws:storage:s3:versioning|Versioning]] — phiên bản file | * [[aws:storage:s3:versioning|Versioning]] |
| * [[aws:storage:s3:lifecycle|Lifecycle]] — tự chuyển lớp/lưu trữ | * [[aws:storage:s3:lifecycle|Lifecycle Rules]] |
| * [[aws:storage:s3:encryption|Encryption]] — SSE-S3/SSE-KMS… | * [[aws:storage:s3:encryption|Encryption (SSE-S3, SSE-KMS)]] |
| * [[aws:storage:s3:policy|Bucket Policy]] — policy cho bucket | * [[aws:storage:s3:bucket-policy|Bucket Policy]] |
| * [[aws:storage:ebs|EBS]] — block storage gắn EC2 | * [[aws:storage:s3:pre-signed-url|Pre-signed URL]] |
| * [[aws:storage:ebs:snapshot|Snapshot]] — bản chụp | * [[aws:storage:ebs|EBS (Elastic Block Store)]] |
| * [[aws:storage:efs|EFS]] — file system dùng chung (NFS) | * [[aws:storage:ebs:snapshot|Snapshot]] |
| | * [[aws:storage:ebs:volume-types|Volume Types (gp3, io2, st1, sc1)]] |
| | * [[aws:storage:efs|EFS (Elastic File System)]] |
| | * [[aws:storage:glacier|S3 Glacier]] |
| |
| ==== 6) Database (Cơ sở dữ liệu) ==== | ==== 6) Database ==== |
| * [[aws:database:rds|RDS]] — DB quan hệ managed | * [[aws:database:rds|RDS (Relational Database Service)]] |
| * [[aws:database:rds:multi-az|Multi-AZ]] — HA, failover | * [[aws:database:rds:multi-az|Multi-AZ]] |
| * [[aws:database:rds:read-replica|Read Replica]] — bản sao đọc | * [[aws:database:rds:read-replica|Read Replica]] |
| * [[aws:database:rds:backup|Backup & Restore]] — sao lưu/khôi phục | * [[aws:database:rds:backup|Automated Backups]] |
| * [[aws:database:aurora|Aurora]] — MySQL/Postgres compatible, hiệu năng cao | * [[aws:database:aurora|Aurora]] |
| * [[aws:database:aurora:cluster|Aurora Cluster]] — cụm DB | * [[aws:database:aurora:cluster|Aurora Cluster]] |
| * [[aws:database:dynamodb|DynamoDB]] — NoSQL serverless | * [[aws:database:aurora:replicas|Aurora Replicas]] |
| * [[aws:database:dynamodb:partition-key|Partition Key]] — khóa phân vùng | * [[aws:database:dynamodb|DynamoDB]] |
| * [[aws:database:dynamodb:sort-key|Sort Key]] — khóa sắp xếp | * [[aws:database:dynamodb:partition-key|Partition Key]] |
| * [[aws:database:dynamodb:gsi|GSI]] — index phụ (*index* /ˈɪndeks/: chỉ mục) | * [[aws:database:dynamodb:sort-key|Sort Key]] |
| * [[aws:database:elasticache|ElastiCache]] — cache Redis/Memcached | * [[aws:database:dynamodb:gsi|Global Secondary Index (GSI)]] |
| * [[aws:database:elasticache:redis|Redis]] — cache/key-value in-memory | * [[aws:database:dynamodb:lsi|Local Secondary Index (LSI)]] |
| * [[aws:database:elasticache:memcached|Memcached]] — cache đơn giản | * [[aws:database:dynamodb:streams|DynamoDB Streams]] |
| | * [[aws:database:elasticache|ElastiCache]] |
| | * [[aws:database:elasticache:redis|Redis]] |
| | * [[aws:database:elasticache:memcached|Memcached]] |
| |
| ==== 7) Containers (Container & Kubernetes) ==== | ==== 7) Containers ==== |
| * [[aws:containers:ecr|ECR]] — kho Docker image | * [[aws:containers:ecr|ECR (Elastic Container Registry)]] |
| * [[aws:containers:ecs|ECS]] — chạy container managed | * [[aws:containers:ecs|ECS (Elastic Container Service)]] |
| * [[aws:containers:ecs:task-definition|Task Definition]] — định nghĩa container | * [[aws:containers:ecs:task-definition|Task Definition]] |
| * [[aws:containers:ecs:service|Service]] — chạy lâu dài + scale | * [[aws:containers:ecs:service|Service]] |
| * [[aws:containers:eks|EKS]] — Kubernetes managed | * [[aws:containers:ecs:cluster|Cluster]] |
| * [[aws:containers:eks:cluster|Cluster]] — cụm K8s | * [[aws:containers:eks|EKS (Elastic Kubernetes Service)]] |
| * [[aws:containers:eks:nodegroup|Node Group]] — nhóm node | * [[aws:containers:eks:cluster|Cluster]] |
| * [[aws:containers:eks:service-account|Service Account]] — danh tính trong K8s | * [[aws:containers:eks:nodegroup|Node Group]] |
| * [[aws:containers:eks:irsa|IRSA]] — IAM Roles for Service Accounts (đúng least privilege) | * [[aws:containers:eks:pod|Pod]] |
| * [[aws:containers:eks:oidc|OIDC Provider]] — liên kết nhận dạng (*OIDC* /oʊ aɪ diː siː/: OpenID Connect) | * [[aws:containers:eks:service-account|Service Account]] |
| * [[aws:containers:fargate|Fargate]] — chạy container không quản node | * [[aws:containers:eks:irsa|IRSA (IAM Roles for Service Accounts)]] |
| | * [[aws:containers:eks:oidc|OIDC Provider]] |
| | * [[aws:containers:fargate|Fargate]] |
| |
| ==== 8) Management & Monitoring (Vận hành & giám sát) ==== | ==== 8) Management & Monitoring ==== |
| * [[aws:ops:cloudwatch|CloudWatch]] — logs/metrics/alarms | * [[aws:ops:cloudwatch|CloudWatch]] |
| * [[aws:ops:cloudwatch:logs|Logs]] — log | * [[aws:ops:cloudwatch:logs|Logs]] |
| * [[aws:ops:cloudwatch:metrics|Metrics]] — chỉ số | * [[aws:ops:cloudwatch:metrics|Metrics]] |
| * [[aws:ops:cloudwatch:alarms|Alarms]] — cảnh báo | * [[aws:ops:cloudwatch:alarms|Alarms]] |
| * [[aws:ops:cloudformation|CloudFormation]] — IaC template | * [[aws:ops:cloudformation|CloudFormation]] |
| * [[aws:ops:cloudformation:stacks|Stacks]] — “bộ” tài nguyên | * [[aws:ops:cloudformation:stack|Stack]] |
| * [[aws:ops:ssm|Systems Manager (SSM)]] — quản trị server | * [[aws:ops:cloudformation:change-set|Change Set]] |
| * [[aws:ops:ssm:session-manager|Session Manager]] — SSH không cần mở port 22 | * [[aws:ops:ssm|Systems Manager (SSM)]] |
| * [[aws:ops:ssm:patch-manager|Patch Manager]] — vá OS (*patch* /pætʃ/: bản vá) | * [[aws:ops:ssm:session-manager|Session Manager]] |
| | * [[aws:ops:ssm:patch-manager|Patch Manager]] |
| | * [[aws:ops:ssm:run-command|Run Command]] |
| | * [[aws:ops:trusted-advisor|Trusted Advisor]] |
| |
| ==== 9) Cost & Billing (Chi phí) ==== | ==== 9) Cost & Billing ==== |
| * [[aws:cost:pricing|Pricing]] — cách tính tiền | * [[aws:cost:pricing|Pricing Models]] |
| * [[aws:cost:free-tier|Free Tier]] — gói miễn phí | * [[aws:cost:on-demand|On-Demand]] |
| * [[aws:cost:on-demand|On-Demand]] — trả theo dùng | * [[aws:cost:reserved-instances|Reserved Instances]] |
| * [[aws:cost:reserved-instances|Reserved Instances]] — đặt trước giảm giá | * [[aws:cost:savings-plans|Savings Plans]] |
| * [[aws:cost:savings-plans|Savings Plans]] — cam kết chi tiêu | * [[aws:cost:spot|Spot Instances]] |
| * [[aws:cost:budgets|Budgets]] — đặt ngưỡng cảnh báo | * [[aws:cost:free-tier|Free Tier]] |
| * [[aws:cost:cost-explorer|Cost Explorer]] — phân tích chi phí | * [[aws:cost:budgets|Budgets]] |
| | * [[aws:cost:cost-explorer|Cost Explorer]] |
| | * [[aws:cost:cost-allocation-tags|Cost Allocation Tags]] |
| |
| ==== 10) DevTools & CI/CD (Công cụ phát triển) ==== | ==== 10) DevTools & CI/CD ==== |
| * [[aws:devtools:codecommit|CodeCommit]] — Git repo | * [[aws:devtools:codecommit|CodeCommit]] |
| * [[aws:devtools:codebuild|CodeBuild]] — build | * [[aws:devtools:codebuild|CodeBuild]] |
| * [[aws:devtools:codepipeline|CodePipeline]] — pipeline CI/CD | * [[aws:devtools:codepipeline|CodePipeline]] |
| * [[aws:devtools:codedeploy|CodeDeploy]] — deploy | * [[aws:devtools:codedeploy|CodeDeploy]] |
| |
| ===== Trang từ vựng (tùy chọn) ===== | ===== Hard Words (mini glossary) ===== |
| * [[aws:glossary|Glossary]] — tổng hợp từ khó + IPA | * *identity* /aɪˈdentəti/: danh tính |
| | * *authorization* /ˌɔːθərəˈzeɪʃn/: cấp quyền |
| ===== Gợi ý đặt tên trang (để link chạy đúng) ===== | * *authentication* /ɔːˌθentɪˈkeɪʃn/: xác thực |
| * Root: ''aws:start'' | * *encryption* /ɪnˈkrɪpʃən/: mã hóa |
| * Nhánh: ''aws:security:iam'' , ''aws:network:vpc'' , ''aws:containers:eks'' ... | * *throughput* /ˈθruːpʊt/: thông lượng |
| * Trang con sâu: ''aws:containers:eks:irsa'' , ''aws:database:dynamodb:gsi'' ... | * *latency* /ˈleɪtənsi/: độ trễ |
| | * *durability* /ˌdʊrəˈbɪləti/: độ bền dữ liệu |
| | * *orchestrate* /ˈɔːrkəstreɪt/: điều phối |
| | * *serverless* /ˈsɝːvərləs/: không quản lý server |
| |
