Quick, searchable comparisons of common AWS topics. Use the chips or type to filter. Click a section to collapse/expand.
1) Security Group vs Network ACL
Comparison
| Feature | Security Group | Network ACL |
|---|---|---|
| Applied at | Instance (ENI) Level | Subnet Level |
| State | Stateful - Response is always allowed | Stateless - Request and Response both have to be allowed |
| Default Rules (Default SG/NACL) | - All inbound is allowed from the same SG - All outbound is Allowed | - All inbound is Allowed - All outbound is Allowed |
| Default Rules (New SG/NACL) | - All Inbound is Deny - All outbound is Allowed | - All inbound is Deny - All outbound is Deny |
| Assignment | 1 Instance can have many SG assigned | 1 Subnet can have only 1 NACL |
| Rule Types | Only allow statements | Allow and Deny both statements |
| Rule Order | Order is not important | Order is important (lower order rule is applied first) |
| Source/Destination | Source - IP / IP Range / Port / SG-<xxxxxxxx> | Source - IP / Port / IP Range |
2) VPC Endpoints: Gateway vs Interface
Comparison
| Feature | Gateway Endpoint | Interface Endpoint |
|---|---|---|
| Used for | Private connectivity to Amazon S3 and Amazon DynamoDB | Private connectivity to 100+ AWS Services (including Amazon S3) |
| How it works | An entry for prefix list (IP addresses) for supported services is added in to the routing table | An ENI(s) is provisioned in the selected subnet(s) which serves as an entry point for traffic destined to a supported service (powered by AWS PrivateLink) |
| Provisioned at | VPC Level then entry added to Route Table | Subnet Level (no entry required in Route Table) |
| Security | Through VPC Endpoint Policy | Through Security Group |
3) Storage Types: Block vs File vs Object
Comparison
| Feature | Block Storage | File Storage | Object Storage |
|---|---|---|---|
| Unit of Transaction | Blocks | Files | Objects (files with metadata) |
| Example | Laptop Disk | Windows Share | OneDrive / Google Drive / Dropbox |
| How can you update? | You can directly update the file | You can directly update the file | You cannot update the object directly. You create a new version of the object and replace the existing one or keep multiple versions of the same object |
| Protocols | SCSI, Fiber Channel, SATA | SMB, CIFS, NFS | REST/SOAP over HTTP/HTTPS |
| Support for metadata | No metadata support; only file system attributes | No metadata support; only file system attributes | Supports custom metadata |
| AWS Services | Amazon EBS; Amazon Instance Store | Amazon EFS; Amazon FSx | Amazon S3; Amazon Glacier |
4) DynamoDB Indexes: GSI vs LSI
Comparison
| Feature | Global Secondary Index (GSI) | Local Secondary Index (LSI) |
|---|---|---|
| Queries | Across all partitions | In a single partition |
| Size Limit | No size limitations | Can't exceed 10 GB |
| Provisioned throughput | Separate from table | Shares with the tables |
| Read Consistency | Only Eventual | Strong or Eventual |
| Maximum | 20 | 5 |
| Creation | Anytime | Only with table creation |
| Deletion | Anytime | Only with table deletion |
5) Connectivity: Site‑to‑Site VPN vs Direct Connect
Comparison
| Feature | Site‑to‑Site VPN | Direct Connect |
|---|---|---|
| Use case | Remote networks to VPC; no heavy transfer or strict consistency | Remote networks to VPC; heavy transfer or consistent connection |
| Choose when… | Cost is important | Predictable performance is important |
| Supported speed | ~1.25 Gbps per tunnel | 1 / 10 / 100 Gbps (sub‑1 Gbps via partners) |
| How it works | Tunnel over the Internet | Dedicated network; no Internet |
| High Availability | AWS side is HA (VGW across 2 AZs) | Single connection by default |
| Encryption | IPSec | Not encrypted by default |
| Time to establish | Minutes (self‑service) | Hours/days via provider |
| Cost dimension | Per connection hour + data out | Port fees + data out |
6) RPO vs RTO
Comparison
| Aspect | RPO (Recovery Point Objective) | RTO (Recovery Time Objective) |
|---|---|---|
| Focuses on | Data loss prevention | Whole business recovery |
| Depends on | Backup Frequency | Speed of recovery |
| Describes | Maximum data loss | Maximum recovery time |
| Consideration | How often your data changes? | How much downtime you can handle? |
7) AWS KMS vs CloudHSM
Comparison
| Aspect | AWS KMS | CloudHSM |
|---|---|---|
| Scope | AES‑256, RSA encrypt; RSA/ECC sign | General‑purpose HSM (encrypt, sign/verify, derive, hash, wrap) |
| Secrets / Keys Stored in | Shared FIPS‑validated HSM | Single‑tenant FIPS HSM in customer VPC |
| HSM Controlled by | AWS | Customer |
| Scalability Managed by | AWS | Customer |
| Keys Managed by | AWS | Customer |
| Key Access by | AWS IAM / resource policies | Customer‑defined credentials |
| Integrated with AWS Services | Yes | No |
| Key Operations Implemented with | AWS CLI/SDK, Encryption SDK | Customer‑built application |
| Rotation Executed by | AWS (except BYOK/CKS) | Customer |
8) Private vs Public vs Elastic IP
Comparison
| Aspect | Private IP | Public IP | Elastic IP |
|---|---|---|---|
| Used for | Internal Communication | External Communication | External Communication |
| Mandatory / Optional | Mandatory | Optional | Optional |
| After Power Cycle | Stays same | Renewed | Stays same |
| Allocated to | Instance (ENI) | Instance (ENI) | Account (then associated) |
| Charges | No | No | Charged if unused |
9) EC2 Purchase Options
Comparison
| Option | Characteristics |
|---|---|
| On Demand | Pay per second/hour, unpredictable workload |
| Reserved Instance | 1/3‑year commitment, predictable workload, reserve Region/AZ/Type |
| Savings Plan | Commit fixed payment, flexible reservation |
| Spot Instance | Uses unused AWS capacity, supply‑demand pricing |
10) Auto Scaling in AWS
Comparison
| Aspect | EC2 Auto Scaling | AWS Auto Scaling | Application Auto Scaling |
|---|---|---|---|
| What | EC2 instance scaling | Multi‑resource scaling plans | Scaling individual AWS services beyond EC2 |
| How | Add/remove EC2 instances via ASG | Discover scalable resources and configure scaling centrally | Track metrics via CloudWatch; scale via CloudFormation |
| Which | EC2 Instances | EC2, Spot Fleets, ECS, DynamoDB, Aurora | AppStream, EMR, Neptune, SageMaker, custom |
11) ALB vs NLB
Comparison
| Aspect | ALB | NLB |
|---|---|---|
| Operates at | Layer 7 (Application) | Layer 3 (Network) |
| Routes traffic based on | Content of the packet | Header of the packet |
| Protocols | HTTP, HTTPS | TCP, UDP, TLS |
| Static & Elastic IP | No | Yes |
| Target Types | Instances, Containers, Lambda, IPs | Instances, Containers, IPs |
12) DynamoDB: Provisioned vs On‑Demand
Comparison
| Aspect | Provisioned Mode | On‑Demand Mode |
|---|---|---|
| What | Provision RCU/WCU at fixed capacity | No limit scaling, auto |
| Charges | Pay for provisioned capacity | Pay per read/write |
| Benefit | Cost control, reservation | Auto adjust to workload |
| Suitable for | Steady predictable traffic | Random unpredictable traffic |
| Floor & Ceiling | Auto Scaling setup | Scale to zero, no ceiling |
13) SNS vs SQS
Comparison
| Aspect | SNS | SQS |
|---|---|---|
| Message Persistence | No | Yes |
| Delivery Mechanism | Push (passive) | Poll (active) |
| Producer/Consumer | Publisher & Subscriber | Sender & Receiver |
| Distribution Model | One‑to‑many (1:N) | One‑to‑one (1:1) |
| Use Cases | A2A, A2P | A2A |
14) SQL vs NoSQL
Comparison
| Aspect | SQL (Optimized for Storage) | NoSQL (Optimized for Performance) |
|---|---|---|
| Data Storage | Rows & Columns | Key‑Value, Document, Wide‑column, Graph |
| Schema | Fixed | Dynamic |
| Querying | SQL | Documents/Collections |
| Scaling | Vertical | Horizontal |
| Transactions | Supported | Varies |
| Guarantees | ACID | BASE |
15) Scalability vs Elasticity
Comparison
| Aspect | Scalability | Elasticity |
|---|---|---|
| Definition | Ability to uphold functionality as volume grows | Ability to dynamically manage resources |
| Use Case | Predictable workload increase | Sudden/dynamic workload changes |
| Type | Strategic | Tactical |
| Focuses on | Design/Architecture | Operations |
| Provisioning | For future demand | For present demand |
| Consideration | Long‑term prediction | Short‑term |
| Execution | Scheduled | Triggered by automation |