aws
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAWS
AWS
Amazon Web Services (AWS) is the dominant cloud platform. In 2025, the focus is heavily on Generative AI (Bedrock, Q, Trainium chips) and Serverless Data (Aurora Limitless).
Amazon Web Services(AWS)是当前主流的云平台。2025年,其重点将大幅放在生成式AI(Bedrock、Q、Trainium芯片)和无服务器数据(Aurora Limitless)领域。
When to Use
适用场景
- Enterprise: The default choice for large-scale, compliant infrastructure.
- AI/ML: Amazon SageMaker and Bedrock provide the deepest toolset for training and inference.
- Serverless: Lambda + DynamoDB + API Gateway is the canonical serverless stack.
- 企业级场景:大规模合规基础设施的默认选择。
- AI/ML场景:Amazon SageMaker和Bedrock提供了最全面的训练与推理工具集。
- 无服务器场景:Lambda + DynamoDB + API Gateway是标准的无服务器技术栈。
Core Concepts
核心概念
VPC (Virtual Private Cloud)
VPC(Virtual Private Cloud,虚拟私有云)
Your isolated network. Subnets, Route Tables, Internet Gateways. Understanding networking is mandatory.
你的专属隔离网络,包含子网、路由表、互联网网关。理解网络相关知识是必备要求。
IAM (Identity and Access Management)
IAM(Identity and Access Management,身份与访问管理)
Global service for permissions. "Deny by default". Use Roles for services, not access keys.
用于权限管理的全局服务,遵循“默认拒绝”原则。为服务使用角色而非访问密钥。
Compute
计算服务
- EC2: Virtual Machines.
- ECS/EKS: Containers (Docker/K8s).
- Lambda: Function-as-a-Service.
- EC2:虚拟机。
- ECS/EKS:容器服务(Docker/K8s)。
- Lambda:函数即服务(Function-as-a-Service)。
Best Practices (2025)
2025年最佳实践
Do:
- Use AWS Organizations: Separate Prod, Staging, and Dev into different Accounts, not just VPCs. Limits blast radius.
- Use CDK / Terraform: Never click in the console for production resources.
- Cost Control: Enable Cost Explorer and set up Budgets/Alerts on day one.
Don't:
- Don't use Public Subnets for Apps: Put your EC2s/RDS in Private Subnets. Only Load Balancers go in Public Subnets.
建议做法:
- 使用AWS Organizations:将生产、预发布和开发环境分离到不同的_账户_中,而不仅仅是不同VPC。以此限制故障影响范围。
- 使用CDK / Terraform:生产环境资源绝不要通过控制台手动点击创建。
- 成本管控:启用Cost Explorer,并在第一天就设置预算和告警。
不建议做法:
- 不要将应用部署在公有子网:将EC2/RDS部署在私有子网中,仅将负载均衡器放在公有子网。