COMPLIANCE SERVICES AWS Data Pipeline Data workflow orchestration service that supports
multiple AWS services providing extract, transform, and
load (ETL) capabilities
AWS Config Service that enables you to continually monitor your
resources for adherence to best practices Amazon Athena Service that enables serverless querying of data stored
within Amazon S3 using standard SQL queries
AWS Artifact Portal that provides self-service access to AWS
compliance reports and agreements you may have with Amazon Quicksight Fully-managed Business Intelligence (BI) service
AWS enabling self-service data dashboards for data stored in
the cloud
Amazon GuardDuty Fully-managed service that continually monitors your
AWS account and resources for potential malicious Amazon CloudSearch Managed search service for custom applications
behavior and anomalies
IDENTITY SERVICES AI & ML SERVICES
AWS Identity and Service that controls access to AWS resources. This is Amazon Rekognition Computer vision service powered by Machine Learning
Access Management where you create IAM users, IAM groups, and roles. that can detect objects in images and video
(IAM) Policies are attached to identities for permission to
access resources. Amazon Translate Text translation service powered by Machine Learning
that can translate text (either streaming or in batch) into
Amazon Cognito User directory service for custom applications that can many different languages. It also provides language
also enable access to AWS resources for your custom detection.
applications
Amazon Transcribe Audio transcription service powered by Machine
DATA SERVICES Learning that can transcribe audio (either streaming or
in batch) in many different languages
AWS Storage Gateway Hybrid-cloud storage service that enables companies to
take advantage of cloud storage on their local networks SECURITY SERVICES
AWS DataSync Automated data transfer service that efficiently transfer AWS Shield Managed Distributed Denial of Service (DDoS)
data from your local network into AWS protection service for apps running on AWS
AWS Glue Fully-managed s erverless extract, transform, and load Amazon Macie Data classification, protection, and monitoring service
(ETL) service powered by machine learning for Amazon S3 data
Amazon EMR Big-data cloud-based tool suite using popular open Amazon Inspector Automated security assessment service for EC2
source tools including Apache Spark, Apache Hive, instances
Presto, and many others.
1
�
EC2 AND VPC CAPABILITIES DEVELOPER SERVICES
Auto Scaling Group EC2 capability that manages a group of EC2 instances AWS CodeCommit Fully-managed source control service using Git
that have rules for automated scaling and management
which includes health checks for each member of the
group AWS CodeBuild Fully-managed build and continuous integration service
on AWS
Elastic Load Balancing Service that supports routing traffic across multiple
targets including EC2 instances, Lambda functions, as
well as other targets on AWS AWS CodeDeploy Fully-managed deployment service for applications
running on Amazon EC2, AWS Fargate, AWS Lambda,
and on-premise servers
Security Groups Firewall-like controls for EC2 instances within a VPC that
controls access for inbound and outbound traffic.
Instances can have multiple security groups AWS CodePipeline Fully-managed continuous delivery service on AWS for
automating building, deploying, and testing. Integrates
with other developer services
Network Access Control for inbound and outbound traffic within a
Control Lists (ACL) specific subnet in a VPC. Traffic can be allowed or
denied based on custom rules AWS CodeStar Workflow tool for automatic creation of a continuous
delivery pipeline for a custom application using the
other developer services
AWS VPN Service that supports an encrypted tunnel into a VPC.
This can support either site-to-site (from your data
center into the VPC) or client (from a single computer
into the VPC)
AWS Secrets Manager Service that manages secrets (such as passwords, keys,
tokens, etc…) used in your custom applications on AWS.
It also supports auto-rotation of credentials on
supported AWS services
LAUNCHING PRE-DEFINED INFRASTRUCTURE ON EC2
AWS Service Catalog Service for offering your organization’s pre-defined IT
offerings to other members of your organization in a
self-service portal on AWS
AWS Marketplace Catalog of third-party software offerings that makes it
easy to launch pre-defined solutions onto your AWS
account from these vendors
2
�\
COMPUTE SERVICES Amazon CloudFront Amazon‘s global Content Delivery Network (CDN)
service that enables your users to get content from a
server that is closest to them.
Amazon EC2 Service that provides secure and resizable virtual servers
on AWS This is a global s ervice.
AWS Elastic Beanstalk Platform (PaaS) for scaling and deploying web apps and AWS Global AWS networking service that routes your traffic through
services across a specific list of technologies Accelerator the AWS global network, increasing the overall speed
through optimizations by AWS.
AWS Lambda Service that enables you to use compute resources
without having to launch or manage the underlying Elastic Load Balancing Service that enables you to distribute traffic across
infrastructure - this is leveraged in serverless multiple targets (including EC2, ECS, Lambda).
architectures
This service is commonly used in a serverless FILE STORAGE AND DATA TRANSFER SERVICES
architecture.
Amazon Simple Service that provides object storage for objects up to 5
CONTENT AND NETWORK DELIVERY SERVICES Storage Service (S3) TB in size - with no limit on the total storage
Amazon Route 53 Highly-available AWS Domain Name Service (DNS)
service that can be leveraged in creating highly S3 Glacier and Glacier Archive storage classes for Amazon S3. These are
available and fault tolerant applications. Deep Archive designed for objects you need to keep but don’t plan to
access.
This is a g
lobal service, and it can be used in a h
ybrid
cloud architecture. Amazon Elastic Block Persistent block storage designed for use with a single
Store (EBS) EC2 server. It can scale to support petabytes of data and
Amazon VPC Logically isolated section of the AWS Cloud where you supports different volume types.
can launch AWS resources in a virtual network that you
define Amazon Elastic File Fully managed NFS file system designed for Linux
System (EFS) workloads with support for petabytes of data.
AWS Direct Connect Cloud service solution that makes it easy to establish a
dedicated network connection from your data center to This service can be used in a h
ybrid cloud architecture.
AWS. This connection does not go over the public
Internet. AWS Snowball Petabyte scale data transfer service where a physical
device is delivered to your organization and returned by
Amazon API Gateway Fully managed API management service that handles a local carrier then loaded into Amazon S3
concepts like authentication, logging, and throttling for
your API layer This service can assist in data migration into the cloud
from your data center.
1
�\
AWS Snowmobile Exabyte scale data transfer service where a ruggedized AWS OpsWorks An infrastructure configuration management service
shipping container is sent to your office then loaded into that provides a managed service for Chef and Puppet.
Amazon S3
Amazon CloudWatch Monitoring and management service that integrates
This service can assist in data migration into the cloud with most AWS services. It provides both metrics and
from your data center. alarms based on those metrics as well as logs
APP INTEGRATION SERVICES AWS Config Provides continual analysis of AWS resources to ensure
they are meeting rules defined in the service
Amazon Simple Managed pub/sub (publish / subscribe) messaging
Notification Service service. This can enable fan-out architecture with one AWS Systems Manager Service that provides a collection of tools and insight
(SNS) message triggering multiple actions. into operational data for central management of those
cloud or on-premise instances.
This service is commonly used in a serverless
architecture.
AWS Control Tower System that launches a multi-account configuration
based on AWS best practices
Amazon Simple Queue Managed message queue service. This can enable fault
Service (SQS) tolerant and serverless applications. This supports
standard and FIFO (first-in first-out) queues.
DATABASE SERVICES & UTILITIES
This service is commonly used in a serverless
architecture. Amazon Relational Managed service for relational databases including
Database Service support for MySQL, PostgreSQL, MariaDB, Oracle, SQL
AWS Step Functions Manages the orchestration of complex workflows which (RDS) Server, and Amazon Aurora
are defined using Amazon States Language. It can be
leveraged in a serverless architecture. Amazon Aurora MySQL and PostgreSQL compatible database engine for
RDS that was built for the cloud
This service is commonly used in a serverless
architecture.
Amazon Aurora An on-demand and auto-scaling version of Amazon
Serverless for RDS Aurora that does not require managing the underlying
infrastructure.
MANAGEMENT & GOVERNANCE SERVICES
This service is commonly used in a serverless
AWS CloudTrail Service that provides audit trail for all services used in an architecture.
AWS account (across all interaction methods)
Amazon DynamoDB Fully managed NoSQL database service that has
extremely low latency and scaling based on
AWS CloudFormation Managed service for launching infrastructure based on
configuration.
templates. This approach is known as infrastructure as
code. CloudFormation also provides drift detection to
This service is commonly used in a serverless
know when infrastructure has veered from what is
architecture.
defined in the template.
2
�\
Amazon Redshift Managed petabyte scale data warehousing solution on
AWS
Amazon Redshift Service for querying exabytes of data stored in Amazon
Spectrum S3
Amazon Elasticache Fully-managed in-memory data store that supports
memcached and Redis engines
AWS Database Service that enables you to move your data (from
Migration Service popular commercial and open source databases) easily
(DMS) onto the cloud.
This service can assist in data migration into the cloud
from your data center.
3
