AWS Services Overview

AWS consists of many cloud services that can be used in combinations tailored to meet business or organizational needs. This section introduces the major AWS services by category.

---

NOTE – This post provides a brief overview of AWS services. It is a good introduction to start all certifications. However, it is most relevant and important for the AWS Cloud Practitioner Certification Exam.

Last updated: June 2026. Reflects current AWS service names, deprecations, and new services launched through 2024-2026.

---

Common Features

• Almost all features can be access-controlled through AWS Identity and Access Management (IAM)
• Services managed by AWS are all made Scalable and Highly Available, without any changes needed from the user
• Most services support encryption at rest and in transit by default

AWS Access

AWS allows accessing its services through unified tools using

• AWS Management Console – a simple and intuitive user interface
• AWS Command Line Interface (CLI) – programmatic access through scripts
• AWS Software Development Kits (SDKs) – programmatic access through Application Program Interface (API) tailored for programming languages (Java, .NET, Node.js, PHP, Python, Ruby, Go, C++, Rust, Kotlin, Swift) or platforms (Android, Browser, iOS)
• AWS CloudShell – a browser-based shell environment pre-authenticated with console credentials
• Infrastructure as Code (IaC) – AWS CloudFormation, AWS CDK, or Terraform for declarative resource provisioning

Security, Identity, and Compliance

AWS Identity and Access Management (IAM)

• enables you to securely control access to AWS services and resources for the users.
• allows creation of AWS users, groups and roles, and use permissions to allow and deny their access to AWS resources
• helps manage IAM users and their access with individual security credentials like access keys, passwords, and multi-factor authentication devices, or request temporary security credentials
• helps role creation & manage permissions to control which operations can be performed by which entity, or AWS service, that assumes the role
• enables identity federation to allow existing identities in the enterprise to access AWS without the need to create an IAM user for each identity.
• IAM Identity Center (formerly AWS SSO) provides centralized workforce identity management and single sign-on access to multiple AWS accounts and applications.

Amazon Inspector

• is an automated vulnerability management service that continually scans workloads for software vulnerabilities and unintended network exposure.
• automatically discovers and scans EC2 instances, container images in Amazon ECR, and AWS Lambda functions.
• supports both agent-based and agentless scanning for EC2 instances.
• produces a detailed list of security findings prioritized by a contextualized risk score that correlates CVE information with network access and exploitability factors.
• integrates with AWS Security Hub for centralized findings management.

AWS Certificate Manager

• helps provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services like ELB, CloudFront, and API Gateway
• removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates.

AWS CloudHSM

• helps meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS Cloud.
• allows protection of encryption keys within HSMs, designed and validated to government standards for secure key management.
• helps comply with strict key management requirements without sacrificing application performance.

AWS Directory Service

• provides Microsoft Active Directory (Enterprise Edition), also known as AWS Managed Microsoft AD, that enables directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud.

AWS Key Management Service (KMS)

• is a managed service that makes it easy to create and control the encryption keys used to encrypt your data.
• uses HSMs to protect the security of your keys.
• integrates with most AWS services for seamless encryption of data at rest.

AWS Organizations

• allows creation of AWS account groups, to more easily manage security and automation settings collectively
• helps centrally manage multiple accounts to help scale.
• helps control which AWS services are available to individual accounts using Service Control Policies (SCPs), automate new account creation, and simplify billing.

AWS Shield

• is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS.
• provides always-on detection and automatic inline mitigations that minimize application downtime and latency.
• provides two tiers: Shield Standard (free, automatic) and Shield Advanced (paid, enhanced protection with 24/7 DDoS Response Team access).

AWS WAF

• is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
• gives complete control over which traffic to allow or block to web application by defining customizable web security rules.
• integrates with CloudFront, Application Load Balancer, API Gateway, and AWS AppSync.

Amazon GuardDuty

• is a threat detection service that continuously monitors AWS accounts, workloads, and data for malicious activity and anomalous behavior.
• analyzes events from AWS CloudTrail, VPC Flow Logs, DNS logs, and other sources using machine learning and threat intelligence.
• provides actionable security findings with severity levels for prioritized response.

Amazon Macie

• is a data security service that discovers sensitive data using machine learning and pattern matching.
• automatically discovers and protects sensitive data stored in Amazon S3, such as personally identifiable information (PII) and financial data.
• provides visibility into data security risks and enables automated protection.

AWS Security Hub

• provides a comprehensive view of your security posture across AWS accounts.
• aggregates, organizes, and prioritizes security findings from multiple AWS services (GuardDuty, Inspector, Macie) and AWS Partner solutions.
• automates security checks against best practices and industry standards.

Amazon Security Lake

• automatically centralizes security data from AWS environments, SaaS providers, and on-premises sources into a purpose-built data lake.
• normalizes data using the Open Cybersecurity Schema Framework (OCSF) for easier analysis.
• stores data in your account using S3, giving you full control and ownership.

AWS Compute Services

Amazon Elastic Compute Cloud (EC2)

• provides secure, resizable compute capacity
• provides complete control of the computing resources (root access, ability to start, stop, terminate instances etc.)
• reduces the time required to obtain and boot new instances to minutes
• allows quick scaling of capacity, both up and down, as computing requirements change
• provides developers and sysadmins tools to build failure-resilient applications and isolate themselves from common failure scenarios.
• Benefits
  • Elastic Web-Scale Computing – enables scaling to increase or decrease capacity within minutes.
  • Flexible Cloud Hosting Services – flexibility to choose from multiple instance types (including AWS Graviton-based ARM instances for better price-performance), operating systems, and software packages.
  • Reliable – offers a highly reliable environment where replacement instances can be rapidly commissioned. EC2 SLA commitment is 99.99% availability for each Region.
  • Secure – works in conjunction with VPC to provide security and robust networking functionality. Allows control of IP address, exposure to Internet (using subnets), inbound and outbound access (using Security groups and NACLs).
  • Inexpensive – pay only for the capacity actually used
• EC2 Purchasing Options
  • On-Demand Instances – pay for compute capacity by the hour or second with no long-term commitments.
  • Savings Plans – flexible pricing model offering up to 72% savings in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a 1 or 3-year term. Available as Compute Savings Plans or EC2 Instance Savings Plans.
  • Reserved Instances – provides significant discount (up to 72%) compared to On-Demand pricing for a 1 or 3-year commitment to a specific instance type.
  • Spot Instances – allows use of spare EC2 computing capacity at up to 90% discount compared to On-Demand pricing. Instances can be interrupted by AWS with a 2-minute warning.
  • Dedicated Instances – run on hardware dedicated to a single customer for additional isolation.
  • Dedicated Hosts – physical servers with EC2 instance capacity fully dedicated to your use, allowing use of existing server-bound software licenses.

Amazon Elastic Container Service (ECS)

• is a fully managed container orchestration service that supports Docker containers.
• allows running applications on a managed cluster of EC2 instances or serverlessly with AWS Fargate.
• eliminates the need to install, operate, and scale cluster management infrastructure.
• can schedule the placement of containers across the cluster based on resource needs and availability requirements.
• integrates with Elastic Load Balancing, VPC, IAM, CloudWatch, and other AWS services.

Amazon Elastic Kubernetes Service (EKS)

• is a managed Kubernetes service that makes it easy to run Kubernetes on AWS without needing to install and operate your own Kubernetes control plane.
• runs upstream Kubernetes, ensuring compatibility with existing Kubernetes applications and tools.
• automatically manages the availability and scalability of the Kubernetes control plane nodes.
• supports running pods on EC2 instances, AWS Fargate (serverless), or on-premises with EKS Anywhere.
• EKS Auto Mode automatically provisions and manages compute, networking, and storage for Kubernetes clusters.

Amazon Elastic Container Registry (ECR)

• is a fully managed Docker container registry that makes it easy to store, manage, and deploy Docker container images.
• is integrated with Amazon ECS and EKS, simplifying development to production workflow.
• eliminates the need to operate container repositories or worry about scaling the underlying infrastructure.
• supports OCI images and artifacts, private and public repositories.

AWS Fargate

• is a serverless compute engine for containers that works with both Amazon ECS and Amazon EKS.
• removes the need to provision, configure, or scale clusters of virtual machines to run containers.
• allocates the right amount of compute resources, eliminating the need to choose instance types or manage scaling.
• each task or pod runs in its own isolated environment for workload isolation by design.

Amazon Lightsail

• is designed to be the easiest way to launch and manage a virtual private server with AWS.
• plans include everything needed to jumpstart a project – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP address – for a low, predictable price.

AWS Batch

• enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS.
• dynamically provisions the optimal quantity and type of compute resources based on the volume and specific resource requirements of the batch jobs submitted.
• plans, schedules, and executes the batch computing workloads across the full range of AWS compute services and features.

AWS Elastic Beanstalk

• is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
• automatically handles the deployment, from capacity provisioning, load balancing, and auto scaling to application health monitoring.
• provides full control over the AWS resources with access to the underlying resources at any time.

AWS Lambda

• enables running code without provisioning or managing servers, with automatic scaling for high availability.
• pay only for the compute time consumed – there is no charge when the code is not running.
• can be triggered from other AWS services or called directly from any web or mobile app.
• supports container images up to 10 GB, up to 10 GB of memory, and execution durations up to 15 minutes.
• supports multiple runtimes including Node.js, Python, Java, .NET, Go, Ruby, and custom runtimes.

AWS App Runner

• is a fully managed service for building, deploying, and running containerized web applications and APIs at scale.
• automatically builds and deploys from source code or container images with no infrastructure management required.
• handles load balancing, scaling, and TLS certificate management automatically.

Auto Scaling

• helps maintain application availability
• allows scaling EC2 capacity up or down automatically according to defined conditions or demand spikes to reduce cost
• helps ensure desired number of EC2 instances are running always
• AWS Auto Scaling provides unified scaling for multiple resources (EC2, ECS, DynamoDB, Aurora) through scaling plans.
• supports target tracking, step scaling, and predictive scaling policies.

Storage

Amazon Simple Storage Service (S3)

• is object storage with a simple web service interface to store and retrieve any amount of data from anywhere on the web.
• S3 Features
  • Durable – designed for durability of 99.999999999% (11 nines) of objects. Data is redundantly stored across multiple facilities and multiple devices in each facility.
  • Available – designed for up to 99.99% availability (Standard) of objects over a given year.
  • Scalable – can store virtually unlimited data
  • Secure – supports data in transit over SSL and data at rest encryption. Bucket policies, ACLs, and IAM can manage object permissions. S3 Block Public Access provides account-level settings to prevent unintended public access.
  • Storage Classes – multiple classes for different use cases:
    • S3 Standard – frequently accessed data
    • S3 Intelligent-Tiering – automatically moves data between access tiers based on usage patterns
    • S3 Standard-IA – infrequently accessed data
    • S3 One Zone-IA – infrequently accessed, single-AZ
    • S3 Glacier Instant Retrieval – archive with millisecond retrieval
    • S3 Glacier Flexible Retrieval (formerly Glacier) – archive with minutes to hours retrieval
    • S3 Glacier Deep Archive – lowest-cost archive with 12-48 hour retrieval
  • Lifecycle Policies – automatically transition data between storage classes

Amazon Elastic Block Store (EBS)

• provides persistent block storage volumes for use with EC2 instances
• offers the consistent and low-latency performance needed to run workloads.
• allows scaling up or down within minutes
• EBS Features
  • High Performance Volumes – Choose between SSD-backed (gp3, io2 Block Express) or HDD-backed (st1, sc1) volumes for performance needs.
  • Availability – designed for 99.999% availability, automatically replicates within its Availability Zone.
  • Encryption – provides seamless support for data-at-rest and data-in-transit between EC2 instances and EBS volumes.
  • Snapshots – create point-in-time snapshots backed up to S3 for long-term durability. Supports EBS Snapshots Archive for low-cost long-term retention.

Amazon Elastic File System (EFS)

• provides simple, scalable, elastic file storage for use with AWS compute services and on-premises resources.
• storage capacity is elastic, growing and shrinking automatically as files are added and removed.
• works in shared mode, where multiple compute instances can access an EFS file system at the same time (NFS protocol).
• can be mounted on on-premises servers via AWS Direct Connect or VPN.
• is designed for high availability and durability across multiple AZs.
• offers Standard and One Zone storage classes, each with Infrequent Access tiers.

Amazon FSx

• provides fully managed third-party file systems with native compatibility for various workloads.
• FSx for Windows File Server – fully managed Windows native file system with SMB protocol support, Active Directory integration.
• FSx for Lustre – high-performance file system for compute-intensive workloads (ML, HPC, media processing).
• FSx for NetApp ONTAP – fully managed NetApp ONTAP file system with multi-protocol access.
• FSx for OpenZFS – fully managed OpenZFS file system for Linux workloads.

AWS Storage Gateway

• seamlessly enables hybrid storage between on-premises storage environments and the AWS Cloud
• combines a multi-protocol storage appliance with highly efficient network connectivity to AWS cloud storage services.
• provides three gateway types: S3 File Gateway, FSx File Gateway, Volume Gateway, and Tape Gateway.

AWS Backup

• is a fully managed backup service that centralizes and automates the backup of data across AWS services.
• supports EC2, EBS, RDS, DynamoDB, EFS, FSx, Storage Gateway, and more.
• provides a central backup console, backup policies, and cross-Region/cross-account backup capabilities.

Databases

Amazon Aurora

• is a MySQL and PostgreSQL compatible relational database engine
• provides the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases.
• Benefits
  • Highly Secure – provides network isolation using VPC, encryption at rest using KMS, and encryption of data in transit using SSL.
  • Highly Scalable – automatically grows storage as needed, up to 128 TB.
  • High Availability and Durability – designed for greater than 99.99% availability. Six copies of data replicated across three AZs. Instance failover typically requires less than 30 seconds.
  • Fully Managed – database management tasks like provisioning, patching, backup, recovery, and failover are automated.
  • Aurora Serverless v2 – automatically scales capacity up and down based on application demand, ideal for variable or unpredictable workloads.

Amazon Relational Database Service (RDS)

• makes it easy to set up, operate, and scale a relational database
• provides cost-efficient and resizable capacity while managing time-consuming database administration tasks
• supports Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle, and Microsoft SQL Server
• Benefits
  • Fast and Easy to Administer – no need for infrastructure provisioning or database software installation and maintenance.
  • Highly Scalable – allows quick scaling of compute and storage resources. Read Replicas available to offload read traffic.
  • Available and Durable – Multi-AZ deployments synchronously replicate data to a standby instance in a different AZ. Automated backups, snapshots, and automatic host replacement.
  • Secure – network isolation using VPC, encryption at rest with KMS, encryption in transit with SSL.
  • Inexpensive – pay low rates with On-Demand or Reserved Instance pricing.
  • RDS Proxy – a fully managed database proxy that makes applications more scalable and resilient to database failures.

Amazon DynamoDB

• is a fully managed, serverless, key-value and document NoSQL database designed for single-digit millisecond performance at any scale.
• supports both document and key-value data models.
• Benefits
  • Fast, Consistent Performance – designed to deliver consistent, fast performance at any scale using SSD storage and automatic partitioning.
  • Highly Scalable – manages all scaling to achieve specified throughput capacity. Supports on-demand and provisioned capacity modes.
  • Event-Driven Programming – DynamoDB Streams and integration with Lambda enable applications that automatically react to data changes.
  • Global Tables – provides fully managed multi-Region, multi-active replication for globally distributed applications.
  • DAX (DynamoDB Accelerator) – in-memory caching for DynamoDB delivering microsecond read latency.

Amazon ElastiCache

• is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud.
• helps improve the performance of web applications by allowing retrieval from fast, managed, in-memory caches instead of slower disk-based databases.
• supports two open-source in-memory caching engines: Redis (now Valkey-compatible) and Memcached.

Amazon MemoryDB

• is a durable, Redis/Valkey-compatible, in-memory database service for ultra-fast performance.
• delivers microsecond reads and single-digit millisecond writes with Multi-AZ durability.
• can be used as a primary database for applications requiring both high performance and data durability.

Amazon DocumentDB

• is a fully managed document database service that supports MongoDB workloads.
• designed for JSON data management at scale with automatic scaling storage.

Amazon Neptune

• is a fully managed graph database service for building applications that work with highly connected datasets.
• supports Property Graph and RDF models with Apache TinkerPop Gremlin and SPARQL query languages.

Amazon Keyspaces

• is a scalable, highly available, and fully managed Apache Cassandra-compatible database service.
• serverless – pay only for the resources you use and the table automatically scales up and down.

Migration

AWS Application Discovery Service

• helps plan application migration projects by automatically identifying applications running in on-premises data centers, their associated dependencies, and performance profiles.
• automatically collects configuration and usage data from servers, storage, and networking equipment.
• information is retained in encrypted format and can be exported for use with visualization tools or cloud migration solutions.

AWS Database Migration Service (DMS)

• helps migrate databases to AWS easily and securely
• source database remains fully operational during the migration, minimizing downtime.
• supports homogeneous migrations (e.g., Oracle to Oracle) and heterogeneous migrations (e.g., Oracle to Aurora, SQL Server to MySQL).
• allows streaming data to Redshift, S3, and other targets from supported sources.
• can also be used for continuous data replication with high availability.
• AWS Schema Conversion Tool (SCT) helps convert database schemas between different database engines.

AWS Application Migration Service (AWS MGN / AWS Transform MGN)

• is the recommended service for lift-and-shift (rehost) migrations to AWS, replacing the deprecated AWS Server Migration Service.
• automates the conversion of source servers (physical, virtual, or cloud) into native Amazon EC2 instances.
• provides continuous block-level replication, short cutover windows, and automated testing.
• Note: Previously called AWS Application Migration Service (MGN), now rebranded as AWS Transform MGN (June 2026).

AWS Snow Family

⚠️ Note: The AWS Snow Family is being wound down. As of November 2025, Snowball Edge devices are only available to existing customers. New customers should use AWS DataSync, AWS Data Transfer Terminal, or AWS Partner solutions.

• AWS Snowball Edge (existing customers only) – a data transfer and edge computing device with on-board storage and compute capabilities. Can move large amounts of data and support local workloads.
• AWS Snowmobile – Retired (March 2024). No longer available.
• Migration Alternatives:
  • AWS DataSync – online data transfer service for automated transfer between on-premises and AWS storage.
  • AWS Data Transfer Terminal – secure physical location for transferring data to AWS.
  • AWS Transfer Family – fully managed SFTP, FTPS, FTP, and AS2 service for file transfers to S3 or EFS.

Networking and Content Delivery

Amazon Virtual Private Cloud (VPC)

• helps provision a logically isolated section of the AWS Cloud where AWS resources can be launched in a virtual network that you define.
• provides complete control over the virtual networking environment, including selection of IP address range, creation of subnets (public and private), and configuration of route tables and network gateways.
• allows use of both IPv4 and IPv6 for secure and easy access to resources.
• allows multiple layers of security, including security groups and network access control lists (NACLs).
• allows creation of VPN connections between corporate data center and VPC.
• VPC Peering enables private connectivity between VPCs. Transit Gateway provides a hub for connecting multiple VPCs and on-premises networks.

Amazon CloudFront

• is a global content delivery network (CDN) service that accelerates delivery of websites, APIs, video content, or other web assets.
• can deliver entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations.
• requests for content are automatically routed to the nearest edge location for best possible performance.
• is optimized to work with S3, EC2, ELB, Route 53, and API Gateway as well as non-AWS origin servers.
• supports edge functions via CloudFront Functions and Lambda@Edge for customizing content at the edge.

Amazon Route 53

• is a highly available and scalable Domain Name System (DNS) web service.
• connects user requests to infrastructure running in AWS or outside of AWS.
• helps configure DNS health checks to route traffic to healthy endpoints.
• allows traffic management globally through latency-based routing, Geo DNS, geoproximity, weighted round robin, multivalue answer, and IP-based routing – all combinable with DNS Failover.
• is fully compliant with IPv6 and offers Domain Name Registration service.

AWS Direct Connect

• makes it easy to establish a dedicated network connection from on-premises to AWS.
• helps establish private connectivity between AWS and data center, office, or co-location environment.
• helps increase bandwidth throughput, reduce network costs, and provide a more consistent network experience than Internet-based connections.

Elastic Load Balancing (ELB)

• automatically distributes incoming application traffic across multiple targets (EC2 instances, containers, IP addresses, Lambda functions).
• enables greater levels of fault tolerance by seamlessly providing the required amount of load balancing capacity.
• offers four types of load balancers:
  • Application Load Balancer (ALB) – operates at Layer 7 (HTTP/HTTPS). Routes traffic based on content of the request. Ideal for microservices, container-based architectures, and advanced routing needs.
  • Network Load Balancer (NLB) – operates at Layer 4 (TCP/UDP/TLS). Handles millions of requests per second with ultra-low latency. Ideal for TCP/UDP traffic and extreme performance requirements.
  • Gateway Load Balancer (GWLB) – operates at Layer 3 (IP). Makes it easy to deploy, scale, and manage third-party virtual appliances (firewalls, IDS/IPS). Combines transparent network gateway with load balancing.
  • Classic Load Balancer (CLB) – previous generation, operates at both Layer 4 and Layer 7. Recommended to migrate to ALB or NLB.

AWS Global Accelerator

• is a networking service that improves the availability and performance of applications by using the AWS global network.
• provides two static anycast IP addresses that serve as a fixed entry point to applications hosted in one or more AWS Regions.
• continuously monitors endpoints and instantly routes traffic to the closest healthy endpoint.

AWS PrivateLink

• provides private connectivity between VPCs, AWS services, and on-premises applications without exposing traffic to the public internet.
• simplifies security of data shared between cloud-based applications and on-premises services.

Management and Governance

Amazon CloudWatch

• is a monitoring and observability service for AWS Cloud resources and the applications running on AWS.
• can collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in AWS resources.
• provides CloudWatch Logs, Metrics, Alarms, Dashboards, and Events (now EventBridge) for comprehensive monitoring.
• supports custom metrics, anomaly detection, and cross-account observability.

AWS CloudFormation

• allows developers and systems administrators to implement “Infrastructure as Code”
• provides an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.
• handles the order for provisioning AWS services and the subtleties of making those dependencies work.
• allows applying version control to AWS infrastructure the same way it’s done with software.
• AWS CDK (Cloud Development Kit) allows defining infrastructure using familiar programming languages (TypeScript, Python, Java, etc.) that synthesize to CloudFormation templates.

AWS CloudTrail

• records AWS API calls for the account and delivers log files.
• includes API calls made via the Console, CLI, SDKs, and higher-level AWS services.
• recorded information includes the identity of the API caller, time, source IP address, request parameters, and response elements.
• enables security analysis, resource change tracking, compliance auditing, and operational troubleshooting.
• supports CloudTrail Lake for SQL-based querying and long-term retention of events.

AWS Config

• provides an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.
• provides Config Rules feature that enables creation of rules to automatically check the configuration of AWS resources.
• helps discover existing and deleted AWS resources, determine overall compliance against rules, and dive into configuration details at any point in time.
• supports Conformance Packs for packaging multiple Config Rules and remediation actions together.

AWS Systems Manager

• provides a unified user interface to view operational data from multiple AWS services and automate operational tasks across AWS resources.
• includes capabilities for patch management, configuration management, session management, parameter store, and run command.
• helps maintain security and compliance by scanning managed instances for patch compliance and configuration inconsistencies.

AWS Service Catalog

• allows organizations to create and manage catalogs of IT services approved for use on AWS.
• helps centrally manage commonly deployed IT services and helps achieve consistent governance and compliance requirements.

AWS Trusted Advisor

• is an online resource that inspects your AWS environment and provides recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.
• provides real-time guidance to help provision resources following AWS best practices.

AWS Health Dashboard

• provides alerts and remediation guidance when AWS is experiencing events that might affect you (formerly Personal Health Dashboard).
• displays relevant information to help manage events in progress and provides proactive notification for scheduled activities.
• provides a personalized view into the performance and availability of AWS services underlying your resources.

AWS Control Tower

• provides the easiest way to set up and govern a secure, multi-account AWS environment (landing zone).
• establishes a well-architected multi-account baseline with guardrails (preventive and detective) for governance.
• automates account provisioning and applies best practices for identity management, federated access, and logging.

Developer Tools

AWS CodeCommit

• is a fully managed source control service that hosts secure and highly scalable private Git repositories.
• ⚠️ Note: CodeCommit is no longer available to new customers (July 2024). Existing customers can continue using it. Consider GitHub, GitLab, or Bitbucket as alternatives.

AWS CodeBuild

• is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy.
• scales continuously and processes multiple builds concurrently.

AWS CodeDeploy

• is a service that automates code deployments to any instance, including EC2 instances, Lambda functions, ECS services, and on-premises servers.
• helps rapidly release new features, avoid downtime during deployment, and handles the complexity of updating applications.

AWS CodePipeline

• is a continuous integration and continuous delivery (CI/CD) service for fast and reliable application and infrastructure updates.
• builds, tests, and deploys code every time there is a code change, based on defined release process models.

AWS X-Ray

• helps developers analyze and debug distributed applications in production, such as those built using microservices architectures.
• provides an end-to-end view of requests as they travel through the application, and shows a map of its underlying components.
• helps identify and troubleshoot the root cause of performance issues and errors.

Amazon Q Developer

• is a generative AI-powered assistant for software development (formerly Amazon CodeWhisperer).
• provides AI-powered code suggestions, security scanning, code transformation, and natural language chat for development tasks.
• supports multiple IDEs and programming languages.

Messaging and Application Integration

Amazon SQS

• is a fast, reliable, scalable, fully managed message queuing service.
• makes it simple and cost-effective to decouple the components of a cloud application.
• includes Standard queues with high throughput and at-least-once processing, and FIFO queues with exactly-once processing and ordered delivery.

Amazon SNS

• is a fast, flexible, fully managed pub/sub messaging and mobile notification service.
• can send notifications to Apple, Google, Windows, and other mobile platforms, email, SMS, HTTP endpoints, SQS queues, and Lambda functions.
• supports message filtering, FIFO topics, and message archiving.

Amazon SES

• is a cost-effective, scalable email service for sending transactional email, marketing messages, or any other type of high-quality content.
• can also receive messages and deliver them to S3, trigger Lambda functions, or publish to SNS.

Amazon EventBridge

• is a serverless event bus that makes it easy to connect applications using data from your own apps, SaaS apps, and AWS services.
• delivers a stream of real-time data from event sources and routes that data to targets like Lambda, Step Functions, SQS, and more.
• replaces CloudWatch Events with additional capabilities including schema registry and third-party integrations.

AWS Step Functions

• makes it easy to coordinate the components of distributed applications and microservices using visual workflows.
• automatically triggers and tracks each step, and retries when there are errors.
• supports Standard Workflows (long-running) and Express Workflows (high-volume, short-duration).

Amazon API Gateway

• is a fully managed service for creating, publishing, maintaining, monitoring, and securing APIs at any scale.
• handles traffic management, authorization, access control, monitoring, and API version management.
• supports REST APIs, HTTP APIs, and WebSocket APIs.

Analytics

Amazon Athena

• is an interactive query service that helps analyze data in S3 using standard SQL.
• is serverless – no infrastructure to manage, pay only for queries run.
• supports querying data in multiple formats including CSV, JSON, ORC, Avro, and Parquet.
• integrates with AWS Glue Data Catalog for schema management.

Amazon EMR

• provides a managed big data platform that makes it easy, fast, and cost-effective to process vast amounts of data.
• supports Apache Spark, Hive, HBase, Presto, Flink, and other popular frameworks.
• can run on EC2, EKS, or serverlessly with EMR Serverless.
• handles big data use cases including log analysis, ETL, machine learning, and scientific simulation.

Amazon OpenSearch Service

• makes it easy to deploy, operate, and scale OpenSearch (and legacy Elasticsearch) for log analytics, full-text search, application monitoring, and more.
• Note: Renamed from Amazon Elasticsearch Service in September 2021.
• is a fully managed service delivering real-time search and analytics capabilities along with availability, scalability, and security for production workloads.
• supports OpenSearch Dashboards (successor to Kibana) for data visualization.

Amazon Kinesis

• is a platform for streaming data on AWS, offering services to collect, process, and analyze real-time streaming data.
• offers:
  • Amazon Kinesis Data Streams – enables building custom applications that process or analyze streaming data for specialized needs.
  • Amazon Data Firehose (formerly Kinesis Data Firehose) – easiest way to capture, transform, and load streaming data into S3, Redshift, OpenSearch, and third-party services like Splunk and Snowflake.
  • Amazon Managed Service for Apache Flink (formerly Kinesis Data Analytics) – process and analyze streaming data in real time using Apache Flink.
  • Amazon Kinesis Video Streams – capture, process, and store video streams for analytics and machine learning.

Amazon Redshift

• provides a fast, fully managed, petabyte-scale cloud data warehouse.
• uses massively parallel processing (MPP) architecture, parallelizing and distributing SQL operations across nodes.
• supports Redshift Serverless for running analytics without managing infrastructure.
• provides Redshift Spectrum to query data directly in S3 without loading it.

Amazon QuickSight

• is a fast, cloud-powered business intelligence (BI) service for building visualizations, performing ad-hoc analysis, and getting business insights from data.
• supports ML-powered insights with Amazon Q in QuickSight for natural language querying.

AWS Glue

• is a serverless data integration service that makes it easy to discover, prepare, move, and integrate data from multiple sources.
• provides the Glue Data Catalog as a central metadata repository.
• simplifies and automates data discovery, ETL job authoring, and job scheduling.
• scales automatically and provisions resources as needed.

AWS Lake Formation

• makes it easy to set up a secure data lake in days instead of months.
• provides centralized governance and security for data lake access using fine-grained permissions.

Machine Learning and Artificial Intelligence

Amazon Bedrock

• is a fully managed service offering access to leading foundation models (FMs) from AI companies (Anthropic, Meta, Mistral, Amazon, and others) through a single API.
• provides capabilities to build generative AI applications with security, privacy, and responsible AI features.
• supports use cases like text generation, summarization, image generation, chatbots, and AI agents.
• offers Bedrock Agents for building autonomous AI agents and Bedrock Knowledge Bases for RAG (Retrieval Augmented Generation).

Amazon SageMaker

• is a fully managed machine learning service to build, train, and deploy ML models at scale.
• provides SageMaker Studio as a unified IDE for ML development.
• supports the entire ML workflow: data preparation, model building, training, tuning, and deployment.
• includes built-in algorithms, pre-built ML frameworks, and AutoML capabilities.

Amazon Rekognition

• makes it easy to add image and video analysis to applications using deep learning technology.
• can identify objects, people, text, scenes, and activities, and detect inappropriate content.

Amazon Comprehend

• is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text.
• can identify the language, extract key phrases, sentiment, entities, and topics.

Amazon Lex

• is a service for building conversational interfaces using voice and text (same technology that powers Alexa).
• provides automatic speech recognition (ASR) and natural language understanding (NLU).

Amazon Polly

• is a text-to-speech service that turns text into lifelike speech using deep learning.
• supports multiple languages and provides a variety of natural-sounding voices.

Amazon Transcribe

• is an automatic speech recognition (ASR) service that converts speech to text.
• supports real-time transcription and batch transcription of audio files.

Amazon Translate

• is a neural machine translation service for fast, high-quality language translation.
• supports translation between supported languages for applications and content.

Cloud Financial Management

AWS Cost Explorer

• provides an easy-to-use interface to visualize, understand, and manage AWS costs and usage over time.
• offers forecasting, savings recommendations, and detailed filtering/grouping of cost data.

AWS Budgets

• allows setting custom budgets that alert when costs or usage exceed (or are forecasted to exceed) the budgeted amount.
• supports cost, usage, reservation, and savings plans budgets.

AWS Pricing Calculator

• helps estimate the cost of using AWS services before deployment.
• allows creating cost estimates for various architectures and configurations.

Deprecated Services (Historical Reference)

The following services mentioned in the original AWS Overview Whitepaper have been deprecated or discontinued. They are listed here for reference and certification context.

• Amazon Cloud Directory – No longer open to new customers (November 2025). Alternatives: DynamoDB, Neptune.
• AWS OpsWorks – Reached End of Life on May 26, 2024. Disabled for all customers. Alternatives: AWS Systems Manager, CloudFormation, CodeDeploy.
• Amazon Elastic Transcoder – Discontinued November 13, 2025. Replaced by AWS Elemental MediaConvert.
• AWS Server Migration Service (SMS) – Deprecated. Replaced by AWS Application Migration Service (MGN / Transform MGN).
• AWS Data Pipeline – No longer available to new customers (July 2024). Alternatives: AWS Glue, Step Functions, Amazon MWAA (Managed Workflows for Apache Airflow).
• Amazon SWF (Simple Workflow Service) – Still operational but superseded by AWS Step Functions for new workloads.
• AWS Snowmobile – Retired March 2024. No longer available.
• Amazon CodeCatalyst – No longer open to new customers (November 2025).

AWS Certification Exam Practice Questions

• Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
• AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
• AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
• Open to further feedback, discussion and correction.

1. Which AWS services belong to the Compute services? Choose 2 answers
   1. Lambda
   2. EC2
   3. S3
   4. EMR
   5. CloudFront
2. Which AWS service provides low cost storage option for archival and long-term backup?
   1. S3 Glacier
   2. S3 Standard
   3. EBS
   4. CloudFront
3. Which AWS services belong to the Storage services? Choose 2 answers
   1. EFS
   2. IAM
   3. EMR
   4. S3
   5. CloudFront
4. A Company allows users to upload videos on its platform. They want to convert the videos to multiple formats supported on multiple devices and platforms. Which AWS service can they leverage for the requirement?
   1. AWS SWF
   2. AWS Video Converter
   3. AWS Elemental MediaConvert
   4. AWS Data Pipeline
5. Which analytic service helps analyze data in S3 using standard SQL?
   1. Athena
   2. EMR
   3. OpenSearch
   4. Kinesis
6. What features does AWS’s Route 53 service provide? Choose the 2 correct answers:
   1. Content Caching
   2. Domain Name System (DNS) service
   3. Database Management
   4. Domain Registration
7. You are trying to organize and import (to AWS) gigabytes of data that are currently structured in JSON-like, name-value documents. What AWS service would best fit your needs?
   1. Lambda
   2. DynamoDB
   3. RDS
   4. Aurora
8. What AWS database is primarily used to analyze data using standard SQL formatting with compatibility for your existing business intelligence tools? Choose the correct answer:
   1. Redshift
   2. RDS
   3. DynamoDB
   4. ElastiCache
9. A company wants their application to use pre-configured machine image with software installed and configured. Which AWS feature can help for the same?
   1. Amazon Machine Image (AMI)
   2. AWS CloudFormation
   3. AWS Lambda
   4. AWS Lightsail
10. What AWS service can be used to track API event calls for security analysis and resource change tracking?
    1. AWS CloudWatch
    2. AWS CloudFormation
    3. AWS CloudTrail
    4. AWS Systems Manager
11. Which AWS service can help offload the read traffic from your database in order to reduce latency caused by read-heavy workload?
    1. ElastiCache
    2. DynamoDB
    3. S3
    4. EFS
12. What service allows system administrators to run “Infrastructure as Code”?
    1. CloudFormation
    2. CloudWatch
    3. CloudTrail
    4. CodeDeploy
13. Which AWS service is a fully managed container orchestration service?
    1. EC2
    2. Amazon ECS
    3. AWS Lambda
    4. Amazon S3
14. A company wants to run containers without managing servers or clusters. Which AWS service should they use?
    1. Amazon EC2
    2. Amazon EKS on EC2
    3. AWS Fargate
    4. AWS Batch
15. Which AWS service provides a fully managed generative AI service with access to foundation models?
    1. Amazon SageMaker
    2. Amazon Bedrock
    3. Amazon Comprehend
    4. Amazon Rekognition
16. Which Elastic Load Balancer type operates at Layer 4 and is best suited for ultra-low latency TCP/UDP traffic?
    1. Application Load Balancer
    2. Network Load Balancer
    3. Gateway Load Balancer
    4. Classic Load Balancer
17. Which AWS service provides centralized threat detection by continuously monitoring AWS accounts and workloads for malicious activity?
    1. AWS WAF
    2. Amazon Inspector
    3. Amazon GuardDuty
    4. AWS Shield
18. A company wants to save costs on EC2 by committing to a consistent usage amount ($/hour) for 1-3 years with flexibility across instance families, regions, and services. What should they use?
    1. Reserved Instances
    2. Spot Instances
    3. Compute Savings Plans
    4. Dedicated Hosts

References

• Overview of Amazon Web Services – AWS Whitepaper (June 2026)
• AWS Cloud Products
• AWS Product Lifecycle – Deprecated Services