Category Service

Analytics Amazon Athena

Analytics AWS Data Exchange

Analytics Amazon EMR

Analytics AWS Glue

Analytics Amazon Kinesis

Amazon MSK(Amazon Managed
Analytics Streaming for Apache Kafka)

Analytics Amazon OpenSearch Service

Analytics Amazon QuickSight

Analytics Amazon Redshift

Application Integration Amazon EventBridge

Application Integration Amazon SNS

Application Integration Amazon SQS

Application Integration AWS Step Functions

Business Applications Amazon Connect

Business Applications Amazon SES

Cloud Financial ManagemeAWS Billing Conductor

Cloud Financial ManagemeAWS Budgets

Cloud Financial ManagemeAWS Cost and Usage Report

Cloud Financial ManagemeAWS Cost Explorer

Cloud Financial ManagemeAWS Marketplace

Compute AWS Batch

Compute Amazon EC2

Compute AWS Elastic Beanstalk

Compute Amazon Lightsail

Compute AWS Local Zones

Compute AWS Outposts

Compute AWS Wavelength

Containers Amazon Elastic Container Registry

Containers Amazon Elastic Container Service

Containers Amazon Elastic Kubernetes Servic

Customer Engagement AWS Activate for Startups

Customer Engagement AWS IQ

Customer Engagement AWS Managed Services (AMS)

Customer Engagement AWS Support

Database Amazon Aurora

Database Amazon DynamoDB

Database Amazon MemoryDB for Redis

Database Amazon Neptune

Database Amazon RDS

Database Amazon DocumentDB

Developer Tools AWS AppConfig

Developer Tools AWS CLI

Developer Tools AWS Cloud9

Developer Tools AWS CloudShell

Developer Tools AWS CodeArtifact

Developer Tools AWS CodeBuild

Developer Tools AWS CodeCommit

Developer Tools AWS CodeDeploy

Developer Tools AWS CodePipeline

Developer Tools AWS CodeStar

Developer Tools AWS X-Ray

End User Computing Amazon AppStream 2.0

End User Computing Amazon WorkSpaces

End User Computing Amazon WorkSpaces Web

Frontend Web and Mobile AWS Amplify

Frontend Web and Mobile AWS AppSync

Frontend Web and Mobile AWS Device Farm

Internet of Things (IoT) AWS IoT Core

Internet of Things (IoT) AWS IoT Greengrass

Machine Learning Amazon Comprehend

Machine Learning Amazon Kendra

Machine Learning Amazon Lex

Machine Learning Amazon Polly

Machine Learning Amazon Q

Machine Learning Amazon Rekognition

Machine Learning Amazon SageMaker

Machine Learning Amazon Textract

Machine Learning Amazon Transcribe

Machine Learning Amazon Translate

Machine Learning Amazon Rekognition Custom Label

Machine Learning Amazon SageMaker AI

Management and GovernanAWS Auto Scaling

Management and GovernanAWS CloudFormation

Management and GovernanAWS CloudTrail

Management and GovernanAmazon CloudWatch

Management and GovernanAWS Compute Optimizer

Management and GovernanAWS Config

Management and GovernanAWS Control Tower

Management and GovernanAWS Health Dashboard

Management and GovernanAWS Launch Wizard

Management and GovernanAWS License Manager

Management and GovernanAWS Management Console

Management and GovernanAWS Organizations

Management and GovernanAWS Resource Groups and Tag Edit

Management and GovernanAWS Service Catalog

Management and GovernanService Quotas

Management and GovernanAWS Systems Manager

Management and GovernanAWS Trusted Advisor

Management and GovernanAWS Well-Architected Tool

Migration and Transfer AWS Application Discovery Service

Migration and Transfer AWS Application Migration Service

Migration and Transfer AWS Database Migration Service

Migration and Transfer Migration Evaluator

Migration and Transfer AWS Migration Hub

Migration and Transfer AWS Schema Conversion Tool (AWS

Migration and Transfer AWS Snow Family

Migration and Transfer AWS Transfer Family

Networking and Content DeAmazon API Gateway

Networking and Content DeAmazon CloudFront

Networking and Content DeAWS Direct Connect

Networking and Content DeAWS Global Accelerator

Networking and Content DeAWS PrivateLink

Networking and Content DeAmazon Route 53

Networking and Content DeAWS Transit Gateway

Networking and Content DeAmazon VPC

Networking and Content DeAWS VPN

Networking and Content DeAWS Site-to-Site VPN

Networking and Content DeAWS Client VPN

Security, Identity, and ComAWS Artifact

Security, Identity, and ComAWS Audit Manager

Security, Identity, and ComAWS Certificate Manager (ACM)

Security, Identity, and ComAWS CloudHSM

Security, Identity, and ComAmazon Cognito

Security, Identity, and ComAmazon Detective

Security, Identity, and ComAWS Directory Service

Security, Identity, and ComAWS Firewall Manager

Security, Identity, and ComAmazon GuardDuty

Security, Identity, and ComAWS Identity and Access Managem

Security, Identity, and ComAWS IAM Identity Center

Security, Identity, and ComAmazon Inspector

Security, Identity, and ComAWS KMS

Security, Identity, and ComAmazon Macie

Security, Identity, and ComAWS Network Firewall

Security, Identity, and ComAWS Resource Access Manager (R

Security, Identity, and ComAWS Secrets Manager

Security, Identity, and ComAWS Security Hub

Security, Identity, and ComAWS Shield

Security, Identity, and ComAWS WAF

Serverless AWS Fargate

Serverless AWS Lambda

Storage AWS Backup

Storage Amazon EBS

Storage Amazon EFS

Storage AWS Elastic Disaster Recovery

Storage Amazon FSx

Storage Amazon S3

Storage Amazon S3 Glacier

Storage AWS Storage Gateway

 Definition (Essential Features)
Serverless interactive query service that analyzes data directly in Amazon S3
using standard SQL. No infrastructure to manage and pay-per-query pricing.
Service to find, subscribe to, and use third-party data products securely via AWS
Marketplace; supports data subscriptions and delivery.
Managed big data platform to run open-source frameworks such as Apache
Spark, Hadoop, and Hive on scalable clusters.
Serverless data integration service for discovering, cataloging, cleaning, and
transforming data; includes a Data Catalog and ETL engine.
Family of services for real-time data streaming and ingestion (Data Streams,
Firehose, Data Analytics) capable of high-throughput streaming.
Fully managed Apache Kafka service that handles provisioning, scaling, and
maintenance for streaming workloads.
Managed service to deploy and operate OpenSearch clusters for search,
analytics, and observability; integrates with CloudWatch and Kinesis.
Cloud-native business intelligence service for interactive visualizations and
dashboards with SPICE caching for fast queries.
Fully managed data warehouse for petabyte-scale analytics supporting
columnar storage, MPP, and integrations with data lakes.
Serverless event bus for building event-driven applications connecting AWS
services, SaaS apps, and custom sources with routing rules.
Pub/sub messaging service for fan-out messaging to endpoints including HTTP/S,
Lambda, email, SMS, and mobile push.
Fully managed message queuing service (standard and FIFO queues) for
decoupling microservices and buffering workloads.
Visual workflow orchestration service that coordinates AWS services into
serverless workflows with retries and error handling.
Cloud-based contact center service offering omnichannel support, routing, and
AI-driven insights for customer engagement.
Scalable email service for sending transactional and marketing messages.
Includes deliverability and reputation management.
Centralized billing and chargeback tool to create custom billing views and
manage pricing for accounts and workloads.
Service for setting custom cost and usage budgets with alerts when thresholds
are exceeded.
Provides detailed AWS usage and cost data in CSV/Parquet for analysis,
chargeback, and reporting.
Interactive tool to visualize, analyze, and forecast AWS costs and usage with
recommendations.
Catalog of third-party software, data, and services purchasable and deployable
in AWS.
Managed batch computing at scale that provisions resources and schedules jobs
based on demand and priorities.
Provides resizable compute capacity (virtual servers) with many instance types,
networking, and storage attachments like EBS.
Platform as a Service for deploying and scaling web applications with automated
provisioning and monitoring.
Simplified VPS with bundled compute, storage, and networking aimed at simple
applications and predictable pricing.
Extends AWS infrastructure into metro areas to place compute and storage
closer to end users for low-latency needs.
Delivers AWS hardware and services on-premises for hybrid workloads to meet
latency or data residency requirements.
Integrates AWS compute into telecom 5G networks to support ultra-low latency
mobile and edge applications.
Managed container image registry integrated with IAM and scanning features for
Docker images.
Highly scalable container orchestration service that supports EC2 and Fargate
launch types.
Managed Kubernetes service that simplifies running Kubernetes clusters on AWS
with integrations to AWS services.
Program providing startups with credits, training, and resources to build on
AWS.
Marketplace to connect customers with AWS-certified experts for short-term
projects and consulting.
Provides operational management, monitoring, and incident management for
AWS environments as a managed offering.
Tiered support plans offering technical guidance, case management, and access
to AWS resources and experts.
High-performance managed relational database compatible with MySQL and
PostgreSQL with features like Global DB and serverless options.
Serverless NoSQL database offering single-digit millisecond latency, autoscaling,
and global tables for multi-region replication.
Redis-compatible, in-memory database designed for microsecond latency and
durability to support caching and real-time workloads.
Managed graph database optimized for highly connected datasets and graph
queries.
Managed relational database supporting multiple engines with automated
backups, Multi-AZ, and read replicas.
Managed document database compatible with MongoDB workloads designed for
scalability and managed backups.
Configuration management service to deploy application settings safely using
feature flags and validators.
Command-line tool for interacting with and automating AWS services and
resources programmatically.
Browser-based IDE that provides a development environment with direct AWS
integration.
Pre-authenticated browser-based shell environment for ad-hoc AWS CLI usage
without local credentials.
Managed artifact repository for storing and sharing software packages for build
and deployment.
Managed build service to compile source, run tests, and produce artifacts for
CI/CD workflows.
Secure, managed Git-based source control for private repositories hosted in
AWS.
Automated deployment service to deploy applications to EC2, Lambda, and on-
prem targets with deployment strategies.
Continuous delivery service that automates the build, test, and deploy stages of
release processes.
Integrated service for setting up CI/CD toolchains and managing software
development projects with templates.
Distributed tracing tool to analyze and debug distributed applications and
microservices.
Application streaming service delivering desktop apps to browsers without local
installs, with central management.
Managed desktop-as-a-service offering persistent cloud desktops accessible
from multiple devices.
Browser-based secure access to internal web apps and SaaS with no persistent
client footprint.
Development and hosting tools to build, deploy, and host web and mobile
frontends with integrated backend services.
Managed GraphQL service offering real-time data and offline sync for mobile
and web apps.
App testing service that runs tests across real mobile devices and browsers in
the cloud.
Managed service to securely connect, manage, and ingest data from IoT devices
with device registry and message brokering.
Edge runtime enabling devices to run Lambda functions locally and sync with
the cloud when connected.
NLP service that extracts sentiment, entities, key phrases, and language from
text using ML.
Enterprise search powered by ML that provides more accurate and context-
aware search results across content sources.
Service to build conversational interfaces using ASR and NLU for chatbots and
voice assistants.
Text-to-speech service that converts text into natural-sounding speech for voice-
enabled apps.
Generative AI assistant for developers and business users to generate content,
code snippets, and answers.
Image and video analysis using deep learning to detect objects, scenes, faces,
and moderation labels.
End-to-end ML platform to build, train, and deploy models with integrated MLOps
tooling and managed compute.
ML-based OCR service to extract text and structured data from scanned
documents and forms.
Automatic speech recognition (ASR) service that converts audio to text, with
timestamps and speaker ID.
Neural machine translation service that translates text between languages for
localization.
Allows training custom image classification models within Rekognition for
domain-specific tasks.
Expanded SageMaker capabilities branded for managed, accelerated model
building and deployment workflows.
Automatically adjusts capacity to maintain performance and optimize costs
across resources and services.
IaC service to model and provision AWS resources using declarative templates
and stacks.
Records API activity and account actions for auditing and governance; logs
exportable to S3 or CloudWatch.
Monitoring platform for logs, metrics, dashboards, alarms, and events to
observe AWS resources and applications.
Analyzes resource usage and recommends optimal compute configurations to
improve performance and reduce cost.
Provides resource inventory, configuration history, and continuous compliance
checks using rules and remediation.
Automates setup and governance of multi-account AWS environments with
guardrails and account provisioning.
Account-specific view of AWS service health, incidents, and scheduled
maintenance with guidance.
Guided deployment for complex applications providing architecture guidance
and automated provisioning.
Centralizes license management and tracking across AWS and on-premises to
reduce compliance risk.
Web-based graphical interface to manage AWS services and resources with
dashboards and service explorers.
Centrally manage multiple accounts with consolidated billing, SCPs, and
organizational units for governance.
Group and manage resources using tags for bulk actions and inventory
management across services.
Create and manage approved catalogs of IT services and CloudFormation
templates for self-service provisioning.
View and manage service limits and request quota increases to avoid throttling.
Operational hub with features like Session Manager, Patch Manager,
Automation, and Parameter Store for fleet management.
Automated best-practice checks across cost, security, performance, and fault
tolerance with actionable recommendations.
Assess workloads against AWS best practices and receive prioritized
recommendations for improvements.
Collects on-prem server and application inventory and performance data to
inform migration planning.
Automates lift-and-shift migrations by replicating servers into AWS and
orchestrating cutovers.
Migrates and replicates databases to AWS with minimal downtime, supporting
homogeneous and heterogeneous migrations.
Analyzes on-prem workloads and estimates TCO, performance, and migration
readiness to support planning.
Centralized tracking of migration progress across multiple AWS and partner
migration tools.
Converts database schemas and code to target database engines to ease
heterogeneous migrations.
Physical devices and edge appliances for large-scale data transfer (Snowball,
Snowcone, Snowmobile) and edge compute.
Managed service to transfer files into and out of AWS using SFTP, FTPS, and FTP,
integrated with S3 and EFS.
Create, publish, secure, and monitor APIs (REST, HTTP, WebSocket) with
throttling, caching, and authorization features.
Global CDN using edge locations to cache and deliver content with low latency
and Lambda@Edge integrations.
Dedicated private network connections between on-premises and AWS for
consistent low-latency, high-bandwidth connectivity.
Improves availability and performance by routing user traffic through the AWS
global network using static anycast IPs.
Private connectivity to AWS services and partner SaaS using private endpoints
without traversing the public internet.
Highly available DNS and domain registration service with routing policies,
health checks, and domain management.
Centralized hub to interconnect VPCs and on-premises networks, simplifying
connectivity at scale.
Virtual Private Cloud to provision isolated network environments with subnets,
route tables, gateways, and security controls.
Family of VPN solutions to create encrypted tunnels between on-premises
networks and AWS over the internet or Direct Connect.

Managed IPSec tunnels to connect on-premises networks to AWS VPCs securely.

Managed client-based VPN service for secure remote access to AWS and on-
prem resources.
Portal to access AWS compliance reports and agreements (SOC, ISO, PCI) and
manage legal and compliance documents.
Automates collection of evidence and assessment against compliance
frameworks to simplify audits.
Provision and manage SSL/TLS certificates for AWS resources with automatic
renewal for supported resources.
Hardware Security Module service providing dedicated HSMs for cryptographic
operations and key storage.
User identity and authentication service providing user pools, identity pools, and
federation support for web and mobile apps.
Analyzes and visualizes security findings to help investigate root causes of
security incidents.
Managed directories to integrate AWS with Active Directory environments or
provide AWS Managed Microsoft AD.
Centralized management for WAF and Shield Advanced policies across multiple
accounts and resources.
ML-driven threat detection service that continuously monitors for malicious or
unauthorized behavior.
Manage identities, roles, and permissions to control access to AWS resources
with fine-grained policies.
Centralized single sign-on and identity brokering for multiple AWS accounts and
applications.
Automated vulnerability assessment that scans EC2 instances and container
images for exposures and best-practice deviations.
Key Management Service for creating and controlling cryptographic keys used to
encrypt data in AWS services.
ML-based data security service to discover, classify, and protect sensitive data
such as PII in S3.
Managed network firewall providing stateful inspection, intrusion prevention,
and fine-grained network protections for VPCs.
Share resources like subnets and Transit Gateway attachments across accounts
without duplication.
Securely store and rotate secrets, credentials, and API keys with built-in rotation
functionality and fine-grained access controls.
Aggregates, normalizes, and prioritizes security findings across accounts and
services into a single view.
DDoS protection service with Standard (automatic) and Advanced tiers for
enhanced protection and reporting.
Web Application Firewall to block common web exploits and bots by applying
customizable rules at the HTTP layer.
Serverless compute engine for containers that removes the need to manage
servers; integrates with ECS and EKS.
Event-driven serverless compute that runs code in response to events and
scales automatically; billed per execution.
Centralized backup service that automates backups across AWS services and
on-prem via Storage Gateway with policies.
Block-level storage for EC2 offering performance tiers, encryption, and
snapshot-based backups.
Elastic NFS file system for Linux workloads that supports concurrent access from
multiple instances.
Continuous replication and orchestration to recover physical, virtual, and cloud
servers to AWS for DR scenarios.
Managed file systems (Windows FSx, Lustre) for workloads requiring native file
system features and performance.
Object storage designed for durability, scalability, lifecycle management, and
multiple storage classes.
Archival storage with low-cost tiers and varying retrieval times suitable for long-
term retention.
Hybrid storage service that connects on-premises environments to AWS using
file, volume, and tape gateway modes.
 Important Notes (Exam Prep)
Serverless SQL over S3; pay-per-query; no
infra to manage.
Marketplace for third-party datasets;
subscription-based.
Managed Spark/Hadoop; good for large-scale
ETL.
Serverless ETL and data catalog; integrates
with Athena/Redshift.

Real-time streaming ingestion and processing.

Managed Kafka service for high-throughput
streaming.
Search and log analytics;
OpenSearch/Elasticsearch compatible.
BI dashboards with SPICE in-memory
acceleration.

Columnar, MPP data warehouse for analytics.

Event bus for serverless event-driven
architectures.

Pub/sub; fan-out notifications.

Message queuing; FIFO for ordered delivery.

Visual workflows and state machine
orchestration.
Cloud contact center; integrates with Lex/AI
features.

Transactional and bulk email service.

Custom internal billing and chargeback.

Set budgets and get alerts on thresholds.

Detailed cost export for finance and reporting.

Visual cost analysis and forecasting.

Third-party software and data marketplace.

Batch job management with autoscaling.
Virtual servers with multiple instance types
and pricing.
PaaS for easy app deployment and
management.

Simplified VPS offering with flat pricing.

Edge zones for reduced network latency.

On-premises AWS infrastructure for hybrid
needs.

5G edge compute for ultra-low latency apps.

Secure container image registry; integrates
with ECS/EKS.

Managed container orchestration (ECS).

Managed upstream Kubernetes control plane.

Startup credits and support program.

Hire vetted AWS experts on-demand.

Managed operations service for enterprises.

Support tiers from Basic to Enterprise with
varying SLAs.
Managed relational DB optimized for
performance.

Serverless NoSQL with single-digit ms latency.

Durable, in-memory Redis-compatible DB.

Graph DB for connected data workloads.

Managed relational DB service with
automated ops.

MongoDB-compatible managed document DB.

Feature flagging and safe config rollouts.

CLI for automation and scripting of AWS APIs.

Browser IDE with AWS service integration.

Temporary shell with pre-authenticated
credentials.

Artifact repository for package management.

Managed build service for CI.

Managed private Git repositories.
Automated deployment with multiple
strategies.

Pipeline orchestration for CI/CD.

Project and pipeline templates for quick setup.

Distributed tracing and performance analysis.

App streaming for remote access without
client install.

Persistent virtual desktops for users.

Browser-based secure access to internal web
apps.

Frontend dev tooling with hosting and CI/CD.

GraphQL APIs with real-time and offline sync.

Real-device testing for mobile and web apps.

Device connectivity, messaging, and registry
for IoT.

Edge runtime for local compute and sync.

NLP service for sentiment and entity
recognition.

ML-powered enterprise search.

Conversational AI for chatbots and IVR.

Text-to-speech for voice-enabled features.

Generative AI assistant for productivity.

Image/video analysis and moderation.

Comprehensive ML platform with managed
tooling.

OCR and document data extraction.

Speech-to-text with timestamps and speakers.

Neural translation for localization.

Custom model training for image recognition.

Managed model building and deployment
tooling.
Auto-scale resources to meet demand and
control costs.

IaC for templated resource provisioning.

API activity logging for audit and forensics.

Monitoring and observability for infra and
apps.
Recommendations for right-sizing compute
resources.
Configuration tracking and compliance
evaluation.

Multi-account governance and guardrails.

Personalized AWS service health and
advisories.
Guided deployments for complex enterprise
apps.

License management and enforcement.

Web UI for AWS resource management.

Centralized account management and
governance.
Tag-based resource grouping and bulk
management.
Standardize deployments with approved
catalogs.
Manage service limits and request increases.
Operations automation and fleet
management.

Best-practice checks and recommendations.

Workload reviews against AWS best practices.

Discovery tool for migration planning.

Lift-and-shift replication service.

DB migration with continuous replication
options.

TCO and readiness analysis tool.

Central migration tracking dashboard.

Schema conversion for heterogeneous DB
migration.
Physical data transfer appliances for TB-PB
scale.
Managed SFTP/FTPS/FTP for S3/EFS
integration.

API management with auth and throttling.

Global CDN and edge compute integration.

Private dedicated network connectivity.

Global traffic acceleration and static IPs.

Private endpoints to access services without
public internet.
DNS service with advanced routing policies
and health checks.

Hub for inter-VPC and hybrid connectivity.

Isolated networking with routing and security
controls.

Encrypted tunnels for hybrid connectivity.

Site-to-site IPSec VPN for hybrid setups.

Client VPN for secure remote user
connectivity.
Access audit/compliance reports and
agreements.

Automated audit evidence collection.

Managed SSL/TLS certificates and auto-
renewal.

HSM-backed keys for high compliance.

User authentication and federation service.

Security investigation and visualization tool.

Managed directory services and AD
integration.

Centralized WAF/Shield policy enforcement.

Continuous threat detection using ML and
intel.
Core access control and identity
management.

SSO and centralized permission management.

Vulnerability assessment for instances and
containers.

Key management and encryption service.

PII discovery and data classification for S3.

VPC-level managed network firewall.

Resource sharing across accounts.

Secret storage and automated rotation.

Centralized security findings and posture
management.
DDoS protection; Advanced offers additional
features.

WAF for application-layer request filtering.

Serverless containers; no EC2 management.

Event-driven compute; pay-per-execution.

Centralized backup orchestration and
retention policies.

Block storage for EC2 with snapshot backups.

Managed NFS for shared access.

Continuous replication for disaster recovery.

Managed vendor file systems for specific
workloads.
Object storage with multiple classes and
lifecycle rules.
Low-cost archival storage with tiered retrieval
speeds.

Hybrid gateway for on-prem to S3 integration.

 Use Case
Run ad-hoc queries on S3 data for analytics and reporting
without provisioning servers.
Subscribe to datasets (financial, weather, demographics) to
enrich analytics or ML models.
Process large-scale ETL jobs, analytics, or machine-learning
preprocessing workloads.
Automate ETL pipelines and prepare data for warehouses or
data lakes.
Ingest and analyze streaming logs, IoT telemetry, or
clickstreams in real time.
Build real-time streaming pipelines for event processing,
data ingestion, or analytics.
Index and analyze logs, provide full-text search and
observability dashboards.
Build and share dashboards and visual analytics across
teams.
Perform complex analytical queries and BI reporting on large
datasets.
Trigger workflows and microservices based on system or
business events.
Send notifications, alerts, or broadcast messages to multiple
subscribers.
Implement asynchronous processing and decouple
components for resilience.
Automate multi-step processes such as ETL pipelines or
order processing.
Deploy scalable contact centers with voice, chat, and
automated routing.
Send automated transactional emails or marketing
campaigns from applications.
Create tailored billing views for departments or business
units to manage AWS costs.
Track monthly spending and receive notifications to prevent
overspending.
Use as authoritative cost data for finance teams and
chargeback.

Identify cost drivers and optimize spending over time.

Find and deploy partner solutions like security tools or
databases directly into AWS.
Run batch jobs such as large data processing or simulations.
Host web applications, databases, and custom compute
workloads.

Deploy applications quickly without managing infrastructure.

Launch small websites or applications with minimal setup.

Host latency-sensitive workloads near users.

Run AWS services locally for on-premises use cases.

Deploy applications requiring single-digit millisecond latency
in 5G networks.
Store and manage container images for deployment
pipelines.

Run and scale containerized microservices.

Operate Kubernetes workloads without managing control
planes.
Help startups accelerate development with credits and
technical support.
Hire experts for architecture, migration, or troubleshooting
tasks.
Outsource day-to-day operational tasks to a managed
services team.
Choose a support plan to access technical assistance and
advisory services.
Run high-performance relational OLTP databases with fault
tolerance and scaling.
Support high-scale applications requiring consistent low
latency.
Use for low-latency session stores, leaderboards, and
caching layers.
Build recommendation engines and fraud detection systems
using graph models.
Host managed relational databases with simplified
maintenance.

Store and query JSON/document data for apps.

Roll out config changes safely and limit blast radius.

Automate tasks and integrate AWS operations into scripts
and CI/CD.
Develop, debug, and run applications from a browser-based
environment.
Run quick CLI commands or scripts from the console without
local setup.
Host internal packages and manage dependencies for CI/CD
pipelines.

Automate builds and tests in pipelines.

Store and collaborate on source code with Git workflows.

Automate application rollouts with minimal downtime.

Orchestrate CI/CD pipelines for faster releases.

Bootstrap development projects and CI/CD quickly.

Trace end-to-end requests to identify latency or errors.

Provide remote users access to desktop apps via browser
streaming.

Provide managed desktops to employees and contractors.

Enable secure web sessions for employees to access internal
resources.
Develop and host frontend apps with authentication and API
integrations.
Create real-time collaborative apps and mobile backends
using GraphQL.
Test apps across many devices to ensure compatibility and
performance.

Collect telemetry and control IoT devices at scale.

Process data locally and enable offline operations on edge
devices.
Analyze customer feedback, tickets, or documents for
sentiment and entities.
Implement intelligent search across knowledge bases and
documents.

Create chatbots and voice interfaces for customer support.

Add voice to applications for IVR, accessibility, or narration.
Use generative AI to accelerate documentation and code
generation.
Detect faces, objects, and inappropriate content in images
and videos.
Develop and deploy ML models at scale with managed
tooling.
Automate extraction of fields from invoices, forms, and
PDFs.

Transcribe meetings and calls for indexing and analysis.

Translate app content and user-generated text to support
global users.

Create custom image classifiers tailored to business needs.

Use managed tooling to streamline ML lifecycle and MLOps.

Ensure apps scale to meet demand and reduce waste.

Provision repeatable and consistent infrastructure
environments.

Audit activity and investigate account changes.

Monitor health, set alarms, and visualize logs and metrics.

Right-size instances and improve resource efficiency.

Monitor configuration drift and compliance.

Create a governed multi-account landing zone.

Monitor and respond to AWS service events that affect your
workloads.

Deploy enterprise applications using best-practice patterns.

Track and enforce software license usage.

Interactively manage and monitor AWS resources.

Structure accounts, enforce policies, and consolidate billing
across the organization.
Organize resources and perform bulk operations using tags.
Provide standardized and compliant product portfolios to
teams.
Monitor and request increases for service limits proactively.
Automate patching, run commands, and manage
parameters across fleets.
Implement recommended improvements to optimize the
environment.
Review workload health across best-practice pillars and plan
remediation.
Gather inventory and performance metrics to plan
migrations.

Rehost servers to AWS with minimal downtime.

Migrate production databases to AWS-managed engines or
EC2-hosted DBs.
Create data-driven migration business cases and cost
estimates.

Track progress and status of migrations in one place.

Convert database schema and SQL when migrating between
engines.
Transfer large datasets to AWS when network transfer is
impractical.
Enable secure, managed file transfers and migrate existing
file workflows to AWS.
Expose backend services as managed APIs with auth and
throttling.

Accelerate global delivery of web and media content.

Establish private links for enterprise workloads and reduce
bandwidth variability.
Boost global app performance and provide failover between
regions.
Securely access AWS services and partner APIs privately
from your VPC.
Route user traffic based on latency, geolocation, or weighted
policies.
Connect multiple VPCs and VPNs through a single transit
hub.
Design secure and segmented network topologies for
workloads.
Provide encrypted hybrid connectivity for enterprise
environments.
Enable persistent, encrypted connectivity between data
centers and AWS.
Provide secure remote access for employees to internal
resources.
Download compliance documentation to support audits and
regulatory needs.
Streamline audit readiness and continuous compliance
monitoring.
Enable TLS for websites and services without manual cert
management.
Use hardware-backed keys for high-compliance
cryptography needs.
Implement user sign-up, sign-in, and identity federation for
apps.
Investigate suspicious activity and security findings across
accounts.
Enable AD-based authentication and directory-aware apps in
AWS.

Enforce consistent security policies and protections at scale.

Detect threats such as compromised instances or suspicious
API calls.
Grant least-privilege access and manage credentials
securely.
Provide SSO and centralized permission management across
accounts.

Identify and remediate vulnerabilities in workloads.

Encrypt data and manage keys centrally with access
controls.
Detect and remediate sensitive data storage in S3 for
compliance.

Protect VPC traffic with policy-driven firewall rules.

Share centrally managed resources securely across
accounts.
Centralize secret management and automate credential
rotation.
Centralize security findings and coordinate remediation.

Protect internet-facing services from DDoS attacks.

Protect web applications from SQL injection, XSS, and other
attacks.

Run container workloads without provisioning EC2 instances.

Implement lightweight backend functions, data processing,
and automation.

Manage backups and retention centrally across services.

Provide persistent block storage for EC2 instances and
databases.
Provide shared file storage for web servers and analytics
clusters.
Enable rapid failover and recovery of critical systems to
AWS.
Host Windows file shares or Lustre for high-performance
computing.
Store and retrieve large volumes of unstructured data for
websites, backups, and data lakes.
Archive infrequently accessed data for compliance and cost
savings.
Enable backups, tiering, and migration to cloud storage from
on-prem systems.
 Category Description
Analytics Services that help collect, process, store, and analyze data for insights, reporting, and ML workflows.
ApplicationServices that connect and coordinate distributed applications through messaging, events, and workflows.
Business ApServices that provide customer engagement and business communication capabilities.
Cloud Fina Services for cost management, billing, procurement, and financial governance in AWS.
Compute Core compute services that provide virtual servers, managed platforms, edge compute, and related offerings.
ContainersServices to build, store, and orchestrate containerized applications at scale.
Customer Programs and services that help customers get expertise, support, and managed operations.
Database Managed database offerings across relational, NoSQL, in-memory, graph, and document models.
Developer Tools and services that support development, CI/CD, code management, and operational debugging.
End User CServices that deliver desktops and applications to end users securely and at scale.
Frontend Services to build, host, and manage web and mobile frontends and testing.
Internet ofServices to connect, manage, and process data from IoT devices.
Machine LeServices that provide ML capabilities from pre-built AI services to platforms for building models.
Managemen Services for operational governance, monitoring, compliance, resource management, and account control.
Migration Services to plan, execute, and track migrations and transfer data to AWS at scale.
NetworkingServices that provide connectivity, DNS, CDN, and network management for AWS workloads.
Security, I Services that protect data, manage identities, enforce policies, and support compliance.
Serverless Compute options that abstract server management and scale automatically based on events or workload.
Storage Services for object, block, file, archival, and hybrid storage solutions.
d ML workflows.
ents, and workflows.

te, and related offerings.

ment models.
onal debugging.

t, and account control.

n events or workload.
 CategoryService Count
Analytics 9
Application 4
Business Ap 2
Cloud Fina 5
Compute 7
Containers 3
Customer 4
Database 6
Developer 11
End User C 3
Frontend 3
Internet of 2
Machine Le 12
Managemen 18
Migration 8
Networking 11
Security, I 20
Serverless 2
Storage 8
 Exam Version Source
AWS CertifiMay 2025 Appendix A: In-scope AWS services and features (uploaded guide)