AWS Services

A quick reference for key AWS services and what they do

Networking and Content Delivery


  • virtual private cloud
  • Subnets, route tables, internet gateways, elastic ips, nat gateways, network ACLs, security groups


  • elastic (TCP) | application load balancer (http layer 7)

VPC Endpoint

  • connect to AWS services from VPC without going through internet
  • enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection
  • gateway endpoint - S3 and DynamoDB. via VPC route table.
    • gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service
  • interface endpoint - all other services. via DNS resolver for VPC/subnets
    • an elastic network interface with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service

Route 53

  • managed DNS
  • domain registration
  • DNS / hosted zones
  • Traffic Flow makes it easy for you to manage traffic globally through a variety of routing types, including Latency Based Routing, Geo DNS, Geoproximity, and Weighted Round Robin

Cloud Map

  • name and discover your cloud resources via API or DNS

Global Accelerator

  • uses the highly available and congestion-free AWS global network to direct internet traffic from your users to your applications on AWS
  • fixed entry point to your applications through static IP addresses
  • allocates static Anycast IP addresses that are globally unique for your application and do not change


API Gateway

  • edge (cloudfront) and regional endpoints
  • API Keys
  • Usage Plans / quotas
  • websockets
  • custom domains


  • GraphQL managed service
  • integrates with Amazon DynamoDB, Amazon Elasticsearch, and Amazon Lambda
  • Real-time subscriptions




  • containers


  • containers
  • run containers without having to manage servers or clusters


  • run batch computing jobs using containers
  • concepts: Compute Environments (compute), Job Queues, Job Definitions (docker image), Jobs (things that run)


  • managed Kubernetes


  • Virtual servers, storage, databases, and networking for a low, predictable price.
  • backed by EC2, but easier to use
  • similar to DigitalOcean

Elastic Beanstalk



  • feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency



  • object/blob storage


  • low cost/long-term object/blob storage

EFS (Elastic File System)

  • elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources.
  • can mount as NFS v4
  • e.g. shared file system. many EC2 instances can mount same efs file system.

FSx for Windows File Server

  • fully managed native windows file system
  • SMB, NTFS, AD integration


  • block level storage volumes for use with EC2 instances. EBS volumes behave like raw, unformatted block devices


  • SFTP to S3
  • enables the transfer of files directly into and out of S3 using SFTP



DocumentDB (MongoDB compatibility)


  • Aurora, PostgreSQL, MySql, MariaDB, Oracle, SQL Sever


  • managed data warehouse service


  • redis and memcached



  • graph database. query languages Apache TinkerPop Gremlin and SPARQL (RDF)


  • time series database
  • InfluxDB, Prometheus, Riak

Cloud Directory

  • cloud-native directory that can store hundreds of millions of application-specific objects with multiple relationships and schemas

SSM Parameter Store

  • Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management

Application Integration

Step Functions

orchestration with many built-in integrations to aws services


  • pub/sub
  • message filtering with subscription
  • push notifications


  • managed message queuing service


  • pub/sub with many built-in integrations
  • integrate with external SaaS or any custom application
  • e.g. can log all events in account including CloudTrail to CloudWatch Log Group


  • collect, process, and analyze real-time, streaming data
  • kafka alternative


Kinesis Data Analytics

analyze streaming data with SQL


usage, customer, and engagement analytics


hadoop, spark, and friends

Data Pipelines

data processing workloads

AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to AWS services such as Amazon S3, Amazon RDS, Amazon DynamoDB, and Amazon EMR.


  • catalog / metadata (hive metadata catalog)
  • crawlers autodiscover schema
  • [py]spark and scala


  • query S3 data in place. pay per query / data accessed.
  • integrated with glue catalog
  • Presto


Lake Formation

Management & Governance

Control Tower

set up and govern a new, secure multi-account AWS environment. builders can provision new AWS accounts in a few clicks, while you have peace of mind knowing your accounts conform to your company-wide policies


  • account management service that lets you consolidate multiple AWS accounts into an organization that you create and centrally manage.


  • declarative provisioning of AWS infrastructure/resource

Service Catalog

  • create and manage catalogs of IT services that are approved for use on AWS
  • concepts:
    • products are cloudformation templates
    • portfolio is collection of products
      • access to portfolios is via IAM users, groups, roles
    • IT administrator creates products and portfolios and grants access
    • End user accesses products and deploys them
  • approved self-service products from Solution Factory
    • e.g. Oracle RDS DB with all security, tags, etc. in place
    • e.g. static web site. S3 + CloudFormation + WAF + ACM (certificate) + Route 53 (hosted zone, domain)


  • AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
  • define rules that get evaluated when any change is made (e.g. resource provisioned)
  • there are aws managed rules that are part of the service and you can define custom ones via lambda

CloudWatch Logs

  • centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service


CloudWatch Events

  • cron triggers

CloudWatch Insights

query log groups

CloudWatch Metrics

  • A metric represents a time-ordered set of data points that are published to CloudWatch


CloudWatch Alarms

  • notify via email, SNS topics
  • create a CloudWatch alarm that watches a single CloudWatch metric or the result of a math expression based on CloudWatch metrics
  • An alarm watches a single metric over a specified time period, and performs one or more specified actions, based on the value of the metric relative to a threshold over time. The action is a notification sent to an Amazon SNS topic or an Auto Scaling policy. You can also add alarms to dashboards.


  • logs all recording AWS API and Management Console actions to S3
  • can query via Athena

Developer Tools


  • cloud/browser based compute environment and IDE.
  • dev machine (ec2 amzn linux) in the cloud with browser based IDE and terminal


  • fully-managed source control service that hosts secure Git-based repositories


  • continuous integration service that compiles source code, runs tests, and produces software packages
  • like Jenkins, Travis, CircleCI


  • automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers


  • continuous delivery service that helps you automate your release pipelines
  • orchestrates CodeBuild and CodeDeploy
  • sources: github, CodeCommit, S3


  • distributed tracing
  • instrument code
  • similar to zipkin, jaeger


Machine Learning


  • build, train, and deploy machine learning models


  • NLP (natural language processing)
  • By utilizing NLP, you can extract important phrases, sentiment, syntax, key entities such as brand, date, location, person, etc., and the language of the text
  • find insights and relationships in text
  • use case e.g.: gauge whether customer sentiment is positive, neutral, negative, or mixed based on the feedback you receive via support calls, emails, social media, and other online channels


  • text-to-speech (TTS)
  • supports MP3, Vorbis, and raw PCM audio stream formats
  • Neural Text-to-Speech (NTTS) voices


  • API to analyze any image or video file
  • identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content.


  • extracts text and data from scanned documents
  • supports PNG, JPEG, and PDF formats. For synchronous APIs, you can submit images either as an S3 object or as a byte array. For asynchronous APIs, you can submit S3 objects


  • neural machine translation service for translating text to and from English across a breadth of supported languages


  • audio to text
  • transcription services for your audio files. It uses advanced machine learning technologies to recognize spoken words and transcribe them into text.


  • managed deep learning service for time-series forecasting. By providing Amazon Forecast with historical time-series data, you can predict future points in the series.


  • create individualized recommendations for customers using their applications
  • e.g. use cases
    • Personalized recommendations
    • Similar items
    • Personalized re-ranking i.e. re-rank a list of items for a user
    • Personalized promotions/notifications


  • conversational interfaces into any application using voice and text. Amazon Lex provides the advanced deep learning functionalities of automatic speech recognition (ASR) for converting speech to text, and natural language understanding (NLU) to recognize the intent of the text
  • chat bots

Security, Identity, and Compliance



Secrets Manager


  • web application firewall
  • associate with CloudFront, ALB, API Gateway

Firewall Manager

  • centrally configure and manage firewall rules across accounts and applications (enterprise)
  • e.g. create firewall manager policy that states all CloudFront and ALB instances across accounts must use a specific WebACL.
    • you can use tags to specify which CF and ALB instances to apply the RuleGroup to
  • can automatically apply WebACL to CF and/or ALB instances or only notify “out of compliance”
  • aws config must be enabled and running in each account. this detects CF and ALB changes.

Certificate Manager (ACM)

  • provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.


  • key management service

Directory Service

  • provides multiple ways to set up and run Amazon Cloud Directory, Amazon Cognito, and Microsoft AD with other AWS services. Amazon Cloud Directory provides a highly scalable directory store for your application’s multihierarchical data. Amazon Cognito helps you create a directory store that authenticates your users either through your own user pools or through federated identity providers. AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as Microsoft AD, enables your directory-aware workloads and AWS resources to use a managed Active Directory in the AWS Cloud.