AWS Cloud Practitioner Certification Exam (CLF-C02) topics review

The AWS Certified Cloud Practitioner exam blueprint is being updated to reflect changes in
trends, the industry landscape, and the work practices of cloud professionals. AWS re/Start
learners preparing for the exam have the option to take the current exam (CLF-C01) on or
before September 18, 2023, or the updated AWS Certified Cloud Practitioner exam (CLF-C02)
starting September 19, 2023.

The following materials will help learners through this transition. Please note – accessing
some of these resources may require signing up for an AWS Skill Builder account. Learners
are not required to access any content that is not available for free.

General Information on Exam Update

The changes in the exam, as well as suggestions for exam preparation, are explained in the
AWS Training and Certification Blog, here: https://aws.amazon.com/blogs/training-and-
certification/coming-soon-updates-to-aws-certified-cloud-practitioner-exam/

Preparation Resources for AWS re/Start Learners

The following information has been curated to help AWS re/Start Learners to prepare for the
updated exam.

1) Review exam preparation information under “Prepare for the updated exam,” here:
https://aws.amazon.com/certification/certified-cloud-practitioner/#Exam_updates
a. Links are included at the bottom of this page to localized language versions of this
content.

2) Learners should review the Cloud Practitioner Exam Guide to gain a general
understanding of the updated exam. The guide can be found at:
https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-
Certified-Cloud-Practitioner_Exam-Guide_C02.pdf

3) Review additional resources related to the AWS Cloud Adoption Framework (CAF, ver3):
a. AWS Cloud Adoption Framework
b. eBook: https://d1.awsstatic.com/whitepapers/aws-caf-ebook.pdf. Localized
language versions of the eBook can be accessed at:
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-
framework/welcome.html
c. Additional CAF learning is available in Skill Builder:
https://explore.skillbuilder.aws/learn/course/external/view/elearning/189/introd
uction-to-the-aws-cloud-adoption-framework-caf
4) Review of services mentioned in the exam blueprint not already in re/Start. An overview
is provided below:

Analytics
AWS Data Exchange

AWS Data Exchange is the world’s most comprehensive service for third-party data sets

AWS Data Exchange is the only data marketplace with more than 3,500 products from over
300 providers delivered —through files, APIs, or Amazon Redshift queries— directly to the
data lakes, applications, analytics, and machine learning models that use it.

With AWS Data Exchange, the user can streamline all third-party data consumption, from
existing subscriptions —which the user can migrate at no additional cost — to future data
subscriptions, in one place.
As an AWS service, AWS Data Exchange is secure and compliant, integrated with AWS and
third-party tools and services, and offers consolidated billing and subscription management.
For more information on AWS Data Exchange see the AWS Data Exchange page.

Amazon EMR
Amazon EMR is a web service that makes it easy to process vast amounts of data efficiently
using Apache Hadoop and services offered by Amazon Web Services.
For more information on Amazon EMR, see the Amazon EMR page and the Amazon EMR
documentation.

AWS Glue
AWS Glue is a scalable, serverless data integration service that makes it easy to discover,
prepare, validate, and combine data for analytics, machine learning, and application
development.
For more information on AWS Glue, see the AWS Glue page and the AWS Glue
documentation.

Amazon Managed Streaming for Apache Kafka (Amazon MSK)

Apache Kafka is an open-source platform for building real-time streaming data pipelines and
applications. However, Apache Kafka is difficult to architect, operate, and manage on one’s
own. Amazon MSK is a fully managed service that makes it easy for to build and run
applications that use Apache Kafka to process streaming data without needing Apache Kafka
infrastructure management expertise. For more information on Amazon Managed Streaming
for Apache Kafka, see the Amazon MSK page and the Amazon MSK documentation.
Amazon OpenSearch Service
Amazon OpenSearch Service is a managed service that makes it easy to deploy, operate, and
scale OpenSearch clusters in the AWS Cloud. Amazon OpenSearch Service supports
OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the
software). OpenSearch enables the user to easily ingest, secure, search, aggregate, view, and
analyze data for a number of use cases such as log analytics, application search, enterprise
search, and more.
For more information on Amazon OpenSearch, see the Amazon OpenSearch Service page
and the Amazon OpenSearch Service documentation.

Application Integration
Amazon EventBridge

EventBridge is a serverless service that uses events to connect application components

together, making it easier to build scalable event-driven applications. Use it to route events
from sources such as home-grown applications, AWS services, and third- party software to
consumer applications across the organization. EventBridge provides a simple and consistent
way to ingest, filter, transform, and deliver events so users can build new applications quickly.

EventBridge event buses are well suited for many-to-many routing of events between event-
driven services. EventBridge Pipes is intended for point-to-point integrations between these
sources and targets, with support for advanced transformations and enrichment.

For more information on Amazon EventBridge, see the Amazon EventBridge page and the
Amazon EventBridge documentation.

AWS Step Functions

AWS Step Functions is a visual workflow service that helps developers use AWS services to
build distributed applications, automate processes, orchestrate microservices, and create data
and machine learning (ML) pipelines.
AWS Step Functions is a serverless orchestration service that lets the user integrate with AWS
Lambda functions and other AWS services to build business-critical applications. Through
Step Functions' graphical console, the user sees their application’s workflow as a series of
event-driven steps.

Step Functions is based on state machines and tasks. In Step Functions, a workflow is called a
state machine, which is a series of event-driven steps. Each step in a workflow is called a
state. A Task state represents a unit of work that another AWS service, such as AWS Lambda,
performs. A Task state can call any AWS service or API.
For more information on AWS Step Functions, see the AWS Step Functions page and the
AWS Step Functions documentation.

Business Productivity
Amazon Connect

Amazon Connect is an omnichannel cloud contact center. The user can set up a contact center
in a few steps, add agents who are located anywhere, and start engaging with customers.

The user can create personalized experiences for customers using omnichannel
communications. For example, the user can dynamically offer chat and voice contact, based
on such factors as customer preference and estimated wait times. Agents, meanwhile,
conveniently handle all customers from just one interface. For example, they can chat with
customers, and create or respond to tasks as they are routed to them.

Amazon Connect is an open platform that the user can integrate with other enterprise
applications, such as Salesforce. The user can use Amazon Connect with other AWS services to
provide innovative new experiences for customers.

For more information on Amazon Connect, see the Amazon Connect page and the Amazon
Connect documentation.

Amazon Simple Email Service (Amazon SES)

Amazon Simple Email Service (SES) is an email platform that provides an easy, cost-effective
way for users to send and receive email using their own email addresses and domains.
For example, the user can send marketing emails such as special offers, transactional emails
such as order confirmations, and other types of correspondence such as newsletters. When
the user uses Amazon SES to receive mail, the user can develop software solutions such as
email autoresponders, email unsubscribe systems, and applications that generate customer
support tickets from incoming emails.
For more information about topics related to Amazon SES, see the AWS Messaging and
Targeting Blog.
For more information on Amazon Simple Email Service, see the Amazon Simple Email
Service page and the Amazon Simple Email Service documentation.

Compute
AWS local Zones
AWS Local Zones are a type of infrastructure deployment that places compute, storage,
database, and other select AWS services close to large population and industry centers.
For more information on AWS local Zones, see the AWS local Zones page and the AWS local
Zones documentation.
AWS Outposts
AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and
services to virtually any on-premises or edge location for a truly consistent hybrid
experience. Outposts solutions allow the user to extend and run native AWS services on
premises, and is available in a variety of form factors from 1U and 2U Outposts servers to
42U Outposts racks, and multiple rack deployments.
With AWS Outposts, the user can run some AWS services locally and connect to a broad range
of services available in the local AWS Region. Run applications and workloads on premises
using familiar AWS services, tools, and APIs. Outposts supports workloads and devices
requiring low latency access to on-premises systems, local data processing, data residency,
and application migration with local system interdependencies.
For more information on AWS Outposts, see the AWS Outposts page and the AWS Outposts
documentation.

AWS Wavelength
AWS Wavelength enables developers to build applications that deliver ultra-low latencies to
mobile devices and end users. Wavelength deploys standard AWS compute and storage
services to the edge of communications service providers' (CSP) 5G networks. The user can
extend a virtual private cloud (VPC) to one or more Wavelength Zones. The user can then use
AWS resources like Amazon Elastic Compute Cloud (Amazon EC2) instances to run the
applications that require ultra-low latency and a connection to AWS services in the Region.
For more information on AWS Wavelength, see the AWS Wavelength page and the AWS
Wavelength documentation.

Containers
Amazon Elastic Container Registry (Amazon ECR)

Amazon Elastic Container Registry (Amazon ECR) is an AWS managed container image
registry service that is secure, scalable, and reliable. Amazon ECR supports private repositories
with resource-based permissions using AWS IAM. This is so that specified users or Amazon
EC2 instances can access container repositories and images. The user can use their preferred
CLI to push, pull, and manage Docker images, Open Container Initiative (OCI) images, and OCI
compatible artifacts.

Amazon ECR supports public container image repositories as well. For more information, see
What is Amazon ECR Public in the Amazon ECR Public User Guide.

The AWS container services team maintains a public roadmap on GitHub. It contains
information about what the teams are working on and allows all AWS customers the ability to
give direct feedback.

For more information on Amazon Elastic Container Registry, see the Amazon Elastic
Container Registry page and the Amazon Elastic Container Registry documentation.
Customer Engagement
AWS Activate for Startups
As an AWS Activate member, Startups get free tools, resources, content and expert support to
accelerate at every stage. Benefits include: more than 40 solution templates to build and
deploy the product, AWS expert curated tips for business and technical needs, and best
practices training from Learn on AWS. When ready, startups can apply for up to $100,000 in
AWS Activate credits. AWS Activate is a solution to a scalable, reliable, and cost-optimized
startup.
For more information on AWS Activate for Startups, see the AWS Activate for Startups page.

AWS IQ
AWS IQ enables professionals to find and engage experts on AWS quickly and easily.
All experts on AWS IQ who respond to custom requests are AWS Certified, and must maintain
a high success rate. There is no cost to post a request. Users pay for work as outlined in the
proposal – either upfront, on a schedule, or in milestones. Users should consider using AWS IQ
when they need help getting started with AWS, kick starting a new project, or completing an
existing project. If users know who they like to work with, they can also directly message any
expert with a public profile.
For more information on AWS IQ, see the AWS IQ page.

Databases
Amazon MemoryDB for Redis

Amazon MemoryDB for Redis is a Redis-compatible, durable, in-memory database service that
delivers ultra-fast performance. It is purpose-built for modern applications with microservices
architectures.

Amazon MemoryDB is compatible with Redis, a popular open source data store, enabling
customers to quickly build applications using the same flexible and friendly Redis data
structures, APIs, and commands that they already use today. With Amazon MemoryDB, all of
the user’s data is stored in memory, which enables the user to achieve microsecond read and
single-digit millisecond write latency and high throughput. Amazon MemoryDB also stores
data durably across multiple Availability Zones (AZs) using a distributed transactional log to
enable fast failover, database recovery, and node restarts. Delivering both in-memory
performance and Multi-AZ durability, Amazon MemoryDB can be used as a high-performance
primary database for microservices applications eliminating the need to separately manage
both a cache and durable database.
For more information on Amazon MemoryDB for Redis, see the Amazon MemoryDB for Redis
page.

Amazon Neptune

Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy
to build and run applications that work with highly connected datasets. The core of Neptune
is a purpose-built, high-performance graph database engine. This engine is optimized for
storing billions of relationships and querying the graph with milliseconds latency. Neptune
supports the popular property-graph query languages Apache TinkerPop Gremlin and Neo4j's
openCypher, and the W3C's RDF query language, SPARQL. This enables the user to build
queries that efficiently navigate highly connected datasets. Neptune powers graph use cases
such as recommendation engines, fraud detection, knowledge graphs, drug discovery, and
network security.

Neptune is highly available, with read replicas, point-in-time recovery, continuous backup to
Amazon S3, and replication across Availability Zones. Neptune provides data security
features, with support for encryption at rest and in transit. Neptune is fully managed, so the
user no longer needs to worry about database management tasks like hardware provisioning,
software patching, setup, configuration, or backups.

To learn more about using Amazon Neptune, we recommend starting with the following
sections:

• Getting started with Amazon Neptune

• Overview of Amazon Neptune features

For more information on Amazon Neptune, see the Amazon Neptune page and the Amazon
Neptune documentation.

Developer Tools
AWS AppConfig
AWS AppConfig, is a capability of AWS Systems Manager, to create, manage, and quickly
deploy application configurations. A configuration is a collection of settings that influence the
behavior of an application. AWS AppConfig can be used with applications hosted on Amazon
Elastic Compute Cloud (Amazon EC2) instances, AWS Lambda, containers, mobile
applications, or IoT devices.
AWS AppConfig helps deploy application configuration in a managed and a monitored way
just like code deployments, but without the need to deploy the code if a configuration value
changes. AWS AppConfig scales with the infrastructure so configurations can be deployed to
any number of Amazon Elastic Compute Cloud (EC2) instances, containers, AWS Lambda
functions, mobile apps, IoT devices, or on-premises instances. AWS AppConfig enables
updates to configurations by entering changes through the API or AWS Management Console.
AWS AppConfig allows validation of those changes semantically and syntactically to ensure
configurations are aligned to their respective applications’ expectation, thus helping prevent
potential outages. An application configurations can be deployed with similar best practices
as code deployments, including staging rollouts, monitoring alarms, and rolling back changes
should an error occur.
For more information on AWS AppConfig, see the AWS AppConfig page and the AWS
AppConfig documentation.

AWS CloudShell
AWS CloudShell is a browser-based shell that makes it easier to securely manage, explore,
and interact with AWS resources. CloudShell is pre-authenticated with the user’s console
credentials. Common development and operations tools are pre-installed, so there’s no need
to install or configure software on the local machine. With CloudShell, users can quickly run
scripts with the AWS Command Line Interface (AWS CLI), experiment with AWS service APIs
using the AWS SDKs, or use a range of other tools to be more productive
For more information on AWS CloudShell, see the AWS CloudShell page.

AWS CodeArtifact
AWS CodeArtifact is a fully managed artifact repository service that makes it easy for
organizations of any size to securely store, publish, and share software packages used in their
software development process. CodeArtifact works with commonly used package managers
and build tools like Maven and Gradle (Java), npm and yarn (JavaScript), or pip and twine
(Python), or NuGet (.NET).
For more information on AWS CodeArtifact, see the AWS CodeArtifact page.

AWS X-Ray
AWS X-Ray is a service that collects data about requests that the user’s application serves,
and provides tools to view, filter, and gain insights into that data to identify issues and
opportunities for optimization. For any traced request to an application, users can see
detailed information not only about the request and response and the time taken for each of
these, but also about calls that the application makes to downstream AWS resources,
microservices, databases, and web APIs.
For more information on AWS X-Ray, see the AWS X-Ray page and the AWS X-Ray
documentation.

End-User Computing
Amazon AppStream 2.0
AppStream 2.0 is an AWS End User Computing (EUC) service that can be configured for SaaS
application streaming or delivery of virtual desktops with selective persistence. When
AppStream 2.0 is used for virtual desktops, saved files and application settings remain
persistent between user sessions, and a fresh virtual desktop is assigned to the user every
time they log on.
For more information, see the Amazon AppStream 2.0 page and the Amazon Appstream
documentation.

Amazon WorkSpaces
Amazon WorkSpaces is a fully managed desktop virtualization service for Windows, Linux,
and Ubuntu, that allows the user to access resources from any supported device.
For more information, see the Amazon WorkSpaces page and the Amazon WorkSpaces
documentation.

Amazon WorkSpaces Web

WorkSpaces Web is a low cost, fully managed, Linux-based service, designed to facilitate
secure browser access to internal websites and software-as-a-service (SaaS) applications from
existing web browsers, without the administrative burden of appliances, managing
infrastructure, specialized client software, or virtual private network (VPN) connections.
For more information, see the Amazon WorkSpaces Web page and the Amazon WorkSpaces
documentation.

Front-End Web and Mobile

AWS Amplify
AWS Amplify is a complete solution that lets frontend web and mobile developers easily
build, ship, and host full-stack applications on AWS, with the flexibility to leverage the
breadth of AWS services as use cases evolve. No cloud expertise needed.
For more information, see the Amazon Amplify page and the AWS Amplify documentation.

AWS AppSync
AWS AppSync creates serverless GraphQL and Pub/Sub APIs that simplify application
development through a single endpoint to securely query, update, or publish data. AppSync
allows applications to access exactly the data they need.
For more information, see the AWS AppSync page and the AWS AppSync documentation.

AWS Device Farm

AWS Device Farm is an application testing service that lets the user improve the quality of
their web and mobile apps by testing them across an extensive range of desktop browsers
and real mobile devices; without having to provision and manage any testing infrastructure.
The service enables the user to run their tests concurrently on multiple desktop browsers or
real devices to speed up the execution of the test suite, and generates videos and logs to help
the user quickly identify issues with their app.
For more information, see the AWS Device Farm page and the AWS Device Farm
documentation.
Internet of Things (IoT)
AWS IoT Core
AWS IoT Core lets the user connect billions of IoT devices and route trillions of messages to AWS
services without managing infrastructure.
For more information, see the AWS IoT Core page and the AWS IoT Core documentation).

AWS IoT Greengrass

AWS IoT Greengrass is an open-source edge runtime and cloud service for building,
deploying, and managing device software. Greengrass is software that is usually installed at
customer sites.
For more information, see the AWS IoT Greengrass page and the AWS IoT Greengrass
documentation.

Machine Learning
Amazon Comprehend
Amazon Comprehend is a natural-language processing (NLP) service that uses machine
learning to uncover valuable insights and connections in text, and perform sentiment
analysis.
For more information, see the Amazon Comprehend page and the Amazon Comprehend
documentation.

Amazon Kendra
Amazon Kendra is an intelligent enterprise search service that helps the user search across
different content repositories with built-in connectors.
For more information, see the Amazon Kendra page and the Amazon Kendra documentation.

Amazon Lex
Amazon Lex is a fully managed artificial intelligence (AI) service with advanced natural
language models to design, build, test, and deploy conversational interfaces in applications.
For more information, see the Amazon Lex page and the Amazon Lex documentation.

Amazon Polly
Amazon Polly uses deep learning technologies to synthesize natural-sounding human speech, so
the user can convert articles to speech. With dozens of lifelike voices across a broad set of
languages, use Amazon Polly to build speech-activated applications.
For more information, see the Amazon Polly page and the Amazon Polly documentation.

Amazon Rekognition
Amazon Rekognition offers pre-trained and customizable computer vision (CV) capabilities to
extract information and insights from images and videos.
For more information, see the Amazon Rekognition page and the Amazon Rekognition
documentation.

Amazon SageMaker
Amazon SageMaker is a fully managed machine learning service. With Amazon SageMaker,
data scientists and developers can quickly build and train machine learning models, and then
deploy them into a production-ready hosted environment.
For more information, see the Amazon SageMaker page and the Amazon SageMaker
documentation.

Amazon Textract
Amazon Textract is a machine learning (ML) service that automatically extracts text,
handwriting, and data from scanned documents. It goes beyond simple optical character
recognition (OCR) to identify, understand, and extract data from forms and tables. Textract
uses ML to read and process any type of document, accurately extracting text, handwriting,
tables, and other data with no manual effort.
For more information, see the Amazon Textract pageand the Amazon Textract
documentation.

Amazon Transcribe
Amazon Transcribe provides transcription services for audio files and audio streams. It uses
advanced machine learning technologies to recognize spoken words and transcribe them into
text.
For more information, see the Amazon Transcribe page and the Amazon Transcribe
documentation.

Amazon Translate
Amazon Translate is a neural machine translation service that delivers fast, high-quality,
affordable, and customizable language translation.
For more information, see the Amazon Translate page and the Amazon Translate
documentation.

Management and Governance

AWS Compute Optimizer
AWS Compute Optimizer recommends optimal AWS compute resources for workloads. It can
help reduce costs and improve performance, by using machine learning to analyze historical
utilization metrics. Compute Optimizer helps the user to choose the optimal resource
configuration based on utilization data.
For more information, see the AWS Compute Optimizer page and the AWS Compute
Optimizer documentation.

AWS Control Tower

AWS Control Tower is a service that enables users to enforce and manage governance rules
for security, operations, and compliance at scale across all their organizations and accounts in
the AWS Cloud.
For more information, see the AWS Control Tower page and the AWS Control Tower
documentation.

AWS Health Dashboard

The AWS Health Dashboard is the single place to learn about the availability and operations
of AWS services. The user can view the overall status of AWS services, and they can sign in to
view personalized communications about their particular AWS account or organization. The
account view provides deeper visibility into resource issues, upcoming changes, and
important notifications.
For more information, see the AWS Health Dashboard page and Getting Started with Your
AWS Health Dashboard – Your Account Health.

AWS Launch Wizard

AWS Launch Wizard offers a guided way of sizing, configuring, and deploying AWS resources
for third party applications, such as Microsoft SQL Server Always On and HANA based SAP
systems, without the need to manually identify and provision individual AWS resources. To
start, the user inputs their application requirements, including performance, number of
nodes, and connectivity on the service console. Launch Wizard then identifies the right AWS
resources, such as EC2 instances and EBS volumes, to deploy and run their application.
Launch Wizard provides an estimated cost of deployment, and lets the user modify their
resources to instantly view an updated cost assessment. Once the user approves the AWS
resources, Launch Wizard automatically provisions and configures the selected resources to
create a fully-functioning, production-ready application.

AWS Launch Wizard also creates CloudFormation templates that can serve as a baseline to
accelerate subsequent deployments. Launch Wizard is available to users at no additional
charge. Users only pay for the AWS resources that are provisioned for running their solution.
For more information, see the AWS Launch Wizard page and the AWS Launch Wizard
documentation.

AWS Resource Groups and Tag Editor

A user can use resource groups to organize their AWS resources. AWS Resource Groups is the
service that lets users manage and automate tasks on large numbers of resources at one time.

Tags are key and value pairs that act as metadata for organizing AWS resources. With most
AWS
resources, users have the option of adding tags when creating the resource. Examples of
resources
include an Amazon Elastic Compute Cloud (Amazon EC2) instance, an Amazon Simple Storage
Service
(Amazon S3) bucket, or a secret in AWS Secrets Manager. However, users can also add tags to
multiple,
supported resources at once by using Tag Editor.
For more information, see the AWS Resource Groups documentation and the Tag Editor
documentation.
AWS Service Catalog
AWS Service Catalog enables IT administrators to create, manage, and distribute portfolios of
approved products to end users, who can then access the products they need in a
personalized portal. Typical products include servers, databases, websites, or applications that
are deployed using AWS resources (for example, an Amazon EC2 instance or an Amazon RDS
database). Users can control which users have access to specific products to enforce
compliance with organizational business standards, manage product lifecycles, and help users
find and launch products with confidence.

For more information, see the AWS Service Catalog page and the AWS Service Catalog
documentation.

Migration and Transfer

AWS Application Discovery Service
The AWS Application Discovery Service helps systems integrators quickly and reliably plan
application migration projects by automatically identifying applications running in on-
premises data centers, their associated dependencies, and their performance profile.
For more information, see the AWS Application Discovery Service page and the AWS
Application Discovery Service documentation.

AWS Application Migration Service

AWS Application Migration Service (MGN) is a highly automated lift-and-shift (rehost)
solution that simplifies, expedites, and reduces the cost of migrating applications to AWS. It
allows companies to lift-and-shift a large number of physical, virtual, or cloud servers without
compatibility issues, performance disruption, or long cutover windows.
For more information , see the AWS Application Migration Service page and the AWS
Application Migration Service documentation.

AWS Migration Hub

AWS Migration Hub (Migration Hub) provides a single location to track migration tasks across
multiple AWS tools and partner solutions. With Migration Hub, users can choose the AWS and
partner migration tools that best fit their needs while providing visibility into the status of
their migration projects. Migration Hub also provides key metrics and progress information
for individual applications, regardless of which tools are used to migrate them.
For more information, see the AWS Migration Hub page and the AWS Migration Hub
documentation.
AWS Transfer Family
AWS Transfer Family is a secure transfer service that enables the user to transfer files into
and out of AWS storage services. Transfer Family is part of the AWS Cloud platform.

For more information, see the AWS Transfer Family page and the AWS Transfer family
documentation.

Security, Identity, and Compliance

AWS Audit Manager
AWS Audit Manager helps users continually audit their AWS usage to simplify how they
manage risk and compliance with regulations and industry standards. Audit Manager
automates evidence collection so users can more easily assess whether their policies,
procedures, and activities—also known as controls—are operating effectively. When it's time
for an audit, Audit Manager helps users manage stakeholder reviews of their controls. This
means that they can build audit-ready reports with much less manual effort.
For more information, see the AWS Audit Manager page and the AWS Audit Manager
documentation.

AWS Directory Service

AWS Directory Service provides multiple ways to set up and run Microsoft Active Directory
with other AWS services such as Amazon EC2, Amazon RDS for SQL Server, FSx for Windows
File Server, and AWS IAM Identity Center (successor to AWS Single Sign-On). AWS Directory
Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables a
user’s directory-aware workloads and AWS resources to use a managed Active Directory in the
AWS Cloud.
For more information, see the AWS Directory Service page and the AWS Directory Service
documentation.

AWS Firewall Manager

AWS Firewall Manager simplifies a user’s AWS WAF administration and maintenance tasks
across multiple accounts and resources. With AWS Firewall Manager, users set up their
firewall rules just once. The service automatically applies these rules across accounts and
resources, even as new resources are added.
For more information, see the AWS Firewall Manager page and the AWS Firewall Manager
documentation.

AWS IAM Identity Center (AWS Single Sign-On)

With AWS IAM Identity Center (successor to AWS Single Sign-On), a user can manage sign-in
security for their workforce identities, also known as workforce users. IAM Identity Center
provides one place where users can create or connect workforce users and centrally manage
their access across all their AWS accounts and applications. Users can use multi-account
permissions to assign their workforce users access to AWS accounts. Users can use application
assignments to assign their users access to IAM Identity Center enabled applications, cloud
applications, and customer Security Assertion Markup Language (SAML 2.0) applications.
For more information, see the AWS IAM Identity Center page and the AWS IAM Identity
Center documentation.

AWS Key Management Service (AWS KMS)

AWS Key Management Service (AWS KMS) is an encryption and key management service
scaled for the cloud. AWS KMS keys and functionality are used by other AWS services, and a
user can use them to protect data in their own applications that use AWS.
For more information, see the AWS Key Management Service page and the AWS Key
Management Service documentation.

AWS Network Firewall

AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and
prevention service for a user’s virtual private cloud (VPC) that is created in Amazon Virtual
Private Cloud (Amazon VPC).
With Network Firewall, a user can filter traffic at the perimeter of a VPC. This includes
filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or
AWS Direct Connect.
For more information, see the AWS Network Firewall page and the AWS Network Firewall
documentation.

AWS Resource Access Manager (AWS RAM)

AWS Resource Access Manager (AWS RAM) helps users securely share their resources across
AWS accounts, within their organization or organizational units (OUs) in AWS Organizations,
and with IAM roles and IAM users for supported resource types. A user can use AWS RAM to
share resources with other AWS accounts. This eliminates the need to provision and manage
resources in every account. When a user shares a resource with another account, that account
is granted access to the resource and any policies and permissions in that account apply to
the shared resource.
For more information, see the AWS Resource Access Manager page and the AWS Resource
Access Manager documentation.

AWS Secrets Manager

AWS Secrets Manager helps a user to securely encrypt, store, and retrieve credentials for
databases and other services. Instead of hardcoding credentials in apps, a user can make calls
to Secrets Manager to retrieve credentials whenever needed. Secrets Manager helps protect
access to IT resources and data by enabling users to rotate and manage access to their
secrets.
For more information, see the AWS Secrets Manager page and the AWS Secrets Manager
documentation.

AWS Security Hub

AWS Security Hub provides a comprehensive view of the security state in AWS and helps the
user check the environment against security industry standards and best practices.
Security Hub collects security data from across AWS accounts, services, and supported third-
party partner products and helps analyze security trends and identify the highest priority
security issues.
For more information, see the AWS Security Hub page and the AWS Security Hub
documentation.

Storage
AWS Elastic Disaster Recovery
AWS Elastic Disaster Recovery (AWS DRS) minimizes downtime and data loss with fast,
reliable recovery of on-premises and cloud-based applications using affordable storage,
minimal compute, and point-in-time recovery.
A user can increase IT resilience when using AWS Elastic Disaster Recovery to replicate on-
premises or cloud-based applications running on supported operating systems. Use the AWS
Management Console to configure replication and launch settings, monitor data replication,
and launch instances for drills or recovery.
For more information, see the AWS Elastic Disaster Recovery and the AWS Elastic Disaster
Recovery documentation.

Amazon FSx
Amazon FSx makes it easy and cost effective to launch, run, and scale feature-rich, high-
performance file systems in the cloud. It supports a wide range of workloads with its
reliability, security, scalability, and broad set of capabilities. Amazon FSx is built on the latest
AWS compute, networking, and disk technologies to provide high performance and lower
TCO. And as a fully managed service, it handles hardware provisioning, patching, and backups
-- freeing users to focus on applications, end users, and their business.
For more information, see the Amazon FSx and the Choosing an Amazon FSx File System
page.

end