Additional AWS Topics

1
 At the core of the lesson
You will learn how to identify and define additional AWS services.

This lesson describes additional services that you might encounter on the exam. They are grouped by service
category. You should become familiar with these services and know at a minimum their purpose and the ways
that they can be used. This knowledge will help you across the different domains that the exam covers.
 Analytics services
• AWS Data Exchange
• Amazon EMR
• AWS Glue
• Amazon Managed Streaming for Apache Kafka (Amazon MSK)
• Amazon OpenSearch Service

AWS Data Exchange Amazon EMR AWS Glue Amazon MSK Amazon OpenSearch
Service

AWS Data Exchange is the world’s most comprehensive service for third-party datasets. AWS Data Exchange is
the only data marketplace with more than 3,500 products from over 300 providers delivered—through files,
APIs, or Amazon Redshift queries—directly to the data lakes, applications, analytics, and machine learning (ML)
models that use it. With AWS Data Exchange, the user can streamline all third-party data consumption, from
existing subscriptions—which the user can migrate at no additional cost—to future data subscriptions in one
place. As an AWS service, AWS Data Exchange is secure and compliant, integrated with AWS and third-party
tools and services, and offers consolidated billing and subscription management. For more information, see
AWS Data Exchange at https://aws.amazon.com/data-exchange.

Amazon EMR is a web service that efficiently processes vast amounts of data by using Apache Hadoop and AWS
services. For more information, see Amazon EMR at https://aws.amazon.com/emr/ and the Amazon EMR
Documentation at https://docs.aws.amazon.com/emr/index.html.

AWS Glue is a scalable, serverless data integration service to discover, prepare, and combine data for analytics,
ML, and application development. For more information, see AWS Glue at https://aws.amazon.com/glue/ and
the AWS Glue Documentation at https://docs.aws.amazon.com/glue/index.html.

Amazon Managed Streaming for Apache Kafka (Amazon MSK) is a fully managed service to build and run
applications that use Apache Kafka to process streaming data without needing Apache Kafka infrastructure
management expertise. Apache Kafka is an open source platform for building real-time streaming data pipelines
and applications. However, Apache Kafka is difficult for users to architect, operate, and manage on their
own. For more information, see Amazon Managed Streaming for Apache Kafka (MSK)
at https://aws.amazon.com/msk and the Amazon MSK Documentation at https://aws.amazon.com/msk. For
more information about Apache Kafka, see https://kafka.apache.org/.

Amazon OpenSearch Service is a managed service to deploy, operate, and scale OpenSearch Service clusters in
the AWS Cloud. OpenSearch Service supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final
open source version of the software). For more information, see Amazon OpenSearch Service at
https://aws.amazon.com/opensearch-service/ and the Amazon OpenSearch Service Documentation at
https://docs.aws.amazon.com/opensearch-service/.
 Application integration
Amazon EventBridge is a serverless
service that uses events to connect
application components together to
build scalable, event-driven
applications.
AWS Step Functions is a visual
workflow service that helps
developers use AWS services to build
distributed applications, automate
processes, orchestrate microservices,
and create data and machine learning
(ML) pipelines.

Amazon EventBridge AWS Step Functions

Amazon EventBridge is used to route events from sources such as homegrown applications, AWS services, and
third-party software to consumer applications across the organization. EventBridge provides a consistent way to
ingest, filter, transform, and deliver events so users can build new applications quickly. EventBridge event buses
are well suited for many-to-many routing of events between event-driven services. EventBridge Pipes is
intended for point-to-point integrations between these sources and targets, with support for advanced
transformations and enrichment. For more information, see Amazon EventBridge at
https://aws.amazon.com/eventbridge/ and the Amazon EventBridge Documentation at
https://docs.aws.amazon.com/eventbridge/.

AWS Step Functions is a serverless orchestration service for integrating with AWS Lambda functions and other
AWS services to build business-critical applications. Through the Step Functions graphical console, the user sees
their application’s workflow as a series of event-driven steps. Step Functions is based on state machines and
tasks. In Step Functions, a workflow is called a state machine, which is a series of event-driven steps. Each step
in a workflow is called a state. A Task state represents a unit of work that another AWS service, such as Lambda,
performs. A Task state can call any AWS service or API. For more information, see AWS Step Functions at
https://aws.amazon.com/step-functions/ and the AWS Step Functions Documentation at
https://docs.aws.amazon.com/step-functions/.
 Business productivity
Amazon Connect is an omnichannel
cloud contact center. The user can set
up a contact center in a few steps,
add agents who are located
anywhere, and start engaging with
customers.
Amazon Simple Email Service
(Amazon SES) is an email platform
that provides a cost-effective way for
users to send and receive email
messages by using their own email
addresses and domains.

Amazon Connect Amazon SES

With Amazon Connect, the user can create personalized experiences for customers by using omnichannel
communications. For example, the user can dynamically offer chat and voice contact based on factors such as
customer preference and estimated wait times. Agents, meanwhile, conveniently handle all customers from
only one interface. For example, they can chat with customers and create or respond to tasks as customers are
routed to them. Amazon Connect is an open platform that the user can integrate with other enterprise
applications, such as Salesforce. The user can use Amazon Connect with other AWS services to provide
innovative new experiences for customers. For more information, see Amazon Connect at
https://aws.amazon.com/connect/ and the Amazon Connect Documentation at
https://docs.aws.amazon.com/connect/.

With Amazon Simple Email Service (Amazon SES), the user can send marketing email messages such as special
offers, transactional emails such as order confirmations, and other types of correspondence such as
newsletters. When the user uses Amazon SES to receive email, the user can develop software solutions such as
email autoresponders, email unsubscribe systems, and applications that generate customer support tickets
from incoming emails. For more information, see Amazon Simple Email Service at https://aws.amazon.com/ses/
and the Amazon Simple Email Service Documentation at https://docs.aws.amazon.com/pdfs/ses/.
 Compute

AWS Local Zones AWS Outposts Family AWS Wavelength

AWS Local Zones are a type of infrastructure deployment that places compute, storage, database, and other
select AWS services close to large population and industry centers. For more information, see AWS Local Zones
at https://aws.amazon.com/about-aws/global-infrastructure/localzones/ and the AWS Local Zone
Documentation https://docs.aws.amazon.com/pdfs/local-zones/latest/ug/local-zones.pdf.

AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and services to virtually any
on-premises or edge location for a truly consistent hybrid experience. With Outposts solutions, the user can
extend and run AWS services on premises, and Outposts is available in a variety of form factors. With Outposts,
the user can run some AWS services locally and connect to a broad range of services available in the local AWS
Region. Users can also use Outposts to run applications and workloads on premises by using familiar AWS
services, tools, and APIs. Outposts supports workloads and devices that require low latency access to on-
premises systems, local data processing, data residency, and application migration with local system
interdependencies. For more information, see AWS Outposts Family at https://aws.amazon.com/outposts/ and
the AWS Outposts Family Documentation at https://docs.aws.amazon.com/outposts/.

With AWS Wavelength, developers can build applications that deliver ultra-low latencies to mobile devices and
end users. AWS Wavelength deploys standard AWS compute and storage services to the edge of
communications service providers' 5G networks. The user can extend a virtual private cloud (VPC) to one or
more Wavelength Zones. The user can then use AWS resources such as Amazon Elastic Compute Cloud (Amazon
EC2) instances to run the applications that require ultra-low latency and a connection to AWS services in the
Region. For more information, see AWS Wavelength at https://aws.amazon.com/wavelength/ and the AWS
Wavelength Documentation at https://docs.aws.amazon.com/pdfs/wavelength/latest/developerguide/aws-
wavelength-developer-guide.pdf.
 Containers

Amazon Elastic Container Registry (Amazon ECR) is

an AWS managed container image registry service
that is secure, scalable, and reliable.
Amazon ECR

Amazon Elastic Container Registry (Amazon ECR) supports private repositories with resource-based
permissions by using AWS Identity and Access Management (IAM) so that specified users or EC2 instances can
access their container repositories and images. The user can use their preferred command line interface (CLI) to
push, pull, and manage Docker images, Open Container Initiative (OCI) images, and OCI-compatible artifacts.
Amazon ECR also supports public container image repositories. The AWS container services team maintains a
public road map on GitHub. It contains information about what the teams are working on and gives all AWS
customers the ability to provide direct feedback. For more information, see Amazon Elastic Container Registry
at https://aws.amazon.com/ecr/ and the Amazon Elastic Container Registry Documentation at
https://docs.aws.amazon.com/pdfs/AmazonECR/latest/userguide/ecr-ug.pdf.
 Customer engagement
AWS Activate for startups provides
eligible startups with free tools,
resources, and content designed to
help startups reach their goals.
Professionals use AWS IQ to find and
engage experts on AWS. All experts
on AWS IQ who respond to custom
requests are AWS Certified and must
maintain a high success rate.

AWS Activate AWS IQ

Benefits of AWS Activate for startups include more than 40 solution templates to build and deploy the product,
AWS expert-curated tips for business and technical needs, and best practices training from Learn on AWS. When
ready, startups can apply for AWS Activate credits. AWS Activate is a solution to a scalable, reliable, and cost-
optimized startup. For more information, see AWS Activate at https://aws.amazon.com/activate/.

With AWS IQ there is no cost to post a request. As outlined in the proposal, users pay for work either upfront,
on a schedule, or in milestones. Users should consider using AWS IQ when they need help getting started with
AWS, kick-starting a new project, or completing an existing project. If users know who they would like to work
with, they can also directly message any expert with a public profile. For more information, see the AWS IQ
website at https://iq.aws.amazon.com/.
 Databases
Amazon MemoryDB for Redis is a
Redis-compatible, durable, in-
memory database service that
delivers ultra-fast performance. It is
purpose-built for modern
applications with microservices
architectures.
Amazon Neptune is a fast, reliable,
fully managed graph database service
used to build and run applications
that work with highly connected
datasets.

Amazon MemoryDB Amazon Neptune

for Redis

Amazon MemoryDB for Redis is compatible with Redis, a popular open source data store that customers can
use to quickly build applications by using the same flexible and friendly Redis data structures, APIs, and
commands that they already use today. With MemoryDB, all of the user’s data is stored in memory, so the user
can achieve microsecond read and single-digit millisecond write latency and high throughput. MemoryDB also
stores data durably across multiple Availability Zones by using a distributed transactional log for fast failover,
database recovery, and node restarts. Delivering both in-memory performance and Multi-AZ durability,
MemoryDB can be used as a high-performance primary database for microservices applications, eliminating the
need to separately manage both a cache and a durable database. For more information, see Amazon
MemoryDB for Redis at https://aws.amazon.com/memorydb/.

The core of Amazon Neptune is a purpose-built, high-performance graph database engine. This engine is
optimized for storing billions of relationships and querying the graph with milliseconds latency. Neptune
supports the popular property graph query languages Apache TinkerPop Gremlin and Neo4j openCypher, and
the W3C RDF query language SPARQL. Users can build queries that efficiently navigate highly connected
datasets. Neptune powers graph use cases such as recommendation engines, fraud detection, knowledge
graphs, drug discovery, and network security. Neptune is highly available, with read replicas, point-in-time
recovery, continuous backup to Amazon Simple Storage Service (Amazon S3), and replication across Availability
Zones. Neptune provides data security features, with support for encryption at rest and in transit. Neptune is
fully managed, so the user no longer needs to worry about database management tasks such as hardware
provisioning, software patching, setup, configuration, or backups. For more information, see Amazon Neptune
at https://aws.amazon.com/neptune/ and the Amazon Neptune Documentation at
https://docs.aws.amazon.com/pdfs/neptune/latest/userguide/neptune-ug.pdf.
 Developer tools

AWS AppConfig AWS CloudShell AWS CodeArtifact AWS X-Ray

10

AWS AppConfig is a capability of AWS Systems Manager to create, manage, and quickly deploy application
configurations. A configuration is a collection of settings that influence the behavior of an application. AWS
AppConfig can be used with applications hosted on EC2 instances, Lambda, containers, mobile applications, or
Internet of Things (IoT) devices. AWS AppConfig helps deploy application configuration in a managed and a
monitored way just like code deployments but without the need to deploy the code if a configuration value
changes. With AWS AppConfig, users can update configurations by entering changes through the API or the AWS
Management Console. AWS AppConfig allows for the validation of those changes semantically and syntactically
to help ensure that configurations are aligned to their respective applications’ expectation, thus helping prevent
potential outages. An application configuration can be deployed with similar best practices as code
deployments, including staging rollouts, monitoring alarms, and rolling back changes should an error occur. For
more information, see AWS AppConfig at https://aws.amazon.com/systems-manager/features/appconfig/ and
the AWS AppConfig Documentation at
https://docs.aws.amazon.com/pdfs/appconfig/latest/userguide/appconfig-ug.pdf.

AWS CloudShell is a browser-based shell to securely manage, explore, and interact with AWS resources.
CloudShell is pre-authenticated with the user’s console credentials. Common development and operations tools
are pre-installed, so there’s no need to install or configure software on the local machine. With CloudShell,
users can quickly run scripts with the AWS Command Line Interface (AWS CLI), experiment with AWS service
APIs by using the AWS SDKs, or use a range of other tools to be more productive. For more information, see
AWS CloudShell at https://aws.amazon.com/cloudshell/.

AWS CodeArtifact is a fully managed artifact repository service that organizations of any size can use to securely
store, publish, and share software packages used in their software development process. CodeArtifact works
with commonly used package managers and build tools such as Maven and Gradle (Java), npm and yarn
(JavaScript), pip and twine (Python), and NuGet (.NET). For more information, see AWS CodeArtifact at
https://aws.amazon.com/codeartifact/.

AWS X-Ray is a service that collects data about requests that the user’s application serves, and provides tools to
view, filter, and gain insights into that data to identify issues and opportunities for optimization. For any traced
request to an application, users can see detailed information, not only about the request and
response, but also about calls that the application makes to downstream AWS resources,
microservices, databases, and web APIs. For more information, see AWS X-Ray at
https://aws.amazon.com/xray/ and the AWS X-Ray Documentation at
https://docs.aws.amazon.com/pdfs/xray/latest/devguide/xray-guide.pdf.
 End-user computing

Amazon AppStream 2.0 Amazon WorkSpaces Amazon WorkSpaces Web

11

Amazon AppStream 2.0 is an AWS End User Computing (EUC) service that can be configured for software as a
service (SaaS) application streaming or delivery of virtual desktops with selective persistence. When AppStream
2.0 is used for virtual desktops, saved files and application settings remain persistent between user sessions,
and a fresh virtual desktop is assigned to the user every time they log on. For more information, see Amazon
AppStream 2.0 at https://aws.amazon.com/appstream2/ and the Amazon AppStream 2.0 Documentation at
https://docs.aws.amazon.com/appstream2/.

Amazon WorkSpaces is a fully managed desktop virtualization service for Windows, Linux, and Ubuntu that
gives the user the ability to access resources from any supported device. For more information, see Amazon
WorkSpaces at https://aws.amazon.com/workspaces/all-inclusive/ and the Amazon WorkSpaces
Documentation at https://docs.aws.amazon.com/workspaces/index.html.

Amazon WorkSpaces Web is a low cost, fully managed, Linux-based service that is designed to facilitate secure
browser access to internal websites and SaaS applications from existing web browsers without the
administrative burden of appliances, managed infrastructure, specialized client software, or virtual private
network (VPN) connections. For more information, see Amazon WorkSpaces Web at
https://aws.amazon.com/workspaces/web/ and the Amazon WorkSpaces Web Documentation at
https://docs.aws.amazon.com/workspaces-web/.
 Frontend web and mobile

AWS Amplify AWS AppSync AWS Device Farm

12

AWS Amplify is a complete solution for frontend web and mobile developers to build, ship, and host full-stack
applications on AWS with the flexibility to leverage the breadth of AWS services as use cases evolve. No cloud
expertise is needed. For more information, see AWS Amplify at https://aws.amazon.com/amplify/ and the AWS
Amplify Documentation at https://docs.aws.amazon.com/amplify/.

AWS AppSync creates serverless GraphQL and Pub/Sub APIs that simplify application development through a
single endpoint to securely query, update, or publish data. For more information, see AWS AppSync at
https://aws.amazon.com/appsync/ and the AWS AppSync Documentation at
https://docs.aws.amazon.com/appsync/.

AWS Device Farm is an application testing service for users to improve the quality of their web applications and
mobile apps by testing them across an extensive range of desktop browsers and real mobile devices. With
Device Farm, users don’t have to provision and manage any testing infrastructure. Users can run their tests
concurrently on multiple desktop browsers or real devices to speed up the launch of the test suite and can
generate videos and logs to help quickly identify issues with their app. For more information, see AWS Device
Farm at https://aws.amazon.com/device-farm/ and the AWS Device Farm Documentation at
https://docs.aws.amazon.com/devicefarm/.
 Internet of Things
AWS IoT Core connects billions of
Internet of Things (IoT) devices and
routes trillions of messages to AWS
services without managing
infrastructure.
AWS IoT Greengrass is an open
source edge runtime and cloud
service for building, deploying, and
managing device software.

AWS IoT Core AWS IoT Greengrass

13

For more information about AWS IoT Core, see AWS IoT Core at https://aws.amazon.com/iot-core/ and the AWS
IoT Core Documentation at https://docs.aws.amazon.com/iot/.

For more information about IoT Greengrass, see AWS IoT Greengrass at https://aws.amazon.com/greengrass/
and the AWS IoT Greengrass Documentation at https://docs.aws.amazon.com/greengrass/.
 Machine learning (1 of 2)

Amazon Comprehend Amazon Kendra Amazon Lex

14

Amazon Comprehend is a natural-language processing (NLP) service that uses ML to uncover valuable insights
and connections in text. For more information, see Amazon Comprehend at
https://aws.amazon.com/comprehend/ and the Amazon Comprehend Documentation at
https://docs.aws.amazon.com/comprehend/.

Amazon Kendra is an intelligent enterprise search service that helps the user search across different content
repositories with built-in connectors. For more information, see Amazon Kendra at
https://aws.amazon.com/kendra/ and the Amazon Kendra Documentation at
https://docs.aws.amazon.com/kendra/.

Amazon Lex is a fully managed artificial intelligence (AI) service with advanced natural language models to
design, build, test, and deploy conversational interfaces in applications. For more information, see Amazon Lex
at https://aws.amazon.com/lex/ and the Amazon Lex Documentation at https://docs.aws.amazon.com/lex/.
 Machine learning (2 of 2)

Amazon Polly Amazon Rekognition Amazon SageMaker

Amazon Textract Amazon Transcribe Amazon Translate

15

Amazon Polly uses deep learning technologies to synthesize natural-sounding human speech so that the user
can convert articles to speech. With dozens of lifelike voices across a broad set of languages, Amazon Polly
helps users build speech-activated applications. For more information, see Amazon Polly at
https://aws.amazon.com/polly/ and the Amazon Polly Documentation at https://docs.aws.amazon.com/polly/.

Amazon Rekognition offers pre-trained and customizable computer vision (CV) capabilities to extract
information and insights from images and videos. For more information, see Amazon Rekognition at
https://aws.amazon.com/rekognition/ and the Amazon Rekognition Documentation at
https://docs.aws.amazon.com/rekognition/.

Amazon SageMaker is a fully managed ML service. With SageMaker, data scientists and developers can quickly
build and train ML models and then deploy them into a production-ready hosted environment. For more
information, see Amazon SageMaker at https://aws.amazon.com/sagemaker/ and the Amazon SageMaker
Documentation at https://docs.aws.amazon.com/sagemaker/.

Amazon Textract is an ML service that automatically extracts text, handwriting, and data from scanned
documents. It goes beyond optical character recognition (OCR) to identify, understand, and extract data from
forms and tables. For more information, see Amazon Textract at https://aws.amazon.com/textract/ and the
Amazon Textract Documentation at https://docs.aws.amazon.com/textract/.

Amazon Transcribe provides transcription services for audio files and audio streams. It uses advanced ML
technologies to recognize spoken words and transcribe them into text. For more information, see Amazon
Transcribe at https://aws.amazon.com/transcribe/ and the Amazon Transcribe Documentation at
https://docs.aws.amazon.com/transcribe/.

Amazon Translate is a neural machine translation service that delivers fast, high-quality, affordable, and
customizable language translation. For more information, see Amazon Translate at
https://aws.amazon.com/translate/ and the Amazon Translate Documentation at
https://docs.aws.amazon.com/translate/.
 Management and governance

AWS Compute Optimizer AWS Control Tower AWS Health Dashboard

AWS Resource Groups and

AWS Launch Wizard AWS Service Catalog
Tag Editor
16

AWS Compute Optimizer recommends optimal AWS compute resources for workloads. It can help reduce costs
and improve performance by using ML to analyze historical utilization metrics. Compute Optimizer helps the
user to choose the optimal resource configuration based on utilization data. For more information, see AWS
Compute Optimizer at https://aws.amazon.com/compute-optimizer/ and the AWS Compute Optimizer
Documentation at https://docs.aws.amazon.com/compute-optimizer/.

With AWS Control Tower, users can enforce and manage governance rules for security, operations, and
compliance at scale across all their organizations and accounts in the AWS Cloud. For more information, see
AWS Control Tower at https://aws.amazon.com/controltower/ and the AWS Control Tower Documentation at
https://docs.aws.amazon.com/controltower/.

The AWS Health Dashboard is the single place to learn about the availability and operations of AWS services.
The user can view the overall status of AWS services, and they can sign in to view personalized communications
about their particular AWS account or organization. The account view provides deeper visibility into resource
issues, upcoming changes, and important notifications. For more information, see AWS Health Dashboard at
https://aws.amazon.com/premiumsupport/technology/aws-health-dashboard/ and the AWS Health user guide
at https://docs.aws.amazon.com/pdfs/health/latest/ug/awshealth-ug.pdf.

AWS Launch Wizard offers a guided way of sizing, configuring, and deploying AWS resources for third-party
applications, such as Microsoft SQL Server Always On and HANA-based SAP systems, without the need to
manually identify and provision individual AWS resources. To start, the user inputs their application
requirements, including performance, number of nodes, and connectivity, into the service console. Launch
Wizard then identifies the right AWS resources, such as EC2 instances and Amazon Elastic Block Store (Amazon
EBS) volumes, to deploy and run their application. Launch Wizard provides an estimated cost of deployment and
gives users the ability to modify their resources to instantly view an updated cost assessment. Once the user
approves the AWS resources, Launch Wizard automatically provisions and configures the selected resources to
create a fully functioning, production-ready application. For more information, see AWS Launch Wizard at
https://aws.amazon.com/launchwizard/ and the AWS Launch Wizard Documentation at
https://docs.aws.amazon.com/launchwizard/.
AWS Resource Groups manages and automates tasks on large numbers of resources at one time. A
user can use resource groups to organize their AWS resources, and tags are key and value pairs that
act as metadata for organizing those resources. With most AWS resources, users have the option of
adding tags when creating the resource. Examples of resources include an EC2 instance, an S3
bucket, or a secret in AWS Secrets Manager. However, users can also add tags to multiple, supported
resources at once by using Tag Editor. For more information, see the AWS Resource Groups user
guide at https://docs.aws.amazon.com/pdfs/ARG/latest/userguide/resgrps-ug.pdf and the Tag Editor
user guide at https://docs.aws.amazon.com/pdfs/tag-editor/latest/userguide/tag-editor-
userguide.pdf.

With AWS Service Catalog, IT administrators can create, manage, and distribute portfolios of
approved products to end users, who can then access the products they need in a personalized
portal. Typical products include servers, databases, websites, or applications that are deployed by
using AWS resources (for example, an EC2 instance or an Amazon Relational Database Service
[Amazon RDS] database). Users can control which users have access to specific products to enforce
compliance with organizational business standards, manage product lifecycles, and help users find
and launch products with confidence. For more information, see AWS Service Catalog at
https://aws.amazon.com/servicecatalog/ and the AWS Service Catalog user guide at
https://docs.aws.amazon.com/pdfs/servicecatalog/latest/userguide/service-catalog-ug.pdf.
 Migration and transfer

AWS Application AWS Application AWS Migration Hub AWS Transfer Family
Discovery Service Migration Service

17

The AWS Application Discovery Service helps systems integrators quickly and reliably plan application migration
projects by automatically identifying applications running in on-premises data centers, their associated
dependencies, and their performance profile. For more information, see AWS Application Discovery Service at
https://aws.amazon.com/application-discovery/ and the AWS Application Discovery Service user guide at
https://docs.aws.amazon.com/pdfs/application-discovery/latest/userguide/appdiscovery-ug.pdf.

AWS Application Migration Service is a highly automated lift-and-shift (rehost) solution that simplifies,
expedites, and reduces the cost of migrating applications to AWS. Companies can use this service to lift and
shift a large number of physical, virtual, or cloud servers without compatibility issues, performance disruption,
or long cutover windows. For more information, see AWS Application Migration Service at
https://aws.amazon.com/application-migration-service/ and the AWS Application Migration Service user guide
at https://docs.aws.amazon.com/pdfs/mgn/latest/ug/user-guide.pdf.

AWS Migration Hub provides a single location to track migration tasks across multiple AWS tools and partner
solutions. With Migration Hub, users can choose the AWS and partner migration tools that best fit their needs
while providing visibility into the status of their migration projects. Migration Hub also provides key metrics and
progress information for individual applications, regardless of which tools are used to migrate them. For more
information, see AWS Migration Hub at https://aws.amazon.com/migration-hub/ and the AWS Migration Hub
user guide at https://docs.aws.amazon.com/pdfs/migrationhub/latest/ug/hub-api.pdf.

AWS Transfer Family is a secure transfer service to transfer files into and out of AWS storage services. Transfer
Family is part of the AWS Cloud platform. For more information, see AWS Transfer Family at
https://aws.amazon.com/aws-transfer-family/ and the AWS Transfer Family user guide at
https://docs.aws.amazon.com/pdfs/transfer/latest/userguide/transferfamily-ug.pdf.
 Security, identity, and compliance (1 of 2)

AWS Audit Manager AWS Directory Service AWS Firewall Manager

18

AWS Audit Manager helps users continually audit their AWS usage to simplify how they manage risk and
compliance with regulations and industry standards. Audit Manager automates evidence collection so users can
assess whether their policies, procedures, and activities—also known as controls—are operating effectively.
When it's time for an audit, Audit Manager helps users manage stakeholder reviews of their controls. This
means that they can build audit-ready reports with much less manual effort. For more information, see AWS
Audit Manager at https://aws.amazon.com/audit-manager/ and the AWS Audit Manager user guide at
https://docs.aws.amazon.com/pdfs/audit-manager/latest/userguide/user-guide.pdf.pdf.

AWS Directory Service provides multiple ways to set up and run Microsoft Active Directory with other AWS
services, such as Amazon EC2, Amazon RDS for SQL Server, Amazon FSx for Windows File Server, and AWS IAM
Identity Center (successor to AWS Single Sign-On). With AWS Directory Service for Microsoft Active Directory,
also known as AWS Managed Microsoft AD, user’s directory-aware workloads and AWS resources can use a
managed Active Directory in the AWS Cloud. For more information, see AWS Directory Service at
https://aws.amazon.com/directoryservice/ and the AWS Directory Service administrator guide at
https://docs.aws.amazon.com/pdfs/directoryservice/latest/admin-guide/directoryservice-admin-guide.pdf.

AWS Firewall Manager simplifies a user’s AWS WAF administration and maintenance tasks across multiple
accounts and resources. With Firewall Manager, users set up their firewall rules only once. The service
automatically applies these rules across accounts and resources, even as new resources are added. For more
information, see AWS Firewall Manager at https://aws.amazon.com/firewall-manager/ and the AWS Firewall
Manager developer guide at https://docs.aws.amazon.com/pdfs/waf/latest/developerguide/waf-dg.pdf.
 Security, identity, and compliance (2 of 2)

AWS Key Management

AWS IAM Identity Center AWS Network Firewall
Service (AWS KMS)

AWS Resource Access

AWS Secrets Manager AWS Security Hub
Manager (AWS RAM)
19

With AWS IAM Identity Center (successor to AWS Single Sign-On), a user can manage sign-in security for their
workforce identities, also known as workforce users. IAM Identity Center provides one place where users can
create or connect workforce users and centrally manage their access across all their AWS accounts and
applications. Users can use multi-account permissions to assign their workforce users access to AWS accounts.
Users can use application assignments to assign their users access to IAM Identity Center enabled applications,
cloud applications, and customer Security Assertion Markup Language (SAML 2.0) applications. For more
information, see AWS IAM Identity Center (Successor to AWS Single Sign-On) at
https://aws.amazon.com/iam/identity-center/ and the AWS IAM Identity Center user guide at
https://docs.aws.amazon.com/pdfs/singlesignon/latest/userguide/sso-ug.pdf.

AWS Key Management Service (AWS KMS) is an encryption and key management service scaled for the cloud.
Other AWS KMS keys and functionality are used by other AWS services, and a user can use them to protect data
in their own applications that use AWS. For more information, see AWS Key Management Service at
https://aws.amazon.com/kms/ and the AWS Key Management Service developer guide at
https://docs.aws.amazon.com/pdfs/kms/latest/developerguide/kms-dg.pdf.

AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service
for a user’s VPC that is created in Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, a user
can filter traffic at the perimeter of a VPC. This includes filtering traffic going to and coming from an internet
gateway, NAT gateway, or over VPN or AWS Direct Connect. For more information, see AWS Network Firewall at
https://aws.amazon.com/network-firewall/ and the AWS Network Firewall developer guide at
https://docs.aws.amazon.com/pdfs/network-firewall/latest/developerguide/network-firewall-developer-
guide.pdf.

AWS Resource Access Manager (AWS RAM) helps users securely share their resources across AWS accounts,
within their organization or organizational units (OUs) in AWS Organizations, and with IAM roles and IAM users
for supported resource types. A user can use AWS RAM to share resources with other AWS accounts. This
eliminates the need to provision and manage resources in every account. When a user shares a resource with
another account, that account is granted access to the resource, and any policies and permissions in that
account apply to the shared resource. For more information, see AWS Resource Access Manager at
https://aws.amazon.com/ram/ and the AWS Resource Access Manager reference at
https://docs.aws.amazon.com/pdfs/ram/latest/APIReference/ram-api.pdf.

AWS Secrets Manager helps a user to securely encrypt, store, and retrieve credentials for databases
and other services. Instead of hardcoding credentials in applications, a user can make calls to Secrets
Manager to retrieve credentials whenever needed. Secrets Manager helps protect access to IT
resources and data by giving users the ability to rotate and manage access to their secrets. For more
information, see AWS Secrets Manager at https://aws.amazon.com/secrets-manager/ and the AWS
Secrets Manager user guide at
https://docs.aws.amazon.com/pdfs/secretsmanager/latest/userguide/secretsmanager-
userguide.pdf.

AWS Security Hub provides users with a comprehensive view of their security state in AWS and
helps them check their environment against security industry standards and best practices. Security
Hub collects security data from across AWS accounts, services, and supported third-party partner
products and helps users analyze their security trends and identify the highest priority security
issues. For more information, see AWS Security Hub at https://aws.amazon.com/security-hub/ and
the AWS Security Hub user guide at
https://docs.aws.amazon.com/pdfs/securityhub/latest/userguide/securityhub.pdf.
 Storage
AWS Elastic Disaster Recovery
minimizes downtime and data loss
with fast, reliable recovery of on-
premises and cloud-based
applications by using affordable
storage, minimal compute, and point-
in-time recovery.
Amazon FSx makes it cost-effective to
launch, run, and scale feature-rich,
high-performance file systems in the
cloud. It supports a wide range of
workloads with its reliability, security,
scalability, and broad set of
capabilities.

AWS Elastic Disaster Amazon FSx

Recovery
20

By using AWS Elastic Disaster Recovery, a user can increase IT resilience to replicate on-premises or cloud-
based applications running on supported operating systems. Users can use the AWS Management Console to
configure replication and launch settings, monitor data replication, and launch instances for drills or recovery.
For more information, see AWS Elastic Disaster Recovery at https://aws.amazon.com/disaster-recovery and the
AWS Elastic Disaster Recovery user guide at https://docs.aws.amazon.com/pdfs/drs/latest/userguide/drs-
service-guide.pdf.

Amazon FSx is built on the latest AWS compute, networking, and disk technologies to provide high performance
and lower total cost of ownership (TCO). As a fully managed service, Amazon FSx handles hardware
provisioning, patching, and backups—freeing users to focus on applications, end users, and their business. For
more information, see Amazon FSx at https://aws.amazon.com/fsx/.
Thank you

Corrections, feedback, or other questions?

Contact us at https://support.aws.amazon.com/#/contacts/aws-training.
All trademarks are the property of their owners.

21