List of topics and subtopics for the AWS Cloud Practitioner exam

Main Topic Subtopics

- Global Infrastructure (Regions, Availability Zones, Edge
AWS Cloud Concepts
Locations)
- AWS Cloud Value Proposition (Scalability, Elasticity, Cost-
Efficiency)
- Shared Responsibility Model (Responsibilities of AWS and the
Security and Compliance
Customer)
- Identity and Access Management (IAM) (Users, Groups, Roles,
Policies)
- AWS Web Application Firewall (WAF) (Protection from Web
Exploits)
Technology - Core Services (EC2, S3, RDS, Lambda, VPC)
- Management and Governance (CloudWatch, CloudTrail, AWS
Config)
- Basic Architectural Principles (Fault Tolerance, High
Availability, Load Balancing)
Billing and Pricing - Pricing Models (On-Demand, Reserved, Spot Instances)
- Billing and Account Management (Cost Explorer, Budgets)
- Total Cost of Ownership (TCO) (Calculating and Optimizing
TCO)
AWS Cloud Adoption
- Overview (Aligning Technology and Business Strategies)
Framework
- CAF Perspectives (Business, People, Governance, Platform,
Security, Operations)
AWS Well-Architected - Pillars (Operational Excellence, Security, Reliability,
Framework Performance Efficiency, Cost Optimization)
- Basic (Free Account and Billing Support, Documentation,
AWS Support Plans
Forums)
- Developer (Business Hours Access, Guidance, <24h Case
Response Time)
- Business (24/7 Access, Faster Response Times, Contextual
Guidance)
- Enterprise (TAM, Concierge Support, Training for Complex Use
Cases)
AWS Global Infrastructure

The AWS Global Infrastructure is designed to provide high availability, fault tolerance, and
low latency for users around the world. It consists of Regions, Availability Zones (AZs), Edge
Locations, and data centers.

1. Regions

• Description: AWS Regions are geographically distinct locations that consist of multiple,
isolated, and physically separate Availability Zones. Each Region is fully independent
and designed to provide services and data replication within that Region.
• Purpose: Regions help AWS customers to deploy applications close to their end-users,
ensuring lower latency and better performance. They also allow customers to comply
with legal and regulatory requirements by choosing where to store and process data.
• Example: North America (N. Virginia), Europe (Ireland), Asia Pacific (Tokyo).

2. Availability Zones (AZs)

• Description: Availability Zones are isolated locations within an AWS Region. Each AZ
consists of one or more data centers equipped with independent power, cooling, and
networking.
• Purpose: AZs are designed to be independent from failures in other AZs, providing high
availability and fault tolerance. Customers can architect their applications to use multiple
AZs to protect against data center failures.
• Example: A Region like N. Virginia (us-east-1) might have multiple AZs, labeled as us-
east-1a, us-east-1b, us-east-1c, etc.

3. Edge Locations

• Description: Edge Locations are endpoints for AWS services used to cache copies of
content closer to end-users. They are part of AWS's content delivery network (CDN)
called Amazon CloudFront.
• Purpose: They help deliver content with lower latency and higher data transfer speeds.
Edge Locations are also used for services like AWS Global Accelerator and AWS Shield.
• Example: Edge Locations are globally distributed in major cities to serve content more
efficiently to end-users.

4. Data Centers

• Description: Data centers are the physical facilities where AWS hosts its servers and
networking equipment. Each data center is part of an Availability Zone, and multiple data
centers can exist within a single AZ.
• Purpose: Data centers provide the foundational infrastructure for all AWS services,
ensuring secure, scalable, and reliable operations.
Key Features of AWS Global Infrastructure

1. Scalability and Flexibility: The infrastructure is designed to support a wide range of

applications, from small startups to large enterprises, providing scalable resources as
needed.
2. Resiliency and Redundancy: With multiple Regions, AZs, and data centers, AWS
ensures high availability and data durability. Customers can replicate data across Regions
for disaster recovery or across AZs for high availability.
3. Security and Compliance: AWS data centers are equipped with state-of-the-art security
measures. The infrastructure is designed to comply with various global standards and
regulations, providing a secure environment for sensitive data.

How to Use This Infrastructure

• Deploying Applications: Choose a Region that best meets your needs for latency, legal
requirements, and customer proximity. Utilize multiple AZs within a Region for high
availability and fault tolerance.
• Content Delivery: Use Edge Locations via Amazon CloudFront to cache content closer
to end-users, improving performance and reducing load on origin servers.
• Disaster Recovery: Implement cross-Region replication and backups to protect against
regional failures and ensure business continuity.
Basic Architectural Principles - crucial for designing robust, scalable, and efficient systems. Commented [JN1]: Summary
•Scalability: Ability to handle increased loads by adding
Principle Description AWS Services & Features resources or instances.
•High Availability: System remains operational across
multiple Availability Zones.
- Amazon EC2 Auto Scaling •Fault Tolerance: System continues to function despite
failures.
Design systems to handle varying workloads by scaling - AWS Lambda •Security: Protection of data and resources from
Scalability
up (adding resources) or scaling out (adding instances). unauthorized access.
- Amazon RDS Read •Cost Optimization: Efficient use of resources to manage
Replicas and reduce costs.
•Performance Efficiency: Optimization of resource use to
- Amazon Route 53 meet performance requirements.
•Operational Excellence: Effective management,
Ensure the system is available and operational at all - Elastic Load Balancing monitoring, and maintenance of systems.
•Modularity: Building systems from independent,
High Availability times by using multiple resources across different (ELB) manageable components.
Availability Zones. •Decoupling: Reducing dependencies between system
- Amazon RDS Multi-AZ components for flexibility.
Deployments •Automation: Streamlining processes to minimize manual
intervention and errors.
- Amazon S3 Cross-Region
Replication
Design systems to continue operating correctly even in
Fault Tolerance
the event of hardware or software failures. - AWS CloudWatch Alarms

- AWS Elastic Beanstalk

- AWS Identity and Access

Protect data and resources from unauthorized access Management (IAM)
Security and vulnerabilities by implementing strong security
- AWS KMS
measures.
- AWS Shield

- AWS Cost Explorer

Cost Manage and optimize costs by using resources - AWS Savings Plans
Optimization efficiently and implementing cost-saving strategies.
- Amazon EC2 Spot
Instances

- Amazon CloudFront
Design systems to provide high performance and
Performance
optimize resource utilization to meet performance - AWS Global Accelerator
Efficiency
goals.
- Amazon DynamoDB

- AWS Systems Manager

Ensure systems are easy to manage, monitor, and
Operational
maintain with proper operational processes and - Amazon CloudWatch
Excellence
automation.
- AWS Config
 Principle Description AWS Services & Features

- AWS Lambda
Design systems using modular components that can be
Modularity - Amazon ECS
independently developed, tested, and scaled.
- AWS Step Functions

- Amazon SQS
Separate components to reduce dependencies and
Decoupling - Amazon SNS
improve system flexibility and fault tolerance.
- AWS EventBridge

- AWS CloudFormation
Automate repetitive tasks and processes to reduce
Automation - AWS CodePipeline
human error and increase efficiency.
- AWS OpsWorks
AWS Cloud Adoption Framework (CAF)

The AWS Cloud Adoption Framework (CAF) provides a structured approach to help
organizations transition to the cloud. It is organized into six perspectives, each focusing on
specific aspects of cloud adoption.

Perspective Description Focus Areas

Ensures that IT aligns with business needs
Value Proposition, Business Case,
and outcomes. Focuses on business
Business Business Outcomes, KPI and Commented [JN2]: Developing a business case for cloud
capabilities, value realization, and adoption, understanding the financial impact, and aligning
Metrics
organizational transformation. cloud initiatives with business strategies.
Organizational Change
Addresses organizational culture and
Management, Training, and
People change management, emphasizing the Commented [JN3]: Identifying key roles required for
Certification, Role and Skill cloud operations, training staff on cloud technologies, and
people aspect of cloud adoption.
Development fostering a culture of innovation and agility.
Focuses on aligning IT strategy with Cloud Strategy, Cloud
business strategy, ensuring compliance, Governance, Risk Management,
Governance Commented [JN4]: Establishing cloud governance
risk management, and the establishment of Financial Management, policies, setting up security and compliance controls, and
effective governance. Compliance managing risks associated with cloud adoption.
Focuses on the design, implementation,
Cloud Architecture, Migration,
and optimization of the cloud environment.
Platform Integration, Resource Commented [JN5]: Designing the foundational
Ensures the environment is scalable, infrastructure, selecting cloud services, and implementing
Provisioning, Optimization
resilient, and secure. security measures for applications and data
Ensures the organization has a robust Identity and Access Management,
security posture, addressing security Data Protection, Infrastructure
Security Commented [JN6]: Implementing security best practices,
management and compliance in the cloud Security, Threat Detection and managing identity and access controls, and ensuring data
environment. Response protection and compliance.
Operations Management,
Focuses on operational excellence in the
Monitoring and Reporting,
Operations cloud, including monitoring, incident Commented [JN7]: Setting up monitoring and logging,
Automation, Incident and managing incidents and problems, and optimizing operations
management, and service management.
Problem Management for efficiency and cost-effectiveness.
AWS Cloud Value Proposition - benefits and advantages of using AWS Cloud services. Commented [JN8]: Summary
•Cost Efficiency: Flexible pricing models and cost-saving
Aspect Description options.
•Scalability: Automatically adjust resources and scale
Pay-as-You-Go Pricing: Only pay for what you use, with no upfront applications easily.
costs or long-term commitments. •Global Reach: Deploy applications globally with a broad
Cost Efficiency network of data centers.
Cost Savings: Discounts available through Reserved Instances,
•Flexibility and Innovation: Wide range of services and
Savings Plans, and Spot Instances. rapid deployment capabilities.
Auto-Scaling: Automatically adjusts resources based on demand. •Security and Compliance: Comprehensive security
Scalability features and compliance with industry standards.
Elasticity: Easily scale up or down to match workload requirements.
•Reliability and High Availability: Built for high availability
Global Network: AWS has a vast network of data centers worldwide, and fault tolerance.
enabling low-latency access and high availability. •Performance: Optimized for high performance with
Global Reach advanced technologies.
Regional Services: Deploy applications in multiple regions to enhance
•Managed Services: Reduced operational overhead with
global presence. managed services.
Wide Range of Services: Offers over 200 fully featured services, •Support and Ecosystem: Access to support plans and a
rich ecosystem of partners and tools.
Flexibility and allowing you to choose the right tools for your needs. •Agility and Speed: Accelerate development and
Innovation Rapid Deployment: Quickly deploy applications and services with deployment, and experiment with new ideas.
flexibility and agility.
Robust Security: Built-in security features, including encryption,
Security and IAM, and compliance certifications.
Compliance Shared Responsibility Model: Clear division of security
responsibilities between AWS and customers.
Resilience: Designed for fault tolerance and high availability with
Reliability and High multiple Availability Zones and automated failover.
Availability Backup and Recovery: Comprehensive tools for data backup, disaster
recovery, and business continuity.
Optimized Performance: Services and infrastructure are optimized for
high performance and low latency.
Performance
Advanced Technologies: Leverage cutting-edge technologies like
machine learning, artificial intelligence, and serverless computing.
Ease of Management: Managed services reduce the operational
overhead of maintaining infrastructure.
Managed Services
Focus on Core Business: Allows you to focus on building applications
and services rather than managing hardware.
AWS Support Plans: Access to various levels of support, including
Support and 24/7 help from AWS experts.
Ecosystem Extensive Ecosystem: Rich ecosystem of partners, third-party tools,
and integrations.
Faster Time to Market: Accelerate development and deployment
cycles.
Agility and Speed
Experimentation: Quickly test and iterate on new ideas with scalable
resources.
AWS Well-Architected Framework (WAF)

The AWS Well-Architected Framework (WAF) provides best practices and architectural
guidance to help design and operate reliable, secure, efficient, and cost-effective systems in the
cloud. It is based on five pillars.

WAF Pillar Principles

1. Perform operations as code
2. Annotate documentation
3. Make frequent, small, reversible changes
Operational Excellence
4. Refine operations procedures frequently
5. Anticipate failure
6. Learn from operational failures
1. Implement a strong identity foundation
2. Enable traceability
3. Apply security at all layers
Security
4. Automate security best practices
5. Protect data in transit and at rest
6. Prepare for security events
1. Automatically recover from failure
2. Test recovery procedures
Reliability 3. Scale horizontally to increase aggregate system availability
4. Stop guessing capacity
5. Manage change in automation
1. Democratize advanced technologies
2. Go global in minutes
Performance Efficiency 3. Use serverless architectures
4. Experiment more often
5. Consider mechanical sympathy
1. Implement cloud financial management
2. Adopt a consumption model
Cost Optimization 3. Measure overall efficiency
4. Stop spending money on undifferentiated heavy lifting
5. Analyze and attribute expenditure
AWS Support Plans
Feature Basic Developer Business Enterprise Commented [JN9]: Basic Plan:
•Free with all AWS accounts.
Starting at Starting at Starting at •Access to AWS forums, and support for account and
Pricing Free
$29/month $100/month $15,000/month billing issues.
Email during 24/7 email,
Support Channels None 24/7 email, chat, phone Commented [JN10]: Developer Plan:
business hours chat, phone
•Designed for testing and development.
No •Email support during business hours, with longer
Response Time No guaranteed
guaranteed < 1 hour < 15 minutes response times.
(Critical) response
response
Commented [JN11]: Business Plan:
No
Response Time < 12 business •For production workloads.
guaranteed < 4 hours < 1 hour •24/7 support with faster response times, access to all
(High) hours
response Trusted Advisor checks, and support for third-party
software.
No
Response Time < 24 business
guaranteed < 24 hours < 24 hours
(General Guidance) hours Commented [JN12]: Enterprise Plan:
response •For mission-critical use.
Access to Trusted 7 core Full set of Full set of •Fastest response times, dedicated Technical Account
Full set of checks Manager, and comprehensive support including
Advisor checks checks checks architecture reviews and proactive guidance
Access to AWS
Personal Health Yes Yes Yes Yes
Dashboard
Support for Third-
No No Yes Yes
Party Software
Dedicated Technical
Architecture General Contextual Account Manager
No
Support Guidance guidance (TAM) and concierge
support
Training & Online Online
Online resources Online resources
Documentation resources resources
Dedicated Technical
Account
No No No Account Manager
Management
(TAM)
Proactive Guidance No No Limited Comprehensive
AWS BILLING AND PRICING

Aspect Description
- On-Demand: Pay for compute capacity by the hour or second with no
long-term commitments.
- Reserved Instances: Reserve capacity for a 1- or 3-year term at a lower
Pricing Models rate compared to On-Demand.
- Spot Instances: Bid for unused EC2 capacity at reduced prices.
- Savings Plans: Commit to a specific amount of usage over 1 or 3 years
for flexible compute services at discounted rates.
- 12-Month Free Tier: Limited quantities of AWS resources are free for
12 months following your account sign-up date.
Free Tier - Always Free: Some AWS services are always free up to a specific limit
(e.g., 1 million requests per month for AWS Lambda).
- Trials: Temporary free trials for certain services.
- Pay-as-You-Go: Pay for only what you use, with no upfront costs or
long-term contracts.
Billing Methods
- Tiered Pricing: Discounts as usage increases, with price breaks at
certain usage thresholds.
- AWS Cost Explorer: Visualize and analyze your AWS spending.
Cost Management - AWS Budgets: Set custom cost and usage budgets and receive alerts
Tools - AWS Cost and Usage Reports (CUR): Detailed reports for deeper
analysis of your usage and costs.
- Compute: Pricing based on instance type, size, and usage time.
Pricing - Storage: Charged by the amount of data stored and data transfer.
Calculation - Data Transfer: Costs for data transferred in and out of AWS, with
different rates for internet and inter-region data transfer.
- Basic Support: Free, includes access to AWS documentation and
forums.
- Developer Support: Starting at $29/month, includes email support
during business hours.
Support Costs
- Business Support: Starting at $100/month, includes 24/7 email, chat,
and phone support.
- Enterprise Support: Starting at $15,000/month, includes a dedicated
Technical Account Manager (TAM) and concierge support.
Shared Controls Overview:

Shared controls are security and management tasks that require action from both AWS and the
customer. While AWS provides the tools and infrastructure, the customer must configure and use
them properly.

Examples of Shared Controls:

1. Patch Management:
o AWS: Manages and applies patches to the infrastructure and underlying
hardware.
o Customer: Responsible for patching and updating their operating systems,
applications, and software running on AWS services.
2. Configuration Management:
o AWS: Provides tools and services (like AWS Config) to help track and manage
configuration changes.
o Customer: Must use these tools to ensure their resources are correctly configured
and remain compliant with security policies.
3. Awareness and Training:
o AWS: Provides security and compliance information, best practices, and training
resources.
o Customer: Responsible for ensuring their staff is trained and aware of how to
securely use AWS services.

Summary:

• AWS: Provides the necessary tools, infrastructure, and resources.

• Customer: Uses these tools and resources to manage and secure their applications and
data.
AWS Shared Responsibility

AWS's Responsibilities:

• Security of the Cloud: AWS is responsible for protecting the infrastructure that runs all
the services offered in the AWS Cloud. This includes:
o Physical security of data centers
o Network Infrastructure
o Hardware and software that make up the AWS cloud

Customer's Responsibilities:

• Security in the Cloud: Customers are responsible for managing and securing their data
and applications in the cloud. This includes:
o Data encryption and protection
o Identity and access management (IAM)
o Application-level security
o Configuring security groups and network access controls
o Operating system patches and updates
Security in AWS
Security Aspect Description AWS Services
- AWS IAM
Identity and Access Manages user identities and permissions to
- AWS IAM Roles
Management (IAM) control access to AWS resources.
- AWS IAM Policies
- AWS Key
Management Service
Protects data at rest and in transit using (KMS)
Data Encryption
encryption methods. - AWS CloudHSM
- AWS Certificate
Manager (ACM)
- Amazon VPC
- AWS Security Groups
Controls and monitors network traffic to - AWS Network ACLs
Network Security
and from AWS resources. - AWS Shield
- AWS WAF (Web
Application Firewall)
- Amazon CloudWatch
Monitoring and Tracks and logs activities to ensure
- AWS CloudTrail
Logging compliance and detect issues.
- AWS Config
- AWS Artifact
Ensures adherence to regulatory and
Compliance - AWS Compliance
security standards.
Center
Provides tools and practices for detecting, - AWS CloudTrail
Incident Response managing, and responding to security - Amazon GuardDuty
incidents. - AWS Security Hub
- AWS Inspector
Protects applications from vulnerabilities - AWS Secrets Manager
Application Security
and attacks. - AWS Shield
- AWS WAF
- AWS Trusted Advisor
- AWS Security Best
Secures the underlying infrastructure that
Infrastructure Security Practices
supports AWS services.
- AWS Systems
Manager
- AWS IAM
Ensures only authorized users and systems - AWS Organizations
Access Control
can access resources. - AWS Resource Access
Manager (RAM)
- AWS Backup
Data Backup and Manages data backup and recovery to - Amazon S3
Recovery protect against data loss. Versioning
- AWS Snapshots
Here's a table with short descriptions of each AWS service mentioned in the security aspects:

AWS Service Description

Manages user identities and permissions, allowing you to control
AWS IAM
access to AWS resources.
Allows you to define a set of permissions that can be assumed by
AWS IAM Roles
users or services.
Defines permissions that are assigned to users, groups, or roles,
AWS IAM Policies
specifying what actions are allowed.
AWS Key Management Provides managed encryption keys for data encryption and
Service (KMS) decryption.
Offers hardware security modules (HSMs) for managing and
AWS CloudHSM
protecting encryption keys.
AWS Certificate Manager Manages SSL/TLS certificates for securing data in transit
(ACM) between your applications and users.
Creates a virtual private cloud, allowing you to define and
Amazon VPC
control a virtualized network environment.
Acts as a virtual firewall to control inbound and outbound traffic
AWS Security Groups
to your EC2 instances.
Provides an additional layer of security by controlling traffic at
AWS Network ACLs
the subnet level.
AWS Shield Protects against Distributed Denial of Service (DDoS) attacks.
AWS WAF (Web Protects web applications by filtering and monitoring HTTP
Application Firewall) requests based on customizable rules.
Monitors and logs metrics and events from AWS resources and
Amazon CloudWatch
applications.
Records API calls made on your account, providing visibility
AWS CloudTrail
into user activity and API usage.
Tracks AWS resource configurations and changes, enabling
AWS Config
compliance auditing and security analysis.
Monitors and analyzes data from various AWS sources to detect
Amazon GuardDuty
potential security threats.
Assesses the security and compliance of your applications by
AWS Inspector
running automated security assessments.
Provides on-demand access to AWS compliance reports and
AWS Artifact
security and compliance documentation.
Centralizes AWS compliance resources and information to help
AWS Compliance Center
manage regulatory compliance.
Aggregates and prioritizes security findings from various AWS
AWS Security Hub
services and partner solutions.
 AWS Service Description
Manages and rotates secrets such as database credentials and
AWS Secrets Manager
API keys securely.
Provides operational data from multiple AWS services and
AWS Systems Manager
automates tasks for system management.
Offers insights and recommendations for improving your AWS
AWS Trusted Advisor
infrastructure’s security and performance.
AWS Resource Access Shares AWS resources across accounts or within your
Manager (RAM) organization.
Manages multiple AWS accounts centrally, applying policies and
AWS Organizations
controls across accounts.
Centralizes backup management and automates backup tasks for
AWS Backup
AWS resources.
Keeps multiple versions of objects in S3, allowing you to
Amazon S3 Versioning
recover from unintended deletions or overwrites.
Captures point-in-time snapshots of your EBS volumes, enabling
AWS Snapshots
data backup and recovery.

This table provides concise descriptions of each AWS service related to security, giving you an
overview of their primary functions and uses.
AWS Compute Services Commented [JN13]: Summary of Compute Services:
•Amazon EC2: Scalable virtual servers for various
applications.
•AWS Lambda: Serverless compute for event-driven
Service Description Primary Use Cases applications.
•Amazon ECS: Container orchestration service for
Amazon EC2 Provides scalable virtual servers with managing Docker containers.
Web hosting, application
(Elastic Compute customizable configurations for various •Amazon EKS: Managed Kubernetes service for container
servers, batch processing.
Cloud) applications. orchestration.
•AWS Fargate: Serverless compute for containers,
Runs code without provisioning or Serverless applications, real- removing the need to manage servers.
AWS Lambda managing servers, triggered by events or time data processing, backend •AWS Batch: Manages and executes batch computing
requests. services. workloads.
•AWS Elastic Beanstalk: Platform as a Service for
Amazon ECS Container orchestration service that deploying and managing applications.
Containerized applications,
(Elastic Container manages Docker containers on a cluster of •Amazon Lightsail: Simple cloud platform with fixed
microservices architecture.
Service) EC2 instances or Fargate. pricing and pre-configured instances.
•AWS Outposts: Extends AWS infrastructure to on-
Amazon EKS Managed Kubernetes service that simplifies premises locations for hybrid cloud scenarios.
Kubernetes-based container
(Elastic running Kubernetes on AWS without •AWS Local Zones: Provides low-latency access by
orchestration, complex extending AWS infrastructure to local geographic
Kubernetes needing to install and manage your own
applications. locations.
Service) control plane.
•AWS Wavelength: Delivers AWS services to
Serverless compute engine for containers Containerized applications telecommunications networks for ultra-low latency
AWS Fargate that works with ECS and EKS, eliminating without managing applications.
the need to manage servers. infrastructure.
High-performance computing
Manages and runs batch computing
AWS Batch (HPC), large-scale data
workloads at any scale using AWS services.
processing.
Platform as a Service (PaaS) that simplifies Web applications, APIs, and
AWS Elastic
the deployment, management, and scaling services in multiple
Beanstalk
of applications. languages.
Simple web applications,
Simplified cloud platform with a
development environments,
Amazon Lightsail straightforward interface, pre-configured
and small-scale production
instances, and a fixed pricing model.
workloads.
Fully managed service that extends AWS Hybrid cloud applications,
AWS Outposts infrastructure, services, and tools to on- data residency, local data
premises locations. processing.
Extends AWS infrastructure to geographic
Low-latency applications,
AWS Local Zones locations close to end-users, providing low-
real-time processing, gaming.
latency access.
Brings AWS infrastructure and services to
Mobile edge computing, 5G
AWS Wavelength telecommunications networks for ultra-low
applications.
latency applications.
AWS Network Services Commented [JN14]: Summary of Networking Services:
•Amazon VPC: Creates and manages virtual networks
Service Description Primary Use Cases within AWS.
Amazon VPC Creates a logically isolated network within Custom network •Amazon Route 53: Scalable DNS service for routing and
(Virtual Private the AWS Cloud, allowing you to define a configurations, secure domain management.
•AWS Direct Connect: Dedicated network connection for
Cloud) virtualized network environment. network environments. consistent performance.
Scalable DNS and domain name Domain name resolution, •AWS VPN: Secure, encrypted connections between on-
Amazon Route 53 registration service that routes end-users to routing traffic to applications, premises and AWS.
•Elastic Load Balancing (ELB): Distributes traffic across
internet applications. DNS management. multiple targets.
Establishes a dedicated network connection High-bandwidth, low-latency •AWS Global Accelerator: Enhances global application
AWS Direct performance and availability.
from your premises to AWS, providing a connections, hybrid cloud
Connect •AWS Transit Gateway: Centralizes network connectivity
more consistent network experience. environments. between VPCs and on-premises networks.
AWS VPN Connects your on-premises network to Secure communication •Amazon CloudFront: CDN for delivering content globally
with low latency.
(Virtual Private AWS through an encrypted VPN between on-premises data
•AWS PrivateLink: Private connectivity between VPCs and
Network) connection. centers and AWS. AWS services.
Distributes incoming application or network Load balancing for web •AWS App Mesh: Manages microservices communication
Elastic Load with consistent traffic controls.
traffic across multiple targets to ensure high applications, microservices •Amazon VPC Traffic Mirroring: Monitors and analyzes
Balancing (ELB)
availability and reliability. architectures. network traffic.
Improves the availability and performance •AWS Network ACLs: Controls traffic at the subnet level.
Global application •AWS Security Groups: Virtual firewalls for EC2 instance
AWS Global of your applications with global users by
performance improvement, traffic.
Accelerator routing traffic through AWS’s global
traffic acceleration.
network.
Connects multiple VPCs and on-premises
AWS Transit Network centralization, multi-
networks through a central gateway for
Gateway VPC connectivity.
simplified network management.
Content Delivery Network (CDN) that
Amazon Website acceleration, media
delivers data, videos, applications, and APIs
CloudFront delivery, API distribution.
to users globally with low latency.
Provides private connectivity between
Securely access AWS services
AWS PrivateLink VPCs and services hosted on AWS,
and third-party applications.
keeping traffic within the AWS network.
Improves global application availability and Application performance
AWS Global
performance by routing traffic through the enhancement, global user base
Accelerator
AWS global network. support.
Provides application-level networking to
Microservices
manage microservices communication with
AWS App Mesh communication, network
consistent visibility and network traffic
traffic management.
controls.
Captures and inspects network traffic in
Amazon VPC Network monitoring, security
your VPC to monitor and analyze network
Traffic Mirroring analysis, troubleshooting.
activity.
 Service Description Primary Use Cases
Provides a firewall for controlling inbound
AWS Network Network security, traffic
and outbound traffic at the subnet level in
ACLs filtering at the subnet level.
your VPC.
AWS Security Acts as a virtual firewall to control inbound Instance-level security, traffic
Groups and outbound traffic to your EC2 instances. control.
Establishes a secure connection between Secure site-to-site
AWS Site-to-Site
your on-premises network and AWS using connections, hybrid cloud
VPN
IPsec. integration.
AWS Storage Services Commented [JN15]: Summary of Storage Services:
•Amazon S3: Scalable object storage for various data
Service Description Primary Use Cases types.
Amazon S3 Object storage service that provides Backup and restore, data •Amazon EBS: Block-level storage for EC2 instances.
(Simple Storage scalable, durable, and low-cost storage for archiving, content storage and •Amazon EFS: Shared file storage across multiple EC2
instances.
Service) a wide variety of data types. distribution. •Amazon FSx: Managed Windows and Lustre file systems.
Amazon EBS Persistent storage for EC2 •Amazon S3 Glacier: Low-cost archival storage with
Provides block-level storage volumes for variable retrieval times.
(Elastic Block instances, databases, and
use with Amazon EC2 instances. •Amazon S3 Glacier Deep Archive: Very low-cost storage
Store) applications. for long-term archival.
Amazon EFS Fully managed file storage that can be File storage for applications, •AWS Backup: Centralized backup management across
(Elastic File shared across multiple EC2 instances, shared file systems, content AWS and on-premises.
•AWS Snowball: Physical devices for transferring large
System) scalable and elastic. management. volumes of data to and from AWS.
Managed file systems that provide highly Windows file systems, high- •AWS Snowcone: Portable device for edge computing and
Amazon FSx available and scalable file storage with performance computing data migration.
•AWS Storage Gateway: Hybrid cloud storage solution for
support for Windows and Lustre. workloads. on-premises and cloud integration.
Low-cost cloud storage service for data •Amazon S3 Intelligent-Tiering: Automatically optimizes
storage costs by moving data between tiers based on
Amazon S3 archiving and long-term backup with Data archiving, compliance and
access patterns.
Glacier retrieval times ranging from minutes to regulatory data retention.
hours.
Amazon S3 Lowest-cost storage class for long-term
Long-term data storage, archival
Glacier Deep data archiving, with retrieval times of up
of infrequently accessed data.
Archive to 12 hours.
Centralized backup service that automates
and centrally manages backups across Backup management, disaster
AWS Backup
AWS services and on-premises recovery, compliance.
environments.
Data transfer service that uses secure
Large-scale data migration, data
AWS Snowball devices to move large amounts of data
center decommissioning.
into and out of AWS.
Small, rugged, and portable data transfer
Edge data collection, remote data
AWS Snowcone device for edge computing and data
transfer.
migration.
Hybrid cloud storage service that Backup and archiving, disaster
AWS Storage
provides on-premises access to virtually recovery, cloud integration for
Gateway
unlimited cloud storage. on-premises data.
Amazon S3 Automatically moves data between Cost-effective storage
Intelligent- different storage tiers based on changing management for data with
Tiering access patterns to optimize costs. unpredictable access patterns.
AWS analytics Services Commented [JN16]: Summary of Analytics Services:
•Amazon Redshift: Managed data warehouse for complex
Service Description Primary Use Cases
queries and large datasets.
Fully managed data warehouse service Data warehousing, business •Amazon Athena: Serverless SQL querying service for
Amazon Redshift that allows you to run complex queries intelligence, complex query analyzing S3 data.
•Amazon EMR: Managed Hadoop framework for big data
and analyze large datasets quickly. processing. processing.
Serverless interactive query service that Ad-hoc querying, •AWS Glue: Managed ETL service for data preparation and
Amazon Athena allows you to analyze data in Amazon S3 interactive analytics on S3 cataloging.
•Amazon Kinesis: Real-time data streaming and analytics
using standard SQL. data. platform.
Managed Hadoop framework that allows •Amazon QuickSight: Business intelligence service for
Big data processing, data dashboards and visualizations.
Amazon EMR you to process vast amounts of data
transformations, large-scale •AWS Data Pipeline: Automates data movement and
(Elastic MapReduce) quickly using open-source tools such as transformation workflows.
analytics.
Hadoop, Spark, and HBase. •Amazon CloudSearch: Managed search service for
Fully managed ETL (extract, transform, applications.
Data integration, ETL •AWS OpenSearch Service: Search and analytics service
AWS Glue load) service that simplifies data using OpenSearch.
workflows, data cataloging.
preparation for analytics. •AWS Lake Formation: Simplifies building and managing
data lakes.
Platform for real-time data streaming and Real-time data processing,
•Amazon MSK: Managed Apache Kafka service for
Amazon Kinesis analytics, enabling you to collect, process, log and event data analysis, streaming data.
and analyze streaming data. stream analytics. •Amazon Timestream: Time series database for time-
stamped data.
Scalable business intelligence service that Data visualization, business
•AWS Glue DataBrew: Visual tool for data cleaning and
Amazon QuickSight provides insights through interactive analytics, interactive preparation.
dashboards and visualizations. reporting.
Web service that helps you automate the
Data workflows, data
movement and transformation of data
AWS Data Pipeline processing pipelines, ETL
between different AWS compute and
tasks.
storage services.
Managed search service that provides fast
Website search, application
Amazon CloudSearch and highly scalable search capabilities for
search, log analytics.
your applications.
Managed search and analytics service that
Log analytics, real-time
AWS OpenSearch enables you to search, analyze, and
search, application
Service visualize data in real-time using
monitoring.
OpenSearch (formerly Elasticsearch).
Simplifies the process of building,
Data lake creation, data
AWS Lake securing, and managing data lakes,
management, security and
Formation allowing you to ingest and catalog data
access control.
from various sources.
Amazon Managed Fully managed service that makes it easy Real-time data processing,
Streaming for to build and run applications that use event streaming, log
Apache Kafka (MSK) Apache Kafka to process streaming data. aggregation.
Fully managed time series database IoT data analysis,
Amazon Timestream service optimized for ingesting, storing, monitoring and operational
and analyzing time-stamped data. metrics, event tracking.
 Service Description Primary Use Cases
Visual data preparation tool that allows Data cleaning,
AWS Glue DataBrew you to clean and normalize data without transformation, data
writing code. preparation for analysis.
AWS Machine Learning Services Commented [JN17]: Summary of Machine Learning
Services:
Service Description Primary Use Cases •Amazon SageMaker: End-to-end service for building,
Fully managed service that provides tools Model development, training, training, and deploying ML models.
Amazon •AWS Deep Learning AMIs: Pre-built AMIs with deep
and workflows for building, training, and and deployment, end-to-end
SageMaker learning frameworks for accelerated development.
deploying machine learning models. ML workflows. •AWS Deep Learning Containers: Containerized
Pre-built Amazon Machine Images Deep learning model environments with deep learning frameworks.
AWS Deep •Amazon Comprehend: NLP service for extracting insights
(AMIs) with deep learning frameworks development, custom ML
Learning AMIs from text.
and tools for accelerated development. model training. •Amazon Rekognition: Image and video analysis for
AWS Deep Docker containers pre-installed with Model development and detecting objects, people, and activities.
•Amazon Textract: Extracts structured data from scanned
Learning popular deep learning frameworks, training in containerized
documents.
Containers enabling flexible ML model development. environments. •Amazon Translate: Language translation service using
Natural language processing (NLP) neural machine translation.
Amazon Text analysis, sentiment •Amazon Polly: Converts text into lifelike speech.
service that extracts insights from text •Amazon Lex: Builds conversational interfaces with voice
Comprehend analysis, entity recognition.
using machine learning. and text.
Image and video analysis service that uses Image and video analysis, •Amazon Personalize: Provides personalized
Amazon recommendations using machine learning.
deep learning to identify objects, people, facial recognition, object •Amazon Forecast: Time series forecasting for predicting
Rekognition
text, and activities. detection. future values.
Extracts text, forms, and tables from Document analysis, data •Amazon SageMaker Ground Truth: Data labeling service
to create labeled datasets for ML models.
Amazon Textract scanned documents using machine extraction from forms and •Amazon Augmented AI (A2I): Human review workflows
learning. tables. for integrating human judgment into ML predictions.
Amazon Neural machine translation service that Language translation for text •AWS Glue DataBrew: Visual tool for cleaning and
preparing data for machine learning.
Translate provides language translation capabilities. and documents.
Text-to-speech service that converts Voiceovers, audiobooks,
Amazon Polly
written text into lifelike speech. interactive voice applications.
Chatbots, virtual assistants,
Service for building conversational
Amazon Lex interactive voice response
interfaces using voice and text.
systems.
Real-time personalization service that uses Personalized product
Amazon
machine learning to provide personalized recommendations, content
Personalize
recommendations. recommendations.
Time series forecasting service that uses Demand forecasting, financial
Amazon Forecast machine learning to predict future values forecasting, inventory
based on historical data. planning.
Amazon Provides a data labeling service that uses Labeling datasets for training
SageMaker machine learning to improve the ML models, creating labeled
Ground Truth efficiency of data labeling tasks. datasets.
Amazon Human review workflows for ML model
Model output verification, data
Augmented AI predictions, allowing you to integrate
labeling, human-in-the-loop.
(A2I) human judgment into ML workflows.
Visual data preparation tool that helps you
AWS Glue Data preparation for machine
clean and normalize data without writing
DataBrew learning, data cleaning.
code.
AWS Developers Services Commented [JN18]: Summary of Developer Services:
•AWS CodeCommit: Git-based source control service. For
Service Description Primary Use Cases
version control
Version control, code •AWS CodeBuild: Managed build service for compiling
Fully managed source control service that management, code and running tests.
AWS CodeCommit •AWS CodeDeploy: Automates code deployments.
hosts secure Git repositories. collaborative
•AWS CodePipeline: CI/CD service for automating build,
development. test, and deploy phases.
Fully managed build service that compiles •AWS CodeStar: Unified interface for managing
Continuous integration development activities.
AWS CodeBuild source code, runs tests, and produces •AWS Cloud9: Cloud-based IDE for development and
(CI), automated builds.
software packages. debugging.
Automates code deployment to any Continuous deployment •AWS X-Ray: Provides insights into application
performance and debugging.
AWS CodeDeploy instance, including EC2 instances and on- (CD), deployment •AWS SAM: Framework for building serverless
premises servers. automation. applications.
Continuous integration and continuous CI/CD pipeline creation, •AWS Amplify: Platform for building mobile and web
applications.
AWS CodePipeline delivery (CI/CD) service that automates the application delivery •AWS Chalice: Framework for serverless applications in
build, test, and deploy phases. automation. Python.
•AWS App Runner: Managed service for deploying and
Unified user interface that enables you to Project management,
running containerized applications.
AWS CodeStar manage your software development CI/CD setup, team •AWS CDK: Framework for defining cloud infrastructure
activities in one place. collaboration. using code.
•AWS CloudFormation: IaC service for provisioning AWS
Cloud-based integrated development Cloud-based
resources.
AWS Cloud9 environment (IDE) that provides a rich development, code •AWS CLI: Command line tool for managing AWS services.
code-editing experience. editing, debugging. •AWS SDKs: Libraries for integrating with AWS services
from various programming languages.
Service that helps developers analyze and Distributed tracing,
•AWS Config: Tracks and manages AWS resource
AWS X-Ray debug production applications by providing performance monitoring, configurations and compliance.
insights into performance issues. debugging.
AWS SAM Framework for building serverless Serverless application
(Serverless applications with AWS Lambda and other development, deployment,
Application Model) AWS services. and management.
Development platform for building secure, Frontend and backend
AWS Amplify scalable mobile and web applications with development for
ease. mobile/web apps.
Serverless application
Microframework for writing serverless
AWS Chalice development using
applications in Python.
Python.
Deployment of web
Fully managed service for deploying and
applications and APIs
AWS App Runner running containerized web applications and
from source code or
APIs.
containers.
Open-source software development Infrastructure as code
AWS CDK (Cloud
framework for defining cloud infrastructure (IaC), cloud resource
Development Kit)
using familiar programming languages. provisioning.
 Service Description Primary Use Cases
Cloud resource
Infrastructure as code (IaC) service that
AWS provisioning,
provides a common language for describing
CloudFormation infrastructure
and provisioning AWS infrastructure.
management.
AWS CLI (Command Unified tool to manage AWS services from AWS service management
Line Interface) the command line. and automation via CLI.
Libraries and tools that make it easier to Service integration,
AWS SDKs (Software
interact with AWS services from various application development
Development Kits)
programming languages. with AWS services.
Service that provides AWS resource Resource tracking,
inventory, configuration history, and compliance auditing,
AWS Config
configuration change notifications to enable configuration
security and governance. management.
Ways to access and interact with AWS services Commented [JN19]: Summary of Access Methods:
•AWS Management Console: Web UI for service
Access Method Description Primary Use Cases
management and configuration.
Web-based user interface that provides Service management, •AWS CLI: Command line tool for managing services and
AWS Management scripting.
access to all AWS services and resources resource configuration,
Console •AWS SDKs: Libraries for integrating AWS services into
for management and configuration. monitoring. applications.
Unified tool to manage AWS services Scripting, automation, and •AWS CloudFormation: IaC service for defining and
AWS Command Line provisioning infrastructure.
from the command line using commands service management via
Interface (CLI) •AWS CDK: Framework for defining cloud infrastructure
in shell scripts. CLI. using code.
Libraries and tools for integrating AWS Application development, •AWS CloudTrail: Tracks and logs API calls and activities.
AWS SDKs (Software •AWS Systems Manager: Manages AWS resources and
services into applications using various service integration,
Development Kits) servers with operational data.
programming languages. programmatic access. •AWS Config: Tracks and manages resource configurations
Infrastructure as Code (IaC) service that Infrastructure provisioning and compliance.
AWS •AWS Service Catalog: Manages and provisions approved
allows you to define and provision AWS and management through
CloudFormation resource catalogs.
infrastructure using templates. templates. •AWS Console Mobile App: Mobile app for AWS resource
Framework for defining cloud management.
Infrastructure as Code •AWS Systems Manager Session Manager: Provides
AWS CDK (Cloud infrastructure using familiar
(IaC), cloud resource secure instance management without SSH/RDP.
Development Kit) programming languages, generating •AWS Lambda Function URLs: Direct HTTP access to
provisioning.
CloudFormation templates. Lambda functions.
•Amazon API Gateway: API management and gateway for
Service that records API calls and activity Security auditing, secure API interactions.
AWS CloudTrail made on your account, allowing you to compliance, monitoring •AWS App Runner: Deploys and manages containerized
track changes and access patterns. API activity. web applications and APIs.
Provides operational data and automation Resource management,
AWS Systems Commented [JN20]: Access the AWS service
to manage AWS resources and on- operational tasks
Manager
premises servers. automation.
Tracks and manages AWS resource Configuration tracking,
AWS Config configurations and compliance with compliance auditing,
governance rules. change management.
Enables organizations to create and Resource cataloging,
AWS Service Catalog manage approved catalogs of resources centralized resource
for consistent provisioning. management.
AWS Console Mobile Mobile app for managing AWS services Remote management, on-
Application and resources on the go. the-go monitoring.
AWS Systems Provides secure and auditable instance
Instance management,
Manager Session management without needing SSH or
secure remote access.
Manager RDP access.
Allows direct access to AWS Lambda
Serverless application
AWS Lambda functions via HTTP endpoints,
integrations, direct function
Function URLs facilitating serverless application
access.
interactions.
 Access Method Description Primary Use Cases
Managed service for creating, publishing,
API management,
Amazon API Gateway maintaining, monitoring, and securing
integration, and routing.
APIs at any scale.
Service for deploying containerized web
Application deployment,
AWS App Runner applications and APIs without managing
API hosting.
the underlying infrastructure.
TCO Considerations- considerations for AWS services involve evaluating various factors that impact the Commented [JN21]: Summary of TCO Considerations:
overall cost of using AWS resources over time. •Initial Setup Costs: One-time expenses for resource
setup and deployment.
Consideration Description Impact on TCO •Ongoing Operational Costs: Recurring charges based on
Costs associated with setting up AWS resource usage.
Initial expenses, potential setup •Scaling Costs: Variable costs related to scaling resources
Initial Setup Costs resources and infrastructure, including as needed.
and configuration fees.
configuration and deployment. •Data Transfer Costs: Charges for data movement within
and outside AWS.
Recurring costs of running AWS •Storage Costs: Costs for data storage based on access
Ongoing Operational Monthly or annual charges
resources, including compute, storage, needs and storage class.
Costs based on usage. •Compute Costs: Expenses for using compute resources
and data transfer.
like EC2 and Lambda.
Costs associated with scaling resources •Licensing Costs: Additional charges for software licenses
up or down based on demand, Variable costs that depend on and marketplace products.
Scaling Costs •Management and Administration Costs: Operational
including autoscaling and load resource utilization. costs for managing AWS resources.
balancing. •Support Costs: Charges for AWS support plans and
technical assistance.
Charges for data transferred between Impact on costs based on data
•Training and Development Costs: Expenses for training
Data Transfer Costs AWS services, between AWS and the movement and transfer staff on AWS technologies.
internet, or between regions. volume. •Security and Compliance Costs: Costs for implementing
security and compliance measures.
Costs for storing data in various AWS •Disaster Recovery Costs: Costs for backup and disaster
Costs vary by storage type and
Storage Costs storage services, including standard, recovery solutions.
data access frequency. •Cost Optimization Efforts: Investments in strategies to
infrequent access, and archival options.
optimize and reduce AWS costs.
Charges for using compute services Costs depend on instance
Compute Costs such as EC2 instances, Lambda types, usage patterns, and
functions, and container services. duration.
Costs for software licenses required to
run on AWS, including third-party Additional charges for licensed
Licensing Costs
software and AWS marketplace software or products.
products.
Costs related to managing and
Management and administrating AWS resources, Costs associated with
Administration Costs including monitoring, maintenance, and operational overhead and staff.
updates.
Costs depend on the level of
Expenses for AWS support plans,
support chosen (Basic,
Support Costs which provide varying levels of
Developer, Business,
technical support and guidance.
Enterprise).
Costs for training staff to effectively Investment in skills
Training and
use AWS services and tools, including development and training
Development Costs
courses and certifications. programs.
Costs associated with implementing Expenses for security tools,
Security and
security measures, compliance, and audits, and compliance
Compliance Costs
data protection. measures.
Costs for setting up and maintaining Costs for backup storage,
Disaster Recovery
disaster recovery solutions and replication, and failover
Costs
backups. solutions.
 Consideration Description Impact on TCO
Efforts to manage and reduce AWS
Potential savings from
Cost Optimization costs, such as reserved instances,
optimized resource usage and
Efforts savings plans, and resource right-
cost management strategies.
sizing.
AWS costing services Commented [JN22]: Summary of Cost Management
Services:
Service Description Primary Use Cases •AWS Cost Explorer: Analyzes spending patterns and
Tool that allows you to view and analyze your provides insights.
AWS Cost Cost analysis, budget •AWS Budgets: Sets and tracks custom budgets with
AWS spending patterns, providing detailed
Explorer tracking, spending reports. alerts.
insights into your costs. •AWS Cost and Usage Report (CUR): Detailed data on
AWS usage and spending.
Service that lets you set custom cost and usage Budget management, cost
•AWS Cost Anomaly Detection: Detects and alerts on
AWS Budgets budgets and receive alerts when your usage monitoring, alerting on unusual spending patterns.
exceeds the defined thresholds. budget breaches. •AWS Savings Plans: Provides savings through usage
commitment.
AWS Cost and In-depth cost analysis, •Reserved Instances (RIs): Offers savings for committed
Detailed report that provides comprehensive
Usage Report financial reporting, data instance usage.
data about your AWS usage and spending. •AWS Compute Optimizer: Recommends optimal
(CUR) integration.
instance types based on usage.
AWS Cost Uses machine learning to automatically detect Anomaly detection, cost •AWS Trusted Advisor: Provides best practices and cost
Anomaly unusual spending patterns and alert you to monitoring, identifying optimization recommendations.
•AWS Cost Categories: Categorizes costs for detailed
Detection potential anomalies. unexpected charges. tracking and reporting.
Flexible pricing model that provides significant •AWS Pricing Calculator: Estimates service costs based
Cost savings through usage on usage.
AWS Savings savings over on-demand pricing in exchange •AWS Cost Management Dashboard: Centralized view
commitment, flexible cost
Plans for a commitment to a consistent amount of for cost monitoring and management.
management.
usage over a one- or three-year term. •AWS Personal Health Dashboard: Alerts and guidance
for AWS service impacts.
Provides significant savings compared to on-
Reserved demand pricing in exchange for committing to Long-term cost savings,
Instances (RIs) use specific instance types for a one- or three- capacity reservation.
year term.
Analyzes your usage patterns and recommends Instance right-sizing, cost
AWS Compute
optimal instance types for your workloads optimization, performance
Optimizer
based on historical data. improvement.
Provides real-time guidance to help you Cost optimization
AWS Trusted
provision your resources following AWS best recommendations, resource
Advisor
practices, including cost optimization. utilization analysis.
Allows you to categorize your AWS costs and
AWS Cost Cost allocation, detailed
usage for more granular cost tracking and
Categories financial reporting.
reporting.
Tool for estimating the cost of AWS services
AWS Pricing Cost estimation, budgeting,
based on your specific usage patterns and
Calculator pricing planning.
requirements.
AWS Cost Centralized view of your cost and usage data, Dashboard for monitoring
Management providing insights and actionable costs, identifying savings
Dashboard recommendations for cost management. opportunities.
AWS Personal Provides alerts and remediation guidance when Incident response,
Health AWS is experiencing events that may impact proactive issue
Dashboard your resources. management.
AWS compliant environment Commented [JN23]: Key Compliance Considerations
for AWS:
Compliance 1.Data Protection and Privacy: Ensure compliance with
Description Primary Use Cases
Standard/Framework GDPR, HIPAA, and other data protection regulations for
managing and safeguarding sensitive data.
European Union regulation for data 2.Financial Reporting: Adhere to SOX for financial
Data protection, privacy
General Data Protection protection and privacy for all accuracy and internal controls.
compliance for EU and 3.Security Standards: Implement security practices and
Regulation (GDPR) individuals within the EU and
EEA data. controls to meet ISO/IEC 27001, PCI DSS, and other
EEA. relevant standards.
Health Insurance Portability US law providing data privacy and Compliance for handling 4.Government Regulations: Comply with FedRAMP,
FIPS, ITAR, and CUI for handling government and
and Accountability Act security provisions for and storing protected defense-related information.
(HIPAA) safeguarding medical information. health information (PHI). 5.Cybersecurity Best Practices: Follow guidelines from
NIST CSF and ENISA for robust cybersecurity practices.
Payment Card Industry Security standard for organizations Compliance for processing, 6.Cloud-Specific Compliance: Utilize AWS compliance
Data Security Standard that handle credit card information storing, and transmitting features and tools to maintain adherence to required
(PCI DSS) to protect against data breaches. payment card information. standards and frameworks.

US government program providing

Federal Risk and a standardized approach to security
Compliance for US federal
Authorization Management assessment, authorization, and
agencies and contractors.
Program (FedRAMP) continuous monitoring for cloud
products and services.
Standards for federal computer Compliance for federal
Federal Information
systems in the US, including information systems and
Processing Standard (FIPS)
encryption and security protocols. data protection.
International standard for Certification for managing
ISO/IEC 27001 information security management and protecting information
systems (ISMS). security.
International standard focusing on Data protection and
ISO/IEC 27018 protecting personal data in the privacy in cloud computing
cloud. environments.
US law aimed at protecting
Compliance for financial
investors by improving the
Sarbanes-Oxley Act (SOX) reporting and internal
accuracy and reliability of
controls.
corporate disclosures.
US regulations controlling the Compliance for handling
International Traffic in
export and import of defense- and exporting defense-
Arms Regulations (ITAR)
related articles and services. related information.
Standards for handling sensitive Compliance for managing
Controlled Unclassified
but unclassified information within sensitive government
Information (CUI)
US government agencies. information.
EU agency that provides guidelines Compliance with EU
European Union Agency for
for cybersecurity and data cybersecurity practices and
Cybersecurity (ENISA)
protection. recommendations.
Cybersecurity Maturity Framework for ensuring the Compliance for defense
Model Certification cybersecurity of defense industry contractors and
(CMMC) contractors in the US. suppliers.
 Compliance
Description Primary Use Cases
Standard/Framework
Cybersecurity risk
Framework providing guidelines
NIST Cybersecurity management, framework
for improving cybersecurity
Framework (CSF) adoption for security
practices and managing cyber risks.
practices.