A practitioner’s reference, not a marketing brochure. This article catalogs the major AWS services as of April 2026, structured by the certification tier that first introduces them in depth — from the foundational Associate track through Professional and Specialty domains. A downloadable Excel workbook with the full catalog is included at the end.
Why a Structured Catalog Matters
AWS officially offers more than 240 fully featured services as of 2026, with individual sub-features and API operations exceeding 500. For anyone designing architectures, studying for certifications, or justifying cloud adoption to leadership, an unordered flat list is operationally useless. Structure matters.
This reference organizes services into four tiers that align with the AWS certification track — not because the cert is the goal, but because the curriculum progression mirrors how services relate to one another in real architectures.
| Tier | Scope | AWS Exam |
|---|---|---|
| 1 — Foundational | Core services every cloud architect must know | SAA-C03 (Solutions Architect Associate) |
| 2 — Advanced Architecture | Services for complex, multi-account, hybrid workloads | SAP-C02 (Solutions Architect Professional) |
| 3 — Domain Specialization | Deep expertise in Networking, Security, or AI/ML | ANS-C01 / SCS-C03 / MLA-C01 |
| 4 — Extended Portfolio | IoT, media, satellite, AR/VR, niche enterprise | No primary cert track |
Tier 1 — Core Services (SAA-C03)
These are the services covered by the AWS Certified Solutions Architect – Associate (SAA-C03) exam. Every cloud practitioner operating at a professional level should understand these services, their use cases, and how they compose into production architectures.
Compute
| Service | Description |
|---|---|
| Amazon EC2 | Resizable virtual servers. The workhorse of AWS compute — instance types, pricing models (On-Demand, Reserved, Spot), placement groups, and Nitro hypervisor. |
| AWS Lambda | Event-driven serverless compute. Pay per invocation. Integrates deeply with API Gateway, S3, EventBridge, and DynamoDB. |
| Amazon ECS | Container orchestration for Docker workloads. Deploy with EC2 launch type or Fargate. |
| Amazon EKS | Managed Kubernetes. The right choice when you need Kubernetes-native tooling and ecosystem portability. |
| AWS Elastic Beanstalk | PaaS abstraction over EC2, ALB, and Auto Scaling. Deploy code; AWS manages the infrastructure layer. |
| AWS Fargate | Serverless compute engine for ECS and EKS. No nodes to manage. |
| Amazon Lightsail | Simplified VPS for low-complexity workloads. Not the right choice for enterprise architects. |
| AWS Outposts | AWS-managed hardware deployed on-premises. Consistent API, tooling, and data residency control. |
| EC2 Auto Scaling | Automatically adjust EC2 fleet capacity based on demand signals. Works with Target Tracking, Step, and Scheduled policies. |
Storage
| Service | Description |
|---|---|
| Amazon S3 | Object storage at any scale. The foundation of AWS data architectures — versioning, lifecycle policies, event notifications, intelligent-tiering. |
| Amazon EBS | Block storage for EC2. Volume types: gp3, io2 (provisioned IOPS), st1 (throughput), sc1 (cold). Snapshots to S3. |
| Amazon EFS | Managed NFS for Linux workloads. Multi-AZ, auto-scaling. Not for Windows. |
| Amazon S3 Glacier | Low-cost archival storage. Retrieval tiers: Instant, Flexible, Deep Archive. |
| AWS Storage Gateway | Hybrid integration: File Gateway (NFS/SMB to S3), Volume Gateway (iSCSI), Tape Gateway. |
| AWS Backup | Centralized, policy-driven backup across EC2, RDS, EFS, DynamoDB, and more. |
| Amazon FSx | Managed file systems: FSx for Windows, Lustre, NetApp ONTAP, OpenZFS. Choose based on protocol and workload type. |
| AWS Snow Family | Physical data transfer: Snowcone (8TB), Snowball Edge (up to 80TB), Snowmobile (100PB). Also used for edge compute. |
Databases
| Service | Description |
|---|---|
| Amazon RDS | Managed relational DB: MySQL, PostgreSQL, Oracle, SQL Server, MariaDB. Multi-AZ for HA; Read Replicas for read scaling. |
| Amazon Aurora | AWS-native MySQL/PostgreSQL-compatible DB. 5x faster than MySQL. Shared storage layer across 6 copies in 3 AZs. |
| Amazon DynamoDB | Serverless, single-digit millisecond NoSQL DB. Global Tables for multi-region active-active. |
| Amazon ElastiCache | In-memory caching: Redis (rich data structures, persistence) or Memcached (simple cache, horizontal scaling). |
| Amazon Redshift | Columnar data warehouse. MPP architecture. RA3 nodes with managed storage. |
| Amazon Neptune | Graph database. Supports Gremlin (property graphs) and SPARQL (RDF/SPARQL). |
| Amazon DocumentDB | MongoDB-compatible document database. Not the same engine as MongoDB — compatibility, not parity. |
| Amazon Keyspaces | Managed Apache Cassandra-compatible service. Serverless, pay-per-request. |
Networking & Content Delivery
| Service | Description |
|---|---|
| Amazon VPC | The fundamental network isolation boundary in AWS. Subnets, route tables, NACLs, security groups, gateways. |
| Amazon Route 53 | DNS with routing policies: Simple, Weighted, Latency, Failover, Geolocation, Geoproximity, Multivalue. Also domain registration. |
| Amazon CloudFront | Global CDN with 400+ edge locations. Integrates with S3, ALB, API Gateway, Lambda@Edge, CloudFront Functions. |
| Elastic Load Balancing | ALB (HTTP/HTTPS, L7, host/path routing), NLB (TCP/UDP, L4, static IP), GLB (third-party virtual appliances). |
| AWS Direct Connect | Dedicated 1 Gbps or 10 Gbps private connection to AWS. Not encrypted by default — use with MACsec or VPN. |
| AWS VPN | IPsec VPN over the internet. Site-to-Site VPN or Client VPN (OpenVPN-based). |
| Amazon API Gateway | Managed REST, HTTP, and WebSocket API service. Throttling, caching, authorization, usage plans. |
| AWS Global Accelerator | Anycast IP routing through AWS global backbone. Latency and availability improvement for non-HTTP workloads. |
Security, Identity & Compliance
| Service | Description |
|---|---|
| AWS IAM | The identity layer of AWS. Users, groups, roles, policies (identity-based, resource-based, SCPs). Principle of least privilege is not optional. |
| AWS KMS | Managed encryption keys. CMKs (now KMS keys): AWS-managed, customer-managed. Integrates with S3, RDS, EBS, Lambda. |
| AWS Secrets Manager | Store, rotate, and retrieve database credentials, API keys, and tokens. Rotation via Lambda functions. |
| AWS Certificate Manager (ACM) | Provision and auto-renew TLS/SSL certificates. Public certificates are free. Private CA is paid. |
| Amazon Cognito | User Pools (authentication) + Identity Pools (authorization to AWS resources). JWT-based. Federated with OIDC/SAML. |
| AWS WAF | Layer 7 firewall. Managed rule groups, custom rules, rate limiting. Integrates with CloudFront, ALB, API Gateway. |
| AWS Shield | DDoS protection. Standard (free, automatic). Advanced (paid, 24/7 DRT, cost protection). |
| Amazon GuardDuty | ML-based threat detection from VPC Flow Logs, DNS, CloudTrail, EKS audit logs, RDS login events. |
| AWS CloudTrail | API call audit trail. Every API call — who, what, when, from where. Enabled per-region; organization trails for all accounts. |
| AWS Config | Configuration compliance and change history. Rules (managed and custom via Lambda) for drift detection. |
Management & Governance
| Service | Description |
|---|---|
| AWS CloudFormation | Infrastructure as Code with JSON/YAML templates. Stacks, StackSets for multi-account/region deployment. |
| Amazon CloudWatch | Unified observability: metrics, logs (Log Insights), alarms, dashboards, Contributor Insights. |
| AWS Systems Manager | Operational control: Session Manager (no SSH/bastion), Patch Manager, Parameter Store, Run Command, Automation. |
| AWS Organizations | Multi-account governance. SCPs, delegated admin, consolidated billing. |
| AWS Trusted Advisor | Best practice checks across cost optimization, security, fault tolerance, performance, service limits. |
| AWS Health Dashboard | Personalized service event notifications. Service Health vs. Personal Health. |
Application Integration
| Service | Description |
|---|---|
| Amazon SQS | Managed message queue. Standard (at-least-once, best-effort order) and FIFO (exactly-once, strict order). |
| Amazon SNS | Pub/sub fanout. Topics → SQS, Lambda, HTTP, email, SMS. Message filtering at subscription level. |
| Amazon EventBridge | Serverless event bus. Schema registry, event replay, cross-account routing, SaaS integrations. |
| AWS Step Functions | Visual state machine orchestration. Standard (long-running) and Express (high-throughput) workflows. |
| Amazon MQ | Managed ActiveMQ and RabbitMQ. Lift-and-shift for AMQP/STOMP/MQTT workloads. |
| Amazon Kinesis Data Streams | Real-time data streaming. Shards, retention up to 365 days, consumers via Lambda or KCL. |
Analytics
| Service | Description |
|---|---|
| Amazon Athena | Serverless SQL on S3. Pay per query scanned. Parquet/ORC dramatically reduces cost. |
| Amazon EMR | Managed Hadoop/Spark. EC2, EKS, or Serverless deployment options. |
| AWS Glue | Serverless ETL. Data Catalog (Hive metastore-compatible), crawlers, Spark-based transformations. |
| Amazon OpenSearch Service | Managed OpenSearch (fork of Elasticsearch). Full-text search, log analytics, observability. |
AI & Machine Learning (Associate-Level)
| Service | Description |
|---|---|
| Amazon SageMaker | End-to-end ML platform. Studio, Pipelines, Feature Store, Ground Truth, Model Monitor. |
| Amazon Rekognition | Vision AI: object detection, facial analysis, content moderation, text-in-image. |
| Amazon Polly | Neural text-to-speech. Multiple voices, SSML support, custom lexicons. |
| Amazon Translate | Neural machine translation. 75+ languages. Custom terminology support. |
| Amazon Comprehend | NLP: sentiment, entity recognition, topic modeling, PII detection. |
| Amazon Transcribe | Automatic speech recognition. Speaker diarization, medical variant, call analytics. |
| Amazon Lex | Conversational AI chatbot engine. The same engine that powers Alexa. |
Developer Tools
| Service | Description |
|---|---|
| AWS CodeBuild | Fully managed CI build service. Docker-based build environments, pay per build minute. |
| AWS CodeDeploy | Automated deployment to EC2, Lambda, and ECS. Blue/green and rolling deployment strategies. |
| AWS CodePipeline | CI/CD pipeline orchestration. Integrates with CodeBuild, CodeDeploy, and third-party tools. |
| AWS Cloud9 | Cloud-based IDE. Pre-configured with AWS CLI, SDKs. |
Tier 2 — Advanced Architecture Services (SAP-C02)
The AWS Certified Solutions Architect – Professional (SAP-C02) exam goes substantially deeper into multi-account architectures, hybrid connectivity, advanced networking, and cost/governance at scale. These are the services that separate mid-level practitioners from senior architects.
Compute (Advanced)
| Service | Description |
|---|---|
| AWS Batch | Managed batch computing. Job queues, compute environments (EC2/Fargate), array jobs, priority-based scheduling. |
| Amazon EC2 Image Builder | Automated AMI and container image creation, testing, and distribution pipelines. |
| AWS App Runner | Run containerized web apps with zero infrastructure management. Source from ECR or GitHub. |
| AWS Wavelength | Compute deployed at 5G carrier edge. Single-digit millisecond latency to mobile devices. |
Networking (Advanced)
| Service | Description |
|---|---|
| AWS Transit Gateway | Hub-and-spoke regional routing. Attach VPCs, VPNs, Direct Connect gateways. Supports multicast and inter-region peering. |
| AWS Network Firewall | Managed stateful VPC firewall with Suricata rule engine. IDS/IPS capability at the VPC perimeter. |
| AWS PrivateLink | Expose services privately via VPC endpoints. No internet exposure, no overlapping CIDR concerns. |
| Amazon VPC Lattice | Application-layer networking for microservices. Service directory, auth policies, traffic controls across VPCs and accounts. |
| AWS Cloud WAN | Managed global WAN connecting VPCs, on-premises sites, and Direct Connect via a core network policy document. |
Databases (Advanced)
| Service | Description |
|---|---|
| Amazon Aurora Serverless v2 | Auto-scaling Aurora capacity in fine-grained ACU increments. Per-second billing. Ideal for variable workloads. |
| Amazon RDS Proxy | Connection pooling layer in front of RDS/Aurora. Reduces connection exhaustion in Lambda-heavy architectures. |
| Amazon MemoryDB for Redis | Redis-compatible, durable in-memory database with Multi-AZ persistence. Not just a cache — a primary DB. |
| Amazon Timestream | Purpose-built time-series database. IoT telemetry, DevOps metrics, financial data. |
| Amazon QLDB | Immutable, cryptographically verifiable ledger database. Not a blockchain — a trusted audit trail. |
Security (Advanced)
| Service | Description |
|---|---|
| AWS Control Tower | Landing zone automation for multi-account environments. Guardrails (SCPs + Config rules), Account Factory. |
| Amazon Inspector | Automated vulnerability assessment. Scans EC2 OS packages, Lambda code, and container images in ECR. |
| Amazon Macie | ML-based sensitive data discovery in S3. Identifies PII, credentials, PHI at scale. |
| AWS IAM Identity Center (SSO) | Centralized SSO for AWS accounts and SAML 2.0 applications. Replaces per-account IAM users at scale. |
| AWS Resource Access Manager (RAM) | Share AWS resources (Transit Gateway, subnets, Route 53 Resolver rules) across accounts within Organizations. |
| AWS Firewall Manager | Central policy management for WAF, Shield Advanced, Network Firewall, and security groups across accounts. |
| Amazon Detective | Security investigation using ML-powered graphs correlating CloudTrail, VPC Flow Logs, and GuardDuty findings. |
Management & Governance (Advanced)
| Service | Description |
|---|---|
| AWS Service Catalog | IT service catalog for publishing approved CloudFormation products. Self-service with governance guardrails. |
| AWS Compute Optimizer | ML-powered right-sizing recommendations for EC2, Lambda, EBS, ECS on Fargate, and Auto Scaling Groups. |
| AWS Cost Explorer | Visualize and analyze AWS spend. Reservation/Savings Plans coverage, anomaly detection, rightsizing recommendations. |
| AWS Well-Architected Tool | Structured review against the six pillars. Identify high-risk issues (HRIs) and generate improvement plans. |
| AWS Resilience Hub | Define RTO/RPO targets and validate application architecture against them with automated assessments. |
| AWS Fault Injection Simulator (FIS) | Controlled chaos engineering. Pre-built actions for EC2, ECS, EKS, RDS, network. Observability integration. |
Migration & Transfer
| Service | Description |
|---|---|
| AWS Migration Hub | Centralized tracking across migration tools. Integrates with MGN, DMS, and third-party tools. |
| AWS Application Migration Service (MGN) | Agent-based lift-and-shift replication. Continuous block-level replication with minimal cutover window. |
| AWS Database Migration Service (DMS) | Migrate databases with ongoing CDC replication. Homogeneous and heterogeneous migrations. |
| AWS Mainframe Modernization | Automated refactoring or replatforming of COBOL/PL1 workloads. Micro Focus and BluAge runtimes. |
Analytics (Advanced)
| Service | Description |
|---|---|
| Amazon QuickSight | Serverless BI and dashboard service. Paginated reports, ML-powered Q&A, anomaly detection. |
| AWS Lake Formation | Build, secure, and share data lakes in S3. Fine-grained column/row access control over Glue Data Catalog. |
| Amazon Kinesis Data Firehose | Zero-code streaming ingestion into S3, Redshift, OpenSearch, Splunk. Auto-scaling, buffering, transformation. |
| Amazon MSK | Managed Apache Kafka clusters. MSK Connect for Kafka Connect workers. MSK Serverless option. |
| Amazon Managed Service for Apache Flink | Real-time stream processing. Replaced Kinesis Data Analytics. SQL, Java, Scala, Python APIs. |
| Amazon Managed Workflows for Apache Airflow (MWAA) | Managed Apache Airflow for data pipeline orchestration. Private network deployment. |
Application Integration (Advanced)
| Service | Description |
|---|---|
| Amazon AppFlow | No-code SaaS integration (Salesforce, Slack, Google Analytics, etc.) to/from S3 or Redshift. |
| AWS AppSync | Managed GraphQL API service. Real-time subscriptions, offline data sync, conflict resolution. |
| Amazon Managed Workflows for Apache Airflow (MWAA) | Managed Airflow. Python-based DAG-driven orchestration for complex data workflows. |
Containers (Advanced)
| Service | Description |
|---|---|
| Amazon ECR | Container image registry. Private repositories, image scanning, lifecycle policies, cross-account access. |
| Amazon EKS Anywhere | Run EKS-compatible clusters on-premises using your own servers or VMware vSphere. |
| AWS App Mesh | Envoy-based service mesh for microservices traffic management and observability (being superseded by VPC Lattice). |
Tier 3 — Specialty Certification Services
These services appear primarily in the Specialty certification tracks. A practitioner without the specific domain context will struggle to use them effectively — but for the right workload, they are the correct and precise tool.
Networking Specialty (ANS-C01)
| Service | Description |
|---|---|
| AWS Direct Connect Gateway | Aggregate multiple Virtual Interfaces across Regions and VPCs through a single Direct Connect connection. |
| AWS Network Access Analyzer | Identify unintended network access paths to resources using automated path analysis. |
| Amazon Route 53 Resolver | Hybrid DNS: Inbound Endpoints (on-premises → VPC) and Outbound Endpoints (VPC → on-premises). |
| AWS VPC Traffic Mirroring | Copy raw packet data from ENIs for IDS/IPS, deep packet inspection, or forensic capture. |
| AWS Reachability Analyzer | Point-to-point connectivity verification. Analyzes routing, security groups, NACLs, VPC peering, VGW, TGW. |
| VPC Flow Logs | Capture IP traffic metadata (5-tuple) for security analysis, troubleshooting, and compliance evidence. |
| AWS Transit Gateway Network Manager | Centralized global network topology view. Monitors SD-WAN integrations via CloudWatch metrics. |
| AWS Verified Access | Zero-trust access proxy. Evaluate identity and device posture before granting access — no VPN required. |
| AWS Cloud WAN (Advanced) | Global network policy with segment-based routing and inter-segment traffic inspection. |
| EC2 Placement Groups | Cluster (low latency, same AZ), Partition (Hadoop/Cassandra isolation), Spread (hardware fault isolation). |
Security Specialty (SCS-C03)
The SCS-C02 exam was retired December 1, 2025. The current active version is SCS-C03, available from December 2, 2025. The new version expands coverage of AI/GenAI security guardrails, multi-account governance, and zero-trust patterns.
| Service | Description |
|---|---|
| AWS CloudHSM | Dedicated hardware security module. You manage the keys — AWS has zero access. FIPS 140-2 Level 3 certified. |
| Amazon Security Lake | Centralize security data in OCSF (Open Cybersecurity Schema Framework) format. 50+ AWS native sources. |
| AWS Audit Manager | Continuous compliance evidence collection. Pre-built frameworks: PCI DSS, CIS, NIST 800-53, SOC 2, HIPAA. |
| AWS Artifact | On-demand access to AWS compliance reports (SOC 1/2/3, ISO 27001, PCI DSS) and legal agreements (BAA, NDA). |
| AWS Signer | Code signing for Lambda and container images. Ensures code integrity and provenance before deployment. |
| IAM Access Analyzer | Identify externally accessible resources (S3 buckets, IAM roles, KMS keys, Lambda, SQS). Policy validation and generation. |
| AWS Private Certificate Authority | Managed private PKI. Issue internal TLS certificates for services that cannot use public ACM certs. |
AI/ML Specialty (MLA-C01 / MLS-C01)
The MLS-C01 (Machine Learning Specialty) had its last testing date on March 31, 2026. The active ML certification is MLA-C01 (Machine Learning Engineer – Associate). MLS-C01 content remains relevant for practitioners working with deep SageMaker workflows.
| Service | Description |
|---|---|
| Amazon Bedrock | Unified API for foundation models: Anthropic Claude, Meta Llama, Mistral, Amazon Titan, Cohere, AI21. Includes Knowledge Bases, Agents, Guardrails, Model Evaluation, and Prompt Management. |
| Amazon SageMaker (Advanced) | Pipelines (MLOps CI/CD), Feature Store, Model Monitor (drift/quality), Clarify (bias/explainability), JumpStart (model hub), HyperPod (distributed training clusters). |
| Amazon Q Developer | AI coding assistant in IDE, CLI, and console. Code generation, security scanning, automated code transformation. Successor to CodeWhisperer. |
| Amazon Q Business | Enterprise generative AI assistant. Connects to internal data sources (S3, Confluence, Salesforce) with fine-grained access control. |
| AWS Trainium | Purpose-built ML training chip. Trainium2 supports 100B+ parameter model training. Priced per chip-hour. |
| AWS Inferentia | Purpose-built ML inference chip. Cost-effective, high-throughput inference for production model serving. |
| Amazon Textract | Document intelligence beyond OCR. Extracts structured forms, tables, signatures, and key-value pairs from PDFs and images. |
| Amazon Personalize | Real-time ML-based recommendations. No ML expertise required — provide interaction data, receive ranked recommendations. |
| Amazon Forecast | Time-series forecasting using AutoML. Demand planning, resource allocation, inventory optimization. |
| Amazon Fraud Detector | Managed fraud detection combining ML models and business rules. Online fraud, account takeover, payment abuse. |
| Amazon Kendra | Intelligent enterprise search. ML-powered relevance ranking. Connects to SharePoint, S3, Confluence, Salesforce. |
| Amazon Augmented AI (A2I) | Human review workflows for ML predictions that fall below confidence thresholds. Integrates with Textract and Rekognition. |
Tier 4 — Extended AWS Portfolio
These services address specific industry domains. Not regularly tested on the main certification tracks, but they represent real production workloads at scale for the right vertical.
IoT
| Service | Description |
|---|---|
| AWS IoT Core | Managed MQTT/HTTPS broker. Connect billions of devices, route messages to AWS services via a rules engine. |
| AWS IoT Greengrass | Run Lambda, ML inference, and stream processing at the edge. Operates without continuous cloud connectivity. |
| AWS IoT SiteWise | Collect, structure, and analyze industrial equipment data (OPC-UA, Modbus). Digital twin asset model. |
| AWS IoT TwinMaker | Build digital twins with real-time data integration. Integrates with SiteWise, Grafana, and Unreal Engine. |
| Amazon Kinesis Video Streams | Ingest, store, and process video streams from connected devices. Integrates with Rekognition Video. |
End-User Computing
| Service | Description |
|---|---|
| Amazon WorkSpaces | Managed Windows/Linux virtual desktops. Personal or pooled. Billed hourly or monthly. |
| Amazon AppStream 2.0 | Stream Windows desktop applications to any browser. No client installation required. |
| Amazon WorkSpaces Web | Managed, secure browser for accessing internal web applications. No data persists on the endpoint. |
| Amazon WorkMail | Managed business email and calendaring. Exchange-compatible. Integrated with Directory Service and SES. |
Business Applications
| Service | Description |
|---|---|
| Amazon Connect | Cloud contact center. Visual IVR flows, real-time analytics, ML-powered agent assist. Priced per minute used. |
| Amazon Pinpoint | Customer engagement: email, SMS, push notifications, voice. Journey orchestration and campaign analytics. |
| Amazon SES | Scalable transactional and bulk email delivery. High deliverability, reputation management, configuration sets. |
| AWS Supply Chain | ML-powered supply chain risk visibility. Inventory, demand sensing, and lead time analytics. |
Media & Streaming
| Service | Description |
|---|---|
| Amazon IVS | Interactive live video streaming with sub-second latency. Timed metadata for real-time interactivity (polls, Q&A). |
| AWS Elemental MediaConvert | File-based video transcoding. VOD workflows, HLS/DASH/CMAF output, DRM integration. |
| AWS Elemental MediaLive | Live video encoding for broadcast-quality output. Redundant pipelines for 24/7 channels. |
| AWS Elemental MediaPackage | Video origination and just-in-time packaging. HLS, DASH, and CDN origin integration. |
Satellite & Specialized
| Service | Description |
|---|---|
| AWS Ground Station | Satellite communication as a service. Schedule antenna contacts, downlink data directly into AWS. |
| Amazon Braket | Quantum computing experimentation platform. Hardware from IonQ, Rigetti, Oxford Quantum Circuit, and D-Wave. |
| Amazon Managed Blockchain | Create and manage Hyperledger Fabric and Ethereum networks for traceability and provenance use cases. |
Hybrid & Edge
| Service | Description |
|---|---|
| AWS Local Zones | AWS infrastructure extension in major metros. Sub-10ms latency to end users for latency-sensitive workloads. |
| AWS Snow Family (Edge Compute) | Snowball Edge runs EC2 instances and Lambda. Snowcone (2.1 kg) for disconnected, ruggedized environments. |
| VMware Cloud on AWS | Run VMware vSphere workloads natively on AWS bare metal. No re-platforming required. Joint support. |
| Amazon ECS Anywhere | Run ECS tasks on on-premises and edge servers registered as external instances. |
| Amazon EKS Anywhere | Deploy EKS-compatible clusters on-premises using your own servers or VMware vSphere. |
Developer & DevOps (Extended)
| Service | Description |
|---|---|
| AWS CDK | Define cloud infrastructure using TypeScript, Python, Java, or Go. Synthesizes to CloudFormation. |
| AWS Amplify | Full-stack web and mobile app development. Hosting, authentication, GraphQL, storage — opinionated and fast. |
| AWS X-Ray | Distributed tracing. Service map, latency histograms, root cause identification for microservices. |
| Amazon Managed Grafana | Managed Grafana workspaces. Integrates natively with CloudWatch, Prometheus, and OpenSearch. |
| Amazon Managed Service for Prometheus (AMP) | Managed Prometheus-compatible metrics storage. Scales to tens of billions of samples. |
| AWS Distro for OpenTelemetry (ADOT) | AWS-supported OpenTelemetry collector. Vendor-neutral trace and metric collection. |
Data & Analytics (Extended)
| Service | Description |
|---|---|
| AWS Clean Rooms | Collaborate on datasets with external partners without exposing underlying raw data. SQL-based analysis rules. |
| Amazon DataZone | Data governance portal. Catalog assets, define access policies, enable business-driven data discovery. |
| AWS Entity Resolution | Match and link related records across datasets using ML and rule-based matching. |
| Amazon Redshift Serverless | Run Redshift analytics with no cluster provisioning. Auto-scaling compute, pay per workload run. |
Management (Extended)
| Service | Description |
|---|---|
| AWS Proton | Automated deployment templates for container and serverless service teams. Platform team-managed scaffolding. |
| Amazon Managed Grafana | Managed Grafana workspaces for operations dashboards and SLO visualization. |
| AWS Distro for OpenTelemetry (ADOT) | Collect distributed traces and metrics in a vendor-neutral format compatible with Jaeger, Zipkin, and Prometheus. |
Regional Availability — A Design Constraint, Not a Footnote
Not all services are available in all AWS Regions. This is a hard architectural constraint that has broken production launch timelines.
AWS operates 37+ Regions globally as of April 2026. When a new Region launches, it includes a defined set of core services. Additional services are added over subsequent months. Specialized and newer services may remain limited to a handful of Regions for extended periods.
Core services guaranteed in every Region launch (partial list): EC2, S3, VPC, IAM, RDS, Lambda, EKS, ECS, CloudFormation, CloudWatch, CloudTrail, Config, KMS, DynamoDB, SQS, SNS, Direct Connect, ELB, EMR, EventBridge, Fargate, Redshift, OpenSearch.
Services typically available within 12 months of a new Region launch: Athena, Backup, CloudFront, Cognito, Control Tower, DataSync, Directory Service, EFS, GuardDuty, IAM Identity Center, Lake Formation, SageMaker, Security Hub, Shield Advanced, Storage Gateway, Transit Gateway, WAF.
Services with limited or selective regional availability: Bedrock (with all model providers), CloudHSM, Ground Station, Braket, Wavelength, Local Zones, Inferentia/Trainium instances, IVS, Elemental media services, IoT SiteWise, and most Tier 4 services.
Official AWS Regional Availability Resources
Use these authoritative sources for production architecture decisions:
| Resource | URL | Purpose |
|---|---|---|
| AWS Services by Region | aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ | Official service availability per Region |
| AWS Capabilities by Region | builder.aws/capabilities-by-region | Interactive multi-region comparison, API-level granularity, forward-looking roadmap quarters |
| AWS Global Infrastructure | aws.amazon.com/about-aws/global-infrastructure/regions_az/ | Region and AZ map, Local Zones, Wavelength Zones |
| AWS What’s New | aws.amazon.com/new/ | Authoritative source for service launches and regional expansions |
AWS Capabilities by Region (launched November 2025) is the most operationally useful tool for multi-region architecture planning. It provides side-by-side comparison across multiple Regions at the feature and API level — not just service level — and includes directional launch quarters (e.g., “2026 Q2”) for planned expansions. Use it before committing to a Region strategy.
When to Use Non-Core Services: A Decision Framework
The services beyond the SAA-C03 core exist because the core services do not solve every problem at the required fidelity. The following principles guide selection:
Use Tier 2 services when your environment has one or more of these characteristics:
- Multi-account at scale — Control Tower, IAM Identity Center, RAM, and Firewall Manager are not optional at enterprise scale. They are the governance layer that prevents security and compliance debt from compounding.
- Hybrid connectivity beyond a VPN — Transit Gateway replaces VPC peering mesh above 5 VPCs. Cloud WAN applies when routing policy spans multiple Regions with inspection requirements.
- Cost governance pressure — Compute Optimizer, Cost Explorer, and Savings Plans are architectural inputs, not post-deployment afterthoughts.
- Active migration initiative — MGN, DMS, and Migration Hub reduce risk during cutover windows. They do not eliminate architectural thinking; they replace manual replication and tracking.
Use Tier 3 Specialty services when your team owns a specific domain:
- Networking — Traffic Mirroring, Network Access Analyzer, Reachability Analyzer, and Verified Access address the gap between “connectivity exists” and “connectivity is provably secure and auditable.”
- Security — CloudHSM when you cannot allow AWS to have any access to your cryptographic keys. Security Lake when you need SIEM-grade telemetry in OCSF format across accounts and tools. Audit Manager when compliance evidence collection cannot be manual.
- AI/ML — Bedrock when you need frontier model access inside your AWS network perimeter with access control and auditability. SageMaker Feature Store and Pipelines when you need reproducible, governed ML workflows — not notebook experiments.
Use Tier 4 services when your industry vertical demands them:
IoT for manufacturing, logistics, and utilities. Media services for broadcast and streaming. Ground Station for satellite data acquisition. Braket for quantum algorithm research. These are not general-purpose alternatives to core services — they are purpose-built for specific workloads where the alternative is building the capability from scratch.
Youtube
Downloadable Excel Catalog
The full catalog is available as a structured Excel workbook with six sheets covering all 230+ services organized by tier and category.
Download: AWS Services Catalog — dantas.io (April 2026) (.xlsx)
Sheets included: README / Summary · Tier-1 Associate (SAA-C03) · Tier-2 Professional (SAP-C02) · Tier-3 Specialty Exams · Tier-4 Additional Services · All Services by Category (flat, sortable).
References
Amazon Web Services. (2026). AWS services by category. Amazon Web Services Documentation. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/amazon-web-services-cloud-platform.html
Amazon Web Services. (2026). AWS certification exam guides. Amazon Web Services Certification. https://docs.aws.amazon.com/aws-certification/latest/examguides/aws-certification-exam-guides.html
Amazon Web Services. (2026). AWS global infrastructure — Regions and Availability Zones. Amazon Web Services. https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
Amazon Web Services. (2026). Regional product services. Amazon Web Services. https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
Amazon Web Services. (2025, November). Introducing AWS Capabilities by Region for easier Regional planning and faster global deployments. AWS News Blog. https://aws.amazon.com/blogs/aws/introducing-aws-capabilities-by-region-for-easier-regional-planning-and-faster-global-deployments/
Amazon Web Services. (2026). What’s new with AWS. Amazon Web Services. https://aws.amazon.com/new/
Tutorials Dojo. (2025). What’s new in AWS Certified Security Specialty SCS-C03 exam in 2025–2026. https://tutorialsdojo.com/whats-new-in-aws-certified-security-specialty-scs-c03-exam-in-2025-2026/