The Complete AWS Services Catalog: A Practitioner's Reference for 2026

Tue, 21 Apr 2026 00:00:00 +0000

A practitioner’s reference, not a marketing brochure. This article catalogs the major AWS services as of April 2026, structured by the certification tier that first introduces them in depth — from the foundational Associate track through Professional and Specialty domains. A downloadable Excel workbook with the full catalog is included at the end.

Why a Structured Catalog Matters

AWS officially offers more than 240 fully featured services as of 2026, with individual sub-features and API operations exceeding 500. For anyone designing architectures, studying for certifications, or justifying cloud adoption to leadership, an unordered flat list is operationally useless. Structure matters.

This reference organizes services into four tiers that align with the AWS certification track — not because the cert is the goal, but because the curriculum progression mirrors how services relate to one another in real architectures.

Tier	Scope	AWS Exam
1 — Foundational	Core services every cloud architect must know	SAA-C03 (Solutions Architect Associate)
2 — Advanced Architecture	Services for complex, multi-account, hybrid workloads	SAP-C02 (Solutions Architect Professional)
3 — Domain Specialization	Deep expertise in Networking, Security, or AI/ML	ANS-C01 / SCS-C03 / MLA-C01
4 — Extended Portfolio	IoT, media, satellite, AR/VR, niche enterprise	No primary cert track

Tier 1 — Core Services (SAA-C03)

These are the services covered by the AWS Certified Solutions Architect – Associate (SAA-C03) exam. Every cloud practitioner operating at a professional level should understand these services, their use cases, and how they compose into production architectures.

Compute

Service	Description
Amazon EC2	Resizable virtual servers. The workhorse of AWS compute — instance types, pricing models (On-Demand, Reserved, Spot), placement groups, and Nitro hypervisor.
AWS Lambda	Event-driven serverless compute. Pay per invocation. Integrates deeply with API Gateway, S3, EventBridge, and DynamoDB.
Amazon ECS	Container orchestration for Docker workloads. Deploy with EC2 launch type or Fargate.
Amazon EKS	Managed Kubernetes. The right choice when you need Kubernetes-native tooling and ecosystem portability.
AWS Elastic Beanstalk	PaaS abstraction over EC2, ALB, and Auto Scaling. Deploy code; AWS manages the infrastructure layer.
AWS Fargate	Serverless compute engine for ECS and EKS. No nodes to manage.
Amazon Lightsail	Simplified VPS for low-complexity workloads. Not the right choice for enterprise architects.
AWS Outposts	AWS-managed hardware deployed on-premises. Consistent API, tooling, and data residency control.
EC2 Auto Scaling	Automatically adjust EC2 fleet capacity based on demand signals. Works with Target Tracking, Step, and Scheduled policies.

Storage

Service	Description
Amazon S3	Object storage at any scale. The foundation of AWS data architectures — versioning, lifecycle policies, event notifications, intelligent-tiering.
Amazon EBS	Block storage for EC2. Volume types: gp3, io2 (provisioned IOPS), st1 (throughput), sc1 (cold). Snapshots to S3.
Amazon EFS	Managed NFS for Linux workloads. Multi-AZ, auto-scaling. Not for Windows.
Amazon S3 Glacier	Low-cost archival storage. Retrieval tiers: Instant, Flexible, Deep Archive.
AWS Storage Gateway	Hybrid integration: File Gateway (NFS/SMB to S3), Volume Gateway (iSCSI), Tape Gateway.
AWS Backup	Centralized, policy-driven backup across EC2, RDS, EFS, DynamoDB, and more.
Amazon FSx	Managed file systems: FSx for Windows, Lustre, NetApp ONTAP, OpenZFS. Choose based on protocol and workload type.
AWS Snow Family	Physical data transfer: Snowcone (8TB), Snowball Edge (up to 80TB), Snowmobile (100PB). Also used for edge compute.

Databases

Service	Description
Amazon RDS	Managed relational DB: MySQL, PostgreSQL, Oracle, SQL Server, MariaDB. Multi-AZ for HA; Read Replicas for read scaling.
Amazon Aurora	AWS-native MySQL/PostgreSQL-compatible DB. 5x faster than MySQL. Shared storage layer across 6 copies in 3 AZs.
Amazon DynamoDB	Serverless, single-digit millisecond NoSQL DB. Global Tables for multi-region active-active.
Amazon ElastiCache	In-memory caching: Redis (rich data structures, persistence) or Memcached (simple cache, horizontal scaling).
Amazon Redshift	Columnar data warehouse. MPP architecture. RA3 nodes with managed storage.
Amazon Neptune	Graph database. Supports Gremlin (property graphs) and SPARQL (RDF/SPARQL).
Amazon DocumentDB	MongoDB-compatible document database. Not the same engine as MongoDB — compatibility, not parity.
Amazon Keyspaces	Managed Apache Cassandra-compatible service. Serverless, pay-per-request.

Networking & Content Delivery

Service	Description
Amazon VPC	The fundamental network isolation boundary in AWS. Subnets, route tables, NACLs, security groups, gateways.
Amazon Route 53	DNS with routing policies: Simple, Weighted, Latency, Failover, Geolocation, Geoproximity, Multivalue. Also domain registration.
Amazon CloudFront	Global CDN with 400+ edge locations. Integrates with S3, ALB, API Gateway, Lambda@Edge, CloudFront Functions.
Elastic Load Balancing	ALB (HTTP/HTTPS, L7, host/path routing), NLB (TCP/UDP, L4, static IP), GLB (third-party virtual appliances).
AWS Direct Connect	Dedicated 1 Gbps or 10 Gbps private connection to AWS. Not encrypted by default — use with MACsec or VPN.
AWS VPN	IPsec VPN over the internet. Site-to-Site VPN or Client VPN (OpenVPN-based).
Amazon API Gateway	Managed REST, HTTP, and WebSocket API service. Throttling, caching, authorization, usage plans.
AWS Global Accelerator	Anycast IP routing through AWS global backbone. Latency and availability improvement for non-HTTP workloads.

Security, Identity & Compliance

Service	Description
AWS IAM	The identity layer of AWS. Users, groups, roles, policies (identity-based, resource-based, SCPs). Principle of least privilege is not optional.
AWS KMS	Managed encryption keys. CMKs (now KMS keys): AWS-managed, customer-managed. Integrates with S3, RDS, EBS, Lambda.
AWS Secrets Manager	Store, rotate, and retrieve database credentials, API keys, and tokens. Rotation via Lambda functions.
AWS Certificate Manager (ACM)	Provision and auto-renew TLS/SSL certificates. Public certificates are free. Private CA is paid.
Amazon Cognito	User Pools (authentication) + Identity Pools (authorization to AWS resources). JWT-based. Federated with OIDC/SAML.
AWS WAF	Layer 7 firewall. Managed rule groups, custom rules, rate limiting. Integrates with CloudFront, ALB, API Gateway.
AWS Shield	DDoS protection. Standard (free, automatic). Advanced (paid, 24/7 DRT, cost protection).
Amazon GuardDuty	ML-based threat detection from VPC Flow Logs, DNS, CloudTrail, EKS audit logs, RDS login events.
AWS CloudTrail	API call audit trail. Every API call — who, what, when, from where. Enabled per-region; organization trails for all accounts.
AWS Config	Configuration compliance and change history. Rules (managed and custom via Lambda) for drift detection.

Management & Governance

Service	Description
AWS CloudFormation	Infrastructure as Code with JSON/YAML templates. Stacks, StackSets for multi-account/region deployment.
Amazon CloudWatch	Unified observability: metrics, logs (Log Insights), alarms, dashboards, Contributor Insights.
AWS Systems Manager	Operational control: Session Manager (no SSH/bastion), Patch Manager, Parameter Store, Run Command, Automation.
AWS Organizations	Multi-account governance. SCPs, delegated admin, consolidated billing.
AWS Trusted Advisor	Best practice checks across cost optimization, security, fault tolerance, performance, service limits.
AWS Health Dashboard	Personalized service event notifications. Service Health vs. Personal Health.

Application Integration

Service	Description
Amazon SQS	Managed message queue. Standard (at-least-once, best-effort order) and FIFO (exactly-once, strict order).
Amazon SNS	Pub/sub fanout. Topics → SQS, Lambda, HTTP, email, SMS. Message filtering at subscription level.
Amazon EventBridge	Serverless event bus. Schema registry, event replay, cross-account routing, SaaS integrations.
AWS Step Functions	Visual state machine orchestration. Standard (long-running) and Express (high-throughput) workflows.
Amazon MQ	Managed ActiveMQ and RabbitMQ. Lift-and-shift for AMQP/STOMP/MQTT workloads.
Amazon Kinesis Data Streams	Real-time data streaming. Shards, retention up to 365 days, consumers via Lambda or KCL.

Analytics

Service	Description
Amazon Athena	Serverless SQL on S3. Pay per query scanned. Parquet/ORC dramatically reduces cost.
Amazon EMR	Managed Hadoop/Spark. EC2, EKS, or Serverless deployment options.
AWS Glue	Serverless ETL. Data Catalog (Hive metastore-compatible), crawlers, Spark-based transformations.
Amazon OpenSearch Service	Managed OpenSearch (fork of Elasticsearch). Full-text search, log analytics, observability.

AI & Machine Learning (Associate-Level)

Service	Description
Amazon SageMaker	End-to-end ML platform. Studio, Pipelines, Feature Store, Ground Truth, Model Monitor.
Amazon Rekognition	Vision AI: object detection, facial analysis, content moderation, text-in-image.
Amazon Polly	Neural text-to-speech. Multiple voices, SSML support, custom lexicons.
Amazon Translate	Neural machine translation. 75+ languages. Custom terminology support.
Amazon Comprehend	NLP: sentiment, entity recognition, topic modeling, PII detection.
Amazon Transcribe	Automatic speech recognition. Speaker diarization, medical variant, call analytics.
Amazon Lex	Conversational AI chatbot engine. The same engine that powers Alexa.

Developer Tools

Service	Description
AWS CodeBuild	Fully managed CI build service. Docker-based build environments, pay per build minute.
AWS CodeDeploy	Automated deployment to EC2, Lambda, and ECS. Blue/green and rolling deployment strategies.
AWS CodePipeline	CI/CD pipeline orchestration. Integrates with CodeBuild, CodeDeploy, and third-party tools.
AWS Cloud9	Cloud-based IDE. Pre-configured with AWS CLI, SDKs.

Tier 2 — Advanced Architecture Services (SAP-C02)

The AWS Certified Solutions Architect – Professional (SAP-C02) exam goes substantially deeper into multi-account architectures, hybrid connectivity, advanced networking, and cost/governance at scale. These are the services that separate mid-level practitioners from senior architects.

Compute (Advanced)

Service	Description
AWS Batch	Managed batch computing. Job queues, compute environments (EC2/Fargate), array jobs, priority-based scheduling.
Amazon EC2 Image Builder	Automated AMI and container image creation, testing, and distribution pipelines.
AWS App Runner	Run containerized web apps with zero infrastructure management. Source from ECR or GitHub.
AWS Wavelength	Compute deployed at 5G carrier edge. Single-digit millisecond latency to mobile devices.

Networking (Advanced)

Service	Description
AWS Transit Gateway	Hub-and-spoke regional routing. Attach VPCs, VPNs, Direct Connect gateways. Supports multicast and inter-region peering.
AWS Network Firewall	Managed stateful VPC firewall with Suricata rule engine. IDS/IPS capability at the VPC perimeter.
AWS PrivateLink	Expose services privately via VPC endpoints. No internet exposure, no overlapping CIDR concerns.
Amazon VPC Lattice	Application-layer networking for microservices. Service directory, auth policies, traffic controls across VPCs and accounts.
AWS Cloud WAN	Managed global WAN connecting VPCs, on-premises sites, and Direct Connect via a core network policy document.

Databases (Advanced)

Service	Description
Amazon Aurora Serverless v2	Auto-scaling Aurora capacity in fine-grained ACU increments. Per-second billing. Ideal for variable workloads.
Amazon RDS Proxy	Connection pooling layer in front of RDS/Aurora. Reduces connection exhaustion in Lambda-heavy architectures.
Amazon MemoryDB for Redis	Redis-compatible, durable in-memory database with Multi-AZ persistence. Not just a cache — a primary DB.
Amazon Timestream	Purpose-built time-series database. IoT telemetry, DevOps metrics, financial data.
Amazon QLDB	Immutable, cryptographically verifiable ledger database. Not a blockchain — a trusted audit trail.

Security (Advanced)

Service	Description
AWS Control Tower	Landing zone automation for multi-account environments. Guardrails (SCPs + Config rules), Account Factory.
Amazon Inspector	Automated vulnerability assessment. Scans EC2 OS packages, Lambda code, and container images in ECR.
Amazon Macie	ML-based sensitive data discovery in S3. Identifies PII, credentials, PHI at scale.
AWS IAM Identity Center (SSO)	Centralized SSO for AWS accounts and SAML 2.0 applications. Replaces per-account IAM users at scale.
AWS Resource Access Manager (RAM)	Share AWS resources (Transit Gateway, subnets, Route 53 Resolver rules) across accounts within Organizations.
AWS Firewall Manager	Central policy management for WAF, Shield Advanced, Network Firewall, and security groups across accounts.
Amazon Detective	Security investigation using ML-powered graphs correlating CloudTrail, VPC Flow Logs, and GuardDuty findings.

Management & Governance (Advanced)

Service	Description
AWS Service Catalog	IT service catalog for publishing approved CloudFormation products. Self-service with governance guardrails.
AWS Compute Optimizer	ML-powered right-sizing recommendations for EC2, Lambda, EBS, ECS on Fargate, and Auto Scaling Groups.
AWS Cost Explorer	Visualize and analyze AWS spend. Reservation/Savings Plans coverage, anomaly detection, rightsizing recommendations.
AWS Well-Architected Tool	Structured review against the six pillars. Identify high-risk issues (HRIs) and generate improvement plans.
AWS Resilience Hub	Define RTO/RPO targets and validate application architecture against them with automated assessments.
AWS Fault Injection Simulator (FIS)	Controlled chaos engineering. Pre-built actions for EC2, ECS, EKS, RDS, network. Observability integration.

Migration & Transfer

Service	Description
AWS Migration Hub	Centralized tracking across migration tools. Integrates with MGN, DMS, and third-party tools.
AWS Application Migration Service (MGN)	Agent-based lift-and-shift replication. Continuous block-level replication with minimal cutover window.
AWS Database Migration Service (DMS)	Migrate databases with ongoing CDC replication. Homogeneous and heterogeneous migrations.
AWS Mainframe Modernization	Automated refactoring or replatforming of COBOL/PL1 workloads. Micro Focus and BluAge runtimes.

Analytics (Advanced)

Service	Description
Amazon QuickSight	Serverless BI and dashboard service. Paginated reports, ML-powered Q&A, anomaly detection.
AWS Lake Formation	Build, secure, and share data lakes in S3. Fine-grained column/row access control over Glue Data Catalog.
Amazon Kinesis Data Firehose	Zero-code streaming ingestion into S3, Redshift, OpenSearch, Splunk. Auto-scaling, buffering, transformation.
Amazon MSK	Managed Apache Kafka clusters. MSK Connect for Kafka Connect workers. MSK Serverless option.
Amazon Managed Service for Apache Flink	Real-time stream processing. Replaced Kinesis Data Analytics. SQL, Java, Scala, Python APIs.
Amazon Managed Workflows for Apache Airflow (MWAA)	Managed Apache Airflow for data pipeline orchestration. Private network deployment.

Application Integration (Advanced)

Service	Description
Amazon AppFlow	No-code SaaS integration (Salesforce, Slack, Google Analytics, etc.) to/from S3 or Redshift.
AWS AppSync	Managed GraphQL API service. Real-time subscriptions, offline data sync, conflict resolution.
Amazon Managed Workflows for Apache Airflow (MWAA)	Managed Airflow. Python-based DAG-driven orchestration for complex data workflows.

Containers (Advanced)

Service	Description
Amazon ECR	Container image registry. Private repositories, image scanning, lifecycle policies, cross-account access.
Amazon EKS Anywhere	Run EKS-compatible clusters on-premises using your own servers or VMware vSphere.
AWS App Mesh	Envoy-based service mesh for microservices traffic management and observability (being superseded by VPC Lattice).

Tier 3 — Specialty Certification Services

These services appear primarily in the Specialty certification tracks. A practitioner without the specific domain context will struggle to use them effectively — but for the right workload, they are the correct and precise tool.

Networking Specialty (ANS-C01)

Service	Description
AWS Direct Connect Gateway	Aggregate multiple Virtual Interfaces across Regions and VPCs through a single Direct Connect connection.
AWS Network Access Analyzer	Identify unintended network access paths to resources using automated path analysis.
Amazon Route 53 Resolver	Hybrid DNS: Inbound Endpoints (on-premises → VPC) and Outbound Endpoints (VPC → on-premises).
AWS VPC Traffic Mirroring	Copy raw packet data from ENIs for IDS/IPS, deep packet inspection, or forensic capture.
AWS Reachability Analyzer	Point-to-point connectivity verification. Analyzes routing, security groups, NACLs, VPC peering, VGW, TGW.
VPC Flow Logs	Capture IP traffic metadata (5-tuple) for security analysis, troubleshooting, and compliance evidence.
AWS Transit Gateway Network Manager	Centralized global network topology view. Monitors SD-WAN integrations via CloudWatch metrics.
AWS Verified Access	Zero-trust access proxy. Evaluate identity and device posture before granting access — no VPN required.
AWS Cloud WAN (Advanced)	Global network policy with segment-based routing and inter-segment traffic inspection.
EC2 Placement Groups	Cluster (low latency, same AZ), Partition (Hadoop/Cassandra isolation), Spread (hardware fault isolation).

Security Specialty (SCS-C03)

The SCS-C02 exam was retired December 1, 2025. The current active version is SCS-C03, available from December 2, 2025. The new version expands coverage of AI/GenAI security guardrails, multi-account governance, and zero-trust patterns.

Service	Description
AWS CloudHSM	Dedicated hardware security module. You manage the keys — AWS has zero access. FIPS 140-2 Level 3 certified.
Amazon Security Lake	Centralize security data in OCSF (Open Cybersecurity Schema Framework) format. 50+ AWS native sources.
AWS Audit Manager	Continuous compliance evidence collection. Pre-built frameworks: PCI DSS, CIS, NIST 800-53, SOC 2, HIPAA.
AWS Artifact	On-demand access to AWS compliance reports (SOC 1/2/3, ISO 27001, PCI DSS) and legal agreements (BAA, NDA).
AWS Signer	Code signing for Lambda and container images. Ensures code integrity and provenance before deployment.
IAM Access Analyzer	Identify externally accessible resources (S3 buckets, IAM roles, KMS keys, Lambda, SQS). Policy validation and generation.
AWS Private Certificate Authority	Managed private PKI. Issue internal TLS certificates for services that cannot use public ACM certs.

AI/ML Specialty (MLA-C01 / MLS-C01)

The MLS-C01 (Machine Learning Specialty) had its last testing date on March 31, 2026. The active ML certification is MLA-C01 (Machine Learning Engineer – Associate). MLS-C01 content remains relevant for practitioners working with deep SageMaker workflows.

Service	Description
Amazon Bedrock	Unified API for foundation models: Anthropic Claude, Meta Llama, Mistral, Amazon Titan, Cohere, AI21. Includes Knowledge Bases, Agents, Guardrails, Model Evaluation, and Prompt Management.
Amazon SageMaker (Advanced)	Pipelines (MLOps CI/CD), Feature Store, Model Monitor (drift/quality), Clarify (bias/explainability), JumpStart (model hub), HyperPod (distributed training clusters).
Amazon Q Developer	AI coding assistant in IDE, CLI, and console. Code generation, security scanning, automated code transformation. Successor to CodeWhisperer.
Amazon Q Business	Enterprise generative AI assistant. Connects to internal data sources (S3, Confluence, Salesforce) with fine-grained access control.
AWS Trainium	Purpose-built ML training chip. Trainium2 supports 100B+ parameter model training. Priced per chip-hour.
AWS Inferentia	Purpose-built ML inference chip. Cost-effective, high-throughput inference for production model serving.
Amazon Textract	Document intelligence beyond OCR. Extracts structured forms, tables, signatures, and key-value pairs from PDFs and images.
Amazon Personalize	Real-time ML-based recommendations. No ML expertise required — provide interaction data, receive ranked recommendations.
Amazon Forecast	Time-series forecasting using AutoML. Demand planning, resource allocation, inventory optimization.
Amazon Fraud Detector	Managed fraud detection combining ML models and business rules. Online fraud, account takeover, payment abuse.
Amazon Kendra	Intelligent enterprise search. ML-powered relevance ranking. Connects to SharePoint, S3, Confluence, Salesforce.
Amazon Augmented AI (A2I)	Human review workflows for ML predictions that fall below confidence thresholds. Integrates with Textract and Rekognition.

Tier 4 — Extended AWS Portfolio

These services address specific industry domains. Not regularly tested on the main certification tracks, but they represent real production workloads at scale for the right vertical.

IoT

Service	Description
AWS IoT Core	Managed MQTT/HTTPS broker. Connect billions of devices, route messages to AWS services via a rules engine.
AWS IoT Greengrass	Run Lambda, ML inference, and stream processing at the edge. Operates without continuous cloud connectivity.
AWS IoT SiteWise	Collect, structure, and analyze industrial equipment data (OPC-UA, Modbus). Digital twin asset model.
AWS IoT TwinMaker	Build digital twins with real-time data integration. Integrates with SiteWise, Grafana, and Unreal Engine.
Amazon Kinesis Video Streams	Ingest, store, and process video streams from connected devices. Integrates with Rekognition Video.

End-User Computing

Service	Description
Amazon WorkSpaces	Managed Windows/Linux virtual desktops. Personal or pooled. Billed hourly or monthly.
Amazon AppStream 2.0	Stream Windows desktop applications to any browser. No client installation required.
Amazon WorkSpaces Web	Managed, secure browser for accessing internal web applications. No data persists on the endpoint.
Amazon WorkMail	Managed business email and calendaring. Exchange-compatible. Integrated with Directory Service and SES.

Business Applications

Service	Description
Amazon Connect	Cloud contact center. Visual IVR flows, real-time analytics, ML-powered agent assist. Priced per minute used.
Amazon Pinpoint	Customer engagement: email, SMS, push notifications, voice. Journey orchestration and campaign analytics.
Amazon SES	Scalable transactional and bulk email delivery. High deliverability, reputation management, configuration sets.
AWS Supply Chain	ML-powered supply chain risk visibility. Inventory, demand sensing, and lead time analytics.

Media & Streaming

Service	Description
Amazon IVS	Interactive live video streaming with sub-second latency. Timed metadata for real-time interactivity (polls, Q&A).
AWS Elemental MediaConvert	File-based video transcoding. VOD workflows, HLS/DASH/CMAF output, DRM integration.
AWS Elemental MediaLive	Live video encoding for broadcast-quality output. Redundant pipelines for 24/7 channels.
AWS Elemental MediaPackage	Video origination and just-in-time packaging. HLS, DASH, and CDN origin integration.

Satellite & Specialized

Service	Description
AWS Ground Station	Satellite communication as a service. Schedule antenna contacts, downlink data directly into AWS.
Amazon Braket	Quantum computing experimentation platform. Hardware from IonQ, Rigetti, Oxford Quantum Circuit, and D-Wave.
Amazon Managed Blockchain	Create and manage Hyperledger Fabric and Ethereum networks for traceability and provenance use cases.

Hybrid & Edge

Service	Description
AWS Local Zones	AWS infrastructure extension in major metros. Sub-10ms latency to end users for latency-sensitive workloads.
AWS Snow Family (Edge Compute)	Snowball Edge runs EC2 instances and Lambda. Snowcone (2.1 kg) for disconnected, ruggedized environments.
VMware Cloud on AWS	Run VMware vSphere workloads natively on AWS bare metal. No re-platforming required. Joint support.
Amazon ECS Anywhere	Run ECS tasks on on-premises and edge servers registered as external instances.
Amazon EKS Anywhere	Deploy EKS-compatible clusters on-premises using your own servers or VMware vSphere.

Developer & DevOps (Extended)

Service	Description
AWS CDK	Define cloud infrastructure using TypeScript, Python, Java, or Go. Synthesizes to CloudFormation.
AWS Amplify	Full-stack web and mobile app development. Hosting, authentication, GraphQL, storage — opinionated and fast.
AWS X-Ray	Distributed tracing. Service map, latency histograms, root cause identification for microservices.
Amazon Managed Grafana	Managed Grafana workspaces. Integrates natively with CloudWatch, Prometheus, and OpenSearch.
Amazon Managed Service for Prometheus (AMP)	Managed Prometheus-compatible metrics storage. Scales to tens of billions of samples.
AWS Distro for OpenTelemetry (ADOT)	AWS-supported OpenTelemetry collector. Vendor-neutral trace and metric collection.

Data & Analytics (Extended)

Service	Description
AWS Clean Rooms	Collaborate on datasets with external partners without exposing underlying raw data. SQL-based analysis rules.
Amazon DataZone	Data governance portal. Catalog assets, define access policies, enable business-driven data discovery.
AWS Entity Resolution	Match and link related records across datasets using ML and rule-based matching.
Amazon Redshift Serverless	Run Redshift analytics with no cluster provisioning. Auto-scaling compute, pay per workload run.

Management (Extended)

Service	Description
AWS Proton	Automated deployment templates for container and serverless service teams. Platform team-managed scaffolding.
Amazon Managed Grafana	Managed Grafana workspaces for operations dashboards and SLO visualization.
AWS Distro for OpenTelemetry (ADOT)	Collect distributed traces and metrics in a vendor-neutral format compatible with Jaeger, Zipkin, and Prometheus.

Regional Availability — A Design Constraint, Not a Footnote

Not all services are available in all AWS Regions. This is a hard architectural constraint that has broken production launch timelines.

AWS operates 37+ Regions globally as of April 2026. When a new Region launches, it includes a defined set of core services. Additional services are added over subsequent months. Specialized and newer services may remain limited to a handful of Regions for extended periods.

Core services guaranteed in every Region launch (partial list): EC2, S3, VPC, IAM, RDS, Lambda, EKS, ECS, CloudFormation, CloudWatch, CloudTrail, Config, KMS, DynamoDB, SQS, SNS, Direct Connect, ELB, EMR, EventBridge, Fargate, Redshift, OpenSearch.

Services typically available within 12 months of a new Region launch: Athena, Backup, CloudFront, Cognito, Control Tower, DataSync, Directory Service, EFS, GuardDuty, IAM Identity Center, Lake Formation, SageMaker, Security Hub, Shield Advanced, Storage Gateway, Transit Gateway, WAF.

Services with limited or selective regional availability: Bedrock (with all model providers), CloudHSM, Ground Station, Braket, Wavelength, Local Zones, Inferentia/Trainium instances, IVS, Elemental media services, IoT SiteWise, and most Tier 4 services.

Official AWS Regional Availability Resources

Use these authoritative sources for production architecture decisions:

Resource	URL	Purpose
AWS Services by Region	aws.amazon.com/about-aws/global-infrastructure/regional-product-services/	Official service availability per Region
AWS Capabilities by Region	builder.aws/capabilities-by-region	Interactive multi-region comparison, API-level granularity, forward-looking roadmap quarters
AWS Global Infrastructure	aws.amazon.com/about-aws/global-infrastructure/regions_az/	Region and AZ map, Local Zones, Wavelength Zones
AWS What’s New	aws.amazon.com/new/	Authoritative source for service launches and regional expansions

AWS Capabilities by Region (launched November 2025) is the most operationally useful tool for multi-region architecture planning. It provides side-by-side comparison across multiple Regions at the feature and API level — not just service level — and includes directional launch quarters (e.g., “2026 Q2”) for planned expansions. Use it before committing to a Region strategy.

When to Use Non-Core Services: A Decision Framework

The services beyond the SAA-C03 core exist because the core services do not solve every problem at the required fidelity. The following principles guide selection:

Use Tier 2 services when your environment has one or more of these characteristics:

Multi-account at scale — Control Tower, IAM Identity Center, RAM, and Firewall Manager are not optional at enterprise scale. They are the governance layer that prevents security and compliance debt from compounding.
Hybrid connectivity beyond a VPN — Transit Gateway replaces VPC peering mesh above 5 VPCs. Cloud WAN applies when routing policy spans multiple Regions with inspection requirements.
Cost governance pressure — Compute Optimizer, Cost Explorer, and Savings Plans are architectural inputs, not post-deployment afterthoughts.
Active migration initiative — MGN, DMS, and Migration Hub reduce risk during cutover windows. They do not eliminate architectural thinking; they replace manual replication and tracking.

Use Tier 3 Specialty services when your team owns a specific domain:

Networking — Traffic Mirroring, Network Access Analyzer, Reachability Analyzer, and Verified Access address the gap between “connectivity exists” and “connectivity is provably secure and auditable.”
Security — CloudHSM when you cannot allow AWS to have any access to your cryptographic keys. Security Lake when you need SIEM-grade telemetry in OCSF format across accounts and tools. Audit Manager when compliance evidence collection cannot be manual.
AI/ML — Bedrock when you need frontier model access inside your AWS network perimeter with access control and auditability. SageMaker Feature Store and Pipelines when you need reproducible, governed ML workflows — not notebook experiments.

Use Tier 4 services when your industry vertical demands them:

IoT for manufacturing, logistics, and utilities. Media services for broadcast and streaming. Ground Station for satellite data acquisition. Braket for quantum algorithm research. These are not general-purpose alternatives to core services — they are purpose-built for specific workloads where the alternative is building the capability from scratch.

Youtube

Downloadable Excel Catalog

The full catalog is available as a structured Excel workbook with six sheets covering all 230+ services organized by tier and category.

Download: AWS Services Catalog — dantas.io (April 2026) (.xlsx)

Sheets included: README / Summary · Tier-1 Associate (SAA-C03) · Tier-2 Professional (SAP-C02) · Tier-3 Specialty Exams · Tier-4 Additional Services · All Services by Category (flat, sortable).

References

Amazon Web Services. (2026). AWS services by category. Amazon Web Services Documentation. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/amazon-web-services-cloud-platform.html

Amazon Web Services. (2026). AWS certification exam guides. Amazon Web Services Certification. https://docs.aws.amazon.com/aws-certification/latest/examguides/aws-certification-exam-guides.html

Amazon Web Services. (2026). AWS global infrastructure — Regions and Availability Zones. Amazon Web Services. https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

Amazon Web Services. (2026). Regional product services. Amazon Web Services. https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/

Amazon Web Services. (2025, November). Introducing AWS Capabilities by Region for easier Regional planning and faster global deployments. AWS News Blog. https://aws.amazon.com/blogs/aws/introducing-aws-capabilities-by-region-for-easier-regional-planning-and-faster-global-deployments/

Amazon Web Services. (2026). What’s new with AWS. Amazon Web Services. https://aws.amazon.com/new/

Tutorials Dojo. (2025). What’s new in AWS Certified Security Specialty SCS-C03 exam in 2025–2026. https://tutorialsdojo.com/whats-new-in-aws-certified-security-specialty-scs-c03-exam-in-2025-2026/

Reference on dantas.io