Additional Services
Quick Reference
Key AWS services that complete the picture β identity, cost governance, messaging, observability, orchestration, and global edge infrastructure.
Identity & Access
User Identity for Web & Mobile Apps
Managed user authentication and authorization. Handles sign-up, sign-in, OAuth, and MFA without building identity infrastructure.
- User Pools β user directory, login, JWT tokens
- Identity Pools β exchange tokens for temporary AWS credentials
- Social login: Google, Facebook, Apple, SAML
Managed Active Directory
Run Microsoft Active Directory in AWS without managing domain controllers. Integrates with IAM for AWS console access via AD credentials.
- AWS Managed Microsoft AD β full AD in AWS
- AD Connector β proxy to on-premises AD
- Simple AD β lightweight LDAP
Single Sign-On for AWS Accounts
Central SSO for multiple AWS accounts and business apps. One login, all accounts β replaces managing IAM users per account.
- Integrates with Okta, Azure AD, Google Workspace
- Permission sets map to IAM roles per account
- Replaces old "AWS SSO"
- App needs user login β Cognito User Pools
- App needs AWS resource access β Cognito Identity Pools
- Enterprise SSO across accounts β IAM Identity Center
- On-premises Active Directory β AD Connector or Managed AD
Cost & Governance
Visualize & Analyze AWS Spend
Interactive tool to view historical costs, forecast future spend, and identify savings opportunities.
- Filter by service, region, account, tag
- Right-sizing recommendations for EC2
- 12-month forecast with confidence intervals
Set Spend Alerts & Thresholds
Create cost, usage, or reservation budgets and receive alerts when thresholds are crossed β via email or SNS.
- Alert at 80%, 90%, 100% of budget
- Forecast alerts β "on track to exceed"
- Budget Actions β auto-apply IAM/SCP on breach
Multi-Account Management
Manage multiple AWS accounts under one organization. Consolidated billing and governance via SCPs.
- SCPs β limit what accounts can do
- Consolidated billing + volume discounts
- Organizational Units (OUs) for grouping
Governed Multi-Account Landing Zone
Automated setup of a secure, well-architected multi-account environment with pre-built guardrails.
- Account Factory β provision accounts via template
- Guardrails = preventive SCPs + detective Config rules
- Compliance dashboard
- Cost visualization β Cost Explorer
- Alert on overspending β AWS Budgets
- Restrict what services accounts can use β SCPs in Organizations
- Automated account vending + guardrails β Control Tower
Messaging & Email
Simple Email Service
High-volume, cost-effective transactional and marketing email β receipts, password resets, notifications.
- SMTP or API sending
- Bounce and complaint handling
- Dedicated IPs for high-reputation senders
- $0.10 per 1,000 emails
Managed Message Broker
Managed Apache ActiveMQ and RabbitMQ. Migrate existing apps using standard messaging protocols without code changes.
- Drop-in replacement β no code changes
- Supports AMQP, MQTT, OpenWire, STOMP
- Multi-AZ with automatic failover
Customer Engagement & Campaigns
Multi-channel engagement β email, SMS, push, voice. Analytics-driven segmentation and journeys.
- Segment users by behavior/attributes
- Multi-step journey builder
- A/B testing + delivery analytics
| Service | Best For | Protocol |
|---|---|---|
| SNS | App-level pub/sub notifications | AWS API |
| SES | Transactional & marketing email | SMTP / API |
| Amazon MQ | Lift-and-shift message brokers | AMQP / MQTT / STOMP |
| Pinpoint | Customer campaigns (email, SMS, push) | AWS API |
Observability & Orchestration
Distributed Tracing
Trace requests across microservices, Lambda, and databases. Visualize the full request path and identify bottlenecks.
- Service map β visual call graph
- Latency analysis per segment
- Native: Lambda, API Gateway, ECS
- Sampling β trace a % of requests
Visual Workflow Orchestration
Coordinate multi-step workflows as state machines β sequences, parallel branches, retries, error handling.
- Standard β long-running, durable (up to 1 year)
- Express β high-volume, short runs (5 min max)
- 200+ SDK integrations β no Lambda needed
S3 Data Security & Privacy
ML-powered discovery and protection of sensitive data in S3 β PII, credit cards, credentials, API keys.
- Scans S3 for sensitive data patterns
- Findings to EventBridge or Security Hub
- Monitors bucket policies for exposure risks
Centralized Security Findings
Aggregates findings from GuardDuty, Macie, Inspector, Config, and third-party tools into one place.
- CIS, PCI-DSS, SOC 2 compliance checks
- Automated remediation via EventBridge
- Cross-account aggregation
- Trace latency across Lambda/API calls β AWS X-Ray
- Multi-step workflow with retries β Step Functions
- Find PII/sensitive data in S3 β Amazon Macie
- Aggregate all security findings β Security Hub
- Step Functions vs EventBridge β Step Functions orchestrates; EventBridge choreographs
Global Infrastructure & Compute
Global Network Performance
Routes user traffic over AWS's private backbone to the nearest healthy endpoint β reduces global latency.
- Static anycast IPs (2 IPs, global reach)
- Failover across regions in under 30 seconds
- Works with EC2, ALB, NLB, Elastic IPs
- DDoS protection via AWS Shield included
Managed Batch Computing
Run batch jobs at scale without managing EC2. Provisions EC2 or Fargate dynamically based on job queue.
- Spot instances for cost savings
- Array jobs β same job N parallel runs
- Job dependencies β DAG of jobs
Simple Servers for Beginners
Simplified VPS with flat-rate pricing β small websites, blogs, dev environments. Not for enterprise.
- Bundles compute, storage, bandwidth
- One-click app installs (WordPress, etc.)
- Predictable fixed monthly cost
Managed GraphQL API
Serverless GraphQL APIs connecting to DynamoDB, Lambda, RDS, and HTTP sources with real-time capabilities.
- Real-time subscriptions via WebSocket
- Offline sync for mobile apps
- Fine-grained Cognito authorization
| Service | Purpose | Key Differentiator |
|---|---|---|
| CloudFront | CDN β cache HTTP content at edge | Caches static/dynamic content |
| Global Accelerator | Route TCP/UDP over private backbone | Static IPs, non-HTTP, instant failover |
| AWS Batch | Large-scale batch job execution | Managed EC2/Fargate fleet for jobs |
| Lightsail | Simple flat-rate VPS | Predictable billing, beginner-friendly |
- Static anycast IPs + global routing β Global Accelerator
- Cache HTTP content at edge β CloudFront (not Global Accelerator)
- Batch jobs without managing EC2 β AWS Batch
- Simple flat-rate server β Lightsail
- GraphQL API + real-time β AppSync
These services complete the AWS ecosystem β identity (Cognito, Identity Center), cost control (Budgets, Organizations, Control Tower), communication (SES, MQ, Pinpoint), observability (X-Ray, Security Hub), orchestration (Step Functions), and global infrastructure (Global Accelerator, Batch, AppSync).
Migration, IoT & More
Automated Data Transfer
Move large amounts of data between on-premises storage (NFS, SMB), other clouds, and AWS storage services at high speed with built-in validation.
- 10x faster than open-source tools
- Automatic encryption and integrity checks
- Targets: S3, EFS, FSx
- Incremental transfers (only changed data)
Offline Physical Data Transfer
Physical devices shipped to your data centre for massive data migration when network transfer is impractical (petabytes).
- Snowcone β 8-14 TB, portable, edge compute
- Snowball Edge β 80 TB storage, local compute
- Snowmobile β 100 PB, literal shipping container
Track Migration Progress
Central dashboard to track the progress of migrations across multiple AWS and partner tools.
- Single pane across all migration tools
- Discovery β inventory on-prem servers
- Strategy recommendations
Lift-and-Shift Server Migration
Automated replication of on-premises servers to AWS. Rehost (lift-and-shift) without code changes β continuous replication until cutover.
- Replaces AWS Server Migration Service (SMS)
- Continuous block-level replication
- Non-disruptive testing before cutover
- Supports physical, virtual, and cloud VMs
Managed Virtual Desktops (VDI)
Cloud-hosted Windows or Linux desktops on demand. Users access a full persistent desktop from any device β no on-premises VDI infrastructure.
- Persistent storage (user data survives reboot)
- Windows or Amazon Linux
- Integrates with Active Directory
- Billed monthly or hourly
Application Streaming
Stream desktop applications to users via browser β no installation required. Users access apps like Photoshop, AutoCAD, or internal tools from any device.
- Non-persistent β app-only, no full desktop
- Browser-based access (no client install)
- Scales per user demand
- Good for 3D/GPU-heavy apps
Full-Stack Web & Mobile Platform
Build and deploy full-stack apps quickly β hosting, auth, APIs, storage, and CI/CD for frontend developers. Think "Firebase for AWS".
- Amplify Hosting β Git-based CI/CD for web apps
- Amplify Libraries β client SDKs for Cognito, S3, AppSync
- Amplify Studio β visual UI builder
- Supports React, Next.js, Vue, Flutter
Connect IoT Devices to Cloud
Managed message broker for IoT devices. Billions of devices connect via MQTT/HTTPS and interact with AWS services.
- MQTT broker β lightweight pub/sub
- Device shadows β virtual device state
- Rules engine β route messages to Lambda, S3, DynamoDB
- TLS mutual auth with X.509 certificates
Cloud Contact Center
Fully managed omnichannel contact center β voice and chat. Pay-per-minute, no hardware, scales instantly. Powered by same tech as Amazon's own customer service.
- IVR flows via visual builder (Contact Flows)
- Integrates with Lex (chatbots) and Polly (TTS)
- Real-time + historical analytics
- Agent desktop + supervisor tools
- Pay per minute of usage β no seats/licenses
- Move terabytes online β DataSync; move petabytes offline β Snow Family
- Lift-and-shift servers β Application Migration Service (MGN)
- Full virtual desktop β WorkSpaces; stream single app β AppStream 2.0
- Frontend app platform β Amplify; IoT devices β IoT Core
- Cloud call center β Amazon Connect