AWS Security Cards

AWS IAM

Identity & Security

Identity & Access Management - Users, roles, policies

AWS S3

Storage

Simple Storage Service - Buckets & objects

AWS EC2

Compute

Elastic Compute Cloud - Instances & IMDS

AWS Lambda

Compute

Serverless compute - Functions & triggers

AWS KMS

Identity & Security

Key Management Service - Encryption keys & cryptographic operations

AWS RDS

Database

Relational Database Service - Databases & snapshots

Secrets Manager

Identity & Security

Secret storage & rotation

AWS VPC

Networking

Virtual Private Cloud - Network isolation & security groups

AWS ECS

Compute

Elastic Container Service - Container orchestration

AWS EKS

Compute

Elastic Kubernetes Service - Managed Kubernetes

AWS ELB/ALB

Networking

Elastic Load Balancing - Traffic distribution

AWS STS

Identity & Security

Security Token Service - Temporary credentials & role assumption

AWS EBS

Storage

Elastic Block Store - Volumes & snapshots

AWS EFS

Storage

Elastic File System - Managed NFS storage

AWS Cognito

Identity & Security

User pools & identity federation

AWS ACM

Identity & Security

Certificate Manager - SSL/TLS certificates

AWS CloudFront

Networking

Content Delivery Network - Edge caching & distribution

AWS CloudTrail

Monitoring

API logging & audit trail

AWS GuardDuty

Monitoring

Threat detection service

AWS Organizations

Management

Multi-account management - SCP configuration

AWS SSM

Management

Systems Manager - Remote management

AWS SNS

Integration

Simple Notification Service - Message routing

AWS SQS

Integration

Simple Queue Service - Message queuing

AWS DynamoDB

Database

NoSQL database - Tables & streams

API Gateway

Networking

REST/WebSocket APIs - Authorization & throttling

AWS Route 53

Networking

DNS service - Domain management

AWS CloudWatch

Monitoring

Monitoring & observability - Logs & metrics

AWS EventBridge

Integration

Event bus - Event routing & rules

AWS Glue

Analytics

ETL & Data Catalog - Data transformation

AWS Athena

Analytics

SQL query service - Data lake queries

AWS Kinesis

Analytics

Real-time streaming - Data ingestion

Step Functions

Integration

Workflow orchestration - State machines

CodeBuild/Pipeline

Management

CI/CD services - Build & deploy pipelines

AWS ECR

Compute

Container registry - Image management

AWS Backup

Storage

Backup vaults & recovery points

AWS WAF

Networking

Web Application Firewall - Rule management

AWS ElastiCache

Database

Redis & Memcached - In-memory caching

AWS OpenSearch

Analytics

Search & analytics - Dashboards & indices

AWS Redshift

Database

Data warehouse - Business analytics

AWS Inspector

Monitoring

Vulnerability scanning - Automated assessment

AWS Config

Monitoring

Configuration compliance - Rule evaluation

AWS Transfer Family

Integration

SFTP/FTPS service - File transfer

AWS AppSync

Networking

GraphQL APIs - Real-time data sync

AWS Batch

Compute

Job execution - Batch processing

AWS Directory Service

Identity & Security

Managed Active Directory - Domain services

AWS SageMaker

AI/ML

Machine learning - Model training & deployment

AWS Bedrock

AI/ML

Foundation models - LLM APIs & guardrails

AWS MSK

Analytics

Managed Kafka - Streaming & topics

AWS App Runner

Compute

Container deployment - Auto-scaling apps

AWS MemoryDB

Database

Redis compatible - Durable in-memory database

AWS Amplify

Compute

Frontend hosting - Full-stack deployment

AWS DataSync

Integration

Data transfer - Cross-environment sync

AWS Lake Formation

Analytics

Data lake governance - Fine-grained access

AWS Network Firewall

Networking

Managed firewall - Suricata rules

AWS CloudFormation

Management

Infrastructure as Code - Stack provisioning

AWS IAM Identity Center

Identity & Security

SSO federation - Multi-account access

AWS Security Hub

Monitoring

Security posture - Finding aggregation

AWS Transit Gateway

Networking

Network hub - Cross-VPC routing

AWS RAM

Management

Resource sharing - Cross-account access

Amazon Macie

Monitoring

Data security - Sensitive data discovery

AWS CloudHSM

Identity & Security

Hardware Security Module - FIPS 140-3 Level 3 key management

AWS Shield

Networking

DDoS protection - Standard and Advanced with SRT

Amazon Detective

Monitoring

Security investigation - Behavior graphs from CloudTrail, VPC, GuardDuty

AWS Firewall Manager

Management

Central firewall management - WAF, SG, Network Firewall policies

AWS Verified Access

Networking

Zero trust network access - Cedar policies and trust providers

AWS Control Tower

Management

Landing zone governance - Guardrails, SCPs, account factory

Amazon EMR

Analytics

Hadoop/Spark clusters - IMDS, web UIs, step injection

AWS Elastic Beanstalk

Compute

Application deployment - Service roles, .ebextensions, env vars

Amazon WorkSpaces

Compute

Virtual desktops - AD integration, credential harvesting

Amazon DocumentDB

Database

MongoDB-compatible database - NoSQL injection, snapshots

Amazon Neptune

Database

Graph database - Gremlin/SPARQL injection, notebooks

Amazon QuickSight

Analytics

BI dashboards - Data source exposure, embedded leaks

Amazon Lightsail

Compute

Simplified compute - Default SSH keys, open firewalls

AWS X-Ray

Monitoring

Distributed tracing - Sensitive data in traces, C2 abuse

Amazon Verified Permissions

Identity & Security

Cedar authorization - Policy logic flaws, schema bypass