{"id":49829077,"url":"https://github.com/palpalani/aws-open-guide","last_synced_at":"2026-05-13T19:34:17.694Z","repository":{"id":354883331,"uuid":"1225779526","full_name":"palpalani/aws-open-guide","owner":"palpalani","description":"A curated, opinionated guide to Amazon Web Services — services, tools, official docs, deep-dive guides, and battle-tested references","archived":false,"fork":false,"pushed_at":"2026-04-30T18:04:26.000Z","size":54,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-30T18:20:50.077Z","etag":null,"topics":["aws","claude-skills","cost-optimization","deployment-automation","devops","free-tools-of-development"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/palpalani.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-30T16:22:42.000Z","updated_at":"2026-04-30T16:57:35.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/palpalani/aws-open-guide","commit_stats":null,"previous_names":["palpalani/aws-open-guide"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/palpalani/aws-open-guide","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palpalani%2Faws-open-guide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palpalani%2Faws-open-guide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palpalani%2Faws-open-guide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palpalani%2Faws-open-guide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/palpalani","download_url":"https://codeload.github.com/palpalani/aws-open-guide/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palpalani%2Faws-open-guide/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32997719,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"ssl_error","status_checked_at":"2026-05-13T13:14:51.610Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","claude-skills","cost-optimization","deployment-automation","devops","free-tools-of-development"],"created_at":"2026-05-13T19:34:15.813Z","updated_at":"2026-05-13T19:34:17.685Z","avatar_url":"https://github.com/palpalani.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# ☁️ AWS Open Guide\n\n### A curated, opinionated map of Amazon Web Services\n\n**Official links, production guides, OSS tools, and X-vs-Y comparisons — grouped the way AWS names services so you land on the right resource, not a random category.**\n\n[![License: CC BY 4.0](https://img.shields.io/badge/License-CC%20BY%204.0-lightgrey.svg?style=flat-square)](https://creativecommons.org/licenses/by/4.0/)\n[![Contributions Welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat-square)](CONTRIBUTING.md)\n[![GitHub stars](https://img.shields.io/github/stars/palpalani/aws-open-guide?style=flat-square\u0026logo=github)](https://github.com/palpalani/aws-open-guide/stargazers)\n[![GitHub last commit](https://img.shields.io/github/last-commit/palpalani/aws-open-guide?style=flat-square\u0026logo=github)](https://github.com/palpalani/aws-open-guide/commits)\n[![GitHub issues](https://img.shields.io/github/issues/palpalani/aws-open-guide?style=flat-square\u0026logo=github)](https://github.com/palpalani/aws-open-guide/issues)\n\n[**🚀 Get Started**](#how-to-use-this-guide) ·\n[**🎯 Use-Case Playbooks**](#use-case-playbooks) ·\n[**🧭 Browse Services**](#table-of-contents) ·\n[**⚖️ Decision Guides**](#decision-guides--x-vs-y) ·\n[**💰 Cost \u0026 FinOps**](#cost-management--finops) ·\n[**🤖 AI \u0026 MCP**](#ai-coding-agents-mcp--skills) ·\n[**🤝 Contribute**](CONTRIBUTING.md) ·\n[**✅ Production readiness**](PRODUCTION_READINESS.md)\n\n\u003c/div\u003e\n\n---\n\n## Why this guide?\n\nAWS lists **200+ services** in the console. The docs are accurate but spread across hundreds of sites, so you lose time tab-hopping and second-guessing which service fits. This guide is a single index with two layers: browse by **service** when you know the name, or by **workload** when you know the problem.\n\n| | |\n|---|---|\n| 🗂️ **Same taxonomy as AWS** | Compute, Storage, Databases, Networking — the way the console and docs are organized, not a third-party topic list. |\n| 📚 **Three tiers per topic** | Official sources first, then deep production write-ups, then OSS tools you can run today. |\n| ⚠️ **Costs and gotchas called out** | Limits, bill surprises, and migration friction you rarely see in a product page. |\n| ⚖️ **Comparisons when it matters** | Common \"should I use X or Y?\" questions point to a decision guide, not guesswork. |\n| ⏳ **Lifecycle you can trust** | Maintenance, sunset, and shutdown flags so you do not design on services AWS is winding down. |\n| 🤖 **Built for how teams work now** | MCP servers, agent plugins, and skills for AI-assisted AWS work sit alongside the traditional links. |\n\n\u003e [!TIP]\n\u003e If a category here is empty or thin, [contributions are warmly welcomed](CONTRIBUTING.md). One link per line, em-dash separator — see [CONTRIBUTING.md](CONTRIBUTING.md) for the full format.\n\n## How to use this guide\n\nMatch the row to what you need **today** — each path sends you to a different slice of this repo (building, evaluating, debugging, or learning).\n\n### 🧭 Pick your entry point\n\n| You are... | Start here |\n|---|---|\n| 🏗️ **Building a workload** (email at scale, multi-tenant SaaS, …) | [Use-Case Playbooks](#use-case-playbooks) — problem, architecture, failure modes, cost, anti-patterns |\n| 🌱 **New to AWS** | [Foundations](#foundations) → Architecture Deep Reading → pick a service section |\n| 🎯 **Picking a service** | [Decision Guides — X vs Y](#decision-guides--x-vs-y) — every common \"should I use X or Y\" question |\n| 💸 **Hunting a surprise bill** | [Cost Management \u0026 FinOps](#cost-management--finops) → Bill Teardowns · [Cost pitfalls playbook](use-cases/cost-pitfalls.md) |\n| 🤖 **Building with AI** | [AI/ML services](#artificial-intelligence--machine-learning) for services · [AI Coding Agents, MCP \u0026 Skills](#ai-coding-agents-mcp--skills) for AI-assisted dev |\n| 📰 **Staying current** | [Community, Social \u0026 Continuous Learning](#community-social--continuous-learning) → Minimal curated stack |\n| 🛠️ **Migrating from another platform** | [Migration Guides — From Other Platforms](#migration-guides--from-other-platforms) |\n\n### 📐 Convention used in every service section\n\n| Tier | What you'll find | When to read |\n|---|---|---|\n| **Official** | AWS's own docs, pricing, announcements | Authoritative facts |\n| **Production Guides** | Third-party deep-dives | When official docs leave you with \"yes but how at scale?\" |\n| **OSS Tools** / **Tools** | Open-source utilities | Day-to-day workflow upgrades |\n| **⚠️ Gotchas** | Limits, bill traps, surprise behaviour | Before you ship to production |\n| **Decision Guides** | \"X vs Y\" comparisons | When picking between similar services |\n\n\u003e [!NOTE]\n\u003e **Quick decisions:** if you already know the workload and just need to pick the AWS service, skip to [Decision Guides — X vs Y](#decision-guides--x-vs-y).\n\n## Use-Case Playbooks\n\n\u003e How to build common workloads on AWS in production — problem, architecture, failure modes, cost, anti-patterns. Not a links list; a playbook.\n\n**You have a feature to ship** (email at scale, uploads, async jobs, RAG, and the rest). Open a playbook first when you need a production-shaped answer, not a tour of one service. The service taxonomy below is the **reference layer** (\"what exists about S3\"). Playbooks are the **building layer** (\"how do I run X safely in prod\"). Each one follows the same 11-section template — see [`use-cases/_template.md`](use-cases/_template.md).\n\n**Workload playbooks:**\n\n- 🏗️ [Email delivery](use-cases/email-delivery.md) — transactional email at scale on SES with bounce/complaint handling and deliverability tracking\n- 🏗️ [Multi-tenant SaaS](use-cases/multi-tenant-saas.md) — silo / pool / bridge isolation with per-tenant cost attribution\n- 🏗️ [Async job processing](use-cases/async-jobs.md) — API → queue → worker → result store with idempotency, DLQ, and webhooks\n- 🏗️ [Event-driven processing](use-cases/event-driven.md) — EventBridge with schemas, replay, and per-target DLQs\n- 🏗️ [File upload and processing](use-cases/file-upload.md) — pre-signed S3 uploads with malware scan and async transform\n- 🏗️ [High-scale API backend](use-cases/high-scale-api.md) — CloudFront + WAF + API Gateway + cache with rate limits and graceful degradation\n- 🏗️ [Real-time analytics pipeline](use-cases/real-time-analytics.md) — Kinesis hot path + Firehose cold path → S3 + Athena\n- 🏗️ [Observability pipeline](use-cases/observability-pipeline.md) — hot CloudWatch + cold S3-Athena with EMF metrics and trace sampling\n- 🏗️ [GenAI / RAG application](use-cases/genai-rag.md) — Bedrock + vector store + retrieval + Guardrails with evals\n- 🏗️ [CI/CD for AWS workloads](use-cases/ci-cd.md) — GitHub Actions + OIDC + per-environment accounts with canary and rollback\n\n**Cross-cutting frameworks** (referenced by every playbook):\n\n- 🌳 [Decision trees](use-cases/decision-trees.md) — which AWS service for event processing, database, compute, async work, file processing\n- 🛡️ [Failure-first patterns](use-cases/failure-first.md) — retries, idempotency, DLQs, regional failover, backpressure, circuit breakers\n- 🚫 [Anti-patterns](use-cases/anti-patterns.md) — the mistakes that show up across every workload, with the better pattern\n- 💸 [Cost pitfalls](use-cases/cost-pitfalls.md) — line items that surprise teams (NAT Gateway, cross-AZ, CloudWatch Logs, egress)\n\n\u003e [!TIP]\n\u003e All playbooks live under [`use-cases/`](use-cases/). To propose a new one, copy [`_template.md`](use-cases/_template.md), fill every section, then follow [Adding a use-case playbook](CONTRIBUTING.md#adding-a-use-case-playbook) before you open a PR (the link checker will run on your URLs).\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003e📑 Table of Contents\u003c/strong\u003e — click to expand\u003c/summary\u003e\n\n- [📖 How to use this guide](#how-to-use-this-guide)\n\n### 🎯 Use-Case Playbooks\n\n- [Use-Case Playbooks (overview)](#use-case-playbooks)\n- [Email delivery](use-cases/email-delivery.md)\n- [Multi-tenant SaaS](use-cases/multi-tenant-saas.md)\n- [Async job processing](use-cases/async-jobs.md)\n- [Event-driven processing](use-cases/event-driven.md)\n- [File upload and processing](use-cases/file-upload.md)\n- [High-scale API backend](use-cases/high-scale-api.md)\n- [Real-time analytics pipeline](use-cases/real-time-analytics.md)\n- [Observability pipeline](use-cases/observability-pipeline.md)\n- [GenAI / RAG application](use-cases/genai-rag.md)\n- [CI/CD for AWS workloads](use-cases/ci-cd.md)\n- [Decision trees](use-cases/decision-trees.md)\n- [Failure-first patterns](use-cases/failure-first.md)\n- [Anti-patterns](use-cases/anti-patterns.md)\n- [Cost pitfalls](use-cases/cost-pitfalls.md)\n\n### 🟧 Core AWS services\n\n- [🏛️ Foundations](#foundations)\n- [💻 Compute](#compute)\n- [📦 Containers](#containers)\n- [⚡ Serverless](#serverless)\n- [💾 Storage](#storage)\n- [🗄️ Databases](#databases)\n- [🌐 Networking \u0026 Content Delivery](#networking--content-delivery)\n- [🔐 Security \u0026 Identity](#security--identity)\n- [📋 Compliance](#compliance)\n- [📊 Analytics \u0026 Big Data](#analytics--big-data)\n- [🤖 Artificial Intelligence \u0026 Machine Learning](#artificial-intelligence--machine-learning)\n- [🛠️ Developer Tools, DevOps \u0026 CI/CD](#developer-tools-devops--cicd)\n- [🔭 Observability \u0026 Monitoring](#observability--monitoring)\n- [💰 Cost Management \u0026 FinOps](#cost-management--finops)\n- [🚚 Migration \u0026 Transfer](#migration--transfer)\n- [📡 Internet of Things (IoT)](#internet-of-things-iot)\n- [🔄 Application Integration](#application-integration)\n- [✉️ Email \u0026 Communication](#email--communication)\n- [🏢 Management \u0026 Governance](#management--governance)\n\n### 🟦 Frameworks \u0026 guidance\n\n- [🏗️ Well-Architected Framework](#well-architected-framework)\n- [🏭 Industry Architectures](#industry-architectures)\n- [⚖️ Decision Guides — X vs Y](#decision-guides--x-vs-y)\n- [🔁 Migration Guides — From Other Platforms](#migration-guides--from-other-platforms)\n- [⏳ AWS Service Lifecycle \u0026 Deprecations](#aws-service-lifecycle--deprecations)\n- [🧮 Free Tools \u0026 Calculators](#free-tools--calculators)\n- [📓 AWS Glossary](#aws-glossary)\n- [🎓 AWS Certifications \u0026 Learning Paths](#aws-certifications--learning-paths)\n- [🧩 Architecture Patterns](#architecture-patterns)\n\n### 🟪 Community, AI tooling \u0026 resources\n\n- [🧠 AI Coding Agents, MCP \u0026 Skills](#ai-coding-agents-mcp--skills)\n- [📰 Engineering Blogs \u0026 Case Studies](#engineering-blogs--case-studies)\n- [🌐 Community, Social \u0026 Continuous Learning](#community-social--continuous-learning)\n- [🔌 Third-Party Integrations](#third-party-integrations)\n- [📚 Books, Courses \u0026 Newsletters](#books-courses--newsletters)\n- [🎤 Conferences \u0026 Events](#conferences--events)\n- [🔖 Other Awesome AWS Lists](#other-awesome-aws-lists)\n- [🤝 Contributing](#contributing)\n- [✅ Production readiness plan](PRODUCTION_READINESS.md)\n- [📄 License](#license)\n\n\u003c/details\u003e\n\n---\n\n## Foundations\n\nStart here if you're new to AWS or evaluating whether to build on it.\n\n**Official:**\n- [AWS Documentation Home](https://docs.aws.amazon.com/)\n- [AWS Architecture Center](https://aws.amazon.com/architecture/)\n- [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/)\n- [AWS Service Health Dashboard](https://health.aws.amazon.com/health/status)\n- [AWS Pricing Calculator](https://calculator.aws/)\n- [AWS Free Tier](https://aws.amazon.com/free/)\n\n**Foundational Guides:**\n- [AWS Cloud Adoption Framework (CAF)](https://aws.amazon.com/cloud-adoption-framework/) — official six-perspective enterprise migration framework\n- [AWS Well-Architected Framework — 6 pillars explained](https://www.factualminds.com/blog/aws-well-architected-framework-6-pillars-explained/)\n- [AWS Shared Responsibility Model](https://www.factualminds.com/glossary/aws-shared-responsibility-model/) — what AWS secures vs what you secure\n- [Microservices vs monolith on AWS — architecture decision guide](https://www.factualminds.com/blog/microservices-vs-monolith-on-aws-architecture-decision-guide/)\n- [Top 20 modern AWS AI services — overview](https://www.factualminds.com/blog/top-20-aws-ai-modern-services-2026/)\n\n**Architecture Deep Reading (essential AWS canon):**\n- [AWS Architecture Blog](https://aws.amazon.com/blogs/architecture/) — reference architectures and AWS engineering posts\n- [AWS Builders Library](https://aws.amazon.com/builders-library/) — operations + resilience essays from AWS principal engineers\n- [Static Stability Using Availability Zones](https://aws.amazon.com/builders-library/static-stability-using-availability-zones/) — Builders Library essay on designing for failure\n- [Workload isolation using shuffle-sharding (Builders Library)](https://aws.amazon.com/builders-library/workload-isolation-using-shuffle-sharding/) — fault isolation beyond naive sharding\n- [Automating safe hands-off deployments (Builders Library)](https://aws.amazon.com/builders-library/automating-safe-hands-off-deployments/) — cells, waves, and limiting deployment blast radius\n- [Avoiding fallback in distributed systems (Builders Library)](https://aws.amazon.com/builders-library/avoiding-fallback-in-distributed-systems/) — why distributed fallback often widens outages\n- [Making retries safe with idempotent APIs (Builders Library)](https://aws.amazon.com/builders-library/making-retries-safe-with-idempotent-apis/) — idempotency for safe retries under UNKNOWN outcomes\n- [Using load shedding to avoid overload (Builders Library)](https://aws.amazon.com/builders-library/using-load-shedding-to-avoid-overload/) — overload feedback loops and shedding layers\n- [Leader election in distributed systems (Builders Library)](https://aws.amazon.com/builders-library/leader-election-in-distributed-systems/) — leases, partitions, and consistency trade-offs\n- [Using dependency isolation / circuit breakers (Builders Library)](https://aws.amazon.com/builders-library/dependency-isolation/) — bulkheads and concurrency overload containment\n- [Implementing health checks (Builders Library)](https://aws.amazon.com/builders-library/implementing-health-checks/) — health checks and correlated fleet automation risks\n- [Instrumenting distributed systems for operational visibility (Builders Library)](https://aws.amazon.com/builders-library/instrumenting-distributed-systems-for-operational-visibility/) — structured logs, metrics, trace propagation\n- [Challenges with distributed systems (Builders Library)](https://aws.amazon.com/builders-library/challenges-with-distributed-systems/) — independent failures, nondeterminism, and testing permutations\n- [Multi-Tier Architectures on AWS (whitepaper)](https://docs.aws.amazon.com/whitepapers/latest/overview-deployment-options/multi-tier-architectures.html)\n- [AWS Multi-Region Fundamentals (whitepaper)](https://docs.aws.amazon.com/whitepapers/latest/aws-multi-region-fundamentals/aws-multi-region-fundamentals.html) — active-active patterns\n\n---\n\n## Compute\n\nVirtual servers, containers' substrate, and specialized chips.\n\n### Amazon EC2 — Elastic Compute Cloud\n\n\u003e Virtual servers in the cloud. The original AWS service and still the workhorse.\n\n**Official:**\n- [EC2 Documentation](https://docs.aws.amazon.com/ec2/)\n- [EC2 Instance Types](https://aws.amazon.com/ec2/instance-types/)\n- [EC2 Pricing](https://aws.amazon.com/ec2/pricing/)\n- [Spot Instance Advisor](https://aws.amazon.com/ec2/spot/instance-advisor/)\n- [AWS Compute Blog](https://aws.amazon.com/blogs/compute/) — EC2, Lambda, Batch, and Step Functions posts\n\n**Production Guides:**\n- [EC2 high-performance API optimization](https://www.factualminds.com/blog/ec2-high-performance-api-optimization/)\n- [EC2 Spot Instance intelligent selection for cost optimization](https://www.factualminds.com/blog/ec2-spot-instance-intelligent-selection-cost-optimization/)\n- [Hybrid compute — EC2 + serverless cost efficiency](https://www.factualminds.com/blog/hybrid-compute-ec2-serverless-cost-efficiency/)\n- [Auto-scaling strategies for EC2, ECS, Lambda](https://www.factualminds.com/blog/aws-auto-scaling-strategies-ec2-ecs-lambda/)\n- [Amazon EC2 — glossary entry](https://www.factualminds.com/glossary/amazon-ec2/)\n\n**Decision Guides:**\n- [Which AWS compute should I use?](https://www.factualminds.com/decide/which-aws-compute/)\n- [EC2 vs Lambda — when to use which](https://www.factualminds.com/compare/aws-ec2-vs-lambda/)\n\n**OSS Tools:**\n- [99designs/aws-vault](https://github.com/99designs/aws-vault) — secure storage of AWS credentials on developer laptops\n- [AutoSpotting/AutoSpotting](https://github.com/AutoSpotting/AutoSpotting) — automatically replace on-demand EC2 in ASGs with spot instances\n\n### AWS Graviton — Arm-based processors\n\n\u003e Custom Arm chips with 40% better price/performance than x86 on most workloads.\n\n- [Graviton overview](https://aws.amazon.com/ec2/graviton/)\n- [Graviton cost optimization guide](https://www.factualminds.com/blog/aws-graviton-cost-optimization-guide/) — m5.large → t4g.medium real savings\n\n### AWS Trainium \u0026 Inferentia — ML accelerators\n\n\u003e Purpose-built chips for training (Trainium) and inference (Inferentia).\n\n- [Trainium](https://aws.amazon.com/ai/machine-learning/trainium/) · [Inferentia](https://aws.amazon.com/ai/machine-learning/inferentia/)\n- [Trainium2 + Inferentia2 deep dive](https://www.factualminds.com/blog/aws-trainium2-inferentia2-ai-chips/)\n\n### AWS Batch\n\n- [Batch documentation](https://docs.aws.amazon.com/batch/)\n\n### AWS Lightsail\n\n\u003e Simple VPS pricing for predictable workloads.\n- [Lightsail](https://aws.amazon.com/lightsail/)\n\n### AWS App Runner\n\n\u003e Fully managed container service for web apps and APIs.\n- [App Runner](https://aws.amazon.com/apprunner/)\n\n### Amazon Elastic VMware Service (EVS)\n\n- [EVS deep dive](https://www.factualminds.com/blog/amazon-elastic-vmware-service-evs/) — VMware workloads on AWS\n\n### AWS Outposts\n\n\u003e AWS-managed hardware in your own data centre. Use for low-latency, data-residency, or hybrid workloads that must stay on-prem.\n\n- [Outposts](https://aws.amazon.com/outposts/)\n- [Outposts FAQs](https://aws.amazon.com/outposts/faqs/)\n\n### AWS ParallelCluster\n\n\u003e Open-source HPC cluster orchestrator on EC2 — Slurm scheduling, EFA networking, FSx for Lustre.\n\n- [ParallelCluster](https://aws.amazon.com/hpc/parallelcluster/)\n- [aws/aws-parallelcluster](https://github.com/aws/aws-parallelcluster) — official OSS repo\n\n---\n\n## Containers\n\nContainer orchestration and registry.\n\n### Amazon ECS — Elastic Container Service\n\n\u003e AWS-native container orchestration. Lower operational overhead than EKS for most teams.\n\n**Official:**\n- [ECS Documentation](https://docs.aws.amazon.com/ecs/)\n- [ECS Pricing](https://aws.amazon.com/ecs/pricing/)\n- [AWS Containers Blog](https://aws.amazon.com/blogs/containers/) — ECS, EKS, Fargate, and ECR architecture posts\n\n**Production Guides:**\n- [Production Laravel/Django/Node on ECS](https://www.factualminds.com/blog/production-laravel-django-node-on-ecs-2026/)\n- [How to migrate a monolith to ECS Fargate with zero downtime](https://www.factualminds.com/blog/how-to-migrate-monolith-ecs-fargate-zero-downtime/)\n- [Blue-green deployments with ECS + CodeDeploy](https://www.factualminds.com/blog/how-to-implement-blue-green-deployments-ecs-codedeploy/)\n- [Modernizing monolithic APIs with Amazon ECS — case study](https://www.factualminds.com/case-study/microservices-on-amazon-ecs/)\n\n### Amazon EKS — Elastic Kubernetes Service\n\n\u003e Managed Kubernetes. Use when you need K8s portability or have existing K8s expertise.\n\n\u003e 🎯 **Building multi-tenant SaaS on EKS?** See the [Multi-tenant SaaS playbook](use-cases/multi-tenant-saas.md) — silo / pool / bridge isolation models with per-tenant cost attribution and noisy-neighbour controls.\n\n**Official:**\n- [EKS Documentation](https://docs.aws.amazon.com/eks/)\n- [EKS Best Practices Guides](https://aws.github.io/aws-eks-best-practices/)\n\n**Production Guides:**\n- [Deploy EKS with Karpenter for cost-optimized autoscaling](https://www.factualminds.com/blog/how-to-deploy-eks-karpenter-cost-optimized-autoscaling/)\n- [Karpenter vs Cluster Autoscaler — EKS cost optimization](https://www.factualminds.com/blog/karpenter-vs-cluster-autoscaler-eks-cost-optimization/)\n- [Host n8n on AWS EKS — production guide](https://www.factualminds.com/blog/how-to-host-n8n-on-aws-eks-production-guide/)\n- [Amazon EKS — glossary entry](https://www.factualminds.com/glossary/amazon-eks/)\n\n**Tools:**\n- [Karpenter](https://karpenter.sh/) — node autoscaling for EKS\n- [eksctl](https://eksctl.io/) — official CLI for EKS\n- [terraform-aws-modules/terraform-aws-eks](https://github.com/terraform-aws-modules/terraform-aws-eks) — community Terraform module for EKS clusters and node groups\n- [aws-ia/terraform-aws-eks-blueprints](https://github.com/aws-ia/terraform-aws-eks-blueprints) — Terraform patterns and add-ons for production-style EKS stacks\n\n**Kubernetes cost \u0026 ops (vendor blogs):**\n- [Cast AI Blog](https://cast.ai/blog) — Kubernetes cost optimization and autoscaler guidance for cloud workloads\n\n### AWS Fargate\n\n\u003e Serverless compute for containers. Pay per task, not per VM.\n- [Fargate](https://aws.amazon.com/fargate/)\n- [Lambda vs ECS Fargate — when to use which](https://www.factualminds.com/compare/aws-lambda-vs-ecs-fargate/)\n\n### Amazon ECR — Elastic Container Registry\n\n\u003e Private Docker/OCI registry, integrated with IAM and image scanning.\n- [ECR Documentation](https://docs.aws.amazon.com/ecr/)\n\n### Finch — open-source container client\n\n\u003e AWS-built local Docker alternative — `nerdctl` + `containerd` + `Lima` packaged for macOS/Linux/Windows. Drop-in replacement for `docker build/run/push`.\n\n- [Finch](https://runfinch.com/)\n- [runfinch/finch](https://github.com/runfinch/finch) — open-source repo\n\n### Decision\n\n- [ECS vs EKS — container orchestration decision guide](https://www.factualminds.com/blog/aws-ecs-vs-eks-container-orchestration-decision-guide/) · [Compare](https://www.factualminds.com/compare/aws-ecs-vs-eks/)\n- [Kubernetes on AWS EKS — integration guide](https://www.factualminds.com/integrations/kubernetes-aws-eks/)\n\n---\n\n## Serverless\n\nRun code without managing servers.\n\n### AWS Lambda\n\n\u003e Event-driven function-as-a-service. The default for sporadic, async, glue-code workloads.\n\n\u003e 🎯 **Building with Lambda in production?** See [Async job processing](use-cases/async-jobs.md) (queue + worker), [High-scale API backend](use-cases/high-scale-api.md) (caching + rate limits), and [Event-driven processing](use-cases/event-driven.md) (EventBridge + DLQs).\n\n**Official:**\n- [Lambda Documentation](https://docs.aws.amazon.com/lambda/)\n- [Lambda Pricing](https://aws.amazon.com/lambda/pricing/)\n- [Lambda Powertools (Python/TypeScript/Java)](https://docs.powertools.aws.dev/)\n- [Lambda invocation, scaling and concurrency (official docs)](https://docs.aws.amazon.com/lambda/latest/dg/invocation-scaling.html)\n- [AWS Lambda blog category (Compute Blog)](https://aws.amazon.com/blogs/compute/category/aws-lambda/) — patterns, deep dives, releases\n\n**Production Guides:**\n- [Lambda cost optimization — pay-per-request vs provisioned](https://www.factualminds.com/blog/aws-lambda-cost-optimization-pay-per-request-vs-provisioned/)\n- [AWS Lambda — glossary entry](https://www.factualminds.com/glossary/aws-lambda/)\n- [Going Serverless at Scale — Adrian Cockcroft (re:Invent talk)](https://www.youtube.com/watch?v=EBSdyoO3goc)\n\n**Comparisons:**\n- [Lambda vs container cost calculator](https://www.factualminds.com/tools/aws-lambda-vs-container-cost-calculator/)\n\n### AWS Step Functions\n\n\u003e Visual workflow orchestrator for distributed apps.\n\n**Official:**\n- [Step Functions Documentation](https://docs.aws.amazon.com/step-functions/)\n- [AWS Step Functions blog category (Compute Blog)](https://aws.amazon.com/blogs/compute/category/aws-step-functions/) — workflow patterns and launches\n\n**Production Guides:**\n- [Step Functions workflow orchestration patterns](https://www.factualminds.com/blog/aws-step-functions-workflow-orchestration-patterns/)\n- [AWS Step Functions — glossary entry](https://www.factualminds.com/glossary/aws-step-functions/)\n\n**Comparisons:**\n- [Step Functions vs EventBridge](https://www.factualminds.com/compare/aws-step-functions-vs-eventbridge/)\n- [Bedrock Agents vs Step Functions](https://www.factualminds.com/compare/aws-bedrock-agents-vs-step-functions/)\n\n### Amazon EventBridge\n\n\u003e Serverless event bus for SaaS, AWS services, and custom events.\n- [EventBridge Documentation](https://docs.aws.amazon.com/eventbridge/)\n- [EventBridge event-driven architecture patterns](https://www.factualminds.com/blog/aws-eventbridge-event-driven-architecture-patterns/)\n- [AWS Event-Driven Architecture (overview)](https://aws.amazon.com/event-driven-architecture/) — official intro, services, patterns, and reference architectures\n\n### AWS SAM \u0026 Serverless Framework\n\n- [AWS SAM (Serverless Application Model)](https://aws.amazon.com/serverless/sam/)\n- [Serverless Framework](https://www.serverless.com/)\n\n### OSS Lambda Frameworks (community)\n\n- [aws/chalice](https://github.com/aws/chalice) — Python serverless microframework (official AWS, Flask-style)\n- [zappa/Zappa](https://github.com/zappa/Zappa) — serverless WSGI Python on Lambda + API Gateway (Django, Flask)\n- [claudiajs/claudia](https://github.com/claudiajs/claudia) — deploy Node.js projects to Lambda + API Gateway with one command\n- [jeremydaly/lambda-api](https://github.com/jeremydaly/lambda-api) — lightweight web framework for serverless Node.js\n- [awslabs/aws-lambda-web-adapter](https://github.com/awslabs/aws-lambda-web-adapter) — run any HTTP web app (Express, Flask, FastAPI, Next.js) on Lambda unmodified\n- [getmoto/moto](https://github.com/getmoto/moto) — mock AWS services for unit/integration tests (also useful beyond Lambda)\n\n### Local Lambda Dev\n\n- [AWS SAM CLI — `sam local`](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local.html) — invoke Lambda + API Gateway locally\n- [aws/aws-lambda-runtime-interface-emulator](https://github.com/aws/aws-lambda-runtime-interface-emulator) — `aws-lambda-rie` — run Lambda container images locally with `docker run`\n\n**Other Serverless Patterns:**\n- [Scaling EdTech platforms on AWS serverless architecture](https://www.factualminds.com/blog/scaling-edtech-platforms-on-aws-serverless-architecture/)\n\n---\n\n## Storage\n\n### Amazon S3 — Simple Storage Service\n\n\u003e Object storage. 11 9's durability. The default landing pad for files in AWS.\n\n\u003e 🎯 **Handling user file uploads?** See the [File upload and processing playbook](use-cases/file-upload.md) — pre-signed URLs, malware scan, MIME sniffing, async transform pipeline, lifecycle policies.\n\n**Official:**\n- [S3 Documentation](https://docs.aws.amazon.com/s3/)\n- [S3 Pricing](https://aws.amazon.com/s3/pricing/)\n- [S3 Storage Classes](https://aws.amazon.com/s3/storage-classes/)\n\n**Production Guides:**\n- [S3 security — bucket policies, Block Public Access, default encryption, and IAM conditions](https://www.factualminds.com/blog/aws-s3-security-best-practices-preventing-data-exposure/)\n- [S3 storage costs aren't actually cheap](https://www.factualminds.com/blog/aws-s3-storage-costs-not-cheap/) — real teardown\n- [Building a data lake on S3 + Glue + Athena](https://www.factualminds.com/blog/building-a-data-lake-on-aws-s3-glue-athena-architecture/)\n- [Amazon S3 — glossary entry](https://www.factualminds.com/glossary/amazon-s3/)\n\n**Tools:**\n- [s3cmd](https://github.com/s3tools/s3cmd) — full-featured CLI\n- [Mountpoint for Amazon S3](https://github.com/awslabs/mountpoint-s3) — official FUSE mount\n- [s5cmd](https://github.com/peak/s5cmd) — fastest S3 CLI\n- [s3fs-fuse](https://github.com/s3fs-fuse/s3fs-fuse) — community FUSE-based S3 mount (Linux + macOS)\n- [goofys](https://github.com/kahing/goofys) — S3 file system in Go, optimized for read throughput\n- [MinIO](https://github.com/minio/minio) — self-hosted S3-compatible object storage (good for hybrid + dev/test)\n- [MinIO `mc` client](https://github.com/minio/mc) — S3-compatible CLI (works with S3 + MinIO)\n- [rclone](https://github.com/rclone/rclone) — rsync for S3 + 70+ other cloud storage backends\n\n\u003e [!WARNING]\n\u003e **Gotchas:**\n\u003e - Bucket names are globally unique across all AWS accounts.\n\u003e - Default encryption (SSE-S3) is now ON for all new buckets — was opt-in pre-2023.\n\u003e - Cross-region replication does NOT replicate delete markers by default.\n\n### Amazon S3 Vectors\n\n\u003e Native vector storage in S3 — purpose-built for RAG and AI workloads.\n- [S3 Vectors deep dive](https://www.factualminds.com/blog/amazon-s3-vectors-native-vector-storage/)\n\n### Amazon EBS — Elastic Block Store\n\n- [EBS Documentation](https://docs.aws.amazon.com/ebs/)\n- [EBS encryption + snapshot hygiene + KMS lifecycle](https://www.factualminds.com/blog/aws-ebs-encryption-snapshot-hygiene-kms-lifecycle/)\n\n### Amazon EFS — Elastic File System\n\n- [EFS Documentation](https://docs.aws.amazon.com/efs/)\n\n### Amazon FSx\n\n- [FSx](https://aws.amazon.com/fsx/) — managed Windows, Lustre, NetApp ONTAP, OpenZFS\n\n### AWS Backup\n\n\u003e Centralized backup service across AWS resources.\n- [AWS Backup](https://aws.amazon.com/backup/)\n- [AWS backup strategies — automated data protection](https://www.factualminds.com/blog/aws-backup-strategies-automated-data-protection/)\n\n### AWS Storage Gateway\n\n- [Storage Gateway](https://aws.amazon.com/storagegateway/)\n\n---\n\n## Databases\n\n\u003e Pick by consistency model (ACID vs eventual), scale shape (single-region vs petabyte), and query pattern (relational, key-value, document, graph, time-series). When in doubt, [Decision Guides — X vs Y](#decision-guides--x-vs-y) maps the common choices.\n\n### Amazon RDS — Relational Database Service\n\n\u003e Managed Postgres, MySQL, MariaDB, Oracle, SQL Server.\n\n**Official:**\n- [RDS Documentation](https://docs.aws.amazon.com/rds/)\n- [RDS Pricing](https://aws.amazon.com/rds/pricing/)\n- [AWS Database Blog](https://aws.amazon.com/blogs/database/) — RDS, Aurora, DynamoDB, and purpose-built DB posts\n\n**Production Guides:**\n- [RDS performance — connection pooling, parameter groups, slow-query logs, and read-replica routing](https://www.factualminds.com/blog/aws-rds-database-performance-best-practices/)\n- [RDS vs Aurora — when to use which database](https://www.factualminds.com/blog/aws-rds-vs-aurora-when-to-use-which-database/) · [Compare](https://www.factualminds.com/compare/aws-rds-vs-aurora/)\n- [RDS max connection calculator](https://www.factualminds.com/tools/aws-rds-max-connection-calculator/)\n- [High-scale Postgres on AWS — cost optimization](https://www.factualminds.com/blog/high-scale-postgres-aws-cost-optimization/)\n- [Amazon RDS — glossary entry](https://www.factualminds.com/glossary/amazon-rds/)\n- [Citus Data Blog](https://www.citusdata.com/blog) — Postgres horizontal scaling patterns relevant to RDS PostgreSQL fleets\n\n### Amazon Aurora\n\n\u003e AWS-built relational DB. Postgres/MySQL-compatible, 5x performance of stock MySQL.\n\n- [Aurora Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html)\n- [Aurora Limitless Database](https://www.factualminds.com/blog/amazon-aurora-limitless-database/) — horizontal scaling\n- [Aurora Serverless v2 vs Aurora provisioned](https://www.factualminds.com/compare/aws-aurora-serverless-vs-aurora-provisioned/)\n- [Amazon Aurora — glossary entry](https://www.factualminds.com/glossary/amazon-aurora/)\n\n### Amazon DynamoDB\n\n\u003e Single-digit millisecond NoSQL key-value + document store.\n\n- [DynamoDB Documentation](https://docs.aws.amazon.com/dynamodb/)\n- [DynamoDB best practices (official)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/best-practices.html) — partition keys, indexes, scaling\n- [DynamoDB single-table design — Alex DeBrie](https://www.alexdebrie.com/posts/dynamodb-single-table/) — canonical reading\n- [Advanced design patterns for DynamoDB — Rick Houlihan (re:Invent talk)](https://www.youtube.com/watch?v=HaEPXoXVf2k)\n- [DynamoDB single-table design patterns for SaaS](https://www.factualminds.com/blog/dynamodb-single-table-design-patterns-for-saas/)\n- [Amazon DynamoDB — glossary entry](https://www.factualminds.com/glossary/amazon-dynamodb/)\n- [DynamoDB vs RDS](https://www.factualminds.com/compare/dynamodb-vs-rds/)\n\n**OSS Tools:**\n- [sensedeep/dynamodb-onetable](https://github.com/sensedeep/dynamodb-onetable) — Node.js library for single-table designs\n- [jeremydaly/dynamodb-toolbox](https://github.com/jeremydaly/dynamodb-toolbox) — Jeremy Daly's TypeScript library for single-table modeling\n\n### Amazon Redshift\n\n\u003e Petabyte-scale data warehouse.\n\n- [Redshift Documentation](https://docs.aws.amazon.com/redshift/)\n- [Redshift Serverless vs Provisioned — when to use each](https://www.factualminds.com/blog/amazon-redshift-serverless-vs-provisioned-when-to-use-each/)\n- [Amazon Redshift — glossary entry](https://www.factualminds.com/glossary/amazon-redshift/)\n\n### Amazon ElastiCache\n\n\u003e Managed Redis \u0026 Memcached.\n- [ElastiCache Documentation](https://docs.aws.amazon.com/elasticache/)\n- [ElastiCache Redis caching strategies for production](https://www.factualminds.com/blog/aws-elasticache-redis-caching-strategies-for-production/)\n- [Redis-Valkey cost-saving layer on AWS](https://www.factualminds.com/blog/redis-valkey-cost-saving-layer-aws/)\n\n### Amazon MemoryDB for Redis\n\n- [MemoryDB](https://aws.amazon.com/memorydb/)\n- [MemoryDB vector search](https://www.factualminds.com/blog/amazon-memorydb-vector-search/)\n\n### Amazon DocumentDB\n\n- [DocumentDB](https://aws.amazon.com/documentdb/) — MongoDB-compatible\n- [Migrate from MongoDB Atlas to DocumentDB](https://www.factualminds.com/compare/mongodb-atlas-to-documentdb/)\n- [MongoDB scalable, cost-efficient on AWS](https://www.factualminds.com/blog/mongodb-scalable-cost-efficient-aws/)\n\n### Amazon Neptune\n\n- [Neptune](https://aws.amazon.com/neptune/) — graph database\n- [Neptune Analytics — graph + vector](https://www.factualminds.com/blog/amazon-neptune-analytics-graph-vector/)\n\n### Amazon Timestream\n\n- [Timestream](https://aws.amazon.com/timestream/) — time-series; LiveAnalytics closed to new customers June 20, 2025\n\n### Decision Guides\n\n- [Which AWS database should I use?](https://www.factualminds.com/decide/which-aws-database/)\n- [Heroku Postgres → AWS RDS](https://www.factualminds.com/compare/heroku-postgres-to-aws-rds/)\n\n---\n\n## Networking \u0026 Content Delivery\n\n\u003e Design for blast radius (multi-AZ), latency (regional vs edge), and the bill (NAT Gateway egress and cross-AZ traffic are the usual surprises).\n\n### Amazon VPC — Virtual Private Cloud\n\n**Official:**\n- [VPC Documentation](https://docs.aws.amazon.com/vpc/)\n- [Networking \u0026 Content Delivery Blog](https://aws.amazon.com/blogs/networking-and-content-delivery/) — VPC, CDN, and hybrid connectivity posts\n\n**Production Guides:**\n- [VPC for production — subnet topology, NAT vs VPC endpoints, flow logs, and Transit Gateway](https://www.factualminds.com/blog/aws-vpc-networking-best-practices-for-production/)\n\n- [VPC peering vs Transit Gateway](https://www.factualminds.com/glossary/vpc-peering-vs-transit-gateway/)\n- [Amazon VPC — glossary entry](https://www.factualminds.com/glossary/amazon-vpc/)\n\n### NAT Gateway\n\n- [NAT Gateway billing — idle cost alternatives](https://www.factualminds.com/blog/aws-nat-gateway-billing-idle-cost-alternatives/) — bill teardown\n- [Bill teardown — healthcare's NAT Gateway problem](https://www.factualminds.com/blog/aws-bill-teardown-2-healthcare-nat-gateway-problem/)\n\n### Amazon Route 53\n\n- [Route 53](https://aws.amazon.com/route53/) — DNS + traffic management\n- [Route 53 DNS traffic management patterns](https://www.factualminds.com/blog/aws-route-53-dns-traffic-management-patterns/)\n\n### Amazon CloudFront\n\n\u003e Global CDN with 600+ edge locations.\n\n**Official:**\n- [CloudFront Documentation](https://docs.aws.amazon.com/cloudfront/)\n\n**Production Guides:**\n- [CloudFront vs Cloudflare — which CDN for your enterprise](https://www.factualminds.com/blog/aws-cloudfront-vs-cloudflare-which-cdn-for-your-enterprise/) · [Compare](https://www.factualminds.com/compare/aws-cloudfront-vs-cloudflare/)\n- [Image optimization + CloudFront — case study](https://www.factualminds.com/case-study/image-optimization-cloudfront/)\n- [Automated image pipeline + CloudFront — 30% cost reduction](https://www.factualminds.com/case-study/cloudfront/)\n- [AWS CloudFront Consulting](https://www.factualminds.com/services/aws-cloudfront-consultant/)\n\n### Amazon API Gateway\n\n\u003e 🎯 **Building a high-traffic API?** See the [High-scale API backend playbook](use-cases/high-scale-api.md) — CloudFront + WAF + API Gateway with caching, rate limits, and graceful degradation under load.\n\n- [API Gateway Documentation](https://docs.aws.amazon.com/apigateway/)\n- [API Gateway patterns — REST, HTTP, WebSocket](https://www.factualminds.com/blog/aws-api-gateway-patterns-rest-http-websocket/)\n\n### AWS Verified Access\n\n- [Verified Access — ZTNA zero-trust network](https://www.factualminds.com/blog/aws-verified-access-ztna-zero-trust-network/)\n\n### AWS Direct Connect / Transit Gateway / Global Accelerator\n\n- [Direct Connect](https://aws.amazon.com/directconnect/) · [Transit Gateway](https://aws.amazon.com/transit-gateway/) · [Global Accelerator](https://aws.amazon.com/global-accelerator/)\n\n---\n\n## Security \u0026 Identity\n\n\u003e Layer it: identity (IAM, Cognito), boundaries (SCPs, permission boundaries), encryption (KMS), detection (GuardDuty, Security Hub), and audit trails (CloudTrail, Config).\n\n### AWS IAM — Identity \u0026 Access Management\n\n**Official:**\n- [IAM Documentation](https://docs.aws.amazon.com/iam/)\n- [AWS Security Blog](https://aws.amazon.com/blogs/security/) — IAM, encryption, and detective controls posts\n\n**Production Guides:**\n- [IAM least privilege — permission boundaries, SCPs, IAM Access Analyzer, and policy conditions](https://www.factualminds.com/blog/aws-iam-best-practices-least-privilege-access-control/)\n- [AWS IAM — glossary entry](https://www.factualminds.com/glossary/aws-iam/)\n\n### AWS IAM Identity Center (formerly SSO)\n\n- [IAM Identity Center workforce SSO + identity propagation](https://www.factualminds.com/blog/aws-iam-identity-center-workforce-sso-identity-propagation/)\n- [IAM Identity Center vs Cognito](https://www.factualminds.com/compare/aws-iam-identity-center-vs-cognito/)\n\n### Amazon Cognito\n\n- [Cognito](https://aws.amazon.com/cognito/) — user identity for apps\n- [Cognito authentication for SaaS applications](https://www.factualminds.com/blog/aws-cognito-authentication-for-saas-applications/)\n\n### AWS KMS — Key Management Service\n\n- [KMS Documentation](https://docs.aws.amazon.com/kms/)\n- [KMS post-quantum cryptography — ML-KEM, ML-DSA](https://www.factualminds.com/blog/aws-kms-post-quantum-cryptography-ml-kem-ml-dsa/)\n- [AWS KMS — glossary entry](https://www.factualminds.com/glossary/aws-kms/)\n\n### Amazon GuardDuty\n\n\u003e Managed threat detection across AWS accounts.\n- [GuardDuty](https://aws.amazon.com/guardduty/)\n- [GuardDuty threat detection production guide](https://www.factualminds.com/blog/aws-guardduty-threat-detection-production-guide/)\n- [GuardDuty vs Security Hub](https://www.factualminds.com/compare/aws-guardduty-vs-security-hub/)\n\n### AWS Security Hub\n\n- [Security Hub](https://aws.amazon.com/security-hub/)\n- [Security Hub compliance monitoring setup](https://www.factualminds.com/blog/how-to-set-up-aws-security-hub-compliance-monitoring/)\n\n### AWS WAF — Web Application Firewall\n\n- [WAF Documentation](https://docs.aws.amazon.com/waf/)\n- [WAF web application firewall production guide](https://www.factualminds.com/blog/aws-waf-web-application-firewall-production-guide/)\n- [WAF API protection beyond basics](https://www.factualminds.com/blog/how-to-configure-aws-waf-api-protection-beyond-basics/)\n- [WAF vs Network Firewall](https://www.factualminds.com/compare/aws-waf-vs-network-firewall/)\n- [WAF case study — 99% threat blocking for eLearning](https://www.factualminds.com/case-study/aws-waf-security/)\n- [WAF case study — DDoS mitigation for BI](https://www.factualminds.com/case-study/aws-waf-ddos-protection-analytics/)\n- [WAF case study — PCI compliance for eCommerce](https://www.factualminds.com/case-study/aws-waf-pci-compliance/)\n\n### Amazon Inspector\n\n- [Inspector v2 — container + Lambda scanning](https://www.factualminds.com/blog/amazon-inspector-v2-container-lambda/)\n\n### Amazon Macie \u0026 Detective\n\n- [Macie + Detective — data security investigation](https://www.factualminds.com/blog/aws-macie-detective-data-security-investigation/)\n\n### AWS Network Firewall \u0026 Firewall Manager\n\n- [Network Firewall + Firewall Manager — multi-account](https://www.factualminds.com/blog/aws-network-firewall-firewall-manager-multi-account/)\n\n### AWS Secrets Manager / Parameter Store\n\n- [Secrets Manager](https://aws.amazon.com/secrets-manager/) · [Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html)\n- [Secrets Manager vs Parameter Store — when to use which](https://www.factualminds.com/blog/aws-secrets-manager-vs-parameter-store-when-to-use-which/)\n\n### AWS CloudTrail\n\n- [CloudTrail Documentation](https://docs.aws.amazon.com/cloudtrail/)\n- [CloudTrail production setup — multi-region + validation + Lake](https://www.factualminds.com/blog/aws-cloudtrail-production-setup-multi-region-validation-lake/)\n- [AWS CloudTrail — glossary entry](https://www.factualminds.com/glossary/aws-cloudtrail/)\n\n### Amazon Verified Permissions (Cedar)\n\n- [Verified Permissions + Cedar policy language](https://www.factualminds.com/blog/amazon-verified-permissions-cedar/)\n\n### Amazon Security Lake\n\n- [Security Lake — OCSF schema](https://www.factualminds.com/blog/amazon-security-lake-ocsf/)\n\n### AWS Shared Responsibility Model\n\n- [Shared Responsibility Model — glossary entry](#foundations)\n\n### Holistic Security Guides\n\n- [Cloud security baseline — 10 controls covering IAM, encryption, logging, and incident response](https://www.factualminds.com/blog/10-aws-cloud-security-best-practices-implementation-guide/)\n- [Securing AWS workloads beyond the basics](https://www.factualminds.com/blog/securing-aws-workloads-beyond-the-basics/)\n- [From reactive to proactive — automating AWS security remediation](https://www.factualminds.com/blog/from-reactive-to-proactive-automating-aws-security-remediation/)\n- [AWS resource hardening quick wins (DMS, OpenSearch, SageMaker, Lambda)](https://www.factualminds.com/blog/aws-resource-hardening-quick-wins-dms-opensearch-sagemaker-lambda/)\n- [AWS vulnerability management program — CVSS + KEV prioritization](https://www.factualminds.com/blog/aws-vulnerability-management-program-cvss-kev-prioritization/)\n- [Protect AWS infrastructure from cost-based attacks](https://www.factualminds.com/blog/protect-aws-infrastructure-cost-based-attacks/)\n- [Security \u0026 Compliance hub](https://www.factualminds.com/security-compliance/)\n\n### Data Perimeter\n\n- [Data perimeters on AWS](https://aws.amazon.com/identity/data-perimeters-on-aws/) — official identity, network, and resource perimeter model\n- [Building a data perimeter on AWS — whitepaper](https://docs.aws.amazon.com/whitepapers/latest/building-a-data-perimeter-on-aws/building-a-data-perimeter-on-aws.html) — full implementation guidance\n- [aws-samples/data-perimeter-policy-examples](https://github.com/aws-samples/data-perimeter-policy-examples) — official SCP and resource policy templates\n\n**OSS Security Tools:**\n- [Prowler](https://github.com/prowler-cloud/prowler) — AWS security audit + CIS benchmarks\n- [ScoutSuite](https://github.com/nccgroup/ScoutSuite) — multi-cloud security auditing\n- [CloudSploit](https://github.com/aquasecurity/cloudsploit) — AWS account misconfig scanner\n- [Pacu](https://github.com/RhinoSecurityLabs/pacu) — AWS exploitation framework (offensive)\n- [aws-nuke](https://github.com/rebuy-de/aws-nuke) — wipe an AWS account clean\n- [Checkov](https://github.com/bridgecrewio/checkov) — static analysis for Terraform, CloudFormation, CDK, Kubernetes, ARM, Bicep\n- [policy_sentry](https://github.com/salesforce/policy_sentry) — Salesforce IAM least-privilege policy generator\n- [algo](https://github.com/trailofbits/algo) — Trail of Bits one-click personal IPSEC VPN on EC2 (and other clouds)\n\n---\n\n## Compliance\n\n\u003e Evidence collection and audit-ready controls — Audit Manager for evidence, Artifact for AWS attestations, Config conformance packs for continuous checks.\n\n### HIPAA\n\n- [HIPAA Eligible AWS Services](https://aws.amazon.com/compliance/hipaa-eligible-services-reference/)\n- [HIPAA on AWS — complete compliance checklist](https://www.factualminds.com/blog/hipaa-on-aws-complete-compliance-checklist/)\n- [HIPAA-compliant architecture on AWS](https://www.factualminds.com/blog/how-to-implement-hipaa-compliant-architecture-aws/)\n- [HIPAA-compliant AI on AWS Bedrock](https://www.factualminds.com/blog/hipaa-compliant-ai-aws-bedrock/)\n- [HIPAA telehealth platform — case study (8 weeks)](https://www.factualminds.com/case-study/hipaa-compliant-telehealth-platform-aws/)\n- [HIPAA-eligible AWS services — glossary](https://www.factualminds.com/glossary/hipaa-eligible-aws-services/)\n- [HIPAA compliance checker tool](https://www.factualminds.com/tools/hipaa-compliance-checker/)\n\n### PCI DSS\n\n- [PCI DSS compliance on AWS — fintech guide](https://www.factualminds.com/blog/pci-dss-compliance-aws-architecture-guide-fintech/)\n- [PCI DSS fintech AWS migration — case study (12 weeks)](https://www.factualminds.com/case-study/pci-dss-fintech-aws-migration/)\n- [PCI DSS Cardholder Data Environment — glossary](https://www.factualminds.com/glossary/pci-dss-cardholder-data-environment/)\n\n### SOC 2\n\n- [SOC 2 compliance on AWS — implementation guide](https://www.factualminds.com/blog/how-to-achieve-soc2-compliance-aws-2026/)\n- [SOC 2 Type 2 — glossary](https://www.factualminds.com/glossary/soc2-type-2/)\n\n### ISO 27001\n\n- [ISO 27001 certification on AWS — ISMS implementation](https://www.factualminds.com/blog/iso-27001-certification-aws-isms-implementation/)\n\n### GDPR\n\n- [GDPR compliance on AWS for SaaS data protection](https://www.factualminds.com/blog/gdpr-compliance-aws-saas-data-protection/)\n\n### NIS2\n\n- [NIS2 directive — AWS for critical infrastructure](https://www.factualminds.com/blog/nis2-directive-aws-critical-infrastructure/)\n\n### NIST CSF 2.0\n\n- [NIST CSF 2.0 — AWS implementation guide](https://www.factualminds.com/blog/nist-csf-2-0-aws-implementation-guide/)\n\n### DORA (Digital Operational Resilience Act)\n\n- [DORA compliance — AWS for financial services](https://www.factualminds.com/blog/dora-compliance-aws-financial-services/)\n\n### EU AI Act\n\n- [EU AI Act compliance — AWS Bedrock + SageMaker](https://www.factualminds.com/blog/eu-ai-act-compliance-aws-bedrock-sagemaker/)\n\n---\n\n## Analytics \u0026 Big Data\n\n\u003e 🎯 **Building a real-time analytics pipeline?** See the [Real-time analytics playbook](use-cases/real-time-analytics.md) — Kinesis hot path + Firehose cold path → S3 + Athena, with cost model and partitioning patterns.\n\n**Official:**\n- [AWS Big Data Blog](https://aws.amazon.com/blogs/big-data/) — data lakes, streaming, OpenSearch, and analytics posts\n\n### Amazon Athena\n\n\u003e Serverless SQL on S3.\n- [Athena Documentation](https://docs.aws.amazon.com/athena/)\n- [Athena query cost optimization — partition, compress, cache, Iceberg](https://www.factualminds.com/blog/athena-query-cost-optimization-partition-compress-cache-iceberg/)\n\n### AWS Glue\n\n\u003e Serverless ETL + data catalog.\n- [Glue Documentation](https://docs.aws.amazon.com/glue/)\n- [Glue 5 + Apache Iceberg — modern ETL](https://www.factualminds.com/blog/aws-glue-5-apache-iceberg-modern-etl/)\n- [Glue vs dbt on AWS — data transformation guide](https://www.factualminds.com/blog/aws-glue-vs-dbt-on-aws-data-transformation-guide/)\n\n### Amazon Kinesis\n\n- [Kinesis Documentation](https://docs.aws.amazon.com/kinesis/)\n- [Kinesis Data Streams vs MSK — which streaming platform](https://www.factualminds.com/blog/amazon-kinesis-data-streams-vs-msk-which-streaming-platform/)\n- [Real-time data pipeline — Kinesis + Lambda + DynamoDB](https://www.factualminds.com/blog/real-time-data-pipeline-kinesis-lambda-dynamodb/)\n\n### Amazon Managed Service for Apache Flink\n\n- [Apache Flink on AWS — managed streaming analytics](https://www.factualminds.com/blog/apache-flink-on-aws-managed-service-streaming-analytics/)\n\n### Amazon OpenSearch Service\n\n**Official:**\n- [OpenSearch Documentation](https://docs.aws.amazon.com/opensearch-service/)\n- [Unified observability in OpenSearch Service (Big Data Blog)](https://aws.amazon.com/blogs/big-data/unified-observability-in-amazon-opensearch-service-metrics-traces-and-ai-agent-debugging-in-a-single-interface/) — metrics, traces, and AI agent debugging together\n\n**Production Guides:**\n- [OpenSearch architecture patterns + cost optimization](https://www.factualminds.com/blog/amazon-opensearch-service-architecture-patterns-cost-optimization/)\n\n### Amazon EMR\n\n- [EMR Serverless vs EC2 vs EKS — cost comparison](https://www.factualminds.com/blog/aws-emr-serverless-vs-ec2-vs-eks-cost-comparison/)\n\n### Amazon QuickSight\n\n\u003e Serverless BI + ML insights + GenAI dashboards.\n- [QuickSight Documentation](https://docs.aws.amazon.com/quicksight/)\n- [QuickSight in production — embedding, row-level security, SPICE refresh, and capacity sizing](https://www.factualminds.com/blog/amazon-quicksight-production-guide-best-practices/)\n- [QuickSight embedding analytics in SaaS apps](https://www.factualminds.com/blog/amazon-quicksight-embedding-analytics-saas-applications/)\n- [QuickSight real-time analytics dashboards](https://www.factualminds.com/blog/aws-quicksight-real-time-analytics-dashboards-guide/)\n- [Amazon Q in QuickSight — generative BI](https://www.factualminds.com/blog/amazon-q-quicksight-generative-bi/)\n- [QuickSight + SPICE case study](https://www.factualminds.com/case-study/amazon-quicksight-spice/)\n- [Amazon Q for QuickSight service](https://www.factualminds.com/services/amazon-q-for-quicksight/)\n\n### Amazon DataZone\n\n- [DataZone — enterprise governance](https://www.factualminds.com/blog/amazon-datazone-enterprise-governance/)\n\n### AWS Clean Rooms\n\n- [Clean Rooms — privacy-safe analytics](https://www.factualminds.com/blog/aws-clean-rooms-privacy-analytics/)\n\n### Data Pipelines \u0026 Lakes\n\n- [Building a data lake on S3 + Glue + Athena](#amazon-s3-simple-storage-service)\n- [Build a serverless data pipeline — Glue + Athena](https://www.factualminds.com/blog/how-to-build-serverless-data-pipeline-glue-athena/)\n- [AWS virtual data modeling guide](https://www.factualminds.com/blog/aws-virtual-data-modeling-guide/)\n- [Snowflake on AWS — integration](https://www.factualminds.com/integrations/snowflake-aws/)\n\n---\n\n## Artificial Intelligence \u0026 Machine Learning\n\n\u003e 🎯 **Building a RAG application?** See the [GenAI / RAG playbook](use-cases/genai-rag.md) — Bedrock + vector store + retrieval + Guardrails, with evaluation harness and per-tenant cost attribution.\n\n### Amazon Bedrock\n\n\u003e Fully managed access to top foundation models (Anthropic, Meta, Amazon Nova, Mistral, Cohere, OpenAI, Stability AI).\n\n**Official:**\n- [Bedrock Documentation](https://docs.aws.amazon.com/bedrock/)\n- [Bedrock Pricing](https://aws.amazon.com/bedrock/pricing/)\n- [Bedrock Knowledge Bases](https://aws.amazon.com/bedrock/knowledge-bases/)\n- [Bedrock Agents](https://aws.amazon.com/bedrock/agents/)\n- [Bedrock Guardrails](https://aws.amazon.com/bedrock/guardrails/)\n\n**Production Guides:**\n- [Why Bedrock is the fastest path to enterprise GenAI](https://www.factualminds.com/blog/why-aws-bedrock-is-the-fastest-path-to-enterprise-genai/)\n- [Bedrock cost optimization — token budgets + model selection](https://www.factualminds.com/blog/aws-bedrock-cost-optimization-token-budgets-model-selection/)\n- [Bedrock Provisioned Throughput vs On-Demand — break-even analysis](https://www.factualminds.com/blog/aws-bedrock-provisioned-throughput-vs-on-demand-break-even-2026/)\n- [Bedrock vs OpenAI API — enterprise comparison](https://www.factualminds.com/blog/aws-bedrock-vs-openai-api-enterprise/)\n- [Build a Bedrock Agent with tool use](https://www.factualminds.com/blog/how-to-build-amazon-bedrock-agent-tool-use-2026/)\n- [Build a RAG pipeline with Bedrock Knowledge Bases](https://www.factualminds.com/blog/how-to-build-rag-pipeline-amazon-bedrock-knowledge-bases/)\n- [Set up Bedrock Guardrails in production](https://www.factualminds.com/blog/how-to-set-up-amazon-bedrock-guardrails-production/)\n- [Implementing GenAI guardrails — secure AI governance](https://www.factualminds.com/blog/implementing-genai-guardrails-secure-ai-governance-aws/)\n- [Bedrock AI agents + agentic workflows](https://www.factualminds.com/blog/aws-bedrock-ai-agents-agentic-workflows/)\n- [Bedrock multi-agent supervisor pattern](https://www.factualminds.com/blog/aws-bedrock-multi-agent-supervisor-pattern/)\n- [Bedrock OpenAI models, Codex, Managed Agents](https://www.factualminds.com/blog/amazon-bedrock-openai-models-codex-managed-agents/)\n- [Bedrock AgentCore — production patterns](https://www.factualminds.com/blog/amazon-bedrock-agentcore-production/)\n- [Bedrock Flows — workflow orchestration](https://www.factualminds.com/blog/amazon-bedrock-flows-workflow-orchestration/)\n- [Bedrock Marketplace — third-party models](https://www.factualminds.com/blog/amazon-bedrock-marketplace-third-party-models/)\n- [Bedrock Automated Reasoning Checks — hallucination prevention](https://www.factualminds.com/blog/amazon-bedrock-automated-reasoning-checks-hallucination-prevention/)\n- [Bedrock Data Automation](https://www.factualminds.com/blog/amazon-bedrock-data-automation/)\n- [Fine-tuning vs RAG on Bedrock — when to use each](https://www.factualminds.com/blog/fine-tuning-vs-rag-bedrock-when-to-use/)\n- [Multi-tenant GenAI on Bedrock](https://www.factualminds.com/blog/multi-tenant-genai-bedrock/)\n- [Bedrock Nova models guide](https://www.factualminds.com/blog/aws-bedrock-nova-models-guide/)\n- [Amazon Bedrock — glossary entry](https://www.factualminds.com/glossary/amazon-bedrock/)\n- [RAG pipeline — glossary entry](https://www.factualminds.com/glossary/rag-pipeline/)\n\n### Amazon Bedrock AgentCore\n\n\u003e Managed runtime for production AI agents — sessions, memory, tool gateways, identity, and observability. The \"everything around the agent\" layer that Bedrock Agents alone doesn't give you.\n\n**Official:**\n- [Bedrock AgentCore](https://aws.amazon.com/bedrock/agentcore/)\n- [AgentCore documentation](https://docs.aws.amazon.com/bedrock-agentcore/)\n\n**Production Guides:**\n- [AgentCore production patterns](#amazon-bedrock)\n\n**OSS Tools:**\n- [awslabs/agentcore-samples](https://github.com/awslabs/agentcore-samples) — official sample patterns\n- [Amazon Bedrock AgentCore MCP Server](https://awslabs.github.io/mcp/servers/amazon-bedrock-agentcore-mcp-server) — build/deploy/manage agents from a coding agent\n\n### Amazon Nova\n\n\u003e Amazon's foundation model family — text, multimodal (Canvas, Reel).\n\n- [Nova Canvas + Reel — multimodal](https://www.factualminds.com/blog/amazon-nova-canvas-reel-multimodal/)\n\n### Amazon SageMaker\n\n\u003e Build, train, deploy ML models at any scale.\n\n**Official:**\n- [SageMaker Documentation](https://docs.aws.amazon.com/sagemaker/)\n- [AWS Machine Learning Blog](https://aws.amazon.com/blogs/machine-learning/) — training, inference, and MLOps posts\n\n**Production Guides:**\n- [SageMaker Unified Studio](https://www.factualminds.com/blog/amazon-sagemaker-unified-studio/)\n- [Run SageMaker training jobs cost-efficiently](https://www.factualminds.com/blog/how-to-run-sagemaker-training-jobs-cost-efficiently/)\n\n**Decision Guides:**\n- [Bedrock vs SageMaker](https://www.factualminds.com/compare/aws-bedrock-vs-sagemaker/)\n\n### Amazon Q\n\n\u003e AI assistant family for developers, business users, and analytics.\n\n**Official:**\n- [Amazon Q for Business](https://aws.amazon.com/q/business/)\n\n**Production Guides:**\n- [Q for Business vs ChatGPT Enterprise — CTO guide](https://www.factualminds.com/blog/amazon-q-for-business-vs-chatgpt-enterprise-cto-guide/) · [Compare](https://www.factualminds.com/compare/amazon-q-vs-chatgpt-enterprise/)\n- [Set up Q for Business with SharePoint + S3](https://www.factualminds.com/blog/how-to-set-up-amazon-q-for-business-sharepoint-s3/)\n- [Q vs GitHub Copilot](https://www.factualminds.com/blog/amazon-q-vs-github-copilot-2026/)\n- [Q for Business case study](https://www.factualminds.com/case-study/amazonq/)\n\n### Kiro IDE\n\n- [Kiro IDE — AWS agentic coding](https://www.factualminds.com/blog/kiro-ide-aws-agentic-coding/)\n\n### Other AI/ML Services\n\n- [Amazon Comprehend](https://aws.amazon.com/comprehend/) — NLP\n- [Amazon Rekognition](https://aws.amazon.com/rekognition/) — image/video analysis\n- [Amazon Textract](https://aws.amazon.com/textract/) — OCR + document AI\n- [Amazon Polly](https://aws.amazon.com/polly/) — text-to-speech\n- [Amazon Translate](https://aws.amazon.com/translate/) · [Amazon Transcribe](https://aws.amazon.com/transcribe/)\n\n### Cost Control for AI\n\n- [AWS autoscaling for AI workloads — avoid budget overrun](https://www.factualminds.com/blog/aws-autoscaling-ai-workloads-budget-overrun/)\n- [Bedrock token cost calculator](https://www.factualminds.com/tools/aws-bedrock-token-cost-calculator/)\n\n### External references (vectors \u0026 RAG concepts)\n\n- [Pinecone Learning Center](https://www.pinecone.io/learn) — vector retrieval and RAG concept guides complementary to Bedrock RAG\n- [Weaviate Blog](https://weaviate.io/blog) — vector database architecture and retrieval engineering articles\n\n### Roundup\n\n- [Top 20 modern AWS AI services — overview](#foundations)\n\n---\n\n## Developer Tools, DevOps \u0026 CI/CD\n\n\u003e 🎯 **Setting up CI/CD?** See the [CI/CD playbook](use-cases/ci-cd.md) — GitHub Actions + OIDC + per-environment accounts, with canary deploys, drift detection, and rollback runbook.\n\n**Official:**\n- [AWS DevOps \u0026 Developer Productivity Blog](https://aws.amazon.com/blogs/devops/) — CI/CD, CDK, and platform engineering posts\n\n### AWS CloudFormation\n\n\u003e Native infrastructure-as-code in YAML/JSON.\n- [CloudFormation Documentation](https://docs.aws.amazon.com/cloudformation/)\n- [CloudFormation patterns — stack splitting, drift detection, change sets, and rollback triggers](https://www.factualminds.com/blog/aws-cloudformation-best-practices-infrastructure-as-code/)\n- [Application Composer — IaC generator](https://www.factualminds.com/blog/aws-application-composer-iac-generator/)\n\n### AWS CDK — Cloud Development Kit\n\n\u003e Imperative IaC in TypeScript / Python / Java / Go / .NET.\n- [CDK Documentation](https://docs.aws.amazon.com/cdk/)\n- [Construct Hub](https://constructs.dev/) — community CDK constructs\n- [Terraform vs AWS CDK — IaC decision guide](https://www.factualminds.com/blog/terraform-vs-aws-cdk-infrastructure-as-code-decision-guide/)\n\n**OSS Tools:**\n- [cdklabs/cdk-nag](https://github.com/cdklabs/cdk-nag) — checks CDK apps against AWS Solutions, HIPAA, NIST, PCI rule packs at synth time\n- [projen/projen](https://github.com/projen/projen) — define and synthesise project configuration as code (CDK-style for repos)\n- [aws-samples/aws-cdk-examples](https://github.com/aws-samples/aws-cdk-examples) — official patterns in TS, Python, Java, Go, .NET\n\n### Terraform on AWS\n\n- [OpenTofu](https://opentofu.org/) — open-source Terraform-compatible infrastructure-as-code engine\n- [HashiCorp AWS Provider](https://registry.terraform.io/providers/hashicorp/aws/latest)\n- [Terraform AWS provider upgrade strategy](https://www.factualminds.com/blog/terraform-aws-provider-upgrade-strategy/)\n- [Terraform state management — import, move, repair](https://www.factualminds.com/blog/terraform-state-management-aws-import-move-repair/)\n- [Safe Terraform apply workflows — approval gates](https://www.factualminds.com/blog/safe-terraform-apply-workflows-approval-gates-aws/)\n- [AWS infrastructure drift detection — Terraform](https://www.factualminds.com/blog/aws-infrastructure-drift-detection-terraform/)\n- [Migrate Terraform → OpenTofu on AWS](https://www.factualminds.com/blog/migrate-terraform-opentofu-aws/)\n- [Terraform on AWS — integration guide](https://www.factualminds.com/integrations/terraform-aws/)\n\n### Pulumi on AWS\n\n\u003e Imperative IaC in TypeScript / Python / Go / .NET / Java with real programming-language constructs.\n\n- [Pulumi AWS provider](https://www.pulumi.com/registry/packages/aws/) — official provider docs\n- [Pulumi AWS Native](https://www.pulumi.com/registry/packages/aws-native/) — generated from CloudFormation schema for full coverage\n- [Pulumi vs Terraform](https://www.pulumi.com/docs/iac/concepts/vs/terraform/) — official comparison\n- [Pulumi vs CDK](https://www.pulumi.com/docs/iac/comparisons/cloud-template-transpilers/aws-cdk/) — official comparison\n\n### SST\n\n\u003e TypeScript-native IaC purpose-built for serverless on AWS.\n\n- [SST](https://sst.dev/) — full-stack framework on AWS\n- [SST Documentation](https://sst.dev/docs/) — Ion (v3) is AWS-only with Pulumi/Terraform under the hood\n- [SST Components](https://sst.dev/docs/components/) — high-level constructs for common AWS patterns\n- [SST Blog](https://sst.dev/blog/) — SST team posts on serverless patterns on AWS\n\n### AWS CodePipeline / CodeBuild / CodeDeploy\n\n- [CodePipeline](https://aws.amazon.com/codepipeline/) · [CodeBuild](https://aws.amazon.com/codebuild/) · [CodeDeploy](https://aws.amazon.com/codedeploy/)\n- [CodePipeline CI/CD patterns for production](https://www.factualminds.com/blog/aws-codepipeline-cicd-pipeline-patterns-for-production/)\n- [DevOps on AWS — CodePipeline vs GitHub Actions vs Jenkins](https://www.factualminds.com/blog/devops-on-aws-codepipeline-vs-github-actions-vs-jenkins/) · [Compare](https://www.factualminds.com/compare/aws-codepipeline-vs-github-actions/)\n\n### GitHub Actions on AWS\n\n- [GitHub Actions AWS deploys — OIDC federation, scoped roles, and credential-free pipelines](https://www.factualminds.com/blog/github-actions-aws-cicd-security-best-practices/)\n- [GitHub Actions on AWS — integration guide](https://www.factualminds.com/integrations/github-actions-aws/)\n\n### CI/CD vendor engineering blogs\n\n- [CircleCI Blog](https://circleci.com/blog/) — CI/CD pipeline engineering posts useful for AWS-deployed apps\n- [Spinnaker Community](https://spinnaker.io/community/) — continuous delivery platform community hub\n\n### General DevOps Practice\n\n- [10 AWS DevOps practices for production](https://www.factualminds.com/blog/10-aws-devops-practices-production-2026/)\n- [DevOps Exercises on AWS — production reality](https://www.factualminds.com/blog/devops-exercises-aws-production-reality/)\n- [AWS environment parity — dev / staging / production](https://www.factualminds.com/blog/aws-environment-parity-dev-staging-production/)\n- [Cost-aware CI/CD pipelines on AWS](https://www.factualminds.com/blog/cost-aware-cicd-pipelines-aws/)\n- [Debug production distributed AWS systems](https://www.factualminds.com/blog/debug-production-distributed-aws-systems/)\n\n### Local Dev / Emulators\n\n- [LocalStack](https://localstack.cloud/) — AWS-in-a-box for local dev\n- [ministackorg/ministack](https://github.com/ministackorg/ministack) — MIT local AWS emulator; 40+ services; Terraform and SDK compatible\n- [floci-io/floci](https://github.com/floci-io/floci) — MIT local AWS emulator; Docker Compose; broad AWS API coverage\n- [getmoto/moto](#oss-lambda-frameworks-community) — mock AWS services for Python tests (boto3 stub library)\n- [AWS CLI chmod /dev/null streaming bug](https://www.factualminds.com/blog/aws-cli-chmod-dev-null-streaming-bug-2026/) — gotcha alert\n\n### CLI \u0026 Productivity OSS\n\n- [awslogs](https://github.com/jorgebastida/awslogs) — query CloudWatch Logs from the terminal (the everyday-driver tool)\n- [aws-shell](https://github.com/awslabs/aws-shell) — interactive shell with autocomplete for the AWS CLI\n- [awless](https://github.com/wallix/awless) — opinionated Go-based CLI for EC2, IAM, S3 (declarative templates)\n- [saws](https://github.com/donnemartin/saws) — supercharged AWS CLI with autocomplete + syntax highlighting\n\n### CloudFormation OSS Tools\n\n- [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) — official CloudFormation template linter — catches schema, resource, and intrinsic-function errors before deploy\n- [Stelligent/cfn_nag](https://github.com/stelligent/cfn_nag) — CFN security linting (insecure IAM, S3 public, etc.)\n- [cloudtools/troposphere](https://github.com/cloudtools/troposphere) — Python library for generating CloudFormation templates\n- [cloudreach/sceptre](https://github.com/Sceptre/sceptre) — CLI-driven CloudFormation orchestration\n\n### AWS CLI / SDKs / Cloud9\n\n- [AWS CLI v2](https://aws.amazon.com/cli/)\n- [AWS SDK list](https://aws.amazon.com/developer/tools/) — Python (boto3), JS, Java, Go, Rust, ...\n- [AWS CloudShell](https://aws.amazon.com/cloudshell/) — browser shell with credentials pre-loaded\n- [AWS Toolkit for VS Code / JetBrains](https://aws.amazon.com/visualstudiocode/)\n\n### Asset Pipelines / Runtimes\n\n- [Tune PHP / Node / Python / Go for high concurrency](https://www.factualminds.com/blog/tune-php-node-python-go-high-concurrency/)\n- [Ultra-fast asset pipelines — Bun + Vite + Rust](https://www.factualminds.com/blog/ultra-fast-asset-pipelines-bun-vite-rust/)\n- [Nginx vs FrankenPHP — modern runtimes comparison](https://www.factualminds.com/blog/nginx-frankenphp-modern-runtimes-comparison/)\n\n---\n\n## Observability \u0026 Monitoring\n\n\u003e 🎯 **Building an observability pipeline at scale?** See the [Observability pipeline playbook](use-cases/observability-pipeline.md) — hot CloudWatch + cold S3-Athena, EMF metrics, trace sampling, PII redaction, and cost discipline.\n\n### Amazon CloudWatch\n\n**Official:**\n- [CloudWatch Documentation](https://docs.aws.amazon.com/cloudwatch/)\n- [CloudWatch Application Signals](https://aws.amazon.com/cloudwatch/features/application-observability-apm/) — auto-instrumented APM with SLO tracking\n- [CloudWatch Logs Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html) — query language for log analytics\n\n**Production Guides:**\n- [CloudWatch observability — EMF metrics, Logs Insights queries, composite alarms, and metric streams](https://www.factualminds.com/blog/aws-cloudwatch-observability-metrics-logs-alarms-best-practices/)\n- [CloudWatch logging costs](https://www.factualminds.com/blog/aws-cloudwatch-logging-costs-observability/)\n- [Amazon CloudWatch — glossary entry](https://www.factualminds.com/glossary/amazon-cloudwatch/)\n\n### AWS X-Ray\n\n- [X-Ray](https://aws.amazon.com/xray/) — distributed tracing; in maintenance per AWS lifecycle docs [maintenance]\n\n### OpenTelemetry on AWS\n\n**Official:**\n- [AWS Distro for OpenTelemetry (ADOT)](https://aws-otel.github.io/) — recommended successor to X-Ray for new tracing\n- [ADOT Documentation](https://aws-otel.github.io/docs/introduction)\n- [ADOT Lambda layer](https://aws-otel.github.io/docs/getting-started/lambda) — auto-instrumentation for Lambda\n\n**Production Guides:**\n- [OpenTelemetry demo game — AWS observability + chaos engineering](https://www.factualminds.com/blog/otel-demo-game-aws-observability-chaos-engineering/)\n\n### Amazon Managed Service for Prometheus / Grafana\n\n- [Amazon Managed Prometheus (AMP)](https://aws.amazon.com/prometheus/) · [Amazon Managed Grafana (AMG)](https://aws.amazon.com/grafana/)\n\n### Operational Monitoring\n\n- [The real cost of no 24/7 AWS monitoring](https://www.factualminds.com/blog/real-cost-of-no-24-7-aws-monitoring/)\n- [AWS 24/7 managed support + monitoring](https://www.factualminds.com/blog/aws-24-7-managed-support-monitoring/)\n\n### Log Pipelines\n\n- [Stream CloudWatch Logs to S3 via Firehose](https://docs.aws.amazon.com/firehose/latest/dev/writing-with-cloudwatch-logs.html) — official log pipeline pattern\n- [Querying CloudWatch logs in S3 with Athena](https://docs.aws.amazon.com/athena/latest/ug/cloudwatch-logs.html) — long-term log analytics on cold storage\n- [Centralized Logging with OpenSearch (Solutions)](https://aws.amazon.com/solutions/implementations/centralized-logging-with-opensearch/) — official deployable reference\n\n### Third-party\n\n- [Datadog on AWS — integration](https://www.factualminds.com/integrations/datadog-aws/)\n- [Honeycomb Blog](https://www.honeycomb.io/blog) — distributed systems observability engineering posts\n- [Datadog Engineering — Kubernetes topic](https://www.datadoghq.com/blog/topic/kubernetes/) — Kubernetes reliability and operations articles\n- [Lumigo Blog](https://lumigo.io/blog) — serverless observability and Lambda troubleshooting articles\n\n---\n\n## Cost Management \u0026 FinOps\n\n\u003e 🎯 **Hunting a surprise bill?** See the [Cost pitfalls playbook](use-cases/cost-pitfalls.md) — NAT Gateway egress, cross-AZ traffic, CloudWatch Logs ingestion, and the other line items that surprise teams.\n\n### Cost Tools (Native)\n\n- [AWS Cost Explorer](https://aws.amazon.com/aws-cost-management/aws-cost-explorer/)\n- [AWS Budgets](https://aws.amazon.com/aws-cost-management/aws-budgets/)\n- [AWS Compute Optimizer](https://aws.amazon.com/compute-optimizer/)\n- [AWS Cost Anomaly Detection](https://aws.amazon.com/aws-cost-management/aws-cost-anomaly-detection/)\n- [AWS Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/trusted-advisor/)\n- [AWS Billing and Cost Management — official user guide](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/) — accounts, invoices, allocation tags\n- [AWS Customer Carbon Footprint Tool](https://aws.amazon.com/aws-cost-management/aws-customer-carbon-footprint-tool/) — estimated emissions by service + region (free, in Billing console)\n\n### Strategy \u0026 Playbooks\n\n- [Cost Explorer + Budgets monitoring guide](https://www.factualminds.com/blog/aws-cost-explorer-budgets-monitoring-guide/)\n- [Cost Optimization Hub guide](https://www.factualminds.com/blog/aws-cost-optimization-hub-guide/)\n- [Use Cost Anomaly Detection to catch surprise bills](https://www.factualminds.com/blog/how-to-use-aws-cost-anomaly-detection-catch-surprise-bills/)\n- [5 cost optimization strategies most teams overlook](https://www.factualminds.com/blog/5-aws-cost-optimization-strategies-most-teams-overlook/)\n- [Cloud cost optimization — modern strategies](https://www.factualminds.com/blog/cloud-cost-optimization-2026-modern-strategies/)\n- [AWS cost prediction playbook](https://www.factualminds.com/blog/aws-cost-prediction-2026-playbook/)\n- [AWS cost control architecture optimization playbook](https://www.factualminds.com/blog/aws-cost-control-architecture-optimization-playbook/)\n- [Designing cost-stable AWS architectures](https://www.factualminds.com/blog/aws-cost-stable-architecture-design/)\n- [Eliminate surprise bills with autoscaling](https://www.factualminds.com/blog/aws-eliminate-surprise-bills-autoscaling/)\n- [Multi-region AWS without doubling costs](https://www.factualminds.com/blog/multi-region-aws-without-doubling-costs/)\n- [AWS pricing emergent behavior — billing complexity](https://www.factualminds.com/blog/aws-pricing-emergent-behavior-billing-complexity/)\n- [Prevent queue cost explosions on AWS](https://www.factualminds.com/blog/prevent-queue-cost-explosions-aws/)\n- [Cost-optimized SaaS stack on AWS — end to end](https://www.factualminds.com/blog/cost-optimized-saas-stack-aws-end-to-end/)\n- [AWS data transfer costs for startups](https://www.factualminds.com/blog/aws-data-transfer-costs-startups/)\n\n### FinOps\n\n- [FinOps on AWS — complete cost governance guide](https://www.factualminds.com/blog/finops-on-aws-complete-guide-cloud-cost-governance/)\n- [AWS FinOps gap — engineering cost ownership](https://www.factualminds.com/blog/aws-finops-gap-engineering-cost-ownership/)\n- [FinOps — glossary entry](https://www.factualminds.com/glossary/finops/)\n- [FinOps Foundation](https://www.finops.org/) — global community\n- [FinOps Foundation Insights](https://www.finops.org/insights/) — foundation articles and updates on FinOps practice and cloud financial operations\n\n### Bill Teardowns (real customer incidents)\n\n- [Bill teardown #1 — SaaS startup with $40k/mo overrun](https://www.factualminds.com/blog/aws-bill-teardown-1-saas-startup-40k-month-overrun/)\n- [Bill teardown #2 — healthcare's NAT Gateway problem](#nat-gateway)\n- [Bill teardown #3 — retail's data transfer trap](https://www.factualminds.com/blog/aws-bill-teardown-3-retail-data-transfer-trap/)\n- [AWS startup cost explosion — real failure patterns](https://www.factualminds.com/blog/aws-startup-cost-explosion-real-failure-patterns/)\n- [SaaS cost optimization — case study ($85k → $58k/mo)](https://www.factualminds.com/case-study/saas-cost-optimization-30-percent-reduction/)\n\n### Savings Plans / Reserved Instances\n\n- [Savings Plans](https://aws.amazon.com/savingsplans/) · [Reserved Instances](https://aws.amazon.com/ec2/pricing/reserved-instances/)\n- [Reserved Instances vs Savings Plans](https://www.factualminds.com/glossary/reserved-instances-vs-savings-plans/)\n- [AWS Savings Plans — glossary](https://www.factualminds.com/glossary/aws-savings-plans/)\n\n### Managed vs DIY Cost\n\n- [AWS managed services vs DIY — total cost of ownership](https://www.factualminds.com/blog/aws-managed-services-vs-diy-total-cost-of-ownership/)\n\n**OSS Cost Tools:**\n- [Infracost](https://www.infracost.io/) — Terraform → cost diff in PRs\n- [Komiser](https://github.com/tailwarden/komiser) — multi-cloud cost + resource viewer\n- [aws-nuke](#data-perimeter) — wipe orphaned dev accounts\n- [Cloud Intelligence Dashboards](https://github.com/aws-samples/aws-cudos-framework-deployment) — CUR analytics dashboards (CUDOS, Cost Intelligence, KPI)\n- [cloud-custodian/cloud-custodian](https://github.com/cloud-custodian/cloud-custodian) — YAML rules engine for resource governance, cost, and compliance enforcement\n- [Similarweb/finala](https://github.com/similarweb/finala) — scans AWS for wasteful and unused resources to cut spend\n\n---\n\n## Migration \u0026 Transfer\n\n### AWS Migration Hub \u0026 MAP\n\n- [AWS Migration Hub](https://aws.amazon.com/migration-hub/)\n- [Migration Acceleration Program (MAP)](https://aws.amazon.com/migration-acceleration-program/)\n- [MAP for SMBs — guide](https://www.factualminds.com/blog/aws-migration-acceleration-program-map-smb-guide/)\n\n### AWS Application Migration Service (MGN) \u0026 DMS\n\n- [Application Migration Service](https://aws.amazon.com/application-migration-service/)\n- [Database Migration Service (DMS)](https://aws.amazon.com/dms/)\n\n### Migration Strategy\n\n- [AWS migration strategy — choose the right approach](https://www.factualminds.com/blog/aws-migration-strategy-choose-right-approach/)\n- [Application modernization — refactor / replatform / rearchitect](https://www.factualminds.com/blog/aws-application-modernization-refactor-replatform-rearchitect/)\n- [Application modernization ROI + business case](https://www.factualminds.com/blog/aws-application-modernization-roi-business-case/)\n- [Migrate without cost surprises](https://www.factualminds.com/blog/aws-migration-without-cost-surprises/)\n- [7 signs you need a migration partner](https://www.factualminds.com/blog/7-signs-you-need-an-aws-cloud-migration-partner/)\n- [Cloud migration estimator tool](https://www.factualminds.com/tools/cloud-migration-estimator/)\n\n### Disaster Recovery\n\n- [DR strategies — pilot light / warm standby / multi-site](https://www.factualminds.com/blog/aws-disaster-recovery-strategies-pilot-light-warm-standby-multi-site/)\n\n### VMware → AWS\n\n- [Amazon Elastic VMware Service](#amazon-elastic-vmware-service-evs)\n\n---\n\n## Internet of Things (IoT)\n\n### AWS IoT Core\n\n**Official:**\n- [IoT Core Documentation](https://docs.aws.amazon.com/iot/)\n- [AWS IoT Blog](https://aws.amazon.com/blogs/iot/) — device connectivity, Greengrass, and industrial IoT posts\n\n**Production Guides:**\n- [IoT Core MQTT for industrial workloads](https://www.factualminds.com/blog/aws-iot-core-mqtt-industrial-workloads/)\n- [IoT solutions architecture guide](https://www.factualminds.com/blog/aws-iot-solutions-architecture-guide/)\n\n### AWS IoT Greengrass\n\n- [Greengrass v2 — edge computing for the factory floor](https://www.factualminds.com/blog/aws-iot-greengrass-v2-edge-computing-factory-floor/)\n\n### AWS IoT SiteWise\n\n- [SiteWise native anomaly detection — predictive maintenance](https://www.factualminds.com/blog/aws-iot-sitewise-native-anomaly-detection-predictive-maintenance/)\n- [OPC UA → IoT SiteWise edge gateway setup](https://www.factualminds.com/blog/opc-ua-aws-iot-sitewise-edge-gateway-setup/)\n\n### AWS IoT TwinMaker\n\n- [TwinMaker — digital twin for manufacturing](https://www.factualminds.com/blog/aws-iot-twinmaker-digital-twin-manufacturing/)\n\n### Architecture\n\n- [OT/IT convergence — AWS architecture patterns](https://www.factualminds.com/blog/ot-it-convergence-aws-architecture-patterns/)\n- [Manufacturing IoT predictive maintenance — case study](https://www.factualminds.com/case-study/manufacturing-iot-predictive-maintenance-aws/)\n\n---\n\n## Application Integration\n\n\u003e 🎯 **Building async/event-driven systems?** See [Async job processing](use-cases/async-jobs.md) (queue + worker + DLQ) and [Event-driven processing](use-cases/event-driven.md) (EventBridge with schemas, replay, per-target DLQs).\n\n### Amazon SQS\n\n**Official:**\n- [SQS Documentation](https://docs.aws.amazon.com/sqs/)\n- [Application Integration category (AWS News Blog)](https://aws.amazon.com/blogs/aws/category/application-integration/) — EventBridge, Step Functions, and messaging launches\n\n**Production Guides:**\n- [SQS reliable messaging patterns for production](https://www.factualminds.com/blog/aws-sqs-reliable-messaging-patterns-for-production/)\n- [Reliable queue systems on AWS — SQS, Kafka, Redis](https://www.factualminds.com/blog/reliable-queue-systems-aws-sqs-kafka-redis/)\n\n### Amazon SNS\n\n- [SNS Documentation](https://docs.aws.amazon.com/sns/) — pub/sub fan-out\n\n### Amazon EventBridge\n\n- See [Serverless](#serverless) section\n\n### Amazon MQ\n\n- [Amazon MQ](https://aws.amazon.com/amazon-mq/) — managed RabbitMQ + ActiveMQ\n\n### AWS AppFlow\n\n- [AppFlow](https://aws.amazon.com/appflow/) — SaaS-to-AWS data sync\n\n---\n\n## Email \u0026 Communication\n\n### Amazon SES — Simple Email Service\n\n\u003e 🎯 **Building transactional email at scale?** Start with the [Email delivery playbook](use-cases/email-delivery.md) — full architecture (SES → SNS → Firehose → S3 → Athena), bounce/complaint handling, IP warming, cost model, and 18-item production checklist.\n\n- [SES Documentation](https://docs.aws.amazon.com/ses/)\n- [SES e-commerce email marketing](https://www.factualminds.com/blog/aws-ses-ecommerce-email-marketing/)\n- [Migrate from SendGrid to SES](https://www.factualminds.com/blog/how-to-migrate-from-sendgrid-to-amazon-ses/)\n- [SES at scale — case study (200M+ messages/mo)](https://www.factualminds.com/case-study/aws-ses/)\n\n### SES Migrations from Competitors\n\n- [SendGrid → SES](https://www.factualminds.com/compare/sendgrid-to-aws-ses/)\n- [Mailgun → SES](https://www.factualminds.com/compare/mailgun-to-aws-ses/)\n- [Postmark → SES](https://www.factualminds.com/compare/postmark-to-aws-ses/)\n- [Resend → SES](https://www.factualminds.com/compare/resend-to-aws-ses/)\n- [SparkPost → SES](https://www.factualminds.com/compare/sparkpost-to-aws-ses/)\n- [Elastic Email → SES](https://www.factualminds.com/compare/elastic-email-to-aws-ses/)\n\n---\n\n## Management \u0026 Governance\n\n### AWS Organizations\n\n- [AWS Organizations](https://aws.amazon.com/organizations/)\n- [Organizations + SCPs — glossary](https://www.factualminds.com/glossary/aws-organizations-scps/)\n\n### AWS Control Tower \u0026 Landing Zone\n\n- [Control Tower](https://aws.amazon.com/controltower/)\n- [Set up Control Tower for multi-account governance](https://www.factualminds.com/blog/how-to-set-up-aws-control-tower-multi-account-governance/)\n- [Multi-account landing zone — Control Tower, OUs, SCPs, and Identity Center setup](https://www.factualminds.com/blog/aws-multi-account-strategy-landing-zone-best-practices/)\n- [AWS Control Tower — glossary](https://www.factualminds.com/glossary/aws-control-tower/)\n- [AWS Landing Zone — glossary](https://www.factualminds.com/glossary/aws-landing-zone/)\n\n**Third-party narratives:**\n- [Monzo Bank (AWS customer story)](https://aws.amazon.com/solutions/case-studies/monzo-bank-case-study/) — digital bank on AWS; scale and account-boundary themes\n- [AWS infrastructure at Segment](https://segment.com/blog/aws-infrastructure-at-segment) — many AWS accounts and environment scaling practices\n- [Shopify Engineering](https://shopify.engineering/) — backend engineering posts including AWS-scale commerce infrastructure\n- [Revamping with Landing Zone — multi-account rebuild (WealthPark)](https://medium.com/wealthpark-engineering/revamping-with-landing-zone-exploring-multi-account-aws-architecture-in-our-infrastructure-rebuild-6b1f2da9327) — Landing Zone–oriented infrastructure rebuild walkthrough\n- [Enterprise Landing Zone decisions — lessons learned, Part 1](https://medium.com/@malavaln/dive-deep-on-our-aws-landing-zone-architecture-decisions-made-lessons-learnt-part-1-898604d7aaaf) — large-org LZ architecture decisions and tradeoffs\n\n### AWS Config\n\n- [AWS Config](https://aws.amazon.com/config/) — resource inventory + compliance\n- [AWS Config Rules — glossary](https://www.factualminds.com/glossary/aws-config-rules/)\n\n### Service Limits, Quotas \u0026 Throttling\n\n\u003e Hard vs soft limits, retry strategy, and the throttling behaviour that bites at scale.\n\n**Official:**\n- [Service Quotas console](https://docs.aws.amazon.com/servicequotas/latest/userguide/intro.html) — view and request increases for soft limits\n- [AWS service quotas reference](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) — per-service hard and soft limits\n- [Error retries and exponential backoff (SDK guidance)](https://docs.aws.amazon.com/general/latest/gr/api-retries.html) — official retry behaviour\n- [Timeouts, retries, and backoff with jitter (Builders Library)](https://aws.amazon.com/builders-library/timeouts-retries-and-backoff-with-jitter/) — first-principles guidance\n- [API Gateway throttling](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html) — account-, stage-, and key-level limits\n- [Lambda concurrency and throttling](https://docs.aws.amazon.com/lambda/latest/dg/lambda-concurrency.html) — reserved vs provisioned concurrency\n- [DynamoDB throttling and adaptive capacity](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html) — partition-level throttling\n\n### AWS Support \u0026 MSP\n\n- [AWS Support Plans](https://aws.amazon.com/premiumsupport/plans/)\n- [AWS managed services vs Support plans — difference](https://www.factualminds.com/blog/aws-managed-services-vs-aws-support-plans-difference/)\n- [What does an AWS MSP actually do](https://www.factualminds.com/blog/what-does-aws-msp-actually-do/)\n- [When do you need an AWS MSP](https://www.factualminds.com/blog/when-do-you-need-aws-managed-services-provider/)\n- [How to evaluate an AWS MSP](https://www.factualminds.com/blog/how-to-evaluate-aws-managed-services-provider/)\n\n### Hiring an AWS Consultant\n\n- [How to choose an AWS cloud consulting partner](https://www.factualminds.com/blog/aws-cloud-consulting-partner-how-to-choose/)\n- [Benefits of hiring a certified AWS consultant](https://www.factualminds.com/blog/benefits-of-hiring-certified-aws-consultant/)\n- [What to look for when hiring an AWS consultant](https://www.factualminds.com/blog/hire-aws-consultant-what-to-look-for/)\n- [When to hire an AWS consultant — business triggers](https://www.factualminds.com/blog/when-to-hire-aws-consultant-business-triggers/)\n\n### AWS Partner Network\n\n- [AWS Partner Network (APN)](https://aws.amazon.com/partners/)\n- [AWS Retail Competency — what it means for your business](https://www.factualminds.com/blog/aws-retail-competency-what-it-means-for-your-business/)\n\n---\n\n## Well-Architected Framework\n\n\u003e Six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability.\n\n- [Well-Architected Framework — official](#foundations)\n- [WAF Tool (free review)](https://aws.amazon.com/well-architected-tool/)\n- [WAF lenses (Serverless, SaaS, GenAI, ...)](https://aws.amazon.com/architecture/well-architected/?ref=wellarchitected-wp\u0026wa-lens-whitepapers.sort-by=item.additionalFields.sortDate\u0026wa-lens-whitepapers.sort-order=desc)\n- [Reliability Pillar (official whitepaper)](https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/) — failure isolation, recovery, multi-AZ\n- [Cost Optimization Pillar (official whitepaper)](https://docs.aws.amazon.com/wellarchitected/latest/cost-optimization-pillar/) — practices for spend efficiency\n- [WAF 6 pillars explained](#foundations)\n- [Well-Architected Framework — glossary](https://www.factualminds.com/glossary/well-architected-framework/)\n- [AWS Well-Architected Review service](https://www.factualminds.com/services/aws-architecture-review/)\n- [Free Well-Architected self-assessment tool](https://www.factualminds.com/tools/aws-well-architected-assessment/)\n\n---\n\n## Industry Architectures\n\nEnd-to-end reference architectures for verticals.\n\n### SaaS\n\n- [SaaS multi-tenancy on AWS — silo vs pool vs bridge](https://www.factualminds.com/blog/saas-multi-tenancy-on-aws-silo-vs-pool-vs-bridge-model/)\n- [Multi-tenant SaaS on AWS — architecture pattern](https://www.factualminds.com/patterns/multi-tenant-saas-on-aws/)\n- [SaaS industry hub](https://www.factualminds.com/industries/saas/)\n- [How UNiDAYS achieved AWS Region expansion in three weeks](https://aws.amazon.com/blogs/architecture/how-unidays-achieved-aws-region-expansion-in-3-weeks/) — multi-Region SaaS rollout case study\n\n### Startups\n\n- [AWS for Startups industry hub](https://www.factualminds.com/industries/aws-startups/)\n\n### Fintech\n\n- [Fintech architecture patterns on AWS](https://www.factualminds.com/blog/building-fintech-applications-on-aws-architecture-patterns/)\n- [Fintech industry hub](https://www.factualminds.com/industries/aws-fintech/)\n- [BFS health finance transformation on AWS — PCG DACH (Medium)](https://pcg-dach.medium.com/bfs-health-finance-a-journey-of-transformation-into-the-aws-cloud-11c44aa2af8b) — regulated workload migration with ECS and IaC themes\n\n### Healthcare\n\n- [Healthcare industry hub](https://www.factualminds.com/industries/aws-healthcare/)\n- [How Artera enhances prostate cancer diagnostics using AWS](https://aws.amazon.com/blogs/architecture/how-artera-enhances-prostate-cancer-diagnostics-using-aws/) — imaging diagnostics workload architecture\n\n### Retail \u0026 eCommerce\n\n- [AWS for retail — POS, inventory, recommendations, and peak-event scaling](https://www.factualminds.com/blog/aws-for-retail-complete-guide/)\n- [Retail architecture for Black Friday peak traffic](https://www.factualminds.com/blog/aws-retail-architecture-black-friday-peak-traffic/)\n- [Custom AWS development for retail / eCommerce](https://www.factualminds.com/blog/custom-aws-development-retail-ecommerce/)\n- [Retail \u0026 eCommerce industry hub](https://www.factualminds.com/industries/aws-retail-ecommerce/)\n\n### Manufacturing \u0026 Industrial IoT\n\n- [Manufacturing industry hub](https://www.factualminds.com/industries/aws-manufacturing/)\n- [AI on AWS for predictive maintenance — case study (Medium)](https://medium.com/@andreas.braun.2011/ai-on-aws-architecture-interface-and-resilience-a-case-study-on-leveraging-cloud-computing-in-47cdeba62e20) — industrial AI architecture, interfaces, and resilience framing on AWS\n\n### Education / EdTech\n\n- [Education industry hub](https://www.factualminds.com/industries/aws-education/)\n\n### Real Estate / PropTech\n\n- [Real Estate industry hub](https://www.factualminds.com/industries/aws-real-estate/)\n\n---\n\n## Decision Guides — X vs Y\n\nWhen you know what you need but not which AWS service to use:\n\n### Compute\n\n- [EC2 vs Lambda](#amazon-ec2-elastic-compute-cloud)\n- [Lambda vs ECS Fargate](#aws-fargate)\n- [ECS vs EKS](#decision)\n- [Which AWS compute?](#amazon-ec2-elastic-compute-cloud)\n\n### Databases\n\n- [RDS vs Aurora](#amazon-rds-relational-database-service)\n- [Aurora Serverless vs Aurora provisioned](#amazon-aurora)\n- [DynamoDB vs RDS](#amazon-dynamodb)\n- [Which AWS database?](#decision-guides)\n\n### Networking \u0026 CDN\n\n- [CloudFront vs Cloudflare](#amazon-cloudfront)\n- [WAF vs Network Firewall](#aws-waf-web-application-firewall)\n\n### Security \u0026 Identity\n\n- [GuardDuty vs Security Hub](#amazon-guardduty)\n- [IAM Identity Center vs Cognito](#aws-iam-identity-center-formerly-sso)\n\n### Integration\n\n- [Step Functions vs EventBridge](#aws-step-functions)\n- [Bedrock Agents vs Step Functions](#aws-step-functions)\n- [Event-based processing for asynchronous communication (AWS Architecture Blog)](https://aws.amazon.com/blogs/architecture/event-based-processing-for-asynchronous-communication/) — choosing EventBridge vs SNS vs SQS and related characteristics\n\n### CI/CD\n\n- [CodePipeline vs GitHub Actions](#aws-codepipeline-codebuild-codedeploy)\n- [Terraform vs CDK — IaC decision guide](#aws-cdk-cloud-development-kit)\n- [Pulumi vs Terraform](#pulumi-on-aws) — official comparison\n- [Pulumi vs CDK](#pulumi-on-aws) — official comparison\n\n### AI/ML\n\n- [Bedrock vs SageMaker](#amazon-sagemaker)\n- [Amazon Q vs ChatGPT Enterprise](#amazon-q)\n\n### Cloud Platform\n\n- [AWS vs Azure for enterprise](https://www.factualminds.com/compare/aws-vs-azure-for-enterprise/)\n- [AWS vs GCP for startups](https://www.factualminds.com/compare/aws-vs-gcp-for-startups/)\n\n### Consulting Partner Comparisons\n\n- [FactualMinds vs Big 4 AWS](https://www.factualminds.com/compare/factualminds-vs-big4-aws/)\n- [FactualMinds vs Cloudreach](https://www.factualminds.com/compare/factualminds-vs-cloudreach/)\n- [FactualMinds vs Slalom](https://www.factualminds.com/compare/factualminds-vs-slalom/)\n\n---\n\n## Migration Guides — From Other Platforms\n\n- [DigitalOcean → AWS](https://www.factualminds.com/compare/digitalocean-to-aws/)\n- [Heroku Postgres → AWS RDS](#decision-guides)\n- [GCP → AWS migration](https://www.factualminds.com/compare/gcp-to-aws-migration/)\n- [MongoDB Atlas → DocumentDB](#amazon-documentdb)\n- [SendGrid → SES](#ses-migrations-from-competitors)\n- [Mailgun → SES](#ses-migrations-from-competitors)\n- [Postmark → SES](#ses-migrations-from-competitors)\n- [Resend → SES](#ses-migrations-from-competitors)\n- [SparkPost → SES](#ses-migrations-from-competitors)\n- [Elastic Email → SES](#ses-migrations-from-competitors)\n\n---\n\n## AWS Service Lifecycle \u0026 Deprecations\n\n\u003e What state is each service in? AWS publishes explicit lifecycle states — Maintenance, Sunset, Full Shutdown — and the roster changes faster than most curated lists track. This section flags the services that affect new architectural decisions and points at official replacements.\n\n### Lifecycle reference\n\n- [AWS Service Lifecycle](https://docs.aws.amazon.com/general/latest/gr/service-lifecycle.html) — official definitions of Maintenance, Sunset, Full Shutdown\n- [Services in Full Shutdown](https://docs.aws.amazon.com/general/latest/gr/full_shutdown_services.html) — official roster of shut-down services with dates\n- [AWS service changes — May 2025](https://aws.amazon.com/about-aws/whats-new/2025/05/aws-service-changes/) — most recent batch of lifecycle announcements\n- [AWS Product Lifecycle blog post](https://aws.amazon.com/blogs/aws/introducing-the-aws-product-lifecycle-page-and-aws-service-availability-updates/) — context behind the lifecycle page\n\n### Full shutdown — already removed\n\nHighlights from the [official roster](#lifecycle-reference); see that page for the complete list and exact dates.\n\n- [Amazon QLDB](https://aws.amazon.com/qldb/) — ledger database; shut down July 31, 2025 [shutdown]\n- [Amazon Kinesis Data Analytics for SQL](https://aws.amazon.com/kinesis/data-analytics/) — replacement → Managed Service for Apache Flink [shutdown]\n- [Amazon CloudWatch Evidently](https://aws.amazon.com/cloudwatch/) — feature flags and A/B; shut down October 17, 2025 [shutdown]\n- [AWS DataSync Discovery](https://aws.amazon.com/datasync/) — on-prem storage assessment; shut down May 20, 2025 [shutdown]\n- [AWS Private 5G](https://aws.amazon.com/private5g/) — managed cellular networks; shut down May 20, 2025 [shutdown]\n- [AWS BugBust](https://aws.amazon.com/bugbust/) — code-fix gamification; shut down August 13, 2025 [shutdown]\n- [AWS OpsWorks (Stacks, Chef, Puppet)](https://aws.amazon.com/opsworks/) — config management; shut down May 1, 2024 [shutdown]\n- [AWS CodeStar](https://aws.amazon.com/codestar/) — project templates; shut down July 25, 2024 [shutdown]\n- [AWS RoboMaker](https://aws.amazon.com/robomaker/) — robotics simulation; shut down September 10, 2025 [shutdown]\n- [Amazon Lookout for Metrics](https://aws.amazon.com/lookout-for-metrics/) — anomaly detection; shut down October 10, 2025 [shutdown]\n- [Amazon Lookout for Vision](https://aws.amazon.com/lookout-for-vision/) — defect detection; shut down October 31, 2025 [shutdown]\n- [Amazon WorkDocs](https://aws.amazon.com/workdocs/) — file storage and sharing; shut down April 25, 2025 [shutdown]\n\n### End-of-support announced — avoid for new projects\n\nPer the [May 2025 AWS service changes announcement](#lifecycle-reference). AWS has not yet published exact end-of-support dates for most.\n\n- [Amazon Pinpoint](https://aws.amazon.com/pinpoint/) — multi-channel messaging; replacement → SES, SNS, EventBridge [sunset]\n- [AWS IoT Analytics](https://aws.amazon.com/iot-analytics/) — replacement → IoT Core + Kinesis or EventBridge [sunset]\n- [AWS IoT Events](https://aws.amazon.com/iot-events/) — event detection; replacement → EventBridge + Lambda [sunset]\n- [AWS Panorama](https://aws.amazon.com/panorama/) — appliance-based computer vision at the edge [sunset]\n- [AWS SimSpace Weaver](https://aws.amazon.com/simspaceweaver/) — large-scale spatial simulations; ends March 31, 2026 [sunset]\n- [Amazon Inspector Classic](https://docs.aws.amazon.com/inspector/v1/userguide/inspector_introduction.html) — replacement → Amazon Inspector v2 [sunset]\n- [AWS IQ](https://aws.amazon.com/iq/) — freelance AWS experts marketplace [sunset]\n- [AWS DMS Fleet Advisor](https://docs.aws.amazon.com/dms/latest/userguide/fleet-advisor.html) — replacement → AWS DMS [sunset]\n- [Amazon Connect Voice ID](https://docs.aws.amazon.com/connect/latest/adminguide/voice-id.html) — caller authentication; end-of-support announced [sunset]\n\n### Maintenance — closed to new customers\n\nPer AWS lifecycle docs: existing customers retain access; no new features, no onboarding.\n\n- [AWS X-Ray](#aws-x-ray) — distributed tracing; in maintenance per AWS lifecycle docs [maintenance]\n- [Amazon Timestream for LiveAnalytics](#amazon-timestream) — closed to new customers June 20, 2025 [maintenance]\n\n### Status tags used in this guide\n\n- `[shutdown]` — fully removed from AWS; no access\n- `[sunset]` — end-of-support announced; plan migration now\n- `[maintenance]` — no new customers, no major features\n- `[preview]` — preview release; not yet generally available\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md#status-tags) for sourcing rules.\n\n---\n\n## Free Tools \u0026 Calculators\n\nFree, no-signup AWS planning calculators and assessments:\n\n### Cost \u0026 Pricing\n\n- [AWS Cost Savings Calculator](https://www.factualminds.com/tools/aws-cost-savings-calculator/)\n- [AWS Cost Waste Quiz](https://www.factualminds.com/tools/aws-cost-waste-quiz/)\n- [AWS Feature Cost Estimator](https://www.factualminds.com/tools/aws-feature-cost-estimator/)\n- [AWS Free Tier Calculator](https://www.factualminds.com/tools/aws-free-tier-calculator/)\n- [AWS IOPS Cost Calculator](https://www.factualminds.com/tools/aws-iops-cost-calculator/)\n- [AWS Lambda vs Container Cost Calculator](#aws-lambda)\n- [AWS Reserved Instance Calculator](https://www.factualminds.com/tools/aws-reserved-instance-calculator/)\n- [AWS Savings Plans Calculator](https://www.factualminds.com/tools/aws-savings-plans-calculator/)\n- [AWS Scaling Cost Simulator](https://www.factualminds.com/tools/aws-scaling-cost-simulator/)\n- [AWS Tenancy Cost Calculator](https://www.factualminds.com/tools/aws-tenancy-cost-calculator/)\n- [AWS Unit Economics Calculator](https://www.factualminds.com/tools/aws-unit-economics-calculator/)\n- [AWS RDS Max Connection Calculator](#amazon-rds-relational-database-service)\n- [AWS Bedrock Token Cost Calculator](#cost-control-for-ai)\n\n### Migration \u0026 Assessment\n\n- [Cloud Migration Estimator](#migration-strategy)\n- [AWS Well-Architected Assessment](#well-architected-framework)\n- [GenAI Readiness Assessment](https://www.factualminds.com/tools/genai-readiness-assessment/)\n- [HIPAA Compliance Checker](#hipaa)\n\n### Official AWS Tools\n\n- [AWS Pricing Calculator](#foundations)\n- [AWS Total Cost of Ownership (TCO) Calculator](https://aws.amazon.com/tco-calculator/)\n\n---\n\n## AWS Glossary\n\nPlain-language definitions of common AWS terms:\n\n- [Amazon Aurora](#amazon-aurora)\n- [Amazon Bedrock](#amazon-bedrock)\n- [Amazon CloudWatch](#amazon-cloudwatch)\n- [Amazon DynamoDB](#amazon-dynamodb)\n- [Amazon EC2](#amazon-ec2-elastic-compute-cloud)\n- [Amazon EKS](#amazon-eks-elastic-kubernetes-service)\n- [Amazon RDS](#amazon-rds-relational-database-service)\n- [Amazon Redshift](#amazon-redshift)\n- [Amazon S3](#amazon-s3-simple-storage-service)\n- [Amazon VPC](#amazon-vpc-virtual-private-cloud)\n- [AWS CloudTrail](#aws-cloudtrail)\n- [AWS Config Rules](#aws-config)\n- [AWS Control Tower](#aws-control-tower-landing-zone)\n- [AWS IAM](#aws-iam-identity-access-management)\n- [AWS KMS](#aws-kms-key-management-service)\n- [AWS Lambda](#aws-lambda)\n- [AWS Landing Zone](#aws-control-tower-landing-zone)\n- [AWS Organizations + SCPs](#aws-organizations)\n- [AWS Savings Plans](#savings-plans-reserved-instances)\n- [AWS Shared Responsibility Model](#foundations)\n- [AWS Step Functions](#aws-step-functions)\n- [FinOps](#finops)\n- [HIPAA-eligible AWS services](#hipaa)\n- [Multi-tenant architecture](https://www.factualminds.com/glossary/multi-tenant-architecture/)\n- [PCI DSS Cardholder Data Environment](#pci-dss)\n- [RAG pipeline](#amazon-bedrock)\n- [Reserved Instances vs Savings Plans](#savings-plans-reserved-instances)\n- [SOC 2 Type 2](#soc-2)\n- [VPC peering vs Transit Gateway](#amazon-vpc-virtual-private-cloud)\n- [Well-Architected Framework](#well-architected-framework)\n\n---\n\n## AWS Certifications \u0026 Learning Paths\n\n### Official\n\n- [AWS Certifications overview](https://aws.amazon.com/certification/)\n- [AWS Skill Builder](https://skillbuilder.aws/) — official free training\n- [AWS Workshops catalog](https://workshops.aws/)\n\n### Cert Deep Dives\n\n- [AWS Solutions Architect — Associate](https://www.factualminds.com/certifications/aws-solutions-architect-associate/)\n- [AWS Security — Specialty](https://www.factualminds.com/certifications/aws-security-specialty/)\n\n---\n\n## Architecture Patterns\n\nReference patterns for the workloads that show up most often. Each links into the relevant service sections for depth.\n\n### Multi-tenant SaaS\n\n\u003e 🎯 **Building a multi-tenant SaaS?** Start with the [Multi-tenant SaaS playbook](use-cases/multi-tenant-saas.md) �","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalpalani%2Faws-open-guide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpalpalani%2Faws-open-guide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalpalani%2Faws-open-guide/lists"}