https://github.com/palpalani/aws-open-guide
A curated, opinionated guide to Amazon Web Services — services, tools, official docs, deep-dive guides, and battle-tested references
https://github.com/palpalani/aws-open-guide
aws claude-skills cost-optimization deployment-automation devops free-tools-of-development
Last synced: about 1 month ago
JSON representation
A curated, opinionated guide to Amazon Web Services — services, tools, official docs, deep-dive guides, and battle-tested references
- Host: GitHub
- URL: https://github.com/palpalani/aws-open-guide
- Owner: palpalani
- License: other
- Created: 2026-04-30T16:22:42.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2026-04-30T18:04:26.000Z (about 2 months ago)
- Last Synced: 2026-04-30T18:20:50.077Z (about 2 months ago)
- Topics: aws, claude-skills, cost-optimization, deployment-automation, devops, free-tools-of-development
- Homepage:
- Size: 52.7 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# ☁️ AWS Open Guide
### A curated, opinionated map of Amazon Web Services
**Official links, production guides, OSS tools, and X-vs-Y comparisons — grouped the way AWS names services so you land on the right resource, not a random category.**
[](https://creativecommons.org/licenses/by/4.0/)
[](CONTRIBUTING.md)
[](https://github.com/palpalani/aws-open-guide/stargazers)
[](https://github.com/palpalani/aws-open-guide/commits)
[](https://github.com/palpalani/aws-open-guide/issues)
[**🚀 Get Started**](#how-to-use-this-guide) ·
[**🎯 Use-Case Playbooks**](#use-case-playbooks) ·
[**🧭 Browse Services**](#table-of-contents) ·
[**⚖️ Decision Guides**](#decision-guides--x-vs-y) ·
[**💰 Cost & FinOps**](#cost-management--finops) ·
[**🤖 AI & MCP**](#ai-coding-agents-mcp--skills) ·
[**🤝 Contribute**](CONTRIBUTING.md) ·
[**✅ Production readiness**](PRODUCTION_READINESS.md)
---
## Why this guide?
AWS lists **200+ services** in the console. The docs are accurate but spread across hundreds of sites, so you lose time tab-hopping and second-guessing which service fits. This guide is a single index with two layers: browse by **service** when you know the name, or by **workload** when you know the problem.
| | |
|---|---|
| 🗂️ **Same taxonomy as AWS** | Compute, Storage, Databases, Networking — the way the console and docs are organized, not a third-party topic list. |
| 📚 **Three tiers per topic** | Official sources first, then deep production write-ups, then OSS tools you can run today. |
| ⚠️ **Costs and gotchas called out** | Limits, bill surprises, and migration friction you rarely see in a product page. |
| ⚖️ **Comparisons when it matters** | Common "should I use X or Y?" questions point to a decision guide, not guesswork. |
| ⏳ **Lifecycle you can trust** | Maintenance, sunset, and shutdown flags so you do not design on services AWS is winding down. |
| 🤖 **Built for how teams work now** | MCP servers, agent plugins, and skills for AI-assisted AWS work sit alongside the traditional links. |
> [!TIP]
> If a category here is empty or thin, [contributions are warmly welcomed](CONTRIBUTING.md). One link per line, em-dash separator — see [CONTRIBUTING.md](CONTRIBUTING.md) for the full format.
## How to use this guide
Match the row to what you need **today** — each path sends you to a different slice of this repo (building, evaluating, debugging, or learning).
### 🧭 Pick your entry point
| You are... | Start here |
|---|---|
| 🏗️ **Building a workload** (email at scale, multi-tenant SaaS, …) | [Use-Case Playbooks](#use-case-playbooks) — problem, architecture, failure modes, cost, anti-patterns |
| 🌱 **New to AWS** | [Foundations](#foundations) → Architecture Deep Reading → pick a service section |
| 🎯 **Picking a service** | [Decision Guides — X vs Y](#decision-guides--x-vs-y) — every common "should I use X or Y" question |
| 💸 **Hunting a surprise bill** | [Cost Management & FinOps](#cost-management--finops) → Bill Teardowns · [Cost pitfalls playbook](use-cases/cost-pitfalls.md) |
| 🤖 **Building with AI** | [AI/ML services](#artificial-intelligence--machine-learning) for services · [AI Coding Agents, MCP & Skills](#ai-coding-agents-mcp--skills) for AI-assisted dev |
| 📰 **Staying current** | [Community, Social & Continuous Learning](#community-social--continuous-learning) → Minimal curated stack |
| 🛠️ **Migrating from another platform** | [Migration Guides — From Other Platforms](#migration-guides--from-other-platforms) |
### 📐 Convention used in every service section
| Tier | What you'll find | When to read |
|---|---|---|
| **Official** | AWS's own docs, pricing, announcements | Authoritative facts |
| **Production Guides** | Third-party deep-dives | When official docs leave you with "yes but how at scale?" |
| **OSS Tools** / **Tools** | Open-source utilities | Day-to-day workflow upgrades |
| **⚠️ Gotchas** | Limits, bill traps, surprise behaviour | Before you ship to production |
| **Decision Guides** | "X vs Y" comparisons | When picking between similar services |
> [!NOTE]
> **Quick decisions:** if you already know the workload and just need to pick the AWS service, skip to [Decision Guides — X vs Y](#decision-guides--x-vs-y).
## Use-Case Playbooks
> How to build common workloads on AWS in production — problem, architecture, failure modes, cost, anti-patterns. Not a links list; a playbook.
**You have a feature to ship** (email at scale, uploads, async jobs, RAG, and the rest). Open a playbook first when you need a production-shaped answer, not a tour of one service. The service taxonomy below is the **reference layer** ("what exists about S3"). Playbooks are the **building layer** ("how do I run X safely in prod"). Each one follows the same 11-section template — see [`use-cases/_template.md`](use-cases/_template.md).
**Workload playbooks:**
- 🏗️ [Email delivery](use-cases/email-delivery.md) — transactional email at scale on SES with bounce/complaint handling and deliverability tracking
- 🏗️ [Multi-tenant SaaS](use-cases/multi-tenant-saas.md) — silo / pool / bridge isolation with per-tenant cost attribution
- 🏗️ [Async job processing](use-cases/async-jobs.md) — API → queue → worker → result store with idempotency, DLQ, and webhooks
- 🏗️ [Event-driven processing](use-cases/event-driven.md) — EventBridge with schemas, replay, and per-target DLQs
- 🏗️ [File upload and processing](use-cases/file-upload.md) — pre-signed S3 uploads with malware scan and async transform
- 🏗️ [High-scale API backend](use-cases/high-scale-api.md) — CloudFront + WAF + API Gateway + cache with rate limits and graceful degradation
- 🏗️ [Real-time analytics pipeline](use-cases/real-time-analytics.md) — Kinesis hot path + Firehose cold path → S3 + Athena
- 🏗️ [Observability pipeline](use-cases/observability-pipeline.md) — hot CloudWatch + cold S3-Athena with EMF metrics and trace sampling
- 🏗️ [GenAI / RAG application](use-cases/genai-rag.md) — Bedrock + vector store + retrieval + Guardrails with evals
- 🏗️ [CI/CD for AWS workloads](use-cases/ci-cd.md) — GitHub Actions + OIDC + per-environment accounts with canary and rollback
**Cross-cutting frameworks** (referenced by every playbook):
- 🌳 [Decision trees](use-cases/decision-trees.md) — which AWS service for event processing, database, compute, async work, file processing
- 🛡️ [Failure-first patterns](use-cases/failure-first.md) — retries, idempotency, DLQs, regional failover, backpressure, circuit breakers
- 🚫 [Anti-patterns](use-cases/anti-patterns.md) — the mistakes that show up across every workload, with the better pattern
- 💸 [Cost pitfalls](use-cases/cost-pitfalls.md) — line items that surprise teams (NAT Gateway, cross-AZ, CloudWatch Logs, egress)
> [!TIP]
> All playbooks live under [`use-cases/`](use-cases/). To propose a new one, copy [`_template.md`](use-cases/_template.md), fill every section, then follow [Adding a use-case playbook](CONTRIBUTING.md#adding-a-use-case-playbook) before you open a PR (the link checker will run on your URLs).
📑 Table of Contents — click to expand
- [📖 How to use this guide](#how-to-use-this-guide)
### 🎯 Use-Case Playbooks
- [Use-Case Playbooks (overview)](#use-case-playbooks)
- [Email delivery](use-cases/email-delivery.md)
- [Multi-tenant SaaS](use-cases/multi-tenant-saas.md)
- [Async job processing](use-cases/async-jobs.md)
- [Event-driven processing](use-cases/event-driven.md)
- [File upload and processing](use-cases/file-upload.md)
- [High-scale API backend](use-cases/high-scale-api.md)
- [Real-time analytics pipeline](use-cases/real-time-analytics.md)
- [Observability pipeline](use-cases/observability-pipeline.md)
- [GenAI / RAG application](use-cases/genai-rag.md)
- [CI/CD for AWS workloads](use-cases/ci-cd.md)
- [Decision trees](use-cases/decision-trees.md)
- [Failure-first patterns](use-cases/failure-first.md)
- [Anti-patterns](use-cases/anti-patterns.md)
- [Cost pitfalls](use-cases/cost-pitfalls.md)
### 🟧 Core AWS services
- [🏛️ Foundations](#foundations)
- [💻 Compute](#compute)
- [📦 Containers](#containers)
- [⚡ Serverless](#serverless)
- [💾 Storage](#storage)
- [🗄️ Databases](#databases)
- [🌐 Networking & Content Delivery](#networking--content-delivery)
- [🔐 Security & Identity](#security--identity)
- [📋 Compliance](#compliance)
- [📊 Analytics & Big Data](#analytics--big-data)
- [🤖 Artificial Intelligence & Machine Learning](#artificial-intelligence--machine-learning)
- [🛠️ Developer Tools, DevOps & CI/CD](#developer-tools-devops--cicd)
- [🔭 Observability & Monitoring](#observability--monitoring)
- [💰 Cost Management & FinOps](#cost-management--finops)
- [🚚 Migration & Transfer](#migration--transfer)
- [📡 Internet of Things (IoT)](#internet-of-things-iot)
- [🔄 Application Integration](#application-integration)
- [✉️ Email & Communication](#email--communication)
- [🏢 Management & Governance](#management--governance)
### 🟦 Frameworks & guidance
- [🏗️ Well-Architected Framework](#well-architected-framework)
- [🏭 Industry Architectures](#industry-architectures)
- [⚖️ Decision Guides — X vs Y](#decision-guides--x-vs-y)
- [🔁 Migration Guides — From Other Platforms](#migration-guides--from-other-platforms)
- [⏳ AWS Service Lifecycle & Deprecations](#aws-service-lifecycle--deprecations)
- [🧮 Free Tools & Calculators](#free-tools--calculators)
- [📓 AWS Glossary](#aws-glossary)
- [🎓 AWS Certifications & Learning Paths](#aws-certifications--learning-paths)
- [🧩 Architecture Patterns](#architecture-patterns)
### 🟪 Community, AI tooling & resources
- [🧠 AI Coding Agents, MCP & Skills](#ai-coding-agents-mcp--skills)
- [📰 Engineering Blogs & Case Studies](#engineering-blogs--case-studies)
- [🌐 Community, Social & Continuous Learning](#community-social--continuous-learning)
- [🔌 Third-Party Integrations](#third-party-integrations)
- [📚 Books, Courses & Newsletters](#books-courses--newsletters)
- [🎤 Conferences & Events](#conferences--events)
- [🔖 Other Awesome AWS Lists](#other-awesome-aws-lists)
- [🤝 Contributing](#contributing)
- [✅ Production readiness plan](PRODUCTION_READINESS.md)
- [📄 License](#license)
---
## Foundations
Start here if you're new to AWS or evaluating whether to build on it.
**Official:**
- [AWS Documentation Home](https://docs.aws.amazon.com/)
- [AWS Architecture Center](https://aws.amazon.com/architecture/)
- [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/)
- [AWS Service Health Dashboard](https://health.aws.amazon.com/health/status)
- [AWS Pricing Calculator](https://calculator.aws/)
- [AWS Free Tier](https://aws.amazon.com/free/)
**Foundational Guides:**
- [AWS Cloud Adoption Framework (CAF)](https://aws.amazon.com/cloud-adoption-framework/) — official six-perspective enterprise migration framework
- [AWS Well-Architected Framework — 6 pillars explained](https://www.factualminds.com/blog/aws-well-architected-framework-6-pillars-explained/)
- [AWS Shared Responsibility Model](https://www.factualminds.com/glossary/aws-shared-responsibility-model/) — what AWS secures vs what you secure
- [Microservices vs monolith on AWS — architecture decision guide](https://www.factualminds.com/blog/microservices-vs-monolith-on-aws-architecture-decision-guide/)
- [Top 20 modern AWS AI services — overview](https://www.factualminds.com/blog/top-20-aws-ai-modern-services-2026/)
**Architecture Deep Reading (essential AWS canon):**
- [AWS Architecture Blog](https://aws.amazon.com/blogs/architecture/) — reference architectures and AWS engineering posts
- [AWS Builders Library](https://aws.amazon.com/builders-library/) — operations + resilience essays from AWS principal engineers
- [Static Stability Using Availability Zones](https://aws.amazon.com/builders-library/static-stability-using-availability-zones/) — Builders Library essay on designing for failure
- [Workload isolation using shuffle-sharding (Builders Library)](https://aws.amazon.com/builders-library/workload-isolation-using-shuffle-sharding/) — fault isolation beyond naive sharding
- [Automating safe hands-off deployments (Builders Library)](https://aws.amazon.com/builders-library/automating-safe-hands-off-deployments/) — cells, waves, and limiting deployment blast radius
- [Avoiding fallback in distributed systems (Builders Library)](https://aws.amazon.com/builders-library/avoiding-fallback-in-distributed-systems/) — why distributed fallback often widens outages
- [Making retries safe with idempotent APIs (Builders Library)](https://aws.amazon.com/builders-library/making-retries-safe-with-idempotent-apis/) — idempotency for safe retries under UNKNOWN outcomes
- [Using load shedding to avoid overload (Builders Library)](https://aws.amazon.com/builders-library/using-load-shedding-to-avoid-overload/) — overload feedback loops and shedding layers
- [Leader election in distributed systems (Builders Library)](https://aws.amazon.com/builders-library/leader-election-in-distributed-systems/) — leases, partitions, and consistency trade-offs
- [Using dependency isolation / circuit breakers (Builders Library)](https://aws.amazon.com/builders-library/dependency-isolation/) — bulkheads and concurrency overload containment
- [Implementing health checks (Builders Library)](https://aws.amazon.com/builders-library/implementing-health-checks/) — health checks and correlated fleet automation risks
- [Instrumenting distributed systems for operational visibility (Builders Library)](https://aws.amazon.com/builders-library/instrumenting-distributed-systems-for-operational-visibility/) — structured logs, metrics, trace propagation
- [Challenges with distributed systems (Builders Library)](https://aws.amazon.com/builders-library/challenges-with-distributed-systems/) — independent failures, nondeterminism, and testing permutations
- [Multi-Tier Architectures on AWS (whitepaper)](https://docs.aws.amazon.com/whitepapers/latest/overview-deployment-options/multi-tier-architectures.html)
- [AWS Multi-Region Fundamentals (whitepaper)](https://docs.aws.amazon.com/whitepapers/latest/aws-multi-region-fundamentals/aws-multi-region-fundamentals.html) — active-active patterns
---
## Compute
Virtual servers, containers' substrate, and specialized chips.
### Amazon EC2 — Elastic Compute Cloud
> Virtual servers in the cloud. The original AWS service and still the workhorse.
**Official:**
- [EC2 Documentation](https://docs.aws.amazon.com/ec2/)
- [EC2 Instance Types](https://aws.amazon.com/ec2/instance-types/)
- [EC2 Pricing](https://aws.amazon.com/ec2/pricing/)
- [Spot Instance Advisor](https://aws.amazon.com/ec2/spot/instance-advisor/)
- [AWS Compute Blog](https://aws.amazon.com/blogs/compute/) — EC2, Lambda, Batch, and Step Functions posts
**Production Guides:**
- [EC2 high-performance API optimization](https://www.factualminds.com/blog/ec2-high-performance-api-optimization/)
- [EC2 Spot Instance intelligent selection for cost optimization](https://www.factualminds.com/blog/ec2-spot-instance-intelligent-selection-cost-optimization/)
- [Hybrid compute — EC2 + serverless cost efficiency](https://www.factualminds.com/blog/hybrid-compute-ec2-serverless-cost-efficiency/)
- [Auto-scaling strategies for EC2, ECS, Lambda](https://www.factualminds.com/blog/aws-auto-scaling-strategies-ec2-ecs-lambda/)
- [Amazon EC2 — glossary entry](https://www.factualminds.com/glossary/amazon-ec2/)
**Decision Guides:**
- [Which AWS compute should I use?](https://www.factualminds.com/decide/which-aws-compute/)
- [EC2 vs Lambda — when to use which](https://www.factualminds.com/compare/aws-ec2-vs-lambda/)
**OSS Tools:**
- [99designs/aws-vault](https://github.com/99designs/aws-vault) — secure storage of AWS credentials on developer laptops
- [AutoSpotting/AutoSpotting](https://github.com/AutoSpotting/AutoSpotting) — automatically replace on-demand EC2 in ASGs with spot instances
### AWS Graviton — Arm-based processors
> Custom Arm chips with 40% better price/performance than x86 on most workloads.
- [Graviton overview](https://aws.amazon.com/ec2/graviton/)
- [Graviton cost optimization guide](https://www.factualminds.com/blog/aws-graviton-cost-optimization-guide/) — m5.large → t4g.medium real savings
### AWS Trainium & Inferentia — ML accelerators
> Purpose-built chips for training (Trainium) and inference (Inferentia).
- [Trainium](https://aws.amazon.com/ai/machine-learning/trainium/) · [Inferentia](https://aws.amazon.com/ai/machine-learning/inferentia/)
- [Trainium2 + Inferentia2 deep dive](https://www.factualminds.com/blog/aws-trainium2-inferentia2-ai-chips/)
### AWS Batch
- [Batch documentation](https://docs.aws.amazon.com/batch/)
### AWS Lightsail
> Simple VPS pricing for predictable workloads.
- [Lightsail](https://aws.amazon.com/lightsail/)
### AWS App Runner
> Fully managed container service for web apps and APIs.
- [App Runner](https://aws.amazon.com/apprunner/)
### Amazon Elastic VMware Service (EVS)
- [EVS deep dive](https://www.factualminds.com/blog/amazon-elastic-vmware-service-evs/) — VMware workloads on AWS
### AWS Outposts
> AWS-managed hardware in your own data centre. Use for low-latency, data-residency, or hybrid workloads that must stay on-prem.
- [Outposts](https://aws.amazon.com/outposts/)
- [Outposts FAQs](https://aws.amazon.com/outposts/faqs/)
### AWS ParallelCluster
> Open-source HPC cluster orchestrator on EC2 — Slurm scheduling, EFA networking, FSx for Lustre.
- [ParallelCluster](https://aws.amazon.com/hpc/parallelcluster/)
- [aws/aws-parallelcluster](https://github.com/aws/aws-parallelcluster) — official OSS repo
---
## Containers
Container orchestration and registry.
### Amazon ECS — Elastic Container Service
> AWS-native container orchestration. Lower operational overhead than EKS for most teams.
**Official:**
- [ECS Documentation](https://docs.aws.amazon.com/ecs/)
- [ECS Pricing](https://aws.amazon.com/ecs/pricing/)
- [AWS Containers Blog](https://aws.amazon.com/blogs/containers/) — ECS, EKS, Fargate, and ECR architecture posts
**Production Guides:**
- [Production Laravel/Django/Node on ECS](https://www.factualminds.com/blog/production-laravel-django-node-on-ecs-2026/)
- [How to migrate a monolith to ECS Fargate with zero downtime](https://www.factualminds.com/blog/how-to-migrate-monolith-ecs-fargate-zero-downtime/)
- [Blue-green deployments with ECS + CodeDeploy](https://www.factualminds.com/blog/how-to-implement-blue-green-deployments-ecs-codedeploy/)
- [Modernizing monolithic APIs with Amazon ECS — case study](https://www.factualminds.com/case-study/microservices-on-amazon-ecs/)
### Amazon EKS — Elastic Kubernetes Service
> Managed Kubernetes. Use when you need K8s portability or have existing K8s expertise.
> 🎯 **Building multi-tenant SaaS on EKS?** See the [Multi-tenant SaaS playbook](use-cases/multi-tenant-saas.md) — silo / pool / bridge isolation models with per-tenant cost attribution and noisy-neighbour controls.
**Official:**
- [EKS Documentation](https://docs.aws.amazon.com/eks/)
- [EKS Best Practices Guides](https://aws.github.io/aws-eks-best-practices/)
**Production Guides:**
- [Deploy EKS with Karpenter for cost-optimized autoscaling](https://www.factualminds.com/blog/how-to-deploy-eks-karpenter-cost-optimized-autoscaling/)
- [Karpenter vs Cluster Autoscaler — EKS cost optimization](https://www.factualminds.com/blog/karpenter-vs-cluster-autoscaler-eks-cost-optimization/)
- [Host n8n on AWS EKS — production guide](https://www.factualminds.com/blog/how-to-host-n8n-on-aws-eks-production-guide/)
- [Amazon EKS — glossary entry](https://www.factualminds.com/glossary/amazon-eks/)
**Tools:**
- [Karpenter](https://karpenter.sh/) — node autoscaling for EKS
- [eksctl](https://eksctl.io/) — official CLI for EKS
- [terraform-aws-modules/terraform-aws-eks](https://github.com/terraform-aws-modules/terraform-aws-eks) — community Terraform module for EKS clusters and node groups
- [aws-ia/terraform-aws-eks-blueprints](https://github.com/aws-ia/terraform-aws-eks-blueprints) — Terraform patterns and add-ons for production-style EKS stacks
**Kubernetes cost & ops (vendor blogs):**
- [Cast AI Blog](https://cast.ai/blog) — Kubernetes cost optimization and autoscaler guidance for cloud workloads
### AWS Fargate
> Serverless compute for containers. Pay per task, not per VM.
- [Fargate](https://aws.amazon.com/fargate/)
- [Lambda vs ECS Fargate — when to use which](https://www.factualminds.com/compare/aws-lambda-vs-ecs-fargate/)
### Amazon ECR — Elastic Container Registry
> Private Docker/OCI registry, integrated with IAM and image scanning.
- [ECR Documentation](https://docs.aws.amazon.com/ecr/)
### Finch — open-source container client
> AWS-built local Docker alternative — `nerdctl` + `containerd` + `Lima` packaged for macOS/Linux/Windows. Drop-in replacement for `docker build/run/push`.
- [Finch](https://runfinch.com/)
- [runfinch/finch](https://github.com/runfinch/finch) — open-source repo
### Decision
- [ECS vs EKS — container orchestration decision guide](https://www.factualminds.com/blog/aws-ecs-vs-eks-container-orchestration-decision-guide/) · [Compare](https://www.factualminds.com/compare/aws-ecs-vs-eks/)
- [Kubernetes on AWS EKS — integration guide](https://www.factualminds.com/integrations/kubernetes-aws-eks/)
---
## Serverless
Run code without managing servers.
### AWS Lambda
> Event-driven function-as-a-service. The default for sporadic, async, glue-code workloads.
> 🎯 **Building with Lambda in production?** See [Async job processing](use-cases/async-jobs.md) (queue + worker), [High-scale API backend](use-cases/high-scale-api.md) (caching + rate limits), and [Event-driven processing](use-cases/event-driven.md) (EventBridge + DLQs).
**Official:**
- [Lambda Documentation](https://docs.aws.amazon.com/lambda/)
- [Lambda Pricing](https://aws.amazon.com/lambda/pricing/)
- [Lambda Powertools (Python/TypeScript/Java)](https://docs.powertools.aws.dev/)
- [Lambda invocation, scaling and concurrency (official docs)](https://docs.aws.amazon.com/lambda/latest/dg/invocation-scaling.html)
- [AWS Lambda blog category (Compute Blog)](https://aws.amazon.com/blogs/compute/category/aws-lambda/) — patterns, deep dives, releases
**Production Guides:**
- [Lambda cost optimization — pay-per-request vs provisioned](https://www.factualminds.com/blog/aws-lambda-cost-optimization-pay-per-request-vs-provisioned/)
- [AWS Lambda — glossary entry](https://www.factualminds.com/glossary/aws-lambda/)
- [Going Serverless at Scale — Adrian Cockcroft (re:Invent talk)](https://www.youtube.com/watch?v=EBSdyoO3goc)
**Comparisons:**
- [Lambda vs container cost calculator](https://www.factualminds.com/tools/aws-lambda-vs-container-cost-calculator/)
### AWS Step Functions
> Visual workflow orchestrator for distributed apps.
**Official:**
- [Step Functions Documentation](https://docs.aws.amazon.com/step-functions/)
- [AWS Step Functions blog category (Compute Blog)](https://aws.amazon.com/blogs/compute/category/aws-step-functions/) — workflow patterns and launches
**Production Guides:**
- [Step Functions workflow orchestration patterns](https://www.factualminds.com/blog/aws-step-functions-workflow-orchestration-patterns/)
- [AWS Step Functions — glossary entry](https://www.factualminds.com/glossary/aws-step-functions/)
**Comparisons:**
- [Step Functions vs EventBridge](https://www.factualminds.com/compare/aws-step-functions-vs-eventbridge/)
- [Bedrock Agents vs Step Functions](https://www.factualminds.com/compare/aws-bedrock-agents-vs-step-functions/)
### Amazon EventBridge
> Serverless event bus for SaaS, AWS services, and custom events.
- [EventBridge Documentation](https://docs.aws.amazon.com/eventbridge/)
- [EventBridge event-driven architecture patterns](https://www.factualminds.com/blog/aws-eventbridge-event-driven-architecture-patterns/)
- [AWS Event-Driven Architecture (overview)](https://aws.amazon.com/event-driven-architecture/) — official intro, services, patterns, and reference architectures
### AWS SAM & Serverless Framework
- [AWS SAM (Serverless Application Model)](https://aws.amazon.com/serverless/sam/)
- [Serverless Framework](https://www.serverless.com/)
### OSS Lambda Frameworks (community)
- [aws/chalice](https://github.com/aws/chalice) — Python serverless microframework (official AWS, Flask-style)
- [zappa/Zappa](https://github.com/zappa/Zappa) — serverless WSGI Python on Lambda + API Gateway (Django, Flask)
- [claudiajs/claudia](https://github.com/claudiajs/claudia) — deploy Node.js projects to Lambda + API Gateway with one command
- [jeremydaly/lambda-api](https://github.com/jeremydaly/lambda-api) — lightweight web framework for serverless Node.js
- [awslabs/aws-lambda-web-adapter](https://github.com/awslabs/aws-lambda-web-adapter) — run any HTTP web app (Express, Flask, FastAPI, Next.js) on Lambda unmodified
- [getmoto/moto](https://github.com/getmoto/moto) — mock AWS services for unit/integration tests (also useful beyond Lambda)
### Local Lambda Dev
- [AWS SAM CLI — `sam local`](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local.html) — invoke Lambda + API Gateway locally
- [aws/aws-lambda-runtime-interface-emulator](https://github.com/aws/aws-lambda-runtime-interface-emulator) — `aws-lambda-rie` — run Lambda container images locally with `docker run`
**Other Serverless Patterns:**
- [Scaling EdTech platforms on AWS serverless architecture](https://www.factualminds.com/blog/scaling-edtech-platforms-on-aws-serverless-architecture/)
---
## Storage
### Amazon S3 — Simple Storage Service
> Object storage. 11 9's durability. The default landing pad for files in AWS.
> 🎯 **Handling user file uploads?** See the [File upload and processing playbook](use-cases/file-upload.md) — pre-signed URLs, malware scan, MIME sniffing, async transform pipeline, lifecycle policies.
**Official:**
- [S3 Documentation](https://docs.aws.amazon.com/s3/)
- [S3 Pricing](https://aws.amazon.com/s3/pricing/)
- [S3 Storage Classes](https://aws.amazon.com/s3/storage-classes/)
**Production Guides:**
- [S3 security — bucket policies, Block Public Access, default encryption, and IAM conditions](https://www.factualminds.com/blog/aws-s3-security-best-practices-preventing-data-exposure/)
- [S3 storage costs aren't actually cheap](https://www.factualminds.com/blog/aws-s3-storage-costs-not-cheap/) — real teardown
- [Building a data lake on S3 + Glue + Athena](https://www.factualminds.com/blog/building-a-data-lake-on-aws-s3-glue-athena-architecture/)
- [Amazon S3 — glossary entry](https://www.factualminds.com/glossary/amazon-s3/)
**Tools:**
- [s3cmd](https://github.com/s3tools/s3cmd) — full-featured CLI
- [Mountpoint for Amazon S3](https://github.com/awslabs/mountpoint-s3) — official FUSE mount
- [s5cmd](https://github.com/peak/s5cmd) — fastest S3 CLI
- [s3fs-fuse](https://github.com/s3fs-fuse/s3fs-fuse) — community FUSE-based S3 mount (Linux + macOS)
- [goofys](https://github.com/kahing/goofys) — S3 file system in Go, optimized for read throughput
- [MinIO](https://github.com/minio/minio) — self-hosted S3-compatible object storage (good for hybrid + dev/test)
- [MinIO `mc` client](https://github.com/minio/mc) — S3-compatible CLI (works with S3 + MinIO)
- [rclone](https://github.com/rclone/rclone) — rsync for S3 + 70+ other cloud storage backends
> [!WARNING]
> **Gotchas:**
> - Bucket names are globally unique across all AWS accounts.
> - Default encryption (SSE-S3) is now ON for all new buckets — was opt-in pre-2023.
> - Cross-region replication does NOT replicate delete markers by default.
### Amazon S3 Vectors
> Native vector storage in S3 — purpose-built for RAG and AI workloads.
- [S3 Vectors deep dive](https://www.factualminds.com/blog/amazon-s3-vectors-native-vector-storage/)
### Amazon EBS — Elastic Block Store
- [EBS Documentation](https://docs.aws.amazon.com/ebs/)
- [EBS encryption + snapshot hygiene + KMS lifecycle](https://www.factualminds.com/blog/aws-ebs-encryption-snapshot-hygiene-kms-lifecycle/)
### Amazon EFS — Elastic File System
- [EFS Documentation](https://docs.aws.amazon.com/efs/)
### Amazon FSx
- [FSx](https://aws.amazon.com/fsx/) — managed Windows, Lustre, NetApp ONTAP, OpenZFS
### AWS Backup
> Centralized backup service across AWS resources.
- [AWS Backup](https://aws.amazon.com/backup/)
- [AWS backup strategies — automated data protection](https://www.factualminds.com/blog/aws-backup-strategies-automated-data-protection/)
### AWS Storage Gateway
- [Storage Gateway](https://aws.amazon.com/storagegateway/)
---
## Databases
> Pick by consistency model (ACID vs eventual), scale shape (single-region vs petabyte), and query pattern (relational, key-value, document, graph, time-series). When in doubt, [Decision Guides — X vs Y](#decision-guides--x-vs-y) maps the common choices.
### Amazon RDS — Relational Database Service
> Managed Postgres, MySQL, MariaDB, Oracle, SQL Server.
**Official:**
- [RDS Documentation](https://docs.aws.amazon.com/rds/)
- [RDS Pricing](https://aws.amazon.com/rds/pricing/)
- [AWS Database Blog](https://aws.amazon.com/blogs/database/) — RDS, Aurora, DynamoDB, and purpose-built DB posts
**Production Guides:**
- [RDS performance — connection pooling, parameter groups, slow-query logs, and read-replica routing](https://www.factualminds.com/blog/aws-rds-database-performance-best-practices/)
- [RDS vs Aurora — when to use which database](https://www.factualminds.com/blog/aws-rds-vs-aurora-when-to-use-which-database/) · [Compare](https://www.factualminds.com/compare/aws-rds-vs-aurora/)
- [RDS max connection calculator](https://www.factualminds.com/tools/aws-rds-max-connection-calculator/)
- [High-scale Postgres on AWS — cost optimization](https://www.factualminds.com/blog/high-scale-postgres-aws-cost-optimization/)
- [Amazon RDS — glossary entry](https://www.factualminds.com/glossary/amazon-rds/)
- [Citus Data Blog](https://www.citusdata.com/blog) — Postgres horizontal scaling patterns relevant to RDS PostgreSQL fleets
### Amazon Aurora
> AWS-built relational DB. Postgres/MySQL-compatible, 5x performance of stock MySQL.
- [Aurora Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html)
- [Aurora Limitless Database](https://www.factualminds.com/blog/amazon-aurora-limitless-database/) — horizontal scaling
- [Aurora Serverless v2 vs Aurora provisioned](https://www.factualminds.com/compare/aws-aurora-serverless-vs-aurora-provisioned/)
- [Amazon Aurora — glossary entry](https://www.factualminds.com/glossary/amazon-aurora/)
### Amazon DynamoDB
> Single-digit millisecond NoSQL key-value + document store.
- [DynamoDB Documentation](https://docs.aws.amazon.com/dynamodb/)
- [DynamoDB best practices (official)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/best-practices.html) — partition keys, indexes, scaling
- [DynamoDB single-table design — Alex DeBrie](https://www.alexdebrie.com/posts/dynamodb-single-table/) — canonical reading
- [Advanced design patterns for DynamoDB — Rick Houlihan (re:Invent talk)](https://www.youtube.com/watch?v=HaEPXoXVf2k)
- [DynamoDB single-table design patterns for SaaS](https://www.factualminds.com/blog/dynamodb-single-table-design-patterns-for-saas/)
- [Amazon DynamoDB — glossary entry](https://www.factualminds.com/glossary/amazon-dynamodb/)
- [DynamoDB vs RDS](https://www.factualminds.com/compare/dynamodb-vs-rds/)
**OSS Tools:**
- [sensedeep/dynamodb-onetable](https://github.com/sensedeep/dynamodb-onetable) — Node.js library for single-table designs
- [jeremydaly/dynamodb-toolbox](https://github.com/jeremydaly/dynamodb-toolbox) — Jeremy Daly's TypeScript library for single-table modeling
### Amazon Redshift
> Petabyte-scale data warehouse.
- [Redshift Documentation](https://docs.aws.amazon.com/redshift/)
- [Redshift Serverless vs Provisioned — when to use each](https://www.factualminds.com/blog/amazon-redshift-serverless-vs-provisioned-when-to-use-each/)
- [Amazon Redshift — glossary entry](https://www.factualminds.com/glossary/amazon-redshift/)
### Amazon ElastiCache
> Managed Redis & Memcached.
- [ElastiCache Documentation](https://docs.aws.amazon.com/elasticache/)
- [ElastiCache Redis caching strategies for production](https://www.factualminds.com/blog/aws-elasticache-redis-caching-strategies-for-production/)
- [Redis-Valkey cost-saving layer on AWS](https://www.factualminds.com/blog/redis-valkey-cost-saving-layer-aws/)
### Amazon MemoryDB for Redis
- [MemoryDB](https://aws.amazon.com/memorydb/)
- [MemoryDB vector search](https://www.factualminds.com/blog/amazon-memorydb-vector-search/)
### Amazon DocumentDB
- [DocumentDB](https://aws.amazon.com/documentdb/) — MongoDB-compatible
- [Migrate from MongoDB Atlas to DocumentDB](https://www.factualminds.com/compare/mongodb-atlas-to-documentdb/)
- [MongoDB scalable, cost-efficient on AWS](https://www.factualminds.com/blog/mongodb-scalable-cost-efficient-aws/)
### Amazon Neptune
- [Neptune](https://aws.amazon.com/neptune/) — graph database
- [Neptune Analytics — graph + vector](https://www.factualminds.com/blog/amazon-neptune-analytics-graph-vector/)
### Amazon Timestream
- [Timestream](https://aws.amazon.com/timestream/) — time-series; LiveAnalytics closed to new customers June 20, 2025
### Decision Guides
- [Which AWS database should I use?](https://www.factualminds.com/decide/which-aws-database/)
- [Heroku Postgres → AWS RDS](https://www.factualminds.com/compare/heroku-postgres-to-aws-rds/)
---
## Networking & Content Delivery
> Design for blast radius (multi-AZ), latency (regional vs edge), and the bill (NAT Gateway egress and cross-AZ traffic are the usual surprises).
### Amazon VPC — Virtual Private Cloud
**Official:**
- [VPC Documentation](https://docs.aws.amazon.com/vpc/)
- [Networking & Content Delivery Blog](https://aws.amazon.com/blogs/networking-and-content-delivery/) — VPC, CDN, and hybrid connectivity posts
**Production Guides:**
- [VPC for production — subnet topology, NAT vs VPC endpoints, flow logs, and Transit Gateway](https://www.factualminds.com/blog/aws-vpc-networking-best-practices-for-production/)
- [VPC peering vs Transit Gateway](https://www.factualminds.com/glossary/vpc-peering-vs-transit-gateway/)
- [Amazon VPC — glossary entry](https://www.factualminds.com/glossary/amazon-vpc/)
### NAT Gateway
- [NAT Gateway billing — idle cost alternatives](https://www.factualminds.com/blog/aws-nat-gateway-billing-idle-cost-alternatives/) — bill teardown
- [Bill teardown — healthcare's NAT Gateway problem](https://www.factualminds.com/blog/aws-bill-teardown-2-healthcare-nat-gateway-problem/)
### Amazon Route 53
- [Route 53](https://aws.amazon.com/route53/) — DNS + traffic management
- [Route 53 DNS traffic management patterns](https://www.factualminds.com/blog/aws-route-53-dns-traffic-management-patterns/)
### Amazon CloudFront
> Global CDN with 600+ edge locations.
**Official:**
- [CloudFront Documentation](https://docs.aws.amazon.com/cloudfront/)
**Production Guides:**
- [CloudFront vs Cloudflare — which CDN for your enterprise](https://www.factualminds.com/blog/aws-cloudfront-vs-cloudflare-which-cdn-for-your-enterprise/) · [Compare](https://www.factualminds.com/compare/aws-cloudfront-vs-cloudflare/)
- [Image optimization + CloudFront — case study](https://www.factualminds.com/case-study/image-optimization-cloudfront/)
- [Automated image pipeline + CloudFront — 30% cost reduction](https://www.factualminds.com/case-study/cloudfront/)
- [AWS CloudFront Consulting](https://www.factualminds.com/services/aws-cloudfront-consultant/)
### Amazon API Gateway
> 🎯 **Building a high-traffic API?** See the [High-scale API backend playbook](use-cases/high-scale-api.md) — CloudFront + WAF + API Gateway with caching, rate limits, and graceful degradation under load.
- [API Gateway Documentation](https://docs.aws.amazon.com/apigateway/)
- [API Gateway patterns — REST, HTTP, WebSocket](https://www.factualminds.com/blog/aws-api-gateway-patterns-rest-http-websocket/)
### AWS Verified Access
- [Verified Access — ZTNA zero-trust network](https://www.factualminds.com/blog/aws-verified-access-ztna-zero-trust-network/)
### AWS Direct Connect / Transit Gateway / Global Accelerator
- [Direct Connect](https://aws.amazon.com/directconnect/) · [Transit Gateway](https://aws.amazon.com/transit-gateway/) · [Global Accelerator](https://aws.amazon.com/global-accelerator/)
---
## Security & Identity
> Layer it: identity (IAM, Cognito), boundaries (SCPs, permission boundaries), encryption (KMS), detection (GuardDuty, Security Hub), and audit trails (CloudTrail, Config).
### AWS IAM — Identity & Access Management
**Official:**
- [IAM Documentation](https://docs.aws.amazon.com/iam/)
- [AWS Security Blog](https://aws.amazon.com/blogs/security/) — IAM, encryption, and detective controls posts
**Production Guides:**
- [IAM least privilege — permission boundaries, SCPs, IAM Access Analyzer, and policy conditions](https://www.factualminds.com/blog/aws-iam-best-practices-least-privilege-access-control/)
- [AWS IAM — glossary entry](https://www.factualminds.com/glossary/aws-iam/)
### AWS IAM Identity Center (formerly SSO)
- [IAM Identity Center workforce SSO + identity propagation](https://www.factualminds.com/blog/aws-iam-identity-center-workforce-sso-identity-propagation/)
- [IAM Identity Center vs Cognito](https://www.factualminds.com/compare/aws-iam-identity-center-vs-cognito/)
### Amazon Cognito
- [Cognito](https://aws.amazon.com/cognito/) — user identity for apps
- [Cognito authentication for SaaS applications](https://www.factualminds.com/blog/aws-cognito-authentication-for-saas-applications/)
### AWS KMS — Key Management Service
- [KMS Documentation](https://docs.aws.amazon.com/kms/)
- [KMS post-quantum cryptography — ML-KEM, ML-DSA](https://www.factualminds.com/blog/aws-kms-post-quantum-cryptography-ml-kem-ml-dsa/)
- [AWS KMS — glossary entry](https://www.factualminds.com/glossary/aws-kms/)
### Amazon GuardDuty
> Managed threat detection across AWS accounts.
- [GuardDuty](https://aws.amazon.com/guardduty/)
- [GuardDuty threat detection production guide](https://www.factualminds.com/blog/aws-guardduty-threat-detection-production-guide/)
- [GuardDuty vs Security Hub](https://www.factualminds.com/compare/aws-guardduty-vs-security-hub/)
### AWS Security Hub
- [Security Hub](https://aws.amazon.com/security-hub/)
- [Security Hub compliance monitoring setup](https://www.factualminds.com/blog/how-to-set-up-aws-security-hub-compliance-monitoring/)
### AWS WAF — Web Application Firewall
- [WAF Documentation](https://docs.aws.amazon.com/waf/)
- [WAF web application firewall production guide](https://www.factualminds.com/blog/aws-waf-web-application-firewall-production-guide/)
- [WAF API protection beyond basics](https://www.factualminds.com/blog/how-to-configure-aws-waf-api-protection-beyond-basics/)
- [WAF vs Network Firewall](https://www.factualminds.com/compare/aws-waf-vs-network-firewall/)
- [WAF case study — 99% threat blocking for eLearning](https://www.factualminds.com/case-study/aws-waf-security/)
- [WAF case study — DDoS mitigation for BI](https://www.factualminds.com/case-study/aws-waf-ddos-protection-analytics/)
- [WAF case study — PCI compliance for eCommerce](https://www.factualminds.com/case-study/aws-waf-pci-compliance/)
### Amazon Inspector
- [Inspector v2 — container + Lambda scanning](https://www.factualminds.com/blog/amazon-inspector-v2-container-lambda/)
### Amazon Macie & Detective
- [Macie + Detective — data security investigation](https://www.factualminds.com/blog/aws-macie-detective-data-security-investigation/)
### AWS Network Firewall & Firewall Manager
- [Network Firewall + Firewall Manager — multi-account](https://www.factualminds.com/blog/aws-network-firewall-firewall-manager-multi-account/)
### AWS Secrets Manager / Parameter Store
- [Secrets Manager](https://aws.amazon.com/secrets-manager/) · [Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html)
- [Secrets Manager vs Parameter Store — when to use which](https://www.factualminds.com/blog/aws-secrets-manager-vs-parameter-store-when-to-use-which/)
### AWS CloudTrail
- [CloudTrail Documentation](https://docs.aws.amazon.com/cloudtrail/)
- [CloudTrail production setup — multi-region + validation + Lake](https://www.factualminds.com/blog/aws-cloudtrail-production-setup-multi-region-validation-lake/)
- [AWS CloudTrail — glossary entry](https://www.factualminds.com/glossary/aws-cloudtrail/)
### Amazon Verified Permissions (Cedar)
- [Verified Permissions + Cedar policy language](https://www.factualminds.com/blog/amazon-verified-permissions-cedar/)
### Amazon Security Lake
- [Security Lake — OCSF schema](https://www.factualminds.com/blog/amazon-security-lake-ocsf/)
### AWS Shared Responsibility Model
- [Shared Responsibility Model — glossary entry](#foundations)
### Holistic Security Guides
- [Cloud security baseline — 10 controls covering IAM, encryption, logging, and incident response](https://www.factualminds.com/blog/10-aws-cloud-security-best-practices-implementation-guide/)
- [Securing AWS workloads beyond the basics](https://www.factualminds.com/blog/securing-aws-workloads-beyond-the-basics/)
- [From reactive to proactive — automating AWS security remediation](https://www.factualminds.com/blog/from-reactive-to-proactive-automating-aws-security-remediation/)
- [AWS resource hardening quick wins (DMS, OpenSearch, SageMaker, Lambda)](https://www.factualminds.com/blog/aws-resource-hardening-quick-wins-dms-opensearch-sagemaker-lambda/)
- [AWS vulnerability management program — CVSS + KEV prioritization](https://www.factualminds.com/blog/aws-vulnerability-management-program-cvss-kev-prioritization/)
- [Protect AWS infrastructure from cost-based attacks](https://www.factualminds.com/blog/protect-aws-infrastructure-cost-based-attacks/)
- [Security & Compliance hub](https://www.factualminds.com/security-compliance/)
### Data Perimeter
- [Data perimeters on AWS](https://aws.amazon.com/identity/data-perimeters-on-aws/) — official identity, network, and resource perimeter model
- [Building a data perimeter on AWS — whitepaper](https://docs.aws.amazon.com/whitepapers/latest/building-a-data-perimeter-on-aws/building-a-data-perimeter-on-aws.html) — full implementation guidance
- [aws-samples/data-perimeter-policy-examples](https://github.com/aws-samples/data-perimeter-policy-examples) — official SCP and resource policy templates
**OSS Security Tools:**
- [Prowler](https://github.com/prowler-cloud/prowler) — AWS security audit + CIS benchmarks
- [ScoutSuite](https://github.com/nccgroup/ScoutSuite) — multi-cloud security auditing
- [CloudSploit](https://github.com/aquasecurity/cloudsploit) — AWS account misconfig scanner
- [Pacu](https://github.com/RhinoSecurityLabs/pacu) — AWS exploitation framework (offensive)
- [aws-nuke](https://github.com/rebuy-de/aws-nuke) — wipe an AWS account clean
- [Checkov](https://github.com/bridgecrewio/checkov) — static analysis for Terraform, CloudFormation, CDK, Kubernetes, ARM, Bicep
- [policy_sentry](https://github.com/salesforce/policy_sentry) — Salesforce IAM least-privilege policy generator
- [algo](https://github.com/trailofbits/algo) — Trail of Bits one-click personal IPSEC VPN on EC2 (and other clouds)
---
## Compliance
> Evidence collection and audit-ready controls — Audit Manager for evidence, Artifact for AWS attestations, Config conformance packs for continuous checks.
### HIPAA
- [HIPAA Eligible AWS Services](https://aws.amazon.com/compliance/hipaa-eligible-services-reference/)
- [HIPAA on AWS — complete compliance checklist](https://www.factualminds.com/blog/hipaa-on-aws-complete-compliance-checklist/)
- [HIPAA-compliant architecture on AWS](https://www.factualminds.com/blog/how-to-implement-hipaa-compliant-architecture-aws/)
- [HIPAA-compliant AI on AWS Bedrock](https://www.factualminds.com/blog/hipaa-compliant-ai-aws-bedrock/)
- [HIPAA telehealth platform — case study (8 weeks)](https://www.factualminds.com/case-study/hipaa-compliant-telehealth-platform-aws/)
- [HIPAA-eligible AWS services — glossary](https://www.factualminds.com/glossary/hipaa-eligible-aws-services/)
- [HIPAA compliance checker tool](https://www.factualminds.com/tools/hipaa-compliance-checker/)
### PCI DSS
- [PCI DSS compliance on AWS — fintech guide](https://www.factualminds.com/blog/pci-dss-compliance-aws-architecture-guide-fintech/)
- [PCI DSS fintech AWS migration — case study (12 weeks)](https://www.factualminds.com/case-study/pci-dss-fintech-aws-migration/)
- [PCI DSS Cardholder Data Environment — glossary](https://www.factualminds.com/glossary/pci-dss-cardholder-data-environment/)
### SOC 2
- [SOC 2 compliance on AWS — implementation guide](https://www.factualminds.com/blog/how-to-achieve-soc2-compliance-aws-2026/)
- [SOC 2 Type 2 — glossary](https://www.factualminds.com/glossary/soc2-type-2/)
### ISO 27001
- [ISO 27001 certification on AWS — ISMS implementation](https://www.factualminds.com/blog/iso-27001-certification-aws-isms-implementation/)
### GDPR
- [GDPR compliance on AWS for SaaS data protection](https://www.factualminds.com/blog/gdpr-compliance-aws-saas-data-protection/)
### NIS2
- [NIS2 directive — AWS for critical infrastructure](https://www.factualminds.com/blog/nis2-directive-aws-critical-infrastructure/)
### NIST CSF 2.0
- [NIST CSF 2.0 — AWS implementation guide](https://www.factualminds.com/blog/nist-csf-2-0-aws-implementation-guide/)
### DORA (Digital Operational Resilience Act)
- [DORA compliance — AWS for financial services](https://www.factualminds.com/blog/dora-compliance-aws-financial-services/)
### EU AI Act
- [EU AI Act compliance — AWS Bedrock + SageMaker](https://www.factualminds.com/blog/eu-ai-act-compliance-aws-bedrock-sagemaker/)
---
## Analytics & Big Data
> 🎯 **Building a real-time analytics pipeline?** See the [Real-time analytics playbook](use-cases/real-time-analytics.md) — Kinesis hot path + Firehose cold path → S3 + Athena, with cost model and partitioning patterns.
**Official:**
- [AWS Big Data Blog](https://aws.amazon.com/blogs/big-data/) — data lakes, streaming, OpenSearch, and analytics posts
### Amazon Athena
> Serverless SQL on S3.
- [Athena Documentation](https://docs.aws.amazon.com/athena/)
- [Athena query cost optimization — partition, compress, cache, Iceberg](https://www.factualminds.com/blog/athena-query-cost-optimization-partition-compress-cache-iceberg/)
### AWS Glue
> Serverless ETL + data catalog.
- [Glue Documentation](https://docs.aws.amazon.com/glue/)
- [Glue 5 + Apache Iceberg — modern ETL](https://www.factualminds.com/blog/aws-glue-5-apache-iceberg-modern-etl/)
- [Glue vs dbt on AWS — data transformation guide](https://www.factualminds.com/blog/aws-glue-vs-dbt-on-aws-data-transformation-guide/)
### Amazon Kinesis
- [Kinesis Documentation](https://docs.aws.amazon.com/kinesis/)
- [Kinesis Data Streams vs MSK — which streaming platform](https://www.factualminds.com/blog/amazon-kinesis-data-streams-vs-msk-which-streaming-platform/)
- [Real-time data pipeline — Kinesis + Lambda + DynamoDB](https://www.factualminds.com/blog/real-time-data-pipeline-kinesis-lambda-dynamodb/)
### Amazon Managed Service for Apache Flink
- [Apache Flink on AWS — managed streaming analytics](https://www.factualminds.com/blog/apache-flink-on-aws-managed-service-streaming-analytics/)
### Amazon OpenSearch Service
**Official:**
- [OpenSearch Documentation](https://docs.aws.amazon.com/opensearch-service/)
- [Unified observability in OpenSearch Service (Big Data Blog)](https://aws.amazon.com/blogs/big-data/unified-observability-in-amazon-opensearch-service-metrics-traces-and-ai-agent-debugging-in-a-single-interface/) — metrics, traces, and AI agent debugging together
**Production Guides:**
- [OpenSearch architecture patterns + cost optimization](https://www.factualminds.com/blog/amazon-opensearch-service-architecture-patterns-cost-optimization/)
### Amazon EMR
- [EMR Serverless vs EC2 vs EKS — cost comparison](https://www.factualminds.com/blog/aws-emr-serverless-vs-ec2-vs-eks-cost-comparison/)
### Amazon QuickSight
> Serverless BI + ML insights + GenAI dashboards.
- [QuickSight Documentation](https://docs.aws.amazon.com/quicksight/)
- [QuickSight in production — embedding, row-level security, SPICE refresh, and capacity sizing](https://www.factualminds.com/blog/amazon-quicksight-production-guide-best-practices/)
- [QuickSight embedding analytics in SaaS apps](https://www.factualminds.com/blog/amazon-quicksight-embedding-analytics-saas-applications/)
- [QuickSight real-time analytics dashboards](https://www.factualminds.com/blog/aws-quicksight-real-time-analytics-dashboards-guide/)
- [Amazon Q in QuickSight — generative BI](https://www.factualminds.com/blog/amazon-q-quicksight-generative-bi/)
- [QuickSight + SPICE case study](https://www.factualminds.com/case-study/amazon-quicksight-spice/)
- [Amazon Q for QuickSight service](https://www.factualminds.com/services/amazon-q-for-quicksight/)
### Amazon DataZone
- [DataZone — enterprise governance](https://www.factualminds.com/blog/amazon-datazone-enterprise-governance/)
### AWS Clean Rooms
- [Clean Rooms — privacy-safe analytics](https://www.factualminds.com/blog/aws-clean-rooms-privacy-analytics/)
### Data Pipelines & Lakes
- [Building a data lake on S3 + Glue + Athena](#amazon-s3-simple-storage-service)
- [Build a serverless data pipeline — Glue + Athena](https://www.factualminds.com/blog/how-to-build-serverless-data-pipeline-glue-athena/)
- [AWS virtual data modeling guide](https://www.factualminds.com/blog/aws-virtual-data-modeling-guide/)
- [Snowflake on AWS — integration](https://www.factualminds.com/integrations/snowflake-aws/)
---
## Artificial Intelligence & Machine Learning
> 🎯 **Building a RAG application?** See the [GenAI / RAG playbook](use-cases/genai-rag.md) — Bedrock + vector store + retrieval + Guardrails, with evaluation harness and per-tenant cost attribution.
### Amazon Bedrock
> Fully managed access to top foundation models (Anthropic, Meta, Amazon Nova, Mistral, Cohere, OpenAI, Stability AI).
**Official:**
- [Bedrock Documentation](https://docs.aws.amazon.com/bedrock/)
- [Bedrock Pricing](https://aws.amazon.com/bedrock/pricing/)
- [Bedrock Knowledge Bases](https://aws.amazon.com/bedrock/knowledge-bases/)
- [Bedrock Agents](https://aws.amazon.com/bedrock/agents/)
- [Bedrock Guardrails](https://aws.amazon.com/bedrock/guardrails/)
**Production Guides:**
- [Why Bedrock is the fastest path to enterprise GenAI](https://www.factualminds.com/blog/why-aws-bedrock-is-the-fastest-path-to-enterprise-genai/)
- [Bedrock cost optimization — token budgets + model selection](https://www.factualminds.com/blog/aws-bedrock-cost-optimization-token-budgets-model-selection/)
- [Bedrock Provisioned Throughput vs On-Demand — break-even analysis](https://www.factualminds.com/blog/aws-bedrock-provisioned-throughput-vs-on-demand-break-even-2026/)
- [Bedrock vs OpenAI API — enterprise comparison](https://www.factualminds.com/blog/aws-bedrock-vs-openai-api-enterprise/)
- [Build a Bedrock Agent with tool use](https://www.factualminds.com/blog/how-to-build-amazon-bedrock-agent-tool-use-2026/)
- [Build a RAG pipeline with Bedrock Knowledge Bases](https://www.factualminds.com/blog/how-to-build-rag-pipeline-amazon-bedrock-knowledge-bases/)
- [Set up Bedrock Guardrails in production](https://www.factualminds.com/blog/how-to-set-up-amazon-bedrock-guardrails-production/)
- [Implementing GenAI guardrails — secure AI governance](https://www.factualminds.com/blog/implementing-genai-guardrails-secure-ai-governance-aws/)
- [Bedrock AI agents + agentic workflows](https://www.factualminds.com/blog/aws-bedrock-ai-agents-agentic-workflows/)
- [Bedrock multi-agent supervisor pattern](https://www.factualminds.com/blog/aws-bedrock-multi-agent-supervisor-pattern/)
- [Bedrock OpenAI models, Codex, Managed Agents](https://www.factualminds.com/blog/amazon-bedrock-openai-models-codex-managed-agents/)
- [Bedrock AgentCore — production patterns](https://www.factualminds.com/blog/amazon-bedrock-agentcore-production/)
- [Bedrock Flows — workflow orchestration](https://www.factualminds.com/blog/amazon-bedrock-flows-workflow-orchestration/)
- [Bedrock Marketplace — third-party models](https://www.factualminds.com/blog/amazon-bedrock-marketplace-third-party-models/)
- [Bedrock Automated Reasoning Checks — hallucination prevention](https://www.factualminds.com/blog/amazon-bedrock-automated-reasoning-checks-hallucination-prevention/)
- [Bedrock Data Automation](https://www.factualminds.com/blog/amazon-bedrock-data-automation/)
- [Fine-tuning vs RAG on Bedrock — when to use each](https://www.factualminds.com/blog/fine-tuning-vs-rag-bedrock-when-to-use/)
- [Multi-tenant GenAI on Bedrock](https://www.factualminds.com/blog/multi-tenant-genai-bedrock/)
- [Bedrock Nova models guide](https://www.factualminds.com/blog/aws-bedrock-nova-models-guide/)
- [Amazon Bedrock — glossary entry](https://www.factualminds.com/glossary/amazon-bedrock/)
- [RAG pipeline — glossary entry](https://www.factualminds.com/glossary/rag-pipeline/)
### Amazon Bedrock AgentCore
> Managed runtime for production AI agents — sessions, memory, tool gateways, identity, and observability. The "everything around the agent" layer that Bedrock Agents alone doesn't give you.
**Official:**
- [Bedrock AgentCore](https://aws.amazon.com/bedrock/agentcore/)
- [AgentCore documentation](https://docs.aws.amazon.com/bedrock-agentcore/)
**Production Guides:**
- [AgentCore production patterns](#amazon-bedrock)
**OSS Tools:**
- [awslabs/agentcore-samples](https://github.com/awslabs/agentcore-samples) — official sample patterns
- [Amazon Bedrock AgentCore MCP Server](https://awslabs.github.io/mcp/servers/amazon-bedrock-agentcore-mcp-server) — build/deploy/manage agents from a coding agent
### Amazon Nova
> Amazon's foundation model family — text, multimodal (Canvas, Reel).
- [Nova Canvas + Reel — multimodal](https://www.factualminds.com/blog/amazon-nova-canvas-reel-multimodal/)
### Amazon SageMaker
> Build, train, deploy ML models at any scale.
**Official:**
- [SageMaker Documentation](https://docs.aws.amazon.com/sagemaker/)
- [AWS Machine Learning Blog](https://aws.amazon.com/blogs/machine-learning/) — training, inference, and MLOps posts
**Production Guides:**
- [SageMaker Unified Studio](https://www.factualminds.com/blog/amazon-sagemaker-unified-studio/)
- [Run SageMaker training jobs cost-efficiently](https://www.factualminds.com/blog/how-to-run-sagemaker-training-jobs-cost-efficiently/)
**Decision Guides:**
- [Bedrock vs SageMaker](https://www.factualminds.com/compare/aws-bedrock-vs-sagemaker/)
### Amazon Q
> AI assistant family for developers, business users, and analytics.
**Official:**
- [Amazon Q for Business](https://aws.amazon.com/q/business/)
**Production Guides:**
- [Q for Business vs ChatGPT Enterprise — CTO guide](https://www.factualminds.com/blog/amazon-q-for-business-vs-chatgpt-enterprise-cto-guide/) · [Compare](https://www.factualminds.com/compare/amazon-q-vs-chatgpt-enterprise/)
- [Set up Q for Business with SharePoint + S3](https://www.factualminds.com/blog/how-to-set-up-amazon-q-for-business-sharepoint-s3/)
- [Q vs GitHub Copilot](https://www.factualminds.com/blog/amazon-q-vs-github-copilot-2026/)
- [Q for Business case study](https://www.factualminds.com/case-study/amazonq/)
### Kiro IDE
- [Kiro IDE — AWS agentic coding](https://www.factualminds.com/blog/kiro-ide-aws-agentic-coding/)
### Other AI/ML Services
- [Amazon Comprehend](https://aws.amazon.com/comprehend/) — NLP
- [Amazon Rekognition](https://aws.amazon.com/rekognition/) — image/video analysis
- [Amazon Textract](https://aws.amazon.com/textract/) — OCR + document AI
- [Amazon Polly](https://aws.amazon.com/polly/) — text-to-speech
- [Amazon Translate](https://aws.amazon.com/translate/) · [Amazon Transcribe](https://aws.amazon.com/transcribe/)
### Cost Control for AI
- [AWS autoscaling for AI workloads — avoid budget overrun](https://www.factualminds.com/blog/aws-autoscaling-ai-workloads-budget-overrun/)
- [Bedrock token cost calculator](https://www.factualminds.com/tools/aws-bedrock-token-cost-calculator/)
### External references (vectors & RAG concepts)
- [Pinecone Learning Center](https://www.pinecone.io/learn) — vector retrieval and RAG concept guides complementary to Bedrock RAG
- [Weaviate Blog](https://weaviate.io/blog) — vector database architecture and retrieval engineering articles
### Roundup
- [Top 20 modern AWS AI services — overview](#foundations)
---
## Developer Tools, DevOps & CI/CD
> 🎯 **Setting up CI/CD?** See the [CI/CD playbook](use-cases/ci-cd.md) — GitHub Actions + OIDC + per-environment accounts, with canary deploys, drift detection, and rollback runbook.
**Official:**
- [AWS DevOps & Developer Productivity Blog](https://aws.amazon.com/blogs/devops/) — CI/CD, CDK, and platform engineering posts
### AWS CloudFormation
> Native infrastructure-as-code in YAML/JSON.
- [CloudFormation Documentation](https://docs.aws.amazon.com/cloudformation/)
- [CloudFormation patterns — stack splitting, drift detection, change sets, and rollback triggers](https://www.factualminds.com/blog/aws-cloudformation-best-practices-infrastructure-as-code/)
- [Application Composer — IaC generator](https://www.factualminds.com/blog/aws-application-composer-iac-generator/)
### AWS CDK — Cloud Development Kit
> Imperative IaC in TypeScript / Python / Java / Go / .NET.
- [CDK Documentation](https://docs.aws.amazon.com/cdk/)
- [Construct Hub](https://constructs.dev/) — community CDK constructs
- [Terraform vs AWS CDK — IaC decision guide](https://www.factualminds.com/blog/terraform-vs-aws-cdk-infrastructure-as-code-decision-guide/)
**OSS Tools:**
- [cdklabs/cdk-nag](https://github.com/cdklabs/cdk-nag) — checks CDK apps against AWS Solutions, HIPAA, NIST, PCI rule packs at synth time
- [projen/projen](https://github.com/projen/projen) — define and synthesise project configuration as code (CDK-style for repos)
- [aws-samples/aws-cdk-examples](https://github.com/aws-samples/aws-cdk-examples) — official patterns in TS, Python, Java, Go, .NET
### Terraform on AWS
- [OpenTofu](https://opentofu.org/) — open-source Terraform-compatible infrastructure-as-code engine
- [HashiCorp AWS Provider](https://registry.terraform.io/providers/hashicorp/aws/latest)
- [Terraform AWS provider upgrade strategy](https://www.factualminds.com/blog/terraform-aws-provider-upgrade-strategy/)
- [Terraform state management — import, move, repair](https://www.factualminds.com/blog/terraform-state-management-aws-import-move-repair/)
- [Safe Terraform apply workflows — approval gates](https://www.factualminds.com/blog/safe-terraform-apply-workflows-approval-gates-aws/)
- [AWS infrastructure drift detection — Terraform](https://www.factualminds.com/blog/aws-infrastructure-drift-detection-terraform/)
- [Migrate Terraform → OpenTofu on AWS](https://www.factualminds.com/blog/migrate-terraform-opentofu-aws/)
- [Terraform on AWS — integration guide](https://www.factualminds.com/integrations/terraform-aws/)
### Pulumi on AWS
> Imperative IaC in TypeScript / Python / Go / .NET / Java with real programming-language constructs.
- [Pulumi AWS provider](https://www.pulumi.com/registry/packages/aws/) — official provider docs
- [Pulumi AWS Native](https://www.pulumi.com/registry/packages/aws-native/) — generated from CloudFormation schema for full coverage
- [Pulumi vs Terraform](https://www.pulumi.com/docs/iac/concepts/vs/terraform/) — official comparison
- [Pulumi vs CDK](https://www.pulumi.com/docs/iac/comparisons/cloud-template-transpilers/aws-cdk/) — official comparison
### SST
> TypeScript-native IaC purpose-built for serverless on AWS.
- [SST](https://sst.dev/) — full-stack framework on AWS
- [SST Documentation](https://sst.dev/docs/) — Ion (v3) is AWS-only with Pulumi/Terraform under the hood
- [SST Components](https://sst.dev/docs/components/) — high-level constructs for common AWS patterns
- [SST Blog](https://sst.dev/blog/) — SST team posts on serverless patterns on AWS
### AWS CodePipeline / CodeBuild / CodeDeploy
- [CodePipeline](https://aws.amazon.com/codepipeline/) · [CodeBuild](https://aws.amazon.com/codebuild/) · [CodeDeploy](https://aws.amazon.com/codedeploy/)
- [CodePipeline CI/CD patterns for production](https://www.factualminds.com/blog/aws-codepipeline-cicd-pipeline-patterns-for-production/)
- [DevOps on AWS — CodePipeline vs GitHub Actions vs Jenkins](https://www.factualminds.com/blog/devops-on-aws-codepipeline-vs-github-actions-vs-jenkins/) · [Compare](https://www.factualminds.com/compare/aws-codepipeline-vs-github-actions/)
### GitHub Actions on AWS
- [GitHub Actions AWS deploys — OIDC federation, scoped roles, and credential-free pipelines](https://www.factualminds.com/blog/github-actions-aws-cicd-security-best-practices/)
- [GitHub Actions on AWS — integration guide](https://www.factualminds.com/integrations/github-actions-aws/)
### CI/CD vendor engineering blogs
- [CircleCI Blog](https://circleci.com/blog/) — CI/CD pipeline engineering posts useful for AWS-deployed apps
- [Spinnaker Community](https://spinnaker.io/community/) — continuous delivery platform community hub
### General DevOps Practice
- [10 AWS DevOps practices for production](https://www.factualminds.com/blog/10-aws-devops-practices-production-2026/)
- [DevOps Exercises on AWS — production reality](https://www.factualminds.com/blog/devops-exercises-aws-production-reality/)
- [AWS environment parity — dev / staging / production](https://www.factualminds.com/blog/aws-environment-parity-dev-staging-production/)
- [Cost-aware CI/CD pipelines on AWS](https://www.factualminds.com/blog/cost-aware-cicd-pipelines-aws/)
- [Debug production distributed AWS systems](https://www.factualminds.com/blog/debug-production-distributed-aws-systems/)
### Local Dev / Emulators
- [LocalStack](https://localstack.cloud/) — AWS-in-a-box for local dev
- [ministackorg/ministack](https://github.com/ministackorg/ministack) — MIT local AWS emulator; 40+ services; Terraform and SDK compatible
- [floci-io/floci](https://github.com/floci-io/floci) — MIT local AWS emulator; Docker Compose; broad AWS API coverage
- [getmoto/moto](#oss-lambda-frameworks-community) — mock AWS services for Python tests (boto3 stub library)
- [AWS CLI chmod /dev/null streaming bug](https://www.factualminds.com/blog/aws-cli-chmod-dev-null-streaming-bug-2026/) — gotcha alert
### CLI & Productivity OSS
- [awslogs](https://github.com/jorgebastida/awslogs) — query CloudWatch Logs from the terminal (the everyday-driver tool)
- [aws-shell](https://github.com/awslabs/aws-shell) — interactive shell with autocomplete for the AWS CLI
- [awless](https://github.com/wallix/awless) — opinionated Go-based CLI for EC2, IAM, S3 (declarative templates)
- [saws](https://github.com/donnemartin/saws) — supercharged AWS CLI with autocomplete + syntax highlighting
### CloudFormation OSS Tools
- [cfn-lint](https://github.com/aws-cloudformation/cfn-lint) — official CloudFormation template linter — catches schema, resource, and intrinsic-function errors before deploy
- [Stelligent/cfn_nag](https://github.com/stelligent/cfn_nag) — CFN security linting (insecure IAM, S3 public, etc.)
- [cloudtools/troposphere](https://github.com/cloudtools/troposphere) — Python library for generating CloudFormation templates
- [cloudreach/sceptre](https://github.com/Sceptre/sceptre) — CLI-driven CloudFormation orchestration
### AWS CLI / SDKs / Cloud9
- [AWS CLI v2](https://aws.amazon.com/cli/)
- [AWS SDK list](https://aws.amazon.com/developer/tools/) — Python (boto3), JS, Java, Go, Rust, ...
- [AWS CloudShell](https://aws.amazon.com/cloudshell/) — browser shell with credentials pre-loaded
- [AWS Toolkit for VS Code / JetBrains](https://aws.amazon.com/visualstudiocode/)
### Asset Pipelines / Runtimes
- [Tune PHP / Node / Python / Go for high concurrency](https://www.factualminds.com/blog/tune-php-node-python-go-high-concurrency/)
- [Ultra-fast asset pipelines — Bun + Vite + Rust](https://www.factualminds.com/blog/ultra-fast-asset-pipelines-bun-vite-rust/)
- [Nginx vs FrankenPHP — modern runtimes comparison](https://www.factualminds.com/blog/nginx-frankenphp-modern-runtimes-comparison/)
---
## Observability & Monitoring
> 🎯 **Building an observability pipeline at scale?** See the [Observability pipeline playbook](use-cases/observability-pipeline.md) — hot CloudWatch + cold S3-Athena, EMF metrics, trace sampling, PII redaction, and cost discipline.
### Amazon CloudWatch
**Official:**
- [CloudWatch Documentation](https://docs.aws.amazon.com/cloudwatch/)
- [CloudWatch Application Signals](https://aws.amazon.com/cloudwatch/features/application-observability-apm/) — auto-instrumented APM with SLO tracking
- [CloudWatch Logs Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html) — query language for log analytics
**Production Guides:**
- [CloudWatch observability — EMF metrics, Logs Insights queries, composite alarms, and metric streams](https://www.factualminds.com/blog/aws-cloudwatch-observability-metrics-logs-alarms-best-practices/)
- [CloudWatch logging costs](https://www.factualminds.com/blog/aws-cloudwatch-logging-costs-observability/)
- [Amazon CloudWatch — glossary entry](https://www.factualminds.com/glossary/amazon-cloudwatch/)
### AWS X-Ray
- [X-Ray](https://aws.amazon.com/xray/) — distributed tracing; in maintenance per AWS lifecycle docs [maintenance]
### OpenTelemetry on AWS
**Official:**
- [AWS Distro for OpenTelemetry (ADOT)](https://aws-otel.github.io/) — recommended successor to X-Ray for new tracing
- [ADOT Documentation](https://aws-otel.github.io/docs/introduction)
- [ADOT Lambda layer](https://aws-otel.github.io/docs/getting-started/lambda) — auto-instrumentation for Lambda
**Production Guides:**
- [OpenTelemetry demo game — AWS observability + chaos engineering](https://www.factualminds.com/blog/otel-demo-game-aws-observability-chaos-engineering/)
### Amazon Managed Service for Prometheus / Grafana
- [Amazon Managed Prometheus (AMP)](https://aws.amazon.com/prometheus/) · [Amazon Managed Grafana (AMG)](https://aws.amazon.com/grafana/)
### Operational Monitoring
- [The real cost of no 24/7 AWS monitoring](https://www.factualminds.com/blog/real-cost-of-no-24-7-aws-monitoring/)
- [AWS 24/7 managed support + monitoring](https://www.factualminds.com/blog/aws-24-7-managed-support-monitoring/)
### Log Pipelines
- [Stream CloudWatch Logs to S3 via Firehose](https://docs.aws.amazon.com/firehose/latest/dev/writing-with-cloudwatch-logs.html) — official log pipeline pattern
- [Querying CloudWatch logs in S3 with Athena](https://docs.aws.amazon.com/athena/latest/ug/cloudwatch-logs.html) — long-term log analytics on cold storage
- [Centralized Logging with OpenSearch (Solutions)](https://aws.amazon.com/solutions/implementations/centralized-logging-with-opensearch/) — official deployable reference
### Third-party
- [Datadog on AWS — integration](https://www.factualminds.com/integrations/datadog-aws/)
- [Honeycomb Blog](https://www.honeycomb.io/blog) — distributed systems observability engineering posts
- [Datadog Engineering — Kubernetes topic](https://www.datadoghq.com/blog/topic/kubernetes/) — Kubernetes reliability and operations articles
- [Lumigo Blog](https://lumigo.io/blog) — serverless observability and Lambda troubleshooting articles
---
## Cost Management & FinOps
> 🎯 **Hunting a surprise bill?** See the [Cost pitfalls playbook](use-cases/cost-pitfalls.md) — NAT Gateway egress, cross-AZ traffic, CloudWatch Logs ingestion, and the other line items that surprise teams.
### Cost Tools (Native)
- [AWS Cost Explorer](https://aws.amazon.com/aws-cost-management/aws-cost-explorer/)
- [AWS Budgets](https://aws.amazon.com/aws-cost-management/aws-budgets/)
- [AWS Compute Optimizer](https://aws.amazon.com/compute-optimizer/)
- [AWS Cost Anomaly Detection](https://aws.amazon.com/aws-cost-management/aws-cost-anomaly-detection/)
- [AWS Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/trusted-advisor/)
- [AWS Billing and Cost Management — official user guide](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/) — accounts, invoices, allocation tags
- [AWS Customer Carbon Footprint Tool](https://aws.amazon.com/aws-cost-management/aws-customer-carbon-footprint-tool/) — estimated emissions by service + region (free, in Billing console)
### Strategy & Playbooks
- [Cost Explorer + Budgets monitoring guide](https://www.factualminds.com/blog/aws-cost-explorer-budgets-monitoring-guide/)
- [Cost Optimization Hub guide](https://www.factualminds.com/blog/aws-cost-optimization-hub-guide/)
- [Use Cost Anomaly Detection to catch surprise bills](https://www.factualminds.com/blog/how-to-use-aws-cost-anomaly-detection-catch-surprise-bills/)
- [5 cost optimization strategies most teams overlook](https://www.factualminds.com/blog/5-aws-cost-optimization-strategies-most-teams-overlook/)
- [Cloud cost optimization — modern strategies](https://www.factualminds.com/blog/cloud-cost-optimization-2026-modern-strategies/)
- [AWS cost prediction playbook](https://www.factualminds.com/blog/aws-cost-prediction-2026-playbook/)
- [AWS cost control architecture optimization playbook](https://www.factualminds.com/blog/aws-cost-control-architecture-optimization-playbook/)
- [Designing cost-stable AWS architectures](https://www.factualminds.com/blog/aws-cost-stable-architecture-design/)
- [Eliminate surprise bills with autoscaling](https://www.factualminds.com/blog/aws-eliminate-surprise-bills-autoscaling/)
- [Multi-region AWS without doubling costs](https://www.factualminds.com/blog/multi-region-aws-without-doubling-costs/)
- [AWS pricing emergent behavior — billing complexity](https://www.factualminds.com/blog/aws-pricing-emergent-behavior-billing-complexity/)
- [Prevent queue cost explosions on AWS](https://www.factualminds.com/blog/prevent-queue-cost-explosions-aws/)
- [Cost-optimized SaaS stack on AWS — end to end](https://www.factualminds.com/blog/cost-optimized-saas-stack-aws-end-to-end/)
- [AWS data transfer costs for startups](https://www.factualminds.com/blog/aws-data-transfer-costs-startups/)
### FinOps
- [FinOps on AWS — complete cost governance guide](https://www.factualminds.com/blog/finops-on-aws-complete-guide-cloud-cost-governance/)
- [AWS FinOps gap — engineering cost ownership](https://www.factualminds.com/blog/aws-finops-gap-engineering-cost-ownership/)
- [FinOps — glossary entry](https://www.factualminds.com/glossary/finops/)
- [FinOps Foundation](https://www.finops.org/) — global community
- [FinOps Foundation Insights](https://www.finops.org/insights/) — foundation articles and updates on FinOps practice and cloud financial operations
### Bill Teardowns (real customer incidents)
- [Bill teardown #1 — SaaS startup with $40k/mo overrun](https://www.factualminds.com/blog/aws-bill-teardown-1-saas-startup-40k-month-overrun/)
- [Bill teardown #2 — healthcare's NAT Gateway problem](#nat-gateway)
- [Bill teardown #3 — retail's data transfer trap](https://www.factualminds.com/blog/aws-bill-teardown-3-retail-data-transfer-trap/)
- [AWS startup cost explosion — real failure patterns](https://www.factualminds.com/blog/aws-startup-cost-explosion-real-failure-patterns/)
- [SaaS cost optimization — case study ($85k → $58k/mo)](https://www.factualminds.com/case-study/saas-cost-optimization-30-percent-reduction/)
### Savings Plans / Reserved Instances
- [Savings Plans](https://aws.amazon.com/savingsplans/) · [Reserved Instances](https://aws.amazon.com/ec2/pricing/reserved-instances/)
- [Reserved Instances vs Savings Plans](https://www.factualminds.com/glossary/reserved-instances-vs-savings-plans/)
- [AWS Savings Plans — glossary](https://www.factualminds.com/glossary/aws-savings-plans/)
### Managed vs DIY Cost
- [AWS managed services vs DIY — total cost of ownership](https://www.factualminds.com/blog/aws-managed-services-vs-diy-total-cost-of-ownership/)
**OSS Cost Tools:**
- [Infracost](https://www.infracost.io/) — Terraform → cost diff in PRs
- [Komiser](https://github.com/tailwarden/komiser) — multi-cloud cost + resource viewer
- [aws-nuke](#data-perimeter) — wipe orphaned dev accounts
- [Cloud Intelligence Dashboards](https://github.com/aws-samples/aws-cudos-framework-deployment) — CUR analytics dashboards (CUDOS, Cost Intelligence, KPI)
- [cloud-custodian/cloud-custodian](https://github.com/cloud-custodian/cloud-custodian) — YAML rules engine for resource governance, cost, and compliance enforcement
- [Similarweb/finala](https://github.com/similarweb/finala) — scans AWS for wasteful and unused resources to cut spend
---
## Migration & Transfer
### AWS Migration Hub & MAP
- [AWS Migration Hub](https://aws.amazon.com/migration-hub/)
- [Migration Acceleration Program (MAP)](https://aws.amazon.com/migration-acceleration-program/)
- [MAP for SMBs — guide](https://www.factualminds.com/blog/aws-migration-acceleration-program-map-smb-guide/)
### AWS Application Migration Service (MGN) & DMS
- [Application Migration Service](https://aws.amazon.com/application-migration-service/)
- [Database Migration Service (DMS)](https://aws.amazon.com/dms/)
### Migration Strategy
- [AWS migration strategy — choose the right approach](https://www.factualminds.com/blog/aws-migration-strategy-choose-right-approach/)
- [Application modernization — refactor / replatform / rearchitect](https://www.factualminds.com/blog/aws-application-modernization-refactor-replatform-rearchitect/)
- [Application modernization ROI + business case](https://www.factualminds.com/blog/aws-application-modernization-roi-business-case/)
- [Migrate without cost surprises](https://www.factualminds.com/blog/aws-migration-without-cost-surprises/)
- [7 signs you need a migration partner](https://www.factualminds.com/blog/7-signs-you-need-an-aws-cloud-migration-partner/)
- [Cloud migration estimator tool](https://www.factualminds.com/tools/cloud-migration-estimator/)
### Disaster Recovery
- [DR strategies — pilot light / warm standby / multi-site](https://www.factualminds.com/blog/aws-disaster-recovery-strategies-pilot-light-warm-standby-multi-site/)
### VMware → AWS
- [Amazon Elastic VMware Service](#amazon-elastic-vmware-service-evs)
---
## Internet of Things (IoT)
### AWS IoT Core
**Official:**
- [IoT Core Documentation](https://docs.aws.amazon.com/iot/)
- [AWS IoT Blog](https://aws.amazon.com/blogs/iot/) — device connectivity, Greengrass, and industrial IoT posts
**Production Guides:**
- [IoT Core MQTT for industrial workloads](https://www.factualminds.com/blog/aws-iot-core-mqtt-industrial-workloads/)
- [IoT solutions architecture guide](https://www.factualminds.com/blog/aws-iot-solutions-architecture-guide/)
### AWS IoT Greengrass
- [Greengrass v2 — edge computing for the factory floor](https://www.factualminds.com/blog/aws-iot-greengrass-v2-edge-computing-factory-floor/)
### AWS IoT SiteWise
- [SiteWise native anomaly detection — predictive maintenance](https://www.factualminds.com/blog/aws-iot-sitewise-native-anomaly-detection-predictive-maintenance/)
- [OPC UA → IoT SiteWise edge gateway setup](https://www.factualminds.com/blog/opc-ua-aws-iot-sitewise-edge-gateway-setup/)
### AWS IoT TwinMaker
- [TwinMaker — digital twin for manufacturing](https://www.factualminds.com/blog/aws-iot-twinmaker-digital-twin-manufacturing/)
### Architecture
- [OT/IT convergence — AWS architecture patterns](https://www.factualminds.com/blog/ot-it-convergence-aws-architecture-patterns/)
- [Manufacturing IoT predictive maintenance — case study](https://www.factualminds.com/case-study/manufacturing-iot-predictive-maintenance-aws/)
---
## Application Integration
> 🎯 **Building async/event-driven systems?** See [Async job processing](use-cases/async-jobs.md) (queue + worker + DLQ) and [Event-driven processing](use-cases/event-driven.md) (EventBridge with schemas, replay, per-target DLQs).
### Amazon SQS
**Official:**
- [SQS Documentation](https://docs.aws.amazon.com/sqs/)
- [Application Integration category (AWS News Blog)](https://aws.amazon.com/blogs/aws/category/application-integration/) — EventBridge, Step Functions, and messaging launches
**Production Guides:**
- [SQS reliable messaging patterns for production](https://www.factualminds.com/blog/aws-sqs-reliable-messaging-patterns-for-production/)
- [Reliable queue systems on AWS — SQS, Kafka, Redis](https://www.factualminds.com/blog/reliable-queue-systems-aws-sqs-kafka-redis/)
### Amazon SNS
- [SNS Documentation](https://docs.aws.amazon.com/sns/) — pub/sub fan-out
### Amazon EventBridge
- See [Serverless](#serverless) section
### Amazon MQ
- [Amazon MQ](https://aws.amazon.com/amazon-mq/) — managed RabbitMQ + ActiveMQ
### AWS AppFlow
- [AppFlow](https://aws.amazon.com/appflow/) — SaaS-to-AWS data sync
---
## Email & Communication
### Amazon SES — Simple Email Service
> 🎯 **Building transactional email at scale?** Start with the [Email delivery playbook](use-cases/email-delivery.md) — full architecture (SES → SNS → Firehose → S3 → Athena), bounce/complaint handling, IP warming, cost model, and 18-item production checklist.
- [SES Documentation](https://docs.aws.amazon.com/ses/)
- [SES e-commerce email marketing](https://www.factualminds.com/blog/aws-ses-ecommerce-email-marketing/)
- [Migrate from SendGrid to SES](https://www.factualminds.com/blog/how-to-migrate-from-sendgrid-to-amazon-ses/)
- [SES at scale — case study (200M+ messages/mo)](https://www.factualminds.com/case-study/aws-ses/)
### SES Migrations from Competitors
- [SendGrid → SES](https://www.factualminds.com/compare/sendgrid-to-aws-ses/)
- [Mailgun → SES](https://www.factualminds.com/compare/mailgun-to-aws-ses/)
- [Postmark → SES](https://www.factualminds.com/compare/postmark-to-aws-ses/)
- [Resend → SES](https://www.factualminds.com/compare/resend-to-aws-ses/)
- [SparkPost → SES](https://www.factualminds.com/compare/sparkpost-to-aws-ses/)
- [Elastic Email → SES](https://www.factualminds.com/compare/elastic-email-to-aws-ses/)
---
## Management & Governance
### AWS Organizations
- [AWS Organizations](https://aws.amazon.com/organizations/)
- [Organizations + SCPs — glossary](https://www.factualminds.com/glossary/aws-organizations-scps/)
### AWS Control Tower & Landing Zone
- [Control Tower](https://aws.amazon.com/controltower/)
- [Set up Control Tower for multi-account governance](https://www.factualminds.com/blog/how-to-set-up-aws-control-tower-multi-account-governance/)
- [Multi-account landing zone — Control Tower, OUs, SCPs, and Identity Center setup](https://www.factualminds.com/blog/aws-multi-account-strategy-landing-zone-best-practices/)
- [AWS Control Tower — glossary](https://www.factualminds.com/glossary/aws-control-tower/)
- [AWS Landing Zone — glossary](https://www.factualminds.com/glossary/aws-landing-zone/)
**Third-party narratives:**
- [Monzo Bank (AWS customer story)](https://aws.amazon.com/solutions/case-studies/monzo-bank-case-study/) — digital bank on AWS; scale and account-boundary themes
- [AWS infrastructure at Segment](https://segment.com/blog/aws-infrastructure-at-segment) — many AWS accounts and environment scaling practices
- [Shopify Engineering](https://shopify.engineering/) — backend engineering posts including AWS-scale commerce infrastructure
- [Revamping with Landing Zone — multi-account rebuild (WealthPark)](https://medium.com/wealthpark-engineering/revamping-with-landing-zone-exploring-multi-account-aws-architecture-in-our-infrastructure-rebuild-6b1f2da9327) — Landing Zone–oriented infrastructure rebuild walkthrough
- [Enterprise Landing Zone decisions — lessons learned, Part 1](https://medium.com/@malavaln/dive-deep-on-our-aws-landing-zone-architecture-decisions-made-lessons-learnt-part-1-898604d7aaaf) — large-org LZ architecture decisions and tradeoffs
### AWS Config
- [AWS Config](https://aws.amazon.com/config/) — resource inventory + compliance
- [AWS Config Rules — glossary](https://www.factualminds.com/glossary/aws-config-rules/)
### Service Limits, Quotas & Throttling
> Hard vs soft limits, retry strategy, and the throttling behaviour that bites at scale.
**Official:**
- [Service Quotas console](https://docs.aws.amazon.com/servicequotas/latest/userguide/intro.html) — view and request increases for soft limits
- [AWS service quotas reference](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html) — per-service hard and soft limits
- [Error retries and exponential backoff (SDK guidance)](https://docs.aws.amazon.com/general/latest/gr/api-retries.html) — official retry behaviour
- [Timeouts, retries, and backoff with jitter (Builders Library)](https://aws.amazon.com/builders-library/timeouts-retries-and-backoff-with-jitter/) — first-principles guidance
- [API Gateway throttling](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-throttling.html) — account-, stage-, and key-level limits
- [Lambda concurrency and throttling](https://docs.aws.amazon.com/lambda/latest/dg/lambda-concurrency.html) — reserved vs provisioned concurrency
- [DynamoDB throttling and adaptive capacity](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html) — partition-level throttling
### AWS Support & MSP
- [AWS Support Plans](https://aws.amazon.com/premiumsupport/plans/)
- [AWS managed services vs Support plans — difference](https://www.factualminds.com/blog/aws-managed-services-vs-aws-support-plans-difference/)
- [What does an AWS MSP actually do](https://www.factualminds.com/blog/what-does-aws-msp-actually-do/)
- [When do you need an AWS MSP](https://www.factualminds.com/blog/when-do-you-need-aws-managed-services-provider/)
- [How to evaluate an AWS MSP](https://www.factualminds.com/blog/how-to-evaluate-aws-managed-services-provider/)
### Hiring an AWS Consultant
- [How to choose an AWS cloud consulting partner](https://www.factualminds.com/blog/aws-cloud-consulting-partner-how-to-choose/)
- [Benefits of hiring a certified AWS consultant](https://www.factualminds.com/blog/benefits-of-hiring-certified-aws-consultant/)
- [What to look for when hiring an AWS consultant](https://www.factualminds.com/blog/hire-aws-consultant-what-to-look-for/)
- [When to hire an AWS consultant — business triggers](https://www.factualminds.com/blog/when-to-hire-aws-consultant-business-triggers/)
### AWS Partner Network
- [AWS Partner Network (APN)](https://aws.amazon.com/partners/)
- [AWS Retail Competency — what it means for your business](https://www.factualminds.com/blog/aws-retail-competency-what-it-means-for-your-business/)
---
## Well-Architected Framework
> Six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability.
- [Well-Architected Framework — official](#foundations)
- [WAF Tool (free review)](https://aws.amazon.com/well-architected-tool/)
- [WAF lenses (Serverless, SaaS, GenAI, ...)](https://aws.amazon.com/architecture/well-architected/?ref=wellarchitected-wp&wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc)
- [Reliability Pillar (official whitepaper)](https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/) — failure isolation, recovery, multi-AZ
- [Cost Optimization Pillar (official whitepaper)](https://docs.aws.amazon.com/wellarchitected/latest/cost-optimization-pillar/) — practices for spend efficiency
- [WAF 6 pillars explained](#foundations)
- [Well-Architected Framework — glossary](https://www.factualminds.com/glossary/well-architected-framework/)
- [AWS Well-Architected Review service](https://www.factualminds.com/services/aws-architecture-review/)
- [Free Well-Architected self-assessment tool](https://www.factualminds.com/tools/aws-well-architected-assessment/)
---
## Industry Architectures
End-to-end reference architectures for verticals.
### SaaS
- [SaaS multi-tenancy on AWS — silo vs pool vs bridge](https://www.factualminds.com/blog/saas-multi-tenancy-on-aws-silo-vs-pool-vs-bridge-model/)
- [Multi-tenant SaaS on AWS — architecture pattern](https://www.factualminds.com/patterns/multi-tenant-saas-on-aws/)
- [SaaS industry hub](https://www.factualminds.com/industries/saas/)
- [How UNiDAYS achieved AWS Region expansion in three weeks](https://aws.amazon.com/blogs/architecture/how-unidays-achieved-aws-region-expansion-in-3-weeks/) — multi-Region SaaS rollout case study
### Startups
- [AWS for Startups industry hub](https://www.factualminds.com/industries/aws-startups/)
### Fintech
- [Fintech architecture patterns on AWS](https://www.factualminds.com/blog/building-fintech-applications-on-aws-architecture-patterns/)
- [Fintech industry hub](https://www.factualminds.com/industries/aws-fintech/)
- [BFS health finance transformation on AWS — PCG DACH (Medium)](https://pcg-dach.medium.com/bfs-health-finance-a-journey-of-transformation-into-the-aws-cloud-11c44aa2af8b) — regulated workload migration with ECS and IaC themes
### Healthcare
- [Healthcare industry hub](https://www.factualminds.com/industries/aws-healthcare/)
- [How Artera enhances prostate cancer diagnostics using AWS](https://aws.amazon.com/blogs/architecture/how-artera-enhances-prostate-cancer-diagnostics-using-aws/) — imaging diagnostics workload architecture
### Retail & eCommerce
- [AWS for retail — POS, inventory, recommendations, and peak-event scaling](https://www.factualminds.com/blog/aws-for-retail-complete-guide/)
- [Retail architecture for Black Friday peak traffic](https://www.factualminds.com/blog/aws-retail-architecture-black-friday-peak-traffic/)
- [Custom AWS development for retail / eCommerce](https://www.factualminds.com/blog/custom-aws-development-retail-ecommerce/)
- [Retail & eCommerce industry hub](https://www.factualminds.com/industries/aws-retail-ecommerce/)
### Manufacturing & Industrial IoT
- [Manufacturing industry hub](https://www.factualminds.com/industries/aws-manufacturing/)
- [AI on AWS for predictive maintenance — case study (Medium)](https://medium.com/@andreas.braun.2011/ai-on-aws-architecture-interface-and-resilience-a-case-study-on-leveraging-cloud-computing-in-47cdeba62e20) — industrial AI architecture, interfaces, and resilience framing on AWS
### Education / EdTech
- [Education industry hub](https://www.factualminds.com/industries/aws-education/)
### Real Estate / PropTech
- [Real Estate industry hub](https://www.factualminds.com/industries/aws-real-estate/)
---
## Decision Guides — X vs Y
When you know what you need but not which AWS service to use:
### Compute
- [EC2 vs Lambda](#amazon-ec2-elastic-compute-cloud)
- [Lambda vs ECS Fargate](#aws-fargate)
- [ECS vs EKS](#decision)
- [Which AWS compute?](#amazon-ec2-elastic-compute-cloud)
### Databases
- [RDS vs Aurora](#amazon-rds-relational-database-service)
- [Aurora Serverless vs Aurora provisioned](#amazon-aurora)
- [DynamoDB vs RDS](#amazon-dynamodb)
- [Which AWS database?](#decision-guides)
### Networking & CDN
- [CloudFront vs Cloudflare](#amazon-cloudfront)
- [WAF vs Network Firewall](#aws-waf-web-application-firewall)
### Security & Identity
- [GuardDuty vs Security Hub](#amazon-guardduty)
- [IAM Identity Center vs Cognito](#aws-iam-identity-center-formerly-sso)
### Integration
- [Step Functions vs EventBridge](#aws-step-functions)
- [Bedrock Agents vs Step Functions](#aws-step-functions)
- [Event-based processing for asynchronous communication (AWS Architecture Blog)](https://aws.amazon.com/blogs/architecture/event-based-processing-for-asynchronous-communication/) — choosing EventBridge vs SNS vs SQS and related characteristics
### CI/CD
- [CodePipeline vs GitHub Actions](#aws-codepipeline-codebuild-codedeploy)
- [Terraform vs CDK — IaC decision guide](#aws-cdk-cloud-development-kit)
- [Pulumi vs Terraform](#pulumi-on-aws) — official comparison
- [Pulumi vs CDK](#pulumi-on-aws) — official comparison
### AI/ML
- [Bedrock vs SageMaker](#amazon-sagemaker)
- [Amazon Q vs ChatGPT Enterprise](#amazon-q)
### Cloud Platform
- [AWS vs Azure for enterprise](https://www.factualminds.com/compare/aws-vs-azure-for-enterprise/)
- [AWS vs GCP for startups](https://www.factualminds.com/compare/aws-vs-gcp-for-startups/)
### Consulting Partner Comparisons
- [FactualMinds vs Big 4 AWS](https://www.factualminds.com/compare/factualminds-vs-big4-aws/)
- [FactualMinds vs Cloudreach](https://www.factualminds.com/compare/factualminds-vs-cloudreach/)
- [FactualMinds vs Slalom](https://www.factualminds.com/compare/factualminds-vs-slalom/)
---
## Migration Guides — From Other Platforms
- [DigitalOcean → AWS](https://www.factualminds.com/compare/digitalocean-to-aws/)
- [Heroku Postgres → AWS RDS](#decision-guides)
- [GCP → AWS migration](https://www.factualminds.com/compare/gcp-to-aws-migration/)
- [MongoDB Atlas → DocumentDB](#amazon-documentdb)
- [SendGrid → SES](#ses-migrations-from-competitors)
- [Mailgun → SES](#ses-migrations-from-competitors)
- [Postmark → SES](#ses-migrations-from-competitors)
- [Resend → SES](#ses-migrations-from-competitors)
- [SparkPost → SES](#ses-migrations-from-competitors)
- [Elastic Email → SES](#ses-migrations-from-competitors)
---
## AWS Service Lifecycle & Deprecations
> What state is each service in? AWS publishes explicit lifecycle states — Maintenance, Sunset, Full Shutdown — and the roster changes faster than most curated lists track. This section flags the services that affect new architectural decisions and points at official replacements.
### Lifecycle reference
- [AWS Service Lifecycle](https://docs.aws.amazon.com/general/latest/gr/service-lifecycle.html) — official definitions of Maintenance, Sunset, Full Shutdown
- [Services in Full Shutdown](https://docs.aws.amazon.com/general/latest/gr/full_shutdown_services.html) — official roster of shut-down services with dates
- [AWS service changes — May 2025](https://aws.amazon.com/about-aws/whats-new/2025/05/aws-service-changes/) — most recent batch of lifecycle announcements
- [AWS Product Lifecycle blog post](https://aws.amazon.com/blogs/aws/introducing-the-aws-product-lifecycle-page-and-aws-service-availability-updates/) — context behind the lifecycle page
### Full shutdown — already removed
Highlights from the [official roster](#lifecycle-reference); see that page for the complete list and exact dates.
- [Amazon QLDB](https://aws.amazon.com/qldb/) — ledger database; shut down July 31, 2025 [shutdown]
- [Amazon Kinesis Data Analytics for SQL](https://aws.amazon.com/kinesis/data-analytics/) — replacement → Managed Service for Apache Flink [shutdown]
- [Amazon CloudWatch Evidently](https://aws.amazon.com/cloudwatch/) — feature flags and A/B; shut down October 17, 2025 [shutdown]
- [AWS DataSync Discovery](https://aws.amazon.com/datasync/) — on-prem storage assessment; shut down May 20, 2025 [shutdown]
- [AWS Private 5G](https://aws.amazon.com/private5g/) — managed cellular networks; shut down May 20, 2025 [shutdown]
- [AWS BugBust](https://aws.amazon.com/bugbust/) — code-fix gamification; shut down August 13, 2025 [shutdown]
- [AWS OpsWorks (Stacks, Chef, Puppet)](https://aws.amazon.com/opsworks/) — config management; shut down May 1, 2024 [shutdown]
- [AWS CodeStar](https://aws.amazon.com/codestar/) — project templates; shut down July 25, 2024 [shutdown]
- [AWS RoboMaker](https://aws.amazon.com/robomaker/) — robotics simulation; shut down September 10, 2025 [shutdown]
- [Amazon Lookout for Metrics](https://aws.amazon.com/lookout-for-metrics/) — anomaly detection; shut down October 10, 2025 [shutdown]
- [Amazon Lookout for Vision](https://aws.amazon.com/lookout-for-vision/) — defect detection; shut down October 31, 2025 [shutdown]
- [Amazon WorkDocs](https://aws.amazon.com/workdocs/) — file storage and sharing; shut down April 25, 2025 [shutdown]
### End-of-support announced — avoid for new projects
Per the [May 2025 AWS service changes announcement](#lifecycle-reference). AWS has not yet published exact end-of-support dates for most.
- [Amazon Pinpoint](https://aws.amazon.com/pinpoint/) — multi-channel messaging; replacement → SES, SNS, EventBridge [sunset]
- [AWS IoT Analytics](https://aws.amazon.com/iot-analytics/) — replacement → IoT Core + Kinesis or EventBridge [sunset]
- [AWS IoT Events](https://aws.amazon.com/iot-events/) — event detection; replacement → EventBridge + Lambda [sunset]
- [AWS Panorama](https://aws.amazon.com/panorama/) — appliance-based computer vision at the edge [sunset]
- [AWS SimSpace Weaver](https://aws.amazon.com/simspaceweaver/) — large-scale spatial simulations; ends March 31, 2026 [sunset]
- [Amazon Inspector Classic](https://docs.aws.amazon.com/inspector/v1/userguide/inspector_introduction.html) — replacement → Amazon Inspector v2 [sunset]
- [AWS IQ](https://aws.amazon.com/iq/) — freelance AWS experts marketplace [sunset]
- [AWS DMS Fleet Advisor](https://docs.aws.amazon.com/dms/latest/userguide/fleet-advisor.html) — replacement → AWS DMS [sunset]
- [Amazon Connect Voice ID](https://docs.aws.amazon.com/connect/latest/adminguide/voice-id.html) — caller authentication; end-of-support announced [sunset]
### Maintenance — closed to new customers
Per AWS lifecycle docs: existing customers retain access; no new features, no onboarding.
- [AWS X-Ray](#aws-x-ray) — distributed tracing; in maintenance per AWS lifecycle docs [maintenance]
- [Amazon Timestream for LiveAnalytics](#amazon-timestream) — closed to new customers June 20, 2025 [maintenance]
### Status tags used in this guide
- `[shutdown]` — fully removed from AWS; no access
- `[sunset]` — end-of-support announced; plan migration now
- `[maintenance]` — no new customers, no major features
- `[preview]` — preview release; not yet generally available
See [CONTRIBUTING.md](CONTRIBUTING.md#status-tags) for sourcing rules.
---
## Free Tools & Calculators
Free, no-signup AWS planning calculators and assessments:
### Cost & Pricing
- [AWS Cost Savings Calculator](https://www.factualminds.com/tools/aws-cost-savings-calculator/)
- [AWS Cost Waste Quiz](https://www.factualminds.com/tools/aws-cost-waste-quiz/)
- [AWS Feature Cost Estimator](https://www.factualminds.com/tools/aws-feature-cost-estimator/)
- [AWS Free Tier Calculator](https://www.factualminds.com/tools/aws-free-tier-calculator/)
- [AWS IOPS Cost Calculator](https://www.factualminds.com/tools/aws-iops-cost-calculator/)
- [AWS Lambda vs Container Cost Calculator](#aws-lambda)
- [AWS Reserved Instance Calculator](https://www.factualminds.com/tools/aws-reserved-instance-calculator/)
- [AWS Savings Plans Calculator](https://www.factualminds.com/tools/aws-savings-plans-calculator/)
- [AWS Scaling Cost Simulator](https://www.factualminds.com/tools/aws-scaling-cost-simulator/)
- [AWS Tenancy Cost Calculator](https://www.factualminds.com/tools/aws-tenancy-cost-calculator/)
- [AWS Unit Economics Calculator](https://www.factualminds.com/tools/aws-unit-economics-calculator/)
- [AWS RDS Max Connection Calculator](#amazon-rds-relational-database-service)
- [AWS Bedrock Token Cost Calculator](#cost-control-for-ai)
### Migration & Assessment
- [Cloud Migration Estimator](#migration-strategy)
- [AWS Well-Architected Assessment](#well-architected-framework)
- [GenAI Readiness Assessment](https://www.factualminds.com/tools/genai-readiness-assessment/)
- [HIPAA Compliance Checker](#hipaa)
### Official AWS Tools
- [AWS Pricing Calculator](#foundations)
- [AWS Total Cost of Ownership (TCO) Calculator](https://aws.amazon.com/tco-calculator/)
---
## AWS Glossary
Plain-language definitions of common AWS terms:
- [Amazon Aurora](#amazon-aurora)
- [Amazon Bedrock](#amazon-bedrock)
- [Amazon CloudWatch](#amazon-cloudwatch)
- [Amazon DynamoDB](#amazon-dynamodb)
- [Amazon EC2](#amazon-ec2-elastic-compute-cloud)
- [Amazon EKS](#amazon-eks-elastic-kubernetes-service)
- [Amazon RDS](#amazon-rds-relational-database-service)
- [Amazon Redshift](#amazon-redshift)
- [Amazon S3](#amazon-s3-simple-storage-service)
- [Amazon VPC](#amazon-vpc-virtual-private-cloud)
- [AWS CloudTrail](#aws-cloudtrail)
- [AWS Config Rules](#aws-config)
- [AWS Control Tower](#aws-control-tower-landing-zone)
- [AWS IAM](#aws-iam-identity-access-management)
- [AWS KMS](#aws-kms-key-management-service)
- [AWS Lambda](#aws-lambda)
- [AWS Landing Zone](#aws-control-tower-landing-zone)
- [AWS Organizations + SCPs](#aws-organizations)
- [AWS Savings Plans](#savings-plans-reserved-instances)
- [AWS Shared Responsibility Model](#foundations)
- [AWS Step Functions](#aws-step-functions)
- [FinOps](#finops)
- [HIPAA-eligible AWS services](#hipaa)
- [Multi-tenant architecture](https://www.factualminds.com/glossary/multi-tenant-architecture/)
- [PCI DSS Cardholder Data Environment](#pci-dss)
- [RAG pipeline](#amazon-bedrock)
- [Reserved Instances vs Savings Plans](#savings-plans-reserved-instances)
- [SOC 2 Type 2](#soc-2)
- [VPC peering vs Transit Gateway](#amazon-vpc-virtual-private-cloud)
- [Well-Architected Framework](#well-architected-framework)
---
## AWS Certifications & Learning Paths
### Official
- [AWS Certifications overview](https://aws.amazon.com/certification/)
- [AWS Skill Builder](https://skillbuilder.aws/) — official free training
- [AWS Workshops catalog](https://workshops.aws/)
### Cert Deep Dives
- [AWS Solutions Architect — Associate](https://www.factualminds.com/certifications/aws-solutions-architect-associate/)
- [AWS Security — Specialty](https://www.factualminds.com/certifications/aws-security-specialty/)
---
## Architecture Patterns
Reference patterns for the workloads that show up most often. Each links into the relevant service sections for depth.
### Multi-tenant SaaS
> 🎯 **Building a multi-tenant SaaS?** Start with the [Multi-tenant SaaS playbook](use-cases/multi-tenant-saas.md) �