In-scope AWS services and features - AWS Certification
In-scope AWS services and features

In-scope AWS services and features

In-scope AWS services and features

Note: Security affects all AWS services. Many services do not appear in this list because the overall service is out of scope, but the security aspects of the service are in scope. For example, a candidate for this exam would not be asked about the steps to set up replication for an S3 bucket. However, the candidate might be asked about configuring an S3 bucket policy.

The following list contains AWS services and features that are in scope for the exam. This list is non-exhaustive and is subject to change. AWS offerings appear in categories that align with the offerings' primary functions:

Analytics

  • Amazon Athena

  • Amazon OpenSearch Service

Application Integration

  • Amazon Simple Notification Service (Amazon SNS)

  • AWS Step Functions

Compute

  • Amazon API Gateway

  • Amazon EC2 (including EC2 Image Builder, EC2 Instance Connect)

  • Amazon Elastic Kubernetes Service (Amazon EKS)

  • Amazon EMR

  • AWS Lambda

  • Amazon Data Lifecycle Manager

Developer Tools

  • AWS Fault Injection Service

Internet of Things

  • AWS IoT Core

Machine Learning

  • Amazon Bedrock

  • Amazon CodeGuru Security

  • Amazon Q Business

  • Amazon Q Developer

  • Amazon SageMaker AI

Management and Governance

  • AWS CloudFormation

  • AWS CloudTrail

  • AWS CloudTrail Lake

  • Amazon CloudWatch

  • AWS Config

  • AWS Control Tower

  • Amazon Managed Grafana

  • AWS Organizations

  • AWS Resilience Hub

  • AWS Resource Access Manager (AWS RAM)

  • AWS Service Catalog

  • AWS Systems Manager

  • AWS Trusted Advisor

  • AWS User Notifications

  • AWS Well-Architected Tool

Networking and Content Delivery

  • Amazon Application Recovery Controller

  • Amazon VPC

    • Network Access Analyzer

    • Network ACLs

    • Security groups

    • VPC endpoints

    • AWS Site-to-Site VPN

    • Flow Logs

    • VPC Endpoints

    • AWS Verified Access

  • AWS Client VPN

  • Amazon CloudFront

  • Amazon Verified Permissions

  • Amazon Route 53 (including Route 53 Resolver DNS Firewall)

  • AWS Direct Connect

  • Elastic Load Balancing (ELB)

  • Network Access Analyzer

  • AWS Transit Gateway

Security, Identity, and Compliance

  • AWS Artifact

  • AWS Audit Manager

  • AWS Certificate Manager (ACM)

  • AWS CloudHSM

  • Amazon Cognito

  • Amazon Detective

  • AWS Directory Service

  • AWS Firewall Manager

  • Automated Forensics Orchestrator for Amazon EC2

  • Amazon GuardDuty

  • AWS IAM Identity Center

  • AWS Identity and Access Management (IAM)

  • Amazon Inspector

  • AWS Key Management Service (AWS KMS)

  • Amazon Macie

  • AWS Network Firewall

  • AWS Private Certificate Authority

  • AWS Secrets Manager

  • AWS Security Hub

  • Amazon Security Lake

  • AWS Security Token Service (AWS STS)

  • AWS Shield

  • AWS Shield Advanced

  • AWS WAF

Storage and Data Management

  • Amazon S3

  • AWS Backup

  • AWS DataSync

  • Amazon Elastic File System (Amazon EFS) (including EFS Lifecycle policies)

  • Amazon FSx for Lustre