# AWS services for automation
<a name="aws-services-for-automation"></a>

You can use a number of AWS services to automate your IT operations. The following tables list the 21 OI domains by function and provide information to help you select the right service for each operational need.

**Core operations functions:**


| **Domain** | **Launch focus and tools** | 
| --- | --- | 
| Platform architecture and governance | Enterprise-wide governance, security baselines, multi-account strategy, and automated compliance. Usually covered by deploying the [AWS Landing Zone ](https://docs.aws.amazon.com/prescriptive-guidance/latest/migration-aws-environment/understanding-landing-zones.html)solution, [AWS Control Tower](https://aws.amazon.com/controltower/), or [AWS Managed Services](https://aws.amazon.com/managed-services/). | 
| Event and incident management | Logging, monitoring, automated incident response, and incident correlation using [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/), [Amazon Simple Notification Service (Amazon SNS](https://aws.amazon.com/sns/)), and [Amazon DevOps Guru](https://aws.amazon.com/devops-guru/). | 
| Provisioning and configuration management | Infrastructure as code (IaC), automated deployment, and configuration compliance by using [AWS Service Catalog](https://aws.amazon.com/servicecatalog/), [AWS CloudFormation](https://aws.amazon.com/cloudformation/), [AWS Cloud Development Kit (AWS CDK)](https://aws.amazon.com/cdk/), [AWS Systems Manager](https://aws.amazon.com/systems-manager/), and [AWS Config](https://aws.amazon.com/config/). | 
| Availability and business continuity management | High availability, resiliency, disaster recovery, and business continuity by using [AWS Resilience Hub](https://aws.amazon.com/resilience-hub/), [AWS Elastic Disaster Recovery](https://aws.amazon.com/disaster-recovery/), and [AWS Backup](https://aws.amazon.com/backup/). | 
| Monitoring and observability | Operational visibility, proactive monitoring, and automated response to service health issues by using [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) (metrics, logs, alarms), [AWS Health](https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html), [Service Quotas](https://docs.aws.amazon.com/servicequotas/latest/userguide/intro.html), [AWS X-Ray](https://aws.amazon.com/xray/), [Amazon Managed Grafana](https://aws.amazon.com/grafana/), and [Amazon Managed Service for Prometheus](https://aws.amazon.com/prometheus/). | 

**Security and control functions:**


| **Domain** | **Launch focus and tools** | 
| --- | --- | 
| Change management | Compliance controls, risk management, and tracking changes by using [AWS Config](https://aws.amazon.com/config/), [Change Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/change-manager.html), a capability of AWS Systems Manager, [AWS Audit Manager](https://aws.amazon.com/audit-manager/), and [AWS CloudTrail](https://aws.amazon.com/cloudtrail/). | 
| Asset management | Transparency and resource lifecycle tracking by using [AWS Resource Explorer](https://aws.amazon.com/resourceexplorer/), [Inventory](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-inventory.html) and [Fleet Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager.html), capabilities of AWS Systems Manager, [AWS Config](https://aws.amazon.com/config/), and automated tagging strategies. | 
| Identity and access management | Least privilege implementation through [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/), single sign-on capabilities with [AWS IAM Identity Center](https://aws.amazon.com/iam/identity-center/), federation with [AWS Directory Service](https://aws.amazon.com/directoryservice/), usually implemented through the security workstream. | 
| Security management | Security controls and incident response by using [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/), [Amazon GuardDuty](https://aws.amazon.com/guardduty/), [Amazon Detective](https://aws.amazon.com/detective/), [Amazon Inspector](https://aws.amazon.com/inspector/), [Amazon Macie](https://aws.amazon.com/macie/), [AWS WAF](https://aws.amazon.com/waf/), [AWS Shield](https://aws.amazon.com/shield/), and [AWS Network Firewall](https://aws.amazon.com/network-firewall/), specified by the security worksteam with automated security assessments and remediation capabilities. For example, see the guide [Automated patching for mutable instances in the hybrid cloud using AWS Systems Manager](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/) on the AWS Prescriptive Guidance website. | 
| Compliance and risk management | Regulatory compliance, automated auditing, and continuous risk assessment by using [AWS Artifact](https://aws.amazon.com/artifact/), [AWS Config](https://aws.amazon.com/config/), [AWS Audit Manager](https://aws.amazon.com/audit-manager/), [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/), and [AWS Control Tower](https://aws.amazon.com/controltower/). | 
| Data governance and sovereignty management | Data classification, regional compliance requirements such as General Data Protection Regulation (GDPR), and data residency controls by using [AWS GovCloud (US)](https://aws.amazon.com/govcloud-us/) for government workloads, [AWS European Sovereign Cloud](https://aws.amazon.com/compliance/europe-digital-sovereignty/) for EU data sovereignty, and AWS Region-specific deployments. | 

**Business management functions:**


| **Domain** | **Launch focus and tools** | 
| --- | --- | 
| FinOps management | Cost optimization, governance, and billing reporting by using [AWS Cost Explorer](https://aws.amazon.com/aws-cost-management/aws-cost-explorer/), [AWS Budgets](https://aws.amazon.com/aws-cost-management/aws-budgets/), [AWS Cost Anomaly Detection](https://aws.amazon.com/aws-cost-management/aws-cost-anomaly-detection/), [AWS Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/trusted-advisor/), [AWS Billing Conductor](https://aws.amazon.com/aws-cost-management/aws-billing-conductor/), and cost tagging strategies. | 
| Capacity planning and forecasting | Capacity forecasting by using [AWS Cost Explorer forecasting](https://docs.aws.amazon.com/cost-management/latest/userguide/ce-forecast.html), resource optimization by using [AWS Compute Optimizer](https://aws.amazon.com/compute-optimizer/), [AWS Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/trusted-advisor/), and [AWS Budgets](https://aws.amazon.com/aws-cost-management/aws-budgets/). | 
| Organizational change management | Training, communications, transformation buy-in, adoption frameworks, and [managing the people side of cloud transformation](https://docs.aws.amazon.com/prescriptive-guidance/latest/strategy-ocm/). | 
| Vendor management | License and provider management through [AWS Marketplace](https://aws.amazon.com/marketplace), [AWS License Manager](https://aws.amazon.com/license-manager/), [AWS Partner Network](https://aws.amazon.com/partners/), outsourced provider controls, and integration. | 
| Sustainability management | Environmental impact monitoring and optimization by using [AWS Customer Carbon Footprint Tool](https://aws.amazon.com/aws-cost-management/aws-customer-carbon-footprint-tool/), [AWS Graviton processors](https://aws.amazon.com/ec2/graviton/) for better performance per watt, [AWS Well-Architected Sustainability Pillar](https://docs.aws.amazon.com/wellarchitected/latest/sustainability-pillar/sustainability-pillar.html) implementation, and sustainability-focused architecture decisions. | 
| Cloud value maximization | Maximizing the business value with the AWS Cloud by optimizing costs, improving operational efficiency, and leveraging cloud capabilities effectively. This includes understanding cost drivers by using [AWS Cost Explorer](https://docs.aws.amazon.com/cost-management/latest/userguide/ce-forecast.html) and implementing strategic purchasing ([Savings Plans](https://aws.amazon.com/savingsplans/), [Reserved Instances](https://aws.amazon.com/ec2/pricing/reserved-instances/), [Spot Instances](https://aws.amazon.com/ec2/spot/)), while using [AWS Compute Optimizer](https://aws.amazon.com/compute-optimizer/) for right-sizing and total cost of ownership (TCO) analysis. The goal is to balance cost optimization with performance and innovation to ensure that cloud investments drive business outcomes while supporting growth objectives. | 

**Supporting functions:**


| **Domain** | **Launch focus and tools** | 
| --- | --- | 
| Reporting and analytics | Usage trends and service health monitoring by using [Amazon OpenSearch Service](https://aws.amazon.com/opensearch-service/), [Amazon Quick](https://aws.amazon.com/quicksight/), [Amazon Athena](https://aws.amazon.com/athena/), and [CloudWatch analytics and monitoring](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html). | 
| Continuous improvement | Process iterations by using [AWS Trusted Advisor](https://aws.amazon.com/premiumsupport/technology/trusted-advisor/), [Amazon DevOps Guru](https://aws.amazon.com/devops-guru/), [AWS Well-Architected Tool](https://aws.amazon.com/well-architected-tool/), and [OpsCenter](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html), a capability of AWS Systems Manager, for operational excellence. | 
| Application lifecycle management | Software development lifecycle, people, process, and tools integrations, DevOps workstream with [Amazon Q Developer](https://aws.amazon.com/q/developer/), [AWS CodeBuild](https://aws.amazon.com/codebuild/), [AWS CodeDeploy](https://aws.amazon.com/codedeploy/), and [AWS CodePipeline](https://aws.amazon.com/codepipeline/). | 
| AI/ML operations | Enhanced operational capabilities with [CloudWatch anomaly detection](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Anomaly_Detection.html), [CloudWatch investigations](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Investigations.html), and [Amazon DevOps Guru](https://docs.aws.amazon.com/devops-guru/latest/userguide/welcome.html) for predictive monitoring and issue detection; [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/), [Amazon GuardDuty](https://aws.amazon.com/guardduty/), and [Amazon Detective](https://aws.amazon.com/detective/) for ML-powered threat detection and investigation; and AI-driven [document processing](https://aws.amazon.com/ai/generative-ai/use-cases/document-processing/) and [architecture visualization](https://aws.amazon.com/blogs/machine-learning/build-aws-architecture-diagrams-using-amazon-q-cli-and-mcp/) solutions to streamline operations and improve incident response. |