IAM
Storage
Network
Compute
Logging & Monitoring
100

Term for a single local account in which I must assign unique credentials for 

IAM User

100

This service is AWS' primary storage service which offers OBJECT bases storage

Simple Storage Service (S3)

100

This service acts as the bare network infrastructure boundary. Within this service, you can deploy additional resources such as compute instances 

VPC

100
The base compute service for instances
Elastic Cloud Compute (EC2)
100

Service that records all management and data plane events within AWS

CloudTrail


200

Term used for a collection of local accounts that will all share the same permissions as the permissions are assigned to the body, and not the individual 

IAM Group

200

This service offers BLOCK storage and is attached to compute instances

Elastic Block Storage (EBS)

200

STATELESS firewall most commonly used to control access to subnets 

Network Access Control List (NACL)

200

I will use this service to see what required patches / vulnerabilities are on my compute instances 

AWS Inspector 
200

By default, CloudTrail logs will be readily available in the event history for how many days? 

90 days

300

IAM entity I will use if I want to avoid provisioning unique credentials 

IAM Role

300

This storage acts as Network File Storage and can be used simultaneously by multiple compute instances

Elastic File Storage (EFS)

300

Stateful firewall most commonly used to protect compute instances

Security Groups

300

I will use this service to store and maintain my container images

Elastic Container Registry (ECR)

300

Service which will record all service configurations which helps me track and audit configurations over a pre-defined time period

AWS Config

400
A key components of AWS Organizations. I will use this to restrict permissions on all subordinate accounts within my Organization Unit (OU)

Service Control Policies (SCPs) / Permission Boundary 

400

This service is AWS' core offering which allows the automatic implementation and scaling of relational database servers 

Relational Database Service (RDS)

400

This component of AWS WAF offers additional layer 7 protections, specifically against DDoS attacks

AWS Shield / AWS Shield Advanced

400

Alternative to creating SSH keys in order to access my EC2 instances 

EC2 Instance Connect / Session Manager 

400

CloudWatch Events was renamed to this. It is a place where I can aggregate logs from CloudTrail and create response actions 

EventBridge 

500
When federating into my environment (either web or ADFS), this is the service which will actually provision me my role

AWS Security Token Service (AWS STS)

500

This service is a fully managed proprietary NoSQL database offered by Amazon.com as part of the Amazon Web Services portfolio

DynamoDB

500

Two types of VPC endpoints used to securely and privately connect to AWS resources / other VPCs

Interface and Gateway

500

The IP address I will use to connect to my instances' metadata service

169.254.169.254

500

This is AWS' version of a proprietary CSPM AND name one rules package that it uses

AWS SecurityHub / AWS Best Practices and/or CIS

M
e
n
u