# In-scope AWS services and features ## In-scope AWS services and features **Note:** Security affects all AWS services. Many services do not appear in this list because the overall service is out of scope, but the security aspects of the service are in scope. For example, a candidate for this exam would not be asked about the steps to set up replication for an S3 bucket. However, the candidate might be asked about configuring an S3 bucket policy. The following list contains AWS services and features that are in scope for the exam. This list is non-exhaustive and is subject to change. AWS offerings appear in categories that align with the offerings' primary functions: **Topics** + [ ### Analytics ](#scs-02-in-scope-analytics) + [ ### Application Integration ](#scs-02-in-scope-application-integration) + [ ### Compute ](#scs-02-in-scope-compute) + [ ### Developer Tools ](#scs-02-in-scope-developer-tools) + [ ### Internet of Things ](#scs-02-in-scope-internet-of-things) + [ ### Machine Learning ](#scs-02-in-scope-machine-learning) + [ ### Management and Governance ](#scs-02-in-scope-management-governance) + [ ### Networking and Content Delivery ](#scs-02-in-scope-networking-content-delivery) + [ ### Security, Identity, and Compliance ](#scs-02-in-scope-security-identity-compliance) + [ ### Storage and Data Management ](#scs-02-in-scope-storage-data-management) ### Analytics + Amazon Athena + Amazon OpenSearch Service ### Application Integration + Amazon SNS + AWS Step Functions ### Compute + Amazon API Gateway + Amazon EC2 (including EC2 Image Builder, EC2 Instance Connect) + Amazon EKS + Amazon EMR + AWS Lambda + Amazon Data Lifecycle Manager ### Developer Tools + AWS Fault Injection Service ### Internet of Things + AWS IoT Core ### Machine Learning + Amazon Bedrock + Amazon CodeGuru Security + Amazon Q Business + Amazon Q Developer + Amazon SageMaker AI ### Management and Governance + AWS CloudFormation + AWS CloudTrail + AWS CloudTrail Lake + Amazon CloudWatch + AWS Config + AWS Control Tower + Amazon Managed Grafana + AWS Organizations + AWS Resilience Hub + AWS Resource Access Manager (AWS RAM) + AWS Service Catalog + AWS Systems Manager + AWS Trusted Advisor + AWS User Notifications + AWS Well-Architected Tool ### Networking and Content Delivery + Amazon Application Recovery Controller + Amazon VPC + Network Access Analyzer + Network ACLs + Security groups + VPC endpoints + AWS Site-to-Site VPN + Flow Logs + VPC Endpoints + AWS Verified Access + AWS Client VPN + Amazon CloudFront + Amazon Verified Permissions + Amazon Route 53 (including Route 53 Resolver DNS Firewall) + AWS Direct Connect + Elastic Load Balancing (ELB) + Network Access Analyzer + AWS Transit Gateway ### Security, Identity, and Compliance + AWS Artifact + AWS Audit Manager + AWS Certificate Manager (ACM) + AWS CloudHSM + Amazon Cognito + Amazon Detective + AWS Directory Service + AWS Firewall Manager + Automated Forensics Orchestrator for Amazon EC2 + Amazon GuardDuty + IAM + AWS IAM Identity Center + Amazon Inspector + AWS KMS + Amazon Macie + AWS Network Firewall + AWS Private Certificate Authority + AWS Secrets Manager + AWS Security Hub + Amazon Security Lake + AWS Shield + AWS Shield Advanced + AWS STS + AWS WAF ### Storage and Data Management + Amazon S3 + AWS Backup + AWS DataSync + Amazon EFS (including EFS Lifecycle policies) + Amazon FSx for Lustre