AWS services for automation

You can use a number of AWS services to automate your IT operations. The following tables list the 21 OI domains by function and provide information to help you select the right service for each operational need.

Core operations functions:

Domain	Launch focus and tools
Platform architecture and governance	Enterprise-wide governance, security baselines, multi-account strategy, and automated compliance. Usually covered by deploying the AWS Landing Zone solution, AWS Control Tower, or AWS Managed Services.
Event and incident management	Logging, monitoring, automated incident response, and incident correlation using Amazon CloudWatch, Incident Manager, a capability of AWS Systems Manager, Amazon Simple Notification Service (Amazon SNS), and Amazon DevOps Guru.
Provisioning and configuration management	Infrastructure as code (IaC), automated deployment, and configuration compliance by using AWS Service Catalog, AWS CloudFormation, AWS Cloud Development Kit (AWS CDK), AWS Proton, AWS Systems Manager, and AWS Config.
Availability and business continuity management	High availability, resiliency, disaster recovery, and business continuity by using AWS Resilience Hub, AWS Elastic Disaster Recovery, and AWS Backup.
Monitoring and observability	Operational visibility, proactive monitoring, and automated response to service health issues by using Amazon CloudWatch (metrics, logs, alarms), AWS Health, Service Quotas, AWS X-Ray, Amazon Managed Grafana, and Amazon Managed Service for Prometheus.

Security and control functions:

Domain	Launch focus and tools
Change management	Compliance controls, risk management, and tracking changes by using AWS Config, Change Manager, a capability of AWS Systems Manager, AWS Audit Manager, and AWS CloudTrail.
Asset management	Transparency and resource lifecycle tracking by using AWS Resource Explorer, Inventory and Fleet Manager, capabilities of AWS Systems Manager, AWS Config, and automated tagging strategies.
Identity and access management	Least privilege implementation through AWS Identity and Access Management (IAM), single sign-on capabilities with AWS IAM Identity Center, federation with AWS Directory Service, usually implemented through the security workstream.
Security management	Security controls and incident response by using AWS Security Hub, Amazon GuardDuty, Amazon Detective, Amazon Inspector, Amazon Macie, AWS WAF, AWS Shield, and AWS Network Firewall, specified by the security worksteam with automated security assessments and remediation capabilities. For example, see the guide Automated patching for mutable instances in the hybrid cloud using AWS Systems Manager on the AWS Prescriptive Guidance website.
Compliance and risk management	Regulatory compliance, automated auditing, and continuous risk assessment by using AWS Artifact, AWS Config, AWS Audit Manager, AWS Security Hub, and AWS Control Tower.
Data governance and sovereignty management	Data classification, regional compliance requirements such as General Data Protection Regulation (GDPR), and data residency controls by using AWS GovCloud (US) for government workloads, AWS European Sovereign Cloud for EU data sovereignty, and AWS Region-specific deployments.

Business management functions:

Domain	Launch focus and tools
FinOps management	Cost optimization, governance, and billing reporting by using AWS Cost Explorer, AWS Budgets, AWS Cost Anomaly Detection, AWS Trusted Advisor, AWS Billing Conductor, and cost tagging strategies.
Capacity planning and forecasting	Capacity forecasting by using AWS Cost Explorer forecasting, resource optimization by using AWS Compute Optimizer, AWS Trusted Advisor, and AWS Budgets.
Organizational change management	Training, communications, transformation buy-in, adoption frameworks, and managing the people side of cloud transformation.
Vendor management	License and provider management through AWS Marketplace, AWS License Manager, AWS Partner Network, outsourced provider controls, and integration.
Sustainability management	Environmental impact monitoring and optimization by using AWS Customer Carbon Footprint Tool, AWS Graviton processors for better performance per watt, AWS Well-Architected Sustainability Pillar implementation, and sustainability-focused architecture decisions.
Cloud value maximization	Maximizing the business value with the AWS Cloud by optimizing costs, improving operational efficiency, and leveraging cloud capabilities effectively. This includes understanding cost drivers by using AWS Cost Explorer and implementing strategic purchasing (Savings Plans, Reserved Instances, Spot Instances), while using AWS Compute Optimizer for right-sizing and total cost of ownership (TCO) analysis. The goal is to balance cost optimization with performance and innovation to ensure that cloud investments drive business outcomes while supporting growth objectives.

Supporting functions:

Domain	Launch focus and tools
Reporting and analytics	Usage trends and service health monitoring by using Amazon OpenSearch Service, Amazon QuickSight, Amazon Athena, and CloudWatch analytics and monitoring.
Continuous improvement	Process iterations by using AWS Trusted Advisor, Amazon DevOps Guru, AWS Well-Architected Tool, and OpsCenter, a capability of AWS Systems Manager, for operational excellence.
Application lifecycle management	Software development lifecycle, people, process, and tools integrations, DevOps workstream with Amazon Q Developer, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline.
AI/ML operations	Enhanced operational capabilities with CloudWatch anomaly detection, CloudWatch investigations, and Amazon DevOps Guru for predictive monitoring and issue detection; AWS Security Hub, Amazon GuardDuty, and Amazon Detective for ML-powered threat detection and investigation; and AI-driven document processing and architecture visualization solutions to streamline operations and improve incident response.