From d54f1156acb3c5fb7a1eed1c795329171228556e Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 2 May 2025 12:08:56 -0400
Subject: [PATCH 1/2] expanded with additional points to consider

---
 aws/proposals/github-concerns/README.md | 46 +++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/aws/proposals/github-concerns/README.md b/aws/proposals/github-concerns/README.md
index 6e6cec7e..3de03ddc 100644
--- a/aws/proposals/github-concerns/README.md
+++ b/aws/proposals/github-concerns/README.md
@@ -112,6 +112,46 @@ The backup process will be implemented using the following approach:
    * Documentation for accessing backups
    * Scripts for bulk restoration if needed
 
+5. GitLab Contingency Planning:
+   As part of our resilience strategy, we need to validate GitLab as a potential temporary alternative during GitHub outages. The following items require setup and validation:
+   
+   * Infrastructure Configuration:
+     * Mirror the GitHub naming convention (replacing "github" with "gitlab" in URLs)
+     * Deploy across the same locations (internal, t26, dmz)
+     * Configure on F5 similar to GitHub Enterprise (even as a single instance)
+     * Validate network access from internal networks, cloud, lab, and mobile devices
+   
+   * Authentication & Access:
+     * LDAP integration:
+       * GUI login functionality
+       * Group synchronization
+     * SAML access for web interface with MFA and Kerberos support
+     * SSH key upload and management process
+     * GPG key upload and verification workflow
+     * Token-based authentication for CLI operations
+   
+   * Repository Management:
+     * Terraform modules for GitLab repository configuration, settings, and teams
+       * Critical for our AWS account baseline management (~300 AWS account repos)
+     * Verification that CODEOWNERS files work as expected
+     * Markdown rendering compatibility check (important for our extensive documentation)
+   
+   * Developer Workflow:
+     * CLI tools for repository operations
+       * Cloning repositories
+       * Creating and managing Merge Requests (GitLab's equivalent to PRs)
+       * Batch operations across multiple repositories (equivalent to git-xargs)
+     * Identify and document necessary workflow adjustments
+   
+   * CI/CD Integration:
+     * OIDC configuration for cloud access via F5 and DMZ instance
+     * Pipeline configuration changes from GitHub Actions to GitLab CI
+   
+   * Communication Strategy:
+     * Documentation updates for development teams
+     * Training materials on GitLab-specific features and terminology
+     * Clear guidance for the transition period
+
 ## Tagging
 
 In accordance with the [government funding lapse guidelines](../documentation/gov-funding-lapse/README.md), we'll use the following tags:
@@ -127,6 +167,10 @@ Product Documentation Links:
 * [AWS S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/what-is-s3.html)
 * [AWS S3 Cross-Region Replication](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html)
 * [GitHub Enterprise Backup Utilities](https://github.com/github/backup-utils)
+* [GitLab LDAP Integration](https://docs.gitlab.com/ee/administration/auth/ldap/)
+* [GitLab SAML Configuration](https://docs.gitlab.com/ee/integration/saml.html)
+* [GitLab Import from GitHub](https://docs.gitlab.com/ee/user/project/import/github.html)
+* [GitLab CI/CD Documentation](https://docs.gitlab.com/ee/ci/)
 
 Internal Links:
 * [Government Funding Lapse Plans](../documentation/gov-funding-lapse/README.md)
@@ -137,3 +181,5 @@ Internal Links:
 
 - 1.0.0 -- 2024-06-15
   - initial proposal
+- 1.1.0 -- 2024-06-22
+  - added GitLab contingency planning requirements

From c5163e2dffa3b6b96e0b8c8d480baa6c8c96e7dc Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 5 May 2025 12:02:44 -0400
Subject: [PATCH 2/2] initial work towards guidance docs

---
 aws/guidance/README.md                        |  58 ++
 .../application-architecture-decision-tree.md | 187 +++++
 aws/guidance/application-patterns.md          | 658 ++++++++++++++++++
 aws/guidance/cicd-implementation.md           | 193 +++++
 aws/guidance/govcloud-considerations.md       | 303 ++++++++
 aws/guidance/resource-equivalents.md          | 101 +++
 aws/guidance/services-guide.md                | 426 ++++++++++++
 7 files changed, 1926 insertions(+)
 create mode 100644 aws/guidance/README.md
 create mode 100644 aws/guidance/application-architecture-decision-tree.md
 create mode 100644 aws/guidance/application-patterns.md
 create mode 100644 aws/guidance/cicd-implementation.md
 create mode 100644 aws/guidance/govcloud-considerations.md
 create mode 100644 aws/guidance/resource-equivalents.md
 create mode 100644 aws/guidance/services-guide.md

diff --git a/aws/guidance/README.md b/aws/guidance/README.md
new file mode 100644
index 00000000..f679d45e
--- /dev/null
+++ b/aws/guidance/README.md
@@ -0,0 +1,58 @@
+# AWS Cloud Native Development Guidance
+
+## Overview
+
+This guide provides strategic direction for migrating traditional datacenter applications to cloud-native architectures in AWS and AWS GovCloud environments. It addresses key constraints that all cloud solutions must consider and offers specific recommendations based on application types.
+
+## Primary Constraints
+
+When developing cloud-native applications, all solutions must balance these four critical constraints:
+
+1. **Security** - Ensuring data protection, access controls, encryption, and compliance with regulatory standards.
+2. **Cost Efficiency** - Optimizing resource usage and implementing automated scaling to match demand.
+3. **Scalability** - Building systems that can handle growth without significant re-architecture.
+4. **Stability** - Designing for high availability, fault tolerance, and recoverability.
+
+## Guidance Documents
+
+This collection is organized into the following specialized guides:
+
+- [Application Migration Patterns](./application-patterns.md) - Specific recommendations for migrating common application architectures to AWS
+- [CI/CD Implementation Guide](./cicd-implementation.md) - Best practices for implementing continuous integration and delivery pipelines
+- [Cloud Resource Equivalents](./resource-equivalents.md) - Mapping traditional datacenter resources to their AWS counterparts
+- [AWS Services Guide](./services-guide.md) - When to use specific AWS services for maximum benefit
+- [AWS GovCloud Considerations](./govcloud-considerations.md) - Important differences when implementing in GovCloud environments
+- [Cloud-Native Best Practices](./best-practices.md) - General recommendations for successful cloud implementations
+
+## Getting Started
+
+1. **Assessment**
+   - Inventory applications and requirements
+   - Identify dependencies and integrations
+   - Determine migration priorities
+
+2. **Training**
+   - Complete AWS foundational training
+   - Develop cloud architecture skills
+   - Create centers of excellence
+
+3. **Proof of Concept**
+   - Start with non-critical applications
+   - Validate architectural decisions
+   - Document lessons learned
+
+4. **Migration Planning**
+   - Develop detailed migration strategies
+   - Create rollback plans
+   - Establish success criteria
+
+5. **Continuous Improvement**
+   - Review cloud usage and optimize
+   - Stay current with new services
+   - Refine architecture based on experience
+
+## References
+
+- [AWS Architecture Center](https://aws.amazon.com/architecture/)
+- [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/)
+- [Cloud Adoption Framework](https://aws.amazon.com/professional-services/CAF/)
diff --git a/aws/guidance/application-architecture-decision-tree.md b/aws/guidance/application-architecture-decision-tree.md
new file mode 100644
index 00000000..eeeb842c
--- /dev/null
+++ b/aws/guidance/application-architecture-decision-tree.md
@@ -0,0 +1,187 @@
+# AWS Application Architecture Decision Tree
+
+This guide provides a structured approach to determine the most appropriate AWS architecture for your application based on its characteristics and requirements.
+
+## Introduction
+
+Different applications have different infrastructure needs based on their technical requirements, usage patterns, and organizational constraints. This decision tree will help you identify the best AWS architecture pattern for your specific application.
+
+## How to Use This Guide
+
+1. Start with the core application characteristics section
+2. Answer each question about your application
+3. Follow the path based on your answers
+4. Review the recommended architecture pattern
+5. Refer to the detailed implementation guidance in the [Application Migration Patterns](application-patterns.md) document
+
+## Core Application Characteristics
+
+### 1. Application Type
+
+Start by identifying your application type:
+
+```mermaid
+flowchart TD
+    A[Application Type] --> B{Is it a web application?}
+    B -->|Yes| C{Frontend technology?}
+    B -->|No| D{Is it a batch processing job?}
+    C -->|PHP| E[LAMP Stack - Pattern #1]
+    C -->|JavaScript/Node.js| F[MEAN Stack - Pattern #9]
+    C -->|.NET/Windows| G[Windows/.NET - Pattern #13]
+    C -->|Containerized| H{Stateful?}
+    H -->|Yes| I[Containerized Stateful - Pattern #11]
+    H -->|No| J[Containerized Stateless - Pattern #12]
+    D -->|Yes| K{Memory intensive?}
+    D -->|No| L{Is it a scheduled task/script?}
+    K -->|Yes| M[Memory-Intensive Batch - Pattern #5]
+    K -->|No| N[Containerized Short Processing - Pattern #10]
+    L -->|Yes| O[Scheduled Script Execution - Pattern #2]
+    L -->|No| P{Is it a microservice?}
+    P -->|Yes| Q[Microservice Architecture - Pattern #14]
+    P -->|No| R{Is it a COTS product?}
+    R -->|Yes| S[COTS Product - Pattern #6]
+    R -->|No| T{Does it need GUI access?}
+    T -->|Yes| U[GUI-Based Application - Pattern #19]
+    T -->|No| V{Primary purpose?}
+```
+
+### 2. Data Requirements
+
+Next, evaluate your data requirements:
+
+```mermaid
+flowchart TD
+    A[Data Requirements] --> B{What type of data storage?}
+    B -->|Relational Database| C{Size/Performance needs?}
+    B -->|NoSQL/Document DB| D[Consider DynamoDB or DocumentDB]
+    B -->|File Storage| E{Access pattern?}
+    B -->|Time Series| F[Time Series Pattern - Pattern #15]
+    B -->|Large Shared Data| G[Large Shared Data - Pattern #4]
+    B -->|Media Files| H[Media Repository - Pattern #23]
+    C -->|Standard| I[RDS MySQL/PostgreSQL]
+    C -->|High Performance| J[Aurora]
+    C -->|Enterprise/Legacy| K[RDS SQL Server/Oracle]
+    E -->|Windows SMB| L[FSx for Windows - Pattern #16]
+    E -->|Linux| M[EFS]
+    E -->|High Performance| N[FSx for Lustre - Pattern #18]
+```
+
+### 3. Scalability & Performance
+
+Assess your scalability and performance requirements:
+
+```mermaid
+flowchart TD
+    A[Scalability Requirements] --> B{Anticipated load pattern?}
+    B -->|Variable/Unpredictable| C{Stateless application?}
+    B -->|Stable/Predictable| D[EC2 with ASG]
+    B -->|Infrequent/On-demand| E[Serverless]
+    C -->|Yes| F{Response time critical?}
+    C -->|No| G[ECS/EKS with persistent storage]
+    F -->|Yes| H[EC2 with ASG]
+    F -->|No| I[Fargate or Lambda]
+    E -->|Data processing| J[Lambda - Pattern #2]
+    E -->|API serving| K[API Gateway + Lambda]
+```
+
+### 4. Operational Requirements
+
+Consider your operational needs:
+
+```mermaid
+flowchart TD
+    A[Operational Requirements] --> B{DevOps maturity?}
+    B -->|High| C[Container-based - Pattern #11/#12]
+    B -->|Medium| D[Elastic Beanstalk]
+    B -->|Low| E[Managed Services]
+    A --> F{Deployment frequency?}
+    F -->|Multiple times daily| G[CI/CD Pipeline - Pattern #22]
+    F -->|Weekly/Monthly| H[Blue/Green deployment]
+    F -->|Infrequent| I[Standard deployment]
+    A --> J{Monitoring needs?}
+    J -->|Basic| K[CloudWatch]
+    J -->|Advanced| L[CloudWatch + X-Ray]
+    J -->|Enterprise| M[Managed Prometheus/Grafana]
+```
+
+### 5. Security & Compliance
+
+Evaluate your security and compliance requirements:
+
+```mermaid
+flowchart TD
+    A[Security & Compliance] --> B{Data classification?}
+    B -->|Highly Sensitive| C[GovCloud - Pattern #30]
+    B -->|Sensitive| D[VPC with no public access]
+    B -->|Standard| E[Standard AWS security]
+    A --> F{Compliance regime?}
+    F -->|FedRAMP| G[GovCloud with specific controls]
+    F -->|PCI-DSS| H[Segmented environment with specific controls]
+    F -->|HIPAA| I[Encrypted data + access controls]
+    F -->|Internal| J[Security Working Group - Pattern #27]
+    A --> K{Multi-tenant?}
+    K -->|Yes| L[Multi-tenant architecture - Pattern #8]
+    K -->|No| M[Dedicated resources]
+```
+
+## Decision Matrix
+
+If you're still unsure after following the decision tree, use this matrix to match your application characteristics to the appropriate architecture pattern:
+
+| Characteristic | High Priority Concerns | Recommended Patterns |
+|---------------|------------------------|---------------------|
+| Web Application | Scalability, Cost-efficiency | #1, #9, #12, #21 |
+| Batch Processing | Computing power, Memory | #2, #5, #10 |
+| Data Analysis | Storage, Processing power | #3, #4, #15 |
+| Legacy Application | Compatibility, Minimal changes | #6, #13, #24 |
+| Microservices | Isolation, Independent scaling | #12, #14 |
+| High Security | Compliance, Access control | #7, #27, #30 |
+| Developer Platform | Self-service, Standardization | #31, #33, #34 |
+| Public-facing | Performance, Availability | #21, #23 |
+| Third-party | Licensing, Support | #6, #24, #25 |
+
+## Next Steps
+
+1. Identify your application's pattern from this decision tree
+2. Refer to the detailed guidance for your pattern in the [Application Migration Patterns](application-patterns.md) document
+3. Use the references provided to explore AWS documentation for specific services
+4. Consider a proof of concept to validate the architecture
+5. Engage with cloud architects for design review if needed
+
+## Example Scenarios
+
+### Example 1: Customer-facing E-commerce Website
+- Web application: Yes
+- Frontend: PHP
+- Data: Relational (product catalog) + File storage (product images)
+- Load: Variable with seasonal spikes
+- Security: PCI-DSS compliance for payments
+- **Recommendation**: LAMP Stack (Pattern #1) with CloudFront CDN, with specific security controls for PCI compliance
+
+### Example 2: Nightly Data Processing Job
+- Web application: No
+- Batch processing: Yes
+- Memory intensive: Yes (processes large datasets)
+- Scheduled: Yes (runs each night)
+- **Recommendation**: Memory-Intensive Batch Processing (Pattern #5) using AWS Batch
+
+### Example 3: Internal Admin Dashboard
+- Web application: Yes
+- Frontend: JavaScript (React)
+- Backend: Node.js API
+- Data: MongoDB
+- Access: Internal users only
+- **Recommendation**: MEAN Stack (Pattern #9) deployed in private subnets
+
+### Example 4: Legacy Windows Application
+- Application type: Desktop application
+- Platform: Windows
+- Database: SQL Server
+- User access: Remote workers need access
+- **Recommendation**: GUI-Based Application (Pattern #19) using AppStream 2.0
+
+## Conclusion
+
+This decision tree provides a starting point for determining the most appropriate AWS architecture pattern for your application. Every application has unique requirements, so it's important to evaluate the recommendations in the context of your specific needs and constraints.
+
+For detailed implementation guidance on each pattern, refer to the [Application Migration Patterns](application-patterns.md) document.
diff --git a/aws/guidance/application-patterns.md b/aws/guidance/application-patterns.md
new file mode 100644
index 00000000..7537f629
--- /dev/null
+++ b/aws/guidance/application-patterns.md
@@ -0,0 +1,658 @@
+# Application Migration Patterns
+
+This guide provides specific recommendations for migrating common application architectures to AWS cloud-native implementations.
+
+## Table of Contents
+- [LAMP Stack Applications](#1-lamp-stack-applications)
+- [Scheduled Script Execution](#2-scheduled-script-execution-python-r-sas-bash)
+- [Data Aggregation Services](#3-data-aggregation-services-with-query-frontend)
+- [Applications with Large Shared Data](#4-applications-with-large-shared-data-requirements)
+- [Memory-Intensive Batch Processing](#5-memory-intensive-batch-processing)
+- [Commercial Off-The-Shelf Products](#6-commercial-off-the-shelf-cots-products)
+- [Internal Compliance and ATO Support Services](#7-internal-compliance-and-ato-support-services)
+- [Multi-Tenant Service Platforms](#8-multi-tenant-service-platforms)
+- [MEAN Stack Applications](#9-mean-stack-applications)
+- [Containerized Applications (Short Processing)](#10-containerized-applications-with-short-processing-time)
+- [Containerized Stateful Services](#11-containerized-stateful-services)
+- [Containerized Stateless Services](#12-containerized-stateless-services)
+- [Windows/.NET Applications](#13-windowsnet-applications)
+- [Microservice Architectures](#14-microservice-architectures)
+- [Time Series Data Applications](#15-time-series-data-applications)
+- [Enterprise File Server Dependencies](#16-enterprise-file-server-dependencies)
+- [Cluster-Dependent Applications](#17-cluster-dependent-applications)
+- [Shared Filesystem Applications](#18-shared-filesystem-applications-gfs2-gpfs)
+- [GUI-Based Applications](#19-gui-based-applications)
+- [Load Balancer/F5 Dependencies](#20-load-balancerf5-dependencies)
+- [Public-Facing Applications](#21-public-facing-applications)
+- [Time-Sensitive Release Applications](#22-time-sensitive-release-applications)
+- [Media Repository Applications](#23-media-repository-applications)
+- [Applications with Third-Party Installers](#24-applications-with-third-party-installers)
+- [Applications with Cloud Vendor Offerings](#25-applications-with-cloud-vendor-offerings)
+- [Applications with Vendor-Provided Ansible](#26-applications-with-vendor-provided-ansible-solutions)
+- [Applications with Security Working Group Approvals](#27-applications-with-security-working-group-swg-approvals)
+- [Previously Implemented Applications](#28-previously-implemented-applications-redeployments)
+- [Applications with Open Source Alternatives](#29-applications-with-open-source-alternatives)
+- [Applications with Existing Authority to Operate](#30-applications-with-existing-authority-to-operate-ato)
+- [Low-Cost Research Environment](#31-low-cost-research-environment-for-external-developers)
+- [VDI Access for Remote Workers](#32-vdi-access-for-remote-workers)
+- [Jump Host Infrastructure](#33-jump-host-infrastructure-for-engineering-teams)
+- [Internal Developer Platform](#34-internal-developer-platform-for-high-security-multi-tenant-environment)
+
+## 1. LAMP Stack Applications
+
+**Recommendation:**
+- Host using AWS Elastic Beanstalk with PHP platform
+- Migrate MySQL database to Amazon RDS or Aurora
+- Store static assets in S3 with CloudFront CDN distribution
+- Use Application Load Balancer for request distribution
+
+**Benefits:**
+- Simplified deployment and management
+- Automated scaling, patching, and backups
+- Improved performance through CDN integration
+
+**References:**
+- [AWS PHP on Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_PHP_eb.html)
+- [Amazon Aurora MySQL](https://aws.amazon.com/rds/aurora/mysql-features/)
+
+## 2. Scheduled Script Execution (Python, R, SAS, Bash)
+
+**Recommendation:**
+- Convert to AWS Lambda with EventBridge scheduled triggers
+- Store configuration in Parameter Store or AppConfig
+- Output logs to CloudWatch Logs
+- Store processing results in S3 or appropriate database
+
+**Benefits:**
+- Pay only for execution time
+- No infrastructure management
+- Built-in logging and monitoring
+
+**References:**
+- [EventBridge Scheduled Events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html)
+- [Lambda Python Runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-python.html)
+
+## 3. Data Aggregation Services with Query Frontend
+
+**Recommendation:**
+- Use Lambda or ECS Fargate for aggregation services
+- Store data in DynamoDB, RDS, or Redshift based on patterns
+- Deploy API Gateway for query endpoints
+- Implement frontend hosted on S3/CloudFront
+- Consider OpenSearch for advanced search capabilities
+
+**Benefits:**
+- Separation of concerns for better scalability
+- Optimized storage based on access patterns
+- Cost-effective serverless processing
+
+**References:**
+- [Building Data Lakes on AWS](https://aws.amazon.com/solutions/implementations/data-lake-solution/)
+- [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html)
+
+## 4. Applications with Large Shared Data Requirements
+
+**Recommendation:**
+- Store data in S3 with lifecycle policies
+- Use FSx or EFS for file system requirements
+- Consider S3 File Gateway for hybrid scenarios
+- Implement caching with ElastiCache where appropriate
+
+**Benefits:**
+- Virtually unlimited storage capacity
+- Multiple access patterns supported
+- Cost optimization through tiering
+
+**References:**
+- [S3 Storage Classes](https://aws.amazon.com/s3/storage-classes/)
+- [FSx for Windows File Server](https://aws.amazon.com/fsx/windows/)
+- [AWS Storage Gateway](https://aws.amazon.com/storagegateway/)
+
+## 5. Memory-Intensive Batch Processing
+
+**Recommendation:**
+- Use AWS Batch with high-memory compute environments
+- Consider EMR for big data workloads
+- Store input/output data in S3
+- Implement Step Functions for workflow orchestration
+
+**Benefits:**
+- Access to high-memory computing without capital investment
+- Pay only for resources used during processing
+- Automatic scaling based on job queue
+
+**References:**
+- [AWS Batch User Guide](https://docs.aws.amazon.com/batch/latest/userguide/what-is-batch.html)
+- [Memory-Optimized Instances](https://aws.amazon.com/ec2/instance-types/memory-optimized/)
+
+## 6. Commercial Off-The-Shelf (COTS) Products
+
+**Recommendation:**
+- Deploy on EC2 with appropriate instance types
+- Use Auto Scaling Groups for high availability
+- Implement backup solutions with EBS snapshots
+- Consider containerization if supported by the vendor
+
+**Benefits:**
+- Meeting vendor requirements while leveraging cloud benefits
+- Improved availability and disaster recovery capabilities
+- Simplified licensing through AWS Marketplace when applicable
+
+**References:**
+- [AWS Marketplace](https://aws.amazon.com/marketplace)
+- [EC2 Auto Scaling Guide](https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html)
+
+## 7. Internal Compliance and ATO Support Services
+
+**Recommendation:**
+- Deploy in a dedicated VPC with appropriate security controls
+- Use Control Tower and Service Catalog to ensure compliance
+- Implement AWS Config and Security Hub for monitoring
+- Store sensitive data in RDS with encryption enabled
+- Consider AWS GovCloud for highly regulated workloads
+
+**Benefits:**
+- Simplified compliance demonstration
+- Automated evidence collection for audits
+- Enhanced security for sensitive information
+
+**References:**
+- [AWS Control Tower](https://aws.amazon.com/controltower/)
+- [AWS Security Hub](https://aws.amazon.com/security-hub/)
+- [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html)
+
+## 8. Multi-Tenant Service Platforms
+
+**Recommendation:**
+- Deploy using EKS or ECS
+- Implement API Gateway with custom authorizers
+- Use Service Catalog for consumer self-service
+- Implement tenant isolation across network, compute, and storage
+- Leverage AWS Organizations for administrative separation
+
+**Benefits:**
+- Standardized internal platform offering
+- Delegated administration capabilities
+- Consistent security controls and governance
+
+**References:**
+- [SaaS Tenant Isolation Patterns](https://aws.amazon.com/blogs/apn/saas-tenant-isolation-strategies-multi-tenant-architecture/)
+- [EKS Best Practices](https://aws.github.io/aws-eks-best-practices/)
+
+## 9. MEAN Stack Applications
+
+**Recommendation:**
+- Deploy using Elastic Beanstalk with Node.js platform or containerize with ECS/EKS
+- Store data in MongoDB Atlas (AWS Marketplace) or DocumentDB
+- Host Angular frontend on S3 with CloudFront distribution
+- Implement CI/CD with AWS CodePipeline
+
+**Benefits:**
+- Full-stack JavaScript development in cloud-native environment
+- Simplified deployment and scaling
+- High performance through CDN and managed database services
+
+**References:**
+- [AWS Elastic Beanstalk Node.js Platform](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_nodejs.html)
+- [Amazon DocumentDB](https://aws.amazon.com/documentdb/)
+- [Hosting Single Page Applications on S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html)
+
+## 10. Containerized Applications with Short Processing Time
+
+**Recommendation:**
+- Deploy using AWS Fargate for serverless container execution
+- Set up Amazon ECR for container registry
+- Configure EventBridge for scheduled executions
+- Store results in S3 or appropriate database service
+
+**Benefits:**
+- No cluster management overhead
+- Pay only for actual execution time
+- Scalable to thousands of concurrent executions
+
+**References:**
+- [AWS Fargate User Guide](https://docs.aws.amazon.com/AmazonECS/latest/userguide/fargate-capacity-providers.html)
+- [Amazon ECR User Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html)
+- [EventBridge Scheduled Rules](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html)
+
+## 11. Containerized Stateful Services
+
+**Recommendation:**
+- Deploy using Amazon EKS with managed node groups
+- Use EBS or EFS volumes for persistent storage
+- Implement StatefulSets with proper lifecycle hooks
+- Configure automated backups using AWS Backup
+- Consider Amazon RDS or other managed services for database needs
+
+**Benefits:**
+- Kubernetes-native deployment for complex containerized applications
+- Reliable persistence with cloud-native storage solutions
+- Simplified cluster management with managed EKS
+
+**References:**
+- [EKS Storage Classes](https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html)
+- [Kubernetes StatefulSets](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/)
+- [AWS Backup for EKS](https://docs.aws.amazon.com/eks/latest/userguide/backup-restore.html)
+
+## 12. Containerized Stateless Services
+
+**Recommendation:**
+- Deploy using Amazon ECS with Fargate launch type
+- Implement Application Load Balancer for request distribution
+- Configure Auto Scaling based on CPU/memory metrics
+- Use Service Discovery for inter-service communication
+
+**Benefits:**
+- Simplified operational model with serverless containers
+- Cost optimization through precise resource allocation
+- High availability and automatic scaling
+
+**References:**
+- [ECS Service Auto Scaling](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-auto-scaling.html)
+- [ECS Service Discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html)
+- [Fargate Launch Type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html)
+
+## 13. Windows/.NET Applications
+
+**Recommendation:**
+- Deploy using Elastic Beanstalk with .NET platform or EC2 with Windows Server
+- Use RDS for SQL Server for database requirements
+- Implement FSx for Windows File Server for shared storage
+- Configure AWS Systems Manager for management and patching
+
+**Benefits:**
+- Native Windows environment with cloud scalability
+- Simplified licensing through included Windows licenses
+- Integrated management and monitoring
+
+**References:**
+- [.NET on AWS](https://aws.amazon.com/developer/language/net/)
+- [RDS for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html)
+- [FSx for Windows File Server](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html)
+
+## 14. Microservice Architectures
+
+**Recommendation:**
+- Use container orchestration with ECS or EKS
+- Implement API Gateway for frontend API management
+- Set up App Mesh for service mesh capabilities
+- Deploy X-Ray for distributed tracing
+- Consider Step Functions for complex workflows
+
+**Benefits:**
+- Standardized service deployment and discovery
+- Enhanced observability across services
+- Independent scaling of components
+
+**References:**
+- [AWS App Mesh](https://docs.aws.amazon.com/app-mesh/latest/userguide/what-is-app-mesh.html)
+- [AWS X-Ray](https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html)
+- [Microservices on AWS](https://docs.aws.amazon.com/whitepapers/latest/microservices-on-aws/microservices-on-aws.html)
+
+## 15. Time Series Data Applications
+
+**Recommendation:**
+- Use Amazon Timestream for time-series database needs
+- Implement Amazon Kinesis for real-time data ingestion
+- Set up Amazon QuickSight for visualization
+- Consider Amazon Managed Service for Prometheus and Grafana for monitoring
+
+**Benefits:**
+- Purpose-built services for time-series workloads
+- Automatic scaling to handle high-volume data ingestion
+- Cost-effective long-term storage with fast query performance
+
+**References:**
+- [Amazon Timestream](https://docs.aws.amazon.com/timestream/latest/developerguide/what-is-timestream.html)
+- [Amazon Managed Service for Prometheus](https://docs.aws.amazon.com/prometheus/latest/userguide/what-is-Amazon-Managed-Service-Prometheus.html)
+- [Amazon Managed Grafana](https://docs.aws.amazon.com/grafana/latest/userguide/what-is-Amazon-Managed-Service-Grafana.html)
+
+## 16. Enterprise File Server Dependencies
+
+**Recommendation:**
+- Migrate to FSx for Windows File Server or Amazon EFS
+- Implement AWS DataSync for initial and ongoing migration
+- Set up AWS Backup for automated backups
+- Use AWS Directory Service for identity management
+
+**Benefits:**
+- Fully managed file services with enterprise features
+- Integration with existing identity providers
+- Automated backup and disaster recovery capabilities
+
+**References:**
+- [AWS FSx for Windows File Server](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html)
+- [Amazon EFS](https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html)
+- [AWS DataSync](https://docs.aws.amazon.com/datasync/latest/userguide/what-is-datasync.html)
+
+## 17. Cluster-Dependent Applications
+
+**Recommendation:**
+- Deploy on Amazon EC2 with appropriate instance types in cluster placement groups
+- Implement Auto Scaling Groups for availability and recovery
+- Use Elastic Fabric Adapter for high-performance computing needs
+- Consider AWS ParallelCluster for HPC workloads
+
+**Benefits:**
+- High performance networking between cluster nodes
+- Simplified cluster management and scaling
+- Access to specialized instance types for computing-intensive workloads
+
+**References:**
+- [EC2 Cluster Placement Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html)
+- [Elastic Fabric Adapter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html)
+- [AWS ParallelCluster](https://docs.aws.amazon.com/parallelcluster/latest/ug/what-is-aws-parallelcluster.html)
+
+## 18. Shared Filesystem Applications (GFS2, GPFS)
+
+**Recommendation:**
+- Migrate to Amazon FSx for Lustre for high-performance needs
+- Use EFS with Max I/O performance mode for Linux applications
+- Consider FSx for NetApp ONTAP for advanced features
+- Implement Direct Connect for hybrid scenarios
+
+**Benefits:**
+- High throughput, shared file systems
+- Integration with S3 for tiering and data management
+- Simplified management with fully managed services
+
+**References:**
+- [FSx for Lustre](https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html)
+- [FSx for NetApp ONTAP](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/what-is-fsx-ontap.html)
+- [EFS Performance Modes](https://docs.aws.amazon.com/efs/latest/ug/performance.html)
+
+## 19. GUI-Based Applications
+
+**Recommendation:**
+- Deploy using Amazon AppStream 2.0 for streaming applications
+- Implement Amazon WorkSpaces for full virtual desktop needs
+- Use Systems Manager for application management
+- Consider Amazon DCV for specialized visualization requirements
+
+**Benefits:**
+- Access from any device with a web browser
+- Centralized application management and updates
+- Secure access without local data storage
+
+**References:**
+- [Amazon AppStream 2.0](https://docs.aws.amazon.com/appstream2/latest/developerguide/what-is-appstream.html)
+- [Amazon WorkSpaces](https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces.html)
+- [Amazon DCV](https://docs.aws.amazon.com/dcv/latest/adminguide/what-is-dcv.html)
+
+## 20. Load Balancer/F5 Dependencies
+
+**Recommendation:**
+- Replace with Application Load Balancer (ALB) for HTTP/HTTPS traffic
+- Use Network Load Balancer (NLB) for TCP/UDP or extreme performance
+- Implement AWS Global Accelerator for multi-region architecture
+- Consider AWS WAF integration for security
+
+**Benefits:**
+- Simplified management with fully managed services
+- Automatic scaling to handle traffic spikes
+- Advanced routing capabilities and health checks
+
+**References:**
+- [Elastic Load Balancing](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/what-is-load-balancing.html)
+- [Migrating from F5 to AWS](https://aws.amazon.com/blogs/networking-and-content-delivery/migrate-from-f5-big-ip-to-application-load-balancer/)
+- [AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html)
+
+## 21. Public-Facing Applications
+
+**Recommendation:**
+- Deploy in multiple availability zones behind ALB
+- Implement CloudFront CDN for static content delivery
+- Use Route 53 for DNS management and failover
+- Configure Shield and WAF for security
+- Consider AWS Certificate Manager for TLS certificate management
+
+**Benefits:**
+- Global reach with low latency
+- Protection against DDoS attacks
+- High availability across multiple availability zones
+
+**References:**
+- [AWS CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html)
+- [AWS Shield](https://docs.aws.amazon.com/waf/latest/developerguide/shield-chapter.html)
+- [AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html)
+
+## 22. Time-Sensitive Release Applications
+
+**Recommendation:**
+- Implement Blue/Green deployments with AWS CodeDeploy
+- Set up CodePipeline for CI/CD automation
+- Use CloudWatch Alarms for deployment health monitoring
+- Configure Systems Manager for automated rollbacks
+
+**Benefits:**
+- Controlled release process with minimal downtime
+- Automated validation and rollback capabilities
+- Predictable release schedules through automation
+
+**References:**
+- [AWS CodeDeploy](https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html)
+- [Blue/Green Deployments](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-blue-green.html)
+- [AWS CodePipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html)
+
+## 23. Media Repository Applications
+
+**Recommendation:**
+- Store media assets in S3 with appropriate storage classes
+- Implement CloudFront for global content delivery
+- Use MediaConvert for transcoding needs
+- Consider MediaStore for low-latency video workflows
+
+**Benefits:**
+- Scalable storage for any media library size
+- Optimized delivery and streaming capabilities
+- Cost optimization through appropriate storage tiering
+
+**References:**
+- [AWS Media Services](https://aws.amazon.com/media-services/)
+- [S3 Storage Classes](https://aws.amazon.com/s3/storage-classes/)
+- [MediaConvert](https://docs.aws.amazon.com/mediaconvert/latest/ug/what-is.html)
+
+## 24. Applications with Third-Party Installers
+
+**Recommendation:**
+- Create custom AMIs with pre-installed applications
+- Use Systems Manager for automated installation and configuration
+- Implement Launch Templates with user data scripts
+- Consider containerization where possible
+
+**Benefits:**
+- Standardized deployment across environments
+- Reduced installation time for complex applications
+- Improved consistency and reliability
+
+**References:**
+- [Creating Custom AMIs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html)
+- [Systems Manager Automation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html)
+- [EC2 Launch Templates](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html)
+
+## 25. Applications with Cloud Vendor Offerings
+
+**Recommendation:**
+- Evaluate AWS Marketplace solutions for pre-built options
+- Consider AWS Partner Network for implementation assistance
+- Use AWS Service Catalog for internal distribution
+- Implement AWS License Manager for license tracking
+
+**Benefits:**
+- Accelerated implementation timelines
+- Validated architectures from trusted vendors
+- Simplified procurement and licensing
+
+**References:**
+- [AWS Marketplace](https://aws.amazon.com/marketplace/)
+- [AWS Partner Solutions](https://aws.amazon.com/partners/find/)
+- [AWS Service Catalog](https://docs.aws.amazon.com/servicecatalog/latest/dg/what-is-service-catalog.html)
+
+## 26. Applications with Vendor-Provided Ansible Solutions
+
+**Recommendation:**
+- Deploy using AWS CloudFormation with Ansible integration
+- Use Systems Manager for Ansible playbook execution
+- Store Ansible content in CodeCommit repositories
+- Implement AWS OpsWorks as an alternative
+
+**Benefits:**
+- Leverage existing Ansible investments
+- Combine infrastructure-as-code with configuration management
+- Maintain compliance through consistent automation
+
+**References:**
+- [Ansible with AWS CloudFormation](https://docs.ansible.com/ansible/latest/collections/amazon/aws/cloudformation_module.html)
+- [Systems Manager Automation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html)
+- [AWS OpsWorks](https://docs.aws.amazon.com/opsworks/latest/userguide/welcome.html)
+
+## 27. Applications with Security Working Group (SWG) Approvals
+
+**Recommendation:**
+- Deploy in isolated VPC with appropriate security groups
+- Implement AWS Config for continuous compliance monitoring
+- Use AWS Audit Manager for evidence collection
+- Set up Security Hub for security findings aggregation
+- Consider AWS GovCloud for highly regulated workloads
+
+**Benefits:**
+- Simplified security compliance documentation
+- Continuous monitoring for security posture
+- Automated evidence collection for audits
+
+**References:**
+- [AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html)
+- [AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html)
+- [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)
+
+## 28. Previously Implemented Applications (Redeployments)
+
+**Recommendation:**
+- Use CloudFormation or Terraform for infrastructure as code templates
+- Implement AWS Service Catalog for standard deployment patterns
+- Configure version control for all infrastructure definitions
+- Deploy CI/CD pipelines for automated testing and deployment
+
+**Benefits:**
+- Repeatable, version-controlled deployments
+- Reduced implementation time through automation
+- Consistent environments across deployments
+
+**References:**
+- [AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html)
+- [AWS Service Catalog](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/introduction.html)
+- [Infrastructure as Code](https://docs.aws.amazon.com/whitepapers/latest/introduction-devops-aws/infrastructure-as-code.html)
+
+## 29. Applications with Open Source Alternatives
+
+**Recommendation:**
+- Evaluate AWS-managed open source offerings (OpenSearch, DocumentDB, etc.)
+- Use container services (ECS/EKS) for flexible deployment
+- Implement AWS CDK for infrastructure as code with familiar languages
+- Consider AWS-specific optimizations where appropriate
+
+**Benefits:**
+- Reduced management overhead compared to self-hosted open source
+- Familiar tools and technologies with cloud-native advantages
+- Simplified migration path from existing solutions
+
+**References:**
+- [Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/what-is.html)
+- [Amazon DocumentDB](https://docs.aws.amazon.com/documentdb/latest/developerguide/what-is.html)
+- [AWS CDK](https://docs.aws.amazon.com/cdk/latest/guide/home.html)
+
+## 30. Applications with Existing Authority to Operate (ATO)
+
+**Recommendation:**
+- Deploy in AWS GovCloud for highly regulated workloads
+- Use Control Tower for multi-account governance
+- Implement AWS Artifact for compliance documentation
+- Set up AWS Organizations with Service Control Policies
+- Consider AWS Landing Zone for enterprise-scale deployment
+
+**Benefits:**
+- Maintaining compliance across cloud environment
+- Simplified documentation for ATO renewal
+- Standardized security controls
+
+**References:**
+- [AWS GovCloud](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html)
+- [AWS Control Tower](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html)
+- [AWS Artifact](https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html)
+
+## 31. Low-Cost Research Environment for External Developers
+
+**Recommendation:**
+- Deploy using AWS Organizations with budget constraints
+- Implement AWS Cloud9 for web-based development
+- Use CodeCatalyst for collaborative development
+- Configure automatic instance hibernation for cost savings
+- Consider Spot Instances for non-production workloads
+
+**Benefits:**
+- Controlled costs through budget enforcement
+- Simplified onboarding for external developers
+- No software installations required for development
+
+**References:**
+- [AWS Cloud9](https://docs.aws.amazon.com/cloud9/latest/user-guide/welcome.html)
+- [AWS Budgets](https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html)
+- [AWS CodeCatalyst](https://docs.aws.amazon.com/codecatalyst/latest/userguide/welcome.html)
+
+## 32. VDI Access for Remote Workers
+
+**Recommendation:**
+- Deploy Amazon WorkSpaces for persistent desktop experiences
+- Use AppStream 2.0 for application streaming
+- Implement WorkSpaces Web for browser-based access
+- Configure Directory Service for identity management
+- Consider Amazon WorkSpaces Secure Browser for isolated web access
+
+**Benefits:**
+- Secure access to corporate resources
+- Centralized management and patching
+- Flexible access from any device
+
+**References:**
+- [Amazon WorkSpaces](https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces.html)
+- [Amazon AppStream 2.0](https://docs.aws.amazon.com/appstream2/latest/developerguide/what-is-appstream.html)
+- [AWS Directory Service](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html)
+
+## 33. Jump Host Infrastructure for Engineering Teams
+
+**Recommendation:**
+- Deploy EC2 instances with Systems Manager Session Manager
+- Implement IAM for fine-grained access control
+- Use CloudTrail for comprehensive activity logging
+- Configure VPC endpoints for secure access
+- Consider AWS Systems Manager Fleet Manager for remote management
+
+**Benefits:**
+- No need for direct SSH/RDP exposure
+- Comprehensive audit logs of all access
+- Simplified access management through IAM
+
+**References:**
+- [Systems Manager Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html)
+- [AWS CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)
+- [VPC Endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html)
+
+## 34. Internal Developer Platform for High-Security Multi-Tenant Environment
+
+**Recommendation:**
+- Deploy using Control Tower with multi-account strategy
+- Implement Service Catalog for self-service provisioning
+- Use CodePipeline with approval gates for deployment
+- Configure AWS Proton for standardized infrastructure templates
+- Consider AWS Amplify for frontend development acceleration
+
+**Benefits:**
+- Standardized development environments
+- Self-service capabilities with governance guardrails
+- Accelerated development through pre-approved patterns
+
+**References:**
+- [AWS Control Tower](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html)
+- [AWS Proton](https://docs.aws.amazon.com/proton/latest/adminguide/ag-what-is-proton.html)
+- [AWS Service Catalog](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/introduction.html)
+- [AWS Amplify](https://docs.aws.amazon.com/amplify/latest/userguide/welcome.html)
diff --git a/aws/guidance/cicd-implementation.md b/aws/guidance/cicd-implementation.md
new file mode 100644
index 00000000..9b8da30d
--- /dev/null
+++ b/aws/guidance/cicd-implementation.md
@@ -0,0 +1,193 @@
+# Continuous Integration and Continuous Delivery/Deployment (CI/CD)
+
+This guide provides details on implementing effective CI/CD pipelines in AWS environments.
+
+## What is CI/CD?
+
+**CI/CD** is a software development approach that automates the process of integrating code changes, testing those changes, and deploying them to production environments. This approach consists of two main components:
+
+**Continuous Integration (CI):**
+- Automatically build and test code changes when developers commit to a repository
+- Identify and fix integration issues early in the development process
+- Ensure code quality through automated testing
+- Create deployable artifacts that can be promoted to different environments
+
+**Continuous Delivery/Deployment (CD):**
+- Automate the release process to test environments and staging
+- Ensure consistent deployment across environments
+- Enable rapid, reliable updates to production systems
+- Support rollback capabilities if issues are detected
+
+## Core AWS CI/CD Services
+
+### AWS CodeCommit
+   - Git-based version control service
+   - Secure, scalable source code management
+   - Integrates with IAM for access control
+   - When to use: For teams that need a managed Git repository with tight AWS integration
+   - [Documentation](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html)
+
+### AWS CodeBuild
+   - Fully managed build service
+   - Compiles source code, runs tests, and produces deployable artifacts
+   - Pay only for the build time you consume
+   - When to use: For building and testing code without managing build servers
+   - [Documentation](https://docs.aws.amazon.com/codebuild/latest/userguide/welcome.html)
+
+### AWS CodeDeploy
+   - Automates application deployments to EC2, Lambda, ECS, or on-premises servers
+   - Supports blue/green deployments and canary releases
+   - Handles the complexity of updating applications
+   - When to use: For automating deployment processes with minimal downtime
+   - [Documentation](https://docs.aws.amazon.com/codedeploy/latest/userguide/welcome.html)
+
+### AWS CodePipeline
+   - Continuous delivery service that automates release pipelines
+   - Orchestrates the build, test, and deployment phases
+   - Integrates with AWS services and third-party tools
+   - When to use: For creating end-to-end delivery workflows
+   - [Documentation](https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome.html)
+
+### AWS CodeStar
+   - Unified interface for managing software development activities
+   - Provides templates for various project types
+   - Integrates issue tracking and team collaboration
+   - When to use: For teams new to AWS CI/CD wanting a simplified experience
+   - [Documentation](https://docs.aws.amazon.com/codestar/latest/userguide/welcome.html)
+
+### AWS Developer Tools Comparison
+
+| Service | Key Feature | Best For |
+|---------|-------------|----------|
+| CodeCommit | Private Git repositories | Teams that need AWS-integrated source control |
+| CodeBuild | Managed build environments | Removing build server management |
+| CodeDeploy | Deployment automation | Complex deployment patterns |
+| CodePipeline | Workflow orchestration | Full CI/CD process automation |
+| CodeStar | Project templates | Quick project setup |
+
+## CI/CD Architecture Patterns
+
+### 1. Basic Pipeline Architecture
+   - Source (CodeCommit/GitHub) → Build (CodeBuild) → Deploy (CodeDeploy)
+   - Best for: Simple applications with straightforward deployment requirements
+   - [Reference Architecture](https://aws.amazon.com/getting-started/hands-on/set-up-ci-cd-pipeline/)
+
+### 2. Multi-Environment Pipeline
+   - Source → Build → Dev Deploy → Test → Staging → Production
+   - Best for: Applications requiring validation across multiple environments
+   - Includes manual approval gates between environments
+   - [Implementation Example](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-multi-deploy.html)
+
+### 3. Microservices CI/CD
+   - Multiple parallel pipelines for different services
+   - Shared libraries and common build processes
+   - Service-specific deployment configurations
+   - Best for: Complex applications composed of independent services
+   - [Microservices on AWS](https://docs.aws.amazon.com/whitepapers/latest/microservices-on-aws/cicd-using-microservices.html)
+
+### 4. Infrastructure as Code Pipeline
+   - Separate pipelines for infrastructure and application code
+   - CloudFormation/Terraform validation stages
+   - Infrastructure testing before deployment
+   - Best for: Applications with dynamic infrastructure requirements
+   - [CloudFormation CI/CD](https://aws.amazon.com/blogs/devops/aws-infrastructure-ci-cd-using-aws-codepipeline/)
+
+### 5. Containerized Application Pipeline
+   - Source → Build & Containerize → Push to ECR → Deploy to ECS/EKS
+   - Best for: Container-based applications with orchestration needs
+   - [ECS Deployment Pipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-ecs-ecr-codedeploy.html)
+
+## CI/CD Best Practices
+
+### Automated Testing
+   - Implement unit, integration, and end-to-end tests
+   - Include security scanning in pipeline
+   - Test infrastructure changes before deployment
+   - Maintain high test coverage for critical components
+   - [Testing Best Practices](https://aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline/)
+
+### Deployment Strategies
+   - Implement blue/green deployments for zero-downtime updates
+   - Use canary releases for gradual rollout
+   - Implement feature flags for controlled feature releases
+   - Create automated rollback procedures
+   - [Deployment Patterns](https://docs.aws.amazon.com/whitepapers/latest/blue-green-deployments/introduction.html)
+
+### Security Integration
+   - Integrate security scanning tools in the build phase
+   - Implement infrastructure security validation
+   - Scan container images for vulnerabilities
+   - Audit pipeline permissions regularly
+   - [DevSecOps on AWS](https://aws.amazon.com/blogs/security/devsecops-on-aws-how-corsearch-automates-security/)
+
+### Monitoring and Feedback
+   - Implement post-deployment testing
+   - Monitor application health after deployment
+   - Create deployment metrics dashboard
+   - Establish automated rollback triggers
+   - [Monitoring Deployments](https://aws.amazon.com/builders-library/automating-safe-hands-off-deployments/)
+
+### Pipeline Management
+   - Version control pipeline definitions
+   - Implement approval gates for production deployments
+   - Create self-service deployment capabilities
+   - Document pipeline architecture and processes
+   - [Pipeline as Code](https://aws.amazon.com/blogs/devops/aws-codepipeline-now-supports-aws-cloudformation-stacksets/)
+
+## Getting Started with AWS CI/CD
+
+### Initial Setup
+   - Create IAM roles and permissions for CI/CD services
+   - Set up source code repository in CodeCommit or connect GitHub
+   - Define build specifications in buildspec.yml
+   - Create deployment configurations in appspec.yml
+   - [Setup Tutorial](https://docs.aws.amazon.com/codepipeline/latest/userguide/getting-started-codepipeline.html)
+
+### First Pipeline
+   - Start with a simple single-environment pipeline
+   - Implement basic automated tests
+   - Configure notifications for pipeline events
+   - Document the pipeline structure and process
+   - [Sample Pipeline Template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-codepipeline.html)
+
+### Expansion
+   - Add additional environments (dev, test, staging, prod)
+   - Implement more sophisticated testing strategies
+   - Integrate security scanning tools
+   - Create deployment approval processes
+   - [Advanced Pipelines](https://aws.amazon.com/blogs/devops/implementing-gitflow-using-aws-codepipeline-aws-codecommit-aws-codebuild-and-aws-codedeploy/)
+
+### Optimization
+   - Analyze pipeline performance and bottlenecks
+   - Implement caching strategies to speed up builds
+   - Create reusable pipeline components
+   - Establish metrics for deployment frequency and quality
+   - [Performance Optimization](https://docs.aws.amazon.com/codebuild/latest/userguide/build-caching.html)
+
+## Third-Party Integrations
+
+AWS CI/CD services can be integrated with popular third-party tools:
+
+| Category | Tools |
+|----------|-------|
+| Source Control | GitHub, GitLab, Bitbucket |
+| Build Tools | Jenkins, CircleCI, Travis CI |
+| Testing | Selenium, JUnit, PyTest, Jest |
+| Security | SonarQube, Checkmarx, Aqua Security |
+| Notifications | Slack, Microsoft Teams, Email |
+| Monitoring | Datadog, New Relic, Splunk |
+
+[Learn more about integrations](https://aws.amazon.com/devops/partner-solutions/)
+
+## Related Resources
+
+- [AWS Cloud Development Kit (CDK)](https://aws.amazon.com/cdk/) - Define cloud infrastructure using familiar programming languages
+- [AWS Amplify](https://aws.amazon.com/amplify/) - Simplified CI/CD for web and mobile applications
+- [AWS Proton](https://aws.amazon.com/proton/) - Automated infrastructure provisioning for container and serverless applications
+- [AWS AppConfig](https://aws.amazon.com/systems-manager/features/appconfig/) - Feature flagging and configuration management
+
+## Additional Reading
+
+- [Practicing Continuous Integration and Continuous Delivery on AWS](https://docs.aws.amazon.com/whitepapers/latest/practicing-continuous-integration-continuous-delivery/welcome.html)
+- [DevOps at Amazon](https://aws.amazon.com/builders-library/going-faster-with-continuous-delivery/)
+- [The Amazon Builders' Library](https://aws.amazon.com/builders-library/)
diff --git a/aws/guidance/govcloud-considerations.md b/aws/guidance/govcloud-considerations.md
new file mode 100644
index 00000000..0e684491
--- /dev/null
+++ b/aws/guidance/govcloud-considerations.md
@@ -0,0 +1,303 @@
+# AWS GovCloud Considerations
+
+This document outlines important differences and considerations when implementing cloud-native solutions in AWS GovCloud environments compared to standard AWS regions.
+
+## What is AWS GovCloud?
+
+AWS GovCloud (US) Regions are isolated AWS regions designed to host sensitive data and regulated workloads in the cloud, helping customers support their US government compliance requirements.
+
+Key characteristics:
+- Operated by US citizens on US soil
+- Accessible only to US entities and root account holders who pass a screening process
+- Supports FedRAMP High and DoD CC SRG IL5 workloads
+- Designed to address specific regulatory and compliance requirements
+
+## Service Availability Differences
+
+### Limited or Unavailable in GovCloud
+
+The following services have limited functionality or are unavailable in AWS GovCloud regions:
+
+| Service | Status in GovCloud | Alternative Options |
+|---------|-------------------|---------------------|
+| Amazon QuickSight | Not available | - Tableau Server on EC2<br>- PowerBI Report Server on EC2 |
+| Amazon CodeGuru | Not available | - SonarQube on EC2<br>- Manual code reviews |
+| AWS App2Container | Limited support | - Manual containerization<br>- Professional services assistance |
+| Amazon Braket | Not available | - Custom HPC deployments on EC2 |
+| Amazon Chime | Not available | - Third-party meeting solutions<br>- Zoom/Teams on private infrastructure |
+| Amazon Honeycode | Not available | - Custom web applications<br>- SharePoint lists |
+| Amazon Kendra | Not available | - Amazon OpenSearch Service<br>- Custom search implementations |
+| Amazon Mechanical Turk | Not available | - Custom workflow solutions<br>- Specialized third-party services |
+| Amazon Personalize | Not available | - Custom ML models on SageMaker |
+| AWS Global Accelerator | Limited functionality | - CloudFront distributions<br>- Regional load balancers |
+
+**Recommendation:** Always verify the current service availability in GovCloud before finalizing architecture designs. Service availability can change as AWS continues to expand GovCloud capabilities.
+
+### Modified Services
+
+Some services that are available in GovCloud may have modified feature sets:
+
+| Service | Modifications in GovCloud |
+|---------|---------------------------|
+| Amazon EventBridge | - Fewer third-party integrations<br>- More limited partner event sources |
+| AWS Marketplace | - Smaller selection of products<br>- Additional vetting for solutions<br>- Different pricing and terms in some cases |
+| Amazon SageMaker | - Some advanced AI features limited<br>- Fewer pre-built algorithms<br>- More restricted model sharing |
+| Amazon Connect | - Limited integration options<br>- Additional compliance validations |
+| AWS Control Tower | - Modified governance capabilities<br>- Different account factory configurations |
+| Amazon Cognito | - Different federation options<br>- Enhanced security configurations |
+
+## Account Structure and Identity Management
+
+### Key Differences
+
+AWS GovCloud uses a unique account and identity structure compared to standard AWS:
+
+1. **Partitioned Identity Infrastructure**
+   - GovCloud uses a separate IAM partition (`aws-us-gov`)
+   - IAM users/roles in commercial AWS cannot directly access GovCloud resources
+   - Cross-partition authentication requires special configurations
+
+2. **Account Creation and Management**
+   - GovCloud accounts must be linked to a standard AWS account
+   - Account creation requires additional verification steps
+   - Root account access works differently (accessed through commercial account)
+
+3. **Federation Considerations**
+   - Identity provider configurations must be duplicated for GovCloud
+   - SAML assertions need to target the GovCloud partition
+   - Different endpoint URLs for federation services
+
+4. **Organizations and Account Management**
+   - AWS Organizations works differently between commercial and GovCloud
+   - Service control policies may need adjustment for GovCloud-specific services
+   - Consolidated billing relationships work differently
+
+### Best Practices for GovCloud Identity
+
+1. **Create dedicated GovCloud IAM configurations**
+   - Don't try to share or reuse commercial AWS IAM policies directly
+   - Account for service differences in permissions
+   - Use infrastructure as code to maintain parallel configurations
+
+2. **Document cross-account access patterns**
+   - Clearly specify which accounts and roles have access to GovCloud resources
+   - Implement stricter controls for cross-partition access
+   - Regularly audit cross-account permissions
+
+3. **Implement separate CI/CD pipelines**
+   - Create GovCloud-specific deployment pipelines
+   - Don't assume tools configured for commercial AWS will work identically
+   - Test IAM permissions thoroughly in the pipeline
+
+4. **Create GovCloud-specific IAM policies**
+   - Account for service availability differences
+   - Include GovCloud-specific service endpoints
+   - Test policy effectiveness in GovCloud environment
+
+## Networking Considerations
+
+### Cross-Region and Cross-Partition Connectivity
+
+1. **Direct Connect Pathways**
+   - Direct Connect into GovCloud requires specific configuration
+   - May require separate physical connections or different endpoints
+   - Usually involves higher connectivity costs
+   - Requires different authentication credentials
+
+2. **VPC Peering Limitations**
+   - VPC peering between GovCloud and commercial AWS isn't supported
+   - Cross-partition networking requires alternative approaches
+   - Transit Gateway configurations require careful planning
+   - Consider data sovereignty requirements in network design
+
+3. **Data Transfer Considerations**
+   - Data transfer between GovCloud and commercial regions should be minimized
+   - Higher costs for cross-region data transfer
+   - Regulatory considerations for data movement
+   - Consider data residency requirements in all network planning
+
+### GovCloud Networking Recommendations
+
+1. **Use AWS PrivateLink for secure service access**
+   - Create VPC endpoints for AWS services
+   - Minimize traffic over public Internet
+   - Implement least-privilege access to endpoints
+   - Consider endpoint policies to restrict access
+
+2. **Implement separate networking architecture**
+   - Don't try to extend commercial VPCs directly to GovCloud
+   - Create independent network architecture in GovCloud
+   - Document network boundaries and security controls
+   - Use Transit Gateway for complex topologies within GovCloud
+
+3. **Document cross-boundary data flows**
+   - Maintain diagrams and documentation for compliance purposes
+   - Clearly define which data can cross boundaries
+   - Implement monitoring for cross-boundary traffic
+   - Set up alerts for unexpected traffic patterns
+
+## Compliance Advantages
+
+GovCloud provides enhanced compliance capabilities compared to standard AWS regions:
+
+| Compliance Framework | GovCloud Advantage |
+|---------------------|-------------------|
+| FedRAMP | - FedRAMP High baseline authorization<br>- P-ATO inheritance for customer systems<br>- Specific security controls mapping |
+| ITAR | - Infrastructure supports ITAR compliance<br>- US persons-only operation<br>- Physical and logical controls |
+| DoD CC SRG | - IL5 authorization<br>- Support for controlled unclassified information<br>- DoD-specific security controls |
+| CJIS | - Criminal Justice Information Services compliance<br>- Enhanced personnel screening<br>- Security policy alignment |
+| IRS 1075 | - Support for FTI (Federal Tax Information)<br>- Compliant infrastructure controls<br>- Special data handling procedures |
+| FIPS 140-2 | - Validated cryptographic modules<br>- End-to-end encryption capabilities<br>- Key management in HSMs |
+
+### Documentation and Evidence Collection
+
+When operating in GovCloud, take advantage of these compliance capabilities by:
+
+1. **Leveraging AWS Artifact**
+   - Download GovCloud-specific compliance reports
+   - Use AWS documentation for inheritance considerations
+   - Map inherited controls to system security plans
+
+2. **Implementing AWS Config and Security Hub**
+   - Deploy governance-focused configuration rules
+   - Implement continuous compliance monitoring
+   - Generate evidence for audits automatically
+
+3. **Creating compliance boundary diagrams**
+   - Document clear boundaries of responsibility
+   - Specify which controls are inherited vs. customer-implemented
+   - Update documentation regularly with service changes
+
+## Cost Management
+
+### GovCloud-Specific Cost Considerations
+
+1. **Pricing Structure Differences**
+   - Generally higher baseline pricing than commercial regions
+   - Different reserved instance and savings plans options
+   - More restrictive free tier offerings
+   - Different service bundling options
+
+2. **Additional Costs**
+   - Higher data transfer costs between regions
+   - Additional security service costs
+   - Potentially higher storage costs
+   - Premium support differences
+
+### GovCloud Cost Optimization Strategies
+
+1. **Develop GovCloud-specific cost models**
+   - Don't assume commercial AWS pricing
+   - Budget for GovCloud premium
+   - Consider total cost including compliance benefits
+   - Factor in reduced documentation burden
+
+2. **Implement strict tagging for cost allocation**
+   - Tag all resources with project, compliance, and owner information
+   - Use AWS Organizations for account-based cost tracking
+   - Set up separate billing alerts for GovCloud resources
+   - Create GovCloud-specific budget thresholds
+
+3. **Consider data storage and transfer patterns**
+   - Minimize cross-region data movement
+   - Use appropriate storage classes for compliance data
+   - Implement lifecycle policies for cost management
+   - Consider region-specific backup strategies
+
+4. **Evaluate "GovCloud-only" services**
+   - Some services may be more cost-effective in GovCloud
+   - Consider compliance requirements in service selection
+   - Factor in inherit control benefits to TCO calculations
+   - Evaluate managed services vs. self-managed solutions
+
+## Deployment and Operations
+
+### CI/CD for GovCloud
+
+1. **Separate Deployment Pipelines**
+   - Create GovCloud-specific deployment pipelines
+   - Account for service availability differences
+   - Test thoroughly in GovCloud environment 
+   - Implement GovCloud-focused security checks
+
+2. **Infrastructure as Code Considerations**
+   - Create GovCloud-specific templates
+   - Account for service differences in CloudFormation/Terraform
+   - Use condition flags for region-specific resources
+   - Test IaC templates in GovCloud before deployment
+
+3. **Artifact Management**
+   - Maintain separate artifact repositories for GovCloud
+   - Implement appropriate controls for artifact promotion
+   - Consider air-gapped deployment scenarios
+   - Validate artifact integrity between environments
+
+### Operations and Monitoring
+
+1. **GovCloud-specific Dashboards**
+   - Create separate monitoring dashboards for GovCloud
+   - Account for service-specific metrics
+   - Set appropriate thresholds for alerts
+   - Consider compliance monitoring requirements
+
+2. **Disaster Recovery Planning**
+   - Develop GovCloud-specific DR plans
+   - Consider cross-region recovery limitations
+   - Test recovery procedures in GovCloud
+   - Document recovery time objectives and capabilities
+
+3. **Incident Response**
+   - Create GovCloud-specific incident response procedures
+   - Account for different support channels
+   - Consider compliance reporting requirements
+   - Document escalation paths specific to GovCloud
+
+## Getting Started with GovCloud
+
+### Initial Access and Setup
+
+1. **Request GovCloud Access**
+   - Submit request through AWS account team
+   - Complete verification process
+   - Link to standard AWS account
+   - Set up initial IAM users and roles
+
+2. **Baseline Environment Configuration**
+   - Deploy landing zone architecture
+   - Establish account structure and organization
+   - Configure compliance monitoring
+   - Set up baseline security controls
+
+3. **Service Validation**
+   - Test required services for availability and functionality
+   - Validate service limits and quotas
+   - Document any feature differences
+   - Create GovCloud service map
+
+### Migration Planning
+
+1. **Assess Application Compatibility**
+   - Review application dependencies
+   - Check for services not available in GovCloud
+   - Identify alternative implementation patterns
+   - Develop migration strategy for each application
+
+2. **Create Migration Runbooks**
+   - Document step-by-step migration procedures
+   - Include rollback plans
+   - Add validation checkpoints
+   - Create communication templates
+
+3. **Phased Implementation**
+   - Start with non-critical workloads
+   - Build team expertise with GovCloud
+   - Document lessons learned
+   - Gradually migrate more sensitive workloads
+
+## Additional Resources
+
+- [AWS GovCloud (US) Documentation](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html)
+- [GovCloud Service Availability List](https://aws.amazon.com/govcloud-us/features/#Services_Available_in_AWS_GovCloud_.28US.29)
+- [AWS Compliance Programs](https://aws.amazon.com/compliance/programs/)
+- [FedRAMP Compliance on AWS](https://aws.amazon.com/compliance/fedramp/)
+- [DoD Cloud Computing Security Requirements Guide](https://aws.amazon.com/compliance/dod-srg/)
diff --git a/aws/guidance/resource-equivalents.md b/aws/guidance/resource-equivalents.md
new file mode 100644
index 00000000..287b208c
--- /dev/null
+++ b/aws/guidance/resource-equivalents.md
@@ -0,0 +1,101 @@
+# Cloud Resource Equivalents
+
+This guide maps traditional datacenter resources to their AWS cloud equivalents, providing key considerations for each migration.
+
+## Storage Resources
+
+| Datacenter Resource | AWS Cloud Equivalent | Key Considerations |
+|---------------------|----------------------|-------------------|
+| Block storage | Amazon EBS | - Optimized for EC2 instances<br>- Various performance tiers (gp3, io2, st1)<br>- Size limits per volume (64 TiB)<br>- Snapshots stored in S3 |
+| | Amazon S3 | - Object storage, not block storage<br>- Nearly unlimited capacity<br>- Not directly attachable to instances<br>- Multiple storage tiers available |
+| File storage | Amazon EFS | - NFS-compatible file system<br>- Shared access across instances<br>- Automatic scaling<br>- Multiple performance modes |
+| | Amazon FSx for Windows | - SMB-compatible file server<br>- Active Directory integration<br>- Multi-AZ options<br>- High performance options |
+| | Amazon FSx for Lustre | - High-performance computing<br>- Direct S3 integration<br>- Massive throughput capabilities |
+| | Amazon FSx for NetApp ONTAP | - NetApp features in AWS<br>- Multi-protocol support (NFS, SMB)<br>- SnapMirror integration |
+| | Amazon FSx for OpenZFS | - ZFS features<br>- Low-latency performance<br>- Snapshots and cloning |
+| SAN | AWS Storage Gateway | - iSCSI endpoints for hybrid access<br>- Cache frequently accessed data<br>- On-premises to cloud bridge |
+| Tape backup | AWS Storage Gateway VTL | - Virtual tape library<br>- Compatible with existing backup software<br>- Automatic migration to Glacier |
+| Archival storage | Amazon S3 Glacier | - Long-term retention<br>- Retrieval options (minutes to hours)<br>- Extremely low cost |
+| | Amazon S3 Glacier Deep Archive | - Coldest storage<br>- Lowest cost<br>- Retrieval within 12 hours |
+
+## Compute Resources
+
+| Datacenter Resource | AWS Cloud Equivalent | Key Considerations |
+|---------------------|----------------------|-------------------|
+| Physical server | Amazon EC2 | - Multiple instance families<br>- Spot, On-demand, and Reserved options<br>- Auto Scaling capabilities<br>- Wide OS support |
+| Virtual machine | Amazon EC2 | - Similar to physical but easier to scale<br>- Flexible instance types<br>- Pay only for what you use |
+| Bare metal | EC2 Bare Metal Instances | - Direct hardware access<br>- No virtualization layer<br>- Specialized workloads (licensing, performance) |
+| High Performance Computing | EC2 HPC Instances | - High-frequency processors<br>- Enhanced networking<br>- Cluster placement groups<br>- NUMA capabilities |
+| GPU servers | EC2 GPU Instances | - Various NVIDIA options<br>- ML/AI training and inference<br>- Visualization workloads |
+| TPU/FPGA | EC2 FPGA Instances | - Hardware acceleration<br>- Custom logic development<br>- High performance for specific algorithms |
+| Serverless | AWS Lambda | - No server management<br>- Pay per millisecond of execution<br>- Multiple language runtimes<br>- Event-driven execution |
+| Containers | Amazon ECS | - Docker container management<br>- Deep AWS integration<br>- Simpler than Kubernetes<br>- Fargate option (serverless) |
+| | Amazon EKS | - Managed Kubernetes<br>- CNCF-conformant<br>- Hybrid capabilities<br>- Automated updates |
+
+## Database Resources
+
+| Datacenter Resource | AWS Cloud Equivalent | Key Considerations |
+|---------------------|----------------------|-------------------|
+| Oracle DB | Amazon RDS for Oracle | - Oracle licensing options<br>- Managed administration<br>- Automated backups and patching<br>- Multi-AZ options |
+| | Amazon Aurora PostgreSQL | - Oracle-compatible features<br>- Lower cost alternative<br>- Migration tools available<br>- Better cloud-native performance |
+| Microsoft SQL Server | Amazon RDS for SQL Server | - Multiple SQL Server editions<br>- Windows authentication<br>- Native backup/restore<br>- Performance Insights |
+| MySQL/MariaDB | Amazon RDS for MySQL | - Managed MySQL instances<br>- Multi-AZ deployment<br>- Read replicas for scaling<br>- Direct migration path |
+| | Amazon Aurora MySQL | - MySQL-compatible<br>- Higher performance<br>- Distributed storage<br>- Auto-scaling capabilities |
+| PostgreSQL | Amazon RDS for PostgreSQL | - Native PostgreSQL experience<br>- Extensions support<br>- Version upgrades<br>- Performance Insights |
+| | Amazon Aurora PostgreSQL | - PostgreSQL-compatible<br>- Higher performance<br>- Distributed design<br>- Global database option |
+| MongoDB | Amazon DocumentDB | - MongoDB-compatible<br>- Document database<br>- Managed service<br>- T-shirt sizing |
+| Cassandra | Amazon Keyspaces | - Cassandra-compatible<br>- Serverless operation<br>- Pay-per-request option<br>- Automatic scaling |
+| Redis | Amazon ElastiCache for Redis | - Redis-compatible<br>- In-memory performance<br>- Clustering support<br>- Replication options |
+| Memcached | Amazon ElastiCache for Memcached | - Memcached-compatible<br>- Simple caching<br>- Multi-threaded<br>- Auto-discovery |
+| Data warehouse | Amazon Redshift | - Columnar storage<br>- MPP architecture<br>- SQL interface<br>- Petabyte scale |
+| Time series database | Amazon Timestream | - Purpose-built for time series<br>- Automatic scaling<br>- SQL interface<br>- Built-in analytics |
+| Graph database | Amazon Neptune | - Property graph and RDF<br>- SPARQL and Gremlin<br>- High availability<br>- Millisecond latency |
+
+## Networking Resources
+
+| Datacenter Resource | AWS Cloud Equivalent | Key Considerations |
+|---------------------|----------------------|-------------------|
+| Network (VLAN) | Amazon VPC | - Isolated network environment<br>- Private and public subnets<br>- Custom CIDR ranges<br>- Multiple connectivity options |
+| Firewall | Security Groups | - Instance-level security<br>- Stateful inspection<br>- Allow rules only<br>- Reference other security groups |
+| | Network ACLs | - Subnet-level security<br>- Stateless filtering<br>- Allow and deny rules<br>- Rule number priority |
+| | AWS Network Firewall | - VPC-level firewall<br>- Deep packet inspection<br>- Intrusion detection<br>- Centralized management |
+| | AWS WAF | - Web application firewall<br>- Layer 7 protection<br>- Bot control<br>- Custom rule sets |
+| Load balancer | AWS Application Load Balancer | - HTTP/HTTPS traffic<br>- Path-based routing<br>- Container integration<br>- WebSockets support |
+| | AWS Network Load Balancer | - TCP/UDP traffic<br>- Ultra-low latency<br>- Static IP addresses<br>- Millions of requests per second |
+| | AWS Gateway Load Balancer | - Appliance deployment<br>- Transparent inspection<br>- Scale third-party security tools |
+| | AWS Classic Load Balancer | - Basic load balancing<br>- Older generation<br>- EC2-Classic support |
+| VPN | AWS Site-to-Site VPN | - IPSec VPN tunnels<br>- Static or dynamic routing<br>- Redundant connections<br>- Customer gateway devices |
+| | AWS Client VPN | - OpenVPN-based<br>- Client software<br>- AD integration<br>- Split tunnel support |
+| Direct connection | AWS Direct Connect | - Dedicated physical connection<br>- 1Gbps to 100Gbps<br>- Consistent performance<br>- Private connectivity |
+| DNS | Amazon Route 53 | - Global DNS service<br>- Health checking<br>- Traffic policies<br>- Domain registration |
+| CDN | Amazon CloudFront | - Global edge network<br>- Content delivery<br>- Lambda@Edge<br>- Shield integration |
+| Interconnect | AWS Transit Gateway | - Network transit hub<br>- VPC peering at scale<br>- Centralized routing<br>- Multicast support |
+| | AWS PrivateLink | - Private connectivity to services<br>- No internet exposure<br>- Cross-account access<br>- Interface endpoints |
+
+## Identity and Access Management
+
+| Datacenter Resource | AWS Cloud Equivalent | Key Considerations |
+|---------------------|----------------------|-------------------|
+| Active Directory | AWS Directory Service for Microsoft AD | - Actual Microsoft AD<br>- Managed service<br>- Multi-AZ deployment<br>- Trust relationships |
+| | AWS Managed Microsoft AD | - Scalable AD<br>- AWS application integration<br>- Schema extensions<br>- Group Policy support |
+| | AD Connector | - Directory proxy<br>- No data replication<br>- Existing AD leveraging<br>- MFA support |
+| | Simple AD | - Lightweight directory<br>- Samba 4 compatibility<br>- Lower cost option<br>- Basic AD functionality |
+| LDAP | Amazon Cloud Directory | - Hierarchical data<br>- Multiple hierarchies<br>- Fully managed<br>- Highly available |
+| SSO | AWS IAM Identity Center | - Centralized access<br>- Application integration<br>- SAML 2.0 support<br>- Multi-account management |
+| RADIUS | AWS Client VPN with RADIUS | - Authentication integration<br>- User-based access control<br>- Accounting support<br>- Challenge/response |
+
+## Additional Resources
+
+- [AWS Architecture Center](https://aws.amazon.com/architecture/)
+- [AWS to Azure Services Comparison](https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services)
+- [Google Cloud to AWS Services Comparison](https://cloud.google.com/free/docs/aws-azure-gcp-service-comparison)
+- [AWS Cloud Adoption Framework](https://aws.amazon.com/professional-services/CAF/)
+- [AWS Migration Hub](https://aws.amazon.com/migration-hub/)
+
+## Migration Tools
+
+- [AWS Application Discovery Service](https://aws.amazon.com/application-discovery/)
+- [AWS Database Migration Service](https://aws.amazon.com/dms/)
+- [AWS Server Migration Service](https://aws.amazon.com/server-migration-service/)
+- [AWS Application Migration Service](https://aws.amazon.com/application-migration-service/)
+- [AWS Migration Evaluator](https://aws.amazon.com/migration-evaluator/)
diff --git a/aws/guidance/services-guide.md b/aws/guidance/services-guide.md
new file mode 100644
index 00000000..f0ee8618
--- /dev/null
+++ b/aws/guidance/services-guide.md
@@ -0,0 +1,426 @@
+# AWS Services Guide
+
+This document provides guidance on when to use specific AWS services for maximum benefit, including selection criteria and common use cases.
+
+## Compute Services
+
+### Amazon EC2 (Elastic Compute Cloud)
+**When to use:**
+- Need complete control over the computing environment
+- Running legacy applications with specific OS requirements
+- Workloads with specialized hardware or licensing needs
+- Applications requiring persistent instance identity
+- Custom software stacks that aren't easily containerized
+
+**Key features:**
+- Wide range of instance types optimized for different workloads
+- Multiple purchasing options (On-Demand, Reserved, Spot, Dedicated)
+- Auto Scaling capabilities
+- Integration with other AWS services
+- Support for Windows, Linux, and custom AMIs
+
+**References:**
+- [EC2 Instance Types](https://aws.amazon.com/ec2/instance-types/)
+- [EC2 Pricing Options](https://aws.amazon.com/ec2/pricing/)
+
+### AWS Lambda
+**When to use:**
+- Event-driven, short-running functions (≤15 minutes)
+- Variable workloads with unpredictable traffic patterns
+- Simple, stateless microservices
+- Real-time file processing or stream processing
+- Backend operations for web, mobile, IoT, or APIs
+- Minimizing operational overhead
+
+**Key features:**
+- No server management required
+- Automatic scaling based on demand
+- Pay-per-use model based on execution time
+- Multiple language runtimes supported
+- Integration with AWS event sources
+- Up to 10GB memory allocation per function
+
+**References:**
+- [Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)
+- [Lambda Best Practices](https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html)
+
+### Amazon ECS (Elastic Container Service)
+**When to use:**
+- Containerized applications without Kubernetes complexity
+- Microservices architecture with Docker containers
+- Batch processing workloads
+- Applications requiring tight AWS service integration
+- When simplicity is preferred over advanced orchestration features
+
+**Key features:**
+- AWS-native container orchestration
+- Integration with AWS IAM, CloudWatch, and VPC
+- Task definitions for container groups
+- Service Auto Scaling
+- Fargate option for serverless container execution
+- Support for both Linux and Windows containers
+
+**References:**
+- [ECS Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html)
+- [ECS vs. EKS Comparison](https://aws.amazon.com/blogs/containers/amazon-ecs-vs-amazon-eks-making-sense-of-aws-container-services/)
+
+### Amazon EKS (Elastic Kubernetes Service)
+**When to use:**
+- Need for Kubernetes features and ecosystem
+- Portable workloads that might run across cloud providers
+- Complex container orchestration requirements
+- When your team already has Kubernetes expertise
+- Need for advanced scheduling, networking, and security features
+
+**Key features:**
+- Managed Kubernetes control plane
+- CNCF-conformant Kubernetes
+- Integration with AWS services through controllers
+- Support for both EC2 and Fargate compute
+- Multi-AZ high availability
+- Automated version updates
+
+**References:**
+- [EKS User Guide](https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html)
+- [EKS Best Practices](https://aws.github.io/aws-eks-best-practices/)
+
+### AWS Fargate
+**When to use:**
+- Containerized applications without server management
+- Predictable workloads that benefit from per-task pricing
+- Non-specialized computing needs
+- Requirements for rapid scaling or descaling
+- Need to avoid cluster capacity planning
+- Cost optimization for containers with variable load
+
+**Key features:**
+- Serverless compute engine for containers
+- Works with both ECS and EKS
+- Pay-per-task pricing model
+- No EC2 instances to manage or scale
+- Isolated execution environment for each task
+- Integration with VPC networking and IAM roles
+
+**References:**
+- [Fargate User Guide](https://docs.aws.amazon.com/AmazonECS/latest/userguide/fargate.html)
+- [Fargate Pricing](https://aws.amazon.com/fargate/pricing/)
+
+## Storage Services
+
+### Amazon S3 (Simple Storage Service)
+**When to use:**
+- Object storage needs for files, images, videos, backups
+- Static website hosting
+- Data lakes and big data analytics
+- Content distribution origin
+- Long-term archival storage
+- Serverless application storage
+
+**Key features:**
+- Virtually unlimited scalability
+- 99.999999999% (11 nines) durability
+- Multiple storage classes for cost optimization
+- Versioning and lifecycle management
+- Encryption and access control
+- Event notifications
+
+**References:**
+- [S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html)
+- [S3 Storage Classes](https://aws.amazon.com/s3/storage-classes/)
+
+### Amazon EBS (Elastic Block Store)
+**When to use:**
+- EC2 boot volumes
+- Database storage requiring consistent I/O performance
+- Applications that need block-level storage
+- When data persistence beyond instance lifecycle is required
+- Applications requiring snapshots for backup/recovery
+
+**Key features:**
+- Different volume types for various performance needs
+- Independent lifecycle from EC2 instances
+- Point-in-time snapshots
+- Encryption support
+- Multi-attach capability for some volume types
+- Size up to 64 TiB per volume
+
+**References:**
+- [EBS User Guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html)
+- [EBS Volume Types](https://aws.amazon.com/ebs/volume-types/)
+
+### Amazon EFS (Elastic File System)
+**When to use:**
+- Shared file storage across multiple EC2 instances
+- Linux-based applications requiring file system interface
+- Content management systems
+- Web serving and content serving
+- Development environments
+- Container storage volumes
+
+**Key features:**
+- Fully managed NFS file system
+- Dynamic scaling of storage capacity
+- Multi-AZ redundancy
+- Performance modes for different workloads
+- Lifecycle management
+- Encryption at rest and in transit
+
+**References:**
+- [EFS User Guide](https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html)
+- [EFS Performance](https://docs.aws.amazon.com/efs/latest/ug/performance.html)
+
+## Database Services
+
+### Amazon RDS (Relational Database Service)
+**When to use:**
+- Traditional relational database workloads
+- Applications requiring MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, or Amazon Aurora
+- When database administration overhead should be minimized
+- Multi-AZ requirements for high availability
+- Need for automated backups and point-in-time recovery
+
+**Key features:**
+- Automated patching and backups
+- Multi-AZ deployments for high availability
+- Read replicas for read scaling
+- Performance Insights for monitoring
+- Storage auto-scaling
+- Database encryption
+
+**References:**
+- [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html)
+- [RDS Database Engines](https://aws.amazon.com/rds/features/#Database_Engines)
+
+### Amazon DynamoDB
+**When to use:**
+- Applications needing consistent single-digit millisecond response times
+- Serverless applications with variable throughput needs
+- Key-value and document data models
+- High-traffic web applications
+- Mobile backends
+- Gaming applications
+
+**Key features:**
+- Fully managed NoSQL database
+- Automatic scaling of throughput capacity
+- On-demand capacity option
+- Global tables for multi-region deployment
+- Point-in-time recovery
+- Time-to-live (TTL) for automatic expiration
+
+**References:**
+- [DynamoDB Developer Guide](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html)
+- [DynamoDB Best Practices](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/best-practices.html)
+
+### Amazon Aurora
+**When to use:**
+- High-performance MySQL/PostgreSQL workloads
+- Applications requiring enterprise-grade availability
+- Need for read scaling with replicas
+- Database workloads with variable load
+- Applications requiring seamless failover
+
+**Key features:**
+- Up to 5x throughput of MySQL, 3x of PostgreSQL
+- Distributed, fault-tolerant storage system
+- Six copies of data across three Availability Zones
+- Up to 15 read replicas with minimal lag
+- Continuous backup to S3
+- Serverless option for variable workloads
+
+**References:**
+- [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html)
+- [Aurora Serverless](https://aws.amazon.com/rds/aurora/serverless/)
+
+<!-- Additional sections continue for other service categories -->
+
+## Analytics Services
+
+### Amazon EMR (Elastic MapReduce)
+**When to use:**
+- Big data processing with Apache Hadoop, Spark, Hive, or Presto
+- Machine learning on large datasets
+- Data transformation (ETL)
+- Log analysis
+- Scientific simulation and analysis
+
+**Key features:**
+- Managed Hadoop framework
+- Support for various big data tools
+- Automatic scaling options
+- Spot Instance support for cost optimization
+- Integration with S3 and other AWS services
+- Support for notebooks (EMR Notebooks)
+
+**References:**
+- [EMR Management Guide](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-what-is-emr.html)
+- [EMR Release Guide](https://docs.aws.amazon.com/emr/latest/ReleaseGuide/)
+
+### Amazon Athena
+**When to use:**
+- Interactive queries on S3 data
+- Ad-hoc analysis without infrastructure setup
+- Log analysis
+- Business intelligence workloads
+- Data exploration
+
+**Key features:**
+- Serverless interactive query service
+- Standard SQL queries against S3 data
+- Pay only for queries you run
+- No ETL required
+- Integration with AWS Glue Data Catalog
+- Support for complex data formats (JSON, Parquet, ORC)
+
+**References:**
+- [Athena User Guide](https://docs.aws.amazon.com/athena/latest/ug/what-is.html)
+- [Athena SQL Reference](https://docs.aws.amazon.com/athena/latest/ug/ddl-sql-reference.html)
+
+## Security & Identity Services
+
+### AWS IAM (Identity and Access Management)
+**When to use:**
+- Managing access to AWS services and resources
+- Implementing least privilege permissions
+- Creating roles for applications on AWS
+- Federating existing identity systems with AWS
+- Enabling temporary security credentials
+
+**Key features:**
+- Centralized control of AWS account
+- Granular permissions
+- Multi-factor authentication
+- Identity federation
+- Shared access to AWS accounts
+- Free service with no additional charge
+
+**References:**
+- [IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html)
+- [IAM Best Practices](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
+
+### AWS KMS (Key Management Service)
+**When to use:**
+- Centralized key management
+- Encryption of data in AWS services
+- Customer-managed encryption keys
+- Compliance requirements for key management
+- Cryptographic operations in applications
+
+**Key features:**
+- FIPS 140-2 validated hardware security modules
+- Centralized key management
+- Integration with CloudTrail for key usage auditing
+- Automatic key rotation
+- Import your own key material
+- Fine-grained access control
+
+**References:**
+- [KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html)
+- [KMS Cryptographic Details](https://docs.aws.amazon.com/kms/latest/cryptographic-details/intro.html)
+
+## Networking & Content Delivery
+
+### Amazon CloudFront
+**When to use:**
+- Global content delivery
+- Static and dynamic content acceleration
+- Video streaming
+- Security at the edge with AWS WAF integration
+- API acceleration
+- Software distribution
+
+**Key features:**
+- Global network of edge locations
+- DDoS protection when used with AWS Shield
+- Integration with AWS Certificate Manager for SSL/TLS
+- Field-level encryption support
+- Origin failover capabilities
+- Real-time metrics and logging
+
+**References:**
+- [CloudFront Developer Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html)
+- [CloudFront Security](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/security.html)
+
+## App Integration Services
+
+### Amazon SQS (Simple Queue Service)
+**When to use:**
+- Decoupling system components
+- Handling message traffic between distributed components
+- Processing work asynchronously
+- Building serverless applications
+- Ensuring reliable message delivery
+
+**Key features:**
+- Fully managed message queuing service
+- Standard and FIFO queues
+- Server-side encryption
+- Dead-letter queues for handling failed messages
+- Visibility timeout for message processing
+- Long polling for efficient message retrieval
+
+**References:**
+- [SQS Developer Guide](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/welcome.html)
+- [SQS Best Practices](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-best-practices.html)
+
+### Amazon SNS (Simple Notification Service)
+**When to use:**
+- Pub/sub messaging patterns
+- Fanout messaging to multiple subscribers
+- Sending SMS, email, or mobile push notifications
+- Triggering Lambda functions from notifications
+- System alerts and monitoring notifications
+
+**Key features:**
+- Topics for message filtering
+- Multiple subscription types
+- Message filtering with subscription filter policies
+- Message attributes
+- Message archiving
+- Cross-account access
+
+**References:**
+- [SNS Developer Guide](https://docs.aws.amazon.com/sns/latest/dg/welcome.html)
+- [SNS Message Filtering](https://docs.aws.amazon.com/sns/latest/dg/sns-message-filtering.html)
+
+## Service Comparison and Selection
+
+When selecting between similar services, consider these factors:
+
+1. **Operational Model**
+   - Managed service vs. self-managed
+   - Serverless vs. server-based
+
+2. **Scaling Requirements**
+   - Automatic vs. manual scaling
+   - Vertical vs. horizontal scaling capability
+
+3. **Integration Needs**
+   - Native AWS service integration
+   - Existing application compatibility
+
+4. **Cost Structure**
+   - Pay-per-use vs. provisioned capacity
+   - Storage vs. compute vs. request pricing
+
+5. **Performance Requirements**
+   - Latency sensitivity
+   - Throughput needs
+   - Regional vs. global distribution
+
+6. **Security & Compliance**
+   - Encryption capabilities
+   - Compliance certifications
+   - Identity management integration
+
+7. **Operational Complexity**
+   - Team expertise
+   - Monitoring and observability
+   - Maintenance requirements
+
+## Additional Resources
+
+- [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/)
+- [AWS Architecture Center](https://aws.amazon.com/architecture/)
+- [AWS Solutions Library](https://aws.amazon.com/solutions/)
+- [AWS Documentation](https://docs.aws.amazon.com/)