RDS Proxy is a managed AWS service that is designed to improve performance of distributed serverless applications talking to RDS databases. It performs connection pooling and managed authentication that Lambda can use, thus preventing a lambda scale-up event from overwhelming the database.
Amazon WorkSpaces is a Desktop as a Service (DaaS) offering that provides a Windows or Linux workstation hosted and managed by AWS in the customer’s VPC. It leverages PCoIP technology (rather than Remote Desktop Protocol) for better screen refresh.
Amazon Honeycode is a spreadsheet like app building tool. It actually lives outside the AWS account, but can be linked to your AWS account for some AWS API actions.
AWS Client VPN is a OpenVPN service from AWS. It allows anyone with the correct permissions the ability to create a network path into your VPC. While this is typically a good thing, Client VPN can also act as an end-run around the corporate VPN if your VPCs leverage DirectConnect or Site-to-Site VPN. Because it can leverage AWS Active Directory, it can be configured independent of your corporate identity system and provide back doors for third parties and departed employees.
Central governance and management across AWS accounts. AWS Organizations provides central billing. It provides several key governance and security controls and should be leveraged by any company with more than one AWS account.
AWS Lambda is a function-as-a-service. A Lambda function is a small bit of code, invoked asynchronously or via an API Gateway. Lambda functions require no operating systems or container infrastructure and live for no more than 15 minutes. They are a core component of the concept of “Serverless”.
VPCs are a fundamental building block in AWS. VPCs allow you to specify your own IP range. Many AWS Resources must be deployed into a VPC, and VPCs control the network security for those resources. VPCs can be connected to your corporate networks via the use of Direct Connect or VPN, and thus can be a back door path into your enterprise.
Amazon Macie is machine learning service from AWS that attempts to identify sensitive data in S3 buckets.
GuardDuty is a security service that looks at your VPC FlowLogs, CloudTrail Events, and VPC DNS Resolver to identify threats in your AWS Account.