diff --git a/README.md b/README.md
index fc76702..b05184e 100644
--- a/README.md
+++ b/README.md
@@ -37,6 +37,16 @@
   - VPC & Subnets Primer, Internet Gateway & NAT Gateways, Network ACL & Security Groups, VPC Flow Logs, VPC Peering, VPC Endpoints, Site to Site VPN & Direct Connect, Transit Gateway
 - [Security & Compliance](sections/security_compliance.md)
   - AWS Shared Responsibility Model, DDOS Protection on AWS, AWS Shield, AWS WAF - Web Application Firewall, AWS KMS (Key Management Service), CloudHSM, AWS Certificate Manager (ACM), AWS Secrets Manager, AWS Artifact (not really a service), Amazon GuardDuty, Amazon Inspector, AWS Config, Amazon Macie, AWS Security Hub, Amazon Detective, AWS Abuse, Root user privileges, IAM Access Analyzer
+- [Machine Learning](sections/machine_learning.md)
+  - Amazon Rekognition, Amazon Transcribe, Amazon Polly, Amazon Translate, Amazon Lex & Connect, Amazon Comprehend, Amazon SageMaker, Amazon Forecast, Amazon Kendra, Amazon Personalize, Amazon Textract
+- [Account Management, Billing & Support](sections/account_management_billing_support.md)
+  - AWS Organizations, Multi Account Strategies, Service Control Policies (SCP), AWS Organization - Consolidated Billing, AWS Control Tower, AWS Resource Access Manager (AWS RAM), AWS Service Catalog, Pricing Models in AWS, Compute Pricing, Storage Pricing, Database Pricing - RDS, Content Delivery - CloudFront, Networking Costs in AWS per GB - Simplified
+- [Advanced Identity](sections/advanced_identity.md)
+  - AWS STS (SecurityToken Service), Amazon Cognito (simplified), What is Microsoft Active Directory (AD)?, AWS IAM Identity Center
+- [Other AWS Services](sections/other_aws_services.md)
+  - Amazon WorkSpaces, Amazon AppStream 2.0, Amazon Sumerian, AWS IoT Core, Amazon Elastic Transcoder, AWS AppSync, AWS Amplify, AWS Device Farm, AWS Backup, AWS Elastic Disaster Recovery (DRS), AWS DataSync, AWS Application Discovery Service, AWS Application Migration Service (MGN), AWS Migration Evaluator, AWS Migration Hub, AWS Fault Injection Simulator (FIS), AWS Step Functions, AWS Ground Station, AWS Pinpoint
+- [AWS Architecting & Ecosystem](sections/architecting_and_ecosystem.md)
+  - Well Architected Framework General Guiding Principles, AWS Cloud Best Practices - Design Principles, Well Architected Framework 6 Pillars, AWS Well-Architected Tool, AWS Right Sizing, AWS Ecosystem - Free resources, AWS Marketplace
 
 ## Practice Exams ( dumps )
 
diff --git a/practice-exam/practice-exam-12.md b/practice-exam/practice-exam-12.md
index e6e29df..f5fd53e 100644
--- a/practice-exam/practice-exam-12.md
+++ b/practice-exam/practice-exam-12.md
@@ -191,7 +191,7 @@ If this practice exam has been helpful to you please share it with others and re
       Correct answer: B, D
     </details>
 
-19. A Cloud Practitioner must determine if any security groups in an AW account have been provisioned to allow unrestricted access for specific ports What is the SIMPLEST way to do this?
+19. A Cloud Practitioner must determine if any security groups in an AWS account have been provisioned to allow unrestricted access for specific ports. What is the SIMPLEST way to do this?
     - A. Review the inbound rules for each security group in the Amazon EC2 management console to check for port 0.0.0.0/0.
     - B. Run AWS Trusted Advisor and review the findings.
     - C. Open the AWS IAM console and check the inbound rule filters for open access.
diff --git a/practice-exam/practice-exam-13.md b/practice-exam/practice-exam-13.md
index 18603d2..2bfa2ee 100644
--- a/practice-exam/practice-exam-13.md
+++ b/practice-exam/practice-exam-13.md
@@ -48,7 +48,7 @@ If this practice exam has been helpful to you please share it with others and re
 
     </details>
 
-1. A customer would like to design and build a new workload on AWS Cloud but does not have the AWS- related software technical expertise in-hous. <br/>Which of the following AWS programs can a customer take advantage of to achieve that outcome?
+1. A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house. <br/>Which of the following AWS programs can a customer take advantage of to achieve that outcome?
     - A. AWS Partner Network Technology Partners
     - B. AWS Marketplace
     - C. AWS Partner Network Consulting Partners
diff --git a/sections/account_management_billing_support.md b/sections/account_management_billing_support.md
new file mode 100644
index 0000000..1b88655
--- /dev/null
+++ b/sections/account_management_billing_support.md
@@ -0,0 +1,438 @@
+# Account Management, Billing & Support
+
+- [Account Management, Billing \& Support](#account-management-billing--support)
+  - [AWS Organizations](#aws-organizations)
+  - [Multi Account Strategies](#multi-account-strategies)
+  - [Service Control Policies (SCP)](#service-control-policies-scp)
+  - [AWS Organization - Consolidated Billing](#aws-organization---consolidated-billing)
+  - [AWS Control Tower](#aws-control-tower)
+  - [AWS Resource Access Manager (AWS RAM)](#aws-resource-access-manager-aws-ram)
+  - [AWS Service Catalog](#aws-service-catalog)
+  - [Pricing Models in AWS](#pricing-models-in-aws)
+  - [Compute Pricing](#compute-pricing)
+    - [EC2](#ec2)
+    - [Lambda \& ECS](#lambda--ecs)
+  - [Storage Pricing](#storage-pricing)
+    - [S3](#s3)
+    - [EBS](#ebs)
+  - [Database Pricing - RDS](#database-pricing---rds)
+  - [Content Delivery - CloudFront](#content-delivery---cloudfront)
+  - [Networking Costs in AWS per GB - Simplified](#networking-costs-in-aws-per-gb---simplified)
+  - [Savings Plan](#savings-plan)
+  - [AWS Compute Optimizer](#aws-compute-optimizer)
+  - [Billing and Costing Tools](#billing-and-costing-tools)
+  - [AWS Pricing Calculator](#aws-pricing-calculator)
+  - [Cost Allocation Tags](#cost-allocation-tags)
+  - [Tagging and Resource Groups](#tagging-and-resource-groups)
+  - [Cost and Usage Reports](#cost-and-usage-reports)
+  - [Cost Explorer](#cost-explorer)
+  - [Billing Alarms in CloudWatch](#billing-alarms-in-cloudwatch)
+  - [AWS Budgets](#aws-budgets)
+  - [AWS Cost Anomaly Detection](#aws-cost-anomaly-detection)
+  - [AWS Service Quotas](#aws-service-quotas)
+  - [Trusted Advisor](#trusted-advisor)
+  - [Trusted Advisor - Support Plans](#trusted-advisor---support-plans)
+  - [AWS Basic Support Plan](#aws-basic-support-plan)
+  - [AWS Developer Support Plan](#aws-developer-support-plan)
+  - [AWS Business Support Plan (24/7)](#aws-business-support-plan-247)
+  - [AWS Enterprise On-Ramp Support Plan (24/7)](#aws-enterprise-on-ramp-support-plan-247)
+  - [AWS Enterprise Support Plan (24/7)](#aws-enterprise-support-plan-247)
+  - [Account Best Practices - Summary](#account-best-practices---summary)
+  - [Billing and Costing Tools - Summary](#billing-and-costing-tools---summary)
+
+## AWS Organizations
+
+- Global service
+- Allows to manage **multiple AWS accounts**
+- The main account is the master account
+- Cost Benefits:
+  - Consolidated Billing across all accounts - single payment method
+  - Pricing benefits from aggregated usage (volume discount for EC2, S3…)
+  - Pooling of Reserved EC2 instances for optimal savings
+- API is available to **automate AWS account creation**
+- Restrict account privileges using Service Control Policies (SCP)
+
+## Multi Account Strategies
+
+- Create accounts per **department**, per **cost center**, per **dev / test / prod**, based on regulatory restrictions (using SCP), for better resource isolation (ex: VPC), to have separate per-account service limits, isolated account for logging
+- Multi Account vs One Account Multi VPC
+- Use tagging standards for billing purposes
+- Enable CloudTrail on all accounts, send logs to central S3 account
+- Send CloudWatch Logs to central logging account
+
+## Service Control Policies (SCP)
+
+- Whitelist or blacklist IAM actions
+- Applied at the OU or Account level
+- Does not apply to the Master Account
+- SCP is applied to all the Users and Roles of the Account, including Root user
+- The SCP does not affect service-linked roles
+  - Service-linked roles enable other AWS services to integrate with AWS Organizations and can't be restricted by SCPs.
+- SCP must have an explicit Allow (does not allow anything by default)
+- Use cases:
+  - Restrict access to certain services (for example: can’t use EMR)
+  - Enforce PCI compliance by explicitly disabling services
+
+## AWS Organization - Consolidated Billing
+
+- When enabled, provides you with:
+  - Combined Usage – combine the usage across all AWS accounts in the AWS Organization to share the volume pricing, Reserved Instances and Savings Plans discounts
+  - One Bill – get one bill for all AWS Accounts in the AWS Organization
+- The management account can turn off Reserved Instances discount sharing for any account in the AWS Organization, including itself
+
+## AWS Control Tower
+
+- Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices
+- Benefits:
+  - Automate the set up of your environment in a few clicks
+  - Automate ongoing policy management using guardrails
+  - Detect policy violations and remediate them
+  - Monitor compliance through an interactive dashboard
+- AWS Control Tower runs on top of AWS Organizations:
+  - It automatically sets up AWS Organizations to organize accounts and implement SCPs (Service Control Policies)
+
+## AWS Resource Access Manager (AWS RAM)
+
+- Share AWS resources that you own with other AWS accounts
+- Share with any account or within your Organization
+- Avoid resource duplication!
+- Supported resources include Aurora, VPC Subnets, Transit Gateway, Route 53, EC2 Dedicated Hosts, License Manager Configurations.
+
+## AWS Service Catalog
+
+- Users that are new to AWS have too many options, and may create stacks that are not compliant or in line with the rest of the organization
+- Some users just want a quick self-service portal to launch a set of authorized products pre-defined by admins
+- Includes: virtual machines, databases, storage options, etc…
+- Enter AWS Service Catalog!
+
+<img src="../images/service_catalog.png" height="230" width="350">
+
+## Pricing Models in AWS
+
+- AWS has 4 pricing models:
+- **Pay as you go**: pay for what you use, remain agile, responsive, meet scale demands
+- **Save when you reserve**: minimize risks, predictably manage budgets, comply with long-terms requirements
+  - Reservations are available for EC2 Reserved Instances, DynamoDB Reserved Capacity, ElastiCache Reserved Nodes, RDS Reserved Instance, Redshift Reserved Nodes
+- **Pay less by using more**: volume-based discounts
+- **Pay less as AWS grows**
+
+## Compute Pricing
+
+### EC2
+
+- Only charged for what you use
+- Number of instances
+- Instance configuration:
+  - Physical capacity
+  - Region
+  - OS and software
+  - Instance type
+  - Instance size
+- ELB running time and amount of data processed
+- Detailed monitoring
+
+- On-demand instances:
+  - Minimum of 60s
+  - Pay per second (Linux/Windows) or per hour (other)
+- Reserved instances:
+  - Up to 75% discount compared to On-demand on hourly rate
+  - 1- or 3-years commitment
+  - All upfront, partial upfront, no upfront
+- Spot instances:
+  - Up to 90% discount compared to On-demand on hourly rate
+  - Bid for unused capacity
+- Dedicated Host:
+  - On-demand
+  - Reservation for 1 year or 3 years commitment
+  - Savings plans as an alternative to save on sustained usage
+
+### Lambda & ECS
+
+- Lambda:
+  - Pay per call
+  - Pay per duration
+- ECS:
+  - EC2 Launch Type Model: No additional fees, you pay for AWS resources stored and created in your application
+- Fargate:
+  - Fargate Launch Type Model: Pay for vCPU and memory resources allocated to your applications in your containers
+
+## Storage Pricing
+
+### S3
+
+- Storage class: S3 Standard, S3 Infrequent Access, S3 One-Zone IA, S3 Intelligent Tiering, S3 Glacier and S3 Glacier Deep Archive
+- Number and size of objects: Price can be tiered (based on volume)
+- Number and type of requests
+- Data transfer OUT of the S3 region
+- S3 Transfer Acceleration
+- Lifecycle transitions
+- Similar service: EFS (pay per use, has infrequent access & lifecycle rules)
+
+### EBS
+
+- Volume type (based on performance)
+- Storage volume in GB per month provisioned
+- IOPS:
+  - General Purpose SSD: Included
+  - Provisioned IOPS SSD: provisioned amount in IOPS
+  - Magnetic: Number of requests
+- Snapshots:
+  - Added data cost per GB per month
+- Data transfer:
+  - Outbound data transfer are tiered for volume discounts
+  - Inbound is free
+
+## Database Pricing - RDS
+
+- Per hour billing
+- Database characteristics:
+  - Engine
+  - Size
+  - Memory class
+- Purchase type:
+  - On-demand
+  - Reserved instances (1 or 3 years) with required up-front
+- Backup Storage: There is no additional charge for backup storage up to 100% of your total database storage for a region.
+- Additional storage (per GB per month)
+- Number of input and output requests per month
+- Deployment type (storage and I/O are variable):
+  - Single AZ
+  - Multiple AZs
+- Data transfer:
+  - Outbound data transfer are tiered for volume discounts
+  - Inbound is free
+
+## Content Delivery - CloudFront
+
+- Pricing is different across different geographic regions
+- Aggregated for each edge location, then applied to your bill
+- Data Transfer Out (volume discount)
+- Number of HTTP/HTTPS requests
+
+## Networking Costs in AWS per GB - Simplified
+
+- Use Private IP instead of Public IP for good savings and better network performance
+- Use same AZ for maximum savings (at the cost of high availability)
+
+## Savings Plan
+
+- Commit a certain $ amount per hour for 1 or 3 years
+- Easiest way to setup long-term commitments on AWS
+- EC2 Savings Plan
+  - Up to 72% discount compared to On-Demand
+  - Commit to usage of individual instance families in a region (e.g. C5 or M5)
+  - Regardless of AZ, size (m5.xl to m5.4xl), OS (Linux/Windows) or tenancy
+  - All upfront, partial upfront, no upfront
+- Compute Savings Plan
+  - Up to 66% discount compared to On-Demand
+  - Regardless of Family, Region, size, OS, tenancy, compute options
+  - Compute Options: EC2, Fargate, Lambda
+- Setup from the AWS Cost Explorer console
+- Estimate pricing at <https://aws.amazon.com/savingsplans/pricing/>
+
+## AWS Compute Optimizer
+
+- Reduce costs and improve performance by recommending optimal AWS resources for your workloads
+- Helps you choose optimal configurations and right - size your workloads (over/under provisioned)
+- Uses Machine Learning to analyze your resources’ configurations and their utilization CloudWatch metrics
+- Supported resources
+  - EC2 instances
+  - EC2 Auto Scaling Groups
+  - EBS volumes
+  - Lambda functions
+- Lower your costs by up to 25%
+- Recommendations can be exported to S3
+
+## Billing and Costing Tools
+
+- Estimating costs in the cloud:
+  - Pricing Calculator
+- Tracking costs in the cloud:
+  - Billing Dashboard
+  - Cost Allocation Tags
+  - Cost and Usage Reports
+  - Cost Explorer
+- Monitoring against costs plans:
+  - Billing Alarms
+  - Budgets
+
+## AWS Pricing Calculator
+
+- Available at <https://calculator.aws/>
+- Estimate the cost for your solution architecture
+
+## Cost Allocation Tags
+
+- Use cost allocation tags to track your AWS costs on a detailed level
+- AWS generated tags
+  - Automatically applied to the resource you create
+  - Starts with Prefix aws: (e.g. aws: createdBy)
+- User-defined tags
+  - Defined by the user
+  - Starts with Prefix user:
+
+## Tagging and Resource Groups
+
+- Tags are used for organizing resources:
+  - EC2: instances, images, load balancers, security groups…
+  - RDS, VPC resources, Route 53, IAM users, etc…
+  - Resources created by CloudFormation are all tagged the same way
+- Free naming, common tags are: Name, Environment, Team …
+- Tags can be used to create **Resource Groups**
+  - Create, maintain, and view a collection of resources that share common tags
+  - Manage these tags using the Tag Editor
+
+## Cost and Usage Reports
+
+- Dive deeper into your AWS costs and usage
+- The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs)).
+- The AWS Cost & Usage Report lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes.
+- Can be integrated with Athena, Redshift or QuickSight
+
+## Cost Explorer
+
+- Visualize, understand, and manage your AWS costs and usage over time
+- Create custom reports that analyze cost and usage data.
+- Analyze your data at a high level: total costs and usage across all accounts
+- Or Monthly, hourly, resource level granularity
+- Choose an optimal **Savings Plan**(to lower prices on your bill)
+- **Forecast usage up to 12 months based on previous usage**
+
+- Cost Explorer – Monthly Cost by AWS Service
+- Cost Explorer– Hourly & Resource Level
+- Cost Explorer – Savings Plan Alternative to Reserved Instances
+- Cost Explorer – Forecast Usage
+
+## Billing Alarms in CloudWatch
+
+- Billing data metric is stored in CloudWatch us-east1
+- Billing data are for overall worldwide AWS costs
+- It’s for actual cost, not for projected costs
+- Intended a simple alarm (not as powerful as AWS Budgets)
+
+## AWS Budgets
+
+- Create budget and send alarms when costs exceeds the budget
+- 3 types of budgets: Usage, Cost, Reservation
+- For Reserved Instances (RI)
+  - Track utilization
+  - Supports EC2, ElastiCache, RDS, Redshift
+- Up to 5 SNS notifications per budget
+- Can filter by: Service, Linked Account, Tag, Purchase Option, Instance Type, Region, Availability Zone, API Operation, etc…
+- Same options as AWS Cost Explorer!
+- 2 budgets are free, then $0.02/day/budget
+
+## AWS Cost Anomaly Detection
+
+- Continuously monitor your cost and usage using ML to detect unusual spends
+- It learns your unique, historic spend patterns to detect one-time cost spike
+and/or continuous cost increases (you don't need to define thresholds)
+- Monitor AWS services, member accounts, cost allocation tags, or cost categories
+- Sends you the anomaly detection report with root-cause analysis
+- Get notified with individual alerts or daily/weekly summary (using SNS)
+
+## AWS Service Quotas
+
+- Notify you when you're close to a service quota value threshold
+- Create CloudWatch Alarms on the Service Quotas console
+- Example: Lambda concurrent executions
+- Request a quota increase from AWS Service Quotas or shutdown resources before limit is reached
+
+
+## Trusted Advisor
+
+- No need to install anything – high level AWS account assessment
+- Analyze your AWS accounts and provides recommendation on 5 categories
+- Cost optimization
+- Performance
+- Security
+- Fault tolerance
+- Service limits
+
+## Trusted Advisor - Support Plans
+
+| 7 CORE CHECKS Basic & Developer Support plan                         | FULL CHECKS Business & Enterprise Support plan        |
+| -------------------------------------------------------------------- | ----------------------------------------------------- |
+| S3 Bucket Permissions, Security Groups – Specific Ports Unrestricted | Full Checks available on the 5 categories             |
+| IAM Use (one IAM user minimum), MFA on Root Account                  | Ability to set CloudWatch alarms when reaching limits |
+| EBS Public Snapshots, RDS Public Snapshots, Service Limits           | Programmatic Access using AWS Support API             |
+
+## AWS Basic Support Plan
+
+- Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums.
+- AWS Trusted Advisor - Access to the 7 core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security.
+- AWS Personal Health Dashboard - A personalized view of the health of AWS services, and alerts when your resources are impacted.
+
+## AWS Developer Support Plan
+
+- All Basic Support Plan +
+- Business hours email access to Cloud Support Associates
+- Unlimited cases / 1 primary contact
+- Case severity / response times:
+  - General guidance: < 24 business hours
+  - System impaired: < 12 business hours
+
+## AWS Business Support Plan (24/7)
+
+- Intended to be used if you have production workloads
+- Trusted Advisor – Full set of checks + API access
+- 24x7 phone, email, and chat access to Cloud Support Engineers
+- Unlimited cases / unlimited contacts
+- Access to Infrastructure Event Management for additional fee.
+- Case severity / response times:
+  - General guidance: < 24 business hours
+  - System impaired: < 12 business hours
+  - Production system impaired: < 4 hours
+  - Production system down: < 1 hour
+
+## AWS Enterprise On-Ramp Support Plan (24/7)
+
+- Intended to be used if you have production or business critical workloads
+- All of Business Support Plan +
+- Access to a pool of Technical Account Managers (TAM)
+- Concierge Support Team (for billing and account best practices)
+- Infrastructure Event Management, Well-Architected & Operations Reviews
+- Case severity / response times:
+  - Production system impaired: < 4 hours
+  - Production system down: < 1 hour
+  - Business-critical system down: < 30 minutes
+
+## AWS Enterprise Support Plan (24/7)
+
+- Intended to be used if you have mission critical workloads
+- All of Business Support Plan +
+- Access to a designated Technical Account Manager (TAM)
+- Concierge Support Team (for billing and account best practices)
+- Infrastructure Event Management, Well-Architected & Operations Reviews
+- Case severity / response times:
+  - Production system impaired: < 4 hours
+  - Production system down: < 1 hour
+  - Business-critical system down: < 15 minutes
+
+## Account Best Practices - Summary
+
+- Operate multiple accounts using Organizations
+- Use SCP (service control policies) to restrict account power
+- Easily setup multiple accounts with best-practices with AWS Control Tower
+- Use Tags & Cost Allocation Tags for easy management & billing
+- IAM guidelines: MFA, least-privilege, password policy, password rotation
+- Config to record all resources configurations & compliance over time
+- CloudFormation to deploy stacks across accounts and regions
+- Trusted Advisor to get insights, Support Plan adapted to your needs
+- Send Service Logs and Access Logs to S3 or CloudWatch Logs
+- CloudTrail to record API calls made within your account
+- If your Account is compromised: change the root password, delete and rotate all passwords / keys, contact the AWS support
+
+## Billing and Costing Tools - Summary
+
+- **Compute Optimizer**: recommends resources’ configurations to reduce cost
+- **Pricing Calculator**: cost of services on AWS
+- **Billing Dashboard**: high level overview + free tier dashboard
+- **Cost Allocation Tags**: tag resources to create detailed reports
+- **Cost and Usage Reports**: most comprehensive billing dataset
+- **Cost Explorer**: View current usage (detailed) and forecast usage
+- **Billing Alarms**: in us-east-1 – track overall and per-service billing
+- **Budgets**: more advanced – track usage, costs, RI, and get alerts
+- **Savings Plans**: easy way to save based on long-term usage of AWS
+- **Cost Anomaly Detection**: detect unusual spends using Machine Learning
+- **Service Quotas**: notify you when you're close to service quota threshold
diff --git a/sections/advanced_identity.md b/sections/advanced_identity.md
new file mode 100644
index 0000000..9c81c4b
--- /dev/null
+++ b/sections/advanced_identity.md
@@ -0,0 +1,60 @@
+# Advanced Identity
+
+- [Advanced Identity](#advanced-identity)
+  - [AWS STS (Security Token Service)](#aws-sts-security-token-service)
+  - [Amazon Cognito](#amazon-cognito)
+  - [Microsoft Active Directory (AD)](#microsoft-active-directory-ad)
+    - [AWS Directory Services](#aws-directory-services)
+  - [AWS IAM Identity Center](#aws-iam-identity-center)
+  - [Summary](#summary)
+
+## AWS STS (Security Token Service)
+
+- Provides temporary, limited-privilege credentials to access AWS resources
+- Credentials have a configurable expiration period
+- Use cases:
+  - Identity federation: manage user identities in external systems, providing STS tokens for AWS resource access
+  - IAM Roles for cross-account or same-account access
+  - IAM Roles for EC2 instances: temporary credentials for EC2 to access AWS resources
+
+## Amazon Cognito
+
+- Manages identity for web and mobile application users (potentially millions)
+- Instead of creating IAM users, create users in Cognito
+
+## Microsoft Active Directory (AD)
+
+- Available on any Windows Server with AD Domain Services
+- Database of objects: user accounts, computers, printers, file shares, security groups
+- Centralized security management, create accounts, assign permissions
+
+### AWS Directory Services
+
+- **AWS Managed Microsoft AD**
+  - Create and manage your own AD in AWS, supports MFA
+  - Establish trust connections with on-premise AD
+- **AD Connector**
+  - Directory gateway (proxy) to redirect to on-premise AD, supports MFA
+  - Users are managed on the on-premise AD
+- **Simple AD**
+  - AD-compatible managed directory on AWS
+  - Cannot be joined with on-premise AD
+
+## AWS IAM Identity Center
+
+- Single sign-on (SSO) for:
+  - AWS accounts in AWS Organizations
+  - Business cloud applications (e.g., Salesforce, Box, Microsoft 365)
+  - SAML 2.0-enabled applications
+  - EC2 Windows instances
+- Identity providers:
+  - Built-in identity store in IAM Identity Center
+
+## Summary
+
+- **IAM**: Identity and Access Management within your AWS account for trusted users within your company
+- **Organizations**: Manage multiple AWS accounts
+- **Security Token Service (STS)**: Temporary, limited-privilege credentials for AWS resource access
+- **Cognito**: Create a user database for mobile and web applications
+- **Directory Services**: Integrate Microsoft Active Directory in AWS
+- **IAM Identity Center**: Single login for multiple AWS accounts and applications
diff --git a/sections/architecting_and_ecosystem.md b/sections/architecting_and_ecosystem.md
new file mode 100644
index 0000000..17d19a0
--- /dev/null
+++ b/sections/architecting_and_ecosystem.md
@@ -0,0 +1,141 @@
+# AWS Architecting & Ecosystem
+
+- [AWS Architecting \& Ecosystem](#aws-architecting--ecosystem)
+  - [Well Architected Framework General Guiding Principles](#well-architected-framework-general-guiding-principles)
+  - [AWS Cloud Best Practices - Design Principles](#aws-cloud-best-practices---design-principles)
+  - [Well Architected Framework 6 Pillars](#well-architected-framework-6-pillars)
+    - [1. Operational Excellence](#1-operational-excellence)
+    - [2. Security](#2-security)
+    - [3. Reliability](#3-reliability)
+    - [4. Performance Efficiency](#4-performance-efficiency)
+    - [5. Cost Optimization](#5-cost-optimization)
+    - [6. Sustainability](#6-sustainability)
+  - [AWS Well-Architected Tool](#aws-well-architected-tool)
+  - [AWS Right Sizing](#aws-right-sizing)
+  - [AWS Ecosystem - Free Resources](#aws-ecosystem---free-resources)
+    - [AWS Ecosystem - AWS Support](#aws-ecosystem---aws-support)
+  - [AWS Marketplace](#aws-marketplace)
+
+## Well Architected Framework General Guiding Principles
+
+- Stop guessing capacity needs.
+- Test systems at production scale.
+- Automate to facilitate architectural experimentation.
+- Allow for evolutionary architectures based on changing requirements.
+- Drive architectures using data.
+- Improve through game days by simulating applications for flash sale days.
+
+## AWS Cloud Best Practices - Design Principles
+
+- **Scalability**: Scale both vertically and horizontally.
+- **Disposable Resources**: Servers should be disposable and easily configured.
+- **Automation**: Utilize serverless, infrastructure as a service, and auto-scaling.
+- **Loose Coupling**: Break monolithic applications into smaller, loosely coupled components to prevent cascading failures.
+- **Services, Not Servers**: Use managed services, databases, and serverless options instead of just EC2.
+
+## Well Architected Framework 6 Pillars
+
+### 1. Operational Excellence
+
+- Ability to run and monitor systems for business value and improve supporting processes.
+- **Design Principles**:
+  - Perform operations as code (Infrastructure as code).
+  - Automate the creation of annotated documentation.
+  - Make frequent, small, reversible changes.
+  - Refine operations procedures frequently and ensure team familiarity.
+  - Anticipate failure.
+  - Learn from all operational failures.
+
+### 2. Security
+
+- Ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
+- **Design Principles**:
+  - Implement a strong identity foundation (centralized privilege management, principle of least privilege, IAM).
+  - Enable traceability (integrate logs and metrics with systems).
+  - Apply security at all layers (edge network, VPC, load balancer, instances, OS, application).
+  - Automate security best practices.
+  - Protect data in transit and at rest (encryption, tokenization, access control).
+  - Keep people away from data (reduce or eliminate direct access).
+  - Prepare for security events (run incident response simulations, use automation).
+
+### 3. Reliability
+
+- Ability to recover from disruptions, dynamically acquire resources, and mitigate misconfigurations or transient network issues.
+- **Design Principles**:
+  - Test recovery procedures using automation.
+  - Automatically recover from failures.
+  - Scale horizontally to increase availability.
+  - Stop guessing capacity (use Auto Scaling).
+  - Manage change with automation.
+
+### 4. Performance Efficiency
+
+- Efficiently use computing resources to meet system requirements and maintain efficiency as demands change.
+- **Design Principles**:
+  - Democratize advanced technologies (use services).
+  - Go global in minutes (deploy in multiple regions).
+  - Use serverless architectures.
+  - Experiment frequently.
+  - Be aware of all AWS services (mechanical sympathy).
+
+### 5. Cost Optimization
+
+- Deliver business value at the lowest price point.
+- **Design Principles**:
+  - Adopt a consumption model (pay for what you use).
+  - Measure overall efficiency (use CloudWatch).
+  - Stop spending on data center operations (focus on projects).
+  - Analyze and attribute expenditure (use tags to measure ROI).
+  - Use managed services to reduce costs.
+
+### 6. Sustainability
+
+- Minimize environmental impacts of running cloud workloads.
+- **Design Principles**:
+  - Understand your impact (establish performance indicators).
+  - Set sustainability goals for each workload.
+  - Maximize utilization (right size workloads).
+  - Anticipate and adopt new efficient technologies.
+  - Use managed services to automate sustainability best practices.
+  - Reduce downstream impact (minimize energy/resources for services).
+
+## AWS Well-Architected Tool
+
+- Free tool to review architectures against the 6 pillars and adopt best practices.
+- **How it works**:
+  - Select your workload and answer questions.
+  - Review answers against the 6 pillars.
+  - Obtain advice: videos, documentation, reports, and dashboards.
+
+## AWS Right Sizing
+
+- Match instance types and sizes to workload performance and capacity requirements at the lowest cost.
+- Right sizing involves starting small and scaling up easily, continuously adjusting after cloud onboarding, and using tools like CloudWatch, Cost Explorer, and Trusted Advisor.
+
+## AWS Ecosystem - Free Resources
+
+- **AWS Blogs**: [AWS Blogs](https://aws.amazon.com/blogs/aws/)
+- **AWS Forums**: [AWS Forums](https://forums.aws.amazon.com/index.jspa)
+- **AWS Whitepapers & Guides**: [AWS Whitepapers & Guides](https://aws.amazon.com/whitepapers)
+- **AWS Quick Starts**: [AWS Quick Starts](https://aws.amazon.com/quickstart/)
+  - Automated, gold-standard deployments in the AWS Cloud.
+  - Examples: WordPress on AWS, leveraging CloudFormation.
+- **AWS Solutions**: [AWS Solutions](https://aws.amazon.com/solutions/)
+  - Vetted technology solutions for the AWS Cloud.
+  - Example - AWS Landing Zone (secure, multi-account environment).
+
+### AWS Ecosystem - AWS Support
+
+| DEVELOPER                                               | BUSINESS                                                      | ENTERPRISE                                                      |
+| ------------------------------------------------------- | ------------------------------------------------------------- | --------------------------------------------------------------- |
+| Business hours email access to Cloud Support Associates | 24x7 phone, email, and chat access to Cloud Support Engineers | Access to a Technical Account Manager (TAM)                     |
+| General guidance: < 24 business hours                   | Production system impaired: < 4 hours                         | Concierge Support Team (for billing and account best practices) |
+| System impaired: < 12 business hours                    | Production system down: < 1 hour                              | Business-critical system down: < 15 minutes                     |
+
+## AWS Marketplace
+
+- Digital catalog with thousands of software listings from independent software vendors.
+- Examples:
+  - Custom AMIs, CloudFormation templates, SaaS, containers.
+- Purchases go into your AWS bill.
+- You can sell your own solutions on the AWS Marketplace.
diff --git a/sections/databases.md b/sections/databases.md
index 74a669e..6a4eab8 100644
--- a/sections/databases.md
+++ b/sections/databases.md
@@ -172,7 +172,7 @@
 ### DynamoDB Accelerator (DAX)
 
 - In-memory caching for DynamoDB.
-- **10x faster** read performance.  ingle-digit millisecond latency to microseconds latency – when accessing your DynamoDB tables
+- **10x faster** read performance.  Single-digit millisecond latency to microseconds latency – when accessing your DynamoDB tables
 - Secure, highly scalable & highly available
 - Ideal for use cases where **low-latency reads** are critical.
 
diff --git a/sections/global_infrastructure.md b/sections/global_infrastructure.md
index e460c24..33d4684 100644
--- a/sections/global_infrastructure.md
+++ b/sections/global_infrastructure.md
@@ -152,6 +152,7 @@ Need to know them at a high-level for the Cloud Practitioner Exam
 ## AWS Global Accelerator
 
 - Improve global application availability and performance using the AWS global network
+- Traffic is routed to your applications using the AWS global network instead of the internet.
 - Leverage the AWS internal network to optimize the route to your application (60% improvement)
 - 2 Anycast IP are created for your application and traffic is sent through Edge Locations
 - The Edge locations send the traffic to your application
diff --git a/sections/machine_learning.md b/sections/machine_learning.md
new file mode 100644
index 0000000..3488dbc
--- /dev/null
+++ b/sections/machine_learning.md
@@ -0,0 +1,138 @@
+# Machine Learning
+
+- [Machine Learning](#machine-learning)
+  - [Amazon Rekognition](#amazon-rekognition)
+  - [Amazon Transcribe](#amazon-transcribe)
+  - [Amazon Polly](#amazon-polly)
+  - [Amazon Translate](#amazon-translate)
+  - [Amazon Lex \& Connect](#amazon-lex--connect)
+    - [Amazon Lex: (same technology that powers Alexa)](#amazon-lex-same-technology-that-powers-alexa)
+    - [Amazon Connect](#amazon-connect)
+  - [Amazon Comprehend](#amazon-comprehend)
+  - [Amazon SageMaker](#amazon-sagemaker)
+  - [Amazon Forecast](#amazon-forecast)
+  - [Amazon Kendra](#amazon-kendra)
+  - [Amazon Personalize](#amazon-personalize)
+  - [Amazon Textract](#amazon-textract)
+  - [Summary](#summary)
+
+## Amazon Rekognition
+
+- Identifies objects, people, text, and scenes in images and videos using ML
+- Facial analysis and facial search for user verification and people counting
+- Create a database of familiar faces or compare against celebrities
+- Key uses:
+  - Labeling
+  - Content Moderation
+  - Text Detection
+  - Face Detection and Analysis (gender, age range, emotions)
+  - Face Search and Verification
+  - Celebrity Recognition
+- More info: [Amazon Rekognition](https://aws.amazon.com/rekognition/)
+
+## Amazon Transcribe
+
+- Converts speech to text using Automatically speech recognition (ASR)
+- Accurate and quick transcription
+- Key uses:
+  - Transcribing customer service calls
+  - Automating closed captioning and subtitling
+  - Generating metadata for media assets for searchable archives
+
+## Amazon Polly
+
+- Turns text into lifelike speech using deep learning
+- Enables creation of talking applications
+
+## Amazon Translate
+
+- Provides natural and accurate language translation
+- Localizes content for international users
+- Efficiently translates large volumes of text
+
+## Amazon Lex & Connect
+
+### Amazon Lex: (same technology that powers Alexa)
+
+- Uses ASR to convert speech to text
+- Natural Language Understanding to recognize text and caller intent
+- Helps build chatbots and call center bots
+
+### Amazon Connect
+
+- Cloud-based virtual contact center
+- Receives calls and creates contact flows
+- Integrates with CRM systems or AWS
+- No upfront payments, 80% cheaper than traditional contact centers
+
+## Amazon Comprehend
+
+- Fully managed and serverless NLP service
+- Uses machine learning to find insights and relationships in text
+- Key features:
+  - Identifies language of the text
+  - Extracts key phrases, places, people, brands, or events
+  - Determines sentiment of the text
+  - Analyzes text using tokenization and parts of speech
+  - Organizes text files by topic
+- Key uses:
+  - Analyzing customer interactions for positive or negative experiences
+  - Grouping articles by topics
+
+## Amazon SageMaker
+
+- Fully managed service for developers / data scientists to build ML models
+- Typically, difficult to do all the processes in one place + provision servers
+- Machine learning process (simplified): predicting your exam score
+
+## Amazon Forecast
+
+- Fully managed service that uses ML to deliver highly accurate forecasts
+- Example: predict the future sales of a raincoat
+- 50% more accurate than looking at the data itself
+- Reduces forecasting time from months to hours
+- Key uses:
+  - Product Demand Planning
+  - Financial Planning
+  - Resource Planning
+
+## Amazon Kendra
+
+- Fully managed document search service powered by ML
+- Extracts answers from various document types (text, PDF, HTML, PowerPoint, MS Word, FAQs)
+- Offers natural language search capabilities
+- Learns from user interactions to promote preferred results
+- Allows manual fine-tuning of search results
+
+## Amazon Personalize
+
+- Fully managed ML service for real-time personalized recommendations
+- Key uses:
+  - Personalized product recommendations
+  - Customized direct marketing
+- Integrates into websites, applications, SMS, email marketing systems
+- Implemented in days, not months
+
+## Amazon Textract
+
+- Automatically extracts text, handwriting, and data from scanned documents using AI and ML
+- Reads and processes various document types (PDFs, images)
+- Key uses:
+  - Financial Services (invoices, financial reports)
+  - Healthcare (medical records, insurance claims)
+  - Public Sector (tax forms, ID documents, passports)
+
+## Summary
+
+- **Rekognition**: Face detection, labeling, celebrity recognition
+- **Transcribe**: Audio to text (e.g., subtitles)
+- **Polly**: Text to audio
+- **Translate**: Language translation
+- **Lex**: Build conversational bots (chatbots)
+- **Connect**: Cloud contact center
+- **Comprehend**: Natural language processing
+- **SageMaker**: Machine learning for developers and data scientists
+- **Forecast**: Accurate forecasts
+- **Kendra**: ML-powered search engine
+- **Personalize**: Real-time personalized recommendations
+- **Textract**: Detect text and data in documents
diff --git a/sections/other_aws_services.md b/sections/other_aws_services.md
new file mode 100644
index 0000000..99d4c9f
--- /dev/null
+++ b/sections/other_aws_services.md
@@ -0,0 +1,200 @@
+# Other AWS Services
+
+- [Other AWS Services](#other-aws-services)
+  - [Amazon WorkSpaces](#amazon-workspaces)
+  - [Amazon AppStream 2.0](#amazon-appstream-20)
+  - [Amazon Sumerian](#amazon-sumerian)
+  - [AWS IoT Core](#aws-iot-core)
+  - [Amazon Elastic Transcoder](#amazon-elastic-transcoder)
+  - [AWS AppSync](#aws-appsync)
+  - [AWS Amplify](#aws-amplify)
+  - [AWS Device Farm](#aws-device-farm)
+  - [AWS Backup](#aws-backup)
+  - [AWS Elastic Disaster Recovery (DRS)](#aws-elastic-disaster-recovery-drs)
+  - [AWS DataSync](#aws-datasync)
+  - [AWS Application Discovery Service](#aws-application-discovery-service)
+  - [AWS Application Migration Service (MGN)](#aws-application-migration-service-mgn)
+  - [AWS Migration Evaluator](#aws-migration-evaluator)
+  - [AWS Migration Hub](#aws-migration-hub)
+  - [AWS Fault Injection Simulator (FIS)](#aws-fault-injection-simulator-fis)
+  - [AWS Step Functions](#aws-step-functions)
+  - [AWS Ground Station](#aws-ground-station)
+  - [AWS Pinpoint](#aws-pinpoint)
+
+## Amazon WorkSpaces
+
+- Managed Desktop as a Service (DaaS) solution to provision Windows or Linux desktops
+- Eliminates management of on-premise VDI (Virtual Desktop Infrastructure)
+- Scalable to thousands of users quickly
+- Secured data with integration to KMS
+- Pay-as-you-go service with monthly or hourly rates
+
+## Amazon AppStream 2.0
+
+- Desktop Application Streaming Service
+- Deliver applications to any computer without provisioning infrastructure
+- Applications are delivered from within a web browser
+
+| Amazon AppStream 2.0                                                       | WorkSpaces                                                       |
+| -------------------------------------------------------------------------- | ---------------------------------------------------------------- |
+| Stream a desktop application to web browsers (no need to connect to a VDI) | Fully managed VDI and desktop available                          |
+| Works with any device (that has a web browser)                             | Users connect to the VDI and open native or WAM applications      |
+| Configure an instance type per application type (CPU, RAM, GPU)            | Workspaces are on-demand or always on                            |
+
+## Amazon Sumerian
+
+- Create and run virtual reality (VR), augmented reality (AR), and 3D applications
+- Quickly create 3D models with animations
+- Ready-to-use templates and assets - no programming or 3D expertise required
+- Accessible via web-browser URLs or on popular hardware for AR/VR
+- Example: <https://docs.aws.amazon.com/sumerian/latest/userguide/gettingstartedshowcase.html>
+
+## AWS IoT Core
+
+- IoT stands for “Internet of Things” – the network of internet-connected devices that collect and transfer data
+- Connect IoT devices to AWS Cloud serverlessly, securely, and scalably
+- Applications can communicate with devices even when they aren’t connected
+- Integrates with many AWS services (Lambda, S3, SageMaker, etc.)
+- Build IoT applications that gather, process, analyze, and act on data
+
+## Amazon Elastic Transcoder
+
+- Convert media files stored in S3 into formats required by consumer playback devices (phones, etc.)
+- Benefits:
+  - Easy to use
+  - Highly scalable – handles large volumes and sizes of media files
+  - Cost-effective – duration-based pricing model
+  - Fully managed & secure, pay for what you use
+
+## AWS AppSync
+
+- Store and sync data across mobile and web apps in real-time
+- Uses GraphQL
+- Automatically generates client code
+- Integrates with DynamoDB / Lambda
+- Real-time subscriptions
+- Offline data synchronization (replaces Cognito Sync)
+- Fine Grained Security
+- AWS Amplify can leverage AWS AppSync in the background!
+
+## AWS Amplify
+
+- A set of tools and services for developing and deploying scalable full stack web and mobile applications
+- Features:
+  - Backend-as-a-Service (BaaS)
+  - Frontend Libraries and UI Components
+  - Authentication
+  - Storage
+  - API Management (REST, GraphQL)
+  - Real-Time and Offline Capabilities through AWS AppSync
+  - CI/CD
+  - Command-Line Interface (CLI)
+  - PubSub
+  - Analytics
+  - AI/ML Predictions
+  - Monitoring
+  - Source Code from AWS, GitHub, etc.
+
+## AWS Device Farm
+
+- Fully-managed service that tests web and mobile apps against desktop browsers, real mobile devices, and tablets
+- Run tests concurrently on multiple devices to speed up execution
+- Configure device settings (GPS, language, Wi-Fi, Bluetooth, etc.)
+
+## AWS Backup
+
+- Fully-managed service to centrally manage and automate backups across AWS services
+- On-demand and scheduled backups
+- Supports PITR (Point-in-time Recovery)
+- Retention Periods, Lifecycle Management, Backup Policies, etc.
+- Cross-Region Backup
+- Cross-Account Backup (using AWS Organizations)
+
+## AWS Elastic Disaster Recovery (DRS)
+
+- Formerly known as “CloudEndure Disaster Recovery”
+- Quickly and easily recover physical, virtual, and cloud-based servers into AWS
+- Example: protect critical databases (Oracle, MySQL, SQL Server), enterprise apps (SAP), and protect data from ransomware attacks
+- Continuous block-level replication for servers
+
+## AWS DataSync
+
+- Move large amounts of data from on-premises to AWS
+- Synchronize to Amazon S3 (any storage classes including Glacier), Amazon EFS, Amazon FSx for Windows
+- Schedule replication tasks hourly, daily, weekly
+- Incremental replication after the first full load
+
+## AWS Application Discovery Service
+
+- Plan migration projects by gathering information about on-premises data centers
+- Collect server utilization data and dependency mapping for migrations
+- Agentless Discovery (AWS Agentless Discovery Connector):
+  - VM inventory, configuration, and performance history (CPU, memory, disk usage)
+- Agent-based Discovery (AWS Application Discovery Agent):
+  - System configuration, performance, running processes, and network connections between systems
+- Data can be viewed within AWS Migration Hub
+
+## AWS Application Migration Service (MGN)
+
+- The “AWS evolution” of CloudEndure Migration, replacing AWS Server Migration Service (SMS)
+- Lift-and-shift (rehost) solution to simplify migrating applications to AWS
+- Converts physical, virtual, and cloud-based servers to run natively on AWS
+- Supports a wide range of platforms, Operating Systems, and databases
+- Minimal downtime and reduced costs
+
+## AWS Migration Evaluator
+
+- Build a data-driven business case for migration to AWS
+- Provides a clear baseline of current infrastructure
+- Use Agentless Collector for broad-based discovery
+- Take a snapshot of on-premises footprint, server dependencies, etc.
+- Analyze current state, define target state, and develop a migration plan
+
+## AWS Migration Hub
+
+- Central location to collect servers and applications inventory data for the assessment, planning, and tracking of migrations to AWS
+- Accelerate migration to AWS, automate lift-and-shift
+- AWS Migration Hub Orchestrator provides pre-built templates for migrating enterprise apps (e.g., SAP, Microsoft SQL Server)
+- Supports migration status updates from Application Migration Service (MGN) and Database Migration Service (DMS)
+
+## AWS Fault Injection Simulator (FIS)
+
+- Fully managed service for running fault injection experiments on AWS workloads
+- Based on Chaos Engineering – stress an application by creating disruptive events (e.g., sudden increase in CPU or memory), observe system response, and implement improvements
+- Uncover hidden bugs and performance bottlenecks
+- Supports AWS services such as EC2, ECS, EKS, RDS
+- Use pre-built templates for desired disruptions
+
+## AWS Step Functions
+
+- Build serverless visual workflows to orchestrate Lambda functions
+- Features: sequence, parallel, conditions, timeouts, error handling, etc.
+- Integrate with EC2, ECS, on-premises servers, API Gateway, SQS queues, etc.
+- Implement human approval feature
+- Use cases: order fulfillment, data processing, web applications, any workflow
+
+<img src="../images/step_functions.png" height="300" width="300">
+
+## AWS Ground Station
+
+- Fully managed service for controlling satellite communications, processing data, and scaling satellite operations
+- Global network of satellite ground stations near AWS regions
+- Download satellite data to your AWS VPC within seconds
+- Send satellite data to S3 or EC2 instance
+- Use cases: weather forecasting, surface imaging, communications, video broadcasts
+
+## AWS Pinpoint
+
+- Scalable 2-way (outbound/inbound) marketing communications service
+- Supports email, SMS, push, voice, and in-app messaging
+- Segment and personalize messages with the right content for customers
+- Receive replies
+- Scale to billions of messages per day
+- Use cases: run campaigns by sending marketing, bulk, transactional SMS messages
+- Comparison with Amazon SNS or Amazon SES:
+  - SNS & SES: manage each message's audience, content, and delivery schedule
+  - Amazon Pinpoint: create message templates, delivery schedules, targeted segments, and full campaigns
+
+* * *
+
+[<img align="center" src="../images/back-arrow.png" height="20" width="20"/> Advanced Identity](./advanced_identity.md)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;[<img align="center" src="../images/list[...]