Cloud computing has changed how we build and run software. Instead of purchasing servers, racks, cooling, and power, you can now rent computing power, storage, and networking from providers over the internet. You pay only for what you consume, scale up when traffic spikes, and scale down again when things are quiet. This approach removes a huge amount of upfront cost and complexity for organizations of every size.
At its core, cloud computing means your applications and data live on remote servers, but you interact with them as if they were local. You can launch virtual machines, store petabytes of data, analyze logs, deploy APIs, and more, all through a web console, CLI, or APIs. Whether you’re building a side project or running an enterprise-grade system, the cloud gives you ready-made building blocks.
Cloud environments come in several flavors, and many companies end up using more than one model at the same time:
Understanding these models makes it easier to see where AWS fits in your overall architecture.
Amazon Web Services (AWS) is a cloud platform offering hundreds of services that cover almost every part of modern IT: compute, storage, databases, networking, analytics, AI, security, DevOps, and much more. Instead of building everything from scratch, you assemble solutions by combining AWS services. You can spin up a server, a database, an object store, and an API layer in minutes, then automate the entire stack with code.
AWS is built on a global infrastructure of regions and availability zones. A region is a geographic area (like us-east-1 or ap-south-1), and each region contains multiple availability zones (AZs). AZs are isolated data centers with separate power and networking, allowing you to design for high availability by distributing your workloads. On top of that, edge locations are used to cache and serve content closer to users, improving performance for global audiences.
In practice, you rarely use AWS as a single monolithic platform. You pick services that solve specific problems—like storage, messaging, authentication—then glue them together. This cheat sheet is your map of those key services and what they do.
Compute services give you the processing power to run applications, APIs, and background jobs. You can work with full virtual machines, containers, or pure serverless functions, depending on how much control you want.
| Category | Service | Description |
|---|---|---|
| Virtual Machines | Amazon EC2 | The main service for launching virtual servers. You choose instance size, CPU, memory, storage, and OS, and then deploy applications as you would on physical machines. |
| Virtual Machines | EC2 Spot Instances | Access spare EC2 capacity at deep discounts. AWS may reclaim these instances, so they’re ideal for batch jobs, test environments, or fault-tolerant workloads. |
| Virtual Machines | EC2 Auto Scaling | Automatically increases or decreases the number of EC2 instances based on metrics like CPU or request count, keeping performance steady while controlling cost. |
| Virtual Machines | Amazon Lightsail | Simplified virtual private servers with preconfigured stacks (like WordPress or LAMP). Good for small websites, prototypes, and learning environments. |
| Batch & High-Volume Jobs | AWS Batch | Schedules and runs large numbers of batch or compute-heavy jobs on managed EC2 and Spot capacity, choosing the right instances for each job. |
| Containers | Amazon ECS | AWS container orchestration service for running Docker containers. Handles tasks, services, and scaling for containerized workloads. |
| Containers | Amazon ECR | Private container registry that stores, scans, and manages container images for ECS, EKS, and other platforms. |
| Containers | Amazon EKS | Managed Kubernetes control plane. Lets you run standard Kubernetes clusters on AWS without operating your own master nodes. |
| Containers | AWS Fargate | Serverless engine for containers. You define CPU and memory for tasks, and AWS manages the underlying compute layer automatically. |
| Serverless Compute | AWS Lambda | Runs your functions in response to events such as API calls, file uploads, or messages. You pay only for execution time and resources consumed per invocation. |
| Edge & Hybrid | AWS Outposts | Extends AWS infrastructure and services into your own data center, useful for low-latency, local processing, or strict data residency needs. |
| Edge & Hybrid | AWS Snow Family | Physical devices that collect and process data in remote or disconnected environments and then move it back to AWS when connectivity is available. |
| Edge & Hybrid | AWS Wavelength | Deploys AWS compute and storage at telecom 5G locations, enabling extremely low-latency experiences for mobile and edge applications. |
| Edge & Hybrid | Local Zones | Additional infrastructure near large population centers that provides low-latency access to a subset of AWS services close to end users. |
| Edge & Hybrid | VMware Cloud on AWS | Runs VMware-based workloads on top of AWS infrastructure, allowing organizations to move existing virtualized environments into the cloud with minimal change. |
Storage services handle different ways of saving data: objects, blocks, and files. AWS offers options for high-performance transactional workloads, long-term archives, and hybrid scenarios where some data remains on-premises.
| Service | Description |
|---|---|
| Amazon S3 | Object storage is used for files of any type and size: backups, media, logs, and more. It offers multiple storage classes (such as Standard, Infrequent Access, and Glacier) and lifecycle rules that automatically move data to lower-cost tiers over time. |
| AWS Backup | Central backup management for services such as EBS, RDS, DynamoDB, EFS, and on-premises workloads. You define backup plans and retention policies and let AWS enforce them automatically. |
| Amazon EBS | Block storage volumes attached to EC2 instances. Suitable for databases and applications that expect disks with consistent low-latency access. Supports snapshots and different performance profiles. |
| Amazon EFS | Fully managed, elastic file system using the NFS protocol. Multiple EC2 instances can mount the same file system concurrently, making it ideal for shared content or multi-server applications. |
| Amazon FSx | Family of managed file systems tuned for specific use cases, like Windows file shares or Lustre for high-performance computing and analytics workloads. |
| AWS Storage Gateway | Connects on-premises software appliances to cloud storage. Offers file, volume, and tape gateway modes that provide local access while storing data in S3 and related services. |
| AWS DataSync | High-speed data transfer service that moves large datasets between on-premises storage and AWS, or between AWS storage services. Handles encryption, scheduling, and performance optimizations. |
| AWS Transfer Family | Managed SFTP/FTPS/FTP endpoints that read and write directly to S3 or EFS, allowing you to keep existing file-transfer workflows while using cloud storage as the backend. |
| AWS Snow Family | Portable devices are used to move tens or hundreds of terabytes of data physically to or from AWS when network-based transfer is too slow or unreliable. |
Database services in AWS cover almost every data model: traditional relational databases, key-value stores, caching, graph databases, and specialized options for time series and ledgers.
| Type | Common Use Cases | Service(s) | Description |
|---|---|---|---|
| Relational | Transactional systems, ERP, CRM, e-commerce, and financial apps | Amazon RDS, Amazon Aurora, Amazon Redshift | RDS manages popular relational engines (MySQL, PostgreSQL, MariaDB, Oracle, SQL Server), handling backups, patching, and failover. Aurora is a cloud-optimized relational database with higher performance and automatic scaling. Redshift focuses on data warehousing and analytical queries across large datasets. |
| Key-Value / NoSQL | Gaming, shopping carts, user profiles, session storage, IoT | Amazon DynamoDB | Fully managed NoSQL database that delivers consistent millisecond latency and automatically scales to handle large traffic spikes. It supports flexible schemas and global replication. |
| In-Memory | Caching, leaderboards, real-time analytics, recommendation systems | Amazon ElastiCache (Redis, Memcached) | Provides in-memory data stores for extremely fast reads and writes. Often used to cache database results and reduce response times for frequently accessed data. |
| Document | Content management, catalogs, user-generated content | Amazon DocumentDB | Document database compatible with MongoDB APIs. Simplifies running document-centric workloads with built-in scaling, automated backups, and high availability. |
| Wide Column | Large-scale telemetry, time-series, event logging | Amazon Keyspaces (for Apache Cassandra) | Managed Apache Cassandra–compatible database for workloads that need high throughput and low latency across large datasets, without running your own Cassandra clusters. |
| Graph | Social graphs, fraud detection, recommendation engines | Amazon Neptune | A purpose-built graph database that supports property graph and RDF models. Efficiently stores and traverses highly connected data to answer relationship-heavy queries. |
| Time Series | IoT metrics, application telemetry, infrastructure monitoring | Amazon Timestream | Time-series database that organizes data by time, automatically tiering older data and optimizing queries over both recent and historical records. |
| Ledger | Systems requiring an immutable, auditable trail | Amazon QLDB | Centralized ledger with a cryptographically verifiable log of all changes, useful for audit trails, regulatory systems, and sensitive business workflows. |
Networking services control how your resources talk to each other, connect to on-premises environments, and reach end users worldwide. AWS also offers tools to secure and optimize that traffic.
| Use Case | Service | Description |
|---|---|---|
| Build a cloud network | Amazon VPC | Creates isolated virtual networks within AWS. You choose IP ranges, configure public and private subnets, route tables, gateways, and security rules that define how your resources communicate. |
| Build a cloud network | AWS Transit Gateway | Central hub that connects multiple VPCs and on-premises networks, simplifying complex peering arrangements into a single managed attachment model. |
| Build a cloud network | AWS PrivateLink | Exposes services privately inside your VPC using endpoint interfaces, allowing private connectivity without using public IP addresses or traversing the public internet. |
| Build a cloud network | Amazon Route 53 | DNS and domain management service that routes users to applications. Supports advanced features like failover routing, weighted routing, and latency-based routing. |
| Scale and optimize traffic | Elastic Load Balancing (ALB/NLB) | Distributes traffic across multiple targets (EC2, containers, IPs) for higher availability and scalability. Application Load Balancers handle HTTP/HTTPS, while Network Load Balancers handle TCP/UDP at very high throughput. |
| Scale and optimize traffic | AWS Global Accelerator | Uses AWS’s global network to route user traffic to the closest healthy endpoint, often improving performance and resilience for internet-facing applications. |
| Secure network traffic | AWS Shield | Managed protection against distributed denial-of-service (DDoS) attacks. The advanced tier adds enhanced protections and support for critical applications. |
| Secure network traffic | AWS WAF | Web application firewall that inspects HTTP(S) requests and blocks malicious patterns, such as common injection attempts or bots. |
| Secure network traffic | AWS Firewall Manager | Centralized policy management for firewall-related services (WAF, Shield, security groups) across multiple accounts and regions. |
| Build hybrid connectivity | AWS Client VPN | Managed VPN service that lets users securely connect from laptops or devices into AWS and on-premises networks via encrypted tunnels. |
| Build hybrid connectivity | AWS Site-to-Site VPN | Establishes a secure IPsec tunnel between your data center or branch office and your AWS VPC, allowing private communication between environments. |
| Build hybrid connectivity | AWS Direct Connect | Dedicated network connection from your location to AWS. Offers more consistent bandwidth and lower latency compared to typical public internet routes. |
| Content delivery | Amazon CloudFront | Global content delivery network that caches static and dynamic content at edge locations, decreasing latency and offloading traffic from your origin servers. |
| Microservices networking | AWS App Mesh | Service mesh that standardizes observability, traffic control, and resilience for microservices running in ECS, EKS, or on EC2. |
| Microservices networking | Amazon API Gateway | Fully managed service for building and running APIs. Handles scaling, rate limiting, authentication, and monitoring so you can focus on API logic. |
| Microservices networking | AWS Cloud Map | Service discovery component that keeps track of resource locations and names, allowing applications to look up endpoints dynamically. |
These services help teams write code, build and test it, manage artifacts, deploy applications, and debug issues in distributed environments.
| Service | Description |
|---|---|
| AWS Cloud9 | Cloud-hosted IDE that runs in the browser. Provides a preconfigured environment with terminals and code editors connected directly to your AWS resources. |
| AWS CodeArtifact | Stores and shares software packages (such as npm, Maven, or pip repositories) in a secure and centrally managed artifact repository. |
| AWS CodeBuild | Fully managed build service that compiles source code, runs tests, and produces build outputs, scaling automatically based on the size and number of builds. |
| Amazon CodeGuru | Uses machine learning to offer code review suggestions and profile running applications, helping identify inefficiencies, security issues, and costly hot paths. |
| AWS CDK (Cloud Development Kit) | Framework for defining cloud infrastructure using higher-level programming languages. CDK apps synthesize down to CloudFormation templates. |
| AWS CodeCommit | Private Git repository service hosted on AWS. Integrates with IAM for access control and with other AWS tools for CI/CD workflows. |
| AWS CodeDeploy | Automates deployments to EC2, on-premises instances, Lambda functions, and other compute services. Supports strategies such as rolling, blue/green, or canary deployments. |
| AWS CodePipeline | Orchestrates continuous integration and delivery pipelines, connecting source, build, test, and deployment stages into an automated flow. |
| AWS CodeStar | Provides preconfigured project templates and pipelines to quickly set up development workflows with integrated issue tracking and collaboration tools. |
| AWS CLI | Command-line interface that offers scripted and interactive control over AWS services. A core tool for automation, provisioning, and infrastructure management. |
| AWS X-Ray | Distributed tracing system that follows requests through microservices, showing latencies and errors along the entire call chain for easier debugging. |
Security services help you control access, detect threats, protect data, and demonstrate compliance. This stack is critical for any production workload.
| Service | Description |
|---|---|
| AWS IAM | Baseline identity and access management service. You define users, roles, groups, and policies that control which AWS resources can be used and what actions are allowed. |
| AWS Single Sign-On (SSO) | Centralizes user authentication into multiple AWS accounts and business applications using a single set of credentials and policies. |
| Amazon Cognito | Adds sign-up, sign-in, and access control for web and mobile apps. Supports social logins and JWT-based authentication without building an auth system from scratch. |
| AWS Directory Service | Provides managed directory options, including an AWS-managed Active Directory, to integrate AWS resources with existing corporate identity systems. |
| AWS Resource Access Manager (RAM) | Lets you share AWS resources (like subnets or transit gateways) between accounts securely, promoting account separation without duplicating infrastructure. |
| AWS Organizations | Manages multiple AWS accounts at scale with consolidated billing and organization-wide policies, making governance and compliance easier. |
| Category | Service | Description |
|---|---|---|
| Detection & Audit | AWS Security Hub | Collects and correlates security findings from multiple AWS services and partners, giving you a unified security dashboard and compliance checks. |
| Detection & Audit | Amazon GuardDuty | Threat detection service that looks for suspicious activities, unusual API calls, or potential compromised resources in your AWS environment. |
| Detection & Audit | Amazon Inspector | Scans workloads for known vulnerabilities and misconfigurations by analyzing EC2 instances and container images, and then prioritizes findings. |
| Detection & Audit | AWS Config | Tracks configuration changes across AWS resources and checks them against rules, enabling drift detection and compliance reporting. |
| Detection & Audit | AWS CloudTrail | Records API calls across AWS services, showing which identities interacted with which resources, when, and from where. |
| Detection & Audit | AWS IoT Device Defender | Monitors IoT device fleets for behavior anomalies and misconfigurations that could indicate compromise or misuse. |
| Infrastructure Protection | AWS Shield | Protects applications from common DDoS attacks. The advanced tier offers additional reporting and rapid response integration. |
| Infrastructure Protection | AWS WAF | Filters web traffic using custom rules that can block malicious requests such as SQL injection or cross-site scripting attempts. |
| Infrastructure Protection | AWS Firewall Manager | Central governance layer for WAF, Shield, and VPC security configurations across many accounts and resources. |
| Data Protection | Amazon Macie | Uses machine learning to discover and classify sensitive data in S3 buckets and surfaces potential data exposure risks. |
| Data Protection | AWS Key Management Service (KMS) | Central key management solution for encrypting data at rest and in transit, tightly integrated into many AWS services for easy encryption. |
| Data Protection | AWS CloudHSM | Dedicated hardware security modules for organizations that need complete control of crypto keys and FIPS-compliant hardware. |
| Data Protection | AWS Certificate Manager | Issues, manages, and renews SSL/TLS certificates for use with AWS services and custom applications, simplifying certificate handling. |
| Data Protection | AWS Secrets Manager | Securely stores sensitive values such as passwords and tokens, with automatic rotation and fine-grained access control. |
| Incident Response & Compliance | Amazon Detective | Helps security teams explore and analyze events, automating the heavy lifting of correlating logs for investigations. |
| Incident Response & Compliance | CloudEndure Disaster Recovery | Continuously replicates workloads to a low-cost staging area and can orchestrate failovers to AWS when an outage occurs. |
| Incident Response & Compliance | AWS Artifact | On-demand portal for AWS compliance documents and agreements, useful for audits, security reviews, and regulatory reporting. |
These services help you analyze your current environment, move data and applications into AWS, and manage hybrid or multi-cloud migrations.
| Service | Description |
|---|---|
| Migration Evaluator | Provides cost and right-sizing estimates for moving on-premises workloads to AWS by analyzing usage patterns and infrastructure inventory. |
| AWS Migration Hub | Central dashboard for tracking the progress of multiple migration projects across different tools and services. |
| Application Discovery Service | Collects configuration and dependency data from on-premises environments to plan migrations and understand relationships between applications. |
| Server Migration Service (SMS) | Assists in migrating virtualized server workloads into AWS by replicating and converting existing machines into EC2 instances. |
| Database Migration Service (DMS) | Helps move data between databases with minimal downtime, supporting both homogeneous and heterogeneous migrations (for example, Oracle to PostgreSQL). |
| CloudEndure Migration | Lifts and shifts applications to AWS by continuously replicating the source systems until you are ready to cut over with minimal downtime. |
| VMware Cloud on AWS | Enables organizations using VMware to extend or move their environments into AWS without redesigning or re-platforming applications. |
| DataSync, Transfer Family, Snow Family | Work together to move data using network or physical devices, covering everything from incremental syncs to massive one-time transfers. |
Cost management services help you understand, predict, and control how much you spend in the cloud.
| Use Case | Capability / Service | Description |
|---|---|---|
| Organize costs | Cost Categories and Tagging | Group resources logically using tags (like project, cost center, or team) and cost categories, then break down your bills based on those groupings. |
| Reporting | Cost & Usage Reports | Detailed reports that show every line item of consumption and price, enabling deep analysis in spreadsheets or data warehouses. |
| Access & Billing Views | Consolidated Billing | Combines usage from multiple accounts under one payer account, often unlocking discounts and simplifying payment handling. |
| Governance & Control | AWS Budgets | Lets you define custom budget thresholds and sends alerts when your actual or forecasted spend crosses those limits. |
| Forecasting | Cost Explorer | Interactive dashboards for exploring past usage and forecasting future costs based on trends, with filters for services, tags, and regions. |
| Purchase Optimization | Savings Plans & Reserved Instances | Pricing models that reward predictable usage with significant discounts compared to on-demand rates, in exchange for term commitments. |
| Rightsizing & Optimization | Trusted Advisor / Compute Optimizer | Provide recommendations to reduce cost by identifying underutilized or oversized resources and suggesting better instance types or configurations. |
These tools help developers build AWS-integrated applications more easily in different languages and environments.
| Service / Toolkit | Description |
|---|---|
| AWS SDKs | Language-specific SDKs (for example, Python, JavaScript, Java, Go, .NET) that simplify calling AWS APIs and handling authentication, retries, and error handling. |
| AWS CDK | Infrastructure-as-code framework that lets you define AWS resources using familiar programming languages with higher-level constructs. |
| AWS Corretto | Free distribution of the OpenJDK maintained by Amazon, optimized and supported for running Java applications in production environments. |
| AWS Encryption SDK / Crypto Tools | Libraries that help you encrypt and decrypt data securely using best-practice patterns and integrate with AWS KMS. |
| AWS SAM (Serverless Application Model) | Framework and tooling for building, testing, and deploying serverless applications using simplified configuration syntax built on top of CloudFormation. |
These services help you collect, process, store, and analyze data at scale for reporting, dashboards, and advanced analytics.
| Category | Service | Description |
|---|---|---|
| Query & Analytics | Amazon Athena | Interactive query service that lets you run SQL queries directly on data stored in S3 without managing servers or data warehouses. |
| Query & Analytics | Amazon EMR | Managed big data platform built on frameworks like Hadoop, Spark, and Hive for heavy-duty processing, ETL, and analytics workloads. |
| Query & Analytics | Amazon Redshift | Columnar data warehouse designed for fast analytical queries on large datasets, often used for business intelligence reporting. |
| Streaming Data | Amazon Kinesis (Streams, Firehose, Analytics, Video) | Suite of services for ingesting, processing, and analyzing real-time streaming data from applications, devices, and logs. |
| Search & Observability | Amazon OpenSearch Service | Managed service for running OpenSearch/Elasticsearch clusters used for log analytics, search workloads, and dashboarding. |
| BI Dashboards | Amazon QuickSight | Business intelligence service for creating interactive dashboards and visualizations based on data from various AWS and external sources. |
| Data Movement | AWS Glue | Serverless ETL and data catalog service that discovers data schemas, transforms data, and prepares it for analytics. |
| Data Lakes | Amazon S3 & AWS Lake Formation | S3 is the core storage layer for data lakes, while Lake Formation simplifies building a secure, governed data lake with fine-grained access controls. |
| Archival & Backup | S3 Glacier, AWS Backup | Services designed for long-term, low-cost storage of archives and backup data with flexible retrieval times. |
| Data Exchange | AWS Data Exchange | Marketplace for subscribing to and sharing third-party datasets, making it easier to incorporate external data into your analytics workflows. |
Container services support modern, portable deployments where applications and dependencies are packaged together.
| Use Case | Service | Description |
|---|---|---|
| Store and manage container images | Amazon ECR | Private image registry for securely storing, scanning, and distributing container images to ECS, EKS, or other runtimes. |
| Orchestrate containers | Amazon ECS | Native AWS container orchestrator for running and scaling containerized workloads with support for both EC2 and Fargate launch types. |
| Kubernetes at scale | Amazon EKS | Managed Kubernetes service for running standard Kubernetes clusters on AWS infrastructure with AWS handling the control plane. |
| Serverless containers | AWS Fargate | Runs containers without provisioning or managing servers, letting you focus on the container definitions and task configuration. |
| Containerize legacy apps | AWS App2Container | Tool that analyzes existing applications and generates container images and run configurations for modern platforms. |
| Developer workflow | AWS Copilot | CLI tool that simplifies the process of developing, releasing, and operating containerized applications on ECS and Fargate using best-practice patterns. |
Serverless services let you build applications without managing servers, capacity, or patching. You focus on functions, events, and workflows.
| Category | Service | Description |
|---|---|---|
| Compute | AWS Lambda | Runs code in response to events and scales automatically. You upload code, configure triggers, and AWS takes care of infrastructure and scaling. |
| Edge Compute | Lambda@Edge | Lets you run Lambda functions at CloudFront edge locations to customize content delivery, perform redirects, or handle security checks closer to users. |
| Data Stores | Amazon DynamoDB | Serverless NoSQL data store for high-throughput, low-latency workloads. |
| Data Stores | Aurora Serverless | On-demand, auto-scaling configuration of Amazon Aurora that adjusts capacity based on application load. |
| Data Stores | RDS Proxy | Connection pooling layer that sits between applications and RDS, improving database scalability and resilience for serverless and microservices patterns. |
| Storage | Amazon S3, Amazon EFS | Provide object and file storage backends commonly used by serverless applications for static assets, uploads, and shared data. |
| API Layer | Amazon API Gateway | Manages REST, HTTP, and WebSocket APIs that front your Lambda functions or HTTP backends. Handles scaling, authorization, throttling, and monitoring. |
| Application Integration | Amazon SNS, Amazon SQS, AWS AppSync, Amazon EventBridge | SNS and SQS handle messaging and queuing, AppSync provides GraphQL APIs, and EventBridge routes events across services for loosely coupled architectures. |
| Orchestration | AWS Step Functions | Glues multiple Lambda functions and services into workflows with explicit states and error handling, making complex business processes easier to implement. |
| Analytics | Amazon Kinesis, Amazon Athena | Used to collect and analyze event and log data produced by serverless applications. |
These services help different applications and services talk to each other reliably, even when they operate at different speeds or scales.
| Category | Service | Description |
|---|---|---|
| Messaging | Amazon SNS | Publish/subscribe messaging for broadcasting notifications or events to multiple subscribers via HTTP endpoints, email, mobile push, or other targets. |
| Messaging | Amazon SQS | Fully managed message queuing service. Decouples producers and consumers, allowing asynchronous processing and smoothing out traffic spikes. |
| Messaging | Amazon MQ | Managed message broker service compatible with popular open-source brokers like ActiveMQ and RabbitMQ, easing lift-and-shift from on-prem setups. |
| Workflows | AWS Step Functions | Builds state machines that coordinate multiple AWS services and functions into reliable workflows with visual diagrams and step-level error handling. |
| API Management | Amazon API Gateway | Fronts microservices or serverless applications with secure and scalable APIs, including request validation and transformation features. |
| API Management | AWS AppSync | Managed GraphQL service that connects to data sources like DynamoDB, Lambda, and HTTP endpoints, handling real-time updates and offline sync. |
| Event Bus | Amazon EventBridge | Event routing service that connects SaaS products, custom applications, and AWS services via events in an event-driven architecture. |
| SaaS Data Flows | AWS AppFlow | Securely moves data between SaaS applications (such as Salesforce, Slack, or Zendesk) and AWS services without writing custom integration code. |
These services help you set up guardrails, manage accounts at scale, observe resources, and keep infrastructure under control.
| Category | Service | Description |
|---|---|---|
| Enable & Govern | AWS Control Tower | Easiest way to set up a secure multi-account AWS environment with standardized guardrails and best practices baked in. |
| Enable & Govern | AWS Organizations | Groups multiple AWS accounts under one umbrella to apply policies, control access, and manage billing centrally. |
| Enable & Govern | AWS Well-Architected Tool | Guides you through best practices across key pillars (such as reliability, security, and cost optimization) and highlights improvement areas. |
| Licensing & Catalog | AWS License Manager | Tracks, enforces, and reports on software licenses for products like Windows, SQL Server, or other commercial software across AWS and on-premises. |
| Licensing & Catalog | AWS Service Catalog | Allows organizations to create curated catalogs of approved infrastructure and applications that teams can deploy in a controlled way. |
| Provision & Configuration | AWS CloudFormation | Infrastructure-as-code tool that provisions resources based on declarative templates, ensuring predictable and repeatable deployments. |
| Provision & Configuration | AWS OpsWorks | Configuration management service based on Chef and Puppet, used to automate server configuration and deployment. |
| Provision & Configuration | AWS Marketplace | Digital catalog with thousands of third-party software solutions you can launch and pay for through your AWS bill. |
| Operate & Observe | Amazon CloudWatch | Central monitoring and logging service for metrics, logs, alarms, dashboards, and application insights. |
| Operate & Observe | AWS CloudTrail | Records API interactions and account activity, vital for audits and security investigations. |
| Operate & Observe | AWS Systems Manager | Provides a unified interface to manage EC2 instances and other resources, including patching, parameter storage, runbooks, and configuration management. |
| Operate & Observe | Cost & Usage Report / Cost Explorer | Provide detailed visibility into cost and usage across services, accounts, and tags, helping spot trends and anomalies. |
| Managed Operations | AWS Managed Services | Operates parts of your AWS environment on your behalf, including monitoring, incident response, and routine operations, subject to specific engagement models. |
A single application might touch a surprising number of these services. A typical web application could place static files in S3, use CloudFront to deliver content globally, run containers on ECS with Fargate, store data in RDS and DynamoDB, manage access via IAM and Cognito, monitor with CloudWatch, and integrate payments or external APIs through API Gateway and EventBridge. Migration tools, security services, and cost controls sit around that core, keeping everything safe, compliant, and affordable.
The power of AWS lies in this composability. Once you understand what each building block does, you can design highly available architectures, event-driven systems, streaming pipelines, or serverless backends simply by selecting and connecting the right services.
AWS is a massive platform, and it’s easy to get lost if you look at every service in isolation. This cheat sheet organizes the most important services by category and explains what they do in clear, beginner-friendly language. Start by recognizing patterns: EC2 for virtual machines, S3 for object storage, RDS and DynamoDB for databases, VPC for networking, IAM for permissions, and CloudWatch and CloudTrail for visibility. Everything else layers on top of those foundations.
As you gain experience, you’ll build more sophisticated designs using containers, serverless, data lakes, and event-driven architecture. This guide is here to act as your quick reference whenever you forget what a service does, need to compare options, or want a reminder of which tool fits which job. Keep it handy as you experiment, learn, and ship real workloads on AWS.
No. AWS is used by solo developers, startups, mid-sized businesses, and large enterprises. The pay-as-you-go model works well for small projects because you can start with tiny resources and scale gradually. As you grow, you can adopt more advanced services without rebuilding everything from scratch.
A good starting set is: EC2 for compute basics, S3 for storage, RDS or DynamoDB for databases, VPC for networking fundamentals, IAM for permissions, and CloudWatch/CloudTrail for monitoring and auditing. Once those feel comfortable, you can move on to Lambda, API Gateway, and basic serverless or container workloads.
Always start in a low-cost region and stick to free-tier eligible services where possible. Tag your resources so you know which project they belong to. Use Budgets and Cost Explorer to set alerts and track spending. Finally, periodically clean up unused instances, volumes, and test resources to avoid paying for things you no longer need.
Course Schedule
| Course Name | Batch Type | Details |
| AWS Training | Every Weekday | View Details |
| AWS Training | Every Weekend | View Details |
