AWS Services Explained: What to Use, When to Use It, and How to Get Started



AWS Services Explained: What to Use, When to Use It, and How to Get Started

Amazon Web Services (AWS) is a massive cloud platform with 200+ services. This guide breaks them into practical groups—compute, storage, databases, networking, security, DevOps, analytics/AI, integration, migration, and more—so you can pick the right tool for your application, website, or data project. Each section covers what the service does, benefits, common use cases, and quick-start steps.

Compute (Run Your Code and Containers)

Amazon EC2 (Virtual Servers)

What: Resizable virtual machines (Linux/Windows) with full control.
Benefits: Flexibility, custom OS/software, scale up/down, spot pricing for savings.
Use When: Traditional apps, custom stacks, long-running servers, lift-and-shift workloads.

  1. Pick an AMI & instance type (e.g., t3.micro for dev).
  2. Create a security group (open only needed ports, e.g., 80/443/22).
  3. Attach an Elastic IP or use a load balancer for stable access.

AWS Lambda (Serverless Functions)

What: Run code on demand without managing servers.
Benefits: Pay per request/ms, scales automatically, great for event-driven tasks.
Use When: APIs, background jobs, cron, data processing, webhooks.

# Example: Create an S3-triggered Lambda (CLI steps summarized)
# 1) Zip your function code; 2) Create an execution role; 3) Create lambda & set S3 trigger

Amazon ECS & AWS Fargate (Containers)

What: Orchestrate Docker containers (ECS) and run them serverlessly (Fargate).
Benefits: Simple operational model, no servers to manage with Fargate, integrates with ECR, ALB.
Use When: Microservices, batch jobs, containerized apps.

Amazon EKS (Managed Kubernetes)

What: Kubernetes control plane managed by AWS.
Benefits: Standard K8s APIs, portability, integrates with AWS networking & IAM.
Use When: Teams standardized on Kubernetes, multi-cloud strategies.

Lightsail (Simplified Hosting)

What: VPS with preconfigured stacks (WordPress, LAMP).
Use When: Small websites, MVPs, quick prototypes needing predictable pricing.

Storage & Content

Amazon S3 (Object Storage)

What: Durable object storage for files, images, backups, static websites.
Benefits: 11 9’s durability, lifecycle to Glacier, access control with IAM & bucket policies.
Use When: Static assets, user uploads, data lakes.

# Quick start (CLI)
aws s3 mb s3://my-site-bucket
aws s3 sync ./public s3://my-site-bucket

Amazon CloudFront (CDN)

What: Global CDN that caches content near users.
Benefits: Lower latency, TLS, DDoS protection (with AWS Shield), signed URLs.
Use When: Speeding up static/dynamic content globally.

EFS & FSx

EFS: Shared NFS file system for Linux across EC2/ECS.
FSx: Managed Windows File Server, Lustre (HPC), NetApp ONTAP, OpenZFS.
Use When: Apps that need POSIX/Windows file semantics or high-performance file systems.

Glacier / S3 Glacier

What: Archival storage tiers with very low cost.
Use When: Compliance archives, backups, infrequently accessed data.

Databases & Data Warehousing

Amazon RDS & Aurora (Relational)

What: Managed MySQL, PostgreSQL, MariaDB, SQL Server, Oracle; Aurora is cloud-optimized MySQL/PostgreSQL-compatible.
Benefits: Automated backups, Multi-AZ, read replicas, patching.
Use When: OLTP apps, ecommerce, SaaS backends.

Amazon DynamoDB (NoSQL)

What: Serverless key-value & document database.
Benefits: Single-digit ms latency at scale, on-demand capacity, built-in backup & streams.
Use When: High-scale apps, IoT, gaming leaderboards, session stores.

Amazon Redshift (Data Warehouse)

What: Managed, petabyte-scale warehouse for analytics (SQL).
Use When: BI dashboards, complex queries on large datasets, ELT with S3/Glue.

Other Data Services

  • ElastiCache (Redis/Memcached) for caching & real-time features.
  • Neptune graph DB for relationships (social, fraud, knowledge graphs).
  • Timestream time-series DB for IoT metrics & telemetry.

Networking & Traffic Management

Amazon VPC

What: Private network with subnets, route tables, NAT, gateways.
Use When: Any non-trivial deployment. Organize public/private subnets and security groups.

Elastic Load Balancing (ALB/NLB)

ALB: Layer-7 HTTP/HTTPS with path/host routing; NLB: Layer-4 ultra-high performance.
Use When: Scale web apps, blue/green & canary deployments.

Amazon Route 53

What: DNS, domain registration, health checks, routing policies (latency, GEO).
Use When: Any public domain for your apps.

API Gateway

What: Fully managed API front-door for REST/HTTP/WebSocket (often with Lambda).
Use When: Serverless APIs, throttling, auth, usage plans.

Security, Identity & Compliance

AWS IAM & Organizations

IAM: Fine-grained permissions for users/roles/policies.
Organizations: Multi-account governance with SCPs & consolidated billing.

KMS, Secrets Manager & Parameter Store

KMS: Manage encryption keys.
Secrets Manager/SSM: Store/rotate secrets & configs securely.

WAF, Shield, GuardDuty, Security Hub

WAF: Filter malicious web traffic.
Shield: DDoS protection.
GuardDuty: Threat detection.
Security Hub: Centralized security posture view.

Amazon Cognito

What: User sign-up/sign-in, hosted UI, social logins, JWTs.
Use When: Add authentication to web/mobile apps quickly.

DevOps, Observability & IaC

CodeCommit, CodeBuild, CodeDeploy, CodePipeline

What: Git repos, build service, deployment automation, CI/CD pipelines.
Use When: End-to-end DevOps inside AWS.

CloudFormation & CDK

What: Infrastructure as Code (YAML/JSON) or with programming languages (CDK).
Use When: Versioned, repeatable environments, drift detection.

CloudWatch & CloudTrail

CloudWatch: Logs, metrics, alarms, dashboards.
CloudTrail: API audit logs for governance & forensics.

Analytics, AI/ML & Big Data

Amazon Athena & AWS Glue

Athena: Serverless SQL on S3 data (pay per query).
Glue: ETL, data catalog, crawlers to discover schema.

Amazon EMR & Kinesis

EMR: Managed Hadoop/Spark for big-data processing.
Kinesis: Real-time streaming ingest & analytics.

Amazon QuickSight

What: BI dashboards and visualizations, serverless pricing.

Amazon SageMaker & Bedrock

SageMaker: Build/train/deploy ML at scale (notebooks, training jobs, endpoints).
Bedrock: Access foundation models for generative AI with managed tooling.

Integration & Workflow

SQS, SNS, EventBridge

SQS: Durable queues for decoupling.
SNS: Pub/Sub for fan-out messaging.
EventBridge: Event bus for SaaS/AWS app integrations & rules.

Step Functions

What: Visual workflows/state machines to orchestrate Lambdas & services.
Use When: Long-running business processes, retries, human-in-the-loop.

Migration & Hybrid

  • DMS: Database Migration Service for heterogeneous DB moves.
  • Server Migration (SMS) / Application Migration Service: Lift-and-shift VMs.
  • Direct Connect: Private high-bandwidth link to AWS.

Edge, IoT, Media & Communications

  • AWS IoT Core & Greengrass: Device connectivity, shadow, edge processing.
  • MediaConvert/MediaLive: VOD transcoding & live streaming pipelines.
  • Amazon SES & Pinpoint: Transactional email & user engagement.
  • Amplify: Frontend hosting, auth, data for web/mobile apps (React, Vue, Flutter).

Which Service for Which Project? (Cheat Sheet)

  • Static website/landing page: S3 + CloudFront + Route 53 (+ Certificate Manager).
  • WordPress/monolith quickly: Lightsail or EC2 + RDS + EFS + CloudFront.
  • Modern API (serverless): API Gateway + Lambda + DynamoDB (+ Cognito).
  • Containerized microservices: ECS Fargate or EKS + ALB + RDS/DynamoDB.
  • High-read ecommerce: ALB + EC2/ECS + Aurora (or RDS) + ElastiCache + CloudFront.
  • Real-time streaming analytics: Kinesis + Lambda/Firehose + S3 + Athena/Redshift + QuickSight.
  • Data lake & BI: S3 + Glue + Athena/Redshift + QuickSight.
  • IoT telemetry: IoT Core + Kinesis/Firehose + S3 + Timestream + QuickSight.
  • GenAI app: Bedrock/SageMaker + API Gateway + Lambda/ECS + DynamoDB + CloudFront.

Secure & Cost-Efficient Setup (Baseline Steps)

  1. Account & Org: Create production/staging accounts with AWS Organizations & SSO.
  2. Networking: Set up a VPC with public (ALB) and private subnets (app/DB), NAT for egress.
  3. Identity: Use IAM roles, least privilege, MFA, and short-lived credentials.
  4. Secrets: Store DB/API secrets in Secrets Manager/SSM Parameter Store.
  5. Observability: Enable CloudWatch metrics/logs/alarms, X-Ray tracing, and CloudTrail.
  6. Security: Turn on GuardDuty, baseline WAF rules on ALB/API Gateway, KMS encryption at rest.
  7. Reliability: Multi-AZ for RDS/Aurora, Auto Scaling groups or Fargate scaling, health checks.
  8. CI/CD: CodePipeline + CodeBuild/CodeDeploy or GitHub Actions to deploy via CDK/CloudFormation.
  9. Cost: Use Cost Explorer & Budgets; pick right instance families; S3 lifecycle to Glacier; consider Savings Plans.

Quick Start Examples

Host a Static Website

  1. Create S3 bucket (name = domain) > enable static website hosting > upload site files.
  2. Provision CloudFront distribution with S3 as origin.
  3. Register domain in Route 53 & add A/AAAA records to CloudFront; request free TLS cert (ACM).

Build a Serverless API

  1. Create a Lambda function (Node/Python/Go) & attach an execution role.
  2. Configure API Gateway (HTTP/REST) to integrate with Lambda.
  3. Store data in DynamoDB; secure with Cognito (JWT) or IAM auth; deploy stages.

Containerized Web App

  1. Push image to ECR; define ECS task with Fargate launch type.
  2. Create ECS service behind an ALB with target groups & health checks.
  3. Use RDS/Aurora for DB, ElastiCache for caching, CloudWatch for logs/metrics.

Best Practices at a Glance

  • Design for failure: Multi-AZ, health checks, retries, idempotency.
  • Least privilege: Narrow IAM policies; separate roles for CI/CD, apps, humans.
  • Encrypt everything: KMS for S3/RDS/EBS; TLS in transit; rotate secrets.
  • Automate: Use CDK/CloudFormation & pipelines; avoid manual console changes.
  • Right-size: Start small, enable autoscaling, monitor & tune.

Tip: Start with the cheat sheet. Pick the minimal set of services, deploy with IaC, add more only when the problem requires it.

Posted

in

by

Praeclarum Tech

Tags:

, , , , , , ,