AWS has 200+ services but you only need to know about 15 to build most applications. Here's the essential map of AWS.
AWS launched in 2006 and has ~32% of the cloud market. Most job descriptions mention AWS. Most startups run on AWS. Understanding the core services is essential for any backend or DevOps engineer.
The good news: you don't need to know all 200+ services. 90% of applications use fewer than 15.
Virtual machines in the cloud. The most fundamental AWS service.
# Launch a server in 60 seconds
aws ec2 run-instances \
--image-id ami-0abcdef1234567890 \
--instance-type t3.micro \
--key-name my-key-pairRun code without managing servers. Pay only when code runs.
// Lambda function — runs on demand, scales automatically
export const handler = async (event) => {
const name = event.queryStringParameters?.name ?? "World";
return {
statusCode: 200,
body: JSON.stringify({ message: `Hello, ${name}!` }),
};
};Run Docker containers at scale. Managed container orchestration.
Object storage for any file type. Infinitely scalable.
// Upload a file to S3
const s3 = new S3Client({ region: "ap-south-1" });
await s3.send(new PutObjectCommand({
Bucket: "my-bucket",
Key: "images/photo.jpg",
Body: fileBuffer,
ContentType: "image/jpeg",
}));Persistent disk storage attached to EC2 instances. Like a hard drive for your VM.
Managed relational databases. Supports PostgreSQL, MySQL, MariaDB, Oracle, SQL Server.
What RDS handles for you:
✅ Automated backups
✅ Multi-AZ failover
✅ Read replicas
✅ Patching and updates
✅ Monitoring
What you still manage:
- Schema design
- Query optimization
- Instance sizing
Fully managed key-value and document database. Single-digit millisecond performance at any scale.
Managed in-memory caching. Drop-in Redis or Memcached.
Your own isolated network within AWS. All resources live inside a VPC.
AWS's DNS service. Register domains, route traffic, health checks.
AWS's global CDN. Cache content at 450+ edge locations worldwide.
Control who can access what in AWS. The most important security service.
// IAM Policy — allow reading from a specific S3 bucket only
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": "arn:aws:s3:::my-bucket/*"
}]
}Principle of least privilege — give only the permissions needed, nothing more.
Collect logs and metrics from all AWS services. Set alarms.
# View Lambda logs
aws logs tail /aws/lambda/my-function --follow
# Create an alarm when CPU > 80%
aws cloudwatch put-metric-alarm \
--alarm-name "HighCPU" \
--metric-name CPUUtilization \
--threshold 80 \
--comparison-operator GreaterThanThresholdUsers → Route53 (DNS)
→ CloudFront (CDN)
→ ALB (Load Balancer)
→ EC2 / ECS / Lambda (App)
→ RDS (Database)
→ ElastiCache (Cache)
→ S3 (File Storage)
→ CloudWatch (Monitoring)
→ IAM (Security)
| Service | What it does |
|---|---|
| EC2 | Virtual machines |
| Lambda | Serverless functions |
| S3 | File/object storage |
| RDS | Managed relational DB |
| DynamoDB | Managed NoSQL DB |
| VPC | Private network |
| CloudFront | CDN |
| Route53 | DNS |
| IAM | Access control |
| CloudWatch | Monitoring and logs |
Start with these 10 — they cover 90% of what you'll need.