Reference · Amazon Web Services

AWS Services Reference

Core service categories, what each one does, and when to reach for it.

Compute

EC2 — virtual machines. Full control, pick your OS and instance type. Use when you need persistent processes or specific hardware.
Lambda — serverless functions. Pay per invocation. Best for event-driven, short-lived workloads.
ECS — run Docker containers on managed clusters. Simpler than Kubernetes.
EKS — managed Kubernetes. Use when you need Kubernetes features or multi-cloud portability.
Fargate — serverless containers. No EC2 to manage. Works with ECS and EKS.

S3 — object storage. Unlimited scale, 11 nines durability. Data lakes, backups, static websites, artifacts.
EBS — block storage for EC2. Like a hard drive attached to a VM. High IOPS for databases.
EFS — managed NFS. Shared filesystem across multiple EC2 instances.
Glacier — archival storage. Dirt cheap, slow retrieval. Long-term backups and compliance.

RDS — managed relational DB. MySQL, Postgres, SQL Server, Oracle. Automated backups, Multi-AZ.
Aurora — AWS-native relational. 5x faster than MySQL, serverless option, global tables.
DynamoDB — serverless NoSQL. Single-digit ms latency at any scale. On-demand or provisioned.
ElastiCache — managed Redis/Memcached. In-memory cache layer. Cut DB load dramatically.
Redshift — data warehouse. Columnar storage, petabyte scale, Redshift Spectrum for S3 queries.

VPC — your private network in AWS. Subnets, route tables, NACLs, security groups.
ALB — layer 7 load balancer. HTTP/HTTPS routing, path-based rules, WebSocket support.
NLB — layer 4 load balancer. TCP/UDP, ultra-low latency, static IPs.
CloudFront — CDN. Edge caching, DDoS protection, SSL termination, Lambda@Edge.
Route 53 — DNS + health checks + traffic routing (weighted, failover, geo).
Transit Gateway — hub-and-spoke for VPC peering at scale. Replaces complex mesh peering.
Direct Connect — dedicated private line from your data center to AWS.

IAM — identity and access management. Users, roles, policies. Least privilege everything.
KMS — key management. Create and control encryption keys. Audit via CloudTrail.
Secrets Manager — store and rotate credentials. DB passwords, API keys. Auto-rotation built in.
GuardDuty — threat detection. Analyses CloudTrail, VPC Flow Logs, DNS logs. ML-powered.
WAF — web application firewall. Block SQL injection, XSS, rate limit by IP.
Shield — DDoS protection. Standard is free. Advanced adds 24x7 DRT support.

SQS — managed message queue. Standard (at-least-once) or FIFO (exactly-once, ordered).
SNS — pub/sub notifications. Fan-out to SQS, Lambda, HTTP, email, SMS.
EventBridge — event bus. Route events by content pattern to targets. Schema registry.
Kinesis — real-time data streaming. Data Streams, Firehose, Analytics (Flink).
MSK — managed Apache Kafka. Full Kafka API compatibility, fully managed.

CloudFormation — AWS-native IaC. JSON/YAML templates. Deep service coverage.
CDK — define CloudFormation in Python, TypeScript, Java. Better abstractions.
CodePipeline — managed CI/CD. Source → Build → Test → Deploy.
CodeBuild — managed build service. Docker-based, pay per build minute.
Systems Manager — patch, run commands, manage parameters, session manager (no SSH needed).

Bedrock — foundation models as an API. Claude, Titan, Stable Diffusion. No GPU management.
Amazon Q — enterprise AI assistant. Connects to your data, code, and business systems.
SageMaker — full ML platform. Build, train, deploy models at scale.
Rekognition — image and video analysis. Object detection, facial analysis, content moderation.

Official docs for every service

Reference architectures, whitepapers, and patterns

Five pillars for evaluating and improving architectures