AWS Services Cheatsheet
Quick reference — what each service is and when to reach for it.
Service Categories
Compute
| Service |
What It Is |
| EC2 |
Virtual machines — full OS control |
| Lambda |
Serverless functions — event-triggered, no servers |
| ECS |
Container orchestration (Docker on AWS) |
| EKS |
Managed Kubernetes |
| Elastic Beanstalk |
PaaS — deploy app, AWS handles the infrastructure |
| Fargate |
Serverless containers (used with ECS/EKS) |
Storage
| Service |
What It Is |
| S3 |
Object storage — files, backups, static sites |
| EBS |
Block storage — attach to EC2 like a hard drive |
| EFS |
Managed NFS file system — shared across EC2s |
| S3 Glacier |
Archive storage — cheap, slow retrieval |
| Instance Store |
Ephemeral block storage — physically attached, lost on stop |
Databases
| Service |
What It Is |
| RDS |
Managed relational DB (MySQL, PostgreSQL, MariaDB, Oracle, SQL Server) |
| Aurora |
AWS-built relational DB — faster than RDS, compatible with MySQL/PostgreSQL |
| DynamoDB |
Serverless NoSQL — key-value + document |
| Redshift |
Data warehouse — analytics on large datasets |
| ElastiCache |
In-memory cache — Redis or Memcached |
| DocumentDB |
Managed MongoDB-compatible document DB |
Networking
| Service |
What It Is |
| VPC |
Virtual private network — your isolated AWS network |
| CloudFront |
Global CDN — cache content at edge locations |
| Route 53 |
DNS + domain registration + health checks |
| API Gateway |
Create and manage REST/HTTP/WebSocket APIs |
| ELB |
Load balancers (ALB for HTTP, NLB for TCP, GLB for traffic inspection) |
| Direct Connect |
Dedicated physical link from on-premises to AWS |
| VPN |
Encrypted tunnel from on-premises over the internet |
Security & Identity
| Service |
What It Is |
| IAM |
Users, roles, policies — who can do what |
| Cognito |
User identity for web/mobile apps |
| KMS |
Key Management Service — create and manage encryption keys |
| Secrets Manager |
Store and rotate credentials/API keys |
| Shield |
DDoS protection (Standard = free, Advanced = paid) |
| WAF |
Web Application Firewall — block bad HTTP traffic |
| GuardDuty |
Threat detection — monitors accounts for suspicious activity |
| Security Hub |
Centralised security findings across services |
| CloudTrail |
API audit log — who did what, when |
Management & Monitoring
| Service |
What It Is |
| CloudWatch |
Metrics, logs, alarms, dashboards |
| CloudTrail |
API auditing — every AWS API call logged |
| Config |
Track resource configuration changes over time |
| Systems Manager |
Run commands, patch, manage EC2 at scale |
| Trusted Advisor |
Recommendations for cost, security, performance |
| Service |
What It Is |
| CloudFormation |
IaC using JSON/YAML templates |
| CDK |
IaC using real code (Python, TypeScript, Java, etc.) |
| CodePipeline |
CI/CD pipeline |
| CodeBuild |
Managed build service |
| CodeDeploy |
Automated deployment to EC2, Lambda, ECS |
Messaging & Integration
| Service |
What It Is |
| SQS |
Message queue — decouple services, buffer load |
| SNS |
Pub/sub notifications — fan out to multiple subscribers |
| EventBridge |
Event bus — react to state changes across services |
| Step Functions |
Orchestrate multi-step workflows |
| Kinesis |
Real-time data streaming |
Cost & Governance
| Service |
What It Is |
| Organizations |
Manage multiple AWS accounts |
| SCPs |
Service Control Policies — limit what accounts can do |
| Budgets |
Set cost alerts |
| Cost Explorer |
Analyse spend by service/tag/time |
| Trusted Advisor |
Cost optimisation recommendations |
Pattern → Service Mapping
| Need |
Service |
| Serverless compute |
Lambda |
| Container orchestration |
ECS / EKS |
| Decouple microservices |
SQS |
| Broadcast events to multiple services |
SNS |
| Global content delivery |
CloudFront |
| Monitor + alert |
CloudWatch |
| Audit who did what |
CloudTrail |
| Compliance evidence |
CloudTrail + Artifact |
| Encrypt data |
KMS |
| Manage infrastructure as code |
CloudFormation / CDK |
| Disaster recovery (multi-region) |
S3 Cross-Region Replication |
| Manage multiple accounts |
Organizations |
| Cost visibility |
Cost Explorer + Budgets |
Well-Architected Framework — 5 Pillars
| Pillar |
Key Idea |
| Operational Excellence |
Automate, monitor, improve procedures |
| Security |
Least privilege IAM, encryption, logging |
| Reliability |
Fault tolerance, backups, multi-AZ |
| Performance Efficiency |
Right-size resources, use managed services |
| Cost Optimization |
Avoid over-provisioning, use Savings Plans/Spot |
Cloud Concepts Quick Reference
- CAPEX vs OPEX: upfront hardware spend (CAPEX) → pay-as-you-go cloud (OPEX)
- Elasticity: scale up and down automatically with demand
- Service models: IaaS (EC2) → PaaS (Beanstalk) → SaaS (WorkMail)
- Shared Responsibility: AWS secures the cloud; you secure what's in the cloud
- Hierarchy: Region → Availability Zone → Data Centre → Edge Location