A Map of Core AWS Services
Amazon Web Services (AWS, Amazon’s cloud platform) offers more than 200 services, and that number alone scares off most newcomers. The good news: you do not need to learn them all. In practice, a small core of roughly 15 services powers the vast majority of real-world workloads. This page is a map — it groups the flagship services by category so you know what each one is for and which ones to learn first.
How to read this map
Think of AWS services as belonging to a handful of jobs: running your code (compute), keeping your files and data (storage and databases), connecting things together (networking), keeping it safe (security), shipping it (deployment), and watching it run (observability). Almost every application is just a combination of services from these categories.
Tip: Resist the urge to learn “everything.” Master the core 15 below, and you will be able to build and run a production system. You can pick up niche services later, exactly when a real problem calls for them.
Compute — running your code
Compute services run your application logic. The big three:
| Service | What it is | When to use it |
|---|---|---|
| EC2 (Elastic Compute Cloud) | Virtual servers (called instances) you rent by the second | You need a full operating system, custom software, or long-running processes. |
| Lambda | ”Serverless” functions — your code runs on demand, no server to manage | Short, event-driven tasks (an API request, a file upload). You pay only while code runs. |
| ECS / EKS (Elastic Container Service / Elastic Kubernetes Service) | Run Docker containers at scale | You package apps as containers and want orchestration. EKS if you specifically need Kubernetes. |
When NOT to use: Do not reach for EC2 if a Lambda function or a managed service does the job — a full server is more to patch, secure, and pay for.
List your running EC2 instances with the AWS Command Line Interface (AWS CLI, the terminal tool for AWS):
aws ec2 describe-instances \
--query "Reservations[].Instances[].{ID:InstanceId,Type:InstanceType,State:State.Name}" \
--output tableOutput:
--------------------------------------------
| DescribeInstances |
+----------------------+-----------+-------+
| ID | Type | State |
+----------------------+-----------+-------+
| i-0a1b2c3d4e5f00112 | t3.micro | running|
+----------------------+-----------+-------+Cost note: A small
t3.microinstance runs about $7–8/month if left on 24/7. Lambda’s free tier includes 1 million requests/month, so light event-driven workloads can cost literally nothing.
Storage — keeping your files
| Service | What it is | When to use it |
|---|---|---|
| S3 (Simple Storage Service) | Object storage — files in “buckets”, accessed over the web | Images, backups, logs, static websites, data lakes. The default place to put any file. |
| EBS (Elastic Block Store) | Virtual hard drives attached to EC2 instances | The disk your EC2 server boots from and stores data on. |
| EFS (Elastic File System) | A shared file system many instances can mount at once | Multiple servers need to read/write the same files. |
S3 is the one nearly every project uses. Create a bucket from the console:
- Open the S3 console.
- Click Create bucket.
- Enter a globally unique name (e.g.
my-app-uploads-2026). - Pick a Region, leave Block all public access checked, and click Create bucket.
The CLI equivalent:
aws s3api create-bucket \
--bucket my-app-uploads-2026 \
--region us-east-1Databases — structured data
| Service | Type | When to use it |
|---|---|---|
| RDS (Relational Database Service) | Managed SQL (PostgreSQL, MySQL, etc.) | You need a traditional relational database without managing the server. |
| Aurora | AWS’s high-performance MySQL/PostgreSQL-compatible database | Same as RDS but you need more speed and automatic scaling. |
| DynamoDB | Managed NoSQL key-value/document store | Massive scale, simple lookups, predictable low latency, no schema. |
When to use which: Reach for RDS when your data has clear relationships and you know SQL. Reach for DynamoDB when you need huge scale and access patterns are simple key lookups.
Networking — connecting everything
| Service | What it is |
|---|---|
| VPC (Virtual Private Cloud) | Your private, isolated network in AWS (e.g. vpc-0a1b2c3d) where resources live. |
| ELB (Elastic Load Balancing) | Spreads incoming traffic across multiple servers. |
| Route 53 | AWS’s DNS service (turns example.com into an IP address). |
| CloudFront | A content delivery network (CDN) that caches content close to users worldwide. |
Every EC2 instance lives inside a VPC. Look up your default VPC:
aws ec2 describe-vpcs \
--filters "Name=isDefault,Values=true" \
--query "Vpcs[].VpcId" --output textOutput:
vpc-0a1b2c3d4e5f00112Security and identity
| Service | What it is | When to use it |
|---|---|---|
| IAM (Identity and Access Management) | Controls who can do what in your account | Always. Create users, roles, and least-privilege policies here. |
| KMS (Key Management Service) | Manages encryption keys | Encrypting S3 objects, EBS volumes, database fields. |
| Secrets Manager | Stores passwords, API keys, database credentials safely | Anytime you would otherwise hard-code a secret. |
Security gotcha: Never use your root account for daily work, and never hard-code access keys in code. Create an IAM user or role with only the permissions it needs.
Deployment and observability
You also need a way to ship code and watch it run.
- Deployment: CloudFormation (define your whole stack as a YAML/JSON template — “infrastructure as code”) and CodePipeline (automated build-and-deploy pipelines).
- Observability: CloudWatch is the central place for logs, metrics, and alarms. If something is slow or broken, you look here first.
A minimal CloudFormation template that creates an S3 bucket:
Resources:
UploadsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-app-uploads-2026The core 15 to learn first
If you learn just these, you can build and run almost anything: EC2, Lambda, ECS, S3, EBS, RDS, DynamoDB, VPC, ELB, Route 53, CloudFront, IAM, Secrets Manager, CloudFormation, CloudWatch.
Best Practices
- Start with the core 15 services; ignore the other ~185 until a concrete need appears.
- Default to managed and serverless options (Lambda, RDS, DynamoDB) before running your own servers — less to patch and secure.
- Put every resource inside a VPC and follow least-privilege with IAM from day one.
- Use S3 as the default home for any file before considering more specialized storage.
- Encrypt data at rest with KMS and store credentials in Secrets Manager — never in code.
- Wire up CloudWatch logs and alarms early, so you can see problems before users do.
- Define infrastructure as code with CloudFormation so environments are repeatable.