Skip to main content

Amazon Web Services (AWS) Overview

🎚️

Adjust Technical Level

Select your expertise level to customize content

Amazon Web Services (AWS) is a comprehensive cloud computing platform offering infrastructure as a service (IaaS), platform as a service (PaaS), and packaged software as a service (SaaS) offerings. AWS provides a broad set of global compute, storage, database, analytics, application, and deployment services that help organizations move faster, lower IT costs, and scale applications. With data center locations in multiple geographic regions, AWS allows organizations to deploy resilient, fault-tolerant applications with global reach while maintaining data sovereignty and compliance requirements.

AWS Core Concepts

Technical Architecture

Technical

AWS Business Value

At its core, AWS provides a flexible, cost-effective way for businesses to access computing resources without the upfront investment and maintenance of physical infrastructure.

Key Business Benefits

  • Cost Efficiency: Pay only for what you use, with no upfront costs or long-term commitments for most services.
  • Scalability: Easily scale resources up or down based on demand, ensuring you have the right capacity at the right time.
  • Agility: Launch new applications and services quickly without waiting for hardware procurement or setup.
  • Global Reach: Deploy applications worldwide in minutes with AWS's global infrastructure.
  • Security: Benefit from AWS's secure infrastructure and wide range of compliance certifications.
  • Innovation: Access cutting-edge technologies like machine learning, IoT, and serverless computing without specialized expertise.

Business Model

  • Consumption-Based Pricing: Most services are billed based on actual usage, allowing cost to scale with your business needs.
  • Reserved Capacity Options: Commit to using certain resources for 1-3 years for significant discounts.
  • Free Tier: Many services offer a free tier for learning and small workloads.
  • Volume Discounts: Costs generally decrease as usage increases.
  • Total Cost of Ownership (TCO): Often lower than traditional on-premises infrastructure when considering all costs.

Business Use Cases

  • Startups: Launch with minimal upfront cost and scale as the business grows.
  • Enterprises: Modernize IT infrastructure, improve operational efficiency, and accelerate innovation.
  • Web Applications: Host websites and applications with high availability and global distribution.
  • Data Analytics: Process and analyze large datasets without investing in specialized hardware.
  • Disaster Recovery: Create cost-effective backup and recovery solutions across multiple geographic regions.
  • Development and Testing: Create and tear down environments on demand without capital expense.

Business Perspective

Non-Technical

AWS Technical Foundation

AWS is built on a distributed systems architecture with several key technical concepts:

Global Infrastructure

  • Regions: Geographic areas containing multiple Availability Zones. Each Region is completely independent and isolated from other Regions.
  • Availability Zones (AZs): Physically separate data centers within a Region, connected with low-latency links but isolated from failures in other AZs.
  • Edge Locations: Points of presence used by CloudFront (CDN) and Route 53 (DNS) for content delivery and distribution.
  • Local Zones: Infrastructure deployments that place compute, storage, and database services closer to large population and industry centers.

Service Models

  • Infrastructure as a Service (IaaS): Provides virtualized computing resources (EC2, EBS, VPC).
  • Platform as a Service (PaaS): Offers platforms for developing, running, and managing applications (Elastic Beanstalk, ECS, EKS).
  • Software as a Service (SaaS): Delivers software applications over the internet (Amazon WorkMail, Amazon Connect).
  • Function as a Service (FaaS): Allows running code without managing servers (Lambda).

Security and Identity

  • Shared Responsibility Model: Divides security responsibility between AWS (security of the cloud) and customer (security in the cloud).
  • IAM (Identity and Access Management): Controls authentication and authorization for AWS resources.
  • Resource Policies: Define permissions directly on resources like S3 buckets or SQS queues.
  • Security Groups: Act as virtual firewalls controlling traffic to EC2 instances.
  • Network ACLs: Provide stateless packet filtering at the subnet level.

Deployment and Management

  • AWS Management Console: Web-based interface to manage AWS resources.
  • AWS CLI: Command-line tool for managing AWS services.
  • AWS SDKs: Software development kits for various programming languages.
  • Infrastructure as Code: Tools like CloudFormation, CDK, and Terraform for provisioning resources.
  • API-Driven Architecture: All AWS services expose APIs for programmatic access.

AWS Service Categories

100%
🔍 Use Ctrl+Scroll to zoom
ComputeServicesStorageServicesDatabaseServicesNetworking &Content DeliverySecurity, Identity& ComplianceManagement& GovernanceMachine Learning& AIApplicationIntegrationEC2(Virtual Servers)Lambda(Serverless)ECS/EKS(Containers)S3(Object Storage)EBS(Block Storage)S3 Glacier(Archival)RDS(Relational DB)DynamoDB(NoSQL)Redshift(Data Warehouse)VPC(Virtual Network)Route 53(DNS)CloudFront(CDN)IAM(Identity)KMS(Encryption)Shield(DDoS Protection)CloudWatch(Monitoring)CloudTrail(Auditing)CloudFormation(IaC)SageMaker(ML Platform)Comprehend(NLP)Rekognition(Image/Video Analysis)SQS(Queuing)SNS(Notifications)EventBridge(Event Bus)

Legend

Components
Service Categories
Compute
Storage
Database
Networking
Security
Management
AI/ML
Integration
Connection Types
Process Flow

Core AWS Services

This section details the most important and widely-used AWS services that form the foundation of most AWS deployments.

Compute Services

Amazon Elastic Compute Cloud (EC2)

Technical Implementation

Technical

EC2 provides flexible computing capacity that eliminates the need for upfront hardware investments and helps businesses address changing requirements:

  • Cost Optimization: Choose the right instance types, purchasing options (On-Demand, Reserved, Savings Plans, Spot), and Auto Scaling to align costs with actual needs
  • Rapid Deployment: Spin up new servers in minutes rather than weeks for procurement
  • Global Reach: Deploy applications closer to users across multiple geographic regions
  • Business Continuity: Distribute instances across Availability Zones for fault tolerance
  • Development & Testing: Create development environments on demand and terminate when not needed

Cost Considerations:

  • On-Demand instances are billed by the second with no commitments (best for variable workloads)
  • Reserved Instances offer up to 72% savings with 1-3 year commitments (best for predictable workloads)
  • Spot Instances provide up to 90% discounts but can be terminated with short notice (best for fault-tolerant workloads)
  • Savings Plans offer flexible pricing model with 1-3 year commitments across multiple services

Business Value

Non-Technical

Amazon EC2 provides resizable virtual servers (instances) in the cloud. Key technical aspects include:

  • Instance Types: Organized by families optimized for different use cases (compute, memory, storage, GPU, etc.) and available in various sizes
  • Amazon Machine Images (AMIs): Pre-configured templates containing OS and software
  • Instance Store vs EBS: Ephemeral storage directly attached to the host server vs persistent block storage volumes
  • Placement Groups: Control instance placement strategy (cluster, spread, partition)
  • Auto Scaling: Automatically adjust capacity based on demand using scaling policies
  • Spot Instances: Bid for unused EC2 capacity at steep discounts compared to On-Demand pricing

Common EC2 CLI Operations:

# Launch a new EC2 instance
aws ec2 run-instances --image-id ami-12345678 --instance-type t2.micro --key-name MyKeyPair

# Describe running instances
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running"

# Stop an instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0

# Create an Auto Scaling group
aws autoscaling create-auto-scaling-group --auto-scaling-group-name my-asg \
--launch-configuration-name my-launch-config \
--min-size 1 --max-size 3 --desired-capacity 2 \
--availability-zones us-east-1a us-east-1b

Storage Services

Amazon Simple Storage Service (S3)

Technical Implementation

Technical

S3 provides secure, durable, and scalable object storage for a wide range of business use cases:

  • 99.999999999% Durability: Designed to protect data from site-level failures, errors, and threats
  • Cost Optimization: Storage classes allow balancing access needs with cost efficiency
  • Scalability: Virtually unlimited storage capacity that grows with your business
  • Global Access: Content accessible worldwide with built-in capabilities to accelerate delivery
  • Data Protection: Versioning, replication, and point-in-time recovery protect critical business assets

Common Business Use Cases:

  • Backup and disaster recovery
  • Content and media distribution
  • Data lakes and big data analytics
  • Static website hosting
  • Mobile and web application asset storage
  • Long-term archiving and compliance storage

Cost Structure: Pay only for what you use, with charges based on:

  • Storage volume by storage class
  • Data transfer out of the AWS region
  • Request and data retrieval pricing
  • Data management features (e.g., inventory, analytics)

Business Value

Non-Technical

Amazon S3 is an object storage service offering industry-leading scalability, availability, security, and performance.

  • Object Storage Model: Store and retrieve any amount of data as objects (files) within buckets (containers)
  • Data Consistency: Strong read-after-write consistency for all operations
  • Storage Classes:
    • S3 Standard: General-purpose storage for frequently accessed data
    • S3 Intelligent-Tiering: Automatically moves objects between access tiers
    • S3 Standard-IA: For infrequently accessed data with rapid access when needed
    • S3 One Zone-IA: Lower-cost option for infrequently accessed data that doesn't require multi-AZ resilience
    • S3 Glacier: Low-cost storage for data archiving with retrieval times from minutes to hours
    • S3 Glacier Deep Archive: Lowest-cost storage for long-term retention with retrieval time of hours
  • Access Control: Bucket policies, IAM policies, Access Control Lists (ACLs), Access Points
  • Data Management: Lifecycle policies, versioning, replication, object locking
  • Performance Optimization: Multipart uploads, transfer acceleration, byte-range fetches

Common S3 Operations:

# Upload a file to S3
aws s3 cp myfile.txt s3://my-bucket/

# List objects in a bucket
aws s3 ls s3://my-bucket/

# Create a bucket with versioning enabled
aws s3api create-bucket --bucket my-new-bucket --region us-east-1
aws s3api put-bucket-versioning --bucket my-new-bucket --versioning-configuration Status=Enabled

# Configure lifecycle policy
aws s3api put-bucket-lifecycle-configuration --bucket my-bucket --lifecycle-configuration file://lifecycle.json

Database Services

Amazon Relational Database Service (RDS)

Technical Implementation

Technical

RDS eliminates the operational burden of database management, allowing businesses to focus on application development and business growth:

  • Reduced Administrative Overhead: AWS handles routine database tasks like patching, backups, and monitoring
  • High Availability: Multi-AZ deployments provide business continuity with automated failover
  • Scalability: Easy vertical scaling by changing instance class and horizontal scaling with read replicas
  • Regulatory Compliance: Supports compliance with requirements for encryption and backup retention
  • Pay-as-you-go Model: No upfront costs for database licenses or infrastructure

Common Business Use Cases:

  • Web applications and e-commerce platforms
  • ERP, CRM, and other enterprise applications
  • SaaS applications requiring relational data storage
  • Mobile app backends
  • Legacy application migration to the cloud

Cost Optimization Strategies:

  • Reserved Instances for predictable workloads
  • Appropriate instance sizing based on workload
  • Aurora Serverless for variable or unpredictable workloads
  • Storage autoscaling to match growth patterns
  • Multi-tenant database architectures for SaaS applications

Business Value

Non-Technical

Amazon RDS is a managed relational database service that makes it easier to set up, operate, and scale a relational database in the cloud.

  • Supported Engines: Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, SQL Server
  • Deployment Options:
    • Single-AZ: Database in one Availability Zone
    • Multi-AZ: Synchronous standby replica in a different AZ for high availability
    • Read Replicas: Asynchronous replicas for read scaling and geographic distribution
  • Managed Features:
    • Automated backups with point-in-time recovery
    • Automated software patching
    • Monitoring and metrics via CloudWatch
    • Scaling (vertical and horizontal with read replicas)
  • Security: Network isolation via VPC, encryption at rest (KMS) and in transit (SSL), IAM database authentication
  • Performance: Instance types optimized for database workloads, IOPS provisioning, Performance Insights monitoring

Sample RDS Commands:

# Create a MySQL database instance
aws rds create-db-instance \
--db-instance-identifier mydb \
--db-instance-class db.t3.small \
--engine mysql \
--master-username admin \
--master-user-password secret99 \
--allocated-storage 20

# Create a read replica
aws rds create-db-instance-read-replica \
--db-instance-identifier mydb-replica \
--source-db-instance-identifier mydb

# Enable automated backups
aws rds modify-db-instance \
--db-instance-identifier mydb \
--backup-retention-period 7 \
--apply-immediately

Networking Services

Amazon Virtual Private Cloud (VPC)

Technical Implementation

Technical

VPC provides foundational network security and control that supports business and regulatory requirements:

  • Network Isolation: Complete control over your virtual networking environment
  • Security Posture: Multiple layers of security controls to protect applications and data
  • Hybrid Connectivity: Securely connect cloud resources to on-premises infrastructure
  • Compliance Framework: Network design that supports regulatory requirements (PCI DSS, HIPAA, etc.)
  • Business Continuity: Multi-AZ architectures for high availability

Business Use Cases:

  • Hosting multi-tier applications with security isolation between tiers
  • Creating development, test, and production environments with network separation
  • Extending corporate networks to the cloud in hybrid scenarios
  • Implementing regulatory compliant network architectures
  • Providing secure remote access to corporate resources

Cost Considerations:

  • VPC itself has no additional cost
  • Charges apply for VPN connections, NAT gateways, Transit Gateways, and data transfer
  • Consider network design to minimize data transfer costs between AZs
  • Private connectivity options can reduce internet data transfer costs

Business Value

Non-Technical

Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

  • Network Architecture:
    • VPC: A logically isolated virtual network in AWS with a specified CIDR block
    • Subnets: Segments of a VPC's IP address range where you place resources
    • Route Tables: Control traffic routing between subnets and gateways
    • Internet Gateway: Connects VPC to the internet
    • NAT Gateway: Enables outbound internet for private subnets
  • Security Controls:
    • Security Groups: Stateful firewall rules for resources (instance level)
    • Network ACLs: Stateless firewall rules for subnets (subnet level)
    • Network Firewall: Advanced network security service
  • Connectivity Options:
    • VPC Peering: Connect VPCs privately
    • Transit Gateway: Hub for connecting VPCs and on-premises networks
    • VPN Connections: Secure connections to on-premises networks
    • Direct Connect: Dedicated network connection to AWS
  • Additional Features: Flow Logs for traffic monitoring, Endpoints for private connections to AWS services, Traffic Mirroring for packet inspection

VPC Architecture Example:

# Create a VPC with CIDR block
aws ec2 create-vpc --cidr-block 10.0.0.0/16

# Create public and private subnets
aws ec2 create-subnet --vpc-id vpc-123456 --cidr-block 10.0.1.0/24 --availability-zone us-east-1a
aws ec2 create-subnet --vpc-id vpc-123456 --cidr-block 10.0.2.0/24 --availability-zone us-east-1b

# Create and attach internet gateway
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --internet-gateway-id igw-123456 --vpc-id vpc-123456

# Create security group for web servers
aws ec2 create-security-group --group-name WebSG --description "Web servers" --vpc-id vpc-123456
aws ec2 authorize-security-group-ingress --group-id sg-123456 --protocol tcp --port 80 --cidr 0.0.0.0/0

Security and Identity Services

AWS Identity and Access Management (IAM)

Technical Implementation

Technical

IAM is fundamental to security governance in AWS, providing organizations with the controls needed to meet security and compliance requirements:

  • Security Governance: Centralized control over AWS resources access
  • Compliance Support: Helps meet regulatory requirements for access controls and separation of duties
  • Risk Reduction: Minimize security risks by implementing least privilege
  • Operational Efficiency: Streamline access management across the organization
  • Identity Federation: Use existing identity systems without recreating users in AWS

Business Impact:

  • Prevent unauthorized access to sensitive data and resources
  • Enable secure delegation of responsibilities to teams and services
  • Maintain audit trail of access for compliance reporting
  • Reduce operational overhead through automation and federation
  • Support secure application development with fine-grained permissions

Implementation Strategies:

  • Role-Based Access: Align IAM permissions with job functions
  • Attribute-Based Access: Dynamic permissions based on user or resource attributes
  • Federated Access: Integration with corporate directories
  • Programmatic Access: API-based access for applications and services
  • Emergency Access: Break-glass procedures for urgent situations

Business Value

Non-Technical

AWS IAM enables you to securely control access to AWS services and resources for your users and applications.

  • Core Components:
    • Users: Identities representing people or applications
    • Groups: Collections of users with shared permissions
    • Roles: Identities that can be assumed by trusted entities (services, applications, users)
    • Policies: JSON documents defining permissions
  • Policy Types:
    • Identity-based: Attached to IAM users, groups, or roles
    • Resource-based: Attached directly to resources (S3 buckets, SQS queues)
    • Permission boundaries: Set maximum permissions for an entity
    • Service control policies (SCPs): Define maximum permissions in AWS Organizations
  • Features:
    • Multi-factor authentication (MFA)
    • Federation with external identity providers (SAML, OIDC)
    • Temporary security credentials
    • Access Analyzer for identifying resource access
  • Best Practices: Least privilege principle, rotation of credentials, IAM Access Advisor, policy conditions

IAM Configuration Examples:

# Create a user
aws iam create-user --user-name johndoe

# Create and attach a policy
aws iam create-policy --policy-name S3ReadOnly --policy-document '{
"Version": "2012-10-17",
"Statement": [{
  "Effect": "Allow",
  "Action": ["s3:Get*", "s3:List*"],
  "Resource": "*"
}]
}'

aws iam attach-user-policy --user-name johndoe --policy-arn arn:aws:iam::123456789012:policy/S3ReadOnly

# Create a role for EC2 instances
aws iam create-role --role-name EC2S3Access --assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [{
  "Effect": "Allow",
  "Principal": {"Service": "ec2.amazonaws.com"},
  "Action": "sts:AssumeRole"
}]
}'

Management and Monitoring

Amazon CloudWatch

Technical Implementation

Technical

CloudWatch provides observability across your entire infrastructure and application stack, enabling you to optimize performance, maintain availability, and respond quickly to issues:

  • System-Wide Visibility: Single pane of glass for monitoring all resources and applications
  • Proactive Management: Detect and address issues before they impact users
  • Operational Efficiency: Automate responses to common problems
  • Performance Optimization: Identify bottlenecks and opportunities for improvement
  • Cost Management: Monitor and optimize resource utilization

Business Impact:

  • Reduced mean time to detection (MTTD) and resolution (MTTR) for issues
  • Improved application reliability and user experience
  • Lower operational costs through automation and efficient resource use
  • Better capacity planning based on historical trends
  • Enhanced security posture through anomaly detection

Implementation Strategy:

  • Foundational Monitoring: Start with basic infrastructure metrics
  • Application Insights: Add custom metrics and logs for application context
  • Proactive Alerting: Configure alarms for critical thresholds
  • Automated Response: Use EventBridge and Lambda to respond to alerts
  • Business Metrics: Correlate technical metrics with business outcomes

Business Value

Non-Technical

Amazon CloudWatch is a monitoring and observability service that provides data and actionable insights for AWS resources and applications.

  • Core Components:
    • Metrics: Time-series data points for resources and applications
    • Logs: Centralized log collection and analysis
    • Events: Stream of system events describing changes in AWS resources
    • Alarms: Notifications based on metrics crossing thresholds
    • Dashboards: Customizable visualization of metrics and alarms
  • Advanced Features:
    • Synthetics: Canary scripts that monitor endpoints and APIs
    • ServiceLens: Application and transaction tracing
    • Container Insights: Monitoring for containerized applications
    • Lambda Insights: Monitoring for serverless applications
    • Contributor Insights: Analyze high-cardinality data
  • Integration: Works with AWS services, on-premises resources, and custom applications
  • Metrics Resolution: Standard (1-minute) and high-resolution (1-second) metrics

CloudWatch Examples:

# Create a metric alarm for CPU utilization
aws cloudwatch put-metric-alarm \
--alarm-name cpu-utilization \
--comparison-operator GreaterThanThreshold \
--evaluation-periods 2 \
--metric-name CPUUtilization \
--namespace AWS/EC2 \
--period 300 \
--statistic Average \
--threshold 80 \
--alarm-actions arn:aws:sns:us-east-1:123456789012:my-topic \
--dimensions "Name=InstanceId,Value=i-1234567890abcdef0"

# Create a dashboard
aws cloudwatch put-dashboard \
--dashboard-name MyDashboard \
--dashboard-body '{"widgets":[{"type":"metric","x":0,"y":0,"width":12,"height":6,"properties":{"metrics":[["AWS/EC2","CPUUtilization","InstanceId","i-1234567890abcdef0"]],"view":"timeSeries","stacked":false,"title":"EC2 Instance CPU"}}]}'

# Create a log group
aws logs create-log-group --log-group-name /my-application/logs

Application Integration

Amazon Simple Queue Service (SQS)

Technical Implementation

Technical

SQS provides a reliable, scalable message queue that helps businesses build resilient, loosely-coupled systems:

  • System Decoupling: Buffer between components allows independent scaling and failure isolation
  • Workload Smoothing: Handle traffic spikes without service degradation
  • Fault Tolerance: Messages persist even if processing components fail
  • Simplified Architecture: Eliminate complex coordination between distributed components
  • Cost Optimization: Process messages at a rate that matches your budget and needs

Business Use Cases:

  • Order Processing: Reliably manage order flows in e-commerce systems
  • Media Processing: Handle video/image processing at scale
  • Log Processing: Collect and process logs from distributed systems
  • Task Distribution: Distribute work across multiple processors
  • Email Sending: Queue email requests for reliable delivery
  • Batch Processing: Collect transactions for efficient batch processing

Implementation Strategy:

  • Choose Queue Type: Standard for high throughput, FIFO when order matters
  • Message Lifecycle: Configure appropriate visibility timeout and retention
  • Error Handling: Implement dead-letter queues for unprocessable messages
  • Auto-Scaling: Scale consumers based on queue depth
  • Monitoring: Track queue metrics with CloudWatch

Business Value

Non-Technical

Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

  • Queue Types:
    • Standard Queues: High throughput, at-least-once delivery, best-effort ordering
    • FIFO Queues: First-in-first-out delivery, exactly-once processing, message groups
  • Message Handling:
    • Message Retention: Up to 14 days
    • Message Size: Up to 256KB
    • Visibility Timeout: Period during which messages are invisible after being received
    • Dead-Letter Queues: Capture messages that can't be processed
  • Security: Server-side encryption, IAM policies, VPC endpoints, temporary credentials
  • Integration: Works with Lambda, SNS, EventBridge, and most AWS services

SQS Examples:

# Create a standard queue
aws sqs create-queue --queue-name my-standard-queue

# Create a FIFO queue
aws sqs create-queue \
--queue-name my-fifo-queue.fifo \
--attributes FifoQueue=true,ContentBasedDeduplication=true

# Send a message
aws sqs send-message \
--queue-url https://sqs.us-east-1.amazonaws.com/123456789012/my-standard-queue \
--message-body "Hello, SQS!"

# Receive messages
aws sqs receive-message \
--queue-url https://sqs.us-east-1.amazonaws.com/123456789012/my-standard-queue \
--max-number-of-messages 10 \
--wait-time-seconds 20

# Delete a message after processing
aws sqs delete-message \
--queue-url https://sqs.us-east-1.amazonaws.com/123456789012/my-standard-queue \
--receipt-handle AQEBTpyL...