Free · No account · Works in your browser

AWS Service Quick Reference

Search 70+ AWS services by name or category — with exam tips for CLF and SAA

51 of 51 services shown

AWS EC2

Compute

Virtual servers in the cloud. Choose instance type (CPU, RAM, GPU). Pay per second.

"A physical server you rent"

Exam: Know instance types: T (burstable), M (general), C (compute), R (memory), P (GPU), I (storage-optimised)

AWS Lambda

Compute

Run code without managing servers. Triggered by events. Pay per invocation (first 1M free).

"A vending machine — insert request, get result, machine disappears"

Exam: Max 15-minute timeout. Stateless. Scales to thousands of concurrent executions.

AWS ECS

Compute

Managed container orchestration for Docker containers. Integrates with Fargate (serverless) or EC2.

"A container fleet manager"

AWS EKS

Compute

Managed Kubernetes service. AWS handles the control plane; you manage worker nodes (or use Fargate).

"Managed Kubernetes without the control plane headache"

AWS Fargate

Compute

Serverless compute for ECS and EKS. No EC2 instances to manage — just define CPU and RAM.

Exam: Fargate removes the need to provision or manage EC2 instances for containers.

AWS Elastic Beanstalk

Compute

PaaS — deploy web apps without managing infrastructure. AWS handles provisioning, load balancing, scaling.

"Heroku on AWS. You deploy code; AWS handles everything else."

AWS Batch

Compute

Managed batch computing for large-scale parallel workloads. Automatically provisions EC2/Spot instances.

"A job queue that spins up EC2s as needed"

AWS Lightsail

Compute

Simple VPS for small workloads with predictable pricing. Best for websites, small apps, dev environments.

"EC2 with training wheels — simpler console, fixed price"

AWS S3

Storage

Object storage. Store any file up to 5TB. Unlimited total storage. 11 9s of durability.

"An infinite filing cabinet on the internet"

Exam: S3 Standard (frequent access), S3-IA (infrequent), S3 Glacier (archival). Versioning, lifecycle rules, replication.

AWS EBS

Storage

Block storage volumes for EC2. Like a virtual hard drive. Single AZ, must be in same AZ as EC2.

"An SSD/HDD attached to your virtual server"

Exam: Can snapshot to S3. gp3 is the default general-purpose type. io2 Block Express for high IOPS.

AWS EFS

Storage

Managed NFS file system. Shared across multiple EC2 instances in multiple AZs. Elastic — grows automatically.

"A shared network drive multiple servers can mount simultaneously"

Exam: Multi-AZ, multi-instance access. EFS vs EBS: EFS = shared, EBS = single EC2.

AWS S3 Glacier

Storage

Low-cost archival storage. Retrieval times from minutes (Flexible) to hours (Deep Archive).

Exam: S3 Glacier Instant (ms), Flexible (minutes), Deep Archive (12h). Cheapest long-term storage.

AWS Storage Gateway

Storage

Bridge between on-premises and AWS storage. File Gateway (NFS/SMB), Volume Gateway (iSCSI), Tape Gateway.

Exam: Used for hybrid cloud storage. 'On-premises needs cloud storage' scenarios → Storage Gateway.

AWS FSx

Storage

Fully managed third-party file systems: FSx for Windows (SMB/NTFS) and FSx for Lustre (HPC).

Exam: FSx for Windows = Windows file shares, AD integration. FSx for Lustre = high-performance computing.

AWS RDS

Database

Managed relational database service. Supports MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, Aurora.

"A database server you don't have to patch"

Exam: Multi-AZ = synchronous standby for HA. Read Replicas = async copies for read scaling.

AWS Aurora

Database

AWS-built relational DB. MySQL and PostgreSQL compatible. 5x faster than MySQL, 3x than PostgreSQL.

Exam: Aurora Serverless v2 auto-scales. Global Database for multi-region. Up to 15 read replicas.

AWS DynamoDB

Database

Fully managed NoSQL key-value and document database. Single-digit millisecond performance at any scale.

"A scalable hash table on steroids"

Exam: DAX = DynamoDB Accelerator (in-memory cache). DynamoDB Streams for change capture.

AWS ElastiCache

Database

Managed in-memory caching: Redis or Memcached. Reduces DB load, sub-millisecond latency.

Exam: Redis = persistence + pub/sub + data structures. Memcached = simpler, multi-threaded. Both reduce database load.

AWS Redshift

Database

Cloud data warehouse. Petabyte-scale analytics. Columnar storage. Integrates with S3 via Redshift Spectrum.

"A giant analytics database optimised for queries, not transactions"

AWS DocumentDB

Database

MongoDB-compatible managed document database. Stores JSON-like documents.

Exam: 'MongoDB-compatible on AWS' → DocumentDB.

AWS Neptune

Database

Managed graph database. Supports Gremlin and SPARQL. Used for social networks, fraud detection, knowledge graphs.

Exam: 'Graph database on AWS' → Neptune.

AWS VPC

Networking

Virtual Private Cloud — isolated network in AWS. Define CIDR, subnets, route tables, internet gateways.

"Your own private data centre network in the cloud"

Exam: Public subnet = has route to IGW. Private subnet = no direct internet. NAT Gateway lets private subnets reach internet.

AWS Route 53

Networking

Managed DNS service. Domain registration, DNS routing, health checks. Supports all routing policies.

Exam: Routing policies: Simple, Weighted, Failover, Geolocation, Geoproximity, Latency, Multivalue.

AWS CloudFront

Networking

CDN (Content Delivery Network). Caches content at 400+ edge locations worldwide. Reduces latency.

"A global cache network that serves content from the closest location to the user"

Exam: Origin = S3 bucket or HTTP server. Distributions. Signed URLs/cookies for private content.

AWS API Gateway

Networking

Create and manage REST, HTTP, and WebSocket APIs. Integrates with Lambda, EC2, and other services.

Exam: API Gateway + Lambda = serverless API. Supports throttling, caching, API keys.

AWS ELB

Networking

Elastic Load Balancer. Three types: ALB (Layer 7, HTTP), NLB (Layer 4, TCP/UDP), CLB (legacy).

Exam: ALB routes based on URL path/headers. NLB handles millions of requests/second at ultra-low latency. NLB has static IP.

AWS Direct Connect

Networking

Dedicated private network connection from on-premises to AWS. Bypasses public internet.

Exam: More consistent bandwidth and lower latency than VPN. Required for compliance scenarios needing dedicated connectivity.

AWS VPN Gateway

Networking

IPsec VPN over the internet to connect on-premises to VPC. Faster setup than Direct Connect but less reliable.

Exam: Site-to-Site VPN uses BGP or static routing. Client VPN for remote user access.

AWS PrivateLink

Networking

Expose services to other VPCs or accounts privately without traffic going over the internet.

Exam: VPC Endpoints (Interface) use PrivateLink. Gateway Endpoints (free) for S3 and DynamoDB.

AWS IAM

Security

Identity and Access Management. Users, groups, roles, policies. The foundation of AWS security.

"The key management system for your AWS house"

Exam: Principle of least privilege. IAM roles for EC2/Lambda. SCPs in AWS Organizations restrict all accounts.

AWS KMS

Security

Key Management Service. Create and manage cryptographic keys for encryption. FIPS 140-2 validated HSMs.

Exam: CMKs (Customer Managed Keys) vs AWS Managed Keys. Envelope encryption: data key encrypted by KMS CMK.

AWS Secrets Manager

Security

Store and auto-rotate secrets (DB passwords, API keys). Integrates with RDS, Redshift, DocumentDB.

Exam: Secrets Manager vs Parameter Store: Secrets Manager = auto-rotation, higher cost. Parameter Store = simpler, free tier.

AWS WAF

Security

Web Application Firewall. Filters HTTP/S traffic. Protects against SQLi, XSS, bad bots. Works with CloudFront/ALB.

Exam: WAF operates at Layer 7 (application). Shield = DDoS protection (Standard = free, Advanced = paid).

AWS Shield

Security

DDoS protection. Shield Standard (free, automatic) protects all AWS customers. Shield Advanced adds 24/7 DRT support.

Exam: Shield Standard is always on. Shield Advanced is ~$3k/month and adds DDoS cost protection.

AWS GuardDuty

Security

Threat detection using ML and threat intelligence. Analyses CloudTrail, VPC Flow Logs, and DNS logs.

Exam: 'Continuous threat detection' → GuardDuty. Inspector = vulnerability scanning. Detective = forensics/investigation.

AWS Inspector

Security

Automated vulnerability assessment for EC2 and container images. Checks for CVEs and network exposure.

Exam: Inspector = vulnerability scans on EC2/ECR. GuardDuty = threat detection from behaviour.

AWS Macie

Security

Uses ML to discover and protect sensitive data (PII, credentials) in S3.

Exam: 'Find PII in S3' → Macie.

AWS CloudWatch

Monitoring

Metrics, logs, alarms, and dashboards. Central monitoring for all AWS services.

Exam: CloudWatch Logs for log aggregation. CloudWatch Alarms trigger actions. Default EC2 metrics every 5 min (detailed = 1 min).

AWS CloudTrail

Monitoring

Records all API calls to your AWS account. Who did what, when, from where. Enabled by default (90-day history).

Exam: CloudTrail = audit log. 'Who deleted the S3 bucket?' → CloudTrail. Enable across all regions, send to S3.

AWS Config

Monitoring

Records resource configuration history and evaluates compliance against rules.

Exam: AWS Config = configuration compliance. 'Were security groups compliant at 3pm last Tuesday?' → AWS Config.

AWS Trusted Advisor

Monitoring

Automated best-practice checks: cost optimisation, security, reliability, performance, service limits.

Exam: Full checks require Business or Enterprise Support plan. 7 core checks are free (basic/developer).

AWS Systems Manager

Monitoring

Operational hub for AWS resources. Run Command, Patch Manager, Parameter Store, Session Manager.

Exam: Session Manager = SSH-less access to EC2. No bastion host needed. Parameter Store for config/secrets.

AWS SQS

Integration

Simple Queue Service. Managed message queue. Decouple application components. Standard (at-least-once) or FIFO.

"A to-do list that producers add to and consumers process"

Exam: Visibility timeout = time message is hidden after being picked up. DLQ for failed messages. Max message size = 256KB.

AWS SNS

Integration

Simple Notification Service. Pub/Sub messaging. Push notifications to SQS, Lambda, HTTP, email, SMS.

"A megaphone that broadcasts to all subscribers"

Exam: SNS + SQS fan-out = send one message to multiple SQS queues simultaneously.

AWS EventBridge

Integration

Serverless event bus. Route events between AWS services, custom apps, and SaaS apps.

Exam: EventBridge (formerly CloudWatch Events) for event-driven architectures. Cron jobs via EventBridge rules.

AWS Step Functions

Integration

Visual workflow service. Orchestrate Lambda functions, ECS tasks, and other services into state machines.

Exam: 'Coordinate multiple Lambda functions with error handling' → Step Functions.

AWS SageMaker

AI / ML

End-to-end ML platform. Build, train, and deploy ML models. Includes AutoML, notebooks, and model registry.

Exam: SageMaker = managed ML. Know SageMaker Canvas (no-code AutoML), Clarify (bias detection), and Pipelines.

AWS Rekognition

AI / ML

Image and video analysis. Object detection, face recognition, text in images, content moderation.

Exam: 'Analyse images/video for objects or faces' → Rekognition.

AWS Comprehend

AI / ML

Natural language processing (NLP). Sentiment analysis, entity recognition, key phrase extraction.

Exam: 'Analyse text for sentiment or entities' → Comprehend.

AWS Textract

AI / ML

Extracts text and structured data from scanned documents, PDFs, and images.

Exam: 'Extract text from scanned PDFs/forms' → Textract. Not just OCR — also understands tables and forms.

AWS Bedrock

AI / ML

Fully managed service to build and scale generative AI applications using foundation models from AWS and partners.

Exam: Bedrock = managed GenAI/LLM API. Supports models from Anthropic, Meta, Mistral, Amazon Titan.

Frequently asked questions

What is the difference between EC2 and Lambda?

EC2 provides virtual machines you manage and pay for continuously. Lambda runs code only when triggered by an event — you pay per invocation (first 1M/month free). Lambda is better for event-driven, short-running tasks. EC2 is better for long-running processes or applications that need a full OS.

What is the difference between S3 and EBS?

S3 is object storage — you store files via HTTP API. It's unlimited, highly durable (11 9s), and accessible from anywhere. EBS is block storage — like a virtual hard drive attached to one EC2 instance in the same AZ. EBS is for the OS, databases, and applications that need a file system.

What is the difference between SQS and SNS?

SQS is a queue — messages sit until a consumer retrieves them (pull model). SNS is a notification service that pushes messages to all subscribers simultaneously (push/pub-sub model). A common pattern is SNS + SQS fan-out: one SNS message fans out to multiple SQS queues.

What is the difference between CloudTrail and CloudWatch?

CloudTrail records API calls — who did what action in your account (audit log). CloudWatch monitors metrics and logs — CPU usage, error rates, custom metrics, application logs. CloudTrail answers 'who changed this?' CloudWatch answers 'is this system healthy?'

What is the difference between RDS Multi-AZ and Read Replicas?

Multi-AZ keeps a synchronous standby in another AZ for high availability — automatic failover, no manual intervention. Read Replicas are asynchronous copies used to scale read traffic — they can be in the same region or cross-region, but are not for failover.