AWS Service Quick Reference
Search 70+ AWS services by name or category — with exam tips for CLF and SAA
51 of 51 services shown
AWS EC2
ComputeVirtual servers in the cloud. Choose instance type (CPU, RAM, GPU). Pay per second.
"A physical server you rent"
Exam: Know instance types: T (burstable), M (general), C (compute), R (memory), P (GPU), I (storage-optimised)
AWS Lambda
ComputeRun code without managing servers. Triggered by events. Pay per invocation (first 1M free).
"A vending machine — insert request, get result, machine disappears"
Exam: Max 15-minute timeout. Stateless. Scales to thousands of concurrent executions.
AWS ECS
ComputeManaged container orchestration for Docker containers. Integrates with Fargate (serverless) or EC2.
"A container fleet manager"
AWS EKS
ComputeManaged Kubernetes service. AWS handles the control plane; you manage worker nodes (or use Fargate).
"Managed Kubernetes without the control plane headache"
AWS Fargate
ComputeServerless compute for ECS and EKS. No EC2 instances to manage — just define CPU and RAM.
Exam: Fargate removes the need to provision or manage EC2 instances for containers.
AWS Elastic Beanstalk
ComputePaaS — deploy web apps without managing infrastructure. AWS handles provisioning, load balancing, scaling.
"Heroku on AWS. You deploy code; AWS handles everything else."
AWS Batch
ComputeManaged batch computing for large-scale parallel workloads. Automatically provisions EC2/Spot instances.
"A job queue that spins up EC2s as needed"
AWS Lightsail
ComputeSimple VPS for small workloads with predictable pricing. Best for websites, small apps, dev environments.
"EC2 with training wheels — simpler console, fixed price"
AWS S3
StorageObject storage. Store any file up to 5TB. Unlimited total storage. 11 9s of durability.
"An infinite filing cabinet on the internet"
Exam: S3 Standard (frequent access), S3-IA (infrequent), S3 Glacier (archival). Versioning, lifecycle rules, replication.
AWS EBS
StorageBlock storage volumes for EC2. Like a virtual hard drive. Single AZ, must be in same AZ as EC2.
"An SSD/HDD attached to your virtual server"
Exam: Can snapshot to S3. gp3 is the default general-purpose type. io2 Block Express for high IOPS.
AWS EFS
StorageManaged NFS file system. Shared across multiple EC2 instances in multiple AZs. Elastic — grows automatically.
"A shared network drive multiple servers can mount simultaneously"
Exam: Multi-AZ, multi-instance access. EFS vs EBS: EFS = shared, EBS = single EC2.
AWS S3 Glacier
StorageLow-cost archival storage. Retrieval times from minutes (Flexible) to hours (Deep Archive).
Exam: S3 Glacier Instant (ms), Flexible (minutes), Deep Archive (12h). Cheapest long-term storage.
AWS Storage Gateway
StorageBridge between on-premises and AWS storage. File Gateway (NFS/SMB), Volume Gateway (iSCSI), Tape Gateway.
Exam: Used for hybrid cloud storage. 'On-premises needs cloud storage' scenarios → Storage Gateway.
AWS FSx
StorageFully managed third-party file systems: FSx for Windows (SMB/NTFS) and FSx for Lustre (HPC).
Exam: FSx for Windows = Windows file shares, AD integration. FSx for Lustre = high-performance computing.
AWS RDS
DatabaseManaged relational database service. Supports MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, Aurora.
"A database server you don't have to patch"
Exam: Multi-AZ = synchronous standby for HA. Read Replicas = async copies for read scaling.
AWS Aurora
DatabaseAWS-built relational DB. MySQL and PostgreSQL compatible. 5x faster than MySQL, 3x than PostgreSQL.
Exam: Aurora Serverless v2 auto-scales. Global Database for multi-region. Up to 15 read replicas.
AWS DynamoDB
DatabaseFully managed NoSQL key-value and document database. Single-digit millisecond performance at any scale.
"A scalable hash table on steroids"
Exam: DAX = DynamoDB Accelerator (in-memory cache). DynamoDB Streams for change capture.
AWS ElastiCache
DatabaseManaged in-memory caching: Redis or Memcached. Reduces DB load, sub-millisecond latency.
Exam: Redis = persistence + pub/sub + data structures. Memcached = simpler, multi-threaded. Both reduce database load.
AWS Redshift
DatabaseCloud data warehouse. Petabyte-scale analytics. Columnar storage. Integrates with S3 via Redshift Spectrum.
"A giant analytics database optimised for queries, not transactions"
AWS DocumentDB
DatabaseMongoDB-compatible managed document database. Stores JSON-like documents.
Exam: 'MongoDB-compatible on AWS' → DocumentDB.
AWS Neptune
DatabaseManaged graph database. Supports Gremlin and SPARQL. Used for social networks, fraud detection, knowledge graphs.
Exam: 'Graph database on AWS' → Neptune.
AWS VPC
NetworkingVirtual Private Cloud — isolated network in AWS. Define CIDR, subnets, route tables, internet gateways.
"Your own private data centre network in the cloud"
Exam: Public subnet = has route to IGW. Private subnet = no direct internet. NAT Gateway lets private subnets reach internet.
AWS Route 53
NetworkingManaged DNS service. Domain registration, DNS routing, health checks. Supports all routing policies.
Exam: Routing policies: Simple, Weighted, Failover, Geolocation, Geoproximity, Latency, Multivalue.
AWS CloudFront
NetworkingCDN (Content Delivery Network). Caches content at 400+ edge locations worldwide. Reduces latency.
"A global cache network that serves content from the closest location to the user"
Exam: Origin = S3 bucket or HTTP server. Distributions. Signed URLs/cookies for private content.
AWS API Gateway
NetworkingCreate and manage REST, HTTP, and WebSocket APIs. Integrates with Lambda, EC2, and other services.
Exam: API Gateway + Lambda = serverless API. Supports throttling, caching, API keys.
AWS ELB
NetworkingElastic Load Balancer. Three types: ALB (Layer 7, HTTP), NLB (Layer 4, TCP/UDP), CLB (legacy).
Exam: ALB routes based on URL path/headers. NLB handles millions of requests/second at ultra-low latency. NLB has static IP.
AWS Direct Connect
NetworkingDedicated private network connection from on-premises to AWS. Bypasses public internet.
Exam: More consistent bandwidth and lower latency than VPN. Required for compliance scenarios needing dedicated connectivity.
AWS VPN Gateway
NetworkingIPsec VPN over the internet to connect on-premises to VPC. Faster setup than Direct Connect but less reliable.
Exam: Site-to-Site VPN uses BGP or static routing. Client VPN for remote user access.
AWS PrivateLink
NetworkingExpose services to other VPCs or accounts privately without traffic going over the internet.
Exam: VPC Endpoints (Interface) use PrivateLink. Gateway Endpoints (free) for S3 and DynamoDB.
AWS IAM
SecurityIdentity and Access Management. Users, groups, roles, policies. The foundation of AWS security.
"The key management system for your AWS house"
Exam: Principle of least privilege. IAM roles for EC2/Lambda. SCPs in AWS Organizations restrict all accounts.
AWS KMS
SecurityKey Management Service. Create and manage cryptographic keys for encryption. FIPS 140-2 validated HSMs.
Exam: CMKs (Customer Managed Keys) vs AWS Managed Keys. Envelope encryption: data key encrypted by KMS CMK.
AWS Secrets Manager
SecurityStore and auto-rotate secrets (DB passwords, API keys). Integrates with RDS, Redshift, DocumentDB.
Exam: Secrets Manager vs Parameter Store: Secrets Manager = auto-rotation, higher cost. Parameter Store = simpler, free tier.
AWS WAF
SecurityWeb Application Firewall. Filters HTTP/S traffic. Protects against SQLi, XSS, bad bots. Works with CloudFront/ALB.
Exam: WAF operates at Layer 7 (application). Shield = DDoS protection (Standard = free, Advanced = paid).
AWS Shield
SecurityDDoS protection. Shield Standard (free, automatic) protects all AWS customers. Shield Advanced adds 24/7 DRT support.
Exam: Shield Standard is always on. Shield Advanced is ~$3k/month and adds DDoS cost protection.
AWS GuardDuty
SecurityThreat detection using ML and threat intelligence. Analyses CloudTrail, VPC Flow Logs, and DNS logs.
Exam: 'Continuous threat detection' → GuardDuty. Inspector = vulnerability scanning. Detective = forensics/investigation.
AWS Inspector
SecurityAutomated vulnerability assessment for EC2 and container images. Checks for CVEs and network exposure.
Exam: Inspector = vulnerability scans on EC2/ECR. GuardDuty = threat detection from behaviour.
AWS Macie
SecurityUses ML to discover and protect sensitive data (PII, credentials) in S3.
Exam: 'Find PII in S3' → Macie.
AWS CloudWatch
MonitoringMetrics, logs, alarms, and dashboards. Central monitoring for all AWS services.
Exam: CloudWatch Logs for log aggregation. CloudWatch Alarms trigger actions. Default EC2 metrics every 5 min (detailed = 1 min).
AWS CloudTrail
MonitoringRecords all API calls to your AWS account. Who did what, when, from where. Enabled by default (90-day history).
Exam: CloudTrail = audit log. 'Who deleted the S3 bucket?' → CloudTrail. Enable across all regions, send to S3.
AWS Config
MonitoringRecords resource configuration history and evaluates compliance against rules.
Exam: AWS Config = configuration compliance. 'Were security groups compliant at 3pm last Tuesday?' → AWS Config.
AWS Trusted Advisor
MonitoringAutomated best-practice checks: cost optimisation, security, reliability, performance, service limits.
Exam: Full checks require Business or Enterprise Support plan. 7 core checks are free (basic/developer).
AWS Systems Manager
MonitoringOperational hub for AWS resources. Run Command, Patch Manager, Parameter Store, Session Manager.
Exam: Session Manager = SSH-less access to EC2. No bastion host needed. Parameter Store for config/secrets.
AWS SQS
IntegrationSimple Queue Service. Managed message queue. Decouple application components. Standard (at-least-once) or FIFO.
"A to-do list that producers add to and consumers process"
Exam: Visibility timeout = time message is hidden after being picked up. DLQ for failed messages. Max message size = 256KB.
AWS SNS
IntegrationSimple Notification Service. Pub/Sub messaging. Push notifications to SQS, Lambda, HTTP, email, SMS.
"A megaphone that broadcasts to all subscribers"
Exam: SNS + SQS fan-out = send one message to multiple SQS queues simultaneously.
AWS EventBridge
IntegrationServerless event bus. Route events between AWS services, custom apps, and SaaS apps.
Exam: EventBridge (formerly CloudWatch Events) for event-driven architectures. Cron jobs via EventBridge rules.
AWS Step Functions
IntegrationVisual workflow service. Orchestrate Lambda functions, ECS tasks, and other services into state machines.
Exam: 'Coordinate multiple Lambda functions with error handling' → Step Functions.
AWS SageMaker
AI / MLEnd-to-end ML platform. Build, train, and deploy ML models. Includes AutoML, notebooks, and model registry.
Exam: SageMaker = managed ML. Know SageMaker Canvas (no-code AutoML), Clarify (bias detection), and Pipelines.
AWS Rekognition
AI / MLImage and video analysis. Object detection, face recognition, text in images, content moderation.
Exam: 'Analyse images/video for objects or faces' → Rekognition.
AWS Comprehend
AI / MLNatural language processing (NLP). Sentiment analysis, entity recognition, key phrase extraction.
Exam: 'Analyse text for sentiment or entities' → Comprehend.
AWS Textract
AI / MLExtracts text and structured data from scanned documents, PDFs, and images.
Exam: 'Extract text from scanned PDFs/forms' → Textract. Not just OCR — also understands tables and forms.
AWS Bedrock
AI / MLFully managed service to build and scale generative AI applications using foundation models from AWS and partners.
Exam: Bedrock = managed GenAI/LLM API. Supports models from Anthropic, Meta, Mistral, Amazon Titan.
Frequently asked questions
What is the difference between EC2 and Lambda?
EC2 provides virtual machines you manage and pay for continuously. Lambda runs code only when triggered by an event — you pay per invocation (first 1M/month free). Lambda is better for event-driven, short-running tasks. EC2 is better for long-running processes or applications that need a full OS.
What is the difference between S3 and EBS?
S3 is object storage — you store files via HTTP API. It's unlimited, highly durable (11 9s), and accessible from anywhere. EBS is block storage — like a virtual hard drive attached to one EC2 instance in the same AZ. EBS is for the OS, databases, and applications that need a file system.
What is the difference between SQS and SNS?
SQS is a queue — messages sit until a consumer retrieves them (pull model). SNS is a notification service that pushes messages to all subscribers simultaneously (push/pub-sub model). A common pattern is SNS + SQS fan-out: one SNS message fans out to multiple SQS queues.
What is the difference between CloudTrail and CloudWatch?
CloudTrail records API calls — who did what action in your account (audit log). CloudWatch monitors metrics and logs — CPU usage, error rates, custom metrics, application logs. CloudTrail answers 'who changed this?' CloudWatch answers 'is this system healthy?'
What is the difference between RDS Multi-AZ and Read Replicas?
Multi-AZ keeps a synchronous standby in another AZ for high availability — automatic failover, no manual intervention. Read Replicas are asynchronous copies used to scale read traffic — they can be in the same region or cross-region, but are not for failover.