Day 02 – Core AWS Services Explained (The Ultimate Guide)

Welcome back to the 30-Day AWS Roadmap.

Yesterday, on Day 1, we learned what the cloud is. We talked about the history of the server room nightmare, the global infrastructure of Regions and Availability Zones, and the concept of pay-as-you-go pricing.

Today, we stop looking at the map and start looking at the tools.

AWS has over 200 services. It is easy to get overwhelmed. You might look at the dashboard and see things like “Kinesis,” “Glue,” “SageMaker,” and “Fargate” and feel like quitting. Don’t. The truth is, 90% of the applications running on AWS today are built using just a handful of “Core Services.”

If you master these core services, you master the cloud. Think of them as the LEGO bricks. Once you know how the standard bricks work, you can build a castle, a spaceship, or a skyscraper.

In this guide, we are going to dissect the Big 5: EC2, S3, IAM, VPC, and RDS. We will explain what they are, why they exist, and how they connect to build the modern internet.

The “Building Block” Philosophy

Before we dive into the specific acronyms, you need to understand the philosophy of AWS.

In the old days, you bought a “server.” That server had a hard drive (storage), a CPU (compute), a network card (networking), and an admin user (security). It was all wrapped in one metal box.

In the Cloud, we decouple these things.

• We rip the hard drive out and call it Storage (S3).
• We rip the CPU/RAM out and call it Compute (EC2).
• We rip the network cables out and call it Networking (VPC).
• We rip the login screen out and call it Security (IAM).

Why? Because it gives us modularity. You can have a massive amount of storage with a tiny CPU, or a massive CPU with zero storage. You mix and match exactly what you need.

EC2 (Elastic Compute Cloud) – The “Virtual Computer”

Category: Compute Analogy: The Brain / A Rented Laptop

If there is one service that is AWS, it’s EC2.

What is it?

EC2 allows you to rent virtual computers (instances) on which to run your own computer applications. You can provision a server in seconds, use it for an hour, and shut it down.

Why “Elastic”?

The word “Elastic” is key.

• Scale Up: You can start with a tiny server (t2.micro) with 1GB of RAM. If your app gets slow, you can stop it and restart it as a monster server (r5.24xlarge) with 768GB of RAM.
• Scale Out: You can have 1 server today and 10,000 servers tomorrow.

The Instance Types (The Menu)

When you launch an EC2 instance, you have to choose a “Type.” Think of this like choosing a character class in an RPG game.

1. General Purpose (T-series, M-series): Good for web servers, small databases. Balanced CPU and RAM.
2. Compute Optimized (C-series): High performance processors. Good for batch processing, media transcoding, scientific modeling.
3. Memory Optimized (R-series): Massive amounts of RAM. Good for high-performance databases.
4. Storage Optimized (I-series, D-series): Fast, local SSD storage. Good for Big Data warehouses.

Key Features

• AMI (Amazon Machine Image): This is the “template” for your server. It contains the Operating System (Windows, Ubuntu, Red Hat) and pre-installed software.
• Security Groups: This is the virtual firewall for your EC2 instance. You decide who can talk to it (e.g., “Only allow traffic on port 80 for web”).

S3 (Simple Storage Service) – The “Infinite Bucket”

Category: Storage Analogy: The infinite closet / Google Drive for Robots

What is it?

S3 is object storage. It is built to store and retrieve any amount of data from anywhere. It is designed for 99.999999999% (11 9s) of durability. This means if you store 10,000 files, you might lose one file every 10 million years.

Buckets and Objects

• Bucket: The container. Like a folder, but it must have a globally unique name (e.g., my-awesome-startup-logos).
• Object: The file inside the bucket (images, videos, PDFs, code).

Why not just store files on EC2?

This is a critical distinction for Day 2.

• EC2 storage (EBS) is “Block Storage”. It is expensive and tied to the server. If the server dies, the data can be lost if not managed right.
• S3 is “Object Storage”. It is independent of servers. It is much cheaper. It is accessible via a URL.

Use Cases

1. Static Websites: You can host a full website (HTML/CSS/JS) directly from an S3 bucket without needing a server!
2. Backups: Storing database backups.
3. Data Lakes: Dumping raw data for analytics.
4. Media Hosting: Netflix stores the actual video files you watch on S3.

IAM (Identity and Access Management) – The “Bouncer”

Category: Security, Identity, & Compliance Analogy: The ID Badge & Keycard System

What is it?

IAM is the security guard of your AWS account. It controls Authentication (Who are you?) and Authorization (What are you allowed to do?).

The 4 Main Components

1. Users: Real people (you, your developer) or applications. Users have long-term credentials (passwords or access keys).
2. Groups: A collection of users. You put all your “Developers” in a group and give the group permission. This is best practice.
3. Roles: These are temporary identities.
   • Crucial Concept: An EC2 server can assume a Role. This allows the server to talk to S3 without you saving your password inside the code. This is much safer!
4. Policies: These are JSON documents that define permissions.
   • Example: {"Effect": "Allow", "Action": "s3:ListBucket", "Resource": "*"}.

The Golden Rule: Least Privilege

Always grant only the permissions required to perform a task. If a user only needs to read a file, do not give them permission to delete it.

VPC (Virtual Private Cloud) – The “Private Network”

Category: Networking Analogy: Your house’s fence and internal wiring

What is it?

A VPC is a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. It is your own private island in the AWS ocean.

Key Components

1. Subnets: You divide your VPC into smaller networks.
   • Public Subnet: Has direct access to the internet (for Web Servers).
   • Private Subnet: No direct access to the internet (for Databases). This keeps your data safe from hackers.
2. Internet Gateway (IGW): The door that connects your VPC to the outside world.
3. Route Tables: The GPS navigation system that tells network traffic where to go.

Why do you need it?

Without VPC, your servers would be floating on the open internet, accessible by anyone. VPC gives you the control to say, “Only my web server can talk to the internet; my database can only talk to my web server.”

RDS (Relational Database Service) – The “Managed Database”

Category: Database Analogy: The Filing Cabinet / A Professional Librarian

What is it?

RDS makes it easy to set up, operate, and scale a relational database in the cloud. It supports engines like MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server.

Why not just install MySQL on an EC2 instance?

You can do that. But then you have to manage it.

• The “Unmanaged” Way (EC2): You patch the OS, you patch the database, you manage backups, you handle replication. If it breaks at 3 AM, you wake up.
• The “Managed” Way (RDS): AWS patches the software, AWS takes automatic backups, AWS handles failure recovery. You just use the data.

Amazon Aurora

You will hear this name a lot. Aurora is AWS’s proprietary database. It is compatible with MySQL and PostgreSQL but is built for the cloud. It is up to 5x faster than standard MySQL and costs 1/10th of commercial databases.

Putting It All Together (The Classic Architecture)

So, how do these 5 services build a real application? Let’s look at the standard “3-Tier Architecture” used by everyone from startups to banks.

1. The Network (VPC): You build a secure network with Public and Private subnets.
2. The Frontend (EC2 + S3):
   • You put your web servers on EC2 in the Public Subnet so users can reach them.
   • You store the website’s logo and CSS files in an S3 Bucket so they load fast.
3. The Backend/Data (RDS):
   • You put your user data (usernames, orders) in an RDS Database in the Private Subnet.
   • Because it is private, hackers cannot touch it.
4. The Security (IAM):
   • You create an IAM Role that allows the EC2 server to read images from the S3 bucket.

This is the harmony of the cloud. No single service does everything, but together they do anything.

The “Bonus” Services (A Teaser)

You will see these mentioned, so here is the “Day 2” simplified definition:

• AWS Lambda: “Serverless” compute. Run code without provisioning servers. You upload a function (like a Python script), and it runs only when triggered. You pay for the milliseconds it runs.
• Amazon CloudFront: A Content Delivery Network (CDN). It copies your website to edge locations all over the world so it loads fast for everyone.
• Amazon CloudWatch: The monitoring dashboard. It tracks CPU usage, errors, and logs. It’s the “check engine light” for your cloud.
• SNS (Simple Notification Service) & SQS (Simple Queue Service): Messaging services that let different software components talk to each other.

Conclusion & Mini-Task

You have now met the core family. These 5 services are the foundation of your cloud knowledge. If you understand the difference between EC2 (Compute) and S3 (Storage), and why we hide RDS (Database) inside a Private Subnet (VPC), you are already ahead of 50% of beginners.

Your Mini-Task for Day 2:

1. Log into your AWS Console.
2. Search for “EC2” and open the dashboard. Just look at the menu on the left.
3. Search for “S3” and try to create a bucket (give it a unique name!). Upload a picture of your pet.
4. Search for “IAM” and see how many users are in your account (it should be 0 or 1).

Tomorrow, on Day 3, we will look at the Global Infrastructure in more detail and take a full tour of the AWS Console so you never get lost again.

Keep building.