Skip to main content
Skip to main content
Still in beta — questions, comments or suggestions? aramb@aramb.dev
Cloud Fundamentals

How the Core AWS Services Fit Together

Learn what S3, EC2, Lambda, VPC, RDS, and CloudWatch do and how they connect in a typical application.

15 min
Introductory
No AWS Account NeededFREE

This lesson is purely conceptual — no AWS usage required.

The mental model

Every AWS app can be described with five questions:

  1. Where does my app run? (Compute: EC2 or Lambda)
  2. Where do my files live? (Storage: S3)
  3. Where does my structured data live? (Database: RDS)
  4. What network boundary protects my resources? (Networking: VPC)
  5. How do I see what is happening? (Monitoring: CloudWatch)

The core service map

The request flow

How the core AWS services connect in a typical app
  • App runs on EC2 or Lambda
  • App stores files in S3
  • App stores relational data in RDS
  • Resources are controlled by IAM permissions
  • Everything sends metrics/logs to CloudWatch
  • Network placement and isolation is handled by VPC

What each service is for

01

S3 — Object Storage

Meaning

Stores files as objects in buckets. High durability, global accessibility, and scales without any capacity planning.

Examples

Images, PDFs, video uploads, exports, backups, static website assets.

When it's ideal: Any file that isn't structured relational data. If users upload it or your app generates it, it likely belongs in S3.

02

EC2 — Managed Virtual Server

Meaning

A virtual machine you fully control — choose the OS, install software, configure networking. Scales on demand.

Examples

A web server running a custom Node.js or Python app that needs specific OS-level configuration.

When it's ideal: You need a persistent server with full control over the OS, runtime, or installed software.

03

Lambda — Serverless Compute

Meaning

Runs your code in response to events without any server management. AWS handles scaling, patching, and infrastructure. You pay per invocation.

Examples

Resize an image after it's uploaded to S3, process a queue message, respond to an API request.

When it's ideal: Short-lived, event-driven work — file uploads, API calls, queue messages. No server to provision or keep running.

04

VPC — Private Network

Meaning

A logically isolated virtual network inside AWS. You define subnets, route tables, and traffic rules to control what can communicate with what.

Examples

Put your database in a private subnet (no internet access) and your app servers in a public subnet.

When it's ideal: Whenever you deploy resources to AWS. A VPC gives you the network boundary to separate public-facing from private components.

05

RDS — Managed Relational Database

Meaning

A managed database service (MySQL, PostgreSQL, and others) where AWS handles backups, patching, and failover. You focus on the schema and queries.

Examples

User accounts, order history, product inventory — anything with rows, columns, and relationships.

When it's ideal: Structured data you need to query with SQL — especially when relationships between tables matter.

06

CloudWatch — Monitoring & Logs

Meaning

Collects metrics, logs, and events from your AWS resources. Set alarms, build dashboards, and investigate issues without leaving AWS.

Examples

Track Lambda error rates, set an alarm when CPU exceeds 80%, stream EC2 logs for debugging.

When it's ideal: Always. Every production AWS app should send logs and metrics to CloudWatch so you can see what's happening.

Quick reference

Compute

EC2

Virtual server you manage

Compute

Lambda

Serverless code execution

Storage

S3

Object storage for files

Networking

VPC

Your isolated network boundary

Database

RDS

Managed relational database

Monitoring

CloudWatch

Metrics, logs, alarms, events

Micro-activity 1: Match the service to the job

Micro-Activity

Match the AWS service to the job

Match each job to the correct AWS service.

Examples

Choose one, then match it on the right

Characteristics

Select an example first

0 of 6 matched so far.

Example: Photo Upload App

Here's how the six services work together in a real-world scenario — a user uploads a photo, the app processes it, stores metadata, and you can troubleshoot issues.

Photo Upload App — event-driven flow

Each step maps to a service:

  • S3 receives the raw photo file from the user
  • Lambda is triggered by the S3 upload event — it resizes the image and validates it
  • RDS stores the structured metadata: user_id, filename, created_at
  • CloudWatch collects logs from Lambda and RDS so you can investigate errors and set alarms
  • VPC sits around the Lambda and RDS resources, keeping the database off the public internet
Practice
1 / 4

In the Photo Upload App, where does the file go first?

Summary

  • EC2 and Lambda are your core "run code" options
  • S3 is your core file storage
  • RDS is your core managed relational database option
  • VPC is the network boundary for isolation and traffic control
  • CloudWatch is where you watch metrics/logs and set alarms

Quiz

Knowledge Check
1 / 10

Which service is best for storing files like images and PDFs?