Mini Architecture Review and AWS Mental Map

Tie together IAM, Regions, S3, Lambda, EC2, RDS, CloudWatch, and Budgets into one practical AWS mental map.

15 min

Introductory

No AWS Account NeededFREE

This lesson is purely conceptual — no AWS usage required.

The big picture

A typical AWS app is usually not "one giant thing." It is a small set of parts working together: you choose a Region to build in, use IAM to control access, run your app on EC2 or Lambda, store files in S3, store relational records in RDS, monitor behavior with CloudWatch, and protect yourself from surprise costs with AWS Budgets.

The AWS mental map

1) Region

A Region is a separate geographic area, and Availability Zones are isolated locations inside each Region. Each Region has at least three Availability Zones, which is why Regions and AZs matter for availability planning.

2) IAM

IAM controls who can access AWS resources and what they can do. You manage access by creating policies and attaching them to identities such as users, groups, and roles, or to resources. Roles and temporary credentials are preferred over long-term credentials, with MFA for added protection.

3) Compute

Your app code runs on compute. The main choice is usually EC2 if you want a virtual server you manage, or Lambda if you want to run code without managing servers.

4) Storage

Files belong in S3. S3 is object storage for files and objects, not a relational database.

5) Database

Structured relational application data belongs in RDS. RDS is a managed relational database service that makes database setup, operation, and scaling easier.

6) Monitoring

CloudWatch monitors AWS resources and applications in real time. Metrics tell you how the system is behaving, logs tell you what happened, and alarms tell you when a threshold needs attention. Many AWS services publish metrics by default.

7) Cost guardrails

AWS Budgets lets you track costs and get alerts when actual or forecasted spend crosses your thresholds, and Cost Explorer helps you analyze where those costs came from.

A practical architecture

A practical AWS architecture: 7 layers working together

Here is a clean mental model for a small learning app:

The user reaches your app in one AWS Region
The app runs on Lambda or EC2
Uploaded files go to S3
Structured records like users or lesson progress go to RDS
Access is controlled by IAM
Metrics, logs, and alarms go to CloudWatch
Cost alerts are handled by AWS Budgets

One-sentence summary

Region chooses where it runs, IAM controls who can do what, compute runs the app, S3 stores files, RDS stores relational data, CloudWatch helps you see problems, and Budgets helps you catch cost problems early.

Common mistakes to avoid

Using the root user for normal work instead of locking it down and using safer identities with MFA and temporary credentials.
Putting files, app data, and compute all on one server instead of separating responsibilities across S3, RDS, and compute services.
Assuming CloudWatch will magically explain everything without checking both metrics and logs.
Assuming Free Tier means no risk of charges. Budgets and Cost Explorer still matter.

Architecture review activity

Match the need to the AWS service

0 / 8 filled

For each need, write the AWS service that best fits. Answers: Region, IAM, S3, RDS, Lambda, EC2, CloudWatch, Budgets.

Choose where in the world my app runs

Control who can access my AWS resources

Store uploaded PDFs

Store users, lessons, and grades

Run code when a file is uploaded

Traditional server with OS-level control

Logs, metrics, and alarms

Alerts if monthly learning spend gets too high

Architecture rewrite drill

A learner says:

"I'll just use one EC2 instance for everything, store files on disk, skip CloudWatch for now, and worry about cost later."

Rewrite into a better design

0 / 7 filled

For each layer, write the AWS service you would use instead. A strong answer uses: Region, IAM, Lambda or EC2, S3, RDS, CloudWatch, and Budgets.

Region

Identity

Compute

File storage

Database

Monitoring

Cost guardrail

Unit 2 review

Skill	Ready if you can…
Global infrastructure	Explain Region vs Availability Zone
IAM	Explain users, groups, roles, policies, and why roles are preferred
Compute	Choose EC2 vs Lambda for a simple scenario
Storage	Put files in S3
Database	Put relational records in RDS
Monitoring	Explain metrics vs logs vs alarms
Cost safety	Set a budget and know to use Cost Explorer to investigate spend

Summary

Unit 2 gave you the AWS mental map: AWS runs globally through Regions and Availability Zones, IAM controls access, compute runs on EC2 or Lambda, files live in S3, structured records live in RDS, CloudWatch gives you observability, and Budgets helps control spend. That is the foundation of a safe, practical architecture.

The most important outcome is not memorizing every service name. It is learning to place each responsibility in the right service and to think in layers: location, identity, compute, storage, database, monitoring, and cost control.

Quiz

Knowledge Check

1 / 10

What does a Region represent?