Top AWS services that you should get started with

- 5 minutes read - 927 words

If you are interested in learning more about AWS and is willing to get your hands dirty. Head to the other post where I talked about how to register for an account. Before going stright into buidling let’s take a look at the services that you should get started with. In this post, I will list out some of the important services for beginners to try out.

** Most of the services that I listed here are free !!!

1. S3 - Amazon Simple Storage Service

S3

S3 - When I talked to some of my customers who are new to AWS, they often think of Amazon Simple Storage Service (S3) as dropbox, google drive. In some way, they are quite similar but there is a lot more to it. Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier for developers. Also, it is the foundation for a Data Lake

Key Features

  • Each space/container that you are creating to hold your files/objects is called Bucket
  • Infinite amount of storage space
  • Grant or deny access to objects stored in your S3
  • Serverless / Managed service - I will explain what these terms mean in another post. The high-level concept is that you do not need to manage the hardware infrastructure and you only pay for what you consumed of your S3
  • Website Hosting - You can deploy your entire website on S3, and due to its serverless nature you will not need to pay for resource that are idle (eg. You spin up a webserver to serve your website but you have no traffic at night. However, you still need to pay for the server running cost)
  • Autoscaling - S3 is able to scale to meet any traffic demand your site has
  • Foundation for Data Lake (We will talk about Data Lake in a later blog post)

I will talk about how I host my websites in S3 in another post. By the way, this is Free Tier eligible !!! Start hosting :). This site is actually hosted on S3!!!

2. EC2 - Amazon Elastic Compute Cloud

EC2

EC2 - From a high level, you can think of this as servers running in AWS. Most of the customers that I spoke to have on-premise servers that are running VM servers. You can think of it like that but the difference is that this is running in the cloud.

Key Features

  • On-demand provision - Companies that want to spin up virtual machines would first need to purchase a physical server, setup HyperV, set up virtual machines, allocate CPU / memory to each VM … AWS EC2 allows you to spin up instances whenever you want without having to worry about the resource that is available
  • Go global in minutes - If you need your server(s) to be hosted in a certain part of the world due to compliance or latency reasons, you can spin up your EC2 instance right away. If you are still hosting your own infrastructure, this will take months to establish
  • Autoscaling - Instances can be spun up or down base on the monitoring metrics that you set in order to meet demand
  • Different Instance Families - EC2 offers many different type of compute power eg. CPU focused, Memory focused, GPU intensive, and many more check it out here
  • MarketPlace AMI Amazon Machine Image (AMI) is created by third party vendor that ships their software which is attached to the instance that you can purchase. For example : CIS Benchmarks and CIS Hardened Images which follows all the security best practice can be purchased

3. VPC - Virtual Private Cloud and other networking features …

VPC

VPC - This is one of the key service that you will need to know because this is how most of the services talk to each other. You can spin up many different services but in order to make them integrate with each other you will need some sort of networrking component

Key Features

Virtual private cloud (VPC) — A virtual network dedicated to your AWS account.

  • Subnet — A range of IP addresses in your VPC.
  • Route table — A set of rules, called routes, that are used to determine where network traffic is directed.
  • Internet gateway — A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet.
  • Security Group(SG) - This is your virtual firewall, which you can grant access for certain ip and ports for a particular network interface.
  • Network Access Control List(NACL) - This is another type of virtual firewall, NACL is used to deny access from certain ip address to your subnet
    • Biggest differences between SG and NACL is that SG is stateful and NACL is stateless.
    • Which means that for SG, if you allow if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.
    • NACL , which means that responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa).
  • VPC endpoint — Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.