Hello everyone, I am going to explain the most commonly used AWS cloud tools in a simple and easy way. These AWS services are widely used in real companies to build websites, mobile apps, APIs, and large cloud systems.
Let’s begin exploring the AWS world in the simplest way possible.
What is AWS?
It is a cloud platform created by Amazon. It gives many tools to build apps, websites, databases, servers, storage and many more without buying any physical machine.
Suppose, instead of buying your own computer, storage, or servers, you borrow them from Amazon whenever you need them. You use them online, pay only for what you use, and Amazon takes care of everything. If your app gets 1 → 10 → 10,000 → 10,00,000 users, AWS automatically handles the load.
Let’s start by explaining tools now:
What is Amazon EC2?
EC2 is basically a virtual computer that lives inside AWS. You don’t buy a physical computer…
AWS gives you one through the internet.
Why EC2 exists?
Before cloud:
• Companies had to buy servers
• Pay for electricity
• Maintain cooling
• Handle hardware failures
With EC2:
• No hardware needed
• Pay only when ON
• Can start/stop anytime
• AWS takes care of everything
Example:
You want to run services like frontend, backend, monitoring system like Nagios, we can do by deploying their codes and configurations on EC2.
What is a Security Group?
Security Group = A firewall (gatekeeper) for your AWS resources.
It decides:
• Who can enter
• Which port they can use
• Which IP they come from
Simple words:
A Security Group controls which traffic is ALLOWED into your EC2, RDS, or other AWS services.
It controls Inbound rules (incoming traffic to your server) and outbound rules (outgoing traffic from your server).
INTERNET --> SECURITY GROUPS --> (decides which one to allow) --> EC2 INSTANCE
What is VPC?
It is Virtual Private Cloud. Our own private network inside AWS. Imagine AWS is a big city.
Inside this city, VPC is your own house with rooms, doors, windows, and boundary walls.
Why VPC Exists?
Because companies need:
• Private space
• Secure network
• Separate environments
• Control over traffic
VPC gives you:
✔ isolation
✔ security
✔ network control
✔ full customization
VPC (House)
├─ Subnets (Rooms)
│ ├─ Public Subnet (Room with window i.e has internet access)
│ └─ Private Subnet (Room with no window i.e no internet access)
├─ Route Table (decides traffic will go to which path)
├─ Internet Gateway (main gate of house. Decides who are allowed.)
├─ NAT Gateway (Private rooms/private subnets use this to communicate safely)
├─ Security Groups (firewall rules, applies to house doors)
└─ NACLs (firewall rules, applies to subnets)
INTERNET
|
Internet Gateway
|
---------------------
| VPC Network |
|-------------------|
| |
Public Subnet Private Subnet
(frontend servers) (databases, backend)
| |
Route Table Route Table
| |
| NAT Gateway
| |
------- OUTBOUND to Internet
What is API Gateway?
API Gateway is the front door for your backend.
It receives API requests from users → checks them → sends them to the correct service like:
• Lambda
• EC2
• ECS
• DynamoDB
• Any backend endpoint
Think of it as a traffic police standing at your application's entry point.
Your app has many APIs:
• /login
• /signup
• /products
• /cart
• /orders
Without API Gateway:
Every API needs separate firewall, domain, rate limit → mess.
With API Gateway:
One single entry point handles everything.
User ---> API Gateway ---> Lambda / EC2 / Database
What is Lambda?
Lambda allows you to run your code without having a computer running all the time.
Lambda is like a magic box. You put your code inside it. Whenever something happens, the box wakes up, runs your code, and goes back to sleep.It is serverless as we don't need to configure function , it will do for ourself unlike EC2. But slower than EC2 because it goes for sleep after finishing the work and wake up while calling (which takes some time).
Event (like someone clicking button) --> AWS Lambda (runs code)-->
Output
What is Route 53?
When you type a website name, something needs to tell the internet "Where is this website?".
Route 53 does that job.
Route 53 is like a phonebook for websites. You ask: 'Where is www.yourWebsite.com?' and Route 53 tells you the correct address.
You type: www.yourWebsite.com -->Route 53--> Gives server address
What is CloudFront?
CloudFront stores copies of your website around the world so users get fast loading.
CloudFront is like keeping your toys in every room. So no matter where you are, you get your toy fast!
CloudFront Edge Locations
/ | | \
User--Fast Fast Fast Fast
What is CloudFormation?
You write a YAML file saying what resources you want. AWS builds everything automatically.
CloudFormation is like giving AWS a blueprint of a house. AWS reads it and builds the whole house for you automatically.
Blueprint (YAML) -->CloudFormation ---> Builds EC2, S3, RDS, etc.
What is DynamoDB?
A fast, serverless database that stores key-value data.
DynamoDB is like a giant table where every row has a key. When you search by key, it gives answer in a blink!
Key: user123 ---> DynamoDB ---> User Data
What is DocumentDB?
DocumentDB is a NoSQL database that stores flexible JSON documents.
Imagine you have a big shelf where every item (document) can look different.
One page may have name + age.
Another page may have name + hobbies.
Another page may have name + skills + phone.
DocumentDB allows different shapes and structures of data.Unlike SQL where rows should be in same form.DocumentDB has no such restriction.
Example:
Document 1: {name, age}
Document 2: {name, hobby}
| Feature | DocumentDB | DynamoDB |
|---|---|---|
| Data Type | Document JSON | Key-Value |
| Structure | Flexible | Simple |
| Queries | Rich queries | Limited |
| Best for | User profiles, CMS, catalogs | Cart, sessions, OTP, counters |
| Scaling | Good | Best (serverless) |
| API | MongoDB API | Dynamo API |
What is ElastiCache?
It is the caching service of AWS.Basically,Caching means keeping data in memory (RAM) so you can get it super fast.
AWS offers two engines:
Redis
Memcached
Most companies use Redis, so we will focus more on that.
Your main notebook (database) is kept far away.
But you keep important pages in your pocket for quick access.
Your pocket = CACHE.
ElastiCache = pocket
Database = big notebook
User -> Backend -> Redis (if found then return response) -> Database (if not found in redis)
Now, if you are wondering.....What is memcached???
| Feature | Redis | Memcached |
|---|---|---|
| Data types | Many (lists, sets, hashes) | Only strings |
| Expiry | Yes | Yes |
| Persistence | Yes | No |
| Pub/Sub | Yes | No |
| Use cases | Sessions, cache, leaderboard | Simple cache only |
| Popularity | Very high | Less |
Redis = Swiss Army Knife
Memcached = Simple Spoon
What is Amazon RDS?
RDS = Relational Database Service
It is AWS’s way of giving you SQL databases without you needing to install or manage them.
Imagine you want a school notebook (database) where everything is neatly written in rows and columns.
Amazon gives you a ready-made notebook.
You just write data — Amazon takes care of keeping it clean, safe, and backed up.
That notebook = RDS
Why do companies use RDS?
Because AWS handles the difficult parts:
No installation
No updates
No backups
No maintenance
No server problems
No hardware issues
AWS handles EVERYTHING.
You only:
Store data
Read data
Query data
What is Amazon Aurora?
It is super-fast upgraded version of MySQL/PostgreSQL provided by AWS.It behaves like MySQL/Postgres.BUT is 3x to 5x faster, more secure, more reliable, and auto-scaling.
Why Aurora Exists?
Because normal RDS MySQL/Postgres becomes slow
when:
thousands of users come
queries get heavy
traffic spikes
big companies run large apps
Aurora solves everything.
Simple Explanation
Aurora stores 6 copies of your data:
2 copies in AZ-1
2 copies in AZ-2
2 copies in AZ-3
So even if:
1 disk fails → safe
1 AZ fails → still safe
2 copies fail → still safe
Your data is ALWAYS safe.
| Feature | RDS | Aurora |
|---|---|---|
| Speed | Normal | 3–5x faster |
| Durability | 1-2 copies | 6 copies in 3 AZs |
| Failover | Slow | Instant |
| Scaling | Limited | Automatic |
| Recovery | Slow | Very fast |
| Cost | Lower | Slightly higher |
| Ideal For | Small-medium apps | High traffic apps |
What is SNS?
SNS = Simple Notification Service
It is AWS’s messaging system used to send:
Notifications
Emails
SMS
Alerts
Messages to Lambda
Messages to SQS
SNS follows a pub-sub model
(Publisher → Topic → Subscribers)
|
(Topic- A “group” created to send messages to many receivers.)
Imagine a teacher shouting one announcement in class,
and ALL students hear it at the same time.”
Teacher = Publisher
Announcement = Message
Students = Subscribers
Classroom = SNS Topic
One message → many receivers
This is SNS.
Note: SNS uses push, meaning:
Messages automatically go to subscribers.
You do NOT need to check or request the message.
Publisher (Order Placed)
|
v
SNS Topic
/ | \
Email SMS Lambda
What is SQS?
SQS = Simple Queue Service
It is AWS’s message queue used to store messages temporarily until a worker (Lambda/EC2) processes them.
SQS = Line/Queue system
One message → processed by one worker at a time.
Imagine kids standing in a line at school.
Teacher checks each kid one by one.”
That line = SQS queue
Each kid = message
Teacher = worker (Lambda/EC2)
No one can jump the line.
No one can skip.
First come → first served.
Why SQS Exists?
Because backend tasks cannot be done all at once.
Example tasks:
Process orders
Resize images
Compress files
Generate invoices
Send bulk emails
Doing these instantly = slow + heavy load.
So they go in a queue, worker processes them one by one.
Messages → [ SQS Queue ] → Worker → Processed
Order Placed --> SNS --> SQS --> Lambda Worker --> invoice, email, updates...
| Feature | SNS | SQS |
|---|---|---|
| Type | Pub-sub | Queue |
| Delivery | Push | Pull |
| Receivers | Many | One |
| Use | Notifications | Background tasks |
| Message | Broadcast | Process sequentially |
What is CloudWatch?
It is monitoring and logging system of AWS.It keeps an eye on all your AWS services and tells you:
What is running?
What is failing?
What errors happened?
Imagine your house has CCTV cameras, a thermometer, and an alarm.
The thermometer tells if the room is hot
The CCTV tells what is happening
The alarm tells when something is wrong.
This whole system = CloudWatch.
Why CloudWatch Exists?
Because companies need to know:
Is the system healthy?
Is the server overloaded?
Are errors increasing?
Should we auto-scale?
Should admin be alerted?
Without CloudWatch →
You are blind.
With CloudWatch →
You can see everything happening in your AWS environment.
Main Features of CloudWatch
- Metrics (Performance numbers) CloudWatch automatically collects numbers like:
CPU %
Memory
Network usage
Disk usage
Lambda duration
API Gateway errors
DynamoDB read/write errors
- Logs Collects logs from:
Lambda
API Gateway
EC2
ECS
RDS
Custom apps
- Alarms You can set alarms like:
CPU > 80% → send alert
Errors > 10 → notify
Lambda failures → alert
Low disk space → alert
Dashboards
Visual charts for your whole system.Events / EventBridge
Trigger actions on events like:
EC2 stop/start
Backup success
User login
Auto-scaling events
EC2 Metrices/Lambda Logs/API Errors
|
CloudWatch
|
SNS
|
Email/SMS
What is CloudTrail?
It is activity recorder of AWS.
It records:
Who did what
When it was done
From where
On which resource
Using which AWS API
Imagine your school keeps a diary that notes:
Who entered classroom
Who took which book
Who used the computer
Who changed something
This diary = CloudTrail.”
CloudTrail records EVERY action done inside your AWS account.
Why CloudTrail Exists?
Companies need:
Security
Auditing
Detecting unauthorized access
Debugging issues
Compliance (ISO, PCI, GDPR)
Tracing mistakes
Example:
Someone accidentally deletes an EC2 instance →
CloudTrail tells you WHO did it and WHEN.
What CloudTrail Tracks?
Logs every API call:
Examples:
EC2 Started
Lambda Updated
S3 Bucket Deleted
RDS Snapshot Created
IAM User Login
Security Group Modified
DynamoDB Table Deleted
Tracks console + CLI + SDK actions
Whether action came from:
AWS Console
CLI
Terraform
API
Everything is recorded.
Tracks IP address
From where the action came.
Tracks time and region
Every action is timestamped.
+-----------------------------+
| Users / AWS CLI |
| (Human or Application) |
+--------------+--------------+
|
| API Calls (Actions)
v
+-----------------------------+
| AWS Services |
| EC2, S3, IAM, Lambda, etc. |
+--------------+--------------+
|
| Every Action Recorded
v
+-----------------------------+
| CloudTrail |
| (CCTV of AWS — logs every |
| API call, who, when, where)|
+--------------+--------------+
|
| Store Logs
v
+-------------------+ +------------------+
| S3 Bucket | <optional> | CloudWatch Logs |
| (Long-term logs) |--------------- | (For monitoring |
+-------------------+ | + alerts) |
+------------------+
| Feature | CloudTrail | CloudWatch |
|---|---|---|
| Purpose | Security & Auditing | Monitoring & Performance |
| Records | “Who did what?” | “How is system behaving?” |
| Example | User changed SG | CPU = 90% |
| Used by | Security teams | DevOps teams |
So, these were some tools which should be in our knowledge.Let's see final architecture of how all these tools work together.
COMPLETE ARCHITECTURE
INTERNET
|
Route 53
(Domain Name)
|
CloudFront
(CDN for Speed)
|
API Gateway
(Entry Door)
|
------------------------------------
| |
Lambda EC2
(Serverless Code) (Backend Servers)
| |
| |
| |
v v
DynamoDB RDS / Aurora
(Fast NoSQL Key-Value) (SQL Database)
| |
| |
v v
+-------------------+ +--------------------+
| ElastiCache | | DocumentDB |
| (Redis) | | (MongoDB-like JSON)|
+-------------------+ +--------------------+
| |
| |
-----------------+ +------------------
v v
+-------------------+
| SNS |
| (Notifications) |
+-------------------+
|
| PUSH
v
+----------------------+
| SQS |
| (Background Queue) |
+----------------------+
|
v
+-----------------------+
| Lambda Workers |
| (Processes Messages) |
+-----------------------+
-------------------------------------------------------------
OBSERVABILITY
-------------------------------------------------------------
+----------------------+ +----------------------+
| CloudWatch | | CloudTrail |
| (Monitoring, Logs, | |(CCTV — Who Did What?)|
| Alarms) | +----------------------+
+----------------------+
|
v
+----------+
| SNS |
| Alerts |
+----------+
|
v
EMAIL / SMS
Top comments (0)