Understand AWS visually
Explore each concept's architecture through animated diagrams. Click a card to dive deeper.
🗺️ Not sure where to start?
Follow a learning path that matches your goal
Web Service Basics
The full picture of deploying a web app, from server to domain
6concepts
Introduction to Serverless
Build and deploy APIs without managing servers
4concepts
Security & Networking
The fundamentals of secure infrastructure
4concepts
Introduction to Data Analytics
The full data pipeline from log collection to large-scale analysis
5concepts
Introduction to Containers
The evolution of deployment from server management to containers
5concepts
Event-Driven Architecture
Decouple services and scale asynchronously
4concepts
EC2
Cloud Virtual Servers
EC2 is a virtual server in AWS where you run an operating system and application directly. It provides the compute slot for long-lived workloads by letting you launch instances and attach disks and networks as needed.
S3
Unlimited Object Storage
S3 is a shared object store that keeps files as objects in buckets rather than on a server disk. Applications upload and download through HTTP APIs, and other AWS services can use the same objects as both inputs and outputs.
Lambda
Serverless Function Execution
Lambda is a function runtime that executes code only when an event arrives instead of reserving a server ahead of time. It provides an execution layer for request-driven and event-driven compute that starts, runs the needed logic, and ends.
RDS
Managed Relational Database
RDS is a managed database layer where AWS operates the relational engine for you. Applications still connect with SQL, but the service takes on repetitive work like backups, patching, and failover.
VPC
Virtual Network Isolation
VPC is the foundational network layer that defines the private address space and communication boundaries where AWS resources live. You combine subnets, routing, gateways, and security rules to decide which resources can talk to which destinations.
IAM
Access and Permission Management
IAM is the permission layer that defines how people and AWS services can access resources. It combines users, roles, and policies to control what is allowed from the console, CLI, and service-to-service calls.
CloudWatch
Monitoring and Observability
CloudWatch is the observability layer that gathers metrics, logs, and alarms from AWS resources and applications into one place. It turns current system state into numbers and events, then connects notifications or automated actions when thresholds are crossed.
DynamoDB
Serverless NoSQL Database
DynamoDB is a serverless NoSQL store designed for very fast reads and writes around keys. It automatically scales through its partition and index model and commonly acts as the primary application data store for high-throughput systems.
ECS (Container)
Container Orchestration
ECS is the orchestration layer that decides how many copies of a container run, where they run, and how they are replaced. It standardizes deployment and service operations around task definitions and services.
API Gateway
API Creation and Management
API Gateway is the API front door where external client requests first arrive. It applies authentication, throttling, and transformation rules per path and method before forwarding traffic to the right backend.
SNS
Push Notifications and Messaging
SNS is a pub/sub notification channel that spreads one event to many subscribers at the same time. Producers publish once to a topic, and each consumer, such as email, HTTP, Lambda, or SQS, receives the same event in its own way.
SQS
Message Queue Service
SQS is a queue that safely holds task messages until consumers pull and process them. It stabilizes async work by separating producer and consumer speed and by isolating failures through retries.
Route 53
DNS and Domain Management
Route 53 is the DNS layer that connects domain names to actual service endpoints. Beyond basic name resolution, it uses health checks and routing policies to decide which target a user should reach.
CloudFront
Global CDN
CloudFront is the CDN layer that caches content close to users in edge locations in front of an origin server. It serves repeated responses faster and reduces how many requests must reach the origin, improving both performance and protection.
Elastic Load Balancer
Load Balancing
ELB is the traffic-distribution layer that places multiple servers or tasks behind one endpoint and spreads incoming requests across them. It helps keep only healthy targets in rotation and gives the service front door high availability.
Elastic Block Store
Block Storage
EBS is the persistent block disk that attaches to an EC2 instance. It keeps data separate from the server lifecycle so it can serve as the operating system disk or the data disk even when the instance is restarted or replaced.
Cognito
User Authentication and Authorization
Cognito is the user authentication layer for application end users. It handles sign-up, sign-in, and token issuance so the app can identify users, and it can also connect social login or temporary AWS credentials when needed.
KMS
Encryption Key Management
KMS is the central layer that creates and protects encryption keys and lets other AWS services use them. Its focus is not the data itself but the lifecycle of the keys: creation, permissions, rotation, and audit history.
CloudFormation
Infrastructure as Code (IaC)
CloudFormation is the IaC engine that turns a declarative template into real AWS resources. A stack uses that template to create, update, and roll back infrastructure in a consistent way.
CloudTrail
API Activity Audit Logging
CloudTrail is the audit-log layer that records AWS API calls and account activity in time order. It preserves enough history to reconstruct who performed which action through which path.
Beanstalk
Simple Application Deployment
Elastic Beanstalk is a platform layer that takes application code and assembles the AWS runtime environment around it. It lets a team focus more on application versions and settings than on wiring the underlying infrastructure.
EFS
Shared File Storage
EFS is the shared filesystem that multiple servers and containers can mount at the same time. It makes each runtime see the same file paths instead of keeping separate local disks in sync.
ElastiCache
In-Memory Caching
ElastiCache is the managed cache layer that keeps frequently read data in memory and returns it quickly. It reduces both latency and load by absorbing repetitive lookups in front of the primary data store.
Step Functions
Serverless Workflow Orchestration
Step Functions is the workflow engine that executes multiple task steps together with ordering, branching, and retry rules. Its focus is not the logic inside one task but the state transitions of the whole procedure.
SageMaker
Fully Managed Machine Learning Platform
SageMaker is the platform layer that covers the ML lifecycle from data preparation and training to model storage and inference deployment. It gives teams one place to repeat experiments and productionize models.
Bedrock
Foundation Model API Service
Bedrock is the AI layer that lets an application call ready-made foundation models through a common API. It brings generative inference into product features without requiring you to build model-training infrastructure yourself.
Rekognition
AI-Powered Image/Video Analysis
Rekognition is the analysis API that extracts visual information such as objects, faces, and text from images and video. It delivers common computer-vision capabilities as a callable service without requiring model training.
Athena
Interactive SQL Queries on S3 Data
Athena is a serverless query engine that lets you ask SQL questions directly against files in S3. It provides an exploratory analysis layer without first loading that data into another store.
Kinesis
Real-Time Streaming Data Processing
Kinesis is a streaming data pipe that accepts continuously arriving events and lets multiple consumers read them in near real time. It is built around ongoing event flow rather than isolated work items.
Redshift
Cloud Data Warehouse
Redshift is a data warehouse that stores prepared analytical data for repeated aggregation and dashboards. It gives you a compute layer dedicated to analytics rather than operational transactions.
Glue
Serverless Data Integration (ETL) Service
Glue is the data preparation layer that discovers source data, organizes schema, and transforms it for downstream analytics stores. It combines cataloging and ETL so a data lake remains queryable instead of degrading into raw files.
Fargate
Serverless Container Execution
Fargate is a serverless execution environment for containers where you do not manage the underlying server nodes. The team declares task resources, and AWS takes responsibility for preparing and running the host capacity.
ECR
Fully Managed Container Image Registry
ECR is a registry that stores container images by version and makes them available for deployment targets to pull. It is the storage layer for executable image artifacts produced by your build flow.
CodePipeline
Fully Managed CI/CD Pipeline
CodePipeline is the delivery pipeline that connects source changes to build, test, and deployment stages in order. It acts as the orchestration layer that turns separate tools into a repeatable release flow.
WAF
Web Application Firewall
WAF is the defensive layer that inspects incoming HTTP requests to public web endpoints and filters malicious patterns first. It blocks common web attacks before they reach application code.
EventBridge
Serverless Event Bus
EventBridge is an event hub that receives application events on a central bus and routes them to other targets through rules. It creates event-driven flows without requiring producers and consumers to call each other directly.