What is AWS?
Amazon Web Services (AWS) is the world’s most broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Instead of buying, owning, and maintaining physical servers, you rent compute, storage, networking, and managed services on demand and pay only for what you use.
This page covers the mental model you need before touching a single service: how AWS is laid out physically, who is responsible for what, how services are categorized, and how to experiment without spending money.
The cloud value proposition
Traditional infrastructure forces you to provision for peak load, pay upfront, and wait weeks for hardware. AWS inverts this: capacity is elastic, billing is consumption-based, and you can spin up a fleet of servers in seconds and tear it down just as fast. You trade capital expenditure (CapEx) for operational expenditure (OpEx), and you trade undifferentiated heavy lifting (racking servers, patching hypervisors) for managed services.
AWS operates on a pay-as-you-go model. An idle resource you forgot to delete still bills you. Always tear down experiments and set up billing alerts.
Regions and Availability Zones
AWS infrastructure is organized into a strict physical hierarchy.
- Region — a separate geographic area (e.g.
us-east-1in N. Virginia,eu-west-1in Ireland). Regions are fully isolated from one another for fault tolerance and data sovereignty. You choose a Region based on latency to users, compliance requirements, and service/price availability. - Availability Zone (AZ) — one or more discrete data centers within a Region, each with redundant power, networking, and cooling. AZs in a Region are physically separated (typically tens of kilometers apart) but connected by low-latency private links. A Region has 3+ AZs.
- Edge Location — hundreds of points of presence used by CloudFront (CDN) and Route 53 to cache content close to users.
Architect for failure: deploy across at least two AZs. A single-AZ deployment is a single point of failure. Spreading instances across AZs is how you survive a data-center outage.
The Shared Responsibility Model
Security in the cloud is a partnership. AWS draws a clear line between its obligations and yours.
| Layer | Responsibility | Examples |
|---|---|---|
| Security of the cloud | AWS | Physical data centers, hardware, hypervisor, managed-service infrastructure |
| Security in the cloud | You (customer) | IAM policies, OS patching, security groups, encryption, application code, data |
The boundary shifts with the service model. For EC2 (IaaS) you patch the guest OS; for Lambda or S3 (managed/serverless) AWS handles far more, but you always own your data, your access controls, and your configuration.
The most common AWS breaches are customer misconfigurations - public S3 buckets, over-permissive IAM, and leaked access keys - not failures of AWS infrastructure.
Core service categories
AWS services group into a handful of categories. These are the ones you’ll meet first.
| Category | Representative services | Purpose |
|---|---|---|
| Compute | EC2, Lambda, ECS, Fargate | Run code and workloads |
| Storage | S3, EBS, EFS, Glacier | Store objects, blocks, and files |
| Database | RDS, DynamoDB, Aurora, ElastiCache | Relational, NoSQL, and in-memory data |
| Networking | VPC, Route 53, CloudFront, ELB | Connectivity, DNS, CDN, load balancing |
| Security & Identity | IAM, KMS, Secrets Manager, WAF | AuthN/AuthZ, encryption, secrets |
| Observability | CloudWatch, CloudTrail, X-Ray | Metrics, logs, audit trails, tracing |
The Free Tier
AWS offers a Free Tier so you can learn at zero cost, with three flavors:
- Always free — e.g. 1M Lambda requests/month, 25 GB of DynamoDB storage.
- 12-month free — e.g. 750 hours/month of
t2.micro/t3.microEC2, 5 GB of S3, for the first year after sign-up. - Trials — short-term free access to specific services.
The Free Tier has hard limits. Exceed 750 EC2 hours, leave a second instance running, or use a non-eligible instance type, and you will be billed. Set a Zero-spend budget alert in AWS Budgets the day you sign up.
With this foundation, you’re ready to create an account and configure the CLI in the next section.