You’re not alone — this confusion is normal and actually a good sign.
AWS feels overwhelming because it’s a toolbox, not a single system.
Let me give you an INTUITIVE, MEMORY-FRIENDLY mental model that you can reuse in interviews and real projects.
We’ll organize AWS into “What job does this service do?” instead of AWS marketing terms.
🧠 The AWS CITY Mental Model (EASIEST WAY TO UNDERSTAND)
Think of AWS as a CITY 🏙️
Each service plays a specific role.
🧍♂️ 1. IDENTITY & SECURITY (WHO ARE YOU?)
“Who can do what?”
| Service | What it does (Plain English) |
|---|---|
| AWS IAM | Users, roles, permissions |
| AWS KMS | Encryption keys |
| AWS Secrets Manager | Store passwords & secrets |
| AWS Cognito | App login (users) |
📌 Golden rule
- Humans → IAM Users
- Services → IAM Roles
🧮 2. COMPUTE (WHO DOES THE WORK?)
“Where does code run?”
| Service | Think of it as |
|---|---|
| Amazon EC2 | Your own server |
| AWS Lambda | One function |
| Amazon ECS | Run Docker containers |
| Amazon EKS | Kubernetes |
| Amazon EMR | Big data compute |
| Amazon EMR Serverless | Spark without clusters |
| AWS Glue | Spark ETL |
📌 For you
- PySpark → EMR / Glue
- Python backend → EC2 / Lambda
🗄️ 3. STORAGE (WHERE IS DATA STORED?)
“Where does data live?”
| Service | Use case |
|---|---|
| Amazon S3 | Data lake |
| Amazon EBS | EC2 disk |
| Amazon EFS | Shared FS |
| Amazon Glacier | Cold data |
📌 S3 is KING for Data Engineers
🧾 4. DATABASES (STRUCTURED DATA)
“How do we store structured data?”
| Service | Think of it as |
|---|---|
| Amazon RDS | PostgreSQL / MySQL |
| Amazon Aurora | High-performance RDS |
| Amazon DynamoDB | NoSQL |
📌 Glue Metadata → Glue Catalog (NOT RDS)
🔁 5. ORCHESTRATION & WORKFLOWS (WHO CONTROLS THE FLOW?)
“What runs first, what runs next?”
| Service | Think of it as |
|---|---|
| AWS Step Functions | Serverless workflow |
| Amazon MWAA | Airflow |
| Amazon EventBridge | Event router |
📌 Step Functions = Airflow-lite
📌 MWAA = Full Airflow
🧪 6. CI / CD (HOW DOES CODE GET DEPLOYED?)
“How does code go from Git to AWS?”
| Service | Role |
|---|---|
| AWS CodeCommit | Git repo |
| AWS CodeBuild | Build & test |
| AWS CodeDeploy | Deploy |
| AWS CodePipeline | Pipeline |
📌 Many teams use GitHub + AWS instead
🏗️ 7. INFRASTRUCTURE AS CODE (WHO BUILDS AWS ITSELF?)
“Who creates AWS resources?”
| Service | Meaning |
|---|---|
| AWS CloudFormation | AWS resources via templates |
| Terraform | Vendor-neutral IaC |
📌 CloudFormation ≠ CI/CD
📌 It CREATES infra, doesn’t deploy code
📊 8. MONITORING & LOGGING (HOW DO WE OBSERVE?)
“Is everything healthy?”
| Service | Role |
|---|---|
| Amazon CloudWatch | Logs & metrics |
| AWS CloudTrail | Who did what |
🌐 9. NETWORKING (HOW THINGS CONNECT?)
“How services talk?”
| Service | Role |
|---|---|
| Amazon VPC | Private network |
| Elastic Load Balancing | Traffic distribution |
| Amazon Route 53 | DNS |
🔑 ROLE CONFUSION — FIXED FOREVER
Example: Spark on EMR
IAM Role
├── Attached to EMR
├── Permission: S3 Read/Write
Example: Lambda Triggering Glue
Lambda Role
├── glue:StartJobRun
├── logs:CreateLogGroup
📌 Roles are attached to SERVICES, not humans
🧠 ONE-PAGE MEMORY MAP (SAVE THIS)
IDENTITY → IAM
COMPUTE → EC2 | Lambda | EMR | ECS
STORAGE → S3 | EBS | EFS
DATABASE → RDS | DynamoDB
ORCHESTRATION → Step Functions | Airflow
CI/CD → CodePipeline
IaC → CloudFormation
MONITORING → CloudWatch
