| Service | What It Is | Local/Traditional Equivalent | When To Use It |
|---|---|---|---|
| EC2 (Elastic Compute Cloud) | Virtual servers (VMs) in the cloud. You choose OS, size, disk storage. | Physical VPS or bare metal server. | Running backend APIs, database clusters, or any custom software. |
| S3 (Simple Storage Service) | Highly durable, scalable object storage for files. | Local directory or shared NAS drive. | Storing uploads, static files, database backups, React build output. |
| CloudFront | Global Content Delivery Network (CDN) caching static files near users. | Nginx static file caches across geographic locations. | Speeding up assets, serving S3 static site deployments via HTTPS. |
| Route 53 | Highly available, managed DNS service. | Domain name registrars' DNS control panel (GoDaddy/Namecheap). | Resolving domains, custom domain routing, health-check failover. |
| RDS (Relational DB Service) | Managed database service for Postgres, MySQL, SQL Server, Oracle. | Self-managed PostgreSQL running directly on EC2. | Production application databases (handles automatic backups & HA). |
| Secrets Manager | Secure storage, rotation, and lifecycle management of secrets. | Plaintext .env file stored on disk. |
Storing DB credentials, third-party API keys fetched at runtime. |
| IAM (Identity & Access) | Manages user accounts, roles, access permissions, policies. | UNIX users, file system permissions, API key configs. | Configuring security access groups and server permissions (OIDC). |
| SES (Simple Email Service) | Scalable email sending infrastructure. | Local Postfix server, SendGrid, or mailgun. | Sending transactional emails (password resets, receipts). |
To avoid unexpected cloud bills, always configure these three things in your AWS billing console: