Plain Thoughts

AWS Services useful for Web Developers to know about

August 10, 2021

There are a lot of AWS services, but not all are created equal. Services like S3, EC2, or IAM are far more commonly used than, say, AWS Ground Station (Yep, AWS has a ‘satellite ground station as a service’). As a web developer, it can quickly become a bit daunting to know about all these services and technologies, so I thought I’d put together a brief introduction to common services a web developer might encounter on AWS. This is by no means an exhaustive list.

Stuff to run your application on

These AWS services are ‘compute’, which means that they allow you to run your application code on them.

Amazon EC2

EC2 is Amazon’s virtual machine service. If you want a ‘server’ on the cloud, EC2 is what you use. EC2 servers are usually referred to as ‘EC2 instances’.

Amazon Lightsail

Amazon Lightsail is similar to EC2, but with a simpler pricing model, smaller set of instance types, and is easier to use. If your requirement is a compute with a simple pricing policy, and want a quick start to hosting your application, Lightsail should be a good fit.

AWS Lambda

Lambda is a service that allows you to run your code (called Lambda Functions) without provisioning or managing servers; Hence the name ‘server-less’. Each Lambda Function is run in a lightweight container and designed to be ephemeral. It is possible to build whole applications or parts of applications using Lambda functions and API Gateway.

Services and Microservices

Service Oriented Architecture is an architectural pattern where your application is divided up into ‘services’, and each service is responsible for a subset of your application’s functionality. The following services enable you to run your service oriented architecture on AWS.

Amazon Elastic Container Service (ECS)

ECS allows you to run Docker containers on AWS using either EC2, or Fargate. It can be used to manage containers (restart, start, stop, etc) and scale them.

Amazon Elastic Kubernetes Service (EKS)

Amazon EKS is a managed Kubernetes service. Kubernetes is a platform for managing containerized applications. Kubernetes takes away the hassle of orchestrating containerized applications, but it’s still somewhat complex to setup. EKS is a managed Kubernetes service that helps you run Kubernetes easily.

AWS Fargate

Even though your application may be containerized, you’ll still need to run it within an EC2 instance. Normally that means that you first create an EC2 instance, then run your containers within. AWS Fargate is another ‘server-less’ service (in a way) that allows you to run containers without having to worry about provisioning and managing servers. Fargate can be used with other services like ECS, EKS, AWS Batch, etc.

Amazon Elastic Container Registry (ECR)

If you’re running your application within docker containers, you need a docker ‘image’ for the application. A docker image is a file that contains instructions on how to start and run the container. Amazon ECR is a service that helps you store, serve, and version control docker images securely.

Resilience and scaling

The following services allow you to ensure that your application’s stays available through server problems, deploys and such issues. These services also help with scaling up and down your application’s resources depending on how busy the application is.

Amazon EC2 Auto Scaling

Autoscaling is the process by which AWS can spin up multiple servers if there’s a demand for it. The process is somewhat simple: You specify the minimum, maximum and ideal number of servers your application needs. If a server shuts down, or there’s additional load on your application, autoscaling can spin up new servers automatically without any manual intervention.

Elastic Load Balancing

Elastic Load Balancing helps you distribute traffic across your EC2 instances. It distributes incoming traffic based on your rules (health checks, target groups, etc.) and helps you scale up or down automatically based on the incoming traffic.

CI / CD

These services allow you to build, test, and deploy your application.

AWS CodeCommit

AWS CodeCommit is similar to services like Github and BitBucket. It’s a code repository service, that uses git.

AWS CodeBuild

AWS CodeBuild allows you to build and test your application. It’s the CI (Continuous Integration) part of a CI/CD pipeline. You specify how to build and test your application, and CodeBuild manages the whole process without any manual intervention required.

AWS CodeDeploy

CodeDeploy is the other part of AWS’s CI/CD offering, the Continuous Deployment part. It allows you to automate the deployment of applications to EC2, Lambda, or ECS. It also has features to deploy your application in parts (called Blue/Green deploys) which can be useful for preventing release of bad code.

AWS CodePipeline

AWS CodePipeline is a service to build delivery workflows for your application. The service allows you to connect CodeBuild, CodeDeploy, ECS, AWS Fargate and other services to create a fully automated deployment pipeline.

API as a Service

It is possible to move your application’s API to the cloud and not code it yourself. You can use the following services to specify the API and connect it to other services like EC2, or Lambda where you have your application logic.

Amazon API Gateway

Amazon API Gateway is a service that can be thought of as the HTTP / REST router on the cloud. It allows you to route http requests to your application running on ECS, Lambda, etc. It also works well with Amazon Cognito making Authorization and Authentication easy to set up for your APIs.

AWS AppSync

AWS AppSync is a managed GraphQL service that you can use to create real time, collaborative applications. AWS AppSync can manage the entire data layer of your application for you, and allow you to focus on writing the application logic.

Communication

The following services help your application communicate within itself, with other AWS services, and with the customer.

Amazon Simple Notification Service (SNS)

SNS is AWS’s messaging / broadcasting service. When you post a message to SNS, it can be received by any service that is setup to listen to it. Useful if you have a requirement of notifying multiple services at the same time.

Amazon Simple Queue Service (SQS)

If you have a busy application that is handling a lot of tasks, it’s usually a good idea to have a queue managing the backlog in case your application can’t keep up. SQS is the AWS service that is used for such things. It allows you to have reliable communication within your application by ensuring ‘at least once’ delivery.

Amazon SES

SES is AWS’s email service. It can be used by your application to send and receive email. It’s quite low-level compared to dedicated transactional email services, but makes it up in terms of it’s cost and configurability.

Storage

Almost all applications have some kind of storage needs. The following services offer storage, but are designed to store different things.

Amazon Simple Storage Service (S3)

S3 is AWS’s highly available, performant file storage. Use S3 for storing files, configuration, static assets, etc.

Amazon Elastic Block Store (EBS)

EBS is equivalent to the Hard disk storage you might have on your laptop, but for EC2. It provides fast access, along with high availability.

AWS Secrets Manager

AWS Secrets Manager is a service that helps you manage and securely store secrets for your applications. You can use it to manage access keys, tokens, or any other credentials your application needs.

Operational Excellence

When you’re running your application, being able to look into how it’s performing, and debugging problems is important. The following services help you with operating your application well.

Amazon CloudWatch

Amazon CloudWatch is AWS’s logging and monitoring system. You can direct all service and application logs to CloudWatch, and also set up metrics to be monitored. If there are problems with any of those metrics, CloudWatch can alert you.

AWS X-Ray

X-Ray provides insight into your distributed application’s performance and problems. It’s often hard in complex applications to figure out where a particular problem or slowness is happening. In that regard, tools like AWS X-Ray (and alternatives like NewRelic etc.) are really useful.

Databases

Amazon Relational Database Service (RDS)

Amazon RDS is a managed service that allows you to host relational databases without dealing with a lot of the complexities like setup, patching, backups or provisioning servers.

Amazon Aurora

Amazon Aurora is a fully managed relational database compatible with MySQL and PostgreSQL. It boasts better performance, cheaper cost to run, and does not require setting up servers. It works on top of RDS, so all the benefits of RDS also apply to Aurora.

Amazon ElastiCache

ElastiCache is a service that provides fully managed Redis or Memcached. Redis is an in-memory data structure store, and Memcached is an in-memory key-value store. ElastiCache can thus be used to cache application data on either store in an easy to manage, scalable way.

Amazon DynamoDB

A fully managed NoSQL database service from Amazon. DynamoDB boasts fast, consistent performance. It can be used when you need to store and retrieve semi-structured data that is constantly being updated.

Security, Authentication, and Authorization

The following services cover security from different angles of your application, and not replacements of each other. They are designed to be used together to provide security both in terms of who can access your appliation, and who can access your application’s infrastructure.

AWS CloudTrail

CloudTrail is AWS’s service for auditing everything that happens to your resources. Once turned on, every event that happens across AWS is recorded, enabling you to identify any security or compliance issues.

AWS Identity and Access Management (IAM)

It’s a service that helps manage users and permissions within AWS. It consists primarily of users, groups, roles, and permissions. This is not a service you can directly use within your application logic, instead it is used to design (and restrict) how different AWS services can interact.

Amazon Cognito

Amazon Cognito is an easy way to add user authentication and authorization to your application. It provides sign-in with common social identity providers, and also works with SAML. Amazon Cognito can connect with Amazon API Gateway directly as well.

AWS Certificate Manager (ACM)

In order to provide TLS (SSL) support for your application, you would have to requrest a certificate from a certificate authority. While Let’s Encrypt makes it easy now, it’s some work to serve those certificates in a distributed way. ACM is designed to help with that. You can ask ACM to issue certificates that are used internally within CloudFront, Elastic Load Balancers, etc. It is responsible for generating, serving, and renewing those certificates.

Networking

Amazon Virtual Private Cloud (VPC)

Virtual private cloud is a way of isolating your resources behind a private network. It allows you to control network access from, to and between your services.

Amazon Route53

Amazon Route53 is AWS’s DNS offering. It does a lot of interesting things, but at its core, it allows you to route your application’s domains to services within AWS.

Amazon CloudFront

CloudFront is a content delivery network (CDN). A content delivery network is a distributed network that allows your customers to receive data from a server geographically closest to them. This can speed up your application significantly depending on how far your servers are from your customers. CloudFront and other CDNs are now common for serving front-end assets (services like Netlify, Vercel etc. use CDNs to serve front-end applications) but can be used for diverse purposes.

Other useful services that I couldn’t categorize well

AWS CloudFormation

AWS CloudFormation is AWS’s Infrastructure-as-code service. It gives you the ability to manage ‘stacks’ of AWS resources (e.g. VPCs, EC2 instances, RDS instances, etc.). You specify resources by creating a ‘template’ containing all the resources you want and their parameters.

Amazon Kinesis

If you want to receive and process large amounts of data that’s constantly coming in, Kinesis is the service that’ll help. Kinesis is a collection of tools that can be connected together to process (Kinesis Data / Video Streams), store (Kinesis Data Firehose), and query (Kinesis Data Analytics) large amounts of continuous data your service is working with.

AWS Step Functions

AWS Step Functions can be simplified into ‘State Machine as a Service’. For business processes that require multiple AWS services to coordinate with each other and requires resilience (error handling, retries, etc), implementing it manually is complex and error prone. AWS Step Functions helps you focus on describing the process visually and manages orchestration, and resilience by itself.

AWS Amplify

AWS Amplify is essentially a collection of easy to use libraries, CLI and a console for building Web and Mobile applications. AWS can be a bit daunting, so Amplify was created to allow developers to easily create infrastructure and deploy their application.

AWS Batch

AWS Batch is a service for submitting (and managing) jobs to be run in the cloud, either on EC2 instances or containers (like Amazon Fargate). AWS Batch provides a great way to use ephemeral compute to run either long-running or resource intensive jobs without reserving compute for long periods of time.


Written by Mutahhir Hayat.
Should be doing other things, keeps coding instead