A plain-English reference for recruiters who hire for AWS roles — what the world's biggest cloud platform actually does, the services that fill résumés, the people who build with them, and exactly how to find and screen them.
If you only remember one thing: AWS (Amazon Web Services) is a giant set of computers, storage, and software tools that Amazon rents out over the internet, so companies don't have to buy and run their own. It's the largest cloud platform in the world.
Imagine you want to open a restaurant. You could spend a fortune building your own commercial kitchen, buying ovens, and hiring people to maintain them — before serving a single customer. Or you could rent a fully-equipped commercial kitchen by the hour, scale up when you're busy, and pay only for the time you use.
AWS is that rented kitchen, but for computing. Instead of buying servers and running them in a data centre, a company "rents" Amazon's computing power, storage, and ready-made tools over the internet, paying only for what they use. Amazon built this infrastructure to run its own colossal store — then opened it for everyone else to rent. It launched in 2006 and effectively created the modern cloud industry.
Virtual computers, storage drives, networks, and databases — all available on demand in minutes. No hardware to buy, no data centre to run. Turn it on when needed, off when not.
On top of raw infrastructure sit ready-made tools: databases, analytics, AI, security, messaging. Companies assemble these like LEGO instead of building everything from scratch.
Like a utility bill. A company spends more during a busy sale, scales down overnight, and the cost follows usage. This is why "cost optimisation" is a real, paid job in cloud teams.
Netflix, Airbnb, NASA, banks, and start-ups run on AWS. Roughly a third of all cloud spending goes to AWS — so "AWS experience" is one of the most common requirements you'll source for.
A few names cause confusion. AWS is Amazon's cloud platform — the engineering side this guide is about. Amazon.com is the shopping site (different thing). Service names follow a pattern: "Amazon [something]" or "AWS [something]" — e.g., Amazon S3, AWS Lambda. They're nearly always shortened on résumés (S3, EC2, RDS). If a résumé is full of two- and three-letter names starting with E, S, or R, that's AWS.
"Tech stack" just means the set of tools used to build something. AWS's 200+ services group into seven families. You don't need to operate them — you need to recognise them on a résumé and know roughly what each is for.
This is the engine room. When a company runs a website, an app, or background processing, the code has to execute somewhere. These services are the different kinds of "somewhere" — from a full rented computer you manage yourself, to a service where you just hand Amazon your code and it runs automatically.
"Elastic Compute Cloud" — rent a virtual computer and run anything on it. The original, most flexible AWS service.
"Serverless" — give Amazon a small piece of code; it runs only when triggered, and you pay per use. Hugely popular.
Run apps packaged in "containers" and scale them automatically. EKS is the managed Kubernetes version — industry standard.
"Just run my containers/app, don't make me manage servers." The easiest, lowest-maintenance ways to deploy.
Every company on AWS uses something here. A retailer's checkout, a bank's mobile app, a streaming backend — the running code lives on EC2, Lambda, or containers. "EC2" and "Lambda" are two of the most common terms you'll ever source for.
Apps need to remember things: user accounts, orders, photos, transactions. Different data needs different storage — a video isn't stored like a bank balance. These services are those different "filing systems."
"Simple Storage Service" — a giant online drive for files: images, video, backups, data lakes. The single most famous AWS service. Files live in "buckets."
Traditional "spreadsheet-like" databases (rows and columns) for orders and users. Aurora is Amazon's faster, cloud-built version.
A super-fast, massive-scale database for apps that need instant responses at any size — gaming, retail, mobile.
Hard drives for EC2 (EBS), shared file storage (EFS), and an ultra-fast "memory" cache that speeds apps up (ElastiCache).
A photo app stores images in S3 and accounts in RDS. A game uses DynamoDB for instant player data. A bank uses Aurora for transactions. "S3" appears on almost every AWS résumé.
Companies collect enormous amounts of data, but it's useless until someone asks it questions: "Which products sell best on Fridays?" "Which customers are about to leave?" This stack is the machinery for collecting, cleaning, and questioning data at huge scale.
A data warehouse — answers questions across billions of rows fast. The flagship analytics service; common on data résumés.
Ask questions directly against files in S3 (Athena), and process truly massive datasets in big batches (EMR).
Cleans and moves data between systems (Glue) and handles live, real-time data streams as they happen (Kinesis).
Turns data into dashboards and charts that business teams actually read — the "report" layer on top of the data.
Retailers forecast demand, banks detect fraud in real time, media firms analyse viewing, and marketing teams build dashboards — often with Redshift or Athena at the centre and Glue moving the data.
Machine learning means software that learns patterns from examples instead of being told every rule. This stack lets companies build their own AI (a model predicting which customers will churn) or tap ready-made AI, including the latest generative-AI models, through a single service.
The one-stop workshop to build, train, and run custom AI models. The most important name in this stack for ML engineers.
One door to many top generative-AI models (including Anthropic's Claude). The headline service for building AI assistants and agents.
Amazon's AI assistant for businesses and developers — answers questions about a company's own data and code.
Pre-built AI that reads images, understands text sentiment, and pulls data out of forms — no model-building required.
Insurers automate claims with Textract, retailers personalise recommendations, contact centres deploy AI assistants, and nearly every industry is now piloting Bedrock-based generative-AI applications.
"DevOps" is the practice of getting new software changes from a developer's laptop into the live product quickly without breaking things. This stack is the conveyor belt and the quality control: build the code, test it, package it, release it, watch it.
"Infrastructure as code" — set up the entire cloud from a written script instead of clicking buttons. Repeatable and reviewable.
The automated "CI/CD pipeline": every code change is built, tested, and shipped automatically and safely.
The dashboards and alarms that show when something is slow or broken (CloudWatch), and a record of who did what (CloudTrail).
A secure storeroom for packaged software (ECR) and a tool that traces a request to find what's slow (X-Ray).
Any company releasing software frequently — fintech, SaaS, media — lives here. "CI/CD," "CloudFormation," and "Terraform" on a résumé point straight to this stack.
If compute is the buildings and storage is the warehouses, networking is the roads, on-ramps, and traffic lights connecting them — and connecting users to the company. It decides how data travels, how fast, and how safely.
"Virtual Private Cloud" — a company's own private, walled-off network inside AWS. The foundation everything else connects to.
Caches content close to users worldwide for speed (CloudFront, a CDN), and translates website names into addresses (Route 53, DNS).
Spreads incoming traffic across many servers so no single one is overwhelmed during a spike. Keeps sites up under load.
A private high-speed line from a company's own data centre to AWS (Direct Connect), and a managed "front door" for APIs (API Gateway).
Critical for banks (private, compliant connectivity), global media (fast delivery via CloudFront), and any large enterprise running a "hybrid" mix of AWS and their own data centres.
Every other stack is only as safe as this one. Security & Identity controls who can access which resources, encrypts sensitive data, watches for threats, and proves the company meets regulations. In banking, healthcare, and government this stack is non-negotiable.
"Identity & Access Management" — the master keyring defining exactly who (or which app) can do what. The single most important security concept on AWS.
Safely stores encryption keys and passwords so they're never left lying around in code or files.
Automatically watches for attacks and suspicious behaviour (GuardDuty) and shows all risks in one dashboard (Security Hub).
Manages app sign-in/sign-up (Cognito), filters malicious web traffic (WAF), and blocks large-scale attacks (Shield).
Heaviest in regulated industries — banking, healthcare, government, insurance — where "IAM," "compliance," and "zero trust" on a résumé are strong signals for security roles.
Nobody knows all 200+ services, and you don't need to. Fast mental model: a candidate heavy on EC2 / Lambda / EKS is an infrastructure/DevOps person; Redshift / Glue / Kinesis is a data person; SageMaker / Bedrock is an AI/ML person; IAM / GuardDuty is a security person; VPC / CloudFront is a networking person. Use the stack a résumé leans into to predict the role family.
These are the job titles you'll be sourcing. For each: a plain-English description of what they do, the skills to look for, how the role shows up across industries, and where they spend time online. Compensation ranges are broad U.S. community estimates that vary heavily by seniority, location, and employer — use them only to calibrate conversations, never to quote candidates.
AWS's signature role and one of the most in-demand cloud titles anywhere. The "town planner" of a company's cloud: they decide which AWS services to use, how they fit together, how to keep cost and risk down, and how to migrate existing systems over. They produce blueprints; engineers build to them.
Senior, big-picture role. They translate business goals ("handle 10x traffic on launch day") into a technical design.
AWS re:Post community, AWS Heroes & Community Builders directories, Medium, the AWS Architecture Center, certification (Credly) badge directories, and architecture-focused LinkedIn groups. Many speak at AWS user groups — a searchable signal.
The hands-on builder and operator. While the architect draws the plan, this person constructs and runs it: setting up servers, networks, databases, and access, then keeping them healthy day to day. The broadest, most common AWS role — the "general contractor."
Heavy overlap with DevOps; many job ads use the titles interchangeably.
GitHub (Terraform/infrastructure repos), Stack Overflow, the r/aws subreddit, AWS re:Post, and local AWS User Groups / AWS Community Days held in most major cities.
They build the "assembly line" that ships software automatically (CI/CD) and own keeping the live product reliable. SRE treats reliability as an engineering problem using measurable targets ("SLOs") and "error budgets" instead of guesswork.
If something breaks at 3 a.m., this team is paged. Their job is to make sure it almost never does.
GitHub, the CNCF / Kubernetes community (Slack, KubeCon), DevOps subreddits, Stack Overflow, and SRE/DevOps conference speaker lists — a goldmine for senior talent.
They build the "plumbing" that moves data from where it's created (apps, sensors, transactions) to where it's analysed (Redshift / S3 data lake), cleaning and reshaping it along the way. Without them, analysts and data scientists have nothing reliable to work with.
They build and maintain the pipes; analysts and scientists drink the water.
Kaggle, GitHub, Stack Overflow, the dbt & data-engineering communities, Medium data publications, and data-focused Slack/Discord groups.
They build, train, and deploy machine-learning models — and increasingly, generative-AI applications using Amazon Bedrock. On AWS this centres on SageMaker. They turn a business problem ("predict which loans will default") into a working, monitored model in production.
The fastest-growing, highest-paid family on the platform, especially anyone with generative-AI / LLM experience.
Kaggle (competition rankings are real signal), Hugging Face, GitHub, arXiv (research-leaning candidates), and ML-focused Discord/Slack communities.
They make sure the cloud is locked down: who can access what (IAM), data is encrypted, threats are detected, and the company can prove it meets regulations. They think like an attacker to defend like a professional.
Demand is acute in regulated industries and rising everywhere as AI expands the attack surface.
Security subreddits and forums, GitHub security tooling, conference CTF and talk lists, certification directories, and security communities (ISC2, local OWASP/cloud-security chapters).
They design and run the "roads" of the cloud: private networks (VPC), load balancing, secure links to a company's own data centres, and global content delivery. They make sure data gets where it needs to go — fast, reliably, and privately.
Especially important for large enterprises running "hybrid" setups (part AWS, part their own hardware).
Networking communities and forums, certification holders (often dual-certified with Cisco/CCNP), GitHub network-automation repos, and infrastructure-focused groups.
They write the actual software — the app or service customers use — designed to run natively on AWS. They use serverless tools (Lambda, API Gateway), databases (DynamoDB), and AWS APIs to build features quickly without managing servers.
Closest to a traditional software engineer, but cloud-native by default.
GitHub (active project portfolios are the strongest signal), Stack Overflow, dev.to, AWS user groups, hackathon platforms, and language-specific communities.
They choose, set up, tune, and protect the databases holding a company's most critical data. They make databases fast, ensure they never lose data, plan disaster recovery, and migrate cleanly from old systems (e.g., Oracle/SQL Server) onto AWS.
Quiet but mission-critical — when a database is slow or down, the whole business feels it. (AWS retired its standalone Database Specialty exam, so look for hands-on RDS/Aurora/DynamoDB depth rather than that specific cert.)
Database-specific forums and user groups, GitHub, Stack Overflow / DBA Stack Exchange, PostgreSQL/MySQL communities, and certification directories.
Ready-to-paste search strings, plus the platforms beyond LinkedIn where AWS talent actually congregates. Boolean strings work in LinkedIn Recruiter, Google search, and most ATS keyword fields.
"AND" means both must appear; "OR" means any one; quotes keep phrases together; brackets group options. Copy, paste, and swap the location or seniority terms as needed.
AWS talent is unusually visible — many publish code, write tutorials, earn public badges, answer questions, and join user groups. These platforms surface candidates who don't show up in a LinkedIn search.
Search by language + AWS keywords. Active repos, Terraform modules, and contribution history are the strongest proof of real skill for engineers and developers.
Filter by AWS-specific tags. High-reputation answerers on EC2, S3, Lambda, or Terraform questions are demonstrably knowledgeable practitioners.
AWS's official community. "Selected" answerers and high-reputation members are verified, engaged practitioners — easy to identify and often open to opportunities.
Public directories of AWS-recognised experts and rising practitioners. Among the highest-signal talent pools that exist for the platform.
Volunteer-run communities in most cities worldwide. Organisers and speakers are highly skilled and well-networked — excellent for warm sourcing and referrals.
AWS certifications are issued as Credly badges. The public directory is searchable by certification — a clean way to find verified Associate/Professional holders.
Competition rankings, public notebooks, and dataset work are verifiable signals for data engineers and ML/AI engineers. "Kaggle Master" is meaningful.
Practitioners explaining what they've built on AWS. Authors are self-identified experts — great for senior outreach with credible context.
Not a direct sourcing tool, but invaluable for understanding what real practitioners care about — sharpens your screening questions and outreach credibility.
The single highest-signal move for AWS roles: verify badges. A candidate with a public Credly badge for "AWS Certified Solutions Architect – Professional," or who appears in the AWS Heroes / Community Builders directory, has provably done the work. It cuts through résumé inflation faster than any keyword.
The fastest way to stop feeling lost on a screening call is to watch someone explain the concept once. Below are channels and official resources chosen for non-technical viewers, organised by the top skills you'll encounter — each with a direct link. Subscriber counts are approximate and change over time; links point to channels and official resource hubs (which stay stable) rather than individual videos (which can be removed).
AWS's own channel. The "AWS in a Minute" and "Back to Basics" series explain individual services in plain terms — ideal pre-screen prep.
youtube.com/@amazonwebservicesHome of Andrew Brown's famous free AWS Certified Cloud Practitioner course. Long, but the first 30–60 minutes give a recruiter the whole mental model.
youtube.com/@freecodecampAWS's own free learning platform. The "AWS Cloud Practitioner Essentials" path is the single best non-technical foundation that exists — no coding.
skillbuilder.awsThe official certification hub. Shows exactly which cert maps to which role — useful for writing accurate job descriptions and understanding seniority.
aws.amazon.com/certificationFamous for explaining containers, Kubernetes, and CI/CD in genuinely plain terms with clear diagrams. The "DevOps in 10 minutes" video is ideal recruiter prep.
youtube.com/@TechWorldwithNanaClear, practical AWS tutorials by an ex-AWS engineer. Excellent for understanding the vocabulary DevOps and serverless candidates actually use.
youtube.com/@BeABetterDevOne of the most respected AWS certification instructors. His free "AWS Certified Solutions Architect" overview videos explain core concepts cleanly.
youtube.com/@StephaneMaarekReal reference architectures with plain-language overviews. Skim a diagram before an architect screen to recognise the shape of a "good" answer.
aws.amazon.com/architectureShort whiteboard explainers ("What is an LLM?", "What is MLOps?"). Perfect for understanding the AI terminology ML candidates use, in plain language.
youtube.com/@IBMTechnologyThe official product pages open with a plain "what it is / what it's for" summary before any technical detail — enough to brief yourself before an ML screen.
aws.amazon.com/sagemakerAWS's own short explainers on IAM, encryption, and zero trust. The IAM video alone demystifies the most common security term you'll hear on calls.
youtube.com/@amazonwebservicesClear, jargon-light explanations of zero trust, encryption, and least privilege — the exact concepts that separate strong security candidates from weak ones.
youtube.com/@IBMTechnologyYou don't need to study — you need vocabulary recognition. Watch one short official "AWS in a Minute" for whatever stack the role touches the morning of a screen. When a candidate says "we ran it on EC2 behind a load balancer with a CI/CD pipeline," you'll know that's a normal, good sentence — not a wall of mystery. The free AWS Skill Builder — Cloud Practitioner Essentials path is the best structured non-technical primer that exists.
You're not testing for the perfect technical answer — you're listening for clear thinking, real experience, and honest uncertainty. Each role gives you questions, what strong / average / weak answers sound like, and the flags to watch for. Judge the shape of the answer, not the technical detail.
Solid fundamentals and a learning project or labs — not production scale.
Owns a real component end-to-end and explains trade-offs clearly.
Thinks in business outcomes, mentors others, has migration or scale stories.
Strong SQL and a clear understanding of what a pipeline is.
Built and maintained real pipelines with data-quality handling.
Designs the data platform, sets standards, optimises cost at scale.
Solid ML basics, a project, and curiosity — production exposure a bonus.
Has shipped at least one model/feature and understands MLOps.
Owns ML systems end-to-end, sets practices, handles ambiguity.
Understands CI/CD and containers conceptually; eager to automate.
Has owned pipelines and been on call for real systems.
Designs reliability strategy, leads incidents, defines SLOs.
Solid IAM and encryption fundamentals; security curiosity.
Has hardened real environments and handled compliance work.
Owns security posture and strategy; advises leadership.
The universal tell across every role: a strong candidate explains why and is comfortable saying "it depends" or "here's what I'd do differently." A weak candidate recites service names and claims everything always worked. You don't need to judge technical correctness — judge the clarity, the honesty about trade-offs, and whether they can tell their own contribution apart from the team's.
The terms you'll see most often on AWS résumés and in screening calls, in one line each.