Skip to main content

The service map: five primitives behind everything

A cloud provider's catalog lists hundreds of services, and that list is genuinely intimidating on day one. This chapter dissolves the intimidation by showing you that almost everything is assembled from just five primitives. Learn these five and you can read any architecture diagram, plan any system, and slot every fancy-sounding service into a box you already understand.

The five primitives

Every cloud application, from a hobby blog to a bank, is built from some combination of:

  1. Computesomething to run your code. Virtual machines, containers, or serverless functions. Without compute, nothing executes.
  2. Storagesomewhere to keep your data at rest. Files and blobs (object storage), raw disks (block storage), or shared file systems. Without storage, nothing persists.
  3. Databasessomewhere to store and query structured data. Relational (SQL) or non-relational (NoSQL), almost always offered "managed" so you don't run the database engine yourself.
  4. Networkingthe wiring that connects it all and controls who can reach what. Private networks, subnets, load balancers, and DNS. Without networking, the pieces can't talk and users can't reach you.
  5. Identity & access (IAM)the rules for who is allowed to do what. The permission system that sits in front of every other primitive. Without IAM, everything is either wide open or locked shut.
5 · Identity &Access (IAM)\nwho isallowed to do what —1 · Compute\nrunyour code2 · Storage\nkeepyour data3 · Databases\nquerystructured data4 ·Networking\nconnect& expose itinside

The diagram captures the relationship: compute, storage, databases, and networking are the four things you wire together, and IAM wraps all of them — every action against every primitive passes through an identity check first.

How a real request uses all five

To see them cooperate, trace a single web request — a user loading their profile page:

  1. Networking routes the request: DNS turns your domain into an address, and a load balancer picks a healthy server to handle it.
  2. Compute runs your application code — say a container — that handles the request.
  3. The code reads the user's record from a database, and fetches their profile photo from storage (object storage).
  4. Every one of those reads is permitted (or denied) by IAM: the compute's identity must be allowed to read that database and that bucket.
  5. The response flows back out through networking to the user.

Five primitives, one page load. Every system you'll ever build is this pattern repeated and elaborated.

How to read the rest of this chapter

The next five lessons take one primitive each and teach it as a durable concept first, then map it across AWS, GCP, and Azure with the translation table from Chapter 1. The order is deliberate:

  • 2.2 Compute — the three ways to run code (VM, container, serverless) and how to choose.
  • 2.3 Storage — object vs block vs file, and when each fits.
  • 2.4 Databases — SQL vs NoSQL, and why "managed" is almost always the answer.
  • 2.5 Networking — VPCs, subnets, load balancers, and DNS: the wiring and the gates.
  • 2.6 Messaging — queue, pub/sub, and stream: how components talk asynchronously and stay decoupled.
  • 2.7 Caching & CDNs — serve ready-made copies close to the user to cut latency, load, and cost.
  • 2.8 IAM — the permission model that secures everything else, and the principle of least privilege.

:::tip Why concepts before products Every service you'll meet for the rest of your career is a variation on one of these five. A "managed message queue," a "data warehouse," a "CDN" — each is a specialization of compute, storage, or networking. Anchor on the five and the catalog becomes navigable instead of overwhelming. :::

Why it matters

The cloud's hundreds of services collapse into five primitives: compute (run code), storage (keep data), databases (query structured data), networking (connect and expose), and identity (control who can do what). Every architecture is these five wired together, with IAM wrapping them all, and a single web request touches every one. With this map in hand, the rest of the chapter — and most of the rest of the field — becomes a matter of going deep on each box, one at a time. We start with the box where everything actually executes: compute.

Next: Compute: VMs, containers & serverless →