Amazon Web Services

Cloud Computing, Services & Architecture Fundamentals

Cloud Computing Basics

Cloud Service Models

ModelDescriptionYou ManageExample
IaaSInfrastructure as a ServiceOS, Apps, DataEC2, VMs
PaaSPlatform as a ServiceApps, DataElastic Beanstalk
SaaSSoftware as a ServiceNothingGmail, Salesforce

AWS Global Infrastructure

  • Regions: Geographic areas with multiple data centers (us-east-1, eu-west-1)
  • Availability Zones (AZs): Isolated data centers within a region
  • Edge Locations: CDN endpoints for CloudFront
AWS Free Tier: 12 months free with 750 hrs/month of t2.micro EC2, 5GB S3, and more.

Compute - EC2

EC2 (Elastic Compute Cloud) provides resizable virtual servers in the cloud.

Instance Types

TypeUse Case
t2/t3 (General)Web servers, small DBs
c5/c6 (Compute)CPU-intensive workloads
r5/r6 (Memory)In-memory databases
g4/p4 (GPU)ML, graphics rendering
i3/d3 (Storage)High I/O workloads

Pricing Models

  • On-Demand: Pay by the hour, no commitment
  • Reserved: 1-3 year commitment, up to 75% off
  • Spot: Bid on unused capacity, up to 90% off
  • Dedicated: Physical server for compliance

AWS CLI Commands

Bash 
# Configure AWS CLI
aws configure

# EC2 Commands
aws ec2 describe-instances
aws ec2 start-instances --instance-ids i-1234567890abcdef0
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

# Launch instance
aws ec2 run-instances \
    --image-id ami-0123456789abcdef0 \
    --instance-type t2.micro \
    --key-name MyKeyPair \
    --security-group-ids sg-12345678

Storage - S3

S3 (Simple Storage Service) is object storage with unlimited scalability.

Storage Classes

ClassUse CaseAvailability
S3 StandardFrequently accessed99.99%
S3 IAInfrequent access99.9%
S3 One Zone-IAInfrequent, single AZ99.5%
S3 GlacierArchive (minutes to retrieve)99.99%
S3 Glacier DeepLong-term archive (12 hrs)99.99%

S3 CLI Commands

Bash 
# Create bucket
aws s3 mb s3://my-bucket-name

# List buckets
aws s3 ls

# Upload file
aws s3 cp file.txt s3://my-bucket/
aws s3 cp folder/ s3://my-bucket/folder/ --recursive

# Download file
aws s3 cp s3://my-bucket/file.txt ./

# Sync directories
aws s3 sync . s3://my-bucket/
aws s3 sync s3://my-bucket/ . --delete

# Delete
aws s3 rm s3://my-bucket/file.txt
aws s3 rb s3://my-bucket --force

Other Storage Services

  • EBS (Elastic Block Store): Block storage for EC2
  • EFS (Elastic File System): Managed NFS for Linux
  • FSx: Windows file system or Lustre

Database Services

RDS (Relational Database Service)

Managed SQL databases: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, Aurora.

DynamoDB

Managed NoSQL key-value and document database with single-digit millisecond performance.

JavaScript (Node.js) 
const AWS = require('aws-sdk');
const dynamoDB = new AWS.DynamoDB.DocumentClient();

// Put item
await dynamoDB.put({
    TableName: 'Users',
    Item: {
        userId: '123',
        name: 'John Doe',
        email: 'john@example.com'
    }
}).promise();

// Get item
const result = await dynamoDB.get({
    TableName: 'Users',
    Key: { userId: '123' }
}).promise();

// Query
const users = await dynamoDB.query({
    TableName: 'Users',
    KeyConditionExpression: 'userId = :uid',
    ExpressionAttributeValues: { ':uid': '123' }
}).promise();

Other Database Services

  • Aurora: MySQL/PostgreSQL compatible, 5x faster
  • ElastiCache: Managed Redis/Memcached
  • Redshift: Data warehouse for analytics
  • DocumentDB: MongoDB compatible

Serverless - Lambda

AWS Lambda lets you run code without provisioning servers. Pay only for compute time.

Python (Lambda Handler) 
import json
import boto3

def lambda_handler(event, context):
    # Event contains trigger data
    name = event.get('name', 'World')
    
    # Access other AWS services
    s3 = boto3.client('s3')
    
    return {
        'statusCode': 200,
        'headers': {
            'Content-Type': 'application/json'
        },
        'body': json.dumps({
            'message': f'Hello, {name}!'
        })
    }

Lambda Triggers

  • API Gateway: HTTP requests
  • S3: Object uploads/deletes
  • DynamoDB: Table changes
  • SQS: Message queue
  • CloudWatch Events: Scheduled (cron)

Other Serverless Services

  • API Gateway: Create REST/WebSocket APIs
  • Step Functions: Orchestrate workflows
  • EventBridge: Event bus for applications
  • Fargate: Serverless containers

Networking - VPC

VPC (Virtual Private Cloud) is your isolated network in AWS.

VPC Components

  • Subnet: Range of IP addresses (public/private)
  • Route Table: Rules for network traffic
  • Internet Gateway: Connect VPC to internet
  • NAT Gateway: Allow private subnets to access internet
  • Security Group: Instance-level firewall (stateful)
  • Network ACL: Subnet-level firewall (stateless)

Other Networking Services

  • Route 53: DNS and domain registration
  • CloudFront: CDN for content delivery
  • Elastic Load Balancer: Distribute traffic (ALB, NLB)
  • Direct Connect: Dedicated network connection

Security - IAM

IAM (Identity and Access Management) controls access to AWS services.

IAM Concepts

  • Users: Individual people or applications
  • Groups: Collection of users
  • Roles: Temporary credentials for services
  • Policies: JSON documents defining permissions

IAM Policy Example

JSON 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::my-bucket/*"
        },
        {
            "Effect": "Deny",
            "Action": "s3:DeleteObject",
            "Resource": "*"
        }
    ]
}
Security Best Practices:
• Enable MFA on root account
• Use roles instead of access keys
• Follow principle of least privilege
• Rotate credentials regularly
• Use AWS Organizations for multiple accounts