Getting Started With AWS
What is AWS?
What is Cloud Computing?
Cloud computing is the practice of using computing resources over the internet instead of owning and maintaining physical hardware.
These resources include:
Virtual servers
Storage systems
Databases
Networking
Software and tools
In cloud computing:
You do not buy physical servers
You do not manage data centers
Resources are available instantly
You pay only for what you use
Cloud computing removes the need for upfront infrastructure investment and allows applications to scale easily based on demand.
What is AWS?
Amazon Web Services (AWS) is a cloud computing platform provided by Amazon that offers on demand infrastructure and managed services.
AWS provides:
Computing power
Storage solutions
Database services
Networking capabilities
Security and monitoring tools
AWS allows developers and companies to:
Deploy applications within minutes
Scale applications automatically
Run workloads globally
Reduce infrastructure and operational costs
AWS is used by startups, enterprises, and global companies to build reliable and scalable applications.
Why AWS?
Pay As You Go Pricing
No upfront hardware cost
No long term contracts
Charges based on actual usage
Ideal for beginners and startups
Free Tier available for learning
Scalability and Elasticity
Resources can scale up automatically when traffic increases
Resources can scale down when demand reduces
No manual server management required
Helps handle sudden traffic spikes efficiently
Global Reach
AWS operates data centers in multiple regions worldwide
Applications can be deployed closer to users
Reduces latency and improves performance
Supports global and multi-region applications
Reliability and Security
High availability using multiple Availability Zones
Built in fault tolerance
Strong security services for access control
Data encryption and monitoring supported
Cloud Service Models
IaaS (Infrastructure as a Service)
Provides virtual machines and infrastructure
User manages:
Operating system
Applications
Data
Cloud provider manages:
Physical servers
Networking
Virtualization
Examples: Amazon EC2, Amazon EBS
PaaS (Platform as a Service)
Provides a ready to use platform for application development
User manages:
Application code
Data
Cloud provider manages:
Operating system
Runtime environment
Infrastructure
Examples: AWS Elastic Beanstalk, Amazon RDS
SaaS (Software as a Service)
Fully managed software delivered over the internet
No infrastructure or platform management required
Accessible through web browsers or APIs
Examples: Gmail, Google Docs, Zoom
AWS Global Infrastructure
What is AWS Global Infrastructure?
AWS Global Infrastructure is the physical backbone of AWS that allows applications to run securely, reliably, and with low latency across the world.
It is designed to:
Serve users globally
Provide high availability
Ensure fault tolerance
Reduce application downtime
AWS Region
An AWS Region is a geographical area where AWS has multiple data centers.
Key points:
Each region is completely independent
Regions are located across different countries
Data stays within the selected region unless explicitly transferred
Examples: Asia Pacific (Mumbai), US East (N. Virginia), Europe (Frankfurt)
Why regions matter:
Compliance and data residency
Lower latency for users
Disaster recovery planning
Availability Zones (AZs)
An Availability Zone is a physically separate data center within a region.
Key points:
Each region has multiple AZs
AZs are isolated but connected with high speed networks
Designed to prevent failure impact from one AZ to another
Why AZs matter:
High availability
Fault tolerance
Zero or minimal downtime during failures
Example:
- Deploying an application across multiple AZs ensures it remains available even if one AZ fails.
Edge Locations
Edge Locations are AWS data centers used to deliver content with low latency to users.
Key points:
Used mainly by services like CloudFront
Content is cached closer to end users
Improves performance for static and dynamic content
Why edge locations matter:
Faster content delivery
Reduced load on origin servers
Better user experience globally
Region vs Availability Zone vs Edge Location
Region: Large geographical area containing multiple AZs
Availability Zone: Isolated data center within a region
Edge Location: Used for content delivery and caching
Why Multi AZ Architecture is Important
Improves application availability
Protects against data center failures
Ensures business continuity
Recommended best practice for production workloads
How AWS Global Infrastructure Helps Applications
Enables global deployment
Supports disaster recovery
Improves performance and reliability
Provides strong fault tolerance
Identity and Access Management (IAM) & Security
What is IAM?
AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS resources. It allows you to define who can access AWS and what actions they are allowed to perform.
IAM is a global service, meaning it applies across all AWS regions and is used as the foundation for securing AWS accounts.
IAM Users
An IAM User represents an individual person or application that interacts with AWS.
Each IAM user:
Has a unique identity
Can log in to the AWS Management Console
Can access AWS services using CLI or SDK
Gets permissions through IAM policies
IAM users are commonly created for developers, admins, or applications that require long term access.
IAM Groups
IAM Groups are used to manage permissions for multiple users together. Instead of assigning permissions to each user individually, permissions are assigned to the group.
Key characteristics:
Groups contain users only
Permissions are applied at the group level
A user can be part of multiple groups
This makes permission management easier and more organized.
IAM Roles
IAM Roles are designed to provide temporary permissions without sharing long-term credentials.
Unlike users, roles:
Do not have passwords or access keys
Are assumed by AWS services or users
Are commonly used for service to service communication
For example, an EC2 instance can assume a role to access S3 securely.
IAM Policies
IAM Policies define permissions in AWS. They specify what actions are allowed or denied on which resources.
Policies:
Are written in JSON format
Contain rules called statements
Can be attached to users, groups, or roles
Each policy statement includes:
Effect (Allow or Deny)
Actions
Resources
Principle of Least Privilege
The principle of least privilege means giving only the minimum permissions required to perform a task.
By following this principle:
Security risks are reduced
Accidental changes are prevented
AWS accounts remain more secure
AWS Shared Responsibility Model
AWS security follows a shared responsibility model where security is divided between AWS and the user.
AWS is responsible for:
Physical data centers
Hardware and networking
Infrastructure security
The user is responsible for:
IAM configuration
Application security
Data protection and encryption
OS and patch management for EC2
IAM Security Best Practices
To secure AWS accounts effectively:
Avoid using the root account for daily tasks
Enable multi factor authentication (MFA)
Use IAM roles instead of access keys where possible
Rotate credentials regularly
Monitor activity using AWS CloudTrail
Compute Services
Amazon EC2 (Elastic Compute Cloud)
Amazon EC2 is a service that provides virtual servers in the cloud. It allows users to run applications on scalable computing capacity without owning physical hardware.
With EC2, you can choose the operating system, instance type, and storage based on your application needs.
Key features of EC2:
On demand virtual machines
Full control over OS and software
Multiple instance types for different workloads
Integration with other AWS services
EC2 Instance Types
EC2 instances are categorized based on workload requirements.
Common categories include:
General Purpose – balanced compute, memory, and networking
Compute Optimized – CPU intensive tasks
Memory Optimized – memory intensive applications
Storage Optimized – high disk performance
Choosing the right instance type helps optimize performance and cost.
Security Groups
Security Groups act as a virtual firewall for EC2 instances. They control inbound and outbound traffic at the instance level.
Important points:
Allow rules only (no deny rules)
Stateful in nature
Applied directly to EC2 instances
Commonly used to allow HTTP, HTTPS, and SSH access
Key Pairs
Key Pairs are used to securely connect to EC2 instances.
Key characteristics:
Consist of a public key and a private key
Private key is used to log in to the instance
Required for SSH access to Linux instances
Key pairs help prevent unauthorized access to EC2 servers.
Auto Scaling
Auto Scaling automatically adjusts the number of EC2 instances based on demand. It ensures applications have the right amount of compute capacity at all times.
Auto Scaling helps with:
High availability
Cost optimization
Automatic scaling during traffic spikes
Replacing unhealthy instances
Elastic Load Balancer (ELB)
Elastic Load Balancer distributes incoming traffic across multiple EC2 instances to improve availability and fault tolerance.
Benefits of using ELB:
Prevents overloading a single server
Improves application reliability
Works with Auto Scaling
Supports health checks
Types of Load Balancers
AWS provides different types of load balancers based on use case:
Application Load Balancer (ALB) – Layer 7, used for HTTP/HTTPS
Network Load Balancer (NLB) – Layer 4, high-performance use cases
Classic Load Balancer – legacy option
How These Services Work Together
In a typical architecture:
EC2 instances run the application
ELB distributes traffic across instances
Auto Scaling adjusts the number of instances based on demand
Security Groups control access to the instances
This combination ensures scalability, availability, and security.
Storage Services
Amazon S3 (Simple Storage Service)
Amazon S3 is an object storage service designed to store and retrieve any amount of data from anywhere on the internet. It is highly scalable, durable, and commonly used as the default storage service in AWS.
In S3, data is stored as objects inside buckets rather than traditional folders or disks.
Key characteristics of S3:
Unlimited storage capacity
Data stored as objects (files + metadata)
Highly durable and available
Accessible via web, CLI, or SDK
S3 Buckets and Objects
An S3 bucket is a container for storing objects.
Important points:
Bucket names must be globally unique
Buckets are created in a specific region
Objects are the actual files stored in buckets
Each object consists of:
Object data (file)
Metadata
Unique object key
S3 Storage Classes
S3 provides different storage classes based on access frequency and cost.
Common storage classes:
S3 Standard – frequently accessed data
S3 Intelligent-Tiering – automatic cost optimization
S3 Standard-IA – infrequently accessed data
S3 Glacier – archival and long-term storage
Choosing the right storage class helps reduce storage costs.
S3 Security and Access Control
S3 security is managed using:
Bucket policies
IAM policies
Public and private access settings
Key points:
Buckets are private by default
Public access must be explicitly enabled
Supports encryption at rest and in transit
Amazon EBS (Elastic Block Store)
Amazon EBS provides block level storage that is attached to EC2 instances. It behaves like a physical hard drive for virtual servers.
EBS is mainly used for:
Operating systems
Databases
Application files that require low latency
Key features of EBS:
Persistent storage
High performance
Automatically replicated within an Availability Zone
S3 vs EBS
S3 and EBS serve different purposes in AWS.
Main differences:
S3 is object storage, EBS is block storage
S3 is accessed over the internet, EBS is attached to EC2
S3 is highly durable across AZs, EBS is limited to one AZ
S3 is ideal for backups and static content, EBS for OS and databases
Amazon EFS (Elastic File System)
Amazon EFS is a managed file storage service that can be shared across multiple EC2 instances.
EFS provides:
File-based storage
Automatic scaling
Access from multiple EC2 instances simultaneously
It is commonly used for:
Shared application files
Content management systems
Microservices requiring shared storage
When to Use Which Storage
Use S3 for backups, static files, logs, and media
Use EBS for EC2 operating systems and databases
Use EFS when multiple EC2 instances need shared access
Database Services
Amazon RDS (Relational Database Service)
Amazon RDS is a managed relational database service that makes it easy to set up, operate, and scale relational databases in the cloud.
With RDS, AWS handles most of the database administration tasks, allowing developers to focus on application logic instead of database maintenance.
RDS supports popular database engines:
MySQL
PostgreSQL
MariaDB
Oracle
SQL Server
Key Features of RDS
RDS provides several built in features that simplify database management:
Automated backups
Database snapshots
Automatic patching
Monitoring and performance metrics
High availability using Multi-AZ deployment
These features help ensure reliability and data safety.
RDS Multi-AZ Deployment
Multi-AZ deployment creates a standby replica of the database in another Availability Zone.
Important points:
Improves availability and fault tolerance
Automatic failover during outages
No manual intervention required
Mainly used for production environments
Amazon DynamoDB
Amazon DynamoDB is a fully managed NoSQL key value database designed for high performance and massive scalability.
Unlike relational databases, DynamoDB does not use tables with joins. It stores data as items identified by primary keys.
Key characteristics:
Serverless and fully managed
Single digit millisecond latency
Automatic scaling
Highly available across multiple AZs
DynamoDB Data Model
DynamoDB organizes data using:
Tables
Items (rows)
Attributes (columns)
Each item is uniquely identified using:
Partition key
Optional sort key
This design allows DynamoDB to scale horizontally with minimal latency.
RDS vs DynamoDB
RDS and DynamoDB are used for different types of applications.
Main differences:
RDS is relational, DynamoDB is NoSQL
RDS supports complex queries and joins
DynamoDB is designed for high-scale, low-latency workloads
RDS is ideal for structured data, DynamoDB for flexible schemas
When to Use Which Database
Use RDS when you need relational data, transactions, and complex queries
Use DynamoDB when you need high scalability and low latency
Choose based on application requirements and access patterns
Networking Basics
Amazon VPC (Virtual Private Cloud)
Amazon VPC is a logically isolated virtual network where you launch AWS resources like EC2, RDS, and Load Balancers.
A VPC gives you control over:
IP address range
Subnets
Routing
Network security
It acts like your own private data center inside AWS.
Subnets
A subnet is a range of IP addresses within a VPC. Subnets allow you to organize and isolate resources.
There are two main types of subnets:
Public Subnet – resources have access to the internet
Private Subnet – resources do not have direct internet access
Best practice:
Place load balancers in public subnets
Place databases in private subnets
Internet Gateway (IGW)
An Internet Gateway allows communication between resources in a VPC and the internet.
Key points:
Attached to a VPC
Enables inbound and outbound internet traffic
Required for public subnets to access the internet
Without an Internet Gateway, resources remain isolated from the public internet.
Route Tables
Route tables control how network traffic flows within a VPC.
Each route table contains:
Destination (IP range)
Target (IGW, NAT Gateway, or local)
Important points:
Every subnet must be associated with a route table
Routes determine whether a subnet is public or private
NAT Gateway
A NAT Gateway allows instances in a private subnet to access the internet without being exposed to inbound traffic.
Use cases:
Download updates
Access external APIs
Maintain security for private resources
NAT Gateways are commonly used for backend servers.
Security Groups
Security Groups act as virtual firewalls at the instance level.
Key characteristics:
Stateful
Allow rules only
Applied to EC2 and other resources
Control inbound and outbound traffic
Security Groups are the first layer of network security.
Network ACLs (NACLs)
Network ACLs provide security at the subnet level.
Key characteristics:
Stateless
Support allow and deny rules
Applied to all resources in a subnet
NACLs act as an additional layer of security.
Security Groups vs Network ACLs
Security Groups:
Operate at instance level
Stateful
Only allow rules
Network ACLs:
Operate at subnet level
Stateless
Allow and deny rules
How Networking Components Work Together
In a typical setup:
VPC provides the network
Subnets divide the network
Route tables control traffic flow
Internet Gateway enables internet access
Security Groups and NACLs secure resources
Monitoring & Logging
Amazon CloudWatch
Amazon CloudWatch is a monitoring service that helps you observe and track the performance of AWS resources and applications in real time.
CloudWatch collects metrics, logs, and events, allowing teams to detect issues early and maintain system health.
Key capabilities of CloudWatch:
Resource performance monitoring
Application log collection
Custom metrics support
Alarm and notification setup
CloudWatch Metrics
Metrics are numerical data points that represent the performance of AWS resources.
Common metrics include:
CPU utilization
Memory usage
Disk I/O
Network traffic
Metrics help identify performance bottlenecks and resource utilization trends.
CloudWatch Logs
CloudWatch Logs store and manage log files generated by AWS services and applications.
Important uses:
Debugging application issues
Analyzing system behavior
Centralized log management
Logs can be collected from EC2, Lambda, and other AWS services.
CloudWatch Alarms
CloudWatch Alarms monitor metrics and trigger actions when thresholds are crossed.
Alarms can:
Send notifications via SNS
Trigger Auto Scaling actions
Help respond to incidents quickly
Example:
- Alert when CPU usage exceeds a defined limit.
AWS CloudTrail
AWS CloudTrail is a service that records API calls and account activity in your AWS account.
CloudTrail helps with:
Security auditing
Compliance monitoring
Tracking who did what and when
Investigating suspicious activity
CloudTrail Logs
CloudTrail logs include:
Identity of the caller
Time of the API request
Source IP address
Actions performed
These logs are useful for auditing and security analysis.
CloudWatch vs CloudTrail
CloudWatch focuses on:
Performance monitoring
Resource health
Logs and alarms
CloudTrail focuses on:
User activity
API call history
Security and compliance
Why Monitoring and Logging Matter
Monitoring and logging ensure:
High application availability
Faster issue detection
Better security visibility
Improved system reliability
DevOps & Deployment Basics (CI/CD)
What is DevOps?
DevOps is a set of practices that aims to reduce the gap between development and operations teams. It focuses on automating software delivery, improving collaboration, and ensuring faster and reliable releases.
DevOps helps teams:
Release features faster
Reduce deployment failures
Improve system stability
Automate repetitive tasks
What is CI/CD?
CI/CD stands for Continuous Integration and Continuous Deployment.
Continuous Integration (CI) is the practice of automatically building and testing code whenever changes are pushed.
Continuous Deployment (CD) is the practice of automatically deploying tested code to production or staging environments.
CI/CD ensures that applications are always in a deployable state.
CI/CD in AWS
AWS provides managed services to build complete CI/CD pipelines without managing servers.
AWS CI/CD services include:
CodeCommit
CodeBuild
CodeDeploy
CodePipeline
These services integrate well with each other and other AWS services.
AWS CodeCommit
AWS CodeCommit is a fully managed source control service that hosts Git repositories.
Key points:
Secure and scalable Git repositories
Integrated with IAM for access control
Used to store application source code
AWS CodeBuild
AWS CodeBuild is a build service that compiles source code, runs tests, and produces build artifacts.
CodeBuild:
Automatically scales build resources
Supports multiple programming languages
Eliminates the need to manage build servers
AWS CodeDeploy
AWS CodeDeploy is used to automate application deployments to compute services like EC2 and Lambda.
It helps:
Reduce deployment downtime
Handle rolling and blue-green deployments
Monitor deployment success or failure
AWS CodePipeline
AWS CodePipeline is a CI/CD orchestration service that automates the entire release process.
Pipeline stages typically include:
Source
Build
Test
Deploy
CodePipeline connects all CI/CD services into a single automated workflow.
How CI/CD Works in AWS
In a typical setup:
Code is pushed to CodeCommit
CodeBuild builds and tests the application
CodeDeploy deploys the application
CodePipeline manages the entire flow
This automation ensures consistent and reliable deployments.
Serverless Basics
What is Serverless?
Serverless is a cloud computing model where developers do not manage servers. The cloud provider automatically handles infrastructure provisioning, scaling, and maintenance.
In serverless architecture:
No server management is required
Applications scale automatically
Billing is based on actual execution time
AWS Lambda
AWS Lambda is a serverless compute service that runs code in response to events without provisioning or managing servers.
Lambda allows developers to:
Run backend logic without managing EC2
Execute code only when triggered
Scale automatically based on requests
Key characteristics of Lambda:
Event-driven execution
Supports multiple programming languages
Short-lived executions
Pay only for execution time
Lambda Triggers
Lambda functions can be triggered by various AWS services.
Common triggers include:
API Gateway
S3 events
DynamoDB streams
CloudWatch events
This makes Lambda suitable for building event-driven systems.
Amazon API Gateway
Amazon API Gateway is a managed service that allows you to create, publish, and manage APIs.
API Gateway is commonly used to:
Expose backend services to frontend applications
Connect Lambda functions to HTTP endpoints
Secure APIs using authentication and throttling
Lambda + API Gateway Architecture
In a typical serverless setup:
API Gateway receives HTTP requests
Requests trigger Lambda functions
Lambda processes the logic
Response is returned to the client
This architecture is widely used for building scalable backend APIs.
Benefits of Serverless Architecture
Serverless provides:
Automatic scaling
High availability
Reduced operational overhead
Cost efficiency for low-to-medium workloads
Pricing & Cost Management
AWS Pricing Model
AWS follows a pay-as-you-go pricing model, meaning you only pay for the resources you use. There are no upfront costs for most services, making it flexible for beginners and businesses.
Key points:
Pay per compute hour, storage, or request
Free Tier available for 12 months on selected services
Pricing varies by region and service type
Allows cost optimization based on usage
AWS Free Tier
The AWS Free Tier allows new users to experiment and learn AWS services without incurring charges.
Free Tier includes:
750 hours of EC2 t2.micro instances per month
5 GB of S3 standard storage
750 hours of RDS Single-AZ db.t2.micro
Free Lambda requests up to 1 million per month
Cost Optimization Strategies
To manage costs efficiently:
Use Auto Scaling to adjust resources dynamically
Choose right instance types for workloads
Use S3 storage classes based on access patterns
Delete unused resources
Monitor usage using AWS Cost Explorer
Billing and Monitoring Tools
AWS provides tools to track and manage costs:
AWS Cost Explorer – visualize and analyze costs
AWS Budgets – set alerts for budget thresholds
AWS Trusted Advisor – recommendations to reduce cost
Why Cost Management is Important
Prevents unexpected bills
Ensures efficient resource usage
Helps optimize architecture
Essential for startups and personal projects
Real World Example: Hosting a Web Application on AWS
Scenario
You want to host a simple web application that serves users globally, stores data, and scales automatically with traffic.
AWS services used:
EC2 for web servers
S3 for static assets
RDS for relational database
VPC for networking
Security Groups and IAM for access control
CloudWatch for monitoring
Auto Scaling and ELB for scalability
Lambda + API Gateway for serverless backend (optional)
Architecture Flow
VPC & Subnets
Public subnet hosts EC2 web servers
Private subnet hosts RDS database
Elastic Load Balancer (ELB)
Distributes incoming traffic across EC2 instances
Ensures high availability
Auto Scaling
Automatically adds or removes EC2 instances based on demand
Reduces cost and handles traffic spikes
S3 Storage
Stores images, CSS, JavaScript files, and backups
Can serve static content globally
IAM & Security
Users, roles, and policies manage access to AWS resources
Security Groups control inbound and outbound traffic
Monitoring & Logging
CloudWatch monitors metrics like CPU, memory, and traffic
CloudTrail tracks API calls and user activity
Optional Serverless Backend
Lambda functions handle API requests
API Gateway exposes HTTP endpoints
Reduces server management overhead
Benefits of This Architecture
High availability across multiple Availability Zones
Automatic scaling based on traffic
Secure access control with IAM and Security Groups
Centralized monitoring and alerting
Cost-efficient by paying only for resources used
This architecture demonstrates a typical end-to-end AWS setup for a beginner to understand how multiple services work together in a real-world scenario.
