AWS (Amazon Web Services)
Overview
AWS is the leading cloud platform offering 200+ services for compute, storage, networking, databases, analytics, and more.
Core Services
Compute
| Service |
Purpose |
Use Case |
| EC2 |
Virtual machines |
Web servers, applications |
| Lambda |
Serverless functions |
Event-driven tasks |
| ECS |
Container orchestration |
Microservices |
| EKS |
Kubernetes managed |
Container orchestration |
| ElastiCache |
In-memory caching |
Performance optimization |
Storage
| Service |
Type |
Use Case |
| S3 |
Object storage |
Backups, static assets |
| EBS |
Block storage |
Database volumes |
| EFS |
File storage |
Shared file systems |
| Glacier |
Archive storage |
Long-term backup |
Database
| Service |
Type |
Use Case |
| RDS |
Relational |
MySQL, PostgreSQL, Oracle |
| DynamoDB |
NoSQL |
High-scale key-value |
| MongoDB Atlas |
NoSQL |
Document database |
| Redshift |
Data warehouse |
Analytics |
Networking
| Service |
Purpose |
| VPC |
Virtual network |
| ALB |
Application load balancer |
| NLB |
Network load balancer |
| CloudFront |
CDN |
| Route 53 |
DNS |
EC2 Instance Types
| Family |
Purpose |
Example |
| t3 |
Burstable general purpose |
t3.micro, t3.small |
| m5 |
General purpose |
m5.large, m5.xlarge |
| c5 |
Compute optimized |
c5.large, c5.2xlarge |
| r5 |
Memory optimized |
r5.large, r5.4xlarge |
| i3 |
Storage optimized |
i3.large, i3.8xlarge |
Launch EC2 Instance
Using AWS CLI
# Get latest Ubuntu AMI
AMI_ID=$(aws ec2 describe-images \
--owners canonical \
--filters "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" \
--query 'Images | sort_by(@, &CreationDate) | [-1].ImageId' \
--output text)
# Launch instance
aws ec2 run-instances \
--image-id $AMI_ID \
--instance-type t3.micro \
--key-name my-key \
--security-groups default \
--count 1
resource "aws_instance" "web" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t3.micro"
key_name = "my-key"
tags = {
Name = "web-server"
}
}
EC2 Management
# List instances
aws ec2 describe-instances
# Start instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0
# Stop instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
# Terminate instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0
# Create image from instance
aws ec2 create-image \
--instance-id i-1234567890abcdef0 \
--name my-image
# Assign Elastic IP
aws ec2 allocate-address --domain vpc
# Associate Elastic IP
aws ec2 associate-address \
--instance-id i-1234567890abcdef0 \
--allocation-id eipalloc-12345678
S3 Bucket Operations
# Create bucket
aws s3 mb s3://my-unique-bucket-name
# Upload file
aws s3 cp file.txt s3://my-bucket/
# Upload directory
aws s3 cp /local/path s3://my-bucket/ --recursive
# Download file
aws s3 cp s3://my-bucket/file.txt .
# List objects
aws s3 ls s3://my-bucket/
# Set object permissions
aws s3api put-object-acl --bucket my-bucket --key file.txt --acl public-read
# Enable versioning
aws s3api put-bucket-versioning \
--bucket my-bucket \
--versioning-configuration Status=Enabled
# Delete object
aws s3 rm s3://my-bucket/file.txt
# Delete bucket
aws s3 rb s3://my-bucket/ --force
S3 Bucket Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:DeleteObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
RDS Database
# Create RDS instance
aws rds create-db-instance \
--db-instance-identifier mydb \
--db-instance-class db.t3.micro \
--engine mysql \
--master-username admin \
--master-user-password password123 \
--allocated-storage 20
# Describe instances
aws rds describe-db-instances
# Create snapshot
aws rds create-db-snapshot \
--db-instance-identifier mydb \
--db-snapshot-identifier mydb-snapshot
# Restore from snapshot
aws rds restore-db-instance-from-db-snapshot \
--db-instance-identifier mydb-restored \
--db-snapshot-identifier mydb-snapshot
# Delete instance
aws rds delete-db-instance \
--db-instance-identifier mydb \
--skip-final-snapshot
RDS Parameter Group
# Create parameter group
aws rds create-db-parameter-group \
--db-parameter-group-name mydb-params \
--db-parameter-group-family mysql8.0 \
--description "Custom MySQL parameters"
# Modify parameter
aws rds modify-db-parameter-group \
--db-parameter-group-name mydb-params \
--parameters "ParameterName=max_connections,ParameterValue=200,ApplyMethod=immediate"
# Describe parameters
aws rds describe-db-parameters \
--db-parameter-group-name mydb-params
IAM Users & Permissions
# Create user
aws iam create-user --user-name john
# Create access key
aws iam create-access-key --user-name john
# Attach policy
aws iam attach-user-policy \
--user-name john \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
# List user policies
aws iam list-user-policies --user-name john
# Create role
aws iam create-role \
--role-name ec2-role \
--assume-role-policy-document file://trust-policy.json
# Attach policy to role
aws iam attach-role-policy \
--role-name ec2-role \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
Security Groups
# Create security group
aws ec2 create-security-group \
--group-name my-sg \
--description "My security group" \
--vpc-id vpc-12345678
# Authorize inbound rule
aws ec2 authorize-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
# Authorize SSH
aws ec2 authorize-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp \
--port 22 \
--cidr 203.0.113.0/24
# Revoke rule
aws ec2 revoke-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
# Describe security groups
aws ec2 describe-security-groups
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Web server stack'
Parameters:
InstanceType:
Type: String
Default: t3.micro
AllowedValues: [t3.micro, t3.small, t3.medium]
Resources:
MyInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0c55b159cbfafe1f0
InstanceType: !Ref InstanceType
KeyName: my-key
Tags:
- Key: Name
Value: web-server
MySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable SSH access
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Outputs:
InstanceId:
Value: !Ref MyInstance
PublicIP:
Value: !GetAtt MyInstance.PublicIp
SecurityGroupId:
Value: !Ref MySecurityGroup
Load Balancer
# Create application load balancer
aws elbv2 create-load-balancer \
--name my-alb \
--subnets subnet-12345678 subnet-87654321 \
--security-groups sg-12345678
# Create target group
aws elbv2 create-target-group \
--name my-targets \
--protocol HTTP \
--port 80 \
--vpc-id vpc-12345678
# Register targets
aws elbv2 register-targets \
--target-group-arn arn:aws:elasticloadbalancing:... \
--targets Id=i-1234567890abcdef0 Id=i-0987654321fedcba0
# Create listener
aws elbv2 create-listener \
--load-balancer-arn arn:aws:elasticloadbalancing:... \
--protocol HTTP \
--port 80 \
--default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:...
Auto Scaling
# Create launch template
aws ec2 create-launch-template \
--launch-template-name my-template \
--version-description "Initial version" \
--launch-template-data '{
"ImageId":"ami-0c55b159cbfafe1f0",
"InstanceType":"t3.micro"
}'
# Create auto scaling group
aws autoscaling create-auto-scaling-group \
--auto-scaling-group-name my-asg \
--launch-template LaunchTemplateName=my-template,Version='$Latest' \
--min-size 1 \
--max-size 5 \
--desired-capacity 2 \
--vpc-zone-identifier "subnet-12345678,subnet-87654321"
# Set scaling policy
aws autoscaling put-scaling-policy \
--auto-scaling-group-name my-asg \
--policy-name scale-up \
--policy-type TargetTrackingScaling \
--target-tracking-configuration file://target-tracking.json
CloudWatch Monitoring
# Put metric data
aws cloudwatch put-metric-data \
--namespace "MyApp" \
--metric-name "RequestCount" \
--value 100
# Get metric statistics
aws cloudwatch get-metric-statistics \
--namespace "AWS/EC2" \
--metric-name "CPUUtilization" \
--start-time 2023-01-01T00:00:00Z \
--end-time 2023-01-02T00:00:00Z \
--period 3600 \
--statistics Average Maximum
# Create alarm
aws cloudwatch put-metric-alarm \
--alarm-name cpu-too-high \
--alarm-description "Alert when CPU exceeds 80%" \
--metric-name CPUUtilization \
--namespace AWS/EC2 \
--statistic Average \
--period 300 \
--threshold 80 \
--comparison-operator GreaterThanThreshold
Best Practices
| Practice |
Benefit |
Implementation |
| Use IAM roles |
Secure credential management |
Attach to EC2 instances |
| Enable MFA |
Account security |
Use hardware or virtual MFA |
| Use CloudTrail |
Audit logging |
Enable for all regions |
| Set up billing alerts |
Cost control |
CloudWatch budget alerts |
| Use security groups |
Network security |
Principle of least privilege |
| Enable encryption |
Data protection |
EBS, S3, RDS encryption |
| Use auto-scaling |
Performance & cost |
Dynamic resource allocation |
| Backup regularly |
Disaster recovery |
Automated snapshots |
| Use VPC |
Network isolation |
Private subnets for databases |
| Enable versioning |
Data recovery |
S3 bucket versioning |
Resources