AWS (Amazon Web Services)

Overview

AWS is the leading cloud platform offering 200+ services for compute, storage, networking, databases, analytics, and more.

---

Core Services

Compute

Service	Purpose	Use Case
EC2	Virtual machines	Web servers, applications
Lambda	Serverless functions	Event-driven tasks
ECS	Container orchestration	Microservices
EKS	Kubernetes managed	Container orchestration
ElastiCache	In-memory caching	Performance optimization

Storage

Service	Type	Use Case
S3	Object storage	Backups, static assets
EBS	Block storage	Database volumes
EFS	File storage	Shared file systems
Glacier	Archive storage	Long-term backup

Database

Service	Type	Use Case
RDS	Relational	MySQL, PostgreSQL, Oracle
DynamoDB	NoSQL	High-scale key-value
MongoDB Atlas	NoSQL	Document database
Redshift	Data warehouse	Analytics

Networking

Service	Purpose
VPC	Virtual network
ALB	Application load balancer
NLB	Network load balancer
CloudFront	CDN
Route 53	DNS

---

EC2 Instance Types

Family	Purpose	Example
t3	Burstable general purpose	t3.micro, t3.small
m5	General purpose	m5.large, m5.xlarge
c5	Compute optimized	c5.large, c5.2xlarge
r5	Memory optimized	r5.large, r5.4xlarge
i3	Storage optimized	i3.large, i3.8xlarge

---

Launch EC2 Instance

Using AWS CLI

# Get latest Ubuntu AMI
AMI_ID=$(aws ec2 describe-images \
  --owners canonical \
  --filters "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" \
  --query 'Images | sort_by(@, &CreationDate) | [-1].ImageId' \
  --output text)

# Launch instance
aws ec2 run-instances \
  --image-id $AMI_ID \
  --instance-type t3.micro \
  --key-name my-key \
  --security-groups default \
  --count 1

Using Terraform

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t3.micro"
  key_name      = "my-key"

  tags = {
    Name = "web-server"
  }
}

---

EC2 Management

# List instances
aws ec2 describe-instances

# Start instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0

# Stop instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0

# Terminate instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

# Create image from instance
aws ec2 create-image \
  --instance-id i-1234567890abcdef0 \
  --name my-image

# Assign Elastic IP
aws ec2 allocate-address --domain vpc

# Associate Elastic IP
aws ec2 associate-address \
  --instance-id i-1234567890abcdef0 \
  --allocation-id eipalloc-12345678

---

S3 Bucket Operations

# Create bucket
aws s3 mb s3://my-unique-bucket-name

# Upload file
aws s3 cp file.txt s3://my-bucket/

# Upload directory
aws s3 cp /local/path s3://my-bucket/ --recursive

# Download file
aws s3 cp s3://my-bucket/file.txt .

# List objects
aws s3 ls s3://my-bucket/

# Set object permissions
aws s3api put-object-acl --bucket my-bucket --key file.txt --acl public-read

# Enable versioning
aws s3api put-bucket-versioning \
  --bucket my-bucket \
  --versioning-configuration Status=Enabled

# Delete object
aws s3 rm s3://my-bucket/file.txt

# Delete bucket
aws s3 rb s3://my-bucket/ --force

---

S3 Bucket Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:DeleteObject",
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}

---

RDS Database

# Create RDS instance
aws rds create-db-instance \
  --db-instance-identifier mydb \
  --db-instance-class db.t3.micro \
  --engine mysql \
  --master-username admin \
  --master-user-password password123 \
  --allocated-storage 20

# Describe instances
aws rds describe-db-instances

# Create snapshot
aws rds create-db-snapshot \
  --db-instance-identifier mydb \
  --db-snapshot-identifier mydb-snapshot

# Restore from snapshot
aws rds restore-db-instance-from-db-snapshot \
  --db-instance-identifier mydb-restored \
  --db-snapshot-identifier mydb-snapshot

# Delete instance
aws rds delete-db-instance \
  --db-instance-identifier mydb \
  --skip-final-snapshot

---

RDS Parameter Group

# Create parameter group
aws rds create-db-parameter-group \
  --db-parameter-group-name mydb-params \
  --db-parameter-group-family mysql8.0 \
  --description "Custom MySQL parameters"

# Modify parameter
aws rds modify-db-parameter-group \
  --db-parameter-group-name mydb-params \
  --parameters "ParameterName=max_connections,ParameterValue=200,ApplyMethod=immediate"

# Describe parameters
aws rds describe-db-parameters \
  --db-parameter-group-name mydb-params

---

IAM Users & Permissions

# Create user
aws iam create-user --user-name john

# Create access key
aws iam create-access-key --user-name john

# Attach policy
aws iam attach-user-policy \
  --user-name john \
  --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess

# List user policies
aws iam list-user-policies --user-name john

# Create role
aws iam create-role \
  --role-name ec2-role \
  --assume-role-policy-document file://trust-policy.json

# Attach policy to role
aws iam attach-role-policy \
  --role-name ec2-role \
  --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess

---

Security Groups

# Create security group
aws ec2 create-security-group \
  --group-name my-sg \
  --description "My security group" \
  --vpc-id vpc-12345678

# Authorize inbound rule
aws ec2 authorize-security-group-ingress \
  --group-id sg-12345678 \
  --protocol tcp \
  --port 80 \
  --cidr 0.0.0.0/0

# Authorize SSH
aws ec2 authorize-security-group-ingress \
  --group-id sg-12345678 \
  --protocol tcp \
  --port 22 \
  --cidr 203.0.113.0/24

# Revoke rule
aws ec2 revoke-security-group-ingress \
  --group-id sg-12345678 \
  --protocol tcp \
  --port 80 \
  --cidr 0.0.0.0/0

# Describe security groups
aws ec2 describe-security-groups

---

CloudFormation

AWSTemplateFormatVersion: '2010-09-09'
Description: 'Web server stack'

Parameters:
  InstanceType:
    Type: String
    Default: t3.micro
    AllowedValues: [t3.micro, t3.small, t3.medium]

Resources:
  MyInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-0c55b159cbfafe1f0
      InstanceType: !Ref InstanceType
      KeyName: my-key
      Tags:
        - Key: Name
          Value: web-server

  MySecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0

Outputs:
  InstanceId:
    Value: !Ref MyInstance
  PublicIP:
    Value: !GetAtt MyInstance.PublicIp
  SecurityGroupId:
    Value: !Ref MySecurityGroup

---

Load Balancer

# Create application load balancer
aws elbv2 create-load-balancer \
  --name my-alb \
  --subnets subnet-12345678 subnet-87654321 \
  --security-groups sg-12345678

# Create target group
aws elbv2 create-target-group \
  --name my-targets \
  --protocol HTTP \
  --port 80 \
  --vpc-id vpc-12345678

# Register targets
aws elbv2 register-targets \
  --target-group-arn arn:aws:elasticloadbalancing:... \
  --targets Id=i-1234567890abcdef0 Id=i-0987654321fedcba0

# Create listener
aws elbv2 create-listener \
  --load-balancer-arn arn:aws:elasticloadbalancing:... \
  --protocol HTTP \
  --port 80 \
  --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:...

---

Auto Scaling

# Create launch template
aws ec2 create-launch-template \
  --launch-template-name my-template \
  --version-description "Initial version" \
  --launch-template-data '{
    "ImageId":"ami-0c55b159cbfafe1f0",
    "InstanceType":"t3.micro"
  }'

# Create auto scaling group
aws autoscaling create-auto-scaling-group \
  --auto-scaling-group-name my-asg \
  --launch-template LaunchTemplateName=my-template,Version='$Latest' \
  --min-size 1 \
  --max-size 5 \
  --desired-capacity 2 \
  --vpc-zone-identifier "subnet-12345678,subnet-87654321"

# Set scaling policy
aws autoscaling put-scaling-policy \
  --auto-scaling-group-name my-asg \
  --policy-name scale-up \
  --policy-type TargetTrackingScaling \
  --target-tracking-configuration file://target-tracking.json

---

CloudWatch Monitoring

# Put metric data
aws cloudwatch put-metric-data \
  --namespace "MyApp" \
  --metric-name "RequestCount" \
  --value 100

# Get metric statistics
aws cloudwatch get-metric-statistics \
  --namespace "AWS/EC2" \
  --metric-name "CPUUtilization" \
  --start-time 2023-01-01T00:00:00Z \
  --end-time 2023-01-02T00:00:00Z \
  --period 3600 \
  --statistics Average Maximum

# Create alarm
aws cloudwatch put-metric-alarm \
  --alarm-name cpu-too-high \
  --alarm-description "Alert when CPU exceeds 80%" \
  --metric-name CPUUtilization \
  --namespace AWS/EC2 \
  --statistic Average \
  --period 300 \
  --threshold 80 \
  --comparison-operator GreaterThanThreshold

---

Best Practices

Practice	Benefit	Implementation
Use IAM roles	Secure credential management	Attach to EC2 instances
Enable MFA	Account security	Use hardware or virtual MFA
Use CloudTrail	Audit logging	Enable for all regions
Set up billing alerts	Cost control	CloudWatch budget alerts
Use security groups	Network security	Principle of least privilege
Enable encryption	Data protection	EBS, S3, RDS encryption
Use auto-scaling	Performance & cost	Dynamic resource allocation
Backup regularly	Disaster recovery	Automated snapshots
Use VPC	Network isolation	Private subnets for databases
Enable versioning	Data recovery	S3 bucket versioning

---

Resources

• AWS Documentation
• AWS CLI Reference
• AWS Free Tier
• AWS Certification Paths