AWS
MASTERY

What is Cloud Computing?

Cloud computing is the delivery of computing services over the Internet. Instead of owning physical hardware, you can access resources on-demand from cloud providers like AWS.

AWS Overview

Amazon Web Services (AWS) offers over 200 services spanning compute, storage, databases, networking, analytics, machine learning, and more.

Quiz

What is EC2?

Amazon EC2 provides resizable compute capacity in the cloud. It allows you to launch virtual servers (instances) on-demand.

Instance Types

• General Purpose (T3, M5): Balanced compute/memory
• Compute Optimized (C5): High performance processors
• Memory Optimized (R5, X1): Large datasets
• GPU Instances (P3, G4): Machine learning, graphics

Launching an EC2 Instance

# Using AWS CLI
aws ec2 run-instances \
    --image-id ami-0c55b159cbfafe1f0 \
    --instance-type t3.micro \
    --key-name my-key-pair \
    --security-group-ids sg-12345678 \
    --subnet-id subnet-12345678

Key Concepts

• AMI: Amazon Machine Image (template for instances)
• Instance Store: Temporary storage
• EBS: Elastic Block Store (persistent storage)
• Security Groups: Virtual firewall

Quiz

What is S3?

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere on the web.

Key Concepts

• Buckets: Containers for objects
• Objects: Files stored in buckets
• Keys: Unique identifier for each object
• Regions: Geographic location of buckets

S3 Operations

# Create bucket
aws s3 mb s3://my-bucket-name

# Copy file to bucket
aws s3 cp file.txt s3://my-bucket-name/

# List bucket contents
aws s3 ls s3://my-bucket-name/

# Delete object
aws s3 rm s3://my-bucket-name/file.txt

Storage Classes

• S3 Standard: Frequent access
• S3 IA: Infrequent access
• S3 Glacier: Archival (cheap, slow retrieval)
• S3 Intelligent: Auto-tiering

Quiz

What is VPC?

Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network.

VPC Components

• Subnets: Range of IP addresses in your VPC
• Route Tables: Rules for directing traffic
• Internet Gateway: Connects VPC to internet
• NAT Gateway: Allows outbound internet access for private subnets

Creating a VPC

# Create VPC
aws ec2 create-vpc --cidr-block 10.0.0.0/16

# Create subnet
aws ec2 create-subnet --vpc-id vpc-12345678 \
    --cidr-block 10.0.1.0/24 --availability-zone us-east-1a

# Create internet gateway
aws ec2 create-internet-gateway

# Attach IGW to VPC
aws ec2 attach-internet-gateway --vpc-id vpc-12345678 \
    --internet-gateway-id igw-12345678

Security Groups vs NACLs

• Security Groups: Instance-level, stateful
• Network ACLs: Subnet-level, stateless

Quiz

What is RDS?

Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud.

Supported Engines

• PostgreSQL
• MySQL
• MariaDB
• Oracle
• SQL Server

Creating an RDS Instance

# Create RDS instance
aws rds create-db-instance \
    --db-instance-identifier my-db \
    --db-instance-class db.t3.micro \
    --engine postgres \
    --master-username admin \
    --master-user-password mypassword \
    --allocated-storage 20

High Availability Features

• Multi-AZ: Automatic failover to standby
• Read Replicas: Offload read traffic
• Automated Backups: Point-in-time recovery

Quiz

What is Lambda?

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume.

How Lambda Works

1. Upload your code (function)
2. Set triggers (events)
3. Lambda runs when triggered
4. Pay per invocation and execution time

Creating a Lambda Function

# Create Lambda function
aws lambda create-function \
    --function-name my-function \
    --runtime python3.9 \
    --role arn:aws:iam::123456789:role/lambda-role \
    --handler index.handler \
    --zip-file fileb://function.zip

Quiz

What is IAM?

IAM enables you to manage access to AWS services and resources securely.

IAM Components

• Users: Individual people or services
• Groups: Collection of users with shared permissions
• Roles: Temporary permissions for entities
• Policies: JSON documents defining permissions

Creating a User and Policy

# Create user
aws iam create-user --user-name developer

# Create access key
aws iam create-access-key --user-name developer

# Attach policy
aws iam attach-user-policy \
    --user-name developer \
    --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess

Best Practices

• Enable MFA for all users
• Use least privilege principle
• Use IAM roles instead of access keys
• Rotate credentials regularly

Quiz

What is CloudFormation?

CloudFormation lets you model and provision your AWS resources using templates.

Template Structure

AWSTemplateFormatVersion: '2010-09-09'
Description: Simple EC2 Instance
Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-0c55b159cbfafe1f0
      InstanceType: t3.micro
      Tags:
        - Key: Name
          Value: MyInstance

Stack Operations

# Create stack
aws cloudformation create-stack \
    --stack-name my-stack \
    --template-body file://template.yaml

# Update stack
aws cloudformation update-stack \
    --stack-name my-stack \
    --template-body file://template.yaml

# Delete stack
aws cloudformation delete-stack --stack-name my-stack

Quiz

What is Route 53?

Amazon Route 53 is a scalable DNS web service that routes users to your applications.

Record Types

• A: Maps domain to IPv4
• AAAA: Maps domain to IPv6
• CNAME: Alias to another domain
• MX: Mail server

Creating Records

# Create A record
aws route53 change-resource-record-sets \
    --hosted-zone-id Z1234567890 \
    --change-batch file://record.json

Routing Policies

• Simple: Single resource
• Weighted: Traffic split across resources
• Latency: Lowest latency route
• Failover: Primary/secondary

Quiz

What is CloudWatch?

Amazon CloudWatch provides monitoring and observability for AWS resources and applications.

CloudWatch Features

• Metrics: Performance data
• Alerts: Trigger actions on thresholds
• Logs: Centralized log management
• Dashboards: Visualize metrics

Creating an Alarm

# Create alarm
aws cloudwatch put-metric-alarm \
    --alarm-name high-cpu \
    --metric-name CPUUtilization \
    --namespace AWS/EC2 \
    --statistic Average \
    --period 300 \
    --threshold 80 \
    --comparison-operator GreaterThanThreshold \
    --evaluation-periods 2

Quiz

AWS Security Layers

• Network Security: VPC, Security Groups, NACLs
• Data Encryption: KMS, SSL/TLS
• Identity: IAM, MFA
• Compliance: Shared responsibility model

Key Security Services

• KMS: Key Management Service for encryption
• WAF: Web Application Firewall
• Shield: DDoS protection
• GuardDuty: Threat detection

Security Best Practices

• Enable VPC flow logs
• Use IAM roles, not access keys
• Enable CloudTrail audit logging
• Encrypt data at rest and in transit

Quiz

Well-Architected Framework

• Operational Excellence: Run and monitor systems
• Security: Protect data and systems
• Reliability: Recover from failures
• Performance Efficiency: Use resources efficiently
• Cost Optimization: Minimize costs

High Availability Design

• Use multiple Availability Zones
• Implement auto-scaling
• Use load balancers
• Enable database multi-AZ

Auto Scaling

# Create launch template
aws ec2 create-launch-template \
    --launch-template-name my-template \
    --version-description version1 \
    --launch-template-data file://lt-data.json

# Create auto scaling group
aws autoscaling create-auto-scaling-group \
    --auto-scaling-group-name my-asg \
    --launch-template LaunchTemplateId=lt-12345678 \
    --min-size 2 \
    --max-size 10 \
    --desired-capacity 3 \
    --vpc-zone-identifier subnet-12345678

Congratulations!

You've completed the AWS Mastery guide. You now understand:

• Cloud computing fundamentals
• EC2 compute instances
• S3 object storage
• VPC networking
• RDS databases
• Lambda serverless
• IAM security
• CloudFormation IaC
• Route 53 DNS
• CloudWatch monitoring
• Security best practices
• Production architecture