AWS Overview
Amazon Web Services (AWS) is the largest cloud platform, offering 200+ services for compute, storage, networking, databases, machine learning, and more. Most modern infrastructure runs on AWS (or a similar cloud), so understanding its core services is essential for DevOps and backend engineers.
Not every workload lives in a public region: on-premises data centers, private connectivity, or hybrid patterns (Kubernetes on AWS plus bare metal elsewhere) are common. The same reliability ideas—IaC (Terraform), observability (Observability), and runbooks—apply; only the network and ownership boundaries change.
Global Infrastructure
Section titled “Global Infrastructure”AWS is organized into Regions, Availability Zones, and Edge Locations:
AWS Global │ ┌─────────────────┼─────────────────┐ ▼ ▼ ▼ us-east-1 eu-west-1 ap-southeast-1 (N. Virginia) (Ireland) (Singapore) │ │ │ ┌──┼──┐ ┌──┼──┐ ┌──┼──┐ ▼ ▼ ▼ ▼ ▼ ▼ ▼ ▼ ▼ AZ-a AZ-b AZ-c AZ-a AZ-b AZ-c AZ-a AZ-b AZ-c| Concept | What It Is |
|---|---|
| Region | A geographic area (e.g. us-east-1 = N. Virginia). Each region is fully independent. Choose the region closest to your users for lower latency. |
| Availability Zone (AZ) | One or more isolated data centers within a region. AZs have independent power, cooling, and networking. Deploying across multiple AZs provides high availability. |
| Edge Location | Points of presence for CloudFront (CDN) and Route 53 (DNS). Hundreds worldwide, closer to end users than regions. |
| Local Zone | AWS infrastructure in a city near a metro area for ultra-low-latency workloads (e.g. gaming, video). |
Choosing a Region
Section titled “Choosing a Region”| Factor | Consideration |
|---|---|
| Latency | Pick the region closest to your users |
| Compliance | Data residency laws may require a specific region (e.g. EU data in eu-west-1) |
| Service availability | Not all services are available in every region |
| Cost | Pricing varies by region (us-east-1 is often cheapest) |
For the full list of regions (codes, names, opt-in status), see the AWS Regions and Availability Zones documentation.
The AWS Console and CLI
Section titled “The AWS Console and CLI”AWS Management Console
Section titled “AWS Management Console”The web UI at console.aws.amazon.com. Good for exploring services, visual setup, and one-off tasks. Not ideal for repeatable infrastructure (use IaC instead).
AWS CLI
Section titled “AWS CLI”Command-line interface for scripting and automation:
# Installcurl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"unzip awscliv2.zip && sudo ./aws/install
# Configure credentialsaws configure# AWS Access Key ID: AKIA...# AWS Secret Access Key: ...# Default region name: us-east-1# Default output format: json
# Example commandsaws s3 ls # list S3 bucketsaws ec2 describe-instances # list EC2 instancesaws iam list-users # list IAM usersCredentials are stored in ~/.aws/credentials; config in ~/.aws/config.
AWS SDKs
Section titled “AWS SDKs”Programmatic access from code (Python boto3, Node.js aws-sdk, Go aws-sdk-go, Java, etc.):
import boto3
s3 = boto3.client('s3')response = s3.list_buckets()for bucket in response['Buckets']: print(bucket['Name'])AWS Free Tier
Section titled “AWS Free Tier”AWS offers a free tier with three types of free offers:
| Type | Duration | Examples |
|---|---|---|
| Always free | Indefinite | Lambda (1M requests/month), DynamoDB (25 GB), CloudWatch (10 custom metrics) |
| 12 months free | First 12 months after sign-up | EC2 t2.micro (750 hrs/month), S3 (5 GB), RDS db.t2.micro (750 hrs/month) |
| Trials | Varies by service | SageMaker (2 months), Inspector (90 days) |
Set up a billing alarm in CloudWatch immediately after creating your account — unexpected charges are the most common AWS mistake for newcomers.
Key Terminology
Section titled “Key Terminology”| Term | Meaning |
|---|---|
| ARN | Amazon Resource Name — unique identifier for any AWS resource (e.g. arn:aws:s3:::my-bucket) |
| IAM | Identity and Access Management — controls who can do what |
| VPC | Virtual Private Cloud — your isolated network in AWS |
| EC2 | Elastic Compute Cloud — virtual machines |
| S3 | Simple Storage Service — object storage |
| RDS | Relational Database Service — managed databases |
| Lambda | Serverless compute — run code without managing servers |
| CloudFormation | AWS-native Infrastructure as Code (alternative to Terraform) |
| Tags | Key-value labels on resources for organization, cost tracking, and access control |
AWS vs Other Clouds
Section titled “AWS vs Other Clouds”| AWS | Azure | GCP | |
|---|---|---|---|
| Market share | ~31% (largest) | ~25% | ~11% |
| Strength | Broadest service catalog, most mature | Enterprise/hybrid, Microsoft integration | Data/ML, Kubernetes (GKE) |
| IaC | CloudFormation, Terraform | ARM/Bicep, Terraform | Deployment Manager, Terraform |
| Kubernetes | EKS | AKS | GKE |
| Serverless | Lambda | Azure Functions | Cloud Functions |
Topics in This Section
Section titled “Topics in This Section”Start with setting up basic access (console + CLI on Mac), then IAM (identity), compute, networking, and storage — the foundational building blocks. Databases, monitoring, CI/CD, and cost management build on top of these.
- Setting up basic access — Steps in the AWS console and on a Mac to get the CLI working.
- IAM — Users, groups, roles, policies, least privilege, and MFA.
- Compute — EC2 instances, Lambda serverless functions, and ECS/EKS containers.
- Networking — VPC, subnets, route tables, gateways, security groups, and NACLs.
- Elastic Load Balancing — ALB, NLB, GWLB, target groups, health checks, troubleshooting, EKS and AWS Load Balancer Controller.
- Route 53 — Hosted zones, routing policies, health checks, Resolver, and DNS diagnosis.
- VPC Connectivity — VPC peering, Transit Gateway, Site-to-Site VPN, and Direct Connect.
- Flow Logs & Network RCA — VPC Flow Logs to CloudWatch or S3, queries for denies and connectivity debugging, and when to add packet capture.
- Storage — S3 object storage, EBS block volumes, and EFS file storage.
- Databases — RDS managed relational databases and DynamoDB NoSQL.
- Monitoring — CloudWatch metrics, logs, alarms, and CloudTrail audit logging.
- CI/CD on AWS — CodePipeline, CodeBuild, and GitHub Actions integration.
- Cost Management — Billing dashboard, Cost Explorer, budgets, and tagging strategy.
- SNS, SQS, EventBridge — Message queues, pub/sub fan-out, and event-driven routing.
- API Gateway — REST and HTTP APIs, Lambda integration, authentication, and throttling.
- CloudFront — CDN edge caching, HTTPS, Origin Access Control, and Lambda@Edge.
- TLS and Certificates — ACM, certificate lifecycle, attaching certs to load balancers and APIs, rotation, and links to Azure and Kubernetes cert patterns.
- Secrets Management — Secrets Manager with rotation and Parameter Store for configuration.
- Security Services — WAF, Shield, GuardDuty, Security Hub, KMS, and Inspector.
- Kinesis / Streaming — Real-time data streaming with Data Streams and Firehose.
- ElastiCache — Managed Redis for caching, sessions, leaderboards, and rate limiting.
- ECR — Container image registry with scanning, lifecycle policies, and cross-account access.
- Well-Architected Framework — The six pillars for building reliable, secure, efficient cloud architectures.