Docs
/
AWS Cloud
Chapter 1
01 — Cloud Fundamentals
Cloud Service Models
| Model | You Manage | Provider Manages | Example |
|---|---|---|---|
| IaaS | OS, runtime, app, data | Hardware, networking, virtualization | EC2, Azure VMs, GCE |
| PaaS | App, data | Everything else | Elastic Beanstalk, Heroku, App Engine |
| SaaS | Nothing (just use it) | Everything | Gmail, Slack, Salesforce |
| FaaS | Function code | Everything else | Lambda, Cloud Functions |
On-Premise → IaaS → PaaS → FaaS → SaaS
(You manage everything) (Provider manages everything)
AWS Global Infrastructure
AWS Global Infrastructure:
┌─ Region (us-east-1) ───────────────────────┐
│ ┌─ AZ (us-east-1a) ─┐ ┌─ AZ (1b) ─┐ │
│ │ Data Center(s) │ │ DC(s) │ │
│ └────────────────────┘ └────────────┘ │
│ ┌─ AZ (us-east-1c) ─┐ │
│ │ DC(s) │ │
│ └────────────────────┘ │
└────────────────────────────────────────────┘
| Concept | Description |
|---|---|
| Region | Geographic area (e.g., us-east-1, eu-west-1). ~30+ regions. |
| Availability Zone (AZ) | 1+ data centers in a region. 2-6 AZs per region. |
| Edge Location | CDN endpoints for CloudFront (~400+ worldwide). |
| Local Zone | Extension of a region closer to users. |
Region selection factors: Compliance, latency, service availability, cost.
Shared Responsibility Model
┌──────────────────────────────────────────┐
│ YOUR RESPONSIBILITY │
│ Data, encryption, IAM, OS patching, │
│ network config, firewall, app code │
├──────────────────────────────────────────┤
│ AWS RESPONSIBILITY │
│ Hardware, global infrastructure, │
│ managed services, physical security │
└──────────────────────────────────────────┘
Security OF the cloud → AWS
Security IN the cloud → You
Pricing Models
| Model | Description | Savings | Best For |
|---|---|---|---|
| On-Demand | Pay per second/hour, no commitment | 0% | Variable workloads, testing |
| Reserved (1-3 yr) | Commit to instance type | Up to 72% | Steady-state workloads |
| Savings Plans | Commit to $/hr spend | Up to 72% | Flexible across instance types |
| Spot Instances | Bid on unused capacity | Up to 90% | Fault-tolerant, batch jobs |
| Free Tier | Limited free usage | 100% | Learning, small projects |
Free Tier Highlights
Always Free:
- Lambda: 1M requests/month
- DynamoDB: 25 GB storage
- CloudWatch: 10 metrics
12 Months Free:
- EC2: 750 hrs/month t2.micro
- S3: 5 GB storage
- RDS: 750 hrs/month db.t2.micro
Core Service Categories
| Category | Key Services |
|---|---|
| Compute | EC2, Lambda, ECS, Fargate |
| Storage | S3, EBS, EFS |
| Database | RDS, DynamoDB, Aurora, ElastiCache |
| Networking | VPC, CloudFront, Route 53, API Gateway |
| Security | IAM, Cognito, KMS, WAF |
| Messaging | SQS, SNS, EventBridge |
| Monitoring | CloudWatch, X-Ray, CloudTrail |
| DevOps | CodePipeline, CodeBuild, CDK |
AWS CLI Basics
# Install
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip && sudo ./aws/install
# Configure
aws configure
# AWS Access Key ID: AKIA...
# AWS Secret Access Key: ...
# Default region: us-east-1
# Output format: json
# Common commands
aws sts get-caller-identity # Who am I?
aws s3 ls # List S3 buckets
aws ec2 describe-instances # List EC2 instances
Key Takeaways
- IaaS (EC2) = full control; PaaS (Beanstalk) = managed; FaaS (Lambda) = just code
- Deploy across multiple AZs for high availability
- Shared responsibility: AWS secures infrastructure, you secure your data and config
- Use Reserved/Savings Plans for predictable workloads, Spot for fault-tolerant jobs
- Start with Free Tier to learn without cost