TechLead
Lesson 2 of 25
5 min read
Cloud & Kubernetes

AWS Core Services

Master essential AWS services including EC2, S3, IAM, VPC, Lambda, RDS, and CloudFront for building scalable cloud applications

Amazon Web Services (AWS) Overview

AWS is the world's most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Understanding the core services is essential for any cloud practitioner building production applications.

Core AWS Services by Category

  • Compute: EC2, Lambda, ECS, EKS, Fargate
  • Storage: S3, EBS, EFS, Glacier
  • Database: RDS, DynamoDB, ElastiCache, Aurora
  • Networking: VPC, Route 53, CloudFront, API Gateway, ELB
  • Security: IAM, KMS, Secrets Manager, WAF, Shield
  • Messaging: SQS, SNS, EventBridge, Kinesis

EC2 — Elastic Compute Cloud

EC2 provides resizable virtual servers (instances) in the cloud. You choose the instance type (CPU, memory, storage, networking), operating system, and security configuration. EC2 is the foundational compute service on AWS. 

# Launch an EC2 instance
aws ec2 run-instances \
  --image-id ami-0abcdef1234567890 \
  --instance-type t3.micro \
  --key-name my-key-pair \
  --security-group-ids sg-0123456789abcdef0 \
  --subnet-id subnet-0123456789abcdef0 \
  --count 1 \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=my-web-server}]'

# List running instances
aws ec2 describe-instances \
  --filters "Name=instance-state-name,Values=running" \
  --query "Reservations[].Instances[].[InstanceId,InstanceType,PublicIpAddress,Tags[?Key=='Name'].Value|[0]]" \
  --output table

# Stop an instance
aws ec2 stop-instances --instance-ids i-0123456789abcdef0

# Terminate an instance
aws ec2 terminate-instances --instance-ids i-0123456789abcdef0

EC2 Instance Types

Family Optimized For Examples
t3, t3aGeneral purpose, burstableWeb servers, dev environments
m6i, m7gGeneral purpose, balancedApplication servers, microservices
c6i, c7gCompute optimizedBatch processing, gaming servers
r6i, r7gMemory optimizedIn-memory databases, caches
p4d, g5Accelerated computing (GPU)Machine learning, graphics rendering

S3 — Simple Storage Service

S3 is an object storage service offering industry-leading scalability, data availability, security, and performance. It stores data as objects in buckets and is designed for 99.999999999% (11 nines) of durability. 

# Create an S3 bucket
aws s3 mb s3://my-application-bucket-2026 --region us-east-1

# Upload a file
aws s3 cp ./build s3://my-application-bucket-2026/ --recursive

# Sync a local directory with S3
aws s3 sync ./dist s3://my-application-bucket-2026/static --delete

# List bucket contents
aws s3 ls s3://my-application-bucket-2026/

# Configure static website hosting
aws s3 website s3://my-application-bucket-2026 \
  --index-document index.html \
  --error-document error.html

# Set a bucket policy for public read access
aws s3api put-bucket-policy --bucket my-application-bucket-2026 --policy '{
  "Version": "2012-10-17",
  "Statement": [{
    "Sid": "PublicReadGetObject",
    "Effect": "Allow",
    "Principal": "*",
    "Action": "s3:GetObject",
    "Resource": "arn:aws:s3:::my-application-bucket-2026/*"
  }]
}'

IAM — Identity and Access Management

IAM controls who is authenticated (signed in) and authorized (has permissions) to use AWS resources. It is a fundamental service that underpins all AWS security. 

# Create an IAM user
aws iam create-user --user-name deploy-bot

# Create an IAM policy
aws iam create-policy --policy-name S3DeployPolicy --policy-document '{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::my-application-bucket-2026",
        "arn:aws:s3:::my-application-bucket-2026/*"
      ]
    }
  ]
}'

# Attach the policy to the user
aws iam attach-user-policy \
  --user-name deploy-bot \
  --policy-arn arn:aws:iam::123456789012:policy/S3DeployPolicy

# Create access keys for programmatic access
aws iam create-access-key --user-name deploy-bot

VPC — Virtual Private Cloud

VPC lets you provision a logically isolated section of the AWS Cloud where you can launch resources in a virtual network that you define. You control IP address ranges, subnets, route tables, and network gateways. 

# Create a VPC
aws ec2 create-vpc --cidr-block 10.0.0.0/16 \
  --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=production-vpc}]'

# Create public and private subnets
aws ec2 create-subnet --vpc-id vpc-0123456789 \
  --cidr-block 10.0.1.0/24 --availability-zone us-east-1a \
  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=public-subnet-1a}]'

aws ec2 create-subnet --vpc-id vpc-0123456789 \
  --cidr-block 10.0.2.0/24 --availability-zone us-east-1b \
  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=private-subnet-1b}]'

# Create and attach an Internet Gateway
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway \
  --internet-gateway-id igw-0123456789 \
  --vpc-id vpc-0123456789

Lambda — Serverless Compute

AWS Lambda runs code in response to events without provisioning or managing servers. You pay only for the compute time you consume — there is no charge when your code is not running. 

// Lambda function handler (TypeScript)
import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';

export const handler = async (
  event: APIGatewayProxyEvent
): Promise<APIGatewayProxyResult> => {
  const body = JSON.parse(event.body || '{}');

  // Process the request
  const result = await processData(body);

  return {
    statusCode: 200,
    headers: {
      'Content-Type': 'application/json',
      'Access-Control-Allow-Origin': '*',
    },
    body: JSON.stringify({
      message: 'Success',
      data: result,
    }),
  };
};

async function processData(data: Record<string, unknown>) {
  // Your business logic here
  return { processed: true, timestamp: new Date().toISOString() };
}

RDS — Relational Database Service

RDS makes it easy to set up, operate, and scale a relational database in the cloud. It supports MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, and Amazon Aurora. 

# Create a PostgreSQL RDS instance
aws rds create-db-instance \
  --db-instance-identifier my-postgres-db \
  --db-instance-class db.t3.micro \
  --engine postgres \
  --engine-version 16.1 \
  --master-username admin \
  --master-user-password MySecurePassword123 \
  --allocated-storage 20 \
  --vpc-security-group-ids sg-0123456789 \
  --db-subnet-group-name my-db-subnet-group \
  --backup-retention-period 7 \
  --multi-az \
  --storage-encrypted

CloudFront — CDN

CloudFront is a fast content delivery network (CDN) that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds.

Key Takeaways

  • EC2 provides flexible virtual servers with a wide range of instance types
  • S3 is the standard for durable, scalable object storage
  • IAM is foundational — always follow the principle of least privilege
  • VPC provides network isolation and security for your resources
  • Lambda enables serverless compute for event-driven architectures
  • RDS simplifies managed relational database operations

Continue Learning

Docker & DevOps

Container fundamentals and CI/CD workflows

System Design

Design scalable cloud-native systems

Cybersecurity

Secure your cloud infrastructure

Performance Engineering

Optimize cloud workloads and costs

Data Engineering

Cloud-based data pipelines