AWS: Zero To Hero --> part:-01
Basic knowledge of AWS services, storage, security, and AWS CLI, with hands-on experience in creating projects.
πΉHistory of Servers
π What are Servers?
A server is a computer system that provides services, resources, or data to other computers (clients) over a network. It can host websites, store files, run applications, manage databases, and more.
π°οΈ Before (Traditional Servers)
π§ 1. Physical Servers (On-Premises)
Setup: Organizations had to buy, install, and maintain physical hardware.
Location: Kept in local server rooms or data centers.
Examples: Dell PowerEdge, HP ProLiant servers.
Management:
Manual installation & configuration.
Required dedicated IT staff.
Downtime during hardware failure.
𧱠Technologies Used:
| Function | Tools/Tech |
| Operating System | Windows Server, Linux (CentOS, Ubuntu Server) |
| Virtualization | VMware, Hyper-V |
| Backup | Local drives, NAS, tape drives |
| Monitoring | Nagios, Zabbix |
π§Ύ Limitations:
High cost of hardware and maintenance.
Scaling was slow and expensive.
Risk of data loss (if no proper backup).
Limited by physical space and power.
π Now (Modern Servers)
βοΈ 1. Cloud Servers
Setup: Virtual machines hosted on cloud platforms (no physical hardware needed).
Location: Managed by cloud providers like AWS, Azure, GCP.
Examples:
- AWS EC2, Azure VMs, Google Compute Engine
Management:
Managed via web dashboards or APIs.
Auto-scaling, backups, and load balancing available.
βοΈ Technologies Used:
| Function | Tools/Tech |
| Infrastructure | AWS, Azure, Google Cloud |
| Automation | Terraform, Ansible |
| Monitoring | CloudWatch, Prometheus |
| Containers | Docker, Kubernetes |
| CI/CD | Jenkins, GitHub Actions |
β Benefits:
Pay-as-you-go pricing (no upfront hardware cost).
Highly scalable and flexible.
Automatic backup and recovery.
Can be deployed globally within minutes.
Better security and compliance tools.
π Comparison: Old vs New Servers
| Feature | Traditional Servers | Cloud/Modern Servers |
| Setup Time | Days to Weeks | Minutes |
| Cost | High upfront cost | Pay-per-use |
| Scaling | Manual & slow | Auto & fast |
| Backup & Recovery | Manual | Automated |
| Location | Local/on-site | Anywhere (Cloud DCs) |
| Maintenance | Manual (needs IT staff) | Managed by provider |
πΉIntroduction to AWS and Cloud Essentials
β 1. What is Cloud and Why do you need it?
Cloud Computing means using remote servers on the internet to store, manage, and process data instead of using your local computer or physical servers.
πΈ Why you need it:
Reduces hardware costs
Scalable and flexible
Accessible from anywhere
Pay only for what you use
π‘ Example: Instead of buying a personal hard drive, you use Google Drive or AWS S3 to store your files.
β 2. How does Cloud work?
Cloud works through a network of data centers located worldwide. You interact with these using:
Web interfaces (like AWS Console)
APIs
CLI/SDKs
πΉ These data centers provide:
Virtual servers (EC2)
Databases (RDS, DynamoDB)
Storage (S3)
And more, on-demand
π’ You just select what you need, configure it, and it's ready in minutes.
β 3. Why AWS?
AWS (Amazon Web Services) is the most used cloud platform in the world because:
Largest cloud market share (~30%)
Offers 200+ services
Reliable, secure, and scalable
Free Tier for learning
Strong global support and certifications
β 4. Terminologies like IaaS, PaaS, SaaS
These are cloud service models that define how much control you have:
| Model | What You Manage | Example |
| IaaS (Infrastructure as a Service) | Full control over OS, storage, VM | AWS EC2 |
| PaaS (Platform as a Service) | Just deploy code, platform managed by provider | AWS Elastic Beanstalk |
| SaaS (Software as a Service) | Only use the application | Gmail, Google Docs, Zoom |
β 5. What Services to Learn and Get Started?
Start with core AWS services:
| Area | AWS Service | Purpose |
| Compute | EC2, Lambda | Run apps or serverless code |
| Storage | S3 | Store files or backups |
| Database | RDS, DynamoDB | SQL & NoSQL database services |
| Networking | VPC | Secure and isolate your apps |
| IAM | Identity and Access Management | Manage users and permissions |
| Monitoring | CloudWatch | Monitor logs and usage |
π‘ Tip: Use AWS Free Tier to practice these services hands-on.
π AWS Global Infrastructure
πΉ What is it?
AWS (Amazon Web Services) Global Infrastructure refers to the worldwide network of data centers and resources that power AWS services. It ensures high availability, performance, and fault tolerance for users around the globe.
𧱠Key Components
1. Regions
A Region is a geographic location (like Mumbai, London, Ohio) that contains multiple data centers.
Each region is isolated to ensure data sovereignty and fault tolerance.
β As of 2025, AWS has 30+ regions worldwide.
Example:
Asia Pacific (Mumbai)is one AWS region.
2. Availability Zones (AZs)
Each Region contains 2 to 6 Availability Zones.
An AZ is essentially a data center with independent power, networking, and cooling.
AZs are connected with low-latency links to form a reliable region-wide system.
Using multiple AZs = high fault tolerance and uptime.
3. Edge Locations
Edge locations are used for content delivery (CDN) via Amazon CloudFront.
Located in over 400+ cities globally.
They cache content closer to users for faster load times and reduced latency.
4. Local Zones
Extension of AWS Regions that brings services closer to end-users in metro areas.
Low-latency performance for apps like gaming, video editing, and ML.
5. Wavelength Zones
- Used to bring AWS services closer to 5G networks, ideal for mobile apps needing ultra-low latency.
π AWS Infrastructure Hierarchy Diagram
Global
βββ Regions (e.g., Mumbai)
βββ Availability Zones (e.g., ap-south-1a, ap-south-1b)
βββ Data Centers
βββ Edge Locations
βββ Local Zones
βββ Wavelength Zones
β Benefits of AWS Global Infrastructure
| Feature | Benefit |
| Global Reach | Serve users anywhere in the world |
| High Availability | Use multiple AZs to prevent downtime |
| Scalability | Easily scale apps and services |
| Security | Built-in physical & network security |
| Low Latency | Edge and Local Zones ensure faster response times |
π 3 Best Ways to Access AWS
1. π₯οΈ Console
What it is:
The AWS Management Console is a web-based user interface.Use case:
Beginners and non-developers often use this to manually create/manage services like EC2, S3, Lambda, etc.Advantage:
No coding knowledge needed β just click and configure.
2. π» CLI (Command Line Interface)
What it is:
A tool to interact with AWS using commands in a terminal (e.g., Bash, CMD, PowerShell).Use case:
Useful for DevOps tasks, automation, and scripting (e.g.,aws s3 ls).Advantage:
Faster and more efficient than the console for repetitive or bulk operations.
3. π§βπ» SDK (Software Development Kit)
What it is:
A set of libraries for programming languages (like Python, Java, etc.) to integrate AWS into your application code.Example in image: Python SDK = Boto3
Use case:
Developers use SDKs to programmatically create/manage AWS resources within their apps.Advantage:
Deep integration with your application logic.
π Mastering IAM (Identity and Access Management)
π° 1. Introduction to IAM
What is IAM?
IAM (Identity and Access Management) is a service in AWS that lets you securely manage access to AWS services and resources. It allows you to create users, groups, and roles and define permissions using policies.
Why is IAM important in AWS?
Prevents unauthorized access
Enables fine-grained control over who can access what
Essential for managing access in multi-user environments
Supports compliance and auditing
π€ 2. Creating IAM Users
Steps to create a new IAM user:
Go to AWS Console > IAM
Select βUsersβ > βAdd userβ
Enter username
Select access type (console access, programmatic access)
Attach permissions (direct or via group)
Review & create
Access Types: Console vs Programmatic:
Console access: Allows user to log in via AWS Management Console (GUI)
Programmatic access: Allows use of AWS CLI/SDK for scripting and development
Best Practices for User Creation:
Avoid giving full access unless necessary
Use groups to manage permissions
Assign unique usernames
Enable MFA (Multi-Factor Authentication)
𧩠3. IAM Policies & Permissions
What are policies?
Policies are JSON documents that define permissions. They control what actions are allowed or denied on which AWS resources.
Managed vs Inline policies:
Managed Policies: Predefined by AWS or created and reused across users, groups, roles.
Inline Policies: Embedded directly into a single user, group, or role. Used for specific one-off permissions.
Attaching Policies:
Attach to Users (if individual permission is needed)
Attach to Groups (for centralized permission control)
Attach to Roles (for temporary access by services or users)
Examples:
AmazonS3FullAccessβ grants full access to S3AdministratorAccessβ full AWS access (use with caution)
π§βπ€βπ§ 4. IAM Groups
Why use groups?
Easier permission management
Reduces errors and redundancy
Apply policies to multiple users at once
How to Create & Use:
Create group (e.g., "DevOpsTeam")
Attach policies to group
Add users to the group
π§ 5. IAM Roles
What is an IAM Role?
A role is a temporary set of permissions that AWS services or users can assume to perform actions. Roles are not tied to specific users.
Example:- "Instead of giving the developer direct access to the RDS database, we attach a role to the EC2 instance (such as a DB access role). This allows the EC2 instance to securely access the RDS database without exposing credentials or giving direct access to the developer."
also give this for other aws account
Role vs User:
| Feature | IAM User | IAM Role |
| Permanent | Yes | No (temporary) |
| Login | Yes | No (usually assumed) |
| Use case | Real people | Services or external users |
Creating and Assigning Roles:
Go to IAM > Roles
Choose use case (e.g., EC2)
Attach policy (e.g., S3 read-only)
Assign to resource (e.g., EC2 instance)
π 6. Identity Providers (IdP) in IAM
π What is an Identity Provider?
An IdP (Identity Provider) is a trusted external service that authenticates users and lets them access AWS resources without IAM user creation.
π Use Case:
Single Sign-On (SSO) via Google, Facebook, Active Directory, etc.
Federated users from corporate systems or web identity services
π Types of Identity Providers in AWS:
| Type | Description | Example |
| SAML 2.0-based | Used for enterprise/corporate federation | Microsoft AD, Okta |
| OIDC-based | Web/app identity federation | Google, Auth0 |
| Cognito | AWS-managed IdP for apps & users | Sign up/Login portals |
π§Ύ How it Works:
Authenticate via IdP (e.g., Google)
IdP issues token/assertion
AWS STS (Security Token Service) validates it
Temporary AWS credentials are granted via a role
π 7. IAM Best Practices
β
Enable MFA (Multi-Factor Authentication)
MFA adds an extra layer of security by requiring a one-time code from a registered device/app after entering a password.
π² MFA Device Options:
| MFA Type | Description | Example |
| Virtual MFA Device | Most common; uses a mobile app | Google Authenticator, Authy |
| U2F Security Key | Physical USB key for MFA | YubiKey, Titan Security Key |
| Hardware MFA Device | Dedicated physical token (from AWS) | Gemalto token, etc. |
Steps to Enable MFA:
Go to IAM > Users > [username]
Click βSecurity credentialsβ tab
Choose βAssign MFA deviceβ
Select Virtual MFA (recommended)
Scan the QR code using Google Authenticator or similar
Enter two consecutive codes
Confirm and save
π 8. IAM Best Practices
β Enable MFA: For all users, especially the root user
β Use least privilege: Only give permissions that are absolutely required
β Donβt use the root user for everyday tasks
π Rotate access keys periodically
ποΈ Monitor IAM activity using AWS CloudTrail
Project: - IAM Role-Based Access for EC2 to Access S3 via CLI (Not Console)
π§βπ» 1. User β EC2 Access Flow
A developer/user uses their local system (laptop or desktop) to interact with AWS EC2.
EC2 is an instance (a virtual server in the cloud).
π§ 2. IAM Role Integration
Instead of using static credentials (username/password or access keys), an IAM Role is attached to the EC2 instance.
This IAM Role contains permissions to access S3 (Simple Storage Service).
ποΈ 3. S3 Data Access
The EC2 instance (with the IAM Role) can securely read/write data in S3 buckets.
This method ensures no credentials are exposed.
π 4. Restricted Console Access
The user cannot access S3 from the AWS Console.
Console access is blocked or not granted to follow principle of least privilege.
π» 5. Access Only via CLI
The user is allowed to access S3 data using AWS CLI from the EC2 instance only.
Other access methods like:
Console β
SQL or direct S3 GUI β
are disabled or not allowed.
then create a new key pair if you want
now instance is completed.
Now we will create IAM user
then create user
we will give it to s3 and ec2 full access permission
now we take a s3 bucket . and in it store something
now create bucket
ACL:- Access control list
Now lets upload something in this
also we create a folder in this
we create EC2, IAM user, S3 bucket. all done
now we access it through CLI. Not a console
so for it,follow below steps
step:1 :-first we require a access key/token
in this go to security credential. and in this create a token
create access key.
Now we connect our EC2 instance
copy it and paste it into your terminal
step:2 :- now install AWS CLI Version 2 on ubuntu
link:- https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Here we install for a linux.
before install AWS CLI we install unzip.
here we are completely installed CLI V2
Here you only Access s3 and EC2. becaus we have not give any permission .