Skip to content
BankyBluePrints.com

AWS Basics

AWS Basics

Section titled “AWS Basics”

This guide covers the foundational AWS building blocks and concepts you need before diving into specific services.

Core Terminology

Section titled “Core Terminology”
TermMeaning
AccountThe top-level billing and isolation boundary in AWS
RegionA geographic area containing multiple isolated data centers
Availability Zone (AZ)One or more discrete data centers within a region
Edge LocationCloudFront CDN endpoints closer to end users
ResourceAny AWS entity you create (EC2 instance, S3 bucket, etc.)
ARNAmazon Resource Name — unique identifier for any AWS resource
TagKey-value pair for labeling and cost allocation

Account Structure

Section titled “Account Structure”

AWS uses a flat but hierarchical model via AWS Organizations:

  • Management account — Root account that owns the organization
  • Organizational Units (OUs) — Group accounts for policy application
  • Member accounts — Individual billing/isolation units (equivalent to Azure Subscriptions)
  • Service Control Policies (SCPs) — Guard-rails applied at OU or account level

In Azure terms: AWS Account ≈ Azure Subscription, AWS Organization ≈ Azure Management Group.

Identity (IAM)

Section titled “Identity (IAM)”

AWS Identity and Access Management (IAM) is the central identity system:

  • IAM Users — Human identities with long-term credentials
  • IAM Groups — Collections of users sharing the same policies
  • IAM Roles — Assumed by services, applications, or federated users (no permanent credentials)
  • IAM Policies — JSON documents defining Allow/Deny permissions
  • Principle of least privilege — Only grant what is strictly necessary

Networking Basics

Section titled “Networking Basics”
  • VPC (Virtual Private Cloud) — Your own private network in AWS
  • Subnets — Public (internet-facing) or private (internal only)
  • Security Groups — Stateful firewall at the resource level
  • Network ACLs — Stateless firewall at the subnet level
  • Internet Gateway — Allows public internet access from a VPC
  • NAT Gateway — Allows private subnets to reach the internet outbound only

Compute Overview

Section titled “Compute Overview”
ServiceUse Case
EC2Virtual machines — full control over OS
LambdaServerless functions — event-driven, pay per invocation
ECSDocker containers managed by AWS
EKSManaged Kubernetes
FargateServerless containers (no server management)
Elastic BeanstalkPaaS for deploying apps without managing infrastructure

Storage Overview

Section titled “Storage Overview”
ServiceTypeAzure Equivalent
S3Object storageAzure Blob Storage
EBSBlock storage (attached to EC2)Azure Managed Disks
EFSShared file storage (NFS)Azure Files
GlacierLong-term archiveAzure Archive Storage

Database Overview

Section titled “Database Overview”
ServiceTypeAzure Equivalent
RDSManaged relational DB (MySQL, PostgreSQL, SQL Server)Azure SQL Database
AuroraHigh-performance MySQL/PostgreSQL compatibleAzure SQL Hyperscale
DynamoDBNoSQL key-value and documentAzure Cosmos DB
ElastiCacheIn-memory cache (Redis, Memcached)Azure Cache for Redis
RedshiftData warehouseAzure Synapse Analytics

Security & Compliance

Section titled “Security & Compliance”
  • IAM — Identity and access control
  • KMS — Key Management Service for encryption keys
  • Secrets Manager — Store and rotate secrets (DB passwords, API keys)
  • AWS Shield — DDoS protection (Standard is free)
  • AWS WAF — Web Application Firewall
  • AWS Config — Track resource configuration changes
  • CloudTrail — Audit log of all API calls

Cost Management

Section titled “Cost Management”
  • AWS Cost Explorer — Visualize and analyze spending
  • AWS Budgets — Set cost or usage thresholds and alerts
  • Savings Plans / Reserved Instances — Commit to usage for significant discounts
  • Spot Instances — Use spare EC2 capacity at up to 90% discount
  • Tags — Apply Environment, Owner, CostCenter tags to track spend

Infrastructure as Code (IaC)

Section titled “Infrastructure as Code (IaC)”
ToolDescription
CloudFormationAWS-native IaC using JSON/YAML templates
AWS CDKDefine infrastructure in TypeScript, Python, Java, or C#
TerraformMulti-cloud IaC, widely adopted
AWS SAMServerless Application Model — simplified Lambda/API deployments

Quickstart: CLI Setup

Section titled “Quickstart: CLI Setup”
Terminal window
# Install AWS CLI (v2)
# https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html


# Configure credentials
aws configure
# Enter: Access Key ID, Secret Access Key, Region, Output format


# Verify identity
aws sts get-caller-identity


# List S3 buckets
aws s3 ls


# List EC2 instances
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,State.Name,InstanceType]' --output table
Section titled “Useful Links”