<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Vijaya Laxmi Kadham</title>
    <description>The latest articles on DEV Community by Vijaya Laxmi Kadham (@kadhamvj23).</description>
    <link>https://dev.to/kadhamvj23</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F953442%2F47de73bc-77dd-4dd2-8660-343feb285d87.png</url>
      <title>DEV Community: Vijaya Laxmi Kadham</title>
      <link>https://dev.to/kadhamvj23</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/kadhamvj23"/>
    <language>en</language>
    <item>
      <title>AWS CLI for Beginners | Automating AWS without using the Console</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Mon, 29 Jun 2026 09:03:40 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/aws-cli-for-beginners-automating-aws-without-using-the-console-5h9n</link>
      <guid>https://dev.to/kadhamvj23/aws-cli-for-beginners-automating-aws-without-using-the-console-5h9n</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;Until now, we have been creating resources such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPCs&lt;/li&gt;
&lt;li&gt;EC2 Instances&lt;/li&gt;
&lt;li&gt;S3 Buckets&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;using AWS Console.&lt;/p&gt;

&lt;p&gt;While the AWS Console is easy for beginners, it becomes difficult when we need to create many resources repeatedly.&lt;/p&gt;

&lt;p&gt;Imagine manually creating:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;20 VPCs&lt;/li&gt;
&lt;li&gt;20 S3 buckets&lt;/li&gt;
&lt;li&gt;15 EC2 Instances&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Doing this from the UI every time would be slow and inefficient.&lt;/p&gt;

&lt;p&gt;This is where AWS CLI becomes useful.&lt;/p&gt;




&lt;h3&gt;
  
  
  What we will Learn
&lt;/h3&gt;

&lt;p&gt;In this article, we will learn:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What AWS CLI is&lt;/li&gt;
&lt;li&gt;Why AWS CLI is useful&lt;/li&gt;
&lt;li&gt;How AWS CLI communicates with AWS&lt;/li&gt;
&lt;li&gt;Installing AWS CLI&lt;/li&gt;
&lt;li&gt;Configuring AWS CLI&lt;/li&gt;
&lt;li&gt;Running our first AWS CLI command&lt;/li&gt;
&lt;li&gt;Finding AWS CLI documentation&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Why Do We Need AWS CLI?
&lt;/h2&gt;

&lt;p&gt;AWS provides APIs(Application Programming Interfaces) for all its services.&lt;/p&gt;

&lt;p&gt;These APIs allow us to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create resources&lt;/li&gt;
&lt;li&gt;Update resources&lt;/li&gt;
&lt;li&gt;Delete resources&lt;/li&gt;
&lt;li&gt;Manage infrastructure programmatically&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Instead of clicking on buttons in AWS Console, we can send commands directly to AWS.&lt;/p&gt;

&lt;p&gt;Think of it like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS Console
    ↓
Manual Operations

AWS CLI
    ↓
Command Based Operations
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Real Life Example
&lt;/h2&gt;

&lt;p&gt;Suppose your company asks you to create:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;50 S3 buckets&lt;/li&gt;
&lt;li&gt;20 EC2 Instances&lt;/li&gt;
&lt;li&gt;Multiple VPCs&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Doing this manually from the AWS Console would take time.&lt;/p&gt;

&lt;p&gt;Using AWS CLI we can automate these operations through commands and scripts.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is AWS CLI?
&lt;/h2&gt;

&lt;p&gt;AWS CLI stands for:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS Command Line Interface
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;It is tool that allows us to manage AWS services directly from terminal.&lt;/p&gt;

&lt;p&gt;AWS CLI acts as a bridge between users and AWS APIs.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;User
  ↓
AWS CLI
  ↓
AWS API
  ↓
AWS Services
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The AWS CLI itself is developed by AWS and internally sends API requests to AWS services.&lt;/p&gt;

&lt;p&gt;The good part is:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;We don't need programming knowledge to start using AWS CLI&lt;/li&gt;
&lt;li&gt;We only need to understand commands and documentation.&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  AWS CLI vs AWS Console
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;AWS Console&lt;/th&gt;
&lt;th&gt;AWS CLI&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Manual&lt;/td&gt;
&lt;td&gt;Command Line Interface&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Beginner fridenly&lt;/td&gt;
&lt;td&gt;Automation friendly&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Slower for repetitive tasks&lt;/td&gt;
&lt;td&gt;Faster&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Requires clicking&lt;/td&gt;
&lt;td&gt;Requires commands&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Suitable for learning&lt;/td&gt;
&lt;td&gt;Suitable for automation&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;




&lt;h2&gt;
  
  
  AWS CLI vs Terraform vs Cloud Formation
&lt;/h2&gt;

&lt;p&gt;Many beginners ask:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;If AWS CLI can create resources, why do we need Terraform or CloudFormation?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The answer is simple.&lt;/p&gt;

&lt;p&gt;AWS CLI is best for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Quick actions&lt;/li&gt;
&lt;li&gt;testing&lt;/li&gt;
&lt;li&gt;Small automation tasks&lt;/li&gt;
&lt;li&gt;Learning AWS services&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;CloudFormation is best for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Reusable infrastructure&lt;/li&gt;
&lt;li&gt;AWs native infrastructure as a Code&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Terraform is best for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Large production environments&lt;/li&gt;
&lt;li&gt;Multi-cloud infrastructure&lt;/li&gt;
&lt;li&gt;Infrastructure as Code&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;AWS CDK is best for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Developers who prefer programming languages.&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Hands-On: Installing AWS CLI
&lt;/h1&gt;

&lt;h2&gt;
  
  
  Method 1: Install AWS CLI using Git Bash
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Step 1: Install Git Bash
&lt;/h3&gt;

&lt;p&gt;Open your browser and search:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Git Bash Download
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Download and install Git Bash.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fas0jqnojs1np17pj9w95.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fas0jqnojs1np17pj9w95.png" alt=" " width="800" height="382"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After installation, open:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Git Bash
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h3&gt;
  
  
  Step 2: Install AWS CLI
&lt;/h3&gt;

&lt;p&gt;In your browser search for:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS CLI
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open the official AWS Documentation.&lt;/p&gt;

&lt;p&gt;Navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;User Guide → Get Started → Install/Update
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fr9l1e1qhuuoacuuux3br.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fr9l1e1qhuuoacuuux3br.png" alt=" " width="800" height="407"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Select the Linux CLI installer and copy the path and paste it in the Git Bash terminal.&lt;/p&gt;

&lt;p&gt;Then you will see AWS CLI is installing.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fslru7ilt64ndap2mq9yq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fslru7ilt64ndap2mq9yq.png" alt=" " width="800" height="197"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After installation, verify:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;aws &lt;span class="nt"&gt;--version&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You will see something like this in the terminal:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-cli/2.x Python/3.x Windows
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h3&gt;
  
  
  Step 3: Configure AWS CLI
&lt;/h3&gt;

&lt;h2&gt;
  
  
  Why Does AWS CLI Need Configuration?
&lt;/h2&gt;

&lt;p&gt;AWS CLI needs to know:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Which AWS account to use&lt;/li&gt;
&lt;li&gt;Which region to use&lt;/li&gt;
&lt;li&gt;Which credentials belong to us&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is done using:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;aws configure
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Provide:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;AWS Access Key ID&lt;/li&gt;
&lt;li&gt;AWS Secret Access Key&lt;/li&gt;
&lt;li&gt;Default Region&lt;/li&gt;
&lt;li&gt;Output Format (json)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;You will get the Access Key ID from your AWS account.&lt;/p&gt;

&lt;p&gt;Go to your AWS Console.&lt;/p&gt;

&lt;p&gt;Click on the account name on the right-side corner → Select &lt;strong&gt;Security Credentials&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fq69nxob7sd5v4k3jud72.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fq69nxob7sd5v4k3jud72.png" alt=" " width="326" height="474"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Scroll to &lt;strong&gt;Access Keys&lt;/strong&gt; → Click on &lt;strong&gt;Create Access Key&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;AWS generates:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Access Key ID&lt;/li&gt;
&lt;li&gt;Secret Access Key&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Save these credentials securely.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;NEVER SHARE YOUR SECRET ACCESS KEY&lt;/strong&gt;&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS Access Key ID: AKIAxxxxxxxx
AWS Secret Access Key: ********
Default Region Name: ap-south-1
Default Output Format: json
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Why JSON?
&lt;/h2&gt;

&lt;p&gt;AWS returns responses in JSON format because it is easy for applications and scripts to process.&lt;/p&gt;




&lt;h2&gt;
  
  
  Method 2: Using AWS CloudShell (What I Used)
&lt;/h2&gt;

&lt;p&gt;Since I was using a managed laptop where installing software was restricted, I used AWS CloudShell.&lt;/p&gt;

&lt;p&gt;CloudShell already comes with AWS CLI pre-installed, making it convenient for learning and experimentation.&lt;/p&gt;

&lt;h3&gt;
  
  
  Step 1: Open AWS Console
&lt;/h3&gt;

&lt;p&gt;In the search bar type:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;CloudShell
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;and wait for the terminal to open.&lt;/p&gt;




&lt;h3&gt;
  
  
  Step 2: Verify AWS CLI
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;aws &lt;span class="nt"&gt;--version&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You will get an output like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-cli/2.x
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3cl05nsqx9etkigksrv0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3cl05nsqx9etkigksrv0.png" alt=" " width="716" height="92"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; CloudShell automatically uses the credentials of the currently logged-in IAM user.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Therefore, unlike local installation, there is no need to run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;aws configure
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Running our First AWS CLI Command
&lt;/h2&gt;

&lt;p&gt;Now let's check whether AWS CLI can access our resources.&lt;/p&gt;

&lt;p&gt;Run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;aws s3 &lt;span class="nb"&gt;ls&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;means:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;List all S3 buckets available in my AWS account
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Example output will be like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;2025-11-02  my-learning-notes-example
2025-11-03  demo-cli-bucket
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Focls2j3x9u853s8wwdgp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Focls2j3x9u853s8wwdgp.png" alt=" " width="464" height="132"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Exploring AWS CLI Documentation
&lt;/h2&gt;

&lt;p&gt;AWS provides documentation for every service.&lt;/p&gt;

&lt;p&gt;For example, search:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS CLI S3 reference
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Here you will see a bunch of available commands and how to use them in detail.&lt;/p&gt;

&lt;p&gt;For example:&lt;/p&gt;

&lt;h3&gt;
  
  
  List Buckets
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;aws s3 &lt;span class="nb"&gt;ls&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Create Bucket
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;aws s3 mb s3://mydemo-s3-bucket-for-cli
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fh8651bgyid0dpqc0lgb9.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fh8651bgyid0dpqc0lgb9.png" alt=" " width="392" height="202"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;One of the best ways to become comfortable with AWS CLI is by exploring the official documentation and trying commands on your own.&lt;/p&gt;

&lt;p&gt;AWS provides CLI references for almost every service.&lt;/p&gt;

&lt;p&gt;For example, if you want to learn EC2 commands, search:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS CLI EC2 Reference
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Spend some time browsing the documentation and try commands in your environment.&lt;/p&gt;




&lt;h2&gt;
  
  
  Key Takeaways
&lt;/h2&gt;

&lt;p&gt;In this article, we learned:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;✅ What AWS CLI is&lt;/li&gt;
&lt;li&gt;✅ Why AWS CLI is useful&lt;/li&gt;
&lt;li&gt;✅ How AWS APIs work&lt;/li&gt;
&lt;li&gt;✅ Installing AWS CLI&lt;/li&gt;
&lt;li&gt;✅ Creating Access Keys&lt;/li&gt;
&lt;li&gt;✅ Configuring AWS CLI&lt;/li&gt;
&lt;li&gt;✅ Running our first commands&lt;/li&gt;
&lt;li&gt;✅ Exploring AWS CLI documentation&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;AWS CLI makes managing AWS resources faster and easier.&lt;/p&gt;

&lt;p&gt;Instead of repeatedly performing manual tasks through the AWS Console, we can interact with AWS services directly from the terminal.&lt;/p&gt;

&lt;p&gt;AWS CLI is excellent for quick actions and small automation tasks.&lt;/p&gt;

&lt;p&gt;However, as infrastructure grows larger, managing resources using individual commands becomes difficult.&lt;/p&gt;

&lt;p&gt;This is where Infrastructure as Code (IaC) tools become extremely useful.&lt;/p&gt;




&lt;h2&gt;
  
  
  What's Next?
&lt;/h2&gt;

&lt;p&gt;In the next article, we will begin exploring Infrastructure as Code (IaC) and understand:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What is AWS CloudFormation (CFT)?&lt;/li&gt;
&lt;li&gt;CloudFormation vs Terraform&lt;/li&gt;
&lt;li&gt;Tips and Tricks for Writing CloudFormation Templates&lt;/li&gt;
&lt;li&gt;Why production teams prefer Infrastructure as Code&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;From this point onward, we will start moving from individual commands to managing complete infrastructure using code. 🚀&lt;/p&gt;

</description>
      <category>automation</category>
      <category>aws</category>
      <category>beginners</category>
      <category>cli</category>
    </item>
    <item>
      <title>AWS S3 Hands-On Project | Buckets, Versioning, Permissions and Static Website Hosting</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Sat, 20 Jun 2026 12:53:51 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/aws-s3-hands-on-project-buckets-versioning-permissions-and-static-website-hosting-4p2d</link>
      <guid>https://dev.to/kadhamvj23/aws-s3-hands-on-project-buckets-versioning-permissions-and-static-website-hosting-4p2d</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;In the previous article, we learned the theory behind Amazon S3.&lt;/p&gt;

&lt;p&gt;Now it is time to see Amazon S3 in action.&lt;/p&gt;

&lt;p&gt;In this hands-on project, we will:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create an S3 bucket&lt;/li&gt;
&lt;li&gt;Upload files&lt;/li&gt;
&lt;li&gt;Understand Objects inside S3&lt;/li&gt;
&lt;li&gt;Enable Bucket Versioning&lt;/li&gt;
&lt;li&gt;Create IAM User&lt;/li&gt;
&lt;li&gt;Control access using Bucket Policies&lt;/li&gt;
&lt;li&gt;Host a Static Website using S3&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;By the end of this article, we will understand some of the most commonly used Amazon S3 features.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 1: Create an S3 Bucket
&lt;/h2&gt;

&lt;p&gt;Login to AWS Console.&lt;/p&gt;

&lt;p&gt;Search for &lt;strong&gt;S3&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Open the dashboard.&lt;/p&gt;

&lt;p&gt;Click on &lt;strong&gt;Create Bucket&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Provide:&lt;/p&gt;

&lt;h3&gt;
  
  
  Bucket Name
&lt;/h3&gt;

&lt;p&gt;Give your bucket a name, for example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;my-learning-notes-example
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;blockquote&gt;
&lt;p&gt;Bucket names must be globally unique.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdqvmfy8h8o3x7fyblgqx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdqvmfy8h8o3x7fyblgqx.png" alt=" " width="800" height="364"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For now, leave all the remaining settings as default.&lt;/p&gt;

&lt;p&gt;Click on &lt;strong&gt;Create Bucket&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 2: Explore the Bucket
&lt;/h2&gt;

&lt;p&gt;Open the bucket you just created.&lt;/p&gt;

&lt;p&gt;Initially, you will notice:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Objects (0)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9kuqt2zql4qrqorwgfus.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9kuqt2zql4qrqorwgfus.png" alt=" " width="800" height="252"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;because the bucket is empty.&lt;/p&gt;

&lt;p&gt;Think of a bucket as a folder that stores files.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 3: Upload Your First Object
&lt;/h2&gt;

&lt;p&gt;Click on:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Upload
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frnce6jtbds8x8db4dcva.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frnce6jtbds8x8db4dcva.png" alt=" " width="799" height="291"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Then click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Add files
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Choose any file.&lt;/p&gt;

&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Upload
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgk9ai2xfj71j8jkfd1nu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgk9ai2xfj71j8jkfd1nu.png" alt=" " width="799" height="352"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After the upload finishes, you will see the file inside the bucket.&lt;/p&gt;

&lt;p&gt;In Amazon S3, every uploaded file is called an &lt;strong&gt;Object&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Now if you look inside the bucket, you will notice that Objects are no longer zero because we have uploaded a file.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fq3qi11a9o8akg4ulnbj1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fq3qi11a9o8akg4ulnbj1.png" alt=" " width="800" height="255"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 4: Explore Object Options
&lt;/h2&gt;

&lt;p&gt;Click on the uploaded Object.&lt;/p&gt;

&lt;p&gt;Explore the options:&lt;/p&gt;

&lt;h3&gt;
  
  
  Open
&lt;/h3&gt;

&lt;p&gt;Select the file and click &lt;strong&gt;Open&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;It will display the contents of the file.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fo830rogawnohzbvkumgq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fo830rogawnohzbvkumgq.png" alt=" " width="799" height="372"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Download
&lt;/h3&gt;

&lt;p&gt;Select the file and click &lt;strong&gt;Download&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;The file will be downloaded to your system.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fb8p063bxz9weh7nh5l3n.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fb8p063bxz9weh7nh5l3n.png" alt=" " width="799" height="340"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Delete
&lt;/h3&gt;

&lt;p&gt;If you select &lt;strong&gt;Delete&lt;/strong&gt;, AWS will ask for confirmation before deleting the object.&lt;/p&gt;

&lt;p&gt;This helps you understand how S3 manages objects.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 5: Enable Bucket Versioning
&lt;/h2&gt;

&lt;p&gt;Suppose you upload:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;demo-learning-s3.txt
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Later, you modify the file and upload it again.&lt;/p&gt;

&lt;p&gt;Without versioning, the old file gets overwritten.&lt;/p&gt;

&lt;p&gt;Versioning allows you to preserve previous versions.&lt;/p&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Bucket → Properties
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Scroll to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Bucket Versioning
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Edit
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fb451ujq83557vd8eb0dd.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fb451ujq83557vd8eb0dd.png" alt=" " width="800" height="308"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Enable
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Save Changes
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Now if you check the bucket properties, you can see that versioning is enabled.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgocra4winwer2n8vs88r.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgocra4winwer2n8vs88r.png" alt=" " width="800" height="313"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 6: Upload a New Version
&lt;/h2&gt;

&lt;p&gt;Modify your file.&lt;/p&gt;

&lt;h3&gt;
  
  
  Before
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS S3 Notes version 1
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  After
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS S3 Notes version 2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Upload the file again using the same filename.&lt;/p&gt;

&lt;p&gt;Now open the Object.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foo1uvmj3sfleasfdn822.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foo1uvmj3sfleasfdn822.png" alt=" " width="800" height="182"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Versions
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffws7v6dey80jo61zzoy6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffws7v6dey80jo61zzoy6.png" alt=" " width="800" height="260"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You will see multiple versions.&lt;/p&gt;

&lt;p&gt;This is similar to maintaining history in Git.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 7: Create an IAM User
&lt;/h2&gt;

&lt;p&gt;In AWS Console, search for:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;IAM
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;IAM → Users → Create User
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Give a name:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;demo-s3-user
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Assign a password.&lt;/p&gt;

&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create User
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fvdt6oxo451ao5cpd3vmh.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fvdt6oxo451ao5cpd3vmh.png" alt=" " width="800" height="317"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 8: Verify Permissions
&lt;/h2&gt;

&lt;p&gt;Open an Incognito browser.&lt;/p&gt;

&lt;p&gt;Login using the IAM user credentials.&lt;/p&gt;

&lt;p&gt;Try accessing the Amazon S3 bucket.&lt;/p&gt;

&lt;p&gt;Also try creating a bucket.&lt;/p&gt;

&lt;p&gt;Initially, you will receive permission errors.&lt;/p&gt;

&lt;p&gt;This happens because the user has no S3 permissions.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flc6geoy3lmb5bvlxz646.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flc6geoy3lmb5bvlxz646.png" alt=" " width="800" height="346"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 9: Grant S3 Permissions
&lt;/h2&gt;

&lt;p&gt;Login as the root/Admin user.&lt;/p&gt;

&lt;p&gt;Open:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;IAM → Users → demo-s3-user
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Add Permissions
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjog5zq7r2gwdow9tb2pl.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjog5zq7r2gwdow9tb2pl.png" alt=" " width="799" height="340"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Attach:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AmazonS3FullAccess
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Save
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5ge4cf2i7b48e5zmwfq0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5ge4cf2i7b48e5zmwfq0.png" alt=" " width="799" height="377"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Now refresh the IAM user session.&lt;/p&gt;

&lt;p&gt;The &lt;code&gt;demo-s3-user&lt;/code&gt; can now access S3.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foer90y2hgcfsx3tbm5d7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foer90y2hgcfsx3tbm5d7.png" alt=" " width="799" height="366"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 10: Explore Bucket Permissions
&lt;/h2&gt;

&lt;p&gt;Open:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;S3 → Bucket → Permissions
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You will notice:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Bucket Policies&lt;/li&gt;
&lt;li&gt;Block Public Access&lt;/li&gt;
&lt;li&gt;Access Control&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdahrzhhgwqc7g0saf7gg.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fdahrzhhgwqc7g0saf7gg.png" alt=" " width="800" height="358"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;These settings provide an additional security layer.&lt;/p&gt;

&lt;p&gt;Even if IAM permissions are accidentally misconfigured, Bucket Policies can still protect your bucket.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 11: Enable Static Website Hosting
&lt;/h2&gt;

&lt;p&gt;Create a simple &lt;code&gt;index.html&lt;/code&gt; file.&lt;/p&gt;

&lt;p&gt;Upload this file to your bucket.&lt;/p&gt;

&lt;p&gt;Now go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Bucket → Properties
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Scroll to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Static Website Hosting
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Edit
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Enable:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Static Website Hosting
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Set:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Index Document: index.html
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Save Changes
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;AWS will generate a website endpoint.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5h22gbk8ms2nhhwjc3fc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5h22gbk8ms2nhhwjc3fc.png" alt=" " width="800" height="375"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Try accessing the website endpoint URL.&lt;/p&gt;

&lt;p&gt;You will notice that you still cannot access it even if you have S3 Full Access.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fs79eq32mlr2sx4w2q98e.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fs79eq32mlr2sx4w2q98e.png" alt=" " width="800" height="210"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This happens because there are still S3 permissions blocking public access.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 12: Remove Public Access Block
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Permissions
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Locate:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Block Public Access
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Edit
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fm7dpv1rrit5fkpnv20ah.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fm7dpv1rrit5fkpnv20ah.png" alt=" " width="800" height="297"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Disable public access.&lt;/p&gt;

&lt;p&gt;Confirm the warning.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frn3vu8hl4o53c77s3lyj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frn3vu8hl4o53c77s3lyj.png" alt=" " width="800" height="227"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;When you try to access the URL again, you may still receive:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;403 Forbidden
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Although Static Website Hosting is enabled, the files inside the bucket are still private.&lt;/p&gt;

&lt;p&gt;AWS requires explicit permission before users on the internet can read objects inside an S3 bucket.&lt;/p&gt;

&lt;p&gt;To solve this, we need to create a Bucket Policy.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 13: Add Bucket Policy for Public Read
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Permissions → Bucket Policy → Edit
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fl2keg1knc050gpuw6en7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fl2keg1knc050gpuw6en7.png" alt=" " width="800" height="349"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Add New Statement
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Initially, AWS provides a template similar to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"Version"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"2012-10-17"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"Statement"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Sid"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Statement1"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Principal"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;{},&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Effect"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Allow"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Action"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[],&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Resource"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[]&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;We need to fill these values.&lt;/p&gt;

&lt;h2&gt;
  
  
  Understanding the Fields
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Sid
&lt;/h3&gt;

&lt;p&gt;Used to identify the policy statement.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="nl"&gt;"Sid"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"PublicReadGetObject"&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Principal
&lt;/h3&gt;

&lt;p&gt;Defines who the rule applies to.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="nl"&gt;"Principal"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"*"&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The &lt;code&gt;*&lt;/code&gt; means anyone on the internet.&lt;/p&gt;

&lt;h3&gt;
  
  
  Effect
&lt;/h3&gt;

&lt;p&gt;Specifies whether AWS should allow or deny the action.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="nl"&gt;"Effect"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Allow"&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Defines which permission we are granting.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="nl"&gt;"Action"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"s3:GetObject"&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This allows users to read objects inside the bucket.&lt;/p&gt;

&lt;h3&gt;
  
  
  Resource
&lt;/h3&gt;

&lt;p&gt;Specifies which bucket objects the rule applies to.&lt;/p&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="nl"&gt;"Resource"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"arn:aws:s3:::YOUR_BUCKET_NAME/*"&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Replace &lt;code&gt;YOUR_BUCKET_NAME&lt;/code&gt; with your actual bucket name.&lt;/p&gt;

&lt;p&gt;The &lt;code&gt;/*&lt;/code&gt; means apply the rule to all objects inside the bucket.&lt;/p&gt;




&lt;p&gt;My bucket name is:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;my-learning-notes-example
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Therefore, the policy becomes:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"Version"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"2012-10-17"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"Statement"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Sid"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Statement1"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Principal"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"*"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Effect"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Allow"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Action"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"s3:GetObject"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"Resource"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"arn:aws:s3:::my-learning-notes-example/*"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Save Changes
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Replace &lt;code&gt;my-learning-notes-example&lt;/code&gt; with your own bucket name.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  Step 14: Access the Website
&lt;/h2&gt;

&lt;p&gt;Go back to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Bucket → Properties
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Scroll down to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Static Website Hosting
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Copy the:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Bucket Website Endpoint URL
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Paste it into your browser.&lt;/p&gt;

&lt;p&gt;Now, instead of receiving the &lt;code&gt;403 Forbidden&lt;/code&gt; error, your webpage should load successfully.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbbm9so5ggm3ce928ruhk.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fbbm9so5ggm3ce928ruhk.png" alt=" " width="800" height="330"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;p&gt;Congratulations 🎉&lt;/p&gt;

&lt;p&gt;You have successfully hosted your first static website using Amazon S3.&lt;/p&gt;




&lt;h2&gt;
  
  
  Key Takeaways
&lt;/h2&gt;

&lt;p&gt;In this hands-on project, we learned how to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;✅ Create an S3 bucket&lt;/li&gt;
&lt;li&gt;✅ Upload objects&lt;/li&gt;
&lt;li&gt;✅ Understand bucket and object concepts&lt;/li&gt;
&lt;li&gt;✅ Enable versioning&lt;/li&gt;
&lt;li&gt;✅ Create IAM users&lt;/li&gt;
&lt;li&gt;✅ Understand permissions&lt;/li&gt;
&lt;li&gt;✅ Explore bucket policies&lt;/li&gt;
&lt;li&gt;✅ Host a static website&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  What's Next?
&lt;/h2&gt;

&lt;p&gt;In the next article, we will explore another important AWS service and continue building our cloud learning journey.&lt;/p&gt;

</description>
      <category>aws</category>
      <category>beginners</category>
      <category>s3</category>
    </item>
    <item>
      <title>AWS S3 Basics for Beginners</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Sat, 20 Jun 2026 12:24:59 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/aws-s3-basics-for-beginners-4o27</link>
      <guid>https://dev.to/kadhamvj23/aws-s3-basics-for-beginners-4o27</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;In the previous articles, we explored AWS networking concepts like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPC&lt;/li&gt;
&lt;li&gt;Subnets&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;Route 53&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Now, let's move to one of the most popular AWS services:&lt;/p&gt;

&lt;h2&gt;
  
  
  Amazon S3 (Simple Storage Service)
&lt;/h2&gt;

&lt;p&gt;Amazon S3 is one of the easiest AWS services to learn and one of the most widely used services in real-world applications.&lt;/p&gt;

&lt;p&gt;Almost every application stores some kind of data:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Images&lt;/li&gt;
&lt;li&gt;Videos&lt;/li&gt;
&lt;li&gt;Documents&lt;/li&gt;
&lt;li&gt;Log files&lt;/li&gt;
&lt;li&gt;Backups&lt;/li&gt;
&lt;li&gt;Static websites&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Amazon S3 helps us store and retrieve these files securely from anywhere in the world.&lt;/p&gt;

&lt;p&gt;In this article, we will understand:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What Amazon S3 is&lt;/li&gt;
&lt;li&gt;Buckets and Objects&lt;/li&gt;
&lt;li&gt;Benefits of S3&lt;/li&gt;
&lt;li&gt;Storage Classes&lt;/li&gt;
&lt;li&gt;Versioning&lt;/li&gt;
&lt;li&gt;Basic security concepts&lt;/li&gt;
&lt;li&gt;Static website hosting overview&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Why Do We Need Storage?
&lt;/h2&gt;

&lt;p&gt;Imagine you are running an online photo-sharing application.&lt;/p&gt;

&lt;p&gt;Users upload:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Profile pictures&lt;/li&gt;
&lt;li&gt;Photos&lt;/li&gt;
&lt;li&gt;Videos&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Where should these files be stored?&lt;/p&gt;

&lt;p&gt;Keeping them directly inside application servers is not a good idea because:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Storage is limited.&lt;/li&gt;
&lt;li&gt;Scaling becomes difficult.&lt;/li&gt;
&lt;li&gt;Replacing servers may cause data loss.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is where Amazon S3 helps.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is Amazon S3?
&lt;/h2&gt;

&lt;p&gt;Amazon S3 stands for:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Simple Storage Service
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;It is a cloud-based object storage service provided by AWS.&lt;/p&gt;

&lt;p&gt;S3 allows us to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Store data&lt;/li&gt;
&lt;li&gt;Retrieve data&lt;/li&gt;
&lt;li&gt;Manage data&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;from anywhere using the internet.&lt;/p&gt;

&lt;p&gt;Amazon S3 is designed to be:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Highly available&lt;/li&gt;
&lt;li&gt;Durable&lt;/li&gt;
&lt;li&gt;Scalable&lt;/li&gt;
&lt;li&gt;Secure&lt;/li&gt;
&lt;li&gt;Cost-effective&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  Real-World Example
&lt;/h3&gt;

&lt;p&gt;Think of Amazon S3 as a digital warehouse.&lt;/p&gt;

&lt;p&gt;Suppose you own an e-commerce company.&lt;/p&gt;

&lt;p&gt;Inside your warehouse, you store:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Product images&lt;/li&gt;
&lt;li&gt;Invoices&lt;/li&gt;
&lt;li&gt;Customer documents&lt;/li&gt;
&lt;li&gt;Videos&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Similarly, Amazon S3 stores digital files safely in the cloud.&lt;/p&gt;




&lt;h2&gt;
  
  
  Buckets and Objects
&lt;/h2&gt;

&lt;p&gt;Amazon S3 stores data using two concepts:&lt;/p&gt;

&lt;h3&gt;
  
  
  Bucket
&lt;/h3&gt;

&lt;p&gt;A bucket is a container used to store files.&lt;/p&gt;

&lt;p&gt;Think of a bucket like a folder.&lt;/p&gt;

&lt;p&gt;Examples:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;company-documents
customer-images
application-logs
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Bucket names must be globally unique.&lt;/p&gt;




&lt;h3&gt;
  
  
  Object
&lt;/h3&gt;

&lt;p&gt;Anything stored inside a bucket is called an &lt;strong&gt;Object&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Examples:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;invoice.pdf
profile.jpg
backup.zip
video.mp4
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Objects can contain:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Images&lt;/li&gt;
&lt;li&gt;Videos&lt;/li&gt;
&lt;li&gt;HTML files&lt;/li&gt;
&lt;li&gt;CSV files&lt;/li&gt;
&lt;li&gt;JSON files&lt;/li&gt;
&lt;li&gt;Log files&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Almost any file type can be stored in S3.&lt;/p&gt;




&lt;h3&gt;
  
  
  Real-Life Example
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Cupboard (Bucket)
    ↓
Files and Documents (Objects)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Similarly:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;S3 Bucket
    ↓
Objects
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Benefits of Amazon S3
&lt;/h2&gt;

&lt;h3&gt;
  
  
  1. High Durability
&lt;/h3&gt;

&lt;p&gt;Amazon S3 is famous for its durability.&lt;/p&gt;

&lt;p&gt;AWS provides:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;99.999999999%
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;durability.&lt;/p&gt;

&lt;p&gt;This is often called:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Eleven 9's of Durability
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;AWS automatically keeps multiple copies of your data to prevent data loss.&lt;/p&gt;




&lt;h3&gt;
  
  
  2. High Availability
&lt;/h3&gt;

&lt;p&gt;S3 is designed to remain accessible even if some infrastructure components fail.&lt;/p&gt;

&lt;p&gt;Applications can continue accessing files without interruption.&lt;/p&gt;




&lt;h3&gt;
  
  
  3. Scalability
&lt;/h3&gt;

&lt;p&gt;You don't need to estimate storage in advance.&lt;/p&gt;

&lt;p&gt;Whether you store:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;10 files&lt;/li&gt;
&lt;li&gt;10 million files&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Amazon S3 automatically scales.&lt;/p&gt;




&lt;h3&gt;
  
  
  4. Security
&lt;/h3&gt;

&lt;p&gt;AWS provides multiple security mechanisms:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;IAM Policies&lt;/li&gt;
&lt;li&gt;Bucket Policies&lt;/li&gt;
&lt;li&gt;Encryption&lt;/li&gt;
&lt;li&gt;Access Control&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These help protect sensitive data.&lt;/p&gt;




&lt;h3&gt;
  
  
  5. Cost Effective
&lt;/h3&gt;

&lt;p&gt;You only pay for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Storage used&lt;/li&gt;
&lt;li&gt;Requests made&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;There is no need to purchase storage hardware.&lt;/p&gt;




&lt;h3&gt;
  
  
  6. High Performance
&lt;/h3&gt;

&lt;p&gt;Amazon S3 supports:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Parallel uploads&lt;/li&gt;
&lt;li&gt;Multipart uploads&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This improves performance for large files.&lt;/p&gt;




&lt;h2&gt;
  
  
  S3 Storage Classes
&lt;/h2&gt;

&lt;p&gt;Not every file needs the same level of access.&lt;/p&gt;

&lt;p&gt;AWS provides different storage classes.&lt;/p&gt;




&lt;h3&gt;
  
  
  S3 Standard
&lt;/h3&gt;

&lt;p&gt;Used for frequently accessed files.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Website images&lt;/li&gt;
&lt;li&gt;Application assets&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  S3 Standard-IA
&lt;/h3&gt;

&lt;p&gt;IA stands for:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Infrequent Access
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Used for files accessed occasionally.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Monthly reports&lt;/li&gt;
&lt;li&gt;Older documents&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  One Zone-IA
&lt;/h3&gt;

&lt;p&gt;Stores data in a single Availability Zone.&lt;/p&gt;

&lt;p&gt;Cheaper but less resilient.&lt;/p&gt;

&lt;p&gt;Suitable for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Backup copies&lt;/li&gt;
&lt;li&gt;Temporary files&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  S3 Glacier
&lt;/h3&gt;

&lt;p&gt;Used for long-term archival storage.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Old backups&lt;/li&gt;
&lt;li&gt;Compliance records&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Retrieval is slower but storage cost is very low.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is Versioning?
&lt;/h2&gt;

&lt;p&gt;Suppose today you upload:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;report.csv
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Tomorrow, you modify the same file and upload it again.&lt;/p&gt;

&lt;p&gt;What if you later discover that yesterday's version was correct?&lt;/p&gt;

&lt;p&gt;Versioning helps solve this problem.&lt;/p&gt;

&lt;p&gt;When versioning is enabled:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Old versions are preserved.&lt;/li&gt;
&lt;li&gt;New uploads create new versions.&lt;/li&gt;
&lt;li&gt;Previous files can be restored.&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  Real-Life Example
&lt;/h3&gt;

&lt;p&gt;Think about Git.&lt;/p&gt;

&lt;p&gt;Every commit stores history.&lt;/p&gt;

&lt;p&gt;Similarly, S3 Versioning stores file history.&lt;/p&gt;




&lt;h2&gt;
  
  
  Static Website Hosting
&lt;/h2&gt;

&lt;p&gt;Amazon S3 can also host static websites.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Portfolio websites&lt;/li&gt;
&lt;li&gt;Documentation sites&lt;/li&gt;
&lt;li&gt;Landing pages&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Files like:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;index.html
style.css
logo.png
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;can be served directly from S3.&lt;/p&gt;

&lt;p&gt;Because static websites do not require servers, S3 hosting is:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Simple&lt;/li&gt;
&lt;li&gt;Fast&lt;/li&gt;
&lt;li&gt;Low cost&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Understanding S3 Security
&lt;/h2&gt;

&lt;p&gt;AWS provides multiple layers of security.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;h3&gt;
  
  
  IAM Policies
&lt;/h3&gt;

&lt;p&gt;Control what users can do.&lt;/p&gt;

&lt;h3&gt;
  
  
  Bucket Policies
&lt;/h3&gt;

&lt;p&gt;Control who can access a bucket.&lt;/p&gt;

&lt;h3&gt;
  
  
  Encryption
&lt;/h3&gt;

&lt;p&gt;Protects stored data.&lt;/p&gt;

&lt;p&gt;Even if IAM permissions are accidentally configured incorrectly, bucket policies can provide an additional security layer.&lt;/p&gt;




&lt;h2&gt;
  
  
  Common Use Cases of Amazon S3
&lt;/h2&gt;

&lt;p&gt;Amazon S3 is used for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Image storage&lt;/li&gt;
&lt;li&gt;Video storage&lt;/li&gt;
&lt;li&gt;Backup and recovery&lt;/li&gt;
&lt;li&gt;Application logs&lt;/li&gt;
&lt;li&gt;Static website hosting&lt;/li&gt;
&lt;li&gt;Data archival&lt;/li&gt;
&lt;li&gt;Data lakes&lt;/li&gt;
&lt;li&gt;Big data workloads&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Official AWS Documentation
&lt;/h2&gt;

&lt;p&gt;If you'd like to explore S3 in more detail, AWS provides excellent documentation.&lt;/p&gt;

&lt;h2&gt;
  
  
  Amazon S3 Documentation
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Amazon S3 Overview
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;https://aws.amazon.com/s3/
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;Amazon S3 is one of the most important AWS services and is widely used in almost every cloud application.&lt;/p&gt;

&lt;p&gt;In this article, we learned:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What Amazon S3 is&lt;/li&gt;
&lt;li&gt;Buckets and Objects&lt;/li&gt;
&lt;li&gt;Benefits of S3&lt;/li&gt;
&lt;li&gt;Storage Classes&lt;/li&gt;
&lt;li&gt;Versioning&lt;/li&gt;
&lt;li&gt;Security concepts&lt;/li&gt;
&lt;li&gt;Static website hosting overview&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In the next article, we will perform hands-on exercises and:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create S3 buckets&lt;/li&gt;
&lt;li&gt;Upload files&lt;/li&gt;
&lt;li&gt;Enable versioning&lt;/li&gt;
&lt;li&gt;Configure permissions&lt;/li&gt;
&lt;li&gt;Create IAM users&lt;/li&gt;
&lt;li&gt;Host a static website using Amazon S3&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aws</category>
      <category>s3</category>
      <category>beginners</category>
    </item>
    <item>
      <title>AWS S3 Basics for Beginners</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Wed, 17 Jun 2026 12:27:17 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/aws-s3-basics-for-beginners-3k8m</link>
      <guid>https://dev.to/kadhamvj23/aws-s3-basics-for-beginners-3k8m</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;In the previous articles, we explored AWS networking concepts like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPC&lt;/li&gt;
&lt;li&gt;Subnets&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;Route 53&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Now, let's move to one of the most popular AWS services:&lt;/p&gt;

&lt;h2&gt;
  
  
  Amazon S3 (Simple Storage Service)
&lt;/h2&gt;

&lt;p&gt;Amazon S3 is one of the easiest AWS services to learn and one of the most widely used services in real-world applications.&lt;/p&gt;

&lt;p&gt;Almost every application stores some kind of data:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Images&lt;/li&gt;
&lt;li&gt;Videos&lt;/li&gt;
&lt;li&gt;Documents&lt;/li&gt;
&lt;li&gt;Log files&lt;/li&gt;
&lt;li&gt;Backups&lt;/li&gt;
&lt;li&gt;Static websites&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Amazon S3 helps us store and retrieve these files securely from anywhere in the world.&lt;/p&gt;

&lt;p&gt;In this article, we will understand:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What Amazon S3 is&lt;/li&gt;
&lt;li&gt;Buckets and Objects&lt;/li&gt;
&lt;li&gt;Benefits of S3&lt;/li&gt;
&lt;li&gt;Storage Classes&lt;/li&gt;
&lt;li&gt;Versioning&lt;/li&gt;
&lt;li&gt;Basic security concepts&lt;/li&gt;
&lt;li&gt;Static website hosting overview&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Why Do We Need Storage?
&lt;/h2&gt;

&lt;p&gt;Imagine you are running an online photo-sharing application.&lt;/p&gt;

&lt;p&gt;Users upload:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Profile pictures&lt;/li&gt;
&lt;li&gt;Photos&lt;/li&gt;
&lt;li&gt;Videos&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Where should these files be stored?&lt;/p&gt;

&lt;p&gt;Keeping them directly inside application servers is not a good idea because:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Storage is limited.&lt;/li&gt;
&lt;li&gt;Scaling becomes difficult.&lt;/li&gt;
&lt;li&gt;Replacing servers may cause data loss.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is where Amazon S3 helps.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is Amazon S3?
&lt;/h2&gt;

&lt;p&gt;Amazon S3 stands for:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Simple Storage Service
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;It is a cloud-based object storage service provided by AWS.&lt;/p&gt;

&lt;p&gt;S3 allows us to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Store data&lt;/li&gt;
&lt;li&gt;Retrieve data&lt;/li&gt;
&lt;li&gt;Manage data&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;from anywhere using the internet.&lt;/p&gt;

&lt;p&gt;Amazon S3 is designed to be:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Highly available&lt;/li&gt;
&lt;li&gt;Durable&lt;/li&gt;
&lt;li&gt;Scalable&lt;/li&gt;
&lt;li&gt;Secure&lt;/li&gt;
&lt;li&gt;Cost-effective&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  Real-World Example
&lt;/h3&gt;

&lt;p&gt;Think of Amazon S3 as a digital warehouse.&lt;/p&gt;

&lt;p&gt;Suppose you own an e-commerce company.&lt;/p&gt;

&lt;p&gt;Inside your warehouse, you store:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Product images&lt;/li&gt;
&lt;li&gt;Invoices&lt;/li&gt;
&lt;li&gt;Customer documents&lt;/li&gt;
&lt;li&gt;Videos&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Similarly, Amazon S3 stores digital files safely in the cloud.&lt;/p&gt;




&lt;h2&gt;
  
  
  Buckets and Objects
&lt;/h2&gt;

&lt;p&gt;Amazon S3 stores data using two concepts:&lt;/p&gt;

&lt;h3&gt;
  
  
  Bucket
&lt;/h3&gt;

&lt;p&gt;A bucket is a container used to store files.&lt;/p&gt;

&lt;p&gt;Think of a bucket like a folder.&lt;/p&gt;

&lt;p&gt;Examples:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;company-documents
customer-images
application-logs
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Bucket names must be globally unique.&lt;/p&gt;




&lt;h3&gt;
  
  
  Object
&lt;/h3&gt;

&lt;p&gt;Anything stored inside a bucket is called an &lt;strong&gt;Object&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Examples:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;invoice.pdf
profile.jpg
backup.zip
video.mp4
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Objects can contain:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Images&lt;/li&gt;
&lt;li&gt;Videos&lt;/li&gt;
&lt;li&gt;HTML files&lt;/li&gt;
&lt;li&gt;CSV files&lt;/li&gt;
&lt;li&gt;JSON files&lt;/li&gt;
&lt;li&gt;Log files&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Almost any file type can be stored in S3.&lt;/p&gt;




&lt;h3&gt;
  
  
  Real-Life Example
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Cupboard (Bucket)
    ↓
Files and Documents (Objects)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Similarly:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;S3 Bucket
    ↓
Objects
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Benefits of Amazon S3
&lt;/h2&gt;

&lt;h3&gt;
  
  
  1. High Durability
&lt;/h3&gt;

&lt;p&gt;Amazon S3 is famous for its durability.&lt;/p&gt;

&lt;p&gt;AWS provides:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;99.999999999%
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;durability.&lt;/p&gt;

&lt;p&gt;This is often called:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Eleven 9's of Durability
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;AWS automatically keeps multiple copies of your data to prevent data loss.&lt;/p&gt;




&lt;h3&gt;
  
  
  2. High Availability
&lt;/h3&gt;

&lt;p&gt;S3 is designed to remain accessible even if some infrastructure components fail.&lt;/p&gt;

&lt;p&gt;Applications can continue accessing files without interruption.&lt;/p&gt;




&lt;h3&gt;
  
  
  3. Scalability
&lt;/h3&gt;

&lt;p&gt;You don't need to estimate storage in advance.&lt;/p&gt;

&lt;p&gt;Whether you store:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;10 files&lt;/li&gt;
&lt;li&gt;10 million files&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Amazon S3 automatically scales.&lt;/p&gt;




&lt;h3&gt;
  
  
  4. Security
&lt;/h3&gt;

&lt;p&gt;AWS provides multiple security mechanisms:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;IAM Policies&lt;/li&gt;
&lt;li&gt;Bucket Policies&lt;/li&gt;
&lt;li&gt;Encryption&lt;/li&gt;
&lt;li&gt;Access Control&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These help protect sensitive data.&lt;/p&gt;




&lt;h3&gt;
  
  
  5. Cost Effective
&lt;/h3&gt;

&lt;p&gt;You only pay for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Storage used&lt;/li&gt;
&lt;li&gt;Requests made&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;There is no need to purchase storage hardware.&lt;/p&gt;




&lt;h3&gt;
  
  
  6. High Performance
&lt;/h3&gt;

&lt;p&gt;Amazon S3 supports:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Parallel uploads&lt;/li&gt;
&lt;li&gt;Multipart uploads&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This improves performance for large files.&lt;/p&gt;




&lt;h2&gt;
  
  
  S3 Storage Classes
&lt;/h2&gt;

&lt;p&gt;Not every file needs the same level of access.&lt;/p&gt;

&lt;p&gt;AWS provides different storage classes.&lt;/p&gt;




&lt;h3&gt;
  
  
  S3 Standard
&lt;/h3&gt;

&lt;p&gt;Used for frequently accessed files.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Website images&lt;/li&gt;
&lt;li&gt;Application assets&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  S3 Standard-IA
&lt;/h3&gt;

&lt;p&gt;IA stands for:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Infrequent Access
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Used for files accessed occasionally.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Monthly reports&lt;/li&gt;
&lt;li&gt;Older documents&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  One Zone-IA
&lt;/h3&gt;

&lt;p&gt;Stores data in a single Availability Zone.&lt;/p&gt;

&lt;p&gt;Cheaper but less resilient.&lt;/p&gt;

&lt;p&gt;Suitable for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Backup copies&lt;/li&gt;
&lt;li&gt;Temporary files&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  S3 Glacier
&lt;/h3&gt;

&lt;p&gt;Used for long-term archival storage.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Old backups&lt;/li&gt;
&lt;li&gt;Compliance records&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Retrieval is slower but storage cost is very low.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is Versioning?
&lt;/h2&gt;

&lt;p&gt;Suppose today you upload:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;report.csv
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Tomorrow, you modify the same file and upload it again.&lt;/p&gt;

&lt;p&gt;What if you later discover that yesterday's version was correct?&lt;/p&gt;

&lt;p&gt;Versioning helps solve this problem.&lt;/p&gt;

&lt;p&gt;When versioning is enabled:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Old versions are preserved.&lt;/li&gt;
&lt;li&gt;New uploads create new versions.&lt;/li&gt;
&lt;li&gt;Previous files can be restored.&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  Real-Life Example
&lt;/h3&gt;

&lt;p&gt;Think about Git.&lt;/p&gt;

&lt;p&gt;Every commit stores history.&lt;/p&gt;

&lt;p&gt;Similarly, S3 Versioning stores file history.&lt;/p&gt;




&lt;h2&gt;
  
  
  Static Website Hosting
&lt;/h2&gt;

&lt;p&gt;Amazon S3 can also host static websites.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Portfolio websites&lt;/li&gt;
&lt;li&gt;Documentation sites&lt;/li&gt;
&lt;li&gt;Landing pages&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Files like:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;index.html
style.css
logo.png
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;can be served directly from S3.&lt;/p&gt;

&lt;p&gt;Because static websites do not require servers, S3 hosting is:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Simple&lt;/li&gt;
&lt;li&gt;Fast&lt;/li&gt;
&lt;li&gt;Low cost&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Understanding S3 Security
&lt;/h2&gt;

&lt;p&gt;AWS provides multiple layers of security.&lt;/p&gt;

&lt;p&gt;Examples:&lt;/p&gt;

&lt;h3&gt;
  
  
  IAM Policies
&lt;/h3&gt;

&lt;p&gt;Control what users can do.&lt;/p&gt;

&lt;h3&gt;
  
  
  Bucket Policies
&lt;/h3&gt;

&lt;p&gt;Control who can access a bucket.&lt;/p&gt;

&lt;h3&gt;
  
  
  Encryption
&lt;/h3&gt;

&lt;p&gt;Protects stored data.&lt;/p&gt;

&lt;p&gt;Even if IAM permissions are accidentally configured incorrectly, bucket policies can provide an additional security layer.&lt;/p&gt;




&lt;h2&gt;
  
  
  Common Use Cases of Amazon S3
&lt;/h2&gt;

&lt;p&gt;Amazon S3 is used for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Image storage&lt;/li&gt;
&lt;li&gt;Video storage&lt;/li&gt;
&lt;li&gt;Backup and recovery&lt;/li&gt;
&lt;li&gt;Application logs&lt;/li&gt;
&lt;li&gt;Static website hosting&lt;/li&gt;
&lt;li&gt;Data archival&lt;/li&gt;
&lt;li&gt;Data lakes&lt;/li&gt;
&lt;li&gt;Big data workloads&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Official AWS Documentation
&lt;/h2&gt;

&lt;p&gt;If you'd like to explore S3 in more detail, AWS provides excellent documentation.&lt;/p&gt;

&lt;h2&gt;
  
  
  Amazon S3 Documentation
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Amazon S3 Overview
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;https://aws.amazon.com/s3/
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;Amazon S3 is one of the most important AWS services and is widely used in almost every cloud application.&lt;/p&gt;

&lt;p&gt;In this article, we learned:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What Amazon S3 is&lt;/li&gt;
&lt;li&gt;Buckets and Objects&lt;/li&gt;
&lt;li&gt;Benefits of S3&lt;/li&gt;
&lt;li&gt;Storage Classes&lt;/li&gt;
&lt;li&gt;Versioning&lt;/li&gt;
&lt;li&gt;Security concepts&lt;/li&gt;
&lt;li&gt;Static website hosting overview&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In the next article, we will perform hands-on exercises and:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create S3 buckets&lt;/li&gt;
&lt;li&gt;Upload files&lt;/li&gt;
&lt;li&gt;Enable versioning&lt;/li&gt;
&lt;li&gt;Configure permissions&lt;/li&gt;
&lt;li&gt;Create IAM users&lt;/li&gt;
&lt;li&gt;Host a static website using Amazon S3&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aws</category>
      <category>s3</category>
      <category>beginners</category>
    </item>
    <item>
      <title>🚀 AWS VPC Project: Build a Production-Ready Architecture with EC2, ALB, ASG &amp; Bastion Host</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Thu, 11 Jun 2026 05:33:40 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/aws-vpc-project-build-a-production-ready-architecture-with-ec2-alb-asg-bastion-host-57i2</link>
      <guid>https://dev.to/kadhamvj23/aws-vpc-project-build-a-production-ready-architecture-with-ec2-alb-asg-bastion-host-57i2</guid>
      <description>&lt;p&gt;In the previous articles, we learned about:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPC&lt;/li&gt;
&lt;li&gt;subnets&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;li&gt;Route Tables&lt;/li&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;Network ACLs&lt;/li&gt;
&lt;li&gt;DNS and Route 53&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Until now, we have learned individual AWS networking components separately.&lt;/p&gt;

&lt;p&gt;But in real world projects, these services work together to build secure and highly available applications.&lt;/p&gt;

&lt;h1&gt;
  
  
  What We Will Build
&lt;/h1&gt;

&lt;p&gt;In this project, we will create:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A custom VPC&lt;/li&gt;
&lt;li&gt;Public and Private Subnets&lt;/li&gt;
&lt;li&gt;Two Availability Zones&lt;/li&gt;
&lt;li&gt;NAT Gateways&lt;/li&gt;
&lt;li&gt;Bastion Host&lt;/li&gt;
&lt;li&gt;Auto Scaling Group&lt;/li&gt;
&lt;li&gt;Application Load Balancer&lt;/li&gt;
&lt;li&gt;Target Group&lt;/li&gt;
&lt;li&gt;EC2 Instances running inside Private Subnets&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;By the end of this project, you will understand how traffic flows inside AWS and how different networking components work together.&lt;/p&gt;




&lt;h1&gt;
  
  
  Why Are We Using Two Availability Zones?
&lt;/h1&gt;

&lt;p&gt;In production environments, applications are usually deployed across multiple Availability Zones (AZs).&lt;/p&gt;

&lt;p&gt;This improves &lt;strong&gt;High Availability&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;For example, if one AZ experiences a failure, the application can continue serving users from the second AZ.&lt;/p&gt;

&lt;p&gt;This helps reduce downtime and improves reliability.&lt;/p&gt;

&lt;p&gt;Therefore, in this project, we will use:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;2 Availability Zones (AZs)&lt;/li&gt;
&lt;li&gt;2 Public Subnets&lt;/li&gt;
&lt;li&gt;2 Private Subnets&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Architecture Overview
&lt;/h1&gt;

&lt;p&gt;Each Availability Zone (AZ) will contain:&lt;/p&gt;

&lt;h2&gt;
  
  
  Public Subnet
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;NAT Gateway&lt;/li&gt;
&lt;li&gt;Application Load Balancer&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Private Subnet
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;EC2 Instances launched using an Auto Scaling Group&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The EC2 instances will remain private and will not have public IP addresses.&lt;/p&gt;

&lt;p&gt;We will access them securely using a &lt;strong&gt;Bastion Host&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  What You Will Learn
&lt;/h2&gt;

&lt;p&gt;We will also understand:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;How internet traffic reaches the application.&lt;/li&gt;
&lt;li&gt;How private servers access the internet using a NAT Gateway.&lt;/li&gt;
&lt;li&gt;How the Load Balancer distributes traffic.&lt;/li&gt;
&lt;li&gt;How Auto Scaling Groups help applications handle increased traffic.&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Before We Start
&lt;/h2&gt;

&lt;p&gt;Before starting the implementation, let's first understand some of the concepts that we will use throughout this project.&lt;/p&gt;

&lt;p&gt;Don't worry if these concepts seem new right now — we will see them in action during the implementation.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is NAT Gateway?
&lt;/h2&gt;

&lt;p&gt;A &lt;strong&gt;NAT (Network Address Translation) Gateway&lt;/strong&gt; allows resources inside a private subnet to access the internet without exposing them directly to the internet.&lt;/p&gt;

&lt;p&gt;In our project, the application servers will be running inside private subnets and will not have public IP addresses.&lt;/p&gt;

&lt;p&gt;However, there may be situations where these servers need internet access, such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Downloading software packages&lt;/li&gt;
&lt;li&gt;Installing updates&lt;/li&gt;
&lt;li&gt;Accessing public APIs&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is where the &lt;strong&gt;NAT Gateway&lt;/strong&gt; helps.&lt;/p&gt;

&lt;h3&gt;
  
  
  Example
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Private EC2
     ↓
NAT Gateway
     ↓
  Internet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The private EC2 instance can access the internet, but internet users cannot directly access the EC2 instance.&lt;/p&gt;

&lt;p&gt;This improves security while still allowing outbound internet connectivity.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is Auto Scaling Group?
&lt;/h2&gt;

&lt;p&gt;An &lt;strong&gt;Auto Scaling Group (ASG)&lt;/strong&gt; helps automatically manage EC2 instances based on application demand.&lt;/p&gt;

&lt;p&gt;Imagine your application normally runs on &lt;strong&gt;2 EC2 instances&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Suddenly, a large number of users start accessing the application.&lt;/p&gt;

&lt;p&gt;The existing servers may not be enough to handle the traffic.&lt;/p&gt;

&lt;p&gt;In such situations, an &lt;strong&gt;Auto Scaling Group&lt;/strong&gt; can automatically launch additional EC2 instances.&lt;/p&gt;

&lt;p&gt;Similarly, when traffic decreases, it can terminate unnecessary instances.&lt;/p&gt;

&lt;h3&gt;
  
  
  Example
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Normal Traffic
      ↓
2 EC2 Instances
      ↓
 High Traffic
      ↓
4 EC2 Instances
      ↓
 Low Traffic
      ↓
2 EC2 Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Benefits of Auto Scaling Groups
&lt;/h3&gt;

&lt;p&gt;Auto Scaling Groups help to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Improve availability&lt;/li&gt;
&lt;li&gt;Handle traffic spikes&lt;/li&gt;
&lt;li&gt;Optimize infrastructure costs&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  What is Load Balancer?
&lt;/h2&gt;

&lt;p&gt;A &lt;strong&gt;Load Balancer&lt;/strong&gt; distributes incoming traffic across multiple servers.&lt;/p&gt;

&lt;p&gt;Instead of sending all requests to a single server, it spreads the traffic across multiple EC2 instances.&lt;/p&gt;

&lt;h3&gt;
  
  
  Example
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Users
   ↓
Load Balancer
   ↓
├── EC2 Instance 1
├── EC2 Instance 2
└── EC2 Instance 3
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Benefits of Load Balancer
&lt;/h3&gt;

&lt;p&gt;A Load Balancer helps to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Improve performance&lt;/li&gt;
&lt;li&gt;Prevent server overload&lt;/li&gt;
&lt;li&gt;Increase application availability&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In this project, users will access the application through the &lt;strong&gt;Load Balancer&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  What is Target Group?
&lt;/h2&gt;

&lt;p&gt;A &lt;strong&gt;Target Group&lt;/strong&gt; is a collection of servers that receive traffic from a Load Balancer.&lt;/p&gt;

&lt;p&gt;Think of a Target Group as a list of backend servers.&lt;/p&gt;

&lt;p&gt;When the Load Balancer receives a request, it forwards that request to one of the healthy servers registered inside the Target Group.&lt;/p&gt;

&lt;h3&gt;
  
  
  Example
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Load Balancer
      ↓
Target Group
      ↓
├── EC2 Instance 1
├── EC2 Instance 2
└── EC2 Instance 3
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  How Target Groups Work
&lt;/h3&gt;

&lt;p&gt;The Load Balancer does not directly send traffic to EC2 instances.&lt;/p&gt;

&lt;p&gt;Instead, it sends traffic through the &lt;strong&gt;Target Group&lt;/strong&gt;, which then routes requests to healthy EC2 instances.&lt;/p&gt;

&lt;p&gt;This helps:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Route traffic efficiently&lt;/li&gt;
&lt;li&gt;Perform health checks on backend servers&lt;/li&gt;
&lt;li&gt;Improve application availability&lt;/li&gt;
&lt;li&gt;Ensure requests are sent only to healthy instances&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  What is a Bastion Host?
&lt;/h2&gt;

&lt;p&gt;A &lt;strong&gt;Bastion Host&lt;/strong&gt;, also called a &lt;strong&gt;Jump Server&lt;/strong&gt;, is an EC2 instance placed inside a public subnet that is used to securely access resources inside private subnets.&lt;/p&gt;

&lt;p&gt;In our project, the application servers will be running in private subnets and will not have public IP addresses.&lt;/p&gt;

&lt;p&gt;This means we cannot directly SSH into them.&lt;/p&gt;

&lt;p&gt;To solve this problem, we create a &lt;strong&gt;Bastion Host&lt;/strong&gt;.&lt;/p&gt;

&lt;h3&gt;
  
  
  Example
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Developer Laptop
       ↓
   Bastion Host
       ↓
   Private EC2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Instead of exposing private servers to the internet, we first connect to the Bastion Host and then access the private servers.&lt;/p&gt;

&lt;h2&gt;
  
  
  Benefits of Using a Bastion Host
&lt;/h2&gt;

&lt;p&gt;This approach provides:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Better security&lt;/li&gt;
&lt;li&gt;Centralized access control&lt;/li&gt;
&lt;li&gt;Better auditing and monitoring&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Now that we understand the components used in this project, let's start building the architecture step by step.&lt;/p&gt;




&lt;h1&gt;
  
  
  Hands-On Implementation of the Project
&lt;/h1&gt;

&lt;p&gt;Before starting, we will build the following architecture:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;                    Internet
                        │
                       ▼
                Application Load Balancer
                        │
        ┌───────────────┴───────────────┐
        │                               │
 Availability Zone A             Availability Zone B
        │                               │
 Public Subnet A                 Public Subnet B
 ├── NAT Gateway A               ├── NAT Gateway B
 └── Bastion Host

        │                               │

 Private Subnet A               Private Subnet B
 └── EC2 Instance (ASG)         └── EC2 Instance (ASG)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Architecture Diagram
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8jmm1iwr0q5l9zcgb2qs.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8jmm1iwr0q5l9zcgb2qs.png" alt=" " width="611" height="481"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The above architecture diagram may look confusing at first, but don't worry.&lt;/p&gt;

&lt;p&gt;Once we follow the implementation steps below and revisit the diagram, the overall flow and the relationship between the AWS components will become much easier to understand.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 1: Create the VPC
&lt;/h2&gt;

&lt;p&gt;Go to &lt;strong&gt;AWS Console → VPC&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Click on &lt;strong&gt;Create VPC&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjh6rpbiv24bcufoss579.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjh6rpbiv24bcufoss579.png" alt=" " width="800" height="361"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Select &lt;strong&gt;VPC and more&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why?
&lt;/h2&gt;

&lt;p&gt;Because AWS automatically creates:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPC&lt;/li&gt;
&lt;li&gt;Public Subnets&lt;/li&gt;
&lt;li&gt;Private Subnets&lt;/li&gt;
&lt;li&gt;Route Tables&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This saves time and simplifies the setup process.&lt;/p&gt;




&lt;p&gt;Now, give your VPC a name, for example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;For the &lt;strong&gt;IPv4 CIDR Block&lt;/strong&gt;, use:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;10.0.0.0/16
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This provides approximately &lt;strong&gt;65,536 IP addresses&lt;/strong&gt;, which is more than enough for our project.&lt;/p&gt;

&lt;p&gt;For &lt;strong&gt;IPv6 CIDR Block&lt;/strong&gt;, choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;No IPv6 CIDR block
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9ozjlhyn3wjey9qiwqw2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9ozjlhyn3wjey9qiwqw2.png" alt=" " width="799" height="419"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;To keep the project simple.&lt;/p&gt;




&lt;p&gt;Configure the following:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Number of Availability Zones (AZs):&lt;/strong&gt; 2&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Public Subnets:&lt;/strong&gt; 2&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Private Subnets:&lt;/strong&gt; 2&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc7jlyzv3ymhs9y4xlryr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc7jlyzv3ymhs9y4xlryr.png" alt=" " width="462" height="400"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;So the architecture becomes:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AZ-1
├── Public Subnet
└── Private Subnet

AZ-2
├── Public Subnet
└── Private Subnet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Configure NAT Gateway
&lt;/h2&gt;

&lt;p&gt;For &lt;strong&gt;NAT Gateway&lt;/strong&gt;, choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Zonal → 1 per AZ
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7fs5tor22v3rqsfh7vyg.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7fs5tor22v3rqsfh7vyg.png" alt=" " width="463" height="445"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Private EC2 instances need internet access for:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Installing updates&lt;/li&gt;
&lt;li&gt;Downloading software packages&lt;/li&gt;
&lt;li&gt;Accessing public APIs&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;However, we do not want to assign public IP addresses to those instances.&lt;/p&gt;

&lt;p&gt;The &lt;strong&gt;NAT Gateway&lt;/strong&gt; solves this problem by providing outbound internet access while keeping the instances private.&lt;/p&gt;




&lt;h2&gt;
  
  
  Configure VPC Endpoints
&lt;/h2&gt;

&lt;p&gt;For &lt;strong&gt;VPC Endpoints&lt;/strong&gt;, choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;None
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;We are not using VPC Endpoints in this project.&lt;/p&gt;




&lt;p&gt;Finally, click &lt;strong&gt;Create VPC&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Wait for AWS to finish creating all the required resources.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 2: Verify the Resource Map
&lt;/h2&gt;

&lt;p&gt;After the VPC creation is complete, navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;VPC → Your VPC → Select Your VPC → Resource Map
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You should see the following resources:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;✅ VPC&lt;/li&gt;
&lt;li&gt;✅ Internet Gateway&lt;/li&gt;
&lt;li&gt;✅ Public Subnet A&lt;/li&gt;
&lt;li&gt;✅ Public Subnet B&lt;/li&gt;
&lt;li&gt;✅ Private Subnet A&lt;/li&gt;
&lt;li&gt;✅ Private Subnet B&lt;/li&gt;
&lt;li&gt;✅ NAT Gateway A&lt;/li&gt;
&lt;li&gt;✅ NAT Gateway B&lt;/li&gt;
&lt;li&gt;✅ Route Tables&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Understanding What AWS Created
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Public Subnets
&lt;/h3&gt;

&lt;p&gt;Public Subnets are:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Accessible from the internet&lt;/li&gt;
&lt;li&gt;Used for internet-facing resources&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Examples include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Load Balancers&lt;/li&gt;
&lt;li&gt;Bastion Hosts&lt;/li&gt;
&lt;li&gt;NAT Gateways&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Private Subnets
&lt;/h3&gt;

&lt;p&gt;Private Subnets are:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Hidden from the internet&lt;/li&gt;
&lt;li&gt;Used for application servers&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Examples include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;EC2 Instances&lt;/li&gt;
&lt;li&gt;Backend Services&lt;/li&gt;
&lt;li&gt;Databases&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Step 3: Create Launch Template
&lt;/h2&gt;

&lt;p&gt;Before creating the Auto Scaling Group, we first need a &lt;strong&gt;Launch Template&lt;/strong&gt;.&lt;/p&gt;

&lt;h3&gt;
  
  
  Why Do We Need a Launch Template?
&lt;/h3&gt;

&lt;p&gt;Think of a Launch Template as a blueprint for EC2 instances.&lt;/p&gt;

&lt;p&gt;It tells AWS:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Which operating system (AMI) to use&lt;/li&gt;
&lt;li&gt;Which instance type to launch&lt;/li&gt;
&lt;li&gt;Which key pair to use&lt;/li&gt;
&lt;li&gt;Which Security Group to attach&lt;/li&gt;
&lt;li&gt;Which VPC to use&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Later, whenever the Auto Scaling Group needs to create new servers, it simply uses this template.&lt;/p&gt;




&lt;h2&gt;
  
  
  Navigate to Launch Templates
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS Console → EC2 → Launch Templates
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click on &lt;strong&gt;Create Launch Template&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcnwv0bv5o2pemlpw1wl3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcnwv0bv5o2pemlpw1wl3.png" alt=" " width="800" height="348"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Configure the Launch Template
&lt;/h2&gt;

&lt;p&gt;Give your Launch Template a name:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;In the description field, enter:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Launch template for application servers running in private subnets
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Choose an AMI
&lt;/h3&gt;

&lt;p&gt;For the AMI (Operating System), choose:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The &lt;strong&gt;Recently Launched&lt;/strong&gt; option, or&lt;/li&gt;
&lt;li&gt;Any AMI you are comfortable with&lt;/li&gt;
&lt;/ul&gt;




&lt;h3&gt;
  
  
  Choose the Instance Type
&lt;/h3&gt;

&lt;p&gt;Select:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;t3.micro (Free Tier)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h3&gt;
  
  
  Select the Key Pair
&lt;/h3&gt;

&lt;p&gt;Choose your key pair, for example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;test_app.pem
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Configure Network Settings
&lt;/h3&gt;

&lt;p&gt;Under &lt;strong&gt;Firewall (Security Groups)&lt;/strong&gt;, select:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create Security Group
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Security Group Name
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Security Group for private application servers
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h1&gt;
  
  
  Configure Inbound Rules
&lt;/h1&gt;

&lt;h3&gt;
  
  
  Rule 1
&lt;/h3&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Type&lt;/th&gt;
&lt;th&gt;Port&lt;/th&gt;
&lt;th&gt;Source&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;SSH&lt;/td&gt;
&lt;td&gt;22&lt;/td&gt;
&lt;td&gt;My IP&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Initially, we will keep SSH access simple while building the project.&lt;/p&gt;

&lt;p&gt;Later, we will tighten security so that only the &lt;strong&gt;Bastion Host&lt;/strong&gt; can access these servers.&lt;/p&gt;

&lt;h3&gt;
  
  
  Rule 2
&lt;/h3&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Type&lt;/th&gt;
&lt;th&gt;Port&lt;/th&gt;
&lt;th&gt;Source&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Custom TCP&lt;/td&gt;
&lt;td&gt;8000&lt;/td&gt;
&lt;td&gt;Anywhere IPv4&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Our Python application will run on &lt;strong&gt;Port 8000&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Later, once the Load Balancer is configured, we will improve this rule further.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvyf5nxy5wxggct1qj2fi.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvyf5nxy5wxggct1qj2fi.png" alt=" " width="800" height="457"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For now, leave everything else as default.&lt;/p&gt;

&lt;p&gt;Click on &lt;strong&gt;Create Launch Template&lt;/strong&gt;.&lt;/p&gt;




&lt;h3&gt;
  
  
  What Have We Created?
&lt;/h3&gt;

&lt;p&gt;We haven't created EC2 instances yet.&lt;/p&gt;

&lt;p&gt;We have only created a blueprint.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Launch Template
        ↓
Auto Scaling Group
        ↓
EC2 Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Step 4: Creating Auto Scaling Group
&lt;/h2&gt;

&lt;p&gt;Until now, we have only created the blueprint (&lt;strong&gt;Launch Template&lt;/strong&gt;).&lt;/p&gt;

&lt;p&gt;Now we need AWS to actually launch EC2 instances from that blueprint.&lt;/p&gt;

&lt;h3&gt;
  
  
  Why Do We Need Auto Scaling Groups?
&lt;/h3&gt;

&lt;p&gt;Auto Scaling Groups (ASGs) help:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Automatically create EC2 instances&lt;/li&gt;
&lt;li&gt;Replace unhealthy instances&lt;/li&gt;
&lt;li&gt;Scale up during high traffic&lt;/li&gt;
&lt;li&gt;Scale down during low traffic&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Navigate to Auto Scaling Groups
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS Console → EC2 → Auto Scaling Groups
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click on &lt;strong&gt;Create Auto Scaling Group&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foz9wxa2pyinjoe6yn3il.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foz9wxa2pyinjoe6yn3il.png" alt=" " width="800" height="390"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Configure the Auto Scaling Group
&lt;/h2&gt;

&lt;p&gt;Give your Auto Scaling Group a name, for example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Select the Launch Template we created earlier:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click &lt;strong&gt;Next&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  Choose the Network
&lt;/h2&gt;

&lt;p&gt;Select the VPC we created earlier:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Under &lt;strong&gt;Availability Zones and Subnets&lt;/strong&gt;, choose the two private subnets created during VPC creation:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Private Subnet 1a&lt;/li&gt;
&lt;li&gt;Private Subnet 1b&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fibjmpuqb3pp1dm440ad3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fibjmpuqb3pp1dm440ad3.png" alt=" " width="621" height="355"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Why Are We Using Private Subnets?
&lt;/h3&gt;

&lt;p&gt;Application servers should not be directly exposed to the internet.&lt;/p&gt;

&lt;p&gt;This improves security.&lt;/p&gt;

&lt;p&gt;The architecture becomes:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Public Subnets
      ↓
Load Balancer
      ↓
Private EC2 Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click &lt;strong&gt;Next&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Leave the remaining settings as default and click &lt;strong&gt;Next&lt;/strong&gt; again.&lt;/p&gt;




&lt;h2&gt;
  
  
  Configure Group Size
&lt;/h2&gt;

&lt;p&gt;Set the following values:&lt;/p&gt;

&lt;h3&gt;
  
  
  Desired Capacity
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Meaning AWS should maintain &lt;strong&gt;2 EC2 instances&lt;/strong&gt;.&lt;/p&gt;

&lt;h3&gt;
  
  
  Minimum Capacity
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;1
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;At least one instance should always remain running.&lt;/p&gt;

&lt;h3&gt;
  
  
  Maximum Capacity
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;4
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;In the future, AWS can scale up to four servers if required.&lt;/p&gt;

&lt;h3&gt;
  
  
  Scaling Policies
&lt;/h3&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;None
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Skip the remaining sections and keep the default settings.&lt;/p&gt;

&lt;p&gt;Click &lt;strong&gt;Next&lt;/strong&gt; → &lt;strong&gt;Create Auto Scaling Group&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 5: Verify EC2 Instances
&lt;/h2&gt;

&lt;p&gt;Now navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Wait for a few minutes.&lt;/p&gt;

&lt;p&gt;You should see:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Instance 1 → Running
Instance 2 → Running
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh293edayy06zh8mpomqs.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh293edayy06zh8mpomqs.png" alt=" " width="800" height="160"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click on any instance ID and inspect its details.&lt;/p&gt;

&lt;p&gt;If you look carefully, you will notice:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Public IPv4 Address = None
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This is expected.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F88kk1qyn7p193isttaiy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F88kk1qyn7p193isttaiy.png" alt=" " width="800" height="331"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Because:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The instances are inside private subnets.&lt;/li&gt;
&lt;li&gt;Private subnets should not have public IP addresses.&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Current Architecture
&lt;/h1&gt;

&lt;p&gt;At this stage, the architecture looks like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;                VPC
                  │
      ┌───────────┴───────────┐
      │                       │
Availability Zone A   Availability Zone B
      │                       │
Private Subnet A      Private Subnet B
      │                       │
EC2 Instance 1        EC2 Instance 2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Step 6: Create Bastion Host
&lt;/h1&gt;

&lt;h2&gt;
  
  
  Why Do We Need a Bastion Host?
&lt;/h2&gt;

&lt;p&gt;Imagine your company has hundreds of servers running inside private subnets.&lt;/p&gt;

&lt;p&gt;Giving public IP addresses to all servers would be dangerous.&lt;/p&gt;

&lt;p&gt;Instead, we create one secure entry point called a &lt;strong&gt;Bastion Host&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;The architecture becomes:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Developer Laptop
        ↓
Bastion Host (Public Subnet)
        ↓
Private EC2 Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Create Bastion Host
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS Console → EC2 → Launch Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Give your instance a name:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;bastion-host
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  AMI
&lt;/h3&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Ubuntu Server
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Instance Type
&lt;/h3&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;t3.micro (Free Tier)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Key Pair
&lt;/h3&gt;

&lt;p&gt;Select the same key pair used earlier:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;test_app.pem
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Configure Network Settings
&lt;/h1&gt;

&lt;p&gt;Click &lt;strong&gt;Edit&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Select the VPC:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  IMPORTANT: Choose a Public Subnet
&lt;/h3&gt;

&lt;p&gt;Select either:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Public Subnet A, or&lt;/li&gt;
&lt;li&gt;Public Subnet B&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Because the Bastion Host must be reachable from your laptop.&lt;/p&gt;




&lt;h2&gt;
  
  
  Auto Assign Public IP
&lt;/h2&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Enable
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Without a public IP address, you won't be able to SSH into the Bastion Host.&lt;/p&gt;




&lt;h1&gt;
  
  
  Configure Security Group
&lt;/h1&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create Security Group
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Security Group Name:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;bastion-sg
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Configure Inbound Rules
&lt;/h1&gt;

&lt;p&gt;Instead of:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;❌ Anywhere (0.0.0.0/0)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;✅ My IP
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Type&lt;/th&gt;
&lt;th&gt;Port&lt;/th&gt;
&lt;th&gt;Source&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;SSH&lt;/td&gt;
&lt;td&gt;22&lt;/td&gt;
&lt;td&gt;My IP&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;This is much safer.&lt;/p&gt;

&lt;p&gt;Only your laptop can access the Bastion Host.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq5dsiacfsz4ewjff2a00.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq5dsiacfsz4ewjff2a00.png" alt=" " width="799" height="350"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 7: Verify Bastion Host
&lt;/h2&gt;

&lt;p&gt;After the instance starts, navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Verify that:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The instance state is &lt;strong&gt;Running&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;A &lt;strong&gt;Public IPv4 Address&lt;/strong&gt; is present&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Current architecture:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;                Internet
                     │
                     ▼
               Bastion Host
                     │
      ┌──────────────┴──────────────┐
      │                             │
 Private EC2-1                Private EC2-2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Bastion Host Status
&lt;/h1&gt;

&lt;ul&gt;
&lt;li&gt;✅ Running&lt;/li&gt;
&lt;li&gt;✅ Has Public IP&lt;/li&gt;
&lt;li&gt;✅ Security Group allows SSH from My IP&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Step 8: Improve Security Group Configuration (Production Best Practice)
&lt;/h2&gt;

&lt;p&gt;Right now, when we created the Launch Template earlier, we allowed:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;SSH (22) → My IP
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;for the private EC2 instances.&lt;/p&gt;

&lt;p&gt;Although this works, it is not ideal because application servers should only accept SSH connections from the Bastion Host.&lt;/p&gt;

&lt;h1&gt;
  
  
  Current Situation
&lt;/h1&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Laptop
   ↓
Private EC2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h1&gt;
  
  
  Better Architecture
&lt;/h1&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Laptop
   ↓
Bastion Host
   ↓
Private EC2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Step 8.1: Find the Security Group Attached to Private EC2
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open one of your private instances.&lt;/p&gt;

&lt;p&gt;Go to the &lt;strong&gt;Security&lt;/strong&gt; tab.&lt;/p&gt;

&lt;p&gt;Click on the attached &lt;strong&gt;Security Group&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 8.2: Remove SSH Access from "My IP"
&lt;/h2&gt;

&lt;p&gt;Inside the Security Group:&lt;/p&gt;

&lt;p&gt;Click &lt;strong&gt;Edit Inbound Rules&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;It should currently have:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Type&lt;/th&gt;
&lt;th&gt;Port&lt;/th&gt;
&lt;th&gt;Source&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;SSH&lt;/td&gt;
&lt;td&gt;22&lt;/td&gt;
&lt;td&gt;My IP&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Custom TCP&lt;/td&gt;
&lt;td&gt;8000&lt;/td&gt;
&lt;td&gt;Anywhere&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Delete the &lt;strong&gt;SSH&lt;/strong&gt; rule.&lt;/p&gt;

&lt;p&gt;Keep &lt;strong&gt;Port 8000&lt;/strong&gt; for now.&lt;/p&gt;

&lt;p&gt;Click &lt;strong&gt;Save Rules&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 8.3: Allow SSH Only from Bastion Host
&lt;/h2&gt;

&lt;p&gt;Click &lt;strong&gt;Add Rule&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Configure:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Type:&lt;/strong&gt; SSH&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Port:&lt;/strong&gt; 22&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Source:&lt;/strong&gt; Custom&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In the search bar next to &lt;strong&gt;Source&lt;/strong&gt;, select:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;bastion-sg
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This is the Security Group attached to the Bastion Host.&lt;/p&gt;

&lt;p&gt;Click &lt;strong&gt;Save Rules&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flrksol6o50j8tmpz1vis.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flrksol6o50j8tmpz1vis.png" alt=" " width="800" height="194"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  What We Achieved
&lt;/h2&gt;

&lt;p&gt;Instead of:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;My Laptop
      ↓
Private EC2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;we now have:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;My Laptop
      ↓
Bastion Host
      ↓
Private EC2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Only the &lt;strong&gt;Bastion Host&lt;/strong&gt; can SSH into the private servers.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 9: Connect to Bastion Host
&lt;/h2&gt;

&lt;p&gt;Copy the &lt;strong&gt;Bastion Host Public IP Address&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;On your local machine, run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;ssh &lt;span class="nt"&gt;-i&lt;/span&gt; test_app.pem ubuntu@&amp;lt;BASTION_PUBLIC_IP&amp;gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Connection Issue Encountered
&lt;/h3&gt;

&lt;p&gt;When running the above command, I received the following error:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;ssh: connect to host &amp;lt;PUBLIC_IP&amp;gt; port 22: Connection timed out
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;To verify whether the issue was related to the Security Group, I temporarily modified the inbound rule:&lt;/p&gt;

&lt;p&gt;From:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Source: My IP
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;To:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Anywhere IPv4 (0.0.0.0/0)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;After saving the rule, I was able to successfully SSH into the Bastion Host.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Allowing SSH from Anywhere IPv4 was done only for troubleshooting purposes. In production environments, it is recommended to restrict SSH access to trusted IP addresses.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  Step 10: Enable SSH Agent Forwarding (Best Practice)
&lt;/h2&gt;

&lt;p&gt;Instead of copying the &lt;code&gt;.pem&lt;/code&gt; file into the Bastion Host, we'll use &lt;strong&gt;SSH Agent Forwarding&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  1. Start SSH Agent
&lt;/h2&gt;

&lt;p&gt;On your local machine, run:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg0xw4svntaspc0tfev7t.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg0xw4svntaspc0tfev7t.png" alt=" " width="372" height="116"&gt;&lt;/a&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;eval&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;ssh-agent &lt;span class="nt"&gt;-s&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  What Does This Do?
&lt;/h3&gt;

&lt;p&gt;It starts a background process called &lt;strong&gt;SSH Agent&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Think of SSH Agent as a temporary secure locker that can hold your SSH keys.&lt;/p&gt;

&lt;p&gt;After running:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;eval&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;ssh-agent &lt;span class="nt"&gt;-s&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You should see output similar to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Agent pid 12345
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  2. Add the Private Key
&lt;/h2&gt;

&lt;p&gt;Run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;ssh-add test_app.pem
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  What Does This Do?
&lt;/h3&gt;

&lt;p&gt;This command loads your &lt;code&gt;.pem&lt;/code&gt; file into the SSH Agent.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F50s3hjnp53u5bkqr930p.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F50s3hjnp53u5bkqr930p.png" alt=" " width="350" height="68"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Now the SSH Agent can use this key whenever authentication is required.&lt;/p&gt;




&lt;h2&gt;
  
  
  3. Verify Loaded Keys
&lt;/h2&gt;

&lt;p&gt;Run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;ssh-add &lt;span class="nt"&gt;-l&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  What Does This Do?
&lt;/h3&gt;

&lt;p&gt;This command displays the keys currently loaded inside the SSH Agent.&lt;/p&gt;

&lt;p&gt;Example output:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1e3t48show87kw2x5pq9.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1e3t48show87kw2x5pq9.png" alt=" " width="535" height="82"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 11: Connect to Bastion Using Agent Forwarding
&lt;/h2&gt;

&lt;p&gt;From your laptop, run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;ssh &lt;span class="nt"&gt;-A&lt;/span&gt; &lt;span class="nt"&gt;-i&lt;/span&gt; test_app.pem ubuntu@&amp;lt;BASTION_PUBLIC_IP&amp;gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Notice the important option:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;-A
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fws5dlx7cddwq0smc1n4n.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fws5dlx7cddwq0smc1n4n.png" alt=" " width="546" height="423"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Why Are We Using &lt;code&gt;-A&lt;/code&gt;?
&lt;/h3&gt;

&lt;p&gt;The &lt;code&gt;-A&lt;/code&gt; option enables &lt;strong&gt;SSH Agent Forwarding&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;This securely forwards your local SSH key to the Bastion Host without copying the &lt;code&gt;.pem&lt;/code&gt; file to the server.&lt;/p&gt;

&lt;p&gt;This is considered a best practice because:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The private key never leaves your laptop.&lt;/li&gt;
&lt;li&gt;No sensitive files are stored on the Bastion Host.&lt;/li&gt;
&lt;li&gt;Access to private EC2 instances becomes more secure.&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Step 12: Find the Private IP of One Application Server
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Choose one of the private EC2 instances.&lt;/p&gt;

&lt;p&gt;Copy its:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Private IPv4 Address
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;10.0.131.24
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Step 13: SSH From Bastion Host to Private EC2
&lt;/h2&gt;

&lt;p&gt;From inside the Bastion Host, run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;ssh ubuntu@10.0.x.x
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Replace &lt;code&gt;10.0.x.x&lt;/code&gt; with the private IP address of your EC2 instance.&lt;/p&gt;

&lt;p&gt;The connection should now be successful, and you will be inside the private server.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fczo0o755jdyyh1y8kabu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fczo0o755jdyyh1y8kabu.png" alt=" " width="655" height="570"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Current Architecture
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Laptop
   ↓
SSH Agent Forwarding
   ↓
Bastion Host
   ↓
Private EC2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Step 14: Prepare the Private EC2 Instance
&lt;/h2&gt;

&lt;p&gt;At this point, you should be logged into the private EC2 instance.&lt;/p&gt;

&lt;p&gt;Verify this by running:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;hostname&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnclq7t787ta4mbv4hx4n.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnclq7t787ta4mbv4hx4n.png" alt=" " width="248" height="54"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Update Package Information
&lt;/h2&gt;

&lt;p&gt;Run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;sudo &lt;/span&gt;apt update
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;This updates the package repository information.&lt;/p&gt;

&lt;p&gt;It also verifies that the following path is working correctly:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Private EC2
      ↓
NAT Gateway
      ↓
Internet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If the update completes successfully, your &lt;strong&gt;NAT Gateway&lt;/strong&gt; is functioning correctly.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 15: Verify Python Installation
&lt;/h2&gt;

&lt;p&gt;Check the installed Python version:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;python3 &lt;span class="nt"&gt;--version&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Expected output:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Python 3.x.x
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbj17ik6340qs6dv7fo17.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbj17ik6340qs6dv7fo17.png" alt=" " width="337" height="52"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If Python is not installed, run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;sudo &lt;/span&gt;apt &lt;span class="nb"&gt;install &lt;/span&gt;python3 &lt;span class="nt"&gt;-y&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Step 16: Create a Simple HTML Page
&lt;/h2&gt;

&lt;p&gt;Create a new file:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;vim index.html
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Press:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;i
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;to enter &lt;strong&gt;Insert Mode&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Paste the following HTML:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight html"&gt;&lt;code&gt;&lt;span class="cp"&gt;&amp;lt;!DOCTYPE html&amp;gt;&lt;/span&gt;
&lt;span class="nt"&gt;&amp;lt;html&amp;gt;&lt;/span&gt;
&lt;span class="nt"&gt;&amp;lt;head&amp;gt;&lt;/span&gt;
    &lt;span class="nt"&gt;&amp;lt;title&amp;gt;&lt;/span&gt;AWS Production Project&lt;span class="nt"&gt;&amp;lt;/title&amp;gt;&lt;/span&gt;
&lt;span class="nt"&gt;&amp;lt;/head&amp;gt;&lt;/span&gt;
&lt;span class="nt"&gt;&amp;lt;body&amp;gt;&lt;/span&gt;
    &lt;span class="nt"&gt;&amp;lt;h1&amp;gt;&lt;/span&gt;AWS VPC Production Project&lt;span class="nt"&gt;&amp;lt;/h1&amp;gt;&lt;/span&gt;
    &lt;span class="nt"&gt;&amp;lt;p&amp;gt;&lt;/span&gt;Application running successfully inside Private Subnet.&lt;span class="nt"&gt;&amp;lt;/p&amp;gt;&lt;/span&gt;
&lt;span class="nt"&gt;&amp;lt;/body&amp;gt;&lt;/span&gt;
&lt;span class="nt"&gt;&amp;lt;/html&amp;gt;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Save the file:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;ESC
:wq!
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Step 17: Start Python Web Server
&lt;/h1&gt;

&lt;p&gt;Run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;python3 &lt;span class="nt"&gt;-m&lt;/span&gt; http.server 8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Expected output:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmn0073cpw176tu1jpa20.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmn0073cpw176tu1jpa20.png" alt=" " width="475" height="69"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Leave this terminal running.&lt;/p&gt;

&lt;p&gt;The web server is now serving the application on &lt;strong&gt;Port 8000&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 18: Verify Security Group for Application
&lt;/h2&gt;

&lt;p&gt;Before creating the Load Balancer, verify the Security Group attached to your application servers.&lt;/p&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Security Groups
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open the private EC2 Security Group created earlier.&lt;/p&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Verify that the following inbound rules exist:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Type&lt;/th&gt;
&lt;th&gt;Port&lt;/th&gt;
&lt;th&gt;Source&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;SSH&lt;/td&gt;
&lt;td&gt;22&lt;/td&gt;
&lt;td&gt;bastion-sg&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Custom TCP&lt;/td&gt;
&lt;td&gt;8000&lt;/td&gt;
&lt;td&gt;Anywhere IPv4&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;If Port &lt;strong&gt;8000&lt;/strong&gt; is missing, add it click &lt;strong&gt;Save Rules&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  Why Are We Allowing Port 8000?
&lt;/h2&gt;

&lt;p&gt;Because later the traffic flow will be:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Load Balancer
      ↓
Port 8000
      ↓
Application Server
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The Load Balancer must be able to reach the application.&lt;/p&gt;

&lt;p&gt;We'll improve this later by allowing access only from the &lt;strong&gt;Load Balancer Security Group&lt;/strong&gt;.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 19: Verify the Application Is Running
&lt;/h2&gt;

&lt;p&gt;On the private EC2 instance, open another SSH session if needed and run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;curl localhost:8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Expected output:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight html"&gt;&lt;code&gt;&lt;span class="cp"&gt;&amp;lt;!DOCTYPE html&amp;gt;&lt;/span&gt;
&lt;span class="nt"&gt;&amp;lt;html&amp;gt;&lt;/span&gt;
...
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If you see the HTML page, your application is running successfully.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 20: Create a Target Group
&lt;/h2&gt;

&lt;h2&gt;
  
  
  What is a Target Group?
&lt;/h2&gt;

&lt;p&gt;Before creating a Load Balancer, AWS needs to know:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"Which servers should receive the traffic?"&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;A Target Group is simply a collection of backend servers.&lt;/p&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Load Balancer
      ↓
Target Group
      ↓
├── EC2 Instance 1
└── EC2 Instance 2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Navigate to Target Groups
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Target Groups
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create Target Group
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Basic Configuration
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Target Type
&lt;/h3&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Because we want traffic to be routed directly to EC2 instances.&lt;/p&gt;

&lt;h3&gt;
  
  
  Target Group Name
&lt;/h3&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Protocol
&lt;/h3&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;HTTP
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Port
&lt;/h3&gt;

&lt;p&gt;Enter:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Our Python application is listening on:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;python3 &lt;span class="nt"&gt;-m&lt;/span&gt; http.server 8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  VPC
&lt;/h3&gt;

&lt;p&gt;Select:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Health Check Protocol
&lt;/h2&gt;

&lt;p&gt;Keep:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;HTTP
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Health Check Path
&lt;/h2&gt;

&lt;p&gt;Keep:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;/
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This means AWS will periodically check:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://instance-ip:8000/
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;to verify that the application is healthy.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwaqhm9hkwwrr52x4wwxt.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwaqhm9hkwwrr52x4wwxt.png" alt=" " width="800" height="382"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click &lt;strong&gt;Next&lt;/strong&gt;.&lt;/p&gt;




&lt;h1&gt;
  
  
  Register Targets
&lt;/h1&gt;

&lt;p&gt;You should see your Auto Scaling instances.&lt;/p&gt;

&lt;p&gt;Select:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Instance 1&lt;/li&gt;
&lt;li&gt;Instance 2&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Include as Pending Below
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create Target Group
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Step 21: Create Application Load Balancer
&lt;/h2&gt;

&lt;p&gt;Now let's create the public entry point for users.&lt;/p&gt;




&lt;h1&gt;
  
  
  Navigate to Load Balancers
&lt;/h1&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Load Balancers
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create Load Balancer
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Application Load Balancer
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Configure the Load Balancer
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Name
&lt;/h3&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Scheme
&lt;/h3&gt;

&lt;p&gt;Select:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet-facing
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Users will access the application from the internet.&lt;/p&gt;

&lt;h3&gt;
  
  
  IP Address Type
&lt;/h3&gt;

&lt;p&gt;Choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;IPv4
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Network Mapping
&lt;/h3&gt;

&lt;p&gt;Select the VPC created earlier:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Availability Zones
&lt;/h3&gt;

&lt;p&gt;Choose:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Public Subnet A&lt;/li&gt;
&lt;li&gt;Public Subnet B&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvotokcp7ktt9ka41oc7z.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvotokcp7ktt9ka41oc7z.png" alt=" " width="800" height="323"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Load Balancers must be deployed inside public subnets.&lt;/p&gt;




&lt;h3&gt;
  
  
  Security Group
&lt;/h3&gt;

&lt;p&gt;For now, choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;default
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This is the cleaner option.&lt;/p&gt;




&lt;h1&gt;
  
  
  Listener and Routing
&lt;/h1&gt;

&lt;h3&gt;
  
  
  Listener
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;HTTP
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Port
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;80
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Default Action
&lt;/h3&gt;

&lt;p&gt;Select:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Forward to Target Groups
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Choose the Target Group created earlier:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdxtnqbvq25us6u5hhpyx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdxtnqbvq25us6u5hhpyx.png" alt=" " width="800" height="393"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create Load Balancer
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Wait a few minutes for AWS to provision the Load Balancer.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 22: Check Target Health
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Target Groups
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Targets
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Verify that your targets are healthy.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 23: Access the Application
&lt;/h2&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Load Balancers
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open your Application Load Balancer.&lt;/p&gt;

&lt;p&gt;Copy the:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;DNS Name
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;aws-prod-proj-123456.ap-south-1.elb.amazonaws.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fahxolq1nwfmelx1xdtg1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fahxolq1nwfmelx1xdtg1.png" alt=" " width="800" height="325"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Copy the URL and Open it in your browser.&lt;/p&gt;




&lt;h1&gt;
  
  
  Troubleshooting
&lt;/h1&gt;

&lt;p&gt;When I initially tried to access the application, the page was not loading.&lt;/p&gt;

&lt;p&gt;To troubleshoot the issue, I verified the following.&lt;/p&gt;

&lt;h3&gt;
  
  
  1. Private EC2 Security Group
&lt;/h3&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Instances → Private Instance → Security
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open the attached Security Group.&lt;/p&gt;

&lt;p&gt;Verify the rules:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Type&lt;/th&gt;
&lt;th&gt;Port&lt;/th&gt;
&lt;th&gt;Source&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;SSH&lt;/td&gt;
&lt;td&gt;22&lt;/td&gt;
&lt;td&gt;bastion-sg&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Custom TCP&lt;/td&gt;
&lt;td&gt;8000&lt;/td&gt;
&lt;td&gt;Anywhere IPv4&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;




&lt;h3&gt;
  
  
  2. Load Balancer Security Group
&lt;/h3&gt;

&lt;p&gt;Go to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Load Balancers → Select the Load Balancer
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Under &lt;strong&gt;Security&lt;/strong&gt;, open the attached Security Group.&lt;/p&gt;

&lt;p&gt;My rules were incorrect, so I updated them to:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Type&lt;/th&gt;
&lt;th&gt;Port&lt;/th&gt;
&lt;th&gt;Source&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;HTTP&lt;/td&gt;
&lt;td&gt;80&lt;/td&gt;
&lt;td&gt;0.0.0.0/0&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;After saving the changes, the application loaded successfully.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk4l30fo2z4h65bkchspu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk4l30fo2z4h65bkchspu.png" alt=" " width="800" height="404"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h1&gt;
  
  
  Conclusion
&lt;/h1&gt;

&lt;p&gt;In this project, we built a production-style AWS VPC architecture from scratch and understood how different AWS networking components work together.&lt;/p&gt;

&lt;p&gt;We implemented:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Custom VPC&lt;/li&gt;
&lt;li&gt;Public and Private Subnets across two Availability Zones&lt;/li&gt;
&lt;li&gt;Internet Gateway and Route Tables&lt;/li&gt;
&lt;li&gt;NAT Gateways for secure outbound internet access&lt;/li&gt;
&lt;li&gt;Auto Scaling Group with EC2 instances in private subnets&lt;/li&gt;
&lt;li&gt;Bastion Host for secure administration&lt;/li&gt;
&lt;li&gt;Application Load Balancer and Target Group&lt;/li&gt;
&lt;li&gt;A sample Python web application running inside private EC2 instances&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;One of the most important learnings from this project was understanding how traffic flows inside a production environment:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
    ↓
Application Load Balancer
    ↓
Private EC2 Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;and how administrators securely access private servers using:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Developer Laptop
    ↓
Bastion Host
    ↓
Private EC2 Instances
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This project helped me understand how real-world applications are deployed securely and with high availability across multiple Availability Zones.&lt;/p&gt;

&lt;p&gt;Let's meet in the next article with a new AWS service 🚀👋&lt;/p&gt;

</description>
      <category>aws</category>
      <category>cloud</category>
      <category>beginners</category>
      <category>awsvpc</category>
    </item>
    <item>
      <title>Understanding DNS and AWS Route 53 for Beginners</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Tue, 09 Jun 2026 07:16:43 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/understanding-dns-and-aws-route-53-for-beginners-3931</link>
      <guid>https://dev.to/kadhamvj23/understanding-dns-and-aws-route-53-for-beginners-3931</guid>
      <description>&lt;p&gt;In the previous articles, we learned about:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPC&lt;/li&gt;
&lt;li&gt;Subnets&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;li&gt;Route Tables&lt;/li&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;Network ACLs (NACLs)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These components help us build and secure our AWS infrastructure.&lt;/p&gt;

&lt;p&gt;But there is still one question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;How do users actually find our application?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;For example, when users open:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.amazon.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;how does the browser know where the website is running?&lt;/p&gt;

&lt;p&gt;This is where &lt;strong&gt;DNS&lt;/strong&gt; and &lt;strong&gt;AWS Route 53&lt;/strong&gt; come into the picture.&lt;/p&gt;

&lt;p&gt;In this article, we will understand:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What DNS is&lt;/li&gt;
&lt;li&gt;Why DNS is needed&lt;/li&gt;
&lt;li&gt;What AWS Route 53 is&lt;/li&gt;
&lt;li&gt;How Route 53 works&lt;/li&gt;
&lt;li&gt;Real-world examples&lt;/li&gt;
&lt;li&gt;AWS examples&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Let's get started.&lt;/p&gt;




&lt;h1&gt;
  
  
  Why Do We Need DNS?
&lt;/h1&gt;

&lt;p&gt;Imagine you want to call your friend.&lt;/p&gt;

&lt;p&gt;Would you remember:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;9876543210
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;for every person in your contacts?&lt;/p&gt;

&lt;p&gt;Probably not.&lt;/p&gt;

&lt;p&gt;Instead, you save names like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Mom&lt;/li&gt;
&lt;li&gt;Dad&lt;/li&gt;
&lt;li&gt;Friend&lt;/li&gt;
&lt;li&gt;Office&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Your phone automatically maps the name to the phone number.&lt;/p&gt;

&lt;p&gt;DNS works exactly the same way.&lt;/p&gt;

&lt;p&gt;Instead of remembering IP addresses like:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;54.210.100.25
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;we simply remember:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.google.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;DNS converts:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Domain Name → IP Address
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This makes websites easier for humans to use.&lt;/p&gt;




&lt;h1&gt;
  
  
  What is DNS?
&lt;/h1&gt;

&lt;p&gt;DNS stands for:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Domain Name System&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;DNS is like the phonebook of the internet.&lt;/p&gt;

&lt;p&gt;Its job is to convert:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.amazon.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;into something computers understand:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;54.xx.xx.xx
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Without DNS, we would have to remember IP addresses for every website.&lt;/p&gt;




&lt;h1&gt;
  
  
  Real-Life Example
&lt;/h1&gt;

&lt;p&gt;Think of a restaurant.&lt;/p&gt;

&lt;p&gt;People usually say:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;McDonald's
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;instead of saying:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Building Number 25
Street Number 10
City XYZ
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The restaurant name is easier to remember.&lt;/p&gt;

&lt;p&gt;Similarly:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.youtube.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;is easier to remember than:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;142.250.182.206
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  How DNS Works
&lt;/h1&gt;

&lt;p&gt;Suppose a user opens:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.shopworld.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The process looks like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;User
   ↓
DNS Lookup
   ↓
IP Address Found
   ↓
Application Server
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;DNS finds the IP address associated with the domain name and sends the user to the correct server.&lt;/p&gt;




&lt;h1&gt;
  
  
  What is AWS Route 53?
&lt;/h1&gt;

&lt;p&gt;AWS Route 53 is Amazon's managed DNS service.&lt;/p&gt;

&lt;p&gt;It helps:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Convert domain names into IP addresses&lt;/li&gt;
&lt;li&gt;Route users to AWS resources&lt;/li&gt;
&lt;li&gt;Improve application availability&lt;/li&gt;
&lt;li&gt;Register domain names&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Simply put:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Route 53 is AWS's DNS service.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h1&gt;
  
  
  Why is it Called Route 53?
&lt;/h1&gt;

&lt;p&gt;DNS communication uses:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Port 53
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That is why AWS named the service:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Route 53&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h1&gt;
  
  
  How Route 53 Works
&lt;/h1&gt;

&lt;p&gt;Suppose you have a website:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.shopworld.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Your application is running behind a Load Balancer.&lt;/p&gt;

&lt;p&gt;When a user enters the domain name, Route 53 finds the correct destination.&lt;/p&gt;

&lt;p&gt;Flow:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;User
   ↓
www.shopworld.com
   ↓
Route 53
   ↓
Load Balancer
   ↓
Application Server
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Route 53 does not host your application.&lt;/p&gt;

&lt;p&gt;Its job is only to direct users to the correct resource.&lt;/p&gt;




&lt;h1&gt;
  
  
  AWS Example
&lt;/h1&gt;

&lt;p&gt;Suppose your architecture looks like this.&lt;/p&gt;

&lt;h2&gt;
  
  
  Public Subnet
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Load Balancer&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Private Subnet
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Application Server&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Users do not know the IP address of your Load Balancer.&lt;/p&gt;

&lt;p&gt;Instead, they simply visit:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.shopworld.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Route 53 translates the domain name and forwards users to the Load Balancer.&lt;/p&gt;

&lt;p&gt;The Load Balancer then sends requests to the application server.&lt;/p&gt;




&lt;h1&gt;
  
  
  Real-World Example
&lt;/h1&gt;

&lt;p&gt;Imagine an e-commerce company.&lt;/p&gt;

&lt;p&gt;Without DNS:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://44.210.150.20
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Customers would need to remember the IP address.&lt;/p&gt;

&lt;p&gt;With DNS:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.shopworld.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Customers can easily remember and access the website.&lt;/p&gt;

&lt;p&gt;DNS makes the internet user-friendly.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F933f8g0p6ge5ozcb4pgc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F933f8g0p6ge5ozcb4pgc.png" alt=" " width="739" height="434"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h1&gt;
  
  
  Benefits of Route 53
&lt;/h1&gt;

&lt;p&gt;Route 53 provides:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;High Availability&lt;/li&gt;
&lt;li&gt;Scalability&lt;/li&gt;
&lt;li&gt;Managed DNS Service&lt;/li&gt;
&lt;li&gt;Domain Registration&lt;/li&gt;
&lt;li&gt;Health Checks&lt;/li&gt;
&lt;li&gt;Traffic Routing Capabilities&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Because AWS manages Route 53, we do not need to maintain DNS servers ourselves.&lt;/p&gt;




&lt;h1&gt;
  
  
  Summary
&lt;/h1&gt;

&lt;p&gt;DNS converts:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Domain Name → IP Address
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;AWS Route 53 is Amazon's managed DNS service that helps users access applications using easy-to-remember domain names.&lt;/p&gt;




&lt;h1&gt;
  
  
  Conclusion
&lt;/h1&gt;

&lt;p&gt;DNS is one of the fundamental building blocks of the internet.&lt;/p&gt;

&lt;p&gt;Without DNS, users would have to remember IP addresses for every website.&lt;/p&gt;

&lt;p&gt;AWS Route 53 simplifies this process by providing a highly available and scalable DNS service.&lt;/p&gt;

&lt;p&gt;Understanding DNS and Route 53 is an important AWS networking concept and is commonly used in real-world cloud architectures.&lt;/p&gt;







&lt;h1&gt;
  
  
  Additional Resources
&lt;/h1&gt;

&lt;p&gt;If you want to explore Route 53 in more detail, refer to the official AWS documentation:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://docs.aws.amazon.com/route53/" rel="noopener noreferrer"&gt;AWS Route 53 Documentation&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html" rel="noopener noreferrer"&gt;What is Amazon Route 53?&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html" rel="noopener noreferrer"&gt;Getting Started with Amazon Route 53&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;




&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; This article covers Route 53 fundamentals for beginners. The official AWS documentation provides deeper explanations and advanced features.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;h1&gt;
  
  
  What's Next?
&lt;/h1&gt;

&lt;p&gt;In the next article, we will build a complete AWS VPC Project that can be added to your resume.&lt;/p&gt;

&lt;p&gt;This project is inspired by concepts learned from Abhishek Veeramalla's AWS learning series. I will be implementing the project step by step while explaining the concepts in my own words.&lt;/p&gt;

&lt;p&gt;We will create:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Custom VPC&lt;/li&gt;
&lt;li&gt;Public and Private Subnets&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;li&gt;Route Tables&lt;/li&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;EC2 Instances&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;and understand how these components work together in a real-world architecture.&lt;/p&gt;

&lt;p&gt;🚀 See you in the next article.&lt;/p&gt;

</description>
      <category>aws</category>
      <category>beginners</category>
      <category>awsroute53</category>
    </item>
    <item>
      <title>Hands-On: Understanding Security Groups and NACLs in AWS</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Sun, 07 Jun 2026 11:38:30 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/hands-on-understanding-security-groups-and-nacls-in-aws-5fe</link>
      <guid>https://dev.to/kadhamvj23/hands-on-understanding-security-groups-and-nacls-in-aws-5fe</guid>
      <description>&lt;p&gt;In the previous article, we learned the theory behind:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;Network Access Control Lists (NACLs)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Now it is time to see them in action.&lt;/p&gt;

&lt;p&gt;In this hands-on lab, we will:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create a VPC&lt;/li&gt;
&lt;li&gt;Launch an EC2 instance&lt;/li&gt;
&lt;li&gt;Run a simple Python web server&lt;/li&gt;
&lt;li&gt;Allow traffic using Security Groups&lt;/li&gt;
&lt;li&gt;Block traffic using NACLs&lt;/li&gt;
&lt;li&gt;Understand how both security layers work together&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;By the end of this lab, you will clearly understand the difference between Security Groups and NACLs.&lt;/p&gt;

&lt;p&gt;Let's dive into the hands-on.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 1: Create a VPC
&lt;/h2&gt;

&lt;p&gt;Login to the AWS Console using your credentials.&lt;/p&gt;

&lt;p&gt;Search for:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;VPC
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpsxy0aux98upbpc50pqe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpsxy0aux98upbpc50pqe.png" alt=" " width="800" height="361"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create VPC
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Select:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;VPC and More
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This automatically creates:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPC&lt;/li&gt;
&lt;li&gt;Public Subnet&lt;/li&gt;
&lt;li&gt;Private Subnet&lt;/li&gt;
&lt;li&gt;Route Tables&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Give your VPC a name:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;vpc-test
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;For the IPv4 CIDR block, choose the IP range you want.&lt;/p&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;10.0.0.0/16
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click &lt;strong&gt;Create VPC&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjb00eabcxsk1i8kyk458.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjb00eabcxsk1i8kyk458.png" alt=" " width="800" height="341"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After creating the VPC, click &lt;strong&gt;View VPC&lt;/strong&gt; and open the &lt;strong&gt;Resource Map&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F328q5zkkqji9jz31hdr0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F328q5zkkqji9jz31hdr0.png" alt=" " width="800" height="239"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This helps you understand how all networking components are connected.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 2: Launch an EC2 Instance
&lt;/h2&gt;

&lt;p&gt;Navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Instances → Launch Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Provide:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;EC2 Instance Name&lt;/li&gt;
&lt;li&gt;Operating System&lt;/li&gt;
&lt;li&gt;Key Pair&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Under &lt;strong&gt;Network Settings&lt;/strong&gt;:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Select the VPC you created: &lt;code&gt;vpc-test&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Select the &lt;strong&gt;Public Subnet&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; In production environments, applications should preferably use private subnets. However, for learning purposes, we will use a public subnet.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Enable:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Auto Assign Public IP
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Under &lt;strong&gt;Firewall (Security Groups)&lt;/strong&gt; choose:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Create New Security Group
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click &lt;strong&gt;Launch Instance&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqo391ig0kxksx90gg31e.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqo391ig0kxksx90gg31e.png" alt=" " width="704" height="410"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 3: Connect to the EC2 Instance
&lt;/h2&gt;

&lt;p&gt;Copy the Public IP address of the instance.&lt;/p&gt;

&lt;p&gt;Open Terminal and connect using SSH.&lt;/p&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;ssh &lt;span class="nt"&gt;-i&lt;/span&gt; test_app.pem ubuntu@&amp;lt;PUBLIC_IP&amp;gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Replace:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;&amp;lt;PUBLIC_IP&amp;gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;with your EC2 Public IP.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 4: Update Packages
&lt;/h2&gt;

&lt;p&gt;Whenever you launch a Linux server, updating packages is considered a good practice.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftu1bjsvtcpqv4zubixqj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftu1bjsvtcpqv4zubixqj.png" alt=" " width="287" height="30"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;sudo &lt;/span&gt;apt update
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Step 5: Verify Python Installation
&lt;/h2&gt;

&lt;p&gt;Check whether Python is installed.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9w0pirfeedppjyjx6q16.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9w0pirfeedppjyjx6q16.png" alt=" " width="514" height="52"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;python3
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Step 6: Start a Simple Python Web Server
&lt;/h2&gt;

&lt;p&gt;Python provides a built-in HTTP server.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d1gctk70ssp8qqhuet6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d1gctk70ssp8qqhuet6.png" alt=" " width="436" height="50"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Run:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;python3 &lt;span class="nt"&gt;-m&lt;/span&gt; http.server 8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Your application is now running on:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Port 8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Step 7: Try Accessing the Application
&lt;/h2&gt;

&lt;p&gt;Open your browser and type:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://&amp;lt;PUBLIC_IP&amp;gt;:8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://54.xx.xx.xx:8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You will notice that the application does &lt;strong&gt;not&lt;/strong&gt; open.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why?
&lt;/h2&gt;

&lt;p&gt;Let's investigate what is blocking the application.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 8: Check the NACL
&lt;/h2&gt;

&lt;p&gt;Navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS Console → VPC → Network ACLs
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open the NACL associated with your subnet.&lt;/p&gt;

&lt;p&gt;Check the &lt;strong&gt;Inbound Rules&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Here you will notice something interesting.&lt;/p&gt;

&lt;p&gt;AWS already allows traffic through the NACL.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsy341b8mdn24u0trj9mo.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsy341b8mdn24u0trj9mo.png" alt=" " width="800" height="340"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Rule 100 → Allow All Traffic
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This means the NACL is &lt;strong&gt;not&lt;/strong&gt; blocking us.&lt;/p&gt;

&lt;p&gt;So why can't we access the application?&lt;/p&gt;

&lt;p&gt;Because there is another security layer:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Security Group&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Now, you may have noticed rule number &lt;code&gt;100&lt;/code&gt;, and &lt;code&gt;*&lt;/code&gt; in the above screenshot of NACL Rules.&lt;/p&gt;

&lt;p&gt;Let's understand what they mean.&lt;/p&gt;




&lt;h2&gt;
  
  
  Understanding NACL Rule Priority
&lt;/h2&gt;

&lt;p&gt;NACL rules are evaluated in order.&lt;/p&gt;

&lt;p&gt;Smaller numbers have higher priority.&lt;/p&gt;

&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;100 → Checked First
200 → Checked Second
300 → Checked Third
...
*   → Checked Last
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;AWS evaluates rules from top to bottom until a match is found.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 9: Allow Port 8000 in Security Group
&lt;/h2&gt;

&lt;p&gt;Navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 → Instance → Security
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Open the attached Security Group.&lt;/p&gt;

&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Edit Inbound Rules
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;By default, Security Groups block most incoming traffic and only allow SSH access.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz9cqq7dhi89x5o6dlfcl.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz9cqq7dhi89x5o6dlfcl.png" alt=" " width="799" height="162"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Now add a new rule:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Type: Custom TCP&lt;/li&gt;
&lt;li&gt;Port: 8000&lt;/li&gt;
&lt;li&gt;Source: Anywhere IPv4&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Save the rule.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzrronpxh9gvg1dnqtlej.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzrronpxh9gvg1dnqtlej.png" alt=" " width="799" height="284"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 10: Test Again
&lt;/h2&gt;

&lt;p&gt;Return to your browser and refresh:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://&amp;lt;PUBLIC_IP&amp;gt;:8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This time the application loads successfully.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkw16f1lqn6khmlw3a5e2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkw16f1lqn6khmlw3a5e2.png" alt=" " width="799" height="428"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  What changed?
&lt;/h3&gt;

&lt;p&gt;The Security Group now allows traffic on Port 8000.&lt;/p&gt;

&lt;p&gt;Flow:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
   ↓
NACL (Allowed)
   ↓
Security Group (Allowed)
   ↓
EC2 Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Now that we understand how Security Groups and NACLs work together, let's perform one more experiment.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 11: Block Traffic Using NACL
&lt;/h2&gt;

&lt;p&gt;Navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;VPC → Network ACLs
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Edit Inbound Rules
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Create the following rule:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Rule Number: 100&lt;/li&gt;
&lt;li&gt;Type: Custom TCP&lt;/li&gt;
&lt;li&gt;Port Range: 8000&lt;/li&gt;
&lt;li&gt;Source: 0.0.0.0/0&lt;/li&gt;
&lt;li&gt;Action: Deny&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Save the changes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F94u5dsgvmre5y9neh4sa.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F94u5dsgvmre5y9neh4sa.png" alt=" " width="799" height="197"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 12: Test Again
&lt;/h2&gt;

&lt;p&gt;Refresh:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://&amp;lt;PUBLIC_IP&amp;gt;:8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The application is no longer accessible.&lt;/p&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Because traffic is blocked at the subnet level before reaching the Security Group.&lt;/p&gt;

&lt;p&gt;Flow:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
   ↓
NACL (Denied)
   ❌
Security Group
   ❌
EC2 Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Even though the Security Group allows Port 8000, the NACL blocks the request first.&lt;/p&gt;




&lt;h2&gt;
  
  
  Step 13: Understanding Rule Priority
&lt;/h2&gt;

&lt;p&gt;Now let's restore access.&lt;/p&gt;

&lt;p&gt;Navigate to:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;VPC → Network ACLs
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Click:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Edit Inbound Rules
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Create:&lt;/p&gt;

&lt;h3&gt;
  
  
  Rule 100
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Allow All Traffic
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Create another rule:&lt;/p&gt;

&lt;h3&gt;
  
  
  Rule 200
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Type: Custom TCP&lt;/li&gt;
&lt;li&gt;Port Range: 8000&lt;/li&gt;
&lt;li&gt;Source: 0.0.0.0/0&lt;/li&gt;
&lt;li&gt;Action: Deny&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Save the changes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frvuxlakn235yf1apxpef.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frvuxlakn235yf1apxpef.png" alt=" " width="799" height="268"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h1&gt;
  
  
  What Happens Now?
&lt;/h1&gt;

&lt;p&gt;Try accessing:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://&amp;lt;PUBLIC_IP&amp;gt;:8000
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The application works successfully.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj9wnp905zt4he8u3fhk3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj9wnp905zt4he8u3fhk3.png" alt=" " width="800" height="431"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Why?
&lt;/h3&gt;

&lt;p&gt;Because AWS checks:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Rule 100
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;first.&lt;/p&gt;

&lt;p&gt;Since Rule 100 allows all traffic, AWS never evaluates Rule 200.&lt;/p&gt;

&lt;p&gt;Flow:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Rule 100 → Match Found → Allow

Rule 200 → Ignored
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This demonstrates one of the most important NACL concepts:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Lower numbered rules have higher priority.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  Key Takeaways
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Security Groups
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Work at Instance Level&lt;/li&gt;
&lt;li&gt;Stateful&lt;/li&gt;
&lt;li&gt;Allow Traffic&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Network ACLs
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Work at Subnet Level&lt;/li&gt;
&lt;li&gt;Stateless&lt;/li&gt;
&lt;li&gt;Allow and Deny Traffic&lt;/li&gt;
&lt;li&gt;Use Rule Priority&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Request Flow
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
   ↓
NACL
   ↓
Security Group
   ↓
EC2 Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;blockquote&gt;
&lt;p&gt;If either layer blocks the traffic, the request never reaches the server.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;In this hands-on lab, we:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Created a VPC&lt;/li&gt;
&lt;li&gt;Launched an EC2 instance&lt;/li&gt;
&lt;li&gt;Deployed a simple Python web server&lt;/li&gt;
&lt;li&gt;Allowed traffic using Security Groups&lt;/li&gt;
&lt;li&gt;Blocked traffic using NACLs&lt;/li&gt;
&lt;li&gt;Observed how multiple security layers work together&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;We also learned that:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Security Groups control traffic at the instance level.&lt;/li&gt;
&lt;li&gt;NACLs control traffic at the subnet level.&lt;/li&gt;
&lt;li&gt;NACL rule priority affects traffic flow.&lt;/li&gt;
&lt;li&gt;Multiple security layers improve AWS network security.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Understanding these concepts is essential for AWS networking and cloud security.&lt;/p&gt;

</description>
      <category>aws</category>
      <category>networking</category>
      <category>security</category>
      <category>tutorial</category>
    </item>
    <item>
      <title>Security Groups vs NACLs Explained for Beginners</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Sat, 06 Jun 2026 11:06:00 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/security-groups-vs-nacls-explained-for-beginners-33n3</link>
      <guid>https://dev.to/kadhamvj23/security-groups-vs-nacls-explained-for-beginners-33n3</guid>
      <description>&lt;h1&gt;
  
  
  Security Groups vs NACLs Explained for Beginners
&lt;/h1&gt;

&lt;p&gt;In the previous articles, we learned about:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPC&lt;/li&gt;
&lt;li&gt;Subnets&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;li&gt;Route Tables&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These components help AWS resources communicate with each other and with the internet.&lt;/p&gt;

&lt;p&gt;But there is still one important question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Even if a server is reachable, should everyone be allowed to access it?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;The answer is &lt;strong&gt;No&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;We need security controls that decide:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Who can access our resources&lt;/li&gt;
&lt;li&gt;Which traffic is allowed&lt;/li&gt;
&lt;li&gt;Which traffic should be blocked&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;AWS provides two important security layers for this:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;Network Access Control Lists (NACLs)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;At first, they may seem similar, but they work at different levels and have different purposes.&lt;/p&gt;

&lt;p&gt;In this article, we will understand them using simple real-world examples.&lt;/p&gt;




&lt;h1&gt;
  
  
  Why Do We Need Security Layers?
&lt;/h1&gt;

&lt;p&gt;Imagine you own a house.&lt;/p&gt;

&lt;p&gt;Just because a road leads to your house does not mean everyone should be allowed inside.&lt;/p&gt;

&lt;p&gt;You still need:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A gate around the property&lt;/li&gt;
&lt;li&gt;A lock on the door&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;AWS networking works in a similar way.&lt;/p&gt;

&lt;p&gt;Even if:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;A route exists&lt;/li&gt;
&lt;li&gt;The internet can reach your subnet&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;You still need security rules that decide whether traffic should be allowed or blocked.&lt;/p&gt;

&lt;p&gt;This is where Security Groups and NACLs come in.&lt;/p&gt;




&lt;h1&gt;
  
  
  What is a Security Group?
&lt;/h1&gt;

&lt;p&gt;A Security Group is a virtual firewall attached directly to an EC2 instance.&lt;/p&gt;

&lt;p&gt;Simply put, Security Groups are created at the &lt;strong&gt;instance level&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;It controls:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Incoming Traffic (Inbound Rules)&lt;/li&gt;
&lt;li&gt;Outgoing Traffic (Outbound Rules)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Think of a Security Group as the security guard standing at the door of your house.&lt;/p&gt;

&lt;p&gt;Every request must pass through the guard before reaching the server.&lt;/p&gt;




&lt;h1&gt;
  
  
  Example
&lt;/h1&gt;

&lt;p&gt;Suppose you have a web server running on an EC2 instance.&lt;/p&gt;

&lt;p&gt;The website uses:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Port 80
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;for HTTP traffic.&lt;/p&gt;

&lt;p&gt;You can configure the Security Group to allow traffic on Port 80.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Requests coming on Port 80 are allowed.&lt;/li&gt;
&lt;li&gt;Requests coming from other ports are blocked.&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Security Group Flow
&lt;/h1&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
   ↓
Security Group
   ↓
EC2 Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If traffic matches an allowed rule:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The request reaches the EC2 instance.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Otherwise:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;AWS blocks the request.&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Security Groups are Stateful
&lt;/h1&gt;

&lt;p&gt;This is one of the most important concepts.&lt;/p&gt;

&lt;p&gt;Suppose a user visits your website.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 1: User accesses the website
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;User
  ↓
EC2 Web Server
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Step 2: EC2 sends the response back
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 Web Server
  ↓
User
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;When inbound traffic is allowed, AWS automatically allows the response traffic.&lt;/p&gt;

&lt;p&gt;You do not need to create separate rules for return traffic.&lt;/p&gt;

&lt;p&gt;This behavior is called:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Stateful&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Think of it like a phone call.&lt;/p&gt;

&lt;p&gt;If you answer a call, you can automatically talk back without opening another connection.&lt;/p&gt;




&lt;h1&gt;
  
  
  What is a NACL?
&lt;/h1&gt;

&lt;p&gt;NACL stands for:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Network Access Control List&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;A NACL acts as a firewall at the subnet level.&lt;/p&gt;

&lt;p&gt;Instead of protecting a single EC2 instance, it protects the entire subnet.&lt;/p&gt;

&lt;p&gt;Think of a NACL as the security gate at the entrance of an apartment complex.&lt;/p&gt;

&lt;p&gt;Anyone entering the apartment complex must pass through the gate first.&lt;/p&gt;




&lt;h1&gt;
  
  
  NACL Flow
&lt;/h1&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
   ↓
NACL
   ↓
Subnet
   ↓
Security Group
   ↓
EC2 Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Notice that the NACL checks traffic before it reaches the Security Group.&lt;/p&gt;




&lt;h1&gt;
  
  
  Example
&lt;/h1&gt;

&lt;p&gt;Suppose your subnet contains:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Web Server&lt;/li&gt;
&lt;li&gt;Application Server&lt;/li&gt;
&lt;li&gt;Monitoring Server&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Instead of configuring rules individually on each server, you can create subnet-level rules using a NACL.&lt;/p&gt;

&lt;h3&gt;
  
  
  Allow:
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Port 80&lt;/li&gt;
&lt;li&gt;Port 443&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Deny:
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Port 22 from the Internet&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These rules apply to the entire subnet.&lt;/p&gt;




&lt;h1&gt;
  
  
  NACLs are Stateless
&lt;/h1&gt;

&lt;p&gt;Unlike Security Groups, NACLs are stateless.&lt;/p&gt;

&lt;p&gt;This means AWS does &lt;strong&gt;not&lt;/strong&gt; automatically allow return traffic.&lt;/p&gt;

&lt;p&gt;You must explicitly configure:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Inbound Rules&lt;/li&gt;
&lt;li&gt;Outbound Rules&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Example
&lt;/h2&gt;

&lt;p&gt;If inbound HTTP traffic is allowed:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
   ↓
Subnet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You must also create outbound rules so the response can return:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Subnet
   ↓
Internet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Otherwise, communication fails.&lt;/p&gt;

&lt;p&gt;This behavior is called:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Stateless&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h1&gt;
  
  
  Security Group vs NACL
&lt;/h1&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Feature&lt;/th&gt;
&lt;th&gt;Security Group&lt;/th&gt;
&lt;th&gt;NACL&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Works At&lt;/td&gt;
&lt;td&gt;EC2 Instance Level&lt;/td&gt;
&lt;td&gt;Subnet Level&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Stateful&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Allows Traffic&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Denies Traffic&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Applied To&lt;/td&gt;
&lt;td&gt;EC2 Instances&lt;/td&gt;
&lt;td&gt;Subnets&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Protection Scope&lt;/td&gt;
&lt;td&gt;Individual Resource&lt;/td&gt;
&lt;td&gt;Entire Subnet&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;




&lt;h1&gt;
  
  
  Easy Way to Remember
&lt;/h1&gt;

&lt;p&gt;Think about an apartment building.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Apartment Complex
        ↓
       NACL
        ↓
     Apartment
        ↓
 Security Group
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  NACL
&lt;/h3&gt;

&lt;p&gt;Security at the apartment gate.&lt;/p&gt;

&lt;h3&gt;
  
  
  Security Group
&lt;/h3&gt;

&lt;p&gt;Security at the apartment door.&lt;/p&gt;

&lt;p&gt;Both work together.&lt;/p&gt;




&lt;h1&gt;
  
  
  Why Does AWS Use Both?
&lt;/h1&gt;

&lt;p&gt;AWS follows a security principle called:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Defense in Depth&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Instead of relying on a single security layer, AWS uses multiple layers of protection.&lt;/p&gt;

&lt;h3&gt;
  
  
  Layer 1
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;NACL protects the subnet.&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Layer 2
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Security Group protects the EC2 instance.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Even if one layer is misconfigured, another layer can still provide protection.&lt;/p&gt;




&lt;h1&gt;
  
  
  Real-World Example
&lt;/h1&gt;

&lt;p&gt;Imagine an online shopping application.&lt;/p&gt;

&lt;h2&gt;
  
  
  Public Subnet
&lt;/h2&gt;

&lt;p&gt;Contains:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Load Balancer&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Private Subnet
&lt;/h2&gt;

&lt;p&gt;Contains:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Application Server&lt;/li&gt;
&lt;li&gt;Database&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Security Group Rules
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Allow users to access the Load Balancer&lt;/li&gt;
&lt;li&gt;Allow the Load Balancer to access the Application Server&lt;/li&gt;
&lt;li&gt;Allow the Application Server to access the Database&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  NACL Rules
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Block unwanted traffic at the subnet level&lt;/li&gt;
&lt;li&gt;Allow only required ports&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This creates multiple layers of security.&lt;/p&gt;




&lt;h1&gt;
  
  
  Conclusion
&lt;/h1&gt;

&lt;p&gt;Security Groups and NACLs both play an important role in AWS security, but they work at different levels.&lt;/p&gt;

&lt;h2&gt;
  
  
  Security Groups
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Protect individual EC2 instances&lt;/li&gt;
&lt;li&gt;Are stateful&lt;/li&gt;
&lt;li&gt;Allow traffic&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  NACLs
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Protect entire subnets&lt;/li&gt;
&lt;li&gt;Are stateless&lt;/li&gt;
&lt;li&gt;Can allow or deny traffic&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Understanding the difference between Security Groups and NACLs is an important AWS networking concept.&lt;/p&gt;




&lt;h1&gt;
  
  
  What's Next?
&lt;/h1&gt;

&lt;p&gt;In the next article, we will perform a hands-on lab where we will:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create a custom VPC&lt;/li&gt;
&lt;li&gt;Launch an EC2 instance&lt;/li&gt;
&lt;li&gt;Allow traffic using a Security Group&lt;/li&gt;
&lt;li&gt;Block traffic using a NACL&lt;/li&gt;
&lt;li&gt;Observe how both security layers work together&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;🚀 Stay tuned for the hands-on implementation.&lt;/p&gt;

</description>
      <category>aws</category>
      <category>beginners</category>
      <category>networking</category>
      <category>security</category>
    </item>
    <item>
      <title>AWS Internet Gateway and Route Tables Explained for Beginners</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Wed, 03 Jun 2026 07:21:32 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/aws-internet-gateway-and-route-tables-explained-for-beginners-1c27</link>
      <guid>https://dev.to/kadhamvj23/aws-internet-gateway-and-route-tables-explained-for-beginners-1c27</guid>
      <description>&lt;p&gt;After learning about &lt;strong&gt;Public Subnets&lt;/strong&gt; and &lt;strong&gt;Private Subnets&lt;/strong&gt;, the next question that comes across our mind is:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;How does traffic actually move inside AWS?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Creating a subnet alone doesn't make your application accessible.&lt;/p&gt;

&lt;p&gt;AWS needs networking concepts to decide:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Where the traffic comes from&lt;/li&gt;
&lt;li&gt;Where the traffic should go&lt;/li&gt;
&lt;li&gt;Whether internet access is allowed&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is where &lt;strong&gt;Internet Gateways (IGW)&lt;/strong&gt; and &lt;strong&gt;Route Tables&lt;/strong&gt; come into the picture.&lt;/p&gt;

&lt;p&gt;Together, they act like roads and traffic signals for your AWS network.&lt;/p&gt;




&lt;h2&gt;
  
  
  Imagine a Real City
&lt;/h2&gt;

&lt;p&gt;Think of your AWS VPC as a city.&lt;/p&gt;

&lt;p&gt;Inside the city, we have:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Buildings&lt;/strong&gt; = EC2 Instances&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Neighborhoods&lt;/strong&gt; = Subnets&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Roads&lt;/strong&gt; = Routes&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;City Gate&lt;/strong&gt; = Internet Gateway&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Without roads and a city gate:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Nobody can enter&lt;/li&gt;
&lt;li&gt;Nobody can leave&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;AWS networking works in a similar way.&lt;/p&gt;

&lt;h3&gt;
  
  
  Real City
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;City
 ├── Buildings
 ├── Roads
 └── Main Gate
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  AWS Equivalent
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;VPC
 ├── EC2 Instances
 ├── Route Tables
 └── Internet Gateway
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  What is an Internet Gateway?
&lt;/h1&gt;

&lt;p&gt;An Internet Gateway (IGW) is a VPC component that enables communication between:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Your AWS VPC&lt;/li&gt;
&lt;li&gt;The Public Internet&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It is the official entry and exit point for internet traffic.&lt;/p&gt;




&lt;h2&gt;
  
  
  Real-World Example
&lt;/h2&gt;

&lt;p&gt;Imagine a shopping mall.&lt;/p&gt;

&lt;p&gt;It has:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Shops inside&lt;/li&gt;
&lt;li&gt;Customers outside&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Customers can only enter through the main entrance gate.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Customers
     ↓
 Main Entrance
     ↓
 Shopping Mall
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;In AWS we can look the above situation as:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
     ↓
Internet Gateway
     ↓
VPC
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The Internet Gateway acts as the main entrance gate.&lt;/p&gt;




&lt;h2&gt;
  
  
  Without an Internet Gateway
&lt;/h2&gt;

&lt;p&gt;Suppose you launch an EC2 instance. But there is no Internet Gateway attached.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;EC2 Instance
    ↓
Public Subnet
    ↓
VPC
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Result
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;❌ Users cannot access the application&lt;/li&gt;
&lt;li&gt;❌ EC2 cannot browse the internet&lt;/li&gt;
&lt;li&gt;❌ Software updates cannot be downloaded&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Even though the EC2 instance exists, it is isolated from the internet.&lt;/p&gt;




&lt;h1&gt;
  
  
  When an Internet Gateway is Attached
&lt;/h1&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
     ↓
Internet Gateway
     ↓
VPC
     ↓
EC2
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The VPC now has a connection to the outside world.&lt;/p&gt;

&lt;p&gt;However, there is still one more requirement.&lt;/p&gt;

&lt;p&gt;The traffic needs directions.&lt;/p&gt;

&lt;p&gt;This is where Route Tables come in.&lt;/p&gt;




&lt;h1&gt;
  
  
  What is a Route Table?
&lt;/h1&gt;

&lt;p&gt;A Route Table is a set of rules that tells AWS:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"Where should the traffic go?"&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Think of it like Google Maps for network traffic.&lt;/p&gt;

&lt;p&gt;When traffic arrives, AWS checks the Route Table and decides whether to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Send traffic to an Internet Gateway&lt;/li&gt;
&lt;li&gt;Send traffic to another subnet&lt;/li&gt;
&lt;li&gt;Send traffic to another network&lt;/li&gt;
&lt;/ul&gt;




&lt;h2&gt;
  
  
  Real-World Example
&lt;/h2&gt;

&lt;p&gt;Imagine you're driving a car.&lt;/p&gt;

&lt;p&gt;When you reach an intersection, you see:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Go Left  → Airport
Go Right → City Center
Go Straight → Highway
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Road signs tell you where to go.&lt;/p&gt;

&lt;p&gt;A Route Table does the same thing for network traffic.&lt;/p&gt;




&lt;h2&gt;
  
  
  Understanding Routes
&lt;/h2&gt;

&lt;p&gt;A route contains:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Destination → Target
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;0.0.0.0/0 → Internet Gateway
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This means:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Any traffic going anywhere on the internet should be sent to the Internet Gateway.&lt;/p&gt;
&lt;/blockquote&gt;




&lt;h1&gt;
  
  
  What Does 0.0.0.0/0 Mean?
&lt;/h1&gt;

&lt;p&gt;This confuses many beginners.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;0.0.0.0/0
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;means:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Every possible IP address on the internet.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;So this route means:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;All Internet Traffic
          ↓
Internet Gateway
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Complete Traffic Flow
&lt;/h1&gt;

&lt;p&gt;Let's see what happens when a user opens a website.&lt;/p&gt;

&lt;h2&gt;
  
  
  Step 1
&lt;/h2&gt;

&lt;p&gt;User enters:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;www.example.com
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Step 2
&lt;/h2&gt;

&lt;p&gt;The request reaches AWS.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;User
 ↓
Internet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Step 3
&lt;/h2&gt;

&lt;p&gt;Traffic enters through the Internet Gateway.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;User
 ↓
Internet
 ↓
Internet Gateway
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Step 4
&lt;/h2&gt;

&lt;p&gt;AWS checks the Route Table.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet Gateway
        ↓
    Route Table
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Step 5
&lt;/h2&gt;

&lt;p&gt;The Route Table sends traffic to the correct subnet.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Route Table
      ↓
Public Subnet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Step 6
&lt;/h2&gt;

&lt;p&gt;Traffic reaches the EC2 instance.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Public Subnet
      ↓
EC2 Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Complete Flow
&lt;/h3&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;User
  ↓
Internet
  ↓
Internet Gateway
  ↓
Route Table
  ↓
Public Subnet
  ↓
EC2 Instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Public Route Table Example
&lt;/h1&gt;

&lt;p&gt;A Public Subnet becomes public because its Route Table contains a route to the Internet Gateway.&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Destination&lt;/th&gt;
&lt;th&gt;Target&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;VPC CIDR&lt;/td&gt;
&lt;td&gt;Local&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;0.0.0.0/0&lt;/td&gt;
&lt;td&gt;Internet Gateway&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Diagram:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Public Subnet
       ↓
Route Table
       ↓
0.0.0.0/0
       ↓
Internet Gateway
       ↓
Internet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This allows:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Incoming internet traffic&lt;/li&gt;
&lt;li&gt;Outgoing internet traffic&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Important Thing to Remember
&lt;/h1&gt;

&lt;p&gt;Many beginners think:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"If an EC2 is launched inside a public subnet, it automatically becomes public."&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;This is incorrect.&lt;/p&gt;

&lt;p&gt;For an EC2 instance to be publicly accessible, it needs:&lt;/p&gt;

&lt;h2&gt;
  
  
  Requirement 1
&lt;/h2&gt;

&lt;p&gt;The subnet must have a route:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;0.0.0.0/0 → IGW
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Requirement 2
&lt;/h2&gt;

&lt;p&gt;An Internet Gateway must be attached.&lt;/p&gt;

&lt;h2&gt;
  
  
  Requirement 3
&lt;/h2&gt;

&lt;p&gt;The EC2 instance must have a Public IP.&lt;/p&gt;

&lt;h2&gt;
  
  
  Requirement 4
&lt;/h2&gt;

&lt;p&gt;The Security Group must allow access.&lt;/p&gt;

&lt;p&gt;Only then can internet users reach the EC2 instance.&lt;/p&gt;




&lt;h2&gt;
  
  
  Private Subnet Route Table
&lt;/h2&gt;

&lt;p&gt;A Private Subnet usually does not have a route to the Internet Gateway.&lt;/p&gt;

&lt;p&gt;Example:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Destination&lt;/th&gt;
&lt;th&gt;Target&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;VPC CIDR&lt;/td&gt;
&lt;td&gt;Local&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;Notice:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;0.0.0.0/0 → IGW
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;does not exist.&lt;/p&gt;

&lt;p&gt;Result:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;❌ No direct internet access&lt;/li&gt;
&lt;li&gt;❌ Internet users cannot reach resources&lt;/li&gt;
&lt;li&gt;✅ Better security&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Real-World Architecture Example
&lt;/h1&gt;

&lt;p&gt;Let's build a simple e-commerce website.&lt;/p&gt;

&lt;h2&gt;
  
  
  Public Layer
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Load Balancer&lt;/li&gt;
&lt;li&gt;Web Server&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Private Layer
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Database&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Architecture:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
    ↓
Internet Gateway
    ↓
Public Subnet
    ↓
Load Balancer
    ↓
Web Server
    ↓
Private Subnet
    ↓
Database
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Why Keep the Database in a Private Subnet?
&lt;/h1&gt;

&lt;p&gt;Imagine if the database was directly accessible from the internet.&lt;/p&gt;

&lt;p&gt;Anyone could attempt:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Brute-force attacks&lt;/li&gt;
&lt;li&gt;Unauthorized access&lt;/li&gt;
&lt;li&gt;Data theft&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Instead, we design the architecture like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
    ↓
Web Server
    ↓
Database
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Only the Web Server can communicate with the Database.&lt;/p&gt;

&lt;p&gt;Users cannot directly reach it.&lt;/p&gt;

&lt;p&gt;This is a core AWS security principle.&lt;/p&gt;




&lt;h1&gt;
  
  
  Public vs Private Subnet Visualization
&lt;/h1&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;                    Internet
                        │
                Internet Gateway
                        │
                 Route Table
                        │
          ┌─────────────┴─────────────┐
          │                           │
          ▼                           ▼

    Public Subnet              Private Subnet

          │                           │
          ▼                           ▼

      Web Server                 Database
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h1&gt;
  
  
  Conclusion
&lt;/h1&gt;

&lt;p&gt;Internet Gateway and Route Tables are the foundation of AWS networking.&lt;/p&gt;

&lt;p&gt;In this article, we learned:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What an Internet Gateway is&lt;/li&gt;
&lt;li&gt;Why it is required&lt;/li&gt;
&lt;li&gt;What Route Tables are&lt;/li&gt;
&lt;li&gt;How AWS routes traffic&lt;/li&gt;
&lt;li&gt;Difference between Public and Private Subnets&lt;/li&gt;
&lt;li&gt;Real-world examples of traffic flow&lt;/li&gt;
&lt;li&gt;How web applications securely communicate with databases&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Once you understand Internet Gateway and Route Tables, AWS networking becomes much easier to visualize.&lt;/p&gt;




&lt;h1&gt;
  
  
  Key Interview Question
&lt;/h1&gt;

&lt;h3&gt;
  
  
  What makes an EC2 instance publicly accessible?
&lt;/h3&gt;

&lt;p&gt;The following four conditions must be met:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;0.0.0.0/0 Route
        +
Internet Gateway
        +
Public IP
        +
Security Group Allow Rule
        =
Accessible from Internet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Remembering these four requirements helps answer many AWS networking interview questions.&lt;/p&gt;




&lt;h1&gt;
  
  
  Next Article
&lt;/h1&gt;

&lt;p&gt;In the next article, we'll explore:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;Network ACLs (NACLs)&lt;/li&gt;
&lt;li&gt;How AWS protects resources at the network level&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aws</category>
      <category>beginners</category>
      <category>cloudcomputing</category>
      <category>learning</category>
    </item>
    <item>
      <title>Public vs Private Subnets in AWS Explained for Beginners</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Mon, 01 Jun 2026 06:02:26 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/public-vs-private-subnets-in-aws-explained-for-beginners-331e</link>
      <guid>https://dev.to/kadhamvj23/public-vs-private-subnets-in-aws-explained-for-beginners-331e</guid>
      <description>&lt;p&gt;When learning AWS networking, one of the most important concepts to understand is the difference between:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Public Subnet&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Private Subnet&lt;/strong&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;At first these terms may sound confusing. But once you understand how internet access works inside a VPC, the concept becomes very simple.&lt;/p&gt;

&lt;p&gt;In this article, we will understand:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;What a subnet is&lt;/li&gt;
&lt;li&gt;What public and private subnets are&lt;/li&gt;
&lt;li&gt;How internet access works in AWS&lt;/li&gt;
&lt;li&gt;What a Load Balancer does&lt;/li&gt;
&lt;li&gt;How routing works&lt;/li&gt;
&lt;li&gt;Real-world architecture examples&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  What is a Subnet?
&lt;/h2&gt;

&lt;p&gt;A subnet is a smaller network created inside a VPC.&lt;/p&gt;

&lt;p&gt;When we create a VPC, AWS gives us a large IP address range called a &lt;strong&gt;CIDR Block&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Example:&lt;/strong&gt; &lt;code&gt;192.168.0.0/16&lt;/code&gt;&lt;/p&gt;

&lt;p&gt;Instead of using the entire IP block, we divide it into smaller sections called &lt;strong&gt;Subnets&lt;/strong&gt;. This helps organize resources properly and improves security.&lt;/p&gt;

&lt;p&gt;We mainly have two types of subnets:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Public Subnet&lt;/li&gt;
&lt;li&gt;Private Subnet&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Why Do We Need Different Subnets?
&lt;/h2&gt;

&lt;p&gt;Think of a company office building:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Office Building
├── Reception Area (Public)
└── Server Room (Private)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Reception Area&lt;/strong&gt; → Anyone can enter (customers, visitors, delivery people) → &lt;strong&gt;Similar to Public Subnet&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Server Room&lt;/strong&gt; → Only authorized employees can enter → &lt;strong&gt;Similar to Private Subnet&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is how AWS works. &lt;strong&gt;Not every application component should be exposed to the internet.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;For example:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Users should access frontend applications&lt;/li&gt;
&lt;li&gt;Databases should remain private&lt;/li&gt;
&lt;li&gt;Backend services should stay protected&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpd7kvd1ett83gdzbgmft.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpd7kvd1ett83gdzbgmft.jpg" alt=" " width="800" height="450"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h2&gt;
  
  
  What is a Public Subnet?
&lt;/h2&gt;

&lt;p&gt;A &lt;strong&gt;Public Subnet&lt;/strong&gt; is a subnet that allows internet access. &lt;br&gt;
Resources inside this subnet can communicate directly with the internet.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Examples:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Web Servers&lt;/li&gt;
&lt;li&gt;Load Balancers&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;
  
  
  What is a Load Balancer?
&lt;/h3&gt;

&lt;p&gt;A Load Balancer is a service that distributes user traffic across multiple servers.&lt;/p&gt;

&lt;p&gt;Think of it like a traffic manager.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Users
↓
Load Balancer
↓
├── Server 1
├── Server 2
└── Server 3
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This improves &lt;strong&gt;Performance&lt;/strong&gt;, &lt;strong&gt;Availability&lt;/strong&gt;, and &lt;strong&gt;Reliability&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;In AWS, Load Balancers are placed inside a &lt;strong&gt;public subnet&lt;/strong&gt; because users from the internet need to access them.&lt;/p&gt;

&lt;h2&gt;
  
  
  Real World Example of Public Subnet
&lt;/h2&gt;

&lt;p&gt;Imagine you are hosting a shopping website: &lt;code&gt;www.shopworld.com&lt;/code&gt;&lt;/p&gt;

&lt;p&gt;Internet Users → Load Balancers → Web Servers&lt;/p&gt;

&lt;p&gt;These resources need internet access to receive requests and send responses back to users.&lt;/p&gt;

&lt;h2&gt;
  
  
  How Public Subnets Get Internet Access?
&lt;/h2&gt;

&lt;p&gt;AWS uses an &lt;strong&gt;Internet Gateway&lt;/strong&gt; to connect resources to the internet.&lt;/p&gt;

&lt;p&gt;Think of Internet Gateway as a gate between AWS Network and the Internet.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Flow:&lt;/strong&gt;&lt;br&gt;
Internet → Internet Gateway → Public Subnet&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhegdvspqc13jrl1hmjwk.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhegdvspqc13jrl1hmjwk.jpg" alt=" " width="800" height="566"&gt;&lt;/a&gt;&lt;/p&gt;
&lt;h3&gt;
  
  
  Understanding Route Tables
&lt;/h3&gt;

&lt;p&gt;A &lt;strong&gt;Route Table&lt;/strong&gt; decides where network traffic should go.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Public Subnet Route Example:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Destination: &lt;code&gt;0.0.0.0/0&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;Target: Internet Gateway&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This route makes the subnet &lt;strong&gt;Public&lt;/strong&gt;.&lt;/p&gt;


&lt;h2&gt;
  
  
  What is a Private Subnet?
&lt;/h2&gt;

&lt;p&gt;A &lt;strong&gt;Private Subnet&lt;/strong&gt; does not allow direct internet access. Resources inside it are hidden from the internet.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Examples:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Databases&lt;/li&gt;
&lt;li&gt;Backend APIs&lt;/li&gt;
&lt;/ul&gt;
&lt;h3&gt;
  
  
  Why Private Subnets are Important?
&lt;/h3&gt;

&lt;p&gt;Sensitive data should never be exposed publicly.&lt;/p&gt;

&lt;p&gt;Examples: MySQL databases, Banking systems, Payment services.&lt;/p&gt;

&lt;p&gt;Keeping them private improves security significantly.&lt;/p&gt;
&lt;h2&gt;
  
  
  Real World Example of Private Subnet
&lt;/h2&gt;

&lt;p&gt;In a banking application &lt;code&gt;bank.com&lt;/code&gt;, customers should &lt;strong&gt;never&lt;/strong&gt; directly access:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Database servers&lt;/li&gt;
&lt;li&gt;Account systems&lt;/li&gt;
&lt;li&gt;Transaction services&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;So these are placed in &lt;strong&gt;Private Subnets&lt;/strong&gt;.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet User
↓
Website
↓
Backend Application
↓
Database
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h3&gt;
  
  
  Private Subnet Routing
&lt;/h3&gt;

&lt;p&gt;Private subnet route tables usually don't contain a Route to internet gateway.&lt;/p&gt;

&lt;p&gt;Example: No Route to Internet Gateway&lt;/p&gt;

&lt;p&gt;Meaning: Internet access is blocked.&lt;/p&gt;

&lt;p&gt;This prevents from direct communication from the internet.&lt;/p&gt;

&lt;h2&gt;
  
  
  Public vs Private Subnet Comparison
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Feature&lt;/th&gt;
&lt;th&gt;Public Subnet&lt;/th&gt;
&lt;th&gt;Private Subnet&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Internet Access&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Directly Reachable&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Used For&lt;/td&gt;
&lt;td&gt;Web Applications, Load Balancers&lt;/td&gt;
&lt;td&gt;Databases, Backend Applications&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Security Level&lt;/td&gt;
&lt;td&gt;Lower&lt;/td&gt;
&lt;td&gt;Higher&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;




&lt;h1&gt;
  
  
  Complete Real-World AWS Architecture
&lt;/h1&gt;

&lt;p&gt;This is the most common architecture used in real AWS projects. It combines both Public and Private Subnets to create a secure and scalable application.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F62q8ynalm6e2ph877q89.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F62q8ynalm6e2ph877q89.jpg" alt=" " width="748" height="1164"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;Public and Private Subnets are fundamental building blocks of secure and scalable AWS architecture.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Public Subnets&lt;/strong&gt; allow resources to be accessed from the internet (like web servers and load balancers).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Private Subnets&lt;/strong&gt; keep sensitive resources safe and hidden from the internet (like databases and backend applications).&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;By properly using &lt;strong&gt;Internet Gateway&lt;/strong&gt;, &lt;strong&gt;Route Tables&lt;/strong&gt;, and separating your resources into public and private subnets, you can build applications that are both &lt;strong&gt;highly available&lt;/strong&gt; and &lt;strong&gt;secure&lt;/strong&gt;.&lt;/p&gt;

&lt;h3&gt;
  
  
  Key Takeaways:
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Always place internet-facing components in &lt;strong&gt;Public Subnets&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Keep databases and backend logic in &lt;strong&gt;Private Subnets&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Use &lt;strong&gt;Load Balancers&lt;/strong&gt; in public subnets to distribute traffic efficiently.&lt;/li&gt;
&lt;li&gt;This &lt;strong&gt;3-Tier Architecture&lt;/strong&gt; (Web → Application → Database) is one of the most commonly used patterns in real-world AWS projects.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Mastering Public and Private Subnets is a big step toward becoming confident in AWS networking.&lt;/p&gt;

&lt;p&gt;In the next articles, we will learn about &lt;strong&gt;NAT Gateway&lt;/strong&gt; (how private subnets can access the internet for updates), &lt;strong&gt;Security Groups&lt;/strong&gt;, and &lt;strong&gt;Network ACLs&lt;/strong&gt;.&lt;/p&gt;

</description>
      <category>aws</category>
      <category>cloudcomputing</category>
      <category>subnet</category>
      <category>beginners</category>
    </item>
    <item>
      <title>What is VPC? Explained for Beginners</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Fri, 29 May 2026 04:44:56 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/what-is-vpc-explained-for-beginners-359</link>
      <guid>https://dev.to/kadhamvj23/what-is-vpc-explained-for-beginners-359</guid>
      <description>&lt;h1&gt;
  
  
  AWS VPC (Virtual Private Cloud)
&lt;/h1&gt;

&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;If you are starting your AWS and Cloud journey, one of the most important concepts you will come across is &lt;strong&gt;VPC (Virtual Private Cloud)&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;When I first heard the term VPC, I was confused because AWS networking looked very complicated.&lt;/p&gt;

&lt;p&gt;Terms like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Subnets&lt;/li&gt;
&lt;li&gt;CIDR Blocks&lt;/li&gt;
&lt;li&gt;Public Networks&lt;/li&gt;
&lt;li&gt;Private Networks&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;all sounded overwhelming.&lt;/p&gt;

&lt;p&gt;But once I understood &lt;strong&gt;why VPC actually exists&lt;/strong&gt;, things started making much more sense.&lt;/p&gt;

&lt;p&gt;In this article, let us try to understand VPC in the simplest way possible.&lt;/p&gt;




&lt;h1&gt;
  
  
  Why Does VPC Exist?
&lt;/h1&gt;

&lt;p&gt;Before understanding VPC, let us first understand the problem AWS was trying to solve.&lt;/p&gt;

&lt;p&gt;In traditional environments, companies used to host their applications in their own physical data centers.&lt;/p&gt;

&lt;p&gt;This required:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Buying Servers&lt;/li&gt;
&lt;li&gt;Managing Networking&lt;/li&gt;
&lt;li&gt;Handling Security&lt;/li&gt;
&lt;li&gt;Maintaining Infrastructure&lt;/li&gt;
&lt;li&gt;Monitoring Hardware Failures&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This became difficult and expensive, especially when the application started growing.&lt;/p&gt;

&lt;p&gt;Then cloud providers like AWS came into the picture and started providing infrastructure over the internet.&lt;/p&gt;

&lt;p&gt;AWS built massive data centers across different regions around the world.&lt;/p&gt;

&lt;p&gt;Inside these data centers, AWS provides virtual servers (&lt;strong&gt;EC2 Instances&lt;/strong&gt;) to multiple companies to host their applications.&lt;/p&gt;

&lt;p&gt;Now imagine:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Company A&lt;/li&gt;
&lt;li&gt;Company B&lt;/li&gt;
&lt;li&gt;Company C&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;all running applications on AWS infrastructure.&lt;/p&gt;

&lt;p&gt;If everything existed in the same shared network, there would be:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Security Risks&lt;/li&gt;
&lt;li&gt;No Isolation&lt;/li&gt;
&lt;li&gt;No Proper Control Over Traffic&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Companies need:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Their own private network&lt;/li&gt;
&lt;li&gt;Controlled communication&lt;/li&gt;
&lt;li&gt;Better security&lt;/li&gt;
&lt;li&gt;Isolation from other companies&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;To solve this problem, AWS introduced &lt;strong&gt;VPC (Virtual Private Cloud)&lt;/strong&gt;.&lt;/p&gt;




&lt;h1&gt;
  
  
  What is VPC in AWS?
&lt;/h1&gt;

&lt;p&gt;&lt;strong&gt;VPC&lt;/strong&gt; stands for &lt;strong&gt;Virtual Private Cloud&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;A VPC is your own isolated private network inside AWS where you can launch and manage your AWS resources securely.&lt;/p&gt;

&lt;h2&gt;
  
  
  Simple Analogy
&lt;/h2&gt;

&lt;p&gt;Think of it like this:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;AWS Cloud = A large apartment city

Your VPC = Your private apartment complex
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Inside your apartment complex:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;You decide who can enter&lt;/li&gt;
&lt;li&gt;You decide how rooms are divided&lt;/li&gt;
&lt;li&gt;You control security&lt;/li&gt;
&lt;li&gt;You manage networking rules&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Similarly in AWS:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;VPC gives you control over networking&lt;/li&gt;
&lt;li&gt;Isolates your application&lt;/li&gt;
&lt;li&gt;Helps secure your infrastructure&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Every company can create its own private network inside AWS without interfering with others.&lt;/p&gt;




&lt;h1&gt;
  
  
  Understanding Isolation in VPC
&lt;/h1&gt;

&lt;p&gt;Let us imagine there are 3 companies using AWS infrastructure.&lt;/p&gt;

&lt;p&gt;Without proper isolation:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Company A ➡️ Same Network ⬅️ Company B ⬅️ Company C
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If one application gets compromised, there is a risk that others may also get affected.&lt;/p&gt;

&lt;p&gt;To solve this problem, AWS creates isolated private networks called &lt;strong&gt;VPCs&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Now each company gets its own secure environment.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkmrmeck96chungzuzxmh.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkmrmeck96chungzuzxmh.png" alt=" " width="463" height="557"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This isolation is one of the biggest reasons why VPC is important in AWS.&lt;/p&gt;




&lt;h1&gt;
  
  
  What is CIDR in VPC?
&lt;/h1&gt;

&lt;p&gt;Whenever we create a VPC, we must define an IP address range for it.&lt;/p&gt;

&lt;p&gt;This IP range is called a &lt;strong&gt;CIDR Block&lt;/strong&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Example
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;192.168.0.0/16
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This defines the range of IP addresses available inside the VPC.&lt;/p&gt;

&lt;p&gt;Think of CIDR as defining the total land area available for your network.&lt;/p&gt;

&lt;p&gt;Inside that range, we can create smaller sections called &lt;strong&gt;Subnets&lt;/strong&gt;.&lt;/p&gt;




&lt;h1&gt;
  
  
  What are Subnets?
&lt;/h1&gt;

&lt;p&gt;A subnet is a smaller network created inside a VPC.&lt;/p&gt;

&lt;p&gt;Instead of putting all applications in one area, we divide the VPC into smaller sections for better organization and security.&lt;/p&gt;

&lt;h2&gt;
  
  
  Example
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;VPC
│
├── Subnet A
├── Subnet B
└── Subnet C
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Each subnet gets a portion of the VPC IP address range.&lt;/p&gt;

&lt;p&gt;This helps:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Organize applications&lt;/li&gt;
&lt;li&gt;Separate workloads&lt;/li&gt;
&lt;li&gt;Improve security&lt;/li&gt;
&lt;li&gt;Control traffic flow&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp8165oa84bt28wws3vnr.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp8165oa84bt28wws3vnr.jpg" alt=" " width="800" height="450"&gt;&lt;/a&gt;&lt;/p&gt;




&lt;h1&gt;
  
  
  Public vs Private Subnets
&lt;/h1&gt;

&lt;p&gt;Subnets are mainly divided into 2 types:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Public Subnet&lt;/li&gt;
&lt;li&gt;Private Subnet&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Let us understand both.&lt;/p&gt;




&lt;h1&gt;
  
  
  Public Subnet
&lt;/h1&gt;

&lt;p&gt;A public subnet is a subnet that can communicate with the internet.&lt;/p&gt;

&lt;p&gt;Resources inside public subnet usually include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Load Balancers&lt;/li&gt;
&lt;li&gt;Bastion Hosts&lt;/li&gt;
&lt;li&gt;Public-facing applications&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Example
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
   ⬇️
Internet Gateway
   ⬇️
Public Subnet
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Public subnets are connected to the internet through something called an &lt;strong&gt;Internet Gateway&lt;/strong&gt;.&lt;/p&gt;




&lt;h1&gt;
  
  
  Private Subnet
&lt;/h1&gt;

&lt;p&gt;A private subnet does &lt;strong&gt;NOT&lt;/strong&gt; allow direct internet access.&lt;/p&gt;

&lt;p&gt;Resources inside private subnet usually include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Databases&lt;/li&gt;
&lt;li&gt;Internal Applications&lt;/li&gt;
&lt;li&gt;Backend Services&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Example
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Private Subnet
      ⬇️
Database / Application
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Private subnets are more secure because they are not directly exposed to the internet.&lt;/p&gt;

&lt;p&gt;This is one of the most important security practices in cloud environments.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foae890vjbb6hxfkmx3iz.jpg" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foae890vjbb6hxfkmx3iz.jpg" alt=" " width="800" height="450"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Here route table controls how the traffic moves between subnets and gateways.&lt;/p&gt;




&lt;h1&gt;
  
  
  Simple Real World Architecture
&lt;/h1&gt;

&lt;p&gt;Here is a basic flow of how applications are commonly structured inside a VPC:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Internet
   ⬇️
Internet Gateway
   ⬇️
Load Balancer
   ⬇️
Private Subnet
   ⬇️
Application Server / Database
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;This architecture helps:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Keep applications secure&lt;/li&gt;
&lt;li&gt;Control traffic properly&lt;/li&gt;
&lt;li&gt;Isolate backend systems from direct internet access&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Key Benefits of VPC
&lt;/h1&gt;

&lt;p&gt;Some major benefits of VPC are:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Isolation between companies and applications&lt;/li&gt;
&lt;li&gt;Better security&lt;/li&gt;
&lt;li&gt;Full control over networking&lt;/li&gt;
&lt;li&gt;Ability to create public/private networks&lt;/li&gt;
&lt;li&gt;Improved scalability&lt;/li&gt;
&lt;li&gt;Better traffic management&lt;/li&gt;
&lt;/ul&gt;




&lt;h1&gt;
  
  
  Conclusion
&lt;/h1&gt;

&lt;p&gt;VPC is the foundation of AWS networking.&lt;/p&gt;

&lt;p&gt;It allows organizations to create their own isolated and secure network inside AWS where they can safely run applications and services.&lt;/p&gt;

&lt;p&gt;In this article, we understood:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Why VPC exists&lt;/li&gt;
&lt;li&gt;Isolation in AWS&lt;/li&gt;
&lt;li&gt;CIDR Blocks&lt;/li&gt;
&lt;li&gt;Subnets&lt;/li&gt;
&lt;li&gt;Public vs Private Subnet concepts&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In the upcoming articles, we will dive deeper into:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Route Tables&lt;/li&gt;
&lt;li&gt;Internet Gateway&lt;/li&gt;
&lt;li&gt;Security Groups&lt;/li&gt;
&lt;li&gt;NAT Gateway&lt;/li&gt;
&lt;li&gt;NACLs
and understand how networking works inside AWS in more detail. 🙋‍♀️&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aws</category>
      <category>vpc</category>
      <category>cloudcomputing</category>
      <category>beginners</category>
    </item>
    <item>
      <title>EC2 Beginner Guide: Launch Your First AWS Instance</title>
      <dc:creator>Vijaya Laxmi Kadham</dc:creator>
      <pubDate>Thu, 28 May 2026 03:27:33 +0000</pubDate>
      <link>https://dev.to/kadhamvj23/ec2-beginner-guide-launch-your-first-aws-instance-5gjp</link>
      <guid>https://dev.to/kadhamvj23/ec2-beginner-guide-launch-your-first-aws-instance-5gjp</guid>
      <description>&lt;h2&gt;
  
  
  Introduction
&lt;/h2&gt;

&lt;p&gt;In my previous IAM article we learnt basics of IAM and how to create Users, Groups and attach Policies. You can refer here: &lt;a href="https://dev.to/kadhamvj23/aws-identity-and-access-management-explained-for-beginners-cn7"&gt;https://dev.to/kadhamvj23/aws-identity-and-access-management-explained-for-beginners-cn7&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;After setting up secure access to our AWS account using IAM, the next question we mostly have is &lt;strong&gt;where do we actually run our application?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The answer is &lt;strong&gt;Amazon EC2 - Elastic Cloud Compute.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;EC2&lt;/strong&gt; is one of the most widely used &lt;strong&gt;AWS services&lt;/strong&gt; and understanding it well is essential for anyone starting their cloud journey. In this article we will cover what EC2 is, why it exists, the different types of instances, pricing models, Regions and availability Zones and finally hands-on walk through of creating your first EC2 instance.&lt;/p&gt;

&lt;h2&gt;
  
  
  Breaking Down the Name -EC2
&lt;/h2&gt;

&lt;p&gt;Let us understand what each word in the name actually means:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Elastic&lt;/strong&gt; --&amp;gt; In AWS you will notice many services have this prefix "Elastic". The reason is simple. Whenever AWS provides a service that can be &lt;strong&gt;scaled up or scaled down&lt;/strong&gt; based on our needs, that service is called &lt;strong&gt;Elastic&lt;/strong&gt;. With EC2 you can increase resources when traffic is high and decrease them when the traffic is low.&lt;/p&gt;

&lt;p&gt;So in simple terms &lt;strong&gt;EC2 = A virtual server on the cloud that you can resize anytime.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Cloud:&lt;/strong&gt; EC2 runs on AWS's public cloud infrastructure, meaning the servers are owned and managed by Amazon across the world.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Compute:&lt;/strong&gt; The word compute means you are asking AWS to provide you CPU, RAM and Disk - basically a &lt;strong&gt;virtual machine or server&lt;/strong&gt; that can run your applications.&lt;/p&gt;

&lt;h2&gt;
  
  
  How does EC2 actually work?
&lt;/h2&gt;

&lt;p&gt;When you request a Virtual server from AWS, here is what happens behind the scenes:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;You request a virtual machine on AWS
                  ⬇️
request goes to a Hypervisor(a software layer 
sitting on top of physical servers that creates and manages VMs)
                  ⬇️
Hypervisor creates your VM
                  ⬇️
You get the access to your EC2 instance
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You never touch any physical hardware. AWS manages all of that for you.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why use EC2?
&lt;/h2&gt;

&lt;p&gt;Imagine your company wants to host an application. The traditional approach would be:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Buy physical servers&lt;/li&gt;
&lt;li&gt;Install a hypervisor&lt;/li&gt;
&lt;li&gt;Create VMs&lt;/li&gt;
&lt;li&gt;Provide access to employees&lt;/li&gt;
&lt;li&gt;manage timely upgrades&lt;/li&gt;
&lt;li&gt;Handle security patches&lt;/li&gt;
&lt;li&gt;Deal with hardware failures&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This sounds manageable for 10 servers. But imagine doing this for 1000s of servers. Your entire day as a system admin would be consumed just keeping things running -not building anything new.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;AWS EC2 solves this entirely&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Instead of managing physical hardware, you simply:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Go to AWS Console&lt;/li&gt;
&lt;li&gt;Launch an &lt;strong&gt;EC2&lt;/strong&gt; instance in minutes&lt;/li&gt;
&lt;li&gt;Pay only for what you use - &lt;strong&gt;PAYG&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Let AWS handle all hardware maintenance, upgrades and security&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;AWS takes care of the physical infrastructure so you can focus on your actual work.&lt;/p&gt;

&lt;h2&gt;
  
  
  Key Concepts You must Know Before Creating EC2 Instance
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;1. AMI - Amazon Machine Image&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Before launching an EC2 instance, you will need to choose an AMI. Think of it as the &lt;strong&gt;OS template&lt;/strong&gt; for your server.&lt;/p&gt;

&lt;p&gt;Example: Amazon Linux, Ubuntu, Windows, Red hat&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Key-Pair&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;When you create an EC2 instance, AWS gives you a key-pair - a set of two keys(&lt;strong&gt;public and private&lt;/strong&gt;) used to securely connect to your instance.&lt;/p&gt;

&lt;p&gt;AWS keeps the &lt;strong&gt;public key.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;You can download and keep the &lt;strong&gt;private key(.pem file)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Without this key, you can't &lt;strong&gt;SSH&lt;/strong&gt; into your instance.&lt;/p&gt;

&lt;p&gt;Think of this as a &lt;strong&gt;digital lock&lt;/strong&gt; and key - AWS puts the lock on the server and gives you the only key.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Security groups:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A &lt;strong&gt;Security Group&lt;/strong&gt; acts as a &lt;strong&gt;virtual firewall&lt;/strong&gt; for your EC2 instance. it controls which traffic is allowed in and out.&lt;/p&gt;

&lt;p&gt;We will understand more about this in future articles when we deep dive more into Security Groups and Networking.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;4. EBS: Elastic Block Storage&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Every EC2 instance needs storage. EBS is the &lt;strong&gt;hard disk&lt;/strong&gt; attached to your EC2 instance where your data, OS files &amp;amp; application files are stored.&lt;/p&gt;

&lt;p&gt;Just like EC2, &lt;strong&gt;EBS is also elastic&lt;/strong&gt; in nature, that can increase and decrease the disk size anytime without stopping your instance.&lt;/p&gt;

&lt;h2&gt;
  
  
  Types of EC2 instances:
&lt;/h2&gt;

&lt;p&gt;AWS offers &lt;strong&gt;5 types&lt;/strong&gt; of EC2 instances. You can choose based on what your application needs. The following are the types:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. General Purpose:&lt;/strong&gt; Best for balanced CPU, RAM and storage like web servers, small apps&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Compute Optimized:&lt;/strong&gt; best for High CPU performance like gaming servers&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Memory Optimized:&lt;/strong&gt; for large amounts of RAM like Big databases, data analytics&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;4. Storage Optimized:&lt;/strong&gt; For High disk rea/write speed like data warehouses, log processing&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;5. Accelerated Computing:&lt;/strong&gt; For GPU based tasks like machine learning.&lt;/p&gt;

&lt;p&gt;Depending on your application requirement you pick the right instance type. For the learning purpose in this complete blog I will be using the general Purpose EC2 instance.&lt;/p&gt;

&lt;h2&gt;
  
  
  EC2 Pricing Models
&lt;/h2&gt;

&lt;p&gt;This is very important and often comes up in AWS certifications:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. On-Demand:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Pay per hour or per second&lt;/li&gt;
&lt;li&gt;No commitment&lt;/li&gt;
&lt;li&gt;best for: short term or unpredictable workloads&lt;/li&gt;
&lt;li&gt;Most expensive per hour but most flexible.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;2. Reserved Instances&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;You commit to using EC2 for 1 or 3 years&lt;/li&gt;
&lt;li&gt;Get up to 75% discount compared to On-Demand&lt;/li&gt;
&lt;li&gt;Best for steady, predictable workloads&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;3. Spot Instances&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;You bid for unused AWS capacity&lt;/li&gt;
&lt;li&gt;Can be up to 90% cheaper than On-Demand&lt;/li&gt;
&lt;li&gt;But AWS can terminate your instance with 2 mins notice if they need the capacity back.&lt;/li&gt;
&lt;li&gt;Best for batch jobs, testing jobs, non critical tasks&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;4. Savings Plan&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;flexible pricing model&lt;/li&gt;
&lt;li&gt;Commit to a specific amount of usage per hour&lt;/li&gt;
&lt;li&gt;Applies across EC2, lambda and other services&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Regions and Availability Zones
&lt;/h2&gt;

&lt;p&gt;AWS has &lt;strong&gt;data centers&lt;/strong&gt; spread across the world organized as:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Regions&lt;/strong&gt; -- A geographical area like Mumbai, US East, Singapore. AWS has multiple regions across the world. You can choose a region closest to your users for low latency.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Availability Zones(AZs)&lt;/strong&gt; -- Within each region there are multiple Availability zones. Each AZ is essentially a separate data center with its own power, cooling and networking. This means if one AZ goes down your application can still run from another AZ.&lt;/p&gt;

&lt;h2&gt;
  
  
  EC2 Best practices
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Always attach a &lt;strong&gt;Security Group&lt;/strong&gt; - never leave all ports open&lt;/li&gt;
&lt;li&gt;Never loose your &lt;strong&gt;key pair&lt;/strong&gt; - you cannot recover it.&lt;/li&gt;
&lt;li&gt;Choose &lt;strong&gt;region&lt;/strong&gt; closest to your uses.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Stop instances&lt;/strong&gt; when not in use - you are charged for running time.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Hands-On: Launching an EC2 Instance and Deploying Jenkins on AWS
&lt;/h2&gt;

&lt;p&gt;Now, let’s move towards the practical implementation by &lt;strong&gt;launching an EC2 **instance and **deploying Jenkins&lt;/strong&gt; on it.&lt;/p&gt;

&lt;p&gt;By the end of this lab, you will successfully deploy your first application on AWS EC2.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 1: Login to AWS Console&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Open your AWS account and log in to the &lt;strong&gt;AWS Management Console.&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;In the search bar at the top, type &lt;strong&gt;EC2&lt;/strong&gt; and click on the EC2 service.&lt;/li&gt;
&lt;li&gt;You will now be redirected to the &lt;strong&gt;EC2 Dashboard.&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0soedije1s4vyezuf7uy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0soedije1s4vyezuf7uy.png" alt=" " width="799" height="380"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 2: Launch a New EC2 Instance&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;On the left-hand side panel:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Click on &lt;strong&gt;Instances&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Then click on &lt;strong&gt;Launch Instance&lt;/strong&gt; (top-right corner)&lt;/li&gt;
&lt;li&gt;You will now enter the Launch Instance configuration page.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Step 3: Configure the EC2 Instance&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. Give Your Instance a Name&lt;/strong&gt;: Under the Name and Tags section, provide a name for your instance. Example: My-First-Instance&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Choose an Operating System:&lt;/strong&gt; Under Application and OS Images (Amazon Machine Image) select the &lt;strong&gt;operating system.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;For this practice, I selected: &lt;strong&gt;Ubuntu&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Create a Key Pair:&lt;/strong&gt; The Key Pair is extremely important because it is used to securely log in to your EC2 instance.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Click on &lt;strong&gt;Create new key pair&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Give the key pair a name&lt;/li&gt;
&lt;li&gt;Download the &lt;strong&gt;.pem&lt;/strong&gt; file&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Note:&lt;/strong&gt; Keep this &lt;strong&gt;.pem file&lt;/strong&gt; safe because it cannot be downloaded again.&lt;/p&gt;

&lt;p&gt;And for now, we will not touch the security part and other parts, just keep it as it is and then click on &lt;strong&gt;"Launch Instance".&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 4: Verify the Instance is Running&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Once the instance is launched:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Open the instance&lt;/li&gt;
&lt;li&gt;Ensure the Instance State is Running&lt;/li&gt;
&lt;li&gt;Click on the Instance ID to view complete details.&lt;/li&gt;
&lt;li&gt;We will use the Public IPv4 Address to access the server and application. Example: 32.197.45.191&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Step 5: Connect to EC2 Instance Using SSH&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Open your terminal.&lt;/p&gt;

&lt;p&gt;Depending on your operating system, you can use:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Git Bash (Windows)&lt;/li&gt;
&lt;li&gt;PuTTY&lt;/li&gt;
&lt;li&gt;MobaXterm&lt;/li&gt;
&lt;li&gt;Default Terminal (Mac/Linux)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For this practice, I will use &lt;strong&gt;Git Bash.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Navigate to the Download Folder: Move to the folder where the .pem file was downloaded like below image.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9bsf5m4dud9p1a0n4141.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9bsf5m4dud9p1a0n4141.png" alt=" " width="471" height="92"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Connect to the EC2 Instance&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Run the following command:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;ssh -i test-user1.pem ubuntu@32.197.45.191
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Step 6: Fix Permission Error for .pem File&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;While connecting, you may get an error like: " Permissions for 'test-user1.pem' are too open "&lt;/p&gt;

&lt;p&gt;This happens because the &lt;strong&gt;.pem file&lt;/strong&gt; contains sensitive credentials and requires restricted permissions.&lt;/p&gt;

&lt;p&gt;Use the following command to change file permissions:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;chmod 600

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;"chmod" command is used to change the permissions of the file.&lt;/p&gt;

&lt;p&gt;Now reconnect:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;ssh -i test-user1.pem ubuntu@32.197.45.191
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;You should now successfully log in to the EC2 instance.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 7: Verify Current User&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To check the current logged-in user, type &lt;strong&gt;"whoami&lt;/strong&gt; in the terminal.&lt;br&gt;
The output will be &lt;strong&gt;"ubuntu"&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 8: Switch to Root User (Optional)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To become the root user type:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;sudo su -

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Now you will have root access. As shown in below image.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4mh4q3o0gwclzh47kp8f.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4mh4q3o0gwclzh47kp8f.png" alt=" " width="596" height="108"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 9: Update Packages&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Before installing any software, always update the server packages.&lt;/p&gt;

&lt;p&gt;If Logged in as Ubuntu User&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;sudo apt update

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If Logged in as Root User, type &lt;strong&gt;"apt update"&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Once this is done, lets now try to deploy an Jenkins application from here.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 10: Install Jenkins&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Now let’s deploy an application on the EC2 instance.&lt;/p&gt;

&lt;p&gt;We will install &lt;strong&gt;Jenkins.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Visit the official Jenkins website&lt;/p&gt;

&lt;p&gt;Copy the Ubuntu installation commands from the website and execute them in the terminal.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 11: Verify Jenkins Service Status&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;After installation, check Jenkins status:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;systemctl status jenkins

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If Jenkins is not active, also if you are getting any error for inactive you can also check the java version, it works best with java 21 version. So if the java isn't in this version try updating the version. &lt;br&gt;
Also restart the service:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;systemctl restart jenkins

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then check the status again.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 12: Access Jenkins from Browser&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Copy the Public IP Address from your EC2 instance.&lt;br&gt;
Open a browser and access Jenkins using:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://&amp;lt;Public-IP&amp;gt;:8080

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Initially, the application may not open because port &lt;strong&gt;8080&lt;/strong&gt; is blocked in the &lt;strong&gt;Security Group&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 13: Configure Security Group for Jenkins&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To allow access to Jenkins:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Open the EC2 Instance&lt;/li&gt;
&lt;li&gt;Scroll down to the &lt;strong&gt;Security&lt;/strong&gt; section&lt;/li&gt;
&lt;li&gt;Click on the attached &lt;strong&gt;Security Group&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fupjpq0f675q3n94edr5y.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fupjpq0f675q3n94edr5y.png" alt=" " width="800" height="274"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Under Inbound Rules:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Click Edit Inbound Rules&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Add a new rule with:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Type          Port Range  Source&lt;/strong&gt;&lt;br&gt;
Custom TCP  8080            Anywhere IPv4&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7e4ny25do1d81dzojkjq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7e4ny25do1d81dzojkjq.png" alt=" " width="800" height="281"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Then click: &lt;strong&gt;Save Rules&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 14: Open Jenkins Again&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Now refresh the browser:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;http://&amp;lt;Public-IP&amp;gt;:8080

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Step 15: Retrieve Jenkins Initial Password&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Run the following command inside the EC2 terminal:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;cat /var/lib/jenkins/secrets/initialAdminPassword

&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Copy the password and paste it into the Jenkins browser page.&lt;/p&gt;

&lt;p&gt;You will now enter the Jenkins dashboard.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F59ag9umgw9p1n9cahj68.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F59ag9umgw9p1n9cahj68.png" alt=" " width="800" height="401"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Congratulations! 🎉🥳&lt;/p&gt;

&lt;p&gt;You have successfully:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Launched your first EC2 instance&lt;/li&gt;
&lt;li&gt;Connected to it using SSH&lt;/li&gt;
&lt;li&gt;Managed secure access using a &lt;strong&gt;.pem&lt;/strong&gt; key&lt;/li&gt;
&lt;li&gt;Installed Jenkins&lt;/li&gt;
&lt;li&gt;Configured Security Groups&lt;/li&gt;
&lt;li&gt;Deployed and accessed your first application on AWS&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I hope this article helped you in knowing the basics of EC2 and and also how to deploy an Application in EC2.&lt;/p&gt;

&lt;p&gt;Let's meet in next article with another service of AWS!!!&lt;/p&gt;

</description>
      <category>aws</category>
      <category>ec2</category>
      <category>beginners</category>
      <category>cloudcomputing</category>
    </item>
  </channel>
</rss>
