If you missed our previous session, you can catch up here.
This week, we continued with the AWS Fundamentals where we left off. All with the sole aim of strengthening the foundations. Let’s dive in, shall we?
Understanding AWS Core Services
Amazon Web Services (AWS) offers a vast ecosystem of cloud services that power everything from simple websites to complex, globally distributed enterprise systems. While the number of services can feel overwhelming to beginners, AWS is built around clear service categories, strong identity and access controls, and a robust networking foundation centered on the Virtual Private Cloud (VPC).
AWS Core Service Categories
AWS organizes its services into logical categories to make it easier for users to design, deploy, and manage cloud architectures.
1. Compute
Services that provide processing power:
Amazon EC2 (virtual servers)
AWS Lambda (serverless compute)
Amazon ECS/EKS (container orchestration)
Example:
A startup runs its backend API on EC2 while using Lambda for event-driven tasks like sending emails.
2. Storage
Durable and scalable data storage:
Amazon S3 (object storage)
Amazon EBS (block storage)
Amazon EFS (file storage)
Example:
A media company stores videos in S3 and attaches EBS volumes to EC2 for database storage.
3. Databases
Managed databases for different workloads:
Amazon RDS (relational)
DynamoDB (NoSQL)
Aurora (high-performance relational)
Example:
An e-commerce platform uses RDS for transactions and DynamoDB for session management.
4. Networking & Content Delivery
Connectivity and traffic management:
Amazon VPC
Elastic Load Balancer (ELB)
Amazon Route 53
Amazon CloudFront
5. Security, Identity & Compliance
Protecting resources and managing access:
AWS IAM
AWS KMS
AWS Shield
AWS WAF
6. Management & Governance
Monitoring, auditing, and automation:
Amazon CloudWatch
AWS CloudTrail
AWS Config
The Security Backbone of AWS
AWS Identity and Access Management (IAM) is the service that controls who can access AWS resources and what they are allowed to do.
IAM follows the principle of least privilege, meaning users should only have permissions necessary to perform their tasks nothing more.
Why IAM Is Critical
Without proper IAM controls:
Resources can be accidentally deleted
Security breaches become more likely
Compliance requirements may be violated
IAM ensures AWS environments remain secure, auditable, and well-governed.
IAM Components Explained
1. IAM Users
Represents a person or application that interacts with AWS.
Example:
A developer is given an IAM user with permissions to manage EC2 instances but not billing.
2. IAM Groups
Collections of users with shared permissions.
Example:
A “DevOps” group has permissions to deploy infrastructure, while a “ReadOnly” group can only view resources.
3. IAM Roles
Temporary permissions assumed by users or services.
Example:
An EC2 instance assumes a role that allows it to read from S3 without storing credentials.
4. IAM Policies
JSON documents defining permissions.
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
This policy allows reading objects from a specific S3 bucket.
5. Multi-Factor Authentication (MFA)
Adds an extra layer of security using time-based codes.
IAM Components and How They Interact
IAM works through relationships:
Users belong to groups
Groups have policies attached
Roles are assumed temporarily
Policies define allowed or denied actions
Real-World Example:
A CI/CD pipeline uses an IAM role to deploy applications. The role has permissions only to update EC2 and ECS services nothing else.
This approach:
Improves security
Eliminates long-term credentials
Simplifies access control
AWS Networking Essentials
Networking in AWS defines how resources communicate with each other and with the internet. At the center of AWS networking is the Virtual Private Cloud (VPC).
What Is a VPC?
A Virtual Private Cloud (VPC) is a logically isolated virtual network in AWS where you launch resources.
Think of it as your own private data center in the cloud.
VPC Key Components Explained
1. CIDR Block
Defines the IP address range for the VPC.
Example:
10.0.0.0/16 gives up to 65,536 private IP addresses.
2. Subnets
Smaller IP ranges within a VPC.
Public subnets → internet-facing resources
Private subnets → internal resources
Example:
Web servers in public subnets, databases in private subnets.
3. Internet Gateway (IGW)
Allows communication between the VPC and the internet.
4. Route Tables
Control how traffic flows within the VPC.
Example:
Traffic destined for 0.0.0.0/0 is routed through the Internet Gateway.
5. NAT Gateway
Allows private subnet resources to access the internet without being exposed.
6. Security Groups
Stateful firewalls controlling inbound and outbound traffic at the instance level.
Example:
Allow HTTP (80) and HTTPS (443) traffic only.
7. Network ACLs (NACLs)
Stateless firewalls applied at the subnet level.
Real-World Architecture Example
A production web application:
VPC with two Availability Zones
Public subnets for load balancers
Private subnets for application servers
Isolated subnets for databases
IAM roles for secure service access
This design ensures security, scalability, and high availability.
Why These Concepts Matter
Mastering AWS service categories, IAM, and VPC networking allows you to:
Build secure cloud architectures
Control access with confidence
Design scalable and resilient systems
Prepare for real-world cloud engineering roles
These are foundational skills used daily by cloud engineers, DevOps professionals, and architects.
AWS is powerful not because of individual services, but because of how those services work together. Understanding core service categories, IAM security models, and networking fundamentals is essential to building reliable, secure, and scalable cloud solutions.
I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.
For those who may not be familiar, Sanjeev Kumar brings over 20 years of hands-on experience across multiple domains and every phase of product delivery. He is known for his strong architectural mindset, with a deep focus on Automation, DevOps, Cloud, and Security.
Sanjeev has extensive expertise in technology assessment, working closely with senior leadership, architects, and diverse software delivery teams to build scalable and secure systems. Beyond industry practice, he is also an active educator, running a YouTube channel dedicated to helping professionals successfully transition into DevOps and Cloud careers.
This is a great opportunity for anyone looking to level up their DevOps/Cloud skills with real-world mentorship and career guidance.
Do refer below for the link with a dedicated discount automatically applied at checkout;
DevOps & Cloud Job Placement / Mentorship Program.
I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.
If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.
Let’s connect on social media. I’d love to engage and exchange ideas with you!
Top comments (0)