When you sign up for a new Amazon Web Services account you are usually greeted with a generous free plan. This setup typically comes with an initial $100 in credits to help you get started on your cloud journey. This is a fantastic way to learn without risking your own money. But what many beginners do not realize is that you can earn an additional $100 in AWS credits through a special program called Explore AWS. This program is designed to reward you for exploring different parts of the platform.
The Explore AWS program asks you to perform five specific activities. Each activity you complete unlocks a $20 credit reward. The five activities are launching an instance using EC2 using a foundation model in Amazon Bedrock setting up a cost budget using AWS Budgets creating a web app using AWS Lambda and creating an Aurora or RDS database. By the time you finish you will have a total of $200 in credits. This gives you a massive runway to learn and build real projects.
As someone who uses MechCloud I have found that automating this process is far better than clicking around the AWS console manually. The AWS console is huge and it is very easy to leave resources running by accident. While it is possible to use the AWS Command Line Interface to do all these things the biggest advantage of using MechCloud is its real-time pricing feature. For any person new to AWS seeing the exact cost of your infrastructure before you create it is critical. It ensures you do not accidentally burn through your hard earned credits in a few days.
In this post we are going to look at how to automate the two most infrastructure heavy activities on that list. We will launch an EC2 instance and an RDS database. We will write a single template to handle the networking the security and the servers.
The Challenge with Traditional Automation
When most people talk about Infrastructure as Code they immediately mention Terraform. I tried learning Terraform when I first started but it felt like hitting a brick wall. Terraform requires you to manage something called a state file. This file keeps track of what you have built. If you lose that file or if it gets corrupted your automation breaks. You also have to write a lot of boilerplate code just to get the tool to talk to AWS.
MechCloud takes a different approach called Stateless IaC. There is no state file to manage. The platform talks directly to your live AWS account to see what exists. This takes away a huge amount of stress for a beginner. You just write your template and the platform figures out the rest.
Activity 1: Launching Your EC2 Instance
The first activity earns you a $20 credit by launching an EC2 instance. An EC2 instance is simply a virtual computer running in an AWS data center. Before we can launch a computer we need a place to put it. We need a virtual network.
In AWS a virtual network is called a VPC or Virtual Private Cloud. Think of the VPC as a large piece of fenced off land in the cloud. Inside that land we create a Subnet. A subnet is like a specific building on your land. Finally we place our EC2 instance inside that building.
We also need to secure our computer. We do this using a Security Group which acts like a virtual bouncer at the door. We only want to allow access from our own personal computer. If we open it to the world anyone could try to log in. MechCloud makes this incredibly easy with a special placeholder called {{CURRENT_IP}}. When you deploy the template the platform automatically finds your actual IP address and locks the server down so only you can access it.
We also use the {{CURRENT_REGION}} placeholder. AWS operates in many different regions around the world like Ohio or Mumbai or London. By using this placeholder our template becomes completely portable. It will work perfectly no matter which region you select in your account.
Here is the part of the MechCloud template that creates our virtual network our security group and our virtual machine. Notice how we nest the resources inside each other.
resources:
- type: aws_ec2_vpc
name: credits_vpc
props:
cidr_block: "10.0.0.0/16"
resources:
- type: aws_ec2_subnet
name: subnet_vm
props:
cidr_block: "10.0.1.0/24"
availability_zone: "{{CURRENT_REGION}}a"
resources:
- type: aws_ec2_instance
name: credits_ec2
props:
image_id: "{{Image|arm64_ubuntu_24_04}}"
instance_type: "t4g.small"
security_group_ids:
- "ref:credits_vpc/ec2_sg"
- type: aws_ec2_security_group
name: ec2_sg
props:
group_name: "aws-credits-ec2-sg"
group_description: "SG for credits EC2 instance"
security_group_ingress:
- ip_protocol: tcp
from_port: 22
to_port: 22
cidr_ipv4: "{{CURRENT_IP}}/32"
We chose the t4g.small instance type because it uses an AWS Graviton processor. These processors are highly efficient and cost much less to run than standard processors. This helps stretch your credits even further.
Before deploying anything MechCloud provides a plan output with real-time pricing. This is what makes the platform so powerful for beginners. You can see exactly what this setup will cost per month.
credits_vpc (action: create)
-- subnet_vm (action: create)
---- credits_ec2 (action: create, monthly: $9.76, change: +100%)
=> Compute (price: $0.0168/Hrs, hours: 543, monthly: $9.12, spot-price: $0.0043/Hrs, spot-monthly: $2.33)
=> Boot disk (/dev/sda1, 8GB gp3) (monthly: $0.64)
=> Storage cost (gp3) (price: $0.08/GB-Mo, quantity: 8, monthly: $0.64)
=> IOPS (monthly: $0.00)
=> Tier 1 (First 3000 IOPS-Mo - price: $0.00/IOPS-Mo, quantity: 3000, monthly: $0.00)
=> Throughput (monthly: $0.00)
=> Tier 1 (First 125 MiBps-mo - price: $0.00/MiBps-mo, quantity: 125, monthly: $0.00)
-- ec2_sg (action: create)
As you can see launching this server costs less than $10 per month. Since the activity gives you a $20 credit you are instantly ahead.
Activity 2: Creating an RDS Database
The next major activity is creating a managed relational database using Amazon RDS. This earns you another $20 credit. Databases are the core of almost any real world application. But setting them up correctly requires a bit of networking knowledge.
AWS requires managed databases to be highly available. This means you must provide at least two subnets in two different Availability Zones. Think of an availability zone as an isolated data center in a specific city. If one data center has a power outage your database can failover to the other data center automatically.
We need to create two new subnets for our database. We also need a new Security Group for the database. We do not want anyone on the internet to reach our database directly. We only want our EC2 instance to be able to talk to it. We can do this easily in MechCloud by using the ref keyword to reference our EC2 security group inside our RDS security group rules.
Here is the template section that sets up the database networking the security rules and the actual MySQL database instance.
- type: aws_ec2_subnet
name: subnet_db_1
props:
cidr_block: "10.0.2.0/24"
availability_zone: "{{CURRENT_REGION}}a"
- type: aws_ec2_subnet
name: subnet_db_2
props:
cidr_block: "10.0.3.0/24"
availability_zone: "{{CURRENT_REGION}}b"
- type: aws_ec2_security_group
name: rds_sg
props:
group_name: "aws-credits-rds-sg"
group_description: "SG for credits RDS instance"
security_group_ingress:
- ip_protocol: tcp
from_port: 3306
to_port: 3306
source_security_group_id: "ref:credits_vpc/ec2_sg"
- type: aws_rds_db_subnet_group
name: credits_db_subnet_group
props:
db_subnet_group_name: "aws-credits-db-subnet-group"
db_subnet_group_description: "Subnet group for credits RDS"
subnet_ids:
- "ref:credits_vpc/subnet_db_1"
- "ref:credits_vpc/subnet_db_2"
- type: aws_rds_db_instance
name: credits_db
props:
db_instance_identifier: "aws-credits-db"
engine: "mysql"
engine_version: "8.0"
db_instance_class: "db.t3.micro"
allocated_storage: "20"
db_name: "credits"
master_username: "admin"
master_user_password: "Kx7#mP2$vL9qN4wR"
db_subnet_group_name: "ref:credits_db_subnet_group"
vpc_security_groups:
- "ref:credits_vpc/rds_sg"
Once again MechCloud provides a clear pricing output for the database resources before you deploy them. Databases are usually the most expensive part of a cloud setup so seeing this price up front is incredibly reassuring.
-- subnet_db_1 (action: create)
-- subnet_db_2 (action: create)
-- rds_sg (action: create)
credits_db_subnet_group (action: create)
credits_db (action: create, monthly: $14.95, change: +100%)
=> Compute (price: $0.017/Hrs, monthly: $12.65)
=> Storage (price: $0.115/GB-Mo, quantity: 20, monthly: $2.30)
The database costs around $15 per month. Combined with the EC2 instance your entire cloud environment costs roughly $25 per month. With your total $200 in credits you can run this fully functional secure application architecture for eight entire months without paying a single cent out of pocket.
Why This Approach is Better Than Terraform
As a user who has wrestled with different tools I can confidently say this method is far superior for anyone starting out. Here is a breakdown of why I prefer this platform over traditional tools like Terraform.
Total Freedom from State Files
The biggest relief is that MechCloud is stateless. There is no local file or remote bucket I have to manage just to keep track of my infrastructure. If my laptop crashes my cloud setup does not break. The platform looks directly at AWS to see what is running. There is no locking migrating or recovering to worry about ever.
Zero Infrastructure Scaffolding
When I open a blank file I just start typing the resources I want. I do not have to write a block of code to configure the provider or set up a backend. There is no module wiring or complicated data lookups. The template only contains the actual architecture I am trying to build.
Logical Infrastructure Hierarchy
Most tools make you list your resources flatly. MechCloud lets me declare resources inside their logical parents. I put the Subnet inside the VPC and the EC2 instance inside the Subnet. This nesting makes the relationships instantly obvious to anyone reading the file. It removes a massive amount of confusing dependency wiring.
No Parent ID Plumbing
Because of that hierarchical structure child resources automatically inherit the context of their parents. I never have to write code to extract a VPC ID and pass it to a Subnet or take a Subnet ID and pass it to a virtual machine. It all happens automatically behind the scenes.
Simple Cross Resource References
Sometimes I need to link things that are not nested like attaching my Security Group to my Database. Instead of managing complex variables or outputs I just use the ref keyword. Writing ref:credits_vpc/ec2_sg is simple direct and easy to read.
No AMI ID Management
Finding the correct machine image ID in AWS is tedious because it changes depending on your region. MechCloud uses Image Aliases like {{Image|arm64_ubuntu_24_04}}. These aliases resolve automatically in the background so my template works instantly whether I deploy it in Tokyo or Ireland. I never have to track region specific IDs again.
Real Time Pricing During Authoring
This is the ultimate feature for any beginner. MechCloud shows me the exact cost of the infrastructure while I am authoring the template. I do not have to wait for a surprise bill at the end of the month. I can plan my credit usage with absolute precision.
The Complete Automation Template
To bring it all together here is the complete template. You can copy this single file to set up a secure virtual network a cost optimized virtual machine and a highly available private database. This setup completes the two largest activities for the Explore AWS program and ensures you have a solid foundation for your additional $100 in credits.
resources:
- type: aws_ec2_vpc
name: credits_vpc
props:
cidr_block: "10.0.0.0/16"
resources:
- type: aws_ec2_subnet
name: subnet_vm
props:
cidr_block: "10.0.1.0/24"
availability_zone: "{{CURRENT_REGION}}a"
resources:
- type: aws_ec2_instance
name: credits_ec2
props:
image_id: "{{Image|arm64_ubuntu_24_04}}"
instance_type: "t4g.small"
security_group_ids:
- "ref:credits_vpc/ec2_sg"
- type: aws_ec2_subnet
name: subnet_db_1
props:
cidr_block: "10.0.2.0/24"
availability_zone: "{{CURRENT_REGION}}a"
- type: aws_ec2_subnet
name: subnet_db_2
props:
cidr_block: "10.0.3.0/24"
availability_zone: "{{CURRENT_REGION}}b"
- type: aws_ec2_security_group
name: ec2_sg
props:
group_name: "aws-credits-ec2-sg"
group_description: "SG for credits EC2 instance"
security_group_ingress:
- ip_protocol: tcp
from_port: 22
to_port: 22
cidr_ipv4: "{{CURRENT_IP}}/32"
- type: aws_ec2_security_group
name: rds_sg
props:
group_name: "aws-credits-rds-sg"
group_description: "SG for credits RDS instance"
security_group_ingress:
- ip_protocol: tcp
from_port: 3306
to_port: 3306
source_security_group_id: "ref:credits_vpc/ec2_sg"
- type: aws_rds_db_subnet_group
name: credits_db_subnet_group
props:
db_subnet_group_name: "aws-credits-db-subnet-group"
db_subnet_group_description: "Subnet group for credits RDS"
subnet_ids:
- "ref:credits_vpc/subnet_db_1"
- "ref:credits_vpc/subnet_db_2"
- type: aws_rds_db_instance
name: credits_db
props:
db_instance_identifier: "aws-credits-db"
engine: "mysql"
engine_version: "8.0"
db_instance_class: "db.t3.micro"
allocated_storage: "20"
db_name: "credits"
master_username: "admin"
master_user_password: "Kx7#mP2$vL9qN4wR"
db_subnet_group_name: "ref:credits_db_subnet_group"
vpc_security_groups:
- "ref:credits_vpc/rds_sg"
By leveraging this modern approach to infrastructure you protect your budget and set yourself up for long term success in the cloud. You spend less time fighting with configuration files and more time actually learning how to build powerful applications.
Going Multi-Cloud with GCP
While this guide focused on maximizing your AWS credits, the power of Stateless IaC is not limited to just one provider. If you are interested in seeing how these same hierarchical concepts and real-time pricing benefits apply to Google Cloud Platform (GCP), check out our video demo. We walk through deploying resources on GCP using the same intuitive approach, proving that you don't need to learn a new state management workflow just to try a different cloud.
Top comments (0)