A developers guide to AWS - AWS Cloud 101

Transcript

1. © 2025, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Developers guide to AWS A W S - 1 0 0 D E V E L O P E R R E L A T I O N S Everything you need to know about how to get started developing applications to work with Cloud services

2. What is the ‘Cloud’?

3. On-premises IT Servers Storage Databases Applications Corporate network Internet /

   VPN Servers Storage Databases Applications Cloud services provider Internet / VPN Network Boundary

4. AWS under the covers • One or more data centers

   • Designed for fault isolation Typically houses thousands of servers • Each AWS Region is made up of two or more AZs • AWS has 36 Regions worldwide* with 114 Azs* Availability Zone (AZ) AZ eu-west-1c Region Data center AZ eu-west-1a AZ eu-west-1b eu-west-1 (Ireland)

5. AWS Cloud Networking and Content Delivery Mobile Internet of Things

   Compute Analytics Management and Governance Storage Security, Identity, and Compliance Database Machine Learning Application Integration End User Computing Media Services Game Tech Satellite AWS owns and maintains the network-connected hardware You provision and use what you need Ava Zo Data center

6. © 2022, Amazon Web Services, Inc. or its Affiliates. What

   is an AWS account Each AWS account • Is a resource container for AWS Cloud services • Is an explicit security boundary • Is a container for cost tracking and billing • Is a mechanism to enforce limits and thresholds (e.g., service quotas and API thresholds Account A AWS Cloud Storage Compute Networking & content delivery And much more

7. Single AWS Account Your AWS account Other tenants Other tenants

   Other tenants Other tenants Other tenants Other tenants

8. Scaling AWS Accounts Developer Sandbox Dev Pre-Prod Team/Project Accounts Security

   Core Accounts AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Data Center Developer Accounts
9. None

10. © 2022, Amazon Web Services, Inc. or its Affiliates.

11. © 2022, Amazon Web Services, Inc. or its Affiliates.

12. AWS Organizations AWS IAM Identity Center AWS IAM Identity Center

    user portal AWS Managed Microsoft AD AWS IAM Identity Center Identity Store or external IdP AWS IAM Identity Center (IdC) • Manage users and groups where they want; connect to AWS once • Centrally assign and manage access to AWS accounts; AWS IAM Identity Center integrated and cloud-based business applications

13. • IAM Users • IAM User Groups • IAM Roles

    • IAM Policies
14. None
15. None
16. None

17. { "Version": "2012-10-17", "Statement": [ { "Sid":"GrantReadOnlyAccessToAccountSettings", "Effect": "Allow", "Action":

    [ "account:GetAccountInformation", "account:ListRegions” ], "Resource": "*” } ] }

18. Identity management Access management Resource management AWS account AWS account

    Who can access what
19. None
20. None
21. None

22. AWS API AWS Web Console

23. AWS API AWS Web Console AZ AZ AZ

24. AWS API AWS Web Console Security Groups AZ AZ AZ

25. None
26. None

27. On-Demand Reserved Instances Savings plans Spot Instances • Charged per

    hour/second • Short-term • Unpredictable workloads • Discount for 1- to 3-year commitments • Larger upfront payment for greater discount • Up to 90% discount • Applications with flexible start and end times • Urgent computing needs for large amounts of capacity

28. AWS Free Tier Enables you to gain hands-on experience with

    the AWS platform, products, and services at no cost Always free 12 months free Trials
29. None

30. Tooling

31. None

32. AWS CLI IDE AWS SAM Amplify CLI ECS cli Elastic

    Beanstalk CLI AWS Tools for Powershell AWS AMI Tools Eclipse InteliJ PyCharm VSCode/ VStudio Rider Programming Language Tools – ssh,scp Local Cloud AWS CDK uses Users System Manager AWS CDK Cloud Shell AWS SDK .NET, Java, Javascript, Python, PHP, Ruby, Go, NodeJS, C++ Web Browser AWS Services Control Pane AWS Services Data Plane AWS API AWS Console Operating System

33. Lets build an application (old way)

34. https://github.com/094459/ada-blog-local

35. None

36. LOCAL machine/VM LOCAL machine/VM LOCAL machine/VM 4. How are we

    going to access our application? Via LOCAL networking

37. Lets deploy to AWS

38. None
39. None
40. None
41. None
42. None
43. None

44. Managed Self Manage •Technology skill and expertise •Installation and configuration

    of Technology stack •Scaling and performance tuning •Security configuration •Patching – updates and security fixes •Upstream contributions and fixes •Support of technology •Procurement and licensing costs •Infrastructure patching – security and functional •Compute orchestration, provisioning •Cluster scaling •Physical hardware, host OS/kernel, networking, and facilities •Physical data centre capabilities •Use technology

45. Compute Database Storage Messaging Analytics More operations Less operations Lambda

    Fargate ECS/EKS Elastic Beanstalk EC2 VM On Prem Hadoop On prem Handoop EC2 Amazon EMR Amazon OpenSearch SNS & SQS Step Functions Amazon MQ EBS On Prem S3 Storage On Prem MySQL On Prem MySQL On EC2 MySQL On RDS Amazon Redshift RDS Aurora Aurora Serverless Dynamo DB OpenSearch

46. AWS Lambda Serverless functions AWS Fargate Serverless containers ECS/EKS Container-management

    as a service EC2 Infrastructure-as-a-Service More opinionated Less opinionated AWS manages Customer manages • Data source integrations • Physical hardware, software, networking, and facilities • Provisioning • Application code • Container orchestration, provisioning • Cluster scaling • Physical hardware, host OS/kernel, networking, and facilities • Application code • Data source integrations • Security config and updates, network config, management tasks • Container orchestration control plane • Physical hardware software, networking, and facilities • Application code • Data source integrations • Work clusters • Security config and updates, network config, firewall, management tasks • Physical hardware software, networking, and facilities • Application code • Data source integrations • Scaling • Security config and updates, network config, management tasks • Provisioning, managing scaling and patching of servers

47. Physical Servers Virtual Servers Virtual Machines Application services (micro services)

    Reducing complexity Increasing utilisation Application functions Application runtimes and libraries Functions – AWS Lambda, Step Functions Containerised Applications – ECS, EKS, Self Managed Container Legacy/COTS Applications – EC2 Self managed Infrastructure – EC2 Instances Hardware specific applications

48. Physical servers Physical servers Physical servers ECS EKS AWS Lambda

    Amazon EC2 Amazon EC2 Amazon EC2 Customer-managed AWS-managed App Runner ROSA
49. None

50. © 2025, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark Instance Types M6g T4g H1 D3 R5n R6g X1e X2gd I3m I3 G4 C6g F1 P4 Z1 dm Z1d Amazon Lightsail Virtual Private Servers General Purpose Burstable Big Data Optimized Dense Storage Memory Optimized Bare Metal High I/O High I/O Graphics Intensive Compute Intensive FPGA General Purpose GPU Compute and Memory Intensive EC2 Elastic GPUs • Graphics acceleration for EC2 instances EC2 Fleet • Simplified provisioning • Massive scale • Flexible capacity allocation Memory Intensive
51. None
52. None

53. © 2022, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. EC2 instance Amazon VPC Clients Subnet Security Group INBOUND SOURCE: ANY TARGET: EC2 instance PORT: 80, 443 Security Group Certificate Application
54. None

55. AWS Lambda Serverless functions AWS Fargate Serverless containers ECS/EKS Container-management

    as a service EC2 Infrastructure-as-a-Service More opinionated Less opinionated AWS manages Customer manages • Data source integrations • Physical hardware, software, networking, and facilities • Provisioning • Application code • Container orchestration, provisioning • Cluster scaling • Physical hardware, host OS/kernel, networking, and facilities • Application code • Data source integrations • Security config and updates, network config, management tasks • Container orchestration control plane • Physical hardware software, networking, and facilities • Application code • Data source integrations • Work clusters • Security config and updates, network config, firewall, management tasks • Physical hardware software, networking, and facilities • Application code • Data source integrations • Scaling • Security config and updates, network config, management tasks • Provisioning, managing scaling and patching of servers
56. None
57. None
58. None

59. © 2022, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. EC2 instance Amazon VPC Clients Amazon Route 53 Internet gateway Subnet

60. © 2022, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon EC2 Auto Scaling group EC2 instances Amazon VPC Clients Amazon Route 53 Amazon ELB Internet gateway

61. Build a Cloud native application

62. None
63. None

64. # RDS PostgreSQL connection configuration DB_USER = os.environ.get('DB_USER', 'postgres') DB_PASSWORD

    = os.environ.get('DB_PASSWORD', '') DB_HOST = os.environ.get('DB_HOST', '') # Your RDS endpoint DB_PORT = os.environ.get('DB_PORT', '5432') DB_NAME = os.environ.get('DB_NAME', 'microblog')
65. None

66. client = boto3.client

67. AWS CLI IDE AWS SAM Amplify CLI ECS cli Elastic

    Beanstalk CLI AWS Tools for Powershell AWS AMI Tools Eclipse InteliJ PyCharm VSCode/ VStudio Rider Programming Language Tools – ssh,scp Local Cloud AWS CDK uses Users System Manager AWS CDK Cloud Shell AWS SDK .NET, Java, Javascript, Python, PHP, Ruby, Go, NodeJS, C++ Web Browser AWS Services Control Pane AWS Services Data Plane AWS API AWS Console Operating System client = boto3.client

68. client = boto3.client('secretsmanager') resp = client.get_secret_value(SecretId='microblog/db-creds') db_credentials = json.loads(resp ['SecretString'])

    DB_USER = db_credentials['username'] DB_PASSWORD = db_credentials['password']
69. None

70. Amazon FSx for Lustre Object storage S3 Standard S3 Glacier

    Deep Archive S3 Glacier S3 Intelligent-Tiering S3 One Zone-IA S3 Standard-IA Block storage Provisioned IOPS SSD Cold HDD Throughput-Optimized HDD File storage EFS Standard EFS Infrequent Access Elastic Amazon EFS AWS Storage Gateway Family Amazon S3 Amazon FSx for Windows File Server Amazon EBS Amazon EC2

71. # S3 configuration S3_BUCKET = os.environ.get('S3_BUCKET', '') S3_REGION = os.environ.get('S3_REGION',

    'us-east-1') S3_PROFILE_IMAGES_PREFIX = 'profile-images/' # Initialize S3 client s3_client = boto3.client('s3', region_name=S3_REGION)

72. def upload_file_to_s3(file, prefix=''): """Upload a file to S3 bucket and

    return the object key""" if file and allowed_file(file.filename): # Create a unique filename to prevent overwriting filename = secure_filename(file.filename) unique_filename = f"{prefix}{uuid.uuid4().hex}_{filename}" try: s3_client.upload_fileobj(file, S3_BUCKET, unique_filename) return unique_filename except ClientError as e: logging.error(f"Error uploading file to S3: {e}") return None return None

73. def delete_file_from_s3(object_key): """Delete a file from S3 bucket""" if not

    object_key: return False try: s3_client.delete_object(Bucket=S3_BUCKET, Key=object_key) return True except ClientError as e: logging.error(f"Error deleting file from S3: {e}") return False

74. class User(db.Model): profile_image = db.Column(db.String(255), nullable=True) def get_profile_image_url(self): """Generate a

    pre-signed URL for the user's profile image""" if not self.profile_image: return None try: url = s3_client.generate_presigned_url( 'get_object’, Params={'Bucket': S3_BUCKET,'Key': self.profile_image}, ExpiresIn=3600 ) return url except ClientError as e: logging.error(f"Error generating presigned URL: {e}") return None

75. # Handle image uploads to S3 if 'image_file' in request.files:

    file = request.files['image_file'] if file.filename != '': s3_object_key = upload_file_to_s3(file, 'post-images/') if s3_object_key: image = Image( post_id=post.id, image_url=s3_object_key ) db.session.add(image)

76. <!-- Before --> <img src="{{ url_for('static', filename='uploads/profile_images/' + user.profile_image) }}"

    alt="Profile Image"> <!-- After --> <img src="{{ profile_image_url }}" alt="Profile Image">
77. None

78. https://github.com/sirceljm/aws-lambda-blog

79. App container image Task definition Amazon ECS cluster resource AWS

    Cloud Amazon ECS Amazon ECR Amazon ECS cluster Build Push VPC

80. FROM --platform=$TARGETPLATFORM python:3.9-slim ARG TARGETPLATFORM ARG BUILDPLATFORM RUN echo "I

    am running on $BUILDPLATFORM, building for $TARGETPLATFORM" WORKDIR /app COPY requirements_s3.txt . RUN pip install --no-cache-dir -r requirements_s3.txt COPY app_s3.py . COPY templates/ ./templates/ COPY static/ ./static/ ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONUNBUFFERED=1 ENV FLASK_APP=app_s3.py EXPOSE 5000 CMD ["flask", "run", "--host=0.0.0.0"]
81. None

82. Amazon ECS VPC AWS Cloud Amazon ECS App container image

    Task definition Amazon ECS cluster VPC AWS Cloud App container image Task definition Amazon ECS cluster EC2 EC2 EC2

83. App container image Task definition AWS Cloud Amazon ECS Amazon

    ECR Amazon ECS cluster Build Push VPC Amazon ALB

84. App container image Task definition AWS Cloud Amazon ECS Amazon

    ECR Amazon ECS cluster Build Push VPC Amazon ALB Amazon RDS PostgreSQL Amazon Route 53 Amazon S3

85. App container image Task definition AWS Cloud Amazon ECS Amazon

    ECR Amazon ECS cluster Build Push VPC Amazon ALB Amazon RDS PostgreSQL Amazon Route 53 Amazon S3 ECS Service

86. Task definition App container image Amazon ECS Amazon ECS cluster

    VPC Amazon ALB Amazon RDS PostgreSQL ECS Service Task definition App container image Task definition App container image Application container image

87. Task definition App container image Amazon ECS Amazon ECS cluster

    VPC Amazon ALB Amazon RDS PostgreSQL ECS Service Task definition App container image Task definition App container image Application container image

88. Task definition App container image Amazon ECS Amazon ECS cluster

    VPC Amazon ALB Amazon RDS PostgreSQL ECS Service Task definition App container image Task definition App container image Application container image Scale database
89. None

90. @app.route('/health') def health_check(): try: # Check database connection db_healthy =

    check_database_connection() # Check S3 connection s3_healthy = check_s3_connection() if db_healthy and s3_healthy: return jsonify({"status": "healthy"}), 200 else: return jsonify({ "status": "unhealthy", "database": "healthy" if db_healthy else "unhealthy", "s3": "healthy" if s3_healthy else "unhealthy" }), 500 except Exception as e: return jsonify({"status": "unhealthy", "error": str(e)}), 500 def check_database_connection(): try: # Execute a simple query to check DB connection db.session.execute("SELECT 1") return True except: return False def check_s3_connection(): try: # Check S3 access s3_client = boto3.client('s3') s3_client.head_bucket(Bucket=os.environ.get('S3_BUCKET')) return True except: return False @app.route('/health') "healthCheck": { "command": [ "CMD-SHELL", "curl -f http://localhost:5000/health || exit 1" ], "interval": 15, "timeout": 5, "retries": 3, "startPeriod": 60 }
91. None

92. App container image Task definition AWS Cloud Amazon ECS Amazon

    ECR Amazon ECS cluster Build Push VPC Amazon ALB Amazon RDS PostgreSQL Amazon Route 53 Amazon S3 AWS Certificate Manager AWS Secrets Manager

93. Amazon ECS cluster ETL container image Task definition Amazon ECS

    cluster resource AWS Cloud Amazon ECR AWS Secrets Manager Amazon RDS for MySQL Task Execution Role (ecsInstanceRole) Task Definition Role (ecsTaskExecutionRole) Amazon S3 IAM policies needed for your application IAM policies needed for the hosts to run your containers Amazon CloudWatch
94. None

95. App container image Task definition AWS Cloud Amazon ECS Amazon

    ECR Amazon ECS cluster Build Push VPC Amazon ALB Amazon RDS PostgreSQL Amazon Route 53 Amazon S3 Amazon CloudWatch Amazon CloudTrail AWS Certificate Manager AWS Secrets Manager
96. None
97. None

98. 🛠 Using tool: use_aws (trusted) ⋮ • Running aws cli

    command: Service name: resourcegroupstaggingapi Operation name: get-resources Parameters: - tag-filters: [{"Key":"org","Values":["ada"]}] Profile name: default Region: eu-west-1 Label: Get resources with tag org=ada in eu-west-1 ⋮ • Completed in 0.836s Here's a list of all AWS resources in the eu-west-1 region that have the tag "org" set to "ada": 1. EC2 NAT Gateway: ada-microblogging-nat-public1-eu-west-1a • ARN: arn:aws:ec2:eu-west-1:704533066374:natgateway/nat-0619751e9484f41e7 2. ECS Service: ada-microblog-service-bxi3mb2i in cluster ada-microblogging • ARN: arn:aws:ecs:eu-west-1:704533066374:service/ada-microblogging/ada-microblog-service-bxi3mb2i 3. S3 Bucket: ada-microblogging • ARN: arn:aws:s3:::ada-microblogging 4. EC2 Instance: ada-vm • ARN: arn:aws:ec2:eu-west-1:704533066374:instance/i-04e27104b50e9d2f7 5. Internet Gateway: ada-microblogging-igw • ARN: arn:aws:ec2:eu-west-1:704533066374:internet-gateway/igw-0b5205d54fb0ed677 :db:ada-microblogging

99. 6. VPC: ada-microblogging-vpc • ARN: arn:aws:ec2:eu-west-1:704533066374:vpc/vpc-0d4d9cc17fc0fe25a 7. ECR Repository: ada-microblogging

    • ARN: arn:aws:ecr:eu-west-1:704533066374:repository/ada-microblogging 8. Target Group: ada-microblogging-tg • ARN: arn:aws:elasticloadbalancing:eu-west-1:704533066374:targetgroup/ada-microblogging-tg/bb704b17e12a1178 9. ACM Certificate: • ARN: arn:aws:acm:eu-west-1:704533066374:certificate/1d0c61bb-212c-4628-91c8-4733cb8f2011 10. ECS Cluster: ada-microblogging • ARN: arn:aws:ecs:eu-west-1:704533066374:cluster/ada-microblogging 11. Load Balancer Listeners (2): • ARN: arn:aws:elasticloadbalancing:eu-west-1:704533066374:listener/app/ada- microblogging/62b0dc18305c5559/04cd32c9e37a3e9b • ARN: arn:aws:elasticloadbalancing:eu-west-1:704533066374:listener/app/ada- microblogging/62b0dc18305c5559/5469c8dec81213c6 12. Application Load Balancer: ada-microblogging • ARN: arn:aws:elasticloadbalancing:eu-west-1:704533066374:loadbalancer/app/ada-microblogging/62b0dc18305c5559 13. RDS Database: ada-microblogging • ARN: arn:aws:rds:eu-west-1:704533066374:db:ada-microblogging
100. None

101. Software Development Life Cycle (SDLC)

102. None
103. None
104. None
105. None
106. None
107. None
108. None
109. None
110. None

111. "environment": [ { "name": "DB_HOST", "value": "ada-microblogging.ceinb9vexcbc.eu-west-1.rds.amazonaws.com" }, ], "secrets":

     [ { "name": "DB_PASSWORD", "valueFrom": "arn:aws:secretsmanager:eu-west-1:704533066374:secret:ada-microblog/db- password:password::" }, { "name": "SECRET_KEY", "valueFrom": "arn:aws:secretsmanager:eu-west-1:704533066374:secret:ada-microblog/secret- key:key::" } ], "environment": [ { "name": "DB_HOST", "value": "ada-microblogging.ceinb9vexcbc.eu-west-1.rds.amazonaws.com" }, { "name": "S3_REGION", "value": "eu-west-1" }, { "name": "FLASK_APP", "value": "app_s3.py" }, { "name": "FLASK_ENV", "value": "production" }, { "name": "DB_PASSWORD", "value": ”password, }, { "name": "SECRET_KEY”, “value”: “secret_key” }

112. AWS Cloud Amazon ECS Amazon ECR Build Push VPC Amazon

     ALB Amazon RDS PostgreSQL (QA, Staging, Prod) Amazon S3 AWS CloudFormation AWS CDK Amazon CloudWatch Amazon Route 53 Amazon CloudTrail AWS Certificate Manager AWS Secrets Manager App container image Task definition Amazon ECS cluster - QA App container image Task definition Amazon ECS cluster - Production App container image Task definition Amazon ECS cluster - Staging 2 3 1 4 5
113. None
114. None

115. Cost savings (TCO) 20% reduction in IT infrastructure costs as

     a percentage of revenue What is it? Infrastructure cost savings/ avoidance from moving to the cloud Tactical impact Strategic impact Staff productivity 66% increase in VMs managed per server admin What is it? Efficiency improvement by function on a task-by- task basis Operational resilience 69% reduction in unplanned downtime What is it? Benefit of improving SLAs and reducing unplanned outage Business agility 43% reduction in time- to-market for new application features What is it? Deploying new features/ applications faster and reducing errors Sustainability 88% reduction in workload carbon footprint What is it? Minimizing environmental impact of operations

116. https://s12d.com/builder-id https://github.com/094459/aqd-cli-workshop https://github.com/094459/aqd-workshop

117. https://github.com/094459/ada-blog-local https://github.com/094459/ada-blog-cloud

118. Thank you! © 2021, Amazon Web Services, Inc. or its

     affiliates. All rights reserved.