Skip to content
SP StackPractices
ES
beginner By StackPractices

AWS Basics — Core Services for Developers

A practical guide to AWS core services for developers: compute, storage, databases, networking, and security fundamentals with hands-on examples.

aws cloud-computing ec2 s3 rds lambda vpc guide
Topics: devops infrastructure data

Note: This guide follows English-language naming conventions and terminology standards common in international development teams. Examples use English identifiers and comments to maximize compatibility across codebases and tooling.

Overview

Amazon Web Services (AWS) is the most widely adopted cloud platform, offering over 200 services. For developers, mastering the core services — compute, storage, databases, networking, and security — is essential for building scalable, cost-effective applications. This guide focuses on the services you will use daily and how they fit together in a typical architecture.

When to Use

  • You are migrating from on-premises to cloud
  • You need scalable compute without managing hardware
  • You want managed databases and storage
  • You are building serverless or microservices architectures

Compute — EC2 and Lambda

EC2 (Elastic Compute Cloud)

Virtual servers in the cloud with full OS control.

# Launch an instance via CLI
aws ec2 run-instances \
  --image-id ami-0c55b159cbfafe1f0 \
  --count 1 \
  --instance-type t3.micro \
  --key-name my-key \
  --security-group-ids sg-123456 \
  --subnet-id subnet-123456
Instance FamilyUse Case
T3/T4gGeneral purpose, burstable (dev/test)
M6i/M6gGeneral purpose, sustained workloads
C6i/C6gCompute-intensive (APIs, batch)
R6i/R6gMemory-intensive (caches, analytics)

Lambda

Serverless functions that run in response to events. Pay per invocation and duration.

import json

def handler(event, context):
    return {
        'statusCode': 200,
        'body': json.dumps({'message': 'Hello from Lambda'})
    }

Lambda integrates with S3, API Gateway, SQS, SNS, DynamoDB streams, and CloudWatch Events.

Storage — S3 and EBS

S3 (Simple Storage Service)

Object storage for files, backups, static assets, and data lakes.

# Create a bucket
aws s3 mb s3://my-app-bucket

# Upload a file
aws s3 cp app.zip s3://my-app-bucket/builds/

# Make public (with caution)
aws s3api put-object-acl --bucket my-app-bucket --key app.zip --acl public-read
Storage ClassUse CaseRetrieval
StandardFrequently accessedImmediate
Intelligent-TieringUnknown access patternsImmediate
GlacierLong-term archivesMinutes to hours
Deep ArchiveCompliance backups12-48 hours

EBS (Elastic Block Store)

Persistent block storage for EC2 instances. Like a virtual hard drive.

# Create and attach a volume
aws ec2 create-volume --size 100 --region us-east-1 --availability-zone us-east-1a --volume-type gp3
aws ec2 attach-volume --volume-id vol-12345 --instance-id i-12345 --device /dev/sdf

Databases — RDS and DynamoDB

RDS (Relational Database Service)

Managed PostgreSQL, MySQL, MariaDB, SQL Server, and Oracle.

# Create a PostgreSQL instance
aws rds create-db-instance \
  --db-instance-identifier mydb \
  --db-instance-class db.t3.micro \
  --engine postgres \
  --master-username admin \
  --master-user-password secret123 \
  --allocated-storage 20

DynamoDB

Managed NoSQL key-value and document database with single-digit millisecond latency.

import boto3

dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('Users')

table.put_item(Item={'id': 'user-1', 'name': 'Alice', 'email': 'alice@example.com'})
response = table.get_item(Key={'id': 'user-1'})

Networking — VPC

Virtual Private Cloud isolates your resources and controls traffic.

┌─────────────────────────────────────────────┐
│                    VPC                        │
│  ┌─────────────┐    ┌─────────────────────┐ │
│  │ Public Subnet│    │   Private Subnet    │ │
│  │  ┌───────┐  │    │  ┌───────┐ ┌─────┐ │ │
│  │  │  ALB  │  │    │  │  EC2  │ │ RDS │ │ │
│  │  └───┬───┘  │    │  └───┬───┘ └──┬──┘ │ │
│  │      │      │    │      │        │    │ │
│  │  Internet    │    │   NAT Gateway      │ │
│  │  Gateway     │    │   (egress only)    │ │
│  └──────────────┘    └────────────────────┘ │
└─────────────────────────────────────────────┘

Key components:

  • Subnets: Public (with IGW route) vs Private (no direct internet)
  • Security Groups: Stateful firewall at the instance level
  • NACLs: Stateless firewall at the subnet level
  • NAT Gateway: Allows private instances to reach the internet

Security — IAM

Identity and Access Management controls who can do what.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject", "s3:PutObject"],
      "Resource": "arn:aws:s3:::my-app-bucket/*",
      "Condition": {
        "StringEquals": {"aws:RequestedRegion": "us-east-1"}
      }
    }
  ]
}

Best practices:

  • Use roles, not long-term access keys
  • Apply least privilege
  • Enable MFA for root and admin users
  • Use IAM policy conditions for extra security

Common Mistakes

  • Leaving S3 buckets public — use bucket policies and Block Public Access
  • Using root credentials — create IAM users and roles immediately
  • No VPC flow logs — you cannot debug what you cannot see
  • Oversized EC2 instances — start small and scale up; use CloudWatch metrics
  • Ignoring cost alerts — set up billing alarms before you get surprised

FAQ

Is AWS free? AWS offers a Free Tier: 12 months of limited usage on EC2, S3, RDS, and Lambda. Always monitor billing.

Should I use ECS, EKS, or Lambda?

  • Lambda: event-driven, short-lived tasks
  • ECS: containerized workloads, AWS-native
  • EKS: Kubernetes-based workloads, multi-cloud portability

How do I secure secrets? Use AWS Secrets Manager or Parameter Store (SSM). Never hardcode credentials in code or EC2 user data.