Aws(amazon Web Services)
Hi! My name is Safia Khatoon. I am complete my Bachelors in Technology from RTC Institute Of Technology. My specialisation in Computer Science and Engineering.I love contributing to Open Source with the help of the skills I gain.
Also, I'm working on my YouTube Channel as well where I teach about DevOps tools and make technical content. You can have a look at it through my profile.
Feel free to reach out to me! I'd be happy to connect with you.
What is cloud ?
Anything that we can access from anywhere is the cloud. For example, when you upload your photo to Google Drive or WhatsApp, that photo is not on your phone; it's safely stored on someone else's computer (Google's server) β that's the cloud!
What is AWS?
AWS stands for Amazon Web Services.
IAM :
IAM stands for IDENTITY ACCESS MANAGEMENT.
IAM is the security system of AWS β it manages users and their permissions. π
example :
Imagine you are the owner (Admin) of a factory β
factory = AWS
workers = Users
work area = EC2, S3, etc.
Now you have to decide:
Ram will only look after the warehouse (S3)
Shyam will only press the button in the machine room (EC2)
Lakhan will only watch the camera footage (CloudWatch)
So, this permission system is what IAM does!
What is entity ?
Entity means any real-world thing that we can store in a database.
example :
A student is an entity β We store name, roll number, class
A car is an entity β We store model, color, number
A mobile is an entity β We store brand, price, RAM
Groups :
Group is a collection of IAM users who have the same permissions.
π IAM β Identity & Access Management
Ek Love Story AWS ke Sheher Mein... π
π¬ Scene 1:
IAM = Security Guard of the Colony
There is an AWS City β very big, beautiful, above the clouds.
The main gate guard here is named IAM.
IAM's job is β
"Who will come in, what they will do, how far they will go β it decides everything."
Got it? This IAM is the whole system's bouncer/security friend.
π Scene 2:
User = Ram
There is a guy, Ram, who wants a job in AWS City.
IAM tells him:"You can come in, but tell me what work you will do?"
A Policy is made for Ram, which says:
"Ram can only view the S3 locker, but cannot delete it."
IAM reads that policy, checks the permissions, and says:
"Alright, Ram, come on in... but just look at the locker, don't mess with it!" π
π¨βπ¨βπ§βπ¦ Scene 3:
Group = Developer Gang
IAM thought:
"Making separate rules for each person is tiring!" π₯±
So IAM created a Group β 'Developer Gang'
Now, all the developers like Ram, Shyam, and Laxman are put into the same group.IAM now says:
"Everyone will get the same policy β copy-paste!" π
π Scene 4:
policy(permission): The permission that we grant to users, groups, and roles is called a policy.
IAM policies are JSON formatted.
Policy = Love Letter of Rules
IAM's job is to read the rules, but where are those rules written?
π Inside the Policy!
A policy is like a love letter β
where IAM finds written:"This person can read S3, can start EC2..."
IAM reads the policy and grants permission β like getting approval! π
π΅οΈββοΈ Scene 5:
Role = Guest Pass
Sometimes a person is not a permanent user β
like a mechanic who comes for temporary work.IAM gives them a Role β a temporary ID card, without a full-time job.
IAM says:
"You repair EC2 and then leave β no login needed!"
Just gave a role, job done, ID gone!
π Scene 6:
MFA = Trust in Love + OTP
IAM says:
"Don't just trust a password, life needs one more step β like trust in love!" π
That's why it says:
"After logging in, we'll send an OTP, only then can you come in!
This is MFA β Multi-Factor Authentication!
π Climax:
IAM manages the entire system:
Brings users in
Grants permissions to guests with roles
Saves time by creating groups
Reads policies to allow tasks
Maintains security with MFA
With IAM, everything is safeβotherwise, AWS's love would fall apart! π
π§ Ek Line Me:
IAM is AWS ka love story manager β jo har relation (user, role, policy) ko permission aur security ke sath sambhalta hai. π
HOW TO CREATE USER :
GO TO INCOGNITO MODE :
console sign-in URL paste here
HOW TO CREATE GROUP :
How to add user in a group :
2nd method if u have already a group then how to add user
just double click on
dev_team(means group name)
How to add user in a group :
What is Identity-based Policy?
This is the rule that applies to a user, group, or role to determine what they are allowed to do on AWS.
Example:
Imagine Ram is an AWS user.
You go to the IAM console and attach a policy to Ram:
"Allow": "s3:GetObject"Meaning: Ram can only view files in the S3 bucket, he cannot delete them!
This rule that was applied β this is an Identity-based Policy! π
3 Major Types of Identity-Based Policies:
1οΈβ£ Managed Policies
A ready-made rule book by AWS or you can create your own.
πΉ Two sub-types:
AWS Managed Policy:
AWS has already created it. Example:AmazonS3ReadOnlyAccessCustomer Managed Policy:
You write it yourself, according to your company's needs. Example:MyCustomEC2FullAccess
2οΈβ£ Inline Policies
A custom policy that is directly attached to a user/group/role.
This policy is only for that entity
If you delete the Ram user, the policy will also be removed! π’
For example: A special rule was made just for Ram.
3οΈβ£ Permissions Boundaries (Bonus Type)
This is a boundary β outside of which the user cannot do anything!
It defines: "The maximum limit of what this user can ever do"
Even if the policy allows it, they cannot go beyond the boundary
Like: "You have a license for 40km/h, even if the car can go 100"
How i add a policy with a user :
go to user β> create user
paste it incognito tab(console-sign-in-details) :
(21-06-2025) - notes
ops_user
we created custom made policy (unable to delete bucket):
inline policies :
This user is only create the bucket not delete the bucket.
23-06-2025 - notes :
MFA :
DOWNLOAD THIS APP IN YOUR MOBILE
ENTER THE BOTH OTP :
What is EC2?
β‘οΈ EC2 is like a virtual computer in the cloud that you can start, stop, and use just like your laptop.
β‘οΈ EC2 stans for elastic compute cloud.
Region:
β‘οΈ A Region is a physical location in the world (like Mumbai, Tokyo, etc.) where AWS has data centers.
π Example: Mumbai is one Region, London is another.
Availability Zone (AZ) :
β‘οΈ An Availability Zone is a group of one or more data centers inside a Region that work together but are separate physically.
π¦ Example: Mumbai Region may have 3 AZs: ap-south-1a, ap-south-1b, ap-south-1c.
Difference Between Region and AZ :
β‘οΈ Region is the city; Availability Zones are like different buildings in that city to keep things safe and fast.
Why AZs Matter?
β‘οΈ If one AZ fails (like power cut), AWS shifts your work to another AZ so your app never goes down.
Edge Location :
β‘οΈ An Edge Location is a mini AWS data center close to users that delivers content super fast.
Where is it used?
β‘οΈ Edge Locations are used in services like CloudFront, where website images, videos, or files are cached near users.
Why Edge Locations Matter?
β‘οΈ They reduce lag and make your website feel super fast by bringing data closer to your users.
What is a Virtual Machine (VM)?
β‘οΈ A VM is like an imaginary computer inside a real server that works just like your laptop β but it's created by software.
What is AMI (Amazon Machine Image)?
β‘οΈ AMI is a ready-made template used to create a virtual machine (EC2 instance) in AWS.
How many instances we can create in each region?
β‘οΈ Each Region by default 20 Instances we can create
TYPE OF ELASTIC COMPUTE CLOUD (EC2) :
Type Of Instances: Total 7 types we have
β General purpose Balance Memory and CPU
β Compute optimized - More CPU
β Memory optimized - More RAM
β Storage optimized - low latency - more Storage
β Accelerated Computing/GPU-Graphic Optimized
β High Memory - High RAM its running on nitro system (hyper-v)
β Previous Generation instance
β 1. On-Demand Instance
β‘οΈ You pay for what you use β no commitment, no advance payment.
example :
Like Ola/Uber β use it anytime, pay per ride.
| Feature | Details |
| πΈ Cost | High (per hour basis) |
| β° Commitment | No commitment β anytime start/stop |
| π― Use Case | For short tasks, testing, temporary use |
| β‘ Billing | Pay hourly/second-wise (depending on OS) |
β 2. Reserved Instance (RI)
β‘οΈ You reserve an EC2 instance for 1 or 3 years to get up to 75% discount.
example :
Like booking a PG room for 1 year β fixed rent, cheaper.
| Feature | Details |
| πΈ Cost | Low (huge discount vs On-Demand) |
| β° Commitment | 1 or 3-year commitment |
| π³ Payment Mode | No upfront / Partial upfront / Full upfront |
| π― Use Case | Long-term apps (e.g. website, backend) |
β 3. Spot Instance
β‘οΈ AWS sells unused EC2 capacity at up to 90% discount, but can be interrupted anytime.
example :
Like last-minute cheap train ticket β cheap but can be cancelled anytime.
| Feature | Details |
| πΈ Cost | Very low (cheapest option) |
| β Risk | AWS can stop it anytime (with 2 min warning) |
| π― Use Case | For flexible, fault-tolerant tasks (e.g. batch jobs, big data) |
| π Auto Restart | You can automate replacement if interrupted |
Comparison Table:
| Feature | On-Demand | Reserved Instance | Spot Instance |
| π° Cost | High | Medium (discounted) | Lowest (upto 90% off) |
| π Commitment | No | 1 or 3 years | No commitment |
| β Reliability | Very high | Very high | Can be interrupted |
| π― Use Case | Testing, short-term | Long-term apps | Flexible workloads |
practical :
24-06-2025 - notes
How to access a website from India to North Virginia :
Without Security Group HTTP Rule?
β‘οΈHow to install IIS:
Server Manager β Manage β Add Roles β Select Web Server (IIS) β Install β Done!
How to Deploy a Website in IIS (Windows EC2)
C:\ β inetpub β wwwroot β [ Paste your website files here ] β> go to ec2 instance β>copy public ip β> paste it incognito tab
25-06-2025 - notes
π’ STEP 1: Open Browser and Go to Official Site
π Website:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
π’ STEP 2: Scroll to Windows MSI Installer
Tu yeh file download kare:
π putty-64bit-0.81-installer.msi
π’ STEP 3: Install PuTTY on Windows
Double-click downloaded
.msifileClick:
Next
Choose default folder (no need to change)
Install
Finish
β PuTTY, PuTTYgen, Pageant β sab install ho jayenge ek saath!
π’ STEP 4: Open PuTTY and PuTTYgen
ssh :
Go to Your Local machine(cmd) :
26-06-2025 - notes
Create a VPC :
27-06-2025 - NOTES
IF U R ARE CONNECT
CONNECT THIS INSTANCE (public to private acces )
Types of Storage in AWS :
| Storage Type | Use Case | One-line Example |
| S3 (Simple Storage Service) | File storage | Store images/videos/backup files |
| EBS (Elastic Block Store) | EC2 hard disk | Server ka local C drive jaisa |
| EFS (Elastic File System) | Shared folder across servers | Multiple EC2 share same folder |
| Glacier | Long-term backup | Old data store for years at low cost |
Types of EBS β One-Liner Style
gp3 (General Purpose SSD) β
π Ye ek balance wala SSD hai, jisme speed bhi theek hai aur price bhi.io2 (Provisioned IOPS SSD) β
π Ye ek VIP SSD hai, super fast aur powerful β jaise databases ke liye bani ho.st1 (Throughput Optimized HDD) β
π Ye ek tez truck hai, bade-bade files aur logs ko fast transfer karta hai.sc1 (Cold HDD) β
π Ye ek thanda godown hai, jisme rarely used data sasta mein store hota hai.
29-06-2025 - notes
CREATE A WINDOW INSTANCE
