CampusFlow
DevOpsAWS

Amazon Web Services

The leading cloud platform. Learn EC2, S3, Lambda, RDS, IAM, VPC, Auto Scaling, Load Balancers, and more.

EC2 — Deep Dive

Virtual servers in the cloud

1Instance types (t3.micro, c5.large)
2Security Groups, Key Pairs
3Auto Scaling, Load Balancers
4User data scripts for bootstrapping
5EBS volumes for persistent storage

AWS CLI Commands

aws ec2 describe-instancesList all EC2 instances
aws s3 ls s3://my-bucketList S3 bucket contents
aws lambda invoke --function-name fn out.jsonInvoke Lambda function
aws rds describe-db-instancesList database instances
aws iam list-usersList IAM users
aws ec2 describe-security-groupsList security groups
aws elbv2 describe-load-balancersDescribe load balancers
aws autoscaling describe-auto-scaling-groupsDescribe ASGs
aws s3 cp file.txt s3://bucket/Upload file to S3
aws sts get-caller-identityShow current IAM identity

IAM & Security

  • Users: Individual people with long-term credentials
  • Groups: Collections of users with shared permissions
  • Roles: Temporary credentials assumed by services/users
  • Policies: JSON documents defining permissions
  • Best practice: Use roles over access keys

VPC & Networking

  • VPC: Virtual Private Cloud (isolated network)
  • Subnets: Public (Internet Gateway) and Private (NAT)
  • Route Tables: Define traffic routing rules
  • Security Groups: Instance-level stateful firewall
  • NACLs: Subnet-level stateless firewall
  • VPC Peering / Transit Gateway: Connect VPCs

Interview Questions

Q1: What is the difference between Security Groups and NACLs?
Security Groups (SGs) are stateful firewalls attached to ENIs — they allow only, deny rules are implicit. NACLs are stateless, operate at subnet level, and support allow/deny rules in numbered order. SGs evaluate all rules together; NACLs process rules in order and stop at the first match.
Q2: Explain EC2 Auto Scaling and how it works with Load Balancers.
Auto Scaling Groups (ASGs) maintain a desired number of EC2 instances. Launch templates define instance configuration. Scaling policies trigger based on CloudWatch metrics (CPU, memory, request count). An Application Load Balancer (ALB) distributes traffic to healthy instances across AZs. ASG integrates with ALB via target groups.
Q3: What is the shared responsibility model in AWS?
AWS is responsible for security of the cloud: physical facilities, hardware, network infrastructure, and managed services. The customer is responsible for security in the cloud: IAM configuration, data encryption, OS patching on EC2, firewall rules, and application-level security controls.
Q4: How does IAM work and what are best practices?
IAM manages users, groups, roles, and policies. Policies are JSON documents that define permissions (Allow/Deny) on specific resources. Best practices: least privilege principle, use roles instead of access keys, enable MFA, use IAM Identity Center for workforce access, rotate keys regularly, and audit with IAM Access Analyzer.