Cloud Computing AWS

Cloud computing is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing. Instead of owning physical data centers, you rent compute power, storage, and databases from a cloud provider like AWS, Azure, or Google Cloud.

IaaS (Infrastructure as a Service) — You manage OS, apps, and data; provider manages hardware (e.g., EC2)PaaS (Platform as a Service) — Provider manages OS and runtime; you manage code and data (e.g., Elastic Beanstalk)SaaS (Software as a Service) — Provider manages everything; you just use the app (e.g., Gmail, Salesforce)

AWS and the customer share security duties:
AWS is responsible for security of the cloud — hardware, networking, facilities, and managed services.
The customer is responsible for security in the cloud — data encryption, IAM policies, OS patching, firewall rules, and application code.

An AWS Region is a geographic area (e.g., us-east-1) containing multiple isolated data centers. An Availability Zone (AZ) is one or more discrete data centers within a Region, each with independent power, networking, and connectivity. Deploying across multiple AZs provides high availability and fault tolerance.

Amazon Elastic Compute Cloud (EC2) provides resizable virtual servers (instances) in the cloud. You choose the instance type, operating system (AMI), storage, and networking configuration. EC2 gives you full control over compute resources with per-second or per-hour billing.

General Purpose (T, M) — Balanced CPU, memory, and networkingCompute Optimized (C) — High-performance processors for batch processing, ML inferenceMemory Optimized (R, X) — Fast performance for large in-memory datasetsStorage Optimized (I, D, H) — High sequential read/write to large local datasetsAccelerated Computing (P, G) — GPU instances for machine learning and graphics

An AMI is a template that contains a software configuration (OS, application server, applications) used to launch EC2 instances. AMIs can be:
AWS-provided (Amazon Linux, Ubuntu, Windows)Marketplace (third-party pre-configured)Custom (your own golden images)AMIs are region-specific but can be copied across regions.

A Security Group acts as a virtual firewall for EC2 instances controlling inbound and outbound traffic. Key features:
Rules are stateful — return traffic is automatically allowedYou can only specify allow rules (no deny rules)Evaluated as a group — all rules are checked before decidingApplied at the instance (ENI) level

Key Pairs consist of a public key (stored by AWS) and a private key (downloaded by you) used for secure SSH access to Linux instances. AWS uses the public key to encrypt a credential, and only your private key can decrypt it. Never share your private key — if lost, you cannot recover it.

Amazon Elastic Block Store (EBS) provides persistent block-level storage volumes for EC2 instances. Key types:
gp3/gp2 — General Purpose SSD (most workloads)io2/io1 — Provisioned IOPS SSD (databases)st1 — Throughput Optimized HDD (big data)sc1 — Cold HDD (infrequent access)EBS volumes are AZ-specific and can be snapshotted for backups.

Placement Groups control how instances are placed on hardware:
Cluster — Packs instances close together in one AZ for low-latency, high-throughput (e.g., HPC)Spread — Places instances on distinct hardware to reduce correlated failures (max 7 per AZ)Partition — Spreads instances across logical partitions so groups don't share hardware (e.g., Hadoop, Kafka)

Amazon Simple Storage Service (S3) is an object storage service offering virtually unlimited storage. Data is stored as objects inside buckets. Each object can be up to 5 TB in size. S3 provides 99.999999999% (11 nines) durability and is accessed via HTTP/HTTPS APIs.