AWS Essentials for Developers

AWS in Context

AWS has over 200 services. You do not need to know all of them. Most web applications use 4-6 services. This lesson covers the ones you will actually encounter.

S3: Simple Storage Service

S3 stores files (objects) in containers called buckets. It is the right answer for storing:

• User-uploaded files (profile pictures, documents)
• Static assets (images, fonts, videos)
• Application backups
• Static website hosting

# Create a bucket
aws s3 mb s3://my-app-assets

# Upload a file
aws s3 cp image.jpg s3://my-app-assets/

# Generate a pre-signed URL (temporary access to a private file)
aws s3 presign s3://my-app-assets/private-file.pdf --expires-in 3600

Use pre-signed URLs to give users temporary access to private files without making buckets public.

EC2: Elastic Compute Cloud

EC2 is a virtual server in the cloud. You choose the OS, CPU, RAM, and storage. You are responsible for everything running on it.

When to use EC2:

• Custom runtime requirements
• Long-running background processes
• When you need full control over the environment

When NOT to use EC2: if Vercel, Railway, or Lambda can do the job. EC2 requires more operational overhead.

RDS: Relational Database Service

RDS is managed PostgreSQL, MySQL, or other relational databases. AWS handles backups, software updates, and failover.

Why managed over self-hosted:

• Automated daily backups with point-in-time recovery
• Multi-AZ deployments for high availability
• Read replicas for scaling read-heavy workloads
• No database administration overhead

Lambda: Serverless Functions

Lambda runs code without managing servers. You pay only when the code runs (per invocation, not per hour).

// A Lambda function
export const handler = async (event) => {
  const { userId } = JSON.parse(event.body);
  const user = await db.users.findById(userId);
  return {
    statusCode: 200,
    body: JSON.stringify(user),
  };
};

Lambda is ideal for: event-driven processing, infrequent API calls, scheduled jobs, webhook handlers.

Limitation: cold starts (first invocation after idle period is slow). Not suitable for latency-sensitive endpoints with variable traffic.

CloudFront: CDN

CloudFront caches your content at edge locations worldwide. Users receive files from the server closest to them.

Use CloudFront in front of S3 for static assets. Use it in front of EC2 or Lambda for APIs.

IAM: Identity and Access Management

IAM controls who can do what in your AWS account. Every person and service should have the minimum required permissions — the principle of least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject", "s3:PutObject"],
      "Resource": "arn:aws:s3:::my-app-assets/*"
    }
  ]
}

This policy allows reading and writing objects in one specific bucket. Nothing more.

Critical rule: Never use the root account for daily operations. Create IAM users and roles with specific permissions.

Key Takeaways

• S3 is the right solution for file storage, static assets, and backups — use pre-signed URLs for private file access
• RDS provides managed databases with automated backups and failover — better than self-hosting PostgreSQL on EC2 for most teams
• Lambda is ideal for event-driven, infrequent, or bursty workloads — not for sustained high-traffic APIs
• CloudFront CDN serves assets from the closest edge location worldwide — pair it with S3 for static assets
• Always follow the principle of least privilege in IAM — each service gets only the permissions it needs