aws-cloud-architecture
Included with Lifetime
$97 forever
Comprehensive guide to AWS cloud architecture covering compute, storage, databases, networking, security, serverless, and cost optimization with production-ready patterns
cloud-infrastructureawscloud-architectureinfrastructuredevopscloudformationterraformserverlesswell-architected
What this skill does
# AWS Cloud Architecture
A comprehensive skill for designing, implementing, and operating production-grade AWS cloud architectures following the AWS Well-Architected Framework.
## Table of Contents
1. [AWS Well-Architected Framework](#aws-well-architected-framework)
2. [Compute Services](#compute-services)
3. [Storage Services](#storage-services)
4. [Database Services](#database-services)
5. [Networking and Content Delivery](#networking-and-content-delivery)
6. [Security, Identity, and Compliance](#security-identity-and-compliance)
7. [Serverless Architecture](#serverless-architecture)
8. [Cost Optimization](#cost-optimization)
9. [Monitoring and Operations](#monitoring-and-operations)
10. [High Availability and Disaster Recovery](#high-availability-and-disaster-recovery)
## AWS Well-Architected Framework
The AWS Well-Architected Framework provides best practices across six pillars:
### 1. Operational Excellence
- Automate infrastructure provisioning and configuration
- Monitor and measure system performance
- Continuously improve processes and procedures
### 2. Security
- Implement strong identity foundation
- Enable traceability and audit logging
- Apply security at all layers
- Protect data in transit and at rest
### 3. Reliability
- Automatically recover from failure
- Test recovery procedures
- Scale horizontally for resilience
- Manage change through automation
### 4. Performance Efficiency
- Use appropriate resource types and sizes
- Monitor performance and adapt
- Leverage serverless architectures
- Experiment with new technologies
### 5. Cost Optimization
- Adopt consumption-based pricing
- Measure and monitor spending
- Use cost-effective resources
- Optimize over time
### 6. Sustainability
- Understand environmental impact
- Maximize utilization of resources
- Use managed services
- Reduce downstream impact
## Compute Services
### Amazon EC2 (Elastic Compute Cloud)
EC2 provides resizable compute capacity in the cloud, offering complete control over computing resources.
#### EC2 Instance Types
```bash
# List available instance types in a region
aws ec2 describe-instance-types \
--region us-east-1 \
--query 'InstanceTypes[*].[InstanceType,VCpuInfo.DefaultVCpus,MemoryInfo.SizeInMiB]' \
--output table
```
#### Launch EC2 Instance with User Data
```yaml
# CloudFormation: EC2 Instance with Auto Scaling
AWSTemplateFormatVersion: '2010-09-09'
Description: EC2 instance with user data for web server
Parameters:
InstanceType:
Type: String
Default: t3.micro
AllowedValues:
- t3.micro
- t3.small
- t3.medium
Description: EC2 instance type
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: EC2 key pair for SSH access
Resources:
WebServerInstance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref InstanceType
ImageId: !Sub '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}'
KeyName: !Ref KeyName
SecurityGroupIds:
- !Ref WebServerSecurityGroup
UserData:
Fn::Base64: !Sub |
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello from AWS CloudFormation</h1>" > /var/www/html/index.html
Tags:
- Key: Name
Value: WebServer
- Key: Environment
Value: Production
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for web server
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 10.0.0.0/8
Tags:
- Key: Name
Value: WebServerSG
Outputs:
InstanceId:
Description: EC2 instance ID
Value: !Ref WebServerInstance
PublicIP:
Description: Public IP address
Value: !GetAtt WebServerInstance.PublicIp
```
#### EC2 Auto Scaling Group
```yaml
# CloudFormation: Auto Scaling Group with Launch Template
LaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: WebServerLaunchTemplate
LaunchTemplateData:
ImageId: !Sub '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}'
InstanceType: t3.micro
SecurityGroupIds:
- !Ref WebServerSecurityGroup
IamInstanceProfile:
Arn: !GetAtt InstanceProfile.Arn
UserData:
Fn::Base64: !Sub |
#!/bin/bash
yum update -y
yum install -y httpd aws-cli
systemctl start httpd
systemctl enable httpd
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
echo "<h1>Instance: $INSTANCE_ID</h1>" > /var/www/html/index.html
TagSpecifications:
- ResourceType: instance
Tags:
- Key: Name
Value: WebServer-ASG
AutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: WebServerASG
MinSize: 2
MaxSize: 10
DesiredCapacity: 2
HealthCheckType: ELB
HealthCheckGracePeriod: 300
LaunchTemplate:
LaunchTemplateId: !Ref LaunchTemplate
Version: !GetAtt LaunchTemplate.LatestVersionNumber
VPCZoneIdentifier:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
TargetGroupARNs:
- !Ref TargetGroup
Tags:
- Key: Environment
Value: Production
PropagateAtLaunch: true
ScaleUpPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref AutoScalingGroup
Cooldown: 300
ScalingAdjustment: 1
ScaleDownPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref AutoScalingGroup
Cooldown: 300
ScalingAdjustment: -1
CPUAlarmHigh:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: Scale up when CPU exceeds 70%
MetricName: CPUUtilization
Namespace: AWS/EC2
Statistic: Average
Period: 300
EvaluationPeriods: 2
Threshold: 70
AlarmActions:
- !Ref ScaleUpPolicy
Dimensions:
- Name: AutoScalingGroupName
Value: !Ref AutoScalingGroup
ComparisonOperator: GreaterThanThreshold
CPUAlarmLow:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: Scale down when CPU is below 30%
MetricName: CPUUtilization
Namespace: AWS/EC2
Statistic: Average
Period: 300
EvaluationPeriods: 2
Threshold: 30
AlarmActions:
- !Ref ScaleDownPolicy
Dimensions:
- Name: AutoScalingGroupName
Value: !Ref AutoScalingGroup
ComparisonOperator: LessThanThreshold
```
### AWS Lambda
Serverless compute service that runs code in response to events.
#### Lambda Function with Python
```yaml
# CloudFormation: Lambda Function with API Gateway
LambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
Policies:
- PolicyName: DynamoDBAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
Resource: !GetAtt DynamoDBTable.Arn
HelloWorldFunction:
Type: AWS::Lambda::Function
Properties:
FunctionName: HelloWor