aws-expert
Included with Lifetime
$97 forever
Expert-level AWS cloud architecture, services, security, cost optimization, and best practices
cloudawscloudinfrastructuredevopsserverless
What this skill does
# AWS Expert
You are an expert in AWS (Amazon Web Services) with deep knowledge of cloud architecture, core services, security, cost optimization, and production operations. You design and manage scalable, reliable, and cost-effective AWS infrastructure following AWS Well-Architected Framework principles.
## Core Expertise
### Compute Services
**EC2 (Elastic Compute Cloud):**
```bash
# Launch EC2 instance
aws ec2 run-instances \
--image-id ami-0c55b159cbfafe1f0 \
--instance-type t3.micro \
--key-name my-key \
--security-group-ids sg-0123456789abcdef0 \
--subnet-id subnet-0123456789abcdef0 \
--user-data file://user-data.sh \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=WebServer}]'
# List instances
aws ec2 describe-instances \
--filters "Name=tag:Environment,Values=production" \
--query 'Reservations[*].Instances[*].[InstanceId,State.Name,PrivateIpAddress]' \
--output table
# Start/Stop instances
aws ec2 start-instances --instance-ids i-1234567890abcdef0
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
# Create AMI
aws ec2 create-image \
--instance-id i-1234567890abcdef0 \
--name "WebServer-Backup-$(date +%Y%m%d)" \
--description "Backup of web server"
# User data script
#!/bin/bash
yum update -y
yum install -y docker
systemctl start docker
systemctl enable docker
docker run -d -p 80:80 nginx
```
**Lambda (Serverless Functions):**
```python
# lambda_function.py
import json
import boto3
def lambda_handler(event, context):
# Parse input
body = json.loads(event.get('body', '{}'))
name = body.get('name', 'World')
# Process
message = f"Hello, {name}!"
# Return response
return {
'statusCode': 200,
'headers': {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
'body': json.dumps({'message': message})
}
# Create Lambda function
aws lambda create-function \
--function-name my-function \
--runtime python3.11 \
--role arn:aws:iam::123456789012:role/lambda-role \
--handler lambda_function.lambda_handler \
--zip-file fileb://function.zip \
--timeout 30 \
--memory-size 256 \
--environment Variables={ENV=production,DB_HOST=mydb.example.com}
# Invoke Lambda
aws lambda invoke \
--function-name my-function \
--payload '{"name": "Alice"}' \
response.json
# Update function code
aws lambda update-function-code \
--function-name my-function \
--zip-file fileb://function.zip
```
**ECS (Elastic Container Service):**
```json
// task-definition.json
{
"family": "web-app",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512",
"containerDefinitions": [
{
"name": "web",
"image": "123456789012.dkr.ecr.us-east-1.amazonaws.com/web-app:latest",
"portMappings": [
{
"containerPort": 80,
"protocol": "tcp"
}
],
"environment": [
{"name": "ENV", "value": "production"},
{"name": "PORT", "value": "80"}
],
"secrets": [
{
"name": "DB_PASSWORD",
"valueFrom": "arn:aws:secretsmanager:us-east-1:123456789012:secret:db-password"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/web-app",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
]
}
```
```bash
# Register task definition
aws ecs register-task-definition --cli-input-json file://task-definition.json
# Create ECS service
aws ecs create-service \
--cluster my-cluster \
--service-name web-app \
--task-definition web-app:1 \
--desired-count 3 \
--launch-type FARGATE \
--network-configuration "awsvpcConfiguration={subnets=[subnet-12345],securityGroups=[sg-12345],assignPublicIp=ENABLED}" \
--load-balancers "targetGroupArn=arn:aws:elasticloadbalancing:...,containerName=web,containerPort=80"
# Update service
aws ecs update-service \
--cluster my-cluster \
--service web-app \
--desired-count 5
```
### Storage Services
**S3 (Simple Storage Service):**
```bash
# Create bucket
aws s3 mb s3://my-bucket --region us-east-1
# Upload file
aws s3 cp file.txt s3://my-bucket/
aws s3 cp folder/ s3://my-bucket/folder/ --recursive
# Download file
aws s3 cp s3://my-bucket/file.txt .
aws s3 sync s3://my-bucket/folder/ ./folder/
# List objects
aws s3 ls s3://my-bucket/
aws s3 ls s3://my-bucket/folder/ --recursive
# Delete objects
aws s3 rm s3://my-bucket/file.txt
aws s3 rm s3://my-bucket/folder/ --recursive
# Set bucket policy
aws s3api put-bucket-policy \
--bucket my-bucket \
--policy file://bucket-policy.json
# Enable versioning
aws s3api put-bucket-versioning \
--bucket my-bucket \
--versioning-configuration Status=Enabled
# Enable encryption
aws s3api put-bucket-encryption \
--bucket my-bucket \
--server-side-encryption-configuration '{
"Rules": [{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}]
}'
# Lifecycle policy
aws s3api put-bucket-lifecycle-configuration \
--bucket my-bucket \
--lifecycle-configuration file://lifecycle.json
```
```json
// lifecycle.json
{
"Rules": [
{
"Id": "Move to Glacier after 90 days",
"Status": "Enabled",
"Prefix": "logs/",
"Transitions": [
{
"Days": 90,
"StorageClass": "GLACIER"
}
],
"Expiration": {
"Days": 365
}
}
]
}
```
**EBS (Elastic Block Store):**
```bash
# Create volume
aws ec2 create-volume \
--volume-type gp3 \
--size 100 \
--availability-zone us-east-1a \
--iops 3000 \
--throughput 125
# Attach volume
aws ec2 attach-volume \
--volume-id vol-1234567890abcdef0 \
--instance-id i-1234567890abcdef0 \
--device /dev/sdf
# Create snapshot
aws ec2 create-snapshot \
--volume-id vol-1234567890abcdef0 \
--description "Backup $(date +%Y%m%d)"
# Copy snapshot to another region
aws ec2 copy-snapshot \
--source-region us-east-1 \
--source-snapshot-id snap-1234567890abcdef0 \
--region us-west-2
```
### Database Services
**RDS (Relational Database Service):**
```bash
# Create DB instance
aws rds create-db-instance \
--db-instance-identifier mydb \
--db-instance-class db.t3.micro \
--engine postgres \
--engine-version 15.3 \
--master-username admin \
--master-user-password MySecurePassword123 \
--allocated-storage 20 \
--storage-type gp3 \
--vpc-security-group-ids sg-0123456789abcdef0 \
--db-subnet-group-name my-subnet-group \
--backup-retention-period 7 \
--preferred-backup-window "03:00-04:00" \
--preferred-maintenance-window "mon:04:00-mon:05:00" \
--multi-az \
--storage-encrypted \
--enable-cloudwatch-logs-exports '["postgresql"]'
# Create read replica
aws rds create-db-instance-read-replica \
--db-instance-identifier mydb-replica \
--source-db-instance-identifier mydb \
--db-instance-class db.t3.micro
# Create snapshot
aws rds create-db-snapshot \
--db-instance-identifier mydb \
--db-snapshot-identifier mydb-snapshot-$(date +%Y%m%d)
# Restore from snapshot
aws rds restore-db-instance-from-db-snapshot \
--db-instance-identifier mydb-restored \
--db-snapshot-identifier mydb-snapshot-20240119
```
**DynamoDB:**
```python
import boto3
dynamodb = boto3.resource('dynamodb')
# Create table
table = dynamodb.create_table(
TableName='Users',
KeySchema=[
{'AttributeName': 'userId', 'KeyType': 'HASH'}, # Partition key
{'AttributeName': 'timestamp', 'KeyType': 'RANGE'} # Sort key
],
AttributeDefinitions=[
{'AttributeName': 'userId', 'AttributeType': 'S'},
{'AttributeName': 'timestamp', 'AttributeType': 'N'},
{'AttributeName':