AWS Core Services Master Cheatsheet: EC2, S3, RDS, Lambda & VPC

Cheatsheets

Introduction: AWS Core Services Foundation

Amazon Web Services offers hundreds of cloud services, but five form the backbone of most cloud architectures: EC2 for compute, S3 for storage, RDS for managed databases, Lambda for serverless functions, and VPC for networking. Mastering these services provides the foundation for building scalable, reliable, and cost-effective cloud applications.

EC2 (Elastic Compute Cloud): Virtual Servers in the Cloud

EC2 Key Concepts

ConceptDescription
InstanceVirtual server in the cloud
AMIAmazon Machine Image – template for instances
Instance TypeHardware configuration (CPU, memory, storage, networking)
Security GroupVirtual firewall controlling traffic to instances
EBSElastic Block Store – persistent block storage for instances
Key PairSecure login information for instances
User DataScript that runs when an instance first boots
Instance ProfileContainer for IAM role attached to EC2 instance

EC2 Instance Types

FamilyOptimized ForUse Cases
T (t3, t4g)Burstable performanceDev/test, small web servers, microservices
M (m5, m6g)BalancedSmall/medium databases, data processing
C (c5, c6g)ComputeHigh-performance web servers, batch processing
R (r5, r6g)MemoryIn-memory databases, real-time analytics
I (i3, i4i)StorageNoSQL databases, data warehousing
G (g4, g5)GPUMachine learning, video rendering
X (x1, x2)Memory-intensiveSAP HANA, big data processing
Graviton (suffix ‘g’)ARM-based, cost-effectiveGeneral purpose workloads

EC2 Pricing Models

ModelPaymentDiscountBest For
On-DemandPay by second/hourNoneVariable workloads, short-term
Reserved Instances1 or 3-year commitmentUp to 72%Steady-state workloads
Savings Plans1 or 3-year commitmentUp to 72%Flexible usage across instance types
Spot InstancesBid on unused capacityUp to 90%Fault-tolerant, flexible workloads
Dedicated HostsPhysical server with EC2 capacityNoneCompliance, licensing requirements

EC2 Command Reference

# Launch a new instance
aws ec2 run-instances --image-id ami-12345678 --instance-type t2.micro --key-name MyKeyPair

# Describe instances
aws ec2 describe-instances

# Stop an instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0

# Start an instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0

# Terminate an instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

EC2 Best Practices

  • Use the latest generation of instance types for better price/performance
  • Implement auto-scaling groups to handle variable workloads
  • Use EC2 User Data for bootstrap configuration
  • Apply proper tags for resource management and cost allocation
  • Use instance profiles instead of storing credentials
  • Regularly back up EBS volumes with snapshots
  • Implement proper security groups and NACLs

S3 (Simple Storage Service): Scalable Object Storage

S3 Key Concepts

ConceptDescription
BucketContainer for objects stored in S3
ObjectFile and any metadata that describes the file
KeyUnique identifier for an object within a bucket
Storage ClassTier that determines availability, durability, and cost
Bucket PolicyResource-based policies for access control
Lifecycle RulesAutomated object management over time
VersioningKeep multiple versions of an object
Transfer AccelerationFast, secure file transfers over long distances
Event NotificationsTrigger workflows when objects are created/modified

S3 Storage Classes

Storage ClassAvailabilityRetrieval TimeMin Storage DurationUse Case
Standard99.99%MillisecondsNoneFrequently accessed data
Intelligent-Tiering99.9%MillisecondsNoneUnknown or changing access patterns
Standard-IA99.9%Milliseconds30 daysInfrequently accessed data
One Zone-IA99.5%Milliseconds30 daysInfrequently accessed, non-critical data
Glacier Instant99.9%Milliseconds to minutes90 daysLong-term data with occasional access
Glacier Flexible99.99%Minutes to hours90 daysArchive data rarely accessed
Glacier Deep Archive99.99%Hours180 daysLong-term archival, rarely accessed

S3 Command Reference

# Create a bucket
aws s3 mb s3://mybucket

# List buckets
aws s3 ls

# Upload file to bucket
aws s3 cp myfile.txt s3://mybucket/

# Download file from bucket
aws s3 cp s3://mybucket/myfile.txt .

# Sync local directory with bucket
aws s3 sync myfolder s3://mybucket/myfolder

# List objects in bucket
aws s3 ls s3://mybucket

# Delete object from bucket
aws s3 rm s3://mybucket/myfile.txt

# Delete bucket
aws s3 rb s3://mybucket --force

S3 Best Practices

  • Use bucket policies and IAM policies for access control
  • Enable versioning for critical data
  • Implement lifecycle rules to move data between storage classes
  • Use S3 Transfer Acceleration for large file uploads
  • Enable server-side encryption for sensitive data
  • Use S3 Event Notifications to trigger workflows
  • Implement S3 Access Points for complex permissions
  • Use S3 Object Lock for WORM (Write Once Read Many) compliance

RDS (Relational Database Service): Managed Relational Databases

RDS Key Concepts

ConceptDescription
DB InstanceDatabase environment in the cloud
DB EngineDatabase software (MySQL, PostgreSQL, etc.)
DB Parameter GroupEngine configuration values
DB Option GroupOptional features available for DB engine
Multi-AZ DeploymentSynchronous standby replica in different AZ
Read ReplicaAsynchronous copy for read scaling
Automated BackupDaily full backup with transaction logs
Point-in-Time RecoveryRestore to any point within retention period
Enhanced MonitoringReal-time metrics for OS processes

RDS Database Engines

EngineVersion RangeUse Cases
MySQL5.7, 8.0Web applications, e-commerce
PostgreSQL10.x to 16.xComplex queries, JSONB data
MariaDB10.3 to 10.11MySQL replacement, improved performance
Oracle12c, 19c, 21cEnterprise applications, Oracle migrations
SQL Server2016, 2017, 2019, 2022Microsoft application stacks
AuroraMySQL/PostgreSQL compatibleHigh performance, auto-scaling storage

RDS Instance Types

FamilyOptimized ForBest For
db.t3, db.t4gBurstable performanceDev/test environments
db.m5, db.m6gBalancedSmall-medium production databases
db.r5, db.r6gMemoryIn-memory processing, large databases
db.x1, db.x2Memory-intensiveHigh-performance databases

RDS Command Reference

# Create DB instance
aws rds create-db-instance --db-instance-identifier mydb --db-instance-class db.t3.micro \
  --engine mysql --master-username admin --master-user-password password \
  --allocated-storage 20

# Describe DB instances
aws rds describe-db-instances

# Create DB snapshot
aws rds create-db-snapshot --db-instance-identifier mydb --db-snapshot-identifier mydb-snapshot

# Restore from snapshot
aws rds restore-db-instance-from-db-snapshot --db-instance-identifier mynewdb \
  --db-snapshot-identifier mydb-snapshot

# Delete DB instance
aws rds delete-db-instance --db-instance-identifier mydb --skip-final-snapshot

RDS Best Practices

  • Use Multi-AZ deployments for high availability
  • Deploy read replicas for read scaling and reporting
  • Implement automated backups with appropriate retention
  • Use parameter groups to optimize database configuration
  • Monitor performance with Enhanced Monitoring and Performance Insights
  • Create maintenance windows during low-traffic periods
  • Use IAM authentication for database access
  • Right-size instances based on workload characteristics

Lambda: Serverless Computing

Lambda Key Concepts

ConceptDescription
FunctionCode executed in response to events
Event SourceAWS service or custom application that triggers function
RuntimeLanguage environment (Node.js, Python, Java, etc.)
HandlerMethod that processes events
Execution ContextEnvironment where function runs
Cold StartInitial setup time when new execution environment is created
ConcurrencyNumber of function instances running simultaneously
LayerZIP archives containing libraries, custom runtime, etc.
DestinationTarget for success/failure of asynchronous invocations

Lambda Limits & Quotas

ResourceLimit
Maximum memory allocation10,240 MB
Function timeout15 minutes
Deployment package size50 MB (zipped), 250 MB (unzipped)
Environment variables4 KB
Concurrent executions1,000 (default, can be increased)
Payload size6 MB (synchronous), 256 KB (asynchronous)
Temporary disk capacity512 MB to 10,240 MB (matching memory)

Lambda Supported Runtimes

RuntimeVersions
Node.js18.x, 20.x
Python3.9, 3.10, 3.11, 3.12
Java8, 11, 17, 21
Ruby3.2, 3.3
Go1.x
.NET Core6.0, 8.0
Custom RuntimeProvided.al2

Lambda Command Reference

# Create function
aws lambda create-function --function-name my-function \
  --zip-file fileb://my-function.zip --handler index.handler \
  --runtime nodejs20.x --role arn:aws:iam::123456789012:role/lambda-role

# Invoke function
aws lambda invoke --function-name my-function \
  --payload '{"key":"value"}' response.json

# Update function code
aws lambda update-function-code --function-name my-function \
  --zip-file fileb://my-function-updated.zip

# Configure function
aws lambda update-function-configuration --function-name my-function \
  --timeout 30 --memory-size 256

# Delete function
aws lambda delete-function --function-name my-function

Lambda Best Practices

  • Keep functions focused on a single task
  • Initialize SDK clients and database connections outside handler
  • Use environment variables for configuration
  • Implement proper error handling and logging
  • Set appropriate memory allocation for performance
  • Use Provisioned Concurrency for latency-sensitive applications
  • Leverage Lambda Layers for code reuse
  • Implement dead-letter queues for failed event processing
  • Use AWS X-Ray for tracing and debugging

VPC (Virtual Private Cloud): Isolated Network Infrastructure

VPC Key Concepts

ConceptDescription
VPCLogically isolated section of AWS cloud
SubnetRange of IP addresses in VPC
Route TableRules determining network traffic direction
Internet GatewayEnables communication between VPC and internet
NAT GatewayEnables private subnet resources to access internet
Security GroupVirtual firewall for instances (stateful)
Network ACLAccess control list for subnets (stateless)
VPC PeeringConnection between two VPCs
VPC EndpointPrivate connection to supported AWS services
Flow LogsCapture network traffic information

VPC Subnet Types

TypeInternet AccessUse Cases
Public SubnetDirect via Internet GatewayWeb servers, load balancers
Private SubnetVia NAT GatewayApplication servers, databases
Isolated SubnetNo internet accessHighly secured databases, regulated workloads

VPC CIDR Blocks & IP Addressing

VPC SizeCIDR BlockAvailable IP Addresses
Small/24251 usable IPs (256 – 5 reserved)
Medium/204,091 usable IPs (4,096 – 5 reserved)
Large/1665,531 usable IPs (65,536 – 5 reserved)

Note: AWS reserves the first 4 IP addresses and the last IP address in each subnet CIDR block.

VPC Command Reference

# Create VPC
aws ec2 create-vpc --cidr-block 10.0.0.0/16

# Create subnet
aws ec2 create-subnet --vpc-id vpc-1234567890abcdef0 \
  --cidr-block 10.0.1.0/24 --availability-zone us-west-2a

# Create internet gateway
aws ec2 create-internet-gateway

# Attach internet gateway to VPC
aws ec2 attach-internet-gateway --internet-gateway-id igw-1234567890abcdef0 \
  --vpc-id vpc-1234567890abcdef0

# Create route table
aws ec2 create-route-table --vpc-id vpc-1234567890abcdef0

# Create route to internet
aws ec2 create-route --route-table-id rtb-1234567890abcdef0 \
  --destination-cidr-block 0.0.0.0/0 --gateway-id igw-1234567890abcdef0

# Associate route table with subnet
aws ec2 associate-route-table --route-table-id rtb-1234567890abcdef0 \
  --subnet-id subnet-1234567890abcdef0

VPC Best Practices

  • Design VPC CIDR for future growth
  • Create subnets across multiple Availability Zones
  • Use private subnets for all non-public-facing resources
  • Implement security groups and NACLs in layers
  • Use VPC endpoints for private access to AWS services
  • Enable VPC Flow Logs for network monitoring
  • Use Transit Gateway for complex networking
  • Implement proper IP address management
  • Use Network Firewall for advanced security

Cross-Service Integration Patterns

Storage Integration

Service CombinationIntegrationUse Case
EC2 + EBSBlock storage for instancesDatabases, applications requiring low-latency storage
EC2 + S3Object storage accessMedia processing, backups, static content
Lambda + S3Event-driven processingImage resizing, document processing, ETL workflows
RDS + S3Database backupsExport/import of database data

Compute Integration

Service CombinationIntegrationUse Case
EC2 + LambdaMicroservices architectureHybrid processing architectures
EC2 + Auto Scaling + Load BalancerScalable applicationsWeb applications, API servers
Lambda + API GatewayServerless APIMicroservices, mobile backends
Lambda + Step FunctionsWorkflow orchestrationComplex business processes, ETL workflows

Database Integration

Service CombinationIntegrationUse Case
EC2 + RDSApplication + database tierTraditional web applications
Lambda + RDSServerless database accessAutomated database operations, data APIs
RDS + Read ReplicasRead scalingHigh-read applications, reporting
Aurora Serverless + LambdaOn-demand databaseInfrequently used applications

Networking Integration

Service CombinationIntegrationUse Case
VPC + EC2 + Load BalancerHigh-availability deploymentMulti-tier applications
VPC + VPC PeeringMulti-VPC architectureOrganizational resource sharing
VPC Endpoints + S3/DynamoDBPrivate AWS service accessEnhanced security for data access
VPC + Transit GatewayHub-and-spoke networkEnterprise network integration

Common Design Patterns & Architectures

Three-Tier Web Application

  1. Web Tier (Public Subnet)

    • EC2 instances behind load balancer
    • Auto Scaling Group for scalability
    • Security Group allowing HTTP/HTTPS

  2. Application Tier (Private Subnet)

    • EC2 instances with application code
    • Auto Scaling Group for scalability
    • Security Group allowing specific ports from web tier

  3. Database Tier (Private Subnet)

    • RDS instance with Multi-AZ
    • Security Group allowing only application tier access

Serverless Web Application

  1. Front-end

    • S3 for static website hosting
    • CloudFront for content delivery

  2. API Layer

    • API Gateway for request management
    • Lambda functions for business logic
    • IAM roles for access control

  3. Data Layer

    • DynamoDB for NoSQL data storage
    • S3 for object storage
    • RDS (Aurora Serverless) for relational data

Hybrid Architecture

  1. On-premises Connection

    • Direct Connect or Site-to-Site VPN
    • Transit Gateway for network routing

  2. AWS Resources

    • VPC with private subnets
    • EC2 instances for compute
    • S3 for storage

  3. Data Synchronization

    • Database replication
    • S3 Transfer Acceleration

AWS Exam & Certification Tips

EC2 Focus Areas

  • Instance types and families
  • Instance purchasing options
  • AMI selection and management
  • Storage options (EBS vs Instance Store)
  • Security groups vs NACLs
  • Placement groups

S3 Focus Areas

  • Storage classes and transitions
  • Bucket policies and ACLs
  • Encryption options
  • Static website hosting
  • Versioning and lifecycle policies
  • Cross-region replication

RDS Focus Areas

  • Database engine features
  • Multi-AZ vs Read Replicas
  • Backup and restore options
  • Security and encryption
  • Parameter and option groups
  • Monitoring and metrics

Lambda Focus Areas

  • Event sources and triggers
  • Function configuration
  • Cold start behavior
  • Concurrency management
  • Security and permissions
  • Monitoring and troubleshooting

VPC Focus Areas

  • CIDR blocks and subnetting
  • Routing and internet access
  • Security groups vs NACLs
  • VPC endpoints and PrivateLink
  • VPC peering and Transit Gateway
  • NAT gateway vs NAT instance

Resources for Further Learning

Official AWS Documentation

AWS Whitepapers

AWS Training and Certification

Related Posts

Subscribe
Subscribe
Scroll to Top