Dive into AWS Cloud Fundamentals: Your First Concrete Step Today
AWS Cloud Fundamentals: The Essentials in One Article — Real Code, Diagrams, and Concrete Steps, Excerpts from a 33-Lesson Course.
The best way to learn AWS Cloud Fundamentals is by doing. This article gives you a head start with practical excerpts from a 33-lesson course — enough to get your first result today.
tl;dr
- AWS account setup
- Cloud Computing fundamentals
- EC2 virtual compute
- S3 object storage
- VPC virtual network
~$ cat ./parcours.md # AWS Cloud Fundamentals — 10 chapters
01
AWS Account Configuration
→ Create an AWS account, activate the Free Tier and secure with MFA→ Create an IAM admin user and install AWS CLI+ 1 more lessons
02
Cloud Computing Fundamentals
→ What is Cloud Computing? IaaS, PaaS, SaaS explained→ Shared responsibility model and Well-Architected Framework+ 1 more lessons
03
EC2 Virtual Compute
→ Launch your first EC2 instance (step by step)→ Security Groups, Elastic IP and custom AMIs+ 1 more lessons
04
S3 Object Storage
→ S3 — Create a bucket and perform your first uploads→ S3 — Versioning, lifecycle policies and storage classes+ 1 more lessons
05
VPC Virtual Network
→ VPC — Subnets, route tables and Internet Gateway→ NAT Gateway, Security Groups vs NACL and VPC Endpoints+ 1 more lessons
06
IAM Identities and Permissions
→ IAM — Users, Groups, Policies and Roles→ IAM best practices — MFA, password policy, Access Analyzer+ 1 more lessons
07
RDS Managed Databases
→ RDS — Create a managed MySQL or PostgreSQL instance→ RDS — Multi-AZ, Read Replicas and backups+ 1 more lessons
08
Auto Scaling and Load Balancer
→ Elastic Load Balancer — ALB, NLB and GLB→ Auto Scaling Groups and Launch Templates+ 1 more lessons
🏁
Final project (+ 2 chapters along the way)
→ You leave with a concrete and demonstrable project
Security Groups, Elastic IP and custom AMIs
Chapter 02 • Lesson 02 • Duration: 45 min
NOTE🎯 Objectives
- Master Security Groups (AWS stateful firewall)
- Understand the difference between ephemeral public IP vs Elastic IP
- Create a custom AMI from a configured instance
- Use User Data to automate configuration at boot
1. Security Groups — the AWS firewall
A Security Group (SG) is a stateful firewall that controls inbound (inbound) and outbound (outbound) traffic of an EC2 instance.
Key characteristics
| Property | Detail |
|---|---|
| Stateful | If you allow an inbound connection, the outbound response is automatic |
| Allow only | No "deny" rules (unlike NACLs) |
| Multiple SGs per instance | Up to 5 SGs attached simultaneously (union of rules) |
| Reference other SGs | Source = another SG (e.g. "from SG-web to SG-db") |
| Hot-modifiable | Immediate change, no need to restart |
Example: Security Group for a web server
| Direction | Type | Protocol | Port | Source/Dest | Description |
|---|---|---|---|---|---|
| Inbound | SSH | TCP | 22 | My IP (1.2.3.4/32) | Admin SSH |
| Inbound | HTTP | TCP | 80 | 0.0.0.0/0 | Public web |
| Inbound | HTTPS | TCP | 443 | 0.0.0.0/0 | Web SSL |
| Outbound | All | All | All | 0.0.0.0/0 | Default (restrict in prod) |
Security Groups best practices
Security Group referencing another SG
TIP💡 Common pattern
Instead of allowing a fixed IP, allow another Security Group. Example: an RDS that accepts connections only from EC2 instances in SG
Instead of allowing a fixed IP, allow another Security Group. Example: an RDS that accepts connections only from EC2 instances in SG
sg-app.
SG-db inbound : Port 3306 (MySQL) | Source : sg-app | "App servers only"Advantage: if you add 10 new EC2 instances to sg-app, they can automatically access the DB without modifying the rule.
2. Ephemeral public IP vs Elastic IP
Standard public IP (auto-assigned)
Elastic IP (EIP)
When to use an EIP?
| Use case | EIP required? |
|---|---|
| Web server with fixed domain name | ✅ Yes (otherwise DNS must be updated on every restart) |
| Partner-side whitelist (bank, API) | ✅ Yes (your IP must remain stable) |
| Server behind a Load Balancer | ❌ No (the LB has its own DNS) |
| Temporary test instance | ❌ No |
| Instance always on 24/7 | Optional (auto IP does not change if not stopped) |
Hands-on: assign an Elastic IP
1. EC2 Console → left menu → "Elastic IPs" 2. "Allocate Elastic IP address" 3. Network Border Group : your region 4. Allocate → a new IP is created 5. Select the IP → Actions → "Associate Elastic IP address" 6. Instance : select your EC2 7. Associate → Your instance now has a static IP
3. User Data — automate boot
User Data is a script (bash or PowerShell) that runs at the very first boot of the instance. Ideal for automating initial setup.
Example: install Nginx automatically at launch
#!/bin/bash # User Data for Ubuntu apt update -y apt install -y nginx systemctl enable nginx systemctl start nginx # Custom home page cat > /var/www/html/index.nginx-debian.html <<EOF <h1>Auto-deployed AWS server</h1> <p>Hostname : $(hostname)</p> <p>Date : $(date)</p> EOF
Where to paste the User Data?
EC2 Console → Launch instance → "Advanced details" section (at the very bottom) → "User data" → paste the script
TIP💡 Check User Data logs
Once the instance is running, SSH in and read:
Once the instance is running, SSH in and read:
sudo cat /var/log/cloud-init-output.logYou will see the full execution of your script and any errors.
4. Custom AMI — "reference ghost"
What is Cloud Computing? IaaS, PaaS, SaaS explained
Chapter 01 • Lesson 01 • Duration: 40 min
NOTE🎯 Objectives
- Define Cloud Computing and its 5 essential characteristics (NIST)
- Understand the 3 service models: IaaS, PaaS, SaaS
- Distinguish the 4 deployment models: Public, Private, Hybrid, Multi-cloud
- Identify where AWS fits in this ecosystem
1. Official Cloud definition (NIST)
The NIST (National Institute of Standards and Technology, USA) defines Cloud Computing as:
NOTE"A model enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (networks, servers, storage, applications) that can be rapidly provisioned and released with minimal management effort."
5 essential characteristics
| # | Characteristic | Explanation |
|---|---|---|
| 1 | On-demand self-service | You provision yourself without calling anyone |
| 2 | Broad network access | Accessible from any device via the Internet |
| 3 | Resource pooling | Resources shared among customers (multi-tenant) |
| 4 | Rapid elasticity | Scale up/down in minutes according to demand |
| 5 | Measured service | Pay-as-you-go billing |
2. Before the Cloud: the "On-Premises" era
Before 2006 (AWS launch), to host a web application you had to:
Total: 6-12 months and 100 000+ € to get started.
TIP💡 The Cloud revolution
With AWS, you launch a server in 30 seconds with
With AWS, you launch a server in 30 seconds with
aws ec2 run-instances. You pay $0.01 per hour. You delete it whenever you want. Capex (investment) → Opex (monthly expense).3. The 3 service models: IaaS, PaaS, SaaS
The famous pizza analogy 🍕
| Model | Pizza analogy | What you manage | What the provider manages |
|---|---|---|---|
| On-Premises | Homemade pizza from scratch | Everything (oven, dough, sauce, cheese, toppings, delivery) | Nothing |
| IaaS | Pizza kit to finish | Dough, sauce, cheese, toppings, baking | Oven, electricity, table |
| PaaS | Frozen pizza | Baking (you put it in the oven) | Ready-made dough, sauce, cheese, toppings |
| SaaS | Pizza delivered to your door | Eat 🍴 | Everything else |
IaaS — Infrastructure as a Service
NOTEDefinition: You rent raw infrastructure (CPU, RAM, disk, network). You install the OS and everything else.
AWS examples: EC2 (virtual servers), EBS (disks), VPC (network).
For whom? SysAdmins, DevOps who want full control.
AWS examples: EC2 (virtual servers), EBS (disks), VPC (network).
For whom? SysAdmins, DevOps who want full control.
PaaS — Platform as a Service
NOTEDefinition: You deploy your code, the provider handles the OS, runtime, and scaling.
AWS examples: Elastic Beanstalk, App Runner, AWS Lambda, ECS Fargate.
For whom? Developers who just want to push code.
AWS examples: Elastic Beanstalk, App Runner, AWS Lambda, ECS Fargate.
For whom? Developers who just want to push code.
SaaS — Software as a Service
NOTEDefinition: You use a finished application via the browser.
AWS examples: Amazon Connect (call center), AWS WorkMail, Chime (video).
Non-AWS examples: Gmail, Salesforce, Notion, Slack, Office 365.
For whom? End users (non-technical).
AWS examples: Amazon Connect (call center), AWS WorkMail, Chime (video).
Non-AWS examples: Gmail, Salesforce, Notion, Slack, Office 365.
For whom? End users (non-technical).
4. IaaS/PaaS/SaaS responsibility matrix
| Layer | On-Prem | IaaS | PaaS | SaaS |
|---|---|---|---|---|
| Applications | 👤 You | 👤 You | 👤 You | 🏢 AWS |
| Data | 👤 You | 👤 You | 👤 You | 👤 You |
| Runtime (Python, Java) | 👤 You | 👤 You | 🏢 AWS | 🏢 AWS |
| Middleware | 👤 You | 👤 You | 🏢 AWS | 🏢 AWS |
| OS | 👤 You | 👤 You | 🏢 AWS | 🏢 AWS |
| Virtualization | 👤 You | 🏢 AWS | 🏢 AWS | 🏢 AWS |
| Physical servers | 👤 You | 🏢 AWS | 🏢 AWS | 🏢 AWS |
| Physical storage | 👤 You | 🏢 AWS | 🏢 AWS | 🏢 AWS |
| Physical network | 👤 You | 🏢 AWS | 🏢 AWS | 🏢 AWS |
5. Beyond: FaaS, CaaS, DBaaS
⚡ FaaS — Function as a Service
You write a function (e.g. in Python). It runs on demand. You pay per millisecond.
AWS Lambda is the standard.
Launch your first EC2 instance (step by step)
Chapter 02 • Lesson 01 • Duration: 50 min
NOTE🎯 Objectives
- Understand what an EC2 instance and its components are
- Launch an Ubuntu instance via the AWS console (step by step)
- Create an SSH key pair and connect to the VM
- Install an Nginx web server and access it over the Internet
- Stop and terminate the instance cleanly (to stay in Free Tier)
1. What is EC2?
EC2 = Elastic Compute Cloud. It is AWS's flagship service launched in 2006. It lets you rent virtual machines (Linux or Windows) by the minute.
⚡ Characteristics
🧱 Instance components
2. AMI — Amazon Machine Image
An AMI is the equivalent of a "bootable ISO image" prepared by AWS or the community. It contains the OS, bootloader, and sometimes pre-installed software.
| AMI | Ideal for | Free Tier |
|---|---|---|
| Amazon Linux 2023 | AWS-native production, performance, security | ✅ |
| Ubuntu Server 22.04 LTS | Familiarity, broad ecosystem, dev | ✅ |
| Debian 12 | Stable servers, classic packages | ✅ |
| Red Hat Enterprise Linux | Enterprises, commercial support | ❌ (license) |
| Windows Server 2022 | .NET apps, Active Directory | ✅ t3.micro |
| Ubuntu Pro | Security and 10-year support | ❌ (license) |
3. EC2 instance types
The instance type defines CPU, RAM, network, and disk. Format: family.size (e.g. t3.micro).
Main families
| Family | Use | Example |
|---|---|---|
| t (burstable) | Variable workloads (web, dev) | t3.micro, t3.medium |
| m (general) | Balanced CPU/RAM | m5.large, m6i.xlarge |
| c (compute) | Compute-intensive (encoding, ML inference) | c5.xlarge, c6i.4xlarge |
| r (memory) | Memory-intensive (Redis, in-memory DB) | r5.large, r6i.2xlarge |
| x (extra memory) | SAP HANA, huge in-memory workloads | x1e.32xlarge (3.9 TB RAM!) |
| i (NVMe storage) | NoSQL, local data warehouse | i3.xlarge, i4i.large |
| g, p (GPU) | ML training, rendering | g4dn.xlarge, p4d.24xlarge |
Available sizes (smallest to largest)
nano → micro → small → medium → large → xlarge → 2xlarge → 4xlarge → 8xlarge → 16xlarge → 32xlarge
Free Tier: t2.micro / t3.micro
| Characteristic | t3.micro |
|---|---|
| vCPU | 2 |
| RAM | 1 GB |
| Network | Up to 5 Gbps |
| EBS Free Tier storage | 30 GB |
| Free Tier cost | 750 h/month FREE (12 months) |
| Cost after Free Tier | ~0.01 $/h = ~7.5 $/month if always on |
4. Hands-on: launch a t3.micro Ubuntu instance
Step 4.1 — Start the wizard
1. AWS Console → search bar → "EC2" 2. Check region top right (e.g. eu-west-3 Paris) 3. Left menu → "Instances" → "Launch instances"
Step 4.2 — Configuration
| Parameter | Value |
|---|---|
| Name | my-first-server |
| Application and OS Images (AMI) | Ubuntu Server 22.04 LTS (Free Tier eligible) |
| Instance type | t3.micro (Free Tier eligible) |
| Key pair | "Create new key pair" → name : aws-course51 → type RSA, format .pem → Download |
| Network settings | "Allow SSH from My IP" (your IP only) "Allow HTTP from anywhere" |
| Configure storage | 1 × 8 GB gp3 (default) |
WARNING⚠️ Save the .pem immediately
The file
The file
aws-course51.pem will never be downloadable again. Place it in ~/.ssh/ (Mac/Linux) or C:\Users\<you>\.ssh\ (Windows).Step 4.3 — .pem file permissions (Linux/Mac)
mv ~/Downloads/aws-course51.pem ~/.ssh/ chmod 400 ~/.ssh/aws-course51.pem
Without chmod 400, SSH will refuse to connect with "permissions too open" error.
go-further
This article covers the most useful excerpts — the full AWS Cloud Fundamentals course (11 chapters, 33 lessons, corrected exercises and final project) takes you all the way.
./access-the-full-course free course: Mastering Claude CodeFAQ
How long does it take to learn AWS Cloud Fundamentals?
With a structured progression (11 chapters, 33 short practical lessons), you reach an operational level in a few weeks at 30–60 minutes per day. The key is to practice each concept immediately.
Are there any prerequisites?
Basic computer knowledge is enough. If you can use a terminal and read simple code, you are ready.
Where to start concretely?
Reproduce the commands in this article, then follow the full AWS Cloud Fundamentals course: it chains the 33 lessons in order, with exercises and a final project.
./read-also
→ Docker Containerization explained simply (with diagrams and real code)→ Mastering Linux explained simply (with diagrams and real code)→ Python Security Ports Linux: the 9 key steps to go from zero to operational📬 Want to receive this type of guide every week? Subscribe for free — real code, zero fluff.