ENGIMY.IO - CHEATSHEET
AWS × QUICK REFERENCE
REFERENCE v1.0

AWS Basics Quick Reference

Everything you need day‑to‑day – EC2, S3, RDS, Lambda, IAM, and more.

AWS Global Infrastructure

Regions
  • Geographic areas (e.g., us‑east‑1, eu‑west‑1, ap‑south‑1)
  • Independent and isolated
  • Choose region closest to users
  • Data sovereignty – choose based on compliance
  • Some services: IAM, Route 53 are global
Availability Zones (AZ)
  • Data centres within a region
  • Fault‑isolated (power, network, etc.)
  • Typically 3+ AZs per region
  • Low‑latency connectivity between AZs
  • Design for high availability: distribute across AZs

Core Services

Compute

  • EC2 – virtual machines (VMs)
  • Lambda – serverless functions
  • ECS/EKS – container orchestration
  • Elastic Beanstalk – PaaS for apps
  • Auto Scaling – scale EC2 instances

Storage

  • S3 – object storage
  • EBS – block storage (volumes)
  • EFS – shared file storage
  • Glacier – archival storage
  • Storage Gateway – hybrid storage

Database

  • RDS – relational (MySQL, PostgreSQL, etc.)
  • DynamoDB – NoSQL (key‑value)
  • ElastiCache – Redis/Memcached
  • Redshift – data warehouse
  • Aurora – high‑performance relational

Networking

  • VPC – virtual private cloud
  • Subnet – subnets within VPC
  • Internet Gateway – public internet access
  • Route 53 – DNS service
  • ELB – load balancing

Management

  • IAM – identity and access management
  • CloudWatch – monitoring and metrics
  • CloudTrail – API logging
  • Config – resource compliance
  • AWS Organizations – multi‑account management

Security

  • IAM – users, groups, roles, policies
  • KMS – key management service
  • Secrets Manager – secrets storage
  • Security Groups – firewalls (instance‑level)
  • Network ACLs – firewalls (subnet‑level)

EC2 – Elastic Compute Cloud

Instance Types
Family Use Case Examples
General Purpose Balanced (CPU/memory) t3, t4g, m7i
Compute Optimised CPU‑intensive c7i, c6g
Memory Optimised Memory‑intensive r7i, x2idn
Storage Optimised High I/O i4i, d3en
GPU ML, rendering g5, p4d
Pricing Models
  • On‑Demand – pay by the second
  • Reserved Instances – 1‑3 years (discount)
  • Spot Instances – spare capacity (up to 90% off)
  • Savings Plans – flexible commitment
  • Dedicated Hosts – physical server (license)

EC2 Launch Types

  • AMI – Amazon Machine Image (OS template)
  • Key Pair – SSH access (.pem file)
  • Security Group – firewall rules
  • User Data – bootstrap script on launch
  • EBS Volume – root and additional storage
  • Instance Metadatahttp://169.254.169.254/latest/meta-data/

EC2 Commands (CLI)

# List instances
aws ec2 describe-instances

# List instances with specific filters
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running"

# Launch an instance
aws ec2 run-instances \
    --image-id ami-0abcdef1234567890 \
    --instance-type t3.micro \
    --key-name my-key \
    --security-group-ids sg-12345678 \
    --subnet-id subnet-12345678 \
    --user-data file://user-data.sh

# Stop / Start / Terminate
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
aws ec2 start-instances --instance-ids i-1234567890abcdef0
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

# Connect via SSH
ssh -i my-key.pem ec2-user@public-ip

S3 – Simple Storage Service

S3 Storage Classes
Class Use Case Durability Availability
Standard Frequent access 99.999999999% 99.99%
Intelligent‑Tiering Unknown access patterns 99.999999999% 99.9%
Standard‑IA Infrequent access 99.999999999% 99.9%
One Zone‑IA Infrequent, non‑critical 99.999999999% 99.5%
Glacier Instant Archive (millisecond access) 99.999999999% 99.9%
Glacier Flexible Archive (minutes hours) 99.999999999% 99.9%
Glacier Deep Archive Long‑term archive 99.999999999% 99.9%
S3 Features
  • Bucket – container for objects
  • Object – file + metadata
  • Versioning – keep multiple versions
  • Lifecycle Rules – automate transitions
  • Static Website Hosting – serve HTML
  • Event Notifications – SNS, SQS, Lambda

S3 Commands (CLI)

# List buckets
aws s3 ls

# Create bucket
aws s3 mb s3://my-bucket --region us-east-1

# Upload file
aws s3 cp file.txt s3://my-bucket/
aws s3 cp file.txt s3://my-bucket/file.txt --storage-class STANDARD_IA

# Download file
aws s3 cp s3://my-bucket/file.txt ./file.txt

# Sync directory
aws s3 sync ./local-dir s3://my-bucket/remote-dir/

# Delete file
aws s3 rm s3://my-bucket/file.txt

# Delete bucket (force)
aws s3 rb s3://my-bucket --force

# Enable versioning
aws s3api put-bucket-versioning --bucket my-bucket --versioning-configuration Status=Enabled

IAM – Identity and Access Management

Key Components
  • User – individual person/application
  • Group – collection of users
  • Role – permissions for AWS services
  • Policy – JSON document defining permissions
  • Policy Types: AWS managed, customer managed, inline
Best Practices
  • Use MFA for all users
  • Use roles instead of access keys
  • Follow least privilege principle
  • Rotate access keys regularly
  • Use IAM Access Analyzer
  • Avoid using root account for daily work

IAM Policy Example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::my-bucket"
    }
  ]
}

IAM Commands (CLI)

# List users
aws iam list-users

# Create user
aws iam create-user --user-name alice

# Create access key
aws iam create-access-key --user-name alice

# Attach policy
aws iam attach-user-policy --user-name alice --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess

# Create role
aws iam create-role --role-name lambda-execution --assume-role-policy-document file://trust-policy.json

RDS – Relational Database Service

  • Engine Options: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, Aurora
  • Deployment Options: Single‑AZ, Multi‑AZ (HA), Read Replicas
  • Backups: Automated (7‑35 days), manual snapshots
  • Performance Insights: monitoring and diagnostics
  • Security: VPC, Security Groups, encryption at rest (KMS)

RDS Commands (CLI)

# List RDS instances
aws rds describe-db-instances

# Create RDS instance
aws rds create-db-instance \
    --db-instance-identifier mydb \
    --db-instance-class db.t3.micro \
    --engine postgres \
    --master-username admin \
    --master-user-password secret123 \
    --allocated-storage 20 \
    --vpc-security-group-ids sg-12345678

# Create snapshot
aws rds create-db-snapshot \
    --db-instance-identifier mydb \
    --db-snapshot-identifier mydb-snapshot-2024

# Restore from snapshot
aws rds restore-db-instance-from-db-snapshot \
    --db-instance-identifier mydb-restored \
    --db-snapshot-identifier mydb-snapshot-2024

Lambda – Serverless Functions

  • FaaS – Function as a Service
  • No server management
  • Pay per invocation and duration
  • Supports: Python, Node.js, Java, Go, .NET, Ruby
  • Max 15 minutes execution time
  • Integrates with: API Gateway, S3, DynamoDB, SNS, SQS

Lambda Commands (CLI)

# List functions
aws lambda list-functions

# Create function (Node.js)
aws lambda create-function \
    --function-name my-function \
    --runtime nodejs18.x \
    --handler index.handler \
    --role arn:aws:iam::123456789012:role/lambda-role \
    --zip-file fileb://function.zip

# Invoke function
aws lambda invoke --function-name my-function output.json

# Update function
aws lambda update-function-code --function-name my-function --zip-file fileb://function.zip

VPC – Virtual Private Cloud

VPC Components
  • VPC – isolated network (CIDR block)
  • Subnet – segment of VPC (public/private)
  • Internet Gateway – internet access
  • NAT Gateway – private to internet
  • Route Table – routing rules
  • Security Group – instance‑level firewall
  • Network ACL – subnet‑level firewall
VPC Example
// VPC CIDR
VPC: 10.0.0.0/16

// Subnets
Public Subnet A: 10.0.1.0/24 (us-east-1a)
Public Subnet B: 10.0.2.0/24 (us-east-1b)
Private Subnet A: 10.0.3.0/24 (us-east-1a)
Private Subnet B: 10.0.4.0/24 (us-east-1b)

// Internet Gateway → Public Subnets
// NAT Gateway → Private Subnets

AWS CLI Setup

# Install AWS CLI
pip install awscli --upgrade   # Python

# Configure credentials
aws configure
AWS Access Key ID: AKIA...
AWS Secret Access Key: ...
Default region name: us-east-1
Default output format: json

# Or with environment variables
export AWS_ACCESS_KEY_ID=AKIA...
export AWS_SECRET_ACCESS_KEY=...
export AWS_DEFAULT_REGION=us-east-1

Common AWS CLI Patterns

# Use --query for filtering (JMESPath)
aws ec2 describe-instances --query 'Reservations[*].Instances[*].[InstanceId,InstanceType,State.Name]' --output table

# Use --filter for filtering
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running"

# Use --no-paginate for large results
aws s3 ls --recursive --no-paginate

# Use --exact-timestamp for consistency

AWS Services Quick Comparison

Service Type Use Case
EC2 Compute Virtual machines, custom apps
Lambda Compute (serverless) Event‑driven functions, APIs
S3 Storage Object storage, static sites, data lake
RDS Database Relational databases (SQL)
DynamoDB Database NoSQL, key‑value, low‑latency
VPC Networking Isolated network, subnets
IAM Security Identity and access management
CloudWatch Monitoring Metrics, logs, alarms
SNS Messaging Notifications, pub/sub
SQS Messaging Queue, decouple services

AWS Best Practices

  • Design for failure – distribute across AZs, use auto‑scaling
  • Least privilege – IAM permissions, security groups
  • Monitor – CloudWatch, CloudTrail, AWS Config
  • Cost optimisation – use right‑sized instances, spot/reserved instances
  • Automate – CloudFormation, Terraform, CDK
  • Use managed services – RDS, DynamoDB, etc.
  • Implement backups – EBS snapshots, S3 versioning, RDS snapshots
  • Enable encryption – KMS, S3 SSE, EBS encryption
  • Use VPC – isolate resources, use private subnets
  • Tag resources – for cost allocation and management
  • Enable MFA – all IAM users, especially root
  • Use multi‑factor authentication – for critical operations

Free Tier Limits

  • EC2: 750 hours/month (t3.micro, t2.micro)
  • S3: 5 GB standard storage, 20,000 GET requests
  • RDS: 750 hours/month (db.t3.micro)
  • Lambda: 1 million requests/month
  • DynamoDB: 25 GB, 25 RCU/WCU
  • CloudWatch: 5 GB log data
  • Valid for 12 months (some services permanent)
📌 Quick Reference
EC2: Virtual machines – choose instance type, AMI, key pair
S3: Object storage – buckets, objects, versioning, lifecycle
IAM: Users, groups, roles, policies – least privilege
RDS: Managed relational databases – Multi‑AZ for HA
Lambda: Serverless functions – event‑driven, pay per invocation
VPC: Isolated network – subnets, IGW, NAT, security groups
CLI: aws configure, aws s3 cp, aws ec2 describe‑instances
Free tier: t3.micro EC2, S3 (5GB), RDS (750hrs), Lambda (1M requests)
← Back to All Cheatsheets