Skip to main content

Documentation Index

Fetch the complete documentation index at: https://resources.devweekends.com/llms.txt

Use this file to discover all available pages before exploring further.

AWS Cloud Mastery

​
Welcome to AWS Cloud Mastery

This is a comprehensive, production-ready course designed to take you from AWS fundamentals to architecting enterprise-grade cloud solutions. Whether you’re preparing for AWS certifications, transitioning to cloud engineering, or building scalable systems at workβ€”this course has you covered.

40+ Hours of Content

Deep-dive tutorials covering every major AWS service

Hands-On Labs

Real-world projects you can add to your portfolio

Interview Ready

200+ interview questions with detailed answers

Architecture Patterns

Production-tested design patterns used at scale

​
Who Is This Course For?

Software Engineers

Developers wanting to understand cloud infrastructure and deploy applications at scale

Solutions Architects

Professionals designing systems for reliability, security, and cost efficiency

DevOps Engineers

Engineers automating infrastructure and building CI/CD pipelines

​
What You’ll Learn

By the end of this course, you will be able to:
1

Design Scalable Architectures

Build systems that handle millions of users using AWS best practices
2

Implement Security Best Practices

Secure your infrastructure with IAM, encryption, and network isolation
3

Optimize for Cost

Reduce AWS bills by 40-70% using right-sizing, reserved instances, and Spot
4

Automate Everything

Infrastructure as Code with CloudFormation, Terraform, and CDK
5

Pass AWS Certifications

Prepared for Solutions Architect Associate and Professional exams

​
Course Curriculum

​
Module 1: AWS Foundations

Core Concepts

AWS global infrastructure, regions, availability zones, pricing models, and the shared responsibility model
Topics Covered:
  • AWS Global Infrastructure deep-dive
  • Regions, Availability Zones, and Edge Locations
  • AWS Pricing Models (On-Demand, Reserved, Spot, Savings Plans)
  • The Shared Responsibility Model
  • AWS Well-Architected Framework introduction
  • Hands-on: Setting up your AWS account securely

​
Module 2: Compute Services

Compute Services

EC2, Lambda, ECS, EKS, Elastic Beanstalk, and Auto Scaling
Topics Covered:
  • EC2 instance types, AMIs, and launch configurations
  • Lambda functions, triggers, and best practices
  • Container orchestration with ECS and EKS
  • Auto Scaling groups and policies
  • Compute cost optimization strategies
  • Hands-on: Deploy a scalable web application

​
Module 3: Storage & Databases

Storage & Databases

S3, EBS, EFS, RDS, Aurora, DynamoDB, and ElastiCache
Topics Covered:
  • S3 storage classes, lifecycle policies, and security
  • EBS volume types and optimization
  • RDS Multi-AZ and Read Replicas
  • Aurora architecture and global databases
  • DynamoDB design patterns and capacity planning
  • Caching strategies with ElastiCache
  • Hands-on: Design a multi-tier data architecture

​
Module 4: Networking & Content Delivery

Networking

VPC, subnets, security groups, load balancing, Route 53, and CloudFront
Topics Covered:
  • VPC design and subnet strategies
  • Security groups vs NACLs
  • Application and Network Load Balancers
  • Route 53 routing policies and health checks
  • CloudFront distributions and caching
  • VPC Peering and Transit Gateway
  • Hands-on: Build a secure multi-tier VPC

​
Module 5: Security & Identity

Security & IAM

IAM, KMS, Secrets Manager, WAF, Shield, and compliance
Topics Covered:
  • IAM users, groups, roles, and policies
  • Policy evaluation logic and best practices
  • KMS encryption and key management
  • Secrets Manager and Parameter Store
  • AWS Organizations and Service Control Policies
  • Security monitoring with CloudTrail, Config, and GuardDuty
  • Hands-on: Implement zero-trust security architecture

​
Module 6: Well-Architected Framework

Well-Architected Framework

The 6 pillars for building reliable, secure, and efficient systems
Topics Covered:
  • Operational Excellence pillar
  • Security pillar
  • Reliability pillar
  • Performance Efficiency pillar
  • Cost Optimization pillar
  • Sustainability pillar
  • Hands-on: Conduct a Well-Architected Review

​
Module 7: Case Studies & Projects

Serverless Web App

Build a URL shortener with Lambda, API Gateway, and DynamoDB

3-Tier Web App

Deploy a production web application with EC2, RDS, and ElastiCache

​
πŸ† Why This Course Stands Out

FeatureThis CourseOther Courses
Real Architecture Diagramsβœ… Production-grade diagrams❌ Basic flowcharts
Interview Questionsβœ… 200+ with answers❌ Few or none
Code Examplesβœ… Python, TypeScript, Terraform❌ Console clicks only
Cost Analysisβœ… Detailed pricing breakdowns❌ Not covered
Case Studiesβœ… Multiple real-world projects❌ Toy examples
Updated for 2025βœ… Latest services & features❌ Outdated content

​
πŸ“‹ AWS Certifications Roadmap

This course prepares you for the following certifications:
CertificationLevelThis Course Covers
Cloud Practitioner🟒 Foundationalβœ… 100%
Solutions Architect Associate🟑 Associateβœ… 100%
Developer Associate🟑 Associateβœ… 85%
SysOps Administrator🟑 Associateβœ… 80%
Solutions Architect ProfessionalπŸ”΄ Professionalβœ… 70%
DevOps Engineer ProfessionalπŸ”΄ Professionalβœ… 60%
Certification Tip: The Solutions Architect Associate (SAA-C03) is the most valuable certification for career growth. This course covers all exam objectives in depth.

​
πŸ› οΈ Prerequisites

Before starting this course, you should have:
  • Basic understanding of networking (IP addresses, ports, HTTP)
  • Familiarity with at least one programming language (Python recommended)
  • An AWS account (free tier is sufficient for most labs)
  • Command line experience (bash/PowerShell)
No prior AWS experience required! We start from the fundamentals and build up to advanced architectures.

​
🎯 Learning Path

Follow this structured path for the best learning experience: 
Week 1-2: Foundations
β”œβ”€β”€ Core Concepts
β”œβ”€β”€ IAM & Security Basics
└── Hands-on: Account Setup

Week 3-4: Compute & Storage
β”œβ”€β”€ EC2 Deep Dive
β”œβ”€β”€ S3 & EBS
β”œβ”€β”€ Lambda Functions
└── Hands-on: Deploy Web App

Week 5-6: Databases & Networking
β”œβ”€β”€ RDS & DynamoDB
β”œβ”€β”€ VPC Architecture
β”œβ”€β”€ Load Balancing
└── Hands-on: Multi-Tier VPC

Week 7-8: Advanced Topics
β”œβ”€β”€ Security Deep Dive
β”œβ”€β”€ Well-Architected Framework
β”œβ”€β”€ Cost Optimization
└── Hands-on: Security Audit

Week 9-10: Projects & Certification Prep
β”œβ”€β”€ Case Studies
β”œβ”€β”€ Practice Exams
└── Final Project

​
πŸ’° AWS Free Tier

Most labs in this course can be completed using the AWS Free Tier:
ServiceFree Tier Allocation
EC2750 hours/month (t2.micro)
S35 GB storage
RDS750 hours/month (db.t2.micro)
Lambda1M requests/month
DynamoDB25 GB storage
CloudFront1 TB data transfer
Cost Alert: Always set up billing alarms and delete resources after labs to avoid unexpected charges.

​
Start Your Journey

Begin with Core Concepts

Start learning AWS fundamentals

Download Resources

Cheat sheets, diagrams, and study guides

​
Interview Deep-Dive

Strong Answer:
  • Week 1 β€” Discovery and quick wins. I would enable AWS Cost Explorer and pull the last 90 days of billing data. Then I would use Trusted Advisor and Compute Optimizer to identify idle and underutilized instances. In most environments, 15-25% of instances are running at under 5% CPU β€” those are candidates for immediate downsizing or termination. I would also check for unattached EBS volumes, unused Elastic IPs, and idle load balancers. At a previous company we found $3,200/month in orphaned resources in the first three days.
  • Week 2 β€” Tagging and accountability. I would implement a mandatory tagging strategy using AWS Config rules (required tags: Environment, Owner, CostCenter, Application). Without tags, you cannot attribute costs, and without attribution, nobody owns the waste. I would use Tag Editor for bulk tagging and set up SCP guardrails so new resources without tags get denied.
  • Week 3 β€” Reserved Instances and Savings Plans. For the baseline workload (the instances that run 24/7 and are not going away), I would purchase Compute Savings Plans covering roughly 60-70% of steady-state usage. That alone saves 30-40%. For batch workloads, I would move to Spot Instances with diversified instance pools.
  • Week 4 β€” Architecture optimization. Evaluate which workloads could move to Lambda or Fargate to eliminate idle capacity entirely. Set up automated start/stop schedules for dev/staging environments (most only need to run 10 hours/day, 5 days/week β€” that is a 70% reduction). Implement S3 lifecycle policies to move old data to Glacier.
  • The 40% target is aggressive but realistic. I have seen 45-55% reductions in environments with no prior optimization. The key is combining pricing optimization (RIs/Savings Plans) with architectural optimization (right-sizing, serverless, scheduling).
Follow-up: Your CFO asks why the bill went UP 15% the month after you bought Reserved Instances. What happened?The upfront or partial-upfront RI payment likely hit the billing cycle. Reserved Instances with All Upfront or Partial Upfront payment show the lump sum in the month of purchase. I would explain that the amortized monthly cost is what matters β€” show a 12-month projection demonstrating that the total annual spend will be 35-40% lower. This is why Savings Plans with No Upfront are sometimes preferred politically, even though All Upfront gives the deepest discount. I would also set up Cost Explorer’s amortized cost view so leadership sees the true monthly rate, not the cash-flow timing artifact.
Strong Answer:
  • Start serverless, graduate to containers. For the first phase (1K-50K users), I would build on API Gateway, Lambda, and DynamoDB. Zero idle cost, scales automatically, and the team ships features instead of managing infrastructure. At our scale, this costs under $100/month.
  • Design for the migration you know is coming. Structure the application as microservices from day one, even if they all run as Lambda functions initially. When a specific service hits Lambda’s limits (15-minute timeout, cold start sensitivity, or the cost crossover point around 1M+ invocations/day per function), you move that one service to Fargate without touching anything else.
  • Database strategy matters most. DynamoDB for the primary data store with single-table design. If they need relational queries, Aurora Serverless v2 (scales to zero, handles spikes). The database is the hardest thing to migrate later, so getting this right early is critical.
  • Networking and security foundations. Set up a proper VPC with public/private subnets across 3 AZs from day one. Use AWS Organizations with separate accounts for dev/staging/prod. Enable CloudTrail, GuardDuty, and Config immediately β€” security debt compounds faster than technical debt.
  • Cost guardrails from the start. AWS Budgets with alerts, SCP to restrict instance types in dev, and mandatory cost allocation tags. I have seen startups hit $20K/month bills within 6 months because nobody was watching.
Follow-up: At 500K users, their Lambda bill exceeds what the same workload would cost on Fargate. How do you make the migration decision?The crossover point depends on traffic pattern. For steady-state workloads running at high concurrency (thousands of concurrent invocations sustained for hours), Fargate becomes cheaper because you pay for the container, not per-invocation. I would calculate: (Lambda cost at current invocation rate + duration) vs (Fargate task cost at the needed concurrency). Typically the crossover is around 20-30% utilization of equivalent Fargate tasks. But cost is not the only factor β€” Fargate gives you longer execution times, larger packages, and WebSocket support. I would migrate the high-throughput API services first and keep the event-driven glue (S3 triggers, DynamoDB Streams processors) on Lambda where it naturally fits.
Strong Answer:
  • First 5 minutes β€” confirm the blast radius. Check if the deletion propagated to other regions. With DynamoDB Global Tables, deleting a replica table in one region does NOT delete other replicas. If the engineer deleted the entire global table (all replicas), that is catastrophic. Check CloudTrail immediately: filter for DeleteTable API calls to understand exactly what happened.
  • Immediate mitigation. If only the us-east-1 replica was removed, traffic is already failing over to other regions via Route 53 health checks (assuming they are configured). If not, manually update DNS to point to eu-west-1. Meanwhile, check if Point-in-Time Recovery (PITR) was enabled β€” if so, restore the table to the most recent recovery point (within the last 35 days, typically within 5 minutes of the deletion).
  • Restore process. PITR restore creates a new table, not the original. You need to recreate it with the same name, key schema, GSIs, and then re-add it as a replica to the global table. This process takes time depending on table size. For a 100GB table, expect 1-2 hours.
  • If PITR was not enabled. You are relying on backups. Check the last on-demand backup. If neither PITR nor backups existed, the data in that region is gone β€” you rebuild from the surviving replicas. This is a painful lesson that reinforces why PITR should be enabled on every production DynamoDB table, no exceptions.
  • Post-incident. Implement SCP to deny dynamodb:DeleteTable except from a specific CI/CD role. Add DeletionProtection (available since 2023) on all production tables. Require MFA for destructive operations. Conduct a blameless post-mortem.
Follow-up: How would you prevent this from happening again without slowing down legitimate deployments?Three layers. First, DynamoDB DeletionProtection set to true on all production tables β€” this requires an explicit API call to disable before deletion, which is a speed bump that catches accidents. Second, an SCP at the Organization level that denies dynamodb:DeleteTable and dynamodb:DeleteBackup for all roles except a dedicated break-glass role that requires MFA. Third, a pre-deployment validation step in the CI/CD pipeline that checks CloudFormation changesets for any resource deletions and requires manual approval if a DynamoDB table removal is detected. The goal is defense in depth: make it hard to do accidentally, easy to do intentionally with proper authorization.