> ## Documentation Index
> Fetch the complete documentation index at: https://resources.devweekends.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS Cloud Mastery

> The complete AWS course for Solutions Architects, DevOps Engineers, and Cloud Professionals

<Frame>
  <img src="https://mintcdn.com/devweeekends/sTu6A4whRFPJo0_g/images/aws/aws-hero.svg?fit=max&auto=format&n=sTu6A4whRFPJo0_g&q=85&s=4de4bd530de4bc83fcd0744812f5fc26" alt="AWS Cloud Mastery" width="1200" height="400" data-path="images/aws/aws-hero.svg" />
</Frame>

## Welcome to AWS Cloud Mastery

This is a **comprehensive, production-ready course** designed to take you from AWS fundamentals to architecting enterprise-grade cloud solutions. Whether you're preparing for AWS certifications, transitioning to cloud engineering, or building scalable systems at work—this course has you covered.

<CardGroup cols={2}>
  <Card title="40+ Hours of Content" icon="clock">
    Deep-dive tutorials covering every major AWS service
  </Card>

  <Card title="Hands-On Labs" icon="flask">
    Real-world projects you can add to your portfolio
  </Card>

  <Card title="Interview Ready" icon="clipboard-check">
    200+ interview questions with detailed answers
  </Card>

  <Card title="Architecture Patterns" icon="sitemap">
    Production-tested design patterns used at scale
  </Card>
</CardGroup>

***

## Who Is This Course For?

<CardGroup cols={3}>
  <Card title="Software Engineers" icon="code">
    Developers wanting to understand cloud infrastructure and deploy applications at scale
  </Card>

  <Card title="Solutions Architects" icon="compass-drafting">
    Professionals designing systems for reliability, security, and cost efficiency
  </Card>

  <Card title="DevOps Engineers" icon="gears">
    Engineers automating infrastructure and building CI/CD pipelines
  </Card>
</CardGroup>

***

## What You'll Learn

By the end of this course, you will be able to:

<Steps>
  <Step title="Design Scalable Architectures">
    Build systems that handle millions of users using AWS best practices
  </Step>

  <Step title="Implement Security Best Practices">
    Secure your infrastructure with IAM, encryption, and network isolation
  </Step>

  <Step title="Optimize for Cost">
    Reduce AWS bills by 40-70% using right-sizing, reserved instances, and Spot
  </Step>

  <Step title="Automate Everything">
    Infrastructure as Code with CloudFormation, Terraform, and CDK
  </Step>

  <Step title="Pass AWS Certifications">
    Prepared for Solutions Architect Associate and Professional exams
  </Step>
</Steps>

***

## Course Curriculum

### Module 1: AWS Foundations

<Card title="Core Concepts" icon="circle-nodes" href="/aws/core-concepts">
  AWS global infrastructure, regions, availability zones, pricing models, and the shared responsibility model
</Card>

**Topics Covered:**

* AWS Global Infrastructure deep-dive
* Regions, Availability Zones, and Edge Locations
* AWS Pricing Models (On-Demand, Reserved, Spot, Savings Plans)
* The Shared Responsibility Model
* AWS Well-Architected Framework introduction
* Hands-on: Setting up your AWS account securely

***

### Module 2: Compute Services

<Card title="Compute Services" icon="microchip" href="/aws/compute">
  EC2, Lambda, ECS, EKS, Elastic Beanstalk, and Auto Scaling
</Card>

**Topics Covered:**

* EC2 instance types, AMIs, and launch configurations
* Lambda functions, triggers, and best practices
* Container orchestration with ECS and EKS
* Auto Scaling groups and policies
* Compute cost optimization strategies
* Hands-on: Deploy a scalable web application

***

### Module 3: Storage & Databases

<Card title="Storage & Databases" icon="hard-drive" href="/aws/storage-databases">
  S3, EBS, EFS, RDS, Aurora, DynamoDB, and ElastiCache
</Card>

**Topics Covered:**

* S3 storage classes, lifecycle policies, and security
* EBS volume types and optimization
* RDS Multi-AZ and Read Replicas
* Aurora architecture and global databases
* DynamoDB design patterns and capacity planning
* Caching strategies with ElastiCache
* Hands-on: Design a multi-tier data architecture

***

### Module 4: Networking & Content Delivery

<Card title="Networking" icon="diagram-project" href="/aws/networking">
  VPC, subnets, security groups, load balancing, Route 53, and CloudFront
</Card>

**Topics Covered:**

* VPC design and subnet strategies
* Security groups vs NACLs
* Application and Network Load Balancers
* Route 53 routing policies and health checks
* CloudFront distributions and caching
* VPC Peering and Transit Gateway
* Hands-on: Build a secure multi-tier VPC

***

### Module 5: Security & Identity

<Card title="Security & IAM" icon="shield-halved" href="/aws/security">
  IAM, KMS, Secrets Manager, WAF, Shield, and compliance
</Card>

**Topics Covered:**

* IAM users, groups, roles, and policies
* Policy evaluation logic and best practices
* KMS encryption and key management
* Secrets Manager and Parameter Store
* AWS Organizations and Service Control Policies
* Security monitoring with CloudTrail, Config, and GuardDuty
* Hands-on: Implement zero-trust security architecture

***

### Module 6: Well-Architected Framework

<Card title="Well-Architected Framework" icon="building" href="/aws/well-architected">
  The 6 pillars for building reliable, secure, and efficient systems
</Card>

**Topics Covered:**

* Operational Excellence pillar
* Security pillar
* Reliability pillar
* Performance Efficiency pillar
* Cost Optimization pillar
* Sustainability pillar
* Hands-on: Conduct a Well-Architected Review

***

### Module 7: Case Studies & Projects

<CardGroup cols={2}>
  <Card title="Serverless Web App" icon="bolt" href="/aws/case-study-serverless">
    Build a URL shortener with Lambda, API Gateway, and DynamoDB
  </Card>

  <Card title="3-Tier Web App" icon="layer-group" href="/aws/case-study-three-tier">
    Deploy a production web application with EC2, RDS, and ElastiCache
  </Card>
</CardGroup>

***

## 🏆 Why This Course Stands Out

| Feature                        | This Course                     | Other Courses         |
| ------------------------------ | ------------------------------- | --------------------- |
| **Real Architecture Diagrams** | ✅ Production-grade diagrams     | ❌ Basic flowcharts    |
| **Interview Questions**        | ✅ 200+ with answers             | ❌ Few or none         |
| **Code Examples**              | ✅ Python, TypeScript, Terraform | ❌ Console clicks only |
| **Cost Analysis**              | ✅ Detailed pricing breakdowns   | ❌ Not covered         |
| **Case Studies**               | ✅ Multiple real-world projects  | ❌ Toy examples        |
| **Updated for 2025**           | ✅ Latest services & features    | ❌ Outdated content    |

***

## 📋 AWS Certifications Roadmap

This course prepares you for the following certifications:

| Certification                    | Level           | This Course Covers |
| -------------------------------- | --------------- | ------------------ |
| Cloud Practitioner               | 🟢 Foundational | ✅ 100%             |
| Solutions Architect Associate    | 🟡 Associate    | ✅ 100%             |
| Developer Associate              | 🟡 Associate    | ✅ 85%              |
| SysOps Administrator             | 🟡 Associate    | ✅ 80%              |
| Solutions Architect Professional | 🔴 Professional | ✅ 70%              |
| DevOps Engineer Professional     | 🔴 Professional | ✅ 60%              |

<Note>
  **Certification Tip**: The Solutions Architect Associate (SAA-C03) is the most valuable certification for career growth. This course covers all exam objectives in depth.
</Note>

***

## 🛠️ Prerequisites

Before starting this course, you should have:

* Basic understanding of networking (IP addresses, ports, HTTP)
* Familiarity with at least one programming language (Python recommended)
* An AWS account (free tier is sufficient for most labs)
* Command line experience (bash/PowerShell)

<Tip>
  **No prior AWS experience required!** We start from the fundamentals and build up to advanced architectures.
</Tip>

***

## 🎯 Learning Path

Follow this structured path for the best learning experience:

```
Week 1-2: Foundations
├── Core Concepts
├── IAM & Security Basics
└── Hands-on: Account Setup

Week 3-4: Compute & Storage
├── EC2 Deep Dive
├── S3 & EBS
├── Lambda Functions
└── Hands-on: Deploy Web App

Week 5-6: Databases & Networking
├── RDS & DynamoDB
├── VPC Architecture
├── Load Balancing
└── Hands-on: Multi-Tier VPC

Week 7-8: Advanced Topics
├── Security Deep Dive
├── Well-Architected Framework
├── Cost Optimization
└── Hands-on: Security Audit

Week 9-10: Projects & Certification Prep
├── Case Studies
├── Practice Exams
└── Final Project
```

***

## 💰 AWS Free Tier

Most labs in this course can be completed using the AWS Free Tier:

| Service    | Free Tier Allocation          |
| ---------- | ----------------------------- |
| EC2        | 750 hours/month (t2.micro)    |
| S3         | 5 GB storage                  |
| RDS        | 750 hours/month (db.t2.micro) |
| Lambda     | 1M requests/month             |
| DynamoDB   | 25 GB storage                 |
| CloudFront | 1 TB data transfer            |

<Warning>
  **Cost Alert**: Always set up billing alarms and delete resources after labs to avoid unexpected charges.
</Warning>

***

## Start Your Journey

<CardGroup cols={2}>
  <Card title="Begin with Core Concepts" icon="play" href="/aws/core-concepts">
    Start learning AWS fundamentals
  </Card>

  <Card title="Download Resources" icon="download" href="/aws/resources">
    Cheat sheets, diagrams, and study guides
  </Card>
</CardGroup>

***

## Interview Deep-Dive

<AccordionGroup>
  <Accordion title="You inherit an AWS environment with 200+ EC2 instances, no tagging strategy, and a $45,000/month bill that leadership wants cut by 40%. Walk me through your first 30 days.">
    **Strong Answer:**

    * **Week 1 -- Discovery and quick wins.** I would enable AWS Cost Explorer and pull the last 90 days of billing data. Then I would use Trusted Advisor and Compute Optimizer to identify idle and underutilized instances. In most environments, 15-25% of instances are running at under 5% CPU -- those are candidates for immediate downsizing or termination. I would also check for unattached EBS volumes, unused Elastic IPs, and idle load balancers. At a previous company we found \$3,200/month in orphaned resources in the first three days.
    * **Week 2 -- Tagging and accountability.** I would implement a mandatory tagging strategy using AWS Config rules (required tags: Environment, Owner, CostCenter, Application). Without tags, you cannot attribute costs, and without attribution, nobody owns the waste. I would use Tag Editor for bulk tagging and set up SCP guardrails so new resources without tags get denied.
    * **Week 3 -- Reserved Instances and Savings Plans.** For the baseline workload (the instances that run 24/7 and are not going away), I would purchase Compute Savings Plans covering roughly 60-70% of steady-state usage. That alone saves 30-40%. For batch workloads, I would move to Spot Instances with diversified instance pools.
    * **Week 4 -- Architecture optimization.** Evaluate which workloads could move to Lambda or Fargate to eliminate idle capacity entirely. Set up automated start/stop schedules for dev/staging environments (most only need to run 10 hours/day, 5 days/week -- that is a 70% reduction). Implement S3 lifecycle policies to move old data to Glacier.
    * **The 40% target is aggressive but realistic.** I have seen 45-55% reductions in environments with no prior optimization. The key is combining pricing optimization (RIs/Savings Plans) with architectural optimization (right-sizing, serverless, scheduling).

    **Follow-up: Your CFO asks why the bill went UP 15% the month after you bought Reserved Instances. What happened?**

    The upfront or partial-upfront RI payment likely hit the billing cycle. Reserved Instances with All Upfront or Partial Upfront payment show the lump sum in the month of purchase. I would explain that the amortized monthly cost is what matters -- show a 12-month projection demonstrating that the total annual spend will be 35-40% lower. This is why Savings Plans with No Upfront are sometimes preferred politically, even though All Upfront gives the deepest discount. I would also set up Cost Explorer's amortized cost view so leadership sees the true monthly rate, not the cash-flow timing artifact.
  </Accordion>

  <Accordion title="A startup asks you to design their AWS architecture from scratch. They expect to go from 1,000 users to 1 million in 12 months. How do you build for that growth without over-provisioning on day one?">
    **Strong Answer:**

    * **Start serverless, graduate to containers.** For the first phase (1K-50K users), I would build on API Gateway, Lambda, and DynamoDB. Zero idle cost, scales automatically, and the team ships features instead of managing infrastructure. At our scale, this costs under \$100/month.
    * **Design for the migration you know is coming.** Structure the application as microservices from day one, even if they all run as Lambda functions initially. When a specific service hits Lambda's limits (15-minute timeout, cold start sensitivity, or the cost crossover point around 1M+ invocations/day per function), you move that one service to Fargate without touching anything else.
    * **Database strategy matters most.** DynamoDB for the primary data store with single-table design. If they need relational queries, Aurora Serverless v2 (scales to zero, handles spikes). The database is the hardest thing to migrate later, so getting this right early is critical.
    * **Networking and security foundations.** Set up a proper VPC with public/private subnets across 3 AZs from day one. Use AWS Organizations with separate accounts for dev/staging/prod. Enable CloudTrail, GuardDuty, and Config immediately -- security debt compounds faster than technical debt.
    * **Cost guardrails from the start.** AWS Budgets with alerts, SCP to restrict instance types in dev, and mandatory cost allocation tags. I have seen startups hit \$20K/month bills within 6 months because nobody was watching.

    **Follow-up: At 500K users, their Lambda bill exceeds what the same workload would cost on Fargate. How do you make the migration decision?**

    The crossover point depends on traffic pattern. For steady-state workloads running at high concurrency (thousands of concurrent invocations sustained for hours), Fargate becomes cheaper because you pay for the container, not per-invocation. I would calculate: (Lambda cost at current invocation rate + duration) vs (Fargate task cost at the needed concurrency). Typically the crossover is around 20-30% utilization of equivalent Fargate tasks. But cost is not the only factor -- Fargate gives you longer execution times, larger packages, and WebSocket support. I would migrate the high-throughput API services first and keep the event-driven glue (S3 triggers, DynamoDB Streams processors) on Lambda where it naturally fits.
  </Accordion>

  <Accordion title="Your company runs a multi-region active-active architecture and a junior engineer accidentally deletes the DynamoDB Global Table in us-east-1 during a deployment. Walk me through the incident response.">
    **Strong Answer:**

    * **First 5 minutes -- confirm the blast radius.** Check if the deletion propagated to other regions. With DynamoDB Global Tables, deleting a replica table in one region does NOT delete other replicas. If the engineer deleted the entire global table (all replicas), that is catastrophic. Check CloudTrail immediately: filter for `DeleteTable` API calls to understand exactly what happened.
    * **Immediate mitigation.** If only the us-east-1 replica was removed, traffic is already failing over to other regions via Route 53 health checks (assuming they are configured). If not, manually update DNS to point to eu-west-1. Meanwhile, check if Point-in-Time Recovery (PITR) was enabled -- if so, restore the table to the most recent recovery point (within the last 35 days, typically within 5 minutes of the deletion).
    * **Restore process.** PITR restore creates a new table, not the original. You need to recreate it with the same name, key schema, GSIs, and then re-add it as a replica to the global table. This process takes time depending on table size. For a 100GB table, expect 1-2 hours.
    * **If PITR was not enabled.** You are relying on backups. Check the last on-demand backup. If neither PITR nor backups existed, the data in that region is gone -- you rebuild from the surviving replicas. This is a painful lesson that reinforces why PITR should be enabled on every production DynamoDB table, no exceptions.
    * **Post-incident.** Implement SCP to deny `dynamodb:DeleteTable` except from a specific CI/CD role. Add DeletionProtection (available since 2023) on all production tables. Require MFA for destructive operations. Conduct a blameless post-mortem.

    **Follow-up: How would you prevent this from happening again without slowing down legitimate deployments?**

    Three layers. First, DynamoDB DeletionProtection set to true on all production tables -- this requires an explicit API call to disable before deletion, which is a speed bump that catches accidents. Second, an SCP at the Organization level that denies `dynamodb:DeleteTable` and `dynamodb:DeleteBackup` for all roles except a dedicated break-glass role that requires MFA. Third, a pre-deployment validation step in the CI/CD pipeline that checks CloudFormation changesets for any resource deletions and requires manual approval if a DynamoDB table removal is detected. The goal is defense in depth: make it hard to do accidentally, easy to do intentionally with proper authorization.
  </Accordion>
</AccordionGroup>
