# Compute
EC2          # Virtual machines — most flexible
ECS/EKS      # Container orchestration (Docker/Kubernetes)
Lambda       # Serverless functions — no server management
Elastic Beanstalk # PaaS — deploy app without managing infra
Fargate      # Serverless containers

# Storage
S3           # Object storage — unlimited files
EBS          # Block storage (attached to EC2)
EFS          # Managed NFS (shared file system)
Glacier      # Archival storage — very cheap, slow retrieval

# Databases
RDS          # Managed relational DB (MySQL, PostgreSQL, etc.)
Aurora       # AWS-optimized MySQL/PostgreSQL
DynamoDB     # Managed NoSQL (key-value + document)
ElastiCache  # Managed Redis/Memcached
Redshift     # Data warehouse for analytics

# Networking
VPC          # Isolated virtual network
Route 53     # DNS service
CloudFront   # CDN
ALB/NLB      # Load balancers
API Gateway  # Managed API endpoint

# DevOps
CodePipeline # CI/CD pipeline
CodeBuild    # Build server
ECR          # Container registry
CloudFormation / CDK # Infrastructure as Code

# Instance types (pick the right type!)
t3.micro     # General purpose, burstable  (cheapest, dev)
m5.large     # General purpose             (balanced)
c5.xlarge    # Compute optimized           (CPU-heavy)
r5.2xlarge   # Memory optimized            (databases, cache)
g4dn.xlarge  # GPU                         (ML, graphics)

# Pricing models
On-Demand:    Pay by hour/second. No commitment. Most expensive.
Reserved:     1 or 3 year commitment. 40-75% cheaper.
Spot:         Unused capacity. Up to 90% cheaper! Can be interrupted.
Savings Plans: Flexible commitment by $ amount/hour.

# Security Groups (stateful firewall)
Inbound:  Allow HTTP (80), HTTPS (443), SSH (22) from 0.0.0.0/0
Outbound: Allow all (default)

# Key pairs — SSH access
ssh -i mykey.pem ec2-user@public-ip

# User data — run on first boot
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd

# S3 concepts
Bucket      # Container for objects. Globally unique name.
Object      # File + metadata. Up to 5TB.
Key         # File path: 'images/profile/user123.jpg'
Prefix      # Folder-like grouping: 'images/'

# S3 Storage Classes (by cost):
S3 Standard          # 99.99% availability. Frequent access.
S3-IA                # Infrequent Access. Cheaper, retrieval fee.
S3-Glacier Instant   # Archive. ms retrieval.
S3-Glacier Flexible  # Archive. Minutes-hours retrieval.
S3-Deep Archive      # 12hr retrieval. Cheapest.

# CLI commands
aws s3 ls                              # list buckets
aws s3 ls s3://mybucket/               # list objects
aws s3 cp file.txt s3://mybucket/      # upload
aws s3 cp s3://mybucket/file.txt .     # download
aws s3 sync ./local s3://mybucket/     # sync directory
aws s3 rm s3://mybucket/file.txt       # delete

# Boto3 (Python)
import boto3
s3 = boto3.client('s3')
s3.upload_file('file.txt', 'mybucket', 'file.txt')
obj = s3.get_object(Bucket='mybucket', Key='file.txt')
content = obj['Body'].read()

# RDS — Relational Database Service
Engines: MySQL, PostgreSQL, MariaDB, SQL Server, Oracle

# RDS features:
Multi-AZ: Synchronous standby in another AZ (automatic failover)
Read Replicas: Async copy for read scaling (up to 15 for Aurora)
Backups: Automated daily. Point-in-time recovery up to 35 days.
Encryption: At rest (KMS) and in transit (SSL)

# Aurora (AWS-optimized):
• 5x faster than MySQL, 3x than PostgreSQL
• Storage auto-scales up to 128TB
• Aurora Serverless: scales to zero (pay per request)

# DynamoDB (NoSQL)
Table → Items (rows) → Attributes (columns, flexible)
Primary key: Partition key OR Partition + Sort key
Provisioned: Set read/write capacity units (RCU/WCU)
On-Demand: Pay per request. Auto-scales.
Global Tables: Multi-region replication
DAX: In-memory cache for DynamoDB (microseconds)

# Connection string examples
postgresql://user:pass@endpoint:5432/dbname
mysql://user:pass@endpoint:3306/dbname

# VPC = Virtual Private Cloud
# Your isolated section of AWS cloud

VPC: 10.0.0.0/16           (65,536 IPs)
├── Public Subnet: 10.0.1.0/24   (internet accessible)
│   ├── Load Balancer
│   └── Bastion Host (jump server)
├── Private Subnet: 10.0.2.0/24  (app servers)
│   └── EC2 Auto Scaling Group
└── Private Subnet: 10.0.3.0/24  (databases)
    └── RDS Multi-AZ

# Internet access
Internet Gateway → Public subnet (direct)
NAT Gateway → Private subnet (outbound only, no inbound)

# Security
Security Group: Instance-level, stateful, allow only
Network ACL:    Subnet-level, stateless, allow + deny

# VPC Peering: connect two VPCs
# Transit Gateway: hub connecting many VPCs/on-prem
# VPN: encrypted tunnel to on-premises
# Direct Connect: dedicated physical connection to AWS

# Lambda: run code without managing servers
# Event-driven. Max 15 min per invocation.
# Automatic scaling (0 to thousands concurrent)

# Trigger sources:
# API Gateway, S3 events, DynamoDB Streams,
# SQS, EventBridge, CloudWatch Events, SNS

# Node.js Lambda function
exports.handler = async (event, context) => {
  console.log('Event:', JSON.stringify(event));

  // Process event
  const body = JSON.parse(event.body || '{}');

  return {
    statusCode: 200,
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ message: 'Success', data: body })
  };
};

# Python Lambda function
def handler(event, context):
    import json
    return {
        'statusCode': 200,
        'body': json.dumps({'message': 'Hello!'})
    }

# Common pattern: API Gateway → Lambda → DynamoDB
# Pricing: pay per invocation + compute time (GB-seconds)

# ECR — Elastic Container Registry
aws ecr create-repository --repository-name myapp
aws ecr get-login-password | docker login --username AWS --password-stdin 
docker build -t myapp .
docker tag myapp:latest /myapp:latest
docker push /myapp:latest

# ECS — Elastic Container Service (AWS-native)
# Task Definition = blueprint (image, CPU, memory, ports)
# Service = how many tasks to run, auto-healing
# Fargate launch type = serverless (no EC2 to manage)

# EKS — Elastic Kubernetes Service
# Managed Kubernetes control plane
# You manage worker nodes (EC2 or Fargate)
exctl create cluster --name myapp --region us-east-1
kubectl get nodes
kubectl apply -f deployment.yaml
kubectl get pods

# Docker Compose → ECS (with Compose CLI)
docker compose up              # local
docker compose --context ecs up  # deploy to ECS!

# AWS CodePipeline — fully managed CI/CD
# Source → Build → Test → Deploy

# CodePipeline stages:
# 1. Source: CodeCommit, GitHub, S3
# 2. Build: CodeBuild
# 3. Deploy: CodeDeploy, ECS, Lambda, Elastic Beanstalk

# buildspec.yml (CodeBuild)
version: 0.2
phases:
  install:
    runtime-versions:
      nodejs: 20
    commands:
      - npm install
  build:
    commands:
      - npm run build
      - npm test
  post_build:
    commands:
      - docker build -t myapp .
      - docker push /myapp:latest
artifacts:
  files:
    - '**/*'

# GitHub Actions (popular alternative)
# .github/workflows/deploy.yml
name: Deploy
on: [push]
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: aws-actions/configure-aws-credentials@v2
        with: { aws-access-key-id: ..., aws-region: us-east-1 }
      - run: |  
          docker build -t myapp .
          docker push /myapp:latest
          aws ecs update-service --force-new-deployment