Complete 80 Modules + Scenarios v6.0
Mission Control
🚀 Mastery Hub
Expert Deep Dives
🔐 IAM Mastery
⚙️ EC2 Mastery
📦 S3 Mastery
🐳 Containers (ECS/EKS)

The Complete AWS Mastery

Welcome to the definitive AWS resource. This guide combines foundational definitions for the entire 80-module ecosystem with battle-tested architectural solutions for high-stakes business problems.

1. 80 Foundational Reference

Fully searchable 80-module curriculum covering Global Infra to GenAI with definitions, diagrams, and key concepts.

2. Problem-Solution Playbook

Real-world high-stakes scenarios with diagrams, architectural strategies, and implementation code for core services.

IAM: Identity & Access Management

Definition: AWS IAM is a global service that helps you securely control access to AWS resources. It controls who is authenticated (signed in) and authorized (has permissions) to use resources.

Scratch Hierarchy & Identities

  • Root User: Complete control. Never use for daily tasks.
  • Users: Persistent identities for people or apps.
  • Roles: Temporary identities for services (EC2, Lambda) or cross-account access.
  • Policies: JSON documents defining "Who can do what".
[ User ] --(Identity Policy)--> [ Action ] <-- (Resource Policy) -- [ S3 Bucket ]
The Problem (Scenario)
"Our third-party auditor needs access to our logs, but we cannot create a permanent IAM user for them due to security compliance."
The Solution (Architectural Implementation)
Implement Cross-Account IAM Roles with External ID. This uses a Trust Relationship to allow the auditor's account to assume a role in your account securely.
Trust Policy (JSON)
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": { "AWS": "arn:aws:iam::AUDITOR_ID:root" },
    "Action": "sts:AssumeRole",
    "Condition": { "StringEquals": { "sts:ExternalId": "Secret_Audit_2026" } }
  }]
}

EC2: Elastic Compute Cloud

Definition: Amazon EC2 provides resizable compute capacity in the cloud. It eliminates your need to invest in hardware up front, allowing you to deploy virtual servers (instances) on-demand.

Detailed Storage & Networking

  • EBS: Persistent network storage. Survives instance termination.
  • Instance Store: Ephemeral, high-speed physical storage. Lost on stop/terminate.
  • Nitro System: Hardware-based virtualization for 100% performance efficiency.
The Problem (Scenario)
"CPU usage is low, but our processing backlog is growing in SQS. Traditional scaling is too slow to react to incoming message bursts."
The Solution (Architectural Implementation)
Use Target Tracking Scaling based on SQS Queue Depth. By calculating the "Backlog Per Instance," the ASG launches instances before the queue becomes a bottleneck.
AWS CLI Scaling Policy
aws autoscaling put-scaling-policy \
  --auto-scaling-group-name video-proc-asg \
  --policy-name sqs-target-tracking \
  --policy-type TargetTrackingScaling \
  --target-tracking-configuration '{"CustomizedMetricSpecification": {"MetricName": "BacklogPerInstance","Namespace": "App/Metrics","Statistic": "Average"},"TargetValue": 10.0}'

S3: Simple Storage Service

Definition: Amazon S3 is object storage built to store and retrieve any amount of data from anywhere. It offers 99.999999999% (11 9s) of durability.
The Problem (Scenario)
"Financial regulations require all documents to be replicated to a different region within 15 minutes, with full audit metrics."
The Solution (Architectural Implementation)
Deploy S3 Cross-Region Replication (CRR) with Replication Time Control (RTC). RTC provides an SLA-backed 15-minute window and publishes metrics to CloudWatch.
[ Primary: US-East-1 ] -- (RTC: 15 min SLA) --> [ Secondary: US-West-2 ] | [ CloudWatch Metrics ]

Containers: ECR, ECS & EKS

Expert Strategy: Containers on AWS involve artifact management (**ECR**) and orchestration (**ECS** for simplicity, **EKS** for open-standard Kubernetes).
The Problem (Scenario)
"Deployment updates are causing downtime. A buggy image crashed our fleet last night. We need zero-downtime, safe updates."
The Solution (Architectural Implementation)
Use ECS Blue/Green Deployments with AWS CodeDeploy. This launches a "Green" version, runs health checks on a test port, and then shifts traffic from "Blue" to "Green" automatically.
CodeDeploy AppSpec
version: 0.0
Resources:
  - TargetService:
      Type: AWS::ECS::Service
      Properties:
        TaskDefinition: "arn:aws:ecs:id:task-def/app:2"
        LoadBalancerInfo: {ContainerName: "web", ContainerPort: 80}