#Aws
118 posts

Infra skeleton — deploying FastAPI/Django on ECS Fargate
The flow of pushing a container image to ECR, writing a Task Definition, and bringing it up as an ECS Fargate Service behind an ALB. The chapter where you put a small blog API into a production environment for the first time.

Lambda Basics
The first button of AWS serverless. We cover Lambda's role (vs ECS / EC2), the runtime / handler / event / context model, synchronous / asynchronous / stream invocation, concurrency and cold starts, Reserved / Provisioned Concurrency, memory · time limits, logging and Layers, and cost.

Lambda in Depth — Cold Starts · SnapStart · Packaging · Observability
Adds a production-operations lens on top of Chapter 17's Lambda basics. Covers cold starts and SnapStart · Provisioned Concurrency, packaging with Layers and container images (one full FastAPI cycle), Lambda Powertools-based observability, combining with Step Functions, and the Lambda vs Fargate cost trade-off.

Monitoring — CloudWatch Alarms and X-Ray
Operational CloudWatch Logs Insights queries, the core metrics and alarm thresholds for ECS / RDS / ALB, SNS → Slack notifications, and capturing a slow request with X-Ray distributed tracing. Turning on the eyes of operations.

RDS — managed DB, backups, parameter groups
AWS's managed relational DB service, RDS. A comparison with a DB on EC2, automated backups and snapshots and PITR, Multi-AZ, parameter / option groups, and the operational flow of minor vs major upgrades.

RDS integration and migration operations
RDS Postgres Multi-AZ inside the VPC, Security Group design, injecting the password via Secrets Manager, the operational flow of Alembic / Django migrations, and a blue/green-compatible migration pattern, all in one place.

Route 53 — domains and DNS
AWS's managed DNS, Route 53. Domain registration and Hosted Zones, the difference between A / AAAA / CNAME / Alias records, and the Simple / Failover / Latency / Geolocation routing policies.

S3 — static hosting, presigned URLs
AWS's oldest object storage, S3. The shape of a bucket and the global uniqueness of its name, policies and Public Access Block, static site hosting, presigned URLs, and the patterns for lowering cost with storage classes.

Secrets Manager / Parameter Store
AWS's secret / configuration management, all in one place. We cover the difference in role between Secrets Manager and SSM Parameter Store, automatic rotation, fetching from code (boto3 / caching / Powertools), ECS and Lambda integration, IaC connection, separating secrets from configuration, and a cost comparison.

Security Basics — MFA, Key Rotation, Least Privilege
Enforcing MFA on root and IAM users, automating access-key rotation, checking permissions with IAM Access Analyzer, least-privilege patterns, and common incident cases — the security guardrails that hold up in operations.

Security Governance — Organizations · SCP · Account Monitoring
When and how to move from a single account to multi-account. This chapter lays out the structure of grouping accounts into OUs with AWS Organizations, how to set organization-wide guardrails with SCP (Terraform example), the Control Tower landing zone, how to turn GuardDuty · Security Hub · Config · Inspector on for the whole organization from a delegated administrator, connecting IAM Identity Center SSO, and the one-account → N-account migration pattern.

Step Functions Intro
The AWS workflow engine, all in one place. We cover the role of a State machine, the four states Task / Choice / Parallel / Map, Standard vs Express, the Amazon States Language (ASL), Lambda / ECS / SDK integration, Retry / Catch error handling, and patterns like Saga and Human-in-the-loop.