☁️ AWS Cloud Overview & Global Infrastructure#

Learning Objectives#

By the end of this chapter, you will:

  • Understand AWS Global Infrastructure (Regions, AZs, Edge Locations)
  • Navigate the AWS Management Console and CLI
  • Understand the AWS Well-Architected Framework
  • Set up billing alerts and cost management

1. AWS Global Infrastructure#

1.1 Regions#

AWS Regions are geographically distinct locations with multiple, isolated Availability Zones.

🌍 AWS Global Infrastructure

┌──────────────────────────────────────────────────────────┐
│                    AWS Cloud                             │
│                                                          │
│  ┌──────────┐  ┌──────────┐  ┌──────────┐               │
│  │ Region 1 │  │ Region 2 │  │ Region 3 │  ...           │
│  │ (e.g.,   │  │ (e.g.,   │  │ (e.g.,   │               │
│  │ us-east- │  │ eu-west- │  │ ap-south │               │
│  │ 1)       │  │ 1)       │  │ -1)      │               │
│  └────┬─────┘  └────┬─────┘  └────┬─────┘               │
│       │             │             │                      │
│  ┌────┴─────┐  ┌────┴─────┐  ┌────┴─────┐               │
│  │ AZ 1     │  │ AZ 1     │  │ AZ 1     │               │
│  │ AZ 2     │  │ AZ 2     │  │ AZ 2     │               │
│  │ AZ 3     │  │ AZ 3     │  │ AZ 3     │               │
│  └──────────┘  └──────────┘  └──────────┘               │
│                                                          │
│  Edge Locations (PoPs) ←→ CloudFront CDN                │
│  Regional Edge Caches                                    │
└──────────────────────────────────────────────────────────┘

Key Facts:

  • Region: A geographical area with 2-6 Availability Zones
  • AZ (Availability Zone): One or more discrete data centers with redundant power, networking, and connectivity
  • Edge Locations: CDN endpoints for CloudFront (more than 400+ globally)
  • Regional Edge Caches: Larger cache between CloudFront origin and Edge Locations

How to Choose a Region:

  1. Latency — Choose the closest region to your users
  2. Compliance — Data residency requirements (e.g., GDPR in Europe)
  3. Service Availability — Not all services are available in all regions
  4. Pricing — Prices vary by region

Exam Tip: You’ll need to know which services are global vs regional. Global services: IAM, Route53, CloudFront, WAF. Regional: everything else (EC2, S3, RDS, etc.)

1.2 Availability Zones (AZs)#

Each AZ is:

  • Physically isolated from other AZs
  • Connected via low-latency, high-bandwidth fiber
  • Designed for independent failure
  • Identified by region + letter (e.g., us-east-1a, us-east-1b)

Multi-AZ Architecture:

     ┌──────────────────────────────────────┐
     │          Region us-east-1            │
     │                                      │
     │  ┌──────────┐    ┌──────────┐        │
     │  │ AZ us-   │    │ AZ us-   │        │
     │  │ east-1a  │    │ east-1b  │        │
     │  │          │    │          │        │
     │  │ ┌──────┐ │    │ ┌──────┐ │        │
     │  │ │ EC2  │ │    │ │ EC2  │ │        │
     │  │ └──────┘ │    │ └──────┘ │        │
     │  │ ┌──────┐ │    │ ┌──────┐ │        │
     │  │ │ RDS  │◄├────┼─┤ RDS  │ │        │
     │  │ │(Pri) │ │    │ │(Stby)│ │        │
     │  │ └──────┘ │    │ └──────┘ │        │
     │  └──────────┘    └──────────┘        │
     └──────────────────────────────────────┘

1.3 Edge Locations vs Regional Edge Caches#

Feature Edge Location Regional Edge Cache
Purpose Content delivery (CDN) Caching larger content
Cache type TTL-based, smaller objects Larger objects, longer TTL
Write methods PUT/POST (API Gateway) Read-only cache

2. AWS Well-Architected Framework#

The 6 Pillars of the Well-Architected Framework — designed to help you build secure, high-performing, resilient, and efficient infrastructure:

graph TD
    WAF[AWS Well-Architected Framework]
    WAF --> OE[Operational Excellence]
    WAF --> SE[Security]
    WAF --> RE[Reliability]
    WAF --> PE[Performance Efficiency]
    WAF --> CO[Cost Optimization]
    WAF --> SU[Sustainability]

1. Operational Excellence#

Run and monitor systems to deliver business value

  • Automate changes with Infrastructure as Code (IaC)
  • Monitor with CloudWatch, CloudTrail
  • Improve processes through continuous feedback
  • Key services: CloudFormation, Systems Manager, Config, CloudWatch

2. Security#

Protect data, systems, and assets

  • IAM — Least privilege, MFA, password policies
  • Encryption — At rest (KMS) and in transit (TLS)
  • Detective controls — CloudTrail, GuardDuty, Config
  • Key services: IAM, KMS, Shield, WAF, GuardDuty, Security Hub

3. Reliability#

Recover from failures and mitigate disruptions

  • Automated backups — RDS automated backups, EBS snapshots
  • Multi-AZ — Deploy across multiple AZs
  • Graceful degradation — Circuit breakers, throttling
  • Key services: Route53, Auto Scaling, RDS Multi-AZ, Aurora

4. Performance Efficiency#

Use computing resources efficiently

  • Serverless — Lambda, Fargate
  • Auto Scaling — Match capacity to demand
  • Right-sizing — Choose appropriate instance types
  • Key services: Auto Scaling, ElastiCache, CloudFront, Lambda

5. Cost Optimization#

Avoid unnecessary costs

  • Right-sizing — Stop paying for over-provisioned resources
  • Reserved Instances / Savings Plans
  • Spot Instances — For fault-tolerant workloads
  • Key services: Cost Explorer, Compute Optimizer, Trusted Advisor

6. Sustainability (NEW!)#

Minimize environmental impact

  • SaaS optimization — Right-size resources
  • Region selection — Use regions with greener energy
  • Data lifecycle — Delete unused data
  • Key services: S3 Lifecycle, EFS IA, data lifecycle management

Exam Tip: Know the 6 pillars and which AWS services map to each pillar. The Sustainability pillar was added in 2021 and appears in exam questions. You’ll get scenario questions asking “Which pillar does this best practice belong to?”

3. AWS Management Interfaces#

3.1 AWS Management Console#

  • Web-based UI for managing AWS services
  • Supports multi-account management via AWS Organizations
  • IAM credentials — never use root account!

3.2 AWS CLI#

# List all EC2 instances
aws ec2 describe-instances --region us-east-1

# Create an S3 bucket
aws s3 mb s3://my-unique-bucket-name

# List S3 buckets
aws s3 ls

# Using profiles
aws s3 ls --profile production

3.3 AWS SDKs#

Available for: Python (boto3), JavaScript, Java, .NET, Go, Ruby, PHP, C++

# Python boto3 example
import boto3

s3 = boto3.client('s3', region_name='us-east-1')
response = s3.list_buckets()
for bucket in response['Buckets']:
    print(f'  {bucket["Name"]}')

3.4 AWS CloudShell#

Browser-based shell in the AWS Console — pre-authenticated with AWS CLI

4. AWS Account Setup & Best Practices#

Step 1: Create Root User#

  • Use a strong password + MFA
  • Never use root for daily tasks

Step 2: Create IAM Admin User#

aws iam create-user --user-name admin
aws iam attach-user-policy --user-name admin \
  --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
aws iam create-access-key --user-name admin

Step 3: Set Up Billing Alerts#

  1. Go to Billing → Budgets
  2. Create a budget (e.g., $10/month)
  3. Set alerts at 50%, 80%, 100%
  4. Subscribe email/SNS for notifications

Step 4: Enable CloudTrail#

aws cloudtrail create-trail --name management-trail \
  --s3-bucket-name my-cloudtrail-bucket --is-multi-region-trail
aws cloudtrail start-logging --name management-trail

5. AWS Free Tier Overview#

Service Free Tier Limits Duration
EC2 750 hours/month of t2.micro or t3.micro 12 months
S3 5 GB standard storage, 20K Get requests 12 months
RDS 750 hours/month of db.t2.micro 12 months
Lambda 1M requests/month Always free
DynamoDB 25 GB storage Always free
CloudWatch 10 metrics, 5 GB logs Always free

6. AWS Support Plans#

Plan Price Key Features
Basic Free Documentation, whitepapers, forums
Developer ~$29/mo Email support, 12hr response
Business ~$100/mo 24x7 chat/phone, 1hr response
Enterprise ~$15K/mo TAM, 15min response, Concierge

Exam Tip: Developer plan = general guidance (not best effort for prod). Business plan = production system down response in 1 hour. Enterprise = business-critical down in 15 min + TAM.

✅ Chapter Quiz#

  1. How many Availability Zones should a production application be deployed across for high availability?

    • A) 1
    • B) 2
    • C) At least 2
    • D) All AZs in the region

  2. Which AWS service is considered a GLOBAL service?

    • A) EC2
    • B) S3
    • C) IAM
    • D) VPC

  3. Which Well-Architected pillar focuses on using resources efficiently?

    • A) Operational Excellence
    • B) Security
    • C) Performance Efficiency
    • D) Cost Optimization

  4. Which support plan provides a Technical Account Manager (TAM)?

    • A) Developer
    • B) Business
    • C) Enterprise
    • D) Basic

  5. What is the primary difference between an Edge Location and a Regional Edge Cache?

    • A) Edge Locations are for writes, Regional Edge Caches are for reads
    • B) Regional Edge Caches have a larger cache than Edge Locations
    • C) Edge Locations are only in North America
    • D) There is no difference

  6. Which factors should be considered when choosing an AWS Region? (Select TWO)

    • A) Number of Edge Locations in the region
    • B) Data residency compliance requirements
    • C) Proximity to users for low latency
    • D) Number of AWS accounts in the region
    • E) Color of the region on the console

  7. How many Availability Zones does a typical AWS Region contain?

    • A) 1
    • B) 2 — 6
    • C) 10 — 15
    • D) Exactly 3

  8. Which AWS service provides content delivery through a global network of Edge Locations?

    • A) Amazon Route53
    • B) AWS Global Accelerator
    • C) Amazon CloudFront
    • D) AWS Direct Connect

  9. A solutions architect wants to distribute traffic across EC2 instances in multiple AZs. Which service should they use?

    • A) Amazon Route53
    • B) Application Load Balancer
    • C) AWS Global Accelerator
    • D) Amazon CloudFront

  10. Which Well-Architected pillar focuses on recovering from failures and mitigating disruptions?

    • A) Security
    • B) Reliability
    • C) Performance Efficiency
    • D) Operational Excellence

  11. Which service logs all API calls in an AWS account for auditing and compliance?

    • A) Amazon CloudWatch
    • B) AWS CloudTrail
    • C) AWS Config
    • D) Amazon GuardDuty

  12. What is the primary benefit of deploying an application across multiple Availability Zones?

    • A) Lower network latency
    • B) Protection against an AZ-level failure
    • C) Reduced compute costs
    • D) Simplified application code

  13. Which AWS Support plan provides a 15-minute response time for business-critical system downtime?

    • A) Basic
    • B) Developer
    • C) Business
    • D) Enterprise

  14. Which pillar of the Well-Architected Framework includes automating changes with Infrastructure as Code?

    • A) Security
    • B) Reliability
    • C) Operational Excellence
    • D) Cost Optimization

  15. What is the purpose of AWS Regional Edge Caches?

    • A) To serve as the origin for CloudFront distributions
    • B) To cache larger objects with longer TTLs between origin and Edge Locations
    • C) To replace CloudFront Edge Locations entirely
    • D) To store database backups

  16. Which service enables centralized management of multiple AWS accounts with Service Control Policies?

    • A) AWS IAM
    • B) AWS Organizations
    • C) AWS Cognito
    • D) AWS SSO

  17. How are Availability Zones physically connected to each other within a region?

    • A) Through the public internet
    • B) Through low-latency, high-bandwidth fiber
    • C) Through VPN connections
    • D) Through satellite links

  18. Which EC2 pricing model is most cost-effective for fault-tolerant workloads that can handle instance interruptions?

    • A) On-Demand
    • B) Reserved Instances
    • C) Spot Instances
    • D) Dedicated Hosts

  19. Which statement about CloudFront Edge Locations is correct?

    • A) Edge Locations are AWS data centers that run EC2 instances
    • B) Edge Locations are used exclusively for Route53 DNS resolution
    • C) Edge Locations are CDN endpoints that cache content closer to users
    • D) Edge Locations are only available in North America

  20. A company needs to meet data sovereignty requirements by ensuring data never leaves a specific geographic area. What should they do?

    • A) Use a single Availability Zone
    • B) Choose an AWS Region in the required geography
    • C) Use only Edge Locations
    • D) Enable S3 Transfer Acceleration

  21. Which AWS service can be used to create a customized cost and usage report with hourly granularity?

    • A) AWS Cost Explorer
    • B) AWS Budgets
    • C) AWS Cost and Usage Report
    • D) AWS Trusted Advisor

  22. An application needs a static IP address for whitelisting by third-party partners. Which AWS service provides static IPs that can be assigned to a load balancer?

    • A) Elastic IP Address
    • B) AWS Global Accelerator
    • C) Amazon Route53
    • D) AWS Direct Connect

  23. Which feature of a security group is evaluated when determining whether to allow incoming traffic?

    • A) The source IP address and port
    • B) The destination IP address and port
    • C) The instance ID
    • D) The subnet CIDR

  24. Which Well-Architected pillar includes implementing a strong identity foundation with IAM and MFA?

    • A) Operational Excellence
    • B) Security
    • C) Reliability
    • D) Performance Efficiency

  25. What is the maximum duration an AWS Lambda function can run?

    • A) 5 minutes
    • B) 15 minutes
    • C) 30 minutes
    • D) 60 minutes
📝 Answer Key
  1. C — At least 2 AZs for HA. You don’t need ALL AZs.
  2. C — IAM is global. EC2, S3, and VPC are regional services.
  3. C — Performance Efficiency is about using computing resources efficiently.
  4. C — Enterprise plan provides a TAM.
  5. B — Regional Edge Caches have a larger cache for bigger files.
  6. B, C — Data residency compliance and user proximity are key factors for region selection.
  7. B — AWS Regions contain between 2 and 6 Availability Zones.
  8. C — CloudFront is the AWS CDN service that uses Edge Locations for content delivery.
  9. B — Application Load Balancer distributes incoming traffic to targets across multiple AZs.
  10. B — The Reliability pillar focuses on recovery from failures and disruption mitigation.
  11. B — AWS CloudTrail records all API calls for auditing, compliance, and governance.
  12. B — Multi-AZ deployment provides high availability and fault tolerance against AZ failures.
  13. D — Enterprise Support offers 15-minute response for business-critical system downtime.
  14. C — Operational Excellence focuses on automating changes with IaC and monitoring.
  15. B — Regional Edge Caches cache larger objects between the origin and Edge Locations.
  16. B — AWS Organizations enables multi-account management and application of SCPs.
  17. B — AZs are connected via low-latency, high-bandwidth fiber within a region.
  18. C — Spot Instances offer significant discounts for fault-tolerant and flexible workloads.
  19. C — Edge Locations are CloudFront CDN endpoints that cache content closer to end users.
  20. B — Selecting an AWS Region in the required geography ensures data stays within geographic boundaries.
  21. C — AWS Cost and Usage Report provides the most detailed cost data with hourly granularity.
  22. B — AWS Global Accelerator provides static anycast IP addresses that serve as a fixed entry point for applications.
  23. A — Security Group inbound rules evaluate the source IP address, port, and protocol.
  24. B — The Security pillar includes identity and access management with least privilege, MFA, and IAM best practices.
  25. B — Lambda functions have a maximum execution timeout of 15 minutes (900 seconds).

📚 Additional Resources#

Next → IAM & Security

Backward 🚀 Start Here - Your AWS SAA-C03 Journey 🔐 IAM & Security Forward