AWS (Amazon Web Services) is overwhelming. If you’re new to AWS you’ll know the feeling of being lost and not knowing where to start. But today, that’s going to change change. We’re going to clear all your uncertainties and discuss everything you need to know to start your learning journey on AWS.
By the end of this article you’ll have an understanding of the core services of AWS, you’ll know how to structure your learning on the core services and how to start AWS with hands-on experimentation.
Last week, I was at an AWS Game day. An AWS Game day is an organised event designed to be a fun hands-on way to learn AWS…
— Lou 👨💻🏋️♂️🎸🚴🏻♂️🏍 (@loujaybee) November 7, 2019
The game day was impressive. The organisers setup various different AWS accounts with different services setup for the teams to experiment with. The goal was for each team to build services and consume other teams services.
As I sat there with our teams junior developer I was reminded (again!) just how overwhelming AWS can be. We flicked back and forth between pages in AWS looking at our running servers, setting up new lambda functions, debugging application logs and system logs.
It’s hard to imagine how anyone can can keep track.
I found myself promising the junior developer I’d go back and explain it all — but we just didn’t find time. By the end of the whole experience it got me thinking: if I were to learn AWS again, how I would approach it? And when I came home, I set out to write this article to get it all down.
Today I want to cover three things that will give you the best possible chance of making sense of the chaos of AWS. If that sounds good for you, then let me start at the beginning and let’s discuss what AWS actually is.
What Is AWS?
AWS stands for Amazon Web Services. AWS is a range of computing products that allow you to operate tasks in the cloud, on demand. And currently, AWS have the biggest service offering of the cloud market, so you have everything from databases, to event queues, to basic website hosting.
But, AWS is designed to be quite low-level. It’s not designed for the casual website builder. AWS is built for large enterprises to build their entire business on. And for that reason, it’s not particularly easy to get started with.
Not only is AWS low-level, but there are many different services, and lots of the services even substitute each other. All this choice is only useful when you understand enough about the services and how they work.
So it seems that we’ve got our work cut out for us! With all these different AWS services, you might be wondering: Where do I even start? And if you are, it’s a very valid question that most newcomers to AWS have. Let me start to break down this puzzle some more so it makes more sense…
Where to Start Learning AWS?
Do you remember that I mentioned that there are three things you should focus on when learning AWS? Well now is a good time to introduce them, so let’s do that. The three areas you should focus on when starting AWS are:
- Learn core AWS services first
- Prioritise hands-on learning
- Structure your learning
Don’t worry if these seem a bit high level right now, because I’ll go through each one of them in a lot of detail. Let’s start right away with the first bullet point: learning core services first.
Tip 1: Learn Core AWS Services First
Within AWS many services are built on, or around a set of core services. But what do I mean by “core services”? And how is it possible for services to be “built on” other ones? The best way to understand how services built on one another is to take an example, so let’s do that.
In fact, just quickly, before I introduce this example let me stress an important point: try to not get too caught up on the specifics like the service abbrevations or how they work. It’s easy to get lost in these details. Just try to get the concept in your head. But—I digress—let’s get back to it.
AWS has a service called ECS (Elastic Container Service). ECS allows you to run container based services. When you run services on ECS, you can configure the host for your containers to run on. And one of the options is to run your host on EC2 (Elastic Cloud Compute). In this scenario, EC2 is the core service. And if you don’t know EC2 well, it’ll make working with ECS more difficult.
See what I mean? Once you learn certain services interacting with these other services becomes easier. Many, many services in AWS are just these sort-of periphery services which compliment and build on the others.
Which is why when it comes to learning AWS it’s really important to learn the core services first. If you spend too much effort learning periphery services you’ll struggle to see how the pieces fit together and you’ll have a much slower, more frustrating time learning AWS, trust me.
So I imagine by now you must be thinking: what are those core services? And let me get straight to the point and answer that question. The core services are: EC2, IAM and S3. But, I promised you we’d go into details, so let’s go through and understand what each of those service does, and why it’s a core service…
What is EC2?
We had to start with EC2.
EC2 is the flagship AWS product, it’s where most of AWS revenue comes from. Which begs the question, why is EC2 so popular?
Let’s start with the name: EC2 stands for Elastic Compute Cloud (I won’t get caught up discussing the terrible name). Think of EC2 as a way to run a computer in the cloud. You can launch Linux machines, or Windows machines all on top of EC2. EC2 is (literally) having a computer at the push of a button.
So why is EC2 so popular? The answer is: flexibility. On EC2 you can run many different types of workloads. You can install WordPress, to run a website. Or you can install a database and store data, all directly on an EC2 machine. In fact, nearly everything you can imagine can be ran on EC2.
But you might be wondering: If EC2 is so flexible, why don’t we run everything on EC2 and not have all these other services? And that’s a big question! The short answer though is that the other services are more focussed. For instance, you can run a database on EC2, but if you do that you’ll also need to manage it yourself. So AWS offer a service, RDS which takes away some of the headache of maintaining your own database. But guess what? AWS run it under the hood on EC2!
We could talk for a long time about EC2, but take my word for it: EC2 is very much a core service, and it’s worth your time to understand the nuances of how it works. But, we don’t only run machines in the cloud, and in AWS, we need other features such as permissions. And that’s where IAM comes in…
What is IAM?
AWS IAM is how you manage permissions and access in AWS. In order to launch your EC2 instance from before, you need to have a user that has the appropriate access to do so. And to get access you need to use AWS IAM.
But, IAM is deceptively complex. IAM isn’t only how users get access to do things in AWS, it’s also how you grant machines to talk to each other. For instance, if we look at EC2 again, an EC2 machine can be assigned a role. And that role then governs what that EC2 can and can’t do. Do you see what I mean about IAM being a core service?
So let’s say that you do start digging into IAM, what should you be looking to learn? And the answer is: understanding the different IAM objects and their relationships. Within IAM you’ve got: users, groups, roles and policies and they’re all related somehow. Let me give you an example…
A user can be in a group, and that group can have access policies which are granted to the user. But, a user can also have policies directly. Both of these approaches have pro’s and con’s. For instance, attaching a policy to a user directly means that you’ll have to update many users if you want to give them the same permissions. Understanding these nuances is key to getting your head around IAM.
Again, I hope you can start to see why IAM is a core service, and why it should be worth your time to learn. But with EC2 and IAM in the bag, let’s move on now to the third core service, and that’s S3. But what is S3?
What is S3?
S3 is another deceptively versatile service, which allows you to store files in a flexible way. S3 can be used to host websites, store assets such as images, and even log files for your application. If you ever need simple persistence for files, S3 is probably the answer.
The reason that S3 is a core service to wrap your head around is again because of it’s versatility. Remember when we talked about services being built on or around others? Let me give you a few examples where S3 is the basis for other AWS services.
For instance, if you want to use AWS Redshift (a querying tool) you’ll need to put your data in S3. Want to get access logs for your AWS account? The data will be in S3. Want a backup of your RDS database? S3 again. Want to host a static website? S3. Want to turn on logs for your load balancer? Yep, you guessed it: S3.
Okay, you get the point. But in summary, so many services in AWS are built around S3. So it makes sense to learn S3 first, otherwise working with other AWS services will be more difficult when you suddenly realise that you need to understand how S3 works to be productive.
And with that discussion about S3, that wraps up this whole section on core services. But, before we move on, let’s just briefly talk about some of the other services at a high level…
What Other AWS Services Should You Keep an Eye On?
It was a tough choice picking the “core” services, as it will depend on your industry and company which services you use. But almost certain that you’ll be using EC2, IAM and S3 at some point. But, they’re not the only services, so let’s quickly give a hat-tip to the other services that should be next on your hit list after those three. And they are…
- CloudWatch — The built-in AWS monitoring tool.
- Route 53 — Domain purchasing and DNS routing. Allows you to point your website or server to a domain name.
- RDS — The AWS hosted database solutions. Has a range of databases from SQL to document-based.
- CloudFormation — AWS built-in Infrastructure as Code. Create resources by writing your infrastructure as a JSON template and tell AWS to create it.
And that concludes part one, which is to focus on core services. The take home point is: AWS has central services that the other services depend on. If you establish which services these are, and prioritise focusing your time and energy on those, you’re going to get to grips with AWS much faster.
Now that you know the core services, you’ll want to know a place to start learning. But, before you dive in there are a few things you should know so that you don’t make some fatal mistakes in your setup…
Tip 2: Get Hands on With AWS
Put simply: the best way to get setup and learning AWS is by getting hands-on.
But in order to get hands-on, you’ll need to ensure that everything in your AWS account is setup correctly. Many first-time users of AWS make the same mistakes which usually leads to them getting a large bill, or getting their accounts hacked because they didn’t know about a few precautionary steps they should have taken to secure their accounts (yup, this was me too!).
Unfortunately everything doesn’t simply come out of the box with AWS your account setup, so you’re going to have to put in some work to get things setup how you need them.
But before we dive into the details, let me just share with you what we’re going to talk about:
- The root account, and why you shouldn’t use it.
- Access keys, and why you should be very careful where you store them.
- MFA, and how it protects your account from getting hacked.
- Infrastructure As Code, and how it makes your hands-on learning easier.
Sound good? Okay, let’s jump in…
The Root Account
Your root account is the one you sign up to AWS with. The reason the root account is so important is because it has god access to everything. If your root account is compromised the attacker can do pretty much whatever they want.
To counter-act the problem of getting your root account hacked, the first thing you’ll want to do when you’ve setup your AWS account is to create a new user and restrict it’s access. Then you will use that newly created user to access AWS, not your root account.
AWS Credentials and Access
The next topic we need to talk about, is your access to AWS. There are two main ways to interact with AWS, programatically, and through the interface. You’ll likely start off by poking around in the AWS interface for a while, but there’ll come a time where you need to access a resource and you’ll need programatic access.
And that’s where the idea of access keys comes in. An access key and secret is a pairing of two strings that are used to grant access to AWS. Access keys allow you to read information about your resources, publish resources, etc. Because they grant access you should be very careful where you put these keys.
MFA stands for multi-factor authentication. With MFA enabled you cannot access your account without having another physical device that you need with you.
When you enable MFA for your account it ensures that if your password is compromised, at least your attacker needs your phone, or a device to log into your account.
Enabling MFA is as simple as a few button clicks from within the IAM interface, so you’ll want to do right as you setup your account.
Learn Infrastructure First
When it comes to learning AWS, the instinctive approach is to start clicking around in the interface to create resources. But, in my experience the poke-around type of learning process can become very frustrating and difficult very quickly.
But why is clicking around so frustrating? And there are a few reasons. The UI for AWS can be difficult, and it often undergoes change — what you learn today might be gone tomorrow. Also behind the scenes AWS can do magical things like launching many services on your behalf — good luck finding those resources to delete them later.
So if clicking around in the interface can become painful, what is a better choice? Learning infrastructure-as-code. Infrastructure as code allows you to define your resources as code, and store them in version control. With infrastructure as code setup you can easily see the changes you’ve made, roll back and delete all your resources. Which can be far less stressful than randomly clicking around in AWS.
For this type of infrastructure as code (provisioning) you have two main choices: CloudFormation and Terraform. CloudFormation is an AWS owned tool, whereas Terraform is an open source alternative. I personally recommend Terraform as it’s not tied to the AWS ecosystem and has some nice functionality.
But whole topic of setting up your account with infrastructure as code is an article in itself (and of course, I’ve written those, too!). If you want to know why I recommend learning infrastructure as code before AWS, check out: 5 Important Reasons To Learn Terraform Before Cloud Computing. Or if you’re new to infrastructure as code, check out: Infrastructure As Code: A Quick And Simple Explanation. Finally, if you do follow my advice, and start with Terraform check out: Learn The 6 Fundamentals Of Terraform — In Less Than 20 Minutes.
Part 3: Structure Your AWS Learning
And the last of my three tips for today is to structure your learning. If you don’t structure your learning, you risk getting lost in a sea of details and spending more time learning unnecessary areas whilst neglecting the right ones. But how do we add that structure to our learning?
One of the best ways to add that structure is to take a look at the different AWS exams. Now, I know what you’re thinking: I don’t know the first thing about AWS, so why would I take an exam? And that’s a fair challenge, but let me explain why the exams are a great logical starting point.
AWS has done a lot of thinking about their exams, and as a result they’ve created a really useful structure. The exams start with foundational skills before becoming specialised in different areas. Which makes them a good reference to structure your learning on. Let’s me show you what I mean, and take a look at the various different exams…
Understanding the AWS exam structure
The AWS exams are broken down into different categories. The associate exams are your more entry level exams, and the professional exams build on top of the associate exams with more detail. You can also go down a specialty route and learning a specific topic like Networking or Security.
Take a look…
Okay, seeing all of the exams is nice, but we know that you’re just starting out, so where should you start as a beginner?
The best place to start as a complete beginner is with the Cloud Practitioner exam. The Cloud Practitioner exam is going to give you a solid basis in AWS. When you’ve completed the Cloud Practitioner exam, you can then take a look at one of the associate exams, Architect, SysOps or Developer depending on your preference.
So let’s say that I’ve done a decent job to convince you that the exams are a good place to start in structuring your learning. Where would you go to begin? One of the best current learning websites for these courses is ACloudGuru. ACloudGuru have a ton of resources on where to start. I’d recommend watching their certification prep guide then you could go ahead and try out the cloud practitioner course.
In the interest of fairness, there are other dedicated services for cloud training, like Cloud Academy and Linux Academy. Which might suit your needs better, so be sure to check those out too. I have just found ACloudGuru to be straight to the point, and consistent which is why I recommend it.
Learn AWS the Easy Way
And that concludes todays article, and our look at where you need to start when learning AWS. I really hope this helped bring you in the right direction when it comes to learning AWS, it can be seriously daunting, I know.
Since we covered a lot today, before you go, let me just recap the main things you should take away with you:
- Focus on the core services (EC2, S3 and IAM)
- Get hands-on and experiment!
- Use the AWS exams to give your learning structure.
If you stick to these three tips, you won’t go far wrong, and you’ll should find that mist of uncertainty slowly shrinking away, I promise! Just remember to setup your account properly (as we’ve discussed!) and you’re good to go.
Finally, before you go, if you’re new to cloud engineering and you’re looking for good places to start, be sure to check out my: Recommended Books & Courses For Cloud Engineering. You can also sign up to my monthly newsletter for updates on cloud engineering, and if you want to keep reading, serverless is a really cool tech to take a look at: Serverless: An Ultimate Guide.
Speak soon, Cloud Engineering friend!