Skip to content
Knowledge base Updated: February 5, 2026

Practical tips for novice users of Amazon Web Services

Get started on your Amazon Web Services (AWS) adventure by learning about key services and best practices for using them.

Marcin Godula Marcin Godula

In today’s digital world, cloud computing has become a cornerstone of enterprise digital transformation. As a leader in this industry, Amazon Web Services (AWS) offers unparalleled capabilities, but these can seem overwhelming to those taking their first steps into this ecosystem. This guide is designed to walk beginners through the four key AWS services (EC2, S3, IAM and VPC), providing the practical knowledge needed to successfully get started with the platform.

Whether you’re a novice developer, an IT professional looking for new solutions, or a business owner considering a migration to the cloud, this guide will help you understand the fundamental concepts of AWS and avoid common pitfalls. You’ll also find a clearly defined learning path - from the most important basics to more advanced features, so you can develop your skills in AWS in a logical and structured way.

Shortcuts

Level of difficulty: This guide was written for people who have never used AWS before or have a very basic understanding of cloud computing. Sections containing more advanced concepts have been clearly marked as [MEDIUM ADVANCED].

What is Amazon Web Services and why should you use it?

Amazon Web Services is a comprehensive cloud services platform that offers more than 200 full-featured services from data centers around the world. AWS was founded in 2006 as Amazon’s internal infrastructure, which was later shared with other companies. Today it is the world’s largest cloud services provider, offering everything from simple data storage to advanced databases to artificial intelligence and machine learning.

There are many business benefits to using AWS that set the platform apart from the competition. First and foremost, the pay-as-you-go payment model eliminates the need for a large upfront investment - you only pay for the resources you actually use. AWS also allows you to instantly scale your infrastructure up or down depending on your current business needs. This flexibility is invaluable, especially for companies with fluctuating computing power needs.

Another key advantage is AWS’ global infrastructure, which enables you to expand your business into new markets without having to build your own data centers. With a presence in more than 25 geographic regions and 80 availability zones, you can deliver your services to users with minimal latency, regardless of their location. This makes AWS an ideal partner for companies with global ambitions.

AWS in a nutshell

  • Scale: More than 200 cloud services available globally

  • Flexibility: payment model for actual consumption (pay-as-you-go)

  • Scalability: Ability to adjust resources to meet needs in an instant

  • Global reach: Infrastructure in more than 25 regions and 80 accessibility zones

📚 Read the complete guide: Cyberbezpieczeństwo: Kompletny przewodnik po cyberbezpieczeństwie dla zarządów i menedżerów

How do I set up an AWS account and configure it securely?

Signing up for an AWS account is a simple process that begins with a visit to aws.amazon.com and clicking on the “Create AWS Account” button. During the registration process, you will need to provide your personal information, contact information and credit card details (even if you only plan to use services under a free plan). After verifying your identity, you will be given access to the AWS management console, which will be your main tool for configuring and managing services.

AWS account security should be an absolute priority from day one. The first step after creating an account should be to enable multi-factor authentication (MFA) for the root account. MFA adds an extra layer of security by requiring not only a password, but also a code generated by an app on the phone or a dedicated device. This simple setup drastically reduces the risk of unauthorized access, even if the password is compromised.

Another key step is to create separate user accounts using the AWS Identity and Access Management (IAM) service instead of using a master account for daily tasks. The master account should only be used for critical administrative operations and should be secured with a strong, unique password. Individual IAM accounts should be created for all team members with permissions limited to only those resources and activities that are necessary for their role - in accordance with the principle of least privilege.

Secure your AWS account

  • Step 1: Enable multi-factor authentication (MFA) for the master account

  • Step 2: Create individual IAM accounts for all users

  • Step 3: Use the principle of least privilege when granting access

  • Step 4: Regularly review and update security policies

What does the AWS Free Tier trial period include?

AWS Free Tier is an Amazon initiative that allows new users to explore and test AWS services for free for a limited time or within certain limits. The program is divided into three main categories: 12-month offers, always free offers and short-term offers. This allows beginners to gain hands-on experience with the platform at no cost, significantly lowering the barrier to entry into the world of cloud computing.

The 12-month offer, which is available from the moment you create an AWS account, allows you to use a limited number of popular services such as Amazon EC2 (750 hours per month of t2.micro or t3.micro instances), Amazon S3 (5GB of storage space), AWS Lambda (1 million free requests per month) or Amazon RDS (750 hours per month). These limits are sufficient to run simple applications or perform conceptual testing, which is ideal for those learning or considering migrating to AWS.

The Always Free offers are not time-limited and remain available even after the 12-month trial period. These include Amazon DynamoDB (25GB of storage), AWS Lambda (1 million free requests per month) or Amazon CloudWatch (10 custom metrics and 10 alerts), among others. Short-term offers, on the other hand, are promotions for selected services that are available for a specific period of time, often tied to the launch of a new service.

AWS Free Tier - what do you get?

  • 12-month offer: EC2 (750h/month), S3 (5GB), RDS (750h/month).

  • Always free offer: DynamoDB (25GB), Lambda (1 million requests/month).

  • Short-Term Offers: Periodic promotions for selected AWS services

  • Limits: Specific limits for each service - monitor your usage!

How to navigate the AWS Console interface as a beginner?

The AWS Management Console (AWS) is the central control point for all AWS services. At first glance, it may seem overwhelming due to the vast number of options available, but it has an intuitive interface that gets friendlier over time. The console’s home page includes a service finder, a list of recently used services and a favorites section that you can customize - it’s a good idea to include the services you use most often.

Navigation through the AWS console is streamlined with several key elements. The navigation bar at the top of the screen includes a services menu that groups all available services by functional category (e.g. compute, storage, databases). You’ll also find an account menu that allows you to manage your account, billing and preferences. Note the region selector in the upper right corner - it allows you to switch between AWS regions, which is key, since most resources are region-specific.

For novice users, AWS also offers helpful tools that make learning and navigation easier. AWS Resource Groups allows you to organize resources into logical groups, which is especially useful when the number of services you use grows. And the Dashboard of services such as EC2 or S3 includes a “Get Started” section with basic instructions and links to documentation. In addition, it’s a good idea to use AWS CloudShell, a terminal console-accessible tool that gives you access to the AWS CLI without having to install it locally.

Navigating the AWS Console

  • Service Finder: Quickly find the services you need

  • Customizing favorites: Add frequently used services to the “Favorites” section.

  • Region selector: Be sure to select the appropriate geographic region

  • Resource Groups: Group related resources for better organization

Which AWS services are most important to start?

As you begin your AWS adventure, you should focus on four fundamental services that form the basis of most cloud solutions. Mastering these services will give you a solid foundation of knowledge instead of a superficial knowledge of many solutions. These key services are: EC2, S3, IAM and VPC.

Amazon EC2 (Elastic Compute Cloud).

EC2 is the core computing service of AWS - they are simply virtual servers in the cloud. For beginners, it’s important to understand that an EC2 instance works just like a traditional server - it has an operating system (usually Linux or Windows), RAM, processor and disk (EBS). You can run any applications, web servers, databases or development environments on it.

Key EC2 concepts for beginners:

  • AMI (Amazon Machine Image) - a template containing the operating system and optionally installed software

  • Instance types - different configurations of processing power and memory (t2.micro is available in the free plan)

  • EBS volumes - virtual hard drives attached to instances

  • Security Groups - virtual firewalls that control traffic to and from instances

  • Elastic IP - fixed IP addresses that can be assigned to instances

Amazon S3 (Simple Storage Service)

S3 is a scalable solution for storing files (called “objects”) in the cloud. Unlike traditional file systems, S3 has a flat organizational structure - objects are stored in “buckets” (containers). S3 is ideal for storing backups, hosting static web pages, or sharing files.

Key S3 concepts for beginners:

  • Bucket - a container for objects with a unique global name

  • Object - a single file with data and metadata

  • Storage classes - different availability and cost options (Standard, Intelligent-Tiering, Glacier)

  • Bucket policies - rules for controlling access to the contents of the bucket

  • Static website hosting - ability to host websites directly from S3

AWS IAM (Identity and Access Management).

IAM is an identity and access management service - a fundamental element of security in AWS. It allows you to control who has access to AWS resources and how. For beginners, it is crucial to understand that you should never use the root account for day-to-day work.

Key IAM concepts for beginners:

  • Users - identities representing individuals or applications

  • Groups - collections of users with similar permissions

  • Roles - sets of permissions that can be temporarily assigned

  • Policies - JSON documents that define permissions

  • MFA (Multi-Factor Authentication) - an additional layer of security**.**

Amazon VPC (Virtual Private Cloud)

VPC is your private section of the AWS cloud, where you can define your own virtual network. For beginners, the most important thing to understand is that the VPC provides resource isolation and control over network configuration. The default VPC is created automatically in each AWS region.

Key VPC concepts for beginners:

  • Subnetworks - network segments (public with internet access and private)

  • Routing tables - rules for routing network traffic

  • Internet Gateway - enables communication with the Internet

  • NACL (Network Access Control Lists) - security rules at the subnet level.

  • Security Groups - instance-level security policies

AWS core services

  • EC2: Virtual servers - the foundation of computing services

  • S3: Scalable cloud file storage

  • IAM: Access management - the key to security

  • VPC: Your private network in the AWS cloud

How to configure the security group and IAM rules?

Security Groups in AWS function as virtual firewalls, controlling network traffic to and from resources such as EC2 instances. Each security group contains a set of rules that determine what traffic is allowed - based on protocol, port and source/destination. Configuration of security groups is based on the principle of implicit rejection - all traffic is blocked unless explicitly allowed by a rule. Correct configuration is key to securing applications - only those ports that are absolutely necessary should be opened (e.g. port 80 for HTTP or 443 for HTTPS for web servers).

AWS Identity and Access Management (IAM) is a service that enables secure access management to AWS resources. It allows you to create and manage users, groups and roles, and define precise permissions that define who has access to which resources. IAM policies are JSON documents that define permissions that can be assigned to users, groups or roles. They are built according to the “deny by default” model. - all actions are prohibited until they are explicitly allowed.

When configuring IAM, it’s a good idea to follow the principle of least privilege - users should only have access to those resources and activities that are necessary to perform their duties. It is also a good practice to group users with similar roles and assign permissions to groups instead of individual users, which greatly simplifies management. For advanced scenarios, consider using IAM roles that enable delegated access - for example, allowing an EC2 instance to access S3 resources without storing access keys.

Security configuration in AWS

  • Security Groups: define network traffic rules - open only necessary ports

  • IAM policies: use the principle of least privilege and role-based permissions

  • IAM groups: assign permissions to groups instead of individual users

  • IAM roles: use roles to securely delegate access between services

How to avoid unexpected costs in AWS?

Unexpected costs are one of the most common problems faced by new AWS users. The flexibility and scalability of the cloud, while being its advantages, can lead to situations where costs get out of control. The key to avoiding such surprises is to understand the AWS pricing model and actively monitor resource usage. For novice users, EC2 costs are often the biggest source of surprises - they are charged for every hour an instance runs, even if it does no work. Similarly, storage generates costs for every gigabyte of data stored.

The first step to controlling costs is to enable detailed financial reporting with AWS Cost Explorer and AWS Budgets. Cost Explorer allows you to analyze historical expenses by various dimensions (services, regions, tags) to help identify trends and anomalies. AWS Budgets, on the other hand, allows you to set alert thresholds that trigger email notifications when spending approaches a certain limit. For beginners, it is recommended to set a very low alert threshold (e.g., $10-20) to quickly catch unexpected cost increases.

Typical cost traps for beginners:

  • Forgotten EC2 instances - running an instance for testing and forgetting to shut it down can cost hundreds of dollars per month. The solution: create automatic schedules for shutting down test instances.

  • Unused EBS volumes - after deleting EC2 instances, their disks often remain and continue to generate costs. Solution: always check the “Delete on termination” option for volumes when creating an instance.

  • Redundant data replication in S3 - copying the same data to multiple regions or unnecessary replication. Solution: use a thoughtful data storage strategy.

  • Public IP addresses - static IP addresses take a toll, even when not assigned to running resources. The solution: release unused Elastic IPs.

  • Data transfer outside AWS - sending data from AWS to the Internet is expensive, especially for large volumes. The solution: use Amazon CloudFront to optimize transfer costs.

  • Resources in forgotten regions - create test resources in different regions and forget about them. Solution: limit yourself to one region to study.

A good practice for beginners is to establish “cost hygiene” - a weekly review of all resources and their costs. You should also learn to use the AWS CLI to quickly detect unused resources, e.g. the aws ec2 describe-instances —filters command “Name=instance-state-name,Values=running” will show all running instances. Also, set reminders in your calendar to check your AWS account and remove unneeded resources when your experiments are complete.

Cost control in AWS - essential practices

  • Monitoring: enable Cost Explorer and Budgets on day one

  • Alerting: Set alerts at very low thresholds ($10-20)

  • Regular reviews: Review all resources weekly - no less frequently!

  • Automated shutdown: Configure automatic shutdown of test resources

  • Tagging resources: Tag ALL resources with tags (e.g., “project,” “environment”)

  • Invoices: Analyze AWS monthly invoices in detail, looking for unusual costs

How do you monitor spending with AWS Budget?

AWS Budget is a powerful tool for proactively managing costs in Amazon’s cloud that allows you to set budgets for various expense categories and receive notifications when costs exceed or approach certain thresholds. Creating a budget starts by navigating to the AWS Billing and Cost Management console and then selecting the “Budgets” section. You can create different types of budgets: cost budgets (to monitor expenses), usage budgets (to track consumption of specific services) and reservation budgets (to monitor coverage and usage of reserved instances).

When configuring a budget, you have the option to specify the period (monthly, quarterly or yearly), the budget amount and detailed filters that allow you to monitor expenses for specific services, regions, tags or instance types. This granularity is particularly useful for companies wishing to track costs for individual projects or departments. The most important element of the budget is alert thresholds - you can set notifications to be sent when expenses reach a certain percentage of the budget (e.g. 50%, 80%, 100%). Notifications can be sent to email addresses or via Amazon SNS to other systems.

For comprehensive monitoring, it’s a good idea to set up several different budgets. In addition to the main monthly budget, consider setting up separate budgets for expensive services (e.g., EC2, RDS) or critical projects. You can also configure daily budgets, which help you quickly detect cost spikes before they become a major problem. AWS Budget also offers a “Budget Actions” feature that allows you to automatically take action (e.g., apply SCPs policies) when budgets are exceeded, providing an extra layer of protection against uncontrolled spending.

Effective use of AWS Budget

  • Different perspectives: Create budgets for totals, services and projects

  • Early alerts: Set alerts for 50%, 80% and 100% budget utilization

  • Frequency: Consider daily budgets for quick anomaly detection

  • Automation: Use Budget Actions to respond automatically

How to launch the first EC2 instance step by step?

Launching your first EC2 instance is a key step in your AWS journey to gain a practical understanding of how virtual servers work in the cloud. The process begins by going to the EC2 console in the selected region and clicking the “Launch Instance” button. The first decision is to choose Amazon Machine Image (AMI), a predefined template that includes the operating system and optional additional software. For beginners, a good choice is Amazon Linux 2 or Ubuntu, which offer a good balance between performance, security and ease of use.

The next step is to choose an instance type, which determines computing power, memory, disk space and network performance. For simple test applications, the t2.micro or t3.micro type, which qualify for the free AWS tier, will suffice. In the next steps, you configure the details of the instance - the number of instances, the VPC network, the subnet, the assignment of a public IP address and optional scripts that run at server startup. The key element is to configure the security group, which acts like a firewall - for the web server, you typically open ports 80 (HTTP) and 443 (HTTPS), and for remote SSH access port 22.

The last but very important step is to create or select a key pair (key pair), which will be used to securely log into the instance via SSH. After downloading the private key (.pem or .ppk) and launching the instance, wait a few minutes for it to initialize. After that, the instance will be available at the public DNS or IP address visible in the EC2 console. You can now connect to it using the SSH client (on Linux and macOS) or PuTTY (on Windows), using the key you downloaded earlier. After logging in for the first time, it’s a good idea to update your system right away and install any tools or applications you need.

Launching an EC2 instance

  • AMI choices: Amazon Linux 2 or Ubuntu for beginners

  • Instance type: t2.micro/t3.micro for testing (Free Tier)

  • Security: configure security group by opening only necessary ports

  • Access: Secure and store your SSH key in a safe place

What is S3 used for and how to manage file storage?

Amazon S3 (Simple Storage Service) is a foundational AWS service designed to store any amount of data in the form of objects. S3 is distinguished by unmatched durability (99.999999999%), high availability and almost unlimited scalability. Unlike traditional file systems, S3 uses an object-based architecture - files are stored as objects in containers called “buckets.” Each object consists of data, metadata and a unique identifier, and is accessed via a REST API or AWS console.

Storage management in S3 starts with the creation of a bucket, which must have a globally unique name. When you create a bucket, you specify the AWS region where it will be stored, which has implications for performance, cost and regulatory compliance. Once the bucket is created, you can upload objects (files) using the console, AWS CLI, SDK or directly through applications. For each object, you can set metadata, storage classes (affecting cost and availability) and optional encryption. S3 also offers versioning, which allows you to store multiple versions of the same object, which is invaluable in case of accidental deletion or overwriting of data.

Cost optimization in S3 is made possible by the strategic use of different classes of storage. The S3 standard offers the highest availability and is ideal for frequently used data. S3 Intelligent-Tiering automatically moves objects between access layers based on usage patterns. S3 Standard-IA (Infrequent Access) and S3 One Zone-IA are less expensive but with higher access fees, ideal for less frequently used data with fast access. S3 Glacier and S3 Glacier Deep Archive, on the other hand, offer the lowest storage costs for archived data, at the cost of access time calculated in hours or even days. In addition, you can configure lifecycle rules that automatically move or delete objects based on their age or access patterns.

Amazon S3 - key information

  • Structure: objects (files) stored in buckets

  • Availability: 99.99% for standard storage grade

  • Cost optimization: Choose the right storage classes for different data

  • Automation: Use lifecycle rules to manage data over time

How to automate tasks using AWS Lambda?

AWS Lambda is a serverless computing service that allows code to run without managing servers. Lambda functions execute code in response to events generated by other AWS services or external applications. This service automatically scales based on the number of requests, and you only pay for the time your code executes, making it ideal for automating tasks and building microservices.

Creating a Lambda function starts with selecting an execution environment (runtime) - Lambda supports popular programming languages such as Node.js, Python, Java, Go, Ruby or .NET Core. After selecting a runtime, you define a handler function, which is the entry point for your code. During configuration, you also specify the amount of memory allocated to the function (which also affects CPU power) and the maximum execution time (timeout). You can provide the function code directly in the AWS console, upload it as a ZIP package, or use the repository in AWS CodeCommit or on GitHub.

A key element of Lambda are triggers (triggers), which determine when a function should be executed. Typical triggers include events from services such as S3 (e.g., uploading a new file), DynamoDB (modifying data), API Gateway (HTTP requests), CloudWatch Events (scheduled tasks) or SNS (notifications). For example, you can create a Lambda function that automatically processes images after they are uploaded to an S3 bucket - resizing, adding watermarks or generating thumbnails. Other popular uses are automatic backups, cleaning up old data or sending notifications based on monitoring metrics.

Automation with AWS Lambda

  • Serverless architecture: No server management required

  • Triggers: Respond to events from different AWS services

  • Costs: Pay only for actual code execution time

  • Scaling: automatically adjusts to the number of requests

How to configure a cloud database using RDS?

Amazon RDS (Relational Database Service) is a managed database service that simplifies the configuration, operation and scaling of relational databases in the cloud. RDS eliminates complex administrative tasks such as software installation, update management, high availability configuration and backup. The service supports popular database engines, including MySQL, PostgreSQL, MariaDB, Oracle and Microsoft SQL Server, allowing easy migration of existing applications to the cloud.

The creation of an RDS database begins with the selection of a database engine and the determination of configuration details. Key parameters include the instance class (specifying computing power and memory), allocated disk space, storage type (general-purpose SSD or optimized IOPS SSD for higher performance) and the instance ID, database name and credentials. An important part of the configuration is also the connectivity section, where you specify the VPC, security groups and public availability of the database. For production environments, it is recommended to place databases in private subnets, without direct access from the Internet.

RDS offers a number of features to enhance database reliability and security. Multi-AZ deployment creates a synchronous replica of a database in a different availability zone, enabling automatic failover. Read Replicas allow the creation of a read-only database replica, which improves application performance by dispersing the load associated with read queries. RDS also provides automatic backups that can be kept for a specified retention period (up to 35 days) and used to restore the database to any point in time. In addition, you can configure database encryption with AWS KMS, which ensures data protection at rest.

Amazon RDS - key aspects

  • Managed service: AWS takes over administrative and maintenance tasks

  • Database engines: MySQL, PostgreSQL, Oracle, SQL Server, MariaDB

  • High availability: multi-AZ deployment for automatic failover

  • Security: Encryption, network isolation, automatic backups

How to secure access to AWS resources?

Comprehensive security of AWS resources requires a multi-layered approach that combines different services and best practices. The foundation of security on AWS is the Identity and Access Management (IAM) service, which allows precise control of access to resources. Implementing an effective IAM system starts with applying the principle of least privilege - users and systems should only have access to the resources they need to perform their tasks. Instead of granting permissions directly to users, it is better to create groups corresponding to roles in the organization and assign permissions to groups, which greatly simplifies management.

The second key aspect is network security, implemented mainly through the Virtual Private Cloud (VPC) service and security groups. VPC allows you to isolate resources in a private, virtual network, where you can control traffic using access control lists (ACLs) and routing tables. Security groups act like a firewall at the instance level, filtering incoming and outgoing traffic. A good practice is to block all traffic by default and open only the necessary ports for specific sources. For resources that do not require public access, it is recommended to place them in private subnets, with Internet access only through a NAT gateway or VPC endpoint.

Monitoring and auditing provide a third layer of security. AWS CloudTrail records all API calls to track configuration changes and user activity. Amazon GuardDuty analyzes CloudTrail logs, VPC and DNS flows for suspicious activity, providing continuous security monitoring. AWS Config allows you to assess, audit and evaluate resource configurations for compliance with internal policies and industry regulations. Data encryption, both at rest (using AWS KMS or native encryption options in services) and in transit (using TLS/SSL), is the final but equally important layer of protection.

Multi-layered security on AWS

  • Identity and access: user management with IAM and multi-factor authentication

  • Network: Isolation with VPC, traffic filtering with security groups and ACLs

  • Monitoring: continuous surveillance with CloudTrail, GuardDuty and Config

  • Data: Encryption at rest and in transit for all sensitive information

What is VPC and how to build a secure network infrastructure?

Amazon Virtual Private Cloud (VPC) is a service that enables the creation of isolated, virtual networks in the AWS cloud. VPC works like a traditional data center network, but with the added benefits of flexibility, scalability and advanced cloud security features. It allows full control over the network environment, including the selection of IP address ranges, creation of subnets, configuration of routing tables and network gateways. This control is the foundation for building a secure infrastructure on AWS.

Designing a secure VPC architecture starts with proper network segmentation. Public subnets should contain only those resources that require direct access from the Internet (e.g. load balancers, bastion servers), while internal resources (databases, application servers) should be placed in private subnets without direct access from the outside. For resources in private subnets that need access to external services, you can configure a NAT gateway. Alternatively, you can use VPC Endpoints, which provide private connections to AWS services without going over the Internet, increasing security and performance.

VPC’s traffic control is implemented through several mechanisms. Security groups act as a firewall at the instance level, filtering traffic based on protocol, port and source/destination. Network Access Control Lists (NACLs) act at the subnet level and enable an additional layer of control. Packet inspection can also be implemented using services such as AWS Network Firewall or partner solutions available in the AWS Marketplace. Advanced architectures can use Transit Gateways to connect multiple VPCs and local networks, with central management and traffic monitoring. For particularly sensitive systems, consider deploying a multi-region architecture to increase resilience to local failures.

Building a secure VPC infrastructure

  • Segmentation: allocate resources between public and private subnets

  • Traffic Control: Use security groups, NACL and AWS Network Firewall

  • Private Connections: Use VPC Endpoints for communication with AWS services

  • Monitoring: Enable Flow Logs to analyze network traffic

How to backup and restore data in AWS?

An AWS backup strategy should take into account different data types and recovery time objective (RTO) and recovery point objective (RPO) requirements. AWS offers a range of native backup services that can be tailored to meet specific needs. AWS Backup is a central backup management service that allows you to automate, schedule and monitor backups of various AWS resources, including EBS volumes, RDS instances, EFS file systems, DynamoDB tables and more. With AWS Backup, you can define backup plans, specify retention periods and manage data protection policies across your organization.

For certain types of resources, AWS offers dedicated backup mechanisms. For EC2 instances, you can create snapshots of EBS volumes, which store incremental copies of data in Amazon S3. EBS snapshots are consistent at the block level, which means they may require additional steps to ensure application consistency (such as stopping the database before the snapshot is executed). Amazon RDS provides automatic backups to restore the database to any point in time within the retention period (up to 35 days). For the DynamoDB table, there are on-demand backups and Point-in-Time Recovery, which allows restoring the table to the state of the last 35 days.

Restoring data from backups depends on the type of resource and the backup mechanism. New volumes or AMIs (Amazon Machine Images) can be created from EBS snapshots to run new EC2 instances. Restoring RDS databases can be done to a new instance or by replacing an existing one, with the ability to choose a specific point in time. In the case of DynamoDB, the restore creates a new table while retaining the original one, allowing for data verification before any replacement. For complex disaster recovery (DR) scenarios, consider using services such as AWS Elastic Disaster Recovery (formerly known as CloudEndure Disaster Recovery), which allows you to replicate entire servers to AWS and quickly switch over in the event of a disaster.

Create and restore backups in AWS

  • Central management: use AWS Backup to coordinate all backups

  • Automation: Schedule regular backups and define retention policies

  • Verification: regularly test the data restoration process

  • DR strategy: Define RTO/RPO and select appropriate backup mechanisms

How to optimize cloud storage costs?

Optimizing storage costs in AWS starts with understanding how different services charge and how data access patterns affect overall costs. With Amazon S3, a key component of optimization is using the right classes of storage. S3 Standard offers the highest availability at the highest cost, ideal for frequently used data. S3 Intelligent-Tiering automatically moves objects between tiers based on usage patterns, eliminating the need for manual management. For less frequently used data, consider S3 Standard-IA or S3 One Zone-IA classes, which offer lower storage costs at the expense of higher access fees. Archived data is best stored in S3 Glacier or S3 Glacier Deep Archive, which offer the lowest costs, but with longer access times.

Implementing object lifecycle policies is key to automating cost optimization. In S3, you can configure rules that automatically move objects between storage classes or delete them after a specified period of time. For example, application logs can be stored in S3 Standard for 30 days for quick access, then moved to S3 Standard-IA for another 60 days, and finally archived in S3 Glacier for 7 years before being deleted. Similarly, for EBS volumes and snapshots, regularly reviewing and deleting unused resources can significantly reduce costs - it’s worth automating this process through AWS Lambda scripts that respond to AWS Config or CloudWatch events.

Compression and deduplication are additional techniques for optimizing storage costs. For RDS databases, you can enable compression at the database engine level, which reduces storage and improves performance. For S3 objects, compressing files before transfer can significantly reduce storage and transfer costs. AWS Storage Gateway offers deduplication options for data transferred to the cloud, which is particularly beneficial for backups. It’s also worth considering services such as Amazon S3 Select or Amazon Athena, which allow you to perform queries directly on S3 objects, eliminating the need to download entire files for simple analysis.

Optimize storage costs

  • Storage Classes: Match S3 class to data access patterns

  • Lifecycle: Automatically transfer data between classes based on their age

  • Systematic reviews: Regularly identify and remove unused resources

  • Compression and deduplication: Reduce data storage without losing information

How do you scale resources in response to load?

Flexible scaling of resources in response to changing workloads is one of the biggest advantages of the AWS cloud. Auto Scaling is a key service for automatically adjusting the number of EC2 instances based on defined conditions. Auto Scaling configuration begins with the creation of a Launch Template or Launch Configuration, which defines instance parameters such as type, AMI, security groups or launch scripts. You then create an Auto Scaling group, for which you specify the minimum, target and maximum number of instances. Auto Scaling groups are usually integrated with the Elastic Load Balancing service, which evenly distributes traffic among all running instances.

Scaling can be implemented in two main ways: dynamically based on metrics or by schedule. Dynamic scaling policies respond to changes in metrics such as CPU utilization, number of requests or custom metrics from CloudWatch. For example, you can configure to add a new instance when average CPU utilization exceeds 70% for 5 minutes, and remove an instance when it drops below 30%. Scaling by schedule is ideal for workloads with predictable patterns, such as increasing the number of instances during business hours or before known periods of increased traffic, such as marketing promotions or events.

The modern approach to scaling goes beyond the traditional Auto Scaling model, using serverless services and containerization. AWS Lambda automatically scales without configuration, running as many parallel instances as needed to handle all incoming events. Amazon ECS and EKS allow for container management, which can scale both horizontally (more instances) and vertically (larger instances). For databases, Amazon Aurora offers Auto Scaling, which automatically adjusts the number of read replicas based on workloads, and DynamoDB enables scaling of read and write units to match database throughput to application needs. These advanced scaling techniques allow you to build an architecture that maintains optimal costs while maintaining high performance and availability.

Scaling resources in AWS

  • Auto Scaling: Automatically adjust the number of EC2 instances according to the load

  • Scaling policies: Respond to metrics or plan to scale on schedule

  • Serverless: Use Lambda for automatic scaling without configuration

  • Containerization: use ECS or EKS for flexible container management

[INTERMEDIATE] How to build simple CI/CD pipelines in AWS?

Note: This section covers more advanced concepts. We recommend that you first familiarize yourself with the basic AWS services (EC2, S3, IAM, VPC) before delving into CI/CD automation.

Continuous Integration and Continuous Delivery (CI/CD) automates the process from code upload to deployment in a production environment. This process significantly accelerates application development and reduces the risk of deployment errors. AWS offers an integrated set of services for building CI/CD pipelines, which are particularly useful for teams already working in the AWS ecosystem.

At the heart of the CI/CD system in AWS is the CodePipeline service - a tool for orchestrating the entire deployment process. For beginners, the most important thing to understand is that CodePipeline combines all stages of the process into a single automated workflow. A pipeline consists of stages (stages), and each stage contains actions (actions). A typical pipeline contains stages:

  • Source - download the source code from the repository

  • Build - compiling and testing code

  • Deploy - deploy the application to the target environment

A basic CI/CD pipeline for a simple web application can be built using the following services:

  • AWS CodeCommit as a git repository (you can also use GitHub)

  • AWS CodeBuild to compile and run tests

  • AWS CodeDeploy to deploy applications to EC2 instances

For beginners, it’s a good idea to start by deploying a simple application on a single EC2 instance, as this allows you to understand the basic concepts without too much complexity. More advanced scenarios, such as blue/green or canary deployments, can be explored later, once the basic process is well understood.

Basic CI/CD pipeline in AWS for beginners

  • Start simple: First, master the deployment to a single EC2 instance

  • Focus on key services: CodePipeline, CodeCommit, CodeBuild, CodeDeploy

  • Use sample projects: AWS offers ready-made templates for different types of applications

  • Experiment in a secure environment: Build pipelines for test environments first

Where to find free AWS training and certification?

AWS offers a rich ecosystem of free training materials that can help both beginners and experienced professionals deepen their knowledge of the platform. AWS Skill Builder (formerly AWS Training and Certification) is a central place where you can find hundreds of free online courses, from the basics to advanced topics. Courses are available in a variety of formats, including interactive labs, video guides and technical documentation. Particularly valuable for beginners are training tracks that provide a structured approach to learning - for example, “AWS Cloud Practitioner Essentials” is a comprehensive course that introduces basic AWS concepts.

In addition to official AWS training courses, other free educational resources are worth taking advantage of. AWS offers regular webinars and virtual workshops, which can be found in its events calendars. AWS Workshops is a platform with interactive tutorials that guide you through practical scenarios. Amazon also provides thousands of articles, white papers and technical documentation in the AWS Knowledge Center and Developer Center. For hands-on learners, the AWS Free Tier service, which allows you to experiment with multiple services at no cost, and AWS Well-Architected Labs, which offer hands-on exercises based on AWS best practices, are indispensable.

AWS certification is a valuable step in confirming skills, but it already requires some financial investment. To prepare for certification at no extra cost, AWS provides official exam guides and sample questions for each certification. It’s also worth taking advantage of free trial exams offered by learning platforms. The AWS community is also a valuable resource - groups on LinkedIn, Reddit forums (r/aws), YouTube channels or podcasts dedicated to AWS provide plenty of free knowledge. Local AWS User Groups organize meetings where experts share their experience. For collaborative learning, AWS Community Builders and AWS Heroes are programs that recognize and support active members of the AWS community.

Free AWS educational resources

  • AWS Skill Builder: Official online courses and training paths

  • AWS Workshops: Interactive tutorials with practical scenarios

  • AWS documentation: a comprehensive technical knowledge base

  • AWS community: user groups, forums, podcasts and YouTube channels

How to prepare a test environment without the risk of errors?

Creating isolated test environments in AWS allows you to safely experiment with new services and configurations without the risk of affecting production systems. A key component of this approach is AWS account separation - the best practice is to use AWS Organizations to create separate accounts for production, test and development environments. This approach provides full isolation of resources, permissions and billing, and allows for the implementation of service control policies (SCPs) that can further restrict available services or regions in non-production accounts.

Infrastructure as Code (IaC) is a fundamental tool for creating repeatable and consistent test environments. AWS CloudFormation and AWS CDK allow you to define your entire infrastructure as code, which can be versioned, reviewed and tested automatically. With this approach, you can quickly create identical environments across different AWS accounts, and easily delete them once testing is complete. CloudFormation also allows you to create stacks with resource and cost limits, which helps avoid unexpected expenses during experiments. For more advanced scenarios, consider tools such as Terraform, which allow you to manage your infrastructure independently of your cloud provider.

Testing changes in a secure manner also requires appropriate deployment and monitoring strategies. AWS CloudFormation ChangeSet allows you to preview changes that will be made to your existing infrastructure before they are actually applied. AWS CloudTrail and AWS Config provide detailed auditing and monitoring of resource configuration changes. For testing applications in production-like environments, but with isolated traffic, it is worth using techniques such as canary testing or blue/green deployments in AWS CodeDeploy. If you need to test on production-like data, services such as AWS Database Migration Service allow you to create anonymized copies of databases, maintaining compliance with data protection regulations.

Secure test environments on AWS

Automatic cleanup: Implement mechanisms to remove test resources

Account separation: Use AWS Organizations for isolation of environments

Infrastructure as code: Define test environments in CloudFormation or CDK

Change Control: Use ChangeSets for secure deployment of modifications

Learn key terms related to this article in our cybersecurity glossary:

Learn More

Explore related articles in our knowledge base:

Explore Our Services

Need cybersecurity support? Check out:

Tags:

AWS Cybersecurity

Share:

Want to Reduce IT Risk and Costs?

Book a free consultation - we respond within 24h

Response in 24h Free quote No obligations
Book a Call +48 22 487 86 36

Or download free guide:

Download NIS2 Checklist