AWS Fundamentals: Cloud Computing Concepts Every Architect Must Know

Week 2 of AWS Solutions Architect Associate Preparation Series

Introduction

Before diving into specific AWS services and architectural patterns, every aspiring Solutions Architect must master the fundamental concepts that underpin cloud computing. This comprehensive guide covers the essential knowledge areas that form the foundation of AWS expertise and are crucial for the AWS Solutions Architect Associate certification.

Whether you're transitioning from on-premises infrastructure or beginning your cloud journey, understanding these core concepts will provide the conceptual framework needed to design robust, scalable, and cost-effective solutions on AWS.

1. Cloud Computing Service Models

Understanding the three primary cloud service models is essential for making informed architectural decisions about which AWS services to use for different scenarios.

Infrastructure as a Service (IaaS)

What it is: The foundational cloud computing model where you rent virtualized computing resources over the internet. You get virtual machines, storage, and networking capabilities without owning physical hardware.

Key Characteristics:

• Maximum control and flexibility over the computing environment

• You manage the operating system, middleware, runtime, and applications

• AWS manages the physical infrastructure, hypervisor, and data center facilities

AWS Examples:

• Amazon EC2: Virtual servers in the cloud

• Amazon EBS: Block storage volumes

• Amazon VPC: Virtual private cloud networking

• AWS Direct Connect: Dedicated network connections

When to Use:

• Migrating existing applications with minimal changes (lift-and-shift)

• Need for specific operating system configurations

• Applications requiring custom software installations

• Development and testing environments

Platform as a Service (PaaS)

What it is: A cloud computing model that provides a platform allowing customers to develop, run, and manage applications without dealing with the underlying infrastructure complexity.

Key Characteristics:

• Focus on application development rather than infrastructure management

• AWS manages the operating system, runtime environment, and middleware

• Built-in scalability, security, and maintenance features

AWS Examples:

• AWS Elastic Beanstalk: Application deployment and management

• AWS Lambda: Serverless compute functions

• Amazon RDS: Managed relational databases

• Amazon Aurora Serverless: On-demand database scaling

When to Use:

• Rapid application development and deployment

• Teams want to focus on code rather than infrastructure

• Applications with variable or unpredictable traffic

• Microservices architectures

Software as a Service (SaaS)

What it is: Complete software applications delivered over the internet, where the provider manages all aspects of the software and infrastructure.

Key Characteristics:

• Ready-to-use applications accessible through web browsers or APIs

• No installation, maintenance, or infrastructure management required

• Subscription-based pricing models

AWS Examples:

• Amazon WorkSpaces: Virtual desktop infrastructure

• Amazon Chime: Communications service

• AWS CloudFormation: Infrastructure as code (though it manages IaaS/PaaS resources)

When to Use:

• Standard business applications (email, collaboration, CRM)

• Quick deployment without development effort

• Predictable, standardized functionality requirements

2. AWS Global Infrastructure

AWS's global infrastructure is designed to provide high availability, fault tolerance, and low latency to customers worldwide. Understanding this infrastructure is crucial for designing resilient architectures.

AWS Regions

Definition: AWS Regions are separate geographic areas where AWS has data centers. Each Region is a separate geographical area with multiple, isolated data centers.

Key Facts:

• Currently 30+ Regions worldwide (as of 2024)

• Each Region is completely independent and isolated

• Data doesn't leave a Region unless you explicitly move it

• Different Regions may have different service availability and pricing

Selection Criteria:

1. Compliance and Data Sovereignty: Legal requirements for data location

2. Proximity to Users: Lower latency for better user experience

3. Service Availability: Not all services are available in all Regions

4. Cost: Pricing varies between Regions

Examples:

• us-east-1 (N. Virginia): Often the first to receive new services

• eu-west-1 (Ireland): Popular for European operations

• ap-southeast-1 (Singapore): Serves Asian markets

Availability Zones (AZs)

Definition: Availability Zones are one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region.

Key Characteristics:

• Each Region has multiple AZs (typically 3-6)

• AZs are physically separated (different buildings, different flood plains)

• Connected with high-bandwidth, low-latency networking

• Single points of failure are isolated to individual AZs

Architectural Importance:

• Distribute resources across multiple AZs for high availability

• RDS Multi-AZ deployments for database failover

• Application Load Balancers distribute traffic across AZs

• Auto Scaling Groups can span multiple AZs

Best Practice Example:

Region: us-west-2
├── AZ: us-west-2a (Web servers, Database primary)
├── AZ: us-west-2b (Web servers, Database standby)
└── AZ: us-west-2c (Web servers, Database read replica)

Edge Locations and CloudFront

Edge Locations: Points of presence (PoPs) where AWS caches content closer to end users for faster delivery.

Key Features:

• 400+ Edge Locations globally

• Used primarily by Amazon CloudFront (Content Delivery Network)

• Also support AWS Global Accelerator and Route 53

• Provide read and write capabilities for some services

Benefits:

• Reduced latency for content delivery

• Improved user experience for global applications

• DDoS protection and enhanced security

• Cost optimization through efficient content delivery

Local Zones and Wavelength

AWS Local Zones: Extensions of AWS Regions placed in metropolitan areas to provide single-digit millisecond latency.

AWS Wavelength: Embeds AWS compute and storage services within telecommunications providers' 5G networks.

3. AWS Shared Responsibility Model

The Shared Responsibility Model defines the security and operational responsibilities between AWS and the customer. This is a fundamental concept for any AWS architect.

AWS Responsibilities: "Security OF the Cloud"

AWS is responsible for protecting the infrastructure that runs all services offered in the AWS Cloud:

Physical Infrastructure:

• Physical security of data centers

• Hardware and software infrastructure

• Network infrastructure

• Virtualization infrastructure

Managed Services:

• Operating system patching for managed services (RDS, Lambda, etc.)

• Network configuration for AWS managed services

• Platform and application management for higher-level services

Customer Responsibilities: "Security IN the Cloud"

Customers are responsible for security configuration and management tasks:

Data and Access Management:

• Customer data encryption (in transit and at rest)

• Identity and Access Management (IAM)

• Operating system updates and security patches (for EC2)

• Network and firewall configuration

• Application-level security

Service-Specific Examples:

Amazon EC2:

• AWS: Physical security, hypervisor patching, network controls

• Customer: OS patching, application security, firewall rules, encryption

Amazon RDS:

• AWS: OS patching, database software installation, hardware maintenance

• Customer: Database user management, network access controls, encryption settings

Amazon S3:

• AWS: Infrastructure security, service availability

• Customer: Bucket policies, access controls, encryption, versioning settings

Compliance and Governance

Both parties share responsibility for compliance:

• AWS provides compliance certifications and audit reports

• Customers must configure services to meet their compliance requirements

• Regular security assessments and monitoring are joint responsibilities

4. AWS Well-Architected Framework

The AWS Well-Architected Framework provides architectural best practices across six key pillars. Understanding these pillars is essential for designing optimal solutions.

The Six Pillars

1. Operational Excellence

Focus: Running and monitoring systems to deliver business value and continually improving processes.

Key Principles:

• Perform operations as code (Infrastructure as Code)

• Make frequent, small, reversible changes

• Refine operations procedures frequently

• Anticipate failure and learn from operational events

AWS Services: CloudFormation, AWS Config, CloudTrail, CloudWatch

2. Security

Focus: Protecting information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Key Principles:

• Implement strong identity foundation

• Apply security at all layers

• Enable traceability

• Automate security best practices

• Protect data in transit and at rest

AWS Services: IAM, AWS KMS, CloudTrail, GuardDuty, Security Hub

3. Reliability

Focus: Ensuring workloads perform their intended functions correctly and consistently when expected.

Key Principles:

• Automatically recover from failure

• Test recovery procedures

• Scale horizontally to increase availability

• Stop guessing capacity requirements

AWS Services: Auto Scaling, CloudWatch, Route 53, Multi-AZ deployments

4. Performance Efficiency

Focus: Using computing resources efficiently to meet system requirements and maintaining efficiency as demand changes.

Key Principles:

• Democratize advanced technologies

• Go global in minutes

• Use serverless architectures

• Experiment more often

AWS Services: Lambda, CloudFront, ElastiCache, Auto Scaling

5. Cost Optimization

Focus: Running systems to deliver business value at the lowest price point.

Key Principles:

• Implement cloud financial management

• Adopt a consumption model

• Measure overall efficiency

• Stop spending money on undifferentiated heavy lifting

AWS Services: Cost Explorer, Trusted Advisor, Reserved Instances, Spot Instances

6. Sustainability

Focus: Minimizing environmental impacts of running cloud workloads.

Key Principles:

• Understand your impact

• Establish sustainability goals

• Maximize utilization

• Anticipate and adopt new, more efficient hardware and software offerings

AWS Services: EC2 Auto Scaling, Lambda, Graviton processors

5. Basic Networking Concepts

Networking forms the backbone of any cloud architecture. Here are the essential concepts every Solutions Architect must understand.

Virtual Private Cloud (VPC)

Definition: A logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.

Key Components:

• CIDR Blocks: IP address ranges for your VPC (e.g., 10.0.0.0/16)

• Subnets: Subdivisions of your VPC's IP address range

• Route Tables: Control traffic routing within your VPC

• Internet Gateway: Provides internet access to your VPC

Subnets

Public Subnets:

• Have a route to an Internet Gateway

• Resources can have public IP addresses

• Used for web servers, load balancers, NAT gateways

Private Subnets:

• No direct route to the Internet Gateway

• Resources typically have only private IP addresses

• Used for databases, application servers, internal services

Subnet Design Best Practices:

VPC: 10.0.0.0/16
├── Public Subnet (AZ-a): 10.0.1.0/24
├── Private Subnet (AZ-a): 10.0.2.0/24
├── Public Subnet (AZ-b): 10.0.3.0/24
└── Private Subnet (AZ-b): 10.0.4.0/24

Security Groups vs. NACLs

Security Groups (Instance-level firewalls):

• Stateful: Return traffic is automatically allowed

• Support only allow rules (deny rules implicit)

• Evaluated before reaching the instance

• Can reference other security groups

Network Access Control Lists (Subnet-level firewalls):

• Stateless: Must explicitly allow return traffic

• Support both allow and deny rules

• Processed in rule number order

• Applied at the subnet level

Common Networking Patterns

Internet Connectivity:

• Internet Gateway for public internet access

• NAT Gateway/Instance for private subnet internet access

• VPC Endpoints for private AWS service access

Hybrid Connectivity:

• VPN Gateway for encrypted connections over the internet

• Direct Connect for dedicated private connections

• Transit Gateway for complex multi-VPC architectures

6. Essential AWS Terminology Glossary

Core Infrastructure Terms

AMI (Amazon Machine Image): Pre-configured virtual machine templates used to launch EC2 instances.

Auto Scaling: Automatically adjusts the number of EC2 instances based on demand.

EBS (Elastic Block Store): Persistent block storage volumes for EC2 instances.

EFS (Elastic File System): Fully managed NFS file system for Linux-based workloads.

ELB (Elastic Load Balancer): Distributes incoming traffic across multiple targets.

Storage and Database Terms

S3 (Simple Storage Service): Object storage service for files, backups, and static websites.

RDS (Relational Database Service): Managed relational database service supporting multiple engines.

DynamoDB: Fully managed NoSQL database service.

Redshift: Data warehouse service for analytics workloads.

Security and Identity Terms

IAM (Identity and Access Management): Service for managing users, groups, and permissions.

KMS (Key Management Service): Managed service for creating and controlling encryption keys.

CloudTrail: Service that logs API calls and user activity across AWS services.

GuardDuty: Threat detection service using machine learning and anomaly detection.

Monitoring and Management Terms

CloudWatch: Monitoring and observability service for AWS resources and applications.

CloudFormation: Infrastructure as Code service for provisioning AWS resources.

Systems Manager: Unified interface for managing AWS resources and applications.

Trusted Advisor: Service providing best practice recommendations for cost, performance, and security.

Compute and Application Terms

Lambda: Serverless compute service that runs code without provisioning servers.

ECS (Elastic Container Service): Fully managed container orchestration service.

EKS (Elastic Kubernetes Service): Managed Kubernetes service.

Elastic Beanstalk: Platform for deploying and managing web applications.

7. Putting It All Together: Architectural Thinking

Design Principles for Cloud Architecture

Scalability: Design systems that can handle varying loads efficiently.

• Horizontal scaling (adding more instances) vs. Vertical scaling (larger instances)

• Use Auto Scaling Groups and Load Balancers

• Implement caching strategies with ElastiCache

Reliability: Build systems that recover gracefully from failures.

• Multi-AZ deployments for high availability

• Regular backups and disaster recovery plans

• Circuit breakers and graceful degradation patterns

Security: Implement defense in depth across all layers.

• Principle of least privilege for IAM policies

• Encryption in transit and at rest

• Network segmentation with VPCs and security groups

Cost Optimization: Balance performance and cost effectively.

• Right-sizing instances based on actual usage

• Using Reserved Instances for predictable workloads

• Implementing lifecycle policies for storage

Common Architectural Patterns

Three-Tier Architecture:

Internet Gateway
    ↓
Application Load Balancer (Public Subnets)
    ↓
Web/App Servers (Private Subnets)
    ↓
Database Layer (Private Subnets, Multi-AZ)

Microservices Architecture:

• API Gateway for request routing

• Lambda functions for business logic

• DynamoDB for data persistence

• SQS/SNS for service communication

Data Lake Architecture:

• S3 for raw data storage

• AWS Glue for ETL processing

• Amazon Athena for ad-hoc queries

• QuickSight for visualization

8. Study Tips and Next Steps

For AWS SAA Certification Preparation

Master the Basics First:

• Spend time understanding the fundamental concepts in this blog

• Practice with the AWS Free Tier to gain hands-on experience

• Use AWS documentation as your primary reference

Key Areas to Focus On:

• VPC networking and security group configurations

• IAM policies and roles (principle of least privilege)

• Storage options and when to use each service

• Database choices and Multi-AZ vs. Read Replicas

Hands-On Practice:

• Build a simple three-tier web application

• Configure VPC with public and private subnets

• Set up RDS with Multi-AZ deployment

• Implement Auto Scaling and Load Balancing

Recommended Learning Path

1. Week 1-2: Master fundamentals (this blog's content)

2. Week 3-4: Deep dive into compute services (EC2, Lambda, containers)

3. Week 5-6: Storage and databases (S3, EBS, RDS, DynamoDB)

4. Week 7-8: Networking and content delivery (VPC, CloudFront, Route 53)

5. Week 9-10: Security and monitoring (IAM, CloudWatch, CloudTrail)

6. Week 11-12: Practice exams and review

Conclusion

These fundamental concepts form the building blocks of every AWS solution architecture. As you progress in your AWS journey, you'll see how these concepts interconnect and support more complex architectural patterns.

The key to success in cloud architecture is not just memorizing services and features, but understanding how to apply these fundamental principles to solve real business problems. Start with these basics, practice hands-on implementation, and gradually build complexity as your understanding deepens.

Remember: every expert AWS Solutions Architect started with these same fundamental concepts. Master them well, and you'll have a solid foundation for tackling any architectural challenge that comes your way.

What's Next?

In our next blog post, we'll dive deep into AWS Compute Services, exploring EC2, Lambda, and container services in detail. We'll cover instance types, sizing strategies, and when to choose each compute option for different architectural scenarios.

This blog is part of our comprehensive AWS Solutions Architect Associate preparation series. Subscribe to stay updated with weekly content designed to help you master AWS architecture concepts and pass your certification exam.