DevOps Cloud Computing

Cloud computing provides on-demand access to computing resources — servers, storage, databases, networking — over the internet. Instead of buying and maintaining physical hardware, teams rent exactly what they need, pay only for what they use, and scale up or down in minutes.

DevOps and cloud computing are deeply connected. Cloud platforms provide the infrastructure where CI/CD pipelines run, containers get deployed, and applications scale automatically. Amazon Web Services (AWS) is the market leader and the most common platform in DevOps roles today.

Cloud Service Models

ModelWhat It ProvidesExample
IaaS (Infrastructure as a Service)Raw virtual machines, networking, storageAWS EC2, Azure VMs
PaaS (Platform as a Service)Managed platforms to deploy apps without managing OSAWS Elastic Beanstalk, Heroku
SaaS (Software as a Service)Ready-to-use applications over the internetGmail, Salesforce, Jira
FaaS (Functions as a Service)Run individual functions on-demand, no server managementAWS Lambda, Azure Functions

Core AWS Services for DevOps

Compute

EC2 (Elastic Compute Cloud): Virtual servers in the cloud. Choose the operating system, CPU, memory, and disk size. EC2 instances are the most common way to run traditional applications on AWS.

Lambda: Serverless compute. Upload code and AWS runs it on demand — no server management, pay only per execution. Ideal for event-driven tasks, API backends, and automation scripts.

ECS / EKS: Container services. ECS runs Docker containers on AWS-managed infrastructure. EKS is managed Kubernetes for teams already using K8s.

Storage

S3 (Simple Storage Service): Object storage for files, images, backups, build artifacts, and static websites. Infinitely scalable, highly durable, and very low cost.

EBS (Elastic Block Store): Block storage attached to EC2 instances — like a hard drive for a virtual machine.

EFS (Elastic File System): Shared file storage that multiple EC2 instances can access simultaneously.

Networking

VPC (Virtual Private Cloud): A private, isolated network within AWS. All AWS resources live inside a VPC. Control which resources are public-facing and which are private.

Subnets: Divisions within a VPC. Public subnets have internet access. Private subnets do not — used for databases and internal services.

Security Groups: Virtual firewalls that control inbound and outbound traffic for EC2 instances and other resources.

Route 53: DNS service. Maps domain names (myapp.com) to IP addresses or load balancers.

CloudFront: A Content Delivery Network (CDN) that caches content at edge locations worldwide for faster delivery.

Databases

RDS (Relational Database Service): Managed MySQL, PostgreSQL, MariaDB, Oracle, or SQL Server. AWS handles backups, patching, and failover.

DynamoDB: Managed NoSQL database for high-performance, low-latency applications.

ElastiCache: Managed Redis or Memcached for in-memory caching — used to speed up applications significantly.

Identity and Security

IAM (Identity and Access Management): Controls who can do what in an AWS account. Every user, application, and service gets a specific set of permissions — nothing more.

# IAM concepts:
# User     - A person or application with AWS access
# Group    - A collection of users with shared permissions
# Role     - Permissions assigned to AWS services (e.g., EC2 can read S3)
# Policy   - A JSON document defining what is allowed or denied

Monitoring and Logging

CloudWatch: Monitors AWS resources and applications. Collects metrics, logs, and events. Triggers alarms when thresholds are breached (e.g., CPU above 80%).

CloudTrail: Records every API call made in the AWS account — who did what, when, from where. Critical for security auditing.

Developer and DevOps Services

CodePipeline: AWS-native CI/CD service for automating build, test, and deploy workflows.

CodeBuild: Managed build service that compiles code and runs tests.

ECR (Elastic Container Registry): Private Docker image registry fully integrated with ECS and EKS.

Secrets Manager: Stores and rotates sensitive values like database passwords and API keys — applications retrieve secrets at runtime instead of reading from config files.

AWS VPC Architecture Example

A standard three-tier architecture on AWS:

  • Public Subnet: Load balancer and NAT Gateway. Internet-facing.
  • Private App Subnet: EC2 instances or ECS containers running the application. No direct internet access.
  • Private DB Subnet: RDS database instances. Only accessible from the app subnet.

This separation keeps the database invisible to the public internet, reducing the attack surface significantly.

AWS IAM Best Practices

  • Never use the root account for day-to-day work. Create individual IAM users.
  • Apply the principle of least privilege — grant only the minimum permissions needed.
  • Enable Multi-Factor Authentication (MFA) on all accounts.
  • Use IAM Roles for AWS services (EC2, Lambda) instead of storing access keys.
  • Rotate access keys regularly and audit unused permissions.

Deploying an App to AWS – A DevOps Workflow

  1. Developer pushes code to GitHub.
  2. GitHub Actions pipeline triggers: builds a Docker image and pushes it to ECR.
  3. Pipeline updates the ECS Task Definition with the new image tag.
  4. ECS Service performs a rolling update — replacing old containers with new ones.
  5. An Application Load Balancer sits in front, routing traffic to healthy containers.
  6. CloudWatch monitors the deployment — CPU usage, error rates, response times.
  7. Alerts go to the team's Slack channel if any metric exceeds its threshold.

Multi-Cloud and Hybrid Cloud

Many organizations use multiple cloud providers to avoid vendor lock-in or to take advantage of each provider's strengths. Tools like Terraform support multi-cloud configurations from a single codebase.

ProviderStrengths
AWSWidest service catalog, largest global footprint
AzureDeep Microsoft and enterprise integration, Active Directory
Google CloudBest-in-class Kubernetes (GKE), data analytics, AI/ML

Cost Optimization in the Cloud

  • Right-sizing: Use the smallest instance type that meets performance needs.
  • Reserved Instances / Savings Plans: Commit to 1 or 3 years for up to 72% cost savings vs on-demand.
  • Spot Instances: Use spare AWS capacity at up to 90% discount for fault-tolerant workloads.
  • Auto Scaling: Scale down during off-peak hours automatically.
  • Lifecycle Policies: Automatically move old S3 data to cheaper storage tiers.

Summary

  • Cloud computing provides on-demand, scalable infrastructure without upfront hardware investment.
  • AWS core services for DevOps include EC2, S3, VPC, IAM, RDS, ECS/EKS, CloudWatch, and ECR.
  • IAM enforces least-privilege access — every user and service has only the permissions it needs.
  • Cloud-native CI/CD pipelines (GitHub Actions + ECR + ECS) fully automate application delivery.
  • CloudWatch provides centralized monitoring, logging, and alerting for AWS resources.
Previous lessons
Back to courses
Next lessons

Leave a Comment