Reference
Ports, regions, free tier limits, CLI commands, and IAM structure — at a glance.
| Port | Protocol | Service |
|---|---|---|
22 | TCP | SSH — remote server access |
80 | TCP | HTTP — web traffic |
443 | TCP | HTTPS — secure web traffic |
3306 | TCP | MySQL / Aurora MySQL |
5432 | TCP | PostgreSQL / Aurora PostgreSQL |
1433 | TCP | Microsoft SQL Server |
6379 | TCP | Redis (ElastiCache) |
11211 | TCP | Memcached (ElastiCache) |
27017 | TCP | MongoDB / DocumentDB |
2049 | TCP | NFS (EFS file system) |
8080 | TCP | HTTP alternate (dev servers) |
8443 | TCP | HTTPS alternate |
| Service | Free Allowance | Duration |
|---|---|---|
| EC2 | 750 hrs/mo t2.micro or t3.micro | 12 months |
| S3 | 5 GB + 20K GET + 2K PUT requests | 12 months |
| RDS | 750 hrs/mo db.t3.micro (20 GB) | 12 months |
| CloudFront | 1 TB transfer + 10M requests | 12 months |
| Lambda | 1M requests + 400K GB-seconds | Always free |
| DynamoDB | 25 GB + 25 WCU + 25 RCU | Always free |
| SNS | 1M publishes | Always free |
| SQS | 1M requests | Always free |
| CloudWatch | 10 metrics + 5 GB logs | Always free |
| Cognito | 50,000 MAU | Always free |
| API Gateway | 1M API calls/mo | 12 months |
| EBS | 30 GB SSD (gp2/gp3) | 12 months |
| Region Code | Location | AZs |
|---|---|---|
us-east-1 | N. Virginia (oldest, most services) | 6 |
us-east-2 | Ohio | 3 |
us-west-1 | N. California | 2 |
us-west-2 | Oregon | 4 |
eu-west-1 | Ireland | 3 |
eu-west-2 | London | 3 |
eu-central-1 | Frankfurt | 3 |
ap-southeast-1 | Singapore | 3 |
ap-southeast-2 | Sydney | 3 |
ap-northeast-1 | Tokyo | 4 |
ap-south-1 | Mumbai | 3 |
sa-east-1 | São Paulo | 3 |
| Element | Purpose | Example |
|---|---|---|
Effect | Allow or Deny | Allow |
Action | What API calls | s3:GetObject |
Resource | Which resources | arn:aws:s3:::my-bucket/* |
Condition | When it applies | IP range, MFA, tag |
Principal | Who gets access | IAM user, role, service |
NotAction | All except these | Deny all but billing |
* wildcard | All actions/resources | s3:* |
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": "arn:aws:s3:::my-bucket/*"
}]
}| Task | Command |
|---|---|
| Configure credentials | aws configure |
| List S3 buckets | aws s3 ls |
| Sync folder to S3 | aws s3 sync ./dist s3://my-bucket --delete |
| List EC2 instances | aws ec2 describe-instances --query 'Reservations[*].Instances[*].{ID:InstanceId,State:State.Name}' |
| Start EC2 instance | aws ec2 start-instances --instance-ids i-1234567890abcdef |
| SSM into instance | aws ssm start-session --target i-1234567890abcdef |
| Run SSM command | aws ssm send-command --instance-ids i-xxx --document-name "AWS-RunShellScript" --parameters 'commands=["uptime"]' |
| List IAM users | aws iam list-users --query 'Users[*].UserName' --output text |
| Get caller identity | aws sts get-caller-identity |
| Invalidate CloudFront | aws cloudfront create-invalidation --distribution-id EXXX --paths "/*" |
| Tail CloudWatch logs | aws logs tail /aws/lambda/my-function --follow |
| Put item in DynamoDB | aws dynamodb put-item --table-name Users --item '{"id":{"S":"1"},"name":{"S":"Alice"}}' |
| Term | What it means |
|---|---|
| Region | Geographic area with multiple data centres |
| AZ | Availability Zone — isolated data centre within a region |
| ARN | Amazon Resource Name — unique ID for every AWS resource |
| IAM Role | Permissions that an AWS service or user can assume temporarily |
| Security Group | Virtual firewall controlling inbound/outbound traffic |
| CIDR | IP range notation — 10.0.0.0/16 = 65,536 IPs |
| Subnet | Segment of a VPC IP range in a single AZ |
| IGW | Internet Gateway — allows VPC traffic to reach the internet |
| NAT Gateway | Lets private subnet instances connect out but not in |
| OAC | Origin Access Control — CloudFront-only S3 access |
| ACM | AWS Certificate Manager — free SSL/TLS certs |
| SLA | Service Level Agreement — AWS uptime guarantee per service |
| If you need to… | Use this |
|---|---|
| Run a web server | EC2 or Elastic Beanstalk |
| Run code without a server | Lambda |
| Store files and images | S3 |
| Store relational data (SQL) | RDS or Aurora |
| Store flexible JSON data | DynamoDB |
| Cache database results | ElastiCache (Redis) |
| Speed up a static website globally | CloudFront + S3 |
| Route a domain name | Route 53 |
| Balance traffic across servers | ALB (Application Load Balancer) |
| Create an HTTP API | API Gateway + Lambda |
| Send emails or SMS | SNS or SES |
| Queue jobs between services | SQS |
| Monitor your resources | CloudWatch |
| Audit API calls | CloudTrail |
| Define infrastructure as code | CloudFormation or CDK |