Complete AWS DevOps Tutorial with Usage Examples

1. What is AWS DevOps?

AWS DevOps refers to the practice of leveraging Amazon Web Services (AWS) tools and services to implement DevOps methodologies. DevOps is a set of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity. AWS provides a rich suite of purpose-built services that simplify, automate, and scale various stages of the DevOps lifecycle, from code commit to deployment, monitoring, and operations.

By using AWS for DevOps, organizations can achieve:

• Faster Release Cycles: Automate manual tasks and accelerate development workflows.
• Improved Reliability: Ensure consistent environments and robust deployments.
• Enhanced Collaboration: Break down silos between development and operations teams.
• Cost Efficiency: Optimize resource utilization with flexible cloud infrastructure.
• Scalability: Easily scale applications and infrastructure to meet demand.

2. AWS DevOps Pillars

AWS's approach to DevOps is built around several key pillars, which align with the general DevOps principles:

• Continuous Integration (CI): Automating the merge and test of code changes. (AWS CodeCommit, CodeBuild, CodePipeline)
• Continuous Delivery (CD): Automating the release process, ensuring software can be reliably released at any time. (AWS CodeDeploy, CodePipeline)
• Microservices: Architecting applications as loosely coupled services. (AWS Lambda, ECS, EKS)
• Infrastructure as Code (IaC): Provisioning and managing infrastructure using code. (AWS CloudFormation, AWS CDK)
• Monitoring and Logging: Gaining deep visibility into application and infrastructure performance. (Amazon CloudWatch, AWS X-Ray, Amazon Kinesis)
• Communication and Collaboration: Fostering teamwork across the software delivery lifecycle. (Integrations with third-party tools)

3. Getting Started with AWS

A. Create an AWS Account:

Go to aws.amazon.com and click "Create an AWS Account."

B. The AWS Management Console:

This is the web-based interface for managing your AWS resources. This tutorial will primarily use the Console GUI.

# Access: https://aws.amazon.com/console/

Upon logging in, you'll see the **AWS Management Console Home** page. Use the search bar to quickly find services.

4. Version Control (AWS CodeCommit)

AWS CodeCommit is a fully managed source control service that hosts secure Git-based repositories. It eliminates the need to operate your own source control system and scales seamlessly.

Usage Example: Create a CodeCommit Repository (GUI):

1. Navigate to CodeCommit:

   AWS Management Console > Search for "CodeCommit" > Select CodeCommit under Services

2. Create a Repository:
   • In the left navigation pane, click **Repositories** > **Create repository**.
   • Repository name: Enter a unique name (e.g., `my-devops-app-repo`).
   • Description: (Optional) `Source code for my demo application.`
   • Click **Create**.
3. Clone and Push Code:
   • After creation, you'll see instructions to connect. Click **Clone URL** and select `HTTPS Git credentials` or `SSH`.
   • Follow the instructions to set up Git credentials (IAM users can generate HTTPS Git credentials) or SSH keys.
   • Example commands (after setting up credentials):

     git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-devops-app-repo
     cd my-devops-app-repo
     echo "Hello from AWS DevOps!" > README.md
     git add .
     git commit -m "Initial commit"
     git push origin main # Push to 'main' branch

5. Continuous Integration (AWS CodeBuild)

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. You don't need to provision or scale build servers.

Usage Example: Create a CodeBuild Project (GUI):

This example assumes you have a sample application (e.g., a simple Node.js app with `package.json` and a `buildspec.yml` in its root) in your CodeCommit repository.

# buildspec.yml (example for a Node.js project)
version: 0.2
phases:
  install:
    commands:
      - echo "Installing dependencies..."
      - npm install
  build:
    commands:
      - echo "Running tests..."
      - npm test
      - echo "Building application..."
      - npm run build
  post_build:
    commands:
      - echo "Build complete. Archiving artifacts..."
artifacts:
  files:
    - '**/*' # Archive all files from the build output directory (e.g., 'dist/', 'build/')
  discard-paths: no

1. Navigate to CodeBuild:

   AWS Management Console > Search for "CodeBuild" > Select CodeBuild under Services

2. Create Build Project:
   • Click **Create build project**.
   • Project configuration:
     • Project name: (e.g., `my-app-build-project`).
   • Source:
     • Source provider: `AWS CodeCommit`.
     • Repository: Select your `my-devops-app-repo`.
     • Branch: `main` (or the branch with your code).
   • Environment:
     • Managed image: `Operating system` (e.g., `Ubuntu`), `Runtime(s)` (e.g., `Standard`), `Image` (e.g., `aws/codebuild/standard:5.0`).
     • Service role: Select "New service role" (CodeBuild will create one with necessary permissions).
   • Buildspec:
     • Select "Use a buildspec file".
     • Buildspec name: `buildspec.yml` (default, assuming file is in root).
   • (Optional) Configure artifacts, logs, batch configuration.
   • Click **Create build project**.
3. Start a Build:
   • On the project's detail page, click **Start build**.
   • You can monitor the build status, phases, and view detailed build logs.

6. Continuous Delivery (AWS CodeDeploy)

AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances, AWS Fargate, AWS Lambda, and on-premises servers. It makes it easier to rapidly release new features, helps avoid downtime during deployment, and handles the complexity of updating applications.

Usage Example: Deploy to EC2 (GUI):

This assumes you have an EC2 instance running (e.g., `t2.micro` Amazon Linux) with the CodeDeploy agent installed and configured. Your application code (e.g., a simple `index.html`) and an `appspec.yml` file should be in your CodeCommit repo.

# appspec.yml (example for an EC2 deployment)
version: 0.0
os: linux
files:
  - source: /index.html       # Path in the application revision bundle
    destination: /var/www/html # Destination path on the EC2 instance
permissions:
  - object: /var/www/html
    pattern: "**"
    owner: root
    group: root
hooks:
  BeforeInstall: # Script to run before installing application files
    - location: scripts/install_dependencies.sh # Assume a script in 'scripts' folder
      timeout: 300
      runas: root
  AfterInstall: # Script to run after installing application files
    - location: scripts/start_server.sh
      timeout: 300
      runas: root

And create a `scripts` folder with `install_dependencies.sh` (e.g., `sudo yum install -y httpd`) and `start_server.sh` (e.g., `sudo systemctl start httpd && sudo systemctl enable httpd`).

1. Prepare IAM Role for CodeDeploy:
   • Service Role: CodeDeploy needs an IAM service role that allows it to access EC2 instances.

     AWS Console > IAM > Roles > Create role > AWS service > CodeDeploy > CodeDeploy. Click "Next" > Create role.

   • EC2 Instance Profile Role: EC2 instances need a role to communicate with CodeDeploy.

     AWS Console > IAM > Roles > Create role > AWS service > EC2 > Attach policy `AmazonEC2RoleforAWSCodeDeploy` > Create role. Attach this role to your EC2 instance.

2. Navigate to CodeDeploy:

   AWS Management Console > Search for "CodeDeploy" > Select CodeDeploy under Services

3. Create Application:
   • In the left navigation pane, click **Applications** > **Create application**.
   • Application name: (e.g., `MyWebApp`).
   • Compute platform: `EC2/On-premises`.
   • Click **Create application**.
4. Create Deployment Group:
   • On the application's page, click **Create deployment group**.
   • Deployment group name: (e.g., `ProductionWebServers`).
   • Service role: Select the CodeDeploy service role you created.
   • Deployment type: `In-place`.
   • Environment configuration: Select `Amazon EC2 instances`. Use tags (e.g., `Name: CodeDeployDemo`) to identify your EC2 instance(s).
   • Deployment settings: Choose a deployment configuration (e.g., `CodeDeployDefault.AllAtOnce`).
   • (Optional) Disable Load Balancer, configure Rollbacks.
   • Click **Create deployment group**.
5. Create Deployment:
   • On the deployment group's page, click **Create deployment**.
   • Revision type: `GitHub` (if your source is there) or `Amazon S3` (if CodeBuild puts output here) or `CodeCommit`. For this example, choose `CodeCommit`.
   • Repository name: Select `my-devops-app-repo`.
   • Commit ID: Select the latest commit ID for your application code.
   • Click **Create deployment**.
   • Monitor the deployment status in the CodeDeploy console.

7. CI/CD Orchestration (AWS CodePipeline)

AWS CodePipeline is a fully managed continuous delivery service that automates your release pipelines for fast and reliable application and infrastructure updates. It orchestrates the entire workflow from source code changes through build, test, and deployment.

Usage Example: Create a Complete CI/CD Pipeline (GUI):

This example connects CodeCommit (source) > CodeBuild (build/test) > CodeDeploy (deploy to EC2). Ensure you have a CodeCommit repo, a CodeBuild project, and a CodeDeploy application/deployment group configured as per previous sections.

1. Navigate to CodePipeline:

   AWS Management Console > Search for "CodePipeline" > Select CodePipeline under Services

2. Create Pipeline:
   • Click **Create pipeline**.
   • Choose pipeline settings:
     • Pipeline name: (e.g., `MyWebApp-CICD-Pipeline`).
     • Service role: Select "New service role" (CodePipeline will create one with necessary permissions).
     • (Optional) Advanced settings.
   • Click **Next**.
   • Source stage:
     • Source provider: `AWS CodeCommit`.
     • Repository name: Select `my-devops-app-repo`.
     • Branch name: `main`.
     • Change detection options: `AWS CodePipeline` (recommended).
     • Output artifact format: `CodePipeline default`.
   • Click **Next**.
   • Build stage:
     • Build provider: `AWS CodeBuild`.
     • Project name: Select `my-app-build-project`.
     • Build type: `Single build`.
   • Click **Next**.
   • Deploy stage:
     • Deploy provider: `AWS CodeDeploy`.
     • Application name: Select `MyWebApp`.
     • Deployment group: Select `ProductionWebServers`.
   • Click **Next**.
   • Review: Review your pipeline configuration.
   • Click **Create pipeline**.
3. Monitor Pipeline Execution:
   • The pipeline will automatically start its first execution.
   • Monitor the status of each stage in the CodePipeline console.
   • Click on a stage to see details or link to CodeBuild/CodeDeploy logs.
4. Triggering the Pipeline: Any new `git push` to your CodeCommit repository's `main` branch will automatically trigger this pipeline.

8. Infrastructure as Code (AWS CloudFormation)

AWS CloudFormation allows you to model your entire AWS infrastructure (e.g., EC2 instances, VPCs, databases, load balancers) as code using JSON or YAML templates. It automates the provisioning and updating of resources in a predictable manner.

Usage Example: Create an EC2 Web Server with CloudFormation (GUI):

Create a file named `webserver-template.yaml` locally:

# webserver-template.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: Creates an EC2 instance with a security group for a web server.

Parameters:
  InstanceType:
    Description: WebServer EC2 instance type
    Type: String
    Default: t2.micro
    AllowedValues: [t2.micro, t2.small, t2.medium]
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access
    Type: AWS::EC2::KeyPair::KeyName
  LatestAmiId:
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image.Id>'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

Resources:
  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH and HTTP access
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0 # WARNING: Restrict to your IP in production!
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0 # WARNING: Restrict as needed in production!
      Tags:
        - Key: Name
          Value: WebServerSG

  WebServerInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref LatestAmiId
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      SecurityGroupIds:
        - !GetAtt WebServerSecurityGroup.GroupId
      UserData:
        Fn::Base64: |
          #!/bin/bash
          sudo yum update -y
          sudo yum install -y httpd
          sudo systemctl start httpd
          sudo systemctl enable httpd
          echo "
Hello from CloudFormation!
" | sudo tee /var/www/html/index.html
      Tags:
        - Key: Name
          Value: CloudFormationWebServer

Outputs:
  WebServerPublicDNS:
    Description: Public DNS name of the web server
    Value: !GetAtt WebServerInstance.PublicDnsName
  WebServerPublicIP:
    Description: Public IP address of the web server
    Value: !GetAtt WebServerInstance.PublicIp

1. Navigate to CloudFormation:

   AWS Management Console > Search for "CloudFormation" > Select CloudFormation under Services

2. Create Stack:
   • Click **Create stack** > **With new resources (standard)**.
   • Specify template: Choose "Upload a template file" and upload your `webserver-template.yaml`.
   • Click **Next**.
   • Specify stack details:
     • Stack name: (e.g., `MyWebServerStack`).
     • Parameters: Provide values for `InstanceType` (e.g., `t2.micro`) and `KeyName` (select your existing EC2 key pair).
   • Click **Next**.
   • Configure stack options: (Optional, e.g., tags, IAM role). Click **Next**.
   • Review: Review details. Check "I acknowledge that AWS CloudFormation might create IAM resources." (This template implicitly uses IAM for service roles, though not explicit IAM resources directly).
   • Click **Submit**.
3. Monitor & Delete:
   • Monitor the stack status. Once "CREATE_COMPLETE", go to the "Outputs" tab to find the Public IP/DNS.
   • To delete all resources, select the stack and click **Delete**.

9. Containerization & Orchestration

AWS provides services for building, storing, and running containerized applications.

A. Amazon ECR (Elastic Container Registry) - GUI Usage:

A fully managed Docker container registry that makes it easy to store, manage, share, and deploy your container images.

1. Navigate to ECR:

   AWS Management Console > Search for "ECR" > Select Elastic Container Registry under Services

2. Create Repository:
   • Click **Create repository**.
   • Visibility settings: `Private`.
   • Repository name: (e.g., `my-app-images`).
   • Click **Create repository**.
3. Push Image: After creation, click on your repository name > **View push commands**. Follow the instructions to tag and push your local Docker images (e.g., `my-node-app:1.0` from earlier Docker section) to ECR.

B. Amazon ECS (Elastic Container Service) & AWS Fargate - GUI Usage:

A fully managed container orchestration service that makes it easy to run, stop, and manage Docker containers. AWS Fargate is a serverless compute engine for ECS that removes the need to provision and manage servers.

1. Navigate to ECS:

   AWS Management Console > Search for "ECS" > Select Elastic Container Service under Services

2. Create Cluster:
   • In the left pane, click **Clusters** > **Create Cluster**.
   • Select **Fargate (Serverless)**.
   • **Cluster name:** (e.g., `my-fargate-cluster`).
   • Click **Create**.
3. Create Task Definition:
   • In the left pane, click **Task Definitions** > **Create new task definition**.
   • Launch type compatibility: `Fargate`. Click **Next Step**.
   • Task Definition Name: (e.g., `my-app-task`).
   • Task Role: Select "Create new role".
   • Task execution role: Select "Create new role".
   • Task memory & CPU: Select appropriate values (e.g., `0.5GB`, `0.25 vCPU`).
   • Add container:
     • Container name: (e.g., `my-web-container`).
     • Image: Enter the ECR image URI (e.g., `<YOUR_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/my-app-images:latest`).
     • Port mappings: (e.g., `80` TCP).
   • Click **Add** > **Create**.
4. Create Service (Deploy Task):
   • In the left pane, click **Clusters**. Select `my-fargate-cluster`.
   • On the "Services" tab, click **Create**.
   • Launch type: `Fargate`.
   • Task Definition: Select `my-app-task`.
   • Service name: (e.g., `my-app-service`).
   • Number of desired tasks: (e.g., `1`).
   • Networking: Select your VPC, subnets. Choose to assign a **Public IP** if public access is needed.
   • Click **Create Service**.
5. Access: Once the service is running, find its public IP or integrate with an Application Load Balancer.

C. Amazon EKS (Elastic Kubernetes Service) - GUI Usage:

A fully managed Kubernetes service that makes it easy to run Kubernetes on AWS.

1. Navigate to EKS:

   AWS Management Console > Search for "EKS" > Select Amazon Elastic Kubernetes Service under Services

2. Create Cluster:
   • Click **Add cluster** > **Create**.
   • Configure cluster:
     • Name: (e.g., `my-eks-cluster`).
     • Kubernetes version: Select a version.
     • Cluster service role: Select "Create an IAM role for this cluster".
     • Configure networking (VPC, subnets, security groups).
   • Click **Create**. (Cluster creation can take 10-15 minutes).
3. Add Node Group:
   • Once the cluster is created, go to the cluster detail page > **Compute** tab > **Add node group**.
   • Configure name, instance type, desired size, scaling.
   • This creates EC2 instances that will run your Kubernetes pods.
4. Deploy Application: After the cluster and node group are ready, you typically use `kubectl` (configured locally or via CloudShell) to deploy your Kubernetes manifests (Deployments, Services, etc.).

10. Serverless (AWS Lambda, API Gateway)

AWS offers powerful serverless compute and API management services.

A. AWS Lambda - GUI Usage:

Runs code without provisioning or managing servers. You pay only for the compute time consumed.

1. Navigate to Lambda:

   AWS Management Console > Search for "Lambda" > Select Lambda under Services

2. Create Function:
   • Click **Create function**.
   • Choose **Author from scratch**.
   • Function name: (e.g., `MyHelloWorldLambda`).
   • Runtime: (e.g., `Python 3.9`, `Node.js 18`).
   • Architecture: `x86_64` (default).
   • Permissions: Select "Create a new role with basic Lambda permissions" (allows logging to CloudWatch).
   • Click **Create function**.
3. Write Code:
   • In the "Code" tab, use the inline code editor to write or paste your function code.

     # For Python
     import json
     
     def lambda_handler(event, context):
         return {
             'statusCode': 200,
             'body': json.dumps('Hello from Lambda!')
         }

   • Click **Deploy**.
4. Test:
   • Click the **Test** tab.
   • Configure a test event (e.g., select `hello-world` template).
   • Click **Test**. View the execution results and logs.

B. Amazon API Gateway - GUI Usage:

A fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.

1. Navigate to API Gateway:

   AWS Management Console > Search for "API Gateway" > Select API Gateway under Services

2. Create API:
   • Click **Build** under "REST API".
   • Choose "New API".
   • API name: (e.g., `MyLambdaAPI`).
   • Click **Create API**.
3. Create Method & Integrate with Lambda:
   • Click **Actions** > **Create Method** (e.g., `GET`).
   • Integration type: `Lambda Function`.
   • Lambda Function: Enter your Lambda function name (e.g., `MyHelloWorldLambda`).
   • Click **Save**. When prompted, click **OK** to grant API Gateway permissions to invoke your Lambda function.
4. Deploy API:
   • Click **Actions** > **Deploy API**.
   • Deployment stage: `[New Stage]`.
   • Stage name: (e.g., `prod` or `dev`).
   • Click **Deploy**.
5. Test: The "Stage Editor" page will display the **Invoke URL**. Access this URL in your browser to test your Lambda function via API Gateway.

11. Configuration Management (AWS Systems Manager)

AWS Systems Manager (SSM) gives you visibility and control over your AWS infrastructure. It helps automate operational tasks like patching, running commands, and managing configurations across EC2 instances and on-premises servers.

Usage Example: Run Command on EC2 Instance (GUI):

This assumes you have an EC2 instance with the SSM Agent installed (default on Amazon Linux 2, Ubuntu Server, Windows Server) and an IAM instance profile attached that grants `AmazonSSMManagedInstanceCore` permissions.

1. Navigate to Systems Manager:

   AWS Management Console > Search for "Systems Manager" > Select Systems Manager under Services

2. Run Command:
   • In the left navigation pane, under "Node Management", click **Run Command**.
   • Click **Run command**.
   • Command document: Search for and select `AWS-RunShellScript` (for Linux) or `AWS-RunPowerShellScript` (for Windows).
   • Commands: In the "Command parameters" section, enter a shell command (e.g., `ls -l /tmp`).
   • Targets: Select your EC2 instance(s).
   • (Optional) Configure output to S3/CloudWatch Logs.
   • Click **Run**.
3. View Results: Monitor the command status. Once "Success," click on the **Command ID** and then the **Output** tab to see the command's results.

12. Monitoring, Logging, & Observability

Crucial for understanding application performance, infrastructure health, and troubleshooting issues in a DevOps environment.

A. Amazon CloudWatch - GUI Usage:

Monitors your AWS resources and the applications you run on AWS in real-time. Collects metrics, logs, and sets alarms.

1. Navigate to CloudWatch:

   AWS Management Console > Search for "CloudWatch" > Select CloudWatch under Services

2. Explore Metrics:
   • In the left navigation pane, click **Metrics** > **All metrics**.
   • Explore metrics by AWS service (e.g., `EC2 > Per-Instance Metrics` to see CPU Utilization, Network In/Out for your VMs).
3. Create Alarms:
   • In the left navigation pane, click **Alarms** > **Create alarm**.
   • Select metric: Choose a metric (e.g., `EC2 > CPU Utilization` for a specific instance).
   • Specify metric and conditions: Define a **Threshold type** (e.g., `Static`) and a **Threshold value** (e.g., `> 80%`).
   • Configure actions: Choose what happens when the alarm state is reached (e.g., `Send a notification to an SNS topic`).
   • Click **Create alarm**.
4. View Logs:
   • In the left navigation pane, click **Logs** > **Log groups**.
   • Explore log groups created by Lambda, CodeBuild, or EC2 instances (if CloudWatch agent is installed).

B. AWS X-Ray - GUI Usage:

Helps developers analyze and debug distributed applications, such as those built using microservices. It provides an end-to-end view of requests as they travel through your application.

1. Navigate to X-Ray:

   AWS Management Console > Search for "X-Ray" > Select AWS X-Ray under Services

2. Explore Service Map: After enabling X-Ray in your application (requires SDK integration), the Service Map will visually represent the components of your application and the connections between them, highlighting latency and errors.
3. Traces: View detailed request traces, showing how much time is spent in each service or component.

13. Security & Compliance

Integrating security throughout the DevOps lifecycle (DevSecOps) is critical.

A. AWS Security Hub - GUI Usage:

Provides a comprehensive view of your security alerts and security posture across your AWS accounts, aggregating findings from various AWS security services and partner products.

1. Navigate to Security Hub:

   AWS Management Console > Search for "Security Hub" > Select Security Hub under Services

2. Enable Security Hub:
   • Click **Go to Security Hub**.
   • Choose your regions and select desired security standards (e.g., AWS Foundational Security Best Practices).
   • Click **Enable Security Hub**.
3. Review Findings: The "Summary" and "Findings" dashboards will display security findings from integrated services.

B. AWS Config - GUI Usage:

Provides a detailed view of the configuration of AWS resources in your account. It continuously monitors and records AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

1. Navigate to Config:

   AWS Management Console > Search for "Config" > Select AWS Config under Services

2. Get Started:
   • Click **Get started**.
   • Choose "Record all resources" (recommended for full visibility).
   • Select "AWS Config service-linked role" or create a new one.
   • Click **Continue**.
3. Add Rules:
   • In the left navigation pane, click **Rules** > **Add rule**.
   • Search for managed rules (e.g., `s3-bucket-public-read-prohibited`, `ec2-instance-no-public-ip`).
   • Select the rule, configure parameters, and choose scope.
   • Click **Add rule**.
4. Monitor Compliance: The AWS Config dashboard shows the compliance status of your resources against the configured rules.

14. Cost Management & Optimization

DevOps practices aim to optimize costs by right-sizing resources and automating cleanup.

A. AWS Cost Explorer - GUI Usage:

Helps you visualize, understand, and manage your AWS costs and usage over time.

1. Navigate to Cost Explorer:

   AWS Management Console > Search for "Cost Explorer" > Select Cost Explorer under Services

2. Launch Cost Explorer: Click **Launch Cost Explorer**.
3. Explore Reports:
   • View default reports (e.g., "Monthly costs by service").
   • Apply filters (e.g., by Service, Region, Tag) and group by different dimensions (e.g., `Service`, `Usage type`, `Tag`).
4. Budgets:
   • In the left navigation pane, click **Budgets** > **Create budget**.
   • Choose budget type (e.g., `Cost budget`). Define your budget amount and period.
   • Configure **Alerts** to notify you when actual or forecasted costs exceed thresholds.

B. Cost Optimization Strategies (DevOps Context):

• Right-Sizing: Monitor resource utilization with CloudWatch and adjust EC2 instance types, RDS sizes, etc., to match actual needs.
• Automated Cleanup: Use Lambda functions, Systems Manager, or CloudFormation to automatically terminate unused resources (e.g., dev/test environments after hours).
• Spot Instances: For fault-tolerant CI/CD jobs or batch processing, use EC2 Spot Instances for significant savings.
• Serverless (Lambda, Fargate, S3): Pay only for consumption, often more cost-effective for intermittent workloads.
• Lifecycle Policies (S3): Transition old S3 data to cheaper storage classes (Glacier) or delete it automatically.

15. Best Practices (AWS Well-Architected Framework)

The AWS Well-Architected Framework provides guidance for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It's built around six pillars:

• Operational Excellence: Automate changes, respond to events, define standards.
• Security: Protect data and systems, manage user permissions, detect security events.
• Reliability: Design for recovery from failure, automatically recover, scale horizontally.
• Performance Efficiency: Use computing resources efficiently, select right resource types, monitor performance.
• Cost Optimization: Avoid unnecessary costs, select right resources, scale to meet needs without overspending.
• Sustainability: Minimize environmental impacts by maximizing utilization and reducing resource needs.

DevOps Specific Best Practices on AWS:

• Automate Everything: Use AWS Code* services to automate CI/CD, CloudFormation for IaC, Lambda for event-driven automation.
• Implement Pipelines: Use CodePipeline as the central orchestrator for your CI/CD workflows.
• Version Control All the Things: Store application code (CodeCommit), infrastructure definitions (CloudFormation), and pipeline definitions (CodePipeline) in Git.
• Monitor and Alarm: Use CloudWatch for comprehensive monitoring, logging, and alarming. Integrate with external tools if needed.
• Shift Security Left: Integrate security tools (e.g., CodeGuru, Inspector, Security Hub, WAF) into your pipeline stages.
• Containerize Applications: Use Docker with ECR, ECS, or EKS for consistent and scalable deployments.
• Adopt Serverless: Leverage Lambda and API Gateway for event-driven architectures to reduce operational overhead.
• Implement Continuous Testing: Integrate automated unit, integration, and E2E tests into CodeBuild/CodePipeline stages.
• Enable Telemetry and Tracing: Use X-Ray for distributed tracing to identify performance bottlenecks.
• Practice Blameless Post-Mortems: Learn from incidents and improve processes.