Cloud — AWS & Azure

Cloud computing delivers compute, storage, networking, and managed services over the internet. Key benefits: lower cost (pay as you go, no upfront hardware), scalability (scale up/down on demand), reduced latency (deploy closer to users globally), redundancy (distributed globally).


AWS (Amazon Web Services)

A collection of cloud computing services that can work together or independently.

Access methods: Web Console, CLI, SDKs (Python/boto3, Node.js, .NET, etc.)

Core services

ServiceCategoryPurpose
EC2 (Elastic Cloud Compute)ComputeVirtual machines
S3 (Simple Storage Service)StorageObject/file storage
RDS (Relational Database Service)DatabaseManaged SQL databases
Route 53DNSDomain and routing management
LambdaServerlessEvent-driven functions (no server management)
DynamoDBDatabaseManaged NoSQL (key-value)
Elastic BeanstalkPaaSDeploy web apps without managing infrastructure
VPC (Virtual Private Cloud)NetworkingIsolated private network in AWS
CloudFrontCDNGlobal content delivery
CloudWatchMonitoringLogs, metrics, alarms

EC2 setup steps

  1. Choose an AMI (Amazon Machine Image) — OS + software
  2. Select instance type — CPU, memory, network performance (small/medium/large families)
  3. Configure instance — auto scaling, subnet, IAM role
  4. Add storage (EBS volume)
  5. Add tags
  6. Configure security group (firewall rules)
  7. Create or assign key pair for SSH access

Why deploy globally?

  • Reduced latency — servers closer to users
  • Increased redundancy — multiple availability zones survive outages

Azure (Microsoft Cloud)

Microsoft’s cloud platform. Organised into service categories: Compute, Data Storage, Management, Integration, Identity, Networking.

Azure Compute

OptionDescription
Virtual MachinesLinux/Windows VMs, scale sets, availability sets, managed disks
App ServicesManaged web app hosting — framework choice, autoscale, deployment slots, health monitoring
Azure Kubernetes Service (AKS)Managed Kubernetes cluster
Azure Container InstancesRun containers without managing servers
Azure FunctionsServerless — event-driven C# / Python / JS functions
Logic AppsLow-code workflow automation
Event GridEvent-based messaging between services
Service FabricManages distributed microservices infrastructure

Azure Data Storage

ServiceType
Azure SQLManaged SQL Server
PostgreSQL / MySQL / MariaDBManaged open-source relational
Table StorageKey-value NoSQL
Blob StorageObject storage (files, images, backups)
QueuesMessage queue
Redis CacheIn-memory key-value cache
Cosmos DBMulti-model globally distributed NoSQL

Azure Functions

Build a pipeline of small C# functions triggered by events (HTTP, timer, queue message, blob change).

[FunctionName("ProcessOrder")]
public static async Task<IActionResult> Run(
    [HttpTrigger(AuthorizationLevel.Function, "post")] HttpRequest req,
    [Queue("orders")] IAsyncCollector<string> queue,
    ILogger log)
{
    string body = await new StreamReader(req.Body).ReadToEndAsync();
    await queue.AddAsync(body);
    return new OkObjectResult("Queued");
}

Develop in Visual Studio or CLI. Deploy and monitor via Azure Portal.

Azure Identity Management

Identity Provider — Azure Active Directory (Azure AD / Entra ID). Centralised identity for users, apps, and services.

Four pillars of identity:

  1. Authentication — prove who you are
  2. Authorization — what are you allowed to do
  3. Administration — manage identities and policies
  4. Auditing — track who did what

Role assignment: Assign roles via groups, not directly to users (easier to manage at scale).

JIT / JEA (Just-In-Time / Just-Enough-Access):

  • No standing privileges — access is granted on demand and expires
  • Reduces attack surface from compromised accounts
  • Key principle: grant minimum access for minimum time

RBAC (Role-Based Access Control): Permissions assigned to roles, users assigned to roles.


AWS vs Azure quick comparison

FeatureAWSAzure
Virtual machinesEC2Virtual Machines
Serverless functionsLambdaAzure Functions
Object storageS3Blob Storage
Managed KubernetesEKSAKS
Managed SQLRDSAzure SQL
NoSQLDynamoDBCosmos DB
CDNCloudFrontAzure CDN
DNSRoute 53Azure DNS
IdentityIAMAzure AD / Entra ID
MonitoringCloudWatchAzure Monitor

See also