Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
Mastering AWS Cloud Operations: Cost, Monitoring & Account Management Essentials
My AWS Cloud Operations Learning Journey (Cost, Monitoring, and More)
I’ve recently started learning AWS. I’m sharing these notes to help myself remember what I’ve learned and also to make it easier for others to follow along. I’ve summarized each topic from today’s training in a simple but detailed way.
What is the WA Framework?
The AWS Well-Architected Framework is a guide created by AWS to help design secure, high-performing, resilient, and cost-efficient systems in the cloud.
6 Pillars of the WA Framework:
| Pillar | Description |
|---|---|
| Operational Excellence | Continuous monitoring, automation, and improvement |
| Security | Access control, encryption, secure architecture |
| Reliability | Systems that can withstand failures |
| Performance Efficiency | Scalable and optimized resource usage |
| Cost Optimization | Remove unused resources, pay-as-you-go |
| Sustainability | Energy-efficient, environmentally friendly design |
What is the WA Tool?
A free tool that scans your architecture based on these principles and shows areas for improvement.
I can see this being really helpful when designing infrastructure in real-world projects.
AWS Cost Management
AWS Payment Models
| Model | Best For |
|---|---|
| On-Demand | Short-term use, testing, unpredictable workloads |
| Reserved | Long-term use (1–3 years), stable workloads |
| Spot | Best price-performance but can be interrupted |
TCO (Total Cost of Ownership)
Helps you compare the cost of running services on AWS versus managing your own servers.
Cost Management Console
Track spending, create budgets, set up alerts.
Very useful for avoiding surprise bills.
AWS Account Management
Support Plans
| Plan | What You Get |
|---|---|
| Basic | Free, documentation access only |
| Developer | Technical support via email |
| Business | Phone support + technical guidance |
| Enterprise | Dedicated TAM + architectural help |
Tagging
Add tags to resources to manage them more easily.
Example: project=shift-planner, env=dev, owner=ali
Trusted Advisor
Offers suggestions for cost, security, performance, and unused resources.
(Full access requires a Business support plan.)
AWS Health Dashboard
Shows regional or global AWS service issues in real time.
Additional AWS Cloud Operation Services
AWS has powerful tools for monitoring, managing, and automating your infrastructure. These aren’t just for large-scale systems — even small projects benefit from them. Here’s how they work:
Amazon CloudWatch – Monitoring and Alarms
CloudWatch collects metrics (CPU, disk IO, network), logs, and custom data from your AWS resources.
Use Cases:
- Want to know if EC2 CPU stays above 90%? → Set an alarm.
- Track execution time of Lambda functions.
- Manage app logs centrally.
Example:
If your shift planner app’s EC2 instance exceeds 80% CPU, CloudWatch can notify you by email.
AWS CloudTrail – “Who Did What and When?”
CloudTrail logs every API call (via console, SDK, CLI) made in your AWS account.
Why It Matters:
- Who deleted an S3 bucket?
- Which IAM role accessed an RDS database?
- Track down misconfigurations easily.
Perfect for security audits and compliance (ISO, GDPR, etc.).
AWS Systems Manager (SSM) – Remote EC2 Management
Systems Manager allows centralized control of EC2 and hybrid environments.
Key Features:
- Session Manager: Access EC2 instances via browser, no SSH keys
- Run Command: Send scripts to 100+ EC2s at once
- Patch Manager: Apply OS patches automatically
- Inventory: View hardware/software across all resources
Why It’s Important:
No SSH keys = less risk of leaks.
SSM provides secure, keyless access.
Example:
Schedule a nightly script to delete old logs across all EC2s at 3 AM.
AWS Config – Resource History & Compliance
Config records the history of AWS resources and checks if they comply with your defined rules.
Use Cases:
- Require all S3 buckets to be encrypted → Get alerted if not
- See when an EC2 was launched, which security groups were added
Great for compliance auditing and change tracking.
Amazon EventBridge – Automated Event Triggers
(EventBridge was formerly known as CloudWatch Events.)
Lets you automate reactions to AWS events.
Example Scenarios:
| Event | Triggered Action |
|---|---|
| File uploaded to S3 | Run a Lambda function |
| EC2 launched | Notify admin via SNS |
| Suspicious API call in CloudTrail | Trigger CloudWatch alarm |
You can build smart, reactive systems without writing full apps.
AWS Organizations – Multi-Account Management
Organizations allows centralized management of multiple AWS accounts — great for teams or large projects.
Benefits:
- Separate accounts for dev/test/prod → better security
- Unified billing → easier cost tracking
- Apply Service Control Policies (SCPs) to restrict actions
Example:
For your shift planner app, you could have separate accounts for testing and production, and block internet access from the test environment.
These tools aren’t just “nice extras” — they are essential for building and managing solid cloud systems. Even for small projects, skipping CloudWatch or SSM can make things harder to maintain.
Real-World Scenario
I plan to deploy my shift planner app on AWS.
Example setup:
- EC2 – Web frontend/backend
- RDS – Database (MySQL or PostgreSQL)
- CloudWatch – Monitoring and alerts
- CloudTrail – API activity tracking
- Systems Manager – Central EC2 control
- AWS Organizations – Separate environments
What I Learned Today
Today’s training made me realize cloud infrastructure isn’t just about spinning up services — it’s also about cost, management, and observability.
I used to think “if it runs, it’s fine,” but now I see that things like monitoring, cost control, and security are just as important as the app itself.
A Small Warning for New Learners
I’ve been following AWS Skill Builder trainings for about 3–4 days, but I hadn’t earned any badges.
Today, I contacted AWS Support and found out why: I was watching the videos with German subtitles, and the system didn’t count them!
If you want to earn badges, make sure you switch the language to English at the beginning of your training.
Don’t repeat my mistake.
I wrote this post both as a way to solidify what I’ve learned and as a quick reference for myself.
Deploying something on AWS isn’t just about learning the services — it’s about connecting them the right way, monitoring them, and keeping things efficient.
I’m currently working on a shift planning project and plan to build it entirely on AWS. These notes will serve as my foundation.
If you’re on a similar path, I hope this guide helps you too.