
Apply three essential perspectives—end users, hackers, and other developers—to design scalable, secure cloud architectures and build production-grade Spring Boot microservices on AWS.
Learn about region, availability zone and edge location concepts in AWS global infrastructure, and see how multiple availability zones and edge caching reduce latency and improve page load times.
Explore AWS EC2, elastic computing cloud, to launch virtual machines with configurable CPU and memory via AMI, and understand on-demand, reserved, dedicated, and spot pricing.
Explore region, availability zone, and edge location terminology, and learn how EC2, auto scaling, and security groups—instance-level firewalls with default deny—enable secure, scalable deployments.
Create and manage an S3 bucket, upload files, and generate pre-signed URLs to securely share objects with time-limited access.
Create a public folder, move the PNG files into it, and update the bucket policy to grant access to PNGs under public. Note that folders are UI illusions.
Explore bucket configuration, versioning, encryption, object lock, and replication in AWS S3, including server-side and customer-provided keys, ownership, and cross-region replication.
The lecture demonstrates creating a single IAM user, testing access with sign-in, observing restricted permissions, and then creating a user group to grant appropriate AWS permissions for EC2 and S3.
Create and manage a developers user group, attach EC2 and instance connect permissions, and enforce least privilege by denying prod ssh via a custom inline policy, while using dev permissions.
Discover how to enable an EC2 instance to access S3 by creating an IAM role, attaching it, and using the AWS CLI for listing and transferring files.
Create an access key and configure AWS credentials to access services with the user’s permissions. If credentials are lost or stolen, deactivate or delete the key and rotate keys regularly.
Never use the AWS root account for daily tasks; enable multi-factor authentication and use an IAM admin user in an administrators group.
Explore creating and configuring an AWS RDS database with single and multi-az options, using Aurora Postgres or MySQL engines, including backups, encryption, and read replicas.
Explore connecting an EC2 instance to an RDS PostgreSQL database on port 5432, configure security groups for inbound Postgres access, and monitor backups, snapshots, logs, and instance resources.
Connect to the RDS Postgres instance using the endpoint, create a database and table, insert and query data, and convert to multi-az deployment or create a read replica.
This aws rds demo shows a read replica with an endpoint in the same region, where reads on the replica and writes on the primary reflect, plus a manual snapshot.
Configure aws ec2 environments by creating a security group, launching four t2 micro instances across two availability zones, and running nginx via docker to serve a simple order.html page.
Configure alb path-based routing, balance load across multiple ec2 targets, and set up health checks for both other service targets and customer service targets.
Configure an Alb listener on port 80 with path-based routing to order and customer service targets, set a default fixed response, and manage rule priorities (1000, 2000) for flexible routing.
Terminate EC2 instances, delete the application load balancer and target groups, and remove security groups to complete the resource cleanup.
Configure a CloudFront distribution by setting the origin (such as S3), TTL, allowed HTTP methods, and security options like HTTPS and WAF, then test with the distribution domain.
Learn to invalidate CloudFront caches via the invalidation tab or APIs to fetch updated index.html from the origin after pushing version 2 to S3.
Configure CloudFront to serve static content from an S3 origin while forwarding API calls to an Application Load Balancer via edge locations, and do not cache API responses.
Explore why multiple path based routing exists in AWS cloud architecture for Java Spring Boot developers, using CloudFront and ALB to route API orders, API customers, or S3.
CloudFront uses edge locations to cache and deliver content, configure distributions with multiple origins and behaviors for each path, and protect apps with edge ssl and a web application firewall.
Explore how a VPC spans multiple availability zones in a region, remains isolated from the public internet, and uses subnets to deploy EC2 instances and databases with controlled traffic.
Explore how the internet gateway provides two-way internet connectivity for a default VPC's public subnets, enabling EC2 instances to host nginx and reach external sites like google.com.
Explain attaching the internet gateway, launching an EC2 instance, and using public versus private IPs to enable SSH and private network communication.
Design a secure aws vpc with private subnets across multiple availability zones, using public subnets only for application load balancer and cloudfront, to keep apps hidden from the internet.
Explore CIDR notation and its role in defining IP blocks for VPCs and subnets, enabling resource allocation, traffic control, and security group and network ACL configurations for EC2.
Delete the default VPC to avoid confusion, then create a custom VPC with two availability zones, two public and four private subnets, tag resources, CIDR blocks, and an internet gateway.
Identify and manage route tables to control traffic within a VPC, distinguishing public and private subnets by routes to an internet gateway and local communication rules.
Explore the challenges of private subnets in a VPC, where instances with public IPs still cannot be accessed from the internet or reach external APIs, and learn fixes.
Explore AWS's shared responsibility model, showing which security duties AWS handles: region, availability zones, edge, and data center security, and which duties customers manage, like encryption and firewall configuration.
Terminate unused instances, delete the nat gateway, release the elastic IP, delete the VPC, and recreate the default VPC to complete resource cleanup.
Configure a multi-az vpc with public subnets for front-end and private subnets for back-end apps, using nat gateways and bastion hosts to secure traffic.
Design a two-microservice Netflix-like app with movie and customer services, exposing get and patch endpoints and DTOs, to demonstrate AWS cloud-native microservices communication and recommendations.
Set up the movie service project with spring initializer, pick maven or gradle, java 21, add web, data jpa, postgres, actuator, and test containers, then generate and import into ide.
Create a movie domain with an enum genre stored as string, a movie entity and repository, and a movie dto with a mapper to convert entities for presentation.
Set up integration tests with test containers and service connection annotation to auto-create a Postgres container; initialize a movie table with init db sql script in AWS CI/CD using ECR.
Create a customer service with a table (id, name, favorite genre) and an api returning customer data and recommended movies from movie service, plus patch endpoint to update favorite genre.
Explain how to handle missing customers with a customer not found exception, controller advice, and a problem detail response returning 404 not found in a Spring Boot API.
Design integration tests for the customer service with actuator checks using a mocked movie client, validating get by id returns a customer with two recommended movies, and patch genre updates.
Run end-to-end tests locally by starting Postgres with docker compose and launching movie and customer services, then verify postman requests for list and genre filters, customer updates, and not-found errors.
Don’t just write Java code - Architect the Cloud that runs it.
What makes this course different?
This course is not just a list of AWS services; This course is tailored specifically for Java Spring Boot Developers. We focus on the exact tools, services, and architectural patterns you need to deploy containerized Java applications successfully. It is a comprehensive journey that takes you from "running locally" to deploying highly available, fault-tolerant, and secure applications on the world's leading cloud platform.
No prior AWS experience is required. We start with the absolute fundamentals and build you up to a cloud architect level, step-by-step.
What you will master:
Serverless Container Orchestration: Stop managing virtual machines! Learn to Dockerize your Spring Boot apps and deploy them using AWS ECS Fargate (Serverless) for maximum efficiency and scalability.
Modern CI/CD Pipelines: Say goodbye to manual deployments. We will build a full "Commit-to-Production" pipeline using AWS CodeCommit / GitHub, CodeBuild, and CodePipeline to achieve automated Rolling Updates with Zero-Downtime.
Banking-Grade Security: Learn to lock down your infrastructure. We dive deep into IAM, Security Groups, and private networking to protect your resources from hackers.
Enterprise Networking: Demystify the "scary" parts of AWS networking. You will build custom VPCs, Subnets, NAT Gateways, and Route Tables from scratch to understand exactly how traffic flows securely.
High Availability & Scaling: Sleep soundly knowing your app won't crash. Master Auto Scaling Groups and Application Load Balancers (ALB) to handle traffic spikes dynamically.
Global Performance: Accelerate your application for users worldwide using CloudFront (CDN) and manage custom domains with Route 53.
Data & Storage: Integrate your apps with AWS RDS for relational data and S3 for object storage.
By the end of this course, you will be able to:
Architect secure and scalable cloud infrastructure from scratch.
Containerize Java Spring Boot applications for the cloud.
Automate your workflow with modern CI/CD pipelines.
Deploy confidently with strategies that ensure high availability.
Speak the language of Cloud Architecture in your next interview.