HomeDeploy to AWSDay 1
Day 1 of 5
⏱ ~60 minutes
Deploy to AWS — Day 1

AWS Foundations — IAM, Regions, and the CLI

Get oriented in AWS: understand IAM users, roles, and policies; set up the AWS CLI; and configure your first environment.

Why AWS for AI Apps

AWS is where production AI runs. S3 stores your training data and model artifacts. App Runner deploys your API containers. RDS holds your application data. Once you learn the core services, everything else becomes configuration.

This course teaches the services you'll actually use: IAM, S3, App Runner, RDS, Route 53, ACM, and CloudFront. No certifications, no theory — just deployments.

IAM: Identity and Access Management

IAM controls who can do what in your AWS account. Every API call requires credentials from either a user or a role. Get this wrong and you either lock yourself out or create a security hole.

Create an IAM User for the CLI

⚠️
Never use root credentials for CLI work. Create an IAM user with programmatic access and attach only the permissions it needs.

Go to IAM → Users → Create User. Give it a name like cli-user, enable programmatic access, and attach the policies you need. For this course: AmazonS3FullAccess, AWSAppRunnerFullAccess, AmazonRDSFullAccess, AmazonECR_FullAccess.

Install and Configure the AWS CLI

Terminal
# Install (macOS)
brew install awscli

# Install (Linux)
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip && sudo ./aws/install

# Configure
aws configure

Enter your Access Key ID, Secret Access Key, default region (use us-east-1 to start), and output format (json).

Terminal — Verify setup
aws sts get-caller-identity
# Should return your account ID and user ARN

aws s3 ls
# Lists your S3 buckets (empty for new accounts)

Understanding Regions

AWS runs in ~30 regions worldwide. Each region is isolated — resources in us-east-1 are not visible from eu-west-1. Choose a region and stay consistent. For US customers, us-east-1 (N. Virginia) has the most services and lowest latency to the internet backbone.

💡
Set a default region. Add export AWS_DEFAULT_REGION=us-east-1 to your shell profile so you don't have to pass --region on every command.

IAM Roles vs Users

Users have long-lived credentials (access keys) that you manage. Roles have temporary credentials that AWS services assume automatically. When your App Runner service needs to pull from ECR, it assumes a role — it doesn't use your personal credentials.

Trust policy for App Runner role
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {
      "Service": "build.apprunner.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
  }]
}
Day 1 Exercise
Configure Your AWS Environment
  1. Create an IAM user with programmatic access and the policies listed above
  2. Run aws configure with the new credentials
  3. Verify with aws sts get-caller-identity
  4. Run aws ec2 describe-regions --output table to see all available regions
  5. Set AWS_DEFAULT_REGION in your shell profile

Day 1 Summary

  • IAM users have long-lived access keys — never use root for CLI work
  • IAM roles are assumed by services and have temporary credentials
  • aws configure stores credentials in ~/.aws/credentials
  • Pick one region and stay consistent across all your resources
  • sts get-caller-identity verifies your credentials are working
Back to Course
Deploy to AWS
Next
Day 2: S3 — Host Static Sites and Store Files
Finished this lesson?