lesson

Cloud Fundamentals

Compute, storage, networking, and IAM across AWS and GCP.

The Three Pillars

Every cloud provider organises services around three pillars:

Run code without managing physical servers.

Service	AWS	GCP	When to use
VMs	EC2	Compute Engine	Full OS control, legacy apps
Containers	ECS / EKS	GKE / Cloud Run	Microservices, K8s workloads
Serverless	Lambda	Cloud Functions	Event-driven, short tasks
App hosting	App Runner	App Engine	Simple web apps

Type	AWS	GCP	Use case
Object	S3	Cloud Storage	Files, backups, data lake
Block	EBS	Persistent Disk	VM disks
File	EFS	Filestore	Shared filesystems

VPC — isolated network. Subnets = availability zones.

Load balancer — distributes traffic (ALB for HTTP, NLB for TCP).

DNS — Route 53 (AWS) / Cloud DNS (GCP).

CDN — CloudFront (AWS) / Cloud CDN (GCP).

The #1 interview topic for cloud roles.

Principle of least privilege: give only the permissions needed, nothing more.

User → Role → Policy → Resource

Users: human identities

Service accounts: machine identities (apps, CI/CD)

Roles: collection of permissions (e.g. StorageAdmin)

Policies: JSON documents defining allow/deny rules

AWS IAM policy example:

{
  "Effect": "Allow",
  "Action": ["s3:GetObject", "s3:PutObject"],
  "Resource": "arn:aws:s3:::my-bucket/*"
}

Always mention VPC design — public vs private subnets

Discuss multi-AZ / multi-region for high availability

Know the difference between horizontal vs vertical scaling

Be ready to draw a basic architecture on a whiteboard