Have you ever considered where all your files, apps, and systems are stored? Traditionally, they sit on physical servers inside data centers. These are rooms full of machines that need power, AC for cooling, and constant maintenance by different people. While this works, it is very costly and time-consuming. That’s why many businesses today are migrating to the AWS cloud, where resources are easier to manage, more secure, and much more flexible.

Getting started with the cloud can feel unfamiliar, especially if you’re used to traditional systems. In this guide, we’ll walk through simple hands-on activities in AWS so you can learn by doing. Together, we’ll explore three core services: Learn to create IAM users and groups, set up a Virtual Private Cloud (VPC), and learn how to store files using S3.

By the end, you’ll understand the basics and feel more confident working in AWS!

Before we get started

Picture this: you’re part of your university’s student organization. All the files, event schedules, member lists, and even a small online store for selling club merch are stored on an old computer tucked away in the faculty office. It’s slow, breaks down often, and anyone with the password can access everything. During busy weeks, it can’t even handle the traffic from students trying to sign up or buy things online. To make things worse, it’s so outdated that it’s already being hacked by curious students from other departments.

Now, imagine you propose moving everything to the AWS cloud. Instead of relying on one fragile machine, you can:

• Use IAM to secure access by giving students and faculty separate accounts with defined permissions.
• Set up a VPC to create a safe, isolated environment where the org’s applications can run without outside interference.
• Store files in S3 for essential things like event records, gradebooks, and merchandise images.

What is IAM in AWS?

IAM (Identity and Access Management) is AWS’s way of controlling who can access your resources and what actions they can take. Instead of everyone using the same admin login, you create groups and users with specific roles to keep things organized and secure.

In our student org system, IAM revolves around two ideas: authentication and authorization.

• Authentication is making sure someone is really who they say they are, like checking a student’s ID before letting them into an event.
• Authorization is deciding what they can do once inside. A student might be able to join activities, but only officers can edit member records.

By setting up IAM, each student and faculty member gets their own account with the right level of access. No more passing around one password for the old computer. Everyone signs in with their own credentials, and they only see or do what they’re allowed to!

Permissions make this possible. In AWS, the identity making the request is called a principal, such as a user or a role. For example, a student may only view the event calendar, while an officer can edit it.

Lab 1: IAM Groups and Users

Creating AWS IAM Group

1. Go to the IAM console
   
2. Under Access management, click User groups, then Create group
   

   

3. Name it FacultyGroup (or any name you prefer)
   

4. Skip adding users for now
   
5. Under Attach permissions policies, search for PowerUserAccess
   


6. Check the box, then click Create group
   
   NOTE: When you attach PowerUserAccess and click on the ‘+’ icon, you’re really linking a policy document written in JSON (a simple data format). Policies are just sets of rules that tell AWS what actions are allowed or denied.

Now we have a group with permissions already attached! Anyone added to this group will automatically inherit those permissions.

Creating AWS IAM User

1. On the left-hand side, go to Users, then Create user
2. Name it student-user-a (or any name you prefer)
   

3. Click the checkbox below to provide user access and set a custom password. After that, uncheck the ‘User must create a new password’ option (since we’re just creating tests on users)
   

4. On Set permissions, add the created user to FacultyGroup
   

5. Skip permission boundaries, then hit Next
6. Review everything and click Create user
   

You’ve successfully made your first IAM user! Now repeat the process once more for student-user-b to practice creating multiple users. With IAM in place, our accounts are secure and everyone has the right level of access.

The next step is to make sure those users and applications run inside a safe environment. That’s where the Virtual Private Cloud (VPC) comes in. Let’s look at why VPC matters before we set one up.

Lab 2: Setting Up Your Own Private Cloud (AWS VPC)

Our student org’s old server was sitting wide open in the faculty office, which made it easy for curious students from other departments to sneak in. To fix this, we need a safe and isolated place for our applications to run. A Virtual Private Cloud (VPC) gives us that: it’s like building a private data center, but inside AWS. Only the people and services we approve can get in, and everything else stays out.

Why AWS VPC?

A VPC lets you create your own “mini internet” in the cloud! Inside it, you can design secure areas for your resources. For example, a public subnet is like the front desk, where visitors or users connect to your system, while a private subnet is like the staff room, hidden away and accessible only to trusted members.

• Create a custom VPC named Faculty-vpc (or any name you prefer)

• Add one public subnet and one private subnet

Creating an AWS VPC

1. Go to the VPC Console
2. Click Create VPC
   

3. Choose VPC only. Then, name it Faculty-vpc
   

4. Set IPv4 CIDR block to 10.32.0.0/16
   

5. Leave the rest as default and click Create VPC!

Adding two subnets

1. On the left, go to Subnets, then click Create subnet
2. Select the VPC we created earlier named Faculty-vpc
   

3. Name your subnet public-faculty-subnet with CIDR block 10.32.1.0/24. Then, click Add new subnet
   

4. Name the second one private-faculty-subnet with CIDR block 10.32.2.0/24. After that, click Create subnet
   
   

You created two subnets in your Faculty-vpc: one labeled “public” and another labeled “private.” At this point, the names are just for clarity. What makes a subnet truly public is when you connect it to the internet through an Internet Gateway, and what makes a subnet private is when you restrict it so resources only communicate inside the VPC.

Why Two Subnets?

This setup is important because it lets you separate what the world can see from what stays protected. For example:

• The public subnet could host a small website or student sign-up page
• The private subnet could hold sensitive data like gradebooks or internal applications that should never be exposed directly to the internet

By splitting resources this way, you reduce risk and make your network more secure.

Lab 2.1: Extra AWS(some) Challenge!

Now that you have a public and a private subnet, let’s actually make the “public” subnet work as intended. Think of it like setting up the front gate to your campus network. By creating an Internet Gateway, adding a route table, and linking it to the public-faculty-subnet, you’re allowing internet traffic in and out of that area. Meanwhile, the private-faculty-subnet stays locked away inside, safe from outside access. This setup keeps sensitive resources hidden while still letting your apps or websites in the public subnet talk to the internet.

Create Internet Gateway (IGW) and Route Table

1. Create an Internet Gateway (IGW)
   

   then name it faculty-igw
   

2. Attach it to the VPC you just created.
   

   Then attach the name of your VPC
   

   This is like opening the front door. Without an IGW, nothing in your VPC can talk to the outside internet.

3. Create a Route Table.
   

   A route table is like a set of traffic rules. It decides where requests from your subnet should go.

4. Name your Route Table to Faculty-rt and select your VPC
   

5. Add a Route Table Entry for Internet Traffic. Open Faculty-rt and click Edit Routes
   

6. Click Add route
   

   After clicking, make sure the destination is set to 0.0.0.0/0 (this means “all internet traffic”). Then for target, add your IGW faculty-IGW. Hit Save changes once finished.

7. Associate the Route Table with the Public Subnet. Click Edit subnet associations from the route table you created.
   

   Then, choose your subnet.
   

8. Reminder: Do not modify the Private Subnet. The private subnet stays internal, so resources there are protected from direct internet access.

Great job! By attaching an Internet Gateway and updating the route table with 0.0.0.0/0, you’ve made your public-faculty-subnet public! Now resources placed here can communicate with the internet, while your private-faculty-subnet stays isolated and protected.

Next, let’s move on to S3, where we’ll store the files and data our student org depends on.

Lab 3: Creating and Using an AWS S3 Bucket

Our student org needs a safe place to keep important files, from gradebook spreadsheets to images of club merchandise like shirts and pens. Instead of storing these on a fragile old computer, we’ll use Amazon Simple Storage Service (S3).

Why S3?

S3 is like a secure, online filing cabinet for your data. It’s fast, reliable, and scales automatically whether you’re saving a few photos for the org’s online store or thousands of files over time. Best of all, you can access your files from anywhere, without worrying about crashes or running out of space.

Create an S3 Bucket

1. Go to the S3 Console
2. Click Create bucket.
   

3. Name your to something like club-merch-bucket (remember, bucket names must be unique across all AWS).
   

   Leave Block Public Access enabled for now.
   

4. Click Create bucket.

Upload

1. Click and open the bucket you created, then click Upload
   

2. Click Add files, then drag your preferred image/s
3. Click Upload
   

4. You’ll now see the images listed in your bucket
   
   

By now, you’ve accomplished a lot:

• Created IAM users with secure, role-based access
• Built a VPC to protect and isolate your applications
• Uploaded files into reliable cloud storage with S3

With these labs, you’ve taken your first real steps into AWS. What started as a simple student org story is now a foundation for bigger things! From here, you can imagine launching full web apps, adding databases, or scaling services for thousands of users, all powered by the cloud through AWS.

Conclusion

You’ve just taken your first steps into AWS Cloud Infrastructure by learning to manage users with IAM, build a secure network with VPC, and store files with S3. These are the building blocks that almost every cloud project starts with! Keep practicing, stay curious, and you’ll gain the confidence to take on bigger projects in the cloud.

References:

1. https://aws.amazon.com/what-is/cloud-migration/
2. Infrastructure for the Rest of Us
3. Amazon IAM
4. Amazon VPC
5. Amazon S3