Day 1: Day 1

Today's Objective

Get oriented in AWS: understand IAM users, roles, and policies; set up the AWS CLI; and configure your first environment.

Why AWS for AI Apps

AWS is where production AI runs. S3 stores your training data and model artifacts. App Runner deploys your API containers. RDS holds your application data. Once you learn the core services, everything else becomes configuration.

This course teaches the services you'll actually use: IAM, S3, App Runner, RDS, Route 53, ACM, and CloudFront. No certifications, no theory — just deployments.

IAM: Identity and Access Management

IAM controls who can do what in your AWS account. Every API call requires credentials from either a user or a role. Get this wrong and you either lock yourself out or create a security hole.

Create an IAM User for the CLI

Never use root credentials for CLI work. Create an IAM user with programmatic access and attach only the permissions it needs.

Go to IAM → Users → Create User. Give it a name like cli-user, enable programmatic access, and attach the policies you need. For this course: AmazonS3FullAccess, AWSAppRunnerFullAccess, AmazonRDSFullAccess, AmazonECR_FullAccess.

Install and Configure the AWS CLI

terminal.txt

TERMINAL

# Install (macOS)
brew install awscli

# Install (Linux)
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip && sudo ./aws/install

# Configure
aws configure

Enter your Access Key ID, Secret Access Key, default region (use us-east-1 to start), and output format (json).

terminal_-_verify_setup.txt

TERMINAL — VERIFY SETUP

aws sts get-caller-identity
# Should return your account ID and user ARN

aws s3 ls
# Lists your S3 buckets (empty for new accounts)

Understanding Regions

AWS runs in ~30 regions worldwide. Each region is isolated — resources in us-east-1 are not visible from eu-west-1. Choose a region and stay consistent. For US customers, us-east-1 (N. Virginia) has the most services and lowest latency to the internet backbone.

Set a default region. Add export AWS_DEFAULT_REGION=us-east-1 to your shell profile so you don't have to pass --region on every command.

IAM Roles vs Users

Users have long-lived credentials (access keys) that you manage. Roles have temporary credentials that AWS services assume automatically. When your App Runner service needs to pull from ECR, it assumes a role — it doesn't use your personal credentials.

trust_policy_for_app_runner_role.txt

TRUST POLICY FOR APP RUNNER ROLE

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {
      "Service": "build.apprunner.amazonaws.com"
    },
    "Action": "sts:AssumeRole"
  }]
}

Day 1 Exercise

Create an IAM user with programmatic access and the policies listed above
Run aws configure with the new credentials
Verify with aws sts get-caller-identity
Run aws ec2 describe-regions --output table to see all available regions
Set AWS_DEFAULT_REGION in your shell profile

Day 2: S3 — Host Static Sites and Store Files

→

What's Next

The foundations from today carry directly into Day 2. In the next session the focus shifts to Day 2 — building directly on everything covered here.

Supporting Videos & Reading

Go deeper with these external references.

YouTube

Day 1 — Video Walkthroughs Community tutorials and walkthroughs covering the concepts in this lesson.

→

YouTube

Day 1 Explained Deep-dive explanations and live-coding sessions from top educators.

→

Official Docs

Official Documentation Primary reference documentation for the technologies covered in this lesson.

→

GitHub

Open Source Examples Real-world codebases demonstrating the patterns taught in this lesson.

→

Day 1 Checkpoint

Before moving on, verify you can answer these without looking:

What is the core concept introduced in this lesson, and why does it matter?
What are the two or three most common mistakes practitioners make with this topic?
Can you explain the key code pattern from this lesson to a colleague in plain language?
What would break first if you skipped the safeguards or best practices described here?
How does today's topic connect to what comes in Day 2?

Live Bootcamp

Learn this in person — 2 days, 5 cities

Thu–Fri sessions in Denver, Los Angeles, New York, Chicago, and Dallas. $1,490 per seat. June–October 2026.

Reserve Your Seat →

Continue To Day 2

Day 2: S3 — Host Static Sites and Store Files

→