MasterLabSystemsMasterLabSystems

// cloud

Cloud Fundamentals Hub

The cloud primitives every backend engineer should understand — compute, networking, storage, containers, Kubernetes, serverless, and security — mapped across AWS, Azure, and DigitalOcean so you can pick the right tool without lock-in fog.

Quick Reference

  • Compute — VMs, containers (ECS/AKS/DOKS), serverless (Lambda/Functions)
  • Networking — VPC, subnets, NAT, load balancers, private endpoints
  • Storage — object (S3/Blob/Spaces), block (EBS/Disks/Volumes), file (EFS/Files)
  • Containers — ECR/ACR/DOCR + Kubernetes flavors
  • Serverless — Lambda, Azure Functions, DigitalOcean Functions
  • Security — IAM, KMS, secrets manager, private networking

Learning Path

Recommended order

  1. 1.Beginner
  2. 2.Intermediate
  3. 3.Advanced

Prerequisites

  • Linux & networking basics
  • Comfort with the command line

Skills you will learn

  • Provisioning compute, networking, and storage
  • Choosing managed vs self-managed
  • Designing for HA across zones

Estimated time

Weeks to months depending on depth.

Architecture Overview

Architecture

Spring Boot on AWS

DNSEDGECOMPUTEDATAOPSforwardJDBCRoute 53Application LBHTTPSSpring BootEC2 / ECSRDSPostgreSQLS3Static assetsSecrets ManagerCloudWatchLogs · Metrics
Route 53 routes traffic to an ALB fronting EC2 / ECS instances. The app reads secrets from Secrets Manager and persists to RDS, with logs in CloudWatch.

Compute

VMs, containers, and serverless.

Recommended

VMs (EC2/Droplets/VMs) for full control; managed containers (ECS/AKS/DOKS) for orchestration; serverless (Lambda/Functions) for event-driven, bursty workloads.

Pros

  • +Right tool per workload

Cons

  • Choosing wrong primitive costs months

Best for: Match workload pattern to primitive.

Networking

VPCs, subnets, load balancers, private endpoints.

Every cloud has a VPC. Public + private subnets, NAT gateway, security groups / NSGs, ALB/NLB equivalents, private endpoints to managed services.

Pros

  • +Strong isolation when designed right

Cons

  • Misconfigured NAT/IGW = surprise bills

Best for: Any production deployment.

Storage

Object, block, and file storage.

Object storage (S3/Blob/Spaces) for assets and backups; block storage (EBS/Managed Disks/Volumes) for DB and VM disks; file (EFS/Azure Files) for shared filesystems.

Pros

  • +Object scales near-infinitely
  • +Block is fastest for DBs

Cons

  • Egress fees are the hidden tax

Best for: All apps; pick by access pattern.

Containers

Registries + orchestration.

Push images to ECR/ACR/DOCR. Run them on ECS, EKS, AKS, DOKS, or simpler runtimes like App Platform / Container Instances.

Pros

  • +Portable workloads
  • +Mature ecosystem

Cons

  • Kubernetes overhead for small apps

Best for: Any service expected to scale or move clouds.

Kubernetes

Managed K8s on every cloud.

EKS, AKS, GKE, DOKS. Each adds cloud-native ingress, storage classes, and IAM integration on top of upstream Kubernetes.

Pros

  • +Portable abstractions
  • +Rich ecosystem

Cons

  • Operational cost
  • Steep learning curve

Best for: Teams with 5+ services or platform engineers.

Serverless

Event-driven, pay-per-invocation.

Lambda, Azure Functions, Cloud Functions. Pair with API Gateway, EventBridge, queues, or Cron.

Pros

  • +No infra to manage
  • +Auto-scales to zero

Cons

  • Cold starts
  • Vendor lock-in if you go deep

Best for: Bursty, event-driven workloads.

Security

IAM, KMS, secrets, private networking.

Least-privilege IAM roles, KMS-encrypted data at rest, secrets in Secrets Manager / Key Vault / DigitalOcean's secrets, private endpoints to avoid the public internet.

Pros

  • +Native integrations
  • +Audit logs out of the box

Cons

  • IAM complexity is real

Best for: Every production deployment.

AWS vs Azure vs DigitalOcean

CapabilityAWSAzureDigitalOcean
Compute (VMs)EC2Azure VMsDroplets
Containers (managed K8s)EKSAKSDOKS
ServerlessLambdaFunctionsFunctions
Object storageS3Blob StorageSpaces
Managed DB (Postgres)RDSAzure DB for PostgresManaged Databases
Best forEnterprise / scaleMicrosoft shopsStartups / indie devs

Common Mistakes

  • !Putting databases in public subnets.
  • !Storing secrets in environment variables that get logged.
  • !Skipping multi-AZ for production databases.
  • !Underestimating egress costs (cross-AZ + NAT + Data Transfer).

Production Tips

  • Tag every resource (Project, Env, Owner) — billing without tags is unauditable.
  • Enable CloudTrail / Activity Log / Audit Logs from day one.
  • Use Infrastructure as Code (Terraform) — no manual console changes in prod.
  • Set billing alerts in Cloud and a hard budget cap where possible.

Further Reading

// read next

Deploy Spring Boot to DigitalOcean

// read next

Scaling Spring Boot on AWS EKS

// read next

Terraform on AWS — IaC

Frequently Asked Questions

Which cloud should a beginner pick?

DigitalOcean. Predictable pricing, fewer footguns, and the concepts transfer to AWS/Azure later.

Is serverless cheaper?

For bursty, low-traffic workloads — yes. For steady high-throughput workloads, containers are usually cheaper.

Do I need Kubernetes?

Not for one service. Reach for it once you operate 5+ services or need per-team isolation.