Skip to main content

Chapter 2 checkpoint

You now hold the five primitives every cloud system is built from. Recall the map, then prove it with the quiz.

The throughline

  • Five primitives: compute (run code), storage (keep data), databases (query structured data), networking (connect & gate), IAM (who can do what — wraps all the rest).
  • Compute is a ladder: VM (whole OS, most control) → container (app + deps, portable, modern default) → serverless (just code, scales to zero, event-driven).
  • Storage has three shapes: object (blobs by name over HTTP, infinitely scalable, the workhorse) → block (a raw disk for one VM) → file (a shared filesystem for many machines).
  • Databases: default to managed SQL/PostgreSQL (ACID, structure); reach for NoSQL for scale, flexible shape, or caching. Almost always choose managed.
  • Networking: a VPC is your private network; public subnets face the internet (load balancer), private subnets hide servers/databases; security groups are least-privilege firewalls; a load balancer spreads traffic across healthy AZs; DNS maps names to addresses.
  • Messaging: decouple components with a broker — queue (one worker per message), pub/sub (fan-out to many), stream (ordered, replayable log). Assume at-least-once delivery, make consumers idempotent, and send poison messages to a dead-letter queue.
  • Caching & CDNs: serve ready-made copies to cut latency, load, and cost, through a hierarchy (browser → CDN/edgein-memory cache (Redis) → database). Default to cache-aside with a TTL; the hard parts are invalidation and the thundering herd when hot keys expire. Never edge-cache private data.
  • IAM: authenticate to prove identity, authorize each action via policies. Give machines roles, not keys, and apply least privilege to shrink blast radius.

Quiz

Required checkpoint

Chapter 2 — Core Services

Pass to unlock the Next button below

You can now name what every cloud system is made of and choose the right primitive for a job. But provisioning these by clicking (ClickOps) doesn't scale — Chapter 3 replaces the clicking entirely with Infrastructure as Code.

Next: Chapter 3: Why Infrastructure as Code →