Hands-On AWS: Java SDK + CLI for Cloud Developers

AWS Workshop
AWS Fundamentals Hands On Sessions
Meetu Maltiar 24th March 2025

About Me
I work as Software Engineer Technical Leader @Cisco Systems Bengaluru
- I like to invest time on Technologies and Software Craftsmanship
- Former Co-organiser – BOJUG (Bangalore Open Java User Group)
- I like to participate in and attending conferences and disseminate knowledge
- I am passionate about: Cloud Computing, Functional Programming, AI/ML

Getting Started
Ensure you have AWS Free Tier account
Ensure also that you have AWS cost anomaly detection setup
Install Java 17, Maven, AWS CLI
Install IDE like Eclipse/Intellj-IDEA
Clone repository: git clone https://github.com/meetumaltiar/aws-workshop

Workshop Architecture Review
This workshop follows a modular, service-by-service approach:
1. Java SDK v2 for interacting with AWS programmatically
2. AWS CLI for scripting infrastructure
3. Capstone projects for building something functional
Have a pattern in place that can help in future coding projects

Modules Covered
• S3
• EC2
• Lambda
• API Gateway
• DynamoDB
• SNS
• SQS
• IAM
• CloudWatch
• CloudFormation
• RDS (with EC2 MySQL Client)
• Capstone Project (Full Stack Backend)

Common Setup - AWS CLI + Java + Maven
• Java 17
• Maven build with SDK dependencies
• AWS CLI con
fi
gured with aws con
fi
gure
• Code resides in src/main/java/com/aws/workshop
• Scripts lives in scripts directory

What is Amazon S3
• Simple Storage Service - launched 2006
• Focused on General Object Storage on Cloud
• Big
fi
les, small
fi
les, media content, source code, spreadsheets etc
• Scalable, Highly Available, Durable, Supports integrations with AWS
• Useful in various contexts:
• Website Hosting
• Database Backups
• Data Processing Pipelines

S3: Core Concepts
• Buckets: Container of objects we want to store within a certain namespace
• Objects: Content that we are storing within a bucket
• Access
• By URL: http://s3.amazomaws.com/<BUCKET_NAME>/<OBJECT_NAME>
• Programatically: We will see in code examples

S3: Storage Classes
• Allows to reduce costs, but with reduced features
• Examples: Standard, Intelligent, Infrequent Access, Glacier
• Each tier has di
ff
erent pricing, latency, availability
• Standard Tier (Hot Data) —> Infrequent Access —> Glacier (Cold Data)
• Lifecycle Rules: Automate data movement process

S3: Java Code Basics
Create a client using builder pattern:
S3Client s3 = S3Client.builder()
.region(Region.AP_SOUTH_1)
.build()
Create a putObjectRequest using builder pattern:
PutObjectRequest putObjectRequest = PutObjectRequest.builder()
.bucket(bucketName)
.key(key)
.build();
Actual invocation to put an object in S3:
s3.putObject(putObjectRequest, RequestBody.fromFile(new File(filePath)));

S3: AWS CLI
Navigate to src/main/resources/awscli/s3operations.cli
// --- AWS CLI Commands for S3 Operations ---
// 1⃣ Create an S3 Bucket
aws s3 mb s3://my-cli-s3-bucket
// 2⃣ Upload a File to S3
aws s3 cp file.txt s3://my-cli-s3-bucket/
// 3⃣ List Objects in an S3 Bucket
aws s3 ls s3://my-cli-s3-bucket/
// 4⃣ Delete an Object from S3
aws s3 rm s3://my-cli-s3-bucket/file.txt
// 5⃣ Delete an S3 Bucket (must be empty before deleting)
aws s3 rb s3://my-cli-s3-bucket --force

AWS IAM
Identity and Access Management
Securely controls access to AWS services and resources
Includes Users, Roles, Policies and Groups
Critical for security of AWS Infrastructure

AWS IAM: Java API
Create IamClient by providing region:
IamClient iam = IamClient.builder().region(Region.AWS_GLOBAL).build();
Create User using builder pattern:
CreateUserRequest createUserRequest = CreateUserRequest.builder().userName(userName).build();
iam.createUser(createUserRequest);
Attach ReadOnlyAccess Policy:
AttachUserPolicyRequest attachPolicyRequest = AttachUserPolicyRequest.builder()
.userName(userName)
.policyArn("arn:aws:iam::aws:policy/ReadOnlyAccess")
.build();

AWS IAM: AWS CLI
# 1⃣ Create an IAM Role with Trust Policy
aws iam create-role
--role-name my-lambda-role
--assume-role-policy-document file://lambda-trust-policy.json
# 2⃣ Attach a Managed Policy to Role (e.g., AWSLambdaBasicExecutionRole)
aws iam attach-role-policy
--policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
# 3⃣ Attach an Inline Policy to Role (e.g., DynamoDB access)
aws iam put-role-policy
--policy-name DynamoDBPutItemPolicy
--policy-document file://dynamodb-putitem-policy.json
# 4⃣ Get Role Details
aws iam get-role
# 5⃣ List Attached Policies
aws iam list-attached-role-policies
# 6⃣ List Inline Policies
aws iam list-role-policies

AWS EC2
EC2 are like virtual server on Cloud
Key components: AMI, Instance Type, Security Group, key-Pair
AMI (Amazon Machine Image)
- Think of it as a blueprint for your instance
- De
fi
nes OS, pre-installed software, volume storage and boot con
fi
g
Instance Type: De
fi
nes hardware specs (CPU, RAM, Networking capacity)
- Categorised by use-case: t2.micro/t3.micro (free tier eligible), c5.large (compute optimised), r5.large (memory optimised)
- selecting right instance type is key for cost and performance needs

AWS EC2: Continued
Security Group
- Acts like a virtual
fi
rewall for your instance
- control inbound and outbound tra
ffi
c to EC2
- Rules are based on
- Port (22 for SSH, 80 for HTTP, 3306 for MySQL)
- Protocol (TCP/UDP)
Source IP range (eg 0.0.0.0/0 means public access)
Key-Pair
- A public-private key is used to SSH in your instance
- AWS stores public key and we download the private key (.pem
fi
le)
- Without key we cannot SSH to instance after creation

AWS EC2: Java API
Build Ec2Client, provide region:
Ec2Client ec2 = Ec2Client.builder().region(Region.AP_SOUTH_1).build();
Make RunInstancesRequest:
RunInstancesRequest runRequest = RunInstancesRequest.builder()
.imageId("ami-0c768662cc797cd75") // ✅ Amazon Linux 2 (Mumbai)
.instanceType(InstanceType.T2_MICRO)
.maxCount(1)
.minCount(1)
.keyName("my-key") // ✅ Replace with your real key pair
.securityGroupIds("sg-my-security-group")
Make RunInstances call:
RunInstancesResponse response = ec2.runInstances(runRequest);

AWS EC2: CLI
# -----------------------------------------
# EC2 Operations via AWS CLI
# -----------------------------------------
# 1⃣ Launch an EC2 Instance (Amazon Linux 2 – Free Tier Eligible)
aws ec2 run-instances
--image-id ami-0c768662cc797cd75
--instance-type t2.micro
--key-name my-key
--security-group-ids sg-06b8961f9dd1435fe
--region ap-south-1
# 2⃣ List All EC2 Instances
aws ec2 describe-instances
--query "Reservations[*].Instances[*].[InstanceId,State.Name,InstanceType,PublicIpAddress]"
--output table
--region ap-south-1
# 3⃣ Stop an EC2 Instance
aws ec2 stop-instances
--instance-ids i-xxxxxxxxxxxxxxxxx
--region ap-south-1
# 4⃣ Terminate an EC2 Instance
aws ec2 terminate-instances
--instance-ids i-xxxxxxxxxxxxxxxxx
--region ap-south-1

AWS API Gateway
Create RESTful API that triggers Lambdas
Support custom domains, authentication, rate limits
Works seamlessly with Lambda (AWS_PROXY)
CLI Script:
- create-rest-api, create-resource, put-method, put-integration
- Adds permission and deploys

AWS Lambda
Serverless function hosting
Triggered by events (API, S3, SQS, etc)
Pay only by runtime duration
Stateless and ephemeral

AWS Lambda Java API
public class LambdaHandler implements RequestHandler<APIGatewayProxyRequestEvent, APIGatewayProxyResponseEvent> {
@Override
public APIGatewayProxyResponseEvent handleRequest(APIGatewayProxyRequestEvent request, Context context) {
context.getLogger().log("LambdaHandler invoked");
APIGatewayProxyResponseEvent response = new APIGatewayProxyResponseEvent();
response.setStatusCode(200);
response.setBody("{ "message": "👋 Hello from Java Lambda!" }");
return response;
}
}
Implements RequestHandler, takes API Gateway event and
returns JSON response

AWS CloudFormation
Infrastructure as code (IaC)
Write cloud formation templates and call aws cloud formation: create-stack, delete-stack, describe-stacks
Declarative YAML/JSON template
AWSTemplateFormatVersion: '2010-09-09'
Description: Basic CloudFormation Template - S3 + EC2
Parameters:
KeyName:
Description: EC2 Key Pair to SSH
Type: AWS::EC2::KeyPair::KeyName
Resources:
MyS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "workshop-demo-bucket-${AWS::AccountId}"
Automates creation of AWS resources
aws cloudformation create-stack
--stack-name "$STACK_NAME"
--template-body "file://$TEMPLATE_PATH"
--parameters ParameterKey=KeyName,ParameterValue="$KEY_NAME"
--capabilities CAPABILITY_NAMED_IAM
--region "$REGION"

AWS DynamoDB
NoSQL key value and document oriented database
Fast scalable, managed and server-less
Free Tier: 25 GB + 200M requests/month
JAVA API:
Use DynamoDBClient for create, put, delete operations. Works with table-name and primary-key
CreateTableRequest request = CreateTableRequest.builder()
.tableName(TABLE_NAME)
.keySchema(KeySchemaElement.builder()
.attributeName("studentId")
.keyType(KeyType.HASH).build())
.attributeDefinitions(AttributeDefinition.builder()
.attributeName("studentId")
.attributeType(ScalarAttributeType.S).build())
.provisionedThroughput(ProvisionedThroughput.builder()
.readCapacityUnits(5L)
.writeCapacityUnits(5L)
.build())
.build();

AWS DynamoDB CLI
REGION="ap-south-1"
TABLE_NAME="Students"
echo "🔧 Creating DynamoDB table '$TABLE_NAME'..."
aws dynamodb create-table
--table-name $TABLE_NAME
--attribute-definitions AttributeName=studentId,AttributeType=S
--key-schema AttributeName=studentId,KeyType=HASH
--provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5
--region $REGION || true
echo "⏳ Waiting for table '$TABLE_NAME' to become ACTIVE..."
aws dynamodb wait table-exists
--region $REGION
echo "✅ Table '$TABLE_NAME' is now ACTIVE."
echo "📥 Inserting item into '$TABLE_NAME'..."
aws dynamodb put-item
--item '{"studentId": {"S": "101"}, "name": {"S": "Meetu"}, "email": {"S": "meetu@example.com"}}'
--region $REGION

AWS SQS
Queue based asynchronous messaging
Pull model - consumers polls messages
Used for decoupling micro-services and job processing
SQS also has de-duplication queue settings to manage fail scenarios

AWS SQS Java API
Create SQS client:
SqsClient sqsClient = SqsClient.builder().region(Region.AP_SOUTH_1).build();
Create Create SQS Request:
// 1⃣ Create Queue
CreateQueueRequest createQueueRequest = CreateQueueRequest.builder()
.queueName(queueName)
.build();
String queueUrl = sqsClient.createQueue(createQueueRequest).queueUrl();
// 2⃣ Send Message
SendMessageRequest sendRequest = SendMessageRequest.builder()
.queueUrl(queueUrl)
.messageBody("Hello from SQS via Java!")
.build();
sqsClient.sendMessage(sendRequest);

AWS SQS CLI
# SQS CLI Commands for MyJavaQueue
# 1⃣ Create Queue
aws sqs create-queue
--queue-name MyJavaQueue
--region ap-south-1
# 2⃣ Get Queue URL
aws sqs get-queue-url
--queue-name MyJavaQueue
--region ap-south-1
# 3⃣ Send Message (replace <queue-url>)
aws sqs send-message
--queue-url <queue-url>
--message-body "Hello from AWS CLI to SQS!"
--region ap-south-1
# 4⃣ Receive Message
aws sqs receive-message
--region ap-south-1
# 5⃣ Delete Message (replace <receipt-handle>)
aws sqs delete-message
--receipt-handle <receipt-handle>
--region ap-south-1

AWS SNS
Pub/Sub messaging service
Push based delivery to email, SMS, Lambda, HTTP
Ideal for alerts, noti
fi
cations, fan-out scenarios
Java code API:
Create SNS client
SnsClient sns = SnsClient.builder().region(Region.AP_SOUTH_1).build();
Create Topic request:
CreateTopicRequest createRequest = CreateTopicRequest.builder().name(topicName).build();
Publish Message:
// 2⃣ Publish Message
PublishRequest pubRequest = PublishRequest.builder()
.topicArn(topicArn)
.message("Hello from AWS Java SNS!")
.build();
sns.publish(pubRequest);

AWS SNS Script
# 1⃣ Create SNS Topic
echo "🔧 Creating SNS topic '$TOPIC_NAME'..."
TOPIC_ARN=$(aws sns create-topic
--name $TOPIC_NAME
--region $REGION
--query "TopicArn" --output text)
echo "✅ Topic created: $TOPIC_ARN"
# 2⃣ Publish initial message
echo "📨 Publishing welcome message to SNS..."
aws sns publish
--topic-arn $TOPIC_ARN
--message "Hello from AWS CLI SNS Script!"
--region $REGION
echo "✅ Message published to $TOPIC_NAME."
# 3⃣ Subscribe email
echo "🔔 Subscribing email: $EMAIL"
aws sns subscribe
--topic-arn $TOPIC_ARN
--protocol email
--notification-endpoint "$EMAIL"
--region $REGION
echo "📬 Confirmation email sent to $EMAIL. Please confirm from your inbox."
# 4⃣ List all topics
echo "📋 Listing all topics:"
aws sns list-topics --region $REGION

RDS + EC2 MySQL Client
Amazon RDS is relational database systems on AWS
RDS has support for PostGres, MySQL and is well managed
Backup, patching, replication are handled by RDS
CLI scripts:
- rds-script.sh for launching MySQL instance with VPC security group
- rds_ec2_testsetup.sh: Launch EC2, install MySQL, connect to RDS

Capstone Project: Student Submission Portal
Stack Includes:
• Lambda (Java)
• API Gateway (POST /submit)
• DynamoDB (store submission)
• SNS (notify admin)
Java Code Walkthrough
•StudentSubmissionHandler.java: Reads request → saves to DB → sends SNS
Structure
src/
└── main/java/com/aws/workshop/capstone/
├── StudentSubmissionHandler.java
├── model/
└── service/

Capstone Project Cleanup
Scripts:
•cleanup_all.sh: Tears down all major resources
•cleanup_rds_ec2.sh: Deletes RDS + EC2 setup
Tips:
•Con
fi
rm SNS and DynamoDB deletions
•Check S3 buckets and CloudWatch logs if needed

Next Steps & Learn More
• Explore CloudTrail, VPC, EKS, EventBridge
• Try Terraform + AWS
• Dive in serverless best practices

Hands-On AWS: Java SDK + CLI for Cloud Developers

More Related Content

Similar to Hands-On AWS: Java SDK + CLI for Cloud Developers

More from Meetu Maltiar

Recently uploaded

Hands-On AWS: Java SDK + CLI for Cloud Developers