Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

2.2.3.2. Interacting with the AWS Software-Defined Infrastructure

2.2.3.2. Interacting with the AWS Software-Defined Infrastructure

Everything in AWS is an API call. The console, CLI, SDKs, and IaC tools all call the same APIs — understanding this is fundamental to automation.

AWS APIs and access methods:
  • AWS CLI: aws <service> <action> --parameters. Scripts well for bash automation.
  • AWS SDKs: Boto3 (Python), JavaScript, Java, etc. Use in Lambda and applications.
  • CloudFormation/CDK: Declarative API calls with state management and rollback.
  • REST APIs directly: Sign requests with SigV4 for edge cases.

API throttling and retries: Every AWS API has rate limits. Exceeding them returns ThrottlingException. SDKs handle retries automatically, but custom scripts need explicit logic:

from botocore.config import Config

config = Config(retries={'max_attempts': 10, 'mode': 'adaptive'})
ec2 = boto3.client('ec2', config=config)

CloudTrail logs every API call — who, what, when, from where. This is your audit trail for all infrastructure changes.

CloudShell provides a browser-based shell with AWS CLI, Python, Node.js pre-installed and authenticated with your console session.

Exam Trap: Lambda API calls use the function's execution role, not the invoking user's permissions. If a Lambda function called by User A needs S3 access, the Lambda execution role needs S3 permissions — User A's permissions are irrelevant. This is a frequent "access denied" source.

Alvin Varughese
Written byAlvin Varughese•Founder•15 professional certifications