Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Cloud Practitioner > Account Management > Flashcards

Account Management Flashcards

1
Q

AWS Organizations

A
  • Global service
  • Allows to manage multiple AWS accounts
  • The main account is the master account
  • Cost Benefits:
    • Consolidated Billing across all accounts - single payment method
    • Pricing benefits from aggregated usage (volume discount for EC2, S3…)
    • Pooling of Reserved EC2 instances for optimal savings
  • API is available to automate AWS account creation
  • Restrict account privileges using Service Control Policies (SCP)
  • Multi Account Strategies:
    * Create accounts per department, per cost center, per dev / test / prod, based on regulatory restrictions (using SCP), for better resource isolation (ex: VPC), to have separate per-account service limits, isolated account for logging
    * Use tagging standards for billing purposes
    * Enable CloudTrail on all accounts, send logs to central S3 account
    * Send CloudWatch Logs to central logging account
  • Service Control Policies (SCP):
    • Whitelist or blacklist IAM actions
    • Applied at the OU or Account level
    • Does not apply to the Master Account
    • SCP is applied to all the Users and Roles of the Account, including Root user
    • The SCP does not affect service-linked roles
      • Service-linked roles enable other AWS services to integrate with AWS Organizations and can’t be restricted by SCPs.
    • SCP must have an explicit Allow (does not allow anything by default)
    • Use cases:
      • Restrict access to certain services (for example: can’t use EMR)
      • Enforce PCI compliance by explicitly disabling services
  • Consolidated Billing - When enabled, provides you with:
    • Combined Usage – combine the usage across all AWS accounts in the AWS Organization to share the volume pricing, Reserved Instances and Savings Plans discounts
    • One Bill – get one bill for all AWS Accounts in the AWS Organization
    • The management account can turn off Reserved Instances discount sharing for any account in the AWS Organization, including itself
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AWS Control Tower

A
  • Easy way to set up and govern a secure and compliant multi-account AWS environment based on best practices
  • Benefits:
    • Automate the set up of your environment in a few clicks
    • Automate ongoing policy management using guardrails
    • Detect policy violations and remediate them
    • Monitor compliance through an interactive dashboard
  • AWS Control Tower runs on top of AWS Organizations:
    • It automatically sets up AWS Organizations to organize accounts and implement SCPs (Service Control Policies)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AWS Resource Access Manager (AWS RAM)

A
  • Share AWS resources that you own with other AWS accounts
  • Share with any account or within your Organization
  • Avoid resource duplication!
  • Supported resources include Aurora, VPC Subnets, Transit Gateway, Route 53, EC2 Dedicated Hosts, License Manager Configurations…
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AWS Service Catalog

A
  • Users that are new to AWS have too many options, and may create stacks that are not compliant / in line with the rest of the organization
  • Some users just want a quick self-service portal to launch a set of authorized products pre-defined by admins
  • Includes: virtual machines, databases, storage options, etc…
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS Cloud Practitioner (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions