Background + IAM Flashcards
Problems with traditional IT approach
Pay for the rent for the data center
• Pay for power supply, cooling, maintenance
• Adding and replacing hardware takes time
• Scaling is limited
• Hire 24/7 team to monitor the infrastructure
• How to deal with disasters?
What is cloud computing
- on-demand delivery of resources
- pay-as-you-go pricing
- provision the right type and size of resources
- access almost instantly
- Simple way to access resources
What are cloud deployment models?
- Private Cloud
- Public Cloud
- Hybrid Cloud
What are the characteristics/advantages of cloud computing?
- On-demand self service
- Trade capex for opex / variable expense
- Broad network access
- Multi-tenancy and resource pooling
- Rapid elasticity and scalability
- Stop maintaining data centers
- Measured service / Pay as you go for what you use
- Go global in minutes
- High availability and fault tolerance
What are the types of cloud computing
Infrastructure as a service
Platform as a service
Software as a service
What are AWS pricing fundamentals?
- Compute time
- Storage used
- Data transferred out (Data in is free)
AWS Global Infrastructure
- Regions (cluster of data centers, 2 or more AZs)
- Availability Zones (one or more discrete data centers)
- Data Centers
- Edge Presence
What is IAM?
Identity and Access Management
- Root account
- User
- Groups
Descrine IAM Permissions
- Assigned in JSON document
- define the permissions
- use the least privilege principle
IAM - Password policy
- Setup your own policy
- pw requirements (length, chars, expiration)
AWS MFA
- Prevents use of stolen pw/credentials
- Virtual MFA: Google Authenticator / Authy phone apps
- Universal 2nd Factor (U2F): YubiKey (USB Device)
- Hardware Key FOBs
How is AWS accessed
- Management console
- Command line interface
- Software development kit
- AWS Cloudshell - cloud cli in AWS
Each uses access keys
IAM Roles for services
- some services perform actions on your behalf
- must assign permissions to these services
IAM Montoring Reports
- IAM Credentials Report (overall account view)
- IAM Access Advisor (user view)