Chap 1-3 Flashcards
Difference between an AZ and Regions
AZs are just DCs full of servers, load balancers etc while a Region is a geographical area - each region consists of 2 or more AZs
Edge Locations
- Endpoints for AWS which are used for caching content
Edge Locations vs Regions
there are many more edge locations compared to Regions (150) - review this
Region
physical location in the world which consists of 2 or more AZs
AZ
one or more discrete DCs, each with redundant power, networking and connectivity, housed in separate facilities
Edge location consists of
CloudFront, amazon’s CDN
AWS offers 3 support plans
Basic
Developer
Business
AWS Basic plan
- Free
- Self service access to forums and resources
- Best practice checks to help improve security and performance
- Access to health status and notifications
AWS Developer Plan
- 29/month
- Early adoption, testing and development
- 1 primary contact can open an unlimited number of support cases
- 12 hour response time for non prod systems
AWS Business Plan
- 100/month
- For prod workloads & business critical dependencies
- 24/7 chat, phone and email access to AWS Support
- Unlimited contacts can open an unlimited number of support cases
- 1-hour response time for production systems
Root account
is the user account that you used for creating the account
Root account God mode
Administrator access policy (most powerful resource)
IAM is applied at the ? level
global (not specific to region)
2 Access types to AWS
- Programmatic
2. AWS Management Console Access
Programmatic access
Enables an access key ID and secret access key for the AWS API, CLI, SDK and other development tools.
AWS Management Console access
Enables a password that allows users to sign-in to the AWS Management console
Roles
way for one AWS service to use another AWS service
What are the permissions of new users when first created?
none
What are assigned to new users when first created?
access key id and secret access keys
Access key id and secret access keys are used to access?
AWS via the APIs and Command Line
What happens if you lose your access key id and secret access keys?
Regenerate
Always setup ? on your root account so that it will be secured
MFA
IAM allows you to ? for password protection
Create and customise your own password rotation policies
IAM consists of the following:
- Users
- Groups
- Roles
- Policies
What is IAM
Identity Access Management - allows you to manage users and their level of access to the AWS console
IAM - USERS
end users such as people, employees of an org
IAM - GROUP
collection of users; each user in the group will inherit the permissions of the group
IAM - POLICIES
made up document called policy documents in JSON format and they give permissions as to what a user/group/role is able to do
IAM - ROLES
roles are assigned to AWS resources so that they can communicate with each other
Power User
Provides full access to AWS services and resources, but does not allow management of Users and groups.
SAML
Security Assertion Markup Language
SAML gives your federated users?
SSO access to the Management Console
Amazon recommends that you leave all security groups in web facing subnets open on port 22 to 0.0.0.0/0 CIDR (Classless Inter-Domain Routing) - TRUE OR FALSE
False
VPC spans
all the AZ in the Region
Each subnet must
reside in one AZ and cannot span AZs
