Fundamentals Flashcards
Provided when creating an account
Account name, Unique Email Address, Credit Card
Has full control over the account created and any resources created within it
Root User
Can Root User be restricted?
No
IAM Users, Groups, Roles can be created and given Limited or Full permissions (True or False)
True
Container for Identities (Users) and resources
AWS Account
Billed to the AWS account payment method as they are consumed
Resources
simple best practice that adds an extra layer of protection on top of your user name and password
AWS Multi-Factor Authentication (MFA)
Is IAM a globally resilient service?
Yes
Identities which represent humans or applications that need access to your account
Users
Collection of related users
Group
Can be used by AWS services or for granting external access to your account
Roles
Objects or documents which can be used to allow or deny access to AWS services when they are ATTACHED to groups, users, or roles
Policies
Term to prove an identity
Authenticate
Term to allow or deny access to resources
Authorize
Is there a cost to IAM
No
Long term credentials in AWS
Access Keys
Service which is accessed via the public endpoints - can be accessed from anywhere with an internet connection
Public Service
Services which can only access the internet and be accessed by the internet if it is configured to do so
AWS Private Zone
Network zone where AWS public services operate from
AWS Public Zone
Term for separate geographic area designed to be isolated from the other
Region
Zone with one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region
Availability Zones
Zone which place compute, storage, database, and other select AWS services closer to end-users
Local Zone
Term for when data is replicated globally across regions inside AWS
Globally resilient
Term for services that operate in a single region with one set of data per region. The services operate as a separate service in each region that replicate data to multiple AZ within that region
Region resilient
Services which run from a single AZ
AZ resilient
AWS data centers designed to deliver services with the lowest latency possible by caching data
Edge Location