aws SAA 총정리

aws 총정리

---

• Global service = can`t choose a region

IAN

• IAM (Identity and Access Management, Global service)
  • root account create by default, shouldn`t be used or shared
  • Users are people within your organization, and can be grouped
  • Group only contain users, not other groups -> Group can`t contain other group
  • Users don`t have to belong to a group, and usre can belong to multiple groups
  • User or Groups can be assigned JSON documents called polcies
    • These polices define the permissions of the users
    • In AWS you apply the least privilege principle: don`t give more permissions than a user needs

 

• IAM Policies inheritance

  • consists of

    • Version : policy language version, always include “2012-10-17”
    • Id : an identifier for the policy (optional)
    • Statement : one or more individual statements (required)

  • Satements consists of

    • Sid : an identifier for the statement (optional)
    • Effect : whether the statement aloows or denies access (Allow, Deny)
    • Principal: account/user/role to which this policy applied to
    • Action : list of actions this policy allows or denies
    • Resource : list of resources to which the actions applied to
    • Condition : conditions for when this policy is in effect (optional)

 

• IAN Password Policy

  • Strong passwords = higher security for your account
  • In AWS, you can setup a password policy:
    • Set a minimum password length
    • Requrire specific character types:
      • including uppercase letters
      • lowercase letters
      • numbers
      • non-alphanumeric charcters
    • Allow all IAM users to change their own passwords
    • Require users to change their password after some time (password expiration)
    • Prevent password rescue

• MFA

  • MFA ( Multi Factor Authentication )
    • MFA = password you know + security device you own
    • Virtual MFA device
      • google authenticator(phone only), Authy (Multi-device)
    • Universal 2nd Factor (U2F) Security Key

 

• To access AWS
  • AWS Management console / password + MFA
  • AWS Command Line Interface(CLI) / access keys
  • AWS Software Deveploper Kit (SDK) / acccess Keys

 

• Cloud shell ’’' · 미국 동부 (오하이오 주) · 미국 동부 (버지니아 주) · 미국 서부 (오리건 주) · 아시아 태평양 (뭄바이) · 아시아 태평양 (시드니) · 아시아 태평양(도쿄) · 유럽(프랑크푸르트) · 유럽(아일랜드) ’''

 

EC2

• On-Demand Instanceds ( Pay for what you use) : short workload, predictble pricing
• Reserved ( Up to 75% discount compared to On-demand) : (MINIMUM 1 Year)
  • Reserved Instances : Long workloads
  • Convertible Reserved Instances : long workloads with flexible instances
    • can change the EC2 instance type
    • Up to 54% dicount
  • Scheduled Reserved Instances : example - every Thursday between 3 and 6 pm
• Spot Insances : short workloads, cheap, can lose instances (less reliable)
  • Can get discount of up to 90% compared to On-demand
  • Instances that you can “lose” at any point of time if your max price is less than the current spot price
• Dedicated Hosts : book an entire physical server, control instance placemenet
  • Allocated for your account for a 3-year period reservation
  • More expensive
  • Useful for software that have complicated licensing model (BYOL-Bring Your Own License)
  • Or for companies thay have strong regulatory or compliance needs

 

Elastic IP

• can only have 5 Elastic IP in account (can ask AWS to increase that)