- Account and Service Layer
From the AWS Console and the CLI everything is made thru API Calls
- Physical and Networking Layer
Within the infrastructure Layer by using IAM he user gets access to all the services
- AWS Console
- All actions in the console are considered API calls
- AWS CLI
- AWS Command line Interface, these are also API calls and requires API Key configuration
- Regions
Regions are groups of independently separated Data Centers located closely
- Availability Zone
Availability Zone are each of the separated Data Centers with in a Region that has a fast low latency communication between each other and are used by architects to design applications to conform to specific laws and regulation. AZ Work together in a Region but are isolated from each other o ensure fault tolerance.
- Edge Locations
"Edge Locations* are Content Delivery Networks (CDN) in example CloudFront (Caches Data) to reduce the space/time/latency required for a request in that part of the world.
- High Availability: Systems that are durable and likely to operate without ailure failure for a long time
- Fault Tolerance: Property than enables a system to continue operating properly in the event of the failure of one or more of its components.
- Scalability: The ability of a system to increase its size and capacity in a cost effective way.
- Elasticity: Ability to increase or decrease its size usually based on usage demand.
- Cost Efficient: Choosing the correct options to make a system as inexpensive as possible.
- Secure: Follow the proper security practices and guidelines to secure a system.
- AWS Best Practices: Set of guidelines outlined by AWS
- IAM
- Users
- Groups
- Roles
- Polices
- API Keys
- Password Policy and MFA
New IAM Users have a non-explicit deny rule (No Access to any AWS Service by default) Permissions should be granted through IAM policies.
- AWS Root account best practices:
- Delete Root access keys
- Activate MFA on Root account
- Create Individual IAM Users
- User Groups to assign permissions
- Apply an IAM password policy
Always use the IAM user instead of the root user Best Practice: Principal of Least Priviledge (Only grant permissions required for the job function for each user)
A Policy is a document that states one or more permissions.
- IAM Policy example (admin access)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}