IAM – Global

- Users don’t have to belong to a group, users can belong to multiple groups
- Policies (JSON Documents) are assigned to Users/Groups
Sid: Statement ID (Optional) Version: Principal: account/user/role to which policy
policy applies to Effect: Allow,Deny Action:ec2:Describe.* Resouce:* Condition: When
policy is in effect(Optional)
- AWS you apply Least Privilege principle. Don’t give more permissions than a user needs.
- You can create policy using Visual editor or by typing JSON
- Access AWS 3 ways

AWS management console (Password + MFA)

AWS CLI (access keys) can be installed on local machine

 aws –version
 aws configure
 aws iam list-users

SDK(access keys)

- AWS cloudshell is CLI on AWS web

- Roles are permissions that you grant to entities like another AWS service
- IAM Security tools
 IAM credentials report(Account Level)
 IAM access advisor(User level)

EC2 – Elastic Compute Cloud ( IAAS)

Consists of
- Renting (EC2)
- Storing on virtual Drives (EBS)
- Distribute Load (ELB)
- Scaling using Auto Scaling Group (ASG)

EC2 Sizing and Configuration Options:

- CPU
- RAM
- OS – Linux, Windows, Mac
- Storage space
Network attached (EBS & EFS)
Hardware (EC2 instance store)
- Network Card
- Firewall
- Bootstrap script – at start using root user

EC2 Private keys

 - .pem (MAC, Linux, Windows 10, SSH)
- .ppk ( < Windows 10, PUTTY)

EC2 Instance types:

- m5.2xlarge
m – Instance Class
5 – Generation
2xlarge – size of Instance
- Memory potimized, Storage optimized, Compute optimized

EC2 Security Groups

- Control how traffic is allowed in/out of EC2 instance
- Contains only ALLOW rules
- Can reference IP or another security group
-