Examples of services provided by AWS
- EC2 - Virtual servers
- S3 - Storage
- VPC - Subnets
- IAM - Users and permissions management
- ECR - Container registry
- ECS - Container orchestration
- EKS - Container orchestration w Kubernetes
- global - eg. IAM
- region - eg. S3, VPC
- AZ (Availability Zone)
Can create users and assign permissions to them.
The best practice is to create an admin user with less privileges than root user (root created by default when creating AWS account). This admin user can then create other accounts for users & system users. Groups can be created with permissions to add a set of permissions to multiple users. Only try to add permissions to user groups and not to individual users. Because users can be added to multiple groups, it's easier to manage permissions this way. Unlike IAM users, policies can't be set directly for AWS services - need to create IAM role first and then attach the policy to the IAM role (policy specific to service).
- Region = physical regions where data centers are clustered
- Availability Zone = Regions had a minimum of 2 Availability Zones, however moving forwards new Regions will have a minimum of 3 Availability Zones where possible.
Created by default for each region. Firewall Rule config can be added to make Subnet either private or public. Internet Gateway can connects VPC to outside internet. NACL (Network Access Control List) config access on subnet level. Security Group config access on instance level.
Range of IP addresses Example : 176.31.0.1/24 A lower number after the / means the higher the range of ip addresses
To get started with AWS CLI you need to install it I used brew to install it on my mac. To install it for mac you need to run brew install awscli.
After installing you can configure it by running aws configure. This command will ask you for your access key ID, secret access key, region and output format.
- aws ec2 run-instances --image-id xxxx -- count x ...
- aws ec2 describe-vpcs
- aws ec2 create-security-group
- aws ec2 authorize-security-group-ingress
- aws ec2 create-key-pair
- aws ec2 describe-subnets
- aws iam create-group
- aws iam create-user
- aws iam add-user-to-group
- aws iam get-user
- aws iam get-group
- aws iam list-policies
- aws iam attach-user-policy
- aws iam attach-group-policy
- aws iam list-attached-group-policies
- aws iam create-login-profile
- aws iam create-policy
- aws iam create-access-key