Objectives :
> We will deep dive into the AWS management console and how to navigate to different services dashboards.
> We will install AWS CLI (command-line interface) through a demo video.
> And we will also learn how to use AWS CLI to interact with AWS services.
> You will be able to use AWS services using AWS Management Console and CLI.
> What are the different methods to interact with AWS ?
> AWS Management Console
>AWS CLI (Command Line Interface)
> AWS SDK (Software Development Kit)
Advantages of AWS Management console :
1) Excellent for Beginners
2) Easy to interact with AWS services
3) Provides a step-by-step user interface
4) Great for performing administrative tasks
What is Multifactor Authentication ?
> Multi-Factor Authentication is an authentication method that requires any user to provide at least two verification types(known as factors) to get access to an account, resource, or service.
AWS CLI (Command line interface) :
The AWS command line interface (CLI) is unified tool to manage your AWS services.
Advantages of AWS CLI :
1) It is a great way to interact with AWS through a computer terminal.
2) Easy to automate tasks and achieve "Infrastructure as a Code".
AWS SDK (Software development kit) :
1) It stands for software development kit or devkit in short.
2) It is a set of software tools and programs used by developers to create applications.
Advantages of SDK :
It provides a way to interact with AWS through the application code.
Using the AWS management console :
** Root user :
1) Root User is created when we first create the AWS account.
2) To login to AWS as a root user, you need the email ID & password that you used when created the account.
** IAM User :
1) IAM users are created by the root user.
2) To log in as an IAM user, you need a username, password, and either a 12-digit AWS account ID or account alias.
** AWS regions and Availability zones :
** AWS Region : # Mumbai : ap-south-1
# Singapore : ap-southeast-1
# Sidney : ap-southeast-2
# Cape Town : af-south-1
Note : Mumbai has 3 availability zones .
1) An AWS region is nothing but the geographic locations worldwide where different Data Centers are clustered.
2) Each data center should have redundant electricity, cooling, heating, networking and connectivity.
3) All these regions are connected through the AWS backbone network.
> Availability Zones
1) An Availability Zones (AZ) is one or more individually separate and distinct data centers with redundant power, networking, and connectivity in an AWS Region.
2) An Availability Zone (AZ) is a group of data centers.
3) An AWS region must have two Availability Zones (AZs).
Why availability zones are important?
> Region consists of multiple availability zones.
> Availability zones are located somewhere between 50 to 100 km apart.
Why do we need so many regions today ?
> low latency
> Regulatory Compliance
> Disaster recovery
> Global applications
> Cost
> Reduced blast radius
** AWS Edge Locations :
Caching : Caching is the process of storing a copy of data in a temporary or cache storage location so it can be accessed more quickly.
Content Delivery Network (CDN) :
> Caching a copy of data in a data center closer to customer
> Content Delivery Network or CDN, caches content in proxy servers that are located closer to end-users than origin servers.
What is the difference between Region and Edge Location ?
> Edge Locations are smaller data centers that are available across all big cities in the world.
> Edge locations are located at other locations Regions.
> AWS Edge Location hosts a special service to deliver the content faster is called Amazon CloudFront.
** AWS global infrastructure :
> Regions are geographically isolated locations, where you can access AWS services required to run your application.
> Regions contain Availability Zones that are physically separated buildings with their own power, heating, cooling, and network.
> AWS Edge locations run Amazon CloudFront to bring the content closer to your customers, no matter where they are in the world.
> You can sign in as the root user using the email address and password that you used while creating the account.
> Root user has complete access to all AWS services and resources in the account.
Note : IAM user use the account regularly and to use account as a root user regularly is not good.
**IAM user :
> A new IAM user doesn't have any default permission to access your AWS resources.
> IAM policy defines the permissions that are given to any user accessing an AWS account.
> IAM user doesn't have to be an actual person.
** IAM group :
An IAM group is a collection of users and permissions assigned to those users.
** IAM role :
An IAM role is like an IAM user attached with an IAM Policy that determines what a role can and cannot do in AWS.
**IAM Policies :
What is a policy ?
IAM policy is an entity that, when attached to any identity or resource, defines its permissions.
** Types of IAM Policies
> Identity-based Policies
> Resources-based Policies
** Identity-based Policies :
> Identity-based policies are attached to an identity that are IAM user, group, and role.
> These policies control the actions an identity can perform, on which resources, and under what conditions.
** Resources-based Policies :
> These policies are attached to an AWS resource such as an Amazon EC2 Instance, S3 bucket, etcetera.
> These policies control what actions a specified AWS Service or Identity can performed on other resources and under what conditions.
> Identity-based Policies : 2 types
** AWS Managed Policies :
> Managed policies are policies that are created and managed by AWS.
> AWS managed policies cannot be changed, and AWS will manage and update the policies, as necessary.
** Customer Managed Policies :
> Customer managed policies are created and managed by the customers. As a customer, you can create and manage these policies.
> You can attach these policies to multiple entities within your account, making it much easier to scale.
** Inline Policies :
> Inline Policies are directly attached to the user or group. They maintain a strict one-to-one relationship with the policy and Identity. Give permission to a temporary user or group.
IAM Best Practices
> Avoid sharing login credentials.
> Group : Create group
> Permissions : List Privilege Permission
> Auditing : Enable Cloud trail inside the AWS account.
> Password Policy : You should always configure a password policy for your account.
> Multi Factor Authentication (MFA) : You should always enable multi-factor authentication for privileged users.
> Rotate : Users in your account will have to rotate their passwords on a regular basis.
> Root User : You should not use Root User for day-to-day activities.
> You should also limit the access of the Root User.
Core AWS Services
> Storage : AWS Provides Memory like S3, EFS, EBS
> Compute : Computing devices example - virtual machine , containers and server-less
> Database : AWS provides many database services like SQL, MySQL, caching, data-ware house offering RDS, DynomoDB REDSHIFT.
> Networking : Virtual private cloud(VPC)in cloud computing and other offerings like vpn and directly connect on premises to datacenters to the cloud network.
Scenarios : Host A Single Instance Website :
> Architecture : Host a Single instance website on AWS cloud
Lab-Host a single instance website on the AWS CLOUD.
Prerequisites
1) An AWS account
2) Administrator access to the AWS console
Post a Comment