Introduction

1. Region: is a physical location in the world that consists of two or more Availability Zones (AZs).
2. An Availability Zone: Is one or more discrete data centers – each with redundant power networking, and
connectivity – housed in separate facilities.
3. An Edge Location: are endpoints for AWS that are used for caching content. Typically, this consists of
CloudFront and Amazon’s CDN.

1. Storage
a. S3
b. EBS
c. EFS
d. FSx
e. Storage Gateway
2. Databases
a. RDS
b. DynamoDB
c. Redshift
3. Networking
a. VPCs
b. Direct Connect
c. Route 53
d. API Gateway
e. AWS Global Accelerator

AWS Whitepapers

Read through

AWS Well-Architected Framework:

1. Operational Excellence: Running and monitoring systems to deliver business value, and continually
improving processes and procedures
2. Performance Efficiency: Using IT and computing resources efficiently
3. Security: Protecting information and systems
4. Cost Optimization: Avoiding unnecessary costs
5. Reliability: Ensuring a workload performs its intended functions correctly and consistently when it’s
expected to.
6. Sustainability: Minimizing the environmental impacts of running cloud workloads.

Identity and Access Management:

allows you to manage users and their level of access to the AWS console

1. Create users and grant permissions to those users

2. Create groups and roles
3. Control access to AWS resources

The root account is the email address you used to sign up for AWS. The root account has full administrative access.

Exam Tips
 1. Turn on MFA on the root account
2. Create an admin group for administrators and assign the appropriate permissions to this group.
3. Create users accounts for your admins
4. Add users to your admin groups

Controlling users’ actions with IAM policy documents

JavaScript Object Notation = JSON

Policy Document are made of JSONs

IAM Policy Documents can be assigned to Groups, Users and Roles.

Exam Tips

1. Assign Permissions Using IAM Policy Documents Consisting of JSON

Permanent Identity and Access Management Credentials

The building blocks:

1. Users: A physical person. One user equal to one person. Never share user accounts across different people
2. Groups: Functions, such as admins, developers etc. Contains users.
3. Roles: Internal usage within AWS.

It’s best practice for users to inherit permissions from groups

The Principle of Least Privilege

Only assign a user the minimum number of privileges they need to do their job.

Exam Tips

1. IAM is Universal: It does not apply to regions

2. The root account: the account created when you first set up your AWS account and which has complete
admin access. Secure it as soon as possible and do not use it to log in day to day.
3. New Users: No permissions when first created.
4. Access Key ID and secret access key are not the same as usernames and passwords
5. You only get to view these once: If you lose them, you to regenerate them. So, save them in a secure
location.
6. Always set up password rotations: You can create and customize your own password rotation policies.
7. IAM Federation: You can combine your existing user account with AWS. For example, when you log on to
your PC (usually using Microsoft Active Directory), you can use the same credentials to log in to AWS if you
set up federation.
8. Identity Federations: Uses the SAML standard, which is Active Directory.
LAB IAM