Studying for first AWS certification

Mon May 08 2023

This is the first post on studying for my first AWS certification.

Written by: Cesar

1 min read

Studying for my first AWS certification

Globally Available

• Regions are clustors of data centers each have 3 or more
• These data centers are known as AZs (availabilty zones)
• Edge location POPs (points of precence)
• Services, can be either global(IAM, Route 53, CloudFront, WAF) or region scoped (EC2, S3, SNS)
• Where to deploy:
  • compliance
  • proximity
  • available services
  • price

IAM

• Can create
  • users
  • groups
  • roles
  • policies
• Users can belong to 0 or more groups
• User can have permission via inline or inherited from a group
• Groups have policies
• Policies define permissions
• Permissions consist of:
  • Effect: allow/deny
  • Principle: acct/user/role
  • Action: list of apis
  • Resource: what is allowed/denied ex S3
• Can be inline or managed
• Can create via visual editor or json snippet
• Can protect IAM via password policy and MFA
• Access to Management console, cli/ sdk
• Roles are used to give services permissions
• Security tools: access advisor -> user, credential reports -> account

Other tasks

Want to install my CLI and use some of the IAM APIs to see what is available. Would like to see if I can do some tasks using the CLI and then maybe incorporate some python scripts.

EC2

• when launching must choose
  • os, cpu, storage, network
  • when launching, pick
    • instance type (general, compute, memory, etc)
    • aim type (os type)
    • stroage
    • sg (ports to be open)
    • key pairs (to ssh)
    • user data to initialize server with certain thing (boot script)
  • if instance is stopped, may have new public ip, internal ip remains same