• AWS Account & Services Layer

    • represents how you create, access, and manage an AWS account and it's services. From how you interact with an AWS account and managing user rights, to how you access and use various AWS services and features.
    • This layer is all about account management & managing services.

  • Root User:

    • The user created when you first create your AWS account is called the "root" user.
    • It's credentials are the email address and password used when signing up for your AWS account.
    • By default, the root user has FULL administrative rights and access to every part of the account.

  • Best Practice for Root User:

    • Your should not use root user for daily work and AWS administration. You should create a second user that admin rights and sign in as that user for daily work.

    • You should always protect your root account with MFA.

  • AWS Users (prod.account):

    • This represents an AWS users that you may create (in IAM), who will have varying degrees of access to the "production" AWS account.

  • Account Connection Tools:

    • AWS Management Console:

      • The AWS Management Console (generally referred to as the "console") is the primary means for which we will access and interact with AWS in this course.

      • All actions done in the console are API calls.

    • AWS Command Line Interface (CLI):

      • The AWS Command Line Interface (generally referred to as the "CLI") is a text based interface for accessing and administering AWS resources.

      • All commands executed using the CLI are API calls - and require API Key configuration.

  • AWS Infrastructure Container:

    • This represents the boundaries of AWS.

    • Everything inside is part of AWS's infrastructure, including all of it's physical networking components and services.

    • Everything outside represents items that are external to AWS, that either connect to AWS or belong to your or your company (i.e. on-premise servers, the open internet or our personal computer).

  • Cross Account Access:

    • Cross Account Access allows IAM users in one account to access resources that are in different AWS accounts that you own (i.e. separate Production and Development accounts).

    • Cross account access is handled through the use of IAM roles.

    • Users in one accoujnt will ASSUME a role that grants access to resources in another.

    • Benefits of using roles for cross account access include:

      • No need to create individual IAM users in each account.

      • Users don't have to sign out of one account and sign into another in order to access resources that are in different AWS accounts.

results matching ""

    No results matching ""