How to choose an AWS Region

  • Compliance with data governance and legal requirements: data never leaves a region without your explict permission
  • Proximity to customers: reduced latency
  • Available services within a Region: new services and new features aren’t available in every Region
  • Pricing: pricing varies region to region and is transparent in the service pricing page

IAM

Identity and Acess Management (Global service)

  • Root account created by default , shouldn’t be used or shared
  • Users are people within your org, and can be grouped
  • **Groups **only cantain users , not other groups
  • Users donnot have to belong to a group, and user can belong to multiple groups
  • Users or Groups can be assigned JSON doc called policies, these policies define the permissions of users
  • In AWS you apply the least privilege principle: donnot give more permissions than a user needs.

IAM Security Tools

  • IAM Credentials Report(account-level)
    • a report that lists all your account’s users and the status of their various credentials
  • IAM Access Advisor(user-level)
    • Access advisor show the service permissions granted to a user and when those services were last accessed
    • you can use this information to revise your policies

EC2

EC2 = Elastic Compute Cloud = Infrastracture as a Service

EC2 User Data

  • It is possible to bootstrap our instances using an EC2 User data script
  • bootstrapping means launching commands when a machine starts
  • That script is only run once at the instance first start
  • EC2 user data is used to automate boot tasks such as:
    • Installing updates
    • Installing software
    • Downloading common files from the internet
    • Anything
  • The EC2 User data script runs with the root user