Introduction

1. Region: is a physical location in the world that consists of two or more Availability Zones (AZs).
2. An Availability Zone: Is one or more discrete data centers – each with redundant power networking, and
connectivity – housed in separate facilities.
3. An Edge Location: are endpoints for AWS that are used for caching content. Typically, this consists of
CloudFront and Amazon’s CDN.

1. Storage
a. S3
b. EBS
c. EFS
d. FSx
e. Storage Gateway
2. Databases
a. RDS
b. DynamoDB
c. Redshift
3. Networking
a. VPCs
b. Direct Connect
c. Route 53
d. API Gateway
e. AWS Global Accelerator

AWS Whitepapers

Read through

AWS Well-Architected Framework:

1. Operational Excellence: Running and monitoring systems to deliver business value, and continually
improving processes and procedures
2. Performance Efficiency: Using IT and computing resources efficiently
3. Security: Protecting information and systems
4. Cost Optimization: Avoiding unnecessary costs
5. Reliability: Ensuring a workload performs its intended functions correctly and consistently when it’s
expected to.
6. Sustainability: Minimizing the environmental impacts of running cloud workloads.

Identity and Access Management:

allows you to manage users and their level of access to the AWS console

1. Create users and grant permissions to those users

2. Create groups and roles
3. Control access to AWS resources

The root account is the email address you used to sign up for AWS. The root account has full administrative access.

Exam Tips
 1. Turn on MFA on the root account
2. Create an admin group for administrators and assign the appropriate permissions to this group.
3. Create users accounts for your admins
4. Add users to your admin groups

Controlling users’ actions with IAM policy documents

JavaScript Object Notation = JSON

Policy Document are made of JSONs

IAM Policy Documents can be assigned to Groups, Users and Roles.

Exam Tips

1. Assign Permissions Using IAM Policy Documents Consisting of JSON

Permanent Identity and Access Management Credentials

The building blocks:

1. Users: A physical person. One user equal to one person. Never share user accounts across different people
2. Groups: Functions, such as admins, developers etc. Contains users.
3. Roles: Internal usage within AWS.

It’s best practice for users to inherit permissions from groups

The Principle of Least Privilege

Only assign a user the minimum number of privileges they need to do their job.

Exam Tips

1. IAM is Universal: It does not apply to regions

2. The root account: the account created when you first set up your AWS account and which has complete
admin access. Secure it as soon as possible and do not use it to log in day to day.
3. New Users: No permissions when first created.
4. Access Key ID and secret access key are not the same as usernames and passwords
5. You only get to view these once: If you lose them, you to regenerate them. So, save them in a secure
location.
6. Always set up password rotations: You can create and customize your own password rotation policies.
7. IAM Federation: You can combine your existing user account with AWS. For example, when you log on to
your PC (usually using Microsoft Active Directory), you can use the same credentials to log in to AWS if you
set up federation.
8. Identity Federations: Uses the SAML standard, which is Active Directory.
LAB IAM
S3
S3 Overview

1. Object Storage: S3 provides secure, durable, highly scalable object storage.

2. Scalable: S3 allows you to store and retrieve any amount of data from anywhere on the web at a very low
cost
3. Simple: Amazon S3 is easy to use, with a simple web service interface.

S3 Basics

Manages data as objects rather than in file systems or data blocks.

1. Unlimited storage:
2. Objects up to 5TB in Size: O bytes to 5 tb
3. S3 Buckets: Folders inside S3

Working with S3 Buckets:

1. Universal Namespace: All AWS accounts share the S3 namespace. Each S3 Bucket name is globally unique
2. Example S3 URLs: https://bucket-name.s3.Region.amazonaws/key-name
3. Uploading files: When you upload a file to S3 you receive a HTTP 200 code

S3 file features

1. Key: name of the object

2. Version Id: For multiple versions of the same object
3. Value: the data itself
4. Meta Data: The data about the data.

S3 buckets are spread across the globe to cover high availability and high durability.

1. Built for availability

2. Designed for durability

S3 Standard

1. Default version of S3 when you store a file.

2. Designed for Frequent access to data
3. Suitable for Most Workloads

Tiered Storage

S3 offers a range of storage classes designed for different use cases

Lifecycle Management

Defines rules to automatically transition objects to a cheaper storage tier or delete objects that are no longer
required after a set period of time

Versioning

With versioning, all versions of an object are stored and can be retrieved including deleted objects.

Securing your data

 1. Server-side Encryption
a. U can set default encryption on a bucket to encrypt all new objects when are stored
2. Access Control Lists
a. Define which AWS accounts or groups are granted access and the type of access. U can attach S3
ACLs to individual objects within a bucket
3. Bucket Policies
a. S3 bucket policies specify what actions are allowed or deleted. JSON policies

Strong Read After Write Consistency