Created : March 24, 2020
This note was taken while learning AWS on Udemy.
- separate geographical area. (physical location)
- consists of 2 or more Availability Zones.
AZ (Availability Zone)
- one or more discrete data centers within an AWS region.
- to be isolated from failures.
- each with redundant power, networking and connectivity, housed in separate facilities.
- endpoints for AWS which are used for caching content.
- 시드니에 있는 유저가 뉴욕 서버에 있는 파일을 다운받을 경우 시드니 edge location에 캐싱해놓고, 다음에 시드니에 있는 다른 누군가가 다운받으려고 할때 뉴욕 서버에서 또 받아오는 게 아니라 시드니 edge location에서 파일을 받아옴
개체수 : Edge locations > AZ's > Regions
IAM (Identity and Access Management)
allows you to manage users and their level of access to the AWS Console.
- centralised control
- shared access
- granular(세분화된) permissions
- identity federation (incl. Active Directory, Facebook, LinkedIn, ...)
- multi-factor authentication
- provide temporary access for users/devices/services
- can create your own password rotation policy (주기적으로 비밀번호 변경하도록 하게함)
- integrate with many different AWS services
- support PCI DSS compliance (compliance framework)
- universal = global (doesn't apply to regions)
- new user has NO access
new user is assigned Access Key ID & Secret Access Keys when first created.
- not same as password
- can view only once. (if lose, must regenerate.)
Key terminology for IAM
- Users : end users (e.g. people, employees)
- Groups : a collection of users
- Policies : made up of docs (in a JSON format). give permissions.
- Roles : create roles and assign them to AWS resources.