Basic Info

AWS Cloud Architecture

• AWS Web Portal: The structure of Amazon Web Services (AWS) accessed through its web portal interface, offering compute, storage, networking, and management tools.

• AWS Services (Control Panel): Interface for managing and configuring AWS cloud services like EC2, S3, and RDS.

• Compute and Storage: Resources for processing data (compute) and storing it (storage) in AWS, including EC2, S3, and EBS.

• End User: Users interact via web browsers (web client), command-line (AWS CLI), or programmatically (SDK/API) to access and manage AWS services.

AWS Cloud Services

- Storage Services

S3 (Simple Storage Service): A storage service for large-scale data storage that supports operations like list, get, put, and delete on stored objects. S3 buckets are globally unique and can have their access controlled by ACLs and bucket policies.

- Serverless Computing

Lambda: Executes code in response to events without requiring server management, scaling automatically with usage.

API Gateway: Manages, deploys, and secures REST and WebSocket APIs. It can trigger Lambda functions and other AWS services.

- Secret Management

AWS Secrets Manager: Manages and encrypts secrets used within applications and services. It utilizes KMS (Key Management Service) for key storage and operations.

- Container Services

ECR (Elastic Container Registry): A registry service to store and manage Docker container images.

ECS (Elastic Container Service) and EKS (Elastic Kubernetes Service): Services for orchestrating containers that run on both AWS-managed and customer-managed infrastructure.

Fargate: Provides serverless compute for containers, eliminating the need to manage servers or clusters.

- Computing

EC2 (Elastic Compute Cloud): Provides scalable computing capacity using virtual server instances. EC2 allows users to use pre-configured or custom AMIs (Amazon Machine Images) and manage access via various tools such as SSH and AWS-specific services like EC2 Instance Connect and Session Manager.

- Block Storage

Elastic Block Store (EBS): Offers block-level storage volumes for persistent data storage and usage with EC2 instances. Snapshots of these volumes can be stored in S3 and reused.

- Database Services

RDS (Relational Database Service): Simplifies setup, operation, and scaling of relational databases. It supports various database engines and ensures secure access including IAM integration for authentication.

- Single Sign-On and Security Monitoring

Single Sign-On (SSO): Facilitates centralized access management across AWS accounts and services, supporting connections to external identity providers.

CloudTrail: Enables governance, compliance, operational, and risk auditing of your AWS account by logging events and API calls.

- Protection Services

AWS Shield: Provides DDoS protection.

AWS WAF (Web Application Firewall): Offers application-level protection against common web exploits.

AWS Inspector: Automated security assessment to help improve application security.

AWS GuardDuty: Offers threat detection to protect AWS accounts, workloads, and data.

- Network Management

Virtual Private Cloud (VPC): Allows users to provision a logically isolated section of the AWS cloud where they can launch AWS resources in a defined virtual network.

Identity and Access Management

IAM, or Identity and Access Management, is a crucial aspect of AWS services, ensuring secure access to resources. With AWS IAM, you can control who can access your AWS resources and what actions they can perform. It allows you to create and manage users and groups, granting or denying permissions as needed. Additionally, IAM enables the management of roles, defining permissions for various tasks or services, and facilitates the management of federated users, allowing controlled access for external identities.

• Users in AWS are entities created in IAM to represent individuals or applications accessing AWS, consisting of a name and credentials.

• Groups in AWS are collections of IAM users, simplifying permission management by allowing permissions to be assigned to multiple users at once.

• Roles in AWS are entities defining permissions for AWS service requests, associated with services like EC2 or RDS.

• Policies in AWS define permissions for actions, such as GetUser, and can be attached to IAM identities or AWS resources.

  • Policy Data includes Effect (Allow or Deny), Action (list of actions allowed or denied), and Resource (list of affected resources).

  • Policy types include Inline Policies (embedded in IAM identities) and Managed Policies (AWS or customer-managed).