Date post: | 17-Feb-2017 |
Category: |
Technology |
Upload: | brett-gillett |
View: | 228 times |
Download: | 0 times |
AWS OverviewIAM, VPC and EC2
Identity and Access Management(IAM)
Helps you securely control access to your AWS resources
IAM Users and Groups
Use a multi-factor authentication (MFA) device for the root account
Use multi-factor authentication (MFA) on all accounts with console access
Enable the password-policy in IAM
Only assign API access keys where required and rotate them - regularly
Leverage IAM Roles for EC2{ "Version": "2012-10-17", "Statement": [ ... { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot", "ec2:DeleteSnapshot", "ec2:CreateTags" ], "Resource": [ "*" ] } ]}
Only associate IAM policies to IAM groups or roles{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::my-top-secret-bucket.softchoice.com" }}
Ensure CloudTrail is enabled for all regions
Ensure AWS Config is enabled for all regions
Free service and you can access IAM via the AWS Management Console, AWS CLI, SDKs, and the API
Virtual Private Cloud(VPC)
Allows you to launch AWS resources into a virtual network you define
Know your Limits
Connect your VPC to the Internet with an Internet Gateway (IGW)
Connect your VPC to your corporate network with a Virtual Private Gateway and a Customer Gateway
Leverage NAT Gateways
DNS and DHCP
VPC Endpoints
VPC Peering
Secure your AWS resources with Security Groups
Control traffic between subnets with Network ACLs
Elastic Compute Cloud(EC2)
Know your Limits
Amazon Machine Image (AMI)
Elastic Block Storage (EBS)Storage for your EC2 Instances
Reserved Instances(No Upfront, Partial Upfront, and Full Upfront)
Spot Instances (and Fleets)Bid on spare EC2 capacity