AWS OverviewIAM, VPC and EC2

Identity and Access Management(IAM)

Helps you securely control access to your AWS resources

IAM Users and Groups

Use a multi-factor authentication (MFA) device for the root account

Use multi-factor authentication (MFA) on all accounts with console access

Enable the password-policy in IAM

Only assign API access keys where required and rotate them - regularly

Leverage IAM Roles for EC2{ "Version": "2012-10-17", "Statement": [ ... { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot", "ec2:DeleteSnapshot", "ec2:CreateTags" ], "Resource": [ "*" ] } ]}

Only associate IAM policies to IAM groups or roles{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::my-top-secret-bucket.softchoice.com" }}

Ensure CloudTrail is enabled for all regions

Ensure AWS Config is enabled for all regions

Free service and you can access IAM via the AWS Management Console, AWS CLI, SDKs, and the API

Virtual Private Cloud(VPC)

Allows you to launch AWS resources into a virtual network you define

Know your Limits

Connect your VPC to the Internet with an Internet Gateway (IGW)

Connect your VPC to your corporate network with a Virtual Private Gateway and a Customer Gateway

Leverage NAT Gateways

DNS and DHCP

VPC Endpoints

VPC Peering

Secure your AWS resources with Security Groups

Control traffic between subnets with Network ACLs

Elastic Compute Cloud(EC2)

Know your Limits

Amazon Machine Image (AMI)

Elastic Block Storage (EBS)Storage for your EC2 Instances

Reserved Instances(No Upfront, Partial Upfront, and Full Upfront)

Spot Instances (and Fleets)Bid on spare EC2 capacity