AWS: Difference between revisions
| Line 22: | Line 22: | ||
* IAM Role: set of policies to access AWS services. You can either assign a role to an IAM user or AWS service. | * IAM Role: set of policies to access AWS services. You can either assign a role to an IAM user or AWS service. | ||
* IAM policy: an access control policy is a JSON file thet defines the resource to grant access, level of access and allowed actions. | * IAM policy: an access control policy is a JSON file thet defines the resource to grant access, level of access and allowed actions. | ||
A Trust relationship defines a relationship between a '''trusting account''' and other AWS trusted accounts. The trusting account owns the resource to be accessed. | |||
===Command Line Interface=== | ===Command Line Interface=== | ||
Revision as of 13:50, 7 February 2022
General
Amazon Web Services (AWS)
Regions and Availability Zones
Amazon cloud computing resources are hosted in multiple locations world-wide. These locations are composed of AWS Regions and Availability Zones. Each AWS Region is a separate geographic area. Each AWS Region has multiple, isolated locations known as Availability Zones. An Availability Zone is a logical data center in a region available for use by any AWS customer. Each zone in a region has redundant and separate power, networking and connectivity to reduce the likelihood of two zones failing simultaneously. A common misconception is that a single zone equals a single data center.
IP and DNS
- after start of an instance it gets a new public IP and DNS name
- to avoid dynamic IPs and DNS names you can use an Elastic IP Address. It is free if it is assigned to a running instance, otherwise it costs about 1 cent per hour.
Security Groups
- Security groups act as a firewall for associated instances,
User
- for new instances there is a default user name (see here)
- for Ubuntu it is 'ubuntu'
Identity & Access Management (IAM)
IAM is a global service and automatically available across all regions.
- IAM User: is a unique identifier generated by the IAM service. It can be a person, system, application. Roles and policies control the scope (permissions) of a user.
- IAM Group: collects IAM users with the same level of permissions
- IAM Role: set of policies to access AWS services. You can either assign a role to an IAM user or AWS service.
- IAM policy: an access control policy is a JSON file thet defines the resource to grant access, level of access and allowed actions.
A Trust relationship defines a relationship between a trusting account and other AWS trusted accounts. The trusting account owns the resource to be accessed.
Command Line Interface
- installation see here
- the AWS access key is a combination of an Access Key ID and a Secret Access Key.
Web Services
Amazon Elastic Block Storage (ABS)
Amazon Elastic Block Store (Amazon EBS) is an easy-to-use, scalable, high-performance block-storage service designed for Amazon Elastic Compute Cloud (Amazon EC2).
Amazon Elastic Compute Cloud (Amazon EC2)
- Instance: Instances marked with a t are used for testing, the m (memory-intensive) types can be used for processing larger databases or installing single servers. The large capacity c (CPU-intensive) Instances are recommended for e.g. hosting Magento stores.
- Amazon Machine Image (AMI)
- Instance Types
- t2.micro (free)
- Instance Types
- Amazon Machine Image (AMI)
Key Pairs
- are generated, private key (*.pem file) has to be downloaded (which is only be possible once, because it is not stored by AWS) and used for connecting to the server
- PuTTY doesn't natively support the private key format (.pem) generated by Amazon EC2. You must convert your private key into a .ppk file before you can connect to your instance using PuTTY. You can use the PuTTYgen tool for this conversion.
Amazon Machine Image (AMI)
- Community AMIs: Whenever you create an AMI, you can add permissions to it to make it public. In that case, it goes to "community AMIs". These are AMIs that comes from AWS users, and are not verified by AWS
- AWS Maketplace: this is a whole service at AWS, and all AMIs here are verified by AWS. It is basically used for software vendors to sell their products through AWS. The customers will be billed by AWS only, but then AWS will pay the AMI owner in return.
Amazon Elastic Kubernetes Service (EKS)
Amazon RDS
- create, manage and scale an Amazon Relational Database Service like MySQL
Amazon Simple Storage Service (Amazon S3)
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. An Amazon S3 bucket is a public cloud storage resource. An S3 customer first creates a bucket in the AWS region of his or her choice and gives it a globally unique name. AWS recommends that customers choose regions geographically close to them to reduce latency and costs. Once the bucket has been created, the user then selects a tier for the data, with different S3 tiers having different levels of redundancy, prices and accessibility.