From 6628aae8e923ea52def02ef29801c6ed49543860 Mon Sep 17 00:00:00 2001 From: thomasabishop Date: Mon, 19 Feb 2024 19:38:34 +0000 Subject: [PATCH] aws: notes on architecting --- zk/Elastic_Compute_Cloud.md | 40 ++++++++++++++++++++++++++++++++++++ zk/User_management_on_AWS.md | 27 +++++++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 zk/Elastic_Compute_Cloud.md diff --git a/zk/Elastic_Compute_Cloud.md b/zk/Elastic_Compute_Cloud.md new file mode 100644 index 0000000..d8c99cf --- /dev/null +++ b/zk/Elastic_Compute_Cloud.md @@ -0,0 +1,40 @@ +--- +id: Elastic_Compute_Cloud +aliases: [] +tags: + - AWS + - vm +created: Monday, February 19, 2024 | 18:58 +last_modified: Monday, February 19, 2024 | 18:58 +since: just now +title: Elastic Compute Cloud (EC2) +--- + +# Elastic Compute Cloud (EC2) + +- Cloud-based or virtual server (virtual machine), basically a hypervisor + (compare [[zk/Docker_architecture]]) +- It is virtual because you are not responsible for its physical implementation +- Still needs considerable configuration compared to a serverless + [[zk/Lambda_programming_model]] +- Like lambdas has the benefit of easy scaling: you can add compute capacity on + demand (elasticity) + +The following needs to be considered: + +- Naming +- Application and OS image (known as "Amazon Machine Image"): + - Which OS you want to use (Linux distribution, Windows, etc) + - Applications you want pre-installed + - Block device mapping +- Instance type an size (basically the type of processor and how powerful you + want it to be) +- An encrypted key-pair for login +- Your network (typically managed via Amazon VPC (Virtual Private Cloud)) and + network security +- Storage: size and type (eg. GP3) +- Location and latency + +> EC2 is more expensive copared to serverless options. Accordingly it is better +> to run smaller servers (in terms of processor and memory) at higher capacity +> than larger servers under-capacity. diff --git a/zk/User_management_on_AWS.md b/zk/User_management_on_AWS.md index f45e9b7..424f394 100644 --- a/zk/User_management_on_AWS.md +++ b/zk/User_management_on_AWS.md @@ -1,5 +1,8 @@ --- -tags: [AWS] +id: User_management_on_AWS +aliases: [] +tags: + - AWS --- # User management and roles @@ -34,6 +37,28 @@ such as an S3 bucket or a DynamoDB table. Say you have a service that combines a lambda with a DynamoDB database. You could assign a role to the lambda and it would have access to the database. +## Distinction between _principal_ and _identity_ + +Both “principal” and “identity” refer to entities that can perform actions and +interact with AWS resources. However, there is a subtle difference in their +usage: + +> a principal is a specific type of entity that can take actions in AWS, while +> an identity is the unique identifier associated with that principal. + +1. Principal: In the context of IAM policies, a principal represents the entity + that is allowed or denied access to AWS rThe principal is specified in the + policy statement as the entity to which the permissions are granted or + deniedesources. It can be an IAM user, an IAM role, an AWS service. The + principal is specified in the policy statement as the entity to which the + permissions are granted or denied. +2. Identity: An identity, on the other hand, is a broader term that encompasses + both the principal and the authentication credentials associated with that + principal. It refers to the entity’s unique identifier, such as an IAM user’s + username or an IAM role’s ARN (Amazon Resource Name). An identity is used for + authentication purposes to verify the entity’s identity and determine its + permissions. + ## Cognito > Amazon Cognito provides authentication, authorization, and user management for