thomasabishop/eolas
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

aws: notes on architecting

Browse source
This commit is contained in:
thomasabishop 2024-02-19 19:38:34 +00:00
parent ce3c352ce6
commit 6628aae8e9
2 changed files with 66 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
zk/Elastic_Compute_Cloud.md Normal file
View file

@ -0,0 +1,40 @@
---
id: Elastic_Compute_Cloud
aliases: []
tags:
- AWS
- vm
created: Monday, February 19, 2024 | 18:58
last_modified: Monday, February 19, 2024 | 18:58
since: just now
title: Elastic Compute Cloud (EC2)
---
# Elastic Compute Cloud (EC2)
- Cloud-based or virtual server (virtual machine), basically a hypervisor
(compare [[zk/Docker_architecture]])
- It is virtual because you are not responsible for its physical implementation
- Still needs considerable configuration compared to a serverless
[[zk/Lambda_programming_model]]
- Like lambdas has the benefit of easy scaling: you can add compute capacity on
demand (elasticity)
The following needs to be considered:
- Naming
- Application and OS image (known as "Amazon Machine Image"):
- Which OS you want to use (Linux distribution, Windows, etc)
- Applications you want pre-installed
- Block device mapping
- Instance type an size (basically the type of processor and how powerful you
want it to be)
- An encrypted key-pair for login
- Your network (typically managed via Amazon VPC (Virtual Private Cloud)) and
network security
- Storage: size and type (eg. GP3)
- Location and latency
> EC2 is more expensive copared to serverless options. Accordingly it is better
> to run smaller servers (in terms of processor and memory) at higher capacity
> than larger servers under-capacity.

27
zk/User_management_on_AWS.md
View file

@ -1,5 +1,8 @@
--- ---
tags: [AWS] id: User_management_on_AWS
aliases: []
tags:
- AWS
--- ---
# User management and roles # User management and roles
@ -34,6 +37,28 @@ such as an S3 bucket or a DynamoDB table. Say you have a service that combines a
lambda with a DynamoDB database. You could assign a role to the lambda and it lambda with a DynamoDB database. You could assign a role to the lambda and it
would have access to the database. would have access to the database.
## Distinction between _principal_ and _identity_
Both “principal” and “identity” refer to entities that can perform actions and
interact with AWS resources. However, there is a subtle difference in their
usage:
> a principal is a specific type of entity that can take actions in AWS, while
> an identity is the unique identifier associated with that principal.
1. Principal: In the context of IAM policies, a principal represents the entity
that is allowed or denied access to AWS rThe principal is specified in the
policy statement as the entity to which the permissions are granted or
deniedesources. It can be an IAM user, an IAM role, an AWS service. The
principal is specified in the policy statement as the entity to which the
permissions are granted or denied.
2. Identity: An identity, on the other hand, is a broader term that encompasses
both the principal and the authentication credentials associated with that
principal. It refers to the entitys unique identifier, such as an IAM users
username or an IAM roles ARN (Amazon Resource Name). An identity is used for
authentication purposes to verify the entitys identity and determine its
permissions.
## Cognito ## Cognito
> Amazon Cognito provides authentication, authorization, and user management for > Amazon Cognito provides authentication, authorization, and user management for