aws: notes on architecting
This commit is contained in:
thomasabishop
parent
ce3c352ce6
commit
6628aae8e9
2 changed files with 66 additions and 1 deletions
40
zk/Elastic_Compute_Cloud.md
Normal file
40
zk/Elastic_Compute_Cloud.md
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
id: Elastic_Compute_Cloud
|
||||
aliases: []
|
||||
tags:
|
||||
- AWS
|
||||
- vm
|
||||
created: Monday, February 19, 2024 | 18:58
|
||||
last_modified: Monday, February 19, 2024 | 18:58
|
||||
since: just now
|
||||
title: Elastic Compute Cloud (EC2)
|
||||
---
|
||||
|
||||
# Elastic Compute Cloud (EC2)
|
||||
|
||||
- Cloud-based or virtual server (virtual machine), basically a hypervisor
|
||||
(compare [[zk/Docker_architecture]])
|
||||
- It is virtual because you are not responsible for its physical implementation
|
||||
- Still needs considerable configuration compared to a serverless
|
||||
[[zk/Lambda_programming_model]]
|
||||
- Like lambdas has the benefit of easy scaling: you can add compute capacity on
|
||||
demand (elasticity)
|
||||
|
||||
The following needs to be considered:
|
||||
|
||||
- Naming
|
||||
- Application and OS image (known as "Amazon Machine Image"):
|
||||
- Which OS you want to use (Linux distribution, Windows, etc)
|
||||
- Applications you want pre-installed
|
||||
- Block device mapping
|
||||
- Instance type an size (basically the type of processor and how powerful you
|
||||
want it to be)
|
||||
- An encrypted key-pair for login
|
||||
- Your network (typically managed via Amazon VPC (Virtual Private Cloud)) and
|
||||
network security
|
||||
- Storage: size and type (eg. GP3)
|
||||
- Location and latency
|
||||
|
||||
> EC2 is more expensive copared to serverless options. Accordingly it is better
|
||||
> to run smaller servers (in terms of processor and memory) at higher capacity
|
||||
> than larger servers under-capacity.
|
||||
|
|
@ -1,5 +1,8 @@
|
|||
---
|
||||
tags: [AWS]
|
||||
id: User_management_on_AWS
|
||||
aliases: []
|
||||
tags:
|
||||
- AWS
|
||||
---
|
||||
|
||||
# User management and roles
|
||||
|
|
@ -34,6 +37,28 @@ such as an S3 bucket or a DynamoDB table. Say you have a service that combines a
|
|||
lambda with a DynamoDB database. You could assign a role to the lambda and it
|
||||
would have access to the database.
|
||||
|
||||
## Distinction between _principal_ and _identity_
|
||||
|
||||
Both “principal” and “identity” refer to entities that can perform actions and
|
||||
interact with AWS resources. However, there is a subtle difference in their
|
||||
usage:
|
||||
|
||||
> a principal is a specific type of entity that can take actions in AWS, while
|
||||
> an identity is the unique identifier associated with that principal.
|
||||
|
||||
1. Principal: In the context of IAM policies, a principal represents the entity
|
||||
that is allowed or denied access to AWS rThe principal is specified in the
|
||||
policy statement as the entity to which the permissions are granted or
|
||||
deniedesources. It can be an IAM user, an IAM role, an AWS service. The
|
||||
principal is specified in the policy statement as the entity to which the
|
||||
permissions are granted or denied.
|
||||
2. Identity: An identity, on the other hand, is a broader term that encompasses
|
||||
both the principal and the authentication credentials associated with that
|
||||
principal. It refers to the entity’s unique identifier, such as an IAM user’s
|
||||
username or an IAM role’s ARN (Amazon Resource Name). An identity is used for
|
||||
authentication purposes to verify the entity’s identity and determine its
|
||||
permissions.
|
||||
|
||||
## Cognito
|
||||
|
||||
> Amazon Cognito provides authentication, authorization, and user management for
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue