- Introduction to Amazon Web Services (AWS)
- Identity Access Management (IAM)
- IAM Policy
- IAM Authentication
- Elastic Compute Cloud (EC2)
- Elastic Block Storage (EBS)
- Elastic Load Balancer (ELB)
- Auto Scaling Groups and Launch Configurations
- Elastic File System (EFS)
- Elastic Beanstack
- DNS and Route 53
- Elastic Container Service (ECS)
- Storage Gateway
- Virtual Private Clouds (VPC)
- Network Access Control Lists (NACL)
- Security Groups (VPC SG)
- Network Address Translation (NAT) Instances, NAT Gateways, Egress only Internet Gateways and Bastion Hosts
- Simple Storage Service (S3)
- Cloud Watch
- Cloudtrail Logs
- CloudFront CDN
- Cloud Formation
- Relational Database Service (RDS)
- DynamoDB NoSQL key value and document database
- Redshift
- Amazon Aurora RDS
- Elasticache
- AWS Simple Notification Service (SNS)
- Simple Queue Service (SQS)
- Simple Workflow Service (SWF)
- Elastic Transcoder
- API Gateway
- AWS Kinesis
- Security on AWS
- Overview of Security Processes – Summary of the Whitepaper
- Lambda
- Additional Topics
- AWS Well-Architected framework (February 2018 CSAA Exam)
- Architecting for the AWS Cloud – Best Practices
- AWS CSAA – Released February 2018 Exam Questions
- My day at the AWS CSAA (Released February 2018) certification exam
IAM Policy
Following list of points is all you need to know about IAM policies to pass the AWS certified solutions architect Associate exam.
- IAM Policy is a JSON document that defines one or more permissions.
- Policy is used by an IAM principal such as a human being or application or an EC2 instance to access an AWS service such as an S3 bucket.
- Two types of policies are available to choose and assign to IAM principals based on who manages these policies
- Customer managed (Created by you)
- AWS managed (predefined and managed by AWS)
- Two types of policies based who uses these policies
- User based policies are used to assign to an IAM principal such as yourself or an EC2 instance.
- They contain one or more permissions
- Resource based policies are assigned to AWS resources such as a queue or a S3 bucket.
- They contain permissions. These permissions contain all normal elements (ACRES) along with one extra element “Principal” which indicates who is the permission granted to.
- User based policies are used to assign to an IAM principal such as yourself or an EC2 instance.
- A Permission contains Effect (ALLOW/DENY), Service (Eg. MyBucket on S3), Resource (/MyFiles/MyResume.doc) , Action (Eg. Read/Write/List) and an optional Condition (If ip is x.y.z or time is less than T etc.).
- You can remember these components of a Permission as acronym ACRESÂ (as in the unit of measurement of land) ActionConditionResourceAffectService
- You can also remember a Permission as a Do loop with a while. A DO loop contains
