AWS 讀書會, 在研讀實戰中儲備好考證照之所需, 交流切磋更多實際的落地場景。
第1章: Introducing AWS
- 什麼是 Software Architecture?
-- is about finding the right balance and the midpoint of every circumstance involving the people, the processes, the organizational culture, the business capabilities, and any external drivers that can influence the success of a project.
-- Web Architecture 101:
-- https://engineering.videoblocks.com/web-architecture-101-a3224e126947
- 什麼是 Solution Architect?
-- to evaluate several trade-offs, manage the essential complexity of things, their technical evolution, and the inherent entropy of complex systems.
- 所以嚮往成為一個 Solution Architect, 這章我們學:
-- Understanding cloud computing
-- Cloud design patterns and principles
-- Shared security model
-- Identity and access management
4. 這章大致在說...
● 什麼是 Software Architecture?
● is about finding the right balance and the midpoint of every circumstance involving the people,
the processes, the organizational culture, the business capabilities, and any external drivers that
can influence the success of a project.
● Web Architecture 101:
● https://engineering.videoblocks.com/web-architecture-101-a3224e126947
● 什麼是 Solution Architect?
● to evaluate several trade-offs, manage the essential complexity of things, their technical
evolution, and the inherent entropy of complex systems.
● 所以嚮往成為一個 Solution Architect, 這章我們學:
● Understanding cloud computing
● Cloud design patterns and principles
● Shared security model
● Identity and access management
6. Cloud Computing and Before
Cloud Computing:
VS.
Multi-Layer Architecture and Conway’s Law:
7. What is Cloud Computing?
AgilityElasticity Cost Saving Deploy globally in
minutes
https://youtu.be/dH0yz-Osy54
https://aws.amazon.com/what-is-cloud-computing/
10. Cloud Design Priciples
1. Enable scalability
2. Automate your environment
3. Use disposable resources
4. Loosely coupled your components
5. Design services, not servers
6. Choose the right database solutions
7. Avoid single points of failure
8. Optimize for cost
9. Use caching
10. Secure your infrastructure everywhere
General Design Principles from
Well-Architected Framework:
1. Stop guessing your capacity needs
2. Test systems at production scale
3. Automate to make architectural
experimentation easier
4. Allow for evolutionary architectures
5. Drive architectures using data
6. Improve through game days
https://wa.aws.amazon.com/wat.design_principles.wa-dp.en.html
28. AWS Cloud Adoption Framework
● The Cloud Adoption Framework offers six perspectives to help business and organizations to create
an actionable plan for the change management associated with their cloud strategies.
● It is a way to align businesses and technology to produce successful results.
https://aws.amazon.com/professional-services/CAF/
https://d1.awsstatic.com/professional-services/caf/AWS_CAF_Creating_an_Action_Plan_Nov2017.pdf
41. What is IAM?
● AWS Identity and Access Management (IAM) enables you to manage access to
AWS services and resources securely.
● Using IAM, you can create and manage AWS users, groups, roles, and use
permissions to allow and deny their access to AWS resources.
○ User (End User)
○ Group (A collection of users)
○ Permission/Policy
(A document that defines one/more permissions)
○ Role (For AWS resources to access AWS resources)
○ Resource
43. Function IAM Group Name/
(Role Name)
IAM Policy for Group/
IAM Policy for Role
IAM User Purpose
IAM User Administration arn:aws:iam::aws:policy/
AdministratorAccess
Administrator AWS Console access.
IAM User DatabaseAdministrator DatabaseAdministrator Alan AWS Console access.
DBA, and performing full database backups
on S3.
IAM User NetworkAdministrator NetworkAdministrator Ada, Alan (as
backup)
AWS Console access.
Provisioning of infrastructure and network
resources.
IAM User Development RoleCreatorPolicy
(Customer managed)
AmazonEC2FullAccess
(AWS Managed)
Dennis AWS Console access.
Be able to create EC2 and IAM Role needed
for EC2.
IAM Role EC2ToS3InstanceRole AmazonS3FullAccess
(AWS Managed)
IAM User X inline policy s3-user Programmatic access.
IAM Cross
Account
Auditors SecurityAudit
AWSCloudTrailReadOnlyAccess.
https://github.com/gabanox`/Certified-Solution-Architect-Associate-Guide/blob/master/chapter00/checkpoint1.sh
51. IAM Best Practices (1)
❖ Identity & Credential Management
1. Users - Create individual users
2. Password - Configure a strong password policy
3. Rotate - Rotate security credentials regularly
4. MFA - Enable MFA for privileged users
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
52. IAM Best Practices (2)
❖ Identity & Credential Management
1. Users - Create individual users
2. Password - Configure a strong password policy
3. Rotate - Rotate security credentials regularly
4. MFA - Enable MFA for privileged users
❖ Access Permission Management
5. Groups - Manage permissions with groups
6. Permissions - Grant least privilege
7. Conditions – Restrict privileged access further with conditions.
53. IAM Best Practices (3)
❖ Identity & Credential Management
1. Users - Create individual users
2. Password - Configure a strong password policy
3. Rotate - Rotate security credentials regularly
4. MFA - Enable MFA for privileged users
❖ Access Permission Management
5. Groups - Manage permissions with groups
6. Permissions - Grant least privilege
7. Conditions – Restrict privileged access further with conditions.
❖ Delegate & Audit
8. Sharing - Use IAM roles to share access
9. Roles - Use IAM roles for Amazon EC2 instances
10. Auditing - Enable AWS CloudTrail to get logs of API calls
11. Root - Reduce or remove use of root