AWS 강의 정리 (3)

Identity Access Management(IAM)

• Manage access of AWS users and resources
• IAM groups : share permission levels
• IAM Roles : associate permissions
• IAM policies : json documents which grant permissions for a specific user, group, or role.
• Inline Policy : 바로 user에게 policy 붙을 수 있음(role 안통하고)
  
• Managed Policies : can not edit. (orange box)
• Customer Managed Policies : is editable

IAM - Access Keys

• Access keys allow users to interact with AWS service programmatically via only CLI or SDK.

MFA

• 여러 방법으로 복잡하게 인증 만들어서 보안 강화

Cognito

• Decentralized Managed Authentication.
  

• to grant access to your app

• provide temporary credentials for users to access

• sync user data and preferences across all devices

• Web Identity Federation : fb, google 등 접속 할 수 있는 토큰 정보 얻는것
  

• User Pools : 로긴, 로그아웃 등 웹이나 모바일에서 관리할 수 있는 경로
  

• Identity Pools : temporary AWS credentials to access S3, DynamoDB
  

• Cognito Sync : Sync user data and preferences across devices with one line of code

Command Line Interface(CLI)

• Control multiple AWS services from the command line and automate them through scripts.

Software Development Kit(SDK)

• 프로그래밍 언어 사용 가능
• Programmatic Access : You'll have the ability create Access Key ID and Secret Access Key(AWS Credentials)

DNS

• Domain names to IP(internet protocol) addresses (phonebook)
• allows your com to find specific server autometically

IP (Internet Protocol)

• IPv4 : 32 bits 2^32 available addresses
• IPv6 : 128 bits 2^128

Domain Registrars

• authorities who have the ability to assign domain names

Top-level domains

• the last word within a domain name (ex: .com .edu)

TTL(Time to Live)

• the length of time that a DNS record gets cached
• the lower the TTL - the faster that changes to DNS records will propagate across the internet

Route53

• Highly available and scalable cloud DNS
  

• Register and manage domains

• get your custom domains to point to your AWS Resources

• 즉 aws 내 서비스들을 ip 주소로 변환 시켜줌

Routing policies

• Simple Routing policies : default, multiple ip addresses, random order
  

• weighted routing policies : different weights,

• Latency Based Routing Policies : allows you to direct traffic based on the lowest network latency possible for your end user based on region(토론토에서도 cali 나 canada 빠르게 접근 가능하게)

• Failover Routing Policies(장애극복) : 장애 일어나면 second option 으로 보내줌

• Geolocation Routing Policies : 다른 지역으로 traffic 옮겨줌, 사용자의 위치에 기반하여 트래픽을 라우팅하려는 경우에 사용

• Geoproximity Routing Policies : you must use Route53 traffic flow (bias 접근), 리소스의 위치를 기반으로 트래픽을 라우팅, 한 위치의 리소스에서 다른 위치의 리소스로 트래픽을 보낼때 사용

• Multi-value Answer Policies : 여러 ip 주소 보여주는데 가장 상태가 좋은걸로 띄워줌(health checks)

• Health Checks : every 30s check by default. can be reduce to every 10s

Route53 - Resolver

• A regional service that lets you route DNS queries between your VPCs and your network
• Hybrid Environments(On-premise and Cloud)