AWS Practitioner Certification notes

 EC2 Budget for AWS account setup Can be enabled by root account as even admin account don't have access to it. As you need to activate it from root account so that IAM user and role can use this facility. After enabling the setting from root user then we can use admin role to check the billing and cost forecasting facility in AWS. Free tires will help you to see all the facilities which are running at the moment and can lead to expanse. So it will help to know the service and you can close them if not needed. We can create a budget for the month, for zero cost budget you can select the type of budget and can provide your email id to check the budget related alerts. Email receiving criteria is 85%, 100% and above 100% usage. EC2 basics: Most popular AWS offering EC2 - Elastic Compute Cloud - Infrastructure as a Service It mainly consists in the capability of: Renting virtual machines (EC2) Storing data on virtual drives (EBS) Distributing load across machines (ELB) Scaling the serv...

 IAM Roles Some AWS services will need to perform actions on your behalf. To do so, we will assign permissions to AWS services with IAM Roles Common roles: EC2 Instance Roles Lambda Function Roles Roles for CloudFormation IAM Security Tools: IAM Credentials Report (account-level) a report that lists all your account's users and the status of their various credentials. IAM Access Advisor (user-level) Access advisor shows the service permissions granted to a user and when those services were last accessed. You can use this information to revise your policies. Credential Reports: It will provide complete detail of users and permissions associated to them. Access Advisor is renamed as Last access and it is present for every user created in IAM. IAM Guidelines and Best Practices Don't use the root account except for AWS account setup. Assign users to groups and assign permissions to groups Create a strong password policy Use and enforce the use of Multi Factor Authentication (MFA) C...

 IAM IAM - Identity and Access Management, Global Service Root account created by default, shouldn't be used or shared Users are people within your organization, and can be grouped Groups only contain users, not other groups Users don't have to belong to a group, and user can belong to multiple groups IAM: Permissions Users or Groups can be assigned JSON documents called policies for accessing AWS These policies define the permissions of the users In AWS you apply the least privilege principle: don't give more permissions than a user needs So we can create the user in IAM and can assign the policy to it while creating the group for it and providing desired policy to the group as it will help to take of users at a time. We can even provide alias name to account and even use tags for groups. AWS even provide multiple session in an account to access side by side. Account will make difference to resource usage one account resources can't be used by other until shared. IAM P...

 Shared Responsibility Model link for more details - https://aws.amazon.com/compliance/shared-responsibility-model/ Customer responsibility is to take care of security in the cloud. AWS responsibility is to take care of security of the cloud. AWS Acceptable Use Policy https://aws.amazon.com/aup/ No illegal, Harmful or Offensive Use or Content No Security Violations No Network Abuse No E-mail or other message abuse

 AWS AWS Cloud History AWS market related facts: In 2023, $90 billion annual revenue. It accounts for 31% of the market in QI 2024 and Azure is second with 25%. Leader and Pioneer for last 13 consecutive years in market. Over 1 million active users. AWS Cloud Use Cases Enable you to build sophisticated, scalable applications Applicable to a diverse set of industries Use cases include: Enterprise IT, Backup & Storage, Big Data analytics Website hosting, Mobile & Social Apps Gaming AWS Global Infrastructure Regions - cluster of data centers, services are scoped to regions in AWS. Availability Zones Data Centers Edge Locations/Points of Presence website to check it: https://infrastructure.aws/ Rules to choose AWS Region: Compliance - data governance and legal requirements. (in and out of data is controlled by country and restricted to that region only) Need permission for access and transfer. Proximity to customers - reduce latency. Available services within  a Region Pri...