Tips and tricks AWS Solutions Architect Associate #9

ByChristophe

  • User Pool: Provides built-in user management and authentication extensions.

  • Identity Pool: Issues credentials and ephemeral identities for accessing AWS services.

  • User Groups: Belonging to a group is optional.

  • IAM Policy: Defined by version, ID, statement (with ID, effect, principal, action, resource).

  • Certificate: Managed via AWS Certificate Manager.

  • Cognito: Supports federated users (e.g., social or enterprise identity providers).

  • Permission Boundary: Restricts the maximum permissions for a user or role.

  • Organization Migration: Involves deleting an organization, sending invitations, and accepting them.

  • SCP (Service Control Policy): Defines policy boundaries at the organization level.

    • Hierarchy: SCP > IAM > Local permissions.

  • Parameter Store: Manages parameters with version tracking.

  • MFA: Strongly recommended for the root account.

Similar Posts

Tips and tricks AWS Solutions Architect Associate #13

ByChristophe

Access & Security Pre-signed URL: Temporary access (default 7 days). Bucket Policy: Controls access inside S3 (resource-based). Encryption: S3 encrypts every object by default, but no audit/rotation built-in. Data Access Features Byte-Range Fetch: Retrieve partial object (useful for large files). S3 Select: Query data within objects (CSV, JSON, Parquet). Costs & Storage Classes Cost hierarchy:…

Tips and tricks AWS Solutions Architect Associate #14

ByChristophe

VPC & Networking VPC Sharing: Plusieurs comptes partagent le même VPC pour réduire duplication et coûts. Private IP ranges (RFC1918): 10.0.0.0/8 172.16.0.0 – 172.31.255.255 (/12) 192.168.0.0/16 Elastic IP: IP publique fixe attachée à une ressource (ex: EC2). Instance Connect: Se connecter à une instance EC2 depuis la console (SSH intégré). VPC Endpoints Interface Endpoint: Uses…

Leave a Reply

Your email address will not be published. Required fields are marked *