반응형
2024년 SAA-C03 자격증 준비하면서 필요한 노트 정리했습니다
강의는 유데미 "Ultimate AWS Certified Solutions Architect Associate SAA-C03" 통해 공부했습니다
url = https://www.udemy.com/course/aws-certified-solutions-architect-associate-saa-c03
Section 3 : Getting Started with AWS
8. AWS Cloud Overview - Regions & AZ
- enables to build sophisiticated, scalable applications
- Website hosting, gaming, etc
- https://infrastructure.aws = Can visualize aws system (이제 없어용)
- Regions are all around the word
- Names can be us-east-1, eu-west-3
- most regions are scoped
- Q : how to choose an aws region ? ** (시험 질문에 나올 수 있음) (아래는 Aws region선택 시 고려해야하는 항목 중 모두 해당 됨)
- Compliance = government / legal requirements
- Proximity to customer = reduce latency
- Available services = new servies and new features are not available in every region
- Pricing = pricing may vary from region to region (it's transparent)
- each region has many availability zones ( 3 ~ 6)
- ap-southeast-2a = each availability zone is one or more discrete data center, data centeres are separate from each other which means they are isolated from disasters.
- high bandwidth, ultra-low latency networking
- aws has global servies, and also region-scoped
- global servies = iam, route 53, cloudfront, waf
- region-scoped = ec2, elastic beanstalk, lambda
- https://aws.amazon.com/about-aws/global-infrastructure/ can view which servies are available for each region
Section 4 : IAM & AWS CLI
11. IAM Introduction : Users, Groups, Policies
- IAM = Identity and Access Management, it is a global service
- Groups and users can be created, users can be grouped (ex. 회사 -> 부서 -> 사원)
- Users can belong to multiple groups, users dont have belong to a group
- JSON document called polices can be assigned to users and groups
- least privilege principle = dont give more permissions than a user need
13. IAM Policies
- Inline polices = individual user's permission
15. IAM Password policy
- minimum password length
- require specific character type
- change password after some time
- prevent password re-use
- mfa = multi factor authentication
17. AWS Access Keys, CLI, and SDK
- three options to access aws
- management consoles
- command line interface
- software developer kit
- access keys are secret, should be treated like just like id and password
24. IAM Roles for AWS Services
- Some services will need to perform some actions on behalf of users, then we will need to assign permission to aws services through iam roles. (ex. ec2 instance roles, lambda funciton roles)
26. IAM Security Tools
- IAM credential report (account-level)
- IAM access advisor (user-level)
- you can use htis information to revise your policies
29. IAM Summary
- Users - mapped to a physical user, has pw for aws console
- Groups - contains users only
- Policies - JSON document that outilnes permissions for users or groups
- Roles - for EC2 instances or AWS services
- Secuirty - MFA + pw policy
- AWS CLI - manage your aws services using the command-line
- AWS SDK - '' + programming language
- Access keys - access aws using the cli or sdk
- Audit - IAM credential reports & IAM access advisor
같이 파이팅해서 합격해봅시당 ㅎㅎ
저는 24년 10월 중순에 시험 볼 예정입니다 ! (후기 남기도록 하겠습니다 후후)
토니이츠얼랏 : 네이버 블로그
너무너무너무 많이 먹는 토니입니당 :) 개발 블로그도 방문해주세용 (제꺼에요 :p) https://tonyzorz.tistory.com/
blog.naver.com
반응형
