[AWS Architect] (23) IDF, Cognito, and SSO

October 28, 2020 ~ Pyongwon Lee ~ Leave a comment

IDF (Identity Federation) is an architecture where the identities of an external identity provider (IDP) are recognized.

Types of IDF

Cross-account roles: A remote account is allowed to assume a role and access your account’s resources,
SAML 2.0 IDF: It allows users of SAMAL compatible system such as Active Directory (AD) to log in to the AWS services.
Web Identity Federation: External web-based IDPs (Google, Facebook) are allowed to assume roles.

Continue reading →

[AWS Architect] (22) DataSync

October 27, 2020 ~ Pyongwon Lee ~ Leave a comment

DataSync is an online data transfer service that automates transferring large amounts of data to and from AWS storage services over the internet or AWS Direct Connect in a simple way.

Continue reading →

[AWS Architect] (21) AWS Organizations

October 26, 2020 ~ Pyongwon Lee ~ Leave a comment

AWS Organizations is a centralized global management service of AWS accounts (up to 20) and billings.

All accounts within an AWS Organization can consolidate bills into a single account.
- A paying account should be used for billing purposes only.
- Economy of scale – by using more, you can save more.

Continue reading →

[AWS Architect] (20) Policies

October 24, 2020October 27, 2020 ~ Pyongwon Lee ~ Leave a comment

IAM policy is a JSON document that defines permissions for users and resources. To uniquely identify AWS resources, Amazon Resource Names (ARNs) are used.

Continue reading →

[AWS Architect] (19) IAM and STS

October 24, 2020October 24, 2020 ~ Pyongwon Lee ~ Leave a comment

Identity and Access Management (IAM) provides the centralized management of accessing AWS services via policies that can be attached to users, groups, and roles.

IAM is a global service that is not tied to a region.
- Users and policies can be used globally.
Users are given long-term credentials to access AWS resources (username/password or access keys).
Roles allow for short-term access to resources when assumed, using temporary access credentials.

Continue reading →

[AWS Architect] (18) Storage Gateway

October 23, 2020October 26, 2020 ~ Pyongwon Lee ~ Leave a comment

Storage Gateway is a hybrid storage service that allows you to migrate data into AWS, extending on-premise storage capacity using AWS.

It is used when you want to integrate the existing on-premise application data with AWS cloud storage services without fully migrating to AWS. Application in your network can access data in the cloud.
Data may be moved to AWS and cached them locally at the on-premise data center.

Continue reading →

[AWS Architect] (17) VPN and DX

October 23, 2020October 23, 2020 ~ Pyongwon Lee ~ Leave a comment

Hybrid cloud architecture combines resources in the cloud with on-premise resources and use them just like all resources are in the same environment.

Continue reading →

[AWS Architect] (16) Global Accelerator

October 22, 2020October 27, 2020 ~ Pyongwon Lee ~ Leave a comment

Global Accelerator improves performance and availability by directing traffic to optional endpoints.

Continue reading →