AWS – Page 17 – Scriptorium

[AWS] Connecting VPCs

There are a couple of ways to connect instances and services in one VPC with other VPCs. – VPC Peering, Open VPC to the Internet, or AWS PrivateLink.

[AWS] AWS Directory Service

AWS Directory Service is a managed service that connects AWS resources with Microsoft Active Directory (AD) or Lightweight Directory Access Protocol (LDAP)-aware applications.

Existing cooperate credentials are used to access AWS resources using Single Sign-On (SSO).

[AWS] IDF, Cognito, and SSO

IDF (Identity Federation) is an architecture where the identities of an external identity provider (IDP) are recognized.

[AWS] DataSync

DataSync is an online data transfer service that automates transferring large amounts of data to and from AWS storage services over the internet or AWS Direct Connect (DX) in a simple way.

[AWS] AWS Organizations

AWS Organizations is a centralized global management service of AWS accounts (up to 20) and billings.

[AWS] Policies

IAM policy is a JSON document that defines permissions for users and resources. To uniquely identify AWS resources, Amazon Resource Names (ARNs) are used.

[AWS] Identity and Access Management (IAM)

Identity and Access Management (IAM) provides the centralized management of your AWS account. It manages who can access what in your AWS services. Access control is done via policies that can be attached to users, groups, and roles.

IAM is a global service that is not tied to a region.
- Users and policies can be used globally.
Users are given long-term credentials to access AWS resources (username/password or access keys).
Roles allow for short-term access to resources when assumed, using temporary access credentials.
IAM can work with Identity Federation such as Active Directory or Web Identity Federation (Facebook, Google, etc.)

[AWS] Storage Gateway

Storage Gateway is a hybrid storage service that allows you to migrate data into AWS, extending on-premise storage capacity using AWS.