aws

Record some knowledge of AWS

Documents

• AWS CLI Command Reference https://docs.aws.amazon.com/cli/latest/index.html
• AWS Documentation https://docs.aws.amazon.com/index.html
• AWS Official Wechat Account
• AWS cerificate

Role

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html
  From my understand about role, every user is general people. role like some profession. When switch role, like you become police with some privilege. When you takeoff uniform, just like you switch out role, you loose these privilege.

• IAM roles for Amazon EC2
  For EC2 instance, it’s very easy to use role without any secret token. When some group of EC2 have permission to assume to some role, when cluster scale up or scale down, all EC2 instances are same with the role permission

• Using an IAM role in the AWS CLI

  [profile crossaccountrole]
  role_arn = arn:aws:iam::234567890123:role/SomeRole
  source_profile = default
  mfa_serial = arn:aws:iam::123456789012:mfa/saanvi
  external_id = 123456

S3

• AWS Access Levels
• Amazon S3: Allows Read and Write Access to Objects in an S3 Bucket, Programmatically and in the Console
• S3 action and permission table
• EC2 access S3
• S3 grant public read

Policy difference

• https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies

multiple resources

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html

"Resource": [
    "arn:aws:dynamodb:us-east-2:account-ID-without-hyphens:table/books_table",
    "arn:aws:dynamodb:us-east-2:account-ID-without-hyphens:table/magazines_table"
]