AWS - Network - BadNetwork
BadNetwork Misconfiguration 1: Unnecessary Service Exposure Misconfiguration 2: Soft Center Misconfiguration 3: Bad Failover Misconfiguration 4: Typo in Security Gro...
Grace
AWS - Management - cloud governance on AWS
cloud governance on AWS overview value of the NIST CSF NIST CSF NIST CSF use case with identity The organizational context: AWS Cl...
AWS - Management - SSM - Session Manager
Session Manager session Session document schema 赋予System Manager 对实例可执行操作的权限: 0. setup 1. 修改 instance profile 和加裝 ssm agent ...
AWS - Management - AWS Plan
AWS Plan AWS Plan 4 plan Basic Support included for all AWS customers All plans, including Basic Support, provide 24/7 access to customer service, AWS document...
AWS - MQ - SQS
SQS - Amazon Simple Queue Service short and long polling use case Loose coupling with SQS short polling behavior Visibility t...
AWS - MQ - SAM
SNS - Amazon simple notification service architecture Overview massage persistency use case SNS - Amazon simple notification service architect...
AWS - IdenAccessManage - SCPs (Service Control Policies)
Service Control Policies (SCPs) basic Testing effects of SCPs Maximum size of SCPs Inheritance of SCPs in the OU hierarchy Effects on permissions Using a...
AWS - IdenAccessManage - SCPs Template
[toc] SCPs Template General Example Example: Deny access to AWS based on the requested AWS Region This SCP denies access to any operations outside of the specified Regions. ...
AWS - IdenAccessManage - SCPs policy inheritance
[toc] SCPs policy inheritance attach policies to organization entities (organization root, organizational unit (OU), or account) in your organization: attach a policy to the organization r...
AWS - IdenAccessManage - IAM policy
IAM policy IAM JSON policy elements reference IAM JSON policy elements: Version IAM JSON policy elements: Id IAM JSON policy elements: Statement...
AWS - IdenAccessManage - SSO Single Sign-On
[toc] AWS Single Sign-On cloud-based single sign-on (SSO) service centrally manage SSO access to all of your AWS accounts and cloud applications. manage SSO access and user permissions ac...
AWS - IdenAccessManage - Setup the GSuite for AWS SSO
[toc] G Suite for AWS SSO use G Suite as an external identity provider for AWS SSO connect AWS SSO to G Suite, allowing users to access AWS accounts with their G Suite credentials. grant ...
AWS - IdenAccessManage - Amazon Cognito
[toc] Amazon Cognito web identity federation allows user to authenticate with a web identity ptovider (google, facebook) the user authenticates first with the web id provider and recei...
AWS - IdenAccessManage - AWS Organizations and SCP
[toc] AWS Organizations an account management service.  AWS Organizations enables you to: policy-based account management: Create service control policies (SCPs) that ce...
AWS - IdenAccessManage - STS Security Token Service
STS Security Token Service Using AWS STS with AWS regions Direct AWS STS API calls User case !!! Identity federation ...