SNS - Amazon simple notification service architecture Overview massage persistency use case SNS - Amazon simple notification service architect...

Service Control Policies (SCPs) basic Testing effects of SCPs Maximum size of SCPs Inheritance of SCPs in the OU hierarchy Effects on permissions Using a...

[toc] SCPs Template General Example Example: Deny access to AWS based on the requested AWS Region This SCP denies access to any operations outside of the specified Regions. ...

[toc] SCPs policy inheritance attach policies to organization entities (organization root, organizational unit (OU), or account) in your organization: attach a policy to the organization r...

IAM policy IAM JSON policy elements reference IAM JSON policy elements: Version IAM JSON policy elements: Id IAM JSON policy elements: Statement...

[toc] AWS Single Sign-On cloud-based single sign-on (SSO) service centrally manage SSO access to all of your AWS accounts and cloud applications. manage SSO access and user permissions ac...

[toc] G Suite for AWS SSO use G Suite as an external identity provider for AWS SSO connect AWS SSO to G Suite, allowing users to access AWS accounts with their G Suite credentials. grant ...

[toc] Amazon Cognito web identity federation allows user to authenticate with a web identity ptovider (google, facebook) the user authenticates first with the web id provider and recei...

[toc] AWS Organizations an account management service.  AWS Organizations enables you to: policy-based account management: Create  service control policies (SCPs)  that ce...

STS Security Token Service Using AWS STS with AWS regions Direct AWS STS API calls User case !!! Identity federation ...

IDMS IDMS Enhances Metadata Service Security with IMDSv2 AWS would continue to support the previous version of the instance metadata service. Administrators may choose to disable IMDSv1...

IAM User Login Console password: Security Token Service Server certificates: if your account compromised IAM User Login The following diagram shows th...

AWS services that work with IAM Compute services Containers services Storage services Database services Developer tools services Security, identity, and ...

The ELK stack Elasticsearch log analytics and search use cases Logstash collect data Kibana visualization and reporting tool AWS Elasticsearch Service ...

[toc] Template - setup VPC_Single_Instance_In_Subnet AWS CloudFormation Sample Template VPC_Single_Instance_In_Subnet: create a VPC and add an EC2 instance with an Elastic IP address and a s...