[toc] SCPs policy inheritance attach policies to organization entities (organization root, organizational unit (OU), or account) in your organization: attach a policy to the organization r...

IAM policy IAM JSON policy elements reference IAM JSON policy elements: Version IAM JSON policy elements: Id IAM JSON policy elements: Statement...

[toc] AWS Single Sign-On cloud-based single sign-on (SSO) service centrally manage SSO access to all of your AWS accounts and cloud applications. manage SSO access and user permissions ac...

[toc] G Suite for AWS SSO use G Suite as an external identity provider for AWS SSO connect AWS SSO to G Suite, allowing users to access AWS accounts with their G Suite credentials. grant ...

[toc] Amazon Cognito web identity federation allows user to authenticate with a web identity ptovider (google, facebook) the user authenticates first with the web id provider and recei...

[toc] AWS Organizations an account management service.  AWS Organizations enables you to: policy-based account management: Create  service control policies (SCPs)  that ce...

STS Security Token Service Using AWS STS with AWS regions Direct AWS STS API calls User case !!! Identity federation ...

IDMS IDMS Enhances Metadata Service Security with IMDSv2 AWS would continue to support the previous version of the instance metadata service. Administrators may choose to disable IMDSv1...

IAM User Login Console password: Security Token Service Server certificates: if your account compromised IAM User Login The following diagram shows th...

AWS services that work with IAM Compute services Containers services Storage services Database services Developer tools services Security, identity, and ...

The ELK stack Elasticsearch log analytics and search use cases Logstash collect data Kibana visualization and reporting tool AWS Elasticsearch Service ...

[toc] Template - setup VPC_Single_Instance_In_Subnet AWS CloudFormation Sample Template VPC_Single_Instance_In_Subnet: create a VPC and add an EC2 instance with an Elastic IP address and a s...

[toc] Template - setup S3_Website_Bucket_With_No_Retain_On_Delete S3_Website_Bucket_With_No_Retain_On_Delete: create a publicly accessible S3 bucket configured for website access with no d...

[toc] Template - Nested Stack // root.json { "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "myStack" : { "Type" : "AWS::CloudFormation::Stack", "Pro...

[toc] CloudFormationTemplate.yml AWSTemplateFormatVersion: 2010-09-09 Description: Template to create an EC2 instance and enable SSH Parameters: KeyName: Description: Name of SSH KeyPai...