📌 AWS Availability Zones (AZ)

• Each region has many availability zones (usually 3, min is 2, max is 6)
• Example:
  • AWS Region - Sydney: ap-southeast-2
    • ap-southeast-2a
    • ap-southeast-2b
    • ap-southeast-2c
• Each AZ is one or more discrete data centers with redundant power, networking, and connectivity.
• They're separate from each other, so that they're isolated from disasters.
• Even though they're isolated from each other, they're connected with high bandwidth, ultra-low latency networking.

📌 Identity and Access Management (IAM)

• Your whole AWS security is there
  • Users
  • Groups
  • Roles
• Root account should never be used (and shared).
• Users must be created with proper permissions.
• IAM is at the center of AWS.
• Policies are written in JSON.

Visualize IAM at a high level

• Users - Usually a physical person.
• Groups - Contains users. Apply users permissions and users will inherit these permissions.
  • Functions (admins, devops, ...)
  • Teams (engineering, design, ...)
• Roles - Internal usage within AWS resources and services.
• Policies (JSON Documents)
  • Defines what each of the above can and cannot do.